估值 01
1000 USD M 尽调报告
Cyberhaven
产品与客户验证很强,但若以 $1B 估值进场,仍需私下尽调财务质量和事件后的风险敞口。
Cyberhaven 展现出可信的品类领导力和企业牵引力,但 $1B Series D 仍需要对财务质量、诉讼敞口和架构加固做非公开尽调。
封面要素
累计融资 02
250 USD M D 轮 03
100 USD M 成立年份 04
2016 具名客户 05
14 publicly confirmed 公司概况
Cyberhaven 是一家私营网络安全公司,为大型企业构建以数据血缘为核心的 AI 与数据安全平台。公司把 DSPM、DLP、内部人员风险管理和 AI 安全整合进统一控制平面,并已把这一定位转化为具名企业客户、较高用户评测分数,以及以 $1B 估值完成 $100M D 轮的快速融资进展。产品差异化和客户成效让商业逻辑有吸引力,但公开证据在财务质量和事件后续影响上仍太薄,尚不足以支撑完整承销的后期投资决策。
- 成立时间
- 2016-01-01
- 创始人
- Cristian Zamfir, George Candea, Radu Banabic, Vitaly Chipounov, Volodymyr Kuznetsov
- 创立地点
- San Jose, California, USA
- 总部
- Bay Area, California, USA (public materials vary across San Jose, Palo Alto, and Mountain View)
- 产品
- Cyberhaven 销售统一 AI 与数据安全平台,覆盖数据安全态势管理、数据防泄漏、内部人员风险管理和 AI 安全。核心差异化在于数据血缘技术:它跟踪敏感数据如何在端点、浏览器、SaaS、云和本地系统中被创建、转换、拆分和移动,并用 Linea AI 自动化检测与调查工作流。
- 客户
- 面向技术、制造、法律、金融服务、医疗以及政府 / 国防环境中的大型企业;这些企业持有高价值 IP、受监管数据,或面临内部人员风险敞口。
- 商业模式
- 销售主导的企业订阅软件,具备跨模块落地后扩张潜力,通过直销、合作伙伴和超大规模云厂商市场采购。
- 阶段
- Series D private / unicorn
- 融资情况
- 公开累计融资 $250M,包括 April 2025 宣布、估值 $1B 的 $100M D 轮。
执行摘要
主要优势
- 以血缘为先的产品架构看起来确实不同于传统 DLP 和先靠套件打包的 incumbent。
- 作为私营安全公司,Cyberhaven 的公开客户证据异常强,包括 14 家具名企业和详细的 Motorola 效果指标。
- DLP、DSPM、内部人风险和 AI 数据治理预算正在汇合,市场顺风明确。
- 客户满意度和心智份额信号强,包括 Gartner Peer Insights、G2、FeaturedCustomers,以及持续改善的 PeerSpot 份额。
- 2025 年 4 月 Series D 补进了有意义的资本,也说明即便经历 2024 年 12 月事件,投资人仍愿意出钱支持增长。
主要风险
- 2024 年 12 月 Chrome 扩展被攻破事件仍是未解决的声誉、法律和监管包袱。
- 财务不透明度很高:ARR、NRR、毛利率、流失率、烧钱速度和现金跑道均未公开披露。
- Microsoft Purview 和其他 incumbent 可以靠打包和分发杠杆压价,并降低 Cyberhaven 的胜率。
- 只要架构没有实质演进,浏览器扩展依赖就会持续留下供应链和平台依赖风险。
- 关于客户总数、集中度和扩张质量的公开证据太薄,无法验证当前估值下的耐久性。
未决问题
- 经验证的 ARR 或收入,以及 NRR、流失率、毛利率和销售效率。
- 诉讼状态、监管跟进,以及 2024 年扩展事件带来的财务敞口可信边界。
- 事件后扩展和 OAuth 加固证据,包括摆脱单点浏览器商店依赖的路线图。
- 客户集中度、ACV 分布,以及具名客户之外的总安装基础。
- Series D 优先权堆叠、稀释条款,以及公告头条估值之外的任何老股定价。
目录
01公司概况
1.1 身份、产品边界与地点口径不一致
Cyberhaven 将自己定位为 AI 与数据安全公司,核心差异化是数据血缘:公司称其平台会追踪敏感数据如何在端点、云、SaaS、本地系统和 AI 工具中产生、移动和变化。当前产品营销和 February 2026 增长发布都描述了一套覆盖 DSPM、DLP、内部人员风险管理和 AI 安全的单一架构,而不是一组松散拼接的单点产品。这个统一定位很关键,因为后续章节可以把 Cyberhaven 当作平台公司,而不只是浏览器扩展或传统 DLP 厂商。 身份基础大体清楚,但并不完全干净。Redpoint 和 Tracxn 都把公司放在 San Jose,并列出五名创始人;Cyberhaven 自身公开材料却在不同时点使用了不同的湾区发稿地:September 2024 是 San Jose,April 2025 是 Palo Alto,2025 年底和 2026 年初是 Mountain View。扩展隐私政策也列出 Palo Alto 通讯地址。尽调时,最稳妥的标准描述是:Cyberhaven 是一家私营湾区公司,San Jose 得到最强的非公司来源支持,但总部精确地址仍需直接确认。 行业重心更具体。Cyberhaven 公开瞄准技术 / SaaS、制造、律所、投资管理和医疗,这与其保护敏感知识产权、受监管数据和 AI 工作流的叙事一致。最合适的处理方式是把公司视为一家 2025 年进入独角兽行列的后期私营安全厂商,但它仍只披露经过选择的运营指标。 [CO001, CO002, CO003, CO004, CO005, CO006]
1.2 创始人、领导层厚度与关键人依赖
Redpoint 和 Tracxn 都列出 Cyberhaven 的五名创始人:Cristian Zamfir、George Candea、Radu Banabic、Vitaly Chipounov 和 Volodymyr Kuznetsov。目前可得来源中的公开创始人履历很少,但投资人和数据服务商页面反复出现同一五人名单,足以把这组人视为公司最有支撑的创始阵容。George Candea 也在 Tracxn 中以董事会观察员身份出现,说明公司商业化规模扩大后,至少仍有一部分创始人延续到治理层。 Howard Ting 看起来是把 Cyberhaven 从研究色彩很重的组织推向规模化商业安全厂商的执行者。BankInfoSecurity 报道称,Ting 于 June 2020 加入时公司约 18 人,到 May 2025 已约 220 人。Cyberhaven 随后在 September 2024 明显加厚管理层,引入 Nishant Doshi、Edward Sharp、Kristin Vines 和 Manoj Gupta,覆盖产品、财务、人力和企业发展。这些任命重要,因为它们显示公司在 D 轮前就开始为更大的 GTM 和平台路线图制度化。 领导层连续性仍需观察。Ting 于 May 2025 辞任 CEO,Doshi 经过三个月交接后接任,Ting 留在董事会。到 February 2026,Cyberhaven 自身发布稿已把 Doshi 列为 CEO,并把 James McCarthy 和 Aman Sirohi 加入领导团队。相比 early 2024,这一序列降低了单一高管依赖,但公司在 CEO 继任以及 2024 年规模化阶段引入的产品领导层上,仍有实质关键人敞口。 [CO003, CO017, CO018, CO019, CO020, CO021]
| 人物 | 当前 / 近期角色 | 背景 | 职能覆盖 / 创始人-市场匹配 | 关键人依赖 |
|---|---|---|---|---|
| Cristian Zamfir | 联合创始人 | Redpoint 和 Tracxn 资料中公开列为联合创始人 | 为基于血缘的安全平台提供创始技术 / IP 覆盖 | 中 |
| George Candea | 联合创始人;Tracxn 显示为董事会观察员 | 投资人和公司数据来源均公开列为联合创始人 | 创始人延续到治理和研究可信度 | 中 |
| Radu Banabic | 联合创始人 | 投资人和数据库来源中公开列为联合创始人 | 创始技术覆盖 | 低 |
| Vitaly Chipounov | 联合创始人 | 投资人和数据库来源中公开列为联合创始人 | 创始技术覆盖 | 低 |
| Volodymyr Kuznetsov | 联合创始人 | 投资人和数据库来源中公开列为联合创始人 | 创始技术覆盖 | 低 |
| Howard Ting | CEO 至 2025 年 5 月;留任董事会 | 将公司从研究型团队推向商业安全厂商 | 商业规模化和面向投资人的连续性 | 高 |
| Nishant Doshi | 2025 年 5 月为临时 CEO;2026 年 2 月已任 CEO | 前 CirroSecure / Propelo 创始人;前 Palo Alto Networks 负责人 | 领导层变更后的产品、工程和 CEO 连续性 | 高 |
| 高管:Edward Sharp / Kristin Vines / Manoj Gupta | CFO / 首席人事官 / 公司发展与合作 SVP | 2024 年 9 月宣布的高管招聘 | 面向规模阶段的财务、人力和外延增长班底 | 中 |
公开来源支持五位创始人和具名高管,但没有提供完整组织架构,或每位创始人的完整履历。
[CO003, CO017, CO019, CO020, CO021, CO041]1.3 资本形成、投资人与治理信号
对一家私营安全公司来说,Cyberhaven 的公开融资历史披露得异常充分。公司宣布 December 2021 完成 Redpoint 领投的 $33 million B 轮,June 2024 完成 Adams Street Partners 和 Khosla Ventures 领投的 $88 million C 轮,随后在 April 2025 完成 StepStone Group 领投、Schroders 和 Industry Ventures 新进的 $100 million D 轮。D 轮公告称累计融资 $250 million、估值 $1 billion。这是目前最强的一手资本结构来源,也应成为后续章节的基准。 C 轮期间,治理结构变得更可见。Cyberhaven 披露 Adams Street 合伙人 Fred Wang 随该轮融资加入董事会,这是已审材料中最清晰的公开董事会新增席位。Redpoint 的公司页另行确认其最早在 2021 年 B 轮与 Cyberhaven 合作,说明 Redpoint 相比 C 轮和 D 轮的新进入者是持有时间更长的利益相关方。Tracxn 通过列出 23 家机构投资者和 6 名天使投资人补充了广度,但公开数据库常常把轮次和投资人类型归类得不同于公司发布稿,因此只能作为方向性信息。 一个重要尽调细节是,各来源的累计融资数字并不完全一致。Cyberhaven 称 D 轮后为 $250 million,Tracxn 则称截至同日六轮合计 $236 million。差异很可能来自数据库对补助、历史轮次或投资人轮次归属的处理,而非实质资本错配;但这也提醒我们,只有公司按轮次发布的公告才应被视为标准口径。 [CO011, CO012, CO013, CO014, CO015, CO035]
| 利益相关方 | 角色 | 控制权或经济重要性 | 尽调问题 |
|---|---|---|---|
| StepStone Group | Series D 领投方 | 领投将 Cyberhaven 推至 $1B 估值的轮次 | 确认 Series D 的董事会权利、pro rata 权利和任何清算优先权 |
| Schroders | Series D 新投资人 | 作为新机构支持方参与独角兽轮 | 确认持仓规模,以及投资是否通过特定增长型载体完成 |
| Industry Ventures | Series D 新投资人 | 与 StepStone 和 Schroders 一起加入同一后期轮次 | 确认参与是否包含任何老股转让成分 |
| 投资方:Adams Street Partners / Fred Wang | Series C 共同领投;董事会代表 | Fred Wang 在 Series C 期间加入董事会,形成可见治理影响力 | 审查董事会观察员权利、保护性条款和未来融资否决权 |
| Khosla Ventures | Series C 共同领投 | 以 AI 主题支持 Cyberhaven 向 AI 时代数据安全扩张的投资人 | 确认持股比例和进入 Series D 的后续跟投参与 |
| Redpoint Ventures | Series B 领投方;早期机构伙伴 | 2021 年首次合作并长期持有的投资人,仍是强信号支持方 | 要求提供从 Series B 到 Series D 的持股滚动表 |
| George Candea | 联合创始人;Tracxn 显示为董事会观察员 | 即便商业化规模提升后,仍保留创始人关联的治理连续性 | 澄清当前治理角色,以及任何超级投票权或同意权 |
| Nishant Doshi | 2026 年任 CEO;前 CPDO | Ting 交接后的当前经营控制者,对产品和战略执行居中 | 确认正式 CEO 状态、雇佣条款和继任计划 |
该图谱只捕捉公开可见的控制和资本相关方;它不是完整股权结构表,并省略员工股权、SAFEs、债务和任何未披露的老股出售方。
[CO011, CO012, CO013, CO014, CO015, CO019]1.4 封面指标、披露限制与公开运营信号
Cyberhaven 披露的信息足以证明成熟度,但不足以在没有管理层访问的情况下承销业务。最强的公开封面指标包括 $1 billion D 轮估值、官方累计融资 $250 million、2026 财年三位数收入增长,以及超过 50% 的客户增长。公司还公开声称进入 Forbes AI 50 前五家公司中的四家,以及北美前五大银行,同时被金融、法律、零售、医疗和媒体等大型组织使用。这些说法显示出企业相关性和受监管数据敞口,但并未给出客户数、ACV、留存或按客户标识划分的收入集中度。 到估值工作最看重的规模指标时,公开披露明显变弱。已审公开来源均未给出绝对 ARR、收入或客户数。员工数也只能部分支撑:BankInfoSecurity 称 Cyberhaven 到 May 2025 约 220 人,而 PitchBook 公开 FAQ 列出 282 名员工,Tracxn 又显示一个不同且部分可见的员工数字字段。由于这些都不是公司官方 KPI 披露,员工数应视为低置信度区间,而不是标准数字。 安全态势信号好于财务透明度。Cyberhaven 的 Trust Center 展示 SOC 2 Type 2、GDPR、CCPA 和 PCI DSS v4.0.1 材料,并列出渗透测试和网络保险资料。浏览器扩展隐私政策进一步确认,雇主客户控制扩展数据,且该政策于 September 2024 更新。这些都是有用的尽调线索,但底层文件仍需授权访问,应直接向公司索取。 [CO012, CO022, CO023, CO024, CO025, CO033]
| 指标 | 数值 / 状态 | 日期 | 可信度 | 缺口 / 备注 |
|---|---|---|---|---|
| 成立年份 | 2016 | 2016 | 中 | PitchBook public FAQ 与 2014 年成立年份说法冲突。 |
| 总部 | San Jose, California(公开资料中支撑最充分的答案) | 2024-2026 公开资料 | 中 | 公司材料也提到 Palo Alto 和 Mountain View;需要直接确认。 |
| 阶段 | 非上市 Series D 轮 / 独角兽 | 高 | 基于官方 Series D 公告。 | |
| 累计融资 | $250M 官方口径;Tracxn 数据库为 $236M | 中 | 差异可能来自数据库分类,但应在尽调中核对。 | |
| 最新估值 | $1.0B | 高 | 官方 Series D 投后估值。 | |
| 员工数 | 220-282 | 2025-05 至 2026 预览数据 | 低 | BankInfoSecurity 称约 220 人;PitchBook public FAQ 称 282 人;没有官方当前总数。 |
| 收入 / ARR | 只披露了三位数增长;公开资料没有找到绝对收入或 ARR。 | |||
| 客户数 | 公开来源披露增长率和客户类别,而不是绝对数量。 | |||
| 客户增长 | >50% 同比 | FY2026(截至 2026-01-31) | 中 | 只有官方百分比披露。 |
| 合规状态 | 合规框架:SOC 2 Type 2、GDPR、CCPA、PCI DSS v4.0.1 | 2026 年信任中心快照 | 中 | 原始报告设有访问门槛。 |
本章把融资和估值作为权威口径,但对员工数、ARR、收入和绝对客户数保持保守,因为公开披露不完整或相互冲突。
[CO004, CO005, CO006, CO007, CO011, CO012]Cyberhaven 的身份叙事把数据血缘优先的产品逻辑,与企业客户、后期资本以及少数集中的执行依赖绑在一起。
[CO001, CO011, CO012, CO023, CO024, CO025]序数评分卡把本章证据压缩成可快速阅读的可投性和披露质量视图。
评分是分析师基于本章有来源支撑的主张生成的 0-10 序数摘要,不是公司直接发布的 KPI 数值。
[CO001, CO011, CO012, CO022, CO023, CO033]1.5 里程碑、负面事件与后续章节可复用内容
可复用的公司时间线很清楚。公开来源支持:2016 年成立;2021 年 B 轮;2022 年发布内部威胁产品;June 2024 C 轮引入 Adams Street 并新增董事会席位;September 2024 扩充领导层;December 2024 浏览器扩展被攻陷;April 2025 D 轮使公司成为独角兽;May 2025 CEO 交接;November 2025 入选 Deloitte Fast 500;February 2026 发布业绩,报告强劲增长但未给出绝对财务数据。这些事件合在一起,展现出公司在很短窗口内从技术起源叙事走向品类营销规模。 负面事件具有实质性,应延续到风险章节。TechCrunch、BleepingComputer 和 Nightfall 都描述了 December 2024 下旬公司账号被攻陷后发布的恶意 Chrome 扩展更新。据报道影响包括认证会话和 cookie 暴露、约 400,000 名扩展用户处于风险中,并与一场影响超过 35 个扩展、约 2.6 million 用户的更大行动有关。该事件不否定产品逻辑,但对一家销售数据保护软件的公司来说,它是声誉和运营压力测试。 事件后的增长叙事仍然强劲。Cyberhaven 仍完成 D 轮,在没有明显公开扰动的情况下更换 CEO,在 Deloitte 2025 Technology Fast 500 中排名 #51,并随后报告 2026 财年三位数收入增长。后续章节可复用这一序列作为核心框架:强劲资本和品类动能,与披露缺口和有意义的运营污点并存。 [CO005, CO015, CO019, CO021, CO022, CO026]
| 日期 | 事件 | 类型 | 金额 / 估值 / 状态 | 参与方 | 含义 |
|---|---|---|---|---|---|
| 2016 | Cyberhaven 成立;公开资料列出五位联合创始人 | 创立 | 公开资料支持成立年份,具体日期未披露 | 创始人:Cristian Zamfir、George Candea、Radu Banabic、Vitaly Chipounov、Volodymyr Kuznetsov | 为后续血缘驱动安全叙事奠定技术创始基础 |
| 2021-12-14 | Series B 融资宣布 | 融资 | $33M;当时累计融资 $52M | 投资方:Redpoint、Forgepoint、Wing、Vertex Ventures US、Costanoa、Crane | 首个清晰可见的机构规模化轮次 |
| 2022-11-17 | Insider Threat Platform 发布 | 产品 | 实时阻断被定位为品类差异点 | Cyberhaven;PRNewswire 分发;引用客户 Day & Zimmermann | 公司从 DDR 定位扩展到内部人风险防护 |
| 2024-06-11 | Series C 完成,Fred Wang 加入董事会 | 融资 | $88M;SecurityWeek 报道估值约 $488M | 投资方:Adams Street、Khosla、Redpoint、Costanoa、Vertex、Crane、Wing | 资本加正式治理里程碑 |
| 2024-09-17 | 高管团队新增四位资深成员 | 治理 | 发生在新增签约额增长 200% 的年份 | 高管:Nishant Doshi、Edward Sharp、Kristin Vines、Manoj Gupta | 在 Series D 和 CEO 交接前搭建规模阶段班底 |
| 2024-12-27 | Chrome 扩展被攻破并公开披露 | 负面 | 恶意 v24.10.4 更新;约 400k 用户可能受影响 | Cyberhaven 客户;TechCrunch 和 BleepingComputer 报道 | 数据安全厂商的重大运营和声誉事件 |
| 2025-04-02 | Series D 以独角兽估值宣布 | 融资 | $100M;$1B 估值;累计融资 $250M | StepStone、Schroders、Industry Ventures | 公司被重新定价进入后期 / 独角兽队列 |
| 2025-05-13 | CEO 从 Howard Ting 交接给 Nishant Doshi | 治理 | 三个月交接后报道为临时交接;Ting 留任董事会 | Howard Ting、Nishant Doshi | 提出继任和关键人尽调问题,但保住连续性 |
| 2025-11-19 | Deloitte Technology Fast 500 认可 | 规模化 | 上榜 | Cyberhaven、Deloitte | 收入增长动能获得第三方验证 |
| 2026-02-10 | FY2026 增长更新发布 | 规模化 | 三位数收入增长;客户增长 >50% | Cyberhaven、Nishant Doshi | 尽管缺少绝对收入 / 客户数,仍释放强动能信号 |
这是本章的公开记录时间线。它优先纳入融资、产品、治理、规模和负面事件,且这些事件至少可由两个来源交叉验证。
[CO003, CO005, CO011, CO013, CO014, CO015]公开证据交叉确认的里程碑显示,Cyberhaven 从创立走到产品广度扩大、完成一轮大幅融资跃升,也经历了一次重大负面事件,并在 2026 年初重新披露增长。
创立节点锚定为 2016-01-01,因为已审阅公开来源只披露年份,未披露具体日期。
[CO005, CO011, CO013, CO014, CO017, CO019]1.6 图表与要点
02市场分析
2.1 市场边界、纳入支出与替代方案
Cyberhaven 的正确市场边界,要从产品实际声称能做什么开始。Cyberhaven 官方材料把公司定位为 AI 与数据安全平台,统一端点、云、本地、SaaS 和 AI 工具中的 DSPM、DLP、内部人员风险管理和 AI 安全。因此,纳入支出既不是「全部网络安全」,甚至也不是数据安全的完整宇宙。最相关的资金池,是企业在发现敏感数据、分类敏感数据、监控数据移动、防止未授权传输,以及调查高风险用户或 AI 辅助数据处理上的支出。相邻支出包括 Microsoft Purview 的原生数据安全套件、Zscaler 的云交付 DLP,以及 Palo Alto Networks 与 CNAPP 集成的 DSPM。现状替代方案包括 Microsoft 原生控制、传统 DLP 技术栈、手工数据分类项目,以及只聚焦云存储库的单点产品。应排除的支出包括通用 SIEM、防火墙、端点保护和广义基础设施安全预算,因为这些预算并不直接购买数据发现、数据分类、外泄防护或内部人员风险响应。这个边界很重要,因为 Cyberhaven 的公开叙事讲的是流动中数据的上下文、血缘和响应质量,而不是占有整个安全技术栈。[CM001, CM002, CM003, CM004, CM006, CM007]
| 细分 / 品类 | 纳入支出 | 排除支出 | 买方 / 付款方 | 相关性 |
|---|---|---|---|---|
| 统一 AI 和数据安全平台 | DSPM、DLP、内部人风险管理、AI 安全控制、事件调查工作流 | 通用 SIEM、防火墙、端点保护和无关基础设施安全支出 | CISO、安全平台负责人、中央 IT / 安全预算 | Cyberhaven 使用的直接框架 |
| 数据防泄漏(DLP) | 跨 Web、电子邮件、端点、可移动介质、云和 AI 渠道执行策略 | 未与数据处理控制绑定的威胁情报、网络防火墙和 IAM 支出 | 安全运营、合规、数据保护负责人 / 安全或合规预算 | 核心邻近品类和传统替代方案 |
| 内部人员风险管理(IRM) | 行为分析、策略告警、调查、兼顾隐私的内部滥用治理项目 | 通用 HR 软件、未绑定数据风险处置动作的通用 UEBA | 合规负责人、内部人员风险调查员、法务和安全相关方 / 中央治理预算 | Cyberhaven 风险用户定位的核心邻近品类 |
| 数据安全态势管理(DSPM) | 敏感数据发现、分类、暴露面映射、合规报告、云数据上下文 | 不含数据分类、只管基础设施的态势管理 | 云安全和数据治理团队 / 云安全或平台预算 | 与 Cyberhaven 数据血缘和可视性主张最相关的新兴品类 |
| 原生套件替代方案 | Microsoft Purview 或类似套件控制,随更广的合规和数据安全项目打包 | 买方只想使用打包原生控制时,最佳单项平台不计入 | 既有 Microsoft 或合规负责人 / 现有套件预算 | 重要现状替代方案,可能拖慢独立产品采用 |
| 排除的邻近领域 | null | 广义网络安全套件、SOC 工具、端点检测和非数据中心型安全品类 | 混合型企业安全买方 / 混合预算 | 可作外围背景,但不是干净的 Cyberhaven 收入池 |
边界受证据限制,并有意排除泛网络安全 TAM 主张。各行聚焦官方产品和市场来源中出现的、与 Cyberhaven 邻近的支出品类。
[CM001, CM003, CM007, CM008, CM010, CM016]| 供应商 / 做法 | 公开类别 | 公开材料强调什么 | 可能买方 | 对 Cyberhaven 的影响 |
|---|---|---|---|---|
| Microsoft Purview | 统一数据安全 / 治理 / 合规 | 集成数据安全、DSPM、DLP、内部人员风险、调查和合规工作流,覆盖 Microsoft 体系 | 以 Microsoft 为中心的 CISO、合规负责人或租户管理员 | 买方偏好延伸既有 Microsoft 关系时,这是强打包替代方案 |
| Zscaler | 统一 DLP / SSE 主导的数据保护 | 跨 Web、电子邮件、端点、私有应用和云的跨渠道 DLP,策略集中管理 | 安全运营或 SSE 平台负责人 | 买方关注跨流量渠道的策略执行时,它是强替代方案 |
| Palo Alto Networks | DSPM 加更广的云安全栈 | 敏感数据发现、分类、合规可视性、API 和云安全集成 | 云安全负责人或 CNAPP 负责人 | 多云买方希望把数据安全放进更大的云安全平台时,它是强替代方案 |
| 传统和手工控制 | 继承来的原生控制加手工审核 | 既有项目常被工具割裂、告警疲劳和覆盖不一致拖住 | 中央 IT 或人手不足的安全团队 | 若 Cyberhaven 能证明信号质量更好、上下文更广,这就是主要替换目标 |
本表拆出替代路径,而不是品类定义。它不同于 T201:这里比较的是可能先于 Cyberhaven 吸走预算的公开供应商打法。
[CM008, CM009, CM016, CM017, CM018, CM019]2.2 规模测算视角,以及公开 TAM/SAM/SOM 仍受限制的原因
只有边界逻辑保持清楚,公开市场规模测算才有用。最宽的相邻视角是 DLP:Grand View 估算全球 DLP 市场在 2022 年为 $1.87B,到 2030 年达到 $9.33B,且云部署已是最大模式。下一个视角是内部人员风险管理,ResearchAndMarkets 估算该市场从 2024 年 $2.4B 增至 2030 年 $3.7B,Verified Market Reports 则给出更大的路径:2024 年 $3.14B 到 2033 年 $8.23B。最贴近 Cyberhaven 的新兴品类是 DSPM,但即便在这里,公开估算也差异很大:Growth Market Reports 称 2024 年 $1.42B 到 2033 年 $17.2B,DataHorizzon 则把 DSPM 工具市场放在 2023 年 $1.8B、2033 年 $5.7B。Palo Alto 的供应商撰写市场指南又给出不同框架,引用 2025 年市场估值 $415M-$2B,以及 25%-37% 年增长。合起来看,证据支持一个有意义且扩张中的数据中心安全机会,但不支持干净嵌套的 TAM/SAM/SOM 金字塔。品类彼此重叠,预测年份不同,有些来源统计独立工具,有些则纳入集成平台模块。这足以给市场方向划界,但不足以声称一个精确的公开 Cyberhaven SAM 或 SOM。[CM020, CM021, CM022, CM029, CM030, CM032]
| 发布方 | 年份 | 地域 | 数值 | CAGR | 方法 | 置信度 | 局限 |
|---|---|---|---|---|---|---|---|
| Grand View Research | 2022-2030 | 全球 | $1.87B (2022) 至 $9.33B (2030) | 22.3% (2023-2030) | 带公开细分的邻近 DLP 市场视角 | 中 | DLP 是核心邻近支出,因此与 Cyberhaven 相关;但该口径过度纳入传统控制和打包控制。 |
| ResearchAndMarkets | 2024-2030 | 全球 | $2.4B (2024) 至 $3.7B (2030) | 7.6% (2024-2030) | 来自公开报告摘要的内部人员风险管理市场视角 | 中 | 可用于 IRM 预算背景,但窄于 Cyberhaven 的完整平台范围。 |
| 来源:Verified Market Reports | 2024-2033 | 全球 | $3.14B (2024) 至 $8.23B (2033) | 11.2% (2026-2033) | 另一组 IRM 市场视角 | 低 | 边界和方法比高等级分析机构来源更难审计。 |
| 来源:Growth Market Reports | 2024-2033 | 全球 | $1.42B (2024) 至 $17.2B (2033) | 33.6% (2025-2033) | 宽口径 DSPM 市场研究报告 | 中 | 可判断增长方向,但可能纳入比独立 DSPM 工具更宽的解决方案范围。 |
| DataHorizzon Research | 2023-2033 | 全球 | $1.8B (2023) 至 $5.7B (2033) | 12.1% (2025-2033) | DSPM 工具市场视角 | 中 | 数值低于 Growth Market Reports,因为它似乎采用更窄的工具定义。 |
| Palo Alto Networks Cyberpedia | 2025-2030 | 全球 | $415M-$2.0B(2025 年公开估算区间) | 到 2030 年为 25%-37% | 供应商撰写的公开 DSPM 市场估算汇总 | 低 | 可作为保留矛盾的交叉校验,但不是独立分析机构成果。 |
本表替代原计划的规模测算金字塔。公开 DLP、IRM、DSPM 估算在品类和预测窗口上互相重叠,强行嵌套成 TAM/SAM/SOM 金字塔会制造虚假的精确感。
[CM020, CM021, CM029, CM032, CM035, CM037]公开资料给出与 Cyberhaven 最相关的三个相邻品类——DLP、DSPM 和内部人风险管理——低 / 基准 / 高三档 CAGR 边界。
中点值是分析师为呈现相互矛盾的公开区间而归一化的锚点。低值和高值直接来自保留来源;这张图用于展示不确定性,而不是给出单一权威预测。
[CM020, CM029, CM032, CM035, CM037, CM039]2.3 买方分层、预算归属与采用路径
公开买方地图更偏安全和合规,而不是开发者主导。Cyberhaven 自身云市场和官网信息反复瞄准安全团队、IT 专业人员、CISO 和受监管数据运营方;Microsoft 的内部人员风险文档则显示,采购往往嵌在合规、安全和租户管理工作流里,并伴随许可门槛和明确角色组设置。实操中,经济买方通常是 CISO、合规负责人或中心化安全平台负责人;运营用户是安全分析师、内部人员风险调查员和 IT 管理员;付款方通常是中心化安全、合规或 Microsoft/Purview 相邻平台预算。采用路径也能从公开材料中看出来:组织先意识到数据蔓延或内部人员风险问题,再评估传统或原生控制是否噪音过多,然后在一两个数据渠道试点,随后把工具接入身份、工单、DLP 或云工作流,最后才扩展为更广的数据安全项目。由于隐私设置、选择加入提示、连接器和跨平台策略执行都很重要,部署不是一笔标准化席位销售。最可能解锁预算的情形,是买方能把内部人员风险、AI 治理和合规报告连进一个可衡量的控制平面。[CM003, CM005, CM011, CM013, CM014, CM015]
| 细分市场 | 买方 | 用户 | 付款方 | 工作流 | 预算归属方 | 采用触发因素 |
|---|---|---|---|---|---|---|
| Microsoft 365 和合规负担重的企业 | CISO / 合规负责人 | 内部人员风险分析师、合规管理员、IT 管理员 | 中央安全或合规预算 | 已使用 Purview 式治理,希望扩大跨渠道执行 | CISO 或合规 VP | 原生控制制造噪声、角色复杂度,或在 Microsoft 体系外留下缺口 |
| 多云和 SaaS 密集型企业 | 云安全负责人 | 云安全工程师和数据治理团队 | 云安全平台预算 | 需要在云和 SaaS 中跑通 DSPM 式发现、分类和暴露面映射 | 云安全 VP / CISO | 云、SaaS 和 AI 工作流中的敏感数据可视性缺口 |
| 受监管数据运营方(医疗、法律、金融) | CISO / 隐私 / 法律运营负责人 | 安全调查团队和业务数据负责人 | 安全、隐私或风险预算 | 保护受监管或高价值数据,同时保留审计轨迹 | 首席风险官 / CISO | 监管压力、泄露证据和内部人员滥用风险 |
| 现代 Web、端点和协作环境 | 安全平台负责人 | SOC 分析师和端点 / Web / 邮件管理员 | 中央安全运营预算 | 将 Web、电子邮件、端点、可移动介质和云渠道的 DLP 统一起来 | 安全工程总监 | 传统 DLP 运维负担和策略执行不一致 |
| 担心影子 AI 的 AI 采用型企业 | CISO / AI 治理委员会 | 安全分析师、AI 项目负责人、IT 管理员 | 安全或 AI 治理预算 | 追踪数据流入 AI 工具的位置,阻止不安全提示词或上传 | CISO 搭配 CIO / AI 治理发起人 | 需要加速采用 AI,同时避免数据不受控泄露 |
买方地图根据官方产品材料和邻近套件文档综合而成,而非 Cyberhaven 披露的客户结构或合同金额。
[CM003, CM005, CM011, CM013, CM014, CM015]将最可能的 Cyberhaven 买方细分映射到预算负责人、主要用户、采用触发因素、替代基线和落地摩擦。
各单元格把多个官方和独立来源综合成可比较的买方原型。它们是有证据支撑的分析师判断,不是直接的客户调研输出。
[CM003, CM005, CM011, CM013, CM014, CM016]基于官方买方、授权和集成材料,展示企业采购 Cyberhaven 式数据安全产品时最可能的采用顺序。
该顺序由公开产品、文档和部署准备材料重建而来。Cyberhaven 未公开披露正式漏斗或销售周期中位数。
[CM013, CM014, CM019, CM023, CM024, CM025]2.4 增长驱动、采用约束与估值相关性
支撑 Cyberhaven 采用的驱动因素具有持续性。第一,云和多云蔓延持续把敏感数据推向端点、SaaS 和云存储库,正好对应公开 DSPM 研究强调的数据发现与分类问题。第二,AI 采用制造新的外泄和治理问题:Cyberhaven、Microsoft 和 Palo Alto 都强调保护现在会流经 AI 工具和智能体的数据。第三,监管和治理压力正在上升;SEC 规则现在要求上市公司更明确披露网络风险管理和治理,而 Microsoft 与 CISA 材料显示,内部人员风险控制正在从临时调查变成正式项目。第四,泄露数据让紧迫感维持高位。HIPAA Journal 对 Verizon 2024 DBIR 的总结显示,在 Verizon 方法论下,内部行为人造成 70% 的医疗数据泄露,人为错误涉及 68% 的泄露。约束同样真实:传统环境碎片化,告警质量可能很差,许可和权限会拖慢落地,公开市场预测也不同意品类边界。对估值而言,这意味着 Cyberhaven 暴露于一个真实且增长中的市场,但投资人应对实施摩擦,以及合同规模、胜率和垂直行业组合缺乏公开证据做折价。[CM009, CM014, CM020, CM022, CM023, CM025]
| 驱动因素 / 约束 | 方向 | 时点 | 含义 | 尽调追问 |
|---|---|---|---|---|
| 云和多云数据蔓延 | 驱动因素 | 当前 | 强化对跨混合环境的 DSPM 式数据发现和分类需求 | 向管理层询问按连接器划分的云存储库覆盖和价值实现时间 |
| AI 采用和影子 AI 风险 | 驱动因素 | 当前且上升 | 支撑 Cyberhaven 围绕 AI 工具和智能体数据保护的定位 | 要求提供 AI 策略执行和 AI 专属误报率的客户证据 |
| 监管和治理披露压力 | 驱动因素 | 当前 | 帮助安全负责人为数据治理、内部人员风险和审计投入找依据 | 索取治理或披露义务加速采购的客户案例 |
| 内部人员驱动的泄露紧迫性 | 驱动因素 | 当前 | 提高买方为内部人员风险和调查能力买单的意愿 | 要求提供医疗、金融和法律部署中的行业级事件处置手册和结果指标 |
| 传统 DLP 误报和运维拖累 | 替换驱动因素 | 当前 | 为具备数据血缘和上下文感知的平台创造替换机会 | 验证 Cyberhaven 的误报改善能否在标杆客户之外延续 |
| 工具割裂和集成负担 | 约束 | 当前 | 如果数据安全控制仍靠拼接,部署会拉长,ROI 会被稀释 | 询问身份、工单和云环境的集成时间中位数 |
| 许可、权限和隐私控制 | 约束 | 当前 | 安全和合规工具往往需要配置角色、获得治理审批,并细化管理员权限范围 | 按客户细分索取平均管理员配置工作量和隐私审查要求 |
| 公开品类定义互相冲突 | 约束 | 当前 | 让外部 SAM/SOM 主张可靠性下降,并可能抬高叙事型 TAM | 向管理层索取与胜率、ACV 和细分市场组合挂钩的内部自下而上市场模型 |
2.5 图表与要点
03竞争格局
3.1 竞争版图与买方替代方案
Cyberhaven 并不是在一个绿地品类里销售。公开候选名单和供应商撰写的对比页持续把它同时放在三类竞争者面前:Microsoft Purview、Forcepoint、Symantec DLP 等既有企业 DLP 套件;Mimecast Incydr、Proofpoint 等直接的内部人员风险和响应中心平台;以及 Nightfall 等相邻的云与 AI 导向 DLP 厂商。这个格局很重要,因为买方所谓的「替代方案」往往不是单一同类产品。许多企业的现实替代路径,是扩展现有 Microsoft 或传统 DLP 体系,在其上叠加内部人员风险工作流工具,并在新的项目负责人拿到预算和高管支持前推迟任何替换采购。因此,Cyberhaven 竞争的不只是某个直接同业,还包括现状和套件扩张。 竞争版图也因用例而异。Cyberhaven 的数据血缘优先叙事适合买方关注知识流重建、内部人员调查,以及阻止数据在端点、SaaS 和 AI 工具间高风险共享的场景。Microsoft 在 M365 原生覆盖、隐私优先工作流和采购杠杆占主导时竞争力强。Forcepoint 和 Symantec 代表大型混合环境中偏传统、控制重的路径。Mimecast 和 Proofpoint 主打快速内部人员风险响应和多渠道证据。Nightfall 以更简单的部署和公开定价信号切入 SaaS、浏览器和 AI 应用问题。尽调视角下,这意味着 Cyberhaven 必须赢在精度和工作流质量,而不只是产品名里有「DLP」。 [CP030, CP031, CP035, CP036, CP038]
3.2 Cyberhaven 领先之处与对手最强位置
Cyberhaven 最清晰的公开优势是上下文。其产品页和对比页称,平台把内容分析与数据血缘结合起来,追踪数据从哪里来、流向哪里,并重建导致泄露或内部人员风险事件的过程。同一批材料还声称,相比传统、只看内容的 DLP,平台能显著减少误报并大幅加快调查。对 R&D 密集和受监管团队来说,这是有说服力的采购故事:这些团队不只想打勾满足合规,更关心敏感数据是否真的暴露、谁处理过、行为是恶意还是误操作。 但对手会各自攻击这个故事的不同弱点。Microsoft 公开文档强调装机 M365 环境中的深度内容分析、机器学习、广泛策略覆盖和注重隐私的内部人员风险运营。Forcepoint 和 Symantec 让大型企业的既有姿态论点继续存在,因为这些企业已有成熟策略团队和混合基础设施。Proofpoint 和 Mimecast 侧重以调查为中心的工作流、多渠道遥测和自动化响应控制。Nightfall 的公开页面和定价强烈指向快速上线,以及现代 SaaS、浏览器、端点和 AI 应用覆盖。Varonis 则通过把 DLP 与 DSPM、UEBA、访问治理和 AI 安全配对,推进相邻平台广度。换句话说,Cyberhaven 的信息有差异化,但候选名单很深,因为相邻厂商可以把采购决策框定为套件杠杆、简单性或云覆盖,而不是数据血缘。 [CP001, CP002, CP003, CP004, CP011, CP014]
| 供应商 | 类别 | 规模 / 融资信号 | 目标细分市场 | 差异化 | 局限 |
|---|---|---|---|---|---|
| Cyberhaven | 血缘优先的挑战者 | 估值 $1.0B;截至 2025 年 4 月累计融资 $250M | AI 密集、受监管、知识密集型企业 | 数据血缘加内容上下文、低噪声调查、持续扩展云连接器 | 2024 年 12 月扩展事件造成信任受损;公开定价仍未披露 |
| Microsoft Purview | 在位套件 | Microsoft 合规和 M365 分发 | 以 Microsoft 365 为中心的企业 | 深度内容分析、广泛位置覆盖、隐私优先设计的内部人员风险工作流 | 计量和订阅定价更难比较;在 Microsoft 体系内最强 |
