Summary
- Cyera has raised $600 million at a $12 billion valuation, led by Evolution Equity Partners.
- The company links the round to enterprise demand for controls over what AI can see and do with data.
- The funding reflects growing demand for data security posture management, identity context, DLP, and agentic AI controls.
Cyera has raised $600 million at a $12 billion valuation, extending the investment surge around data security as enterprises increase their use of AI systems and agents.
The round was led by Evolution Equity Partners, with participation from Cyberstarts, Temasek, and existing investors including Accel, AT&T Ventures, Blackstone, Coatue, Georgian, Lightspeed, Redpoint, Sapphire Ventures, Sequoia Capital, and Spark Capital. The new valuation represents a fourfold increase over the past 18 months.
The company’s funding statement links the round to a practical governance problem: enterprises are adopting AI faster than they can prove what data AI systems can access, what actions they can perform, and how those risks are controlled. According to Cyera’s 2026 research, 68% of organisations cannot distinguish between human activity and AI agent activity inside their own systems.
Over the past year, Cyera has shipped more than 100 product capabilities across data security posture management, privacy, identity, data loss prevention, and agentic security. That product direction reflects where enterprise AI controls are moving: towards data access, permissions, classification, runtime activity, and policy enforcement.
The scale of the round shows how closely AI adoption is now tied to data control. Enterprises want to use copilots, coding assistants, analytics agents, and automated workflows, but those systems inherit the risk of the data and permissions available to them. An AI deployment that cannot be constrained, audited, or monitored can quickly become a data exposure problem.
Traditional data security tools were built around human users, known applications, and relatively static policy assumptions. AI agents complicate that model. They may search across repositories, summarise documents, act on behalf of users, generate code, move between systems, or combine data from multiple business functions. If an agent has excessive access, a prompt injection, compromised identity, or configuration error can expose information at scale.
Data discovery and classification are therefore moving closer to the centre of AI governance. They are prerequisites for deciding where AI can be deployed, which datasets can be used, which workflows need human approval, and what evidence can be shown to auditors, regulators, and customers.
The market is also consolidating around broader platforms. Cyera has been expanding across posture management, privacy, DLP, identity context, and agentic security. That breadth may appeal to large organisations looking to reduce fragmented tooling, but buyers will still need to test whether integrations work across complex estates and whether newer AI security capabilities translate into enforceable controls.
UK and European organisations face a demanding regulatory backdrop. Data protection law already requires appropriate safeguards for personal data. DORA, NIS2, the EU AI Act, the Cyber Resilience Act, and sector rules all add pressure around operational control, third-party assurance, security evidence, and governance. AI adoption makes those obligations harder where organisations cannot identify sensitive data and enforce access consistently.
Cyber budgets are also being pulled towards areas that can support AI adoption while reducing exposure. Data security, identity, access governance, cloud posture, software supply chain evidence, and monitoring of non-human actors are becoming part of the same procurement conversation. Products that help enterprises answer what data exists, who or what can reach it, and how it is being used are moving from compliance support into core infrastructure.
Cyera now has to scale into that expectation. A $12 billion valuation creates pressure to prove that data security can become an operational control layer for AI-heavy enterprises, rather than another disconnected view inside the security stack.
