# cyber-biz.com — Full Markdown Index > Independent analysis of the cybersecurity industry: M&A, funding, public companies, and platform shifts. Written by Tal Eliyahu. _Last updated: 2026-05-11_ Full Markdown of all published posts on cyber-biz.com, one per section. Each section starts with the post title and a Source URL for citation. --- # XBOW's $35M Round Is About the Cap Table, Not the Number Source: https://cyber-biz.com/blog/xbow-strategic-round-cybersecurity-ai-capital-2026 Published: 2026-05-09 Author: Tal Eliyahu Category: Funding News Tags: AI Security, Governance and Assurance, Vulnerability Management, Application Security > XBOW raised $35 million from NVIDIA, Samsung, Accenture, and SentinelOne with no financial lead. The shape of the round, not the number, is the signal. ## Key facts - $35M Series C extension closed May 6, 2026. No financial lead. Strategic-only. - Cap table: NVIDIA NVentures, Samsung Ventures, Accenture Ventures, SentinelOne S Ventures, DNX Ventures, Liberty Global Tech Ventures - Series C total now $155M. Lifetime funding past $270M. Unicorn since 2025 - Founded 2024 by Oege de Moor — the engineer who led GitHub Copilot. Category: autonomous offensive security - Recent agentic-security cohort: 7AI $130M Series A, Artemis $70M Series A, Variance $21.5M Series A. Capital is concentrating in categories that automate scarce talent - A public security vendor (SentinelOne) writing a strategic check into a private AI-security company is not subtle. Soft M&A signal — 18-month horizon - Cap tables rehearse acquisitions. This is what the rehearsal looks like. XBOW's $35 million Series C extension is the cybersecurity funding story of the quarter. Not because of the dollars. Because of the shape. The whole round, closed on May 6, 2026, came from strategic backers: [NVIDIA's NVentures, Samsung Ventures, Accenture Ventures, SentinelOne's S Ventures, DNX Ventures, and Liberty Global Tech Ventures](https://xbow.com/news/xbow-secures-additional-35m-from-strategic-investors). No traditional venture firm led. No financial lead at all. That is rare at this stage, and it tells us something about where cybersecurity AI capital is going that the headline number does not. Many people will see $35 million and skip past the deal. Funding rounds in agentic security have started to blur — they all look big, they all sound similar, they all promise to automate scarce human work. The interesting thing about XBOW's round is that it is structured the way enterprise technology gets structured when buyers want a seat at the table. That is a different signal than another tier-one VC writing another check. ## A round without a financial lead XBOW operates an autonomous offensive security platform. AI agents probe applications continuously, the way a human attacker would, and surface validated exploitation evidence. The company was founded in 2024 by Oege de Moor — the engineer who led the team behind GitHub Copilot — and reached unicorn valuation on a $75 million Series B led by Altimeter Capital in 2025. With this extension, Series C now stands at $155 million and total funding crosses $270 million, [per SecurityWeek](https://www.securityweek.com/autonomous-offensive-security-firm-xbow-raises-35-million/). What is unusual is the cap table on this round. Most late-stage cybersecurity rounds have a financial lead investor. The lead does the diligence, prices the round, and signals validation to the rest of the market. Strategics fill the remaining capacity. A strategic-only round flips that dynamic. The signal becomes commercial: every dollar in this cap table comes from a customer, partner, or distribution channel. That structure is not an accident. It is what happens when a product has crossed from experimental to enterprise procurement. The investors are not buying optionality on a thesis. They are buying influence over a roadmap they already depend on. ## Strategic-only rounds say something VC-led rounds do not The companies that close strategic-only rounds tend to share a profile. The product is shipping at scale. Enterprise customers are renewing. Multiple competitors are being benchmarked head-to-head. And the strategics in the round are not pure financial bets — they are the customers, partners, and prospective acquirers preserving optionality on a category they expect to matter. Read that way, the cap table is a leading indicator. SentinelOne investing in XBOW says SentinelOne thinks autonomous offensive security is going to matter. NVIDIA investing says NVIDIA wants visibility into where AI-security workloads run. Accenture investing says the managed-services channel is forming. Samsung investing means Samsung has interesting reasons of its own. Cap tables don't predict acquisitions. They rehearse them. ## Capital is concentrating in the categories that automate scarce talent XBOW is one of several AI-native security companies to raise materially in the past month. [Artemis raised $70 million in Series A](https://www.geekwire.com/2026/xbow-the-unicorn-with-a-seattle-mailbox-raises-another-35m-for-its-autonomous-hacking-platform/) for AI-vs-AI defensive security on April 15. Variance closed $21.5 million in Series A in early April for autonomous AI compliance and fraud agents. 7AI took $130 million in Series A for agentic SOC, the largest cybersecurity Series A on record. The pattern is consistent across these deals. The product is AI-native, not AI-flavored — built around agentic execution, not retrofitted onto an older codebase. The target is work historically done by scarce specialists: pentesters, red teamers, SOC analysts, compliance reviewers. Series A check sizes are large because investors are paying premium for traction and category leadership. And strategic capital is showing up earlier in the cap table than usual. Capital is not flowing to every cybersecurity sub-category at this pace. Endpoint protection rounds remain quiet. Network detection is consolidating. Traditional SIEM is in run-off. The disproportionate appetite is for *agentic security categories that automate work historically done by humans*. That is a structural shift, not a vintage-year fashion. ## Procurement teams are picking platform leaders, not categories For cybersecurity buyers, the practical implication sits in the procurement question, not the product comparison. The old question was whether autonomous offensive security is a real category. The new question is which of the three or four well-capitalized leaders to standardize on, and how to evaluate exploitation evidence across vendors that all claim continuous coverage. The second-order effect is that the strategic capital base around AI-security leaders is starting to lock in distribution. NVIDIA's investment ties XBOW into the NVIDIA AI ecosystem story. Accenture's investment opens managed-services channels. SentinelOne's investment gives XBOW a public security buyer that could later become an OEM partner — or, more interestingly, an acquirer. Architects evaluating AI-security tools should pick with care for which platform the tool will eventually live inside. Several of the highest-velocity AI-security startups are unlikely to remain independent past 2027. ## The strategic cap table is now a credible path Three things from XBOW's round are worth taking seriously if you are raising as a cybersecurity founder in 2026. ### Strategic-only is now a credible path The assumption that a tier-one financial lead is required to price the round is breaking down for AI-native security companies with enterprise traction. If your customers want roadmap influence and your strategic partners want distribution leverage, you can run a structured round with strategics alone. Your law firm has done it before for other companies. The mechanics are not novel. ### Category framing matters more than category coverage XBOW does not call itself a SAST tool, a DAST tool, or a pentest replacement. It calls itself autonomous offensive security. That framing is doing real work — it lets the company be priced like an AI-native category leader instead of being benchmarked against incumbent application security tools. Founders building agentic security companies should pay attention to the framing they choose. The framing sets the comparable set investors will use to value the round. ### Where SentinelOne shows up matters A public security buyer investing in a private AI-security company is a soft acquisition signal. SentinelOne has shown up in [other AI-security cap tables](https://www.geekwire.com/2026/xbow-the-unicorn-with-a-seattle-mailbox-raises-another-35m-for-its-autonomous-hacking-platform/) recently. When [public security companies](/#stock-lists) start making strategic investments at this pace, expect those investments to translate into M&A within 18 months. ## XBOW's round versus the recent agentic cohort Against the past twelve months of cybersecurity Series A and B activity in agentic categories, the XBOW round is the cleanest expression yet of incumbent platform interest. 7AI's $130 million Series A for agentic SOC was the previous outlier in pure size. Artemis's $70 million Series A had a financial lead (Felicis) plus strategics. Variance's $21.5 million Series A had a financial lead (Ten Eleven) plus strategics. XBOW's extension is the first material 2026 round to land strategic-only. In that company, XBOW's round is the one most directly tied to the platforms that will eventually buy these companies. Three of the seven investors operate or distribute security software at scale. That is not a financial-pattern round. It is an enterprise-procurement-pattern round. ## NVIDIA's check is about runtime, not optics The NVIDIA NVentures cheque deserves a separate read. NVIDIA does not need to invest in offensive security companies for distribution. The investment likely reflects two interests: GPU consumption from agentic security workloads, and reference architectures NVIDIA can publish as part of its enterprise AI stack story. Agentic security platforms are GPU-heavy at runtime. Continuous probing of large applications, training of attack models on customer telemetry, and inference at the per-request level all push compute. If autonomous offensive security and agentic SOC become standard cybersecurity practice — and the procurement signals say they will — the underlying compute spend that flows to NVIDIA's enterprise customers grows materially. That is the pattern NVIDIA's earlier investments in cloud security, MLOps, and observability companies were positioning for. The practical takeaway for security architects evaluating agentic platforms: ask vendors about their GPU runtime cost economics. The companies that can deliver continuous AI-native security at predictable infrastructure cost will outlast the ones that cannot. ## The signals worth watching for the rest of the year Three signals over the next 90 days will tell us whether XBOW's round was a one-off or a category pattern. The first is whether other AI-security unicorns run strategic-only extensions. If 7AI or Artemis structures a similar follow-on, the pattern is real. The second is whether public security vendors expand their venture arms. [CrowdStrike](/stocks/crwd), [Palo Alto Networks](/stocks/panw), and [SentinelOne](/stocks/s) all have venture activity. If their cheque sizes step up materially in agentic categories, the M&A signal is firmer. The third is the pricing on the next agentic security acquisition. [Cisco's Astrix deal in early May](/blog/cisco-astrix-non-human-identity-platform-layer) reportedly cleared $400 million. The next agentic security acquisition will set comparable pricing for follow-on M&A — and tell us whether strategics are willing to convert their cap-table positions into full ownership. XBOW's round is small in dollars and large in signal. The next twelve months of cybersecurity capital allocation will be about which AI-native categories cross from venture-funded to platform-owned, and at what price. Cap tables rehearse acquisitions before they happen. This one is not subtle. ## Frequently asked questions ### Who is XBOW and what does the company do? XBOW operates an autonomous offensive security platform — AI agents that continuously probe applications for exploitable vulnerabilities the way a human attacker would. The company was founded in 2024 by Oege de Moor, who led the engineering team behind GitHub Copilot. The product replaces point-in-time penetration tests with continuous, validated exploitation evidence. That is a different procurement category than annual third-party engagements, and it is now being priced accordingly. ### Why does a strategic-only round matter in cybersecurity? Most late-stage rounds have a financial lead investor that prices the round and validates the deal. A strategic-only round means every dollar in the cap table comes from a customer, partner, or distribution channel — and the lead is, effectively, the market. The signal flips from thesis-stage validation to enterprise procurement validation. That is rare. When it happens, the cap table is functioning as a soft acquisition rehearsal, not a fundraising round. ### What does SentinelOne investing in XBOW signal for cybersecurity M&A? When a public security vendor writes a strategic check into an adjacent AI-security category, it is a soft acquisition signal. The investment locks in commercial relationships, gives the public vendor visibility into the roadmap, and creates an option to convert the position into a full acquisition later. Historical pattern: strategic investments at this scale typically convert to M&A within 18 months. SentinelOne is not the only public vendor doing this. ### Where is cybersecurity venture capital concentrating in 2026? Capital is concentrating in AI-native security categories that automate work historically done by scarce human talent — autonomous pentest, agentic SOC, AI-vs-AI defense, autonomous compliance, non-human identity. Endpoint, network detection, and traditional SIEM are receiving disproportionately less new capital. The largest 2026 cybersecurity rounds so far are all in agentic categories. That is a structural shift, not a vintage-year fashion. ## Sources - [XBOW Secures Additional $35M from Strategic Investors](https://xbow.com/news/xbow-secures-additional-35m-from-strategic-investors) — XBOW - [Autonomous Offensive Security Firm XBOW Raises $35 Million](https://www.securityweek.com/autonomous-offensive-security-firm-xbow-raises-35-million/) — SecurityWeek - [XBOW raises another $35M for its autonomous hacking platform](https://www.geekwire.com/2026/xbow-the-unicorn-with-a-seattle-mailbox-raises-another-35m-for-its-autonomous-hacking-platform/) — GeekWire --- # Palo Alto's Portkey Buy Stakes the Gateway, Not the Product Source: https://cyber-biz.com/blog/palo-alto-portkey-ai-gateway-acquisition-2026 Published: 2026-05-09 Author: Tal Eliyahu Category: M&A Tags: AI Security, Governance and Assurance, Identity and Access Management, Data Security and Protection > Palo Alto Networks is buying Portkey for a reported $700M. The platforms aren't buying AI security. They're staking primitives. Two are now spoken for. ## Key facts - Palo Alto Networks announced intent to acquire Portkey on April 30, 2026. Reported value: ~$700M. Officially undisclosed. - Portkey is an AI Gateway routing trillions of tokens monthly across 3,000+ models for over 1,000 enterprises - Portkey will be integrated into Prisma AIRS, Palo Alto's AI runtime security platform - There are three primitives in the AI-agent stack: identity, gateway, data access. Two are now spoken for. - Cisco bought identity (Astrix, May 4). Palo Alto is buying gateway (Portkey, April 30). Cyera is staking data access (Otterize 2025, Ryft 2026). - Routing and policy data is sticky. Once an enterprise's agents flow through Portkey, switching gateways means re-validating every rule. - Strategic distance over Cisco, CrowdStrike, SentinelOne on AI-runtime enforcement: roughly 18 months — and widening. Palo Alto Networks is not buying an AI security product. It is staking a primitive. On April 30, 2026, Palo Alto announced its intent to acquire [Portkey](https://www.paloaltonetworks.com/company/press/2026/palo-alto-networks-to-acquire-portkey-to-secure-the-rise-of-ai-agents) — an AI Gateway company whose platform routes and policies traffic across more than 3,000 large language models for enterprise customers. The deal value was not officially disclosed. [Trade press reporting puts it in the $700 million range](https://thenewstack.io/palo-alto-portkey-ai-gateway/). Read together with Cisco's Astrix Security acquisition five days later, the cybersecurity platform layer is being redrawn around the AI agent — and the redrawing is happening one primitive at a time. There are three primitives in the AI-agent stack. Identity. Gateway. Data access. Two are now spoken for. The third is in motion. ## Palo Alto pays for the chokepoint, not the product Portkey provides what the company calls an AI Gateway: a control plane that sits between agentic applications and the language models, vector databases, and tools they call. Every prompt, response, and tool invocation passes through the gateway, where customers apply routing rules, rate limits, redaction, audit logging, and policy. Portkey's customer base reportedly includes more than a thousand enterprises, processing trillions of tokens per month, [per the company's own description](https://www.paloaltonetworks.com/blog/2026/04/securing-and-governing-ai-agents-at-scale-through-a-unified-ai-gateway/). Palo Alto Networks plans to integrate Portkey into [Prisma AIRS](https://investors.paloaltonetworks.com/news-releases/news-release-details/palo-alto-networks-acquire-portkey-secure-rise-ai-agents), the company's AI runtime security platform launched earlier this year. The interesting move is not adding a product to the portfolio. It is acquiring the chokepoint. ## Why the gateway is the natural enforcement layer The enterprise problem Portkey solves is that AI agents talk to too many things. A single internal copilot might fan out to OpenAI, Anthropic, several open-source models, three vector databases, and a handful of internal APIs in the course of answering one question. Without a gateway, every team builds bespoke routing, falls back manually, and ships code that hard-codes provider keys. That is not a state any large enterprise can stay in for long. For a cybersecurity platform, the gateway is the natural place to enforce policy. Block the agent from sending personally identifiable information to a third-party model. Force a guardrail check on responses before they reach the user. Audit every tool call. Rate-limit per agent identity. The gateway is the single chokepoint that makes those controls enforceable rather than aspirational. Palo Alto already had an AI security product line in [Prisma AIRS](https://www.paloaltonetworks.com/blog/2026/04/securing-and-governing-ai-agents-at-scale-through-a-unified-ai-gateway/), focused on protecting AI applications from prompt injection, data leakage, and model abuse. Portkey adds the missing primitive: the routing and policy layer through which all the agent's calls actually flow. Without that layer, AI security is a series of bolt-on detections. With it, AI security becomes inline enforcement. That is the difference between a feature and a category. ## Three primitives, two now spoken for Cisco's planned acquisition of Astrix Security, [analyzed previously](/blog/cisco-astrix-non-human-identity-platform-layer), staked a different primitive: non-human identity. Astrix provides discovery, governance, and lifecycle management for the credentials AI agents use — API keys, OAuth tokens, service accounts, secrets. Put the two deals next to each other and the architecture becomes clear. - **Identity**. Who or what is acting. Cisco bought into this layer with Astrix. - **Gateway**. Which calls go where, with what policy. Palo Alto Networks is buying into this layer with Portkey. - **Data access**. What the agent can read and write. Cyera bought Otterize in 2025 and Ryft in late April 2026 to stake this layer. The cybersecurity platform layer for AI agents is converging on those three primitives. Hyperscaler-backed and large-cap security vendors are now buying — not building — those primitives. That changes the timeline for independent AI-security startups in the same categories. The independent gateway thesis is closing. The independent identity thesis is closing. The independent data-access thesis is being contested in real time. We have seen this before. When the cybersecurity industry settles on the structural primitives of a new platform layer, the platforms acquire those primitives within a 12-to-24-month window. Cloud security ran this playbook between 2019 and 2022 — CSPM, CWPP, CIEM, and CNAPP went from independent categories to platform-owned in less than three years. The AI-agent stack is on the same arc, faster. ## Palo Alto's 18-month lead in AI-runtime enforcement For [Palo Alto Networks](/stocks/panw) specifically, this acquisition extends Prisma AIRS from a detection product to an enforcement product. Customers running Portkey already integrate it into their AI applications. Once the integration with Prisma is live, those customers get an AI security platform without changing what is in their application code. That is the hardest part of an enterprise security rollout, and Palo Alto bought past it. The deal also gives Palo Alto Networks a defensible position in the agentic AI market. Routing and policy data is sticky. Once an enterprise's agents flow through Portkey, switching gateways means re-validating every routing rule, every fallback, and every audit trail. That switching cost is what makes gateway businesses durable. [Cisco](/stocks/csco) does not yet have a comparable AI Gateway asset. CrowdStrike's recent agentic moves are detection-side. Microsoft is building gateway capabilities into Azure AI Foundry, but that is a hyperscaler-platform play rather than a security-platform play. The Portkey acquisition gives Palo Alto Networks roughly an 18-month lead over the other large-cap pure-play security vendors on AI-runtime enforcement. That lead is real, and it will only widen until one of the others picks a primitive of its own. ## Buyers should expect AI Gateway and AI security to consolidate into one product If you are buying AI security tooling in 2026, the acquisition has two practical implications. The first is that AI Gateway and AI Security Posture Management are about to become a single product, not two product categories. Palo Alto Networks will package Portkey routing with Prisma AIRS detection. CrowdStrike, [SentinelOne](/stocks/s), and others will do the same once they pick their gateway partner or build internally. Procurement teams that signed standalone gateway contracts in 2025 should expect their renewal cycles to align with platform consolidation pressure. That pressure is structural — it is not a sales tactic. The second is that model and tool fragmentation makes inline enforcement increasingly important. The number of LLMs, agents, and tools an enterprise integrates is growing faster than the number of security teams. Inline enforcement at the gateway is the only design that scales across that complexity. Detection-only AI security products are about to become a partial solution. Buyers who built their AI security strategy around detection alone should re-open the question. ## The remaining AI-security primitives are not yet spoken for For AI-security founders still building independently, the deal narrows the window in the gateway category and sharpens the question of which adjacent primitives platforms have not yet bought. Identity, gateway, and data access are now spoken for at the platform level. Adjacent primitives that are still open include agent observability, agent testing and red-teaming, policy authoring tools that work across multiple gateways, and agent-aware DLP. Founders raising in 2026 should map their cap tables against the AI-security categories that platforms have not yet claimed. The categories they have claimed will keep getting compressed. The second move worth taking seriously is to build for two-platform integration from day one. The customers buying AI-security tooling in 2026 are going to consolidate to one or two platforms within 24 months. Building deep integration with the platform a customer is consolidating to is a higher-leverage product investment than horizontal portability across all platforms. The third is to read strategic-investment patterns as forward acquisition signals. The Astrix deal, the Portkey deal, and Cyera's recent acquisitions all rhyme with [the strategic-only round XBOW closed days later](/blog/xbow-strategic-round-cybersecurity-ai-capital-2026). Public security vendors investing in private AI-security companies are usually previewing future M&A. Founders raising now should