Hope you had a great weekend!
I’m not sure if I’m really bad at scheduling meetings of similar types, or if more startups are converging on the mean. I’ve been talking to an increasing number of startups, all focused on securing agent interactions and Computer Use at runtime. The crazy thing is, they’re all doing it from different angles. There is no clear, winning, happy path yet, and there are more risks than we can shake a stick at.
At the same time, much of the AI/Agentic work I’m seeing at companies focuses on accelerating existing processes designed for humans. While Agents can make some improvements, it's also too easy to create "Bad Decisions at Machine-Speed™" (this would be a sick band name).
While process design is a different issue, the whole conversation and evolution around AI Agents have been incredibly fast-moving, and as the capabilities and integration points of agents and AI systems have grown, the need for observability, runtime security checks, and adversarial testing has never been more important.
And as the hype around Mythos "solving" cybersecurity begins to fade, and newer foundational models with comparable cyber abilities emerge, along with open-source models performing as well or better, the world is increasingly aware of a long-standing truth among cyber practitioners. The real challenge in cybersecurity has never been merely identifying vulnerabilities in code, but understanding the motivations behind how businesses and people respond. AI is simply making this friction much more visible now.
What a time to be alive!
PARTNER
Your Developers Installed 47 AI Tools. You Don't Know About Any of Them.
Real-time visibility and governance for AI-driven developer workstations.
Developers are onboarding AI assistants, MCP servers, IDE extensions, and open source packages faster than any security review can keep up with. Every install is a potential entry point — and traditional EDR wasn't built to see inside pip, npm, or Claude Code.
Safety deploys silently across macOS, Windows, and Linux to give you a live inventory of every package, extension, AI tool, and MCP server on every dev workstation. Malicious and unapproved installs get blocked before they land, with zero friction for developers and no tool changes required.
Close the governance gap that agentic coding opened.
Table of Contents
😎 Vibe Check
Click the options below to vote on whether you are a practitioner, founder, or investor. Feel free to leave a comment, and I'll feature the best takes in next week’s write-up!
What's happening with the cyber budget in 2026 at your company?
Last issue’s vibe check:
AI is already writing code, reviewing it, and triaging alerts. Where do you still insist on a human gate?
🟩🟩🟩🟩🟩🟩 Sign off on critical points like AuthN/AuthZ
🟨🟨🟨⬜️⬜️⬜️ Live incident response calls
⬜️⬜️⬜️⬜️⬜️⬜️ Threat modeling critical systems
🟨🟨🟨🟨⬜️⬜️ Honestly, humans are the bottleneck now
Very interesting split last week on the vibe check.
Signing off on critical points like authentication (AuthN) and authorization (AuthZ) is where people felt that humans still needed to be firmly in the loop. There’s nuance here, and I liken it to penetration testing. Not all findings are created equal, and context, reachability, integration points, etc., are important factors. There are levels to this!
Threat modeling via AI received the fewest votes. This makes a lot of sense given that several new startups are popping up in this space, and that it is one of the most consistently called-out parts of security that is very hard to scale. Pack this one up, folks, and let the AI do it. 🤝
An up-and-coming area I see a lot of promise in is the use of AI in incident response and forensic capture processes. So much potential here, but these are high-stakes situations that could wind up in court, so you’ve really got to use it where it counts and tread lightly.
Some of the top comments from last week’s vibe check:
💬 “It’s not just that humans are the bottleneck with AI now, it’s that we’re trying to apply AI to human-designed processes and systems. The sooner we move away from that construct, the better.”
🔭 Zooming Out
Stories hidden in the numbers
Cyber Taking Flight - Airbus (yes, that one) has acquired yet another security company. Now, it’s a huge business that does more than just make airplanes (my personal favorite on long-haul flights), but Airbus has been quietly pulling off a vertical integration play for a few years now. It’s been building a captive cyber arm for its own defense and government customers and creating a complementary layer of “European-owned” cyber capabilities.
💰 Market Summary
Private Markets
10 companies from 3 countries raised $128.7M across 9 unique categories
Average deal size was $12.9M (median: $6.0M)
97% of disclosed funding was for product companies
7 companies from 5 countries were acquired across 7 unique categories
71% of acquired companies were product companies
Public Markets
No public cyber companies had an earnings report last week
📸 YoY Snapshot
Rolling 13-week charts that compare funding and acquisitions week over week, year over year, comparing 2025 to 2026.
