Connect with us: Jeff Klemens, Will Kunin, Siddhi Chandak, Sasha Pasmanik

Defensibility in the Age of AI

AI advancements are forcing founders, management teams and investors to rethink what makes businesses defensible. As model quality improves, the question becomes: which characteristics create long-term durability? We believe long-term value will accrue to companies with proprietary data, mission-critical workflows, regulatory barriers and distribution / network effects.

Physical security and compliance has several of these characteristics. The companies worth watching in this category are not just competing on model quality. They are deploying hardware that generates proprietary data in the field (footage from a specific hospital corridor), detecting threats in real time, ensuring regulatory standards are met (monitoring devices) and leverage unique distribution angles. Competitors can easily iterate on their algorithms, but these other components are much harder to replicate and replace

Why the Hardware + Software Model Is Now Scalable

Combining sensors with software has been the ambition of physical security for decades. During the 2015 / 2016 IoT hype cycle, VCs invested more than $1 billion annually into IoT companies but some struggled to scale due to challenging unit economics. Manufacturing and deploying physical sensors was expensive, hardware had uncertain lifecycles and deployments could stall at the pilot phase. Deploying hardware capable of computing on the edge required financing and manufacturing scale that most growth-stage companies could not support.

That math has changed.

Today, hardware costs have declined meaningfully. The average cost of a sensor has fallen from roughly $1.30 in 2004 to under ~$0.35 today per QYResearch. Camera and edge compute costs have moved in the same direction. The limiting factor is increasingly distribution and operational discipline, not capital intensity.

Edge computing has existed since the mid-2010s but running AI inference at the edge, with the latency physical security demands, was difficult for general-purpose IoT chips. Purpose-built silicon has changed that. Chips designed specifically for neural network inference can now run inside camera hardware at millisecond latency and at a price point that makes facility-scale deployment viable. Processing happens at the device, not in the cloud. This matters because every deployment increases customer-specific context. The longer a company operates inside a physical environment, the more deeply it understands that environment and the harder it becomes to displace.

Hardware ownership is not automatically an advantage. It can create inventory risk, working capital needs, and margin pressure. The advantage comes when hardware is used as a distribution and data-capture mechanism for high-retention recurring revenue. The best companies will not simply ship devices; they will use devices to secure data rights, workflow ownership and long-term customer relationships. Owning the device is not the only path. Integrating with hardware already installed in a facility can secure the same data rights and workflow ownership while sidestepping inventory and working capital risk.

Where the Moat Actually Forms

Not all physical security companies are equally positioned1.

One durable pattern: make the hardware the contract. We believe Verkada is the market benchmark; hardware and software sold as a bundle, with the camera acting as the contract. Once a facility is wired with your devices, switching is a physical project, not just a software decision. HALOS operates on a similar logic with law enforcement / private security, where body-worn cameras are deployed as part of subscription contracts that deepen with every hour of footage captured. The device becomes the relationship: it gives HALOS a physical foothold in the customer’s daily workflow, making distribution harder for competitors to replicate.

Customer stickiness can also come from data that accumulates in a specific place. A company that has mapped every corridor of a hospital campus or built a surveillance network across an entire city has created a data layer competitors cannot replicate by deploying elsewhere. Volt’s 3D campus mapping is a clear example. By layering its AI on the IP cameras already deployed across a school or hospital campus, Volt builds a proprietary spatial layer tied to that specific environment without a hardware rollout. Once a campus is mapped, that spatial intelligence is difficult to rip out. LOCH Technologies applies the same principle to a different sensor modality. Its platform reads the wireless spectrum of a facility. Once a company is continuously interpreting the Radio Frequency (RF) environment of a specific space, it has a view that is difficult for others to recreate. There is also a network effect: each new facility deployment can improve LOCH’s models across similar environments. More facilities mapped means faster, more accurate detection in the next one. The moat is in the accumulated understanding of the place.

Mission-critical workflows and regulatory requirements create another barrier. Hexmodal monitors fire suppression systems, emergency equipment, and safety sensors, generating a continuous record that regulated facilities are legally required to maintain. When a device is part of the data trail that keeps a building compliant with fire codes and safety standards, switching vendors is not just a procurement decision. It introduces operational risk around systems that cannot fail.