structure the next round with that path in mind. ## The signals that complete the three-primitive picture Three signals over the next two quarters will tell us whether the platform-layer consolidation thesis holds. [CrowdStrike](/stocks/crwd) does not yet have a public AI Gateway position. The next agentic acquisition or partnership announcement from CrowdStrike will tell us which primitive they prioritize. Hyperscaler responses will reshape the buyer landscape; Microsoft, Google, and AWS each have an AI Gateway story building inside their platform divisions, and whether they accelerate, partner with security platforms, or stay in their lane is the second signal. The third is pricing on the next AI-security M&A deal. Astrix is reported around $400M. Portkey is reported around $700M. The next deal in any of the three primitives sets pricing comps and tells founders what valuation discipline platforms are willing to apply. The AI agent is becoming the unit of cybersecurity work — the same way the endpoint became the unit of cybersecurity work in the 2010s. Watch which platform owns which layer of that agent. The next two years of cybersecurity M&A will largely be a story about completing the three-primitive picture. Two down. One to go. ## Frequently asked questions ### What is an AI Gateway and why does it matter for cybersecurity? An AI Gateway is a control plane that sits between agentic applications and the language models, vector databases, and tools they call. Every prompt, response, and tool invocation passes through the gateway. For cybersecurity, the gateway is the single chokepoint where policies — data redaction, model selection, rate-limiting, audit logging — can be enforced inline rather than as bolt-on detections. That is the difference between AI security as a feature and AI security as a category. ### How does Palo Alto's Portkey deal compare to Cisco's Astrix acquisition? The two deals stake different primitives in the same architecture. Cisco bought identity for AI agents (Astrix). Palo Alto Networks is buying the gateway layer (Portkey). A third primitive — data access — is being claimed by Cyera through Otterize and Ryft. Together these three primitives are how the cybersecurity platform layer is being redrawn around the AI agent. The deals are not coincidence. They are the platforms picking corners. ### What does Palo Alto Networks gain that it could not build itself? Time and customer adoption. Portkey already processes trillions of tokens per month for over a thousand enterprise customers. Building that traction internally would have taken Palo Alto Networks 18 to 24 months and not guaranteed customer migration. The acquisition shortcuts both — it brings the gateway, the customer relationships, and the operational data needed to make the gateway smarter. That kind of head start is rarely available, and when it is, platforms pay for it. ### What does this deal mean for independent AI-security startups in the gateway category? The window for an independent AI Gateway company is closing. Identity, gateway, and data access are now spoken for at the cybersecurity platform layer. Founders building in the AI-security category should look at adjacent primitives that have not yet been bought — agent observability, agent red-teaming, cross-platform policy authoring, agent-aware DLP. The categories the platforms have claimed will keep getting compressed. ## Sources - [Palo Alto Networks press release: Acquisition of Portkey](https://www.paloaltonetworks.com/company/press/2026/palo-alto-networks-to-acquire-portkey-to-secure-the-rise-of-ai-agents) — Palo Alto Networks - [Investor relations release](https://investors.paloaltonetworks.com/news-releases/news-release-details/palo-alto-networks-acquire-portkey-secure-rise-ai-agents) — Palo Alto Networks IR - [Securing and Governing AI Agents at Scale Through a Unified AI Gateway](https://www.paloaltonetworks.com/blog/2026/04/securing-and-governing-ai-agents-at-scale-through-a-unified-ai-gateway/) — Palo Alto Networks Blog - [Palo Alto's $700M-class AI bet on Portkey gateway](https://thenewstack.io/palo-alto-portkey-ai-gateway/) — The New Stack --- # Transilience and the Operating System Race in Cloud Security Source: https://cyber-biz.com/blog/transilience-ai-security-operating-system-cloud-2026 Published: 2026-05-09 Author: Tal Eliyahu Category: New Products Tags: AI Security, Governance and Assurance, Incident Detection and Response, Governance, Risk, and Compliance > Transilience is the fourth cloud security vendor in nine months to claim the words operating system. The race to own the noun is the real story. ## Key facts - Transilience AI launched its Full Stack Security Operating System on May 7, 2026 - Product spans detection, response, compliance, pentest, and threat exposure management — closing the gap between cloud detection and remediation - Architecture: Data → Knowledge → Wisdom → Judgment. AI owns the first two layers; humans own the latter two - Positioning: integrates with existing CNAPP, CSPM, CWPP — no rip-and-replace - Fourth cybersecurity vendor in nine months to reach for the *operating system* framing. The noun is doing real work - Competitive overlap: Wiz, Orca, Prisma Cloud, Falcon Cloud, Dropzone AI, Prophet Security, Torq, Splunk SOAR, XM Cyber - Agentic remediation is becoming a distinct procurement category by 2027 — and the layer above CNAPP will be priced very differently from the layers underneath The most interesting thing about Transilience's new product is the noun. On May 7, 2026, Transilience AI launched what it calls a [Full Stack Security Operating System](https://www.helpnetsecurity.com/2026/05/08/transilience-ai-full-stack-os/) for cloud — a platform spanning detection, response, compliance, penetration testing, and threat exposure management, with AI agents owning the data and knowledge layers and humans owning the wisdom and judgment layers. The architecture is real. The framing is interesting. But what makes the launch worth reading closely is that Transilience is now the fourth cloud security vendor in nine months to reach for the words *operating system*. This is not coincidence. The race to own that noun is the story of cloud security in 2026. ## Transilience joins the operating system race Transilience pitches the product as a single platform that closes the gap between cloud detection and actual remediation. The pitch is not rip-and-replace; the company integrates with existing CSPM, CNAPP, CWPP, and CTEM tooling rather than asking customers to migrate. The architecture is a layered agentic stack the company calls Data to Knowledge to Wisdom to Judgment — AI agents collect, correlate, and interpret cloud telemetry; humans approve the remediation steps and accept the risk of the action. The go-to-market is a closed-loop posture in days, not quarters, on top of the tooling customers already own. That is the right pitch for the moment. CSPM and CNAPP have spent five years generating findings; nobody has built the durable answer to closing them. Transilience's claim is that the gap closes from the remediation side. Which is also, broadly, what CrowdStrike says when it positions Falcon as an operating system. And what Wiz implies when it talks about its cloud platform. And what several agentic SOC vendors imply when they describe their roadmaps. The noun is being passed around like a passport. ## The noun is doing real work Why *operating system*? Why now? The framing is not arbitrary. It is doing real work for the vendor that picks it up. Calling something an operating system signals three things to enterprise buyers. The product is foundational, not additive — customers should consolidate workflow inside the platform rather than treating it as another tool in a sprawl. The vendor is committing for the long term — an operating system implies customers will build on top of it for years, not swap it out next renewal cycle. And the comparable set is different — operating system businesses get higher multiples than point-product businesses, both in private valuations and in M&A. For a category that has been defined by tool sprawl, alert fatigue, and procurement exhaustion, *operating system* is not a marketing word. It is a structural promise. The vendor making the promise is asking the buyer to think about the next ten years, not the next renewal. Whether any specific product behaves like an operating system is a separate question. The framing has become the default narrative for selling autonomous cloud security to enterprise risk teams that are otherwise nervous about handing remediation authority to AI. We've heard it before. We're going to hear it more. ## The remediation layer is a new procurement category, not a CNAPP refresh The cloud security category has spent the past five years compounding three problems on top of each other. Cloud Security Posture Management (CSPM) generates findings. Cloud-Native Application Protection Platforms (CNAPP) consolidate findings. Cloud Workload Protection Platforms (CWPP) add runtime context. Continuous Threat Exposure Management (CTEM) prioritizes findings. None of those layers actually closes findings. They route them to humans, who close them slowly and incompletely. That is the gap Transilience and a handful of competitors are positioned at — one layer above the existing stack — taking the findings the existing platforms generate, deciding what to do, and executing the fix in coordination with a human approver. That is what makes this an agentic remediation product, not a CNAPP refresh. The agentic remediation layer is a new procurement category. It did not exist as a budget line in 2024. By 2027, expect it to be a recognized category with three to five well-funded leaders. The platform that owns the layer above CNAPP at the point that category solidifies is going to be priced very differently from the platforms that own the layers underneath. ## Who Transilience overlaps with On the detection side, Transilience overlaps with [Wiz](/market-map), Orca, [Palo Alto Networks Prisma Cloud](/stocks/panw), and CrowdStrike Falcon Cloud Security. On the agentic SOC side, it competes with Dropzone AI, Prophet Security, and Torq's hyperautomation. Its remediation orientation pressures legacy SOAR products from Splunk and Tines, plus CTEM specialists like XM Cyber. None of these vendors are direct one-to-one substitutes. This is what early-category dynamics look like. Multiple incumbents from adjacent categories will all claim the new framing — operating system, agentic remediation, autonomous cloud security — and the procurement question for buyers will be whether to lift category framing from the vendor with the strongest narrative or the vendor with the strongest evidence. Most early procurement decisions will be made on framing. Most renewals two years later will be made on evidence. ## Buyers should evaluate the operating model, not the framing The practical implication for security architects is that 2026 is a year to evaluate platforms on a different question. The old question was which CNAPP or CSPM vendor has the best detection coverage. The new question is which platform actually closes findings, and what the operating model for the AI making those decisions looks like. Three things worth pressing on hard when evaluating Transilience or any of its peers. The first is what the human-in-the-loop actually looks like. The promised division of labor — *AI owns data, humans own judgment* — is meaningful only if the platform makes the judgment surface easy to use at scale. Demo flows do not count as evidence; ask to see the workflow under real customer load. The second is integration depth with the tools already in production. Rip-and-replace is rare in cloud security. Vendors that integrate cleanly with Wiz, Prisma Cloud, and Falcon will land faster than vendors that require migration. Ask which findings the platform reads, which it writes back to, and which it acts on autonomously. The third is the audit trail when an AI agent takes a remediation action. Compliance reviewers and risk teams will ask. If the platform cannot produce a clean audit trail per action — which agent decided, on what evidence, with which approval, and what was changed — it is not enterprise-ready. Treat this as a gating evaluation criterion, not a checkbox. ## Framing is now table stakes for cloud security founders For founders building in the agentic cloud security category, three implications follow from this launch. Framing is now table stakes. If you do not have a clear story about where your product sits in the agentic stack, customers will lump you in with the previous generation of cloud security tooling and value you accordingly. Pick a framing that signals where the category is going, not where it came from. *Operating system* is one option. The category will tolerate a few framings. It will not tolerate the absence of one. Integration breadth matters more than feature breadth. The customers buying agentic cloud security platforms in 2026 already have CNAPP, CSPM, and SIEM in production. Your product needs to read those tools' findings and act on them, not replace them. Investment in integration depth will outperform investment in another detection feature. Compliance posture is product, not paperwork. The gating question on agentic remediation in regulated industries is whether the AI's decision and action can be audited cleanly. Companies that treat this as a compliance afterthought will lose enterprise deals to companies that treat it as a core product surface. ## The boundaries between CNAPP, SOAR, and CTEM are dissolving One thing to watch over the next twelve to eighteen months. As agentic cloud security platforms expand into incident response and remediation, they are crossing into agentic SOC territory. The boundary between cloud security operations and broader security operations is dissolving — not slowly, but visibly. Expect category lines between CNAPP, SOAR, and CTEM to be redrawn entirely around the agentic platforms that swallow each. Transilience's product, and a handful of competitors launching in the same window, is one early version of that consolidated future. The early platforms will not all survive. Two or three will, and they will be priced like operating systems — not because they chose the framing, but because they earned it. ## The signals that decide which framings earn their keep Three signals over the next two quarters will tell us which operating system claims become operating systems and which fade back to product naming. The first is named enterprise reference accounts. The first agentic cloud security platforms to publish multiple named enterprise reference customers with measurable remediation outcomes — alerts closed, dwell time reduced, compliance burden offloaded — will set the pace for the rest of the category. Vendors that lean on case studies of unnamed Fortune 500 customers are not yet shipping at scale. The second is CISO budget realignment. When CISOs start cutting CSPM or SOAR budgets to fund agentic remediation platforms, the category has crossed from emerging to established. Watch for that line item to appear in 2026 H2 budget cycles. If it does not, the operating system framing is not yet earning its keep. The third is M&A pricing. [Public security platforms](/#stock-lists) are likely to acquire one or more agentic cloud security companies in the next twelve months. The first deal will set comparable pricing and tell us whether platforms are paying for the capability or for the framing. The Astrix and Portkey deals priced primitives in the AI-agent stack at $400M and a reported $700M respectively. The first agentic cloud security M&A will price the same question for the cloud stack. Operating systems get built, not branded. The companies that prove the framing — by behavior, not by name — will own the next decade of cloud security. Everyone else will be running it. ## Frequently asked questions ### What is an AI security operating system? It is a vendor framing for an agentic security platform that owns end-to-end workflow rather than acting as a single point tool. The framing implies foundational positioning, long-term commitment, and an expectation that customers consolidate workflow inside the platform. Whether any specific product behaves like an operating system in practice is a separate evaluation question — and the right one for buyers to be asking. ### How is Transilience AI different from CNAPP and CSPM platforms? CNAPP and CSPM products generate and prioritize findings. They route those findings to human teams who close them slowly and partially. Transilience and similar agentic platforms sit one layer above — they take the findings existing platforms generate, decide what to do, and execute the fix in coordination with a human approver. That puts them in a new category, agentic remediation, rather than a refresh of CNAPP. The category did not exist as a budget line in 2024; it will be a recognized procurement category by 2027. ### What should a cloud security buyer evaluate when looking at agentic remediation platforms? Three things matter most. First, the human-in-the-loop experience: how usable is the judgment surface at scale, not just in a demo. Second, integration depth with existing CNAPP, CSPM, and SIEM stacks — rip-and-replace is rare in cloud security, and vendors that read findings from tools customers already own land faster. Third, the audit trail: can compliance reviewers reconstruct which agent decided, on what evidence, and with which approval, for any given action. Treat the audit trail as a gating evaluation criterion, not a checkbox. ### How does the agentic cloud security category overlap with agentic SOC? Significantly, and the overlap is widening. As agentic cloud security platforms expand into incident response and remediation, they are encroaching on agentic SOC territory. Expect category lines between CNAPP, SOAR, and CTEM to be redrawn within twelve to eighteen months around whichever agentic platforms swallow the workflow most cleanly. The early platforms will not all survive. Two or three will. ## Sources - [Help Net Security: Transilience launches Full Stack Security OS](https://www.helpnetsecurity.com/2026/05/08/transilience-ai-full-stack-os/) — Help Net Security - [Transilience AI launch press release (Business Wire via Morningstar)](https://www.morningstar.com/news/business-wire/20260505756809/transilience-ai-launches-full-stack-security-operating-system-to-eliminate-detection-to-remediation-gap-in-cloud-security) — Business Wire - [Transilience AI vendor site](https://www.transilience.ai/) — Transilience AI --- # Itron's Breach Is the OT Vendor Test the Industry Avoided Source: https://cyber-biz.com/blog/itron-breach-ot-vendor-blind-spot-2026 Published: 2026-05-09 Author: Tal Eliyahu Category: Data Breaches Tags: Industrial Control Systems, Third-Party Risk Management, Governance, Risk, and Compliance, Incident Detection and Response > Itron disclosed a 13-day intrusion in an SEC 8-K. The breach happened to the OT vendor, not the utility. The industry has been pitching the wrong direction. ## Key facts - Itron disclosed a cybersecurity incident in an SEC 8-K on April 26, 2026, amended May 1 - Unauthorized third-party access to internal Itron systems beginning on or before April 13. Roughly 13-day dwell time before discovery - May 1 amendment: limited unauthorized access also reached certain customer-hosted systems. No ransomware group has claimed credit - Itron is publicly traded (NASDAQ: ITRI), $2.4B revenue. Smart meters and grid-edge devices at ~7,700 utilities and 112M endpoints in 100+ countries - 8-K explicitly states insurance is expected to cover a significant portion of direct costs and that the company currently believes the incident is not material - Stock reaction: a quiet ~10% drawdown. Not a panic. Not a non-event. - Inversion: the OT security category has been sold downstream, to the utility. Itron's breach happened upstream — at the vendor The cybersecurity industry has spent five years selling OT security downstream. Itron's breach is what happens when the threat moves upstream. On April 26, 2026, [Itron disclosed a cybersecurity incident in an SEC 8-K filing](https://www.stocktitan.net/sec-filings/ITRI/8-k-itron-inc-reports-material-event-20d89505c652.html). The disclosure was specific. An unauthorized third party had access to internal Itron systems beginning on or before April 13. Discovery took roughly 13 days. [A May 1 amendment](https://www.stocktitan.net/sec-filings/ITRI/8-k-a-itron-inc-amends-material-event-report-f63fa017ccfb.html) confirmed the access reached certain customer-hosted systems. No ransomware group has claimed credit. Itron expects insurance to cover a significant portion of direct costs and stated it currently believes the incident is not material. Itron is not a small vendor. The company is publicly traded on NASDAQ under ITRI with $2.4 billion in annual revenue. Its smart meters and grid-edge devices are deployed at roughly 7,700 utilities and 112 million endpoints across more than 100 countries — the technology that mediates how electricity, gas, and water flow to a meaningful share of the developed world. Many people will read the 8-K as routine vendor risk: a public company gets compromised, files the form, insurance covers the loss, the market moves on. That read misses what the filing exposes. The OT security category has been sold for half a decade as protection for the utility. Itron's breach happened to the vendor that sits upstream of the utility — and that asymmetry is what makes this filing the most interesting OT security disclosure of the year. ## OT security was sold downstream. The threat moved upstream. The OT security category was built around a thesis. Industrial control systems are old, legacy networks are flat, ransomware groups had figured out that hospitals and pipelines pay. The pitch — from [Claroty](/market-map), Dragos, Nozomi Networks, Armis, and a dozen smaller vendors — was that utilities, manufacturers, oil and gas operators, and water authorities needed continuous visibility into their OT networks. Five years of category development followed. NERC CIP got teeth. The TSA published pipeline cybersecurity directives. Boards started asking about industrial cyber. The category grew. All of that work was pointed at one direction: protecting the operator. The utility's network. The manufacturer's plant floor. The pipeline's SCADA system. The vendors selling into this category framed OT security as a defense-in-depth problem at the customer site. Their dashboards showed the customer's environment. Their threat intelligence covered the customer's adversaries. Their incident response was for the customer's downtime. Itron is what was upstream of all of that. The smart meter on a customer's wall is read, configured, and sometimes patched through systems Itron operates. The grid-edge device sending consumption data is part of an architecture Itron designed. The headend software at the utility ingesting that data was, in many deployments, bought from Itron. When attackers got into Itron's internal network for thirteen days, they were inside the supply line that everyone downstream had been told was the part they needed to defend against. That is the inversion the 8-K exposes. The OT category sold protection for the utility. The breach happened above the utility, in a place the category was not architected to see. ## The 8-K is the test case the regulatory regime has been waiting for The 2023 SEC cybersecurity disclosure rule made one thing clear: public companies have to file an 8-K when a cybersecurity incident is material. What *material* means in practice is being negotiated incident by incident, in real time, in front of the market. Itron's 8-K is now part of that negotiation. Two pieces of the filing are doing real work. The first is the explicit statement that the company expects insurance to cover a significant portion of direct costs. That language is not boilerplate. It is the cyber-insurance market underwriting Itron's view of the incident — the carrier has, at minimum, signaled it intends to pay. That signal is a structural input to how Itron's customers and competitors will read the breach. The second is the *not material* framing. The 8-K explicitly states that Itron currently believes the incident is not material. Whether that holds up depends on what the customer-hosted systems disclosure ends up meaning — and on whether the 13-day dwell time produces follow-on disclosures in the next 10-Q. The market reaction so far has been a quiet ~10% drawdown. Not a panic. Not a non-event. NERC CIP supply-chain controls have always treated vendor-side breaches as the regulatory blind spot. The standards focus on the asset owner — the utility — and what the utility is required to verify about its vendors. Itron's filing now sits in front of regulators