Cyera

At a glance

Cyera is a privately held data security company founded in December 2020 by Yotam Segev (CEO, formerly head of Unit 8200's cyber department) and Tamar Bar-Ilan (CTO). Headquartered in New York with R&D in Israel. As of March 2026, approximately 1,358 employees across 15 countries. Total funding $1.7 billion across seven rounds, most recently a $400 million Series F in December 2025 led by Blackstone at a $9 billion post-money valuation.

Reported annual recurring revenue exceeded $100 million as of mid-2025; the company claims 3.4x revenue growth in the trailing twelve months but does not publicly disclose current ARR. Customers reported in public materials include AT&T, Peloton, Nordstrom, Chipotle, and Chevron, with Cyera claiming coverage of roughly 20% of the Fortune 500. The platform spans DSPM, Omni DLP, Access Trail, AI-SPM, and AI Protect.

What Cyera actually is

Cyera is best understood as the first pure-play data security vendor to position itself explicitly around AI rather than around legacy DLP heritage or M365 compliance heritage. Founded after the cloud security wave that produced Wiz, Cyera has consistently been compared to Wiz as a category-defining startup, with its co-founder coming from the same Unit 8200 alumni network.

The platform splits into five named products that share a common AI classification engine: DSPM for discovery and classification across cloud, SaaS, on-prem, and DBaaS environments; Omni DLP sitting above existing DLP enforcement points to add AI-based decisioning; Access Trail (launched November 2025) for one-year-retention access event recording; AI-SPM for shadow AI discovery and inventory; and AI Protect for real-time prompt-level controls.

Three architectural choices matter. First, Cyera classifies through sampling and clustering rather than exhaustive scanning. The trade-off — addressed below — is real for compliance use cases. Second, Cyera's classification AI runs within the customer environment using locally-mounted scanner VMs and proprietary models. Cyera explicitly states customer data does not leave the environment for inference. Third, Omni DLP sits above existing DLP rather than replacing it — a pragmatic positioning that reflects how DLP rip-and-replace rarely works in practice.

Cyera is exceptionally strong in the criteria most relevant to cloud-native, AI-era data security, and adequate or weaker in the criteria where established incumbents have operational maturity.

Capability assessment

Strongest capabilities

Cyera's AI-native classification combines pattern matching for known sensitive types with proprietary fine-tuned LLMs (built on FLAN T5 and Mistral foundation models) for context-aware classification of unstructured documents, including business-specific document types. Cyera and Cohesity claim 95%+ classification precision in customer environments. G2 customer reviews consistently cite higher classification accuracy than legacy regex-based tools.

An architectural caveat matters for buyers in regulated industries. Cyera classifies via sampling and clustering rather than exhaustive scanning — genuinely faster but philosophically incompatible with compliance regimes that demand a full inventory of certain data types. Cyera's research paper "Smarter at Scale" defends the architecture; the trade-off is real and warrants direct testing during evaluation.

Evidence: Cyera "Redefining Data Classification" technical paper; Cyera Research Labs publication "Smarter at Scale"; Cohesity-Cyera joint solution brief; G2 customer reviews.

Cyera's agentless cloud architecture and lightweight on-prem connectors produce among the fastest deployments in the category. Marketing claims include 130 TB classified in 24 hours and 100 TB of file server data in under 3 days. Customer reviews on G2 reference "particularly smooth and trouble-free" on-premises deployment compared to alternatives that "cause servers to hang." For organisations whose primary frustration with legacy data security is months-long deployment cycles, this is a clear differentiator.

Evidence: Cyera technical brief; G2 customer reviews; Cohesity joint marketing.

AI-SPM and AI Protect collectively provide the most comprehensive AI-specific data security capability set among pure-play vendors. AI-SPM discovers shadow AI and inventories AI applications and agents. AI Protect (GA November 2025) provides real-time prompt-level controls. Recent additions include Browser Shield for AI, Data Lineage for files, and Cyera MCP. The breadth and recency exceeds most competitors including Microsoft Purview's AI feature set.