Compliance requirements create their own form of entrenchment. Law enforcement body-camera programs run under CJIS standards, while schools and hospitals operate under FERPA and HIPAA, respectively. Once companies like HALOS and Volt are embedded in those environments, vendor switching becomes a legal and operational undertaking, not just a search for marginally better hardware or software.

Security and Compliance are the Wedge. The Opportunity is Wider

Physical security and compliance are natural first applications: real budget, genuine urgency, and regulation that keeps buyers committed once they have chosen a vendor. The companies building here – HALOS in law enforcement, Volt in schools and hospitals, LOCH in wireless-dense facilities and Hexmodal in life safety compliance – are each accumulating a unique kind of irreplaceable data asset.

Security is also a wedge into larger commercial opportunities. The same infrastructure that detects theft, trespassing, or medical emergencies can analyze foot traffic, measure occupancy, support facilities planning and inform broader operational decisions. The physical data layer being built for security today has optionality well beyond security.

Where We’ve Invested and What We’re Watching

Sageview has backed hardware-enabled businesses across verticals, including past investments Theatro and GoPro and current investments Tive, Elemental Machines, Atmosphere, and Grocery TV. We have deep familiarity with how these models perform.

At the growth stage, the most compelling companies in physical security / compliance have repeatable deployment playbooks, reasonable hardware payback periods, expanding margins and low churn driven by physical and workflow switching costs.

We’re leveraging our past hardware experience alongside our growing security / compliance knowledge to find and support the next generation of leaders in physical security and compliance.

Connect with us: Jeff Klemens, Will Kunin, Siddhi Chandak, Sasha Pasmanik

Energy Demand is Compounding

U.S. electricity demand was essentially flat from 2005 – 2020 with annual consumption growing at +0.1%. That era is over. The U.S. Energy Information Administration (EIA) expects U.S. electricity use to grow 1% in 2026 and 3% in 2027.

The relatively strong growth is driven by increasing demand from data centers. There were $78 billion in new data center construction starts in 2025 (190% YoY growth), and $25 billion in construction starts in January 2026 alone per ConstructConnect.

In 2018 data centers consumed 1.9% of total annual U.S. electricity consumption. In 2023 consumption increased to 4.4% and the Berkeley Lab expects usage to represent anywhere from 6.7% to 12.0% by 2028.

Similarly, Goldman Sachs Research estimates global power demand from data centers to increase 165% by 2030 (relative to 2023). They believe this power demand from data centers will likely require $720 billion in additional grid investment through 2030.

Grid operators are already warning that without significant upgrades, overloads are inevitable. The energy industry needs to address growing demand by: 1) Building more generation capacity, 2) Improving efficiency across existing infrastructure, and 3) Optimizing how energy is priced, traded, and delivered. Software and tech-enabled services can help with all three. Utilities need better demand forecasting to plan capacity additions, project developers need tools to navigate compliance requirements, and market participants need automated systems to capture value in volatile markets.

Vendors Emerging to Support the Energy Lifecycle

In addition to rising energy demand, much of the work across the energy stack remains highly manual and fragmented. Bid submissions, project compliance and meter data reconciliation is still run through spreadsheets, email chains and disconnected legacy systems. As we enter a period of higher volume and increasing regulatory complexity, these manual processes become further strained. This dynamic is creating opportunities for technology vendors spanning the full operational lifecycle of how energy is financed, built, traded, and delivered. While there are several large incumbents and numerous upstarts serving this market, we have highlighted five below1:

It starts with market intelligence. Arcobi (formerly Arcus Power) has built an energy intelligence platform on top of 25 years of North American power market data. The company leverages AI to forecast prices, demand, and coincident peaks (highest point of energy consumption on a grid at any given time). Predicting energy demand is extremely important for utility companies and energy managers. The insights are also utilized by energy traders and independent power producers (IPPs).

On the project development side, Euclid Power combines software and technical expertise to support the renewable energy project lifecycle (including development, investment, and construction). Euclid has facilitated over $10 billion in renewable energy investments across 1,000+ projects and 12+ gigawatts of capacity (enough to power ~9 million American homes). Euclid replaces a patchwork of spreadsheets, lost emails, and disorganized data rooms with a structured platform that shrinks weeks of work into days.