with a question that has been theoretical for five years: when the vendor itself is breached, what is the asset owner actually required to do about it? Expect that question to move from theoretical to operational across the next NERC audit cycle. ## What changes for utilities buying OT security For utilities and the procurement teams that select OT security tooling, the breach has two practical implications. The first is contractual. Vendor-side incident-response language in OT contracts has historically been thin — typically a notice obligation and a generic indemnity. After Itron, expect that language to extend toward operational requirements: explicit dwell-time disclosures, mandatory third-party forensic access, and notification timelines that do not wait for the vendor's lawyers to read the 8-K rule. The utilities most exposed to upstream vendor risk will lead. The rest will catch up at renewal. The second is architectural. OT security tools that monitor only the asset owner's environment leave the upstream blind spot in place. The vendors most likely to benefit from Itron's breach are the ones that already monitor for anomalous behavior on the vendor-managed side of the perimeter — the smart meter that suddenly talks to a new endpoint, the headend system that gets a configuration push from a non-standard source. Continuous monitoring of the OT vendor's footprint inside the utility is a different product than continuous monitoring of the utility's plant floor. Procurement teams that conflated the two will need to separate them. This is a tailwind for standalone OT pure-plays — the vendors that build for the utility but architect their telemetry to capture vendor-side anomalies as a first-class signal. ## What changes for OT-security vendors The vendor-category implications cut in two directions at once. For the standalone OT pure-plays — Claroty, Dragos, Nozomi Networks, Armis — Itron's breach is the cleanest sales narrative they have had in years. Five years of pitching against the upstream blind spot just got a public-company test case with an SEC disclosure attached. Expect the next earnings cycle from these vendors to feature Itron-shaped customer conversations. For the platform vendors with OT modules — [Palo Alto Networks Prisma](/stocks/panw), CrowdStrike Falcon, Microsoft Defender for IoT — the read is more complicated. The platform pitch has been that buyers should consolidate IT and OT visibility inside a single security operations center. Itron's breach makes the case that the IT/OT seam is exactly where the upstream blind spot lives, which can either accelerate the consolidation argument or fragment it depending on how utilities respond to the incident. The M&A read is the more interesting one. The standalone OT vendors have been long-rumored acquisition targets. A breach that visibly stresses the boundary between IT and OT security is precisely the kind of catalyst that converts platform M&A appetite into actual deals. The next twelve months are now more likely than not to see one or two of the standalone OT pure-plays acquired by a [public security platform](/#stock-lists). The pricing of that deal will reveal whether the platforms are paying for the product or for the catalyst. ## The insurance language is the most interesting part of the filing Most readers of an 8-K skim the insurance language. They should not skim Itron's. The cyber-insurance market has spent four years repricing risk around ransomware, supply-chain compromise, and now AI-driven attack tooling. Premiums have hardened. Sub-limits on extortion payments have tightened. Carrier appetite for OT-vendor risk specifically has been one of the most contested underwriting questions of the past two cycles. Itron's explicit insurance-recovery language is therefore a forward signal. The carrier is, at minimum, willing to fund a public-company incident at a critical-infrastructure vendor without forcing a coverage dispute into the disclosure. That signal will travel. Expect cyber-insurance underwriting questionnaires for OT vendors to look meaningfully different in the next renewal cycle, with new questions about dwell-time controls, vendor-managed system monitoring, and customer-hosted environment access. The carriers that priced this incident's recovery are the carriers setting the terms for the rest of the category. ## What to watch next Three signals over the next two quarters will tell us whether Itron's breach becomes a category-shaping event or a contained incident. The first is the materiality determination. Itron's *not material* framing held up at filing. Whether the 10-Q amends that view depends on what the customer-hosted systems disclosure resolves into — and on whether any utility customer files its own 8-K referencing Itron downstream impact. A single utility filing changes the materiality calculus across the supply chain. The second is the regulatory response. NERC, the TSA, and the SEC each have a different lever to pull. Watch for guidance, advisories, or proposed rule changes that explicitly address vendor-side incidents. The first regulator to publish vendor-breach-specific language sets the template for the next decade of supply-chain controls. The third is the M&A read on the standalone OT pure-plays. If a public security platform announces acquisition of Claroty, Dragos, or Nozomi in the next six months, the consolidation thesis wins. If the pure-plays raise instead — at premium valuations citing Itron-shaped customer pipelines — the standalone thesis wins. Either outcome is informative. The blind spot has been visible to the OT security category for five years. Every vendor pitch deck mentioned vendor-side risk somewhere on slide six. Itron is the moment the slide stopped being theoretical. ## Frequently asked questions ### What is the structural significance of the Itron breach? Itron is the OT vendor that sits upstream of the utility customer. For five years, the OT security category has been sold to utilities as protection for their networks — Claroty, Dragos, Nozomi Networks, and Armis built their pitch around the asset owner's environment. Itron's breach happened above the asset owner. That inversion exposes the upstream blind spot the category was not architected to see, and it forces a different question into procurement: what monitoring covers the vendor-managed side of the OT perimeter? ### Why does the SEC 8-K language matter beyond the disclosure itself? Two phrases in the 8-K are doing real work. The first is the explicit statement that insurance is expected to cover a significant portion of direct costs — the cyber-insurance market underwriting Itron's view of the incident. The second is the *currently believes not material* framing, which depends on whether the customer-hosted systems disclosure resolves into a downstream utility filing. Both phrases are forward signals: insurance for how OT-vendor risk gets priced in the next renewal cycle, materiality for how SEC disclosure rules apply to the rest of the supply chain. ### What does Itron's breach mean for OT-security vendors like Claroty, Dragos, and Nozomi Networks? It is the cleanest sales narrative the standalone OT pure-plays have had in years. The category has been pitching against the upstream blind spot for half a decade, and Itron's breach now provides a public-company test case to anchor that pitch in. Expect the next earnings cycle to feature Itron-shaped customer conversations. The more interesting downstream effect is M&A: a breach that visibly stresses the IT/OT boundary is exactly the kind of catalyst that converts platform-vendor acquisition appetite into actual deals. ### What should utilities reading the Itron disclosure do next? Two practical moves. First, revisit OT-vendor contracts: dwell-time disclosure obligations, third-party forensic access, and notification timelines that do not wait for vendor lawyers should be in scope at the next renewal. Second, audit which OT-security tooling actually covers the vendor-managed side of the perimeter versus only the asset-owner's plant floor. Tools that monitor only what is downstream of the vendor leave the upstream blind spot in place. Continuous monitoring of vendor-managed devices and configuration changes is a different product than continuous monitoring of the utility's network. ## Sources - [Itron 8-K original disclosure (April 24-26, 2026)](https://www.stocktitan.net/sec-filings/ITRI/8-k-itron-inc-reports-material-event-20d89505c652.html) — StockTitan / SEC EDGAR - [Itron 8-K/A amendment (May 1, customer-hosted systems language)](https://www.stocktitan.net/sec-filings/ITRI/8-k-a-itron-inc-amends-material-event-report-f63fa017ccfb.html) — StockTitan / SEC EDGAR - [Critical infrastructure giant Itron says it was hacked](https://techcrunch.com/2026/04/27/critical-infrastructure-giant-itron-says-it-was-hacked/) — TechCrunch - [American utility firm Itron discloses breach of internal IT network](https://www.bleepingcomputer.com/news/security/american-utility-firm-itron-discloses-breach-of-internal-it-network/) — BleepingComputer - [Major critical infrastructure supplier reports cyberattack](https://www.cybersecuritydive.com/news/critical-infrastructure-cyberattack-itron-smart-meters/818547/) — Cybersecurity Dive --- # The Federal Cyber Backstop Just Quietly Privatized Source: https://cyber-biz.com/blog/cisa-april-collapse-cyber-backstop-privatizes-2026 Published: 2026-05-09 Author: Tal Eliyahu Category: Industry News Tags: Threat Intelligence, Governance, Risk, and Compliance, Incident Detection and Response, Industrial Control Systems > In a two-week window in April 2026, CISA's nominee withdrew, the FY27 budget cut $707M, and partnerships hit a standstill. The backstop is gone. ## Key facts - April 6, 2026: White House FY27 budget proposes cutting $707M from CISA and $993M from NIST - April 22: CISA director nominee Sean Plankey withdraws after thirteen months in Senate limbo - April 29: Federal News Network reports CISA's stakeholder engagement division has lost more than half its staff. Most partnership work *at a standstill* - May 5: Acting CISA director tells critical-infrastructure operators to plan to disconnect from third-party networks and operate manually if attacked - Two-year backdrop: CIPAC eliminated, JCDC on rolling contractor extensions, MS-ISAC moved to paid membership, sector ISACs tightening paid tiers - Read together, the four events privatize what was effectively a public good. Coordination is now a paid product - Public security platform tailwind: CrowdStrike, Palo Alto, Microsoft, Cloudflare, SentinelOne all sell into a market where federal coordination can no longer be assumed For a decade, the federal government has been cybersecurity's quiet backstop. In a two-week window in April 2026, that backstop privatized. CISA's nominated director [withdrew on April 22 after thirteen months in Senate limbo](https://cyberscoop.com/cisa-director-pick-sean-plankey-withdraws-his-nomination/). The administration's [FY27 budget proposed cutting another $707 million from CISA and $993 million from NIST](https://www.govexec.com/technology/2026/04/cuts-hit-cisa-nist-and-irs-trumps-fy27-budget/412636/). [Federal News Network reported on April 29](https://federalnewsnetwork.com/cybersecurity/2026/04/cisa-cyber-partnerships-face-standstill-amid-cuts/) that CISA's stakeholder engagement division had lost more than half its staff, with sources describing most partnership work as *at a standstill*. On May 5, the acting director [told critical-infrastructure operators to plan to disconnect from third-party networks and operate manually if they come under attack](https://federalnewsnetwork.com/cybersecurity/2026/05/cisa-tells-critical-organizations-to-prepare-for-cyber-outages/). Many people will read these as separate news items. They are not. They are the compression of a structural shift the cybersecurity industry has been pretending wasn't happening for two years. ## Three events, one structural change The timeline matters because the timeline is the story. The FY27 budget proposal landed first, on April 6, with a $707 million cut to CISA on top of cuts already absorbed in the FY26 cycle. NIST took a $993 million reduction in the same proposal — the agency that publishes the cybersecurity framework most U.S. enterprise security programs are built on. The budget signal alone would have been digestible. It was the next two weeks that turned a budget into a structural change. On April 22, Sean Plankey, the nominated CISA director, withdrew. Thirteen months in Senate limbo without a confirmation vote is itself a signal — the political appetite to staff CISA at the top has thinned. A week later, on April 29, Federal News Network's reporting on staff attrition inside the stakeholder engagement division landed. The number — more than half — is striking, but the framing is sharper: most partnership work is at a standstill. That is not a budget anecdote. That is a description of the layer of CISA that the rest of the cybersecurity industry actually interacted with. May 5 closed the loop, and not in the direction of stabilization. ## What the federal backstop actually was Most people in cybersecurity have never had to think hard about what CISA, the JCDC, MS-ISAC, and the various sector ISACs actually do. That is part of the point. The federal layer worked invisibly. It published indicators of compromise. It convened operator meetings nobody had to budget for. It provided a coordinating function during incidents — the call you made when ransomware was spreading through a hospital chain or when a state-sponsored campaign hit your supply chain. Critical Infrastructure Partnership Advisory Council coordinated public-private response. Joint Cyber Defense Collaborative let private security vendors share signal with government and with each other. MS-ISAC supported state and local governments. Sector ISACs in financial services, healthcare, water, oil and gas, and electric power did the same in their lanes. None of it was free in the strict sense — taxpayers paid — but it was free at the point of use for the cybersecurity industry. That made it invisible to most procurement teams and almost all category strategy. CIPAC was eliminated. JCDC has been running on rolling two-week contractor extensions. MS-ISAC moved to paid membership in late 2025 after federal funding ended. The sector ISACs have been quietly tightening their paid tiers. April compressed the trajectory of the entire federal coordination layer into a single news cycle. ## May 5 was the giveaway Of the four April-May events, the May 5 guidance is the most important. The acting director of CISA told critical-infrastructure operators to assume they will need to disconnect from third-party networks and operate manually if they come under attack. That is not a recommendation. That is an official concession. The agency that spent the past decade telling operators *do not run a critical-infrastructure response alone* is now telling them to plan for exactly that. Read in isolation, this looks like prudent contingency guidance. Read alongside the budget and the staffing collapse, it reads as policy. When the agency itself signals isolation as the planning baseline, the coordination layer it provided is, by its own admission, no longer reliable. The industry's response will not be to lobby for restoration. It will be to buy the substitute. ## Coordination is no longer a public good. It is a paid product. The cybersecurity industry has built large categories around problems CISA used to share the load on. Commercial threat intelligence vendors like Recorded Future, Mandiant (now part of Google Threat Intelligence), [CrowdStrike Falcon Intelligence](/stocks/crwd), Microsoft Threat Intelligence, and Flashpoint sell what is, in part, indicators-of-compromise distribution and adversary tracking that overlapped with CISA's free advisories. Incident response retainers from Mandiant, Unit 42, CrowdStrike Services, Kroll, and Arete sell the surge capacity that used to come, in part, from JCDC mobilization. Sector ISACs that historically operated as free or low-cost member services — FS-ISAC for financial services, H-ISAC for healthcare, E-ISAC for electric, WaterISAC for water — are increasingly running paid membership tiers as their federal funding has thinned. The shift is not a doubling. It is a re-pricing. What used to be priced as a marginal addition to the federal backstop now has to be priced as the backstop itself. That changes the mental model on the buyer side. It changes the TAM on the vendor side. ## Public security platforms gain TAM For [public cybersecurity companies](/#stock-lists), the privatization of the coordination layer is a tailwind that will not show up cleanly in any single quarter's earnings. It will compound across renewals. [CrowdStrike](/stocks/crwd) sells Falcon Intelligence and Services into a market where customers now have to assume the federal coordination layer is unreliable. [Palo Alto Networks](/stocks/panw) sells Unit 42 into the same market. Microsoft sells Threat Intelligence and Defender Experts into it. Cloudflare sells one-stop network protection in part as a hedge against coordinated attacks customers can no longer count on the government to convene a response for. SentinelOne sells Vigilance MDR into mid-market customers who never had a real federal coordination relationship to begin with and now need a commercial substitute. The earnings effect of this is gradual and hard to attribute to any single event. The M&A logic is sharper. Platform consolidators (Cisco post-Splunk, Palo Alto's serial acquisition pattern, the AI-agent platform M&A wave we've covered separately) accelerate because enterprises want fewer vendors to coordinate when no one in Washington is doing the coordinating for them. ## What changes for cybersecurity buyers For procurement teams and CISOs, the privatization of the federal backstop has three practical implications. The first is line-item budget. Threat intelligence subscriptions, IR retainers, and sector ISAC paid memberships all need to move from optional to baseline. CISOs who built their 2026 budgets assuming a CISA layer of coordination need to rebuild those assumptions for the 2027 cycle. Expect security budgets to grow at the high end of historical ranges in regulated sectors specifically because the federal externality is being internalized. The second is concentration risk. If you depend on commercial threat intelligence, you need to know which two or three vendors you actually depend on, what their indicator coverage looks like for adversaries you actually face, and what happens to your incident response if that vendor itself has a bad week. The federal backstop, for all its flaws, was a redundancy layer. Its absence means the commercial layer is your only layer. The third is sector-specific. If you are in critical infrastructure, you should be reading [the OT vendor risk question](/blog/itron-breach-ot-vendor-blind-spot-2026) alongside this one. NERC CIP and TSA pipeline directives still exist. Their enforcement assumes a coordinating CISA. That assumption is now load-bearing on a coordination layer that has visibly hollowed out. ## What changes for cybersecurity founders For founders building or raising in 2026, three implications follow from April. Paid replacements for federal-tier capabilities are the next defensible category bet. A *commercial CISA-lite* for sector-specific coordination, paid threat-intel-as-a-service for the mid-market that never had real federal access to begin with, and managed national-defense-grade services for the Fortune 500 are all underexplored. The competitive moat is a combination of analyst headcount, data partnerships, and customer trust — not novel software. Sector ISAC-as-a-service is real now. The shift from free or low-cost membership to paid-tier models at MS-ISAC and the sector ISACs has created an opening for SaaS-native challengers. Founders who can productize sector intelligence at a price point below what the public ISACs charge but with cleaner integrations will find demand. OT and ICS specialists have a faster TAM expansion than IT-focused vendors. The federal backstop in OT was thinner to begin with — but the CISA OT advisory function specifically had been propping up smaller utilities and water authorities. Its absence widens the addressable market for [Dragos, Claroty, Nozomi](/market-map), and Armis materially. Expect the next twelve months to surface at least one major raise or acquisition in this group anchored on this thesis. ## What to watch next Three signals over the next two quarters will tell us how durable the privatization is. The first is the FY27 budget actually passing or being amended. Congress may restore some of the proposed cuts. The shape of the final appropriation, more than the proposal, sets the structural baseline. Watch the appropriations committee markup language — it will say more about the durable trajectory than the budget release did. The second is the next CISA director, if one is named. A confirmed director with operational authority changes the calculus. A continued vacuum at the top accelerates it. The longer the agency runs under acting leadership, the harder the privatization is to reverse. The third is M&A pricing on the threat-intel and sector-ISAC categories. If a public security platform announces an acquisition of Recorded Future, Flashpoint, or a similar pure-play in the next twelve months, the privatization thesis wins on the buy side. If sector ISACs raise outside capital at premium valuations, it wins on the equity side. Either outcome, or both, would be the M&A read confirming what the budget already implied. The federal cyber backstop existed for a decade because nobody in the industry had to think about who paid for the coordination layer. April was the month everyone in the industry has to start. ## Frequently asked questions ### What changed in April 2026 with CISA? Three events compressed into roughly two weeks: the FY27 budget proposed cutting $707 million from CISA and $993 million from NIST, the director nominee Sean Plankey withdrew after thirteen months of Senate inaction, and Federal News Network reported the agency's stakeholder engagement division had lost more than half its staff with most partnership work *at a standstill*. The May 5 guidance from the acting director — telling critical-infrastructure operators to plan for isolation — was the agency's own concession that the coordination layer can no longer be relied on. ### Why does the privatization of the federal cyber backstop matter for cybersecurity vendors? Because most cybersecurity categories grew up assuming a federal backstop existed. Threat intelligence vendors built around CISA advisories. Sector ISACs operated as low-cost member services on top of federal funding. Incident response retainers were marginal additions to the federal coordination layer. When that layer privatizes, the commercial substitutes go from *nice to have* to baseline. The TAM expansion is gradual on any single quarter's earnings but compounds across renewals — particularly for public security platforms with threat-intel and IR product lines. ### Which public cybersecurity stocks benefit from CISA's collapse? Most directly, the platforms with substantive threat-intelligence and IR product lines: CrowdStrike (Falcon Intelligence plus Services), Palo Alto Networks (Unit 42), Microsoft (Threat Intelligence plus Defender Experts), Cloudflare (network protection as a coordination hedge), and SentinelOne (Vigilance MDR for mid-market). The earnings effect is gradual. The M&A read is sharper: identity and platform consolidation accelerates because enterprises want fewer vendors to coordinate when no one in Washington is doing the coordinating for them. ### What should CISOs and procurement teams do differently in their 2027 budget cycles? Three things. First, move threat intelligence subscriptions, incident response retainers, and sector ISAC paid memberships from optional line items to baseline. Second, audit concentration risk in commercial threat intelligence — if a single vendor is your only adversary-tracking layer, that is a single point of failure that the federal backstop used to cover. Third, particularly in critical infrastructure, treat NERC CIP and TSA pipeline directive enforcement as load-bearing on a coordination layer that has visibly hollowed out — and budget the commercial substitutes accordingly. ## Sources - [CISA cyber partnerships face standstill amid cuts](https://federalnewsnetwork.com/cybersecurity/2026/04/cisa-cyber-partnerships-face-standstill-amid-cuts/) — Federal News Network - [Sean Plankey withdraws CISA director nomination](https://cyberscoop.com/cisa-director-pick-sean-plankey-withdraws-his-nomination/) — CyberScoop - [FY27 budget proposes cuts to