| Forcepoint DLP | 在位混合 DLP | 成熟企业 DLP 平台 | 大型混合和受监管企业 | 覆盖端点、电子邮件、Web 和云的风险自适应控制 | 公开材料仍显示调优和部署工作量重于现代 SaaS 主导的竞品 |
| Mimecast Incydr | 直接内部人员风险同行 | Mimecast 人因风险组合 | 分布式和云优先劳动力 | 无需预设策略的可视性,加上下文优先级排序和自动化响应控制 | 公开定价未披露,公开差异化不如数据血缘专门 |
| Nightfall AI | 邻近云 / AI DLP | 公开按用户定价层级 | SaaS、浏览器、端点和 AI 应用密集型团队 | 跨 SaaS、端点和 AI 工具的实时阻断和辅导,主打快速上线 | 比传统企业混合场景更云优先;批评部分来自竞争对手 |
| Symantec DLP (Broadcom) | 传统在位者 | 根深蒂固的企业 DLP 产品族 | 成熟安全团队的大型企业 | 知名多渠道 DLP 品牌和传统企业覆盖 | 与同行相比,当前公开 Web 证据较少;传统复杂度仍是市场叙事的一部分 |
样本取自 2025-2026 年审阅来源中,围绕 Cyberhaven 最常反复出现的公开候选名单供应商。延伸既有 Microsoft 或传统 DLP 体系的现状方案,以及围绕既有控制选择性自建的工作流,在正文而非供应商行中讨论。
[CP001, CP008, CP015, CP016, CP017, CP020]| 购买标准 | Cyberhaven | Microsoft Purview | Forcepoint DLP | Mimecast Incydr | Nightfall AI |
|---|---|---|---|---|---|
| 上下文 / 数据血缘精度 | 高 — 数据血缘加内容上下文,重建事件链 | 中 — 深度内容分析和策略上下文,但定位不是围绕持续数据血缘 | 低至中 — 公开叙事以规则和策略为主 | 中 — 内部人员事件中的文件、用户和目的地上下文 | 中至高 — DEX 信息中称具备完整血缘,但公开证据显示,其历史调查深度不如 Cyberhaven |
| 端点和浏览器控制 | 高 — 端点静态数据扫描和外泄阻断是卖点核心 | 高 — 端点设备和内联 Web 流量都在范围内 | 高 — 端点、电子邮件、Web 和云都在范围内 | 中 — 内部人员风险控制较强,但浏览器专属公开细节较少 | 高 — 端点和浏览器是明确的 DEX 覆盖面 |
| SaaS / 云应用覆盖 | 中 — 借 OneDrive、SharePoint、Google Drive 连接器改善,但竞品会质疑覆盖深度 | 高 — 公开文档显示,既有 M365 原生覆盖,也覆盖非 Microsoft 云应用 | 中 — 明确支持云,但公开信息仍以企业策略广度为中心 | 中 — 明确监控文件、用户和应用 | 高 — SaaS、AI 应用和云集成是卖点核心 |
| 原生内部人员风险工作流 | 高 — 完整事件时间线和 Linea AI 调查框架 | 高 — 策略模板、告警、案件和 eDiscovery 升级 | 中 — 预防叙事强,公开案件工作流细节较少 | 高 — 无需预设策略即可开始监控,加自动化响应工作流 | 中 — 预防和辅导较强,法律 / 合规案件处理的公开细节较少 |
| 信任 / 合规态势 | 中 — 受监管客户主张强,但扩展事件仍是活跃异议点 | 高 — 隐私优先设计的假名化和较深的合规工作流 | 高 — 企业合规态势和长期 DLP 文档积累 | 中 — 响应和上下文较强,但公开合规细节少于 Microsoft / Forcepoint | 中 — 现代平台叙事强,但审阅来源中公开受监管企业案例较少 |
| 公开定价透明度 | 低 — 审阅来源中未见公开标价 | 中 — 官方定价公开,但按量计费且复杂 | 低 — 审阅页面以演示为导向 | 低 — 审阅页面以解决方案为导向,未列公开标价 | 高 — 定价页公开按用户 / 年的层级 |
序位标签只反映已审阅公开来源能支撑什么。“低”或“中”不表示产品实际弱;只表示审阅页面上的证据基础较薄,或表述不够明确。
[CP001, CP004, CP011, CP012, CP013, CP014]Cyberhaven 在上下文检测深度上位置最靠前,Microsoft 和传统老牌厂商在分发与装机基础杠杆上最强。Nightfall 在现代 SaaS 和 AI 覆盖上更靠前,但公开证据中显示的老牌厂商触达力较弱。
序数评分综合的是保留的公开证据,而不是有来源支撑的市场份额数字。排名依据是相对于 Cyberhaven 核心采购标准的定位:上下文深度和分发触达。
[CP001, CP015, CP016, CP020, CP023, CP030]按公开证据中反复出现的标准——上下文精度、SaaS 广度、内部人风险工作流和定价透明度——对最相关入围供应商做定性映射。
矩阵单元格是基于已审阅来源提炼出的序数文本标签,用来指导尽调优先级,不能替代上手产品测试。
[CP001, CP012, CP014, CP016, CP021, CP025]压缩呈现截至 2026-05-05 公开证据最清楚显示的竞争态势。
90-95% 区间合并了 Cyberhaven 在 2025-2026 年不同来源中发布的两项公司主张。定价信号数量指已审阅样本中,Microsoft、Nightfall 和 Teramind 在公开页面披露具体定价或计量结构的情况。
[CP002, CP003, CP005, CP010, CP015, CP026]3.3 护城河耐久性、切换成本与反向证据
公开证据支持 Cyberhaven 拥有真实但可争夺的护城河。公司有牵引信号——FY2026 客户增长超过 50%、赢下 AI 密集和受监管账号,以及以 $1 billion 估值获得新融资——意味着它有相当资源继续扩展平台。近期发布也显示公司从以端点为中心的数据血缘,拓展到云连接器、静态数据扫描、AI 驱动分类和数据目录。这种扩张在战略上必要,因为最强的反向证据并不是说 Cyberhaven 缺少核心想法;而是买方可能仍会看到覆盖缺口、部署负担和边缘处的信任风险。 这些边缘风险具有实质性。Nightfall 的竞争简报攻击 Cyberhaven 在 SaaS 可见性、端点上传覆盖和修复速度上的不足。SecurityWeek 关于 December 2024 恶意 Chrome 扩展更新的报道,会形成竞争对手可在采购场景中使用的异议,尤其是浏览器重度部署。既有厂商还保留非技术切换成本优势:Microsoft 可以把 DLP 和内部人员风险能力打包进更广的合规支出;Forcepoint、Symantec、Proofpoint 和 Mimecast 则可以把自己定位为现有控制平面的延伸,而不是全新的安全项目。结果是,买方明确重视上下文丰富的调查和更低误报率时,Cyberhaven 的护城河最强;采购更看重打包分发、既有工作流,或可公开证明的定价和合规覆盖时,护城河最弱。 [CP005, CP006, CP007, CP008, CP009, CP010]
| 供应商 | 公开定价信号 | 计费单位模型 | 包含能力 / 打包信号 | 含义 |
|---|---|---|---|---|
| Cyberhaven | 审阅过的公开页面突出 DLP、内部人员风险、AI 安全和云连接器 | 审阅来源中未找到公开标价,因此买方 TCO 仍是尽调事项 | ||
| Microsoft Purview | 混合型公开定价 | 基于订阅的能力,加基于消耗的计量项和 DSPU | DLP、静态和传输中保护、内部人员风险管理定价均为官方口径,但不是简单按席位公开标价 | 既有 Microsoft 买方更容易吸收,但很难与固定费率供应商做同口径比较 |
| Forcepoint DLP | 产品和文档页面强调企业部署和咨询 | 公开网页审阅显示,它更像演示驱动的企业销售,而非透明自助定价 | ||
| Teramind | 公开网页定价 | 席位 / 月 | DLP 层级、200 条预打包 DLP 规则、自动 DLP 阻断、企业和政府打包 | 比多数同行透明,更适合早期候选名单筛选 |
| Nightfall AI | 公开网页定价 | 按应用覆盖层级计的用户 / 年 | DDR、DEX 与 Complete 层级;Complete 包含专属客户成功和 1 小时 SLA | 透明打包有利于 SaaS 和 AI 使用重的买家快速评估 |
| Mimecast Incydr | 产品页强调内部人风险结果和上下文自动化,不披露标价 | 定价尽调很可能嵌在更大的人员风险或电子邮件安全商业包中 |
空值表示所审阅的公开来源在报告日期没有披露可用标价。这是证据缺口,不等于供应商从不提供定价。
[CP015, CP026, CP028, CP029, CP037]| 护城河主张 | 支撑证据 | 威胁 / 竞品回应 | 严重性 | 缓释措施 / 尽调问题 |
|---|---|---|---|---|
| 数据血缘上下文降低误报并加快调查 | Cyberhaven 称误报减少 95%,调查速度提升 5 倍 | 套件厂商和邻近供应商都在补上下文、自动化和更广云覆盖 | 高 | 要求提供客户级前后对比指标和竞品同场评测证据 |
| 受监管和 AI 使用重的客户牵引验证了产品市场匹配 | FY2026 增长、Forbes AI 50 渗透和受监管客户背书 | 既有厂商可用打包续约和采购杠杆反击 | 高 | 核验具名客户可背书性,以及相对 Microsoft / 传统部署的续约率 |
| 云连接器扩展让 Cyberhaven 不止于端点血缘 | OneDrive、SharePoint 和 Google Drive 连接器,加上端点静态数据扫描 | Nightfall 等对手正明确攻击 SaaS 覆盖深度和部署简易性 | 高 | 在价值验证中测试连接器深度、浏览器覆盖和 SaaS 盲点 |
| 以调查为先的工作流对内部人风险团队有差异化 | 完整事件时间线、Linea AI 和带上下文的事件重建 | Mimecast 和 Proofpoint 用自动化和证据导出主打快速内部人风险响应 | 中 | 在现场试点中比较告警分诊工作量和案件工作流质量 |
| 信任姿态可支撑企业级扩张 | Cyberhaven 服务受监管客户,并把自己定位为安全平台 | 2024 年 12 月恶意扩展更新事件给对手留下可反复使用的采购异议 | 高 | 要求提供事后控制、扩展治理和第三方保证材料 |
3.4 图表与要点
04财务情况
4.1 收入模型、定价机制与 GTM 动作
最容易把 Cyberhaven 的变现模型描述为围绕统一 AI 与数据安全平台打包的企业软件订阅。公司当前产品页把一个平台定位为覆盖 DSPM、DLP、内部人员风险管理和 AI 安全,并以数据血缘作为共同控制层。这一架构在财务上重要,因为它支持落地后扩张销售:Cyberhaven 可以从数据检测与响应切入,然后随着客户需求扩展,叠加 DSPM 或 AI 安全控制等相邻模块。Microsoft 云市场上架信息也强化同一打包逻辑,称该统一方案能保护云、端点和可移动介质中的数据,同时与 Microsoft Purview、Salesforce 等工具集成。 商业上,Cyberhaven 并没有跑透明的自助 SaaS 动作。官网把买方导向预约演示和免费点播演示,而不是发布公开标价。第三方定价页和 AWS 私有报价文档也指向同一方向:定价看起来基于订阅,通常与端点或数据量等部署范围挂钩,再通过企业合同、量级折扣或云市场私有报价谈判。这意味着公开记录能支撑定价机制,但不能支撑实际成交价、折扣纪律或模块级收入组合。 GTM 广度正在改善。Cyberhaven 称自己渠道优先,运营经销 / 技术 / 集成合作伙伴项目,并且截至 April 2026 可通过 AWS、Azure 和 Google Cloud 云市场使用既有云承诺完成交易。这些采购选项很可能缩短企业审批,并拓宽收入路径,尤其适合买方已经通过超大规模云厂商承诺做预算的场景。不过,留存来源没有披露合同期限、续约率、实施服务占比,或订单额中来自直销、合作伙伴和云市场的比例。 [CI001, CI002, CI003, CI004, CI005, CI006]
| 收入流 | 机制 | 单位 | 当前价值 / 状态 | 质量 | 尽调问题 |
|---|---|---|---|---|---|
| 直销企业平台订阅 | 销售主导订阅统一的 DSPM + DLP + IRM + AI Security 平台 | 企业合同 | 2026 年仍活跃;官网以演示驱动采购 | 官方产品与演示证据 | 提供直销渠道 ARR、合同期限、ACV、续约率和模块附加率 |
| 云市场采购 | 通过 AWS / Azure / Google Cloud 市场交易,通常消耗既有承诺支出 | 市场订阅或私有报价 | 截至 2026-04-22,三大超大规模云均可购买 | 官方市场证据 | 按市场、云厂商和私有报价使用拆分签约额与开票额 |
| 渠道主导转售 | 转售商、技术伙伴和集成伙伴成交或影响交易 | 渠道主导企业交易 | 公司公开称采用渠道优先打法,并有渠道主导的云市场交易 | 官方伙伴证据 | 披露伙伴来源销售管线、签约额占比、毛利和赋能成本 |
| 模块扩展 / 交叉销售 | 基于同一数据血缘引擎,从 DDR 扩展到 DSPM、AI 安全和内部人风险工作流 | 账户内模块扩展 | 2025-2026 版本迭代显著扩展了平台 | 公司宣称的产品策略 | 提供净扩张、附加率和模块级 ARR 组合 |
公开记录能支撑收入机制和采购路径,但不能说明按模块、地区或渠道拆分的实际收入结构。
[CI001, CI002, CI003, CI004, CI006, CI007]| 定价要素 | 价格 / 单位 / 合同 | 标价与实际价格 | 折扣 / 未知项 | 来源 |
|---|---|---|---|---|
| 官方网站 | 没有公开标价;买家被引导至申请演示和点播演示页面 | 实际价格、最低消费和合同结构未披露 | Cyberhaven 官方网站 | |
| Gartner 定价摘要 | 订阅层级与端点数或数据量范围挂钩 | 描述定价机制,而非公开费率卡 | 可按需提供企业合同和量价折扣 | Gartner Peer Insights |
| Vendr 基准 | 35016 | 第三方年度中位数基准,不是官方费率卡 | 基准区间 28309-49221;是否适用于 Cyberhaven 当前企业客户结构尚不确定 | Vendr |
| AWS Marketplace 私有报价 | 协商后的私有报价 | 条款明确不公开,并按客户定制 | 私有报价 EULA 和价格均与卖方协商 | AWS Marketplace 买家指南 |
| 超大规模云市场承诺支出打法 | 抵扣既有云承诺支出 | 这是采购路径,不是标价 | 留存来源均未披露承诺支出采购是否低于直销合同价格 | Cyberhaven 云市场新闻稿 |
Vendr 和 Gartner 提供方向性的定价机制,但留存官方证据唯一能稳妥得出的结论是,Cyberhaven 采用协商式企业定价,而非透明公开费率卡。
[CI006, CI007, CI028, CI029, CI033, CI034]企业需求通过演示驱动、协商式订阅流程转为收入;交易可直签、经合作伙伴完成,也可走超大规模云厂商市场。
[CI006, CI007, CI014, CI028, CI029, CI030]4.2 公开牵引信号及其对单位经济的含义
公开牵引信号方向性很强,尽管经典 SaaS 效率指标仍未披露。Cyberhaven 的 June 2024 C 轮公告称新签订单额增长 200%;February 2026 业务结果发布称截至 January 31, 2026 的财年在收入、客户和平台采用上创纪录增长,包括同比三位数增长和超过 50% 的客户增长。同一发布还称,客户包括 Forbes AI 50 榜单前五家公司中的四家,以及部分北美前五大银行,另有其他受监管机构和律所。这些披露支持一个判断:Cyberhaven 正在上移到更大、更重视合规的企业客户。 客户验证也显示产品能产生可衡量的运营价值。Cyberhaven 强调,启用实时用户指导后,解决时长改善 200%,高风险行为减少 80%。预约演示和合作伙伴材料还加入了管理层说法:平台减少告警噪音、降低项目成本,并通过整合工具降低总拥有成本。这些不是 CAC、回本周期、总留存或 NRR 的替代品,但确实说明 Cyberhaven 为什么能追求高溢价企业销售,而不是走量驱动的商品化安全路线。 最难回答的公开数字问题是规模。独立数据供应商意见不一:Datanyze 和 ZoomInfo 都显示收入约 $64.9 million,Growjo 估计约 $52.4 million。这些数字足够可信,可以框出一个公开估算区间,但它们不是公司申报数据,不应视为可承销收入。合并来看,最强的单位经济解读仍是定性的:Cyberhaven 看起来拥有强劲企业需求、上升的销售速度和有意义的产品 ROI 信号,但公开记录仍缺少 CAC、回本周期、毛利率和续约质量的直接证据。 [CI008, CI009, CI010, CI011, CI012, CI013]
| 指标 | 值 | 置信度 | 重要性 | 尽调问题 |
|---|---|---|---|---|
| Series C 披露的新签约额增长 | 200 | 中 | 披露 CAC / 回本周期前,快速签约额增长是最强的公开销售效率代理指标 | 按年度提供签约额、净新增 ARR 和胜率桥接 |
| FY2026 客户增长 | >50% | 中 | 若扩展和续约健康,可支撑需求延续和潜在回本杠杆 | 按分群提供新增 logo、流失 logo 和扩展 ARR |
| 公开合同价值基准 | 35016 | 低 | 可方向性校验入门级合同经济性,但第三方基准可能低估大型企业交易规模 | 按客户规模和部署范围提供 ACV 分布 |
| 运营 ROI 代理指标:调查更快 | 处置时间改善 200% | 中 | 运营回本可支撑高端企业定价,并降低客户阻力 | 提供量化的人力节省和事件成本规避研究 |
| 运营 ROI 代理指标:风险降低 | 风险行为减少 80% | 中 | 若能广泛验证,用户行为改善可支撑留存和扩张叙事 | 提供样本量、测量周期和客户分群背景 |
| 公开年收入估算区间 | 52.4-64.9 USD M | 低 | 仅可作为粗略规模边界,因为供应商估算不一致且数据未申报 | 提供管理层口径 ARR / 收入及月度趋势 |
| CAC / 回本周期 / 销售周期 | 低 | 缺少这些指标,投资人无法判断 GTM 效率或招聘产出 | 按细分市场提供全负担 CAC、回本周期、销售周期和销售生产率 | |
| 毛利率 / 服务交付成本 | 低 | 毛利路径决定当前增长有多少能转化为持久经营杠杆 | 提供毛利率桥接、托管成本、支持负担和服务组合 |
公开证据在增长和客户 ROI 代理指标上最强,但传统单位经济指标仍是私人公司盲点。
[CI008, CI009, CI010, CI015, CI017, CI022]公开的单位经济模型证据从产品 ROI 和需求信号延伸到不完整的投资测算,因为 CAC、回本周期和毛利率数据仍未公开。
这张桥接图偏定性,因为公开来源披露增长和 ROI 代理指标,但不披露 CAC、回本周期、赢单率或毛利率。
[CI008, CI009, CI010, CI015, CI017, CI023]公开数据供应商暗示 Cyberhaven 收入基数在八位数中段、员工数为数百人,但区间噪声太大,无法精确测算。
下界来自 Growjo,上界来自 Datanyze / ZoomInfo。这些是第三方供应商对私营公司的估算,不是公司申报指标。
[CI037, CI038, CI039, CI040, CI041, CI042]4.3 资本充足性、融资依赖与尽调阻断项
公开记录中最干净的资本充足性事实是 April 2025 D 轮。Cyberhaven 称该轮带来 $100 million,使累计融资升至 $250 million,并把公司估值推至 $1 billion。管理层还称资金将支持 M&A、有机产品创新和激进 GTM 投入。这组信息通常意味着进攻性的资金用途,而不是防御性过桥轮:Cyberhaven 看起来在同时为平台扩张和分发增长融资。February 2026 业绩发布以及 April 2026 云市场扩张,也说明管理层在融资后继续投入,而不是放慢节奏。 尽管如此,仅靠公开数据仍很难承销公司。留存公开来源没有披露手头现金、月度烧钱、现金跑道、债务余额、契约条款、项目融资义务或下一轮触发条件。North Carolina Secretary of State 备案页显示公司按期提交年度报告,包括一个与 2026-01-31 财年日期相关的 2026 年备案,但没有提供上市公司备案才会有的运营财务报表。SEC EDGAR 搜索页可作为备案尽调路径,但由于 Cyberhaven 仍是私营公司,本次未留存到公司特定的公开财务备案。 实用结论是,Cyberhaven 很可能拥有有意义的资本支持和当前需求,但财务质量仍取决于私下尽调。下一次尽调应优先拿到管理层报告的 ARR 或收入、毛利率、销售效率、现金与烧钱、债务排期、收入确认政策,以及渠道 / 模块组合。缺少这些项目时,投资人可以为正面的商业动能观点辩护,但无法精确判断现金跑道、资本强度或利润率路径。 [CI016, CI018, CI019, CI020, CI021, CI022]
| 项目 | 值 | 公开状态 | 重要性 | 尽调问题 |
|---|---|---|---|---|
| 最新股权融资 | 100 | Series D 于 2025-04-02 宣布 | 最近一次公开资本事件为当前资产负债表支撑定锚 | 确认扣除费用后的到账金额和当前非受限现金 |
| 总融资额 | 250 | 公司官方公告 | 给累计融资额设上限,但不代表剩余流动性 | 将官方总融资额与股本结构表和账面现金对齐 |
| 最新资金用途 | 并购、自主创新、激进 GTM | 公司官方公告 | 资金用途说明资本是进攻性增长资金,还是续航期支撑 | 提供董事会批准的资金使用计划和招聘计划 |
| 州申报连续性 | 2026 年年报于 2026-04-15 提交,财政日期为 2026-01-31 | 官方申报页面 | 显示当前申报合规,但不披露经营财务 | 提供完整的 2024-2026 审计或董事会财务包 |
| 账面现金 | 未公开披露 | 没有当前现金余额,无法承销流动性 | 提供月度现金余额和资金管理政策 | |
| 月度烧钱额 | 未公开披露 | 要把融资额换算成续航期,必须知道烧钱额 | 提供月度烧钱额桥接,列明招聘和基础设施假设 | |
| 续航期月数 | 未公开披露 | 续航期决定下一轮融资时点和融资风险 | 提供至少 18 个月的基准 / 下行情景续航期模型 | |
| 债务 / 授信额度 / 项目融资 | 未公开披露 | 杠杆或留置权可能大幅改变企业价值和现金灵活性 | 提供债务明细、贷款方协议、债务契约包以及 UCC / 留置权检索 | |
| 下一轮融资触发点 | 未公开披露 | 投资人需要知道下一轮融资是可选增长资金,还是必要流动性 | 提供融资触发条件、目标时点,以及债务契约或董事会阈值 |
公开资本充足性可围绕 2025 年 Series D 和 2026 年申报连续性来框定,但现金、烧钱额、续航期和杠杆仍属私人信息。
[CI018, CI019, CI020, CI021, CI045, CI046]| 缺失的私有指标 | 影响 | 精确尽调路径 |
|---|---|---|
| ARR / GAAP 收入 / 收入确认政策 | 无法可靠承销规模、季节性和递延收入质量 | 索取月度 ARR 与 GAAP 收入桥接、收入确认备忘录、递延收入滚动表和 SKU 级收入组合 |
| 实际价格、折扣和合同期限 | 卡住变现质量和定价权分析 | 索取报价到收款明细,按细分市场列出标价、折扣、期限和续约涨幅 |
| CAC、回本周期、销售周期和销售生产率 | 卡住 GTM 效率分析和招聘计划承销 | 索取全负担 CAC、销售管线转化、周期长度中位数、配额达成率,以及按渠道和细分市场拆分的回本周期 |
| 毛利率、托管、支持和服务负担 | 卡住毛利路径和经营杠杆分析 | 索取毛利率桥接、COGS 明细、云支出、服务附加率和支持人员配比 |
| 现金余额、烧钱额和续航期 | 卡住偿付能力和融资依赖分析 | 索取资金管理报告、月度烧钱额桥接、债务契约余量和下行情景续航期模型 |
| 债务、留置权、客户集中度和 NRR | 卡住债务契约风险和续约质量的下行情景建模 | 索取债务明细、留置权检索、前 20 大客户、按 ARR 计算的集中度,以及 NRR / GRR 分群 |
Cyberhaven 的公开记录足以说明动能和融资历史,但没有管理层材料,仍不足以搭建完整承销模型。
[CI047, CI048, CI049, CI050, CI051, CI052]公开记录支撑进攻式资金用途叙事,但不支撑流动性测算。
这张图映射已声明的资金用途和商业扩张,而不是实际现金转化,因为公开烧钱速度和现金跑道数据不可得。
[CI019, CI020, CI021, CI022, CI028, CI029]4.4 图表与要点
05产品与技术
5.1 产品定义与平台概览
Cyberhaven 营销的是统一 AI 与数据安全平台,合并了四个过去相互分离的产品类别:数据安全态势管理(DSPM)、数据防泄漏(DLP)、内部人员风险管理(IRM)和 AI 安全。按客户工作流看,平台位于企业数据存储与每个外泄向量之间——电子邮件、浏览器、SaaS 应用、可移动存储、打印和云——并实时拦截高风险数据移动。它解决的业务问题是:传统 DLP 产品在策略检查点检查内容,却不了解数据历史,因此制造大量误报,也漏掉依赖上下文的威胁。Cyberhaven 声称,通过把数据血缘上下文加入每次决策,误报告警比其他工具减少 95%。产品面向拥有高价值 IP、受监管数据或活跃内部人员风险的企业;技术、金融、制造、医疗和法律行业的具名客户可作佐证。定价未公开披露,需要直接销售接触。平台可用性在 April 2026 扩展至 AWS Marketplace、Azure Marketplace 和 GCP Marketplace,使客户能够把支出计入既有云承诺。 [CE001, CE002, CE003, CE004]
| 日期 / 阶段 | 功能 / 里程碑 | 状态 | 含义 | 来源 |
|---|---|---|---|---|
| 2024(已发布) | AI Security 模块——影子 AI 检测与泄露防护 | 正式发布 | 让 Cyberhaven 切入高增长 AI 治理赛道 | Cyberhaven 产品页 |
| Dec 2024 | Chrome 扩展供应链事件(v24.10.4 恶意;v24.10.5 为干净补丁) | 已解决 | 暴露扩展分发风险;事后需要加固 | TechCrunch、BleepingComputer |
| Apr 2, 2025 | 宣布以 $1B 估值完成 $100M Series D 轮;CEO 称有并购意图 | 已完成 | 有资金加速产品并推进收购 | PR Newswire |
| Apr 22, 2025(约) | JupiterOne 与 Cyberhaven 集成发布——基于令牌的 API 认证 | 正式发布(合作伙伴) | 扩大集成生态;验证公开 API 成熟度 | JupiterOne 社区 |
| Apr 2026 | 宣布上线 AWS / Azure / GCP 云市场 | 正式发布 | 降低已有云承诺支出的企业采购摩擦 | Cyberhaven 新闻室 / PR Newswire |
| May 5, 2026 | 产品发布活动——“守护 Agentic AI 时代安全” | 已宣布(截至研究日暂无细节) | 暗示 AI 治理路线图将继续扩展 | Cyberhaven 网站页眉 |
已宣布里程碑之外的路线图事项,公开资料没有记录。
[CE004, CE008, CE033, CE034, CE035]追踪敏感数据从企业应用中创建,到被 Cyberhaven 平台检测,再到策略执行和调查结案的完整路径。
[CE002, CE003, CE019, CE020]5.2 模块架构与产品线地图
平台由五个相互连接的模块构成。DSPM 在云和端点环境中发现并分类数据,并在数据于云和设备之间移动时持续监控。DLP 通过带有数据血缘信息的策略决策,而不是纯内容检查,在电子邮件、网页、云和设备上实时阻断和指导。IRM 把数据移动信号与行为信号结合起来,检测内部威胁并厘清意图,捕捉传统工具会漏掉的慢速外泄模式。AI 安全监控影子 AI 使用(ChatGPT、Google Gemini、Microsoft Copilot 和其他 AI 工具),评估 AI 风险态势,并在不阻断正当使用的情况下防止数据泄露给 AI 工具。Linea AI 是横跨所有模块的智能层——包括 Detection Agent(使用专有 Large Lineage Models,LLiM,自主检测高风险活动)和 Analyst Agent(发起深度调查、收集证据,并交付带后续步骤的报告)。每个模块都作为统一平台的一部分销售;单独模块定价或独立 SKU 可用性没有公开记录。公司在 May 5, 2026 宣布「Securing the Agentic AI Era」产品发布,暗示平台继续扩展到智能体 AI 治理,但截至研究日期,该发布的具体内容尚未公开。 [CE005, CE006, CE007, CE008, CE009, CE010]
| 模块 | 主要用户 | 成熟度 / 状态 | 核心差异化 | 关键尽调缺口 |
|---|---|---|---|---|
| DSPM | 安全 / IT 运营 | GA — 云端 + 端点 | 基于数据血缘的分类会随数据演变更新 | 相对主要 CASB 厂商的云覆盖深度尚无独立基准 |
| DLP | 安全 / 合规 | GA — 旗舰产品 | 借助数据血缘上下文宣称误报减少 95% | 缺少与 Symantec / Zscaler / MSFT Purview 的独立基准对比 |
| IRM | 安全 / HR / 法务 | GA | 结合行为和数据信号;检测慢燃型模式 | IRM 模块的 NRR 和续约率未披露 |
| AI Security | 安全 / IT | GA — 2024 年发布 | 影子 AI 发现 + 感知数据血缘的 AI 泄露防护 | 非 ChatGPT AI 工具覆盖深度未获独立验证 |
| Linea AI (LLiM) | 安全平台 | GA — 检测 + 分析师智能体 | 基于数据血缘图谱数据专门构建的 LLiM;预测性检测 | 没有已发布的模型基准或第三方验证 |
所有成熟度状态均为公司宣称;没有独立产品成熟度评估。
[CE005, CE006, CE007, CE008, CE009]5.3 技术架构与部署模型
Cyberhaven 使用三种部署模式来采集数据流。第一,端点代理支持 Windows、macOS 和 Linux 操作系统,并在操作系统层拦截文件操作、USB 传输、打印和应用级数据移动。第二,浏览器扩展(以 Chrome 为主)在浏览器中监控基于网页的数据流、SaaS 应用上传和 AI 工具交互。该扩展正是 December 2024 供应链事件的向量。第三,云 API 连接器通过 API 与 SaaS 平台(Google Workspace、Microsoft 365)集成,在不要求端点的情况下捕捉云端数据移动。后端基础设施完全运行在 Google Cloud Platform(GCP)的美国数据中心。每个客户运行完全隔离的实例,配有专用虚拟计算、存储和网络资源;客户之间不共享处理。微服务架构建立在最小权限原则上。端点传感器与后端之间的所有传输中数据都通过 TLS 加密;容器间流量也通过 GCP VPN 上的 TLS 加密。公开 REST API 暴露三个端点:/api/rest/v1/endpoints/list、/api/rest/v1/incidents/list 和 /api/rest/v1/audit-log/dataflow/list,全部使用从 API 密钥派生的临时 bearer token 认证。GitHub 上的 edm-cli Python CLI(CyberhavenInc/edm-cli)允许使用哈希指纹(SpookyHash V2 + SHA256)以编程方式管理 Exact Data Match(EDM)数据库。Cyberhaven 还维护 GitHub 组织(CyberhavenInc),公开仓库包括 api2(Go HTTP API 库)、cel2sql(CEL-to-SQL 转换器)和 protoc-gen-grpc-gateway-ts(gRPC gateway TypeScript 生成器),显示其内部技术栈使用 Go、gRPC 和 TypeScript。 [CE011, CE012, CE013, CE014, CE015, CE016]
| 层 / 组件 | 角色 | 关键依赖 | 风险 |
|---|---|---|---|
| 端点代理(Win/macOS/Linux) | 拦截文件操作、USB、打印、剪贴板 | OS 内核钩子;Microsoft / Apple 代码签名 | 代理可能与其他 EDR / DLP 代理冲突;内核级故障可能导致不稳定 |
| 浏览器扩展(Chrome) | 监控浏览器数据流、AI 工具输入和网页上传 | Chrome Web Store 分发;Google 管理员策略 | 2024 年 12 月钓鱼事件暴露供应链风险 |
| 云 API 连接器 | 捕获 SaaS 数据流(Google Workspace、M365) | OAuth token;SaaS API 速率限制和政策变化 | Google / Microsoft 的 API 变化可能在无通知下打断覆盖 |
| GCP 后端(按客户隔离) | 遥测摄取、数据血缘图谱、策略引擎、AI 推理 | Google Cloud Platform 可用性;默认仅限美国 | 单一云供应商集中;未披露多云故障切换 |
| Linea AI / LLiM | 预测性风险检测和调查自动化 | 基于数据血缘数据训练的专有 LLiM | 模型质量未经独立验证;没有已发布基准 |
| 公开 REST API | 以编程方式访问事件、端点和审计数据 | 基于 token 的 bearer 认证;公开文档列出 3 个端点 | 公开 API 覆盖有限;客户可能需要未公开 API 才能完整集成 |
架构细节来自官方安全政策和公开 API 文档。
[CE011, CE012, CE014, CE015, CE016, CE017]展示从底层数据采集面,到数据血缘处理引擎,再到 AI 智能层和面向用户模块能力的分层架构。
[CE001, CE005, CE011, CE014, CE015]映射 Cyberhaven 的关键运营依赖,包括平台、分发渠道和合作伙伴,并展示任一环节故障如何传导到平台覆盖或客户。
[CE011, CE014, CE015, CE017, CE031]5.4 差异化与专有技术
Cyberhaven 声称的差异化是其数据血缘引擎,它把数据从创建开始,经过每一次复制、转换、重命名、电子邮件附件、上传和碎片化事件的完整旅程映射出来。这张血缘图驱动上下文感知的策略决策:一份源自内部商业秘密的文件,即使内容与公开来源文件相同,也会被不同对待,从而以更少误报实现准确阻断。Large Lineage Model(LLiM)被描述为一个专门构建的 AI 模型,训练数据是血缘图数据而不是通用文本,因此是公司特定架构下的专有能力。公司称 LLiM 可实现预测性风险检测(在策略违规发生前识别高风险模式)。公开记录未确认这些技术的专利申请;公司没有披露专利组合。EDM(Exact Data Match)能力允许企业为特定敏感数据集(结构化数据、源代码)生成指纹并精确跟踪,减少基于 regex 方法的误报。独立评测数据支撑了差异化说法:PeerSpot 的 DLP mindshare 指标同比从 1.5% 增至 2.3%,Gartner Peer Insights 显示 48 条评价给出 4.6/5,G2 显示 18 条评价给出 4.5/5,FeaturedCustomers 显示 17 条客户证言和 1 个案例研究。Motorola 报告称,部署 Cyberhaven 后误报减少 90%、调查时间减少 98%、高风险事件减少 90%。 [CE019, CE020, CE021, CE022, CE023, CE024]
| 用户任务 | 当前工作流问题 | Cyberhaven 方案 | 可衡量收益(宣称) | 已知限制 |
|---|---|---|---|---|
| 在产品发布前阻止 IP 外泄 | 传统 DLP 根据内容关键词触发;噪音高,漏掉混淆泄露 | 数据血缘追踪 CAD 文件从设计工具流向 USB / 电子邮件 / 云上传 | 调查时间减少 98%(Motorola 案例研究) | 案例研究只有一个具名客户,未经独立审计 |
| 调查内部威胁事件 | 安全分析师手工关联分散日志;每案耗时数小时 | Linea AI Analyst Agent 生成证据链并交付报告 | 处置时间改善 200%(Cyberhaven 营销宣称) | 指标来源未经独立佐证 |
| 监控影子 AI 使用 | IT 看不到员工向 ChatGPT / Gemini 粘贴什么数据 | AI Security 模块通过浏览器扩展拦截并分类 AI 工具输入 | 对 AI 工具上传实时执行策略 | 扩展覆盖限于 Chrome;Firefox / Safari 尚未确认 |
| 确保 DLP 合规审计 | 合规团队手工抽样 DLP 日志;审计轨迹不完整 | 审计日志 / 数据流 API 端点提供完整数据血缘审计轨迹 | 可导出的审计日志,带完整数据血缘上下文 | 审计日志端点已公开记录,但未说明保留窗口 |
除特别注明外,衡量收益均为公司宣称。没有独立审计。
[CE002, CE007, CE019, CE020, CE023]基于已验证证据、公司说法和独立评价信号,评估 Cyberhaven 核心产品能力的成熟度和证据质量。
成熟度和证据质量为评估者基于公开证据作出的判断;未找到独立产品基准测试。
[CE019, CE020, CE021, CE022, CE023, CE024]5.5 信任、安全、合规与质量控制
Cyberhaven 的 Trust Center(trust.cyberhaven.com,由 SafeBase 支持)列出四个合规框架:CCPA、GDPR、PCI DSS v4.0.1 和 SOC 2 Type 2(SOC-2 Bridge Letter 有效至 January 2026)。应用渗透测试、网络保险和子处理方清单可按客户请求提供。安全政策描述了 GCP 托管、客户隔离的实例,传输中数据的 TLS 加密,通过 GCP 密钥管理实现的静态加密,以及借助 Google Security Command Center 做 Kubernetes 原生安全的 24/7 MDR 监控。认证选项包括 Google SSO(OAuth2)、强制 2FA 的密码,以及 SAML 2.0。RBAC 支持普通用户和管理员。代码部署需要同行评审,并由至少一名额外工程师做安全审计。开发者必须接受年度 OWASP Top 10 安全代码培训。公司报告 Qualys SSL Labs 评级为 A+。December 2024 Chrome 扩展事件(恶意版本 24.10.4 影响约 400,000 名用户)证明,扩展分发渠道承载着独立于 GCP 后端的供应链风险。公司聘请 Mandiant 进行事件响应,并通知了联邦执法机构。公司在 24 小时内发布了干净版本(24.10.5)。截至研究日期,未有源自该事件的诉讼、SEC 执法行动或监管罚款被公开披露。 [CE025, CE026, CE027, CE028, CE029, CE030]
| 控制项 / 认证 | 状态 | 范围 | 验证来源 | 缺口 |
|---|---|---|---|---|
| SOC 2 Type 2 | 已认证;桥接函覆盖至 Jan 2026 | SaaS 产品安全性 / 可用性 / 机密性 | Cyberhaven 信任中心(SafeBase) | 完整审计报告需签 NDA;无法公开审阅 |
| 合规框架:PCI DSS v4.0.1 | 合规 | 产品处理接近支付场景的数据 | Cyberhaven 信任中心 | 评估范围(SAQ 还是完整 QSA)未披露 |
| GDPR | 合规;可提供 DPA | 欧盟 / 瑞士个人数据处理 | Cyberhaven 隐私政策 + 信任中心 | 公开文件未确认欧盟代表身份 |
| CCPA | 合规 | 加州消费者个人信息 | Cyberhaven 信任中心 | CCPA 声明未获独立验证 |
| TLS / SSL 加密 | Qualys SSL Labs 评级 A+ | 端点与后端之间的全部传输中数据 | Cyberhaven 安全政策 | A+ 评级测试日期未公布 |
| 渗透测试 | 持续第三方项目;覆盖每次重大版本发布 | 产品与应用安全 | Cyberhaven 安全政策 | 渗透测试报告需申请获取;最近测试日期未披露 |
所有合规状态均为公司自称,除非标明已由第三方验证。
[CE025, CE026, CE027, CE028, CE029]5.6 图表与要点
06客户
6.1 客户基础与分层
Cyberhaven 服务的大型企业覆盖六个行业垂直:科技 / SaaS、制造、法律 / 专业服务、金融服务、医疗健康、政府 / 国防。经媒体报道和案例研究确认的具名客户包括 Snowflake、Motorola、Canon、Reddit、AmeriHealth、Cooley、IVP、Navan、DBS、Upstart、Kirkland & Ellis、Iron Mountain、DARPA 和 IDA,共 14 家。它们都是员工数超过 1,000 人的大型企业;没有证据显示公司拥有 SMB 或中端市场客户。官网把行业营销明确切成五个具名垂直:科技 / SaaS、制造、律所、投资管理、医疗健康,说明公司有意走垂直行业 GTM,而不是横向通用定位。地域上以美国为主(14 家具名客户中 12 家总部在美国);至少一家亚洲金融机构(DBS,新加坡)显示公司已开始国际扩张。 [CU001, CU002, CU015, CU016, CU029, CU036]
| 行业 | 代表客户 | 主要数据风险 | 证据质量 | 覆盖缺口 |
|---|---|---|---|---|
| 科技 / SaaS | 客户:Snowflake、Reddit、Navan、Iron Mountain | IP 外泄 / SaaS 蔓延 | 高——多个具名账户 | 收入占比和用例深度未确认 |
| 制造业 | Motorola(详述)、Canon | 产品设计和供应链机密 | 高——Motorola 案例研究含指标 | Canon 部署细节不可得 |
| 法律 / 专业服务 | Cooley、Kirkland & Ellis | 客户案件数据 / 并购保密信息 | 中——仅在泄露报道中具名 | 无案例研究或结果数据 |
| 金融服务 | DBS、Upstart、IVP | 受监管金融数据 / 内幕交易风险 | 中——仅具名 | 无财务或合规结果数据 |
| 医疗健康 | AmeriHealth | PHI 保护 / HIPAA 合规 | 中——仅在泄露报道中具名 | 无 HIPAA 或审计结果指标 |
| 政府 / 国防 | DARPA、IDA | 敏感研究 / 接近涉密的数据 | 低——仅由 FeaturedCustomers 引用 | 无政府专项案例研究 |
基于 BleepingComputer 2024 年 12 月泄露报道和 Cyberhaven 官方客户页面。
