最近融资 01
$60M Series E extension [CO020] 尽调报告
Aqua Security
Aqua Security:云原生安全尽调报告
Aqua Security 仍是可信的 CNAPP 先行者,拥有 Trivy 驱动的分发、运行时 / 容器深度和真实企业触达;但 2021 年独角兽轮以来估值持平、2025 年重组、私营公司披露缺口长期存在,在私下尽调证明 ARR、留存、利润率和现金效率显著强于公开记录前,应维持观察建议和偏高估值判断。
封面要素
公司概况
Aqua Security 是一家云原生安全公司,2015 创立,总部位于 Boston, Massachusetts 和 Ramat Gan, Israel。Dror Davidoff 与 Amir Jerbi 共同创办公司,并带领 Aqua 完成 2021 年以独角兽估值进行的 Series E 和 January 2024 扩展轮;November 2025 领导层交接时,两人转任战略顾问,Mike Dube 升任首席执行官。Aqua 的商业定位围绕从代码到云再到提示词的 CNAPP 平台展开,覆盖软件供应链安全、安全态势管理、漏洞管理、运行时防护和 AI 工作负载安全。Trivy 是公司最重要的开源分发资产,把 Aqua 延伸进开发者和 DevSecOps 工作流。官方公司发布称,截至 January 2024,Aqua 累计融资 $325M,服务超过 500 家企业客户,其中包括 Fortune 100 的 40%。
- 成立时间
- 2015-01-01
- 创始人
- Dror Davidoff, Amir Jerbi
- 创立地点
- Ramat Gan, Israel
- 总部
- Boston, Massachusetts, USA / Ramat Gan, Israel
- 产品
- Aqua Platform 定位为全生命周期 CNAPP,保护应用从代码到云再到提示词的全过程。公开材料称平台覆盖软件供应链安全、安全态势管理、漏洞管理、运行时安全和 AI 工作负载防护;Trivy 则作为公司的开源扫描器,面向代码库、容器镜像、Kubernetes 和云目标,检查漏洞、配置错误、密钥、SBOM 及相关制品。
- 客户
- 大型企业、受监管的金融服务机构、政府机构,以及运营多云、Kubernetes、容器和软件供应链环境的云原生产品团队。
- 商业模式
- 围绕 Aqua Platform 销售企业订阅软件,并借助 Trivy 的开源采用,以及 AWS、Azure 等合作伙伴 / marketplace 渠道放大触达。
- 阶段
- Late-stage private (no public listing; last disclosed financing Jan 2024)
- 融资情况
- Aqua 在 January 2024 宣布 Series E 的 $60M 扩展轮,估值高于 $1B,官方披露的累计融资增至 $325M。此前一轮主要融资是 March 2021 的 $135M Series E,首次确立独角兽估值。
执行摘要
主要优势
- Aqua 很早切入容器和云原生安全,如今仍能讲出可信的 code-to-cloud 平台故事,并保有运行时深度。
- Trivy 给了 Aqua 强大的开源楔子,切入开发者和 DevSecOps 工作流;许多商业竞争对手很难复制这一入口。
- 官方披露支撑了有意义的规模:500+ 家企业客户、覆盖 Fortune 100 的 40%,且银行业渗透率强。
- 公司通过 2024 年 1 月扩展轮保住独角兽身份,并仍能借助合作伙伴和 marketplace 渠道获得战略生态支持。
- 2025 年 Akamai 合作和 AI-security 叙事显示 Aqua 仍在延展产品故事,而不是单纯收割传统容器细分市场。
主要风险
- Aqua 最后一次公开披露估值是在 2024 年 1 月仍高于 $1B,而不是明确高于 2021 年独角兽基准重新定价。
- Wiz、Palo Alto Networks、CrowdStrike、Fortinet / Lacework、Orca、Sysdig 和 Snyk 都在 CNAPP 中加剧平台、捆绑和采购压力。
- 2025 年领导层更替和多轮裁员带来执行风险,也让增长质量、文化和现金跑道纪律受到质疑。
- 公开财务披露太薄,无法有信心承销普通股:ARR、NRR、毛利率、烧钱速度、现金跑道和优先权条款均未披露。
- Aqua 通过 Trivy 取得的开源成功也可能压缩付费扫描器差异化,除非运行时、平台工作流和企业响应层继续赢单。
未决问题
- 当前 ARR / 收入、NRR、毛利率、烧钱速度和现金跑道均未公开披露或审计。
- 股权结构表、优先股堆叠和 2024 年扩展轮具体条款均未公开。
- 官方未披露员工数,且 2025 年末第三方估计差异很大,因此当前员工数仍未解决。
- 客户集中度、续约节奏和 marketplace 到付费的转化对外不可见。
- 公开证据不足以判断 AI-security 扩张已经是有意义的商业增长向量,还是主要停留在叙事层面。
目录
01公司概况
1.1 身份、产品边界与分发足迹
Aqua Security 创立于 2015,在当前公司标准简介中把 Boston, Massachusetts 和 Ramat Gan, Israel 列为总部。公司把自己定位为云原生应用安全提供商,覆盖从代码到云再到提示词的生命周期。当前首页和产品材料将平台归为代码安全、运行时防护和安全态势管理几块;更广的平台描述则强调,Aqua 用无代理与基于代理的控制覆盖软件供应链、云基础设施和实时工作负载。 Aqua 最强的生态资产是 Trivy,这款开源扫描器也是 Aqua 自己强调的重要采用切入点。已审阅的 Trivy 材料和 GitHub 文档显示,它覆盖漏洞、配置错误、密钥、SBOM、代码库、容器镜像和 Kubernetes 集群。Aqua 的商业分发也相当清晰,渠道包括自有合作伙伴计划、AWS Marketplace、Microsoft Azure Marketplace、Red Hat 合作伙伴目录,以及 Cisco 的技术联盟材料。合在一起,这些来源支持一个判断:Aqua 的商业模式围绕企业云安全软件展开,通过直销、渠道、marketplace 和生态伙伴销售,而不是狭窄的单点产品。[CO001, CO002, CO003, CO004, CO005, CO006]
Aqua 的平台广度、开源切入点、客户、资本和领导层如何相互咬合。
[CO002, CO004, CO008, CO009, CO020, CO022]1.2 创始人、领导层交接与治理状态
即使 November 2025 已完成正式交接,Aqua 的创始领导层仍是公司叙事的核心。曾任 CEO 的联合创始人 Dror Davidoff 和曾任 CTO 的联合创始人 Amir Jerbi 都退出日常高管岗位,转任战略顾问。公司把总裁兼首席营收官 Mike Dube 提拔为 CEO,并将工程高级副总裁 Nir Makowski 提拔为首席产品与技术官。Aqua 将这次交接描述为进入下一阶段增长和全球扩张的计划动作,而非创始人离场。 Dube 的背景更偏 GTM 执行,而不是创始产品愿景:Aqua 称他曾在 CrowdStrike、Splunk、Cybereason 和 Check Point 担任高级职务。这让他适合扩张企业销售,但也加大了公司对 Makowski 以及仍有影响力的创始人在技术连续性上的关键人依赖。公开材料只能看到部分治理情况。已审阅的官方和第三方来源识别出创始人、投资方和高管变动,但没有披露当前董事会名单、创始人持股比例或正式继任条款。领导层调整之后,这些缺口都是实质性尽调问题。[CO010, CO011, CO012, CO013, CO014, CO015]
| 人物 | 职务 | 背景 | 职能覆盖 | 关键人依赖 |
|---|---|---|---|---|
| Dror Davidoff | 联合创始人;前 CEO;战略顾问 | 自创立起领导 Aqua,直至 2025 年 11 月交接 | 创始人愿景、投资人叙事、产品品类框定 | 高——即便退出日常管理,创始人信用仍重要 |
| Amir Jerbi | 联合创始人;前 CTO;战略顾问 | 领导技术战略直至同一次 2025 年交接 | 架构延续、产品深度、创始人技术判断 | 高——创始人的技术影响似乎仍通过顾问角色延续 |
| Mike Dube | CEO | 由总裁兼 CRO 晋升;此前在 CrowdStrike、Splunk、Cybereason 和 Check Point 担任销售领导职务 | 企业市场拓展、客户扩张、执行纪律 | 高——目前是主要运营高管和对外管理层面孔 |
| Nir Makowski | 首席产品与技术官 | 在 2025 年交接中由工程高级副总裁晋升 | 产品路线图、工程执行、创始人 CTO 退后后的技术延续 | 高——在领导层交接期维持技术动能的核心人物 |
公开材料确认了创始人向职业经理人的交接,但未披露董事会构成、创始人持股或继任治理条款。因此,即便形式交接已完成,关键人风险仍然偏高。
[CO010, CO011, CO012, CO013, CO014, CO015]1.3 融资历史、投资方基础与利益相关方图谱
Aqua 公开可防守的融资历史由三个官方里程碑支撑。2019 Series C 新增 $62M,累计融资超过 $100M。March 2021 Series E 新增 $135M,估值高于 $1B,披露的累计融资升至 $265M。January 2024 扩展轮再增 $60M,由 Evolution Equity Partners 领投,Insight Partners、Lightspeed Venture Partners 和 StepStone Group 参与,使披露的累计融资达到 $325M,同时估值仍高于 $1B。 在已审阅的官方轮次中,Aqua 披露的投资方包括 ION Crossover Partners、Evolution Equity Partners、Insight Partners、Lightspeed Venture Partners、StepStone Group、TLV Partners、Greenspring Associates、Acrew Capital 和 M12。Aqua 的 about 页面还把 Shlomo Kramer 列为投资者。同样重要的是未公开部分:没有已审阅来源披露股权结构表、清算优先权、创始人持股、老股占比或债务工具。作为第一章的规范事实,官方 $325M 累计融资比后续 Calcalist 报道的约 $235M 更强;这些第三方数字保留为冲突项,而不是采纳为事实基准。[CO017, CO018, CO019, CO020, CO021, CO036]
| 利益相关方 | 角色 | 控制权 / 经济重要性 | 公开信号 | 尽调问题 |
|---|---|---|---|---|
| Dror Davidoff | 联合创始人;战略顾问 | 可能仍是重要股东和文化锚点,但当前持股未披露 | 2025 年 11 月正式由 CEO 转为战略顾问 | 索取当前持股、董事会角色和保留事项影响力 |
| Amir Jerbi | 联合创始人;战略顾问 | 可能仍保有技术与经济影响力,但未找到当前持股披露 | 2025 年 11 月正式由 CTO 转为战略顾问 | 索取当前持股、IP 治理角色和任何否决权 |
| Mike Dube | CEO | 运营控制权现集中于新任 CEO | 正式由总裁 / CRO 晋升为 CEO | 索取雇佣协议、激励方案和绩效里程碑 |
| Evolution Equity Partners | 2024 年延伸轮领投方 | 最新披露轮次中最新具名领投资本方 | Evolution Equity 领投,估值 >$1B 的 $60M 延伸轮 | 索取董事席位、持股比例和任何优先条款 |
| ION Crossover Partners | 2021 年 Series E 领投方 | 锚定了让 Aqua 首次超过 $1B 估值的轮次 | ION 于 2021 年 3 月领投 $135M Series E | 索取当前持股和任何按比例跟投权或治理权 |
| Insight Partners | 多轮既有投资人 | 出现在 2021 和 2024 年披露的投资团中 | 参与 Series E 及其 2024 年延伸轮 | 厘清累计持股,以及 Insight 是否拥有董事席位或观察员权 |
| Lightspeed Venture Partners | 多轮既有投资人 | 官方轮次中反复出现的投资人 | 在 2021 和 2024 年官方轮次披露中均被具名 | 厘清持股、储备资金,以及在未来融资策略中的角色 |
| M12 / Microsoft | 2021 年轮次既有投资人 | 资本之外还有战略生态价值 | 在官方 Series E 披露中以 M12 名义出现 | 确认 Microsoft 关系是否带有商业或渠道承诺 |
| Shlomo Kramer | 关于页面列示的投资人 | 可能是具有战略价值的网络安全人脉型支持者,但持股未披露 | 官方关于页面在「Our Investors」下列出他 | 确认这是直接股权、SPV 敞口还是顾问关系 |
本表是基于公开信号的利益相关方图谱,不是重建后的股权结构表。控制权、董事席位、期权池经济性、债务契约和任何老股出售仍未核验。
[CO012, CO015, CO017, CO018, CO019, CO020]1.4 客户规模、封面指标与明确不支持的数字
Aqua 最强的官方规模指标来自 January 2024 融资发布。公司当时称,全球已有超过 500 家企业客户,其中包括 Fortune 100 的 40%,并服务北美前 10 大银行中的 6 家、加拿大前 7 大银行中的 6 家。客户页面提供了定性广度而非硬数量,展示了政府、金融、能源、旅游科技、软件和零售等领域的证明点。TechCrunch 的后续报道还引用 PayPal、Netflix 和 Samsung 作为公司声称的客户。 Aqua 还称 2023 新业务增长 65%,而 2021 Series E 发布称,公司 2020 付费客户翻倍,并已拥有半打 ARR 超过 $1M 的客户。这些信号支持真实的商业成熟度,2024 奖项和 Trivy 的持续存在感也同样支持这一点。不过,本章审阅的官方一手来源没有披露当前收入、ARR、毛利率、NRR 或员工数。找到的唯一收入数字信号是 GetLatka 报道的 2024 收入 $89.9M;员工数信号在 GetLatka 和 Calcalist 之间存在实质冲突。因此,KPI 表在有官方数字时保留官方口径,并把收入和员工数标为未获支持或存在冲突,而不是伪装成精确值。[CO022, CO023, CO024, CO025, CO028, CO029]
| 指标 | 数值 / 状态 | 日期 | 置信度 | 缺口 / 尽调问题 |
|---|---|---|---|---|
| 成立 | 2015 | 2015 | 高 | 无——公司 2021、2024 和 2025 年官方公告均反复提及 |
| 总部 | Boston, MA 与 Ramat Gan, Israel | 2025-11 | 高 | 无——官方公司标准简介反复提及 |
| 现任 CEO | Mike Dube | 2025-11 | 高 | 核验经董事会批准的继任方案和 KPI 权责范围 |
| 披露属性 | 风投支持的私营独角兽 | 2024-01 | 中 | 索取股权结构表、董事席位和任何债务 / 授信协议 |
| 累计融资(官方) | $325M | 2024-01 | 高 | 与 Calcalist 后续援引约 $235M 的报道核对 |
| 最新披露估值 | >$1B | 2024-01 | 高 | 未找到后续独立估值披露 |
| 最新披露融资 | Evolution Equity 领投的 $60M Series E 延伸轮 | 2024-01 | 高 | 厘清 2024 年以来新股 / 老股组合是否变化 |
| 企业客户 | 500+ | 2024-01 | 中 | 公司声称;索取留存和队列拆分 |
| Fortune 100 渗透率 | 40% | 2025-11 | 中 | 公司声称;询问准确账户数和活跃产品口径 |
| 收入 / ARR | 2026-05 | 低 | 当前无官方披露;GetLatka 报告 2024 年收入 $89.9M,但方法不透明 | |
| 员工数 | 2026-05 | 低 | 无官方数字;第三方信号在约 360、约 450 和 543 名员工之间冲突 | |
| 开源楔子 | Trivy | 2026-05 | 中 | 量化 OSS 到付费转化率和社区贡献结构 |
官方公司公告锚定了创立日期、总部、融资、估值和客户数说法。收入和员工数仍缺乏一手披露支持,因此保留为空值,并附上明确的第三方背景,而不是作为事实断言。
[CO001, CO012, CO020, CO022, CO023, CO031]截至 2026 年标准运行日,Aqua Security 的高层成熟度和风险信号。
收入和员工数故意呈现为缺乏支撑 / 相互冲突的信号,而不是折算成单一数字估计。图中优先采用官方客户和资本披露,而非更薄弱的第三方运营指标。
[CO004, CO020, CO022, CO024, CO027, CO031]1.5 里程碑时间线与反向信号
Aqua 有日期支撑的公开时间线显示,公司早期确立品类领导地位,经过数轮融资扩张,随后进入更复杂的 2025 阶段。核心时间线从 2015 创立,到 2019 Series C,再到 2021 以独角兽估值完成 Series E,之后出现 Trivy 相关开源牵引里程碑,并进入 2024 资本扩展轮;该轮让 Aqua 维持 $1B 以上估值,也正式确认 500+ 企业客户和 40% Fortune 100 渗透率。 2025 记录同时增加了正面和警示信号。Aqua 在 July 2025 宣布与 Akamai 围绕 AI 应用安全建立战略合作,随后在 November 2025 执行计划中的领导层交接。但 Calcalist 也在 December 2025 报道,公司继续重组并再次裁员,同时给出了存在争议的融资和员工数总额。这些报道不能推翻官方融资记录,但对尽调很重要,因为它们暗示领导层更替后存在执行压力和成本纪律问题。已审阅公开来源没有识别出单独的重大监管里程碑,因此时间线聚焦于能用本地证据定日、可防守的公开创立、融资、产品、合作、治理、规模和反向事件。[CO017, CO018, CO019, CO020, CO026, CO027]
| 日期 | 事件 | 类型 | 金额 / 估值 / 状态 | 参与方 | 含义 |
|---|---|---|---|---|---|
| 2015 | Aqua Security 成立 | 创立 | 公司成立 | Dror Davidoff;Amir Jerbi | 奠定所有后续章节使用的标准创立日期和创始人组合 |
| 2019 | $62M Series C 轮;累计融资升至 $100M 以上 | 融资 | $62M;累计 >$100M | Aqua Security 和 Series C 投资人 | 标志着首次披露的 $100M 以上融资里程碑 |
| 2021-03 | $135M Series E 轮,独角兽估值 | 融资 | $135M;估值 >$1B;累计 $265M | 投资方:ION Crossover;M12;Lightspeed;Insight;TLV;Greenspring;Acrew | 确立 Aqua 的独角兽身份,并扩大机构投资人基础 |
| 2021-03 | Trivy 采用量超过翻倍 | 产品 | Harbor / GitLab / CNCF Artifact Hub 默认扫描器动能 | Aqua;GitLab;Harbor;CNCF | 显示开源分发是战略护城河,而不是副项目 |
| 2024-01 | $60M Series E 延伸轮完成 | 融资 | $60M;估值 >$1B;累计 $325M | 投资方:Evolution Equity;Insight;Lightspeed;StepStone | 在不改变独角兽状态的情况下刷新资本基础 |
| 2024-01 | 披露 500+ 企业客户和 Fortune 100 的 40% | 规模 | 500+ 企业;Fortune 100 的 40% | Aqua 客户基础 | 为后续章节提供最强官方客户规模基准 |
| 2024 | Aqua 发布多项公开认可 | 规模 | 奖项:CRN Cloud 100;Built In Best Workplaces;CyberSecurity Breakthrough | 来源:CRN;Built In;CyberSecurity Breakthrough | 释放品类可见度和伙伴市场信用信号 |
| 2025-07 | 宣布 Akamai AI 安全合作 | 合作 | 集成的 AI 工作负载到边缘安全 | Aqua Security;Akamai Technologies | 将产品故事从云原生安全延伸到 AI 应用保护 |
| 2025-11 | 领导层交接生效 | 治理 | Mike Dube 被任命为 CEO;Nir Makowski 被任命为首席产品与技术官 | 相关人员:Mike Dube;Nir Makowski;Dror Davidoff;Amir Jerbi | 标志着已审阅公开来源中最清晰的治理变化 |
| 2025-12 | Calcalist 报道又一轮裁员 | 反向 | 数十人被裁;公司被描述为约 360 名员工 | Aqua Security;Calcalist | 引入重组风险,并引发对交接后运营节奏的疑问 |
里程碑只限于可由已审阅本地来源支持的有日期事件。反向裁员行保留为一条报道信号,而不是作为公司确认的指标基准。
[CO001, CO017, CO018, CO019, CO020, CO022]从创立到 2025 年末重组期的公司里程碑。
[CO017, CO018, CO019, CO020, CO022, CO024]02市场分析
2.1 市场边界与相邻领域
Aqua 位于较窄的 CNAPP 层,而不是整个云安全宇宙,因此本章先定义市场,再引用任何 TAM。TechTarget 的独立定义把 CNAPP 锚定为一个打包平台,横跨云基础设施、云原生应用和云工作负载;Aqua 自己的 academy 则把这个包扩展到左移扫描、CSPM、KSPM、CIEM 和运行时云工作负载防护。这些定义很重要,因为它们把软件供应链安全和运行时控制拉入可服务范围,但并不支持把每一项云安全预算都当成核心 CNAPP 支出。广义云安全类别仍包括 IAM、加密、Web 与邮件安全、托管服务,以及其他会触达同一买方但不能替代 Aqua 的控制项。Aqua 自身材料、Microsoft 的 marketplace 上架页和 Cisco 的联盟页面都强化了一点:它的卖点是为受监管、多云、容器密集型企业提供统一生命周期覆盖。因此,估值上实用的市场边界应是现代应用资产的集成代码、安全态势、权限和运行时安全;软件供应链安全是强相邻领域,而不是核心品类的完整替代。[CM001, CM002, CM003, CM004, CM005, CM006]
| 类别 | 纳入的支出 / 活动 | 排除或相邻支出 | 主要买方 / 付款方 | 为什么对 Aqua 重要 |
|---|---|---|---|---|
| 核心 CNAPP | 整合从代码到云的平台,结合态势、工作负载、权限、Kubernetes 和左移控制。 | 通用云 IAM、邮件 / Web 或仅网络工具。 | CISO 或云安全负责人;中央安全预算。 | 与 Aqua 的平台定位和可比公司集合直接匹配。 |
| CSPM / KSPM / CIEM | 覆盖云资产的配置、权限和 Kubernetes 态势控制。 | 没有运行时或代码上下文的独立态势工具。 | 云 / 平台安全;共享安全平台预算。 | CNAPP 内常见的落地后扩张入口。 |
| CWPP / 运行时安全 | 工作负载、容器、VM 和无服务器运行时保护,加上检测与响应。 | 纯终端 EDR 或仅网络工具。 | 安全运营和工作负载负责人。 | 历史前身品类,也是当前差异化区域。 |
| 软件供应链 / AppSec | SCA、SAST、IaC 扫描、SBOM 和开发者工作流安全。 | 没有云 / 运行时连接的通用 AST 套件。 | AppSec 和 DevSecOps 项目负责人。 | 塑造 SAM 的相邻领域,但不等同于核心 CNAPP。 |
| 广义云安全 | CASB、加密、IAM、Web / 邮件安全、网络安全、托管服务和合规工具。 | 总网络安全支出和非云安全品类。 | 多个 IT 和安全预算负责人。 | 可作为有用上限,但过宽,不能当作 Aqua 的 TAM。 |
边界行结合了第三方定义和章节综合;纳入与排除的支出是分析口径,而不是正式供应商分类法。
[CM001, CM003, CM004, CM005, CM007, CM009]最稳妥的视角是从广义云安全预算收窄到集成 CNAPP,再收窄到 Aqua 面向受监管多云企业的楔形市场。
各层混合了不同年份和范围的来源;这张图展示边界,不是数学汇总。
[CM010, CM012, CM013, CM014, CM017, CM045]2.2 规模测算视角与矛盾
规模证据支持区间,而不是一个精确 TAM。MarketsandMarkets 给出最窄的第三方视角,预计 CNAPP 到 2027 达到 USD 19.3 billion,并显示更早的 CWPP 前身品类到 2023 仅达到 USD 6.70 billion。Grand View 和 Allied 发布的云安全预测大得多,但这些数字覆盖更宽的支出池和更长周期:2022-2024 基准年约 USD 35.8 billion 至 USD 35.84 billion,增长到 2030 的 USD 75.26 billion 或 2032 的 USD 125.8 billion。National CIO Review 引用 Gartner 的 USD 213 billion 2025 安全支出大伞更宽,最好只当作预算存在的证据,而不是 Aqua 的品类 TAM。因此,矛盾在方法上,不必然在事实上。狭义 CNAPP 视角适合严格品类口径;更宽的云安全视角则捕捉一个 Aqua 这类平台可能随时间影响或整合的相邻安全态势、控制和合规支出。公开证据仍不足以有把握隔离 Aqua 的 SAM 或 SOM,所以本章明确保留这个缺口,而不是把它抹平。[CM010, CM011, CM012, CM013, CM014, CM015]
| 视角 / 发布方 | 年份 / 版本 | 范围 | 数值 / 预测 | 增长 | 用途 | 主要限制 |
|---|---|---|---|---|---|---|
| CNAPP - MarketsandMarkets | 2022 年发布,预测至 2027 年 | 全球 CNAPP 类别 | 2027 年达到 USD 19.3B | 19.9% CAGR | 最佳狭义第三方 CNAPP 视角 | 单一分析师来源,且只给终点预测 |
| CWPP 前身 - MarketsandMarkets | 2018 年发布,预测至 2023 年 | 全球 CWPP 类别 | 2023 年由 2018 年的 USD 2.25B 增至 USD 6.70B | 24.4% CAGR | 展示前身品类规模 | 较老品类和较老年份;不是当前 CNAPP 市场 |
| 云安全 - Grand View | 2024 年估计 / 2030 年预测 | 全球云安全市场 | 2024 年 USD 35.84B;2030 年达到 USD 75.26B | 13.3% CAGR(2025-2030) | 有用的相邻支出基准情景 | 比核心 CNAPP 更宽,且包含多个非替代控制 |
| 云安全 - Allied | 2022 年基准 / 2032 年预测 | 全球云安全市场 | 2022 年 USD 35.8B;2032 年达到 USD 125.8B | 13.6% CAGR | 高端相邻市场视角 | 范围更宽,周期也长于 Aqua 核心品类 |
| 安全支出总口径 - Gartner via National CIO Review | 2025 | 全球信息安全和风险管理支出 | 2025 年 USD 213B | n/a | 展示安全负责人可动用的总预算池 | 不是 Aqua 或 CNAPP 的产品类别 TAM |
各行有意保留不兼容的范围和年份;应把它们作为边界视角,而不是可互换的 TAM 点。
[CM010, CM011, CM012, CM013, CM014, CM015]范围从前身 CWPP 和 CNAPP 品类扩展到更广义云安全口径后,现有市场估计会急剧拉宽。
每个区间都保留来源自己的基准年至预测范围,单位为 USD billions;边界和预测期不同,因此应比较跨度和方向,而不是把这些数当成可互换的 TAM 点。
[CM010, CM011, CM012, CM013, CM017, CM048]2.3 买方、用户、付款方与采用路径
CNAPP 同时触达开发、平台运维、合规和安全运营,因此买方、用户和付款方天然跨职能。Aqua 客户页面显示,其在政府、金融、能源、软件、互联网服务和零售中都有牵引;2024 融资发布则称超过 500 家企业和 Fortune 100 的 40% 已采用其方案。需求侧证据解释了这些组织为什么购买。CNCF 报告显示,66% 的终端用户组织已经在生产环境运行 Kubernetes,56% 使用多云组合,安全是 40% 组织面临的首要容器挑战。这意味着日常用户通常是平台安全、DevSecOps、工程安全、SRE 和合规团队,而付款方通常是集中安全或平台预算负责人。采用往往从扫描和可视化开始,而不是一上来做大型平台标准化:Trivy 提供开发者和开源切入点,marketplace 降低采购摩擦,合作伙伴渠道帮助联邦或大型企业落地。之后,当买方需要在代码、云安全态势、权限和实时工作负载之间建立统一上下文层,采用路径才扩展到运行时执行和策略统一。[CM021, CM022, CM023, CM024, CM026, CM027]
| 细分市场 | 买方 | 用户 | 付款方 / 预算负责人 | 工作流 / 动作 | 采用触发因素 |
|---|---|---|---|---|---|
| 受监管企业云项目 | CISO 或云安全负责人 | 平台安全、DevSecOps、合规 | 集中安全预算 | 在多云资产中统一态势和运行时 | 合规压力和敏感工作负载集中 |
| 金融服务和其他受监管工作负载 | CISO 与基础设施风险负责人 | 安全工程和云运维 | 安全及风险 / 合规预算 | 先用态势 / 运行时切入,再扩展到各业务单元 | 可审计性、最小权限和运行时保护 |
| 开发者主导或 Kubernetes 重度团队 | 工程安全或平台负责人 | 开发者、DevOps、SRE | 平台工程或共享 DevSecOps 预算 | 先从镜像、IaC 或 Kubernetes 扫描入手,再扩展 | 容器采用、CI/CD 集成和 Trivy 切口 |
| 公共部门和联邦云 | 安全主管部门与 SI/MSP 合作伙伴 | 项目安全和云运维 | 机构安全或项目预算 | 借助合作伙伴部署,并通过市场 / 渠道采购 | 云转型和政策驱动控制 |
| 大型多云企业 | 云卓越中心与 SOC 负责人 | 安全运营、平台工程、应用团队 | 集中安全平台预算 | 整合工具,打通代码、云和运行时 | 告警疲劳和攻击路径优先级排序需求 |
买方、用户和付款方角色,是根据市场定义、客户案例、合作伙伴路径和云市场上架信息综合得出。
[CM021, CM022, CM023, CM028, CM029, CM030]开发者和平台团队常常打开最初切入点,安全和合规负责人则为更广泛标准化买单。
[CM020, CM028, CM029, CM030, CM031, CM032]Aqua 这类平台通常从扫描或态势可见度切入,再扩展到运行时执行,最后进入平台标准化和渠道辅助的规模化部署。
[CM018, CM019, CM029, CM030, CM047, CM049]2.4 增长驱动、约束与估值相关性
最强的增长驱动是结构性的。Kubernetes 和容器渗透已经进入主流,多云抬高了策略与权限复杂度,更广泛的安全预算也正被应用安全、软件供应链完整性和 AI 相关风险牵引。CISA 的韧性框架,以及 TechTarget 关于告警过载和人员不足的证据,都支持对集成化、强调优先级的平台的需求。竞争对手叙事也指向同一方向:Wiz 强调安全图谱,Orca 强调无代理上下文,Prisma Cloud 强调云到 SOC 的融合,Sysdig 强调运行时信号与整合,Snyk 从开发者安全向外扩张,CrowdStrike 则借助套件强度和对手情报压入这个品类。主要约束在执行层面。Aqua 自己的 academy 承认 CNAPP 标签被广泛使用,这削弱了清晰的品类测算。公开评论提到定价、集成、报告和企业级扩展摩擦。TechCrunch 强调 2024 扩展轮估值持平,CTech 报道了围绕现金流独立进行的裁员和重组。净影响是:Aqua 参与的是健康市场,但估值上行更少取决于引用一个巨大的大口径 TAM,更多取决于证明它能在要求最高的企业买方中高效扩张。[CM025, CM034, CM035, CM036, CM037, CM038]
| 因素 | 方向 | 时间 | 证据 | 对 Aqua 的影响 | 尽调问题 |
|---|---|---|---|---|---|
| Kubernetes 已成主流 | + | 当前 | 终端用户组织中,66% 已在生产环境使用,18% 正在评估 | 将核心 CNAPP 需求从早期采用者扩展到更广人群 | Aqua 有多少年经常性收入(ARR)来自 Kubernetes 优先项目? |
| 多云复杂性 | + | 当前 | 多云使用率 56%,平均使用 2.3 家公有云提供商 | 推高统一态势和运行时策略需求 | 赢单中有多少比例涉及两个或更多云? |
| 容器安全痛点 | + | 当前 | 40% 的组织把安全列为首要容器挑战 | 支撑运行时和风险优先级排序预算 | 哪些产品模块能把痛点转化为支出? |
| 软件供应链和 AI 风险 | + | 未来 12-24 个月 | 广义安全支出增长与应用安全、软件信任和 AI 风险绑定 | 让 AppSec 邻近需求继续扩展到 CNAPP 交易 | 销售管线中,供应链牵引和运行时牵引各占多少? |
| 工具蔓延和告警疲劳 | + | 当前 | TechTarget 和竞争对手叙事都强调过载与优先级排序 | 集成平台比点状工具更受益 | Aqua 赢单靠整合者定位,还是靠专业模块? |
| 品类边界模糊 | - | 当前 | 供应商和分析师对 CNAPP 标签用法不一致 | 削弱清晰 TAM 和定位叙事 | 管理层能否提供可复用的市场定义框架? |
| 运营摩擦和规模化担忧 | - | 当前 | 评价提到价格、集成、UI、培训和企业级规模问题 | 可能拖慢试点后的扩展 | 按客户规模划分的流失率和扩张率是多少? |
| 效率模式和重组风险 | - | 短期 | 裁员、估值持平评论和现金流独立叙事 | 估值上行取决于执行证明,而不只是市场增长 | 新管理层能多快把顺风转化为高效扩张? |
驱动因素和约束行综合需求侧调研、公开品类叙事以及 Aqua 特定反向证据。
[CM021, CM022, CM023, CM018, CM020, CM025]2.5 图表
03竞争格局
3.1 格局概览与竞争框架
Aqua 所在的 CNAPP 市场已经不再像简单的单点解决方案品类。直接云安全同行是 Wiz、Orca、Prisma Cloud 和 Sysdig;相邻的开发者主导挑战者是 Snyk;大型平台竞争者是 CrowdStrike;Fortinet 加 Lacework 则提供整合背景,即使它们不一定是当前候选清单中最先出现的实时替代方案。现状替代并不是“不做安全”,而是一组原生云控制、开源扫描器和相邻平台,足以解决相当一部分任务,不必标准化到 Aqua。 这个框架很重要,因为 Aqua 并不只想靠广义 CNAPP 勾选项取胜。其保留下来的最强证据集中在容器、Kubernetes 和运行时深度;Wiz 和 Orca 则围绕图谱上下文和无代理优先接入赢得心智;Palo Alto、CrowdStrike 和 Fortinet 越来越把云安全作为更大安全资产中的一个模块销售。因此,Aqua 必须同时打赢多个待办任务:成为最好的运行时操作者,提供可接受的代码到云广度,具备可信的开发者工作流,并拥有足够宽的平台经济性,以免被整合替代。[CP001, CP006, CP016, CP019, CP021, CP023]
| 竞争对手 | 类别 | 规模 / 市场信号 | 目标客群 | 关键差异化 | 相比 Aqua 的主要短板 |
|---|---|---|---|---|---|
| Wiz | 直接 CNAPP 领导者 | >50% 的 Fortune 100 客户;估值 $12B;融资 $1.9B | 重视统一风险上下文和整合的大型云原生企业 | 跨代码、云和运行时的统一安全图谱;企业客户势头强 | 在深度运行时和容器执行专精上,保留证据少于 Aqua |
| Palo Alto Networks / Prisma Cloud 平台 | 既有云安全平台 | 上市公司,有季度披露和广泛采购触达 | 已标准化采用 Palo Alto,或把云安全纳入更广 SecOps 采购的企业 | 广泛覆盖代码到云、SOC 融合,并有上市公司信任背书 | 相比运行时牵引的专家型方案,可能显得更宽、更重 |
| Orca Security | 无代理优先的 CNAPP 同行 | 无代理云安全先行者,拥有专利 SideScanning 和 280+ 条评价信号 | 追求快速上线、广覆盖和低摩擦可视性的团队 | 无代理部署和上下文优先级排序,不承担代理优先开销 | 在工作负载内深度运行时控制上,保留证据弱于 Aqua |
| Sysdig | 运行时中心的云防御同行 | 运行时和 Falco 基因,叙事聚焦实时防御 | 希望兼具运行时深度和开放创新可信度的安全团队 | 强运行时洞察、引导式响应和 Falco 血统 | 在左移和渠道分销的 Aqua 式广度上,保留证据较少 |
| Snyk | 开发者主导的邻近竞争对手 | 知名开发者安全平台,定位 AI 编码助手 | 重视代码和供应链治理的工程主导型组织 | 嵌入式开发者工作流和 AI 原生左移动作 | 运行时和工作负载执行方面,保留支撑远少于 Aqua |
| CrowdStrike Falcon Cloud Security | 大型平台型邻近竞争对手 | 大型单平台安全资产版图,且运行时营销经 MITRE 验证 | 由安全团队主导、把 Falcon 从终端和威胁运营扩展到云的买方 | 结合无代理可视性、传感器遥测、AI 响应和威胁情报 | 主要差异化不在容器和 Kubernetes 运行时深度 |
| Fortinet + Lacework | 整合背景 / 新兴替代 | 收购于 2024 年完成;MarketScreener 估计价格约 $150M | 偏好由 Fortinet 单一供应商提供网络加云安全的买方 | 将 Fortinet Security Fabric 与 Lacework 的代理和无代理 CNAPP 资产结合 | 在保留证据中,仍更像整合信号,而不是已重新证明的市场领导者 |
| 内部自建 + 现状工具包 | 替代 / 非标准化路径 | 用原生云控制、开源和邻近安全工具替代单一 CNAPP | 没有单一标准、只解决点状问题的小团队或平台负责人 | 承诺最低的路径,局部覆盖往往也够用 | 上下文割裂,统一运行时、态势和策略运营弱于 Aqua |
各行只总结保留的公开证据。若未保留公开数字,规模单元格使用已披露融资、客户、披露或平台信号,而不是编造收入估计。
[CP006, CP016, CP017, CP019, CP021, CP023]按部署简单度(x 轴,越高越容易采用)和运行时 / 容器深度(y 轴,越高越偏运行时专精)做序数定位。
轴值是基于保留的公开产品、评论和融资来源做出的 1-5 分证据支撑序数判断,不是经审计基准。
[CP016, CP021, CP023, CP026, CP028, CP030]3.2 能力广度、架构与买方适配
Aqua 的核心差异在于,即使它销售更宽的 CNAPP 故事,自己仍像一个运行时与容器专家。Aqua 官方材料和保留评论持续强化同一幅图景:买方用 Aqua 做镜像评估、策略执行、运行时防护、合规可视化和生产深度的 Kubernetes 安全。Trivy 通过给 Aqua 一个可信的开发者、CI/CD 和开源工作流立足点,把这种位置向上游延伸。这种组合把 Aqua 与更偏开发者治理的 Snyk 区分开,也把它与无代理优先同行区分开;后者优化的是覆盖率和优先级,而不是运行中工作负载内部的深度控制。 代价是,Aqua 最强的能力并不等于当下市场最容易销售的路径。Wiz 的统一图谱和 Orca 的 SideScanning 架构都承诺用更少的部署摩擦带来更快的价值实现。Prisma Cloud、CrowdStrike 和 Fortinet 能讲更宽的企业平台故事,把云安全与其他预算和相邻产品绑定。Sysdig 是最接近的运行时导向重叠者,因为它也强调实时防御和开源可信度。因此,Aqua 最适合真正需要工作负载深度和策略执行的安全团队,而不是主要想用最少摩擦拿到“足够好”CNAPP 覆盖的买方。[CP002, CP003, CP004, CP005, CP007, CP016]
| 能力维度 | Aqua | Wiz | Prisma Cloud | Orca | Sysdig | Snyk | CrowdStrike |
|---|---|---|---|---|---|---|---|
| 运行时和工作负载执行 | 强——保留证据最能支撑的差异化点 | 中等——运行时包含在图谱平台内 | 强——代码到云平台明确覆盖运行时保护 | 中等——更受上下文牵引,而非深度运行时控制牵引 | 强——实时云防御和运行时洞察 | 弱——保留证据集中在开发者和供应链控制 | 强——运行时检测和自动化响应绑定 Falcon |
| 容器和 Kubernetes 深度 | 强——评价和官方定位反复出现 | 中等——云覆盖广,但保留证据较少强调容器专家属性 | 中等到强——广泛覆盖云原生,包括运行时和镜像 | 中等——覆盖优先的无代理态势 | 强——Falco 和运行时基因支撑容器可信度 | 弱到中等——左移强于运行时工作负载深度 | 中等——代码到运行时云安全,但不是容器优先的专家叙事 |
| 无代理或低摩擦上线 | 中等——平台强,但保留证据暗示企业销售动作更重 | 强——图谱驱动可视性叙事强调快速 | 中等——平台广,但企业采用仍可能需要更多工作 | 强——无代理是核心价值主张 | 中等——运行时牵引平台,不是纯无代理的简单路线 | 中等——优势在开发者工作流便利,而非云运行时上线 | 强——无代理可视性叠加既有 Falcon 部署 |
| 开发者和左移拉力 | 强——覆盖 Trivy、CI/CD、IaC 和供应链 | 中等——代码安全存在于更广图谱平台中 | 强——明确打出开发到运行时信息 | 中等——更偏云运行时态势,不是开发者优先切口 | 中等——有预防能力,但重心仍在运行时 | 强——主要保留差异化是开发者主导安全 | 中等——云安全从代码开始,但平台源头是安全运营 |
| 渠道、采购和信任姿态 | 中等——合作伙伴证据不错,但私营公司披露限制仍在 | 强——大型企业势头和平台规模信号 | 强——上市公司披露和安装基础 | 中等——产品叙事强,但仍是私营供应商信任画像 | 中等——平台可信且有开放创新叙事,但保留证据中的采购规模较弱 | 中等——开发者品牌强,但此处保留的大型企业采购信号较弱 | 强——大型上市平台信任、对手情报和交叉销售动作 |
| 最适合买方 | 运行时重度 Kubernetes 团队和受监管云团队 | 寻求单一现代图谱牵引平台的云安全买方 | 在广泛安全平台上标准化的大型企业 | 想要广覆盖且部署摩擦低的团队 | 优先考虑实时云防御的安全团队 | 先做左移的工程主导团队 | 围绕 Falcon 整合的安全主导型组织 |
该矩阵按主题比较与买方相关的强度,而不是审计后的基准分数。“强”“中等”“弱”总结保留来源最明确支撑的内容。
[CP005, CP016, CP018, CP021, CP022, CP023]买方匹配图,展示哪些供应商最适合六类常见采购视角,而不是实验室基准。
单元格定性总结保留证据。“强”表示保留来源清楚支持该供应商是这一视角下的领先选项。
[CP025, CP031, CP038, CP042, CP043, CP044]3.3 定价、包装、GTM 与信任姿态
保留的公开证据没有显示一个充满透明标价的市场。Aqua 自己的公开包装信号指向协商式企业销售,包括 Microsoft Marketplace 私有报价路径,而不是清晰公开价目表;G2 数据也指向数月实施路径和协商折扣。这在 CNAPP 中并不罕见。保留材料中的 Wiz、Orca、Prisma Cloud、CrowdStrike 和 Sysdig 也都呈现 demo 驱动的企业销售路径,这意味着定价压力通过包装和整合体现,而不是通过明显的公开价格战体现。在这一组中,最清晰的相对透明度优势并不来自这里点名的某个 Aqua 对手,而是一个一般事实:更容易采用或套件更宽的替代方案,可以把买方预期往下锚定。 GTM 上,Aqua 拥有比许多私营同行更多的渠道证据:MSP、SI、经销商、分销商、联邦合作伙伴、Cisco 联盟材料、Azure Marketplace,以及其他云上的 marketplace 引用。这有助于抵消 Aqua 作为私营公司的披露画像,但并不能完全解决它与上市既有厂商之间的信任对比。Palo Alto Networks、CrowdStrike 和 Fortinet 受益于更广的采购关系、更宽的相邻产品资产,以及上市公司披露界面;在大型企业或受监管采购流程中,它们更容易通过审查。[CP025, CP031, CP036, CP037, CP038, CP039]
| 供应商 | 保留证据中的定价模式 | 公开标价信号 | 包装 / 分销线索 | 含义 |
|---|---|---|---|---|
| Aqua | 报价驱动的企业销售,并有私有报价路径 | 未保留清晰公开价目表 | Microsoft Marketplace 私有报价、合作伙伴主导 GTM、G2 实施和折扣信号 | Aqua 能通过渠道灵活销售,但定价不透明削弱了简单比价购买动作 |
| Wiz | 企业演示驱动销售动作 | 未保留公开标价 | 面向大型企业的高端平台销售,以及收购驱动扩张 | Wiz 竞争重点可能是平台标准化,而不是透明入门价格 |
| Prisma Cloud | Palo Alto 体系内的企业平台销售 | 未保留公开标价 | 与更广 Palo Alto 采购和 SOC 融合叙事一起销售 | 包装强度来自套件引力和信任,而非清晰标价 |
| Orca | 企业平台销售,价值叙事围绕无代理 | 未保留公开标价 | 低摩擦无代理叙事就是包装信号 | 即使没有公开标价,Orca 也能靠缩短价值实现时间赢单 |
| Sysdig | 企业平台销售 | 未保留公开标价 | 运行时牵引平台,具备开放创新可信度 | Sysdig 赢单更需要技术证明,而不是价格透明 |
| Snyk | 开发者安全平台动作 | 保留来源集中未保留公开标价 | AI 编码助手和开发者工作流包装是可见钩子 | 即使没有 CNAPP 式公开价目表,Snyk 也能从开发者切入 |
| CrowdStrike | Falcon 体系内的平台模块扩张 | 未保留公开标价 | 云安全与 Falcon 传感器、情报和平台响应一起销售 | CrowdStrike 的定价权可能来自邻近品类和既有平台足迹 |
