Cyber attacks are on the rise, not only growing in number but also in sophistication thanks to developments in technologies such as AI.
It comes at a cost: US-based research organisation Cybersecurity Ventures found cyber crime cost businesses and organisations worldwide $9.5tn in 2024, and projected this will rise to $10.5tn in 2025.
As hackers get smarter, however, so are founders. Cybersecurity startups are multiplying to tackle challenges ranging from mitigating vulnerabilities in software code to preventing identity-based attacks like phishing.
VCs are watching closely. Sifted asked investors which non-portfolio companies they’re currently keeping under their watch.
Gabriel de Vinzelles, partner at Frst
Frst is a Paris-based VC investing at seed stage. It has led the first round of companies like Pigment, Poolside, Owkin, Electra and Payfit.
Galink — France
Galink’s AI agents help companies find, evaluate and select secure tech suppliers to reduce third-party cyber risk. Traditionally this process is slow and fragmented, relying on messy data and constant back-and-forth. The technology streamlines the process while adhering to each customer’s specific risk policies.
HelmGuard AI — UK
Cofounded by former Palantir exec John Daley, HelmGuard is an AI ‘agent-builder’ designed for businesses’ cybersecurity teams. The company provides a platform to aggregate enterprises’ security-relevant data, which is typically scattered across lots of different systems. Cyber experts can then launch agents through the platform to help them identify and mitigate risks.
Konvu — France
Founded by three Sqreen alumni — a cybersecurity startup acquired by Datadog in 2021 — Konvu is tackling a well-known but difficult problem: medium and large organisations are overwhelmed by the sheer volume of vulnerabilities flagged daily by their security tools. Its product uses large language models (LLMs) to automate prioritisation and remediation.
Klara AI — UK
Compliance teams at financial institutions must stitch together data from many different sources to stay on top of their companies’ transactions and detect criminal activities. By the time a problem is flagged, it’s often too late. Stealthy startup Klara is building AI agents to automate the low-value part of compliance operations. The technology is similar to what its founder, Annie Gilchrist, previously worked on at Currencycloud, which was recently acquired by Visa.
Nazo Moosa, managing director at Paladin Capital Group
Paladin Capital Group is a US-HQ’d investor with presence in Europe, backing cybersecurity and tech startups at multiple stages.
Aikido Security — Belgium
Aikido Security is a platform consolidating multiple security tools into one, from analysing vulnerabilities in software code to detecting risks in cloud infrastructure. It enables users to seamlessly adopt and scale security tools through self-serve tools, making it a favourite among development teams in small and medium businesses (SMBs).
Unosecur — Germany
Identity control is an area of interest because identity-based attacks like phishing and social engineering are the most common security incidents for enterprises. Unosecur provides an AI-powered platform to monitor identity behaviour and patterns of access to critical assets across businesses, continuously and in real time.
RevEng.AI — UK
RevEng’s platform leverages AI to analyse the integrity of software supply chains. It comes as enterprises face an unprecedented rise in software supply chain attacks — a growing challenge as enterprises rely on open-source components and AI-generated code. In this context it’s essential to understand the ‘ingredients’ that make up software and the potential weaknesses that could be hiding in the supply chain.
Rocio Pillado, partner at Adara Ventures
Adara Ventures is a Spain-based VC backing deeptech startups from seed stage to growth, with a focus on cybersecurity, AI and enterprise software.
Roseman Labs — The Netherlands
Roseman Labs enables privacy-preserving data collaboration between organisations in sensitive sectors like healthcare, government and finance. The technology safely links different datasets together by encrypting data at the source, meaning raw data isn’t shared. This is highly relevant in Europe, where strict data protection laws demand robust privacy measures.
8Layers — Spain
8Layers offers a solution to a growing problem: identity-based attacks in the cloud. The company’s AI-powered platform provides continuous monitoring, detection and response capabilities focused on cloud identity threats.
