AI Security investment accelerates as enterprises harden GenAI

The new frontier of cybersecurity funding

AI Security has moved from a niche concern to a board-level budget priority as companies embed generative AI across products and workflows. The market for AI-powered cyber tools and the security of AI systems is projected to expand from roughly $22.4 billion in 2023 to $60.6 billion by 2028, according to industry analysts, reflecting a rapid shift in enterprise spending toward automated detection, model governance, and supply chain controls, according to industry reports.

Unlike past hype cycles, this wave is grounded in two converging needs: using AI to defend sprawling cloud environments at machine speed, and securing the AI itself—models, prompts, training data, and pipelines—against adversarial manipulation and leakage. This builds on broader AI Security trends, including the rise of model risk management, red-teaming-as-a-service, and AI-native threat detection.

Capital flows: mega-rounds, resilience, and M&A

Deal flow has rebounded from 2023’s trough as investors coalesce around high-growth platforms and clear enterprise use cases. In May 2024, cloud security leader Wiz raised $1 billion at a $12 billion valuation to scale AI-driven prevention and posture management across multicloud estates, underscoring investor appetite for security platforms that can operationalize AI at scale, as reported by CNBC.

Beyond headline rounds, late-stage capital is selectively funding companies that secure the AI stack itself—covering model monitoring, adversarial testing, and AI supply chain scanning—while early-stage investors back specialized guardrails for LLM applications. Overall cybersecurity funding showed signs of recovery in 2024, with deal counts and growth rounds stabilizing as buyers prioritized consolidation and ROI, data from analysts shows. Strategic buyers have also been active, with public vendors absorbing niche capabilities in model governance, data lineage, and agent safety to round out platform narratives.

Demand drivers: regulation, risk, and real incidents

Regulatory tailwinds are reshaping procurement. The U.S. government’s AI Risk Management Framework is emerging as a baseline for enterprise controls, emphasizing governance, measurement, and continuous monitoring across model lifecycles; its adoption is expanding into highly regulated sectors, per NIST guidance. In parallel, the EU AI Act’s phased obligations and sectoral rules in finance and healthcare are pushing CISOs and chief data officers to harmonize AI security with existing compliance regimes.

On the threat side, attacks are evolving from classic phishing to prompt injection, data exfiltration via LLM tools, model poisoning in MLOps pipelines, and abuse of AI agents with excessive privileges. That shift is steering budgets toward model provenance, AI-specific vulnerability management, and secure-by-design development kits for product teams. For more on related AI Security developments, enterprises are piloting “trust layers” that combine policy, content filtering, and model firewalls to protect both internal copilots and customer-facing chat interfaces.

Competitive dynamics: platforms vs. pure plays

Hyperscalers and incumbent security vendors are embedding AI across their stacks—automating detection engineering, correlating telemetry, and accelerating response—while courting developers with safer, auditable MLOps. The pitch: unified platforms can collapse tooling sprawl and offer consistent policy enforcement from code to cloud to model.

At the same time, specialist startups are winning beachheads with deeper AI-native capabilities: red teaming for LLMs, watermarking and content authenticity, model cards and continuous validation, and supply chain scanners that map model dependencies like any other SBOM. Expect partnerships to proliferate—platforms integrating specialist controls via marketplaces and APIs—as buyers prefer modular adoption that doesn’t strand prior investments.

Outlook: disciplined growth and standardization ahead

Over the next 12–24 months, spending will be disciplined but expansive, with boards asking for measurable risk reduction—fewer incidents, faster MTTR, and demonstrable control coverage for AI use cases. The most resilient categories are likely to be model governance (AI TRiSM), cloud-to-model posture management, and secure LLM application development, all of which tie directly to audit requirements and developer velocity.

Standardization will accelerate. Expect procurement checklists to coalesce around frameworks like NIST’s AI RMF, more rigorous model evaluations in RFPs, and tighter mapping between AI controls and existing security frameworks. As the stack matures, winners will be those who bridge builders and defenders—offering guardrails that product teams love, with the telemetry and policy hooks security leaders need to satisfy regulators and insurers.