CISA, NIST, IRS](https://www.govexec.com/technology/2026/04/cuts-hit-cisa-nist-and-irs-trumps-fy27-budget/412636/) — Government Executive - [CISA tells critical organizations to prepare for cyber outages](https://federalnewsnetwork.com/cybersecurity/2026/05/cisa-tells-critical-organizations-to-prepare-for-cyber-outages/) — Federal News Network - [Cyber experts: DHS funding cuts have stalled security](https://www.pymnts.com/cybersecurity/2026/cyber-experts-say-dhs-funding-cuts-have-stalled-security/) — PYMNTS --- # Cybersecurity M&A 2026: Platforms Are Drawing the Map Source: https://cyber-biz.com/blog/cybersecurity-ma-landscape-2026-platforms-draw-map Published: 2026-05-09 Author: Tal Eliyahu Category: M&A Tags: Identity and Access Management, AI Security, Governance and Assurance, Data Security and Protection, Industrial Control Systems > In four months, cybersecurity platforms closed the two largest deals in industry history and a wave of strategic tuck-ins. The map is being redrawn. ## Key facts - Q1 2026 produced 108 cybersecurity M&A transactions, the second-highest quarterly count in 65 tracked quarters - Two megadeals closed in the same quarter: Google/Wiz at $32B (largest cybersecurity exit on record) and Palo Alto/CyberArk at $25B - Six-layer agentic stack now being filled by acquisition: identity, AI gateway, agentic endpoint, agentic browser, agent-ready data, agentic SOC - Identity is the dominant sub-category. CyberArk, SGNL ($740M), Astrix (~$400M), Fabrix, StrongDM all stake the runtime, continuous, agent-aware authorization layer - ServiceNow's $7.75B Armis acquisition is the largest cyber-physical exit ever, validating OT/IoT as a platform-fill category - Public strategics' deal count up 33% YoY; PE-backed transactions down 24%. Corporate platform-fill has displaced PE buy-and-build (Capstone Partners, Q1 2026) - Multiples re-anchored at 6-8x ARR (8-10x for most strategic targets); Capstone reports 4.3x EV/Revenue average. Average ticket up to $461M from $171M YoY The two largest cybersecurity M&A deals in industry history closed in the same calendar quarter. They will not be the most consequential ones. Google's $32 billion acquisition of Wiz [closed on March 11, 2026](https://blog.google/innovation-and-ai/infrastructure-and-cloud/google-cloud/wiz-acquisition/), making it the largest cybersecurity exit on record. Eleven days earlier, Palo Alto Networks' $25 billion acquisition of CyberArk had [completed regulatory clearance](https://www.paloaltonetworks.com/company/press/2026/palo-alto-networks-completes-acquisition-of-cyberark-to-secure-the-ai-era), the largest deal in PANW's history. Together those two closures represent more dollar volume than every cybersecurity M&A deal in 2024 combined. The closures matter. The closings are not the story. The story is what the platforms have done in the four months since — and what those moves say about how the cybersecurity industry's map is being redrawn around AI agents. ## The two megadeals closed. The story is below them. Google/Wiz and Palo Alto/CyberArk are book-ends, not bookmarks. Wiz had defined CNAPP. CyberArk had defined PAM. Both were the most successful pure-plays in their categories. Both became platform features. Below those two closures, more than a dozen verified cybersecurity M&A deals at $100 million or more have been announced or closed in 2026 through May 9. SecurityWeek's monthly roundups count [roughly 147 cybersecurity M&A transactions through April](https://www.securityweek.com/cybersecurity-ma-roundup-33-deals-announced-in-april-2026/). [Q1 2026 produced 108 deals](https://tech-insider.org/cybersecurity-ma-consolidation-2026/), the second-highest quarterly count in 65 tracked quarters, with six at $100M+ — the densest concentration of large transactions since the 2021-2022 peak. This is not a slowdown. This is acceleration with a different shape. [Capstone Partners' Q1 update](https://www.capstonepartners.com/insights/article-cybersecurity-market-update/) frames the shape with a number: public strategics' deal count is up 33% year over year while PE-backed transactions are down 24%. The corporate platform-fill model has displaced the private-equity buy-and-build model that ran 2020-2024. The buyers writing checks in 2026 are PANW, Google, Cisco, CrowdStrike, ServiceNow, Microsoft, Zscaler, Rapid7, Varonis, Arctic Wolf, Check Point, Cyera. The sellers are agentic-stack startups two to four years into their commercial life, often with one to three rounds of strategic capital already on the cap table. The map is being redrawn. Wiz and CyberArk were former capitals that became districts. The interesting question is not who bought the capitals. It is who is annexing the next towns. ## The platforms are drawing the map The pattern across the 2026 deals is cartographic. Incumbent platforms — PANW, Google, Cisco, CrowdStrike, ServiceNow, Microsoft — are each redrawing the cybersecurity map around themselves, one tuck-in at a time. Every $100M+ deal is a town being annexed into a platform's territory. [Palo Alto Networks](/stocks/panw) has the cleanest example. Beyond CyberArk, PANW completed the [$400 million acquisition of Koi Security](https://www.paloaltonetworks.com/company/press/2026/palo-alto-networks-completes-acquisition-of-koi-to-secure-the-agentic-endpoint) for *agentic endpoint* — a category PANW itself named — and announced its acquisition of Portkey for AI Gateway. Combined with CyberArk for identity, PANW has filled three of the six agentic-stack layers in five months. We've covered [the Portkey deal in detail](/blog/palo-alto-portkey-ai-gateway-acquisition-2026). [CrowdStrike's](/stocks/crwd) pattern is faster and tighter. [SGNL ($740M, identity)](https://www.crowdstrike.com/en-us/press-releases/crowdstrike-to-acquire-sgnl-to-transform-identity-security-for-ai-era/) and Seraphic ($420M, browser) were announced six days apart in mid-January. George Kurtz framed them as a fused control plane: endpoint to browser to cloud, every AI agent a privileged identity, every privileged identity needing continuous authorization. Cisco bought [Astrix Security (~$400M, NHI)](https://blogs.cisco.com/news/cisco-announces-intent-to-acquire-astrix-security) on May 4 — analyzed [in this companion piece](/blog/cisco-astrix-non-human-identity-platform-layer) — and added Galileo in April for agentic monitoring inside Splunk. ServiceNow [closed its $7.75 billion acquisition of Armis](https://newsroom.servicenow.com/press-releases/details/2026/ServiceNow-completes-Armis-acquisition-closing-the-gap-between-asset-visibility-and-cyber-risk/default.aspx), the largest cyber-physical exit ever. [Cyera](/vendors/cyera) — itself an Israeli data-security platform now valued at $9 billion — bought Ryft to add the data-access primitive to its DSPM stack. Six platforms. Sixteen verified material deals in four months. Each platform is drawing its corner of the same map. ## Identity is the fourth pillar Across the 2026 deal log, one sub-category dominates. Identity. Nikesh Arora has been explicit about it. PANW's CyberArk close was framed as establishing identity as the *fourth pillar* of platformization, alongside network, cloud, and SecOps. The framing has spread. CrowdStrike's SGNL acquisition restructures identity from session-time authentication to runtime, continuous authorization across human, non-human, and AI-agent identities. Cisco's Astrix purchase puts non-human identity inventory and lifecycle management inside Cisco Identity Intelligence and Duo. Silverfort's [acquisition of Fabrix Security](https://www.silverfort.com/press-news/silverfort-acquires-fabrix-security/) in late April pairs runtime access protection with AI-native decisioning. Delinea's [merger with StrongDM](https://delinea.com/news/delinea-acquires-strongdm-to-secures-ai-with-continuous-authorization), backed by TPG, fuses traditional PAM with developer-first just-in-time runtime authorization. The structural argument unifying these deals is a thesis about how access fails. Standing privilege is dead. Session-time authentication is too coarse. AI agents act faster than humans can approve, and they act on behalf of humans whose authorizations were never designed to cover an autonomous proxy. The market is converging on **runtime, continuous, agent-aware authorization** as the new identity control plane. That convergence has the shape of a category formation. The early agentic-identity startups — Astrix, SGNL, Fabrix, the StrongDM-Delinea pair, plus prior-year acquisitions like Otterize (Cyera, 2025) — are the supply curve. The platforms are the demand. The category is being defined by acquisition rather than by independent category leadership, which is the inverse of how cloud security got defined in the prior cycle. For [public security companies](/#stock-lists), the read is straightforward. Identity is now a checklist item. Any platform without an agentic-identity acquisition in the next twelve months will be benchmarked against the platforms that have one. CrowdStrike and Palo Alto Networks have set the standard. The pressure on the rest of the public cohort is structural, not optional. ## Six layers, four months If identity is the fourth pillar, the agentic stack is what gets built on top of it. The 2026 deals fill out six layers of that stack with notable speed. **Identity**, covered above. The deepest concentration of capital. **AI Gateway**. Palo Alto's Portkey acquisition stakes the routing and policy layer. Every prompt, response, and tool invocation that an agent emits passes through the gateway. That is the chokepoint where inline enforcement lives. PANW is alone in this layer for now; Microsoft, Google, and Cloudflare have gateway-shaped capabilities embedded in their hyperscaler stacks but no acquired specialist. The gap is competitive whitespace through the rest of 2026. **Agentic Endpoint**. PANW's $400 million acquisition of Koi Security in February explicitly named *agentic endpoint security* as a new category. Koi targets AI agents and browser-resident AI tools that bypass traditional EDR. The category did not exist as a budget line in 2025. By 2027, expect three to four named entrants and a recognized procurement category. **Agentic Browser**. CrowdStrike/Seraphic and Zscaler/SquareX in the same six-week window. Both target the gap between unmanaged browsers and enterprise security. Both turn the browser into the place where agent traffic gets inspected. Island and Talon, the prior-cycle browser-security pure-plays, have to decide whether to consolidate further or hold for a higher offer. They will not get to wait long. **Agent-ready Data**. Cyera's [acquisition of Ryft](https://www.cyera.com/press-releases/cyera-acquires-ryft-to-extend-its-agentic-ai-security-platform) extends DSPM into the data-access primitive for AI agents. [Varonis' $150 million acquisition of AllTrue.ai](https://www.securityweek.com/varonis-acquisition-of-alltrue-ai-valued-at-150-million/) adds shadow-AI discovery and runtime guardrails. Both are early bets that the data-access layer is where the agentic stack monetizes most durably. **Agentic SOC**. Rapid7's acquisition of Kenzo Security and Cisco's purchase of Galileo apply agentic AI to security operations workflow. The framing is *machine-speed investigation* — collapsing the dwell time between alert and response. The category overlaps with traditional SOAR and is reshaping it. The next twelve months will produce one or two consolidation events here. Each layer was a generic capability in 2024. Each layer is a named, platform-owned product surface by mid-2026. Four months. ## ServiceNow / Armis is the cyber-physical break-out The single largest non-PANW, non-Google deal of the window has nothing to do with AI agents. ServiceNow's $7.75 billion acquisition of Armis brings OT, IoT, and medical-device asset visibility into the Now Platform. ServiceNow says the deal *more than triples* its security and risk TAM. The cyber-physical category — Claroty, Dragos, Nozomi, Armis — has its first true platform exit. The strategic logic is mechanical. Workflow platforms have been pushing toward security and risk for years. ServiceNow already had IT asset management at scale. What it lacked was the cyber-physical layer where the most regulated, most exposed, and most under-monitored assets live. Armis was the cleanest fit available. The demand-side analogue is the [Itron breach](/blog/itron-breach-ot-vendor-blind-spot-2026) we covered last week. Critical-infrastructure operators have an OT visibility crisis the OT-security category has been pitching against for five years. The Armis deal proves the buyer side is now writing $7B+ checks for it. Expect at least one more major cyber-physical deal in the back half of 2026 — Claroty and Dragos are the obvious candidates, and the comparable pricing has just been set. ## The numbers, anchored Aggregate market data anchors the qualitative pattern. [Capstone Partners' Q1 2026 cybersecurity update](https://www.capstonepartners.com/insights/article-cybersecurity-market-update/) reports 79 verified strategic transactions in YTD 2026 (down 9% year over year by count, but up sharply in average ticket size: $461 million versus $171 million in YTD 2025). EV/Revenue multiples sit at 4.3x — on par with the eight-year sector average of 4.6x, not the 2021-2022 froth. [ION/Mergermarket commentary](https://ionanalytics.com/insights/mergermarket/cybersecurity-ma-stalls-after-2025-surge-as-ai-resets-valuations-dealspeak-north-america/) clusters strategic deal discussions at 6-8x ARR, with 8-10x reserved for the most strategic targets. The story those numbers tell is selective expansion, not generic frenzy. Multiples have re-anchored from 2021-2022 levels. The Nasdaq CTA Cybersecurity Index is down 14% from its October 2025 peak. The bidders who are paying have decided which categories are worth the pricing — and which are not. Capstone's own framing, from Tom McConnell: *We are at an inflection point in cybersecurity as AI driven platforms are required to thwart today's sophisticated AI driven threats. This is leading to a broad-based makeover of the industry.* Twenty-seven percent of the M&A advisors Capstone surveyed expect 2026 multiples to rise above 2025. The bidders are not pulling back. They are concentrating. ## This is faster than the cloud-security cycle The closest historical analogue is the 2019-2022 cloud security consolidation. Symantec went to Broadcom in 2019. Carbon Black went to VMware. Bridgecrew went to PANW in 2020. Auth0 went to Okta for $6.5 billion in 2021. Mandiant went to Google for $5.4 billion in 2022. CSPM, CWPP, CIEM, and CASB collapsed into CNAPP — and CNAPP, in turn, eventually got won by Wiz, which Google then bought for $32 billion to close the cycle. That cycle took roughly four years. The agentic stack is consolidating in six to nine months. The compression matters. Two structural forces are driving it. First, AI agents are a new asset class that did not exist in the prior cycles, and the platforms are racing to control how those assets identify themselves, where they communicate, and what they can read and write. Second, the platforms have learned the cycle. Cloud security taught Cisco, PANW, Google, and Microsoft that the cost of being late is paying $25 billion or $32 billion to a category leader. None of them want to repeat the price. So the platforms are buying earlier, smaller, and faster. The $100M-$700M strategic tuck-ins of 2026 are explicitly designed to prevent the next Wiz from emerging in the agentic stack. We will see whether the strategy works. The interim implication for founders and investors is that the window to build an independent category leader in identity, gateway, endpoint, browser, data, or SOC is shorter than it was in the prior cycle. Probably much shorter. ## What to watch through end of 2026 Five signals between now and December will tell us how the rest of the agentic-stack consolidation plays out. The first is the deal flow at the close. PANW's Portkey closes Q4 FY26. CrowdStrike's SGNL plus Seraphic close Q1 FY27. Cisco's Astrix has not yet closed publicly. The closing pace, plus any regulatory friction in EU or US review, sets the baseline tempo for the next round of announcements. The second is the PE counter-wave. Capstone reports PE-backed deals down 24% year over year, but the firms are sitting on capital. Thoma Bravo's interest in Commvault is the canary. SailPoint is back in the public market. Sophos is consolidating Secureworks. Expect a meaningful PE counter-wave in H2 2026, particularly in middle-market segments where corporate buyers are not active. The third is the second wave of cyber-physical deals. ServiceNow/Armis is the trigger. Claroty, Dragos, and Nozomi are the obvious next candidates. The comparable pricing has been set; the buyers are circling. The fourth is browser security normalization. With CrowdStrike (Seraphic) and Zscaler (SquareX) both shipping in 2026, every other XDR or SASE vendor needs an answer. Island and Talon are the obvious targets. The fifth is the consolidation event in agentic SOC. Rapid7 has Kenzo. Cisco has Galileo. Check Point has Cyata. The category will not support five independent entrants. Pick a winner; the rest get bought. Cybersecurity M&A in 2026 is not a wave. It is a relocation. The map is being redrawn faster than any prior cycle, and the platforms drawing it have decided which categories are worth annexing. Wiz won CNAPP. CyberArk won PAM. They both got bought. The startups winning the next category have nine months — maybe twelve — to follow. Some will. Most will be acquired before they finish. A few will become the next platforms drawing the next map. The question for the rest of us is which corner of the 2026 cybersecurity map we plan to own when the ink dries. ## Frequently asked questions ### What are the most material cybersecurity M&A deals of 2026 so far? The two megadeals closed in Q1: Google's $32 billion acquisition of Wiz (the largest cybersecurity exit on record) and Palo Alto Networks' $25 billion close on CyberArk. Below those, the more telling pattern is the wave of $100M-$700M strategic tuck-ins filling the agentic stack: CrowdStrike's SGNL ($740M) and Seraphic ($420M), Palo Alto's Koi ($400M) and Portkey (reported ~$700M), Cisco's Astrix (~$400M), Cyera's Ryft ($100-130M), Varonis' AllTrue.ai ($150M), and ServiceNow's $7.75 billion acquisition of Armis for the cyber-physical layer. ### What is the agentic stack the 2026 deals are building? The agentic stack is the six-layer architecture cybersecurity platforms are racing to control before AI agents become standard enterprise software. The layers are identity (CyberArk, SGNL, Astrix, Fabrix), AI gateway (Portkey), agentic endpoint (Koi), agentic browser (Seraphic, SquareX), agent-ready data (Ryft, AllTrue.ai), and agentic SOC (Kenzo, Galileo). Palo Alto Networks alone has bought into four of the six layers in 2026. CrowdStrike covered identity and browser in two weeks. The compression speed is the story. ### How does 2026 compare to prior cybersecurity M&A cycles? The closest analogue is the 2019-2022 cloud security consolidation, which collapsed CSPM, CWPP, CIEM, and CASB into the CNAPP category that platforms (and Wiz) eventually owned. That cycle took roughly four years. The agentic stack is consolidating in six to nine months. Capstone Partners reports public strategics' deal count is up 33% year over year while PE-backed transactions are down 24% — corporate platform-fill has displaced the PE buy-and-build model that ran 2020-2024. ### What should cybersecurity founders take from the 2026 M&A pattern? The startup question has changed. It is no longer *what category am I building?* — it is *which platform's map do I want to be on?* Founders building in identity, gateway, endpoint, browser, data, or SOC layers are competing on a shorter clock than the cloud-security generation faced. Defensibility comes from technical depth, customer concentration in regulated sectors, and being early to a primitive that platforms haven't yet named. The categories platforms have already named — agentic endpoint, AI gateway, agent-ready data — are functionally closed for new entrants. Adjacent primitives platforms haven't named yet are where the next defensible bets sit. ## Sources - [Google completes acquisition of Wiz](https://blog.google/innovation-and-ai/infrastructure-and-cloud/google-cloud/wiz-acquisition/) — Google - [Palo Alto Networks completes acquisition of CyberArk](https://www.paloaltonetworks.com/company/press/2026/palo-alto-networks-completes-acquisition-of-cyberark-to-secure-the-ai-era) — Palo Alto Networks - [CrowdStrike to acquire SGNL](https://www.crowdstrike.com/en-us/press-releases/crowdstrike-to-acquire-sgnl-to-transform-identity-security-for-ai-era/) — CrowdStrike - [ServiceNow completes Armis acquisition](https://newsroom.servicenow.com/press-releases/details/2026/ServiceNow-completes-Armis-acquisition-closing-the-gap-between-asset-visibility-and-cyber-risk/default.aspx) — ServiceNow - [Capstone Partners Q1 2026 Cybersecurity Market Update](https://www.capstonepartners.com/insights/article-cybersecurity-market-update/) — Capstone Partners - [Cybersecurity M&A stalls after 2025 surge as AI resets valuations](https://ionanalytics.com/insights/mergermarket/cybersecurity-ma-stalls-after-2025-surge-as-ai-resets-valuations-dealspeak-north-america/) — ION Analytics / Mergermarket - [Q1 2026 cybersecurity M&A consolidation analysis](https://tech-insider.org/cybersecurity-ma-consolidation-2026/) — Tech Insider --- # Cloudsmith's $72M Round and the Autonomous-Publisher Bet Source: https://cyber-biz.com/blog/cloudsmith-72m-series-c-ai-supply-chain-2026 Published: 2026-05-09 Author: Tal Eliyahu Category: Funding News Tags: Application Security, Third-Party Risk Management, AI Security, Governance and Assurance, Governance, Risk, and Compliance > Cloudsmith raised $72M from TCV and Insight Partners. The bet: AI's bigger cybersecurity problem is autonomous publishers, not autonomous attackers. ## Key facts - Cloudsmith raised $72M Series C on April 23, 2026, led by TCV with Insight Partners participating - Belfast, UK; founded 2016; total raised now ~$124M - Universal artifact management — every software package, container image, and ML model an enterprise consumes or publishes - TCV is a generalist growth fund (Spotify, Netflix, Airbnb, Splunk pre-IPO) — not a cybersecurity specialist. The signature is the second story - Insight Partners also led GitGuardian's $50M Series C in February 2026 in the adjacent secrets / supply-chain layer - Thesis: AI-generated code makes every developer an autonomous publisher. The artifact registry becomes the new human-review choke point - Read with the M&A pillar: supply-chain security has not yet been platform-bought, but the platforms are finishing their agentic-stack moves before they pivot left into the developer pipeline The cybersecurity industry has spent eighteen months building autonomous defenders for autonomous attackers. Cloudsmith's $72 million Series C bets the bigger problem is autonomous publishers. The Belfast-based artifact management company [closed the round on April 23, 2026](https://www.securityweek.com/cloudsmith-raises-72-million-in-series-c-funding/), led by TCV with participation from Insight Partners. Cloudsmith now sits at roughly $124 million in total funding ten years after founding. The headline number is decent. The thesis is more interesting. For most of 2026, cybersecurity capital has flowed to agentic defense — XBOW for autonomous offensive testing, 7AI for agentic SOC, Artemis for AI-vs-AI defense, and the [Cisco/Astrix and PANW/Portkey M&A wave](/blog/cybersecurity-ma-landscape-2026-platforms-draw-map) for the agent-era control plane. Cloudsmith is funding the inverse: the choke point that has to exist when humans stop being the bottleneck on what gets shipped. ## What happened Cloudsmith operates what it calls a universal artifact management platform. Every software package an engineering team pulls in or publishes — from open-source dependencies to private container images to ML models — passes through Cloudsmith's registry. Policy is applied at the gate: vulnerability scans, license checks, access controls, integrity verification. The product replaces legacy package repositories like JFrog Artifactory and Sonatype Nexus at Fortune 500 and Global 2000 customers, [per Tech.eu coverage of the round](https://tech.eu/2026/04/23/cloudsmith-raises-72m-series-c-to-secure-the-ai-era-software-supply-chain/). The Series C is led by TCV — the growth investor whose portfolio includes Spotify, Netflix, Airbnb, and other infrastructure-of-the-internet bets. Insight Partners participated. Insight is the same firm that led GitGuardian's $50 million Series C in February 2026 in the adjacent secrets / supply-chain layer, [reported in the same SecurityWeek funding rollups](https://www.securityweek.com/cloudsmith-raises-72-million-in-series-c-funding/). TCV's