| Fortinet + Lacework | 收购后的平台套件 | 未保留公开标价 | 云安全成为 Fortinet Security Fabric 的又一个模块 | Fortinet 更靠整合和采购广度竞争,而不是独立 CNAPP 透明度 |
保留证据对包装姿态很丰富,对清晰公开标价很贫乏。该表有意比较报价驱动与渠道驱动行为,以及不透明给购买带来的影响。
[CP036, CP037, CP039, CP040, CP041]3.4 护城河耐久性、商品化风险与整合压力
Aqua 的护城河真实存在,但不是每个方向都宽。最可防守的部分是运行时和容器深度,这一点反复出现在 Aqua 官方材料和独立评论中。对于 Kubernetes 密集型生产资产、合规敏感工作流,以及确实需要在运行中工作负载内部执行策略的买方,这种深度最重要。Trivy 也有战略意义,因为它让 Aqua 嵌入更早期的开发者工作流,即使买方尚未准备好标准化到完整平台,Aqua 也仍然相关。 风险在于,市场收敛速度可能快过 Aqua 拉开差异的速度。Wiz 拥有更多融资火力和强平台整合叙事。Orca 把无代理简单性武器化。Palo Alto Networks、CrowdStrike 和 Fortinet 能把云安全支出吸收到更大的平台关系里。随着 CNAPP 定义扩宽,安全态势管理、基础代码扫描和通用可视化也比深度运行时执行更容易商品化。Aqua 仍能赢,但它赢的是一个比整合平台厂商希望市场相信的更具体买方问题。关键尽调问题是:这个更具体的问题是否足够大、足够粘、变现足够强,能在下一个周期守住价值获取。[CP008, CP009, CP011, CP013, CP015, CP019]
| Aqua 护城河或风险 | 威胁 | 严重性 | 重要性 | 缓解措施 / 尽调问题 |
|---|---|---|---|---|
| 运行时和容器深度 | Wiz、CrowdStrike、Prisma Cloud 和 Sysdig 都在扩展运行时主张 | 高 | 运行时深度是 Aqua 最清晰的差异化点,若被侵蚀,会直接压缩赢单质量 | 索取运行时重度 Kubernetes 账户相对具名竞争对手的当前胜率 |
| Trivy 开源动作 | 开源可能带来认知,但未必稳定转化为付费 | 中 | 只有能输送销售管线、带来附加购买或防守性留存,Trivy 才能成为护城河 | 索取 Trivy 用户转化、附加购买并续约付费 Aqua 模块的证据 |
| 无代理优先的购买转向 | Orca 和 Wiz 降低部署摩擦,可能赢下想要快速覆盖的团队 | 高 | 如果买方更看重上线速度而非更深控制,Aqua 的技术深度就更难变现 | 对比无代理优先竞争对手,衡量价值实现时间和管理开销 |
| 平台整合压力 | Palo Alto、CrowdStrike 和 Fortinet 可将云安全折入更大的平台交易 | 高 | 采购便利性和邻近产品杠杆可能压过专家型优势 | 按既有安装基础和套件语境复盘输单,而不只看功能清单 |
| 定价不透明和企业复杂度 | 评价证据指向价格、集成和 UI 摩擦 | 高 | 包装不透明、运营摩擦更高,会让更简单的替代方案更容易显得够用 | 按细分市场收集近期实施时间、折扣区间和服务依赖度 |
| 现状替代 | 团队可组合原生云控制、Trivy 和邻近工具,无需标准化采用 Aqua | 中 | Aqua 必须证明,统一 CNAPP 深度为何在经济性和运营上优于拼凑替代 | 索取工具整合、事件减少和合规效率的量化 ROI 证据 |
严重性反映具名力量在未来 12 到 24 个月侵蚀 Aqua 定价权或候选名单位置的风险。这不是对当前流失率的判断。
[CP008, CP011, CP019, CP033, CP042, CP043]只用保留证据,为 Aqua 当前竞争位置的耐久性做一张紧凑评分卡。
分数是分析师基于保留公开证据给出的 0-10 分判断,不是管理层指引或经审计经营数据。
[CP005, CP037, CP038, CP042, CP043, CP044]04财务情况
4.1 收入模式与变现
Aqua 变现的是一套宽口径云原生应用保护平台,而不是单一单点产品。官方产品页描述了一个集成 CNAPP,横跨代码安全、云安全、运行时防护、漏洞管理和 AI 时代工作负载保护。TechCrunch 2021 年的报道补充说,Aqua 当时已经从较窄的容器安全工具转向平台打法;Trivy 页面则显示,Aqua 仍维护一个分发很广的开源扫描器,可作为开发者入口漏斗。最清晰的收入含义是,Aqua 的核心业务是卖给大型组织的经常性企业软件,而不是 SMB 自助服务或消费者路径。 公开记录没有显示实际价目表。相反,Aqua 似乎通过协商式企业合同和渠道辅助采购变现。Azure 上架页明确是私有报价 marketplace 页面,GitHub marketplaces 代码库推广 30-day trial 和 marketplace 采购,合作伙伴计划覆盖 MSP、系统集成商、分销商和联邦渠道。这种组合支持先落地再扩张模式和多条采购路径,但也意味着实际 ASP、折扣和附加销售率仍被隐藏。Aqua 自己的客户材料显示,一些架构师时间和客户成功支持不额外收费,这有利于采用,却也模糊了服务边界和订阅经济性。[CI001, CI002, CI003, CI004, CI005, CI006]
| 收入流 | 机制 | 单位 | 当前价值 / 状态 | 质量 | 尽调问题 |
|---|---|---|---|---|---|
| 核心 CNAPP 平台订阅 | 覆盖代码、云、运行时和 AI 安全的经常性企业软件合同 | 谈判确定的年度或多年期合同 | 显然是核心变现层;具体合同基础未披露 | 中 | 索取按模块、期限长度和部署基础拆分的 ARR 与订货额 |
| 平台扩展 / 附加模块 | 围绕运行时、漏洞管理、态势管理及相关控制做增购 | 额外工作负载、模块或覆盖范围 | 产品广度能看出扩张逻辑,但未披露附加率 | 低 | 索取模块附加率、净扩张和交叉销售 ACV |
| Trivy 开源漏斗 | 免费扫描器和生态采用,为企业增购输送线索 | 免费产品 / 开发者采用 | 采用信号强,但未披露独立收入 | 中 | 索取免费到付费转化,以及 Trivy 来源销售管线贡献 |
| 云市场销售 | AWS/Azure/GCP/Red Hat 采购与试用驱动购买路径 | 云市场订阅或私有报价 | 采购渠道公开;定价经济性不公开 | 中 | 要求提供云市场 GMV、抽成率,以及直接预订与云市场预订占比 |
| 支持 / 客户成功 / 架构服务 | 入门导入、架构师咨询、实施支持和嵌入式客户支持 | 小时 / 套餐 / 捆绑服务 | 至少部分支持似乎免费捆绑 | 低 | 要求提供服务收入占比、人员配置模式和毛利率 |
| 渠道驱动的合作伙伴收入 | MSSP、系统集成商、分销商和联邦合作伙伴销售动作 | 合作伙伴合同 / 转售 / 托管服务 | 渠道覆盖公开;经济性不公开 | 中 | 要求提供渠道组合、合作伙伴折扣结构和续约归属 |
公共证据支持每条收入流或渠道存在,但不支持判断收入结构。各行区分直接变现与漏斗 / 分发机制,不应解读为已披露的分部收入。
[CI001, CI002, CI004, CI005, CI006, CI007]| 产品 / 渠道 | 价格 / 单位 / 合同 | 标价与实际成交价 | 折扣 / 未知项 | 来源 |
|---|---|---|---|---|
| 直销企业 CNAPP 平台 | 经谈判的年度或多年企业合同 | 未找到公开标价 | 计费单位、折扣和底价未披露 | Aqua 官方网页 |
| Azure 云市场 | 私有报价 SaaS 采购 | 实际成交价似乎经谈判确定 | 承诺用量和折扣结构未披露 | Microsoft 云市场私有报价页面 |
| AWS 云市场 | 带评论页面的云市场采购 | 抓取结果中未见公开价格 | 计费指标和云市场抽成率未披露 | AWS Marketplace 页面 |
| GCP / Red Hat 云市场 | 云市场部署,附 30 天免费试用推广 | 试用公开;付费成交价不公开 | 试用后转付费价格未披露 | Aqua GitHub marketplaces 仓库 |
| Trivy 开源分发 | 免费扫描器和 CI/CD 集成 | 免费分发公开 | 转化为付费企业合同的情况未披露 | Trivy 产品页 |
| 支持 / 架构服务接触 | 至少部分支持包含在订阅中 | 以捆绑方式提供,而非单独列价 | 独立服务价目表未公开 | Aqua 客户页面 |
Aqua 公开的是采购入口,不是透明价目表。最清晰的定价证据是部分渠道采用私有报价或试用驱动,这支持企业合同经谈判定价,同时公开可比性较弱。
[CI004, CI005, CI006, CI008, CI012, CI029]Aqua 如何把开发者和企业需求转成经常性软件收入,再转成混合毛利;支持和渠道成本会吃掉一部分毛利。
这是结构流,不是经审计瀑布。公开证据能支持节点和采购路径,但不能支持精确转化率、ASP 或毛利率。
[CI001, CI002, CI004, CI005, CI006, CI007]4.2 GTM 效率与单位经济代理指标
Aqua 有足够公开牵引标记,不能说仍未成规模。2021 年,Aqua 称 2020 付费客户翻倍,并已拥有超过 6 个 ARR 高于 $1 million 的客户。到 January 2024,公司称超过 500 家企业采用 Aqua,Fortune 100 的 40% 使用该平台,而 2023 新业务增长 65%。这些都是有意义的企业销售指标:它们暗示不低的 ACV、较长购买周期,以及有能力赢下大型受监管账户的 GTM 引擎。 问题是,公开市场仍缺少核心分母。GetLatka 估计 Aqua 2024 收入为 $89.9 million,高于 2023 的 $56.3 million,但明确把其数字标为公司报告或估计数据。用这个估计数搭配 GetLatka 的 2024 年 638 名员工快照,意味着人均收入约 $141 thousand;再与 Aqua 的 500+ 企业客户声明配对,则意味着在任何服务组合调整前,单客户收入低于约 $180 thousand。这些是可用的方向性代理指标,不是可支撑投资判断的事实。如果相当一部分客户是小型初始单或免费 / 开源漏斗转化,它们也可能低估真实企业合同规模。同时,公开 CAC、回本周期、NRR、毛利率和服务组合缺失,意味着单位经济故事仍更偏结构性,而不是数字性。[CI009, CI010, CI011, CI024, CI025, CI026]
| 指标 | 数值 / 公开代理指标 | 置信度 | 重要性 | 尽调要求 |
|---|---|---|---|---|
| 最新公开收入估算 | GetLatka 估算 2024 年收入 $89.9M | 低 | Aqua 自身唯一可用的公开收入代理指标 | 提供经审计 ARR 及按产品线划分的收入桥接 |
| 估算人均收入 | 按 $89.9M / 638 名员工计算,约 $141K(2024 年估算) | 低 | 与 SaaS / 安全同业比较的方向性效率指标 | 确认 2024 年平均员工数和收入确认口径 |
| 估算单客户收入 | 按 $89.9M / 500+ 家企业客户计算,低于约 $180K | 低 | 有助于框定 ACV 密度和客户结构问题 | 提供按客户规模分层的 ARR 和服务附加率 |
| 大客户信号 | 2021 年 ARR 超过 $1M 的客户 >6 家 | 中 | 即便平均值未知,也支持存在有意义的企业级 ACV | 更新 $1M+ ARR 账户数量及其当前 ARR 占比 |
| CAC / 回本期 | 低 / 不可得 | 核心 GTM 效率指标未公开 | 提供 CAC、回本期、配额爬坡和销售生产率数据 | |
| 毛利率 / NRR | 低 / 不可得 | 判断软件质量和扩张韧性必需 | 提供按收入流划分的毛利率,以及 GRR 和 NRR | |
| 服务 / 支持负担 | 支持似乎部分捆绑;渠道交付可能稀释纯软件毛利率 | 中 | 解释 Aqua 为什么可能不应套用顶级 SaaS 毛利率假设 | 提供服务收入占比、支持人员配置和渠道对毛利率的影响 |
各行混合了已披露事实、第三方估算和派生代理指标。空值是有意保留:公共证据不足以支撑负责任估算时,应视为尽调阻断项,而不是零。
[CI009, CI024, CI025, CI026, CI027, CI028]将公开牵引信号和低置信估计,转成目前还能负责任推导的少数单位经济性代理指标。
该流程混合已披露牵引点和外部估计。Aqua 未披露 CAC、毛利率或留存,因此这里刻意不完整。
[CI009, CI010, CI024, CI025, CI026, CI027]4.3 资本充足性与融资依赖
支撑最强的资本事实是官方口径:Aqua 在 March 2021 融资 $135 million,使累计融资达到 $265 million;January 2024 又增加 $60 million,使累计融资达到 $325 million。TechCrunch 和 Globes 佐证,2024 资金是 2021 Series E 的扩展,而不是明显重新定价的新一轮;三个来源都继续把公司描述为估值高于或超过 $1 billion。这对时间线有帮助,但对投资判断的帮助有限,因为三年里独角兽标记持平通常意味着新资本延长了现金跑道,并未证明业务已经挣到显著更高估值。 剩下的资本充足性问题,正是私营公司可以选择不公开回答的问题。Aqua 2021 年新闻稿称,募集资金将深化产品组合并扩张地域,这符合一家仍在 R&D 和企业 GTM 上实质投入的公司。但本证据集中没有公开来源披露 2024 扩展后的现金、债务、月度烧钱或现金跑道。2025 官方领导层交接发布谈的是增长和全球扩张,而不是资产负债表自给。因此,资本图景是复杂的:Aqua 无疑已筹集有意义资本并保住独角兽身份,但公开记录仍不能说明这些资本现在支撑的是一个自我造血的业务,还是只是把下一次融资决策的时间拉长。[CI013, CI014, CI015, CI016, CI017, CI018]
| 项目 | 公开数值 / 状态 | 证据质量 | 投资判断 | 融资依赖含义 | 尽调要求 |
|---|---|---|---|---|---|
| 累计融资额(权威口径) | 截至 2024 年 1 月为 $325M | 高 | 可用历史事实 | 显示资本基础不小,但不能说明当前流动性 | 核对完整股权结构表和当前非受限现金 |
| 2021 年 E 轮后融资总额 | $135M E 轮后累计 $265M | 高 | 可用历史事实 | 显示 2021 年以来公开新增一级资本仅 $60M | 确认摊薄、内部人参与和各轮所有权 |
| 最新披露估值标记 | 2024 年高于 / 超过 $1B,相比 2021 年大体持平 | 中 | 可作方向性判断 | 暗示跑道延长,但公开层面未见重估 | 提供当前 409A、内部估值标记和董事会融资观点 |
| 在手现金 / 债务 / 跑道 | 低 / 不可得 | 仅靠公开数据无法承做投资判断 | 当前无法量化融资依赖 | 提供最新资产负债表、债务表和跑道分析 | |
| 人员重组 | 2022、2024、2025 年均有裁员;曾提到现金流独立目标 | 中 | 可用信号,但不是清晰烧钱额 | 指向成本重置和效率压力 | 提供重组前后烧钱额和当前招聘计划 |
| 计划资金用途 | 2021 年融资用于扩展产品宽度和地域;2024 年叙事围绕持续增长 | 中 | 仅部分可用 | 暗示资本仍在支撑研发和 GTM,而非已证明自我供血 | 提供运营计划、按职能划分的预算和下一轮融资触发条件 |
本表刻意区分证据充分的融资时间线与仍然缺失、但会影响投资判断的流动性事实。空值表示公开不可得,不代表不重要。
[CI014, CI015, CI017, CI020, CI021, CI033]披露融资事件如何映射到 Aqua 的支出需求,以及为什么外部仍无法用公开证据支撑当前流动性。
公开证据只支持融资轮规模。当前现金、债务和现金跑道未披露,因此后期节点是分析状态,不是实测余额。
[CI014, CI015, CI018, CI020, CI021, CI033]4.4 反向信号、公开市场基准与财务缺口
反向证据有分量,尽管它不能干净地替代官方融资数据。Calcalist 报道称,Aqua 创始人在 2025 年末后退,公司自 2022 起经历数轮裁员,管理层把最新重组框定为围绕长期稳定和现金流独立。Calcalist 后续文章称,Aqua 再次裁减数十名员工,当时约有 360 名员工。这些内容不应覆盖 Aqua 官方 $325 million 累计融资数字,因为 Calcalist 约 $235 million 的融资数字与公司自己的 2024 声明和 Tracxn 融资时间线冲突。但它们确实是成本压力和运营重置上的反向信号。 公开市场基准进一步显示 Aqua 隐藏了多少信息。Yahoo Finance 显示,Palo Alto Networks 和 CrowdStrike 都在高 EV-to-revenue 倍数交易,同时已经产生数十亿美元收入和正自由现金流;SentinelOne 则以低得多的倍数交易,利润率大幅为负。SEC EDGAR 还显示 CrowdStrike 持续提交至 2026 的年度 10-K,凸显 Aqua 与上市云安全同行之间的披露差距。Fortinet 2024 收购 Lacework 提供了最尖锐的下行基准:Fortinet 最初未披露价格条款,但 MarketScreener 后来估计交易约为 $150 million。这种估值重置提醒人们:如果规模与效率无法收敛,后期云安全厂商仍可能以受压价格出清。[CI022, CI026, CI033, CI034, CI035, CI036]
| 缺失的私有指标 | 影响 | 最佳公开代理指标 | 精确尽调路径 |
|---|---|---|---|
| 按产品线划分的经审计收入 / ARR | 无法判断规模、增长质量或收入结构 | 只有 GetLatka 收入估算 | 索取经审计 P&L,以及按模块和地域划分的 ARR 桥接 |
| 实际成交价和折扣瀑布 | 无法测试云市场与渠道动作是否压低 ASP | 只有私有报价页面和免费试用信号 | 索取预订额数据导出,显示标价、净价、折扣和渠道组合 |
| 订阅与服务毛利率拆分 | 无法判断软件质量或长期 EBITDA 路径 | 只有捆绑支持信号和上市可比公司基准 | 索取分部毛利率和服务成本分摊 |
| CAC、回本期、NRR 和 GRR | 无法评估 GTM 效率或扩张韧性 | 只有百万美元客户信号和客户数 | 索取同期群表、回本期计算、销售生产率和留存瀑布 |
| 现金余额、烧钱额、跑道和债务 | 无法量化 2024 年延长跑道后的融资依赖 | 只有裁员节奏和现金流独立表述 | 索取最新资产负债表、现金流量表、债务表和跑道情景 |
| 客户集中度和分层结构 | 无法判断 500+ 家企业客户基础的韧性 | 只有 Fortune 100 和银行渗透率说法 | 索取前 20 大客户清单、续约日期和 ARR 垂直行业组合 |
本表刻意聚焦缺口:所列项目是在以财务质量而非叙事强度为 Aqua 下注前,最低限度的私有尽调包。
[CI010, CI012, CI032, CI035, CI037, CI039]用有来源支撑的区间圈定少数可公开估计的财务输入,也显示 Aqua 的不确定性仍然很宽。
区间合并相互冲突的公开报道、外部估计和上市公司可比值。它们是情景边界,不是公司指引或审计结果。
[CI022, CI024, CI025, CI026, CI040, CI041]4.5 财务结论
Aqua 的财务故事足以支持继续尽调,但还不够干净,不能在没有管理层访问的情况下做投资判断。公司显然有真实企业相关性:官方客户数、Fortune 100 渗透率声明、多渠道采购足迹和经常性平台架构,都指向一门真实软件业务,而不是纯叙事空壳。融资记录也比反向媒体报道暗示的更有支撑:官方和独立来源都收敛到截至 January 2024 累计融资 $325 million。 阻碍同样清楚。公开证据仍未揭示实际定价、产品线组合、毛利率、CAC、回本周期、NRR、现金余额、债务或现金跑道。外部收入估计可用于框定情景,但仍低置信。与此同时,2021-2024 估值持平、连续裁员以及明确的现金流独立表述,都暗示 Aqua 正在按效率管理,而不是明显冲刺一个高溢价增长轮。因此,正确结论是有层次的:Aqua 很可能拥有可行的企业收入模式和 CNAPP 中的战略价值,但融资依赖和利润率质量在私有财务打开之前仍未解决。[CI010, CI015, CI017, CI021, CI032, CI037]
4.6 图表
05产品与技术
5.1 从客户工作流看 Aqua Platform
Aqua 最强的公开产品故事是工作流故事,而不是单一模块故事。官方首页和平台页面持续把 Aqua 描述为一个从代码到云再到提示词的云原生应用保护平台:开发者早期扫描,云和平台团队获得跨安全态势与运行时的风险上下文,生产团队在实时工作负载中执行策略。这个定位重要,因为 Aqua 卖的不是简单的漏洞仪表盘或 Kubernetes 运行时插件。它声称要解决的客户任务,是在软件从代码库和 CI/CD,进入容器、集群、serverless 函数,再到如今 AI 连接工作负载时,保持同一个应用风险闭环不断裂。 Trivy 是进入这条工作流最清晰的公开入口。Aqua 将 Trivy 营销为可低摩擦接入 CI/CD 的开源扫描器,而 GitHub 代码库和文档显示,它覆盖代码库、文件系统、容器镜像、Kubernetes、VM 镜像、密钥、配置错误、SBOM 和许可证风险。用客户语言说,Aqua 可以先与开发者或平台工程师开启对话,再让买方承诺更大的平台铺开。商业平台随后叠加上下文优先级排序、安全态势可视化、运行时防护,以及 AI 提示词或工作负载防护。因此,公开证据强烈显示,Aqua 想拥有从开发阶段卫生到生产执行的交接,尽管公开 SKU 边界仍比工作流叙事薄得多。[CE001, CE002, CE003, CE007, CE013, CE014]
| 模块 / 资产 | 主要用户 | 状态 / 成熟度 | 差异化 | 尽调缺口 |
|---|---|---|---|---|
| Aqua Platform / CNAPP 核心 | 平台安全负责人、云安全、DevSecOps | 当前旗舰平台 | 一条工作流覆盖代码、云、运行时和提示词,而不是孤立单点工具 | 公开的底层架构和 SKU 边界仍然单薄 |
| Trivy 开源扫描器 | 开发者、DevSecOps、平台工程师 | 成熟且广泛分发的开源资产 | 开源切入口覆盖镜像、代码库、文件系统、Kubernetes、VM、密钥、SBOM 和许可证风险 | 没有 Trivy 转化为付费平台席位的公开转化率数据 |
| 运行时保护 | 云安全、平台安全、SOC | 当前核心支柱 | 以执行为先的运行时控制,加上近期 AI 工作负载扩展 | 独立公开遥测、误报和规模基准稀少 |
| 态势管理(云 + Kubernetes) | 云安全和合规团队 | 当前核心支柱 | 将态势与工作负载、运行时上下文关联,而不是让 CSPM 孤立存在 | 公开证据对品类叙事更强,对具体功能清单较弱 |
| 漏洞管理 | 安全运营、AppSec、平台团队 | 当前核心支柱 | 结合 Trivy 驱动扫描,并通过 Kenna 做优先级排序的上下文漏洞管理 | 公开材料描述了优先级逻辑,但未披露评分方法 |
| 软件供应链安全 | AppSec、平台工程、发布工程 | 当前在售,开发者主导 | 在生产前覆盖制品扫描、SBOM、密钥、错误配置和许可证风险 | 公开证据未按模块拆出策略包或修复自动化深度 |
| AI 工作负载与提示词保护 | AI 平台安全、AppSec、云安全 | 2025 年近期发布阶段扩展 | 结合工作负载内 AI 运行时控制、Akamai 边缘提示词防护和无 SDK 部署主张 | 关于广泛 GA 采用、打包和标杆客户的公开证明仍然薄弱 |
成熟度标签反映当前公开证据,而非私有产品遥测。AI 行由 2025 年公告和演示支撑,因此应理解为新兴但真实;其证据深度尚不及 Trivy 或核心运行时控制。
[CE003, CE013, CE017, CE024, CE041, CE042]| 用户任务 | 当前工作流 | Aqua 方案 | 可衡量收益 | 已知限制 |
|---|---|---|---|---|
| 开发者在合并前扫描新代码库 | CI 中使用分散工具或临时扫描 | Trivy 代码库 / 文件系统 / 镜像扫描嵌入 CI/CD | 更早看见漏洞、密钥、错误配置和许可证风险 | 公开来源未量化误报率或开发者节省时间 |
| 平台团队保护 Kubernetes 集群 | 人工审查,加上独立镜像和清单扫描器 | Trivy k8s,加 Aqua 运行时和态势上下文 | 一条路径覆盖集群基础设施、配置、工作负载和容器镜像 | 公开架构没有展示发现项如何精确合并进同一后端 |
| 云安全团队为漏洞排序 | 大量镜像发现项积压,缺少工作负载上下文 | Aqua 将漏洞与运行时行为关联,并可把数据送入 Kenna 做优先级排序 | 减少脱离上下文的告警,修复顺序更清晰 | 公开材料未披露评分逻辑和抑制规则 |
| 企业买方通过云或 OpenShift 渠道部署 | 传统销售周期加人工安装规划 | AWS/Azure 云市场、Red Hat operator 路径和合作伙伴主导采购 | 采购更快,并能按买方偏好选择部署路径 | 云市场反馈显示文档和 API 指引仍可改进 |
| 合规团队映射整个云资产中的控制 | 碎片化 CSPM 报告和人工证据收集 | Aqua CNAPP,加评论和客户案例中的合规细节 | 跨标准的态势和工作负载证据更统一 | 公开证据确认控制面,不确认客户审计结果 |
| AI 应用团队保护提示词和模型交互 | 新 AI 控制通常需要改代码,或只部署在边缘 | 工作负载内的 Aqua Secure AI,加边缘的 Akamai Firewall for AI | 在无需 SDK 改动的产品主张下,实现提示词检查和工作负载保护 | 公开证据还是近期发布材料,尚非长期客户案例库 |
收益是有证据支撑的工作流结果,不是经审计 ROI 指标。公开证据最强之处在覆盖广度和集成入口,而非量化节省时间或降低事件率。
[CE002, CE014, CE018, CE024, CE029, CE030]Aqua 对买家的呈现方式:先用 Trivy 早期扫描,再关联姿态和运行时上下文,随后在生产环境执行策略,并扩展到 AI prompt。
该流程是由官方产品页、Trivy 文档和合作伙伴界面合成的标准化客户工作流。公开来源能确认这些步骤,但不能确认它们之间的内部编排逻辑。
[CE002, CE014, CE017, CE024, CE041, CE043]5.2 架构与运营模型
按 Aqua 公开文档的层级,运营模型有四个可见层。第一层是 Trivy 和其他生产前扫描界面,检查代码、镜像、文件系统、Kubernetes 资源和 VM 制品。第二层是上下文层,Aqua 称其会关联漏洞、运行时行为和云上下文,而不是把每个信号留在孤立单点工具中。第三层是运行时执行,Aqua 把自己定位为保护实时工作负载免受已知和未知威胁。第四层是更新的 AI 安全层,Aqua 与 Akamai 共同声称在边缘检查提示词流量,同时由 Aqua 监测工作负载内部行为。 最重要的架构保留点是,公开证据更清楚证明了工作流统一,而不是后端统一。Aqua 材料支持关于单一 CNAPP 体验、上下文化漏洞管理,以及从代码到运行时的共同旅程的说法。但它们没有暴露足够底层架构,无法证明所有模块是否共享同一策略引擎、数据平面、存储模型和发布节奏。这对投资者尤其相关,因为 Trivy、安全态势控制、运行时执行、marketplace 包装和新的 Secure AI 故事可能在商业上连贯,却不一定在架构上相同。因此,正确的公开结论应保持平衡:Aqua 似乎为用户提供了真实集成的运营模型,但在假设完整平台杠杆之前,集成的工程深度仍需要管理层讲解和架构尽调。[CE002, CE004, CE005, CE006, CE015, CE024]
| 层级 / 组件 | 作用 | 依赖 | 风险 |
|---|---|---|---|
| Trivy 扫描器(代码库、文件系统、镜像、k8s、VM) | 面向开发和预生产的检查,覆盖代码、制品、集群和 VM 镜像 | Trivy 文档、GitHub 分发、CI/CD 插入点 | 开源覆盖面清楚,但付费转化和企业级编排未公开量化 |
| 上下文风险层 | 将漏洞、运行时行为和云上下文关联,用来排序工作优先级 | Aqua 平台后端,以及 Kenna 等集成 | 公开证据确认概念,不确认具体评分或数据模型实现 |
| 态势管理层 | 评估云和 Kubernetes 配置暴露 | 云和 Kubernetes 控制平面访问 | 官方材料偏高层,未按云服务商披露控制深度 |
| 运行时执行层 | 检测并阻断生产工作负载中的已知和未知威胁 | 运行时环境内的传感器和控制 | 公开来源未发布基准化性能开销或调优负担 |
| AI 安全层 | 增加模型发现、提示词防护和 AI 工作负载监控 | Aqua Secure AI 加 Akamai Firewall for AI | 由近期公告支撑,因此成熟度低于 Trivy / 运行时核心表面 |
| 云市场和 operator 层 | 将部署打包进 AWS、Azure 和 OpenShift 采购或 operator 流程 | 云市场页面、Red Hat operator 路径、合作伙伴渠道 | 购买路径可见,但支持义务和版本发布节奏不可见 |
| 伙伴优先级排序与分析 | 向 Kenna 等外部工具输送数据用于漏洞优先级排序,并集成企业工具 | Cisco / Kenna 及其他生态连接器 | 评论来源仍偶尔将集成广度标为弱项 |
| 信任与合规底座 | 把产品和公司控制纳入联邦授权、ISO、SOC 2 和 CSA 披露框架 | Aqua 企业信任计划 | 公开控制证据强,但公开可用性 / 状态证据比认证证据薄得多 |
本表区分客户可见的工作流层和 Aqua 未公开记录的底层内部结构。风险强调证据缺口或依赖集中,而非已确认的产品故障。
[CE002, CE006, CE020, CE024, CE029, CE030]Aqua 从代码到云再到 prompt 的运营模型里,客户能看见的层次:从开发者扫描延伸到运行时和 AI 控制。
该栈反映公开工作流和控制层,不是逆向工程的微服务图。Aqua 对功能层的文档比共享数据平面内部更清楚。
[CE003, CE004, CE005, CE006, CE015, CE041]5.3 部署、集成与可服务性
Aqua 的公开交付模型远不止直销 SaaS 卖法。Azure Marketplace 显示,其提供横跨 ACR、ACI、Windows containers 和 Azure DevOps 的 Azure-native 支持。Aqua 自己的 marketplaces 代码库增加了 ECS、EKS、Fargate 和 Lambda 等 AWS 触点,以及 Red Hat Marketplace operator 路径和 Google Cloud 集成表述。Cisco 联盟页面则加入 Kenna 漏洞优先级排序上下文。这些来源合在一起表明,Aqua 预期客户会通过直部署、marketplace 采购、基于 operator 的安装,以及外部分析或工单工具的多种组合采用平台。这在战略上有用,因为 CNAPP 买方很少只标准化到一个云或一种部署路径。 可服务性信号正面但混杂。Aqua 自己网站上的客户引语称,架构师访问不额外收费;AWS 反馈称部署容易,且从代码到运行时覆盖很广。与此同时,AWS 反馈也要求更好的 API 文档,Gartner 评论者则提到集成少于一些替代方案、遥测可视化更弱。这个组合让 Aqua 看起来运营认真,但并非无摩擦。公开记录支持真实的支持动作和广泛部署触达,却没有提供买方在假设超大资产低摩擦铺开前会想看到的 uptime、SLA 或大规模可运营性证据。[CE027, CE028, CE029, CE030, CE031, CE032]
实质影响 Aqua 交付、集成或 AI 安全叙事的外部平台和生态。
这张 DAG 突出明确公开的依赖和渠道界面,不覆盖每个内部依赖。它尤其适合判断 Aqua 运营模型有多少依赖外部平台和合作伙伴路径。
[CE026, CE029, CE030, CE041, CE047, CE048]5.4 信任、合规与质量控制
作为一家私营安全厂商,Aqua 公开的信任栈出奇地多。合规页面称,Aqua 获得敏感未分类联邦数据最高影响级授权,覆盖 400 多项安全控制;获得 ISO 27001、27701、27017、27018 和 42001 认证;每年接受 SOC 2 审计;并发布 CSA STAR 自评材料。这比许多私营基础设施软件厂商公开的信任姿态具体得多。ISO 42001 披露尤其有用,因为 Aqua 现在正在营销 AI 安全能力,可以指向正式 AI 管理体系标准,而不仅是功能营销。 质量证据更复杂。评论和 marketplace 来源确实支持真实生产使用、有意义的运行时价值和广泛合规可视化。它们也暴露了摩擦:文档深度、集成广度和遥测可视化并未获得一致好评。因此,信任图景呈现一种有利的不对称:治理和认证证据很强,运营遥测相对薄。对尽调而言,这意味着 Aqua 已经有资格在安全和合规姿态上被认真看待,但仍需要展示实际面向客户的服务指标、支持表现,以及超出认证和客户证言的运营质量证据。[CE033, CE037, CE038, CE039, CE040, CE047]
| 控制 / 认证 / 质量信号 | 状态 | 范围 | 缺口 |
|---|---|---|---|
| 最高影响级别联邦授权(>400 项控制) | 公开披露为当前有效 | 云环境中敏感但非涉密联邦数据保护 | 公开页面未说明底层授权包或到期元数据 |
| ISO/IEC 27001:2022 | 公开披露为当前有效 | 全公司 ISMS 和信息安全控制框架 | 索取证书颁发机构、范围声明和监督审核日期 |
| ISO/IEC 27701:2019 | 公开披露为当前有效 | 隐私信息管理和 PII 处理 | 索取产品与公司职能之间的适用范围细节 |
| ISO/IEC 27017:2015 和 27018:2019 | 公开披露为当前有效 | 云服务安全与云端隐私保护 | 索取证书副本和客户环境范围边界 |
| ISO/IEC 42001 | 公开披露为当前有效 | AI 管理体系治理与风险流程 | 索取 AI 治理体系如何嵌入产品发布关口和 AI 功能评审 |
| 年度 SOC 2 审计,以及 CSA STAR / CAIQ 披露 | 公开披露为当前有效 | 安全性、可用性、处理完整性、保密性、隐私和自评透明度 | 索取最新报告期以及任何例外或排除范围 |
| 支持与架构师访问 | 面向客户的支持信号正面 | 被引用的客户页面显示,客户成功和架构师支持时间不额外收费 | 未找到公开 SLA、支持响应时间矩阵或正常运行时间历史 |
| 文档与集成质量 | 公开信号不一 | 部分评论称赞文档和集成,但 AWS/Gartner 反馈仍指出文档较薄、集成较少 | 索取管理员文档集、API 参考成熟度和集成路线图 |
本表把正式信任控制和公开质量信号放在一起,因为 Aqua 对认证异常透明,但对正常运行时间、服务级别和产品可运维性基准透明度低得多。由此看到的信任图景是:治理很强,运营遥测较薄。
[CE032, CE033, CE038, CE039, CE040, CE047]5.5 差异化、路线图与开放技术风险
Aqua 最清晰的差异化在于,它把开源开发者切入点、运行时优先的云工作负载安全故事,以及更新的提示词与 AI 工作负载安全扩展组合在一起。许多竞争对手可以声称拥有这个技术栈的一部分,但 Aqua 的公开材料少见地明确把它们串起来。Trivy 给 Aqua 一个可信的开发者和供应链界面,平台页面强调上下文化修复和运行时控制,2025 Akamai 合作则把这套逻辑延伸到提示词防御和 AI 工作负载行为。由此形成的产品逻辑很有吸引力:同一个希望减少云原生风险碎片化工具的买方,可能也希望一家供应商能从代码库和镜像卫生一路进入生产工作负载和新兴 AI 交互。 开放风险集中在叙事最新或最不具体的地方。除 AI 安全发布材料和常青平台语言外,公开路线图细节很薄。AI 模块可以作为真实产品方向得到支持,但公开客户证明、模块包装和 GA 级采用细节仍然稀薄。公开来源也没有清楚分开 Aqua Platform 的边界,以及各个商业附加模块从哪里开始。这意味着本章结论应保持克制:Aqua 拥有可信的产品广度和差异化工作流故事,但私有尽调仍需证明架构深度、服务可靠性、包装逻辑,以及 AI 安全扩展多快能变成可重复收入,而不仅是强定位。[CE003, CE035, CE036, CE041, CE042, CE043]
| 日期 / 阶段 | 功能 / 里程碑 | 状态 | 含义 | 来源 |
|---|---|---|---|---|
| 当前平台表述 | Aqua CNAPP 从代码到云再到提示词的定位 | 当前公开定位 | 表明 Aqua 正把从开发到生产再到 AI 交互串成一条连续工作流 | Aqua 主页 + 平台页面 |
| 当前产品覆盖面 | Trivy 在代码库、文件系统、镜像、Kubernetes、VM、SBOM、密钥和许可证扫描上的覆盖面 | 当前有效且文档充分 | 让 Aqua 不只是讲企业运行时故事,还拿到了可信的开源开发者和供应链切入点 | Aqua Trivy 页面 + Trivy 文档 |
| 2025-07 | Akamai 合作,保护 AI 提示词和工作负载 | 已宣布 | 把 Aqua 从云原生运行时扩展到 AI 提示词防护和模型交互治理 | Aqua 公告 |
| 2025 Black Hat 周期 | AI 工作负载安全演示和 AI Advisory Program 相关提及 | 已演示 / 发布初期 | 证实 Aqua 在投入 AI 安全,但公开证据仍停在发布初期,不是成熟客户证据 | VMblog Q&A |
| 当前渠道状态 | Marketplace、Red Hat operator 和合作伙伴主导分发 | 当前 | 表明交付已在多条采购路径中运营化,不只靠直销 | GitHub marketplaces 代码库 + Azure/AWS/Red Hat 页面 |
| 当前信任状态 | ISO 42001 加入更广的信任栈 | 当前 | 相较没有公开 AI 治理认证的厂商,Aqua 的 AI 治理叙事更可信 | Aqua 合规页面 |
| 公开路线图粒度 | 模块级发布节奏、SKU 包装和按组件列日期的路线图 | 信息薄 / 未公开详列 | 尽调仍需要管理层逐项说明模块成熟度、即将发布的版本和包装边界 | 根据已审阅的官方页面和新闻页面推断 |
本章可以支撑当前能力主题和 2025 年 AI 扩张,但不能支撑细颗粒度公开路线图。最后一行有意列为缺口行,因为 Aqua 官方页面强调能力定位,而不是列出带日期的发布计划。
[CE003, CE017, CE041, CE045, CE029, CE048]基于证据看 Aqua 主要产品模块的成熟度,把成熟核心、较新的 AI 扩张和公开材料薄弱的包装拆开。
这些取值概括公开证据质量,而不是内部产品遥测。高 = 成熟且公开文档充分;中 = 可信但公开信息不完整;新兴 = 近期推出或公开证据很薄。
[CE017, CE035, CE038, CE041, CE044, CE049]5.6 图表
06客户情况
6.1 付费企业基础与从业者社区
Aqua 的公开客户故事明显由企业主导,而不是 SMB 主导。最强的官方披露仍是 January 2024 融资发布:全球超过 500 家企业公司采用 Aqua,Fortune 100 的 40% 使用该平台,Aqua 在北美和加拿大银行中也有深度渗透。更早的 2021 披露已经描述了 2020 付费客户翻倍、半打客户 ARR 超过 $1 million,以及在全球最大金融机构中的银行渗透。这不是广泛自助席位业务的语言,而是大型账户、受监管企业销售的语言。 买方、用户和付款方也明显不同。产品页面和合作伙伴界面指向开发者和 DevOps 团队,他们是 Trivy 与 CI/CD 扫描的第一批用户;平台或安全团队是 CNAPP 的运营负责人;企业采购或合作伙伴渠道则持有更广 Aqua Platform 的合同。这个分裂很重要,因为 Aqua 的公开开源和生态触达远宽于其具名付费客户名单。Trivy 嵌入 GitLab 容器扫描,并获得 MasterCard、Deutsche Bahn 和 Wise 等公司的从业者称赞,但这些引用本身证明的是从业者信任和工作流相关性,而不是付费 Aqua Platform ARR。[CU001, CU002, CU003, CU005, CU006, CU007]
| 客群 | 买方 / 用户 / 付款方 | 用例 | 公开规模证据 | 战略价值 | 关键缺口 |
|---|---|---|---|---|---|
| 全球企业 CNAPP 账户 | 买方:CISO / 云安全负责人;用户:平台 + 安全团队;付款方:企业采购 | 代码到云、运行时、安全态势、合规、AI 工作负载安全 | 全球 500+ 企业客户;Fortune 100 中 40% | 核心付费客户基础,具备蓝筹可信度 | 未公开规模区间、产品组合或地域拆分 |
| 金融服务 / 银行 | 买方:安全 + 风险管理层;用户:云 / 容器团队;付款方:受监管企业预算 | 容器、云和合规密集型工作负载安全 | 北美前 10 大银行中 6 家;加拿大前 7 大银行中 6 家;具名案例包括 Alma 和 AIB | 很可能是高 ACV、粘性强的合规用例 | 可能存在垂直行业集中,但未披露 |
| 公共部门 / 联邦 | 买方:机构安全管理层;用户:云转型团队;付款方:机构 / 承包商采购 | 安全云转型和合规驱动部署 | 客户页面列出 Koch Federal,以及一个具名美国联邦政府机构案例 | 在受监管、长周期账户中有可信度 | 具名机构数量和合同范围仍然薄 |
| 软件 / 平台生态 | 买方:安全工程;用户:开发者和平台团队;付款方:企业软件预算 | 嵌入式容器扫描和 DevSecOps 默认安全 | GitLab 客户证据,加上 Trivy 在 GitLab 容器扫描中的默认扫描器角色 | 杠杆高,因为 Aqua 可间接触达下游开发者 | 嵌入生态的证据不等于已披露的付费平台 ARR |
| 工业 / 能源 / 公用事业 | 买方:企业架构师 / 安全负责人;用户:运营 + 云团队;付款方:企业采购 | CSPM、监管控制、工作负载安全 | Elvia 引述和 Koch Federal 客户引述 | 表明 Aqua 不只服务纯软件买家 | 公开结果指标是定性的,不是数字化的 |
| 零售 / 旅行 / 互联网服务 | 买方:安全或 DevOps 负责人;用户:应用 / 云团队;付款方:业务单元或中央 IT 预算 | 保护 AWS Fargate、构建安全应用、提升运营效率 | 客户页面列出旅行科技初创、在线零售商、Kakaku.com 案例 | 证明跨垂直行业用例广度 | 许多证据仅停留在 logo / 引述层面 |
| 从业者社区(区别于付费基础) | 发现阶段通常没有买方;用户:开发者 / OSS 维护者 / 安全工程师;付款方:若发生转化,则为后续企业赞助方 | 使用 Trivy 做镜像、代码库、IaC、SBOM、云和 Kubernetes 扫描 | GitLab、Artifact Hub、Harbor 默认项,加上 MasterCard、Deutsche Bahn、Wise 等推荐语 | 有意义的漏斗顶端和品牌信任引擎 | 未公开社区使用向付费 CNAPP 合同的转化率 |
各行有意把付费企业账户与更广泛的 Trivy 从业者社区拆开。公开证据更多是定性和战略性的,不是按收入加权披露的客户分群拆分。
[CU001, CU002, CU003, CU009, CU010, CU011]Aqua 客户旅程:从从业者发现或合作伙伴引入,到企业采购、生产上线、扩张和续约审查。
[CU010, CU013, CU039, CU040, CU041, CU045]按细分市场展示公开证据质量,显示 Aqua 哪些地方能见度最强,哪些证据仍然薄。
[CU014, CU015, CU037, CU045, CU046, CU048]6.2 采用轨迹与具名公开证明
即使客户数量的完整时间序列没有公开,采用曲线本身也站得住。2021 年 Aqua 称,2020 年付费客户数翻倍,且已有约 6 个客户 ARR 超过 $1 million,意味着早在 2024 年延伸轮之前,公司已经拿到有意义的企业级 ACV。到 2024 年初,官方话术从增长轶事转向规模标记:500 多家企业客户、Fortune 100 渗透率 40%、北美前 10 大银行中的 6 家、加拿大前 7 大银行中的 6 家,以及 2023 年新业务增长 65%。2025 年领导层交接公告沿用了 Fortune 100 渗透率说法,说明公司仍希望投资人与客户把该蓝筹客户版图视为当前状态。 具名证据比汇总口径窄得多,但并非空白。Aqua 客户页面披露了金融、公共部门、软件、能源、零售、旅游科技和互联网服务等行业的公开引用。本证据集中最有力的具名样本是 Alma、AIB、GitLab、Koch Federal 和 Elvia;TechCrunch 还独立补充 PayPal、Netflix 和 Samsung 为公司声称的客户。短板在证据质量:多数具名部署只是公司自有案例简介或客户引语,而不是独立记录的生产上线,并披露支出、期限或量化结果。上述证据足以证明真实采用,但不足以支撑续约质量判断。[CU004, CU005, CU006, CU007, CU008, CU014]
| 指标 | 数值 | 日期 | 来源 | 置信度 | 含义 | 缺失分母 |
|---|---|---|---|---|---|---|
| 付费客户增长 | 付费客户翻倍 | 2020,Mar 2021 披露 | Aqua 2021 融资新闻稿;TechCrunch 2021 | 高 | 表明企业采用在 2021 年独角兽轮之前加速 | 未披露 2020 或 2021 绝对客户数 |
| 大客户牵引 | 约 6 个客户 ARR 超过 $1M | Mar 2021 | Aqua 2021 融资新闻稿;TechCrunch 2021 | 高 | 证实到 2021 年已有有意义的高 ACV 企业销售 | 未披露完整 ACV 分布或头部客户清单 |
| 全球银行渗透 | 全球前 10 大银行中 5 家 | Mar 2021 | Aqua 2021 融资新闻稿 | 中 | 表明早期就具备受监管企业可信度 | 未披露具名银行和商业深度 |
| 企业客户数量 | 全球 500+ 家企业 | Jan 2024 | Aqua 2024 融资新闻稿;Globes 2024 | 高 | 证明后期阶段已有规模化客户基础 | 未按模块、合同规模或地域拆分 |
| Fortune 100 渗透 | 2024 年 Fortune 100 中 40%;2025 年重申超过 40% | Jan 2024 / Nov 2025 | Aqua 2024 融资新闻稿;Aqua 2025 领导层公告 | 高 | 表明蓝筹相关性延续到融资事件之后 | 具名数量和扩张深度仍未公开 |
| 银行深度 | 北美前 10 大银行中 6 家;加拿大前 7 大银行中 6 家 | Jan 2024 | Aqua 2024 融资新闻稿;Globes 2024 | 高 | 极强的金融服务渗透主张 | 如果 ARR 分布不均,可能意味着垂直行业集中 |
| 新业务增长 | 新业务增长 65% | FY2023,Jan 2024 披露 | Aqua 2024 融资新闻稿 | 高 | 进入 2024 年时采用动能仍强 | 未披露预订额基数、留存衔接或 ARR |
本表把已披露的时点采用事实与管理层报告的增长标记放在一起。应把它当作轨迹证据,而不是完整队列或续约桥。
