Q4 Deal Mania: $1.7B Acquisition, Massive Growth Funding, and the AI Identity Rush

Show Notes

This week on Cyber Street Journal, we dissect a flurry of major cybersecurity investment activity, including Veeam's massive $1.725 billion acquisition of Securiti AI and Chainguard's stunning $280 million growth funding round. We also dive into the burgeoning market for securing AI agents, highlighted by significant Series A and Series B raises from startups Keycard and Defakto.

 

Transcript

Welcome back to Cyber Street Journal, the weekly podcast dedicated to the financial pulse of the cybersecurity industry. I’m your host, Mike Housch.

We have seen an absolutely stunning volume of mergers, acquisitions, and funding rounds over the last few weeks in October 2025. It’s clear that even as we approach the end of the year, investors and enterprise leaders are heavily committed to shoring up defenses, particularly around data, identity, and the rapidly growing field of AI agent security.

Today, we're dissecting a handful of multi-million and multi-billion dollar deals, from massive acquisitions unifying data resilience with security posture management, to stratospheric funding rounds focused on software supply chain integrity. Let's start with the big money coming out of Kirkland, Washington.

Our first major headline involves Chainguard, a company specializing in software supply chain security. Last week, Chainguard announced they had raised a remarkable $280 million in a growth funding round. This capital injection came from General Catalyst’s Customer Value Fund, or CVF.

Now, the numbers here are staggering. This growth funding brings their total secured investment to nearly $900 million. Even more impressively, Chainguard has raised $636 million in just the past six months alone. When they announced their $365 million Series D round back in April, the company was valued at an astonishing $3.5 billion.

Chainguard’s focus is clear: securing the open source supply chain. They provide secure-by-default container images designed not to be plagued by known vulnerabilities, which makes life significantly easier for developers building secure software. They currently offer more than 1,700 such images, and that includes images specifically for AI applications.

According to Chainguard’s CFO, Eyal Bar, this latest growth capital reflects the strength and rapid scaling of their business. The partnership with General Catalyst’s CVF allows them to scale their go-to-market investment without diluting ownership or slowing down innovation. In essence, the deal structure allows their commercial operations to fund their own growth while they focus on product and engineering differentiation. This is a prime example of a startup in a critical niche—supply chain security—moving aggressively toward massive operational scale.

Next up, we shift to a major growth area: Identity and Access Management, or IAM, particularly as it relates to non-human entities and AI agents. We saw two huge funding announcements in this space, indicating that enterprises are rushing to secure their machine-to-machine interactions.

First, let’s look at Defakto. This California-based company, founded by Danny Oliveri and Eli Nesterov, secured $30.75 million in a Series B funding round, bringing their total investment to roughly $50 million. The round was led by XYZ Venture Capital. Defakto’s platform targets IAM for non-human identities, such as services, workloads, pipelines, and AI agents. CEO Oliveri noted that non-humans are now the majority of users, yet they are often governed by outdated, secret-based models. Defakto aims to eradicate these static credentials and overprivileged access by using dynamic identities. The new funds will accelerate product development and go-to-market strategies.

We also saw Keycard emerge from stealth mode, securing an impressive $38 million in funding. This was raised across an $8 million seed round and a $30 million Series A round. Keycard’s leadership comes from former senior roles at Snyk and Okta, and their platform also focuses on providing identity infrastructure for AI agents. They aim to give organizations complete trust when deploying AI agents into production. Keycard’s approach relies on cryptography to prove identity and authorization, using dynamic, identity-bound, and task-scoped tokens instead of static secrets and API keys. Ian Livingstone, Keycard CEO, called AI agents a "once-in-a-generation shift," but stressed that they can't leave the lab without trusted access controls—which is precisely what Keycard is building.

The combined $68 million raised by these two players alone shows just how critical IAM for machines has become.

Shifting gears to M&A, we have two massive deals that reshape key sectors of the cyber market. The first is a blockbuster acquisition: Veeam Software’s planned purchase of Securiti AI for $1.725 billion in cash and stock.

Veeam, known for data portability and resilience solutions, is acquiring Securiti AI, a provider of data security posture management, or DSPM, and data governance solutions. The goal is a unified platform, combining data resilience with DSPM, privacy, governance, and AI trust. Veeam CEO Anand Eswaran highlighted that data protection is now about more than just recovery; it’s about identifying, governing, and trusting data to power AI transparently. This deal helps customers eliminate the challenge of managing fragmented data across clouds, apps, endpoints, and backups. Securiti AI founder Rehan Jalil, who previously founded companies acquired by Symantec and Tellabs, is set to join Veeam as President of Security and AI.

This move underscores the deep integration required between data recovery and data security in the era of pervasive AI.

In a separate, high-value acquisition in the threat intelligence space, Dataminr announced plans to acquire ThreatConnect for $290 million in cash and equity. Dataminr provides real-time event and risk detection, using AI to process public data signals for threats in both the physical and cyber worlds. ThreatConnect, based in Arlington, Virginia, offers a platform used by over 250 enterprises and government organizations—including names like Nike, Wells Fargo, and Wyndham Hotels—to aggregate and analyze cyber threat intelligence.

The strategic intent is to fuse external public data signals with internal client data to pioneer real-time, Client-Tailored intelligence. Dataminr CEO Ted Bailey stated that uniting their platform with ThreatConnect’s capabilities will enable the creation of agentic AI-powered intelligence tailored to each customer’s specific needs. Dataminr itself has previously raised over $1 billion in total funding, making this a significant consolidation move in the intelligence market.

Before we wrap up, let’s quickly touch on Gravwell, which shows continued appetite for investment in data analytics infrastructure. Gravwell closed a $15.4 million Series A funding round. This platform helps security teams centralize massive volumes of logs, accelerate threat hunting, and gain visibility across IT and OT systems. Notably, the company’s platform is designed to handle the emerging challenge of auditing AI agent activity. The investment will fuel product development and go-to-market strategies.

Gravwell’s funding, along with other recent, large raises like SimSpace’s $39 million and Sublime Security’s $150 million for email security, demonstrates robust investment across various cybersecurity sub-sectors.

Overall, the sheer volume of activity confirms a very busy 2025 for cyber finance. SecurityWeek, the source for much of this reporting, tracked more than 330 cybersecurity M&A deals announced so far this year. Forty-seven of those deals involved data security companies. Whether it’s massive acquisitions like Veeam/Securiti AI, major funding for market leaders like Chainguard, or early stage startups tackling new frontiers like AI identity, the Cyber Street Journal is tracking a market defined by rapid innovation and substantial capital flow.

That’s all the time we have for this week’s dive into the business of cyber security. Thank you for tuning into the Cyber Street Journal. Don't forget, you can stay informed on all the latest threats, trends, and technology by subscribing to the SecurityWeek Daily Briefing Newsletter.