signature is the second story this deal tells. We will return to it. What Cloudsmith [called out in its own announcement](https://finance.yahoo.com/sectors/technology/articles/cloudsmith-raises-72m-series-c-080000128.html) is what the round is funding: AI agents creating, modifying, and submitting software faster than human reviewers can keep up. The pitch to TCV was that the artifact registry is the only place left where that velocity gets forced to slow down. ## The autonomous-publisher problem For two years, the cybersecurity industry has framed the AI-coding wave as a defender's problem. Autonomous attackers will probe applications faster than humans can patch. Autonomous reconnaissance will discover vulnerabilities at scale. Autonomous social engineering will target enterprises in ways no SOC analyst can triage. The funded answer has been autonomous defenders — agentic SOC, AI-vs-AI defense, autonomous offensive security as continuous coverage. Cloudsmith's bet is that the bigger problem hides on the other side of the org chart. The same AI tools that let attackers move faster let engineers ship faster. Copilot, Cursor, Claude Code, and the next generation of coding agents are turning every developer into a software publisher operating at machine speed. A single engineer can now generate a dependency-heavy service, refactor a codebase across hundreds of files, and merge a hundred commits in an afternoon. The bottleneck used to be human review at the pull request. The bottleneck is moving — to wherever the artifact actually exits the engineer's workflow and becomes something a build system, a deployment pipeline, or a customer can pick up. That somewhere is the registry. The autonomous-publisher thesis says the choke point of governance has shifted from code review to artifact governance. Whether the human pull-request reviewer caught the problem matters less than whether the registry that holds the resulting package, container, and model enforces policy. If the registry layer is permissive, AI-coding velocity carries shadow dependencies, untracked secrets, unscanned containers, and unsigned models into production at the speed of a competent engineer typing. That is a different threat model than the one most of 2026's cybersecurity capital is funding. Cloudsmith is the cleanest expression of it so far. ## TCV's signature is the second story The cap-table angle on Cloudsmith's round deserves separate attention. TCV is not a cybersecurity specialist. It is a generalist growth fund best known for Spotify, Netflix, Airbnb, and Splunk's pre-IPO round — bets on infrastructure-of-the-internet companies that became the rails for entire categories. TCV leading a cybersecurity Series C in 2026, instead of a Cyberstarts, a Greylock, or a Sequoia, is unusual. It is also informative. The signal is that supply-chain security is graduating from a niche cybersecurity bet into mainstream software infrastructure investing. When TCV writes a $72 million growth check, the comparable set the firm is benchmarking against includes JFrog, Snyk, HashiCorp, and the broader DevOps tooling cohort. That is a different valuation universe than where pure-play cybersecurity Series C rounds typically get priced. For Cloudsmith specifically, the implication is access to a generalist-software acquirer base that pure-play cyber funds rarely deliver. JFrog could buy. HashiCorp could buy. GitHub (Microsoft) could buy. ServiceNow could buy — and given its [$7.75 billion Armis acquisition](/blog/cybersecurity-ma-landscape-2026-platforms-draw-map), it is now demonstrably willing to write nine-figure cyber-adjacent checks. The acquirer set is wider than it looks. For the cybersecurity industry, the implication is broader. Generalist growth capital is rotating away from frontier AI bets at $1B+ stealth valuations and toward picks-and-shovels infrastructure with real revenue. That rotation will pull more supply-chain security companies into the funnel — and it will reset the multiples those companies get priced at. ## The registry layer as the new choke point The registry is the place where almost everything an engineering team produces is forced to converge before going anywhere else. Build systems pull from it. Deployment pipelines push to it. CI/CD reads dependency manifests against it. Security scanners hook into it. Compliance auditors trace it. Historically, registries were boring DevOps plumbing. The interesting cybersecurity work happened upstream — in the IDE, the pull request, the SAST/DAST tools — or downstream, in production, EDR, runtime. The registry was treated as transport. The autonomous-publisher thesis flips that hierarchy. If the speed of artifact production accelerates faster than human review, the upstream and downstream layers get overwhelmed. Code review queues stretch beyond useful time horizons. Production scanners flag too much to triage. The only layer where governance can actually scale is the registry itself, because the registry is the one place every artifact has to pass through, and policy can be applied there in milliseconds without slowing the developer's loop. That puts the registry in the same structural position the AI gateway has come to occupy in agent runtime. Both are choke points. Both are inline. Both are where policy gets enforced because it is the only place where policy can be enforced at machine speed. Cybersecurity vendors that have not yet thought of registries as a security control plane will need to. Adjacent vendors — JFrog, Sonatype, GitHub Advanced Security, Snyk, GitGuardian, Anchore — are about to find their products described as supply-chain governance platforms whether they wanted that branding or not. ## What changes for cybersecurity buyers For procurement teams and platform-engineering leaders, Cloudsmith's round is a forward signal that the artifact registry is moving from infrastructure line item to security control. Three practical implications. The first is contractual. Artifact registries that ship without policy enforcement, vulnerability scanning, license tracking, and integrity verification will not survive the next renewal cycle in regulated industries. Procurement teams should treat *registry as a security control* the same way they treat *gateway as a security control* and *identity as a security control* — meaning the buying conversation moves from infrastructure to security, with everything that implies for budgets, evaluation criteria, and approval flows. The second is architectural. Engineering organizations running AI-coding tools at scale need to know what their registry is actually catching. Shadow dependencies, untracked container layers, unsigned ML models, and embedded secrets all flow through the registry — and a permissive registry passes them through. CISOs evaluating their AI-coding strategy should ask which registry their developers are publishing to, and what policy is actually being applied there. The answer is rarely satisfying on first inspection. The third is consolidation pressure. The cybersecurity supply-chain category is going to consolidate around the registry layer the same way the agent-runtime category consolidated around identity, gateway, and data access. Buyers who lock themselves into a registry without a forward-looking governance roadmap will repeat the procurement mistakes the cloud-security category has been correcting for two years. ## What changes for cybersecurity founders For founders building or raising in 2026, the autonomous-publisher thesis opens specific category bets and closes others. **Open: registry-adjacent governance.** Tools that sit at the artifact gate and apply policy, integrity, scanning, or supply-chain attestation are early. The category has not been platform-bought yet — and per [the M&A pillar](/blog/cybersecurity-ma-landscape-2026-platforms-draw-map), the platforms are still finishing their agentic-stack acquisitions before they pivot. **Open: AI-coding-specific governance.** Tools that target Copilot, Cursor, Claude Code, and the next generation of agentic IDEs specifically — measuring what AI generates, what it modifies, what it imports, and how that propagates downstream — are still early. The category does not have a recognized leader yet. **Closing: pure-play SAST or pure-play container scanning.** The defensible territory is at the registry gate or at the AI-tool layer. The middle is being consolidated. The cap-table implication is also worth taking seriously. If Cloudsmith's round is the first signal of generalist growth funds entering supply-chain security, founders raising in this category should structure their pitch for two audiences. The cybersecurity-specialist audience expects a defensible technical thesis and a category-leader narrative. The generalist software audience expects ARR scale, gross margins, and a developer-tools comparable. Building the deck for both audiences is uncomfortable. The companies that do it will see broader investor sets and better pricing. ## What to watch next Three signals over the next two quarters will tell us how durable the autonomous-publisher thesis is. The first is whether other generalist growth funds — Tiger, Coatue, ICONIQ, Stripes — start writing checks into supply-chain security. If TCV is alone in 2026, Cloudsmith is an outlier. If two or three more generalist funds enter the category before year-end, the rotation is real. The second is whether the platforms acquire into this layer. JFrog has the obvious in-category position to defend. GitHub (Microsoft) has the obvious distribution. Snyk has the obvious customer base. Watch for one of them — or for [a public security platform](/#stock-lists) extending its agentic-stack play one layer further left into the developer pipeline — to acquire a registry-governance specialist before Q1 2027. The third is whether AI-coding governance emerges as its own category with funded entrants. The IDE and pull-request layer is still mostly contested by point-tool startups. The next material round in this space will tell us whether AI-coding governance is a feature of registry-governance products like Cloudsmith, or a stand-alone category with its own platform leader. Both outcomes are informative. The question every cybersecurity buyer, founder, and investor needs to ask through the rest of 2026 is which side of the autonomous bet they are on. If you believe the bigger problem is autonomous attackers, the [agentic-defense category](/blog/xbow-strategic-round-cybersecurity-ai-capital-2026) is where the next twelve months play out. If you believe the bigger problem is autonomous publishers, the registry is. Cloudsmith's $72 million says the second bet is real. TCV is paying for the registry. The autonomous publishers are already typing. ## Frequently asked questions ### What does Cloudsmith do? Cloudsmith operates a universal artifact management platform: a single registry that holds every software package, container image, and ML model an enterprise consumes or publishes. The platform applies policy, vulnerability scanning, license enforcement, and access control at the artifact gate — the moment a build pulls a dependency or an engineer pushes a release. Founded in Belfast in 2016, the company replaces legacy package repositories like JFrog Artifactory and Sonatype Nexus at Fortune 500 and Global 2000 customers. ### Why is Cloudsmith's funding round different from the agentic-security wave? Most cybersecurity funding in 2026 has gone to agentic defense — autonomous tools that detect, investigate, and remediate at machine speed. Cloudsmith's thesis flips the framing. The bigger problem AI introduces is not autonomous attackers, but autonomous publishers — engineers using AI tools who now ship code, dependencies, and models at a velocity that breaks human review. The artifact registry is the layer where that velocity is forced to slow down for governance. Cloudsmith is betting the registry becomes the choke point. ### What does it signal that TCV led the round instead of a cybersecurity-specialist fund? TCV is a generalist growth investor whose portfolio includes Spotify, Netflix, Airbnb, and Splunk's pre-IPO round. TCV leading a cybersecurity Series C — instead of a Cyberstarts, Greylock, or Sequoia — signals that supply-chain security is graduating into mainstream software infrastructure investing. The buyer base reading this round is generalist enterprise software, not specialist cyber. That changes the multiples Cloudsmith and similar companies will get priced at, and it widens the universe of strategic acquirers materially. ### How does this fit with other 2026 cybersecurity supply-chain rounds? GitGuardian's $50 million Series C in February 2026, also Insight Partners-led, sits one layer over from Cloudsmith — secrets and non-human identity inside the supply chain. Adjacent rounds at the IDE and pull-request layer are funding AI-generated code governance. Read together, these rounds are the early signal of a category forming around the AI-coding supply chain — registry, secrets, code review — that the platforms have not yet bought into. The category leader has not been declared, and the platforms are likely to define it through acquisition rather than wait for a Wiz-shaped winner to emerge organically. ## Sources - [Cloudsmith Raises $72 Million in Series C Funding](https://www.securityweek.com/cloudsmith-raises-72-million-in-series-c-funding/) — SecurityWeek - [Cloudsmith raises $72M Series C to secure the AI-era software supply chain](https://tech.eu/2026/04/23/cloudsmith-raises-72m-series-c-to-secure-the-ai-era-software-supply-chain/) — Tech.eu - [Cloudsmith Raises $72M Series C Led by TCV with Participation from Insight Partners](https://finance.yahoo.com/sectors/technology/articles/cloudsmith-raises-72m-series-c-080000128.html) — Yahoo Finance / Business Wire --- # PQC Migration Is a Hardware Refresh. Sitehop Just Proved It. Source: https://cyber-biz.com/blog/sitehop-safecore-edge-pqc-hardware-refresh-2026 Published: 2026-05-09 Author: Tal Eliyahu Category: New Products Tags: Quantum Security, Network Security, Data Center Security, Governance, Risk, and Compliance > Sitehop's SAFEcore Edge is a 310-gram post-quantum encryption appliance for the network edge. The bet: PQC migration is partly silicon, not just code. ## Key facts - Sitehop launched SAFEcore Edge on April 15, 2026 — a hardware-enforced post-quantum encryption appliance for the network edge - Form factor: 37mm × 116mm × 68mm, 310g, sub-10W, USB-C powered. FIPS 140-3 Level 3 secure element - Performance: ML-KEM hybrid key exchange and IPsec at 1 Gbps full-duplex; up to 10 concurrent IPsec tunnels; claimed up to 1,000x lower PQC latency than software-only stacks - Sheffield, UK; ~£13.5M raised cumulatively, including £7.5M October 2025 round (Northern Gritstone, Amadeus, Mercia, Manta Ray, NPIF) - Already deployed at a tier-one telco across seven countries plus government and defence customers — not a stealth pre-funding outfit - Counter-thesis: PQC migration is not only a software project. A meaningful share is hardware refresh — for latency-sensitive infrastructure, the regulated edge, and classified networks - Reopens the dedicated network-encryptor category that the industry assumed had been absorbed into firewalls and SD-WAN The cybersecurity industry has spent two years treating post-quantum cryptography migration as a software problem. Sitehop's SAFEcore Edge bets a meaningful share is silicon. The Sheffield-based vendor [launched the device on April 15, 2026](https://www.helpnetsecurity.com/2026/04/15/sitehop-safecore-edge-pqc-device/). It is small — 310 grams, USB-C powered, smaller than a paperback. It runs ML-KEM hybrid post-quantum key exchange and IPsec at 1 Gbps full-duplex through a FIPS 140-3 Level 3 secure element. It claims up to a thousand times lower PQC latency than a software-only stack. And it is designed to deploy at the places conventional crypto infrastructure does not reach: branch banks, oil platforms, retail sites, autonomous vehicles, tactical and diplomatic posts. The launch is small, hardware-shaped, and easy to overlook. The thesis underneath it is not. ## What happened SAFEcore Edge is a hardware-enforced post-quantum encryption appliance. It is engineered to terminate ML-KEM hybrid key exchange and IPsec at the edge of a network rather than in the data center, with central management through Sitehop's SAFEnms console. The device [interoperates with third-party IPsec](https://securitybrief.co.uk/story/sitehop-launches-safecore-edge-for-remote-network-security), so buyers do not have to rip out existing VPN infrastructure to introduce quantum-safe key exchange. Form factor matters here. At 37mm by 116mm by 68mm and under 10 watts, the appliance fits inside operational envelopes that conventional 1U and 2U HSMs and link encryptors do not. Sub-10W means it can run on USB-C from a vehicle or a portable power source. FIPS 140-3 Level 3 means it carries the regulatory check-box that critical-infrastructure and government buyers require. [Sitehop](https://www.uktech.news/cybersecurity/sitehop-quantum-cyber-7-5m-20251009) is not a stealth pre-funding outfit. The company has raised approximately £13.5 million to date, including a £7.5 million round in October 2025 led by Northern Gritstone, with participation from Amadeus Capital Partners, Mercia Ventures, Manta Ray, and NPIF. The company says its SAFE Series products are already deployed with a tier-one telco across seven countries plus government and defence customers. The device is real. The customer base is real. The thesis is what the industry should be reading. ## PQC migration was framed as a software problem The dominant narrative on post-quantum cryptography migration since 2023 has been that the work is primarily software work. Library updates from Open Quantum Safe and the various PQC implementations of NIST-standardized algorithms (ML-KEM, ML-DSA, SLH-DSA). Hybrid TLS in the cloud platforms — Cloudflare shipped it, AWS shipped it, Confluent shipped it. KMS bolt-ons. Cryptography inventory tools. Discovery sweeps for legacy algorithm usage. Migration planning playbooks. That narrative was not wrong. It was incomplete. The unstated assumption was that most enterprise cryptography lives in software stacks where a library update is feasible. For a meaningful share of the actual install base, that assumption breaks. Network encryptors, link encryptors, secure tunneling appliances at branch sites, hardware security modules tied to specific protocol versions, and the bespoke crypto infrastructure deployed at critical national infrastructure sites are not refactor targets. They are appliance refreshes — and the appliances that exist today were not designed for ML-KEM hybrid handshakes. Most of 2026's PQC migration coverage has skated past this. The federal regulatory clock is loud — NSA CNSA 2.0 deadlines, the finalized NIST FIPS 203/204/205 standards, the White House March 2026 Cyber Strategy naming PQC a federal priority — but the buyer-side conversation has been almost entirely about software stacks and inventory. The hardware refresh has been the assumed-away part of the project plan. ## SAFEcore Edge says a meaningful share is hardware refresh Sitehop's launch is the cleanest expression yet of the counter-thesis. PQC migration is partly software. It is also partly silicon. The structural argument is not that hardware PQC will replace software PQC. It is that for specific deployment environments, software PQC is not viable on the timeline regulators are pushing. Three of those environments matter most. The first is **latency-sensitive infrastructure**. High-frequency trading, real-time control systems, autonomous vehicles, and any environment where microseconds determine system behavior cannot absorb the latency tax of software-only post-quantum handshakes. Sitehop's claim of up to a thousand times lower PQC latency than software stacks is a marketing number; the underlying point — that hardware-accelerated PQC is meaningfully faster — is structurally durable regardless of where the precise multiple lands. The second is **the regulated edge**. Branch banks, retail sites, hospitals, oil platforms, water treatment facilities, and military forward operating environments need crypto infrastructure they can certify, audit, and physically secure. Software running on commodity hardware is harder to certify at FIPS 140-3 Level 3 than dedicated silicon. Sitehop's appliance is purpose-built for this segment. The third is **classified networks**. Government and defence customers running sovereign infrastructure need supply-chain provenance on every component of the crypto stack. A device built and validated under a specific national jurisdiction is a different procurement target than a software library compiled from open-source dependencies. SAFEcore Edge ships as exactly that kind of device. If those three segments end up driving even a fifth of total PQC migration spend, hardware-PQC becomes a serious budget line. That category does not currently have a recognized leader. ## The forgotten encryptor category The dedicated network-encryptor category was a real product line through the 2000s and early 2010s. Thales, Senetas, IDQ, and a handful of others sold rack-mounted Layer 2 and Layer 3 encryptors into telcos, financial institutions, and governments. The category was assumed-absorbed when firewall and SD-WAN platforms grew encryption tunneling into their core capabilities. Why buy a dedicated encryptor when your firewall ships with IPsec? PQC migration is reopening that question. If PQC is going to be implemented in silicon at the edge for the segments above, the dedicated network-encryptor category gets re-instantiated. The question becomes whether the platform vendors — [Palo Alto Networks](/stocks/panw), [Fortinet](/stocks/ftnt), [Cisco](/stocks/csco) — ship competitive PQC silicon as part of their next-generation appliances, or whether the regulated-edge segment falls to specialists like Sitehop, Senetas, IDQ, and the next wave of pure-plays. Both outcomes are plausible. Both have implications for the [cybersecurity M&A map](/blog/cybersecurity-ma-landscape-2026-platforms-draw-map) we have been tracking. The platform vendors have not yet announced credible PQC-silicon roadmaps at the regulated-edge form factor. Fortinet has gestured. Cisco has signaled but not shipped. Palo Alto has prioritized agent-runtime work. The window is open for specialists to establish position before the platforms catch up — or to become acquisition targets if the platforms decide buying is faster than building. ## Sovereign crypto is the second story The cap-table angle on Sitehop deserves separate attention. [Northern Gritstone](https://www.prolificnorth.co.uk/news/worlds-smallest-encryption-device-takes-cybersecurity-beyond-the-quantum-realm/) is a UK-focused growth fund anchored by the Universities of Leeds, Manchester, and Sheffield. Its thesis centers on commercializing UK academic research at scale. Amadeus Capital Partners is a UK-based venture firm with a long history of European deep-tech bets. Mercia Ventures and NPIF are regional UK investors. The cap table is, almost entirely, British. That is not coincidental. SAFEcore Edge is positioning explicitly as a UK-engineered, FIPS-certified, sovereign cryptography device for European and allied buyers. Adjacent moves in the same window — Airbus pursuing French cybersecurity research firm Quarkslab on a similar sovereign-cyber thesis — suggest the pattern is broader than one company. European sovereign cryptography is not a niche. It is the buyer-side response to a US-dominated cybersecurity supply chain at the moment when [US federal cyber capacity is itself under measurable strain](/blog/cisa-april-collapse-cyber-backstop-privatizes-2026). Allied governments and critical-infrastructure operators in the EU, UK, and parts of Asia are increasingly unwilling to accept US-only crypto in their most sensitive deployments. PQC migration is the moment when that preference becomes a procurement requirement. The structural read for cybersecurity investors and corp-dev teams is that sovereign-cyber pure-plays in PQC silicon and other regulated-edge categories are about to see two things at once: rising procurement demand from government and CNI buyers, and rising acquirer interest from defense conglomerates and national-champion vendors. The next twelve months should produce one or two material sovereign-crypto transactions on each side of the Atlantic. ## What changes for cybersecurity buyers For procurement teams and CISOs in regulated industries, Sitehop's launch is the forward signal that PQC migration planning needs a hardware track separate from the software track. Three practical implications. The first is the project plan. PQC migration plans built in 2024 and 2025 typically scoped library updates, KMS replacement, hybrid TLS rollout, and inventory