Cyberhaven Secures $100M Funding to Enhance Gen AI and DSPM Features

Cyberhaven, a data protection startup led by former executives from Nutanix and Palo Alto Networks, has successfully raised $100 million to enhance its capabilities in data security posture management (DSPM) and generative AI security. This Series D funding will allow the San Jose, California-based organization to expand beyond its existing proficiency in data detection and response, aiming for comprehensive visibility and control over data both in motion and at rest.

The company’s CEO, Howard Ting, indicated that this investment will address emerging risks associated with prompt-based data exposure as well as access control challenges related to AI tools such as Microsoft Copilot and Glean. “We believe that the data security landscape is evolving toward rapid consolidation,” Ting remarked, emphasizing the need for an integrated platform approach that encompasses a broad range of products to effectively meet diverse customer requirements.

Since its inception in 2015, Cyberhaven has grown to nearly 200 employees and raised a total of $250 million, including an $88 million Series C funding round in June 2024, which was led by Adams Street and Khosla Ventures. Prior to joining Cyberhaven in June 2020, Ting held marketing positions at Nutanix, Palo Alto Networks, and served as a product manager at Cisco.

In response to customer demand for more comprehensive solutions from a single provider, Cyberhaven is working to unify its data-in-motion and data-at-rest security strategies. By doing so, the firm seeks to establish a cohesive data security platform, simplifying the integration of controls and response mechanisms tailored to various data contexts. “Our clients are increasingly requesting assistance with DSPM and generative AI security,” Ting noted, indicating a proactive investment strategy focused on both in-house development and potential acquisitions.

As Cyberhaven navigates the competitive landscape, Ting identifies significant challenges in the realm of generative AI security. These include managing the risks posed by exposing sensitive information to external large language models, such as ChatGPT, and regulating access to internal data processed by AI-driven tools. The company boasts a strong capability in monitoring data in motion, while also developing tools aimed at regulating AI-generated responses linked to unstructured data.

Looking at the competitive environment, Cyberhaven faces traditional data loss prevention vendors, such as Symantec and Forcepoint, alongside modern infrastructure players like CrowdStrike and Zscaler, as well as new entrants in the data security domain. Ting acknowledges that the incumbents often bundle services and offer “good enough” solutions at no cost, yet insists that compromise in data security is not a viable option. “A single mistake can have devastating effects for a business,” he stated, highlighting the need for robust data protection measures.

Historically, Cyberhaven has catered to sectors like technology, pharmaceuticals, and advanced manufacturing, where sensitive intellectual property is at stake. As the firm matures, it is also targeting larger enterprises and branching out into sectors such as energy, healthcare, banking, and retail. This strategic pivot positions Cyberhaven to capitalize on an expanding market characterized by increasing regulatory complexities.

“We’re broadening our reach and gaining traction across more verticals,” Ting explained, underscoring a shift from focusing primarily on mid-market companies to engaging larger enterprises—a trend that has developed significantly over the last few years.