At a glance.
- Drata to acquire SafeBase for $250 million.
- Semgrep raises $100 million in Series D round.
- 7AI emerges from stealth with $36 million in seed funding.
Mergers and acquisitions.
San Diego-based compliance automation company Drata has signed an agreement to acquire trust center platform provider SafeBase for $250 million, SecurityWeek reports. Drata stated, "The acquisition is intended to integrate both companies' shared vision of being the go-to 'trust layer' between companies—driving seamless, transparent relationships with the most comprehensive Trust Management Platform."
Santa Clara, California-based adversarial exposure validation (AEV) company AttackIQ has acquired Portland, Oregon-headquartered security posture management company DeepSurface. Brett Galloway, CEO of AttackIQ, stated, "This acquisition enables us to rapidly extend our traditional breach and attack simulation (BAS) use case to now include AEV and help organizations programmatically pivot to Cyber Threat Exposure Management."
HeroDevs, a company that provides security support for end-of-life open-source software, has acquired Xeol, a startup with an end-of-life software detection solution. HeroDevs stated, "Through the acquisition, HeroDevs will augment its Never-Ending Support (NES) solutions by giving businesses, organizations, and developers reliant on open source software visibility into packages that are deprecated and past their end-of-life."
Investments and exits.
San Francisco-headquartered application security firm Semgrep has raised $100 million in a Series D round led by Menlo Ventures, with participation from existing investors Felicis Ventures, Harpoon Ventures, Lightspeed Venture Partners, Redpoint Ventures, and Sequoia Capital. The company stated, "In 2025 and beyond, Semgrep will use the funds in a series of ways, including hiring world-class AI and program analysis talent to extend the company's competitive edge, in addition to increasing awareness of what its product offers beyond a security practitioner audience. Lastly, the funds will boost the company's Go-To-Market team with veterans and advisors from organizations like Hashicorp, Elasticsearch, Snyk, and others – leveraging its unique position as a rare company at the intersection of OSS and security."
Boston-based agentic AI security startup 7AI has emerged from stealth with $36 million in seed funding from Greylock Partners, Spark Capital, and CRV. The company was established last year by Cybereason co-founders Lior Div and Yonatan Striem-Amit.
San Francisco-based employee security posture management platform Riot has raised $30 million in a Series B round led by Left Lane Capital, with participation from existing investors Y Combinator, Base10, and FundersClub. The company says the funding "will accelerate Riot's international expansion, with plans to open two new offices and double its current workforce within the next twelve months."
Palo Alto, California-based privileged identity management startup SGNL has raised $30 million in a Series A round led by Brightmind Partners, with participation from Costanoa Ventures, Microsoft’s M12, and Cisco Investments. The company plans to use the funding "to expand go-to-market efforts, accelerate product development, and enhance customer support."
Irish cyber risk management startup ZeroRisk has secured $4 million in a funding round led by Elkstone. The company stated, "ZeroRisk will use the new financing to expand its operations globally, particularly in the U.S. market. The company is hiring for 40 roles across a variety of functions, including data science, user experience, product, engineering, and sales and marketing."
Kansas-based runtime security startup Invary has raised $3.5 million in seed funding from SineWave Ventures, Flyover Capital, Hyperlink Ventures, and KCRise Fund. The company plans to use the funding for product development, market expansion, talent acquisition, and strategic partnerships.
Executive moves.
Brinqa has named Dan Pagel as its new CEO. The company's founding CEO Amad Fida will serve as Chairman of the Board.
Armis has promoted Alex Mosher to President.
MorganFranklin Cyber has hired John Allen as Managing Director to lead its Technology, Media, and Telecommunications sector.
Semgrep has appointed Garrett Souza as Vice President of Sales and added Mark McLaughlin, former CEO of Palo Alto Networks, as an angel investor and advisor.