[CU001, CU002, CU003, CU004, CU005, CU006]| 客户 | 客群 | 公开证据 | 部署 / 用例 | 生产部署 vs 试点 | 结果 / 引述 | 限制 |
|---|---|---|---|---|---|---|
| Alma | 金融 | Aqua 客户展示 | 借助 Aqua CNAPP 扩展安全能力 | 客户故事框架暗示已生产部署 | 官方客户页面上的具名金融案例 | 未披露支出、时长或量化结果 |
| Koch Federal | 公共部门 / 联邦 | Aqua 客户展示,附高管引述 | 合规导向的云原生安全转型 | 详细引述和客户故事框架暗示已生产部署 | 引述肯定全面安全、合规重点、支持和持续改进 | 未披露机构范围、部署规模和合同细节 |
| GitLab | 软件 / 平台生态 | Aqua 客户展示,加 Trivy 产品页面 | 使用 Aqua Trivy 提供默认 DevSecOps 容器安全 | 暗示生产部署 / 嵌入式分发 | GitLab 引述称客户成功和架构师支持不额外收费 | 嵌入式产品角色强力证明了实用性,但不是已披露的 Aqua 合同价值 |
| AIB | 银行 | Aqua 客户展示 | 用 Aqua 集中管理容器安全 | 案例研究框架暗示已生产部署 | 具名银行证据与更广泛的银行渗透主张一致 | 未披露结果指标、席位数或商业范围 |
| Elvia | 能源 / 公用事业 | Aqua 客户展示,附高管引述 | 用 CSPM 自动化安全并满足监管指南 | 详细引述暗示已生产部署 | 引述称 Aqua CSPM 给出清晰的风险配置和警报清单 | 结果在运营上清晰,但未财务量化 |
| PayPal / Netflix / Samsung | 大型企业科技 / 消费 | TechCrunch 2024 具名客户报道 | 在 CWPP、CSPM、KSPM、供应链和漏洞用例中使用 Aqua 平台 | 文章语境声称为生产使用 | 独立来源把证据扩展到公司自控页面之外 | 此来源集中没有引述、合同范围或新的 2025-2026 更新 |
枚举有意不完整:它覆盖保留来源包中可见的公开具名案例,不是 Aqua 的完整客户名单。大多数证据来自公司自控页面,因此对存在和用例的证明最强,对经济性和使用时长的证明较弱。
[CU014, CU016, CU019, CU021, CU022, CU023]Aqua 从技术发现进入企业生产,再走向更宽平台扩张的表观路径。
[CU010, CU019, CU039, CU040, CU041, CU045]6.3 留存韧性、满意度与复用代理指标
Aqua 未公开披露 NRR、GRR、总流失率、客户流失率、合同期限或续约队列,因此无法直接从公开材料观察真实留存韧性。现有最佳代理指标好坏参半:客户引语、云市场评论和评测平台反馈。正面看,GitLab 的公开引语称客户成功支持和架构师时间免费包含在内;该支持安排对企业平台是有用的留存信号。G2 在 57 条评论中均分为 4.2/5,并给出三个月平均实施周期和十一个月平均 ROI 窗口,说明用户确实看到了价值兑现时间。TrustRadius 有评论者描述高 ROI 和容易配置的策略,PeerSpot 则赞赏运行时保护、漂移防护和文档。 抱怨同样真实,不应弱化。Gartner 可见评论里,一条 4.0 的正面评价仍指出价格更高、集成更少;一条 3.0 的批评性评价则称 Aqua 在真正企业级规模的镜像和容器体量上吃力。G2 用户提到客户支持响应慢,以及 API 或功能缺口;AWS Marketplace 评论摘录和 TrustRadius 评论则指向文档、API、Jira 和 SIEM 集成短板。合在一起,公开记录更支持「有价值,但有时运营负担重」,而不是「扩张轻松且留存指标世界级」。[CU020, CU027, CU028, CU029, CU030, CU031]
| 信号 | 公开数值 | 客群 / 评论者类型 | 置信度 | 含义 | 常见投诉 / 尽调问题 |
|---|---|---|---|---|---|
| NRR / GRR / 流失率 / 合同期限 | 整体客户基础 | 高 | 核心耐久性指标未公开披露 | 索取留存队列、总 logo 流失率、续约期限长度和取消原因 | |
| G2 总体评分 | 57 条评论为 4.2/5 | 广泛的软件评论受众 | 中 | 用户满意度和可用广度方向性正面 | 验证评论时效性、企业占比,以及评分是否偏向单点产品而非平台使用 |
| G2 实施 / ROI | 实施 3 个月;ROI 11 个月 | G2 评论者 | 中 | 表明一年内可衡量价值实现时间 | 验证这些平均值是否适用于大型受监管部署 |
| Gartner Peer Insights 示例 | 4.0 正面示例和 3.0 批评示例 | IT / 安全评论者 | 中 | 企业证据不一但可信:镜像评估强,规模和集成问题仍在 | 索取容器 / 镜像量极高的企业参考 |
| TrustRadius 评论信号 | 7 条评论为 6.2/10;一名评论者称 ROI 高 | 从业者 / 企业评论者 | 低 | 有正面 ROI 信号,但样本量小且评价不一 | 索取更广泛的续约调查和客户健康数据 |
| PeerSpot 评论信号 | 对运行时保护、漂移防护和文档的定性评价正面 | 从业者评论者 | 中 | 技术用户认可安全深度 | 需要报告、培训、资源使用和日志转发改进方面的证据 |
| AWS marketplace 评论片段 | 对合规覆盖、负载下性能和完整部署有正面评论 | Marketplace 评估者 | 中 | 采购入口附近存在真实买家反馈 | 确认 marketplace 评论者是否对应活跃付费账户和扩张 |
| 官方支持代理信号 | GitLab 称客户成功和架构师时间不额外收费 | 具名客户引述 | 中 | 如果运营上能规模化,包含支持可能帮助采用和续约 | 按账户层级确认 SLA、人员配比和服务成本 |
空值表示该指标未公开披露,不代表为零。评论平台指标是满意度代理,不应替代续约统计。
[CU020, CU027, CU028, CU029, CU030, CU031]用公开支持与投诉信号构造的示意性留存代理队列;不是 Aqua 披露指标。
Aqua 不披露 NRR、GRR 或队列留存。这些百分比是一个尽调模型,锚定两侧混合公开信号:一边是强企业引用和支持评价,另一边是价格、集成、文档和企业规模投诉。在管理层提供真实队列前,只能作为分析占位。
[CU020, CU027, CU029, CU030, CU031, CU042]6.4 扩张路径、集中度风险与采购摩擦
Aqua 确实有清晰的落地后扩张逻辑。产品触点横跨代码、云、运行时、合规,如今又覆盖 AI 工作负载保护;因此,从容器或镜像安全切入后,扩张到更广 CNAPP 标准化具备可信路径。Trivy、GitHub 市场、AWS Marketplace、Azure 私有报价、Cisco 联盟页面、Red Hat 认证和 Akamai 合作,都拓宽了账号发现、测试、采购或扩展平台的路径。多触点打法在战略上有帮助,因为 Aqua 可以通过不同触点触达开发者、云架构师、安全团队和企业买方,而不是只靠单一的大客户直销动作。 同样的渠道复杂度也带来投资论证摩擦。私有报价和伙伴协助采购意味着公开定价很弱、续约归属不清、渠道利润不可见。公开客户数标题也无法说明收入是广泛分布,还是少数大型受监管账户承担了过高 ARR 权重。银行渗透率说法在商业上亮眼,但也提示金融服务可能对账本尤其重要。最后,Trivy 的社区足迹确实带来认知优势,但 Aqua 没有公开从免费扫描器、社区使用或云市场试用转化为付费平台 ARR 的数据。扩张有可能;集中度与转化仍未被证明。[CU036, CU038, CU039, CU040, CU041, CU043]
| 驱动因素 / 风险 | 公开证据 | 对收入耐久性的影响 | 证据质量 | 尽调路径 |
|---|---|---|---|---|
| 平台广度支持交叉销售 | Aqua 产品和平台页面覆盖代码、云、运行时、合规和 AI 工作负载安全 | 正面:初始工作负载安全拿下后,支持先落地再扩张 | 中 | 索取模块附加率、产品族 ARR,以及按队列划分的扩张路径 |
| Trivy 从业者漏斗 | Trivy 文档、GitHub 和社区引述显示广泛从业者触达 | 正面但未证实:在技术用户层面扩大认知和信任 | 中 | 索取 Trivy 到付费的转化、PQL / SQL 创建,以及来源管线贡献 |
| Marketplace 和 private-offer 采购 | AWS 上架页、Azure private offer 和 GitHub marketplace 试用入口公开可见 | 喜忧参半:能加快落地动作,但会遮蔽实际成交价格和续约归属 | 中 | 索取直销与 marketplace 预订额、账单归属方,以及按渠道划分的续约经济性 |
| 合作伙伴杠杆 | Cisco、Red Hat 与 Akamai 等触点拓宽渠道可信度和用例入口 | 正向:可能打开企业客户和相邻工作负载 | 中 | 要求披露渠道来源销售管线、赢单率、折扣和合作伙伴利润结构 |
| 金融服务客户集中风险 | 银行渗透率主张很强,但公开具名客户的深度跟不上 | 如果少数银行贡献过高 ARR,可能偏负面 | 中 | 要求披露前 20 大客户 ARR、头部银行 ARR 和未来 12 个月续约日历 |
| 总量口径不透明 | 500+ 企业客户规模不小,但公开材料没有给出规模分层、地域或产品组合 | 负面:即使客户数很高,也不能排除集中风险 | 中 | 要求按 ARR 档位、地域和产品家族披露客户分布 |
| 企业级规模化交付风险 | Gartner 负面评价指出,极高镜像 / 容器量下存在挑战 | 如果问题未解决,在最大客户扩张时会构成负面因素 | 中 | 要求对最大生产环境做客户访谈,并提供性能指标 |
行项目同时放入上行因素和投资判断风险,因为 Aqua 的公开扩张叙事离不开集中度和采购不透明。公开证据支撑打法本身,但不能证明由此带来的收入质量。
[CU031, CU036, CU038, CU039, CU040, CU041]6.5 客户判断
客户章节应读作「真实但只完成部分论证」的故事。Aqua 显然具备企业市场地位:公司拥有庞大的官方客户数,持续披露 Fortune 100 和银行业渗透率,并有足够具名引用证明它并非只卖给匿名试点。Trivy 周围的从业者社区强化了客户故事,说明 Aqua 不只在管理层 PPT 里有可信度,也在用户层面有信用。 但公开证据距离投资人想要的客户韧性证明仍差很远。没有披露的队列数据,没有公开集中度表,没有续约日历,也没有可信的公开桥梁能把 Trivy 使用或云市场试用连接到付费 CNAPP 扩张。评测平台支持「产品有价值且覆盖面广」的判断,但也暴露了规模、集成、文档和支持速度方面的抱怨;上述问题都会影响企业扩张。因此结论应保持平衡:Aqua 的客户基础足以支持继续尽调,但最终投资判断仍取决于私下披露的留存、集中度和转化证据。[CU001, CU003, CU008, CU042, CU043, CU046]
6.6 证据图表
07风险
7.1 竞争与商业模式风险
Aqua 最严重的风险在于,CNAPP 采购正向更大的从代码到云平台集中,而 Aqua 仍是估值停滞的独角兽。Wiz 在 2024 年以 $12 billion 估值融资 $1 billion,公开目标是 $1 billion ARR 和 IPO,并称 Fortune 100 中已有 50% 使用它。Palo Alto、CrowdStrike、Orca、Sysdig 和 Snyk 都在销售更广的 AI 与运行时感知平台;Fortinet 收购 Lacework 则说明战略买家可以用受压价格把 CNAPP 折进更大的安全套件。Palo Alto 2025 财年结果又给出一个规模锚点:收入 $9.2 billion,Next-Generation Security ARR $5.6 billion。上述资产负债表和经常性收入底盘,让套件厂商比 Aqua 有大得多的空间去补贴捆绑、交叉销售和 AI 驱动的平台扩张。在上述背景下,TechCrunch 2024 年 1 月关于 Aqua 的报道明确指出,公司估值自 2021 年以来只是保持在 $1 billion 以上,并未继续上行。估值持平标记很重要,因为它说明在资金更充足的对手拓宽平台范围和并购能力时,Aqua 没有足够快地拉开差距。 Aqua 还面对自身制造的商品化压力。它的 Trivy 项目已经提供快速的开源漏洞、错误配置、密钥、SBOM 和许可证扫描,Aqua 称 GitLab Container Scanning、Harbor 和 Artifact Hub 默认使用它。开源触达在战略上有价值,但也意味着基础扫描变得便宜甚至免费,而采购越来越看重集成工作流、运行时上下文和 AI 辅助响应。独立评测网站强化了这个风险:Gartner、TrustRadius、PeerSpot 和 G2 都暴露了围绕价格、集成、可见性或企业级执行的抱怨。缓释理由是运行时深度——Aqua 自己的领导层和工作负载安全定位强调运行时保护和漏洞管理——但在胜率、续约和附加率数据证明相反之前,投资人应把这种差异化视为狭窄护城河。[CR005, CR006, CR008, CR009, CR010, CR011]
截至 2026-05-19,按严重程度排序的 Aqua 最主要公开风险矩阵,结合发生可能性与经济或运营影响。
[CR016, CR018, CR019, CR021, CR026, CR040]展示 Aqua 的市场、产品和组织风险如何传导到续约、利润率、融资和估值。
[CR004, CR018, CR021, CR026, CR040, CR041]7.2 监管与法律风险
Aqua 的法律和监管风险,不在于有可见的公开执法行动,而在于合同结构、隐私义务,以及公开保证与企业级承诺之间的证据缺口。Aqua 隐私政策称,在平台用户按客户指示运营的场景下,公司会根据 DPA 和配套商业协议担任数据处理者。方向上这是正确姿态,但尽调必须越过营销页面,审查实际 DPA、数据驻留、子处理者和泄露通知条款,因为云安全工具经常从受监管环境中摄入代码、镜像、遥测和安全发现。CISA 关于组织必须管理外部依赖和运营韧性的指引,使这些下游控制成为实质事项,而不是边缘问题。 更尖锐的问题是风险分配。Aqua 网站条款围绕有效性、可用性、完整性和无差错运行排除保证,限制责任,并将争议引至 Tel Aviv-Jaffa 适用以色列法。它的支持和专业服务条款在运营上有帮助——其中提到商业合理的 99.9% 可用性、关联公司交付,以及 Aqua 对分包商保留责任——但条款也保留变更权,保持价格不透明,并给出有限保证语言。供应商优先合同里,上述条款并不罕见,但意味着公开法律基线偏向公司。投资含义很直接:如果企业 MSA、DPA、SLA 抵扣或子处理者控制弱于采购常规,买方应假设法律和事故成本暴露高于产品故事本身所暗示的水平。[CR031, CR032, CR033, CR034, CR035, CR036]
| 规则 / 案件 / 承诺 | 司法辖区 | 状态 | 发生概率 | 严重性 | 缓释措施 | 剩余敞口 | 尽调路径 |
|---|---|---|---|---|---|---|---|
| 客户数据处理方及 DPA 义务 | 全球 / 多司法辖区 | 隐私政策称,Aqua 根据客户指示和相关 DPA,作为平台用户的数据处理方 | 中 | 高 | 客户控制的处理模式加 DPA 框架 | 跨境传输、数据驻留和泄露通知敞口仍在 | 审阅 DPA、分处理方、驻留控制和事件通知承诺 |
| 网站条款中的保证和责任限制 | 以色列 / 全球网站用户 | 公开条款否认有效性、可用性、完整性和无错误运行保证,并限制责任 | 高 | 高 | 企业 MSA 可覆盖公开网站基线 | 公开法律立场仍偏供应商,可能影响采购谈判筹码 | 要求提供 MSA 责任上限、赔偿、管辖地例外和网络责任条款 |
| 支持条款中的可用性和变更控制 | 全球客户 | 支持条款以 99.9% 可用性为目标,允许关联方交付,并允许发布修订 | 中 | 高 | 可用性目标加“不发生重大降低”限定 | 没有公开记录显示实际正常运行时间、服务抵扣或重大事件 | 审阅 SLA 抵扣、正常运行时间历史和支持人员覆盖 |
| 专业服务分包商和保证限制 | 全球客户 | PS 条款允许使用分包商,设置有限保证措辞,并要求价格保密 | 中 | 中 | 合同上 Aqua 仍对分包商负责 | 不同部署的上线质量和成本透明度可能不一 | 审阅 SOW 模板、分包商控制和验收标准 |
| 网络韧性和依赖管理预期 | 美国 / 关键网络环境 | CISA 称,组织需要定制化计划,并管理外部依赖 | 中 | 中 | Aqua 将安全、支持和信任材料对外呈现为客户控制措施 | 公开材料不能证明经过测试的韧性、故障处理能力或监管级准备度 | 要求提供渗透测试节奏、桌面演练结果和 24 个月事件通知 |
各行从投资者评估合同追索权、隐私义务和服务保障的角度,按严重性排序,依据是 Aqua 的公开法律页面和 CISA 指引。
[CR031, CR032, CR033, CR034, CR035, CR036]7.3 运营与依赖风险
从运营看,产品可信,但并不顺滑。独立评论形成了一致模式:Gartner 称 Aqua 的镜像评估强,但价格高、集成较少,可见性或遥测落后于 EDR 类工具;一条批评性 Gartner 评论称,产品在超大企业体量下吃力;TrustRadius 和 PeerSpot 提到 Jira 与 SIEM 缺口、UI/UX 问题、Web 门户或报告短板,以及日志转发或服务器集成需求;G2 则包含企业用户对功能交付慢和扫描覆盖缺失的抱怨。上述抱怨并不意味着 Aqua 在核心工作负载安全问题上薄弱——一些评论者赞赏策略配置、运行时保护、漂移防护和 ROI——但确实说明,在整体工作流契合度上稳定赢下平台整合之前,公司仍有执行功课要补。 依赖风险会放大这个产品缺口。Aqua 的 AI 安全叙事目前绑在与 Akamai 的联合故事上,而根据公开条款,支持和专业服务可以依赖关联公司与分包商。与此同时,开源 Trivy 扩大了分发,却削弱了 Aqua 对客户必须从商业平台买回多少价值的控制。结果是一个典型的传导问题:如果集成滞后、伙伴不能转化,或 OSS 用户不升级,那么价格压力就会变成更慢的续约和更弱的融资杠杆。Aqua 的缓释路径——运行时深度、工作负载聚焦和伙伴加速 AI 切入——仍可信,但公开证据仍更偏向产品定位和发布信息,而不是硬续约或 AI 附加指标。[CR018, CR019, CR020, CR021, CR022, CR023]
| 故障模式 | 发生概率 | 严重性 | 缓释成熟度 | 剩余敞口 | 未解决缺口 |
|---|---|---|---|---|---|
| 企业可见性和集成缺口削弱续约质量 | 高 | 严重 | 部分成熟;评测者认可一些集成和策略控制,但仍指出遥测较弱、工作流衔接缺失 | 高 | 需要拿到路线图、流失和续约数据,并能映射到集成问题和分析师批评 |
| 产品在超大企业镜像和容器量下承压 | 中高 | 高 | 部分成熟;镜像评估和运行时深度获得认可,但 Gartner 指出规模压力 | 中高 | 需要超大规模客户的参考访谈和基准数据 |
| 开源 Trivy 将基础扫描价值商品化 | 高 | 高 | 部分成熟;OSS 触达带来漏斗和生态相关性 | 中高 | 需要 Trivy 用户转入付费平台层级的附着率数据 |
| AI 安全扩张分流核心 CNAPP 执行资源 | 中 | 高 | 早期;已有合作和演示,但公开客户证明很薄 | 高 | 需要 AI GA 范围、销售管线和附着率证据 |
| 服务可靠性和支持表现缺乏公开可见度 | 中 | 中 | 部分成熟;已发布支持条款以 99.9% 可用性为目标,也有公开信任材料 | 中 | 需要正常运行时间历史、Sev1 复盘和服务抵扣发放数据 |
| 功能迭代速度和 UI 摩擦拖慢企业客户采用 | 高 | 中 | 部分成熟;一些用户认可仪表盘、策略控制和文档 | 中 | 需要发布节奏、支持工单账龄和产品待办证据 |
严重性排序结合了评论网站证据、产品页定位,以及这些问题对续约、扩张和服务保障的运营后果。
[CR018, CR019, CR020, CR021, CR022, CR023]| 依赖 | 交易对手 | 作用 | 集中度 | 失败情景 | 严重性 | 缓释措施 | 剩余敞口 |
|---|---|---|---|---|---|---|---|
| 捆绑式 CNAPP 与 AI 套件 | 竞争者:Wiz、Palo Alto、CrowdStrike、Snyk、Orca、Sysdig、Fortinet/Lacework | 采购和续约中的竞争控制点 | 高 | 客户整合到更广的代码到云端平台,独立预算缩水 | 严重 | Aqua 强化运行时深度、工作负载保护和聚焦 CNAPP 差异化 | 高 |
| 开源分发生态 | Trivy 用户以及 GitLab、Harbor、Artifact Hub 和 GitHub 社区 | 漏斗顶部和生态触达 | 高 | 免费基础扫描满足客户需求,不必付费升级;或削弱 Aqua 对路线图捕获的控制 | 高 | 在 OSS 基础之上,将治理、运行时保护和企业工作流变现 | 中高 |
| AI 边缘安全合作 | Akamai | Secure AI 叙事中的提示安全和边缘控制点 | 中 | 联合商业化停滞,或路线图分歧,在 Aqua 做出独立规模前削弱其 AI 叙事 | 高 | Aqua 仍可独立销售运行时保护,并把合作当作加速器而非唯一路径 | 中高 |
| 支持与服务交付网络 | Aqua 关联方和分包商 | 支持覆盖和实施能力 | 中 | 交付不一致或上线缓慢会伤害部署成功率和续约 | 中 | 合同措辞让 Aqua 保持责任,并设定公开可用性目标 | 中 |
| 云和工作流集成接口 | 云平台、注册表、SCM、ITSM 和 SIEM 工具 | 数据采集和嵌入客户工作流 | 中高 | API 变化或集成缺失降低可见性,恶化竞争地位 | 高 | 与 GitHub、JFrog、注册表和云平台的现有集成提供可延展基础 | 中高 |
本登记表结合外部交易对手和生态依赖,它们可能把产品、定价或服务风险传导到续约和估值。
[CR011, CR012, CR013, CR014, CR015, CR016]梳理当前影响 Aqua 产品适配度、AI 叙事、服务交付和续约结果的交易对手与生态系统。
[CR016, CR024, CR025, CR027, CR035, CR037]7.4 人员与执行风险
人员风险格外重要,因为 Aqua 的战略转向与组织压力发生在同一时间。2025 年 11 月,两位创始人同时退出日常 CEO 和 CTO 角色,Mike Dube 从 CRO 转为 CEO,Nir Makowski 出任首席产品与技术官。该交接可以是健康的职业化步骤,但仍然是产品愿景、技术权威和商业责任的一次重大转移。几周后裁员跟进,风险不是下降而是上升。Calcalist 描述了 2022-2026 年间多轮裁员,包括一次以现金流独立为目标的 2026 年重组。公开员工数描述从 2025 年末约 450 人,降至最近裁员后的约 360 人;降幅并不致命,但对路线图和支持能力很重要。 原因在于,Aqua 不是在收割一个成熟业务;它一边要守住核心 CNAPP 经济性,一边还要扩张到 AI 工作负载和提示安全保护。刚刚重组过的领导团队要完成这项运营任务并不轻松。缓释因素在于,创始人仍担任战略顾问,官方计划继续聚焦运行时保护和漏洞管理,Aqua 也仍声称拥有有意义的 Fortune 100 渗透率。但在尽调证明产品速度稳定、客户成功覆盖未受损,并出现具名 AI 安全生产环境胜利之前,投资人应假设最可能把可投资故事变成价值陷阱的因素是执行,而不是纯粹的市场规模。[CR001, CR002, CR003, CR004, CR027, CR028]
| 角色 / 职能 | 依赖或缺口 | 发生概率 | 严重性 | 缓释措施 | 尽调路径 |
|---|---|---|---|---|---|
| 首席执行官与创始人接班 | 创始人 CEO 和 CTO 退居幕后,Mike Dube 和 Nir Makowski 进入最高管理层 | 高 | 严重 | 创始人仍任战略顾问,公开战略仍强调运行时和漏洞管理 | 审查交接后前两个季度、董事会监督和路线图执行情况 |
| 多轮裁员后的产品和工程团队士气 | 2022-2026 年多轮缩编,员工数明显收缩 | 高 | 高 | Aqua 将重组表述为现金流独立和聚焦核心产品 | 要求提供关键人才流失率、录用邀约接受率和空缺岗位填补率 |
| AI 商业化执行 | 新 AI 产品与核心 CNAPP 防线和转型工作并行 | 中高 | 高 | Akamai 合作加速进入市场和定位 | 要求提供具名客户、销售管线转化和 GA 路线图 |
| 创始人以下的管理梯队深度 | 除 CEO 和 CPTO 任命外,公开可见接班梯队仍薄 | 中 | 中高 | 企业客户基础和创始人顾问延续性提供一定缓冲 | 要求提供组织架构图、留任计划和高管层以下接班图 |
| 客户成功和支持能力 | 裁员叠加评论网站指出的摩擦,可能压紧部署和续约覆盖 | 中 | 中 | Aqua 称客户互动、支持和服务保持不变 | 审阅积压工单、解决时长、NPS 和续约队列 |
严重性排序反映一个概率:领导层变化和反复降本,会在 AI 与运行时差异化完全变现前拖慢执行。
[CR001, CR002, CR003, CR004, CR027, CR028]| 风险 | 可监控触发项 | 阈值 / 事件 | 行动含义 |
|---|---|---|---|
| 平台竞争与捆绑 | 相对 Wiz、Palo Alto、CrowdStrike 等套件的续约赢单率和折扣 | 连续两个季度企业赢单率低于 50%,或折扣高于 25% | 将 Aqua 重新定价为垂直小众资产,并要求显著更低入场价,否则停止 |
| 估值陈旧和融资悬置 | 下一轮新股融资、重大老股交易或投行标价流程 | 相比 2021/2024 独角兽标记持平或下行,且 ARR 或利润率没有明确拐点 | 视为资产负债表警讯,并重新谈判估值假设 |
| 重组与人员执行 | 追加裁员或新任领导层流失 | 12 个月内再次大幅缩编,或 Mike Dube / Nir Makowski 离职 | 暂停投资,直到组织稳定性和覆盖能力恢复 |
| 产品缺口 | 关于集成、可见性和企业级规模的独立评价与参考访谈 | 同类投诉延续到 2026 H2,或在前 20 大客户尽调中出现 | 按更慢扩张、更低 NRR 和更高流失风险承销 |
| AI 扩张 | Secure AI 客户证明和合作伙伴绑定 | 下一融资周期前没有具名生产客户或可衡量 ARR 信号 | 仅把 AI 作为期权估值,不作为基准情景增长引擎 |
| 服务和法律控制 | 审阅 DPA、MSA、SLA、分处理方和泄露通知 | 赔偿或责任上限薄弱、驻留不清,或缺少令人满意的正常运行时间证据 | 交割前要求合同补救,否则终止尽调 |
终止标准刻意设计为可监控,并绑定可观察的融资、客户、产品和合同事件,而不是泛泛的谨慎表述。
[CR004, CR006, CR018, CR021, CR027, CR032]08估值
8.1 建议、估值锚点与限制条件
Aqua 应被视为观察标的,而不是确信买入,因为公开记录支持一家真实业务,却不支持精确定价。官方公司公告仍锚定硬事实:Aqua 成立于 2015 年,运营地在 Boston 和 Ramat Gan,截至 2024 年 1 月累计融资 $325M,估值仍高于 $1B,并称超过 500 家企业客户使用该平台,其中包括 Fortune 100 的 40%。上述事实都是有意义的证明点;2025 年 11 月领导层交接公告也确认 Mike Dube 是现任 CEO。 投资论证问题在于,Aqua 是私营公司,公开数据不完整。最强的公开收入代理指标是 GetLatka 估计的 2024 年收入 $89.9M;按 $1B 参考估值计算,收入倍数略高于 11x,但该估计置信度低且未经审计。TechCrunch 也把 2024 年 1 月延伸轮描述为基本延续 2021 年独角兽轮的持平融资;Calcalist 后来又报道裁员和重组。在 ARR、NRR、毛利率、烧钱速度和优先股数据不完整的情况下,正确姿态是有纪律的兴趣,而不是激进入场。[CV001, CV003, CV004, CV005, CV006, CV009]
| 维度 | 评估 | 决策含义 |
|---|---|---|
| 推荐 | 观察 | 不要仅凭公开数据,在陈旧独角兽估值以上承销新仓位 |
| 信心 | 中 | 公司是真实且有战略相关性的,但关键财务输入仍未公开 |
| 风险评级 | 高 | 执行 / 重置风险、估值下调融资风险和优先股悬置仍未解决 |
| 估值立场 | 偏高 | >$1B 标记可能说得通,但前提是私有指标明显强于公开代理指标 |
| 模型入场纪律 | 优先选择 $0.9B-$1.0B;否则要求更强私有指标 | 当前公开标记只披露为高于 $1B,因此实际入场价越高,已经有限的基准情景上行越少 |
所有推荐字段仅基于公开证据。Aqua 是私营公司,当前估值支撑依赖低置信度收入代理指标以及未披露优先股条款。
[CV014, CV034, CV035, CV036, CV040]从业务验证和战略价值出发,穿过估值不确定性,落到最终观察建议。
[CV001, CV006, CV027, CV029, CV035, CV036]IC 风格评分卡,把业务质量、估值可见度和执行风险拆开看。
[CV006, CV027, CV029, CV030, CV035, CV036]8.2 投资逻辑与反向逻辑
正向逻辑是战略位置。Aqua 仍呈现一个从代码到云的广泛云原生安全平台,以 Trivy 作为大型开源楔子,并官方声称拥有 500 多家企业客户和 Fortune 100 的 40%。Aqua 自有生态项目以及 AWS、Azure 等云市场渠道构成的伙伴足迹,说明产品进入了主流企业采购路径,而不只是定制项目。2025 年 Akamai 合作和 Black Hat 前后的 AI 安全信息显示,Aqua 仍在尝试把平台延伸到新的采购叙事中,而不是防守一个静态的容器单点工具。 负向逻辑在估值信心,而不在品类位置。Aqua 最近披露的估值标记,在 2021 年 Series E 与 2024 年延伸轮之间没有明显上行;Calcalist 2025 年关于反复裁员的报道表明,管理层一直在为韧性和现金流独立优化。裁员报道并不否定业务,但在看不到私有指标前,会削弱支付溢价倍数的理由。反向逻辑很简单:Aqua 可能是一家好公司,但公开证据集仍太薄,不足以在陈旧独角兽锚点或以上给出强买入判断。[CV006, CV007, CV008, CV027, CV028, CV035]
| 立场 | 论点 | 什么会改变判断 |
|---|---|---|
| 投资逻辑 | Aqua 仍有真实规模:官方 2024 披露显示 500+ 企业客户,覆盖 Fortune 100 的 40% | 客户集中、流失或非活跃 logo 数据会很快削弱这一证明 |
| 投资逻辑 | 平台凭借代码到云端覆盖、Trivy 分发和主要云市场渠道,仍具战略相关性 | 如果证明 Trivy 无法转化为付费销售管线,或买方只把 Aqua 当作一个功能,稀缺价值会下降 |
| 投资逻辑 | 2025 年 Akamai 合作和 AI 安全叙事说明产品仍在演进,而不是品类停滞 | 如果 AI 安全扩张主要停留在叙事、没有商业采用,市场扩张论点会变弱 |
| 反向逻辑 | 最近披露估值在 2024 年仍高于 $1B,但相对 2021 年独角兽轮没有可见上调 | 之后若有经审计指标支撑、价格显著更高的融资,可反驳估值持平的担忧 |
| 反向逻辑 | 2025 年裁员和重组说明 Aqua 更像在延长现金跑道、重置效率,而不是明显复合增长冲向溢价轮 | 若有清晰证据显示现金流盈亏平衡和可持续增长,重置会从防御性变成建设性 |
| 反向逻辑 | 公开指标太不完整,无法有信心给普通股定价,尤其是优先权和稀释 | 如果完整数据室提供 ARR、NRR、毛利率、烧钱速度和清算瀑布,判断可能转向买入 |
本表在业务质量和估值确定性之间权衡。反向逻辑聚焦证据和定价纪律,并不否认 Aqua 拥有有意义的产品和客户。
[CV006, CV007, CV008, CV009, CV027, CV028]8.3 乐观、基准、悲观情景与可比公司集合
Aqua 的模型估值区间必须表达为区间,因为公司是私营企业,2024 年延伸轮只披露为高于 $1B,保留的收入代理指标来自 GetLatka,而不是审计报表。使用这个低置信度代理指标,Aqua 的参考倍数不只是高于 SentinelOne:按估计收入略高于 11x 计算,Aqua 会高于 Tenable 的 2.41x、Okta 的 4.31x、SentinelOne 的 5.03x 和 Zscaler 的 7.60x,只略低于 Fortinet 的 12.26x,并仍低于 Palo Alto Networks 的 16.62x 和 CrowdStrike 的 27.0x。更宽的公开可比区间,让 Aqua 看起来更接近公开安全软件公司的高端,而不是中位。 价差也受 Aqua 尚未公开披露的质量信号牵引。Yahoo Finance 关键统计页面显示,Fortinet 季度收入增长 20.1%、Zscaler 为 25.9%、Tenable 为 9.6%、Okta 为 11.6%;Fortinet 和 Okta 已盈利,Zscaler 和 Tenable 仍略微亏损。Palo Alto Networks 在 Nasdaq 发布的 2025 财年结果有助于解释其更高倍数:收入增长 15% 至 $9.2B,下一代安全 ARR 增长 32% 至 $5.6B。 这个区间反对把 Aqua 简单称为明显便宜或明显破裂。乐观情景到 $1.6B-$2.3B,需要证明 Aqua 已显著高于公开收入代理指标,且重组后效率在改善。约 $0.9B-$1.3B 的基准情景,假设增长稳健但并不顶尖,安全软件质量只在十几个百分点中段。$0.25B-$0.55B 的悲观情景并非理论推演:Fortinet 收购 Lacework 一案,官方条款未披露,后来 MarketScreener 估计约为 $150M,显示当增长和效率无法收敛时,后期云安全结局可能被压缩得多厉害。[CV014, CV015, CV016, CV017, CV020, CV021]
| 情景 | 概率信号 | 建模假设 | 隐含估值区间 | 相对 $1.0B 参考入场价的隐含价值 | 关键下行 / 上行条件 |
|---|---|---|---|---|---|
| 乐观 | 25% | 收入大约达到 $150M-$170M,留存改善、毛利率更清晰、重置后效率提升;市场给予 ~10x-13x | $1.6B-$2.3B | 1.6x-2.3x | 需要私有证据证明 Aqua 已明显高于公开收入代理指标,并朝盈亏平衡推进 |
| 基准 | 50% | 收入大约落在 $110M-$130M,市场对可信但非顶级的网络安全增长态势给 ~8x-10x | $0.9B-$1.3B | 0.9x-1.3x | 如果 2024 标记方向正确但不便宜,这是最站得住脚的公开区间 |
| 悲观 | 25% | 收入大约停在 $70M-$90M,发生又一次重置,买方或后期投资者套用困境资产 ~3x-6x 逻辑 | $0.25B-$0.55B | 0.25x-0.55x | Lacework 式结局或估值下调融资很可能让普通股持有人几乎没有上行 |
这些情景是估计、低置信度区间。Aqua 是私营公司,2024 年 extension 只披露为高于 $1B,收入假设用第三方估算作代理,而非经审计文件。
[CV014, CV031, CV032, CV033, CV034, CV040]| 可比对象 | 参考指标 | 倍数 / 估值 / 状态 | 与 Aqua 的相关性 | 局限 |
|---|---|---|---|---|
| Aqua 参考锚点 | 官方最近披露估值 >$1B;GetLatka 估计 2024 年收入 $89.9M | >~11x 估计收入 | 本章情景测算的基准锚点 | 基于不完整公开数据的私营公司估计 |
| Tenable | Yahoo Finance EV / 收入 2.41x;季度收入增长 9.6%;利润率 -1.15% | 成熟、低增速安全软件倍数 | 增速更慢、盈利进展有限的上市安全平台,可用来校准底部 | 暴露管理和漏洞管理组合不同于 Aqua 的 CNAPP 定位 |
| Okta | Yahoo Finance EV / 收入 4.31x;季度收入增长 11.6%;利润率 8.05% | 盈利但中等增速的身份 / 安全倍数 | 即便安全软件已经盈利,只要增长不够顶尖,估值也可能停在低到中个位数区间 | 身份主导的平台和商业化路径与 Aqua 差异很大 |
| SentinelOne | Yahoo Finance EV / 收入 5.03x,利润率为负 | 质量较低的上市安全倍数 | 可作为经济性较弱公司的偏底部上市参照 | 产品组合和公开市场定价机制不同 |
| Zscaler | Yahoo Finance EV / 收入 7.60x;季度收入增长 25.9%;利润率 -2.25% | 增速更高的云安全倍数 | 云原生安全中上部上市可比公司,披露质量明显好于 Aqua | 零信任 / SSE 组合不同于 Aqua 更宽的代码到云平台 |
| Fortinet | Yahoo Finance EV / 收入 12.26x;季度收入增长 20.1%;利润率 27.49% | 盈利型安全平台倍数 | 强利润率叠加主流平台规模,在没有 CrowdStrike 式溢价时仍可拿到的估值 | 规模更大,硬件和服务占比也不同,更像目标参照而非直接可比公司 |
| Palo Alto Networks | Yahoo Finance EV / 收入 16.62x;Nasdaq 披露 FY2025 收入增长 15% 至 $9.2B,下一代安全 ARR 增长 32% 至 $5.6B | 上市多元化安全龙头 | 当增长和 ARR 韧性仍强时,规模化、盈利型安全平台在公开市场可获得的估值 | 规模和多元化程度远高于 Aqua;不是纯粹的私营公司可比对象 |
| CrowdStrike | Yahoo Finance 基于 $4.81B 收入给出的 EV / 收入 27.0x | 高溢价上市云安全倍数 | 披露充分、规模领先的品类龙头,可作为接近天花板的上市可比公司 | 规模、披露和平台广度远超 Aqua |
| Wiz 2024 轮融资 | TechCrunch 披露估值 $12B;ChannelE2E 称 2023 ARR 为 $350M | 隐含 ARR 约 34x | 高增长 CNAPP 风格私营公司中,现有最好的上限参照 | 增速、公司阶段和市场动能都不同于 Aqua,且更强 |
| Lacework 2024 出售 | Fortinet 称条款未披露;MarketScreener 后来估计约 $150M | 困境战略退出;无法从保留证据可靠推导倍数 | 晚期云安全厂商的重要下行情景先例 | 金额来自第三方估计,本组来源也未验证 Lacework 的 ARR |
可比公司组合刻意保持混合,因为 Aqua 是私营公司,公开证据不完整。新的上市可比区间先覆盖 Tenable、Okta、Zscaler 和 Fortinet,约 2.4x 至 12.3x,再上探到 Palo Alto Networks 和 CrowdStrike;Wiz 和 Lacework 仍只能作为方向性的私营公司 / M&A 区间,而不是可直接标准化的可比公司。
[CV014, CV015, CV016, CV017, CV020, CV021]用 Aqua 的公开参考估算,对照更广的上市与私营安全公司可比组,比较隐含 EV/收入倍数。
Aqua 柱形基于低置信度收入情景和建模的 $1.0B 参考入场点,因为实际 2024 年扩展轮价格只披露为高于 $1B。
[CV014, CV015, CV016, CV017, CV023, CV040]只用公开信息和明确的低置信度假设,对悲观 / 基准 / 乐观估值区间建模。
数值单位为 USD millions。Aqua 参考入场区间是建模工具,不是已披露股价,因为公开来源只说 2024 年 1 月扩展轮将估值维持在 $1B 以上。
[CV031, CV032, CV033, CV034, CV040]8.4 投资逻辑破裂触发点、退出框架与尽调问题
最终判断仍停留在观察,因为剩余尽调不是装饰性工作。缺失项正是决定 Aqua 究竟是有纪律的后期软件资产,还是结构受损的独角兽估值标记的关键:当前 ARR、净收入留存、毛利率、烧钱速度、现金跑道、客户集中度,以及 2024 年延伸轮的实际优先股堆叠。公开来源无法回答这些问题;缓存中无法访问或损坏的分析师 / 存档页面也进一步说明,公开三角验证并不完整。 因此,投资逻辑破裂触发点很直接。再次发生重大重组、融资低于 2024 年估值标记、苛刻优先股条款,或出现大客户不续约证据,都会把案例推向回避。相反,如果私下披露 ARR 高于大约 $120M、NRR 高于大约 115%、毛利率高于大约 75%,并有可信路径走到现金流盈亏平衡,估值姿态会实质上更接近合理。从公开证据看,最可能的退出是战略出售,或在效率得到证明后再融资;相比上市同行或 Wiz,近期 IPO 更难论证。[CV029, CV030, CV034, CV036, CV037, CV038]
| 触发因素 | 阈值 | 投资逻辑传导 | 行动含义 |
|---|---|---|---|
| 下轮融资降估值或惩罚性延长轮 | 新股融资低于 2024 年 >$1B 标记,或条款明显偏向既有投资人 | 证实公开锚点夸大了当前股权价值 | 从观察转向回避,除非条款仍能保护新资金 |
| 再次重大重组 | 新一轮大范围裁员,或有明确证据显示 2025 年调整没有稳定经营 | 表明效率仍未修复,增长质量在恶化 | 在管理层证明可持续经营控制前,视为投资逻辑失效 |
| 实际 ARR 明显弱于代理指标 | 私营公司过去 12 个月收入明显低于公开的 $89.9M 代理值 | 推高隐含入场倍数,摧毁基准情景测算 | 不按独角兽估值投资 |
| 留存 / 利润率失败 | NRR 低于约 110%,或毛利率低于约 70% | 连中档安全软件倍数的理由也被拿掉 | 下调估值区间,并按困境增长资产重新承销 |
| 竞争挤压 | 证据显示大型套件用捆绑式 CNAPP 和 AI 安全产品抹平 Aqua 差异化 | 战略稀缺性下降,退出选项变窄 | 更偏向只按战略出售来建模,而非增长股权上行 |
触发因素聚焦会实质改变估值支撑的事件,而不是普通季度噪音。
[CV029, CV030, CV035, CV036, CV037, CV038]| 主题 | 缺失证据 | 重要性 | 负责人或尽调路径 |
|---|---|---|---|
| 当前 ARR 和收入桥 | 2024-2026 年按产品、地区和渠道拆分的经审计 ARR / 收入 | 判断 >$1B 公开锚点到底便宜、合理还是偏高 | CFO 数据室和董事会批准的经营计划 |
| 净留存率和毛利率 | NRR 队列、按模块拆分的毛利率、服务收入占比 | 判断 Aqua 应该拿 PANW 式倍数、中档倍数,还是困境倍数 | 财务和客户成功尽调会议 |
| 烧钱速度、现金跑道和现金流路径 | 月度烧钱速度、现金余额、债务、达到现金流盈亏平衡的时间 | 厘清 2025 年调整是修复了融资依赖,还是只是延后问题 | 资金管理 / FP&A 包 |
| 股权结构表和优先权 | 完全摊薄所有权、期权池、清算瀑布,以及 2024 年延长轮的任何附加条款 | 没有优先股堆叠可见度,就无法计算普通股回报 | 融资文件和股权结构表导出的法律审查 |
| 客户集中度和续约质量 | 前 10 大客户、客户流失、NRR,以及 500+ 客户群中的产品渗透 | 验证客户证明能否转化为可持续收入质量 | 客户分析导出加商业化尽调 |
| 董事会对退出路径的看法 | 关于下一轮融资、战略兴趣和 IPO 准备门槛的董事会材料 | 判断投资人应建模战略出售可选性,还是更长的独立发展路径 | CEO / 董事会负责人访谈和最新董事会材料 |
这些问题是把本章从公开估值标记三角测算,升级为真正投资备忘录所需的最低证据集。
[CV029, CV030, CV037, CV038, CV039, CV040]免责声明
本报告基于截至 2026-05-19 的公开信息自动生成,不构成投资建议,也不构成买入或卖出任何证券的邀约。Aqua Security 是私营公司,许多对财务判断有决定作用的输入仍未披露;在作出投资决策前,报告中的任何估值框架或经营推断都应结合公司一手材料和实时尽调验证。
证据索引
| 编号 | 陈述 | 可信度 | 来源 |
|---|---|---|---|
| CO001 | Aqua Security says it was founded in 2015 and is headquartered in Boston, Massachusetts and Ramat Gan, Israel. | 高 | SO007, SO008, SO009 |
| CO002 | Aqua positions itself as a cloud native application security platform that protects applications from code to cloud to prompt. | 高 | SO001, SO003, SO008 |
| CO003 | Aqua's current homepage groups the platform around code security, runtime protection, and posture management. | 高 | SO001, SO003 |
| CO004 | Trivy is Aqua's most important open-source asset within the reviewed evidence set. | 中 | SO004, SO009, SO017, SO018 |
| CO005 | Trivy can scan vulnerabilities, misconfigurations, secrets, and SBOM-related package data across repositories, container images, clouds, and Kubernetes environments. | 高 | SO017, SO018 |
| CO006 | Aqua's customer proof page shows adoption references across government, finance, energy, travel tech, software, and retail use cases. | 中 | SO005 |
| CO007 | Aqua's customer page says GitLab uses Aqua Trivy to provide default DevSecOps container security. | 中 | SO005 |
| CO008 | Aqua says its ecosystem program spans managed service providers, system integrators, solution providers, distribution partners, federal partners, technology alliances, and cloud service providers. | 中 | SO006 |
| CO009 | Aqua has active distribution or alliance surfaces on AWS Marketplace, Microsoft Azure Marketplace, Red Hat's partner catalog, and Cisco's technical alliance materials. | 高 | SO013, SO014, SO015, SO016 |