[CU001, CU002, CU015, CU029]| 指标 | 值 | 日期 | 来源 | 置信度 | 含义 | 缺失分母 |
|---|---|---|---|---|---|---|
| 企业 Chrome 扩展用户 | ~400,000 | Dec 2024 | BleepingComputer | 中 | 终端用户部署规模下限 | 不说明账户数量或完整端点部署情况 |
| PeerSpot DLP 心智份额 | 2.3%(由 ~1.5% 上升) | May 2026 | PeerSpot | 中 | DLP 买家中的自然品牌认知度提升 | 心智份额不等于市场份额 |
| 估值增长 | $143M 到 $1B(7x) | 2022–2025 | SecurityWeek / SiliconAngle | 中 | 投资人对 ARR 增长信心的代理指标 | 仅凭估值倍数不能衡量收入增长 |
| Deloitte Fast 500 | 北美排名 | 2025 | Deloitte | 高 | 确认其收入增速处于头部梯队 | 排名位次和收入 CAGR 未披露 |
| 具名客户数 | 已确认 14 家 | Dec 2024 – May 2026 | BleepingComputer、Cyberhaven | 中 | 公开可引用客户数下限 | 实际客户数未披露,可能显著更高 |
未公开披露 ARR 或客户数。指标仅为间接增长信号。
[CU026, CU020, CU039, CU023, CU001]| 扩张驱动 | 集中风险 | 影响 | 尽调路径 |
|---|---|---|---|
| 先落地 DLP,再扩展到 DSPM | 单模块采用会限制单账户 ARR | 中 | 衡量管线中的多模块附加率 |
| 交叉销售 IRM 和 AI Security | 多模块部署的公开证据有限 | 中 | 索取多模块客户案例 |
| AWS / Azure / GCP 云市场(April 2026) | 仍处早期;无云市场收入数据 | 低-中 | 连续 4 个季度跟踪云市场 ARR 贡献 |
| Motorola 作为首要参考客户 | 过度依赖一个完整量化的参考客户 | 高 | 在多个行业补充案例研究 |
| DBS 作为国际锚点客户 | 美国以外客户披露有限 | 中 | 识别 EMEA / APAC 管线集中度 |
没有关于扩张收入或多模块附加率的公开数据。
[CU028, CU033, CU015, CU002, CU036]从企业认知到公开标杆证明的估算采用漏斗。数值是以具名账户证据为锚点的序数代理,不是公司披露的漏斗数量。
漏斗转化率未披露。数值是以 14 个具名账户和 3 个详细公开引用为锚点的公开证据序数代理,不是公司报告的销售管线数量。
[CU016, CU001, CU028]6.2 具名客户证明与成效
Motorola 是公开资料中最详尽的客户引用。CISO Richard Rushing 将 90% 的 DLP 误报下降、98% 的单事件调查时间下降,以及 50% 的可执行安全警报增加归功于 Cyberhaven。这些指标直接对应核心产品主张:相比只做内容检查的 DLP 工具,数据血缘上下文能大幅降低误报。Navan(前 TripActions)是企业差旅和费用 SaaS 平台,部署 Cyberhaven 保护财务和员工数据,安全副总裁 PK Karanth 是具名引用。Iron Mountain 用 Cyberhaven 监控全球记录管理和云存储基础设施中的数据流。FeaturedCustomers 记录了 17 条已验证客户推荐和 1 个案例研究,953 份参考评分合成 4.8/5。FeaturedCustomers 还引用 DARPA 和 Institute for Defense Analyses(IDA)为客户,确认公司已打入美国联邦政府。2024 年 12 月恶意扩展影响约 400,000 名企业用户,为企业客户基础的终端部署规模提供了下限估计。 [CU003, CU004, CU005, CU006, CU007, CU008]
| 客户 | 行业 | 部署类型 | 生产部署 / 试点 | 结果 / 证据 | 局限 |
|---|---|---|---|---|---|
| Motorola | 制造业 | 端点 + 云 | 生产部署 | 误报减少 90%;调查时间减少 98%;可操作告警增加 50%(CISO 引述) | 最详细的公开参考;指标未必可泛化 |
| Snowflake | 科技 / SaaS | Unknown | 生产部署 | 具名客户(泄露报道);无公开案例研究 | 无量化结果 |
| Navan | 科技 / SaaS | Unknown | 生产部署 | 安全副总裁 PK Karanth 具名背书;无已发布指标 | 未披露案例研究或结果数据 |
| Canon | 制造业 | Unknown | 生产部署 | 具名客户(泄露报道);无公开案例研究 | 无量化结果 |
| 科技 / SaaS | Unknown | 生产部署 | 具名客户(泄露报道);无公开案例研究 | 无量化结果 | |
| AmeriHealth | 医疗健康 | Unknown | 生产部署 | 具名客户(泄露报道);无公开案例研究 | 无 HIPAA 结果数据 |
| Cooley | 法律 | Unknown | 生产部署 | 具名客户(泄露报道);Am Law 100 律所 | 无法律行业结果指标 |
| Kirkland & Ellis | 法律 | Unknown | 生产部署 | 具名客户(泄露报道);Am Law 100 律所 | 无法律行业结果指标 |
| DBS Bank | 金融服务 | Unknown | 生产部署 | 具名客户(泄露报道);DBS 是东南亚最大银行 | 无金融合规结果数据 |
| Upstart | 金融科技 | Unknown | 生产部署 | 具名客户(泄露报道);无公开案例研究 | 无金融科技结果数据 |
| IVP | 投资管理 | Unknown | 生产部署 | 具名客户(泄露报道);风险投资机构 | 无投资管理结果数据 |
| DARPA | 政府 / 国防 | Unknown | 生产部署 | FeaturedCustomers 引用;创始客户(源于 DARPA 竞赛) | 无政府结果指标 |
| IDA | 政府 / 国防 | Unknown | 生产部署 | FeaturedCustomers 引用;国防研究客户 | 无政府结果指标 |
| Iron Mountain | 科技 / SaaS | Unknown | 生产部署 | FeaturedCustomers 证言;架构师 Kheun Chan 具名背书 | 无量化存储 / 记录管理结果数据 |
覆盖并不完整。Cyberhaven 未公布完整客户名单。本表只反映公开确认的客户。结合 $1B 估值背景,实际生产部署可能达到数百家。
[CU001, CU002, CU003, CU004, CU005, CU006]评估具名账户客户证据的质量。行是客户;列是证据维度:生产部署确认、量化结果、具名引用、案例研究、垂直行业多元化。
[CU001, CU003, CU004, CU005, CU006, CU007]6.3 客户满意度与评论评分
Cyberhaven 在独立平台上的评分持续偏高。Gartner Peer Insights 上,该平台获得 48 条已验证企业评论给出的 4.6/5,高于多数传统 DLP 厂商(Symantec 约 3.8、Forcepoint 约 3.9、Microsoft Purview 约 4.0)。FeaturedCustomers 报告 953 份参考评分合成 4.8/5。G2 显示 18 条评论给出 4.5/5(2021 年快照;当前可能更高)。PeerSpot 的 DLP 心智份额从 2024 年约 1.5% 增至 2026 年 5 月的 2.3%,反映评论自然积累。定性评论反复提到的强项包括:实时数据流可视性、误报负担下降、可通过 MDM 和 Google Workspace 管理快速部署,以及调查速度提升。常见批评集中在本地部署选项有限和 SIEM 集成深度不足。 [CU017, CU018, CU019, CU020, CU021, CU030]
| 指标 | 值 / 状态 | 客群 | 置信度 | 尽调待核 |
|---|---|---|---|---|
| NRR | 未披露 | 所有客群 | None | 尽调中向公司索取 |
| GRR | 未披露 | 所有客群 | None | 尽调中向公司索取 |
| 年度流失率 | 未披露 | 所有客群 | None | 尽调中向公司索取 |
| 事件后流失(Dec 2024) | 未见流失报道 | 全部(Chrome 扩展用户) | 中 | 通过客户访谈验证是否未发生显著流失 |
| Gartner Peer Insights 评分 | 4.6/5(48 条评价) | 企业 | 高 | 用最新 Gartner 数据交叉核对 |
| G2 评分 | 4.5/5(18 条评价,2021) | 企业 | 中 | 尽调中获取最新 G2 截图 |
| FeaturedCustomers 评分 | 4.8/5(953 条评分) | 企业 | 中 | 验证评分是否来自可核验买家 |
| 合同期限 | 未披露 | 所有客群 | None | 向公司索取典型合同条款 |
留存指标未公开披露。评分可作为满意度代理指标。
[CU017, CU018, CU019, CU027, CU038]6.4 留存、扩张与集中度风险
Cyberhaven 未公开披露 NRR、GRR 或客户流失指标。2024 年 12 月 Chrome 扩展事件影响约 400,000 名企业用户,但公开资料未显示随后出现客户流失。Cyberhaven 的应对——聘请 Mandiant、24 小时内发布干净扩展、主动通知客户——似乎遏制了留存损伤。扩张路径符合先落地再扩张:初始 DLP 部署会随着安全项目成熟,延伸到 DSPM、Insider Risk Management(IRM)和 AI Security 模块。Cyberhaven 于 2026 年 4 月上线 AWS、Azure 和 GCP 云市场,为已有云承诺的企业买方扩展采购通道。客户集中度风险可见:Motorola 是唯一披露完整量化成效的引用客户,而相较同等 $1B 估值公司,14 个公开具名账户的披露基础偏窄。头部客户收入集中度无法验证;同阶段企业安全公司通常有 100–500 家客户。 [CU027, CU028, CU032, CU033, CU034, CU038]
映射企业客户从初始痛点到部署和扩展阶段的旅程。突出 Cyberhaven 如何在整个生命周期里,把客户从 DLP 切入带到 DSPM / IRM / AI 安全扩展。
旅程阶段根据产品结构、具名客户证据和 Cyberhaven 营销材料推断。实际销售周期长度未公开披露。
[CU028, CU032, CU034, CU017]用企业安全 SaaS 基准假设绘制的示意性单队列留存曲线。Cyberhaven 未披露实际队列留存、NRR 或 GRR。
仅为单条示意性基准曲线。Cyberhaven 未披露实际客户队列或留存百分比;正式尽调时只能把它用作基准代理。
[CU027, CU038]6.5 奖项、分析师认可与竞争定位
Cyberhaven 已积累有分量的第三方背书。Gartner 将其评为数据安全 Cool Vendor。2025 Deloitte Technology Fast 500 把公司列入北美收入增速最快的科技公司之一。Fortune 将 Cyberhaven 纳入 2025 Cyber 60 榜单。Redpoint Ventures 连续三年把公司列入 InfraRed 100 基础设施安全榜单。Cyberhaven 2024 年获得 Black Unicorn 身份,并在 2025 年 4 月跨过 $1B 估值。PeerSpot 心智份额从 1.5% 提高到 2.3%(2026 年 5 月),是被跟踪的新兴 DLP 厂商中最高的增速。竞争对手 Symantec、Forcepoint 和 Microsoft DLP 的 Gartner Peer Insights 评分(3.8–4.1)低于 Cyberhaven 的 4.6,不过每家都拥有显著更大的装机基础。 [CU022, CU023, CU024, CU025, CU035, CU040]
6.6 证据项
07风险
7.1 监管与法律风险
Cyberhaven 所处的是数据处理监管最重的品类之一:软件会检查、拦截并记录员工和企业数据在终端、云服务、网络通道中的流动。这触发 GDPR(EU 2016/679)、CCPA/CPRA(加州)、PCI DSS v4.0.1、客户属于适用主体时的 HIPAA,以及 FTC Act 第 5 条下 FTC 广泛数据安全执法权的义务。2023 年 SEC 网络安全披露规则要求 Cyberhaven 的企业客户报告重大事件,间接倒逼 Cyberhaven 提供快速且有文档记录的数据泄露响应;这一能力已在 2024 年 12 月接受检验。 Cyberhaven 处理欧盟数据主体个人数据的任何场景,都适用 GDPR 第 28 条处理者义务和第 32 条安全要求。金融、医疗、法律等受监管行业客户会通过数据处理协议,把下游合规要求传导给 Cyberhaven。Cyberhaven 若不合规,可能让客户暴露在监管机构执法下,引发合同终止和声誉损害,影响超出任何直接罚款。GDPR 第 83(5) 条规定,最严重违规的罚款可达 EUR 20M 或全球年营业额 4% 中较高者。 2024 年 12 月 Chrome 扩展被攻破(v24.10.4)后,TopClassActions 记录了至少一起集体诉讼,称约 400,000 名企业用户的 OAuth 凭据暴露。诉讼风险不可忽视:和解成本、诉讼费用和负面曝光都可能拖累销售周期和续约率。IP 风险为中等,因为 Cyberhaven 持有数据血缘跟踪专利;但随着 Symantec、Microsoft Purview 等现有厂商纳入血缘功能,新颖性窗口正在收窄。 [CR001, CR002, CR003, CR004, CR005, CR006]
| 风险 | 管辖区 | 监管依据 | 发生概率 1-5 | 影响 1-5 | 缓释成熟度 | 剩余暴露 |
|---|---|---|---|---|---|---|
| GDPR 第 28/32 条处理者责任 | EU/EEA | Regulation (EU) 2016/679 | 3 | 5 | 部分 - DPA 模板、隔离架构 | 高 - 未取得 EU DPA 认证 |
| CCPA/CPRA 消费者数据权利执法 | 加州(全球) | 法规依据:Cal. Civ. Code sec 1798.100 | 2 | 3 | 部分 - 已发布隐私政策 | 中 - 无 CPRA 审计 |
| FTC 第 5 条数据安全执法 | 美国 | 法规依据:15 U.S.C. sec 45 | 2 | 4 | 部分 - SOC 2 Type 2 | 中 - 曾有事故记录 |
| SEC 规则 33-11216 间接合规压力 | 美国 | 17 CFR 229.106 | 2 | 3 | 强 - 2024 年已有 24h 披露先例 | 低-中 |
| 集体诉讼(Chrome 扩展,2024) | 美国 | 普通法 / CCPA 私人诉权 | 4 | 4 | 部分 - 已聘请 Mandiant,已部署补丁 | 高 - 和解风险未消除 |
| PCI DSS v4.0.1 范围蔓延 | 全球 | 标准:PCI DSS v4.0.1 | 1 | 3 | 强 - 已认证 | 低 |
| EU AI Act 员工监控义务 | EU/EEA | EU AI Act 2024/1689 | 2 | 3 | 初期 - 未见 AI Act 计划文件 | 中 |
| 在位厂商反诉引发的 IP/专利风险 | 美国 / 全球 | 35 U.S.C. 专利法 | 1 | 3 | 部分 - 自有专利组合 | 低-中 |
发生概率和影响按 1-5 分计。来源:eur-lex.europa.eu、oag.ca.gov、ftc.gov、sec.gov、 pcisecuritystandards.org、topclassactions.com。
[CR001, CR002, CR003, CR004, CR005, CR006]二维风险热力图,将发生可能性(1=罕见至 5=几乎确定)与影响(1=可忽略至 5=灾难性)对应绘制。Chrome 扩展重复事件和集体诉讼位于最高区间(可能性 3-4,影响 4-5)。GDPR/FTC 监管风险位于中高区间(可能性 2-3,影响 4-5)。Microsoft Purview 竞争替代位于中等区间(可能性 2,影响 4)。
可能性和影响是基于公开证据和先例作出的定性评估。
[CR001, CR009, CR031]7.2 运营与安全风险
主要运营风险是架构性的:Cyberhaven 的终端覆盖依赖 Chrome 浏览器扩展。2024 年 12 月,攻击者攻破开发者 OAuth token,并向 Chrome Web Store 推送恶意版本 v24.10.4,这条分发通道绕过了传统终端安全控制。恶意扩展存活约 24 小时,随后 Cyberhaven 发布干净的 v24.10.5,并聘请 Mandiant 做取证调查。事件暴露了浏览器扩展供应链的根本脆弱性:单个开发者凭据被攻破,就能在没有逐客户审批流程的情况下触达所有已部署实例。 Google Chrome 约占全球浏览器市场 65%,因此是企业 DLP 代理的理性主通道,但也带来平台依赖。Chrome Manifest v3 迁移改变了 API 可用性,未来政策变化可能限制扩展可用的网络拦截深度。Cyberhaven 另有通过 MDM 安装的 network DLP 代理,可部分缓解只靠扩展的风险,但并非所有客户都普遍部署该代理。 GCP 单云依赖带来集中度风险:区域性 GCP 故障或定价重谈都会压缩灵活性。基础设施部署在美国 GCP 区域,并采用逐客户隔离实例;这种设计限制爆炸半径,但抬高运营开销。DevOps 关键人风险为中等,约 350 名员工的工程团队掌握难以快速替换的专门数据血缘图谱能力。核心数据科学或基础设施工程师流失会拖慢路线图。 [CR009, CR010, CR011, CR012, CR013, CR014]
| 失效模式 | 发生概率 1-5 | 严重性 1-5 | 缓释措施 | 剩余风险 |
|---|---|---|---|---|
| Chrome 扩展供应链再次被攻破 | 3 | 5 | 2024 年后代码签名,缩小 token 范围 | 高 - 架构未变 |
| GCP 区域性宕机 | 2 | 4 | 已规划多区域故障切换(未确认) | 中 |
| Chrome Manifest v3 API 限制 | 2 | 4 | 投入网络代理兜底方案 | 中 |
| OAuth token 因钓鱼被盗 | 3 | 4 | 2024 年后强制 MFA,轮换 token | 中-高 |
| 数据误报引发客户流失 | 3 | 3 | AI 告警分诊,Motorola 声称误报减少 90% | 中 |
| SOC 2 审计缺口 / 认证失效 | 1 | 4 | 2026 年 1 月 Bridge Letter,审计进行中 | 低 |
| SaaS 后端遭 DDoS 或 API 滥用 | 2 | 3 | GCP 原生 DDoS 防护 | 低-中 |
2024 年 12 月事件后的运营风险。来源:bleepingcomputer.com、techcrunch.com、arstechnica.com、 cyberhaven.com。
[CR009, CR010, CR011, CR012, CR013, CR014]7.3 伙伴与依赖风险
现阶段 Cyberhaven 的销售路径依靠直接企业销售团队,渠道或伙伴杠杆有限。这让公司依赖一支规模不大的销售团队,也限制了地域扩张速度。与 MSSP 和 SI 的合作仍处早期;竞争对手 Symantec 和 Forcepoint 拥有数十年 MSSP 关系,不必投入直接销售就能驱动续约收入。 供应链暴露不止 2024 年 12 月扩展事件。Cyberhaven 依赖第三方 OAuth 提供商、Chrome Web Store 发布流水线和上游 GCP 基础设施。每一项都有独立失效模式:2024 年已经发生的 OAuth token 被攻破、Chrome Web Store 审核延迟挡住紧急补丁,或 GCP 服务中断拖累产品可用性。Chrome 扩展供应链攻击除 Cyberhaven 外还影响约 35 个扩展,说明这是系统性行业威胁,而不是一次定向攻击;但按用户数看,Cyberhaven 是最大受影响厂商,因此承担了不成比例的声誉暴露。 资本提供方依赖目前较低:2025 年 4 月的 $100M Series D 按假设现金消耗率可提供约 18 到 24 个月资金跑道,降低近期融资风险。不过 StepStone Group 和 Schroders Capital 是财务投资人,在企业 SaaS 运营支持能力上披露有限。若竞争替代或监管处罚触发降估值融资,将因期权价外严重打击员工留存,并削弱客户信心。 [CR017, CR018, CR019, CR020, CR021, CR022]
| 依赖 | 对手方 | 角色 | 集中度 | 失效情景 | 严重性 |
|---|---|---|---|---|---|
| Chrome Web Store | Google LLC | 扩展分发 | 关键 | 政策变更或 Manifest v3 限制 | 高 |
| GCP Cloud | Google LLC | 基础设施托管 | 高 | 区域性宕机或定价重谈 | 高 |
| OAuth 提供方(Google/Microsoft) | Google/Microsoft | 扩展开发者认证 | 高 | token 钓鱼或凭据泄露 | 高 - 2024 年已发生 |
| 企业销售渠道 | 直销(内部) | 创收 | 高 | AE 离职或未完成销售指标 | 中-高 |
| Mandiant / Google Cloud Security | Mandiant (Google) | 事件响应取证 | 中 | 范围蔓延或调查结论延迟 | 中 |
| StepStone / Schroders(Series D 轮) | 财务投资人 | 资本供给 | 中 | 下轮降估值触发或过桥压力 | 中 |
Chrome Web Store 与 GCP 同属 Google,形成双重集中风险。来源:techcrunch.com、siliconangle.com、 prnewswire.com。
[CR017, CR018, CR019, CR020]展示 Cyberhaven 的关键运营依赖:Google(Chrome Web Store 加 GCP)、OAuth 提供商、Mandiant 取证和财务投资人。Google 出现两次,凸显双重集中风险。客户渠道来自企业直销,MSSP 杠杆有限。
依赖类型(关键 / 中等 / 低)为定性评估。
[CR017, CR018, CR019]7.4 人员与执行风险
Cyberhaven 由 Howard Hua、Georgy Gritschuk 和 Volodymyr Kuznetsov 于 2016 年创立。数据血缘图谱概念在技术上有差异化,但执行取决于能否留住搭建该架构的核心工程团队。同阶段创业公司通常会在高级工程师股权归属后遇到明显流失风险;$1B 估值的 Series D 提供了一定流动性选择,但也意味着早期期权持有人需要更高退出门槛,才有可观收益。 销售执行风险显著:Cyberhaven 累计融资 $250M、估计 ARR 接近 $100M,显示资本效率较高的增长轨迹;但打入 Fortune 500 账户需要经验丰富的企业销售,能推进 DLP 替换交易。DLP 替换销售周期长,通常 12 到 18 个月,需要法务和安全团队签字,并要对抗现有厂商带来的惯性。如果 Cyberhaven 不能按节奏招聘并留住背负销售配额的企业 AE,增长可能在公司达到支撑 IPO 的可持续规模前停滞。 创始三人组之外的高管深度,公开信息显示偏薄。CISO 角色、客户成功负责人和 CFO 职能没有突出披露,导致财务控制和规模化准备度不透明。2024 年 12 月事件处理——包括 CEO 透明沟通、快速部署补丁和聘请 Mandiant——运营表现强;但若重复事件没有同等质量的响应,将严重损害企业客户信任和持续监管姿态。 [CR025, CR026, CR027, CR028, CR029, CR030]
| 角色或职能 | 依赖或缺口 | 发生概率 1-5 | 严重性 1-5 | 缓释措施 |
|---|---|---|---|---|
| 创始工程团队(数据血缘 IP) | 深层架构知识集中 | 2 | 5 | 股权留才计划;Series D 轮流动性事件 |
| 企业 AE / 销售领导层 | 销售组织厚度公开披露有限 | 3 | 4 | Series D 资金用于 GTM 招聘 |
| CFO / 财务控制 | 未公开任命;存在财务不透明风险 | 2 | 3 | 董事会层面监督;IPO 前审计准备 |
| CISO / 安全领导层 | 2024 年事件后未高调披露 | 2 | 4 | 聘请 Mandiant 提供过渡支持 |
| 客户成功 / 专业服务 | DLP 部署导入周期长 | 2 | 3 | Motorola 案例显示 CS 交付强 |
基于公开组织信号和 Series D 公告。来源:cyberhaven.com、siliconangle.com、 prnewswire.com。
[CR025, CR026, CR027, CR028]7.5 财务风险与打破投资逻辑的触发点
财务风险核心在现金消耗率不透明和竞争性价格压力。Cyberhaven 累计融资 $250M,公开资料估计 ARR 约 $100M;没有审计财务报表,就无法验证毛利率、NRR 和 LTV/CAC。DLP 市场正承受价格压缩:Microsoft Purview 随 M365 E5 捆绑,边际成本接近零;Symantec 则在续约时大幅折扣。如果 Microsoft 把可比的数据血缘能力嵌入原生工具,Cyberhaven 的溢价定价会面临替代风险。 已有缓释措施包括 SOC 2 Type 2 认证和 2026 年 1 月出具的 Bridge Letter、PCI DSS v4.0.1 合规、逐客户隔离的 GCP 实例、2024 年 12 月事件后的 Chrome 扩展代码签名改进,以及成文的事件响应预案。这些措施降低运营风险,但不能消除 2024 年事件带来的监管或诉讼暴露。 五个打破投资逻辑的触发点需要持续跟踪。第一,18 个月内出现第二次重大安全事件,可能触发企业客户流失和监管调查。第二,Google 以削弱扩展深度内容检查的方式限制 Manifest v3 API,将迫使公司做多年代理架构重构。第三,Microsoft 在 Purview E5 中嵌入生产级 AI 数据血缘,会削弱 Cyberhaven 的溢价定位。第四,超过 $30M 的集体诉讼和解或监管罚款会消耗可观 Series D 资金跑道,并可能迫使公司进行困境融资。第五,未能取得类似 SOC 2 的欧盟认证(如 ISAE 3000 或 BSI C5),将阻断受监管欧盟企业扩张。 [CR031, CR032, CR033, CR034, CR035, CR036]
| 风险 | 可监控触发项 | 阈值或事件 | 行动含义 |
|---|---|---|---|
| Chrome 扩展事故再次发生 | CVE 披露;Chrome Web Store 投诉 | 任何恶意扩展版本发布 | 立即通知客户;预计出现一波流失 |
| 监管罚款(GDPR/FTC) | 监管机构启动调查 | 罚款超过 $10M 或发布同意令 | 声誉受损;企业销售冻结 |
| 集体诉讼和解落地 | 法院案卷文件;和解公告 | 和解金额超过 $30M | 烧钱速度加快;可能被迫困境融资 |
| Microsoft Purview 推出 AI 血缘 | Microsoft 365 路线图公告 | Purview 增加数据血缘 GA 功能 | 定价承压;必须加速差异化 |
| Google Manifest v3 禁止深度检查 | Chrome 开发者博客公告 | API 移除,内容检查受阻 | 需要多年重构架构 |
| 关键工程师流失率超过 15% | LinkedIn 离职信息;Glassdoor 情绪 | CTO 或 3+ 名高级架构师离职 | 路线图延迟;IP 风险上升 |
| NRR 跌破 100% | 年度合同续约数据 | NRR 连续两个季度低于 100% | 增长停滞;需要重置定价或产品 |
用于尽调跟踪的投资逻辑破裂触发项。来源:cyberhaven.com、prnewswire.com、darkreading.com、 obsidiansecurity.com。
[CR031, CR032, CR033, CR034, CR035]有向无环图,展示上游风险如何流向收入和估值结果。Chrome 扩展架构脆弱性同时传导到监管调查风险和客户流失风险;两者再流向 ARR 损失,最终造成估值压缩。Microsoft 的竞争性定价压力直接传导到价格压缩和留存挑战。
示意性因果路径;边权重为定性判断。
[CR009, CR031, CR034]7.6 证据项
08估值
8.1 投资逻辑与反向论点
投资逻辑建立在三根支柱上:(1)在 AI 原生数据血缘 DLP 中具备品类领导地位,且现有厂商尚未在生产规模复制这种差异化路径;(2)企业牵引力可见,拥有 14+ 个具名 Fortune 500 账户和第三方验证评分(Gartner 4.6/5、FeaturedCustomers 4.8/5);(3)$1B 估值入场,对一家估计以高双位数增长、且受 AI 驱动数据激增和监管合规收紧推动的公司而言,对应合理的 10x ARR 倍数。 反向论点集中在四个重大风险。第一,2024 年 12 月 Chrome 扩展供应链被攻破仍是未完全解决的声誉事件,伴随持续集体诉讼和未知监管调查状态。第二,Microsoft Purview 的既有厂商位置(与 M365 E5 捆绑,边际成本接近零)构成持续定价威胁,可能把 DLP 市场商品化。第三,Cyberhaven 的财务指标(NRR、毛利率、流失率)完全不透明,公开资料无法验证假设的增长和留存画像。第四,产品依赖 Chrome 扩展架构,除非 Cyberhaven 迁移到内核级或通过 MDM 部署的代理模型,否则结构性供应链攻击面会反复存在。 平衡这些风险的是 Cyberhaven 在 2024 年 12 月展现的事件响应能力(24 小时补丁、聘请 Mandiant、CEO 透明沟通)、增长中的心智份额(PeerSpot 2.3%,高于此前 1.5%),以及 2025 年 4 月 Series D 估值重置发生在事件之后,说明投资人信心吸收了 2024 年事件并已将其计价。 [CV001, CV002, CV003, CV004, CV005, CV006]
| 论点类型 | 论点 | 什么会改变判断 |
|---|---|---|
| 投资逻辑 | AI 原生数据血缘让 Cyberhaven 区别于以内容检查为核心的 DLP 在位厂商 | Microsoft Purview 在 M365 E5 中发布生产级数据血缘 GA 功能 |
| 投资逻辑 | 14+ 个具名 Fortune 500 客户和 4.6/5 Gartner 评分验证产品市场契合 | NRR 被确认低于 100%,显示续约承压 |
| 投资逻辑 | 事故后以 $1B 估值完成 Series D,显示投资人信心和估值重置 | 18 个月内第二次 Chrome 扩展被攻破 |
| 投资逻辑 | 智能体 AI 浪潮为 AI 生成流的数据血缘追踪创造绿地需求 | 企业 AI 采用停滞;TAM 扩张未兑现 |
| 反向逻辑 | 2024 年 12 月 Chrome 扩展事故留下未解决的诉讼和监管风险 | 集体诉讼以低于 $10M 和解;未有监管行动立案 |
| 反向逻辑 | 财务指标(NRR、毛利率、流失率)不透明;投资逻辑依赖未经验证的假设 | 管理层提供审计财务数据,显示 NRR > 115%、毛利率 > 75% |
| 反向逻辑 | Microsoft Purview(M365 E5 捆绑)提供边际成本接近零的 DLP 替代方案 | Purview 未能补齐功能差距;Cyberhaven 保住溢价定价 |
| 反向逻辑 | Chrome 扩展架构存在结构性供应链漏洞 | Cyberhaven 迁移到 MDM / 内核级代理,消除对 Web Store 的依赖 |
供 IC 讨论使用的投资逻辑 / 反向逻辑框架。来源:cyberhaven.com、siliconangle.com、darkreading.com、 peerspot.com、gartner.com。
[CV001, CV002, CV003, CV004, CV005, CV006]面向 IC 的打分,覆盖市场规模(TAM)、产品(差异化、评价)、客户(牵引力、品牌客户)、财务(不透明、估算 ARR)、风险(Chrome 扩展、诉讼)和退出(IPO 准备度、M&A 可选性)。按 1-5 分打分并计算加权平均。
评分为定性评估;财务得分 2 反映披露缺口,并非确认表现不佳。
[CV001, CV002, CV009, CV031]8.2 可比估值分析
Cyberhaven 估值 $1B、估计 ARR $100M,隐含 10x ARR 倍数和约 9–10x NTM 收入倍数(假设增长 30–40%)。与公开可比公司相比,这一水平有利。CrowdStrike(CRWD)报告 FY25 ARR 为 $4.24B、增长 23%,交易约 29x NTM P/S 和 12x ARR;其溢价反映主导地位和多产品平台。Palo Alto Networks(PANW)下一代安全 ARR 达 $5.6B、增长 32%,规模更大,交易约 14x NTM P/S。Zscaler(ZS)报告 Q3 FY25 ARR 约 $2.9B、增长 23%,交易约 9x NTM P/S。Rubrik(RBRK)报告 FY25 ARR $1.09B、增长 39%,市值 $8B+,交易约 9x NTM P/S。 企业安全 SaaS 私募市场交易中,Cyberhaven 这一阶段、且 ARR 确认高于 $80M、NRR 高于 110% 的公司,通常对应 8–15x ARR 倍数。Cyberhaven 的 10x ARR 倍数处于区间中部,但只有在 NRR 确认高于 100%、毛利率高于 70% 时才站得住。没有审计财务,10x 倍数带有显著不确定性溢价;若单位经济模型得到确认,牛市情景下可支撑扩张到 12–15x ARR。 Grand View Research 估计,DLP 市场 TAM 从 2024 年 $5.7B 增至 2030 年 $7.1B(CAGR 3.7%),这里指纯 DLP;MarketsAndMarkets 则预计更广的数据安全市场从 $21.1B 增至 2029 年 $34.4B(CAGR 10.3%)。Cyberhaven 的 AI 原生数据血缘路径瞄准的是更广的数据安全市场,而不只是传统 DLP,因此支撑更高的 TAM 框架。 [CV009, CV010, CV011, CV012, CV013, CV014]
| 公司 | 股票代码 | ARR / 收入 | 同比增长 | NTM P/S | ARR 倍数 | 毛利率 | 市值 | 备注 |
|---|---|---|---|---|---|---|---|---|
| CrowdStrike | CRWD | $4.24B ARR(FY25) | +23% | ~29x | ~12x ARR | ~77% | ~$95B | 平台龙头;溢价最高 |
| Palo Alto Networks | PANW | 指标:$5.6B NGS ARR(FQ3 FY25) | +32% | ~14x | ~6x ARR | ~74% | ~$115B | NGS ARR 增长加速 |
| Zscaler | ZS | ~$2.9B ARR(Q3 FY25) | +23% | ~9x | ~4x ARR | ~80% | ~$30B | 零信任龙头;增长较慢 |
| Rubrik | RBRK | $1.09B ARR(FY25) | +39% | ~9x | ~5x ARR | ~69% | ~$8B | 近期 IPO;规模最接近的可比公司 |
| Cyberhaven | 未上市(Series D 轮) | ~$100M ARR(估计) | ~50% 估计 | N/A | ~10x ARR | Unknown | $1B 投后估值 | 估计值;未经审计 |
公开可比公司数据来自 SEC 文件和 IR 新闻稿(2025 年 4 月数据)。Cyberhaven ARR 根据 VentureBeat 提到的 10x 倍数估计。来源:sec.gov、stockanalysis.com、venturebeat.com。
[CV009, CV010, CV011, CV012, CV013]8.3 牛市 / 基准 / 熊市情景
牛市情景假设 Cyberhaven 到 2028 年 ARR 继续以每年 50–60% 增长,达到 $400–600M。在该情景下,Microsoft 未能交付有竞争力的数据血缘 DLP 产品,没有重大安全事件发生,NRR 保持在 120% 以上,Cyberhaven 向欧盟和 APAC 受监管企业国际扩张。按 8–12x ARR 计算,2028 年估值为 $3.2B–$7.2B,相当于从 $1B Series D 估值获得 3–7 倍回报。退出路径包括 IPO(若 ARR 达 $400M+ 且利润率已被证明)或被 Palo Alto Networks、CrowdStrike、Microsoft 战略收购。 基准情景假设 ARR 年增长 30–40%,到 2028 年达到 $200–300M,NRR 约 110%,毛利率约 75%,且集体诉讼以成功但成本较高的方式解决(和解低于 $15M)。按 5–7x ARR 计算,估值区间为 $1B–$2.1B,相当于从当前入场获得 1–2 倍回报。该情景要求 Microsoft Purview 仍是较弱竞争者,且不发生第二次重大安全事件。 熊市情景由第二次重大 Chrome 扩展被攻破、GDPR/FTC 执法行动,或 Microsoft 在 Purview E5 中发布数据血缘功能触发。在该情景下,ARR 年增长停滞在 10–20%,到 2028 年仅达到 $120–150M。企业客户开始流失,NRR 低于 100%。按 3–5x ARR 计算,估值将为 $360M–$750M,远低于 $1B Series D 入场,意味着降估值融资和重大资本减损。 [CV017, CV018, CV019, CV020, CV021, CV022]
| 情景 | 2028 年 ARR | ARR 倍数 | 隐含估值 | 相对 $1B 入场的回报 | 关键假设 | 概率 |
|---|---|---|---|---|---|---|
| 乐观 | $400-600M | 8-12x | $3.2B-$7.2B | 3-7x | CAGR 50-60%;NRR > 120%;无重大事故;MSFT Purview 偏弱 | 20% |
| 基准 | $200-300M | 5-7x | $1.0B-$2.1B | 1-2x | CAGR 30-40%;NRR ~110%;诉讼和解 < $15M;MSFT 稳定 | 55% |
| 悲观 | $120-150M | 3-5x | $360M-$750M | 0.36-0.75x | CAGR 10-20%;第二次事故或 MSFT 推出数据血缘;流失率 > 10% | 25% |
概率加权隐含价值:约 $1.5B(0.2 * $5.2B + 0.55 * $1.55B + 0.25 * $555M)。来源: venturebeat.com、siliconangle.com。
[CV017, CV018, CV019, CV020, CV021, CV022]区间图,展示不同 ARR 和倍数假设下 Cyberhaven 的隐含估值。乐观情景(10-12x,$400-600M ARR)= $4.0B-$7.2B。基准情景(5-7x,$200-300M ARR)= $1.0B-$2.1B。悲观情景(3-5x,$120-150M ARR)= $0.36B-$0.75B。Series D 进入估值以平坦参考区间呈现。
ARR 为估计值;倍数基于公开可比公司组。所有数值单位为百万美元。
[CV017, CV018, CV019]Cyberhaven 从 Series D 进入价计算的低 / 中 / 高估值和回报区间。展示三种情景:悲观(0.36-0.75x 回报)、基准(1-2x 回报)、乐观(3-7x 回报),每种情景带概率权重和隐含 2028 退出估值。
概率加权预期价值约为 $1.5B。数值单位为百万美元。
[CV017, CV018, CV019, CV020]8.4 融资背景与稀释分析
Cyberhaven 累计融资 $250M,2025 年 4 月 Series D 为 $100M、投后估值 $1B。这意味着 Series D 约造成 10% 稀释(投前 $900M,本轮 $100M)。更早轮次未公开详细披露,但累计融资额显示此前已有多轮机构融资;从种子轮到 Series D,同阶段公司累计稀释通常为 60–70%,意味着创始人和早期员工可能持有 $1B 估值中的 30–40%。 清算优先权堆栈分析:在 $1B 估值和 $250M 累计融资下,清算优先权覆盖约 4x(250/1000 = 估值的 25%)。如果以 $500M 降估值退出,优先股投资人会获得约 $125–187M(取决于参与权,占退出所得的 50–75%),普通股股东和早期员工会被显著稀释。该优先权悬顶压力提高了员工留存和士气对 $1B+ 退出的紧迫性。 Series D 投资人(StepStone Group、Schroders Capital、Industry Ventures)都是财务投资人,未披露战略收购方关系,降低近期高溢价并购的概率。假设持续增长且没有重大不利事件,$400M+ ARR 时的 IPO(可能在 2028–2030 年)是主要退出路径。 [CV025, CV026, CV027, CV028, CV029, CV030]
8.5 建议、退出准备度与最终尽调事项
建议:有条件继续研究,证据要求高。Cyberhaven 是 AI 原生数据血缘 DLP 中有吸引力的品类领导者,产品差异化明确,客户验证强,并切入智能体 AI 安全浪潮。若确认 ARR 增长和单位经济模型能支撑投资逻辑,$1B Series D 入场是可辩护的。不过,投资前必须满足三个条件:(1)取得审计或董事会验证的财务报表,显示 NRR 高于 105%、毛利率高于 70%;(2)取得受法律特权保护的集体诉讼评估,最大量化暴露低于 $20M;(3)取得工程管理层确认,事件后的 OAuth 加固和代码签名改进已实质性降低 Chrome 扩展再次被攻破的概率。 当前退出准备度为中等。Cyberhaven 有支撑 IPO 故事的客户名称和增长轨迹,但缺少公开市场要求的财务透明度(审计报表、CFO 履历)。如果公司能在当前估计 $100M ARR 基础上再翻两倍,2028–2030 年 IPO 窗口是可行的。若 CrowdStrike 或 Palo Alto Networks 希望把 AI 数据血缘 DLP 加入平台组合,在 $200–500M ARR 阶段战略收购也仍然可行。Microsoft 作为收购方理论上可能,但考虑到 Microsoft 自身对 Purview 的投入,概率不高。 最终五项尽调要求是:披露 NRR 和毛利率;法律顾问给出诉讼暴露上限;OAuth / 扩展架构安全评估;GCP 基础设施和可用性文档;客户 ARR 集中度(top 5 和 top 10 客户占比)。 [CV031, CV032, CV033, CV034, CV035, CV036]