work. Add a hardware-refresh stream. Identify the legacy network encryptors, link encryptors, and bespoke crypto appliances in scope. Decide whether they get refreshed with PQC-capable hardware (Sitehop, Senetas, IDQ, vendor-shipped platform silicon when available) or retired in favor of a software stack with acceptable latency profile. The decision per asset is non-trivial; the inventory itself is necessary. The second is the procurement timeline. Hardware refresh cycles run two to four times longer than software upgrades. If the regulatory deadline lands in 2030 — and CNSA 2.0 timelines suggest critical national security systems hit binding requirements earlier — the procurement work has to begin now in regulated environments. Buyers who scoped PQC as a 2028 software project will find their hardware track is already late. The third is sovereign procurement. Buyers in regulated sectors, especially those headquartered outside the US, should expect their procurement language to add country-of-origin requirements on PQC-capable hardware over the next twelve months. The vendors that anticipate this — Sitehop is one — will land deals that pure technical comparisons miss. ## What to watch next Three signals over the next two quarters will tell us how durable the hardware-PQC thesis is. The first is whether the platform vendors ship competitive PQC silicon at the regulated-edge form factor. PANW, Fortinet, and Cisco all have firewall families that could be extended; the question is whether they prioritize the work or concede the segment to specialists. The first platform vendor to ship a credible PQC-capable edge appliance reframes the category. The second is whether sovereign-crypto specialists raise material rounds in the next two quarters. Sitehop's £13.5M cumulative is small for the category opportunity; meaningful follow-on funding would signal that the autonomous-publisher and software-PQC narratives are not the only games in cybersecurity. Watch for European or allied government-adjacent capital entering the space. The third is the M&A read. If a defense conglomerate or a US [public security platform](/#stock-lists) acquires a sovereign-crypto pure-play before year-end, the consolidation thesis wins. If the specialists raise instead, the standalone thesis wins. Either signal is informative. PQC migration is currently being scoped as a software project across most cybersecurity organizations. SAFEcore Edge says a meaningful share of the work is silicon. The buyers, founders, and investors who agree have a window before the platform vendors close it. The encryptor category is back. It is just sized differently now. ## Frequently asked questions ### What is post-quantum cryptography (PQC), and why does the migration matter now? Post-quantum cryptography is a class of public-key algorithms designed to resist attack by sufficiently powerful quantum computers. NIST finalized the first PQC standards (ML-KEM, ML-DSA, SLH-DSA) in 2024-2025 as FIPS 203/204/205. The migration matters now because adversaries can capture encrypted traffic today and decrypt it later once quantum computers reach scale — *harvest now, decrypt later*. NSA's CNSA 2.0 timeline and the White House March 2026 Cyber Strategy have made PQC a binding federal priority, with regulated industries expected to follow. ### Why is Sitehop's launch different from other PQC products on the market? Most PQC migration tooling shipped to date is software — libraries, KMS bolt-ons, hybrid TLS in cloud platforms like Cloudflare and AWS, cryptography inventory tools. SAFEcore Edge does the cryptography in dedicated silicon at the network edge. The differentiation is form factor and latency: a 310-gram, sub-10W appliance with FIPS 140-3 Level 3 certification, designed to deploy at branch sites and forward operating environments where conventional 1U and 2U HSMs and link encryptors do not fit. The bet is that hardware-PQC is the only viable answer for specific regulated and latency-sensitive deployment environments. ### Which buyer segments will drive hardware-PQC procurement? Three. Latency-sensitive infrastructure (high-frequency trading, real-time control systems, autonomous vehicles) where software-PQC's latency tax is unacceptable. The regulated edge (branch banks, retail sites, hospitals, oil platforms, water treatment) where dedicated silicon is easier to certify and audit at FIPS 140-3 Level 3. Classified networks (government and defence) where supply-chain provenance on the crypto stack is itself a procurement requirement. If those three segments drive even a fifth of total PQC migration spend, hardware-PQC becomes a serious budget line. ### What does Sitehop's UK cap table signal beyond the company itself? Northern Gritstone, Amadeus, Mercia, and NPIF make Sitehop's cap table almost entirely British. That is positioning. SAFEcore Edge is being marketed explicitly as a UK-engineered, FIPS-certified, sovereign cryptography device for European and allied buyers. Adjacent moves in the same window (Airbus pursuing French cybersecurity firm Quarkslab) suggest sovereign-cyber is becoming a recognized procurement axis. Allied governments and critical-infrastructure operators outside the US are increasingly unwilling to accept US-only crypto in sensitive deployments — and PQC migration is the moment when that preference becomes a contractual requirement. ## Sources - [Sitehop's SAFEcore Edge enables ultra-low-latency, hardware-enforced post-quantum encryption](https://www.helpnetsecurity.com/2026/04/15/sitehop-safecore-edge-pqc-device/) — Help Net Security - [Sitehop launches SAFEcore Edge for remote network security](https://securitybrief.co.uk/story/sitehop-launches-safecore-edge-for-remote-network-security) — SecurityBrief UK - [World's smallest encryption device takes cybersecurity beyond the quantum realm](https://www.prolificnorth.co.uk/news/worlds-smallest-encryption-device-takes-cybersecurity-beyond-the-quantum-realm/) — Prolific North - [Sheffield firm Sitehop launches pocket-sized cybersecurity device](https://www.yorkshirepost.co.uk/business/worlds-smallest-sheffield-firm-sitehop-launches-pocket-sized-cybersecurity-device-6575834) — Yorkshire Post - [Sitehop secures GBP 7.5m round (funding context)](https://www.uktech.news/cybersecurity/sitehop-quantum-cyber-7-5m-20251009) — UKTN --- # Six Layers, Six Months: The Agentic Security Category Map Source: https://cyber-biz.com/blog/agentic-security-category-map-six-layers-2026 Published: 2026-05-09 Author: Tal Eliyahu Category: Industry News Tags: AI Security, Governance and Assurance, Identity and Access Management, Incident Detection and Response, Application Security > The agentic security stack has six layers. Most CISOs do not have a map. Here is one, with each layer's place in the 2026 consolidation cycle. ## Key facts - The agentic security stack has six load-bearing layers: identity, AI gateway, agentic endpoint, agentic browser, agent-ready data, agentic SOC. Plus two adjacent layers: autonomous offensive security and agent observability/red-teaming - Cybersecurity platforms have spent over $40B buying into the stack in six months. The cycle is shorter than the four-year cloud-security consolidation - Identity is the most consolidated layer: PANW (CyberArk $25B), CrowdStrike (SGNL $740M), Cisco (Astrix ~$400M), Silverfort (Fabrix), Delinea (StrongDM). Standing privilege is dead - AI Gateway is claimed by PANW (Portkey ~$700M) but contested by hyperscaler-embedded gateways from Microsoft, Google, Cloudflare, and AWS - Agentic SOC is the most contested layer: Rapid7 (Kenzo), Cisco (Galileo) on the platform side; 7AI ($130M Series A), Dropzone, Prophet, Torq on the standalone side. Three to four leaders will reach durable scale - Open primitives that have no recognized category leader yet: agent observability and red-teaming, cross-platform policy authoring, agent-aware DLP, agent-to-agent identity, federated agent identity - Window for category formation in open layers is twelve to eighteen months, not three years The agentic security stack has six layers. Most CISOs we have spoken with do not have a map. Here is one. In the past six months, cybersecurity platforms have spent more than $40 billion buying into a stack that did not exist as a procurement category in 2024. Identity, AI gateway, agentic endpoint, agentic browser, agent-ready data, agentic SOC. Each layer has named entrants. Each layer has a different consolidation status. Each layer has different open primitives. The map matters because the cycle is shorter than any prior cybersecurity platform consolidation. Cloud security took four years. The agentic stack is consolidating in six to nine months. By the time most CISOs have written 2027 budgets, the layers below will be functionally closed for new procurement choices. This is where each layer sits today. ## The framework The agentic security stack has six load-bearing layers and two adjacent ones. **Identity** is who or what is acting. AI agents act on behalf of humans, on behalf of services, and increasingly on behalf of other agents. The identity layer answers: which entity is making this call, what is it allowed to do, and how does authorization stay current as the agent's behavior changes. **AI Gateway** is which calls go where, with what policy. Every prompt, response, and tool invocation an agent emits passes through some routing layer. The gateway is the inline enforcement point. **Agentic Endpoint** is where AI agents and AI-using tools run. Browser-resident AI tools, autonomous agents on developer laptops, and AI features inside enterprise SaaS apps all bypass traditional EDR. The agentic endpoint layer is where they get inspected. **Agentic Browser** is where agents and AI tools meet the user's browser. Increasingly, the browser is the place enterprise work happens — and the place AI tools are most active. Agent-aware browser security is the inspection point for that traffic. **Agent-ready Data** is what agents can read and write. Data security posture management was the prior-cycle category. Agent-ready data extends it to: what data can an agent access, under what authorization, with what audit trail. **Agentic SOC** is how anomalies in agent behavior get detected and responded to. The SOC was already moving toward AI-driven analysis; agentic SOC platforms run agents that investigate, correlate, and remediate at machine speed. Two adjacent layers complete the picture: **autonomous offensive security** (continuous AI-driven testing, the supply side of the agentic-defense funding wave) and **agent observability and red-teaming** (the still-emerging layer that watches, replays, and adversarially tests agent behavior). ## Identity — the most consolidated layer The identity layer is the cleanest example of how fast this consolidation moves. [Palo Alto Networks](/stocks/panw) closed CyberArk in February for $25 billion, the largest deal in the company's history, and Nikesh Arora has framed identity as the *fourth pillar* of platformization. CrowdStrike spent $740 million on SGNL in January for continuous, runtime, agent-aware authorization. Cisco bought Astrix Security in May for a reported $400 million for non-human identity inventory and lifecycle management — analyzed [in this companion piece](/blog/cisco-astrix-non-human-identity-platform-layer). Cyera's prior-year acquisition of Otterize and the cluster around it — Silverfort acquiring Fabrix Security in late April, Delinea merging with StrongDM in January — fill out the runtime, continuous, agent-aware authorization category. The shared structural argument across these deals is the same. Standing privilege is dead. Session-time authentication is too coarse. AI agents act faster than humans can approve, and they act on behalf of humans whose authorizations were never designed to cover an autonomous proxy. The market is converging on runtime, continuous, agent-aware authorization as the new identity control plane. What is closed: human identity, non-human identity, agent identity within a single organization. The platforms have bought. What is still open: agent-to-agent identity in cross-organization meshes (federated identity for agents acting across company boundaries), agent identity for sovereign and government deployments where US platform stacks are not procurement targets, and standalone identity governance for highly regulated sectors that cannot consolidate inside a generalist platform. ## AI Gateway — claimed by Palo Alto, contested by hyperscalers The AI Gateway layer is more contested than identity, despite a clear early winner. Palo Alto Networks announced its acquisition of Portkey in late April for a reported ~$700 million — analyzed [in this companion piece](/blog/palo-alto-portkey-ai-gateway-acquisition-2026). Portkey routes trillions of tokens monthly across more than 3,000 LLMs for over a thousand enterprise customers. Integrating it into Prisma AIRS gives PANW the routing and policy layer through which all of an agent's calls flow. The contested part is that hyperscalers have parallel capabilities embedded in their own platforms. Microsoft's Azure AI Foundry includes routing and policy primitives. Google Cloud has model routing embedded in Vertex AI. Cloudflare has shipped an AI Gateway product in its Workers AI stack. AWS embeds guardrails in Bedrock. None of these are sold standalone as cybersecurity products. All of them compete with Portkey's positioning. What is closed: the standalone AI Gateway category. PANW will set the cybersecurity-platform pricing. What is still open: cross-platform agent routing where customers run agents across multiple hyperscalers and multiple model providers. Independent gateways that compete on neutrality, vendor independence, and cross-cloud flexibility have a window through 2026. The window will close once one hyperscaler ships a credible cross-cloud gateway or another platform vendor acquires a Portkey alternative. ## Agentic Endpoint — newly named, structurally important Palo Alto Networks named *agentic endpoint security* as a category when it acquired Koi Security in February for $400 million. The category did not exist as a procurement line item in 2025. The structural argument is that browser-resident AI tools, autonomous agents on developer laptops, and AI features embedded in enterprise SaaS bypass the threat model traditional EDR products were built around. EDR vendors instrument the operating system for malware-shaped behavior. Agentic endpoint instruments for AI-specific behavior: which agent is running, what it is reading, what it is exfiltrating, what it is publishing. What is closed at the platform level: PANW has established the category and the framing. Other public platforms will need an answer. What is still open: the standalone vendor layer. Koi was the first material acquisition in this category. The next two to four entrants will define the procurement comparable set. Founders building here have a roughly twelve-month window before the category closes. ## Agentic Browser — Seraphic, SquareX, and the pure-plays The browser security layer fills out fastest among the public platforms. CrowdStrike acquired Seraphic Security in mid-January for $420 million and framed the deal alongside SGNL as a fused identity-to-browser-to-cloud control plane. Zscaler acquired SquareX in early February for an undisclosed amount in the same window. The enterprise browser pure-plays — Island and the others still independent in 2026 — face a procurement question they can no longer ignore. CrowdStrike and Zscaler now ship browser security as part of their platform packages. The standalone enterprise-browser category has to compete on differentiation that platforms have not absorbed yet. What is closed: browser security as a feature of the SASE/XDR platforms. Buyers running CrowdStrike or Zscaler get browser security as part of the contract. What is still open: pure-play enterprise browsers that compete on user experience, dedicated browser features, and specific developer or contractor use cases. The category will support one or two independent leaders past 2027. The rest will be acquired or marginalized. ## Agent-ready Data — earliest stage of consolidation The data layer for AI agents is the earliest stage of any of the six. Cyera bought Ryft in late April to extend its DSPM stack into agent-ready data — adding the data-access primitive for AI agents. Varonis acquired AllTrue.ai for $150 million in February for shadow-AI discovery and runtime guardrails. Check Point bought Cyata as part of its three-startup February announcement to add AI agent guardrails. The category boundaries are still being defined. The structural argument: AI agents reading and writing enterprise data at machine speed need governance that cannot rely on human review. The agent-ready data layer is where data security posture management extends into runtime. What is closed: the early platform positioning. [Cyera](/vendors/cyera), Varonis, and Check Point have staked claims. What is still open: cross-platform agent-aware DLP, federated agent data access (across multiple organizations or multiple data domains), and standalone agent-data governance products. The category does not yet have a recognized leader. Founders raising in this space have leverage that the more-consolidated layers no longer offer. ## Agentic SOC — most contested Agentic SOC is the most crowded layer at the time of writing. Rapid7 acquired Kenzo Security in late March; Cisco acquired Galileo in April for agentic monitoring inside Splunk. Standalone agentic SOC startups raised material rounds through 2026 — 7AI took $130 million in Series A for the largest cybersecurity Series A on record. Dropzone AI, Prophet Security, and Torq operate in the same space at varying stages of commercial maturity. XM Cyber and the broader CTEM specialists are adjacent. The shared framing is *machine-speed investigation* — collapsing the dwell time between alert and response by running AI agents that triage, correlate, and remediate. The exact division of labor between AI and human varies by vendor. What is closed at the platform level: Rapid7 and Cisco have made their initial bets. Other public platforms are still positioning. What is still open: the category leader. Three to four vendors will reach durable scale; the rest will be acquired or marginalized within twelve to eighteen months. The selection event is the next material consolidation move in this layer — likely a public-platform acquisition of one of 7AI, Dropzone, Prophet, or Torq, or one of these companies announcing a Series C at premium valuation that establishes the standalone path. Expect that signal before Q1 2027. ## The adjacent layers — autonomous offensive and observability Two adjacent layers complete the agentic security map. **Autonomous offensive security** — continuous AI-driven testing — is the supply side of the agentic-defense funding wave. XBOW raised a [strategic-only $35 million Series C extension](/blog/xbow-strategic-round-cybersecurity-ai-capital-2026) on May 6. Artemis raised $70 million in Series A on April 15 for AI-vs-AI defensive security. Variance closed $21.5 million in Series A in early April for autonomous AI compliance and fraud agents. The category is well-funded, agentic-native, and positioned to either become a platform feature (most likely path) or to consolidate around two to three leaders (less likely but plausible). **Agent observability and red-teaming** is the most open layer. Tools that observe what agents do, replay agent sessions, red-team agentic workflows, and evaluate agent behavior under adversarial conditions exist as a class but do not yet have a recognized category leader. AI red-teaming startups, AI security guardrail vendors, and prompt-evaluation tooling sit here. The category is fragmented enough that we expect one to two material funding rounds and at least one acquisition before year-end to define the consolidation pattern. ## How to read the map for buyers For procurement teams, the map collapses into a small number of practical decisions. Identity, AI gateway, agentic endpoint, and agentic browser are now platform-bought. If you are running [a public security platform](/#stock-lists), you should expect those layers to ship as features inside your existing renewal. Standalone procurement of pure-play vendors in these layers will not survive the 2027 budget cycle in most enterprises. Agent-ready data still has independent procurement options. The platforms have bought into the category but have not closed it. Buyers with strong data-security requirements should evaluate Cyera, Varonis, and the standalone agent-data governance entrants on technical merit rather than assume platform consolidation has resolved the choice. Agentic SOC has multiple credible options. The category will select two to four leaders within twelve to eighteen months. Buyers committing to a vendor in this layer in 2026 should ask explicit questions about acquisition risk, integration roadmap with the buyer's existing platform stack, and what happens to the contract if the vendor is acquired by a competing platform. The adjacent layers — autonomous offensive and agent observability — should be evaluated as specialist procurements with explicit acquisition risk. The vendors operating here are likely to be acquired within twelve to twenty-four months. Buy specifically for capability, not for category leadership. ## How to read the map for founders For founders building or raising in 2026, the map closes some doors and opens others. **Closed:** identity (within a single organization), AI gateway (as a standalone category), agentic endpoint (as a category-leader play), agentic browser (as a horizontal play). Building in these layers requires a defensible niche the platforms have not bought into — sovereign deployments, regulated-edge environments, federated cross-organization use cases. **Contested:** agent-ready data, agentic SOC. Both layers will support multiple credible vendors at scale. The defensibility is technical depth, customer concentration in a vertical the platforms have not prioritized, and the ability to integrate cleanly with whichever platform a customer is consolidating on. **Open:** agent observability, agent red-teaming, cross-platform policy authoring, agent-aware DLP that works across multiple gateways and data stores, agent-to-agent identity (mesh), and federated agent identity across organizations. The recognized leader has not been declared in any of these. The window for category formation is open — but per [the M&A pillar](/blog/cybersecurity-ma-landscape-2026-platforms-draw-map), the window is shorter than the prior cycle. Twelve to eighteen months, not three years. The cap-table implication is also worth taking seriously. Per the [Cloudsmith funding piece](/blog/cloudsmith-72m-series-c-ai-supply-chain-2026), generalist growth funds (TCV, Tiger, Coatue, ICONIQ, Stripes) are entering security infrastructure. Founders raising in the open layers should structure their pitch for both cybersecurity-specialist and generalist software audiences. The companies that do will see broader investor sets and better pricing. ## What to watch for the rest of 2026 Four signals between now and December will tell us how the map redraws. The first is the next agentic-SOC consolidation move. A public-platform acquisition of 7AI, Dropzone, Prophet, or Torq — or a Series C at premium valuation establishing the standalone path — sets the pattern for the most contested layer. The second is the first major move in agent observability or red-teaming. Whether by funding round or acquisition, the first material event in this layer will define whether agent observability becomes a category or stays as features inside larger platforms. The third is the cross-platform AI Gateway question. Whether a hyperscaler ships a credible cross-cloud gateway, or whether an independent vendor establishes neutrality as a defensible position, decides whether Portkey's PANW absorption was the start of consolidation or a one-time event. The fourth is sovereign-deployment positioning. Allied governments and critical-infrastructure operators are increasingly unwilling to accept US-only stacks at the most sensitive layers. Sovereign-cyber agentic-security pure-plays — including the kind of [hardware-PQC positioning we've seen from Sitehop](/blog/sitehop-safecore-edge-pqc-hardware-refresh-2026) — will produce material moves before year-end. The map is not finished. The corners are filling fast. The next twelve months will tell which open primitives become categories and which fade into platform features. Knowing which layer you are on is the first procurement, building, or investing decision. Most of the rest follows from there. ## Frequently asked questions ### What are the six layers of the agentic security stack? Identity (who or what is acting), AI gateway (which calls go where with what policy), agentic