| CO010 | Dror Davidoff co-founded Aqua and served as chief executive officer until the November 2025 transition. | 高 | SO008, SO021 |
| CO011 | Amir Jerbi co-founded Aqua and served as chief technology officer until the November 2025 transition. | 高 | SO008, SO021 |
| CO012 | Mike Dube became Aqua's chief executive officer in November 2025 after serving as president and chief revenue officer. | 高 | SO008, SO021 |
| CO013 | Nir Makowski became Aqua's chief product and technology officer in the same November 2025 leadership transition. | 高 | SO008, SO021 |
| CO014 | Aqua says Mike Dube previously held senior sales leadership roles at CrowdStrike, Splunk, Cybereason, and Check Point. | 高 | SO008, SO021 |
| CO015 | The co-founders' move into strategic advisor roles suggests they likely retain meaningful influence even after leaving day-to-day executive duties. | 中 | SO008, SO021 |
| CO016 | Reviewed public materials do not disclose Aqua's current board composition, founder ownership percentages, or governance rights structure. | 低 | SO002, SO007, SO008, SO009 |
| CO017 | Aqua's 2019 Series C raised $62M and brought total funding above $100M. | 中 | SO010, SO024 |
| CO018 | Aqua's March 2021 Series E raised $135M at a valuation above $1B and brought total funding to $265M. | 高 | SO009, SO027 |
| CO019 | Aqua's January 2024 funding extension added $60M led by Evolution Equity Partners with participation from Insight Partners, Lightspeed Venture Partners, and StepStone Group. | 高 | SO007, SO019, SO020, SO025 |
| CO020 | Aqua's January 2024 funding extension brought officially disclosed lifetime funding to $325M and kept valuation above $1B. | 高 | SO007, SO019, SO020, SO025, SO026 |
| CO021 | Aqua's disclosed investor syndicate across the reviewed official rounds includes ION Crossover Partners, Evolution Equity Partners, Insight Partners, Lightspeed Venture Partners, StepStone Group, TLV Partners, Greenspring Associates, Acrew Capital, and M12. | 中 | SO007, SO009 |
| CO022 | Aqua says more than 500 enterprise companies worldwide, including 40% of the Fortune 100, have adopted its cloud security approach. | 中 | SO007, SO020, SO025, SO026 |
| CO023 | Aqua says it serves six of the top 10 banks in North America and six of the top seven banks in Canada. | 中 | SO007, SO025, SO026 |
| CO024 | Aqua said its new business increased 65% during 2023. | 中 | SO007, SO025, SO026 |
| CO025 | Aqua's March 2021 release said it had doubled the number of paying customers during 2020 and had half a dozen customers with ARR above $1M. | 中 | SO009 |
| CO026 | Aqua's March 2021 release said adoption of its open-source tools had more than doubled. | 中 | SO009 |
| CO027 | Trivy became the default scanner for Harbor, GitLab Container Scanning, and CNCF Artifact Hub and is described as Red Hat certified. | 高 | SO004, SO017, SO018 |
| CO028 | Aqua's awards page shows multiple 2024 recognitions including CyberSecurity Breakthrough, CRN Cloud 100, and Built In Best Workplaces. | 中 | SO012 |
| CO029 | Aqua announced a July 2025 strategic partnership with Akamai to secure AI applications from runtime workload to the edge. | 中 | SO011 |
| CO030 | TechCrunch's January 2024 funding coverage named PayPal, Netflix, and Samsung as customers Aqua claimed publicly. | 中 | SO019 |
| CO031 | Reviewed primary sources do not disclose Aqua's current revenue, ARR, gross margin, NRR, or headcount. | 低 | SO001, SO003, SO007, SO008, SO009 |
| CO032 | GetLatka reported Aqua generated $89.9M of revenue in 2024. | 低 | SO024 |
| CO033 | GetLatka reported Aqua employed about 543 people as of late 2025 or early 2026, down from 638 in 2024. | 低 | SO024 |
| CO034 | Calcalist's November 2025 leadership story said Aqua employed around 450 people worldwide. | 低 | SO021 |
| CO035 | Calcalist's December 2025 layoffs story said Aqua employed roughly 360 people after another layoff round. | 低 | SO022 |
| CO036 | Calcalist's November and December 2025 stories each described Aqua's lifetime funding as about $235M. | 低 | SO021, SO022 |
| CO037 | Aqua's official January 2024 release is stronger evidence than Calcalist's later $235M figure, so $325M should remain the canonical total raised unless newer primary evidence appears. | 中 | SO007, SO021, SO022 |
| CO038 | Aqua's current headcount should be treated as unresolved because reviewed third-party signals conflict materially and no official current number was located. | 低 | SO021, SO022, SO024 |
| CO039 | Aqua's about page lists Shlomo Kramer among the company's investors. | 低 | SO002 |
| CO040 | Aqua framed the November 2025 leadership handoff as the company's next phase of growth and global expansion. | 中 | SO008 |
| CO041 | Aqua remains a private venture-backed unicorn rather than a public filer in the reviewed evidence set. | 中 | SO019, SO024, SO027 |
| CM001 | TechTarget defines CNAPP as a bundled product for securing cloud infrastructure, cloud-native applications, and cloud workloads. | 中 | SM015 |
| CM002 | TechTarget says CNAPP replaces multiple discrete cloud security tools with an integrated package to reduce complexity while preserving critical functions. | 中 | SM015 |
| CM003 | Aqua defines CNAPP as an integrated set of security and compliance capabilities for cloud native applications across private and public cloud environments and all stages of development. | 中 | SM002 |
| CM004 | Aqua says a modern CNAPP should include shift-left scanning, CSPM, KSPM, CIEM, and cloud workload protection/runtime security. | 中 | SM002 |
| CM005 | Aqua says vendors use the CNAPP label broadly and that a true CNAPP requires tightly integrated context across pipeline, cloud, and runtime rather than a loose bundle of tools. | 中 | SM002 |
| CM006 | TechTarget says the CNAPP market is still maturing and some organizations may decide existing cloud security tools are adequate or that their environments are not complex enough to justify a new platform. | 中 | SM015 |
| CM007 | Aqua positions its platform as code-to-cloud-to-prompt, combining code security, runtime security, and posture management. | 中 | SM001 |
| CM008 | Microsoft Marketplace shows Aqua is sold as full lifecycle Azure container security with AKS, ACI, ACR, Azure DevOps, compliance, and runtime controls. | 中 | SM008 |
| CM009 | Cisco describes Aqua as a cloud native security platform spanning software supply chain security, cloud infrastructure security, and running workloads. | 中 | SM009 |
| CM010 | MarketsandMarkets projects the global CNAPP market will reach USD 19.3 billion by 2027 at a 19.9% CAGR. | 中 | SM012 |
| CM011 | MarketsandMarkets separately estimated the cloud workload protection market would grow from USD 2.25 billion in 2018 to USD 6.70 billion by 2023 at a 24.4% CAGR, showing the predecessor category was materially smaller than the later CNAPP lens. | 中 | SM012 |
| CM012 | Grand View estimated the cloud security market at USD 35.84 billion in 2024, USD 40.36 billion in 2025, and USD 75.26 billion by 2030 at a 13.3% CAGR from 2025 to 2030. | 中 | SM013 |
| CM013 | Allied valued the global cloud security market at USD 35.8 billion in 2022 and projected USD 125.8 billion by 2032 at a 13.6% CAGR. | 中 | SM014 |
| CM014 | National CIO Review, citing Gartner, said global information security and risk management spending would reach USD 213 billion in 2025, a broad budget umbrella that sits far above Aqua’s core category. | 中 | SM018 |
| CM015 | Grand View says solutions accounted for more than 67% of cloud security revenue in 2024 and large enterprises accounted for more than 74%, implying enterprise-led buying. | 中 | SM013 |
| CM016 | Grand View says private deployments accounted for more than 48% of 2024 cloud security revenue and North America accounted for more than 33%, showing the umbrella market is not synonymous with public-cloud-only CNAPP. | 中 | SM013 |
| CM017 | The spread between the USD 19.3 billion CNAPP lens and USD 75-126 billion broad cloud security lenses reflects different category boundaries, forecast years, and adjacent spend pools rather than a single agreed market size. | 中 | SM012, SM013, SM014 |
| CM018 | TechTarget cites Gartner’s view that 60% of enterprises would consolidate CWPP and CSPM capabilities to a single vendor, up from 25% in 2022. | 中 | SM015 |
| CM019 | TechTarget cites Cloud Security Alliance research saying 75% of organizations use CNAPPs or plan to, while only 35% had integrated security into DevOps and 51% were still in process. | 中 | SM015 |
| CM020 | TechTarget says 32% of organizations struggle to prioritize security improvements because of overwhelming or incorrect alerts and 22% cite a lack of personnel as a significant challenge. | 中 | SM015 |
| CM021 | CNCF says 66% of end-user organizations used Kubernetes in production in 2023 and another 18% were evaluating it. | 中 | SM016 |
| CM022 | CNCF says 56% of organizations use multi-cloud solutions and the average organization uses 2.3 public cloud providers. | 中 | SM016 |
| CM023 | CNCF says container use exceeds 90% and security is the leading challenge for 40% of organizations using or evaluating containers. | 中 | SM016 |
| CM024 | Red Hat says its 2024 Kubernetes security report is based on a survey of 600 DevOps, engineering, and security professionals worldwide. | 中 | SM017 |
| CM025 | CISA says both government and private entities need tailored cybersecurity plans and resilient operating processes, framing cloud security as an ongoing control layer rather than a one-time software purchase. | 中 | SM019 |
| CM026 | Aqua says more than 500 enterprises, including 40% of Fortune 100 companies, have adopted its cloud security approach. | 中 | SM005, SM003, SM031 |
| CM027 | Aqua says it serves six of the top 10 banks in North America and six of the top seven banks in Canada, indicating especially strong fit in regulated financial services. | 中 | SM005, SM031 |
| CM028 | Aqua’s partner program shows its route to market includes MSPs, system integrators, resellers, distributors, federal partners, and cloud service providers. | 中 | SM004 |
| CM029 | AWS and Microsoft marketplace listings show Aqua can be procured and deployed through cloud-platform channels aligned to existing AWS and Azure budgets and DevOps workflows. | 中 | SM007, SM008 |
| CM030 | Trivy gives Aqua a developer and open-source wedge because it scans containers, repositories, Kubernetes, clouds, SBOMs, secrets, and misconfigurations before a broader platform upsell. | 中 | SM010, SM011 |
| CM031 | Aqua customer proof points span government, finance, energy, travel tech, software, retail, and internet services, indicating a buyer base centered on regulated and cloud-native enterprises rather than SMB generalists. | 中 | SM003 |
| CM032 | Wiz positions the market around a single security graph connecting code, cloud, and runtime and says it is trusted by more than 50% of Fortune 100 companies. | 中 | SM020 |
| CM033 | Orca differentiates on agentless onboarding, full-stack coverage, and prioritizing the 1% of alerts that matter, showing buyer appetite for low-friction deployment and context-rich prioritization. | 中 | SM021 |
| CM034 | Prisma Cloud frames competition around AI-assisted code-to-cloud-to-SOC convergence, including very large telemetry scale and merged cloud/SOC workflows. | 中 | SM022 |
| CM035 | Sysdig differentiates on runtime context, attack-path analysis, 6:1 tool consolidation, and sub-2-second detection, underscoring runtime-first competition. | 中 | SM023 |
| CM036 | Snyk positions software supply chain and developer security as an adjacent wedge through AI-native DevSecOps, secure-at-inception guardrails, and governance for AI-generated code. | 中 | SM024 |
| CM037 | CrowdStrike positions cloud security as code-to-runtime defense enriched by adversary intelligence and a combined agentless-plus-sensor architecture, increasing bundle pressure from broader security platforms. | 中 | SM025 |
| CM038 | Gartner Peer Insights says Aqua reviewers praise image assessment but cite higher price, fewer integrations, and weaker telemetry visibility than EDR vendors. | 低 | SM026 |
| CM039 | A Gartner Peer Insights reviewer said Aqua is decent for small-to-medium customers but struggles at enterprise scale with very high image and container volumes. | 低 | SM026 |
| CM040 | TrustRadius users say Aqua fills container and cloud security gaps across AWS, Azure, Google Cloud, and OCI and supports over 22 compliance programs, but cite UI, alerting-channel, and RBAC limitations. | 低 | SM027 |
| CM041 | PeerSpot users praise Docker and Kubernetes support, runtime protection, and vulnerability management, but call for better reporting, training, log forwarding, and automation. | 低 | SM028 |
| CM042 | TechCrunch said Aqua’s 2024 round kept valuation above USD 1 billion but appeared flat versus the 2021 Series E valuation, implying investor support without a step-change re-rating. | 低 | SM030 |
| CM043 | CTech reported Aqua laid off dozens of employees in a third recent round and said management framed the reorganization around long-term stability, sharper focus on core products and markets, and cash-flow independence. | 低 | SM029 |
| CM044 | Aqua’s 2025 leadership transition says the company will emphasize runtime protection and response plus vulnerability management under new leadership. | 中 | SM006 |
| CM045 | The market boundary most relevant to Aqua is not all cloud security or all cyber spend but integrated CNAPP plus adjacent runtime, posture, entitlement, and software-supply-chain budgets inside regulated multicloud enterprises. | 中 | SM002, SM013, SM015, SM024 |
| CM046 | Because the product touches security policy, cloud operations, compliance, and developer workflows, the typical buying center is cross-functional while the payer is usually a central security or platform budget owner. | 中 | SM004, SM008, SM015, SM031 |
| CM047 | Adoption often starts with scanning and posture visibility, then expands into runtime enforcement and broader platform standardization once teams need unified context and policy. | 中 | SM010, SM015, SM021, SM023 |
| CM048 | Category ambiguity is itself a diligence issue because analysts, vendors, and customers use CNAPP, CWPP, cloud security, and AppSec labels differently, weakening clean TAM and SAM mapping. | 中 | SM002, SM012, SM013, SM015 |
| CM049 | Aqua’s channel and marketplace footprint lowers deployment friction, but recurring review complaints on integrations, UI, and enterprise-scale operations suggest adoption can still bottleneck after initial purchase. | 低 | SM007, SM008, SM026, SM027, SM028 |
| CM050 | Aqua’s opportunity benefits from cloud-native, multicloud, software-supply-chain, and AI-security tailwinds, but near-term valuation upside depends on proving scale efficiency and differentiation against larger suites. | 中 | SM016, SM018, SM020, SM029, SM030, SM006 |
| CP001 | Aqua positions its platform as full lifecycle security from code to cloud to prompt with posture management, runtime security, and software supply chain controls. | 中 | SP001 |
| CP002 | Aqua’s own CNAPP explainer treats runtime security, shift-left scanning, CSPM, KSPM, CIEM, and unified risk context as core CNAPP components rather than optional add-ons. | 中 | SP029 |
| CP003 | Trivy scans vulnerabilities, misconfigurations, secrets, SBOM, containers, Kubernetes, code repositories, and clouds. | 中 | SP007, SP008 |
| CP004 | Aqua says Trivy is the default scanner for GitLab container scanning, Artifact Hub, and Harbor and is Red Hat certified. | 中 | SP002 |
| CP005 | Trivy gives Aqua a free and developer-friendly distribution wedge that most proprietary-first CNAPP rivals do not replicate. | 中 | SP002, SP007, SP008 |
| CP006 | Aqua said in January 2024 that it had raised $325 million in total, remained valued above $1 billion, served more than 500 enterprise customers, and reached 40% of the Fortune 100. | 中 | SP009 |
| CP007 | Across official customer proof and review sources, Aqua’s best-supported strengths are container security, Kubernetes coverage, runtime controls, and compliance-oriented visibility. | 中 | SP003, SP010, SP012, SP013 |
| CP008 | Gartner review evidence says Aqua’s image assessment is strong but price and integrations can be weaker than competitors. | 中 | SP010 |
| CP009 | A Gartner reviewer said Aqua could struggle with enterprise-scale image and container volumes relative to very large production estates. | 中 | SP010 |
| CP010 | G2 reviews praise Aqua for ease of use, CI/CD scanning, and actionable vulnerability insights. | 中 | SP011 |
| CP011 | G2 reviews also cite slow support, UI or module complexity, API limitations, missing artifact coverage, and weak Windows workload support. | 中 | SP011 |
| CP012 | PeerSpot reviewers praise Aqua’s runtime protection, drift prevention, documentation, and Docker and Kubernetes support. | 中 | SP012 |
| CP013 | PeerSpot reviewers also want better reporting, training, log forwarding, standard integrations, and lower resource consumption. | 中 | SP012 |
| CP014 | TrustRadius reviewers highlight Aqua workload protection, GitHub and JFrog integration, alerting, and public-cloud coverage across AWS, Azure, Google Cloud, and OCI. | 中 | SP013 |
| CP015 | TrustRadius reviewers also flag UI or UX issues, missing notification channels, incomplete RBAC granularity, and documentation gaps. | 中 | SP013 |
| CP016 | Wiz markets a unified security graph that connects code, cloud, and runtime and automates risk reduction and threat response. | 中 | SP014 |
| CP017 | Wiz says more than 50% of Fortune 100 companies are customers. | 中 | SP014, SP015 |
| CP018 | Wiz says its normalizing layer across cloud environments helps organizations rapidly identify and remove critical risks. | 中 | SP015 |
| CP019 | TechCrunch and ChannelE2E reported that Wiz raised $1 billion at a $12 billion valuation in 2024 and used the round to accelerate acquisition-led platform expansion. | 高 | SP016, SP017 |
| CP020 | ChannelE2E reported Wiz had $350 million of ARR in 2023 and explicitly framed 2024 as a consolidation phase in cybersecurity. | 中 | SP017 |
| CP021 | Orca markets itself as the pioneer of agentless cloud security and says its patented SideScanning technology underpins that claim. | 中 | SP018, SP019 |
| CP022 | Orca explicitly argues that agent-first tools add overhead and friction while leaving coverage gaps, which is the clearest architectural critique of Aqua’s deeper enforcement approach. | 中 | SP018, SP019 |
| CP023 | Prisma Cloud positions itself as code-to-cloud security that fixes development flaws, blocks untrusted images before deployment, and protects workloads at runtime. | 中 | SP020 |
| CP024 | Prisma Cloud says it analyzes 1 trillion events every 24 hours and increasingly frames cloud security together with Cortex Cloud and SOC convergence. | 中 | SP020 |
| CP025 | Palo Alto Networks’ quarterly-results site and SEC-linked disclosure posture give Prisma Cloud a procurement and trust advantage that private CNAPP vendors cannot match. | 中 | SP021 |
| CP026 | Sysdig markets real-time cloud defense powered by runtime insights, guided response, and AI-assisted prioritization. | 中 | SP022 |
| CP027 | Sysdig’s about page ties the company’s heritage to WinPcap, Wireshark, and Falco, reinforcing an open-innovation and runtime-security credibility story. | 中 | SP023 |
| CP028 | Snyk frames its platform around AI-native developer security, AI coding assistant integration, and end-to-end software supply chain governance. | 中 | SP024 |
| CP029 | Snyk competes against Aqua more from developer workflow, code governance, and shift-left motion than from deep runtime workload enforcement. | 中 | SP024, SP001, SP029 |
| CP030 | CrowdStrike markets Falcon Cloud Security as code-to-runtime protection that combines agentless visibility with Falcon sensor telemetry. | 中 | SP025 |
| CP031 | CrowdStrike says Falcon Cloud Security adds real-time detection, AI-driven response, MITRE-validated cloud runtime outcomes, and large adversary-intelligence coverage. | 中 | SP025 |
| CP032 | Fortinet said Lacework adds AI-powered CNAPP, code security, and both agent and agentless data collection to its platform. | 中 | SP026 |
| CP033 | Fortinet said integrating Lacework into Security Fabric would create a single-vendor, full-stack, AI-driven cloud security platform. | 中 | SP026, SP027 |
| CP034 | Fortinet officially completed the Lacework acquisition on August 1, 2024. | 高 | SP027, SP028 |
| CP035 | MarketScreener reported that Fortinet paid about $149 million net cash, or roughly $150 million, for Lacework. | 中 | SP028 |
| CP036 | Aqua runs a partner-led GTM motion across MSPs, system integrators, resellers, distribution partners, technology alliances, and federal partners. | 中 | SP004 |