| 维度 | 评估 | 置信度 | 备注 |
|---|---|---|---|
| 整体建议 | 有条件继续研究 | 中 | 取决于财务数据和诉讼评估 |
| 风险评级 | 高 | 高 | Chrome 扩展风险、诉讼、财务不透明 |
| 估值立场 | 当前入场估值合理 | 中 | 若 NRR > 105%、毛利率 > 70%,10x ARR 可成立 |
| 目标回报(乐观) | 2028 年前 3-7x | 低-中 | 假设 ARR CAGR 为 50-60%,且无重大事故 |
| 目标回报(基准) | 2028 年前 1-2x | 中 | 假设 ARR CAGR 为 30-40%,事故成本温和 |
| 目标回报(悲观) | 2028 年前 0.3-0.75x | 中 | 下轮降估值情景;第二次事故或 MSFT Purview |
| 持有期 | 3-5 年 | 中 | 2028-2030 年 IPO,或 ARR 达 $200-500M 时 M&A |
基于公开证据和估计财务画像。投资决策前需要审计财务数据。
[CV031, CV032, CV037, CV038]| 触发项 | 阈值 | 对投资逻辑的传导 | 行动含义 |
|---|---|---|---|
| 第二次 Chrome 扩展安全事故 | 2024 年后发布任何恶意版本 | 证实架构存在结构性风险;引发企业客户流失和监管调查 | 退出持仓或停止进一步部署 |
| GDPR 罚款或 FTC 同意令 | 直接影响 Cyberhaven 的罚款或命令 | 多年合规成本;欧盟扩张冻结 | 按修订后的悲观情景重新测算 |
| 集体诉讼和解金额超过 $30M | 法院确认的和解金额 | 吃掉相当一部分 Series D 轮现金跑道;可能触发困境融资 | 降低持仓;要求更新股权结构表 |
| Microsoft Purview 数据血缘 GA 发布 | Purview 在 M365 E5 GA 中加入已确认的数据血缘追踪 | Cyberhaven 差异化被商品化;定价承压至低于 $20/席位 | 加快退出策略 |
| NRR 确认低于 100% | 连续两个季度净流失 | 增长逻辑失效;ARR 停滞或下滑 | 升级至 IC 做持仓复盘 |
| Google Manifest v3 API 限制 | Chrome 移除 Cyberhaven 扩展程序使用的 Web Request API | 需要多年重构;产品缺口持续 12+ 个月 | 要求工程路线图;评估修复周期 |
用于持续投后监督的 IC 级监控触发器。来源:cyberhaven.com、darkreading.com、gartner.com。
[CV035, CV036, CV037, CV038]| 主题 | 缺失证据 | 重要性 | 负责人或尽调路径 |
|---|---|---|---|
| 财务单位经济模型 | NRR、毛利率、LTV/CAC、月度流失率 | 验证 10x ARR 倍数必须拿到这些指标;否则投资逻辑只是定性判断 | 向 CFO 索取;复核董事会财务材料 |
| 诉讼风险上限 | 和解区间、保险覆盖、诉讼保全 | 集体诉讼可能吃掉 Series D 轮 $15-50M 现金跑道 | 聘请外部律师;要求 D&O 和网络责任险保单 |
| 事件后的 OAuth / 扩展程序安全 | 事件后加固的详细技术规格 | 确认重复事件概率已经降低 | 召开工程管理层会议;代码审查扩展程序构建流水线 |
| GCP 基础设施灾备和正常运行时间 | 多区域状态、正常运行时间 SLA、FY25 实际正常运行时间 | 单区域 GCP = 企业 SLA 的重大可用性风险 | 与基础设施负责人复核;要求运行手册 |
| 客户 ARR 集中度 | 前 5 大和前 10 大客户占 ARR 比例 | 集中度高时,关键客户解约会制造流失风险 | 通过保密披露向 CEO 或 CRO 索取 |
| Series D 轮股权结构表和优先股堆叠 | 完整股权结构表、清算优先权条款、反稀释条款 | 优先股悬置影响回报曲线;参与权影响退出经济性 | 向公司法律顾问索取 |
投资决策定稿前必须完成的六项尽调提问。来源:cyberhaven.com、siliconangle.com。
[CV039, CV040]从规模和证据到风险评估,再到投资建议的逻辑链。起点是已展示的 ARR 增长和客户证明,随后进入产品差异化评估,再经过风险关卡(事件历史、财务不透明、竞争威胁),最终给出有条件继续研究建议,前提是满足三项证据要求。
简化的 IC 决策逻辑;实际流程包含并行证据线。
[CV031, CV032]8.6 证据项
免责声明
本报告是基于公开证据的尽调快照,不构成投资建议。重要的财务、法律、技术和合同事实仍未公开;任何投资决策前,都应直接向管理层和原始文件核验。
证据索引
| 编号 | 陈述 | 可信度 | 来源 |
|---|---|---|---|
| CO001 | Cyberhaven says its platform unifies DSPM, DLP, insider risk, and AI security across endpoints, cloud, on-prem, SaaS, and AI tools. | 高 | SO001, SO002 |
| CO002 | Cyberhaven markets the product as one unified AI and data security platform rather than standalone point tools. | 中 | SO002 |
| CO003 | Redpoint and Tracxn both list five Cyberhaven co-founders: Cristian Zamfir, George Candea, Radu Banabic, Vitaly Chipounov, and Volodymyr Kuznetsov. | 中 | SO016, SO023 |
| CO004 | Redpoint and Tracxn both place Cyberhaven in San Jose, California / United States. | 中 | SO016, SO023 |
| CO005 | Tracxn lists 2016 as Cyberhaven's founding year. | 中 | SO023 |
| CO006 | Tracxn classifies Cyberhaven as a Series D company. | 中 | SO023 |
| CO007 | Cyberhaven's extension privacy policy lists 345 California Avenue, Palo Alto, California, as a company contact address. | 中 | SO010 |
| CO008 | Cyberhaven's September 17, 2024 leadership release uses a San Jose, California dateline. | 中 | SO006 |
| CO009 | Cyberhaven's April 2, 2025 Series D release uses a Palo Alto, California dateline. | 中 | SO003 |
| CO010 | Cyberhaven's November 19, 2025 and February 10, 2026 releases use Mountain View, California datelines. | 中 | SO007, SO008 |
| CO011 | Cyberhaven announced a $100 million Series D on April 2, 2025 led by StepStone Group, with Schroders and Industry Ventures as new investors. | 高 | SO003, SO012 |
| CO012 | Cyberhaven said the Series D brought total funding to $250 million and valuation to $1 billion. | 高 | SO003, SO012, SO017 |
| CO013 | Cyberhaven announced an $88 million Series C on June 11, 2024 led by Adams Street Partners and Khosla Ventures. | 高 | SO004, SO018 |
| CO014 | Cyberhaven said Fred Wang of Adams Street joined its board as part of the Series C financing. | 高 | SO004, SO018 |
| CO015 | Cyberhaven announced a $33 million Series B on December 14, 2021 led by Redpoint Ventures. | 高 | SO005, SO016, SO023 |
| CO016 | Cyberhaven said ARR had grown 5x in the 12 months before the December 2021 Series B announcement. | 中 | SO005 |
| CO017 | Cyberhaven announced on September 17, 2024 that Nishant Doshi, Edward Sharp, Kristin Vines, and Manoj Gupta joined the executive team. | 高 | SO006, SO013 |
| CO018 | Cyberhaven said the September 2024 leadership expansion came during a breakout year with 200 percent growth in new bookings. | 高 | SO006, SO013 |
| CO019 | BankInfoSecurity reported on May 13, 2025 that Howard Ting resigned as CEO and Nishant Doshi became interim CEO after a three-month transition. | 中 | SO021 |
| CO020 | BankInfoSecurity reported that Howard Ting remained on Cyberhaven's board after the CEO transition. | 中 | SO021 |
| CO021 | Cyberhaven's February 2026 growth release identified Nishant Doshi as CEO and said James McCarthy and Aman Sirohi had joined the executive team. | 高 | SO007, SO014 |
| CO022 | Cyberhaven said fiscal 2026 revenue grew at a triple-digit rate over the prior year. | 高 | SO007, SO014 |
| CO023 | Cyberhaven said fiscal 2026 customer growth exceeded 50 percent year over year. | 高 | SO007, SO014 |
| CO024 | Cyberhaven said it serves four of the top five companies on Forbes' AI 50 list. | 高 | SO007, SO014 |
| CO025 | Cyberhaven said it serves the top five North American banks plus major financial, legal, retail, healthcare, and media organizations. | 高 | SO007, SO014 |
| CO026 | Cyberhaven and Yahoo Finance both state Cyberhaven ranked number 51 on Deloitte's 2025 Technology Fast 500. | 高 | SO008, SO025 |
| CO027 | Cyberhaven's homepage and newsroom highlight Deloitte Fast 500 and Redpoint InfraRed 100 recognition. | 中 | SO001, SU001 |
| CO028 | Cyberhaven and PR Newswire said on November 17, 2022 that the company launched an Insider Threat Platform that can automatically stop exfiltration in real time. | 高 | SO009, SO015 |
| CO029 | TechCrunch and BleepingComputer reported that a malicious version 24.10.4 of Cyberhaven's Chrome extension was published after a company-account compromise in late December 2024. | 高 | SO019, SO020 |
| CO030 | TechCrunch and Nightfall reported that the compromised Cyberhaven extension exposed approximately 400,000 users to credential and session-token theft risk. | 中 | SO019, SO022 |
| CO031 | Nightfall and BleepingComputer reported that the Cyberhaven compromise was part of a broader campaign affecting more than 35 extensions and roughly 2.6 million users. | 中 | SO022, SO020 |
| CO032 | Nightfall and BleepingComputer reported that Cyberhaven removed the malicious package, published version 24.10.5, and advised credential rotation. | 中 | SO022, SO020 |
| CO033 | Cyberhaven's Trust Center lists SOC 2 Type 2, GDPR, CCPA, and PCI DSS v4.0.1 compliance materials. | 中 | SO011 |
| CO034 | Cyberhaven's extension privacy policy says employer customers control extension data and the policy was last updated on September 5, 2024. | 中 | SO010 |
| CO035 | Tracxn says Cyberhaven has raised $236 million across six rounds and had a $1 billion valuation as of April 2, 2025. | 中 | SO023 |
| CO036 | SecurityWeek reported that Cyberhaven's June 2024 Series C implied a $488 million valuation. | 中 | SO018 |
| CO037 | SecurityWeek's June 2024 coverage named Fox, Canon, Reddit, and SurveyMonkey as Cyberhaven customers. | 中 | SO018 |
| CO038 | PitchBook's public FAQ lists 2014 as Cyberhaven's founding year. | 低 | SO024 |
| CO039 | PitchBook's public FAQ lists Austin, Texas as Cyberhaven's headquarters. | 低 | SO024 |
| CO040 | PitchBook's public FAQ lists 282 total employees for Cyberhaven. | 低 | SO024 |
| CO041 | BankInfoSecurity reported that Cyberhaven grew from 18 people in June 2020 to roughly 220 people by May 2025. | 中 | SO021 |
| CO042 | Cyberhaven said its Series D proceeds would fund M&A, go-to-market expansion, and ongoing innovation. | 高 | SO003, SO012 |
| CO043 | Cyberhaven's Trust Center advertises access-gated diligence materials including a SOC 2 bridge letter, application penetration testing, and cyber insurance. | 中 | SO011 |
| CO044 | Tracxn says Cyberhaven has 23 institutional investors and 6 angel investors. | 中 | SO023 |
| CO045 | Cyberhaven publicly targets technology/SaaS, manufacturing, law firms, investment management, and healthcare. | 中 | SO001, SO002 |
| CO046 | Cyberhaven said its unified AI and data security platform reached general availability in February 2026 after DSPM and AI-control releases through 2025. | 中 | SO007 |
| CO047 | Cyberhaven says 80%+ of data exfiltration involves fragments and snippets rather than complete files. | 中 | SO001 |
| CO048 | Cyberhaven says legacy data security tools produce 90%+ false positives. | 中 | SO001 |
| CO049 | Cyberhaven says its customers see 5x faster incident investigations and 90% fewer false positives. | 中 | SO001, SP001 |
| CO050 | Cyberhaven’s July 2025 press release says the company rebuilt DLP and insider threat protection around a data-lineage-first architecture. | 中 | SP001 |
| CO051 | Microsoft says Purview can enforce DLP policies across cloud apps, email, devices, Microsoft Fabric, and AI. | 中 | SM003 |
| CO052 | Grand View Research says DLP adoption is driven by breaches, regulatory compliance, data classification needs, and AI/cloud complexity. | 中 | SM017 |
| CO053 | ResearchAndMarkets says cloud deployment of insider risk management is projected to reach $2.1 billion by 2030. | 中 | SM020 |
| CO054 | Cyberhaven says traditional DLP often leaves prevention disabled because false positives block normal work. | 中 | SP002 |
| CO055 | SecurityWeek reported that the malicious Cyberhaven extension stole Facebook access tokens, user IDs, and account information. | 中 | SP004 |
| CO056 | Microsoft Learn says Purview DLP can show policy tips, block sharing, and allow user overrides with justification. | 中 | SP005 |
| CO057 | Forcepoint documentation says the product helps businesses discover, classify, monitor, and protect data with low user friction. | 中 | SO026 |
| CO058 | Teramind positions its platform as a unified combination of DLP, employee monitoring, and insider-threat management with behavioral analytics and real-time intervention. | 中 | SP018 |
| CO059 | Proofpoint emphasizes timeline and evidence-driven insider investigations, while Cyberhaven emphasizes lineage-driven incident reconstruction. | 中 | SP009, SP003 |
| CO060 | As of May 2026, no litigation, SEC enforcement actions, or regulatory fines arising from the December 2024 extension incident had been publicly disclosed. | 中 | SE012 |
| CO061 | Code signing for Cyberhaven endpoint sensor packages is performed only by Cyberhaven engineers using hardware and software mechanisms provided by Microsoft and Apple. | 中 | SE001 |
| CO062 | Cyberhaven's security policy requires all code deployed in production to be peer-reviewed and security-audited by at least one other Cyberhaven engineer. | 中 | SE001 |
| CO063 | Cyberhaven stores all SaaS customer data in North America (GCP), with other regions available on request, provided they are supported by Google Cloud. | 中 | SE001 |
| CM001 | Cyberhaven positions itself as an AI and data security platform that unifies DSPM, DLP, insider risk management, and AI security. | 中 | SO001 |
| CM002 | Cyberhaven says its platform protects data across endpoints, cloud, on-prem, SaaS, and AI tools. | 中 | SO001, SM002 |
| CM003 | Cyberhaven’s marketplace listing says the product combines DLP, insider risk management, and cloud data security for security teams and IT professionals. | 中 | SM001 |
| CM004 | Cyberhaven’s marketplace listing says its DLP controls cover cloud, web, email, removable storage, and Bluetooth/AirDrop channels. | 中 | SM001 |
| CM005 | Cyberhaven’s marketplace listing targets technology, manufacturing, law, investment management, and healthcare organizations handling sensitive or regulated data. | 中 | SM001 |
| CM006 | Channel Insider says Cyberhaven’s generally available DSPM expands a unified platform across endpoints, cloud services, SaaS applications, on-prem systems, and generative AI workflows. | 中 | SM002 |
| CM007 | Channel Insider says Cyberhaven positions its DSPM against standalone tools focused narrowly on cloud storage. | 中 | SM002 |
| CM008 | Microsoft says Purview uses integrated data security solutions to help organizations discover and protect data across the organization. | 中 | SM003 |
| CM009 | Microsoft says Purview can secure data across platforms, devices, generative AI applications, and AI agents with combined data and user context. | 中 | SM003 |
| CM010 | Microsoft’s Purview portfolio publicly groups data security posture management, information protection, data loss prevention, insider risk management, and investigations in one suite. | 中 | SM003 |
| CM011 | Microsoft Learn says Insider Risk Management covers malicious and inadvertent risks such as IP theft, data leakage, and security violations. | 中 | SM005 |
| CM012 | Microsoft Learn says Insider Risk Management is privacy-by-design and pseudonymizes users by default. | 中 | SM005, SM007 |
| CM013 | Microsoft Learn says Insider Risk Management requires supported subscriptions, assigned licenses, and the correct role-group permissions. | 中 | SM006 |
| CM014 | Microsoft’s privacy guide says global administrators do not have insider-risk access by default and risky-activity indicators require explicit opt-in. | 中 | SM007 |
| CM015 | Microsoft Learn says Purview compliance solutions include audit, communication compliance, compliance manager, data lifecycle management, eDiscovery, and records management. | 中 | SM008 |
| CM016 | Zscaler says unified DLP secures internet, email, endpoint, IaaS, private apps, and risk posture in one platform. | 中 | SM009 |
| CM017 | Zscaler says legacy DLP leaves protection gaps and buries teams in alerts and false positives. | 中 | SM009 |
| CM018 | Palo Alto defines DSPM as discovering, classifying, monitoring, and protecting sensitive data across hybrid and multicloud environments. | 中 | SM010 |
| CM019 | Palo Alto’s Prisma Cloud DSPM API documentation says DSPM integrates with other security tools and automates threat detection and response. | 中 | SM011 |
| CM020 | Palo Alto’s public market guide says 2025 DSPM market estimates range from $415 million to $2.0 billion and forecast 25%-37% annual growth through 2030. | 中 | SM012 |
| CM021 | Palo Alto’s public market materials say survey sources show 75% of enterprises plan DSPM deployment by mid-2025. | 中 | SM012, SM013 |
| CM022 | Palo Alto’s 2026 DSPM Adoption Report says 19% of enterprises had DSPM in production by Q4 2024 and 56% planned investment within 12 months. | 中 | SM013 |
| CM023 | Palo Alto’s 2026 DSPM Adoption Report says fragmented tools and integrations with SIEM, ticketing, identity, and DLP systems slow deployment. | 中 | SM013 |
| CM024 | Palo Alto’s DSPM tools guide says buyers evaluate DSPM tools on discovery accuracy, classification accuracy, compliance reporting, connectors, and automated remediation. | 中 | SM014 |
| CM025 | Palo Alto’s DSPM tools guide says early DSPM deployments can create overwhelming alert volumes when classification tuning is weak. | 中 | SM014 |
| CM026 | SEC rules require public companies to disclose material cybersecurity incidents on Form 8-K generally within four business days after determining materiality. | 中 | SM015 |
| CM027 | SEC rules also require annual disclosure of cybersecurity risk management, strategy, and governance in Form 10-K. | 中 | SM015 |
| CM028 | CISA publishes an Insider Threat Mitigation Guide as official guidance for organizations building insider-threat programs. | 中 | SM016 |
| CM029 | Grand View Research says the global DLP market was $1.87 billion in 2022 and is projected to reach $9.33 billion by 2030 at a 22.3% CAGR. | 中 | SM017 |
| CM030 | Grand View Research says cloud-based deployment held 56.3% of the DLP market in 2022 and North America held 29.1%. | 中 | SM017 |
| CM031 | Grand View Research says DLP implementation is expensive and becomes harder across fragmented on-prem, cloud, and mobile environments. | 中 | SM017 |
| CM032 | Growth Market Reports says the DSPM market reached $1.42 billion in 2024 and is projected to reach $17.2 billion by 2033 at a 33.6% CAGR. | 中 | SM018 |
| CM033 | Growth Market Reports says DSPM demand is driven by cloud adoption, regulatory mandates, and rising cyber threats. | 中 | SM018 |
| CM034 | Growth Market Reports says BFSI, healthcare, and government are key regulated sectors adopting DSPM. | 中 | SM018 |
| CM035 | DataHorizzon says the DSPM tool market was $1.8 billion in 2023 and is forecast to reach $5.7 billion by 2033 at a 12.1% CAGR. | 中 | SM019 |
| CM036 | DataHorizzon says hybrid and multicloud complexity plus internal skill gaps create barriers to DSPM rollout. | 中 | SM019 |
| CM037 | ResearchAndMarkets says the insider risk management market was $2.4 billion in 2024 and is projected to reach $3.7 billion by 2030 at a 7.6% CAGR. | 中 | SM020 |
| CM038 | ResearchAndMarkets says modern IRM platforms rely on behavioral analytics, machine learning, and integration with DLP, EDR, IAM, and SIEM. | 中 | SM020 |
| CM039 | Verified Market Reports says the insider risk management market was $3.14 billion in 2024 and could reach $8.23 billion by 2033 at an 11.2% CAGR. | 中 | SM021 |
| CM040 | HIPAA Journal says Verizon’s 2024 DBIR found internal actors behind 70% of healthcare data breaches and 83% of healthcare breaches concentrated in miscellaneous errors, privilege misuse, and system intrusion. | 中 | SM022 |
| CM041 | HIPAA Journal says non-malicious human error was involved in 68% of breaches under Verizon’s 2024 methodology. | 中 | SM022 |
| CM042 | Verizon says DBIR data is contributed by law enforcement, insurers, forensic firms, cybersecurity sharing groups, and Verizon’s own VTRAC caseload, and is intended as a benchmark for internal audits and incident response. | 中 | SM023 |
| CM043 | Microsoft’s main Purview page says the product offers unified data security, governance, and compliance for the era of AI through free-trial or contact-sales motions. | 中 | SM004 |
| CM044 | Microsoft’s main Purview page says user-based protections are sold through the Purview Suite while broader data-estate, analytics, and AI-app capabilities are sold with pay-as-you-go pricing. | 中 | SM004 |
| CP001 | Cyberhaven publicly says its DLP combines content analysis with data lineage to identify important data more precisely. | 中 | SP002, SP003, SP001 |
| CP002 | Cyberhaven's comparison page claims 95% fewer false positives than traditional or standalone classification methods. | 低 | SP003 |
| CP003 | Cyberhaven's July 2025 newswire announcement says organizations using its reimagined platform report 90% fewer false positives and 5x faster investigations. | 低 | SP001 |
| CP004 | Cyberhaven says it reconstructs the full chain of events around a data incident before attempted exfiltration. | 中 | SP002, SP003 |