endpoint (where AI agents and AI-using tools run), agentic browser (where agents meet the user's browser), agent-ready data (what agents can read and write), and agentic SOC (how anomalies in agent behavior get detected and responded to). Two adjacent layers complete the picture: autonomous offensive security and agent observability/red-teaming. Each layer has different consolidation status, different open primitives, and different procurement implications. ### Which agentic security layers are already platform-bought, and which are still open? Closed at the platform level: identity, AI gateway, agentic endpoint, and agentic browser. Major public security platforms have made acquisitions in each of these layers in the first five months of 2026. Contested: agent-ready data and agentic SOC — multiple platforms and standalone vendors are credible, and the category leader has not been selected. Open: agent observability and red-teaming, cross-platform policy authoring, agent-aware DLP, agent-to-agent identity, and federated agent identity. None of these have a recognized leader, and the window for category formation is roughly twelve to eighteen months. ### How should procurement teams evaluate agentic security vendors in 2026? Three practical questions. First, in closed layers (identity, gateway, endpoint, browser), expect the platforms to ship the capability inside existing renewals — standalone procurement is rarely durable. Second, in contested layers (agent-ready data, agentic SOC), evaluate vendors on technical merit but ask explicit questions about acquisition risk, integration roadmap with your existing platform stack, and what happens to the contract if the vendor is acquired by a competing platform. Third, in open layers, buy for capability rather than for category leadership — the vendors operating here are most likely to be acquired or to redefine themselves before procurement renewal. ### Where should cybersecurity founders build in the agentic stack in 2026? Closed layers (identity, AI gateway, agentic endpoint, agentic browser as horizontal plays) require a defensible niche the platforms have not bought into — sovereign deployments, regulated-edge environments, or federated cross-organization use cases. Contested layers (agent-ready data, agentic SOC) will support multiple credible vendors; defensibility comes from technical depth and vertical concentration. Open layers (agent observability, red-teaming, cross-platform policy authoring, agent-aware DLP, agent-to-agent identity) have no recognized leader yet — the window for category formation is open, but it is shorter than prior cycles. Twelve to eighteen months, not three years. ## Sources - [Palo Alto Networks completes acquisition of CyberArk](https://www.paloaltonetworks.com/company/press/2026/palo-alto-networks-completes-acquisition-of-cyberark-to-secure-the-ai-era) — Palo Alto Networks - [CrowdStrike to acquire SGNL](https://www.crowdstrike.com/en-us/press-releases/crowdstrike-to-acquire-sgnl-to-transform-identity-security-for-ai-era/) — CrowdStrike - [Palo Alto Networks to acquire Portkey](https://www.paloaltonetworks.com/company/press/2026/palo-alto-networks-to-acquire-portkey-to-secure-the-rise-of-ai-agents) — Palo Alto Networks - [Cisco announces intent to acquire Astrix Security](https://blogs.cisco.com/news/cisco-announces-intent-to-acquire-astrix-security) — Cisco - [Cyera acquires Ryft to extend its agentic AI security platform](https://www.cyera.com/press-releases/cyera-acquires-ryft-to-extend-its-agentic-ai-security-platform) — Cyera - [Capstone Partners Q1 2026 Cybersecurity Market Update](https://www.capstonepartners.com/insights/article-cybersecurity-market-update/) — Capstone Partners --- # The Salesforce Fabric Is 2026's Single Attack Surface Source: https://cyber-biz.com/blog/shinyhunters-salesforce-saas-fabric-breach-2026 Published: 2026-05-09 Author: Tal Eliyahu Category: Data Breaches Tags: Identity and Access Management, Third-Party Risk Management, Data Security and Protection, Incident Detection and Response > Medtronic and McGraw-Hill confirm breaches inside the same ShinyHunters Salesforce campaign. The fabric stitching SaaS to OAuth is the real attack surface. ## Key facts - ShinyHunters' campaign against Salesforce environments has affected at least Workday, TransUnion, Allianz Life, Google, Cisco, LVMH brands, Adidas, Qantas, McGraw-Hill, and Medtronic through 2025-2026 - McGraw-Hill (April 16, 2026): 13.5 million accounts compromised via misconfigured Salesforce-hosted webpage. Verified by Have I Been Pwned - Medtronic (April 27, 2026): unauthorized access to corporate IT systems confirmed; ShinyHunters claims 9M+ records (claim unverified by victim) - McGraw-Hill stated explicitly: *this activity appears to be part of a broader issue involving a misconfiguration within Salesforce's environment that has impacted multiple organizations* - Technique chain: vishing call → malicious connected-app install → OAuth token issuance → bulk CRM data export → exfiltration. Each step uses legitimate functionality - Inverse failure mode from Itron: cybersecurity owns the SaaS on paper but does not control the OAuth fabric stitching it to identity - Demand catalyst for three categories: SSPM (Obsidian, AppOmni, Adaptive Shield/CrowdStrike, Valence, Reco), ITDR (Push, Permiso, Mitiga), OAuth/NHI governance (Astrix-via-Cisco, Oasis, Entro) Medtronic confirmed a cybersecurity incident on April 27, 2026. McGraw-Hill confirmed one eleven days earlier, on April 16. The two announcements look like separate breaches at unrelated companies. They are part of the same campaign — and the campaign exposes a structural failure mode the cybersecurity industry has been pretending was a configuration error rather than a category-defining problem. The campaign is [ShinyHunters' coordinated targeting of Salesforce environments](https://therecord.media/mcgraw-hill-data-leak-tied-to-salesforce-misconfiguration), running through 2025 and accelerating in 2026. The technique is consistent: vishing-driven Data Loader installs, OAuth token abuse, lateral access into Salesforce-hosted data, exfiltration. The victim list reads like a Fortune 500 directory — Workday, TransUnion, Allianz Life, Google, Cisco, LVMH brands, Adidas, Qantas, McGraw-Hill, and now Medtronic. The fabric stitching SaaS to identity is the real attack surface. The cybersecurity industry has been treating it as plumbing. ## What happened Medtronic [disclosed on April 27](https://www.securityweek.com/medtronic-hack-confirmed-after-shinyhunters-threatens-data-leak/) that an unauthorized third party had access to certain corporate IT systems. The company stated no impact to products, patient safety, manufacturing, or hospital networks. ShinyHunters claimed 9 million records and terabytes of data; Medtronic has not confirmed those numbers, and the threat actor reportedly delisted Medtronic from its leak site shortly after — which raises a separate set of questions [the trade press has not yet resolved](https://securityaffairs.com/191391/cyber-crime/medtronic-discloses-security-incident-after-shinyhunters-claimed-theft-of-9m-records.html). McGraw-Hill [disclosed on April 16](https://www.bleepingcomputer.com/news/security/data-breach-at-edtech-giant-mcgraw-hill-affects-135-million-accounts/) that 13.5 million accounts had been compromised through a misconfigured Salesforce-hosted webpage. The data exposed included names, addresses, phone numbers, and email addresses. The number is verified through Have I Been Pwned. The framing the company gave to regulators and press is the more important part: *this activity appears to be part of a broader issue involving a misconfiguration within Salesforce's environment that has impacted multiple organizations*. That sentence is the giveaway. McGraw-Hill is not blaming Salesforce. It is naming the pattern. ## The campaign and the pattern ShinyHunters has been running variants of the same playbook against Salesforce customers for at least eighteen months. The technique chain is documented across [multiple Fortune 500 victims](https://www.csoonline.com/article/4042191/shinyhunters-strike-again-workday-breach-tied-to-salesforce-targeted-social-engineering-wave.html) through 2025 and 2026. The chain typically runs: vishing call to a help-desk or admin user; social-engineered installation of a Salesforce Data Loader application or comparable connected app; OAuth token issued by the Salesforce instance to the malicious app; bulk export of CRM data via the Data Loader's legitimate API access; exfiltration to attacker infrastructure; extortion or leak-site posting. What makes the chain hard to defend against is that none of the individual steps are exotic. Vishing has been a standard intrusion vector for years. Salesforce Data Loader is a legitimate tool. OAuth tokens are how every modern SaaS application grants third-party access. The misconfigurations the campaign exploits are the default behaviors of the SaaS-to-identity fabric most enterprises have been quietly accumulating since they adopted CRM. This is not a Salesforce vulnerability. It is a Salesforce-customer governance problem at scale. And because Salesforce is the CRM of record for a meaningful share of the Fortune 500, the customer-side governance problem is functionally a single attack surface. ## The opposite failure mode from Itron This site analyzed [the Itron breach two weeks ago](/blog/itron-breach-ot-vendor-blind-spot-2026) — a critical-infrastructure vendor compromise that exposed the OT category's blind spot. The Salesforce wave is the inverse failure mode. Itron's lesson was that the cybersecurity industry could not see what it did not own. OT vendor risk fell outside the asset map of most CISOs because the OT vendor sat upstream of the utility, not inside it. The category was sold downstream and the breach happened upstream. The Salesforce wave's lesson is the inverse. Cybersecurity owns the SaaS perimeter on paper. Every CISO with a CRM in their environment can name the SaaS, the identity provider, the connected applications inventory, the DLP suite, and the CASB. They have governance documents. They have compliance attestations. They have controls. What they do not have is operational control of the OAuth fabric stitching all of that together. The connected app inventory is rarely audited per scope. The Data Loader installs are rarely tracked per user. The OAuth token issuance is rarely instrumented for behavioral anomaly. The vishing-resistant authentication required to break the front door of the chain is rarely deployed at the help-desk and admin-user level. The cybersecurity team owns the SaaS. The team does not control the fabric. ## The category-defining moment For three categories of cybersecurity vendors, the Salesforce wave is the demand catalyst they have been waiting for. The first is **SaaS Security Posture Management (SSPM)**. Obsidian Security, AppOmni, CrowdStrike's Adaptive Shield, Valence, Reco, DoControl, and a handful of other entrants have been pitching SaaS posture as a 2024-2025 category. The Salesforce wave is the moment the category goes from CISO budget *should-have* to *must-have*. SSPM products inventory connected applications, audit OAuth scopes, surface Data Loader installs, and detect the misconfigurations the campaign exploits. Every Medtronic-shaped customer board conversation is now an SSPM evaluation conversation. The second is **Identity Threat Detection and Response (ITDR)**. Push Security, Permiso, Mitiga, CrowdStrike Falcon Identity, and the broader ITDR cohort detect anomalous identity behavior across SaaS — the kind of OAuth token misuse and lateral access patterns the ShinyHunters chain produces. ITDR is structurally adjacent to the [agentic-security identity layer](/blog/agentic-security-category-map-six-layers-2026) we have been mapping. The third is **OAuth and non-human identity governance**. [Astrix (now Cisco)](/blog/cisco-astrix-non-human-identity-platform-layer), Oasis Security, Entro, and similar specialists govern the credentials, tokens, and connected applications that are the actual attack surface. The Salesforce wave is the most visible argument these companies have ever had for why their category exists. The vendors with credible product in any of these three categories will see meaningfully shorter sales cycles for the rest of 2026. ## What changes for cybersecurity buyers For procurement teams and CISOs, the Salesforce wave makes three previously theoretical conversations urgent. The first is the connected-applications audit. Most enterprises have hundreds of OAuth-connected applications across their major SaaS instances. Most have never been audited per scope. The audit is a project plan, not a procurement decision — but it requires SSPM tooling to run at scale. Buyers without an SSPM contract should expect that conversation in the next quarter. The second is the help-desk and admin-user authentication question. Vishing-driven Data Loader installs work because the help desk and admin tier of the identity stack often has weaker authentication than the user population. Phishing-resistant MFA, vishing-aware verification flows, and admin-tier behavioral monitoring are the controls that break the chain. CISOs who have left these controls partially deployed should expect to be questioned by their boards specifically about Medtronic. The third is the SaaS shared-responsibility conversation. Salesforce, like every major SaaS provider, ships a shared-responsibility model that puts customer-side configuration squarely in the customer's lane. The Salesforce wave is forcing the model into procurement language. Expect 2027 SaaS contracts to include explicit customer-side requirements around connected-app governance, OAuth-scope review cadence, and data-loader controls. Cyber-insurance underwriters will follow. ## What changes for cybersecurity vendors and acquirers For [public security platforms](/#stock-lists) and acquirers, the Salesforce wave is the M&A catalyst for the SSPM and ITDR categories. The major XDR and SSE platforms — Palo Alto Networks, [CrowdStrike](/stocks/crwd), SentinelOne, Cisco, Zscaler — all need a credible answer to the SaaS-fabric question. CrowdStrike already has Adaptive Shield from a 2024 acquisition. The others have varying combinations of partial coverage. Expect at least one platform-vendor SSPM acquisition before Q4 2026. The identity vendors — [Okta](/stocks/okta), Microsoft, CyberArk (now PANW) — face a sharper version of the same question. The OAuth scope governance gap the campaign exploits sits inside their territory. Whether they extend their identity products into SaaS-fabric governance natively or acquire SSPM and ITDR specialists is the open question. Both paths are credible. Both will be priced. Salesforce itself faces a separate strategic question. The shared-responsibility narrative held for Snowflake in 2024. It may hold for Salesforce in 2026. But the difference between the two events is volume — the Salesforce wave has compromised data at meaningfully more enterprises than Snowflake did. Expect Salesforce to ship more native posture tooling in the next two quarters than it has shipped in the prior two years. The CASB incumbents — Netskope, Zscaler's part of the SSE stack, Palo Alto's Prisma — face the unspoken question of whether their SaaS coverage actually catches this attack chain. The honest answer for most CASB deployments is *no, not yet*. The dishonest answer is what the next round of marketing claims will say. ## What to watch next Three signals over the next two quarters will tell us how the Salesforce wave reshapes procurement and M&A. The first is the next material SSPM or ITDR acquisition. CrowdStrike has Adaptive Shield. PANW has CyberArk. The next platform-vendor purchase in this layer sets pricing and signals which incumbents are filling the gap by acquisition versus by building. The second is regulatory response. The SEC's cybersecurity disclosure rule has been [played out at Itron](/blog/itron-breach-ot-vendor-blind-spot-2026); a Medtronic 8-K with material framing or a follow-on regulatory action would set the precedent for SaaS-supply-chain breaches specifically. The healthcare angle adds HIPAA exposure that Itron's industrial scope did not carry. State AGs and class-action firms are paying attention. The third is whether ShinyHunters or a successor campaign expands to other major SaaS surfaces. Workday, ServiceNow, GitHub, and the major HR and finance SaaS instances are all OAuth-fabric environments with similar governance gaps. The campaign's economic incentive is clear. The defenders' clock is shorter than it looks. The cybersecurity industry has spent two years debating whether AI agents are the new attack surface. The Salesforce wave is the reminder that the SaaS fabric is already the largest attack surface most enterprises have. The agents are coming. The fabric is here. Itron showed cybersecurity could not see what it did not own. The Salesforce wave shows cybersecurity does not control what it does own. Both lessons compound. ## Frequently asked questions ### What is the ShinyHunters Salesforce campaign? ShinyHunters is a financially motivated threat actor running a coordinated campaign against Salesforce environments. The technique chain is consistent across victims: vishing calls to help-desk or admin users, social-engineered installation of malicious connected applications (often disguised as Salesforce Data Loader), OAuth token issuance from the Salesforce instance to the attacker app, bulk export of CRM data using the Data Loader's legitimate API access, exfiltration, and extortion or leak-site posting. The victim list through 2025 and 2026 includes Workday, TransUnion, Allianz Life, Google, Cisco, LVMH brands, Adidas, Qantas, McGraw-Hill, and Medtronic. ### Why is the Salesforce wave structurally different from a typical SaaS breach? The wave exposes a category-level governance failure rather than a single-vendor vulnerability. Salesforce itself is not breached; its customers' OAuth scope governance, connected-applications audits, and admin-tier authentication are. Because Salesforce is the CRM of record for a meaningful share of the Fortune 500, the customer-side governance problem is functionally a single attack surface across hundreds of major enterprises. That is a different threat model than a single SaaS vendor having a vulnerability — and it is what makes the campaign category-defining rather than incident-specific. ### Which cybersecurity vendor categories see the strongest demand catalyst from the Salesforce wave? Three categories. SaaS Security Posture Management (SSPM) — Obsidian Security, AppOmni, CrowdStrike's Adaptive Shield, Valence, Reco, DoControl — inventories connected applications and surfaces misconfigurations. Identity Threat Detection and Response (ITDR) — Push Security, Permiso, Mitiga, CrowdStrike Falcon Identity — detects the OAuth abuse patterns the campaign produces. OAuth and non-human identity governance — Astrix (now Cisco), Oasis Security, Entro — governs the credentials and connected applications that are the actual attack surface. Vendors with credible products in any of these three categories will see meaningfully shorter sales cycles through the rest of 2026. ### How does the Salesforce wave compare to the 2024 Snowflake breaches? Both are SaaS supply-chain multipliers — single attack surfaces propagating to dozens of customer environments. Snowflake's 2024 wave hit roughly 165 customer environments through stolen credentials lacking MFA. The Salesforce campaign uses a different chain (vishing-to-Data-Loader-to-OAuth-token instead of pure credential theft) and has hit more major enterprises by name. The structural lesson is identical: the SaaS-to-identity fabric is the actual attack surface, and customer-side governance is what determines exposure. The defenders' takeaway should also be identical, but the volume and visibility of the Salesforce wave is forcing the conversation in a way Snowflake's mostly did not. ## Sources - [Data breach at edtech giant McGraw Hill affects 13.5 million accounts](https://www.bleepingcomputer.com/news/security/data-breach-at-edtech-giant-mcgraw-hill-affects-135-million-accounts/) — BleepingComputer - [Educational company McGraw Hill says Salesforce misconfiguration led to data leak](https://therecord.media/mcgraw-hill-data-leak-tied-to-salesforce-misconfiguration) — The Record (Recorded Future News) - [Medtronic Hack Confirmed After ShinyHunters Threatens Data Leak](https://www.securityweek.com/medtronic-hack-confirmed-after-shinyhunters-threatens-data-leak/) — SecurityWeek - [Medtronic discloses security incident after ShinyHunters claimed theft of 9M+ records](https://securityaffairs.com/191391/cyber-crime/medtronic-discloses-security-incident-after-shinyhunters-claimed-theft-of-9m-records.html) — Security Affairs - [ShinyHunters strike again: Workday breach tied to Salesforce-targeted social engineering wave](https://www.csoonline.com/article/4042191/shinyhunters-strike-again-workday-breach-tied-to-salesforce-targeted-social-engineering-wave.html) — CSO Online --- # How to Read Cybersecurity Funding Signals: A 2026 Framework Source: https://cyber-biz.com/blog/cybersecurity-funding-signals-framework-2026 Published: 2026-05-09 Author: Tal Eliyahu Category: Funding News Tags: AI Security, Governance and Assurance, Identity and Access Management, Third-Party Risk Management, Governance, Risk, and Compliance > The cybersecurity funding round most worth reading is rarely the one with the biggest headline number. A framework for reading 2026's signals. ## Key facts - Four cap-table shapes in 2026 cybersecurity: tier-one financial-led (default), strategic-only (XBOW pattern), generalist growth fund-led (Cloudsmith / TCV pattern), sovereign/regional-anchored (Sitehop pattern) - Strategic-only rounds historically convert to acquisition within ~18 months at non-trivial rate. The check is the rehearsal - Generalist growth funds (TCV, Tiger, Coatue, ICONIQ, Stripes, Insight) leading a cybersecurity round signals category graduation to mainstream software infrastructure investing — multiples reset, acquirer base widens - Capstone Partners reports 4.3x EV/Revenue average across 79 YTD 2026 strategic transactions; ION/Mergermarket clusters strategic deals at 6-8x ARR with 8-10x for most strategic targets. Average ticket up to $461M from $171M YoY - Geographic signature predicts procurement preferences: UK/European cap tables for sovereign deployment; Israeli cap tables for US enterprise procurement plus technical-talent supply; Indian for Asian markets - Stage compression: Series A check sizes in agentic categories well above prior-cycle norms (7AI $130M, Artemis $70M). Window between Series A and acquisition compressed to 12-18 months - Read absences as carefully as presences: undisclosed valuations, undisclosed leads, vague participation language, and who is NOT in the round all carry signal The cybersecurity funding round most worth reading is rarely the one with the biggest headline number. The number is the noisy signal. The structure is the clean one. In the past four months, cyber-biz.com has analyzed three rounds across three different structural shapes — [XBOW's strategic-only Series C extension](/blog/xbow-strategic-round-cybersecurity-ai-capital-2026), [Cloudsmith's TCV-led Series C](/blog/cloudsmith-72m-series-c-ai-supply-chain-2026), and the broader [cybersecurity M&A landscape](/blog/cybersecurity-ma-landscape-2026-platforms-draw-map) the platforms are drawing. Each round told a different forward signal. Each forward signal predicted a different downstream event. This piece is a framework for reading those signals — what each component of a round actually says about the company, the category, and the M&A landscape three to eighteen months ahead. It is a structured way to look at the cybersecurity funding cycle of 2026, applicable to whichever round announcement crosses your desk next. ## The cap table is a leading indicator The dollar amount is the press-release headline. The cap table is the actual signal. For any cybersecurity Series B and later round, four cap-table shapes predict different downstream outcomes. **Tier-one financial lead with strategic participation.** The standard structure. The lead VC prices the round, signals validation, and brings the network. Strategics fill the remaining capacity. This shape is the default and tells you the company has a credible thesis-stage investor base. It says little about acquisition timing. **Strategic-only.** No financial lead. The round comes entirely from customers, partners, distribution channels, and prospective acquirers. This shape is rare and high-signal. It indicates the product has crossed from experimental to enterprise procurement, and that strategics are paying for roadmap influence on a product they already depend on. XBOW's $35 million extension in May, anchored by NVIDIA, Samsung, Accenture, and SentinelOne, is the cleanest 2026 example. **Generalist growth fund lead.