Evidence: Cyera press releases November 2025 and February 2026; Cyera platform documentation.

The platform organises findings by business context rather than by technical signal, presents risk in language a CISO can take to a board meeting, and includes a conversational AI assistant ("Cy", launched in private beta November 2025). G2 reviews consistently cite "user-friendly interface" as a top-praised feature. For organisations where the platform must be operated by analysts who are not specialists, this matters more than feature breadth.

Evidence: G2 customer reviews; Cyera platform documentation; primary review of Cyera UI demonstrations.

Adequate capabilities

Discovery breadth is genuinely strong across cloud (AWS, Azure, GCP), SaaS (Microsoft 365, Google Workspace, Salesforce, ServiceNow, Box, Slack), structured databases (Snowflake, Databricks, PostgreSQL, MS SQL), and on-premises file shares (SMB, NetApp, Dell PowerScale). The agentless cloud architecture detects "ghost" data stores that legacy tools miss. The score is 3 rather than 4 because depth for legacy enterprise systems including SAP, Oracle databases beyond DBaaS, and mainframe environments is less mature than the cloud-first story.

Evidence: Cyera technical documentation; integrations page; primary review of competitive discovery scope.

Cyera supports direct actions including revoking public or organisation-wide access (one-click in Microsoft 365), removing public sharing links, masking sensitive data, applying MIP labels, deleting files, and triggering custom workflows. The score is 3 rather than 4 because customer experience varies meaningfully from the marketed capability. A G2 customer reviewing the platform noted "we are currently working on remediating our policies and are interested in learning more about the remediation features," suggesting many customers default to the ServiceNow ticketing integration despite the direct-action capabilities being available.

Evidence: Cyera remediation page; G2 customer reviews; Cyera ServiceNow integration documentation.

Access Trail (launched November 2025) provides detailed access event records correlated with data classification and identity context, retained for one year by default. The platform identifies offending identities with lingering Microsoft 365 access and supports one-click revocation. The score reflects that Access Trail is a recent product addition; buyers comparing against access-governance-led vendors with longer track records should verify Cyera covers their specific scenarios.

Evidence: Cyera Access Trail launch press release November 2025; Cyera platform documentation.

Cyera's TCO profile is among the strongest in the category. Implementation is predominantly vendor-included — customer success and deployment engineering is positioned as part of the subscription rather than as a separately-billed engagement. Rapid time-to-value (days to initial classification, not months) genuinely reduces hidden professional services cost. AI compute runs within Cyera's infrastructure, removing hidden GPU cost from the customer side. The score is 3 rather than 4 because customer reviews note that going from initial deployment to enforced remediation policies takes meaningful time, and because the unusually high subscription pricing reflects significant compute cost passed through.

Evidence: Cyera technical documentation on architecture; G2 customer reviews on time-to-enforcement.

Adequate to weak capabilities

Omni DLP, launched in 2025 following Cyera's acquisition of Trail Security, is positioned as an "adaptive brain" sitting above existing DLP enforcement points rather than as a direct DLP product. The architecture connects to Microsoft Purview, legacy DLP, and other enforcement points to add AI-driven alert prioritisation. Customer testimony cites a 16,000-event false-positive volume reduced to a handful through Omni DLP.

The score reflects three concerns. First, Omni DLP is a correlation and decisioning layer rather than an enforcement product — for organisations seeking primary DLP enforcement, Cyera depends on the underlying enforcement points the customer already has. Second, the AI-driven label and policy recommendations can produce a large number of fine-grained labels that create downstream complexity in the underlying enforcement products. Third, Omni DLP has the shortest production track record of any Cyera capability.

Evidence: Cyera Omni DLP launch documentation; Cyera Trail Security acquisition; primary architectural review.

Cyera covers GDPR, SOC 2, PCI-DSS, HIPAA, and NIST frameworks competently. Compliance evidence generation through Access Trail's one-year retention supports audit-ready reporting. The score reflects that Cyera's compliance framework breadth is materially less than Microsoft Purview's Compliance Manager (350+ frameworks). Buyers in regulated industries with niche framework requirements should verify coverage during evaluation.