| CP037 | Aqua also shows concrete cloud and channel distribution evidence through Azure Marketplace, Cisco alliance material, and its marketplaces repository covering AWS, GCP, Red Hat, and Azure. | 中 | SP005, SP006, SP030 |
| CP038 | Aqua shows strong enterprise and federal customer proof, but as a private company it still offers less disclosure-rich procurement comfort than public incumbents like Palo Alto Networks. | 中 | SP003, SP004, SP021 |
| CP039 | Aqua’s retained public packaging points to quote-led or private-offer selling rather than a transparent public rate card. | 中 | SP005, SP010, SP011 |
| CP040 | G2 indicates Aqua implementations average about three months, average discount is about 13%, and average ROI is about eleven months, which fits an enterprise-negotiated sales motion. | 中 | SP011 |
| CP041 | Most retained rival CNAPP surfaces similarly prioritize demo-led selling over transparent list pricing, so competition is driven more by architecture, installed base, and consolidation than by public rate cards. | 中 | SP014, SP018, SP020, SP022, SP024, SP025 |
| CP042 | Aqua’s most defensible relative edge is deep runtime, container, Kubernetes, and policy-enforcement coverage across running workloads. | 中 | SP010, SP012, SP013, SP029 |
| CP043 | Agentless-first rivals like Orca and, to a lesser extent, Wiz reduce deployment friction and appeal to teams that prioritize fast coverage and contextual prioritization over deep in-workload controls. | 中 | SP014, SP018, SP019 |
| CP044 | Public platforms such as Palo Alto Networks, CrowdStrike, and Fortinet can pair cloud security with wider procurement relationships, adjacent products, and vendor-consolidation narratives. | 中 | SP020, SP021, SP025, SP026, SP027 |
| CP045 | Aqua’s moat is more durable in runtime-heavy, Kubernetes-mature, and regulated buyers than in accounts optimizing for vendor consolidation or minimal deployment friction. | 中 | SP003, SP010, SP018, SP020, SP025 |
| CP046 | Internal build and status-quo alternatives remain credible because teams can combine native cloud controls, open-source scanners like Trivy, and adjacent security platforms instead of buying Aqua as the primary CNAPP. | 中 | SP007, SP008, SP024, SP025 |
| CP047 | As CNAPP labels broaden, posture management, code scanning, and basic visibility are at greater commoditization risk than deep runtime and container enforcement. | 中 | SP014, SP020, SP025, SP029 |
| CP048 | Aqua’s Trivy motion partly offsets commoditization risk by embedding Aqua tooling inside developer and open-source workflows even when buyers delay full-platform standardization. | 中 | SP002, SP007, SP008 |
| CP049 | Aqua still faces execution risk if buyers experience the platform as expensive, integration-heavy, or harder to navigate than simpler agentless or bundle-led alternatives. | 中 | SP010, SP011, SP012, SP013, SP018 |
| CP050 | Wiz’s funding scale, Fortune-100 penetration, and acquisition appetite increase the odds that cloud-security buyers shortlist Wiz before Aqua in large consolidation-led deals. | 中 | SP014, SP016, SP017 |
| CI001 | Aqua positions its paid product as a unified CNAPP spanning code, cloud, runtime, and AI workload security. | 高 | SI001, SI004, SI028, SI029 |
| CI002 | Trivy is Aqua's open-source scanner and CI/CD-friendly distribution surface, giving Aqua a developer-entry funnel alongside enterprise sales. | 中 | SI005, SI012, SI026, SI027 |
| CI003 | TechCrunch reported in 2021 that Aqua focused mostly on mid-size and larger companies. | 中 | SI012 |
| CI004 | Aqua is distributed through AWS, Azure, GCP, and Red Hat marketplace channels. | 中 | SI008, SI009, SI010 |
| CI005 | Aqua promotes 30-day free trials on at least some marketplace channels, indicating a trial-led top-of-funnel motion. | 中 | SI008 |
| CI006 | Aqua's Azure marketplace surface is a private-offer listing, implying negotiated procurement rather than a transparent public list price. | 中 | SI010 |
| CI007 | Aqua's partner program spans managed service providers, system integrators, distribution partners, and federal partners. | 中 | SI007 |
| CI008 | Aqua customer materials show that at least some architect and customer-success support is included at no extra cost. | 中 | SI006 |
| CI009 | In 2020 Aqua doubled the number of paying customers and had more than six customers with ARR above $1 million. | 高 | SI002, SI012 |
| CI010 | In January 2024 Aqua said more than 500 enterprise companies had adopted the platform and that 40% of the Fortune 100 used Aqua. | 高 | SI001, SI013 |
| CI011 | Aqua said 2023 new business increased 65%, but it did not disclose the absolute revenue or ARR base behind that growth figure. | 中 | SI001 |
| CI012 | No public rate card, seat price, node price, or standard discount schedule appears in the official Aqua pricing surfaces reviewed for this chapter. | 中 | SI004, SI009, SI010 |
| CI013 | Aqua's March 2021 Series E raised $135 million at a valuation above $1 billion. | 高 | SI002, SI012 |
| CI014 | Aqua said total funding reached $265 million after the March 2021 Series E. | 高 | SI002, SI012 |
| CI015 | Aqua's January 2024 extension added $60 million and lifted lifetime funding to $325 million. | 高 | SI001, SI011, SI013 |
| CI016 | TechCrunch said Aqua's 2024 raise extended the previously announced Series E from $135 million to $195 million. | 中 | SI011 |
| CI017 | Aqua's 2024 valuation was still described as above or over $1 billion, implying no visible public step-up from the 2021 unicorn mark. | 高 | SI001, SI011, SI013, SI014 |
| CI018 | Aqua's 2019 Series C brought total funding to more than $100 million. | 中 | SI003 |
| CI019 | Aqua's 2025 leadership-transition release framed the company around continued growth and global expansion rather than a new financing event. | 中 | SI019 |
| CI020 | Aqua's 2021 Series E release said the company would use funding to broaden its solution portfolio and expand geographically. | 中 | SI002 |
| CI021 | The 2024 raise looks like a runway-extending inside round rather than a clearly re-priced growth round. | 中 | SI001, SI011, SI013 |
| CI022 | Calcalist reported Aqua had raised approximately $235 million by late 2025, conflicting with the company's official $325 million figure. | 中 | SI015, SI016 |
| CI023 | Tracxn independently lists Aqua at $325 million total funding with a latest $60 million Series E round dated January 3, 2024. | 中 | SI018, SI001 |
| CI024 | GetLatka estimated Aqua's revenue at $56.3 million in 2023 and $89.9 million in 2024 after earlier estimated revenue of $36.2 million in 2021. | 低 | SI017 |
| CI025 | GetLatka estimated Aqua employed 638 people in December 2024 and 543 people in November 2025. | 低 | SI017 |
| CI026 | Tracxn reported Aqua had 464 employees as of April 30, 2026, showing that public headcount snapshots vary materially by source and timestamp. | 低 | SI018, SI017 |
| CI027 | Using GetLatka's 2024 revenue estimate and 638-employee snapshot implies roughly $141 thousand of revenue per employee. | 低 | SI017 |
| CI028 | Using the $89.9 million GetLatka estimate and Aqua's 500-plus enterprise-customer claim implies less than about $180 thousand of revenue per customer before services mix adjustments. | 低 | SI017, SI001 |
| CI029 | Marketplace trials and private-offer procurement can lower buyer friction, but they do not reveal realized pricing or discount depth. | 中 | SI008, SI010 |
| CI030 | Aqua's bundled support posture and channel ecosystem imply blended service-delivery costs that likely sit below pure-software margin benchmarks. | 中 | SI006, SI007 |
| CI031 | Aqua's platform breadth across code security, runtime, vulnerability management, and AI security implies a sustained R&D burden even if revenue is primarily subscription. | 中 | SI004, SI005, SI019, SI028, SI029 |
| CI032 | No public source reviewed for this chapter discloses Aqua's gross margin, NRR, CAC, payback, cash balance, or monthly burn. | 中 | SI001, SI004, SI017, SI018 |
| CI033 | Calcalist said Aqua had around 450 employees in November 2025 and had already cut about 65 staff in December 2022, 50 in June 2024, and dozens more in January 2025. | 中 | SI015 |
| CI034 | A later Calcalist report said Aqua was laying off dozens more employees, including about 20 in Israel, and had roughly 360 employees at that time. | 中 | SI016 |
| CI035 | Aqua said the latest reorganization was meant to strengthen long-term stability and support a goal of cash-flow independence. | 中 | SI016 |
| CI036 | Aqua's November 2025 official release confirmed that co-founders Dror Davidoff and Amir Jerbi stepped back from day-to-day roles and Mike Dube became CEO. | 高 | SI019, SI015 |
| CI037 | Flat valuation since 2021, repeated layoffs, and explicit cash-flow-independence language collectively point to capital-efficiency pressure despite continued product relevance. | 中 | SI011, SI016, SI019 |
| CI038 | Aqua's financing dependency remains unresolved because no public source in this set discloses cash on hand, debt, or runway months after the 2024 extension. | 中 | SI001, SI011, SI018 |
| CI039 | SEC EDGAR shows CrowdStrike continued filing annual 10-Ks through March 2026, underscoring the richer disclosure public cloud-security vendors provide. | 中 | SI023 |
| CI040 | Yahoo Finance showed Palo Alto Networks at about 16.62 times enterprise value to revenue with $9.89 billion of trailing revenue and positive levered free cash flow. | 中 | SI020 |
| CI041 | Yahoo Finance showed CrowdStrike at about 27.00 times enterprise value to revenue with $4.81 billion of trailing revenue and positive levered free cash flow. | 中 | SI021 |
| CI042 | Yahoo Finance showed SentinelOne at about 5.03 times enterprise value to revenue and a negative 45.02 percent profit margin. | 中 | SI022 |
| CI043 | Fortinet said financial terms for the Lacework acquisition were undisclosed when the June 2024 transaction was announced. | 中 | SI024 |
| CI044 | MarketScreener later estimated that Fortinet completed the Lacework acquisition for approximately $150 million. | 中 | SI025 |
| CI045 | The gap between Lacework's prior private-financing scale and an estimated $150 million exit illustrates how harsh the downside can be for late-stage cloud-security vendors that lose momentum. | 中 | SI018, SI025 |
| CI046 | Aqua appears to have a viable recurring enterprise software model and real strategic relevance in CNAPP, but underwriting still depends on private diligence for realized pricing, margins, burn, and runway. | 中 | SI001, SI010, SI016, SI017, SI018 |
| CE001 | Aqua's homepage says the platform stops known and unknown threats in live production environments, including AI-driven and prompt-injection attacks. | 中 | SE001 |
| CE002 | Aqua says it correlates vulnerabilities, runtime behavior, and cloud context to reduce noise and accelerate remediation. | 中 | SE001 |
| CE003 | Aqua's platform page positions the product as full lifecycle security from code to cloud to prompt. | 高 | SE001, SE002 |
| CE004 | Aqua says the platform protects all four layers of the software supply chain by securing code, infrastructure, tools, and processes before production. | 中 | SE002 |
| CE005 | Aqua says the platform protects cloud native and AI applications at runtime from known and unknown threats, including prompt injection. | 中 | SE002 |
| CE006 | Aqua says its coverage spans clouds, container and serverless platforms, CI/CD pipelines, registries, DevOps tools, orchestrators, SIEM, and analytics. | 中 | SE002 |
| CE007 | Aqua's CNAPP academy says CNAPP replaces multiple separate tools with an integrated approach that protects applications from code to cloud. | 中 | SE005 |
| CE008 | Aqua's CNAPP academy identifies artifact scanning as a core CNAPP capability. | 中 | SE005 |
| CE009 | Aqua's CNAPP academy identifies runtime security as a core CNAPP capability. | 中 | SE005 |
| CE010 | Aqua's CNAPP academy says CSPM identifies risky cloud configurations that could create security or compliance exposure. | 中 | SE005 |
| CE011 | Aqua's CNAPP academy says KSPM identifies risky Kubernetes RBAC and network-plugin settings. | 中 | SE005 |
| CE012 | Aqua's CNAPP academy says some CNAPP platforms add software supply chain security and cloud detection-and-response capabilities. | 中 | SE005 |
| CE013 | Aqua markets Trivy as its open-source scanner for vulnerability and IaC scanning. | 中 | SE004 |
| CE014 | Aqua says Trivy can be added to CI/CD workflows as a simple binary with auto-updating databases and fast scans. | 中 | SE004 |
| CE015 | Aqua says Trivy can publish results into GitHub UI, Kubernetes dashboards, and export formats such as JUnit XML, SARIF, and ASFF. | 中 | SE004 |
| CE016 | Aqua says Trivy scans private and public registries, local filesystems, tar archives, Podman images, and Git repositories, including air-gapped environments. | 中 | SE004 |
| CE017 | The Trivy GitHub repository describes Trivy as a comprehensive scanner for vulnerabilities, misconfigurations, secrets, and SBOMs across containers, Kubernetes, code repositories, and clouds. | 高 | SE011, SE012 |
| CE018 | Trivy's repository-target documentation says remote and local repository scans look for vulnerabilities primarily through lock files. | 中 | SE029 |
| CE019 | Trivy's container-image documentation says vulnerability and secret scanning are enabled by default for image scans. | 中 | SE021 |
| CE020 | Trivy's misconfiguration documentation says built-in checks cover Docker, Kubernetes, Terraform, and CloudFormation and can run alongside vulnerability and secret scans. | 中 | SE024 |
| CE021 | Trivy's secret-scanning documentation says it detects exposed passwords, API keys, and tokens in container images, filesystems, and git repositories. | 中 | SE025 |
| CE022 | Trivy's SBOM documentation shows software-bill-of-materials outputs with package references and license fields. | 中 | SE026 |
| CE023 | Trivy's license-scanning documentation says the scanner classifies license risk and can extend license detection beyond package metadata. | 中 | SE027 |
| CE024 | Trivy's Kubernetes documentation says trivy k8s can scan cluster infrastructure, cluster configuration, and application workloads, and can also run continuously as a Kubernetes Operator. | 中 | SE022 |
| CE025 | Trivy's VM documentation says the scanner supports local VM images, AMIs, and EBS snapshots. | 中 | SE031 |
| CE026 | Trivy's ecosystem documentation separates official integrations from community integrations, signaling an extensible ecosystem rather than a closed utility. | 中 | SE028, SE011 |
| CE027 | Azure Marketplace says Aqua integrates with Azure Container Registry, Azure Container Instances, Windows containers, and Azure DevOps. | 中 | SE008 |
| CE028 | Azure Marketplace says Aqua adds runtime controls such as MicroEnforcer, secrets delivery and revocation, threat detection, network segmentation, and host-integrity controls. | 中 | SE008 |
| CE029 | Aqua's marketplaces repository says the platform supports AWS ECS, EKS, Fargate, and Lambda, integrates with Google Cloud Security Command Center, offers a Red Hat Marketplace operator, and supports AKS, ACI, and Windows containers. | 高 | SE013, SE008, SE010 |
| CE030 | Cisco's alliance page says Aqua integrates with Kenna.VM so container vulnerability data can be prioritized in the context of broader vulnerability programs. | 中 | SE009 |
| CE031 | An AWS Marketplace review says Aqua is easy to deploy and can protect the attack surface from code to runtime. | 中 | SE007 |
| CE032 | AWS Marketplace feedback says Aqua's API documentation could be more thorough and can require trial and error. | 中 | SE007 |
| CE033 | A customer quote on Aqua's customer page says customer success and architect sessions are included at no extra cost. | 中 | SE006 |
| CE034 | Aqua's customer page says GitLab uses Aqua Trivy for default DevSecOps container security, and another customer says Aqua's CSPM gives detailed compliance views across cloud providers. | 中 | SE006 |
| CE035 | Aqua's GigaOm write-up says cloud-workload-security tools should be judged by how well they secure running workloads, not only by CSPM or IaC scanning features. | 中 | SE014 |
| CE036 | Aqua's GigaOm write-up says hybrid and multi-cloud complexity plus the cloud shared-responsibility model create demand for workload-security layers beyond native cloud controls. | 中 | SE014 |
| CE037 | Gartner Peer Insights describes Aqua CNAPP as covering vulnerability scanning, runtime protection, posture management, and compliance assessment across cloud environments. | 中 | SE017 |
| CE038 | Gartner Peer Insights highlights strong image assessment but warns about higher price, fewer integrations, and weaker telemetry visibility than some EDR vendors. | 中 | SE017 |
| CE039 | TrustRadius reviews say Aqua workload protection integrates with tools such as GitHub and JFrog and exposes compliance detail across more than 22 compliance programs. | 中 | SE018 |
| CE040 | PeerSpot reviews praise runtime protection, drift prevention, documentation, and Docker/Kubernetes support. | 中 | SE019 |
| CE041 | Aqua's 2025 Akamai announcement says the joint AI-security offering combines Aqua's eBPF-based Secure AI runtime protection with Akamai's edge-based Firewall for AI. | 高 | SE015, SE016 |
| CE042 | Aqua's 2025 Akamai announcement says the offering adds AI-model and agentic-service discovery, prompt defense, workload protection, and model-aware behavior profiling. | 中 | SE015 |
| CE043 | Aqua's 2025 Akamai announcement says the AI protection layer can deploy without code changes, SDKs, or infrastructure modifications. | 高 | SE015, SE016 |
| CE044 | Aqua's 2025 Akamai announcement says Aqua's CNAPP combines agentless and agent-based controls, Trivy-powered scanning, and contextual vulnerability management across cloud, on-prem, hybrid, multi-cloud, VM, and mainframe environments. | 高 | SE015, SE002 |
| CE045 | VMblog says Aqua's AI-workload story integrates into CI/CD, scans container images, VM images, and functions for vulnerabilities, secrets, malware, and misconfigurations, and then adds runtime protection. | 中 | SE016 |
| CE046 | VMblog says Aqua frames its recent AI workload and prompt-protection story as a no-SDK extension of its broader code-to-cloud-to-prompt posture. | 中 | SE016 |
| CE047 | Aqua's compliance page says the company is authorized at the highest impact level and meets more than 400 security controls for sensitive unclassified federal data. | 中 | SE032 |
| CE048 | Aqua's compliance page says the company and its products are certified to ISO 27001, 27701, 27017, 27018, and 42001, undergo annual SOC 2 audits, and publish a CSA STAR self-assessment and CAIQ. | 中 | SE032 |
| CE049 | Public roadmap detail is thin: the reviewed official surfaces show current capability themes and the 2025 AI-security launch, but not a dated module-by-module release cadence. | 中 | SE002, SE015, SE016 |
| CE050 | Public reliability evidence is thin: reviews suggest deployability and runtime breadth, but the reviewed sources do not surface a public uptime SLA, status history, or operator-scale benchmark. | 低 | SE007, SE017, SE018, SE019 |
| CE051 | Public module boundaries and pricing are thin: Aqua clearly exposes Trivy, platform workflows, and private-offer or marketplace motions, but not a clean public SKU matrix for each module. | 中 | SE002, SE004, SE008, SE013 |
| CE052 | The public evidence supports a unified customer workflow and common risk context, but it does not prove how much of Aqua is a single shared data plane versus a tightly packaged portfolio. | 中 | SE002, SE005, SE015 |
| CU001 | In January 2024 Aqua said more than 500 enterprise companies worldwide had adopted the platform. | 高 | SU004, SU005 |
| CU002 | In January 2024 Aqua said 40% of the Fortune 100 used Aqua. | 高 | SU004, SU005 |
| CU003 | In January 2024 Aqua said it served six of the top 10 banks in North America and six of the top seven banks in Canada. | 高 | SU004, SU005 |
| CU004 | Aqua's November 2025 leadership-transition release still described the company as protecting more than 40% of the Fortune 100. | 中 | SU009 |
| CU005 | Aqua said it doubled the number of paying customers during 2020. | 高 | SU007, SU008 |
| CU006 | Aqua said it had half a dozen customers with ARR above $1 million by March 2021. | 高 | SU007, SU008 |
| CU007 | Aqua said its customer list included five of the top 10 banks in the world in March 2021. | 中 | SU007 |
| CU008 | Aqua said new business increased 65% during 2023. | 中 | SU004 |
| CU009 | Aqua positions its platform across code, cloud, runtime, compliance, and AI security, implying different buyers and users across the customer journey. | 中 | SU002, SU003, SU032 |
| CU010 | Trivy is a practitioner-entry surface for Aqua because it is openly distributed and easy to integrate into CI/CD pipelines. | 中 | SU019, SU020, SU021 |