As those projects move toward construction and operation, compliance can become a bottleneck. Empact Technologies has built an AI-native platform, called NexusIQ to manage renewable energy project compliance. Empact manages compliance for Investment Tax Credits and Production Credits, ensuring developers meet prevailing wage, apprenticeship, and domestic content requirements. The company currently has more than $3 billion in tax credit value under engagement and delivers immediate ROI for developers, engineering firms, and tax credit investors.

For those participating in the wholesale electricity market, Hartigen’s PowerOptix platform acts as the system of record between a power producer’s physical assets and the financial elements of selling electricity. Power generators and energy traders are submitting bids / offers, ingesting meter data, settling transactions and managing compliance requirements (e.g. Federal Energy Regulatory Commission regulations) every day. Hartigen allows energy market participants to perform all of these actions from a single platform.

When energy reaches the end user, the physical grid itself needs monitoring. Whisker Labs has deployed over 1.2 million Ting sensors that analyze 30 trillion electrical measurements per second, using AI to detect dangerous arcing and grid faults before they cause fires. The platform serves both insurance carriers looking to reduce catastrophic loss and utilities seeking real-time grid intelligence.

Why Sageview is Paying Attention

At Sageview, we look for technology companies solving mission critical operational problems in markets with increasing complexity. Structural energy grid strain (data center build outs), increasing regulatory burden (tax credits, FERC regulations) and a shift towards automated workflows (away from manual spread sheet driven processes) is fostering an environment for durable technology vendors. The five companies profiled are not competing with each other, but instead building the next generation infrastructure to power the energy market. We believe this space is worth watching closely and we’re energized to actively explore opportunities.

Connect with us: Jeff Klemens, Will Kunin, Siddhi Chandak, Sasha Pasmanik

The State of OT Security

1 in 5 industrial organizations reported a cybersecurity incident in 2025, with 40% causing operational disruption. While detection time has improved, remediation remains a challenge, partially due to a lack of visibility and underperformance of IT tooling in OT environments. Why does this matter? OT has a direct impact on the physical world. OT threats can lead to disruption of production, public health risks, environmental concerns, and financial losses. Let’s take a step back and see where the market is today:

Information Technology (IT) is the use of networks and other digital systems to create, store, secure, and exchange all forms of electronic data and information. Operational technology (OT) refers to hardware and software systems that execute monitoring and/or control over industrial equipment and processes. Traditionally, OT cybersecurity was not necessary because OT systems were not connected to the internet. They were not exposed to outside threats. As digital innovations have grown, OT environments have gone online, converging with IT networks and increasing an organization’s attack surface. This convergence is known as the Industrial Internet of Things (IIoT):

IT and OT networks are often kept separate, duplicating security efforts and decreasing transparency. This is due to their purpose: IT optimizes for data security, confidentiality, and integrity. OT optimizes for operational uptime and safety. Thus, IT networks report to the CIO and OT networks often report to the COO. This makes it difficult to identify attack surface boundaries as these disparate teams do not know what is attached to their own network, making visibility a challenge.

Over the past few years, the buyer and operating model have changed. OT is no longer a walled garden overseen solely by engineers; it’s increasingly a cyber-physical extension of the enterprise: connected devices, remote access, cloud analytics, and AI-driven automation layered on top of legacy Programmable Logic Controllers (PLCs) and Supervisory Control and Data Acquisition (SCADA) systems. We see OT security increasingly adopted as an enterprise risk and resilience program, especially under rising regulatory tailwinds (TSA cyber directives, NIS2, etc.). Enterprises are beginning to understand that OT security is non-negotiable.

The market has taken note and several OT security transactions have taken place over these past few months:

Notable Deal Activity

1. (9/9/25): Mitsubishi Electric acquires Nozomi Networks for $883mn
   This strategic deal, which closed in January 2026, represents ~11.8x on Nozomi’s 2024 ARR of $75mn with a CAGR of 33% over the past 3 years. The CPO of Nozomi Networks stated that “By combining Mitsubishi Electric’s century of global industrial expertise with Nozomi Networks’ innovations in data science, AI/ML and industrial cybersecurity, we have a unique opportunity to create a new generation of AI-powered solutions… across all OT/IoT use cases and industries around the world.”