| CP005 | Cyberhaven reported FY2026 customer growth of more than 50%. | 中 | SO007 |
| CP006 | Cyberhaven reported that four of the top five Forbes AI 50 companies were customers in FY2026. | 中 | SO007 |
| CP007 | Cyberhaven said its customers include top North American banks, law firms, healthcare providers, and other regulated organizations. | 中 | SO007 |
| CP008 | Independent reporting says Cyberhaven raised $100 million in a Series D round at a $1 billion valuation in April 2025 and reached $250 million total funding. | 中 | SO017, SP020 |
| CP009 | BankInfoSecurity reported that Cyberhaven employed nearly 200 people in April 2025 and was using new funding to push into GenAI security and DSPM. | 中 | SP020 |
| CP010 | SecurityWeek reported that attackers compromised Cyberhaven's Chrome Web Store administrator account and that the malicious extension update was available for just over 24 hours. | 中 | SP004 |
| CP011 | Microsoft Learn says Purview DLP uses deep content analysis and machine learning rather than simple text scanning. | 中 | SP005 |
| CP012 | Microsoft Learn says Purview DLP covers Exchange, SharePoint, OneDrive, Teams, endpoint devices, on-premises file shares, and non-Microsoft cloud apps. | 中 | SP005 |
| CP013 | Microsoft Learn says Insider Risk Management pseudonymizes users by default as part of a privacy-by-design architecture. | 中 | SM005 |
| CP014 | Microsoft Learn says Insider Risk Management correlates signals, offers policy templates, and can escalate cases to eDiscovery Premium. | 中 | SM005 |
| CP015 | Microsoft's official pricing page says Purview combines subscription-based capabilities with consumption-based pricing, and Insider Risk Management is billed in DSPUs tied to 10,000 user activity logs. | 中 | SP006 |
| CP016 | Forcepoint markets DLP across endpoint, cloud, web, and email with risk-adaptive protection. | 中 | SP007 |
| CP017 | Broadcom's official web page shows Symantec Data Loss Prevention remains a marketed enterprise product family. | 低 | SP008 |
| CP018 | Proofpoint says its insider-threat platform gathers telemetry from endpoints, email, and cloud in a centralized dashboard. | 中 | SP009 |
| CP019 | Proofpoint says it can prevent data exfiltration through USB, web upload, cloud sync, print, and network share using risk-based controls. | 中 | SP009 |
| CP020 | Mimecast says its insider-risk solution detects, assesses, and reduces insider threats without disrupting employee productivity. | 中 | SP011 |
| CP021 | Mimecast says risky data movement can be monitored across files, users, and applications with no policy setup required. | 中 | SP011 |
| CP022 | Mimecast says it uses file, user, and destination context plus automated controls to deter, block, and contain insider threats. | 中 | SP010, SP011 |
| CP023 | Varonis says its DLP is agentless and cloud-native, automatically discovers and classifies data at rest, prevents exposure, monitors activity, and stops exfiltration. | 中 | SP012 |
| CP024 | Varonis markets a broader platform that includes DSPM, data-centric UEBA, access governance, DLP, and AI security across cloud, SaaS, and on-prem environments. | 中 | SP013 |
| CP025 | Nightfall says its DEX product prevents sensitive data from leaving endpoints, SaaS, and AI tools by tracing data flows, blocking risky actions, and coaching users in real time. | 中 | SP016 |
| CP026 | Nightfall publishes per-user-year pricing tiers for DDR and DEX, plus a Complete tier with dedicated customer success and a 1-hour support SLA. | 中 | SP014 |
| CP027 | Nightfall's competitor brief says Cyberhaven can have SaaS visibility gaps, endpoint upload blind spots, deployment complexity, and delayed remediation versus real-time blocking platforms. | 低 | SP015 |
| CP028 | Teramind's Cyberhaven alternatives page says its DLP package is priced at $32 per seat per month and includes automated actions to block data leaks in real time. | 中 | SP018, SP017 |
| CP029 | Teramind's pricing page says the DLP tier includes 200 pre-packaged DLP rules and automatic DLP blocking, with higher packaging for enterprise and government buyers. | 中 | SP017 |
| CP030 | Public shortlists from Nightfall, Teramind, and Kitecyber repeatedly group Microsoft Purview, Forcepoint, Mimecast/Incydr, Nightfall, Symantec DLP, and DTEX into Cyberhaven evaluation sets. | 低 | SP015, SP018, SP019 |
| CP031 | Those same public shortlist sources show Cyberhaven competing simultaneously against direct insider-risk tools, incumbent enterprise DLP suites, and adjacent cloud or AI DLP vendors. | 中 | SP015, SP018, SP019 |
| CP032 | Cyberhaven's FY2026 release says it added a unified Data Catalog, AI-powered classification, cloud connectors for OneDrive, SharePoint, and Google Drive, and endpoint data-at-rest scanning. | 中 | SO007 |
| CP033 | Cyberhaven's July 2025 announcement says cloud connectors extended data lineage into OneDrive, SharePoint, and Google Drive. | 中 | SP001 |
| CP034 | Cyberhaven's comparison page says legacy DLP typically carries higher TCO because of false positives, maintenance, and professional-services overhead. | 低 | SP003 |
| CP035 | Public documentation from Microsoft, Forcepoint, Proofpoint, and Mimecast shows buyers can extend existing suites or adjacent controls instead of replacing everything with a net-new lineage platform. | 中 | SP005, SP007, SP009, SP011 |
| CP036 | Microsoft and Forcepoint benefit from installed-base distribution because they are sold as broader suites rather than standalone DLP point products. | 中 | SP006, SP007, SP018 |
| CP037 | Among the reviewed sources, Microsoft, Nightfall, and Teramind expose concrete public pricing or metering signals, while Cyberhaven and several incumbents do not. | 中 | SP006, SP014, SP017, SP002, SP007, SP011, SP012 |
| CP038 | Cyberhaven's most defensible public wedge is lineage-driven context and investigation quality, but rival messaging attacks SaaS coverage depth, deployment burden, and trust posture. | 中 | SP003, SP015, SP004 |
| CI001 | Cyberhaven positions its product as one unified platform spanning DSPM, DLP, IRM, and AI Security. | 中 | SO002, SO007 |
| CI002 | Cyberhaven says its DLP protects data across email, web, cloud, and devices. | 中 | SO002, SM001 |
| CI003 | Cyberhaven says its insider-risk product combines data and behavior signals to stop insider threats. | 中 | SO002 |
| CI004 | Cyberhaven says its AI Security product helps organizations understand shadow AI usage and prevent data leaks to AI tools. | 中 | SO002, SO007 |
| CI005 | Cyberhaven says its data-lineage technology maps the full journey of sensitive data from origin through movement and transformation. | 中 | SO002, SO003, SM001 |
| CI006 | Cyberhaven's official website routes prospective buyers to a request-demo flow rather than to a public checkout page. | 中 | SI001 |
| CI007 | Cyberhaven offers a free on-demand demo targeted at IT professionals and decision-makers. | 中 | SI002 |
| CI008 | Cyberhaven claims its platform reduces data-security program cost by eliminating noise and false positives. | 中 | SI001 |
| CI009 | Cyberhaven's customer page reports a 200 percent improvement in time-to-resolution. | 中 | SI003 |
| CI010 | Cyberhaven's customer page reports an 80 percent reduction in risky behavior after enabling real-time user coaching popup messages. | 中 | SI003 |
| CI011 | Cyberhaven names Motorola as a customer using the platform to identify and stop exfiltration of product designs before launch. | 中 | SI003 |
| CI012 | Cyberhaven names Navan as a customer protecting source code and customer data with its platform. | 中 | SI003 |
| CI013 | Cyberhaven names Iron Mountain as a customer tracking and protecting sensitive data across global storage infrastructure. | 中 | SI003 |
| CI014 | Cyberhaven's partner program includes reseller, technology-partner, and integration-partner tracks. | 中 | SI004 |
| CI015 | Cyberhaven claims its platform can lower total cost of ownership by reducing tool count and speeding remediation. | 中 | SI004 |
| CI016 | Cyberhaven announced an $88 million Series C financing on 2024-06-11 led by Adams Street Partners and Khosla Ventures. | 中 | SO004 |
| CI017 | Cyberhaven's Series C announcement said the company had 200 percent growth in new bookings. | 中 | SO004 |
| CI018 | Cyberhaven said Series C proceeds would expand its product offerings and market reach. | 中 | SO004 |
| CI019 | Cyberhaven announced a $100 million Series D financing on 2025-04-02 led by StepStone Group with participation from Schroders and Industry Ventures. | 中 | SO003, SO012 |
| CI020 | Cyberhaven said the Series D brought total funding to $250 million and valuation to $1 billion. | 中 | SO003, SO012, SO017 |
| CI021 | Cyberhaven said Series D proceeds would fund M&A, organic innovation, and aggressive go-to-market investment. | 中 | SO003, SP020 |
| CI022 | Cyberhaven's FY2026 results release said the year ended 2026-01-31 delivered record growth in revenue, customers, and platform adoption. | 中 | SO007, SO014 |
| CI023 | Cyberhaven's FY2026 results release said the company achieved triple-digit growth over the prior year. | 中 | SO007, SO014 |
| CI024 | Cyberhaven's FY2026 results release said customer growth exceeded 50 percent. | 中 | SO007, SO014 |
| CI025 | Cyberhaven's FY2026 results release said customers included four of the top five companies on Forbes' AI 50 list. | 中 | SO007, SO014 |
| CI026 | Cyberhaven's FY2026 results release said customers included the top five North American banks, other global financial institutions, major regulatory bodies, and leading law firms. | 中 | SO007, SO014 |
| CI027 | Cyberhaven said its Unified AI & Data Security Platform reached general availability in February 2026. | 中 | SO007 |
| CI028 | As of 2026-04-22, Cyberhaven said its platform was available on AWS Marketplace, Microsoft Azure Marketplace, and Google Cloud Marketplace. | 中 | SI005 |
| CI029 | Cyberhaven said customers can apply existing AWS, Azure, or Google Cloud committed spend toward Cyberhaven purchases made through those marketplaces. | 中 | SI005 |
| CI030 | Cyberhaven said all three marketplace listings support channel-led transactions and described itself as a channel-first company. | 中 | SI005, SI004 |
| CI031 | Microsoft Azure Marketplace describes Cyberhaven Data Detection and Response as combining data lineage with real-time risk detection and response across cloud environments, endpoints, and removable media. | 中 | SM001 |
| CI032 | Microsoft Azure Marketplace says Cyberhaven can leverage Microsoft Purview labels and trace or block data originating from systems such as Salesforce. | 中 | SM001 |
| CI033 | AWS Marketplace private offers keep pricing and EULA terms non-public and negotiated with the seller. | 中 | SI009 |
| CI034 | Gartner Peer Insights says Cyberhaven uses subscription-tier pricing that commonly depends on endpoints or data-volume scope, with enterprise contracts and volume discounts available on request. | 中 | SI007 |
| CI035 | Vendr lists Cyberhaven's median contract value at $35,016 per year, with a low-high range of $28,309 to $49,221. | 低 | SI006 |
| CI036 | PeerSpot says Cyberhaven's DLP-category mindshare was 2.3 percent in May 2026, up from 1.5 percent a year earlier. | 低 | SI008 |
| CI037 | Datanyze lists Cyberhaven revenue at $64.9 million. | 低 | SI014 |
| CI038 | Datanyze lists Cyberhaven at 309 employees. | 低 | SI014 |
| CI039 | Datanyze says Cyberhaven has raised $236 million over five rounds. | 低 | SI014 |
| CI040 | Growjo estimates Cyberhaven's annual revenue at $52.4 million. | 低 | SI013 |
| CI041 | Growjo estimates Cyberhaven at 228 employees. | 低 | SI013 |
| CI042 | Growjo says Cyberhaven's employee count grew 69 percent over the last year. | 低 | SI013 |
| CI043 | ZoomInfo lists Cyberhaven revenue at $64.9 million. | 低 | SI015 |
| CI044 | ZoomInfo lists Cyberhaven in a 201-500 employee band. | 低 | SI015 |
| CI045 | The North Carolina Secretary of State filing page says no annual reports are currently due for Cyberhaven, Inc. | 中 | SI010 |
| CI046 | The North Carolina Secretary of State filing page shows a Cyberhaven annual report filed on 2026-04-15 for fiscal date 2026-01-31. | 中 | SI010 |
| CI047 | Retained official pricing and procurement sources do not publish a public list price for Cyberhaven; the buyer path is demo-led or privately negotiated. | 中 | SI001, SI002, SI005, SI009 |
| CI048 | Retained public sources reviewed for this chapter do not disclose Cyberhaven cash on hand, monthly burn, or runway as of 2026-05-05. | 低 | SO003, SO007, SI010, SI011 |
| CI049 | Retained public sources reviewed for this chapter do not disclose Cyberhaven CAC, payback, win rate, or sales-cycle metrics. | 低 | SO007, SI006, SI007 |
| CI050 | Retained public sources reviewed for this chapter do not disclose Cyberhaven gross margin, service-delivery cost, working-capital metrics, or capex. | 低 | SO007, SI010, SI011 |
| CI051 | Retained public sources reviewed for this chapter do not disclose Cyberhaven revenue mix by module or channel, or a revenue-recognition policy. | 低 | SO002, SI001, SO003, SI007, SI009 |
| CI052 | Retained public sources reviewed for this chapter do not disclose debt, credit-facility, or project-finance obligations for Cyberhaven. | 低 | SI010, SI011, SI012 |
| CE001 | Cyberhaven offers a unified AI & Data Security Platform combining DSPM, DLP, IRM, and AI Security in a single solution. | 高 | SO002, SP001 |
| CE002 | Cyberhaven claims to reduce false positive alerts by 95% compared with other DLP tools by adding lineage context to policy decisions. | 中 | SO002 |
| CE003 | Cyberhaven's platform targets enterprise customers with high concentrations of valuable IP, regulated data, or active insider risk in technology, finance, manufacturing, healthcare, and legal sectors. | 高 | SO002, SI003, SI008 |
| CE004 | Cyberhaven announced a product launch event themed "Securing the Agentic AI Era" for May 5, 2026, suggesting continued AI governance product expansion. | 中 | SO002 |
| CE005 | Cyberhaven's DSPM module discovers and classifies data across cloud and endpoint environments and continuously monitors data movement between clouds and devices. | 中 | SO002 |
| CE006 | Cyberhaven's DLP module enforces real-time blocking and user coaching across email, web, cloud, and devices using lineage-enriched policy decisions. | 高 | SO002, SE006 |
| CE007 | Cyberhaven's IRM module combines data-movement signals with behavioral signals to detect insider threats and clarify intent, capturing slow-burn exfiltration patterns. | 中 | SO002 |
| CE008 | Cyberhaven's AI Security module monitors shadow AI usage, assesses AI risk posture, and prevents data leaks to AI tools including ChatGPT and other generative AI applications. | 中 | SO002 |
| CE009 | Linea AI includes a Detection Agent (using LLiM for autonomous risk detection) and an Analyst Agent (for automated investigation and reporting). | 中 | SO002, SP001 |
| CE010 | The Large Lineage Model (LLiM) is described as a purpose-built AI model trained on lineage graph data rather than general text, proprietary to Cyberhaven. | 低 | SO002 |
| CE011 | Cyberhaven uses three deployment modes: endpoint agent (Windows/macOS/Linux), browser extension (Chrome), and cloud API connectors (Google Workspace, Microsoft 365). | 高 | SO002, SE001, SE003 |
| CE012 | Cyberhaven's backend infrastructure runs exclusively on Google Cloud Platform (GCP) in US data centers, with each customer running a fully isolated instance with dedicated virtual compute, storage, and network. | 高 | SE001, SE005 |
| CE013 | Cyberhaven uses a microservices architecture built on the principle of least privilege, minimizing attack surface and limiting the impact of any compromise. | 中 | SE001 |
| CE014 | Cyberhaven's public REST API exposes three endpoints: /api/rest/v1/endpoints/list, /api/rest/v1/incidents/list, and /api/rest/v1/audit-log/dataflow/list, all authenticated via temporary bearer tokens. | 高 | SE003, SE011 |
| CE015 | The edm-cli Python CLI, hosted at github.com/CyberhavenInc/edm-cli, allows programmatic management of Exact Data Match (EDM) databases using Spooky Hash V2 and SHA256 fingerprinting. | 中 | SE004, SE005 |
| CE016 | The CyberhavenInc GitHub organization maintains public repos including api2 (Go HTTP API library), cel2sql (CEL-to-SQL converter), and protoc-gen-grpc-gateway-ts (gRPC TypeScript generator), indicating an internal stack using Go, gRPC, and TypeScript. | 中 | SE005 |
| CE017 | Cyberhaven integrations include Google Workspace, Microsoft Entra ID, Okta, Workday, Elastic, Splunk, Google Drive, Microsoft 365, ChatGPT, Slack, Google Cloud Platform, and Microsoft Azure. | 中 | SO002, SE003 |
| CE018 | Cyberhaven became available on AWS Marketplace, Azure Marketplace, and GCP Marketplace in April 2026, enabling purchases against committed cloud spend. | 中 | SI003 |
| CE019 | Motorola reported a 90% reduction in false positives, 98% reduction in investigation time, 50% increase in actionable alerts, and 90% reduction in risky events after deploying Cyberhaven. | 中 | SE007, SI003 |
| CE020 | Cyberhaven's customers page claims 200% improvement in time-to-resolution and 80% reduction in risky behavior using Cyberhaven's data lineage and coaching capabilities. | 低 | SI003 |
| CE021 | PeerSpot mindshare for Cyberhaven in the DLP category stands at 2.3% as of May 2026, up from 1.5% year-over-year, indicating growing market recognition. | 中 | SI008 |
| CE022 | Gartner Peer Insights shows a 4.6/5 rating for Cyberhaven from 48 reviews as of 2026, with strengths in seamless DLP and data insights. | 中 | SE009 |
| CE023 | FeaturedCustomers lists 17 testimonials and 1 case study for Cyberhaven, with a composite rating of 4.8/5 based on 953 reference ratings. | 中 | SE008 |
| CE024 | Motorola's CISO Richard Rushing stated that Cyberhaven provides real-time visibility into data flows and stops insider threats in real time. | 高 | SE007, SO020, SI003 |
| CE025 | Cyberhaven holds SOC 2 Type 2 certification with a Bridge Letter valid through January 2026, as listed on the Cyberhaven Trust Center. | 高 | SO011, SE001 |
| CE026 | Cyberhaven is compliant with PCI DSS v4.0.1, GDPR, and CCPA, as documented in its Trust Center. | 高 | SO011, SE002 |
| CE027 | Cyberhaven authentication supports Google SSO (OAuth2), password-based with mandatory 2FA, and SAML 2.0, with an RBAC scheme covering regular users and administrators. | 高 | SE001, SO011 |
| CE028 | Cyberhaven operates a continuous third-party penetration testing program, with each major change tested upon release, and automated vulnerability testing before each release. | 中 | SE001, SO011 |
| CE029 | All data at rest is stored in Google Cloud with GCP key management; A+ rating on Qualys SSL Labs for TLS configuration. | 中 | SE001 |
| CE030 | On December 25, 2024, a malicious version (24.10.4) of Cyberhaven's Chrome extension was published following phishing of the Chrome Web Store admin account, affecting approximately 400,000 corporate users. | 高 | SO019, SO020, SE012 |
