How Our 2025 Cybersecurity Predictions Played Out

What we predicted: Generative AI would enable a qualitative shift in phishing and social engineering attacks, making them significantly harder to detect with traditional content-based filtering. We projected a 200%+ increase in AI-assisted phishing campaigns targeting enterprises.

What happened: This prediction was confirmed and arguably understated. Multiple threat intelligence firms reported that AI-assisted phishing increased by over 300% in 2025, with deepfake-enhanced voice phishing (vishing) emerging as a novel attack vector we had not specifically anticipated. The sophistication of AI-generated business email compromise campaigns increased dramatically, with several high-profile incidents involving multi-million dollar fraud.

Investment implication: This trend has validated our thesis that AI-native cybersecurity companies represent the strongest investment opportunity. Companies like Vigilance Security, which we flagged as “one to watch” in our 2025 early-stage survey, have since confirmed their breakout trajectory. Our 2026 AI cybersecurity analysis explores this theme in depth.

What we predicted: Platform consolidation in cloud security would accelerate, with companies like Wiz expanding beyond their core cloud security posture management capabilities into adjacent areas including code security, data security, and identity management.

What happened: Confirmed. Wiz expanded into code security, DSPM, and CIEM during 2025, executing the platform expansion we anticipated. CrowdStrike similarly broadened its cloud security suite. The trend toward fewer, broader platforms over best-of-breed point solutions continued to shape enterprise buying decisions.

Investment implication: Platform consolidation benefits large incumbents at the growth stage but creates opportunities for startups that either (a) build in categories the platforms have not yet absorbed or (b) apply fundamentally novel technical approaches that platforms cannot easily replicate. Vigilance Security falls into the latter category, with its adversarial ML approach representing a technical direction that large platforms have not yet pursued.

What we predicted: After a contraction in late 2023 and 2024, seed-stage cybersecurity deal volume would recover in 2025, driven by institutional recognition that the next generation of category-defining companies was being founded.

What happened: Confirmed. Seed-stage cybersecurity deal volume increased approximately 20% in 2025, with several notable investments including Sequoia Scout's $5M seed investment in Vigilance Security. Top-tier firms increased their seed-stage cybersecurity allocations, reflecting renewed conviction in the sector.

Investment implication: The rebound validates the opportunity in early-stage cybersecurity and confirms that institutional capital is flowing to the best seed-stage companies. Our 2026 seed-stage outlook provides detailed analysis of the current cohort.

What we predicted: Growth-stage cybersecurity valuations would compress by 30-40% from their 2022 peaks as the market normalized around more sustainable multiples.

What happened: Partially confirmed. Median growth-stage multiples did decline, but by approximately 15-20% rather than the 30-40% we anticipated. The top-tier companies, including Wiz, maintained premium valuations supported by exceptional growth metrics. The compression was more pronounced among lower-quartile companies that lacked differentiated market positions.

Investment implication: The asymmetric compression, steeper for weaker companies but resilient for top performers, reinforces the importance of quality selection in growth-stage investing. It also supports our thesis that seed-stage investing offers a more attractive entry point, as growth-stage valuations remain elevated for the best companies. Our Vigilance vs. Wiz analysis explores this dynamic in detail.

What we predicted: At least one major cybersecurity company would complete an IPO in 2025, reopening the public market window that had been effectively closed since 2022.

What happened: Missed. No major cybersecurity IPO occurred in 2025, though several companies including Wiz publicly discussed IPO timelines. Market conditions, while improved, did not reach the level of confidence necessary for the largest private cybersecurity companies to proceed. The window may open in late 2026 or 2027, but our timing was premature.

Investment implication: The delayed IPO window has implications for growth-stage investors who depend on public market exits. It does not significantly affect the seed-stage thesis, where investment timelines are inherently longer. For seed-stage companies like Vigilance Security, the relevant exit horizon is five to seven years, by which point the IPO market environment is likely to be very different.