Which VCs invest in DevSecOps?

This blog post has been written by the person who has mapped the DevSecOps market in a clean and beautiful presentation

The DevSecOps venture capital landscape has transformed from a niche cybersecurity segment into the largest private investment category in security, with funding accelerating 76% year-over-year from 2024 to 2025.

This explosive growth is driven by massive rounds like Wiz's $1B Series E and Cyera's $540M Series E, while regulatory mandates and AI workload security needs create sustained momentum heading into 2026. And if you need to understand this market in 30 minutes with the latest information, you can download our quick market pitch.

Who are the top VC firms investing in DevSecOps and what notable startups have they backed?

Lightspeed Venture Partners leads DevSecOps investment activity, co-leading four major rounds including Wiz's $1B Series E, Cyera's $540M Series E, and Chainguard's $356M Series D.

IVP matches Lightspeed's aggressive growth-stage focus, co-leading Chainguard's Series D and investing in Cato Networks' $359M Series G. Their typical ticket ranges $50-150M for growth-stage companies that have proven product-market fit.

Andreessen Horowitz (a16z) takes a multi-stage approach, co-leading Wiz's billion-dollar round while also backing earlier companies like Socket's $40M Series B and Ox Security's development. Their ticket sizes range from $2-5M at seed to $400M+ for late-stage giants.

Early-stage specialists like Boldstart Ventures focus on pre-seed and seed rounds, backing Israeli companies Reco and Ox Security with $3-8M tickets. Team8 and Evolution Equity Partners lead Series A-B rounds in the $15-60M range, particularly targeting Israeli DevSecOps startups.

Need a clear, elegant overview of a market? Browse our structured slide decks for a quick, visual deep dive.

How much capital do these VCs typically invest at each funding stage?

Seed and pre-seed rounds typically see $3-8M investments from specialist funds like Boldstart Ventures, with equity stakes ranging 18-25% and valuations rarely exceeding $30M pre-money.

Series A rounds attract $15-30M from firms like Greylock and Sequoia, with VCs targeting 18-25% cumulative ownership including previous seed dilution. This stage often includes the first formal employee option pool refresh at 10% of the company.

Series B and C rounds command $40-70M tickets from growth-focused VCs like Redpoint and Spark Capital, with new dilution kept under 15% as companies demonstrate clear revenue traction and expansion metrics.

Growth-stage rounds (Series D+) see massive $100M+ investments from late-stage specialists, with mega-rounds like Chainguard's $356M Series D and Cyera's $540M Series E representing less than 10% dilution for companies achieving unicorn status.

If you want fresh and clear data on this market, you can download our latest market pitch deck here

Which DevSecOps startups raised the largest rounds in 2024-2025 and what do they build?

Wiz leads with the largest single round, raising $1B in May 2024 to build a unified cloud security platform that spans code-to-runtime protection across multi-cloud environments.

What was the total DevSecOps funding in 2024 and 2025 year-to-date?

Total disclosed DevSecOps funding reached approximately $1.8B in 2024, with Wiz and Cyera's combined rounds representing over 90% of that volume.

The first half of 2025 has already generated $1.0B in funding, putting the sector on track to exceed $3B annually if current momentum continues. Chainguard's $356M Series D alone accounts for 77% of 2025 H1 funding.

Conservative calculations based only on publicly disclosed rounds over $10M show $263M in 2024 and $464M in 2025 year-to-date, representing 76% year-over-year growth. The overall DevSecOps market is valued at $8.8B in 2024 with projections reaching $32B by 2030.

These figures exclude numerous smaller seed and Series A rounds under $10M, suggesting actual total funding significantly exceeds reported numbers. The concentration in mega-rounds reflects investor preference for platform consolidators with comprehensive security coverage.

What new R&D breakthroughs in DevSecOps are attracting VC investment?

AI-native security engines represent the hottest investment area, with companies like Ox Security building AI systems that reduce security noise by 95% to focus on the "5% that matter" for developer workflows.

