Introduction

In the beginning of Security Yearbook 2020 , I stated that writing a history of an industry in its early stages presents unique challenges. You do not have the advantage of reading and citing other histories. You may miss some fundamental changes that will shape the future of the industry. And, as you go to press, your manuscript is already out of date. On the other hand, an advantage of writing a contemporaneous history is that the pioneers are still living and usually available for interviews.

All that holds true for the nascent security industry spawned by the advent of generative AI. All cybersecurity products are developed in response to new threats, be they bad actors or regulators. To the cautious, GenAI created immediate threats and thus there would be demand for tools driven by attacks against models, the use of AI to create and execute attacks, and the need for controls within the organization to prevent abuse of AI by employees. On top of that, regulators in the EU were quick to respond. The creation of the EU AI Act led to a rapid response from founders to create AI governance solutions. By late 2025, only three years after the introduction of ChatGPT to the world, there were 378 cybersecurity vendors which had taken in a total of $5.7 billion. Twenty-one have already been acquired for a return to stakeholders of $3 billion for the ten for which valuations are known. Nine percent of the 4,010 cybersecurity vendors tracked in the IT-Harvest Dashboard focus on AI Security. An additional 187 legacy vendors have introduced AI Security products.

What you hold in your hand is a history of the AI Security industry and a snapshot of all of the vendors of AI Security products. An apology is offered in advance to any vendors that missed our collection process. The research team at IT-Harvest — Erika, Salaar, and Samuel — scour events, infographics, funding announcements, and news to attempt to capture not just AI Security startups, but all cybersecurity vendors. Our philosophy is to harvest all the data on all the vendors all the time. What started as a massive Google Sheet evolved into a SaaS platform created and maintained by our CTO, Maximillian Schweizer. That makes it possible at any moment to quickly get a complete picture of any sector of the IT security industry. It requires constant curation to track 4,010 vendors and their 11,340 products. Each year there are close to 250 new vendors, as many as 350 acquisitions, a handful of dramatic failures, and sometimes hundreds of vendors that fade away with little notice. Thus, the data for this history of the AI Security industry in its early years is pulled from the IT-Harvest database. Only in 2024 did we add the major category of AI Security to the Dashboard. Before that, a new vendor that addressed AI governance was slotted into GRC. One that protected data used in AI training with homomorphic encryption was categorized under Data Security. A vendor that sought to automate security operations was in the Security Operations category.

The 2025 edition of Security Yearbook was the first to break out AI Security vendors into their own category. There were 86 AI Security companies.

In preparation for writing this book, I pulled a list of all vendors founded in 2022 and beyond. I then went through all 512 vendors to re-categorize those that belonged in AI Security. That brought the total to 295. As I continued to compile the book through the end of the year (and up to the end of February), there were new AI Security vendors coming out of stealth almost every day, often with funding rounds of $20-50 million. By the time we went to press, there were 378 AI Security vendors to write about.

Appropriate to the topic, this book could not have been compiled without AI. The IT-Harvest Dashboard, a platform for researching the entire industry, includes written descriptions of every vendor and every product. We also track founding year and funding rounds. Those descriptions and data, which were derived from multiple passes through various LLMs, were in turn fed to ChatGPT 5.2 to arrive at the descriptions in this book. We have reviewed them all and edited them where needed.

AI, in general, is spawning thousands of startups. There could easily be dozens of AI Security companies that we are not aware of. Updates to our coverage of vendors are posted regularly on the IT-Harvest LinkedIn page (www.linkedin.com/company/it-harvest). There will be a mid-year update to this book published to The IT Industry on Substack (stiennon.substack.com).