Welcome to the Trident Radar!

We’re back after Christmas and New Year. Hope everyone got some time off!

If November was the market rebalancing, December was the market committing for 2026 with huge platform moves, a wave of AI-agent security, and identity governance pulling in heavyweight capital.

The headline story is obvious: ServiceNow went shopping twice in two weeks.

I know we are in 2026 now, so there will be a yearly roundup out on Friday, put it in your calendar!

Let's dive in.

Trident Talk of the Month!

Mate Security is out of stealth and they’re taking a serious swing at the “infinite SOC equation.”

In our latest Trident Talks episode, Charlee Ryman sat down with Oren Saban (CPO & Co-Founder) to unpack why SOC teams are still drowning in alerts even after a decade of automation promises, and how Mate’s AI SOC agents aim to change the game.

December Overview

ServiceNow just rewrote the playbook for platform M&A
Veza (~$1B) followed by Armis ($7.75B) is a two-week sequence that says one thing: platform buyers are prioritising identity + attack surface as core operating layers for the enterprise.

AI-agent security became a real category, not a thought experiment
Mirror Security, Helmet Security, Multifactor, and WitnessAI all signal the same market reality: enterprises are now deploying agentic workflows faster than they can govern them.

Identity stayed the strongest gravity well
Saviynt’s massive Series B and Veza’s acquisition are the clearest indicators that identity governance and access intelligence aren’t “nice to have” anymore, they are becoming the foundation for secure AI adoption.

Security analytics is still scaling aggressively
Vega’s Series B shows there’s still appetite for new approaches to SecOps analytics, especially when they can unify data without migrations and reduce the SIEM cost curve.

Data security remains a top-budget battleground
Securiti’s buyout and Cyera’s mega-round reinforce the idea that data discovery, classification, privacy and governance are becoming core systems

Deals of the Month

Alot to unpack this month. The largest deals of the month section yet, mostly because a whole lot are worth knowing about!!

Cyera — Later Stage — $1.5B (Blackstone)

Saviynt — Series B — $700M (KKR)

7AI — Series A — $130.6M (Index Ventures)

Vega — Series B — $120M (Accel + Calcalist)

Adaptive — Series B — $81M (Bain Capital)

Zafran — Series C — $60M (Menlo Ventures)

Exein — Growth / Later Stage — €100M (Blue Cloud Ventures).

Prime — Series A — $19.98M (Scale Venture Partners)

Realm Security — Series A — $17M (Presidio Ventures)

Zynap — Seed — €12M (Kibo Ventures + KFund)

Equixly — Series A — €10M (33N Ventures).

Multifactor — Seed — $15M (Nexus Venture Partners)

Helmet Security — Seed — $9M (SYN Ventures)

Mirror Security — Pre-seed — $2.5M (Atlantic Bridge Capital + Sure Valley Ventures)

Ciphero — Pre-seed — $2.5M (Sovereign’s Capital + Chingona Ventures)

Gambit Cyber — Seed — $3.4M (Expeditions Fund)

Xage Security — Extension / Series B3 — $9.65M (Momenta Ventures)

SandGrain — Series A — €13.5M (Innovation Industries)

WitnessAI — Venture (amount undisclosed) (Silver Buckshot)

Major M&A

ServiceNowArmis — $7.75B

ServiceNow Veza — est. ~$1B

ProofpointHornetsecurity — $1.8B LBO

VeeamSecuriti — $1.725B LBO

CellebriteCorellium — $170M

Market Intel Deep Dive

The Rise of Agent-to-Agent Risk (and Why It’s Already Here)

Security teams have spent two decades optimising for two actor types:

  • Humans (employees, contractors, admins)

  • Systems (servers, endpoints, workloads, apps)

But enterprises are now creating a third actor class at scale:

Agents.

Not “bots” in the old sense. Not chat assistants.
Autonomous, tool-using software entities that can:

  • query internal knowledge bases

  • call APIs and execute actions

  • read/write to SaaS platforms

  • pull sensitive data from cloud systems

  • trigger workflows in Slack/Jira/ServiceNow

  • coordinate with other agents to complete multi-step tasks

This is the start of a new operational layer: agent-to-agent connectivity.
And it creates a risk surface most security programmes are not yet structured to manage.