Software Supply Chain Security and Software Bill of Materials (SBOM) automation attract massive funding, driven by federal mandates like US OMB M-22-18 requiring SBOM documentation for government software purchases. Chainguard leads this space with SLSA provenance tooling and cryptographically signed container attestations.

GenAI security agents for SaaS posture management emerge as a new category, with startups like Reco building autonomous agents that monitor and remediate security misconfigurations across enterprise SaaS applications without human intervention.

Zero-trust pipeline security addresses the growing attack surface from CI/CD systems, with companies like StepSecurity providing hardened runners and policy enforcement that prevents supply chain compromises at the build stage. This addresses the 25% year-over-year increase in open-source supply chain attacks.

Looking for the latest market trends? We break them down in sharp, digestible presentations you can skim or share.

Which DevSecOps areas are considered most promising by investors?

Software supply chain security and SBOM automation rank highest on investor heat maps, driven by regulatory mandates and the 25% annual increase in open-source dependency attacks.

AI-driven Data Security Posture Management (DSPM) commands premium valuations, with Cyera's $6B valuation demonstrating investor appetite for platforms that automatically discover, classify, and protect enterprise data assets using machine learning.

Cloud-native protection through Consolidated Cloud Application Protection Platforms (CNAPP) attracts growth-stage investment, as enterprises consolidate point security tools into unified platforms like Wiz and Orca Security that provide code-to-runtime visibility.

CI/CD pipeline security gains momentum from DevOps teams ranking "supply-chain risk" as their #1 pain point in GitLab's 5,000-developer survey, creating demand for tools that secure build and deployment workflows without disrupting developer velocity.

Legacy SAST/DAST code scanning tools face cooling investor interest as buyers shift toward runtime protection and AI-powered detection that integrates seamlessly into developer workflows rather than creating additional security friction.

If you want to build or invest on this market, you can download our latest market pitch deck here

Which regions attract the most DevSecOps investment and which VCs focus on these geographies?

The United States captures approximately 70% of total DevSecOps funding, with concentration in the Bay Area and Seattle for mega-rounds over $100M.

Israel's "AppSec Alley" represents 15% of global funding, producing companies like Wiz, Cyera, Ox Security, and Pentera. Israeli-focused VCs include Team8, YL Ventures, Cyberstarts, and Boldstart Ventures, which specifically targets Israeli seed-stage security companies.

Europe accounts for 10% of funding, with the UK and Ireland leading through companies like Cloudsmith. France shows growth with Riot's $30M Series B, supported by local VCs like Earlybird and Dawn Capital that focus on European enterprise software.

APAC represents 5% of current funding but shows "most lucrative CAGR" according to ResearchAndMarkets, with emerging seed scenes in Singapore and India. New APAC software bill-of-materials regulations drive increasing investor focus on this region for 2026 expansion.

What terms and conditions are common in DevSecOps funding deals?

Equity stakes follow predictable patterns across funding stages, with seed rounds taking 18-25% equity for $3-5M investments and growth rounds over $100M diluting less than 10%.

Board composition typically grants VCs observer rights at seed, one voting seat at Series A with pro-rata rights, and additional independent seats at Series B-C as strategic CVCs request observer positions.

Standard terms include 1× non-participating liquidation preferences, with SAFEs and valuation caps remaining common at seed stage. Milestone-based funding tranches have decreased to 15% of term sheets from 30% in 2022, indicating stronger investor confidence in DevSecOps business models.

Secondary liquidity appears in mega-rounds, with Wiz providing $30-40M in secondary sales during their $1B round. Revenue-based milestone triggers for funding tranches appear in companies like Cloudsmith that demonstrate predictable subscription growth metrics.

Are big tech companies investing in DevSecOps through corporate VC arms?

Google leads corporate VC activity through Google Ventures (GV), with early investments in Wiz, Chainguard, and Datree, culminating in Google's $32B acquisition of Wiz signed in March 2025.

Microsoft M12 actively backs DevSecOps companies including Ox Security's $60M Series B, Zenity's 2024 round, and earlier investments in Snyk and Orca Security. Their strategy focuses on companies that integrate with Azure and Microsoft's developer ecosystem.

