Sensitive data now moves faster than most security teams can track. One startup is taking a different approach: instead of just watching the networks around the data—watch the data itself.
Cyberhaven, a San Jose-based cybersecurity company, just raised $100 million in Series D funding, pushing its valuation past $1 billion. The round was led by StepStone Group, with participation from Schroders, Industry Ventures, and others—reflecting growing investor appetite for technologies that tackle insider threats and data misuse, not just outside-in attacks. This is a shift more companies should be paying attention to.
Traditional security tools were built to defend perimeters. But today, perimeters don’t exist. Employees work from anywhere. Applications live in multi-cloud ecosystems. Generative AI is embedded in daily workflows. Data no longer stays in one place—and neither do risks.
Cyberhaven plans to use the new capital to scale engineering, pursue strategic acquisitions, and expand its go-to-market efforts—targeting Fortune 500s as demand grows for AI-powered data security platforms. Unlike tools focused on endpoints or threat signatures, Cyberhaven’s platform is trained specifically on data movement patterns, tracking how files flow through an organization in real time. Their bet? That tracking data itself—file by file, action by action—is the new frontier in breach prevention.
The platform combines behavioral monitoring with machine learning trained to detect misuse as it happens: a developer pasting source code into an unauthorized tool, or a finance employee uploading sensitive files to a personal drive before giving notice. These aren’t theoretical risks—they’re daily occurrences with billion-dollar consequences.
The timing couldn’t be better. As remote work, SaaS sprawl, and AI reshape how companies operate, static security frameworks are falling behind. The biggest threats increasingly come from within—whether it’s a well-meaning employee violating policy or a hijacked account used as an infiltration point. Cyberhaven flips the traditional model: don’t just guard the gates—follow the data. Data visibility has to match data velocity. And in a world where files move across cloud platforms, productivity suites, and third-party apps in seconds, real-time insight is essential.
Perhaps most importantly, this underscores a broader truth: security is no longer just a technical function—it’s a business imperative. With a single misstep, even a trusted insider can expose IP or customer data. Businesses need tools that offer real-time, in-context guardrails—protection that doesn’t interrupt productivity.
Cyberhaven’s rise signals where enterprise security is heading: Toward intelligent, context-aware defense that adapts to behavior, not just rules. Toward security that travels with the data—not just the device. And toward a future where watching the data isn’t a novelty, but a necessity.