| CE031 | The attacker exploited an OAuth authorization flow to gain Chrome Web Store account access, bypassing the employee's MFA and Google Advanced Protection. | 高 | SO022, SO019 |
| CE032 | Cyberhaven detected the extension compromise within approximately one hour of the malicious code going live, removed it, and published a clean version (24.10.5) by December 26, 2024. | 高 | SO019, SO020 |
| CE033 | The December 2024 attack was part of a broader campaign targeting at least 35 Chrome extensions collectively affecting over 2.6 million users, suggesting opportunistic rather than targeted attacker. | 高 | SO022, SE010, SO019, SO020 |
| CE034 | No patent filings for Cyberhaven's data lineage technology or LLiM were found in publicly searchable patent databases during this research. | 低 | |
| CE035 | Cyberhaven's pricing model is not publicly disclosed; pricing requires direct sales engagement. | 高 | SO002, SE006 |
| CE036 | The competitive moat from Cyberhaven's LLiM and lineage technology relies on trade secrets and accumulated data rather than formally registered patents, based on available public evidence. | 低 | SO002, SE004, SE005 |
| CU001 | BleepingComputer confirmed in December 2024 that Cyberhaven's production customers include Snowflake, Motorola, Canon, Reddit, AmeriHealth, Cooley, IVP, Navan, DBS, Upstart, and Kirkland & Ellis — 11 named enterprises across technology, manufacturing, legal, financial services, and healthcare verticals. | 高 | SO020, SI003 |
| CU002 | Cyberhaven's official customer website features Motorola as its flagship reference and describes helping identify and stop exfiltration of product designs before launch, confirming Motorola as a production deployment. | 高 | SI003, SE007 |
| CU003 | Motorola CISO Richard Rushing attributed a 90% reduction in DLP false positives to Cyberhaven deployment, directly addressing the primary pain point of legacy DLP. | 高 | SE007, SO020 |
| CU004 | Motorola's per-incident investigation time fell by 98% following Cyberhaven deployment, as reported by CISO Richard Rushing in the official case study. | 高 | SE007, SI003 |
| CU005 | Motorola observed a 50% increase in actionable security alerts after deploying Cyberhaven, reflecting improved detection precision from data lineage context. | 高 | SE007, SE008 |
| CU006 | Navan (formerly TripActions), a corporate travel and expense SaaS, deployed Cyberhaven for data security, with VP of Security PK Karanth serving as a named reference contact. | 中 | SO020, SI003 |
| CU007 | Iron Mountain deployed Cyberhaven to monitor data flows across its records management and cloud storage infrastructure, with solutions architect Kheun Chan as a named reference. | 中 | SE008, SI003 |
| CU008 | DARPA and the Institute for Defense Analyses (IDA) are Cyberhaven customers, as cited by FeaturedCustomers. Cyberhaven was founded by DARPA competition researchers, and DARPA became a founding-era customer. | 中 | SE008, SI003 |
| CU009 | Snowflake, the cloud data platform with more than $3B annual revenue, is a confirmed Cyberhaven production customer per BleepingComputer's December 2024 incident reporting. | 高 | SO020, SI003 |
| CU010 | DBS Bank, Southeast Asia's largest bank by assets, is a confirmed Cyberhaven customer, demonstrating international financial services penetration in Asia-Pacific. | 高 | SO020, SE002 |
| CU011 | Am Law 100 law firms Cooley and Kirkland & Ellis both use Cyberhaven, confirming adoption in top-tier legal practices where M&A confidentiality and client matter data protection are critical. | 高 | SO020, SI003 |
| CU012 | AmeriHealth (healthcare insurance) and Canon (global electronics manufacturer) are confirmed Cyberhaven customers, representing healthcare and manufacturing vertical coverage respectively. | 高 | SO020, SI003 |
| CU013 | Reddit (social media / technology) and Upstart (AI lending fintech) are confirmed Cyberhaven customers, reflecting adoption across technology SaaS and fintech. | 高 | SO020, SI003 |
| CU014 | IVP (Institutional Venture Partners), a prominent venture capital firm, is a confirmed Cyberhaven customer — suggesting adoption among investment management clients protecting sensitive deal-flow and portfolio data. | 高 | SO020, SI003 |
| CU015 | Cyberhaven's confirmed customer base spans six verticals: Technology/SaaS, Manufacturing, Legal, Financial Services, Healthcare, and Government/Defense, based on disclosed customer names and the company's five-vertical website segmentation strategy. | 高 | SI003, SO020 |
| CU016 | All 14 publicly confirmed Cyberhaven customers are large enterprises with more than 1,000 employees, confirming an enterprise-only go-to-market with no evidence of SMB or mid-market positioning. | 高 | SO020, SO002 |
| CU017 | Cyberhaven holds a 4.6/5 rating on Gartner Peer Insights from 48 verified enterprise reviews, placing it above legacy DLP vendors including Symantec (~3.8), Forcepoint (~3.9), and Microsoft Purview (~4.0). | 高 | SE009, SE008 |
| CU018 | Cyberhaven holds a 4.5/5 rating on G2 from 18 verified business reviews per the 2021 G2 archived snapshot; scores are likely equal or higher in current data given product improvements since 2021. | 中 | SU005, SE008 |
| CU019 | FeaturedCustomers aggregates 953 reference ratings for Cyberhaven with a 4.8/5 composite from 17 testimonials and 1 case study — the highest satisfaction score across the three major review platforms. | 高 | SE008, SE009 |
| CU020 | Cyberhaven's DLP market mindshare on PeerSpot increased from approximately 1.5% to 2.3% between 2024 and May 2026, indicating the fastest growth among emerging DLP vendors tracked during the period. | 中 | SI008, SE009 |
| CU021 | PeerSpot identifies financial services, manufacturing, and healthcare as the three highest-concentration buyer industries reviewing Cyberhaven, consistent with the disclosed customer vertical mix. | 中 | SI008, SE008 |
| CU022 | Gartner named Cyberhaven a Cool Vendor in Data Security, recognizing platform differentiation in the DLP market and signaling analyst endorsement ahead of the $1B Series D. | 高 | SU002, SU001 |
| CU023 | Cyberhaven appeared in Deloitte's 2025 Technology Fast 500, a ranking of fastest-growing technology companies in North America — confirming rapid revenue growth without disclosing the absolute growth rate. | 高 | SU002, SU003 |
| CU024 | Fortune included Cyberhaven in its 2025 Cyber 60 list, ranking it among the top-60 innovative cybersecurity companies, providing mainstream business press validation. | 高 | SU002, SU001 |
| CU025 | Redpoint Ventures placed Cyberhaven in its InfraRed 100 infrastructure security list for three consecutive years, reflecting sustained analyst relevance and investor tracking. | 高 | SU002, SU004 |
| CU026 | Approximately 400,000 corporate end-users were exposed to the malicious Cyberhaven Chrome extension during the December 2024 incident, establishing a lower-bound estimate for the scale of enterprise Chrome extension deployment. | 高 | SO020, SO022 |
| CU027 | The December 2024 Chrome extension incident — affecting ~400,000 corporate users — did not result in any publicly reported customer churn; transparent communication, Mandiant engagement, and a clean extension within 24 hours appear to have contained retention damage. | 中 | SO020, SO022 |
| CU028 | Cyberhaven's expansion motion layers DSPM, IRM, and AI Security modules on top of initial DLP deployments, enabling land-and-expand ARR growth within the same enterprise accounts rather than requiring new customer acquisition. | 中 | SO002, SU006 |
| CU029 | Cyberhaven markets to five named verticals with dedicated industry pages on its website: Technology/SaaS, Manufacturing, Law Firms, Investment Management, and Healthcare — signaling deliberate vertical segmentation rather than generic horizontal positioning. | 高 | SO002, SU007 |
| CU030 | FeaturedCustomers testimonials consistently cite real-time data flow visibility and reduced alert fatigue as primary value drivers, corroborating Motorola's quantified 90% false-positive and 98% investigation-time improvements. | 中 | SE008, SE007 |
| CU031 | PeerSpot user reviews identify Symantec DLP, Forcepoint DLP, and Microsoft Purview as the most frequent competitive alternatives considered by Cyberhaven evaluators, positioning Cyberhaven as an upgrade path from legacy DLP vendors. | 中 | SI008, SE009 |
| CU032 | Cyberhaven's enterprise procurement is enabled by SOC 2 Type 2 (Bridge Letter January 2026), PCI DSS v4.0.1, GDPR, and CCPA compliance, addressing the primary procurement security requirements for financial services, healthcare, and government customers. | 高 | SO011, SE001 |
| CU033 | Cyberhaven sells primarily via direct enterprise sales, supplemented by cloud marketplace availability on AWS, Azure, and GCP announced in April 2026, expanding procurement channels for cloud-committed enterprise buyers. | 中 | SO002, SU001 |
| CU034 | Cyberhaven endpoint deployment occurs via MDM (Windows/macOS/Linux agent) and Google Workspace admin console (Chrome extension), enabling rapid rollout without end-user friction — consistent with fast time-to-value messaging. | 高 | SO002, SE003 |
| CU035 | Gartner Peer Insights scores for legacy DLP vendors (Symantec ~3.8, Forcepoint ~3.9, Microsoft Purview ~4.0) are 0.6–0.8 points below Cyberhaven's 4.6, suggesting higher customer satisfaction among Cyberhaven's installed base relative to category leaders. | 中 | SE009, SI008 |
| CU036 | Of 14 publicly confirmed Cyberhaven customers, 12 are US-headquartered and at least one (DBS, Singapore) is Asian, indicating predominantly US enterprise focus with early international expansion underway. | 高 | SO020, SE002 |
| CU037 | FeaturedCustomers reports that Cyberhaven was founded in 2015 by DARPA competition researchers and that DARPA subsequently became a customer, illustrating a depth of government relationship extending to the company's founding event. | 中 | SE008, SI003 |
| CU038 | No NRR, GRR, annual churn, or cohort retention metrics are publicly available for Cyberhaven. As a pre-IPO company, these metrics are not disclosed; formal diligence must request them directly from the company. | 高 | SU004, SU003 |
| CU039 | Cyberhaven's 7x valuation increase from Series C to Series D ($143M to $1B) and Deloitte Fast 500 inclusion imply rapid ARR growth, though the absolute growth rate and current ARR are not publicly disclosed. | 中 | SU002, SU003 |
| CU040 | Cyberhaven received Black Unicorn recognition in 2024 and subsequently achieved $1B valuation in April 2025, bookending a period of rapid market recognition growth that aligns with the Fortune Cyber 60 and Deloitte Fast 500 designations. | 高 | SU002, SU004 |
| CR001 | GDPR Regulation (EU) 2016/679 Article 28 imposes data processor obligations on Cyberhaven when processing EU personal data on behalf of enterprise customers, including requirements for signed data processing agreements. | 高 | SR001, SE002 |
| CR002 | GDPR Article 32 requires appropriate technical and organisational security measures; non-compliance can result in fines up to EUR 10M or 2% of global annual turnover under Article 83(4). | 高 | SR001, SR004 |
| CR003 | GDPR Article 83(5) fines can reach EUR 20M or 4% of global annual turnover for the most serious violations, including failures of data security under Article 32. | 高 | SR001, SR005 |
| CR004 | The SEC Rule 33-11216 (effective December 2023) requires public companies to disclose material cybersecurity incidents within four business days, creating indirect compliance pressure on vendors like Cyberhaven whose customers are public registrants. | 高 | SR005, SU003 |
| CR005 | California CCPA/CPRA grants consumers broad data rights including deletion and opt-out of sale; CPRA enforcement commenced July 2023 with the California Privacy Protection Agency having active rulemaking authority. | 高 | SR002, SE002 |
| CR006 | The FTC data-security authority under Section 5 of the FTC Act can result in consent decrees imposing 20-year compliance obligations on cybersecurity companies following a material breach. | 高 | SR004, SR009 |
| CR007 | TopClassActions documented a class-action lawsuit filed against Cyberhaven following the December 2024 Chrome extension breach, citing exposure of OAuth credentials for approximately 400,000 corporate users. | 高 | SR008, SR009 |
| CR008 | PCI DSS v4.0.1, effective March 2024, requires data-loss prevention controls for entities storing, processing, or transmitting cardholder data; Cyberhaven holds PCI DSS v4.0.1 certification per its Trust Center. | 高 | SR003, SO011 |
| CR009 | In December 2024, attackers compromised a developer OAuth token via phishing to publish a malicious version v24.10.4 of Cyberhaven Chrome extension, affecting approximately 400,000 corporate users across 35 total compromised extensions. | 高 | SR006, SR009, SR010 |
| CR010 | Cyberhaven released a clean replacement extension (v24.10.5) within approximately 24 hours of detecting the malicious version and engaged Mandiant for forensic investigation. | 高 | SR006, SR010, SE001 |
| CR011 | Spin.AI and Nightfall AI (direct competitors) published analyses of the Cyberhaven extension incident, framing it as evidence that browser-extension DLP architecture is structurally vulnerable to supply-chain attacks. | 高 | SR006, SE010, SR012 |
| CR012 | The December 2024 attack vector was a phishing email targeting a developer OAuth token used to publish updates to the Chrome Web Store without per-customer approval workflows, enabling immediate mass distribution of the malicious extension. | 高 | SR014, SR006 |
| CR013 | Google Chrome holds approximately 65% global browser market share as of 2025, making it the rational primary channel for enterprise endpoint DLP agents, but creating platform-concentration risk if Chrome policy or API availability changes. | 中 | SR007, SO002 |
| CR014 | Chrome Manifest v3 migration has progressively restricted web request interception APIs available to extensions; Cyberhaven deep content inspection capabilities rely on APIs that may face further restriction in future Chrome releases. | 中 | SR007, SE011 |
| CR015 | Cyberhaven offers a separate network DLP agent installed via MDM in addition to its Chrome extension, partially mitigating extension-only dependency, but enterprise deployment of the network agent is not universally confirmed across the customer base. | 中 | SO002, SE001 |
| CR016 | Cyberhaven trust.cyberhaven.com page shows SOC 2 Type 2 certification with a Bridge Letter issued January 2026, confirming continuous audit coverage, and PCI DSS v4.0.1 compliance. | 高 | SO011, SE001 |
| CR017 | Cyberhaven relies on Google LLC for both Chrome Web Store distribution and GCP cloud hosting, creating a dual-vendor concentration risk where a single Google policy change could disrupt both endpoint distribution and infrastructure simultaneously. | 中 | SR006, SE011, SR011 |
| CR018 | Google Cloud Platform (GCP) is Cyberhaven primary infrastructure provider; per-customer isolated instances are deployed in US GCP regions, providing blast-radius containment but introducing single-cloud concentration risk. | 中 | SE011, SO011 |
| CR019 | Cyberhaven engaged Mandiant (a Google subsidiary) for forensic investigation of the December 2024 incident, adding an additional dependency on Google for both incident response capacity and infrastructure. | 高 | SR006, SR014 |
| CR020 | The December 2024 Chrome extension attack affected at least 35 browser extensions across multiple cybersecurity vendors; Cyberhaven bore disproportionate reputational exposure as one of the largest affected vendors by user count at approximately 400,000 corporate users. | 高 | SR009, SE010, SR012 |
| CR021 | Cyberhaven go-to-market relies primarily on direct enterprise sales with limited disclosed MSSP or channel partner leverage; competitors Symantec and Forcepoint have decades-old MSSP relationships generating renewal revenue without direct sales effort. | 中 | SR007, SI008 |
| CR022 | DLP replacement sales cycles in regulated enterprise accounts are estimated at 12 to 18 months, requiring legal and security team sign-off and facing entrenched incumbent inertia, creating execution risk for Cyberhaven sales. | 中 | SR007, SR015 |
| CR023 | StepStone Group and Schroders Capital (Series D lead investors) are financial investors with no disclosed operational support capability specific to enterprise SaaS or data security, limiting strategic value-add beyond capital provision. | 中 | SR016, SR011 |
| CR024 | At a $1B valuation and $250M total raised, a down-round scenario triggered by a second material security incident or regulatory sanction would likely leave employee options underwater, creating retention risk and potential talent exodus. | 中 | SR016, SR011 |
| CR025 | Cyberhaven was founded in 2016 by Howard Hua, Georgy Gritschuk, and Volodymyr Kuznetsov; the data-lineage graph architecture represents deep technical expertise concentrated in a small founding team with high key-person risk. | 中 | SU001, SR011 |
| CR026 | The roles of CFO, CISO, and head of customer success are not prominently disclosed in Cyberhaven public communications, creating opacity around financial controls and executive depth ahead of any potential IPO. | 中 | SU001, SR013 |
| CR027 | Cyberhaven December 2024 incident response including CEO blog transparency, 24-hour clean patch deployment, and Mandiant forensics engagement demonstrated operationally strong crisis management, raising the bar for expected future responses. | 高 | SR006, SR010, SE001 |
| CR028 | The Motorola Solutions case study shows enterprise DLP deployment success (90% FP reduction, 98% investigation time reduction), suggesting strong customer success delivery, but reflects a small sample of disclosed reference accounts. | 高 | SE007, SI003 |
| CR029 | Cyberhaven total headcount is approximately 350 employees as of the Series D; the engineering team carries specialised data-lineage graph expertise that is difficult and slow to replace through external hiring. | 中 | SR011, SU003 |
| CR030 | Cyberhaven $100M Series D at a $1B valuation implies approximately 18 to 24 months of runway at assumed burn rates for a company at this growth stage, reducing near-term financing risk but not eliminating longer-term capital dependency. | 中 | SR016, SR017 |
| CR031 | A second material Chrome extension security incident within 18 months would likely trigger enterprise churn, regulatory investigations, and potential class-action expansion, representing the highest-severity thesis-break risk for Cyberhaven. | 中 | SR007, SR008, SE010 |
| CR032 | A GDPR fine at the 4% global turnover threshold or FTC consent decree would impose multi-year compliance obligations on Cyberhaven, potentially freezing EU enterprise expansion and materially impairing sales cycles. | 中 | SR001, SR004 |
