Sweet Security funding fuels the runtime CNAPP war with $75M raise

The cloud security market is officially shifting its focus from static configuration checks to real-time defense, and Sweet Security is capitalizing on the pivot. The company announced today it has secured a massive $75 million Series B funding round, led by Evolution Equity Partners, bringing its total capital raised to $120 million.

This isn't just another cybersecurity funding story; it’s a validation that the industry is moving decisively toward runtime-first protection, and that the explosion of agentic AI is creating a critical new security vector that traditional cloud platforms cannot handle.

Sweet Security, which specializes in Runtime CNAPP (Cloud Native Application Protection Platform), claims hypergrowth metrics that underscore this market shift: a sixfold increase in Annual Recurring Revenue (ARR) and a tenfold rise in enterprise customers over the last year, including multiple Fortune 1000 organizations.

The core argument driving this investment is simple: cloud attacks are dynamic, requiring real-time context rather than static snapshots of infrastructure posture. Sweet’s platform is designed to monitor live behavior, a capability that has become essential as organizations move beyond simple container security and into complex, multi-step attacks.

“Sweet Security stands out in one of the most competitive segments of cybersecurity,” said Richard Seewald, Founder and Managing Partner at Evolution Equity Partners. “The company’s ability to combine real-time cloud protection with AI-powered intelligence is unlike anything else in the market.”

A key differentiator driving the Sweet Security funding is its patented LLM-driven detection engine. By training a large language model to identify anomalous log sessions, the company claims it can dramatically reduce alert noise, down to a staggering 0.04%, while exposing complex attacks that rule-based systems typically miss. This operational efficiency is a massive draw for security teams drowning in false positives.

Securing the Agentic AI Frontier

While the CNAPP market is competitive, Sweet Security is aggressively pioneering a new adjacent category: AI security. As enterprises rapidly deploy agentic AI, models and agents that interact with business-critical data sources, they introduce a host of new risks, from prompt injection to over-permissioned access.

Sweet’s new AI Security Platform (AISP) is designed to bring the same comprehensive insight and control it provides to cloud workloads directly to AI environments. This is a crucial move, as traditional cloud security tools lack the visibility required to understand the behavior of LLMs and autonomous agents.

The platform’s capabilities focus on immediate, practical risks: mapping all AI agents and LLM servers to expose "shadow AI," analyzing agent behavior in real time to flag abnormal activity, and detecting and stopping adversarial attacks like prompt injection through AI-DR (Detection and Response).

“Cloud attacks no longer follow predictable patterns, they evolve dynamically, just like the AI systems enterprises are now building,” said Dror Kashti, co-founder and CEO of Sweet Security. “Protecting those environments demands real-time understanding of how models, agents, and workloads behave, not static snapshots of configurations.”

The $75 million injection from the Sweet Security funding round will be used to accelerate global expansion and product innovation, specifically focusing on unifying the runtime protection of traditional cloud infrastructure with the emerging needs of AI systems.

By bridging these two domains, Sweet is positioning itself as the unified platform for the modern enterprise, promising organizations the ability to deploy high-performing AI systems that are resilient by design, without sacrificing the security of their underlying cloud infrastructure. The message is clear: if you can’t secure the behavior of your live workloads and agents, you can’t secure the cloud.