Evidence: Cyera Compliance Manager documentation; comparison against Microsoft Purview Compliance Manager.

Company health

Cyera's company health score of 72 / 100 reflects an extraordinarily strong financial trajectory tempered by three material concerns: a private-company reporting profile that limits buyer visibility into renewal economics, a valuation-to-revenue multiple that is high even by recent cyber standards, and an investor-and-incubation context that warrants disclosure.

Financial position and trajectory

Total funding $1.7 billion across seven rounds in five years. Most recent Series F in December 2025 raised $400 million at a $9 billion valuation, led by Blackstone with all prior investors participating. The company reports 3.4x revenue growth in the past year and stated annual recurring revenue exceeded $100 million as of mid-2025.

The valuation-to-revenue ratio warrants direct attention. At $9 billion valuation and $100 million ARR (the most recent publicly disclosed figure), the multiple exceeds 90x — extreme even by elevated recent cyber standards. For comparison, Bank Info Security analysis published December 2025 noted that Varonis trades at $3.85 billion market cap on $551 million in revenue, a multiple of approximately 7x. Buyers evaluating Cyera as a long-term partner should consider how the company will eventually grow into the valuation, since pressure to do so will materially shape product strategy and pricing in the coming years.

Customer evidence and the Cyberstarts disclosure

Customer evidence is genuinely strong — public references include AT&T, Peloton, Nordstrom, Chipotle, Chevron, JLL, Takeda, and BNY. The recent embedding of Cyera DSPM into Cohesity ("Cohesity DSPM, powered by Cyera") and the AWS Security Hub Extended Plan integration are significant third-party validations beyond direct customer wins.

Two qualifications matter. First, as a private company Cyera does not publicly disclose net retention, gross retention, or renewal rates. The customer reference list is curated by the vendor.

Second, Cyera was incubated by Cyberstarts, the Israeli VC firm whose "Sunrise" CISO advisory programme — which paid CISOs at large enterprises up to $250,000 for advice on portfolio companies — was the subject of a Forbes investigation in October 2024 and a Calcalist exposé in June 2024. Cyberstarts suspended compensation payments in June 2024. The controversy is at the investor level, not directly at Cyera, and Cyberstarts and its founder Gili Raanan continue to deny ethical wrongdoing. Cyera is not named in the Forbes investigation as a beneficiary of the Sunrise programme, and there is no public allegation of wrongdoing by Cyera. The disclosure is included in this profile because the controversy affects how readers should interpret the broader Cyberstarts portfolio's customer growth signal during 2022-2024, and because VendorAudit's editorial principle is to surface this kind of context that traditional analyst firms typically avoid.

Strengths and weaknesses

Strengths

AI-native classification is genuinely differentiated and the basis for category leadership. Cyera's classification engine combines pattern matching, ML, and proprietary fine-tuned LLMs to deliver context-aware classification. Customer reviews consistently cite higher precision than legacy regex-based tools and the ability to surface "shadow data" that competitors miss.

Time-to-value is exceptional. Agentless cloud architecture and lightweight on-prem connectors produce initial classification in days rather than months. Combined with vendor-included implementation, total cost of getting to operational maturity is among the lowest in the category.

Comprehensive AI security capabilities. AI-SPM, AI Protect, Browser Shield, and Cyera MCP collectively provide the most complete AI-specific data security capability set among pure-play vendors.

User experience and business-context risk presentation. The platform organises findings by business context, communicates risk in language a CISO can take to a board meeting, and includes a conversational AI assistant for natural-language queries.

Weaknesses

Sampling-based classification is incompatible with some compliance posture requirements. Cyera's clustering-and-sampling architecture is genuinely faster and produces high precision, but is philosophically incompatible with compliance regimes requiring complete inventory of regulated data. Buyers in heavily regulated environments should test this directly during evaluation.