| CR033 | A class-action settlement or judgment exceeding $30M would consume significant Series D runway (approximately 30% of capital raised) and could necessitate a distressed financing round if reached before Cyberhaven achieves sustainable cash flow. | 中 | SR008, SR016 |
| CR034 | Microsoft Purview embedding production-grade AI data-lineage capabilities in the M365 E5 bundle would directly undercut Cyberhaven premium pricing in accounts already paying for M365 licensing, representing a competitive thesis-break trigger. | 中 | SR007, SR015 |
| CR035 | Failure to obtain ISAE 3000 (EU) or BSI C5 (Germany) certification would block Cyberhaven from regulated EU enterprise expansion in financial services and healthcare where national certification requirements apply. | 中 | SR001, SO011 |
| CR036 | The EU AI Act (Regulation 2024/1689), fully applicable from August 2026, may classify Cyberhaven employee-monitoring and insider-threat-detection features as high-risk AI systems requiring conformity assessments and ongoing monitoring obligations. | 中 | SR001, SR007 |
| CR037 | Cyberhaven IP portfolio includes patents on data-lineage tracking methodology; as Symantec, Microsoft, and other incumbents incorporate lineage features, the novelty window narrows and counter-claim risk increases. | 中 | SO002, SR007 |
| CR038 | Cyberhaven net revenue retention is not publicly disclosed; in the absence of audited financials, the gross margin, LTV/CAC ratio, and churn rate are unverifiable through public sources, creating a significant blind spot for financial diligence. | 高 | SR017, SU003 |
| CR039 | Cyberhaven Deloitte Technology Fast 500 (2025) and Fortune Cyber 60 (2025) recognitions provide third-party validation of growth rate, suggesting revenue grew faster than 500 technology peers, indicating a high revenue growth trajectory. | 中 | SU002, SR015 |
| CR040 | VentureBeat coverage of the Series D cites an approximate 10x ARR multiple on the $1B valuation, placing total ARR at approximately $100M if confirmed, though ARR figures are not officially disclosed by Cyberhaven. | 中 | SR017, SR016 |
| CV001 | Cyberhaven investment thesis rests on three pillars: AI-native data lineage differentiation, 14+ named Fortune 500 customer proof with strong review scores, and a $1B valuation that represents a reasonable 10x ARR entry multiple post-incident. | 高 | SR011, SR015, SI003 |
| CV002 | The primary anti-thesis arguments are: unresolved class-action litigation from December 2024, opaque financial metrics, Microsoft Purview pricing competition, and structural Chrome extension supply-chain vulnerability. | 高 | SR010, SR008, SR007 |
| CV003 | Cyberhaven Series D at a $1B post-money valuation occurred in April 2025, approximately four months after the December 2024 Chrome extension incident, indicating investor confidence absorbed the security event and priced it in. | 高 | SR011, SR016, SR010 |
| CV004 | Cyberhaven growing PeerSpot mindshare (2.3% from 1.5%) and Gartner Peer Insights rating of 4.6/5 across 48 reviews provide independent third-party validation of product-market fit and enterprise adoption momentum. | 高 | SR015, SI008 |
| CV005 | Cyberhaven's Deloitte Technology Fast 500 (2025) recognition confirms that Cyberhaven was among the 500 fastest-growing technology companies in North America, implying high revenue growth relative to peers, though absolute revenue is not disclosed. | 高 | SU002, SR011 |
| CV006 | The December 2024 Chrome extension incident represents a persistent anti-thesis element: the structural architecture risk (Web Store distribution, single developer OAuth token) is unchanged post-incident, and class-action litigation remains active. | 高 | SR010, SR009, SR008 |
| CV007 | Microsoft Purview's bundled M365 E5 positioning (near-zero marginal cost for existing Microsoft customers) represents the most significant competitive anti-thesis: it does not need to match Cyberhaven on features to win budget-constrained accounts. | 中 | SR007, SO002 |
| CV008 | The agentic AI platform launch in May 2026 signals Cyberhaven's product roadmap extension into AI agent data security, which represents a greenfield demand driver not available to legacy DLP incumbents. | 中 | SR013, SO002 |
| CV009 | Cyberhaven's $1B valuation at an estimated $100M ARR implies a 10x ARR multiple; this estimate is derived from VentureBeat's comment that the valuation implies approximately 10x ARR, and is not officially confirmed. | 中 | SR017, SR011, SR016 |
| CV010 | CrowdStrike reported FY25 annual recurring revenue of $4.24 billion growing 23% year-over-year, trading at approximately 29x NTM P/S and 12x ARR with approximately 77% gross margin. | 高 | SV002, SV003, SV010 |
| CV011 | Palo Alto Networks reported next-generation security ARR of $5.6 billion growing 32% in Q3 FY25, trading at approximately 14x NTM P/S with approximately 74% gross margin. | 高 | SV004, SV005 |
| CV012 | Zscaler reported approximately $2.9 billion ARR growing 23% in Q3 FY25, trading at approximately 9x NTM P/S with approximately 80% gross margin. | 高 | SV006, SV007 |
| CV013 | Rubrik reported FY25 ARR of $1.09 billion growing 39% year-over-year, trading at approximately 9x NTM P/S with approximately 69% gross margin and a market cap above $8 billion. | 高 | SV008, SV009, SV011 |
| CV014 | Grand View Research estimates the global DLP market at $5.7 billion in 2024 growing at approximately 3.7% CAGR to $7.1 billion by 2030 for pure-play DLP vendors. | 中 | SM017 |
| CV015 | MarketsAndMarkets projects the broader data security market at $21.1 billion growing to $34.4 billion by 2029 at a CAGR of 10.3%; Cyberhaven's AI-native data lineage approach targets this broader category, not just pure-play DLP. | 中 | SV001 |
| CV016 | Cyberhaven's 10x ARR entry multiple compares favourably to Rubrik (9x NTM P/S, $1B+ ARR) but carries an uncertainty premium relative to public comps due to unverified financial metrics and unresolved litigation. | 中 | SV009, SV011, SR017 |
| CV017 | The bull case assumes 50-60% ARR CAGR through 2028, reaching $400-600M ARR; at 8-12x ARR, this implies a $3.2B-$7.2B valuation representing 3-7x return from the $1B Series D entry. Probability assigned: 20%. | 低 | SR017, SR011 |
| CV018 | The base case assumes 30-40% ARR CAGR through 2028, reaching $200-300M ARR; at 5-7x ARR, this implies $1.0B-$2.1B valuation representing 1-2x return from Series D entry. Probability assigned: 55%. | 中 | SR017, SR011 |
| CV019 | The bear case is triggered by a second Chrome extension incident, Microsoft Purview data-lineage launch, or major regulatory/litigation impact; ARR stalls at $120-150M growing 10-20% annually. At 3-5x ARR, valuation implies $360M-$750M, a down-round from $1B. Probability: 25%. | 中 | SR010, SR009, SR007 |
| CV020 | The probability-weighted expected valuation across bull (20%)/base (55%)/bear (25%) scenarios implies approximately $1.5B expected value, slightly above the $1B Series D entry, providing a modest expected positive return. | 低 | SR017, SR011, SR007 |
| CV021 | Exit paths for Cyberhaven include: (1) IPO at $400M+ ARR (estimated 2028-2030); (2) strategic acquisition by CrowdStrike, Palo Alto Networks, or Cisco for data-lineage DLP capability; (3) Microsoft acquisition (lower probability given Purview investment). | 中 | SR017, SU003, SR007 |
| CV022 | CrowdStrike and Palo Alto Networks are the most plausible strategic acquirers for Cyberhaven: both have demonstrated appetite for DLP/data-security acquisitions and could integrate Cyberhaven's data-lineage graph into their existing platform. | 中 | SV002, SV004, SR017 |
| CV023 | At $400M+ ARR with demonstrated NRR above 110% and gross margin above 70%, Cyberhaven would meet the typical criteria for an enterprise security IPO in the current market environment. | 中 | SV003, SV009, SR017 |
| CV024 | Cyberhaven is not currently IPO-ready as of May 2026: it lacks audited financial statements, a publicly named CFO, and the ARR scale (above $400M) typically required for a successful public-market debut at or above current valuation. | 高 | SU001, SU002, SR017 |
| CV025 | Cyberhaven has raised $250M total; at a $1B post-money Series D valuation, liquidation preference coverage is approximately 25% (250/1000), creating a 4x return threshold for common stockholders before preferred investors are made whole on a liquidation. | 中 | SR011, SR016 |
| CV026 | Series D represents approximately 10% dilution at a $1B post-money valuation with a $100M round (pre-money $900M); cumulative founder and early employee dilution from seed to Series D is estimated at 60-70% based on typical venture progression. | 低 | SR011, SR016 |
| CV027 | In a down-round exit at $500M, preferred investors (total $250M raised) would receive approximately $125-187M (50-75% of exit proceeds depending on participation rights), creating meaningful dilution and morale risk for common stockholders. | 中 | SR011, SU003 |
| CV028 | Series D lead investors StepStone Group, Schroders Capital, and Industry Ventures are financial investors with no disclosed strategic acquirer relationships, limiting M&A facilitation probability and making IPO the primary exit path. | 高 | SR016, SR011 |
| CV029 | The $100M Series D provides approximately 18-24 months of runway at assumed burn rates for a company at this stage, assuming annual burn of $50-70M; the runway is sufficient to reach the next meaningful milestone but not to reach IPO scale without further financing. | 低 | SR017, SR011 |
| CV030 | Industry Ventures' participation in the Series D alongside StepStone and Schroders suggests secondary market and fund-of-funds interest in Cyberhaven, potentially providing liquidity options for early employees before IPO. | 低 | SR016, SR011 |
| CV031 | The overall investment recommendation is Conditional Explore: Cyberhaven represents a compelling category leader but three evidence conditions must be satisfied before investment is finalised: audited financials (NRR >105%, GM >70%), litigation exposure cap below $20M, and post-incident architecture security confirmation. | 高 | SR017, SR011, SR008 |
| CV032 | Cyberhaven exit readiness is rated Medium as of May 2026: it has customer names and estimated growth trajectory for an IPO narrative, but lacks audited financial statements, named CFO, and ARR scale above $400M required for a premium public-market listing. | 中 | SU002, SU001, SR017 |
| CV033 | Bull case probability of 20% reflects the difficulty of sustaining 50-60% ARR CAGR without a second major security incident, given that the December 2024 incident has already stressed customer trust and the competitive threat from Microsoft Purview remains. | 低 | SR015, SR010, SR007 |
| CV034 | Base case probability of 55% reflects the most likely outcome: Cyberhaven maintains growth momentum from current $100M ARR base, Microsoft Purview remains a weaker competitor in the data-lineage category, and litigation resolves for less than $15M. | 中 | SR011, SR017 |
| CV035 | Bear case probability of 25% reflects the combination of a realistic 2024 incident repeat risk (probability not negligible given unchanged architecture) plus Microsoft Purview roadmap uncertainty plus financial opacity making NRR deterioration undetectable until late. | 中 | SR010, SR009, SR007 |
| CV036 | The six mandatory diligence asks are: (1) NRR and gross margin; (2) litigation exposure cap; (3) OAuth/extension architecture security confirmation; (4) GCP infrastructure DR documentation; (5) customer ARR concentration; and (6) Series D cap table and preference terms. | 高 | SR017, SR008, SO011 |
| CV037 | The five thesis-break triggers to monitor post-investment are: second Chrome extension incident, GDPR/FTC enforcement action, class-action settlement above $30M, Microsoft Purview data-lineage GA launch, and NRR confirmed below 100% for two consecutive quarters. | 高 | SR010, SR007, SR008 |
| CV038 | Financial opacity (undisclosed NRR, gross margin, churn, and LTV/CAC) is the single largest investment risk because it prevents distinguishing the base case from the bear case; investment at $1B valuation without these metrics is underwriting a qualitative narrative, not a quantitative thesis. | 高 | SR017, SR011 |
| CV039 | NRR and gross margin are the highest-priority diligence asks because they single-handedly determine whether the 10x ARR multiple is defensible or overpriced; NRR below 100% would invalidate the growth thesis regardless of other positive indicators. | 高 | SV003, SV007, SR017 |
| CV040 | The $100M ARR estimate is a third-party inference (from VentureBeat's 10x ARR multiple comment) and is not confirmed by Cyberhaven; actual ARR could be materially different, and all valuation and return scenarios in this chapter should be re-run once actual ARR is confirmed. | 高 | SR017, SR016 |
| 编号 | 出版方 | 标题 | 引文 |
|---|---|---|---|
| SO001 | Cyberhaven | Stop Data Exfiltration with the AI & Data Security Platform (DSPM, DLP & Insider Risk) | Cyberhaven | Cyberhaven's AI & data security platform unifies DSPM, DLP, Insider Risk, and AI Security to protect data wherever it lives and goes. |
| SO002 | Cyberhaven | AI & Data Security Platform: DSPM, DLP, IRM Combined | Cyberhaven | Cyberhaven combines DSPM, DLP, IRM, and AI Security in one solution that's more effective and easier to use than standalone tools. |
| SO003 | Cyberhaven | Cyberhaven Raises $100M Series D at $1B Valuation | This latest investment brings Cyberhaven's total funding to $250 million and propels the company to a $1 billion valuation. |
| SO004 | Cyberhaven | Cyberhaven Raises $88M Series C for AI Data Protection | As part of this financing, Fred Wang, Partner at Adams Street, will join Cyberhaven's board of directors. |
| SO005 | Cyberhaven | Cyberhaven Raises $33M Series B to Transform Data Security | The investment was led by Redpoint Ventures ... and brings the company's total funds raised to $52M. |
| SO006 | Cyberhaven | Cyberhaven Adds Four Executives Amid Record Growth | Cyberhaven has expanded its executive team with four new leadership hires at a time of record growth and market momentum. |
| SO007 | Cyberhaven | Cyberhaven Reports Record Growth in FY 2026 | AI Data Security | Customer growth over 50%, including four of the top five companies on Forbes' AI 50 list. |
| SO008 | Cyberhaven | Cyberhaven Ranks | Cyberhaven today announced it ranked number 51 on the Deloitte Technology Fast 500. |
| SO009 | Cyberhaven | Cyberhaven Launches Real-Time Insider Threat Prevention | Cyberhaven's Insider Threat Platform can automatically intervene and stop data exfiltration as it's happening. |
| SO010 | Cyberhaven | Privacy Policy for Cyberhaven Extension | Cyberhaven | Last Updated: Sep 5, 2024. |
| SO011 | Cyberhaven | Cyberhaven Trust Center | Powered by SafeBase | Compliance surfaces listed include CCPA, GDPR, PCI DSS v4.0.1, and SOC 2 Type 2. |
| SO012 | PR Newswire | Cyberhaven Raises $100 Million Series D at $1 Billion Valuation | Cyberhaven today announced $100 million in Series D funding led by StepStone Group ... bringing total funding to $250 million and valuation to $1 billion. |
| SO013 | PR Newswire | Cyberhaven Expands Leadership Team with Key Industry Executives | Nishant Doshi has joined as Chief Product and Development Officer; Edward Sharp as CFO; Kristin Vines as Chief People Officer; and Manoj Gupta as SVP, Corporate Development and Partnerships. |
| SO014 | PR Newswire | Cyberhaven Announces Record Year of Growth as Enterprises Race to Secure AI and Data | Record year with triple-digit growth over the prior year ... customer growth over 50%. |
| SO015 | PR Newswire | Cyberhaven Unveils First Insider Threat Product That Prevents Data Leaks in Real Time | Cyberhaven's Insider Threat Platform can automatically intervene and stop data exfiltration as it's happening. |
| SO016 | Redpoint Ventures | Cyberhaven | Redpoint Ventures | We first partnered for their Series B in 2021. Founders Cristian Zamfir, George Candea, Radu Banabic, Vitaly Chipounov, Volodymyr Kuznetsov. Location San Jose, CA. |
| SO017 | SecurityWeek | Cyberhaven Banks $100 Million in Series D, Valuation Hits $1 Billion | |
| SO018 | SecurityWeek | Data Security Firm Cyberhaven Raises $88 Million at $488 Million Valuation | With this investment, Cyberhaven is now valued at $488 million. |
| SO019 | TechCrunch | Cyber firm's Chrome extension hijacked to steal user passwords | The Chrome Web Store shows the Cyberhaven extension has around 400,000 corporate customer users at the time of writing. |
| SO020 | BleepingComputer | Cybersecurity firm's Chrome extension hijacked to steal users' data | The hacker hijacked the employee's account and published a malicious version (24.10.4) of the Cyberhaven extension. |
| SO021 | BankInfoSecurity | Cyberhaven Taps Product Chief Nishant Doshi as Interim CEO | The San Jose, California-based company tapped Nishant Doshi to take over as interim CEO following the resignation of Howard Ting. |
| SO022 | Nightfall AI | Here's What We Can Learn from the Cyberhaven Incident | This was not a targeted attack on Cyberhaven alone but an opportunistic campaign ... over 35 extensions ... affecting over 2.6M users. |
| SO023 | Tracxn | Cyberhaven - 2026 Company Profile, Team, Funding & Competitors - Tracxn | Cyberhaven is a series D company based in San Jose (United States), founded in 2016 ... Cyberhaven has raised $236M in funding ... with a current valuation of $1B. |
| SO024 | PitchBook | Cyberhaven 2026 Company Profile: Valuation, Funding & Investors | PitchBook | Cyberhaven was founded in 2014 ... headquartered in Austin, TX ... has 282 total employees. |
| SO025 | Yahoo Finance | Cyberhaven Ranked Among the Fastest-Growing Companies in North America on the 2025 Deloitte Technology Fast 500 | Cyberhaven today announced it ranked number 51 on the Deloitte Technology Fast 500. |
| SO026 | Forcepoint | Forcepoint DLP | Enable your business to discover, classify, monitor and protect data intuitively with zero friction to the user experience. |
| SO027 | Mimecast | Incydr Product Overview | Mimecast | |
| SO028 | Cyberhaven | Data Detection & Response: Reimagined DLP & IRM | Cyberhaven | |
| SO029 | SiliconANGLE | Cyberhaven nabs $100M for its AI-powered data protection platform | |
| SO030 | G2 via Wayback Machine | Cyberhaven Reviews 2021: Details, Pricing, & Features | G2 | Cyberhaven's Data Detection and Response (DDR) platform makes data protection simple, accurate, and comprehensive. |
| SO031 | Obsidian Security | Behind the Breach: Malicious Attack on Cyberhaven's Chrome Extension Developer Team | |
| SO032 | VentureBeat | VentureBeat Security Coverage | |
| SO033 | Cyberhaven | Best AI Security Vendors in 2026 | Cyberhaven Blog | Compare the top AI security vendors of 2026 on coverage, data lineage, endpoint enforcement, and agentic AI controls. |
| SM001 | Microsoft Azure Marketplace | Cyberhaven Data Detection and Response | Cyberhaven Data Detection and Response delivers unparalleled protection for your organization’s most critical data by combining unique data lineage technology with real-time risk detection and response. |
