We are only a few weeks into Q3 and the funding signal for cybersecurity is unmistakable. After a strong H1 driven by a blockbuster Q2, venture and growth capital are reloading into both AI-first security plays and companies that solve hard enterprise problems like data sovereignty and compliance. Crunchbase data showed a big spike in Q2 with $4.4 billion invested, a reminder that investors are eager to back winners again.

Early Q3 deal flow backs that thesis. In late July Vanta closed a $150 million Series C to push its trust and compliance automation higher up the stack, leaning on AI features that appeal to enterprise buyers.

In August two more large transactions cropped up that tell me something important about investor appetite. Abnormal Security raised $250 million at a roughly $5.1 billion valuation, citing better-than-100 percent year-over-year ARR growth and more than $200 million in ARR. That round underscores investor interest in AI-native platforms that protect humans across email and SaaS ecosystems.

Shortly after, Kiteworks secured a $456 million growth equity investment from Insight Partners and Sixth Street, valuing the company north of $1 billion. This was a growth-stage, partially secondary deal and it highlights another current theme: private equity and growth funds are comfortable doing large checks into profitable or near-profitable security companies that have disciplined go-to-market motion and strong compliance credentials.

What this cluster of deals means in practical terms is twofold. First, investors right now favor proven economics over pure vision. They want ARR, retention, enterprise logos, and clear paths to profitability. Second, the product sweet spot is shifting toward platforms that either reduce risk for regulated workloads or use AI to materially reduce analyst toil. Startups that can demonstrate measurable SOC time saved or faster incident resolution will attract higher multiples than speculative point products.

Advice for founders

  • Own the metric that matters. If you are enterprise-focused, show ARR growth and gross retention by cohort. If you sell to mid-market, show an efficient payback period and low churn.
  • Instrument outcome metrics into the product. Buyers do not pay for features. They pay for risk reduction, reduced headcount, faster mean time to remediate, and compliance evidence that audits can consume.
  • Design for integration. Buyers adopt less technology when new tools introduce brittle vendor lock-in. APIs and prebuilt integrations with major SIEMs, EDR platforms, and identity providers shorten sales cycles.
  • Think hybrid capital paths. Early evidence from Q3 shows growth equity and later-stage VC stepping in where companies have predictable revenue. Consider which path preserves optionality and aligns with your exit timeline.

Advice for buyers and operators

  • Validate vendor resilience. Large private rounds are healthy but not a substitute for product due diligence. Check for profitable customer cohorts and realistic support commitments.
  • Prioritize vendors that support data sovereignty and compliance. Kiteworks is a reminder that enterprises and governments will pay premiums for platforms that make data traceable and controllable.
  • Ask vendors for measurable operator benefits. If a product does not reduce time or friction inside your SOC, treat it as experimental rather than strategic.
  • Consider open-source adjuncts where lock-in risk is unacceptable. Not every security function requires a single-vendor monopoly.

Where the market is heading

Expect the following to be watch items for the rest of Q3 and into Q4: more large, late-stage rounds and growth equity activity for profitable security companies; continued focus on AI-first vendors that can show practical, auditable outcomes; and deeper investor interest in compliance and data protection plays as regulation tightens globally. The Q2 numbers set the baseline and the early Q3 deals are showing investors are allocating capital to winners rather than to high-volume, early-stage experiments.

If you are building in security, show the field data, instrument the operator outcomes, and design for integration. If you are buying, treat large funding events as signals to dig deeper into unit economics and real customer impact. This is not a return to froth. It is a market that is rewarding measurable value and durability. That is where innovation meets economics, and that is where the best startups will be built.