| CU011 | Aqua says Trivy is the default scanner for GitLab container scanning, Artifact Hub, and Harbor. | 中 | SU019 |
| CU012 | Trivy community testimonials cite users or advocates associated with GitLab, MasterCard, Deutsche Bahn, Wise, and Azure-adjacent workflows. | 中 | SU021 |
| CU013 | The Trivy practitioner community should not be treated as equivalent to Aqua's paid enterprise-customer count. | 中 | SU004, SU019, SU021 |
| CU014 | Aqua's customer showcase publicly spans finance, public sector, software, energy, retail, travel tech, and internet services. | 中 | SU001 |
| CU015 | Aqua's public geography signal is broad but thin: the strongest explicit markers are worldwide adoption plus North American and Canadian banking penetration. | 中 | SU001, SU004, SU005 |
| CU016 | Aqua's public named-customer proof is concentrated on company-controlled customer-page blurbs rather than a deep, accessible independent case-study library. | 中 | SU001, SU022 |
| CU017 | Aqua's dedicated case-studies directory returned 404 during this run. | 中 | SU022 |
| CU018 | Aqua's cloud-native-security-report-2024 landing page returned 404 during this run. | 中 | SU023 |
| CU019 | Aqua's customer page says GitLab uses Aqua Trivy to provide customers with default DevSecOps container security. | 高 | SU001, SU019 |
| CU020 | GitLab's quote says customer-success support and architect time are included at no extra cost. | 中 | SU001 |
| CU021 | Koch Federal's public quote praises Aqua's comprehensive security approach, threat intelligence, compliance focus, support, and continuous improvement. | 中 | SU001 |
| CU022 | Elvia's public quote says Aqua CSPM gives clear visibility into bad configurations and alerts when someone violates them. | 中 | SU001 |
| CU023 | Aqua's customer page presents AIB as a named banking customer that centralized container security with Aqua. | 中 | SU001 |
| CU024 | Aqua's customer page presents Alma as a finance customer scaling security with Aqua's CNAPP. | 中 | SU001 |
| CU025 | TechCrunch reported in January 2024 that Aqua claimed customers such as PayPal, Netflix, and Samsung. | 中 | SU006 |
| CU026 | TechCrunch described those customer use cases as spanning CWPP, CSPM, Kubernetes posture, software-supply-chain security, risk and vulnerability scanning, and malware protection. | 中 | SU006 |
| CU027 | G2 shows Aqua Security at 4.2 out of 5 across 57 reviews in the archived page reviewed for this run. | 中 | SU010 |
| CU028 | G2 reports a three-month average time to implement and an eleven-month average ROI window. | 中 | SU010 |
| CU029 | G2 says users like Aqua's ease of use and comprehensive security features but some users note slow customer-support response times. | 中 | SU010 |
| CU030 | A visible Gartner Peer Insights review praised Aqua's image assessment while flagging higher price and fewer integrations. | 中 | SU011 |
| CU031 | A visible Gartner Peer Insights review said Aqua struggles at the enterprise level with the volume of images and containers brought to production. | 中 | SU011 |
| CU032 | PeerSpot praises Aqua's runtime protection, drift prevention, and documentation. | 中 | SU012 |
| CU033 | TrustRadius shows Aqua at 6.2 out of 10 across seven reviews and includes a reviewer who said ROI was high. | 中 | SU013 |
| CU034 | TrustRadius reviewers cite GitHub and JFrog integration as strengths but ask for better Jira and SIEM integrations. | 中 | SU013 |
| CU035 | AWS Marketplace review excerpts describe strong compliance and code-to-runtime coverage, good scanner performance under load, and documentation or API gaps. | 中 | SU014 |
| CU036 | Aqua's Azure marketplace surface is a private-offer motion, which can reduce procurement friction while obscuring public pricing. | 中 | SU015 |
| CU037 | Cisco says Aqua customers include large enterprises in financial services, software, media, manufacturing, and retail with deployments across containers, serverless functions, and cloud VMs. | 中 | SU016 |
| CU038 | Red Hat and Trivy surfaces show Aqua can enter enterprise accounts through open-source and certified ecosystem channels. | 中 | SU017, SU019 |
| CU039 | Aqua's GitHub marketplaces repository advertises a 30-day free trial. | 中 | SU018 |
| CU040 | AWS Marketplace, Azure private offers, Cisco, Red Hat, and Akamai together show that partner and channel influence is a meaningful part of Aqua's go-to-market motion. | 中 | SU014, SU015, SU016, SU017, SU027, SU029 |
| CU041 | Aqua's expansion narrative is credible because the company now pitches a broader security platform that reaches from cloud workloads into AI-workload protection. | 中 | SU002, SU003, SU024, SU027, SU029 |
| CU042 | Public sources reviewed for this chapter do not disclose NRR, GRR, gross churn, contract length, or renewal cohorts. | 中 | SU004, SU010, SU011, SU013 |
| CU043 | Public sources reviewed for this chapter do not disclose top-customer ARR concentration or a renewal calendar for the 500-plus enterprise base. | 中 | SU004, SU005, SU006, SU010, SU011, SU013 |
| CU044 | Aqua's bank-heavy public proof implies strategic strength in financial services but also leaves open the possibility that a small set of large regulated accounts matters disproportionately to ARR. | 中 | SU003, SU004, SU005, SU007 |
| CU045 | Aqua's public evidence shows buyer, user, and payer separation: developers adopt Trivy, platform and security teams run CNAPP, and enterprise procurement buys through direct or partner channels. | 中 | SU014, SU015, SU019, SU021 |
| CU046 | Aqua's public customer evidence is strongest for proving presence and use-case fit, but weaker for proving contract size, duration, and renewal quality. | 中 | SU001, SU006, SU010, SU011, SU013 |
| CU047 | Several Aqua-adjacent public pages and commercial-data surfaces in this run were link-rotted, blocked, or rate-limited, including case-study, research-report, awards, alternate historical-funding, Crunchbase, and Tracxn URLs. | 高 | SU022, SU023, SU025, SU026, SU028, SU030, SU031 |
| CU048 | Aqua's public customer story is enterprise-first rather than self-serve-first because the disclosures emphasize enterprise counts, Fortune 100 adoption, banks, and federal or regulated references instead of SMB seat volume. | 高 | SU001, SU004, SU005, SU007 |
| CU049 | Public evidence does not quantify conversion from Trivy usage or marketplace trials into paid Aqua-platform ARR. | 中 | SU018, SU019, SU021 |
| CU050 | Aqua's customer footprint is strong enough to support continued diligence, but a final durability judgment still depends on private retention, concentration, and conversion data. | 中 | SU004, SU010, SU011, SU013 |
| CR001 | Aqua's co-founders Dror Davidoff and Amir Jerbi stepped back from day-to-day CEO and CTO roles in November 2025 while Mike Dube became CEO and Nir Makowski became chief product and technology officer. | 高 | SR001, SR003 |
| CR002 | CTech reported that by November 2025 Aqua had already gone through multiple layoff rounds, including about 65 employees in December 2022, 50 in June 2024, and dozens more in January 2025, while employing around 450 people worldwide. | 中 | SR001 |
| CR003 | A later CTech article said Aqua was again laying off dozens of employees, including about 20 in Israel, and had roughly 360 employees when it described the move as the company's third round of layoffs in recent years. | 中 | SR002 |
| CR004 | Aqua said the latest reorganization was designed to strengthen long-term stability, sharpen focus on core products and key markets, and support a goal of achieving cash flow independence. | 中 | SR002 |
| CR005 | Aqua raised an additional $60 million in January 2024, extending its Series E financing. | 高 | SR004, SR005 |
| CR006 | TechCrunch said Aqua's January 2024 financing left its valuation merely above $1 billion, effectively unchanged from the $1 billion-plus level cited in 2021. | 高 | SR004, SR006 |
| CR007 | Aqua's 2021 Series E announcement set a $1 billion valuation baseline that still frames later flat-mark comparisons. | 中 | SR006 |
| CR008 | Wiz raised $1 billion at a $12 billion valuation in May 2024. | 中 | SR016 |
| CR009 | Wiz says 50% of the Fortune 100 are customers, about 5 million cloud workloads are protected, and 230 billion files are scanned daily. | 中 | SR015 |
| CR010 | Wiz told employees that its next milestones were $1 billion in ARR and an IPO after rejecting Google's offer. | 中 | SR031 |
| CR011 | Palo Alto positions Prisma Cloud as an AI-powered code-to-cloud platform with visibility, guided investigations, response, and AI application security. | 中 | SR020 |
| CR012 | CrowdStrike says Falcon Cloud Security unifies agentless visibility with sensor-based real-time detection, AI-driven insights, and automated response from code to runtime. | 中 | SR021 |
| CR013 | Orca markets a leading agentless CNAPP with full coverage and lower alert fatigue than agent-first approaches. | 中 | SR022 |
| CR014 | Sysdig markets a real-time cloud defense platform built on agentic AI, runtime insights, and attack-graph prioritization. | 中 | SR023 |
| CR015 | Snyk markets an AI-native and agentic platform that secures development, AI assistants, and AI-native software through a single end-to-end fabric. | 中 | SR024 |
| CR016 | Fortinet said the Lacework acquisition would create one of the most comprehensive full-stack AI-driven cloud security platforms from a single vendor. | 高 | SR017, SR018 |
| CR017 | TechCrunch reported Wiz had signed an LOI to buy Lacework, once valued in the multi-billions, for about $168 million, and MarketScreener later reported Fortinet completed the acquisition for about $149 million in cash. | 高 | SR016, SR019 |
| CR018 | Gartner Peer Insights showed a May 2026 review saying Aqua offered strong image assessment but higher price, fewer integrations, and worse telemetry and visibility than EDR vendors. | 中 | SR008 |
| CR019 | A critical 2024 Gartner review said Aqua was decent for small-to-medium customers but struggled at enterprise scale with very large image and container volumes. | 中 | SR008 |
| CR020 | TrustRadius reviews said Aqua integrates well with GitHub, JFrog, and cloud registries and can deliver high ROI for workload and image scanning. | 中 | SR010 |
| CR021 | The same TrustRadius reviews cited Jira and SIEM integration gaps plus UI or UX issues in authentication, alerts, and result display. | 中 | SR010 |
| CR022 | PeerSpot said Aqua is praised for runtime protection, drift prevention, and documentation, but users still want better web security portals, standard server integration, reporting, training, and log forwarding. | 中 | SR009 |
| CR023 | G2 included enterprise complaints that new features and requests took a long time to deliver and that some scan capabilities were still missing. | 中 | SR007 |
| CR024 | Aqua says Trivy is quick to deploy and is already the default scanner for GitLab Container Scanning, Artifact Hub, and Harbor. | 中 | SR011 |
| CR025 | The Trivy repository says the open-source tool scans vulnerabilities, misconfigurations, secrets, licenses, and SBOMs across multiple infrastructure targets. | 中 | SR012 |
| CR026 | Because a free Aqua-sponsored scanner already covers broad baseline scanning use cases, Aqua must monetize above commodity scan coverage or risk cannibalizing its own paid platform. | 中 | SR011, SR012 |
| CR027 | Aqua and Akamai announced a joint AI security offer that combines Aqua runtime protection with Akamai's Firewall for AI across prompt validation, model interaction monitoring, and workload protection without code changes. | 中 | SR013 |
| CR028 | VMblog said Aqua used Black Hat 2025 to showcase AI workload security and described the Akamai partnership as a joint stack for AI workload and prompt protection. | 中 | SR014 |
| CR029 | Aqua's leadership transition release said the company would keep advancing CNAPP with particular focus on runtime protection and vulnerability management as demand for AI and cloud-native security accelerates. | 中 | SR003 |
| CR030 | Aqua's workload-security positioning emphasizes protecting running workloads rather than relying mainly on CSPM and IaC breadth. | 中 | SR030 |
| CR031 | CISA says organizations need tailored cybersecurity plans and management of external dependencies because cyber events can disrupt essential business services. | 中 | SR025 |
| CR032 | Aqua's privacy policy says it processes platform-user personal data on behalf of customers as a data processor and only under customer instructions and a DPA plus related commercial agreements. | 中 | SR026 |
| CR033 | Aqua's website terms say site content is provided as is and as available without warranties regarding effectiveness, availability, completeness, or error-free operation. | 中 | SR027 |
| CR034 | Aqua's website terms also limit liability, disclaim losses such as lost profits or data damage, and route disputes under Israeli law to Tel Aviv-Jaffa. | 中 | SR027 |
| CR035 | Aqua's support terms tie support to the paid license term, allow delivery by affiliates, and permit revisions after posting so long as service levels are not materially decreased. | 中 | SR028 |
| CR036 | Aqua's support terms target 99.9% availability using commercially reasonable efforts rather than an absolute uptime guarantee. | 中 | SR028 |
| CR037 | Aqua's professional-services terms state pricing is proprietary and confidential, services expire with the quoted term, subcontractors may be used, and Aqua offers no additional warranties beyond professional performance. | 中 | SR029 |
| CR038 | Aqua maintains public trust and support surfaces for customer assurance, but those materials do not disclose actual incident history or SLA-credit performance. | 中 | SR028, SR032 |
| CR039 | Aqua's November 2025 official release said the company protects more than 40% of the Fortune 100, showing meaningful enterprise reach that can partly offset but not eliminate standalone-vendor risk. | 中 | SR003 |
| CR040 | Aqua's 2026 risk profile combines leadership turnover and layoffs with external price and feature pressure from better-capitalized platforms and consolidated vendors. | 中 | SR001, SR002, SR004, SR008, SR016, SR017 |
| CR041 | TechCrunch explicitly read Aqua's flat valuation in 2024 as a sign that business conditions may not be entirely rosy despite new capital. | 中 | SR004 |
| CR042 | Relative to Aqua's flat unicorn mark, Wiz's $12 billion valuation and acquisition war chest make Aqua look underpowered in a category that increasingly rewards platform breadth and M&A. | 中 | SR016, SR031 |
| CR043 | Review sites consistently show that Aqua still wins on image assessment, runtime protection, and policy control even while customers complain about integrations, visibility, and enterprise-scale execution. | 中 | SR008, SR009, SR010 |
| CR044 | Public AI-security evidence is still mostly partnership and launch messaging rather than named production deployments or disclosed AI revenue. | 中 | SR013, SR014, SR015, SR020, SR021, SR024 |
| CR045 | Aqua's partner dependency now includes Akamai for edge AI control points and affiliates or subcontractors for support and professional-services delivery. | 中 | SR013, SR028, SR029 |
| CR046 | Palo Alto Networks reported fiscal year 2025 revenue of $9.2 billion and Next-Generation Security ARR of $5.6 billion. | 中 | SR033 |
| CV001 | Aqua said on 2024-01-03 that it secured an additional $60M, had raised $325M since founding, and remained valued above $1B. | 高 | SV001, SV012, SV014 |
| CV002 | Aqua said on 2021-03-10 that its $135M Series E brought total funding to $265M at a $1B valuation. | 高 | SV002, SV013 |
| CV003 | Aqua publicly identifies 2015 as its founding year. | 高 | SV001, SV002, SV004 |
| CV004 | Aqua publicly identifies Boston, Massachusetts and Ramat Gan, Israel as its headquarters. | 高 | SV003, SV004 |
| CV005 | Aqua's November 2025 leadership-transition release names Mike Dube as CEO. | 中 | SV003 |
| CV006 | Aqua's January 2024 funding release said more than 500 enterprise companies worldwide, including 40% of the Fortune 100, had adopted Aqua. | 高 | SV001, SV003, SV005 |
| CV007 | Aqua still markets a cloud-native application security platform spanning code, cloud, and runtime, with Trivy as an open-source security wedge. | 高 | SV006, SV007 |
| CV008 | Aqua's channel evidence includes its partner program plus AWS and Azure marketplace procurement surfaces. | 高 | SV008, SV010, SV011 |
| CV009 | TechCrunch and SiliconANGLE described the January 2024 extension as preserving essentially the same unicorn valuation Aqua disclosed in 2021 rather than visibly repricing it upward. | 中 | SV012, SV014 |
| CV010 | GetLatka estimates Aqua's 2024 revenue at $89.9M. | 低 | SV017 |
| CV011 | GetLatka says Aqua employed about 543 people as of 2026, down from 638 in 2024. | 低 | SV017 |
| CV012 | Calcalist reported in November 2025 that Aqua employed around 450 people and had gone through several layoff rounds. | 中 | SV015 |
| CV013 | Calcalist's roughly $235M total-raised figure conflicts with Aqua's official $325M total and Tracxn's $325M tally. | 中 | SV015, SV016, SV018 |
| CV014 | Using Aqua's last public >$1B valuation and GetLatka's $89.9M revenue estimate implies a little over 11x estimated revenue. | 低 | SV001, SV017 |
| CV015 | Yahoo Finance showed Palo Alto Networks at 16.62 enterprise-value-to-revenue on 2026-05-19. | 中 | SV019 |
| CV016 | Yahoo Finance showed CrowdStrike at 27.00 enterprise-value-to-revenue on 2026-05-19. | 中 | SV020 |
| CV017 | Yahoo Finance showed SentinelOne at 5.03 enterprise-value-to-revenue and a negative profit margin on 2026-05-19. | 中 | SV021 |
| CV018 | CrowdStrike's SEC EDGAR page lists annual 10-K filings through 2026-03-05. | 中 | SV023 |
| CV019 | Palo Alto Networks' quarterly-results page explicitly points investors to 8-K, 10-K, and 10-Q disclosure materials. | 中 | SV022 |
| CV020 | TechCrunch reported that Wiz raised $1B at a $12B valuation in May 2024. | 高 | SV026, SV027 |
| CV021 | ChannelE2E reported that Wiz generated $350M of ARR in 2023 around its 2024 financing. | 中 | SV027 |
| CV022 | Calcalist reported that Wiz rejected Google's $23B offer and told employees its next milestones were $1B of ARR and an IPO. | 中 | SV031 |
| CV023 | Using $12B divided by Wiz's reported $350M ARR implies roughly 34x ARR for the 2024 Wiz round. | 中 | SV026, SV027 |
| CV024 | Fortinet said financial terms were not disclosed when it announced the Lacework acquisition. | 中 | SV024 |
| CV025 | MarketScreener later estimated that Fortinet completed the Lacework acquisition for about $150M cash net of cash acquired. | 中 | SV025 |
| CV026 | The gap between Lacework's undisclosed official terms and the later ~$150M estimate makes Lacework a cautionary downside comp for late-stage CNAPP vendors. | 中 | SV024, SV025 |
| CV027 | Aqua's customer proof and partner/distribution footprint imply real strategic relevance even though public operating metrics are incomplete. | 高 | SV001, SV005, SV008, SV010, SV011 |
| CV028 | Aqua's Akamai partnership and Black Hat 2025 coverage suggest the company is still extending its platform into AI-security workflows. | 中 | SV009, SV030 |
| CV029 | The retained public evidence does not disclose Aqua's current ARR, NRR, gross margin, CAC payback, burn, runway, or liquidation preference stack. | 中 | SV001, SV002, SV003, SV017, SV028, SV035 |
| CV030 | Because Aqua is private and public data is incomplete, any current multiple or return math should be treated as low-confidence. | 高 | SV001, SV017, SV028, SV035 |
| CV031 | A public-evidence base case of roughly $0.9B-$1.3B assumes Aqua can support around $110M-$130M of revenue at about 8x-10x value-to-revenue. | 低 | SV017, SV019, SV020, SV021 |
| CV032 | A public-evidence bull case of roughly $1.6B-$2.3B assumes Aqua can prove about $150M-$170M of revenue plus cleaner retention and margin quality. | 低 | SV017, SV019, SV020, SV026, SV027 |
| CV033 | A public-evidence bear case of roughly $0.25B-$0.55B assumes revenue stalls around $70M-$90M and the market applies distressed security-software or strategic-sale logic. | 低 | SV016, SV017, SV024, SV025 |
| CV034 | The probability-weighted upside from public scenarios does not clear a fresh-buy threshold against a $1.0B reference entry. | 中 | SV001, SV017, SV019, SV020, SV021, SV025 |
| CV035 | Aqua's flat 2021-to-2024 unicorn mark plus 2025 layoffs suggest the 2024 money likely extended runway rather than proving a clear step-change in value. | 高 | SV001, SV002, SV012, SV015, SV016 |
| CV036 | The final recommendation is TRACK with medium confidence, high risk, and a stretched valuation stance on public evidence. | 中 | SV001, SV017, SV025, SV029, SV035 |
| CV037 | The stance could improve if Aqua privately shows revenue above roughly $120M, NRR above roughly 115%, gross margin above roughly 75%, and a credible path to cash-flow breakeven. | 中 | SV016, SV017, SV019, SV020, SV021 |