| SM002 | Channel Insider | Cyberhaven Intros Unified DSPM Platform for AI-Era Data Risk | The platform combines DSPM with data loss prevention (DLP), insider risk management (IRM), and AI security under a single architecture. |
| SM003 | Microsoft | Microsoft Purview data security | Dynamically secure data across platforms, devices, generative AI applications, and AI agents with a unified data security solution that combines data and user context. |
| SM004 | Microsoft | Microsoft Purview: Data Security and Governance | Decrease data risk with unified data security, governance, and compliance solutions for the era of AI. |
| SM005 | Microsoft Learn | Learn about Insider Risk Management | Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. |
| SM006 | Microsoft Learn | Get started with Insider Risk Management | Before getting started with Insider Risk Management, confirm your Microsoft 365 subscription and any add-ons. |
| SM007 | Microsoft Learn | Microsoft Purview Insider Risk Management and Communication Compliance privacy guide | By default, global administrators do not have access to insider risk management and communication compliance features. |
| SM008 | Microsoft Learn | Microsoft Purview data compliance solutions | Microsoft Purview data compliance solutions help you manage and monitor your data, protect information, minimize compliance risks, and meet regulatory requirements. |
| SM009 | Zscaler | DLP (Data Loss Prevention) | With centralized DLP, it’s never been easier to secure all data channels with a single policy. |
| SM010 | Palo Alto Networks | What is Data Security Posture Management? DSPM Guide | DSPM secures sensitive data across hybrid and multicloud environments by discovering, classifying, monitoring, and protecting data through policy enforcement and automated response. |
| SM011 | Palo Alto Networks | Overview | Develop with Palo Alto Networks | The Prisma Cloud DSPM API enables integration with other security tools, automating threat detection and response while providing valuable data context. |
| SM012 | Palo Alto Networks | DSPM Market Size: 2026 Guide | DSPM market size valuations range from $415 million to $2 billion in 2025, with analysts projecting growth rates between 25% and 37% annually through 2030. |
| SM013 | Palo Alto Networks | 2026 DSPM Adoption Report | Current implementation rates show 19% of enterprises have already deployed DSPM in production environments as of Q4 2024. |
| SM014 | Palo Alto Networks | DSPM Tools: How to Evaluate and Select the Best Option | Early deployments frequently generate overwhelming alert volumes as classification engines flag benign data as sensitive. |
| SM015 | SEC | SEC Adopts Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies | An Item 1.05 Form 8-K will generally be due four business days after a registrant determines that a cybersecurity incident is material. |
| SM016 | CISA | Insider Threat Mitigation Guide | The official CISA page publishes an Insider Threat Mitigation Guide as a resource for organizations. |
| SM017 | Grand View Research | Data Loss Prevention Market Size And Share Report, 2030 | The global data loss prevention market size was estimated at USD 1.87 billion in 2022 and is projected to reach USD 9.33 billion by 2030, growing at a CAGR of 22.3% from 2023 to 2030. |
| SM018 | Growth Market Reports | Data Security Posture Management Market Research Report 2033 | The Data Security Posture Management market size reached USD 1.42 billion in 2024 globally, and is expected to grow at a robust CAGR of 33.6% from 2025 to 2033, culminating in a projected market size of USD 17.2 billion by 2033. |
| SM019 | DataHorizzon Research | Data Security Posture Management (DSPM) Tool Market Size, Growth, Share, & Analysis Report - 2033 | The global Data Security Posture Management (DSPM) Tool Market was valued at approximately USD 1.8 billion in 2023 and is expected to grow to USD 5.7 billion by 2033, with a compound annual growth rate (CAGR) of 12.1% from 2025 to 2033. |
| SM020 | ResearchAndMarkets | Insider Risk Management Market - Global Strategic Business Report | The global market for Insider Risk Management was valued at US$2.4 Billion in 2024 and is projected to reach US$3.7 Billion by 2030, growing at a CAGR of 7.6% from 2024 to 2030. |
| SM021 | Verified Market Reports | Global Insider Risk Management Market Size, Share, Trends & Forecast 2026-2034 | Insider Risk Management Market Revenue was valued at USD 3.14 billion in 2024 and is estimated to reach USD 8.23 billion by 2033, growing at a CAGR of 11.2% from 2026 to 2033. |
| SM022 | HIPAA Journal | Verizon 2024 DBIR: 70% of Healthcare Data Breaches Caused by Insiders | In contrast to other sectors, 70% of the threat actors behind data breaches were internal. |
| SM023 | Verizon | 2026 Data Breach Investigations Report (DBIR) | Verizon | The DBIR report helps organizations understand what to look for when conducting their own internal audits. |
| SP001 | PRNewswire | Cyberhaven Transforms Enterprise Data Security with Reimagined DLP and Insider Threat Platform | Organizations using Cyberhaven’s platform report a 90% reduction in false positives and 5x faster incident investigations. |
| SP002 | Cyberhaven | Stop Data Loss with Modern, Reimagined DLP | Cyberhaven | We combine content analysis with data lineage ... to better identify what data is important and what is not. |
| SP003 | Cyberhaven | Cyberhaven vs. Legacy DLP: Why Content Inspection Isn't Enough | Cyberhaven | 95% fewer false positives compared to traditional or standalone classification methods. |
| SP004 | SecurityWeek | Cyberhaven Chrome Extension Hack Linked to Widening Supply Chain Campaign | The malicious version of the extension was available for download for just more than 24 hours. |
| SP005 | Microsoft Learn | Learn about data loss prevention | Microsoft Learn | DLP uses deep content analysis—not a simple text scan. |
| SP006 | Microsoft Azure | Pricing - Microsoft Purview | Microsoft Azure | Microsoft Purview Insider Risk Management is billed based on the data security processing unit (DSPU). |
| SP007 | Forcepoint | Forcepoint Data Loss Prevention Software | Forcepoint DLP prevents data breaches and streamlines compliance. |
| SP008 | Broadcom | Symantec™ Data Loss Prevention (DLP) & Data Protection | Symantec™ Data Loss Prevention (DLP) & Data Protection |
| SP009 | Proofpoint | Insider Threat Management Solutions: Detection, Prevention | Proofpoint US | Gather telemetry from endpoints, email and cloud for multichannel visibility in a centralized dashboard. |
| SP010 | Mimecast | Mimecast Incydr | See & Stop Data Loss From Insiders | Mimecast | Mimecast Incydr | See & Stop Data Loss From Insiders. |
| SP011 | Mimecast | Insider Risk Management Solutions | Mimecast | Detect and monitor risky data movement across files, users, and applications with no policy setup required. |
| SP012 | Varonis | DLP | Data Loss Prevention | Varonis | Our agentless, cloud-native DLP automatically discovers and classifies sensitive data at rest. |
| SP013 | Varonis | Varonis | Leader in Data and AI Security. For Cloud, SaaS and On-Prem | DLP — Monitor data activity and prevent exfiltration. |
| SP014 | Nightfall AI | Plans and Pricing | Nightfall AI | Nightfall Complete includes dedicated customer success manager and priority support with 1-hour SLA. |
| SP015 | Nightfall AI | The Top 5 Cyberhaven Alternatives and Competitors in 2025 | Nightfall AI | Cyberhaven’s lineage approach is powerful for user behavior insights but can struggle to scan sensitive data within SaaS platforms or endpoint file uploads. |
| SP016 | Nightfall AI | Data Exfiltration Prevention (DEX) | Nightfall AI | Nightfall prevents sensitive data from leaving your organization across endpoints, SaaS, and AI tools. |
| SP017 | Teramind | Teramind Pricing | 200 pre-packaged DLP rules. |
| SP018 | Teramind | Top 13 Cyberhaven Competitors & Alternatives for 2026 | DLP ($32/seat/month) ... includes everything in UAM, plus content-based data exfiltration prevention and automated actions to block data leaks in real-time. |
| SP019 | Kitecyber | 10+ Best Cyberhaven Alternatives & Competitors in 2026 (Ranked & Compared) | 10+ Best Cyberhaven Alternatives & Competitors in 2026 (Ranked & Compared) |
| SP020 | BankInfoSecurity | Cyberhaven's $100M Raise Targets Gen AI, DSPM Capabilities | Cyberhaven, founded in 2015, employs nearly 200 people and has raised $250 million. |
| SI001 | Cyberhaven | Request a Demo - See Cyberhaven Data Security in Action | Request a demo with one of Cyberhaven's security experts today! |
| SI002 | Cyberhaven | On-Demand Demo - See Cyberhaven Data Security Platform | This complimentary showcase will redefine how you think about safeguarding sensitive information and staying compliant without the hassle. |
| SI003 | Cyberhaven | See How Leading Enterprises Protect Their Data | Cyberhaven | 200% Improved time-to-resolution |
| SI004 | Cyberhaven | Partner Program for Channel & Tech Partners | Cyberhaven | Lower total cost of ownership |
| SI005 | Cyberhaven | Cyberhaven AI Data Security on AWS, Azure, & Google Cloud Marketplaces | Customers can apply existing AWS, Azure, or Google Cloud committed spend toward Cyberhaven purchases |
| SI006 | Vendr | Cyberhaven Software Pricing & Plans 2025: See Your Cost | Median contract value $35,016 per year |
| SI007 | Gartner Peer Insights | Cyberhaven Reviews & Ratings 2026 | Gartner Peer Insights | Cyberhaven software utilizes a pricing model based on subscription tiers |
| SI008 | PeerSpot | Cyberhaven reviews 2026 | As of May 2026, the mindshare of Cyberhaven in the Data Loss Prevention (DLP) category stands at 2.3% |
| SI009 | Amazon Web Services | Private offers in AWS Marketplace | These terms aren't publicly available. You negotiate pricing and terms with the seller |
| SI010 | North Carolina Secretary of State | Cyberhaven, Inc. | No annual reports are currently due for this entity. |
| SI011 | U.S. Securities and Exchange Commission | SEC.gov | EDGAR Full Text Search | The new EDGAR advanced search gives you access to the full text of electronic filings since 2001. |
| SI012 | Delaware Courts | Request Rejected | Request Rejected |
| SI013 | Growjo | Cyberhaven: Revenue, Competitors, Alternatives | Cyberhaven's estimated annual revenue is currently $52.4M per year |
| SI014 | Datanyze | Cyberhaven Company Profile | Management and Employees List | Cyberhaven revenue is $64.9 M |
| SI015 | ZoomInfo | Cyberhaven - Overview, News & Similar companies | ZoomInfo.com | Revenue $64.9 Million |
| SE001 | Cyberhaven | Cyberhaven Security Policy | Data Protection & Compliance | Cyberhaven hosts each customer's data in a public cloud, specifically the Google Cloud Platform on resources dedicated specifically for each customer. |
| SE002 | Cyberhaven | Cyberhaven Privacy Policy | Your Data & Rights | This Privacy Policy does not apply to the data processed by the Cyberhaven products. |
| SE003 | Cyberhaven | Cyberhaven public api (0.0.1) | post/api/rest/v1/endpoints/list | post/api/rest/v1/incidents/list | post/api/rest/v1/audit-log/dataflow/list |
| SE004 | CyberhavenInc (GitHub) | GitHub - CyberhavenInc/edm-cli: EDM Python CLI | |
| SE005 | CyberhavenInc (GitHub) | CyberhavenInc repositories | |
| SE006 | Cyberhaven | Cyberhaven Data Loss Prevention Solution Brief | |
| SE007 | Cyberhaven | Motorola Data Security - Protecting Product Designs | Cyberhaven | Staying ahead of the competition means guarding against insider threats. Cyberhaven gives us visibility into how data flows within our company. |
| SE008 | FeaturedCustomers | 18 Cyberhaven Customer Reviews & References | FeaturedCustomers | Read 17 Cyberhaven reviews and testimonials from customers, explore 1 case studies |
| SE009 | Gartner (Peer Insights) | Cyberhaven Reviews & Ratings 2026 | Gartner Peer Insights | |
| SE010 | Spin.AI | Latest Cyberhaven Report: 8 Extensions Affecting 1.1M Users | |
| SE011 | APITracker | Cyberhaven API — Docs, SDKs & Integration | |
| SE012 | TopClassActions | Cybersecurity company Chrome extensions hacked | The Dec. 24 attack — which Cyberhaven said was limited in 'both scope and duration' — was attributed by the company to an employee responding to a phishing email. |
| SU001 | Cyberhaven | Newsroom: Press Releases, Articles & Media Kit | Cyberhaven | |
| SU002 | Cyberhaven | Award-Winning Data Security | Cyberhaven | Cyberhaven Ranked Among the Fastest-Growing Companies in North America on the 2025 Deloitte Technology Fast 500 |
| SU003 | SecurityWeek | Cyberhaven Banks $100 Million in Series D at $1 Billion Valuation | Cyberhaven has raised $100 million in Series D funding at a valuation of $1 billion |
| SU004 | SiliconAngle | Cyberhaven nabs $100M in Series D funding | |
| SU005 | G2 | Cyberhaven Reviews 2021: Details, Pricing & Features | G2 | |
| SU006 | Cyberhaven | DLP Buyer's Guide: 8 Criteria for Evaluating Data Loss Prevention | Cyberhaven | |
| SU007 | Cyberhaven | Cyberhaven Blog — Data Security Insights | |
| SR001 | EUR-Lex / European Parliament | Regulation (EU) 2016/679 (GDPR) -- Full Text | The controller and processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk (Article 32). |
| SR002 | California Department of Justice | California Consumer Privacy Act (CCPA) | The CCPA gives consumers more control over the personal information that businesses collect about them. |
| SR003 | PCI Security Standards Council | PCI DSS v4.0.1 -- Standard Overview | PCI DSS applies to all entities that store, process, or transmit cardholder data. |
| SR004 | U.S. Federal Trade Commission | FTC Data Security Guidance for Businesses | Under the FTC Act, companies have a legal obligation to implement reasonable security measures to protect sensitive consumer data. |
| SR005 | U.S. Securities and Exchange Commission | SEC Final Rule: Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure (33-11216) | Registrants must disclose material cybersecurity incidents within four business days of determining that the incident is material. |
| SR006 | Ars Technica | Cyberhaven says hackers compromised its Chrome extension | Cyberhaven confirmed that hackers compromised its Chrome extension through a phishing attack that gave them control of a developer account. |
| SR007 | Dark Reading | DLP Market: Data Loss Prevention Trends and Vendor Landscape 2025 | Data loss prevention remains a top-5 enterprise security priority as AI-generated data proliferation accelerates insider threat surface area. |
| SR008 | TopClassActions | Cyberhaven Class Action Lawsuit -- Chrome Extension Data Breach 2024 | A class action lawsuit has been filed against Cyberhaven following the December 2024 Chrome extension breach that exposed credentials of approximately 400,000 enterprise users. |
| SR009 | BleepingComputer | Cybersecurity firms Chrome extensions compromised in supply chain attack | The attack targeted at least 35 Chrome extensions used by cybersecurity firms including Cyberhaven, which had approximately 400,000 corporate users. |
| SR010 | TechCrunch | Cyberhaven says it was hacked -- here is what we know | Cyberhaven confirmed the hack after a malicious version of its Chrome extension was published to the Chrome Web Store, affecting corporate customers. |
| SR011 | SiliconAngle | Cyberhaven nabs $100M in AI-powered data security funding at $1B valuation | The $100M Series D raises total funding to $250M with a $1B valuation, led by StepStone Group and Schroders Capital. |
| SR012 | Nightfall AI | What We Can Learn From the Cyberhaven Chrome Extension Incident | Unlike browser-extension-based DLP tools, API-native approaches avoid the supply-chain attack vector that compromised Cyberhaven. |
| SR013 | PR Newswire | Cyberhaven Transforms Enterprise Data Security with Agentic AI Era Platform Launch | Cyberhaven announces its May 2026 platform update positioning the company for the agentic AI era in enterprise data security. |
| SR014 | Obsidian Security | Behind the Breach: Cyberhaven Chrome Extension Attack Analysis | The attacker exploited a phishing email to gain control of a developer OAuth token, enabling them to publish the malicious extension without triggering standard code review workflows. |
| SR015 | Gartner | Cyberhaven Reviews -- Data Loss Prevention Market | Cyberhaven receives 4.6/5 on Gartner Peer Insights across 48 reviews, with Cool Vendor recognition in 2024. |
| SR016 | PR Newswire | Cyberhaven Raises $100M in Series D Funding at $1B Valuation | Cyberhaven has raised $100 million in Series D funding at a $1 billion valuation, led by StepStone Group and Schroders Capital. |
| SR017 | VentureBeat | Cyberhaven raises $100M, hits $1B valuation with AI-powered DLP platform | Cyberhaven $1B valuation implies approximately 10x ARR multiple, competitive with leading enterprise security SaaS companies. |
| SV001 | MarketsAndMarkets | Data Security Market - Global Forecast to 2029 | The data security market is projected to grow from $21.1 billion in 2024 to $34.4 billion by 2029 at a CAGR of 10.3%. |
| SV002 | U.S. Securities and Exchange Commission (EDGAR) | CrowdStrike Holdings 10-K Annual Report Filing Index | CrowdStrike reported FY2025 annual recurring revenue of $4.24 billion, a 23% year-over-year increase. |
| SV003 | StockAnalysis | CrowdStrike (CRWD) Financials and ARR Metrics | CrowdStrike FY25 ARR $4.24B (+23%), trading at approximately 29x NTM revenue with 77% gross margin. |
| SV004 | U.S. Securities and Exchange Commission (EDGAR) | Palo Alto Networks 10-K Annual Report Filing Index | Palo Alto Networks reported next-generation security ARR of $5.6 billion as of Q3 FY2025, growing 32% year-over-year. |
| SV005 | StockAnalysis | Palo Alto Networks (PANW) Financials and NGS ARR Metrics | PANW NGS ARR $5.6B (+32%), NTM P/S approximately 14x with 74% gross margin. |
| SV006 | U.S. Securities and Exchange Commission (EDGAR) | Zscaler 10-K Annual Report Filing Index | Zscaler reported approximately $2.9 billion ARR as of Q3 FY2025, growing 23% year-over-year. |
| SV007 | StockAnalysis | Zscaler (ZS) Financials and ARR Metrics | Zscaler ZS ARR $2.9B (+23%), NTM P/S approximately 9x with 80% gross margin. |
| SV008 | U.S. Securities and Exchange Commission (EDGAR) | Rubrik 10-K Annual Report Filing Index | Rubrik reported FY2025 annual recurring revenue of $1.09 billion, growing 39% year-over-year. |
| SV009 | StockAnalysis | Rubrik (RBRK) Financials and ARR Metrics | Rubrik RBRK ARR $1.09B (+39%), NTM P/S approximately 9x with 69% gross margin; market cap $8B+. |
| SV010 | Yahoo Finance | CrowdStrike Holdings (CRWD) Stock Quote and Valuation Metrics | CrowdStrike market cap approximately $95B as of May 2026, trading at approximately 29x NTM revenue. |
| SV011 | Yahoo Finance | Rubrik (RBRK) Stock Quote and Valuation Metrics | Rubrik market cap $8B+ at approximately 9x NTM revenue; most relevant scale comp for Cyberhaven Series D valuation. |