   1. Press reveals that Nozomi will continue to operate independently from Mitsubishi as a subsidiary. This seems to only make sense if it supports a broader Mitsubishi Electric strategy. There will be a natural fit for Nozomi offerings to Mitsubishi Electric customers, especially in Japan, which makes up half of their revenues. It could also be a possible wedge to offer other managed services.

   2. From an exit perspective, Nozomi’s ~$1bn exit on $254mn of invested capital sets a valuation floor. With Dragos and Claroty having raised ~$440mn and ~$890mn respectively, they would need to convince the market why they are worth ~2-4x Nozomi’s price to deliver strong returns.

2. (12/23/25): ServiceNow to acquire Armis for $7.75bn in cash
   On the announcement, Armis reportedly had $340mn in ARR with 50% YoY growth, representing a premium ~23x ARR multiple. Where did this deal come from?

   1. ServiceNow stated the purpose of this acquisition is to expand security exposure coverage “across the full attack surface” including IT, OT, and medical devices, and to build an “end-to-end security exposure and operations stack.” Interestingly, ServiceNow’s core strength is not detection: it’s system-of-record workflow, approvals, ticketing, governance, and orchestration across functions. OT has historically struggled because even when you detect something, remediation requires human and process coordination: plant ops, engineering, IT, third parties, vendors, change windows, etc… OT is a high-friction environment; that friction is exactly where ServiceNow’s workflow orchestration can be valuable.

   2. This move seems to bolster ServiceNow’s AI capabilities and reflect a “growth-at-all-costs” approach, following their acquisition of Moveworks in March. By connecting Armis’ capabilities and unique dataset to the ServiceNow AI Control Tower, they are moving their AI functionality into the broader cybersecurity market and unlocking a new set of customers, although the cross-selling synergies from IT to Cyber don’t seem apparent. With the supposed convergence of IT/OT, ServiceNow is moving into providing a ‘single pane of glass’ for buyers.

3. Fundraising Rounds: There have been some large OT security fundraising rounds:

   1. (1/22/26) Claroty raises $150mn from Golub Growth to fuel global expansion and build out their cyber-physical systems platform. Claroty claims an 80% increase in valuation from their prior financing round in 2024, demonstrating significant market appetite.

   2. (12/18/25) Exein raises $117mn in funding led by Blue Cloud Ventures. The company saw 5x revenue growth in 2025 with ~50% coming from APAC. Exein is an AI-powered platform that embeds security directly into device firmware, a unique approach compared to traditional network security.

   3. (9/4/25) Shift5 raises a $75mn Series C led by Hedosophia at a $515mn pre-money valuation. The company reportedly earned $14.9mn in unclassified contracted revenue, coming entirely from defense agencies. Shift5 specializes in protecting operational technology on the move (ie: rail, aviation).

We expect emerging startups to focus on the ‘‘niche over platform” play, looking to provide specialized OT security in hard to replicate environments.

OT security is moving towards “cyber-physical exposure management”

The OT security market is projected to grow from $23.47 billion in 2025 to $50.29 billion by 2030, representing a 16.5% CAGR. We’ve seen the market develop, with Gartner releasing their first magic quadrant for Cyber-Physical Systems in 2025.

Dale Peterson, a credible voice in Industrial Control System (ICS) security, argued that OT detection has been the primary product opportunity to date, and the market is still early relative to TAM. Claroty, Nozomi, and Dragos are network monitoring focused. They look at network traffic and compare it against known “bads.” We believe this evolves into detections engines that correlate threats across endpoints, infrastructure, and other systems. We’ve spoken to several startups building in this space, and believe OT is moving towards exposure management: increased visibility, continuous identification, prioritization, and remediation across all cyber-physical assets.