| CV038 | A down round, punitive preference terms, another broad restructuring, or clear retention failure would break the current thesis. | 中 | SV015, SV016, SV024, SV025 |
| CV039 | From public evidence, Aqua's most plausible exits are a strategic sale or later financing rather than a near-term IPO. | 中 | SV020, SV022, SV023, SV031 |
| CV040 | Scenario math in this chapter uses a modeled $1.0B reference entry because Aqua disclosed the 2024 extension only as above $1B and current secondary pricing is unknown. | 低 | SV001, SV012, SV014 |
| CV041 | Yahoo Finance showed Fortinet at 12.26 enterprise-value-to-revenue with 27.49% profit margin and 20.10% quarterly revenue growth on 2026-05-19. | 中 | SV036, SV040 |
| CV042 | Yahoo Finance showed Zscaler at 7.60 enterprise-value-to-revenue with -2.25% profit margin and 25.90% quarterly revenue growth on 2026-05-19. | 中 | SV037, SV041 |
| CV043 | Yahoo Finance showed Tenable at 2.41 enterprise-value-to-revenue with -1.15% profit margin and 9.60% quarterly revenue growth on 2026-05-19. | 中 | SV038, SV042 |
| CV044 | Yahoo Finance showed Okta at 4.31 enterprise-value-to-revenue with 8.05% profit margin and 11.60% quarterly revenue growth on 2026-05-19. | 中 | SV039, SV043 |
| CV045 | Nasdaq's publication of Palo Alto Networks' fiscal 2025 results said revenue grew 15% year over year to $9.2B and next-generation security ARR grew 32% to $5.6B. | 中 | SV044 |
| 编号 | 出版方 | 标题 | 引文 |
|---|---|---|---|
| SO001 | Aqua Security | Aqua Cloud Native Application Security | |
| SO002 | Aqua Security | About Aqua Security | |
| SO003 | Aqua Security | Cloud Native Security Platform - Aqua Security | |
| SO004 | Aqua Security | Trivy Open Source Vulnerability Scanner | Aqua | Aqua Trivy is the default scanner for GitLab's Container Scanning functionality, Artifact Hub and Harbor. Aqua Trivy is also a RedHat certified scanner. |
| SO005 | Aqua Security | Customers - Aqua | |
| SO006 | Aqua Security | The aqua advantage ecosystem program - Aqua | |
| SO007 | Aqua Security | Aqua Security Closes $60M Additional Funding at a Valuation Above $1B | Aqua has now raised $325 million since its founding in 2015. During that time, more than 500 enterprise companies worldwide, including 40% of the Fortune 100 companies, have adopted Aqua's innovative cloud security approach. |
| SO008 | Aqua Security | Aqua Security Announces Leadership Transition as Company Enters Its Next Phase of Growth | Co-founders Dror Davidoff and Amir Jerbi will step back from their day-to-day roles ... Mike Dube ... has been appointed CEO, and ... Nir Makowski has been named chief product and technology officer. |
| SO009 | Aqua Security | Aqua Security Announces $135 Million in Series E Funding at a $1 Billion Valuation | Aqua Security's total funding since its founding in 2015 now totals $265 million. |
| SO010 | Aqua Security | Aqua Secures $62M Funding Round, Bringing Total to Over $100M | Container security startup Aqua Security secured $62 million in a Series C funding round, bringing its total amount raise to more than $100 million. |
| SO011 | Aqua Security | Aqua and Akamai Strategic Partnership to Secure AI | |
| SO012 | Aqua Security | Awards Page - Aqua | |
| SO013 | AWS Marketplace | Aqua Cloud Native Application Protection Platform | |
| SO014 | Microsoft Azure Marketplace | Aqua Security | |
| SO015 | Red Hat Ecosystem Catalog | aqua-security | |
| SO016 | Cisco | Cisco Security and Aqua Security | |
| SO017 | GitHub | GitHub - aquasecurity/trivy: Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more | |
| SO018 | Trivy | Trivy | |
| SO019 | TechCrunch | Cloud-native cybersecurity startup Aqua Security raises $60M and remains a unicorn | |
| SO020 | Globes | Aqua Security raises $60m at over $1b valuation | |
| SO021 | Calcalist / CTech | Founders of cyber unicorn Aqua Security step down as company names new CEO | Aqua Security, which employs around 450 people worldwide ... has raised approximately $235 million to date. |
| SO022 | Calcalist / CTech | Aqua Security lays off staff weeks after management shake-up | Aqua employs roughly 360 people in total ... To date, Aqua has raised $235 million. |
| SO023 | Craft.co | Aqua Security CEO and Key Executive Team | Craft.co | |
| SO024 | GetLatka | Aqua Security Revenue 2024: $89.9M ARR, $1B Valuation | In 2024, Aqua Security's revenue reached $89.9M ... Aqua Security employs approximately 543 people as of 2026, down from 638 in 2024. |
| SO025 | citybiz | Aqua Security Closes $60M Additional Funding | |
| SO026 | Tech Funding News | Israeli tech unicorn Aqua Security raises $60M for its cloud-based cybersecurity approach | |
| SO027 | TechCrunch | Aqua Security raises $135M at a $1B valuation for its cloud native security platform | |
| SM001 | Aqua Security | Cloud Native Security Platform - Aqua Security | |
| SM002 | Aqua Security | What is CNAPP? Components, Challenges and Benefits | Software vendors use the CNAPP label somewhat broadly, and some CNAPP tools provide more comprehensive protection than others. |
| SM003 | Aqua Security | Customers - Aqua | |
| SM004 | Aqua Security | The aqua advantage ecosystem program - Aqua | |
| SM005 | Aqua Security | Aqua Security Closes $60M Additional Funding at a Valuation Above $1B | Aqua has now raised $325 million since its founding in 2015. During that time, more than 500 enterprise companies worldwide, including 40% of the Fortune 100 companies, have adopted Aqua’s innovative cloud security approach. |
| SM006 | Aqua Security | Aqua Security Announces Leadership Transition as Company Enters Its Next Phase of Growth | |
| SM007 | AWS Marketplace | Aqua Cloud Native Application Protection Platform | |
| SM008 | Microsoft Marketplace | Aqua Security | |
| SM009 | Cisco | Cisco Security and Aqua Security | |
| SM010 | GitHub | GitHub - aquasecurity/trivy: Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more | |
| SM011 | Trivy | Trivy | |
| SM012 | MarketsandMarkets | Cloud-native Application Protection Platform (CNAPP) Market by Offering, Cloud Type, Organization Size, Vertical and Region - Global Forecast to 2027 | The global CNAPP market is projected to reach USD 19.3 billion by 2027, at a Compound Annual Growth Rate (CAGR) of 19.9 % during the forecast period. |
| SM013 | Grand View Research | Cloud Security Market Size And Share | Industry Report, 2030 | |
| SM014 | Allied Market Research | Cloud Security Market Size, Share, Growth, Forecast - 2032 | |
| SM015 | TechTarget SearchSecurity | What is cloud-native application protection platform (CNAPP)? | Cloud-native application protection platform, or CNAPP, is a software product that bundles multiple cloud security tools into one package. |
| SM016 | Cloud Native Computing Foundation | CNCF Annual Survey 2023 | |
| SM017 | Red Hat | The state of Kubernetes security report: 2024 edition | |
| SM018 | The National CIO Review | Gartner Forecasts $213 billion in 2025 Security Spending - The National CIO Review | |
| SM019 | Cybersecurity and Infrastructure Security Agency | Cybersecurity Best Practices | Cybersecurity and Infrastructure Security Agency CISA | For both government and private entities, developing and implementing tailored cybersecurity plans and processes is key to protecting and maintaining business operations. |
| SM020 | Wiz | Wiz: AI Cybersecurity for All Your Cloud and AI Applications | |
| SM021 | Orca Security | Trusted Cloud Security Platform | Orca Security | |
| SM022 | Palo Alto Networks | Prisma Cloud | Comprehensive Cloud Security | |
| SM023 | Sysdig | Sysdig Platform | Sysdig | |
| SM024 | Snyk | Snyk AI Security Platform | AI-Driven Developer Security Platform | Snyk | |
| SM025 | CrowdStrike | CrowdStrike Falcon® Cloud Security: Modern Security From Code to Cloud | |
| SM026 | Gartner Peer Insights | Aqua CNAPP Reviews & Ratings 2026 | Gartner Peer Insights | Image assessment is better than competitors, but telemetry and visibility is worse then e.g. EDR vendors. |
| SM027 | TrustRadius | Aqua Cloud Native Security Platform Reviews & Ratings 2026 | TrustRadius | |
| SM028 | PeerSpot | Aqua Cloud Security Platform Reviews, Competitors and Pricing | |
| SM029 | CTech | Aqua Security lays off staff weeks after management shake-up | CTech | Aqua Security said it initiated a reorganization “designed to strengthen the company’s long-term stability and sharpen its focus on innovation in its core products and key markets.” |
| SM030 | TechCrunch | Cloud-native cybersecurity startup Aqua Security raises $60M and remains a unicorn | TechCrunch | Aqua Security’s valuation has seemingly remained the same as it was some three years ago when its Series E round was first announced. |
| SM031 | Globes | Aqua Security raises $60m at over $1b valuation | |
| SP001 | Aqua Security | Cloud Native Security Platform - Aqua Security | Aqua delivers full lifecycle security from code to cloud to prompt. |
| SP002 | Aqua Security | Trivy Open Source Vulnerability Scanner | Aqua | Aqua Trivy is the default scanner for GitLab’s Container Scanning functionality, Artifact Hub and Harbor. |
| SP003 | Aqua Security | Customers - Aqua | The cloud native application protection platform (CNAPP) behind 40% of the world’s Fortune 100. |
| SP004 | Aqua Security | The aqua advantage ecosystem program - Aqua | Aqua partners with regional managed services partners, system integrators, solution providers, distribution partners and federal partners. |
| SP005 | Microsoft Marketplace | Aqua Security | Full Lifecycle Security for Azure Container Workloads. |
| SP006 | Cisco | Cisco Security and Aqua Security | Aqua Security is the largest pure-play cloud native security company. |
| SP007 | Trivy | Trivy | The All-in-One Security Scanner. |
| SP008 | GitHub | GitHub - aquasecurity/trivy: Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more | Trivy is a comprehensive and versatile security scanner. |
| SP009 | Aqua Security | Aqua Security Closes $60M Additional Funding at a Valuation Above $1B | Aqua has now raised $325 million since its founding in 2015. |
| SP010 | Gartner Peer Insights | Aqua CNAPP Reviews & Ratings 2026 | Gartner Peer Insights | Strong Image Assessment Features Contrast With Higher Price and Fewer Integrations. |
| SP011 | G2 | The G2 on Aqua Security | Users consistently praise the product for its ease of use and comprehensive security features, but some users note that the customer support response time can be slow. |
| SP012 | PeerSpot | Aqua Cloud Security Platform Reviews, Competitors and Pricing | The platform is praised for its Runtime Protection, Drift Prevention, and robust documentation. |
| SP013 | TrustRadius | Aqua Cloud Native Security Platform Reviews & Ratings 2026 | TrustRadius | The UI/UX of the Aqua platform has several issues, especially with the sign up/in flow, authentication, alerts and display of results. |
| SP014 | Wiz | Wiz: AI Cybersecurity for All Your Cloud and AI Applications | Wiz connects code, cloud, and runtime into a unified context graph. |
| SP015 | Wiz | About Wiz | Wiz | By creating a normalizing layer between cloud environments, our platform enables organizations to rapidly identify and remove critical risks. |
| SP016 | TechCrunch | Wiz raises $1B at a $12B valuation to expand its cloud security platform through acquisitions | TechCrunch | The Series E values Wiz at $12 billion. |
| SP017 | ChannelE2E | Wiz Raises $1 Billion to Expand Cloud Security Platform | Cloud security firm Wiz has secured $1 billion in its latest funding round, achieving a $12 billion valuation and bringing the company's total financing to $1.9 billion. |
| SP018 | Orca Security | Trusted Cloud Security Platform | Orca Security | The Pioneer of Agentless Cloud Security. |
| SP019 | Orca Security | About Us - Cloud Security Innovation | Orca Security | With a patent for this revolutionary SideScanning technology, Orca pioneered the path to agentless cloud security. |
| SP020 | Palo Alto Networks | Prisma Cloud | Comprehensive Cloud Security | Prisma Cloud analyzes 1T events every 24 hours to deliver unparalleled visibility. |
| SP021 | Palo Alto Networks | Quarterly Results | Palo Alto Networks | The information on Palo Alto Networks' investors website may contain forward-looking statements and is detailed in reports filed with the SEC. |
| SP022 | Sysdig | Sysdig Platform | Sysdig | Sysdig helps security and development teams tailor defenses together — the right way. |
| SP023 | Sysdig | About Us | Sysdig | After working on WinPcap, Wireshark, and Falco, I know how satisfying it is to pour your energy into an open source project that empowers defenders. |
| SP024 | Snyk | Snyk AI Security Platform | AI-Driven Developer Security Platform | Snyk | Snyk capabilities are embedded directly into AI coding assistants. |
| SP025 | CrowdStrike | CrowdStrike Falcon® Cloud Security: Modern Security From Code to Cloud | CrowdStrike unifies agentless visibility with the CrowdStrike Falcon sensor. |
| SP026 | Fortinet | Fortinet to Acquire Lacework, Enhancing the Industry’s Most Comprehensive Cybersecurity Platform | Lacework delivers a leading AI-powered cloud security platform that seamlessly integrates all critical CNAPP services. |
| SP027 | Fortinet | Fortinet Completes Acquisition of Lacework | Fortinet | Integrating Lacework’s organically developed cloud-native platform with the Fortinet Security Fabric will result in the most comprehensive, full-stack AI-driven cloud security platform available from a single vendor. |
| SP028 | MarketScreener | Fortinet, Inc. completed the acquisition of Lacework, Inc. for approximately $150 million. | Fortinet paid approximately $149 million in cash, net of cash acquired. |
| SP029 | Aqua Security | What is CNAPP? Components, Challenges and Benefits | Runtime security to detect real-time threats and enforce security policies. |
| SP030 | GitHub | GitHub - aquasecurity/marketplaces | Aqua platform provides the most complete security solutions to protect workloads running on Amazon ECS, EKS, AWS Fargate and AWS Lambda. |
| SI001 | Aqua Security | Aqua Security Closes $60M Additional Funding at a Valuation Above $1B | Aqua has now raised $325 million since its founding in 2015. |
| SI002 | Aqua Security | Aqua Security Announces $135 Million in Series E Funding at a $1 Billion Valuation | Aqua Security’s total funding since its founding in 2015 now totals $265 million. |
| SI003 | Aqua Security | Aqua Secures $62M Funding Round, Bringing Total to Over $100M | Container security startup Aqua Security secured $62 million in a Series C funding round, bringing its total amount raise to more than $100 million. |
| SI004 | Aqua Security | Cloud Native Security Platform - Aqua Security | Protect your cloud native and AI apps with Aqua CNAPP. |
| SI005 | Aqua Security | Trivy Open Source Vulnerability Scanner | Aqua | Deployment and integration into the CI/CD pipeline is as simple as installing the binary and specifying a target. |
| SI006 | Aqua Security | Customers - Aqua | Customer Success has been a great help, and we appreciate that it is included at no extra cost. |
| SI007 | Aqua Security | The Aqua Advantage Ecosystem Program - Aqua | Aqua partners with regional managed services partners who offer a comprehensive security solution as a managed offering. |
| SI008 | GitHub / Aqua Security | GitHub - aquasecurity/marketplaces | Subscribe now and check out our 30-day Free Trial to secure the environment of your choosing today!! |
| SI009 | AWS Marketplace | Aqua Cloud Native Application Protection Platform | Aqua secures every cloud native application on AWS across the entire lifecycle. |
| SI010 | Microsoft Marketplace | Aqua Security | Full Lifecycle Security for Azure Container Workloads |
| SI011 | TechCrunch | Cloud-native cybersecurity startup Aqua Security raises $60M and remains a unicorn | Aqua Security’s valuation has seemingly remained the same as it was some three years ago when its Series E round was first announced. |
| SI012 | TechCrunch | Aqua Security raises $135M at a $1B valuation for its cloud native security platform | In total, Aqua Security has now raised $265 million since it was founded in 2015. |
| SI013 | Globes | Aqua Security raises $60m at over $1b valuation | Aqua has now raised $325 million since its founding in 2015. |
| SI014 | SiliconANGLE | Aqua Security nabs $60M at $1B valuation to secure enterprise cloud applications | The capital injection, which was provided as an extension to a $135 million Series E round Aqua Security originally closed in 2021, values the company at more than $1 billion. |
| SI015 | CTech / Calcalist | Founders of cyber unicorn Aqua Security step down as company names new CEO | Aqua Security, which employs around 450 people worldwide, has undergone several rounds of layoffs as part of an ongoing restructuring process. |
| SI016 | CTech / Calcalist | Aqua Security lays off staff weeks after management shake-up | This supports Aqua’s goal of achieving cash flow independence. |
| SI017 | GetLatka | Aqua Security Revenue 2024: $89.9M ARR, $1B Valuation | Revenue, funding, team, and customer figures are presented as company-reported or GetLatka-estimated metrics where the profile data identifies them that way. |
| SI018 | Tracxn | Aqua Security | Aqua Security has raised a total funding of $325M over 8 rounds. |
| SI019 | Aqua Security | Aqua Security Announces Leadership Transition as Company Enters Its Next Phase of Growth | Aqua Security, the market leader in cloud native security protecting more than 40% of the Fortune 100, today announced a planned leadership transition. |
| SI020 | Yahoo Finance | Palo Alto Networks, Inc. (PANW) Stock Price, News, Quote & History | Enterprise Value/Revenue 16.62 |
| SI021 | Yahoo Finance | CrowdStrike Holdings, Inc. (CRWD) Stock Price, News, Quote & History | Enterprise Value/Revenue 27.00 |
| SI022 | Yahoo Finance | SentinelOne, Inc. (S) Stock Price, News, Quote & History | Enterprise Value/Revenue 5.03 |
| SI023 | U.S. Securities and Exchange Commission | EDGAR Search Results | 10-K ... Acc-no: 0001535527-26-000010 ... 2026-03-05 |
| SI024 | Fortinet | Fortinet to Acquire Lacework, Enhancing the Industry’s Most Comprehensive Cybersecurity Platform | Financial terms of the transaction were not disclosed. |
| SI025 | MarketScreener | Fortinet, Inc. completed the acquisition of Lacework, Inc. for approximately $150 million. | Fortinet, Inc. completed the acquisition of Lacework, Inc. for approximately $150 million. |
| SI026 | GitHub / Aqua Security | GitHub - aquasecurity/trivy | Trivy is available in most common distribution channels. |
| SI027 | Trivy | Trivy | Trivy is the most popular open source security scanner for vulnerability, IaC, SBOM discovery, cloud scanning and Kubernetes security. |
| SI028 | Aqua Security | Aqua Platform helps security teams secure cloud native environments | Aqua Platform integrates security from Code to Cloud, combining the power of agent and agentless technology into a single solution. |
| SI029 | Aqua Security | What is CNAPP? Components, Challenges and Benefits | A Cloud Native Application Protection Platform, or CNAPP, is a type of security solution that provides an integrated set of security and compliance capabilities for cloud native applications. |
| SE001 | Aqua Security | Aqua Cloud Native Application Security | Stop known and unknown threats in live production environments, including AI-driven and prompt injection attacks, using enforcement-first controls. |
| SE002 | Aqua Security | Cloud Native Security Platform - Aqua Security | Aqua delivers full lifecycle security from code to cloud to prompt. |
| SE003 | Aqua Security | Aqua Platform helps security teams secure cloud native environments | |
| SE004 | Aqua Security | Trivy Open Source Vulnerability Scanner | Aqua | Deployment and integration into the CI/CD pipeline is as simple as installing the binary and specifying a target. |
| SE005 | Aqua Security | What is CNAPP? Components, Challenges and Benefits | |
| SE006 | Aqua Security | Customers - Aqua | |
| SE007 | AWS Marketplace | Aqua Cloud Native Application Protection Platform | |
| SE008 | Microsoft Azure Marketplace | Aqua Security | |
| SE009 | Cisco | Cisco Security and Aqua Security | |
| SE010 | Red Hat | aqua-security | |
| SE011 | GitHub | GitHub - aquasecurity/trivy | |
| SE012 | Trivy | Trivy | |
| SE013 | GitHub | GitHub - aquasecurity/marketplaces | |
| SE014 | Aqua Security | Cloud Workload Security: Aqua Shines in GigaOm's Radar Report | |
| SE015 | Aqua Security | Aqua and Akamai Strategic Partnership to Secure AI | Frictionless Deployment – Protect AI workloads and traffic without requiring code changes, SDKs, or infrastructure modifications. |
