“AI is reviving tech sectors that VC’s had all but forgotten,” read Fortune’s headline this week.

Among the sectors noted to be experiencing a “decisive pickup in early-stage activity in Q4 2025, driven by AI-native startups that look very different from the last cycle’s darlings:” cybersecurity, which reached a new high. According to PitchBook’s latest Emerging Tech Indicator (ETI), which tracks pre-seed through Series B deals done by the top 15 VC firms globally, the sector hit an early-stage funding record of $643.1 million in Q4 across 15 transactions. Average valuations in the segment jumped to $273.4 million—more than double the previous eight-quarter average of $129.1 million, with 10 of those 15 having been Series A rounds.

Consider this momentum – and then consider that cybersecurity is just one domain that can be considered to fall within the realm of RegTech – which also encompasses compliance, FinTech, InsureTech, GovTech, and more – all of which I include within the greater scope of LegalTech, which I define as everything that interacts with the legal or compliance function.

This week’s feature story explores the history of RegTech as a sector, the current momentum, and some key activity in this particular VC-backed startup space.

What is RegTech?

RegTech, or “regulatory technology,” refers to technologies that improve and automate processes related to risk and compliance.

The history of RegTech is connected with the 2008 financial crisis; McKinsey writes, “After the collapse or near-collapse of major banks, and in response to the newly exposed weaknesses in risk management, regulation, and overexposure to certain products (for example, mortgage-backed securities), many governments put in place more—and more complex—regulatory requirements,” such as Dodd–Frank Act, which increased oversight of banks and financial institutions. Meanwhile, many other countries implemented regulations according to the Basel III rules, which were developed by the Basel Committee on Banking Supervision. Over the years, regulatory requirements, such as those around data including GDPR and CCPA, have only served to increase regulatory burdens.

To meet regulatory requirements, financial institutions sought to deploy technology, which was also evolving at the same time with the rise of ML and AI.

McKinsey writes, “Around the same time as the 2008 financial crisis, a wave of new technologies (including artificial intelligence, machine learning, cloud computing, and biometrics) became widely available at lower costs than ever before. This made it possible for RegTech providers to develop cutting-edge solutions for financial institutions that needed to comply with postcrisis regulations and increase the efficiency of their processes, which had largely been manual up to then.”

Early adopters were outliers, however, as the majority of regulatory compliance management continued to be conducted via spreadsheets and Sharepoint. As compliance became increasingly complex, acceptance of the necessity to leverage technology increased exponentially.

Writes McKinsey, “By 2016, the term had become commonly used at industry conferences, and the RegTech Association was founded in 2017. Today, what was once considered experimental in the risk and compliance domains is now essentially mandatory technology for leading financial institutions.”

In the legal realm, we’ve long known that risk is inherent in any enterprise organization, the key is how that risk is calibrated, managed and, where appropriate, mitigated. Fines and penalties, lawsuits, losses and reputational risk are just a handful of headaches that can spawn from an enterprise-level crisis or an uncalibrated default in compliance.

Currently, amid increasingly complex international regulatory requirements, the stakes continue to be high. For the global financial services sector, regulatory fines reached $4.6B in 2024, according to research by Fenergo, while total compliance costs soared to $206B across major markets, according to LexisNexis Risk Solutions as cited by FinTech Magazine.

Today, the capabilities of AI create novel and powerful ways to address regulatory challenges. Yet, at the same time, enterprise use of AI technology also creates a new host of burdens around compliance, data protection and cybersecurity, and, as a result, RegTech’s significance has continued to grow.

RegTech market’s growth

Last fall, FinTech Magazine reported that RegTech investment reached US$4.8bn in 2024, with venture capital funding increasing 340% over three years.

As I wrote in the LegalTech 2026 predictions edition of Venture Legal, “2025 just scratched the surface of RegTech and compliance challenges facing the industry.” The San Francisco Business Times recently reported that the global RegTech market is expected to grow to more than $70 billion by 2030, up from $17 billion in 2024, based on research by Grand View Research.

Predicting segment growth by up to 14 percent through 2028, McKinsey cites these four main drivers of the RegTech market’s growth:

• Complex and dynamic regulatory requirements.

• Compliance-related fines.

• Higher regulatory standards.

• Digitalization, automation, and cloud adoption.

McKinsey also notes that, in terms of market growth, markets in the Middle East and Africa may soon experience faster growth due to lower penetration compared to North America and Europe.

Amid this rapidly growing global market, for this edition, let’s examine some key VC-backed activity in key RegTech-related domains: cybersecurity, compliance, InsurTech and GovTech.

Cybersecurity

As noted at the start of this article, cybersecurity is experiencing an influx of VC funding.

Fortune cites recent examples including 7AI, which in December raised a $130.6 million Series A for an autonomous threat-detection platform that continuously monitors digital environments; Adaptive, which closed an $81 million Series B in December for GenAI–based threat simulations; and Vega Security, which in February secured $120 million for AI-powered threat detection and analytics.

The sector’s momentum has continued into March:.

• Armadin, founded by Kevin Mandia, who sold his previous cybersecurity company Mandiant to Google for $5.4 billion, raised nearly $190 million, in a funding round led by Accel, with Google Ventures, Kleiner Perkins, Menlo Ventures and Ballistic Ventures participating, CNBC reported. Mandia said Armadin is using agentic tools to complete tasks that previously took days in a matter of minutes, and TechCrunch reported that the company claims the combined total is a record for a security startup at that early a stage.

• SurfAI launched this week with $57 million in combined seed and Series A funding to “help enterprises operationalize security” through an agentic operations platform which bridges the“gap between understanding risk and acting on it.” The round was led by Accel, with participation from existing investors Cyberstarts and Boldstart Ventures.

• The Wall Street Journal reported that Kai, an AI-powered cybersecurity startup, raised $125 million in a combined seed and Series A round led by Evolution Equity Partners and including venture-capital firm N47 and other investors. Reporting the Kai fundraising announcement, the Wall Street Journal writes that the startup joins a “growing list of early-stage startups capitalizing on booming investor demand for smart cyber tools.”

Massive deals – just weeks ago, Google announced its biggest-ever acquisition, closing its $32 billion deal to acquire cybersecurity firm Wiz, coupled with an increasing array of funds such as Ballistic Ventures, YL Ventures and Forgepoint Capital focused exclusively on cybersecurity, underscore the momentum in the sector.

As Kai’s co-founder and CEO Galna Antova told the Journal, “You need AI to fight AI,” the demand for AI-powered cybersecurity solutions can be expected to continue to grow.

Industry hot topics will be covered here in SF at the RSAC 2026 Conference, one of the world’s most influential gatherings for cybersecurity, focused this year on the theme “Power of Community.”