Chainloop — Spain
Chainloop enhances the traceability of the software development lifecycle. The platform acts as a central secure system capturing data across tools and environments while developers code, and flagging when something is off. This helps teams enforce security policies — a growing concern as regulations like the EU Cyber Resilience Act come into force.
Tenzir — Germany
Tenzir is an open-source analytics platform for cyber attack detection and remediation. Using simple plug-and-play blocks, it integrates into existing enterprise tools to collect security data, detect threats and investigate attacks.
James Baker, investment manager at Amadeus Capital Partners
Amadeus Capital Partners is a UK-based deeptech VC investing at early stage. It has backed more than 180 companies.
Stealthium AI — UK
As AI becomes more deeply embedded in critical infrastructure and decision-making, the ability to monitor adversarial behaviour while systems are running is essential. Stealthium provides a platform for real-time threat detection for machine learning models.
Sense Defence AI — UK
Sense Defence focuses on cybersecurity for web applications. Thanks to cutting-edge AI the company provides a firewall that adapts in real time to evolving threats, offering a scalable solution for businesses facing sophisticated cyberattacks.
Damien Henault, managing director at Forgepoint Capital International
Forgepoint Capital is an early-stage VC firm focusing on cybersecurity, AI and infrastructure software. It is HQ’d in the US and the UK and also has presence in Madrid and Paris.
Astran — France
Cyber incidents are inevitable, and it is critical for organisations to be prepared to ensure business continuity. Astran has developed a technology to help companies identify their core operations and maintain them during crises, with a particular focus on storing and protecting vital data, while also speeding up disaster recovery processes.
Harmonic Security — UK
Harmonic Security provides tools to help enterprises adopt generative AI without compromising their sensitive data. The technology combines advanced AI models to detect sensitive information and analyse AI usage across the business. This allows organisations to harness AI’s benefits while safeguarding data and maintaining compliance.
Saporo — Switzerland
Current tools fail to provide proactive, scalable defence against identity-based attacks. Saporo maps all identity attack paths across enterprises’ environments to help businesses reduce the attack surface and prevent malicious actors from easily accessing critical assets.
Xygeni Security — Spain
In today’s fast-moving software development environments, security must be integrated at the core of the development lifecycle. Xygeni Security has built a platform to automate threat detection, compliance and remediation across the entire software development lifecycle, with a developer-friendly approach.
Clémentine Gazay, senior associate at XAnge
XAnge is an early-stage VC fund based in France and Germany, which invests in tech startups from pre-seed to Series B.
Symbiotic AI — France
Jérôme Robert and Edouard Viot, alumni of cybersecurity companies Alsid and GitGuardian, launched Symbiotic to help developers tackle code security issues without breaking their flow. The startup’s technology sits directly in developers’ code development environment to analyse software in real time and suggest automated fixes, saving coders hundreds of hours.
Zynap — Spain
Zynap is a cybersecurity platform for enterprises that combines threat intelligence from multiple siloed sources and supports operational decisions. The technology can simulate attack scenarios to identify a company’s top risks, as well as help security teams orchestrate attack management actions and develop proactive responses.
Lakera AI — Switzerland
Lakera focuses on protecting AI systems from emerging security threats like prompt injection, which occurs when hackers disguise malicious inputs as legitimate prompts. The platform monitors and blocks adversarial behaviour in real time in LLM-powered applications, helping enterprises deploy AI safely.
François Kergaravat, associate at Iris
Iris is a generalist European investor based in France and Germany, which backs entrepreneurs at venture and growth stages.
Trout Software — France
Trout Software builds security solutions for industrial infrastructure. The company provides a virtual network on top of the existing physical infrastructure to enable users to manage real-time data flows, with a focus on operational simplicity and seamless integration.
Qevlar AI — France
Qevlar leverages AI to support enterprises’ security operations centres (SOCs) — teams of security experts in charge of detecting and investigating cyber threats. The company’s technology automates SOC investigations to help analysts go through the mountain of alerts they face, reducing the number of false positives and enabling experts to focus on complex incidents.
Read the orginal article: https://sifted.eu/articles/22-cybersecurity-startups-to-watch-2025/
