As the RSA Conference 2025 unfolds in San Francisco this week, the cybersecurity industry is witnessing a significant influx of capital. According to SecurityWeek’s analysis, more than 30 cybersecurity firms collectively raised more than $1.7 billion in funding in the month of April, underscoring the sector’s robust growth and investor confidence in cyber defense technologies.
It’s no surprise that Artificial Intelligence (AI) emerged as a central theme at this year’s RSA Conference. Companies are leveraging AI to enhance threat detection, improve security operations and automate vulnerability management, and address some of the risks associated with use of AI in the enterprise.
The continued flow of funding into cybersecurity startups highlights the industry’s resilience during a period of broader economic uncertainty. While venture capital and private equity investments in many sectors have cooled, cybersecurity continues to attract strong financial backing as organizations worldwide prioritize security amid rising digital threats. Investors appear confident that demand for advanced cyber defense technologies will remain strong, making cybersecurity a standout sector even as global markets face volatility.
Notably, two companies—ReliaQuest and Chainguard—accounted for a significant share of the total capital raised this month. ReliaQuest secured $500 million in a funding round to expand its threat detection and security operations platform. Meanwhile, Chainguard, a rising player in software supply chain security, brought in $356 million to grow its suite of developer-focused tools and services. Combined, these two firms alone accounted for more than half of the $1.7 billion raised across the sector in the lead-up to RSAC.
The list of cybersecurity companies that announced funding in the month of April 2025:
The massive flood of funding into the industry this month comes as JPMorgan Chase CISO Pat Opet published an open letter warning software-as-a-service suppliers that “convenience can no longer outpace control,” calling the current, OAuth-plumbed cloud model “single points of failure with potentially catastrophic systemwide consequences.
Opet suggested that rushed releases and “read-only” permission scopes have collapsed decades-old security boundaries, and that a breach at one hyperscale provider can instantly ripple through global banking systems.
“Fierce competition among software providers has driven prioritization of rapid feature development over robust security. This often results in rushed product releases without comprehensive security built in or enabled by default, creating repeated opportunities for attackers to exploit weaknesses,” Opet said.
Related: JPMorgan Chase CISO Fires Warning Shot Ahead of RSA Conference
Related: RSA’s Innovation Sandbox: Finalists Must Accept $5 Million Investment
Related: RSA Conference 2025 – Pre-Event Announcements Summary (Part 3)
Related: RSA Conference 2025 – Pre-Event Announcements Summary (Part 2)
Related: RSA Conference 2025 – Pre-Event Announcements Summary (Part 1)