AI Security market 2025 funding data, top startups, and the ServiceNow factor
ServiceNow dropped $11.6 billion on security acquisitions in 2025 alone. Armis for $7.75 billion. Moveworks for $2.85 billion. Veza for roughly $1 billion. In 2025, just one company, ServiceNow, spent more on acquiring security startups than 175 startups raised in two years. Meanwhile, the entire AI security startup ecosystem raised $8.5 billion across 175 companies over 24 months. That single data point should reshape how security leaders think about vendor consolidation and how AI builders think about their exit paths.
I analyzed Crunchbase data covering every AI security startup that raised Series A, B, or C funding between January 2024 and December 2025. The patterns are striking.
The acceleration is real
Q1 2024: $274 million across 8 deals. Q4 2025: $2.17 billion across 28 deals. That’s 8x growth in quarterly funding over two years.
The full-year numbers tell the story more clearly. 2024 saw $2.16 billion in total funding. 2025 hit $6.34 billion, nearly tripling. Average deal sizes jumped from $34 million to $54 million. This isn’t a gentle upward trend. The market is restructuring in real time.
Where the money flows
Network and Zero Trust infrastructure captured $1.9 billion across 44 companies. Tailscale‘s $161 million Series C reflects what enterprises already know. VPN architectures are dying. Identity-based access is replacing them.
Threat Detection and SOC automation drew $1.2 billion across 28 companies. 7AI‘s $130 million Series A stands out as one of the largest A funding rounds in this category. The bet: AI agents can handle the full security operations lifecycle at a scale human analysts cannot match.
Identity and Access Management pulled $990 million. But here’s what matters: that money went to just 6 companies. Saviynt‘s $700 million Series B dominates the category. When one company captures 71% of a category’s funding at Series B, investors see platform consolidation ahead. ServiceNow’s Veza acquisition, three weeks later, validated that thesis.
Insights into deal sizes
Median tells a different story from average deal sizes. Series A median: $20 million. Series A average: $28 million. The gap widens at later stages. Series C median: $85 million. Series C average: $119 million.
Translation: mega-deals skew the data significantly. Eighteen companies raised $100 million or more. Those 18 deals represent 10% of companies but 40% of total funding. For every Saviynt raising $700 million, dozens of startups are raising $15-25 million Series A rounds.
The AI/LLM security gap
Only 13 companies focus specifically on securing AI systems, LLMs, and agentic applications. Total funding: $414 million. That’s less than 5% of the $8.5 billion total. For context: ServiceNow paid more for Veza alone than the entire AI/LLM security category raised in two years.
The players building in this space:
• Noma Security ($100M, Series B). Unified AI and agent security platform.
• Credo AI ($21M, Series B). AI governance and compliance automation.
• Lakera ($20M, Series A). Real-time GenAI security against LLM vulnerabilities.
• Prompt Security ($18M, Series A). Enterprise generative AI adoption platform.
• GetReal Security ($17.5M, Series A). Deepfake and AI-generated impersonation defense.
• Jericho Security ($15M, Series A). Training against generative AI-powered attacks.
Enterprises are deploying AI systems at unprecedented rates. Shadow AI breaches cost $4.63 million per incident. That’s $670,000 more than standard breaches, according to IBM’s 2025 Cost of a Data Breach Report. Model Context Protocol vulnerabilities. Prompt injection attacks. Data exfiltration through AI assistants. The attack surface expands while protection lags.
Either these 13 companies scale rapidly, established players acquire their way into the space, or CISOs face a protection gap without commercial solutions.
How spending breaks out geographically
The U.S. captured $6.1 billion across 119 companies. That’s 71% of total funding. Israel remains the second hub: 15 companies, $738 million. Germany, the UK, and Canada trail with single-digit percentages.
Within the U.S., California dominates: $2.7 billion across 62 companies. That’s more than all non-U.S. markets combined ($2.4 billion). Texas ($865M), New York ($667M), and Colorado ($295M) round out the top states.
The concentration creates vendor risk. Regulatory fragmentation between the U.S. and EU markets. Geopolitical tensions affecting Israeli companies. Single-region dependency in security infrastructure. These are fundamental considerations for enterprise security architects.
ServiceNow’s acquisitions signal large-scale consolidation
ServiceNow’s 2025 acquisition spree warrants its own analysis. Armis brings cyber-physical security and OT/IoT visibility. Moveworks adds agentic AI capabilities. Veza delivers identity security for the AI era. The company calls it an “AI control tower.” A unified security stack that sees, decides, and acts across the entire technology footprint.
The driver: ServiceNow’s Security and Risk business crossed $1 billion in annual contract value in Q3 2025. They expect Armis alone to triple their market opportunity. When a platform vendor invests $11.6 billion in its own security workflows, point solutions become acquisition targets or competitors.
What this means for 2026
For security leaders: Map your vendor portfolio against both funding momentum and M&A activity. Startups with strong backing will survive consolidation. Others won’t. Audit your AI deployment pipeline against available protections. The gap between AI adoption and AI security is widening. Accelerate zero-trust adoption while solutions mature.
For AI builders: Security isn’t a feature to add later. The $414 million flowing into AI/LLM security represents smart money recognizing that unprotected AI systems are enterprise liabilities. Build with guardrails or build vulnerabilities.
Analysis based on Crunchbase data covering 175 AI security startups that raised Series A, B, or C funding between January 2024 and December 2025. ServiceNow acquisition data from the company’s press releases dated December 2025.
