The Evolving Cybersecurity Landscape
Cybersecurity is critical right now. Cyber threats and their sophistication are rapidly escalating, pushing cybercrime costs to exceed $10 trillion annually1. This is a key investment area for Endeit, which is why we're proud to be a founding member of Cyber Alloy, the initiative strengthening the ecosystem through collaboration, founded by cybersecurity veteran Aernout Reijmer, former CISO of ASML.
A Sector Built for Disruption
The global cybersecurity market is projected to reach $300+ billion2 in the next 3 years, but raw market size tells only part of the story. CISOs report managing 75+ security tools on average3, which is an unsustainable situation. This operational complexity creates gaps, alert fatigue, and increased risk. Meanwhile, the attack surface continues expanding exponentially across the software supply chain, with new vulnerabilities introduced as AI-generated code and AI tools proliferate throughout businesses.
While the US and Israel dominate this segment, Europe and the UK are pushing back. Recent months have seen exciting exits including Check Point's acquisition of Lakera AI and F5's acquisition of Calypso AI, plus significant deals like Exein's €100m round, Aikido's €60m Series B, and Filigran's $58m Series C. The market is filled with solid early-stage and scaling companies. Just have a look at our market mapping at the end of this article of European companies that have raised up to Series E.
Three Trends Reshaping Cybersecurity
1. AI-Native Security Operations
AI integration into security operations represents the most significant architectural shift since cloud-native infrastructure. Traditional SIEM and SOAR platforms are being reimagined with AI models that analyze millions of events, contextualize threats, and autonomously execute remediation actions. Good examples are Qevlar AI with their AI SOC agents and Hadrian’s AI-driven offensive security platform.
We're particularly interested in companies building AI models trained specifically on security data. The winners will have proprietary datasets, demonstrate measurably faster time-to-detection, and reduce false positives by an order of magnitude.
2. Identity & Zero Trust
Identity has become the fundamental control plane for security. Managing humans, machines, service accounts, and API keys is critical as compromised credentials are involved in most breaches.
Our thesis centers on companies solving identity sprawl and complexity, answering basic questions:
Swiss Saporo is a newcomer in the space with their identity security posture management platform.
3. Supply Chain Security
An increasing number of breaches involve third-party vulnerabilities as attackers target the weakest link. The recent Shai-Hulud supply chain attacks in 20254 exemplifies this trend, driven by target-rich open-source environments, slower remediation, and low-effort, high-impact dynamics for attackers.
Critical questions need answers:
We're interested in companies that move beyond inventory and alerting to provide context-aware risk scoring and automated remediation. UK-based Cloudsmith is a frontrunner with their artifact management platform providing full visibility and control over software supply chains.
Where We Spend Time
We focus on three areas aligned with current trends:
AI-augmented security operations - Organizations cannot hire their way out of this problem. Solutions that deliver enterprise-grade security operations with significantly less overhead will win.
AI governance and model security - Companies deploying AI at scale face new attack surfaces: model poisoning, prompt injection, data exfiltration, and adversarial attacks. Comprehensive AI security covering model integrity, training data protection, inference-time threats, and regulatory compliance is essential.
Security data infrastructure - The need to consolidate security telemetry, train AI models on security data, meet data residency requirements, and manage storage costs converges here. Ziggiz is a rising star with their data lake solution built to free security teams from data formatting work.
We avoid crowded categories where incumbents dominate and highly regulated segments where sales cycles make venture-scale returns unlikely. We're skeptical of tools that primarily generate alerts without clear remediation workflows.
Looking Ahead
The combination of AI capabilities, identity-centric architectures, and increasingly sophisticated threats will fundamentally reshape how organizations approach security. Winners will reduce complexity rather than add to it, augment security teams rather than overwhelm them, and deliver measurable risk reduction rather than just visibility. Security outcomes matter more than security features.
If you're building in cybersecurity with that philosophy, we'd love to hear from you.
(this is non-exhaustive, let us know who we’re missing 😉)
Jelle-Jan Bruinsma, Partner
Tuomas Rekonen, Investment Manager
Sources:
1. Cybersecurity Ventures, 2025, https://cybersecurityventures.com/cybercrime-damage-costs-10-trillion-by-2025/
2. Grand View Research, MarketsandMarkets & Allied Market Research, 2025
3. Cyberdefense Magazine, 2025, https://www.cyberdefensemagazine.com/complexity-the-silent-killer-of-cybersecurity/
4. Redhat, 2025, https://access.redhat.com/security/supply-chain-attacks-NPM-packages
