Stroom Fund III closed at €51M in January 2025. It is our smallest fund on a absolute basis — Fund II was €72M — and that is a deliberate construction choice. We concentrated the fund thesis more tightly than Fund II and wanted a vehicle sized for twelve to fifteen concentrated early investments rather than a larger portfolio. Fund III's mandate is seed to Series A in three specific categories: AI-native detection and response infrastructure, post-quantum cryptography migration tooling, and European digital identity infrastructure under eIDAS 2.0. These are not exhaustive coverage of the cybersecurity market. They are the categories where we believe the structural shift is large enough and near-term enough to justify concentrated investment over a three-to-four-year deployment period.
The detection and response category needs some specificity because it is crowded with investment interest. The category we are not focused on in Fund III is incrementally better SIEM or incrementally better endpoint detection — these are commoditising categories with well-capitalised incumbents. What we are actively looking for is detection infrastructure that becomes possible because of advances in AI capability: systems that can reason about adversary intent from behavioural signals across multiple data sources simultaneously, platforms that can model the trust and authentication chain of an enterprise's machine identity estate and detect anomalous delegation patterns, and detection approaches for AI agent behaviour within enterprise environments — a category that essentially did not exist three years ago and is now a genuine attack surface. The common thread across these sub-categories is detection that works on the signals that matter most to sophisticated adversaries: identity and authentication abuse, supply chain compromise indicators, and the misuse of trusted internal mechanisms.
Post-quantum cryptography migration is our highest-conviction near-term opportunity. NIST finalised its first PQC standards in 2024 — FIPS 203 (CRYSTALS-Kyber/ML-KEM for key encapsulation), FIPS 204 (CRYSTALS-Dilithium/ML-DSA for digital signatures), and FIPS 205 (SPHINCS+/SLH-DSA as a stateless hash-based signature alternative). European governments have issued migration guidance recommending timelines for transitioning classified and sensitive systems. DORA's operational resilience requirements are beginning to surface PQC migration as a third-party risk management consideration. The migration from existing public key infrastructure to PQC-capable infrastructure is not a library update — it requires cryptographic agility at every layer of the stack that uses asymmetric cryptography, from TLS session establishment to certificate management to code signing to secure enclave operations. The organisations that need to execute this migration — European financial institutions, critical infrastructure operators, healthcare systems handling long-lived sensitive data — are looking for tooling that can audit their current cryptographic exposure, model the migration path, and instrument the transition. We backed Cossack Labs in part because of their algorithm agility architecture, but there is a broader opportunity in migration tooling that we are actively evaluating.
The European digital identity infrastructure category is driven by a regulatory event that is finally becoming real: the EU Digital Identity Wallet under the revised eIDAS 2.0 regulation requires member states to offer a digital identity wallet to all citizens by a defined timeline, and creates a framework under which the wallet can be used for both public and private sector authentication and credential presentation. The infrastructure required to make this work — relying party integration, wallet credential issuance and revocation, QEAA (Qualified Electronic Attribute Attestation) issuance, privacy-preserving selective disclosure — does not yet exist at the scale the regulation contemplates. We are looking at companies building the middleware layer between existing identity systems and the eIDAS 2.0 ecosystem: relying party SDKs that let developers integrate wallet-based authentication without deep expertise in EUDI Wallet standards, credential issuance infrastructure for qualified trust service providers, and selective disclosure implementations based on W3C Verifiable Credentials and SD-JWT specifications. This is infrastructure investment in the most literal sense — the market will be large because the regulation mandates it, and the engineering is genuinely hard.
Fund III's investment pace through early 2026 has been deliberate rather than rapid. We have made two investments since closing and are in active diligence on three additional companies. The market for early-stage security infrastructure in Europe is competitive — there are more capable seed-stage companies than there were when we deployed Fund I — and our diligence process has become correspondingly more rigorous. We are spending more time on the technical architecture validation, particularly for companies operating at the intersection of AI capability and security detection, where the difference between a genuinely novel approach and a well-packaged incremental improvement requires careful technical assessment to distinguish. We will continue to publish our thinking on the categories as our views develop.