While the delta looks stark when comparing last week to the same week in 2025, the reality is that 2026 saw an earlier announcement spike because RSA was a few weeks earlier this year (shoutout to the Easter Bunny). In 2025, the RSA Conference was held from April 28 to May 1, so the week prior was full of the pre-RSA hype one would expect.
M&A, on the other hand, continues to care not about the industry’s timing (or even the Easter Bunny, for that matter). Volume is up ~15% over last year during the same timeframe.
PARTNER
How Leading CISOs Are Building Continuous Compliance
Discover how automation transforms compliance into a continuous advantage.
Compliance isn’t a once-a-year task anymore.
As regulatory scrutiny intensifies and cyber threats evolve, compliance leaders are rethinking how they manage risk and maintain assurance across frameworks.
The CISO Guide to Continuous Compliance explores a modern, automation-driven approach that enables organizations to stay audit-ready year-round.
🧩 Funding By Product Category
$72.0M for Software Supply Chain Security across 1 deal
$26.0M for Threat and Risk Prioritization across 2 deals
$12.6M for Secure Access Service Edge (SASE) across 1 deal
$6.0M for Threat Intelligence across 1 deal
$6.0M for Security Awareness across 1 deal
$3.0M for Professional Services across 1 deal
$2.5M for Red Teaming across 1 deal
$375.0K for Penetration Testing across 1 deal
$200.0K for Continuous Threat Exposure Management (CTEM) across 1 deal
🏢 Funding By Company
Product Companies:
Cloudsmith, a United Kingdom-based application security observability and supply chain management platform, raised a $72.0M Series C from TCV. (more)
Spectrum Security, a United States-based threat detection coverage and detection engineering platform, raised a $19.0M Seed from TechOperators Venture Capital. (more)
Copperhelm, an Israel-based AI agent-driven threat and risk prioritization platform, raised a $7.0M Seed from TLV Partners. (more)
Phin Security, a United States-based security awareness training platform, raised a $6.0M Venture Round. (SEC Filing - may be incomplete)
Autonomous Cyber, a United States-based autonomous offensive security platform for penetration testers and red teams, raised a $2.5M Seed. (SEC Filing - may be incomplete)
ObscureCore, a United States-based threat exposure management platform, raised a $200.0K Seed. (SEC Filing - may be incomplete)
Service Companies:
Crush Security, a United States-based professional services firm focused on threat intelligence and compliance services, raised $3.0M in Angel Funding. (more)
APX Security (formerly APX Labs), a United States-based AI-driven penetration testing service, raised a $375.0K Seed. (SEC Filing - may be incomplete)
SEC filings may reflect partial or interim fundraising and can understate the final round numbers.
🌎 Funding By Country
$72.0M for the United Kingdom across 1 deal
$49.7M for the United States across 8 deals
$7.0M for Israel across 1 deal
🤝 Mergers & Acquisitions
Product Companies:
Armour Communications, a United Kingdom-based secure collaboration and encrypted messaging platform, was acquired by PentenAmio for an undisclosed amount. Armour Communications had previously raised $2.2M in funding. (more)
Cryptovision, a Germany-based cryptography and PKI platform, was acquired by Atos for an undisclosed amount. Cryptovision has not previously disclosed funding. (more)
QUARKS LAB, a France-based application security platform focused on code integrity, encryption, and anti-tampering, was acquired by Airbus for an undisclosed amount. QUARKS LAB has not previously disclosed funding. (more)
VISO Trust, a United States-based third-party vendor risk management platform, was acquired by Protecht for an undisclosed amount. VISO Trust had previously raised $21.0M in funding. (more)
Service Companies:
ImagineX's Cybersecurity Business, the cybersecurity consulting business unit of the ImagineX digital services firm, was divested and acquired by TekStream Solutions for an undisclosed amount. ImagineX will continue to operate its core divisions, and the cybersecurity business has not previously disclosed funding. (more)
IOvations, a United States-based managed security services provider (MSSP), was acquired by Alchemy Technology Group for an undisclosed amount. IOvations has not previously disclosed funding. (more)
📚 Great Reads
The Token Threshold - Every software product now has an invisible line. Is your Buyer actually an Agent?
*Nothing happening is everything in identity security - See how Delinea’s identity security platform works quietly in the background—reducing risk, cutting alert noise, and enabling real-time access decisions so your business runs smoothly, securely, and without interruption.
Project Glasswing and the Soft Underbelly Problem - Project Glasswing is good work, and the industry needed it, but now the harder question to answer is what happens when these same capabilities point at the parts of the internet nobody watches?
*A message from our partners
🧪 Labs
The ‘s’ is silent