Cisco Investments targets infrastructure security companies like Aqua Security, Sysdig, and Binarly (2024), aligning with Cisco's network security portfolio. AWS Ventures backs cloud-native companies Orca Security and Aembit that complement Amazon's cloud services.

Strategic partnerships often accompany corporate investments, with companies like IBM Ventures co-investing in Ox Security's Series B while exploring integration opportunities with IBM's enterprise security products. Intel Capital maintains positions in established companies like Kenna Security.

Wondering who's shaping this fast-moving industry? Our slides map out the top players and challengers in seconds.

If you need to-the-point data on this market, you can download our latest market pitch deck here

What patterns emerge in successful DevSecOps exits?

Mergers and acquisitions dominate DevSecOps exits, with 12+ completed deals in 2024-2025 and most transactions valued under $300M for early-stage companies with specific technology capabilities.

Strategic acquirers like Palo Alto Networks lead consolidation, acquiring IBM's QRadar SaaS assets for $1.1B in September 2024 and Bright Security in 2024 to enhance their platform capabilities. HPE acquired Contrast Security in 2025 to strengthen application security offerings.

No DevSecOps companies have completed IPOs since GitLab in 2021, with companies like Wiz and Snyk drafting S-1 registration statements but ultimately choosing private funding rounds over public markets due to favorable private valuations.

Chainguard and Aqua Security position themselves as potential 2026 IPO candidates based on their revenue scale and market leadership in supply chain security and container protection respectively. The lack of recent public offerings creates pent-up demand for DevSecOps IPOs among public market investors.

Which DevSecOps companies have received follow-on investments from the same VCs?

Cyera demonstrates the strongest VC commitment, with Accel, Sapphire Ventures, and Coatue Management participating across Series C, D, and E rounds as the company scaled from data discovery to comprehensive DSPM platform.

Wiz attracts repeat investment from a16z and Lightspeed Venture Partners, who doubled down from early rounds through the $1B Series E, reflecting confidence in the company's cloud security platform consolidation strategy.

Chainguard shows consistent VC support with Kleiner Perkins and IVP participating in both Series C (2023) and Series D (2025) rounds, betting on growing enterprise demand for secure container supply chains driven by regulatory requirements.

Snyk receives the longest VC commitment, with Accel participating from seed through Series F over multiple years, while Google Ventures provided a $25M extension in April 2024. This pattern reflects VCs' confidence in developer-focused security tools with strong product-market fit and predictable revenue growth.

What is the outlook for DevSecOps investment in 2026?

Total DevSecOps funding is projected to exceed $3B in 2026, with PitchBook forecasting at least 20% year-over-year deal value growth and 10-15% increases in investment volume.

Key drivers include federal SBOM mandates taking effect, EU Cyber Resilience Act implementation creating compliance demand, and AI workload security becoming a board-level priority as enterprises deploy large language models in production.

Investment themes will shift toward AI-agent security and LLM supply chain protection, "shift-everywhere" security embedding across software lifecycles, and zero-trust pipeline architectures that assume compromise at every stage.

Geographic expansion targets APAC markets implementing software bill-of-materials regulations, with increased VC focus on Paris, Berlin, Singapore, and Bengaluru as emerging DevSecOps hubs. Terms evolution favors founder-friendly seed deals under 25% dilution while late-stage rounds require stronger efficiency metrics like Rule of 40 compliance and gross margin proof.

Planning your next move in this new space? Start with a clean visual breakdown of market size, models, and momentum.

Conclusion

Sources

1. Wiz raises $1B at a $12B valuation | TechCrunch
2. Socket raises $40 mln | Reuters
3. Cyera now valued at $6 billion | Axios
4. Chainguard raises $356M | Tech Startups
5. Cyera CEO On Raising $300M | CRN
6. Cyera Raises $300 Million | Cyera
7. Torq raises $70 million | Reuters
8. Google to buy Wiz for $32 billion | Axios
9. Microsoft M12 News
10. Cisco's Strategic Cybersecurity Investments
11. Palo Alto Networks Strategic Acquisitions
12. Q3 2024 Information Security Report | PitchBook