What’s Actually Changed?

Historically, access and identity governance assumed a fairly stable world:

  • users are known

  • permissions change slowly

  • services have predictable roles

  • automation is mostly scripted and centrally owned

Agentic workflows blow that up.

Agents are:

  • ephemeral (spun up, modified, replaced constantly)

  • permission-hungry (they need broad access to be useful)

  • non-deterministic (actions vary based on context and model behaviour)

  • high-frequency (they operate continuously, not in shifts)

  • interconnected (one agent calls another agent, which calls tools, which touches data)

In 2026, the AI security conversation becomes:

“What can our agents do?”

“What can they touch?”

“Who can they impersonate?”

“Can they be tricked into action?”

The winners will be the teams that operationalise:

  • least-privilege for non-human identities

  • runtime controls for agent execution

  • auditability for agent decision chains

  • segmentation of tool access (agents don’t get everything by default)

  • “trust boundaries” between agents and internal systems

Agent-to-agent risk will become the next SOC normal and the companies building for it now will define the category.

Company Spotlight

Not the normal spotlight this week because if December had one defining “spotlight story,” it’s ServiceNow’s two huge deals.

Why These Two Deals Matter Together

On their own:

  • Veza answers: Who (or what) can access what?

  • Armis answers: What’s connected, what’s exposed, what’s risky?

Together, they form a security control plane for the enterprise, esepcially when added to existing tooling.

This is the big pivot in cyber:

  • from dashboards → to governance

  • from posture → to enforcement

  • from “alerts” → to “control of action”

What ServiceNow Is Building

ServiceNow already owns workflow, so the thesis ends up being: if you can map access (Veza) and map assets (Armis), you can drive remediation through workflow.

This is security as an operating layer that can:

  • enforce access governance

  • orchestrate remediation

  • set policies that apply across apps, data and devices

  • govern what AI agents can reach and change

This is why the acquisition logic feels so coherent. AI adoption is accelerating, and “security posture” alone doesn’t govern autonomous systems. ServiceNow is positioning itself as the platform that can.

The Trident Take

The Veza + Armis sequence is one of the strongest indicators we’ve seen that:

  • identity governance is becoming enterprise-critical

  • attack surface intelligence is becoming platform-level

  • AI adoption will force governance and enforcement to merge

Most importantly the future of cybersecurity is not more tools, it’s fewer systems with deeper control.

Hiring Didn’t Slow Down for Christmas

Despite the holiday period, hiring activity stayed strong right through December.

Retained Searches Continue to Deliver
For those less familiar with how we operate, the majority of our work is delivered on a retained basis. We closed the year with a 98% fill rate across retained searches, and December was no exception. Clients continued to move quickly on critical hires despite the calendar slowdown.

A Shift Toward Series B Leadership Hires
Throughout the year we’ve been building GTM teams for early-stage companies. Over the past month, that momentum shifted slightly, with more Series B vendors adding senior commercial leadership to prepare for their next phase of scale.

Interviewing Through the Holidays
While the festive break brought a chance to slow down (hot chocolates included), the market didn’t pause. Our consultants continued working through to the New Year driven by the pace of the industry, with time for family, of course.

Cybersecurity hiring is moving fast, and companies aren’t waiting for January to make decisions.

2026 Predictions

Our 2025 roundup will be out on Friday. This will also include predictions for next year and more!!

Look out for it on the 9th December.

📥 INBOX INTEL

Have market intelligence to share? Our network sees deals before they're announced, hiring freezes before they're public, and technology shifts before they hit the headlines.

Send us your tips:

  • Funding rounds in stealth mode

  • Executive movements and reorganizations

  • Customer wins/losses that signal market shifts

  • Technology partnerships before they're announced

  • Hiring sprees or freezes at specific companies

Email: [email protected]
All sources protected. We verify before we publish.

The Trident Radar - Intelligence that moves faster than your competition
Delivered by Trident Search Research Desk
Editor: Ryan Keeley | London

Share the newsletter

Keep Reading