Private-company opacity limits buyer visibility into renewal economics. Cyera does not publicly disclose net retention, gross retention, or renewal rates. Buyers have no public way to validate whether the customer base is expanding through net new spend or whether early growth is coming from initial-deployment land sales.

Investor and incubation context warrants disclosure. Cyera was incubated by Cyberstarts, whose Sunrise CISO advisory programme was the subject of a Forbes investigation in October 2024. The compensation programme was suspended in June 2024. Cyera is not named in the investigation, and there is no allegation of wrongdoing by Cyera, but the context affects how readers should interpret Cyera's customer growth signal during 2022-2024.

Valuation-to-revenue multiple is extreme even by recent cyber standards. At $9 billion valuation and $100 million+ disclosed ARR, the multiple exceeds 90x. The pressure to grow revenue into the valuation will materially shape product strategy and pricing over the coming years. Buyers should assume meaningful pricing changes — likely upward — at renewal and negotiate multi-year price protection.

Best fit / Worst fit

Best fit for

Cloud-native enterprises with substantial data in AWS, Azure, GCP, Snowflake, Databricks, and major SaaS platforms. Organisations adopting Microsoft 365 Copilot or other AI capabilities at scale. Buyers who prioritise fast time-to-value and a low-touch operational model. Organisations with mature security teams but constrained administrative headcount.

Worst fit for

Heavily regulated environments where compliance posture requires complete inventory of regulated data and sampling-based classification will not satisfy auditor sign-off. Organisations whose primary need is mature DLP enforcement across legacy network, email, and endpoint environments. Buyers requiring deep compliance framework coverage beyond GDPR, SOC 2, PCI-DSS, HIPAA, and NIST. Organisations with significant data on legacy enterprise systems including SAP, Oracle databases beyond DBaaS, and mainframe environments. Buyers requiring established renewal-rate transparency and long-track-record vendor stability.

Latest commercial signals — January 2026

In January 2026, Cyera confirmed crossing $100 million ARR (milestone reached in June 2025) alongside the $400 million Series F, bringing total funding to $1.7 billion at a $9 billion valuation. The revenue growth rate was disclosed as 3.4x year-over-year. 20% of the Fortune 500 are now Cyera customers — a significant enterprise penetration figure for a company founded in 2021.

In Q2 2026, Cyera was named a Leader in The Forrester Wave: Sensitive Data Discovery And Classification Solutions. Forrester's stated rationale: "Cyera has a powerful vision to become a decision control layer for data" and is "well-positioned to bring this vision to life quickly with its innovation strategy." This is the most recent independent analyst recognition and the most credible signal of category leadership available from a third-party source.

In April 2026, Cyera acquired Ryft — described as "the first-of-its-kind secure and automated data lake built for AI agents." This extends Cyera's platform from discovery and classification into AI agent data infrastructure, following the pattern of its earlier acquisitions (Otterize for identity authorisation in 2025). The Ryft acquisition signals Cyera's strategic intent: to become the data layer for AI agent deployments, not just the classification and posture layer.

The valuation concern remains: $100M ARR at $9B valuation is 90x ARR — unchanged from our initial assessment. The 3.4x growth rate justifies premium valuation to growth investors; the question for buyers is what happens to contract pricing at renewal once Cyera's growth normalises to industry-standard rates. The company declined to disclose current profitability or burn rate. VendorAudit's position: negotiate annual price escalation caps at first contract signature, regardless of the current commercial posture.

RSA Conference 2026 — three new capabilities

At RSAC 2026 (March 24–26, San Francisco), Cyera announced three new capabilities that materially extend the platform into AI agent security:

Browser Shield for AI — prevents sensitive data exposure at the prompt level within public AI models (ChatGPT, Claude, Gemini, Copilot). When an employee pastes sensitive content into a public AI interface, Browser Shield detects and blocks the exposure in real time, without requiring endpoint agent installation. This directly addresses the shadow AI data exfiltration vector that VendorAudit identifies as the most pervasive operational challenge in the category.