What We Believe

1) Convergence is real operationally, not organizationally. IT and OT networks are increasingly interconnected, but the teams, incentives, and tolerances are different. OT optimizes for safety and uptime; IT optimizes for confidentiality, integrity, and standardization. The “convergence” that matters is whether risk can be expressed in a shared language across teams, and acted on without interrupting production.

2) The winner is not the vendor with the most detections; it’s the vendor with the most credible path to risk reduction.
In OT, false positives and operational friction kill deployments. Anything that can’t map to real outcomes (remote access hardening, compensating controls, governed remediation) becomes replaceable in the long-run.

3) Platform gravity is real, but specialists won’t disappear.
The likely end state looks like this: deep OT specialists continue to support organizations with complex industrial nuance, while enterprise platforms increasingly own the control plane (risk, governance, orchestration, reporting). ServiceNow buying Armis is a bet that the platform layer will be where budget consolidates.

4) The biggest remaining gap: safe action at scale.
Most enterprises still struggle to answer: “Which exposures in OT are actually actionable this quarter without disrupting production?” The winners will encode not just cyber knowledge, but operational constraints.

Where We’re Impressed

1. Asset Discovery and Inventory (what exists in my environment?)

   1. Sepio: Hardware-asset visibility (HVA) using physical layer introspection

   2. Tosi: Automated asset discovery

2. Network Monitoring & Anomaly Detection (who/what is on my network?)

   1. Organizations need a holistic view of their risk levels and potential areas of exploitation.

      1. Galvanick: Extended detection and response, threat prioritization

      2. Frenos: Behavioral modeling and attack simulation

3. Secure Access (who can touch what?)

   1. OT runs on hardware vendors: OEMs, integrators, maintenance contractors. There is a need for identity security and third-party access control.

      1. Dispel: Secure remote access

      2. Waterfall Security: Hardware-enforced remote access

      3. Xage: Identity-driven zero-trust remote access

      4. Cyolo: zero-trust, remote privileged access

4. Segmentation & Enforcement (how do I harden paths?)

   1. Enforcement is often owned by network infrastructure, not the OT security vendor. Network-centric vendors have an enforcement advantage because they control the routers/switches/firewalls

      1. Shield-IoT: Industrial firewalling and microsegmentation

5. Endpoint / Portable Inspection (how do I vet devices?)

   1. Many OT endpoints can’t run agents or are serviced via laptops/USB in maintenance workflows. There is a need for safe inspection of endpoints, such as field laptops.

      1. TXOne Portable Inspector: Agentless scanning via a USB device

6. Wireless / Private LTE Security (how do I monitor private channels?)

   1. OT environments increasingly leverage private LTE/5G, Wi-Fi for sensors/robots. Detection and monitoring of these channels is becoming critical.

      1. OneLayer: Private cellular network security

7. OT Data Exchange & One-Way Flows (How do I feed analytics?)

   1. Utilities and industrials increasingly want OT data in IT/cloud for analytics, but the path has to be controlled (“observe” vs “control”).

      1. Waterfall Security Data Diodes: Unidirectional gateways for high-assurance data export

Bottom Line

Recent OT acquisitions / funding signal a shift in the market: OT security has graduated from a niche industrial category into a strategic layer of enterprise cyber exposure management.

The next chapter is about who owns the system-of-action for cyber-physical risk, and whether that ownership accrues to OT specialists, enterprise workflow platforms, or a hybrid stack where visibility remains specialized but remediation becomes centralized.

Chart: Public Cybersecurity Company Multiples1:

Chart: Public Cybersecurity Share Prices2:

Chart: 2-Year Median EV / NTM Revenue & NTM Revenue Growth:3

• Current median NTM revenue multiple: 7.0x

• Current median NTM revenue growth: 11.5%

• 2-year median NTM revenue multiple: 7.7x

Chart: 10-Year EV / NTM Revenue Multiple4:

Cybersecurity technology companies today are trading at a premium relative to the broader SaaS universe.

• Current median Cyber NTM revenue multiple: 7.7x

• Current median SaaS NTM revenue multiple: 3.6x

Chart: 2-Year Median EV / NTM Revenue – Companies Growing +/-15%:5

• Current high growth median NTM revenue multiple: 8.0x

• Current low growth median NTM revenue multiple: 5.8x