** A non-cybersecurity-specialist fund leads the round. TCV, Tiger Global, Coatue, ICONIQ, Stripes — the firms that built positions in Spotify, Netflix, Airbnb, Splunk's pre-IPO. Cloudsmith's $72 million Series C in April is the 2026 marker. This shape signals the category is graduating from niche cybersecurity bet to mainstream software infrastructure investing. **Sovereign or regional capital lead.** A geographically anchored fund (UK, European, Israeli, Indian, sovereign wealth) leads. The buyer base reading the round is procurement teams in that region's regulated sectors and government-adjacent enterprises. [Sitehop's UK-anchored cap table](/blog/sitehop-safecore-edge-pqc-hardware-refresh-2026) (Northern Gritstone, Amadeus, Mercia, NPIF) fits this pattern. Each shape predicts a different acquirer set, a different valuation comp, and a different time-to-exit. Knowing which one you are reading is the first analytical move. ## Strategic-only rounds rehearse acquisitions Strategic-only rounds are the highest-signal cap-table shape in 2026 cybersecurity. The historical conversion pattern is consistent. When a public security vendor writes a strategic check into a private cybersecurity company at meaningful scale, the position has converted to a full acquisition within roughly 18 months at a non-trivial rate. The check is the rehearsal. The acquisition is the show. The mechanism is straightforward. A strategic investment locks in commercial relationships, gives the public vendor visibility into roadmap, and creates an option to convert the position into ownership. Compared to building the capability internally, acquiring after a strategic-investment period is faster, lower-risk, and pre-validated by customer commercial use. Compared to acquiring cold, post-investment acquisition has integration paths and customer references already in place. The pattern repeats with NVIDIA. NVIDIA NVentures has investments across cloud security, MLOps, and observability companies that NVIDIA does not need for distribution but does need for runtime visibility into where AI workloads run. The investments are GPU-consumption rehearsals as much as capability-acquisition rehearsals. For [public security companies](/#stock-lists) — [CrowdStrike](/stocks/crwd), [Palo Alto Networks](/stocks/panw), [SentinelOne](/stocks/s), [Cisco](/stocks/csco) — the venture arm is functionally a deal-pipeline tool. Investors and corp-dev teams reading these rounds should map the strategic positions of public security vendors specifically. The next twelve to eighteen months of M&A is partly visible in the cap tables of today. What the strategic-only round does not tell you is which of the public investors will be the eventual acquirer. Multiple strategics in the same cap table can signal a competitive M&A process — or a coordinated decision to keep the company independent until the category resolves. Reading which is which requires reading the strategic positioning of each investor in adjacent categories. ## Generalist growth funds signal category graduation When a generalist software growth fund leads a cybersecurity round, the signal is not about the company. It is about the category. Generalist growth funds — TCV, Tiger Global, Coatue, ICONIQ, Stripes, Insight Partners on the larger end of its book — invest across software infrastructure broadly. Their portfolio comparables are companies like Snowflake, MongoDB, HashiCorp, Splunk, GitHub, JFrog, and the rest of the developer-tooling and enterprise-infrastructure cohort. When one of these funds leads a cybersecurity Series C, the firm is benchmarking the company against that comparable set, not against pure-play cybersecurity Series C rounds. That changes three things at once. The valuation comp resets. Generalist growth funds price against software-infrastructure multiples, which are higher than pure-play cybersecurity multiples for companies of comparable scale. Cybersecurity companies that close generalist-led rounds get re-priced upward. The acquirer base widens. The natural acquirers for a software-infrastructure company include developer-tooling platforms (GitHub / Microsoft, GitLab, JFrog, HashiCorp / IBM), workflow platforms (ServiceNow, Atlassian, Salesforce), and the broad enterprise-infrastructure cohort. Pure-play cybersecurity acquirers are still in the set; they are no longer the only option. The procurement narrative shifts. Cybersecurity sold by generalist-funded companies tends to be sold as software infrastructure with security implications, rather than as cybersecurity products with software implications. The buyer base is platform engineering and engineering leadership, not just CISOs. Cloudsmith's TCV-led Series C is the cleanest 2026 example. The round positions Cloudsmith for software-infrastructure comparable pricing rather than pure-play cybersecurity multiples. The acquirer base now plausibly includes JFrog, HashiCorp, GitHub, ServiceNow, and Snyk. The procurement narrative is software supply chain, not cybersecurity SaaS. For founders, the strategic implication is that pitching a generalist fund requires a different deck and a different comparable set than pitching a cybersecurity-specialist fund. The companies that prepare for both audiences see broader investor sets and better pricing. The ones that prepare for only one see the round priced like the audience they pitched. ## Comparable deal pricing is the only honest valuation comp The most over-cited number in cybersecurity funding analysis is the public-company multiple. The most under-cited is the strategic-acquisition multiple. For 2026 cybersecurity Series A through Series E rounds, the relevant comparables are not Palo Alto Networks' EV/Revenue or CrowdStrike's price-to-sales. The relevant comparables are: what did the platform vendors pay for the last three acquisitions in this category, and at what revenue and growth profile. [Capstone Partners' Q1 2026 cybersecurity update](https://www.capstonepartners.com/insights/article-cybersecurity-market-update/) reports an average EV/Revenue multiple of 4.3x across 79 verified strategic transactions in YTD 2026 — on par with the eight-year sector average of 4.6x, not the 2021-2022 froth. [ION/Mergermarket](https://ionanalytics.com/insights/mergermarket/cybersecurity-ma-stalls-after-2025-surge-as-ai-resets-valuations-dealspeak-north-america/) clusters strategic deal discussions at 6-8x ARR, with 8-10x reserved for the most strategic targets. Average ticket size up to $461 million from $171 million year over year, driven by mix toward larger strategic deals. Those numbers anchor the actual cybersecurity funding economics in 2026. They are the comp set Series C and later rounds should be priced against. The distinction matters because public-comp pricing tends to compress acquisition exits and inflate ongoing-business valuations, while strategic-acquisition comp pricing does the opposite. A category where strategic acquirers are paying 8-10x ARR for the leader has very different funding economics than a category where strategic acquirers cap at 5x ARR. For cybersecurity venture investors, the practical implication is to maintain category-specific strategic-acquisition comp tables, not just public-comp benchmarks. The categories where strategic acquirers are paying premium are the categories where venture-stage investments can be priced richly. The categories where strategic acquirers cap at sector-average are the categories where venture-stage discipline matters more. For founders raising in 2026, the implication is to know the strategic-acquisition comp pricing for your specific category before walking into a financing conversation. The funds that price your round will know it. The funds that don't will be the ones you don't want leading. ## Public-vendor venture investments are soft M&A signals Strategic investments by public cybersecurity vendors warrant their own analytical line item. CrowdStrike's S Ventures, Palo Alto Networks' venture arm, SentinelOne's S Ventures, Cisco's investments, Microsoft's M12, Okta Ventures, and a handful of others run as quasi-acquisition pipelines. The investments are real venture bets, but the strategic intent runs through the corporate development team, not just the venture team. The historical pattern: a strategic investment from a public security vendor into a category-adjacent private company, at meaningful check size and at later than seed stage, has historically converted to M&A inside 18 months at a non-trivial rate. What to read in the round: which public vendor is in the cap table, at what scale, and into which category. Multiple public-vendor investments in the same cap table can signal a coordinated decision to maintain optionality, or a competitive M&A process forming early. Reading which is which requires understanding each public vendor's adjacent acquisitions and stated strategic priorities. For M&A and corp-dev teams at competing platforms, public-vendor venture investments are the leading indicator that should drive their own pipeline review. If PANW wrote a strategic check into a private agent-aware DLP company in Q2 2026, the corp-dev teams at Cisco, CrowdStrike, and Microsoft should be paying particular attention to the rest of that category by Q4. The vendor that closes the acquisition first sets the comparable price for the rest. For cybersecurity venture investors, the practical implication is to follow public-vendor venture activity as a category-formation signal. The categories where multiple public vendors are writing checks are the categories where the platforms have decided the layer matters. The categories where no public vendors are present are categories where venture-stage thesis still has to do the work. ## Geography signals procurement preferences The cap table tells you who is investing. The geography of the cap table tells you who is buying. In 2026 specifically, geographic signature predicts procurement preferences in ways US-centric coverage tends to miss. UK and European-anchored cap tables (Sitehop's Northern Gritstone, Amadeus, Mercia; the broader European deep-tech cohort) signal positioning toward European, UK, and allied-government procurement. As [federal cyber capacity in the US has come under strain](/blog/cisa-april-collapse-cyber-backstop-privatizes-2026), allied governments and critical-infrastructure operators in the EU, UK, and parts of Asia have become increasingly unwilling to accept US-only stacks at sensitive layers. Cap tables anchored in those geographies position the company to win that procurement preference. Sitehop's UK cap table is doing exactly this work in the PQC silicon category. Israeli cap tables (Cyberstarts, YL Ventures, Team8, Glilot, Insight Partners' Israel positions) signal positioning toward US enterprise procurement combined with Israeli technical talent supply. The 2026 M&A wave has Israeli targets disproportionately represented — Wiz, CyberArk, Astrix, Koi, Portkey, Cyata, Cyclops, Rotate, Fabrix, Seraphic, [Cyera](/vendors/cyera). The Israeli supply curve for agentic-identity and AI-security is structurally important and continues to set the pace. Indian cap tables — still rare in cybersecurity — signal positioning toward Asian enterprise procurement and the global services market. US cap tables remain the default. They signal nothing in particular beyond what the specific firms in the cap table tell you. For procurement teams in regulated sectors, especially those headquartered outside the US, the geographic signature of a vendor's cap table is increasingly a procurement input. For founders raising in 2026, the implication is that geographic positioning should be intentional — neither default nor accidental. ## Stage compression is the 2026 pattern One pattern cuts across every other signal in the 2026 cybersecurity funding cycle. Stage compression. Series A check sizes have grown materially. 7AI's $130 million Series A for agentic SOC, Artemis's $70 million Series A for AI-vs-AI defense, and the broader cohort of large 2026 Series A rounds in agentic-security categories sit well above the $20-40 million range that defined cybersecurity Series A through 2023. The compression is real and category-specific. The mechanism is the same one driving the [agentic security category map](/blog/agentic-security-category-map-six-layers-2026): the platform vendors are buying earlier, smaller, and faster than they did in the prior cycle. They learned from cloud security that the cost of being late is paying $25 billion or $32 billion to a category leader. To prevent the next Wiz from emerging, they are acquiring before the category leader is established — which forces venture investors to price earlier-stage rounds at premium multiples to capture position before the platforms move. The practical implication for venture investors is that the window between Series A and acquisition has compressed for the agentic-security categories specifically. The window in less-active categories has not. Reading which window applies to which round is the analytical work. For founders, the implication is that the runway between independent operation and acquisition pressure is shorter than it was in the prior cycle. Series B and later rounds in agentic categories should be planned with the assumption that platform-vendor M&A interest will arrive within twelve to eighteen months of the Series B close. Founders who want a longer runway should price their next round and structure their cap table for that specific outcome. For procurement teams, the implication is procurement-side acquisition risk. Buying from an independent leader in any of the contested agentic layers carries meaningful probability that the vendor is acquired before the next renewal. That should be priced into the contract. ## What the round announcement does not say The press release tells you what the company wants the market to read. The structural signal often lives in what the press release does not say. Four absences are worth reading. **Undisclosed valuation.** A round closes without a stated valuation. Sometimes this is a flat or down round being soft-pedaled. Sometimes it is a strategic round where the strategic investors do not want the price benchmarked publicly. Sometimes it is a fast follow-on at improvised pricing. The interpretation depends on the rest of the cap-table signal — but valuations get disclosed when they are flattering, and stay quiet when they are not. **Undisclosed lead investor.** A round announces strategic participants without naming a lead. This pattern signals either a strategic-only round (no financial lead) or a discount-priced round where the lead does not want the round associated with their public partner. Either way, the absence is signal. **Vague participation language.** *Significant participation*, *follow-on investment*, *expanded position* — language that obscures whether the named investor wrote a meaningful new check or rolled an existing position. The press-release language tells you who wanted to be named on the announcement; the actual money distribution is harder to read. **Who is not in the round.** The obvious specialist fund that did not lead. The obvious strategic acquirer that did not invest. The prior-round lead that did not follow on. Each absence carries its own signal — and each is harder to read than the presence signals. Reading absences requires knowing the universe of plausible investors and acquirers for the category. Investors and corp-dev teams that maintain that knowledge are the ones who consistently read funding signals well. The ones that do not are the ones who notice the patterns only after the press release has stopped surfacing in the news cycle. The round announcement is a curated artifact. The structural signal is the diff between the announcement and what the announcement could have said. ## How to read the next round you see Apply the framework in order. Cap-table composition first. Comparable pricing second. Public-vendor presence third. Geographic signature fourth. Stage compression fifth. Absences sixth. Most rounds tell a clear story when read against all six dimensions. The minority that do not are usually the ones worth a second pass. Frameworks are not predictions. They are the discipline of reading signals consistently rather than chasing headline numbers. The cybersecurity funding cycle of 2026 has produced more readable signals than any prior cycle. The investors and founders who read them well will spend less time guessing what the platforms will buy, and more time building or backing the companies the platforms have to buy. ## Frequently asked questions ### How do I tell a strategic-only round from a typical strategic-led round? A typical round has a tier-one financial lead investor that prices the round and brings the network, with strategics filling the remaining capacity. A strategic-only round has no financial lead at all — every dollar comes from a customer, partner, distribution channel, or prospective acquirer. The signal flips from thesis-stage validation to enterprise procurement validation. XBOW's $35 million Series C extension in May 2026, anchored by NVIDIA, Samsung, Accenture, and SentinelOne with no traditional VC lead, is the cleanest 2026 example. Strategic-only rounds historically convert to acquisition within roughly 18 months at non-trivial rates. ### What does it mean when a generalist growth fund leads a cybersecurity round? When TCV, Tiger Global, Coatue, ICONIQ, Stripes, or Insight Partners' larger book leads a cybersecurity Series C — instead of a Cyberstarts, Greylock, or Sequoia — the category is graduating from niche cybersecurity bet to mainstream software infrastructure investing. Three things change: the valuation comp resets to software-infrastructure multiples (which are typically higher than pure-play cybersecurity for comparable scale), the acquirer base widens to include developer-tooling and workflow platforms (GitHub, ServiceNow, Atlassian) alongside cybersecurity-specialist acquirers, and the procurement narrative shifts from *cybersecurity SaaS* to *software infrastructure with security implications*. Cloudsmith's TCV-led $72 million Series C in April 2026 is the cleanest 2026 marker. ### How should a cybersecurity Series C be priced in 2026? Against strategic-acquisition comparables for the specific sub-category, not against public-company multiples. Capstone Partners reports 4.3x EV/Revenue average across YTD 2026 strategic transactions. ION/Mergermarket clusters strategic deal discussions at 6-8x ARR, with 8-10x reserved for the most strategic targets. Average ticket size has risen to $461 million from $171 million year over year, driven by mix toward larger strategic deals. The categories where strategic acquirers are paying 8-10x ARR are the categories where venture-stage investments can be priced richly. The categories where strategic acquirers cap at sector-average require more pricing discipline. ### What 2026-specific patterns should investors and founders prepare for? Three. First, stage compression — Series A check sizes in agentic-security categories sit well above prior-cycle norms (7AI $130M, Artemis $70M), and the window between Series A and acquisition has compressed to 12-18 months. Second, public-vendor venture activity as soft M&A signal — strategic checks from CrowdStrike, Palo Alto, Cisco, SentinelOne convert to M&A at non-trivial rates inside that window. Third, geographic signature as procurement signal — UK and European cap tables position for allied-government and EU procurement at the moment US federal cyber capacity is under strain; Israeli cap tables remain the dominant supply curve for agentic-identity and AI-security categories. ## Sources - [Capstone Partners Q1 2026 Cybersecurity Market Update](https://www.capstonepartners.com/insights/article-cybersecurity-market-update/) — Capstone Partners - [Cybersecurity M&A stalls after 2025 surge as AI resets valuations](https://ionanalytics.com/insights/mergermarket/cybersecurity-ma-stalls-after-2025-surge-as-ai-resets-valuations-dealspeak-north-america/) — ION Analytics / Mergermarket - [Q1 2026 cybersecurity M&A consolidation analysis](https://tech-insider.org/cybersecurity-ma-consolidation-2026/) — Tech Insider - [Cybersecurity Funding Surges to $4.62B in Q1 2026](https://www.prnewswire.com/news-releases/cybersecurity-funding-surges-to-4-62b-in-q1-2026-as-capital-returns-with-greater-discipline-pinpoint-search-group-reports-302735486.html) — Pinpoint Search Group / PR Newswire - [SecurityWeek 2025 Cybersecurity M&A Report (baseline)](https://www.securityweek.com/securityweek-report-426-cybersecurity-ma-deals-announced-in-2025/) — SecurityWeek --- # Cisco’s Astrix Deal Puts Non-Human Identity in the Platform Layer Source: https://cyber-biz.com/blog/cisco-astrix-non-human-identity-platform-layer Published: 2026-05-05 Author: Tal Eliyahu Tags: Identity and Access Management, AI Security, Governance and Assurance, Third-Party Risk Management > Cisco’s planned acquisition of Astrix Security moves non-human identity into IAM, zero trust access, Duo, Secure Access, and SOC workflows—not just another identity security tuck-in. Cisco’s planned acquisition of Astrix Security is not just another identity security deal. It moves non-human identity closer to the places where access is already managed, enforced, monitored, and investigated: IAM, zero trust access, Duo, Secure Access, and the SOC. Cisco announced its intent to acquire Astrix on May 4, 2026. Cisco described Astrix as focused on the credentials used by modern systems, including API keys, service accounts, OAuth tokens, secrets, and the credentials AI agents use to access enterprise systems. Cisco said Astrix capabilities cover AI-agent discovery and governance, access and lifecycle management, threat detection and response, and secrets management across vaults and cloud environments. Cisco also said it plans to integrate Astrix into Cisco Identity Intelligence, Cisco Secure Access, and Duo IAM, with activity context feeding into Splunk or other SIEMs. Cisco did not disclose deal terms. The deal has been valued at roughly **$400 million** in market coverage, but the more important point is where Cisco plans to place Astrix: inside identity, access, and security operations workflows. Astrix is not positioned only around finding forgotten service accounts. Its product messaging covers inventory for AI agents, MCP servers, service accounts, OAuth apps, API keys, SSH keys, IAM roles, secrets, owners, permissions, accessed resources, abnormal activity, and risk prioritization. That places the product at the point where discovery starts turning into access control. That distinction matters because the NHI problem is no longer limited to secrets hygiene. A service account, OAuth app, API key, CI/CD credential, SaaS integration, workload identity, or AI agent can carry access across several systems. The question is not only whether the identity exists. It is who owns it, what it can reach, whether the access is still needed, what business process depends on it, and what should happen when behavior changes. Cisco is not alone in moving this problem into larger platforms. CyberArk completed its Venafi acquisition in 2024 to expand machine identity security. CrowdStrike signed a definitive agreement to acquire SGNL in January 2026 to support continuous access decisions for human, non-human, and AI identities. Cyera acquired Otterize in 2025 to add cloud-native non-human identity and data-flow controls into its data security platform. ## Enterprise Discovery is not enough. A tool that only lists API keys, OAuth tokens, service accounts, secrets, or AI agents still leaves the main questions unanswered: **who owns the identity, what access does it have, where is it being used, and how can risky access be reduced without breaking production?** The product needs to connect **identity, owner, privilege, data access, runtime behavior, and remediation**. It also needs to work inside existing **IAM, PAM, SIEM, cloud, SaaS, CI/CD, vault, and data security workflows**. Otherwise, it becomes another inventory screen. ## Vendors The market is moving from visibility to enforcement. IAM, PAM, CNAPP, DSPM, SaaS security, CI/CD security, vaults, and SIEM vendors all touch part of the NHI problem. The stronger position is not “we find non-human identities.” It is **“we control how software, integrations, workloads, and AI agents access business systems.”** ## Founders and investors A standalone NHI company needs more than inventory. It needs clear remediation, agent governance, workflow integration, and proof that it can reduce risky access without breaking production. That is where the category gets harder, and where acquisition interest becomes easier to understand. ---