Data Lineage for files — automatically maps how AI agents move and transform files across their lifecycle. As AI agents read, modify, copy, and store files in the course of task execution, Data Lineage builds a continuous audit trail of what data was touched, transformed, and where it ended up. This is the missing piece in most AI governance programmes — most platforms know what data agents can access, but not what they actually did with it.

Cyera MCP — an MCP (Model Context Protocol) server that allows security teams to build their own data security agents using plain-language queries. Security analysts can issue natural language instructions to Cyera's data graph ("show me all sensitive data accessed by AI agents in the last 30 days that isn't covered by a DLP policy") and receive structured, actionable results without writing custom queries. This is the first vendor-built MCP in the DSPM/data security category and reflects Cyera's intent to become the data layer for AI security operations, not just a classification and posture platform.

Cyera CEO Yotam Segev's RSAC blog post contained the most candid vendor observation from the conference floor: one Cyera customer said they would prefer to wait a few months for Cyera to build a capability rather than add a standalone point solution. This is the platform consolidation dynamic VendorAudit has been tracking — buyers are actively reducing vendor count, and established platforms with broad capability are benefiting regardless of whether any individual feature is best-in-class.

Cyberstarts portfolio — conflict analysis

Cyera was incubated by Cyberstarts and remains one of its flagship portfolio companies. Cyberstarts operates the Sunrise Programme — a CISO advisory network whose stated purpose is connecting portfolio companies with enterprise buyers for product validation and early customer acquisition. This is Cyberstarts' explicitly stated model: the conflict is structural and by design, not incidental. Buyers introduced to Cyera through the Cyberstarts CISO network should know that their contact may hold advisory equity, a board seat, or operating partner status at the fund.

VendorAudit cross-referenced Cyera's nine publicly named customers against the Cyberstarts portfolio and known CISO network. Two material findings, graded by evidence quality:

Discovery approach — sampling and clustering, not exhaustive scanning

Cyera's own technical documentation is explicit: "A more efficient approach is to use sampling and clustering. By analyzing representative portions of databases and grouping similar files, it is possible to classify large volumes of data quickly." For on-premises environments specifically, Cyera documents "smart sampling, clustering, and change-based monitoring" as the discovery method.

This is a deliberate architectural choice that enables Cyera's speed and scalability advantages — scanning 130TB in under 24 hours is only achievable with sampling. It is not a flaw; it is a design trade-off. But it has material downstream consequences that buyers must understand before treating Cyera's discovery results as a complete data inventory:

• Compliance completeness: GDPR Article 30 requires a complete record of processing activities. DSAR responses must find all records relating to an individual. A sampling-based inventory cannot guarantee completeness — if the data subject's records fall in the unsampled portion, they will be missed.
• Security blind spots: Data stores not covered by sampling are invisible to the security programme. The sensitive S3 bucket that wasn't in the sample is the one that gets breached.
• AI governance: If your AI model trained on data in the unsampled portion of your data lake, your AI governance programme has a blind spot of exactly that scope. This is the failure mode that makes AI security programmes built on sampling-based DSPM structurally incomplete.
• False confidence: A dashboard showing "3.2M sensitive records discovered" from a sampling approach represents an unknown fraction of the actual estate. The number is not wrong — it is incomplete, without a disclosed confidence interval.

VendorAudit's position: Cyera's sampling approach is well-suited for risk prioritisation and posture management — identifying the highest-risk concentrations quickly and directing remediation effort. It is not a substitute for exhaustive scanning in environments with compliance completeness requirements (GDPR, HIPAA, ASD Essential Eight, PCI DSS) or AI governance mandates. Buyers should ask Cyera specifically: what percentage of data objects are directly inspected versus inferred from clustering in a standard deployment? Get the answer in writing.

Discovery score impact: VendorAudit scores Cyera's discovery criterion at 2/4 (Intelligent sampling) — revised from 4/4. The capability to discover at scale is genuine; the score reflects that the discovery is not exhaustive. See the methodology page for the full scoring framework.