| SE016 | VMblog | Black Hat 2025: Aqua Security Unveils AI Workload Protection and Strategic Akamai Partnership to Combat Next-Gen Threats | |
| SE017 | Gartner Peer Insights | Aqua CNAPP Reviews & Ratings 2026 | Gartner Peer Insights | |
| SE018 | TrustRadius | Aqua Cloud Native Security Platform Reviews & Ratings 2026 | TrustRadius | |
| SE019 | PeerSpot | Aqua Cloud Security Platform Reviews, Competitors and Pricing | |
| SE020 | Trivy | Trivy - Overview | |
| SE021 | Trivy | Trivy - Container Image | |
| SE022 | Trivy | Trivy - Kubernetes | |
| SE023 | Trivy | Trivy - Vulnerability | |
| SE024 | Trivy | Trivy - Overview | |
| SE025 | Trivy | Trivy - Secret | |
| SE026 | Trivy | Trivy - SBOM | |
| SE027 | Trivy | Trivy - License | |
| SE028 | Trivy | Trivy - Overview | |
| SE029 | Trivy | Trivy - Code Repository | |
| SE030 | Trivy | Trivy - Filesystem | |
| SE031 | Trivy | Trivy - Virtual Machine Image | |
| SE032 | Aqua Security | Trust and Compliance - Aqua Security | Aqua Security is ISO/IEC 42001 certified, reflecting our adherence to the international standard for Artificial Intelligence Management Systems (AIMS). |
| SU001 | Aqua Security | Customers - Aqua | Customer Success has been a great help, and we appreciate that it is included at no extra cost. |
| SU002 | Aqua Security | Cloud Native Security Platform - Aqua Security | Protect your cloud native and AI apps with Aqua CNAPP. |
| SU003 | Aqua Security | Aqua Platform helps security teams secure cloud native environments | |
| SU004 | Aqua Security | Aqua Security Closes $60M Additional Funding at a Valuation Above $1B | During that time, more than 500 enterprise companies worldwide, including 40% of the Fortune 100 companies, have adopted Aqua’s innovative cloud security approach. |
| SU005 | Globes | Aqua Security raises $60m at over $1b valuation | Aqua says that more than 500 enterprise companies worldwide, including 40% of the Fortune 100 companies, have adopted Aqua’s cloud security approach. |
| SU006 | TechCrunch | Cloud-native cybersecurity startup Aqua Security raises $60M and remains a unicorn | Aqua Security claims customers such as PayPal, Netflix and Samsung. |
| SU007 | Aqua Security | Aqua Security Announces $135 Million in Series E Funding at a $1 Billion Valuation | Aqua has doubled the number of paying customers with notable new customers in the federal, financial, energy, telecom, and automotive sectors. |
| SU008 | TechCrunch | Aqua Security raises $135M at a $1B valuation for its cloud native security platform | In total, Aqua Security has now raised $265 million since it was founded in 2015. |
| SU009 | Aqua Security | Aqua Security Announces Leadership Transition as Company Enters Its Next Phase of Growth | Aqua Security, the market leader in cloud native security protecting more than 40% of the Fortune 100, today announced a planned leadership transition. |
| SU010 | G2 (via Internet Archive) | The G2 on Aqua Security | Users consistently praise the product for its ease of use and comprehensive security features, but some users note that the customer support response time can be slow. |
| SU011 | Gartner Peer Insights | Aqua CNAPP Reviews & Ratings 2026 | Gartner Peer Insights | Strong Image Assessment Features Contrast With Higher Price and Fewer Integrations. |
| SU012 | PeerSpot | Aqua Cloud Security Platform Reviews, Competitors and Pricing | The platform is praised for its Runtime Protection, Drift Prevention, and robust documentation. |
| SU013 | TrustRadius | Aqua Cloud Native Security Platform Reviews & Ratings 2026 | TrustRadius | ROI is high with our Aqua project. |
| SU014 | AWS Marketplace | Aqua Cloud Native Application Protection Platform | Full deployment ... The ease of deployment and the capability to look and protect the entire attack for code to runtime. |
| SU015 | Microsoft Marketplace | Aqua Security | Full Lifecycle Security for Azure Container Workloads. |
| SU016 | Cisco | Cisco Security and Aqua Security | Aqua customers are among the world’s largest enterprises in financial services, software, media, manufacturing and retail. |
| SU017 | Red Hat Ecosystem Catalog | aqua-security | The Red Hat Ecosystem Catalog is the official source for discovering and learning more about the Red Hat Ecosystem of both Red Hat and certified third-party products and services. |
| SU018 | GitHub / Aqua Security | GitHub - aquasecurity/marketplaces | Subscribe now and check out our 30-day Free Trial to secure the environment of your choosing today!! |
| SU019 | Aqua Security | Trivy Open Source Vulnerability Scanner | Aqua | Aqua Trivy is the default scanner for GitLab’s Container Scanning functionality, Artifact Hub and Harbor. |
| SU020 | GitHub / Aqua Security | GitHub - aquasecurity/trivy: Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more | Trivy is integrated with many popular platforms and applications. |
| SU021 | Trivy | Trivy | Trivy is praised by professionals worldwide. |
| SU022 | Aqua Security | 404 Not Found — Aqua case studies page | 404 Not Found. We can not find the page you are looking for. |
| SU023 | Aqua Security | 404 Not Found — Aqua cloud native security report 2024 | 404 Not Found. We can not find the page you are looking for. |
| SU024 | Aqua Security | Cloud Workload Security: Aqua Shines in GigaOm's Radar Report | Cloud workload security (CWS) plays a critical role in safeguarding the integrity and resilience of cloud native workloads. |
| SU025 | Aqua Security | 404 Not Found — older 2021 Aqua funding URL | 404 Not Found. We can not find the page you are looking for. |
| SU026 | Aqua Security | 404 Not Found — CRN Cloud 100 / Security 100 page | 404 Not Found. We can not find the page you are looking for. |
| SU027 | VMblog | Black Hat 2025: Aqua Security Unveils AI Workload Protection and Strategic Akamai Partnership to Combat Next-Gen Threats | Aqua has positioned itself at the forefront of this new battleground with its comprehensive platform that secures the entire software development lifecycle from code to cloud to prompt. |
| SU028 | TechCrunch | Page not found | TechCrunch — older 2021 Aqua article URL | 404 We’re sorry, we seem to have lost this page. |
| SU029 | Aqua Security | Aqua and Akamai Strategic Partnership to Secure AI | The Aqua-Akamai partnership addresses this challenge head-on. |
| SU030 | Crunchbase | Attention Required! | Cloudflare | Why have I been blocked? This website is using a security service to protect itself from online attacks. |
| SU031 | Tracxn | Tracxn - Too many requests | Warning: Target URL returned error 429: Too Many Requests |
| SU032 | Gartner | Gartner for Information Technology (IT) Leaders | |
| SR001 | CTech by Calcalist | Founders of cyber unicorn Aqua Security step down as company names new CEO | Aqua employs around 450 people worldwide and had already gone through several rounds of layoffs as part of an ongoing restructuring process. |
| SR002 | CTech by Calcalist | Aqua Security lays off staff weeks after management shake-up | Aqua said the reorganization was designed to strengthen long-term stability, sharpen focus on core products and key markets, and support a goal of achieving cash flow independence. |
| SR003 | Aqua Security | Aqua Security Announces Leadership Transition as Company Enters Its Next Phase of Growth | Under its new leadership, Aqua said it would continue advancing CNAPP with particular focus on runtime protection and vulnerability management. |
| SR004 | TechCrunch | Cloud-native cybersecurity startup Aqua Security raises $60M and remains a unicorn | TechCrunch noted that Aqua's valuation had seemingly remained the same as it was three years earlier, which could suggest that business was not entirely rosy. |
| SR005 | Aqua Security | Aqua Security Closes $60M Additional Funding at a Valuation Above $1B | Aqua said it closed an additional $60 million of funding at a valuation above $1 billion. |
| SR006 | Aqua Security | Aqua Security Announces $135 Million in Series E Funding at a $1 Billion Valuation | Aqua's 2021 Series E announcement fixed a $1 billion valuation baseline for later flat-mark comparisons. |
| SR007 | G2 via Internet Archive | The G2 on Aqua Security | An enterprise reviewer said new features and requests took too long to deliver and some scan capabilities were still lacking. |
| SR008 | Gartner Peer Insights | Aqua CNAPP Reviews & Ratings 2026 | A May 2026 review described strong image assessment but higher price, fewer integrations, and worse telemetry and visibility than EDR vendors. |
| SR009 | PeerSpot | Aqua Cloud Security Platform Reviews, Competitors and Pricing | PeerSpot summarized customer challenges around web security portals, standard server integration, reporting, training, and log forwarding. |
| SR010 | TrustRadius | Aqua Cloud Native Security Platform Reviews & Ratings 2026 | TrustRadius reviews cited Jira and SIEM integration gaps and UI or UX issues in sign-in, authentication, alerts, and display of results. |
| SR011 | Aqua Security | Trivy Open Source Vulnerability Scanner | Aqua says Trivy is the default scanner for GitLab Container Scanning, Artifact Hub, and Harbor. |
| SR012 | GitHub | GitHub - aquasecurity/trivy | The repository says Trivy scans vulnerabilities, misconfigurations, secrets, SBOMs, and licenses across containers, filesystems, Git repositories, VMs, and Kubernetes. |
| SR013 | Aqua Security | Aqua and Akamai Strategic Partnership to Secure AI | Aqua said the joint solution combines runtime protection, prompt validation, and model interaction monitoring without requiring code changes. |
| SR014 | VMblog | Black Hat 2025: Aqua Security Unveils AI Workload Protection and Strategic Akamai Partnership to Combat Next-Gen Threats | VMblog described Aqua's Black Hat 2025 focus on AI workload protection and the joint Aqua-Akamai stack for AI workload and prompt protection. |
| SR015 | Wiz | About Wiz | Wiz says 50% of the Fortune 100 are customers, about 5 million cloud workloads are protected, and 230 billion files are scanned daily. |
| SR016 | TechCrunch | Wiz raises $1B at a $12B valuation to expand its cloud security platform through acquisitions | TechCrunch reported that Wiz had raised $1 billion at a $12 billion valuation and was using the round to expand through acquisitions. |
| SR017 | Fortinet | Fortinet to Acquire Lacework, Enhancing the Industry’s Most Comprehensive Cybersecurity Platform | Fortinet said acquiring Lacework would help form one of the most comprehensive, full-stack, AI-driven cloud security platforms available from a single vendor. |
| SR018 | Fortinet | Fortinet Completes Acquisition of Lacework | Fortinet said the completed deal would combine Lacework's cloud-native platform with the Fortinet Security Fabric into a single full-stack cloud security platform. |
| SR019 | MarketScreener | Fortinet, Inc. completed the acquisition of Lacework, Inc. for approximately $150 million. | MarketScreener said Fortinet paid approximately $149 million in cash, net of cash acquired, to complete the Lacework acquisition. |
| SR020 | Palo Alto Networks | Prisma Cloud | Comprehensive Cloud Security | Prisma Cloud positions itself as an AI-powered code-to-cloud platform with visibility, investigations, response, and AI application security. |
| SR021 | CrowdStrike | CrowdStrike Falcon® Cloud Security: Modern Security From Code to Cloud | CrowdStrike says it unifies agentless visibility, real-time detection, AI-driven insights, and automated response in a single code-to-runtime platform. |
| SR022 | Orca Security | Trusted Cloud Security Platform | Orca says its agentless CNAPP provides 100% coverage and reduces alert fatigue relative to traditional agent-first approaches. |
| SR023 | Sysdig | Sysdig Platform | Sysdig markets a real-time cloud defense platform built on agentic AI, runtime insights, and attack-graph prioritization. |
| SR024 | Snyk | Snyk AI Security Platform | Snyk describes an AI-native and agentic platform that secures development, AI assistants, and AI-native software through a single end-to-end fabric. |
| SR025 | CISA | Cybersecurity Best Practices | CISA says organizations should develop tailored cybersecurity plans and manage external dependencies because cyber events can disrupt essential services. |
| SR026 | Aqua Security | Privacy Policy | Aqua says it processes platform-user personal data on behalf of customers as a data processor and only under customer instructions and the terms of its DPA and commercial agreements. |
| SR027 | Aqua Security | Website Terms of use | Aqua says the site is provided on an as-is and as-available basis without warranties on effectiveness, availability, completeness, or error-free operation. |
| SR028 | Aqua Security | Customer Support Services Terms and Conditions | Aqua's support terms tie support to the paid license term, allow affiliate delivery, target 99.9% availability, and can be revised after posting so long as services are not materially decreased. |
| SR029 | Aqua Security | Aqua Professional Services Terms and Conditions | Aqua's professional-services terms say pricing is confidential, hours expire with the quote term, subcontractors may be used, and Aqua provides no additional warranties beyond professional performance. |
| SR030 | Aqua Security | Cloud Workload Security: Aqua Shines in GigaOm's Radar Report | Aqua's GigaOm-themed workload-security post stresses protecting running workloads rather than relying mainly on CSPM and IaC breadth. |
| SR031 | CTech by Calcalist | Wiz rejects Google’s $23 billion acquisition offer, eyes IPO instead | Wiz told employees its next milestones were $1 billion in ARR and an IPO after rejecting a $23 billion Google acquisition offer. |
| SR032 | Aqua Security | Security | Aqua maintains a public trust and security surface for customer assurance, but the page does not provide public uptime or incident-history evidence. |
| SR033 | Nasdaq / Palo Alto Networks | Palo Alto Networks Reports Fiscal Fourth Quarter and Fiscal Year 2025 Financial Results | Fiscal year 2025 revenue grew 15% year over year to $9.2 billion, and Next-Generation Security ARR grew 32% year over year to $5.6 billion. |
| SV001 | Aqua Security | Aqua Security Closes $60M Additional Funding at a Valuation Above $1B | Aqua has now raised $325 million since its founding in 2015. During that time, more than 500 enterprise companies worldwide, including 40% of the Fortune 100 companies, have adopted Aqua's innovative cloud security approach. |
| SV002 | Aqua Security | Aqua Security Announces $135 Million in Series E Funding at a $1 Billion Valuation | Aqua Security's total funding since its founding in 2015 now totals $265 million. |
| SV003 | Aqua Security | Aqua Security Announces Leadership Transition as Company Enters Its Next Phase of Growth | Aqua Security, the market leader in cloud native security protecting more than 40% of the Fortune 100, today announced a planned leadership transition. |
| SV004 | Aqua Security | About Aqua Security | |
| SV005 | Aqua Security | Customers - Aqua | |
| SV006 | Aqua Security | Cloud Native Security Platform - Aqua Security | |
| SV007 | Aqua Security | Trivy Open Source Vulnerability Scanner | Aqua | |
| SV008 | Aqua Security | The aqua advantage ecosystem program - Aqua | |
| SV009 | Aqua Security | Aqua and Akamai Strategic Partnership to Secure AI | |
| SV010 | AWS Marketplace | Aqua Cloud Native Application Protection Platform | |
| SV011 | Microsoft Azure Marketplace | Aqua Security | |
| SV012 | TechCrunch | Cloud-native cybersecurity startup Aqua Security raises $60M and remains a unicorn | Aqua Security's valuation has seemingly remained the same as it was some three years ago when its Series E round was first announced. |
| SV013 | TechCrunch | Aqua Security raises $135M at a $1B valuation for its cloud native security platform | In total, Aqua Security has now raised $265 million since it was founded in 2015. |
| SV014 | SiliconANGLE | Aqua Security nabs $60M at $1B valuation to secure enterprise cloud applications | The capital injection, which was provided as an extension to a $135 million Series E round Aqua Security originally closed in 2021, values the company at more than $1 billion. |
| SV015 | Calcalist / CTech | Founders of cyber unicorn Aqua Security step down as company names new CEO | Aqua Security, which employs around 450 people worldwide, has undergone several rounds of layoffs as part of an ongoing restructuring process. |
| SV016 | Calcalist / CTech | Aqua Security lays off staff weeks after management shake-up | This supports Aqua's goal of achieving cash flow independence. |
| SV017 | GetLatka | Aqua Security Revenue 2024: $89.9M ARR, $1B Valuation | In 2024, Aqua Security's revenue reached $89.9M ... Aqua Security employs approximately 543 people as of 2026, down from 638 in 2024. |
| SV018 | Tracxn | Aqua Security | Aqua Security has raised a total funding of $325M over 8 rounds. |
| SV019 | Yahoo Finance | Palo Alto Networks, Inc. (PANW) Stock Price, News, Quote & History | Enterprise Value/Revenue 16.62 |
| SV020 | Yahoo Finance | CrowdStrike Holdings, Inc. (CRWD) Stock Price, News, Quote & History | Enterprise Value/Revenue 27.00 |
| SV021 | Yahoo Finance | SentinelOne, Inc. (S) Stock Price, News, Quote & History | Enterprise Value/Revenue 5.03 |
| SV022 | Palo Alto Networks | Quarterly Results | Palo Alto Networks | |
| SV023 | U.S. Securities and Exchange Commission | EDGAR Search Results | 10-K ... Acc-no: 0001535527-26-000010 ... 2026-03-05 |
| SV024 | Fortinet | Fortinet to Acquire Lacework, Enhancing the Industry’s Most Comprehensive Cybersecurity Platform | Financial terms of the transaction were not disclosed. |
| SV025 | MarketScreener | Fortinet, Inc. completed the acquisition of Lacework, Inc. for approximately $150 million. | Fortinet, Inc. completed the acquisition of Lacework, Inc. for approximately $150 million. |
| SV026 | TechCrunch | Wiz raises $1B at a $12B valuation to expand its cloud security platform through acquisitions | The Series E ... values Wiz at $12 billion. |
| SV027 | ChannelE2E | Wiz Raises $1 Billion to Expand Cloud Security Platform | Founded in 2020, Wiz reported an annual recurring revenue (ARR) of $350 million in 2023. |
| SV028 | Tracxn | Aqua Security funding and investors | |
| SV029 | Aqua Security | Cloud Workload Security: Aqua Shines in GigaOm's Radar Report | |
| SV030 | VMblog | Black Hat 2025: Aqua Security Unveils AI Workload Protection and Strategic Akamai Partnership to Combat Next-Gen Threats | |
| SV031 | Calcalist / CTech | Wiz rejects Google’s $23 billion acquisition offer, eyes IPO instead | our next milestones are $1 billion in ARR and an IPO |
| SV032 | Aqua Security | Aqua Security case studies archive | |
| SV033 | Aqua Security | Aqua cloud native security report 2024 | |
| SV034 | Aqua Security | Aqua Security named to CRN 2025 Cloud 100 and Security 100 lists | |
| SV035 | Crunchbase | Aqua Security organization page | |
| SV036 | Yahoo Finance | Fortinet, Inc. (FTNT) Stock Price, News, Quote & History | Market Cap (intraday) 93.178B; Enterprise Value 87.16B; Enterprise Value/Revenue 12.26; Profit Margin 27.49%. |
| SV037 | Yahoo Finance | Zscaler, Inc. (ZS) Stock Price, News, Quote & History | Market Cap (intraday) 28.261B; Enterprise Value 22.81B; Enterprise Value/Revenue 7.60; Profit Margin -2.25%. |
| SV038 | Yahoo Finance | Tenable Holdings, Inc. (TENB) Stock Price, News, Quote & History | Market Cap (intraday) 2.688B; Enterprise Value 2.47B; Enterprise Value/Revenue 2.41; Profit Margin -1.15%. |
| SV039 | Yahoo Finance | Okta, Inc. (OKTA) Stock Price, News, Quote & History | Market Cap (intraday) 15.059B; Enterprise Value 12.58B; Enterprise Value/Revenue 4.31; Profit Margin 8.05%. |
| SV040 | Yahoo Finance | Fortinet, Inc. (FTNT) Valuation Measures & Financial Statistics | Quarterly Revenue Growth (yoy) 20.10%; Levered Free Cash Flow (ttm) 1.81B; Gross Profit (ttm) 5.71B. |
| SV041 | Yahoo Finance | Zscaler, Inc. (ZS) Valuation Measures & Financial Statistics | Quarterly Revenue Growth (yoy) 25.90%; Levered Free Cash Flow (ttm) 1.02B; Gross Profit (ttm) 2.3B. |
| SV042 | Yahoo Finance | Tenable Holdings, Inc. (TENB) Valuation Measures & Financial Statistics | Quarterly Revenue Growth (yoy) 9.60%; Levered Free Cash Flow (ttm) 255.8M; Gross Profit (ttm) 799.18M. |
| SV043 | Yahoo Finance | Okta, Inc. (OKTA) Valuation Measures & Financial Statistics | Quarterly Revenue Growth (yoy) 11.60%; Levered Free Cash Flow (ttm) 836.12M; Gross Profit (ttm) 2.26B. |
| SV044 | Nasdaq | Palo Alto Networks Reports Fiscal Fourth Quarter and Fiscal Year 2025 Financial Results | Nasdaq | Fiscal year 2025 revenue grew 15% year over year to $9.2 billion; Next-Generation Security ARR grew 32% year over year to $5.6 billion. |