Venture money chased AI security in 2025 and fled cloud security. The split shows how investors now price the cost of running AI, not the payoff. getty Two slices of the same market went opposite ways last year, and the gap is hard to explain with a straight face. Momentum Cyber , an investment bank that has tracked the security industry for years, counted 15 cloud-security companies that raised venture money in all of 2025. That was the second-emptiest category it follows. Over the same months, companies selling tools to secure artificial intelligence pulled in 144 funding rounds and topped every other corner of the field. Investors did not suddenly sour on protecting the cloud and fall for protecting AI. They were doing something colder and more familiar to anyone who buys utilities, toll roads or insurers for a living. They were paying for revenue that shows up no matter what the broader bet does. A company can pour money into AI and never see it pay off, and it will still owe the cost of guarding the thing. That cost behaves less like a wager on the future and more like a line on the monthly bill. The question worth a careful investor’s time is not whether AI creates new risk. It plainly does. The question is whether the companies now being priced like rare assets are the steady, dull cash machines their backers describe, or a private-market markup the public market has already started to question. CALL OUT: Money rushed into AI security in 2025 and drained out of cloud security, a split driven by fear more than by technology. A Billion In Revenue Before the Check Cleared Start with the deal that put a number on all of this. On March 11, 2026, Google closed its purchase of Wiz for $32 billion in cash, the biggest acquisition in its history. Clearing regulators took about a year, on three continents, which says plenty about how much Google wanted it. MORE FOR YOU The headline figure is not the part that matters here. Wiz had already crossed a billion dollars in annual recurring revenue in 2025, with growth still near 40% and roughly half the Fortune 100 paying for its product. That is contracted, renewing money from large companies that treat the expense the way they treat rent. Google did not write that check for a promise. It bought a stream of payments that had already proven it would keep arriving. CALL OUT: The spending that lasts is the part regulators require, not the part salespeople pitch. A Flood Of Money, Almost No Way Out The private market tells the same story Wiz does, only louder and less settled. The 144 funding rounds that went into AI security last year landed on a remarkably crowded field. Momentum Cyber found that more than 300 vendors selling AI-security tools have appeared in under three years, the fastest a subsector has ever formed in the industry. Capital chased the theme into firms that did not exist before the current wave of AI began. That rush runs into an awkward fact. Of those 300-plus companies, only around 10 have been acquired. A great many businesses are being funded. Almost none have reached the door marked exit. For investors, that gap between money going in and money coming out is the first thing worth squinting at, because it is the difference between a market that clears and a queue that backs up. Michael Heinrich, who runs the AI infrastructure firm 0G Labs , draws the line between the spending that lasts and the spending that fades. “Most of what gets tagged ‘AI security’ today is existing AppSec, data governance, and identity work re-labeled for the AI line item,” he says. “The genuinely new, recurring cost is verification: proving what a model or agent actually did with a given input, and that it ran the weights you think it ran. No legacy stack does that.” The old tools keep doing the old jobs. The new money is chasing a job that did not exist three years ago, and only part of what carries the AI label is the genuinely new part. The Case For Caution Now the cold water. The market these companies fight over is real but young. The category, known by the graceless acronym CNAPP, is forecast by Dell’Oro Group to reach $12.9 billion by 2030, growing close to 30% a year. The catch is who already owns it. By the third quarter of 2025, Wiz led with 19% revenue share and Microsoft sat right behind at 18%, with CrowdStrike and Palo Alto Networks rounding out the front of the pack. A $1.5 billion newcomer is climbing into a race the giants are already winning. Then comes the question Momentum Cyber raises about every fast riser: platform or feature? Is the startup a lasting business, or a tidy bundle that a giant can copy or simply buy? More than 300 AI-security vendors have appeared in under three years, the bank found, the fastest a subsector has ever formed in cyber. Only around 10 have been acquired. A great many companies are being minted. Very few have found the door marked exit. The public market offers the sharpest warning, and it does not say what the lazy version of this story claims. Cyber stocks did not all fall in 2025. They split. CrowdStrike was one of the year’s strongest tech performers and traded above 100 times forward earnings late in the year, by market analyses ; weaker and pricier names did not keep up. Zscaler fell 32% in a single session after soft guidance, its worst day on record, Bloomberg reported . When the broad tech selloff hit in early 2026, the high-multiple names took the worst of it. Analysts read the split as a flight to quality. Jefferies’ Joseph Gallo wrote that the gap reflected investors crowding into best-in-class platform leaders seen as more durable as AI reshapes enterprise buying, while Bloomberg Intelligence’s Mandeep Singh flagged that vendors short on identity tools for AI agents could struggle to land the largest deals. The public market has started grading these companies on whether the AI-security story holds up. The private market, has not sat that exam. CALL OUT: Public cyber stocks already sorted winners from losers in early 2026; the private market has not faced that test. What Separates Durable Revenue From a Mood So how does an investor separate revenue that lasts from a well-funded mood? The people doing the work keep drawing the same line, and where they agree is worth the attention. Albert Berdellans, who leads AI at Inveniam , the firm behind the NVNM Chain, splits the market in two. His team runs a compliance system for U.S. chip-export controls that keeps a verifiable record of every action an AI agent takes, at a scale of a billion events. “In private markets, compliance forces it. Not an incident. Not a vendor,” he says. “The counterparty wants the record before you go live. So does the regulator. The spend happens whether or not anything ever goes wrong.” Selling protection against a breach that may never come is the other kind of spending, he adds, the kind that rises and falls with the mood of the market. Leo Fan, who founded the verification firm Cysic , puts the same divide in an investor’s language. Demand driven by compliance and reliability “recurs on its own — that’s utility revenue,” he says, while fear stoked by threat reports “needs a sales team to keep it alive.” His read on last year doubles as a forecast for this one: “The public-market repricing in 2025 looks like the market starting to tell those two apart.” Heinrich argues the forcing function is shifting from fear to obligation as agents start taking real actions. He points to Anthropic’s own research , which found leading models would resort to blackmail in up to 96% of certain shutdown scenarios. Anthropic was clear that the tests were built to force a binary choice and that its newer models no longer behave that way, so the figure is a stress test rather than a forecast of office life. The point for a buyer is narrower: once a board accepts that an autonomous agent can act against the company, the spending to govern it stops being optional and stops being fear. It turns into plain risk management, which is exactly why this revenue reads as defensive and recurring. The Bottom Line If you want exposure to AI without betting the models pay off, the security layer is the part least tied to that outcome — but only the slice rooted in compliance and verification behaves like a true utility. Before buying the theme, through public names or a fund touting private AI-security stakes, put one question to any company in it: does this revenue come back next year because a regulator demands it, or because a salesperson renewed the worry? The market has decided AI security is worth paying for. It has not decided what it is worth.

Source: Forbes

Read Original Source →