Hope you had a great weekend, and a happy start to Cyber Earnings Season to all those who celebrate! 🫡
AI may be dominating most things we know, but Cyber will not be going quietly into that good night without a fight.
If public cyber stocks continue to take massive hits when AI companies announce security capabilities, that can be seen as a challenging sign for the cyber industry. Investors, founders, and customers can get nervous (in that order), as we’ve not seen technology move this quickly before.
But if we look at the inverse of that, if AI does NOT make public cyber stocks take a massive hit when they release security capabilities, or if we cyber rebounds quickly, that’s a much bigger hit to the AI narratives (and potentially the economy as we know it), as it may mean that AI might not be the great job destroyer we’ve been led to believe.
It’s like trying to carry all of your groceries into your house after shopping in one go. If you can’t carry them all in one go, do you even lift? But if you CAN carry them all in one go, do you even eat? Either way, it’s time to “beef up.” (I’ll see myself out 🚕)
I’m in that camp that the answers are not so easy to draw a conclusion to yet, but from where I’m standing, I’m seeing AI as much more of a cyber accelerant than anything else.
PARTNER
Inside Escape's pentest agents: BOLA, business logic & regression testing
How the agents coordinate and where they still fall short
If you're curious why and how the agentic orchestration layer might matter as much as the underlying AI model, this is worth a read.
Escape broke down what each of their pentest agents does:
- BOLA agent tests across tenants
- Business logic agent catches race conditions in payment flows
- Regression agent turns last quarter's pentest or bug bounty report into a check on every build and helps to re-validate any fixes
And how they coordinate. They also say where it still breaks down.
Table of Contents
😎 Vibe Check
Click the options below to vote on whether you are a practitioner, founder, or investor. Feel free to leave a comment, and I'll feature the best takes in next week’s write-up!
By the end of 2026, the dominant story in cyber spending will be?
Last issue’s vibe check:
What's happening with the cyber budget in 2026 at your company?
🟩🟩🟩🟩🟩🟩 Up >10%
🟨🟨🟨🟨⬜️⬜️ Flat-ish at +/- 5%
🟨🟨🟨🟨⬜️⬜️ Down, but reallocated to AI/Automation
🟨⬜️⬜️⬜️⬜️⬜️ Down, full stop
The results from last week’s vibe check were a little surprising, but were almost evenly split in the top three results.
I didn’t expect the winning vote to be for a 10%+ increase in cyber budgets, but the directional signaling is pretty interesting. I expected the winner to be "down, but reallocated to AI/automation,” which is what most people are selling, but it was narrowly beaten by the Up 10% crowd. 2026 may not be a cost-rationalization year after all. 🤔
What last week’s vibe check doesn’t tell us, however, is where budgets are shaking out. Is it net-new headcount? More AI-driven tooling? Rip and replace?
The poll this week goes after exactly that.
Some of the top comments from last week’s vibe check:
💬 “AI all the things!”
🔭 Zooming Out
Stories hidden in the numbers
Chopped & Skewed - Numbers in the market have looked a bit different these last few weeks. Normally, we say funding events outpace acquisitions, but that’s becoming less of a thing as of late. M&A has been fast been on the rise this year, while funding announcements continue to decelerate. The key word is is “announcements,” since deals often close 3-6+ months before they are announced. There is a ton of unannounced activity out there.
💰 Market Summary
Private Markets
5 companies from 5 countries raised $47.4M across 5 unique categories
Average disclosed deal size was $11.8M (median: $11.8M)
100% of funded companies were product companies
12 companies from 4 countries were acquired for $100.7M across 10 unique categories
67% of acquired companies were product companies
Public Markets
3 public cyber companies had an earnings report last week - $VRNS ( ▲ 3.43% ), $TENB ( ▼ 1.88% ), $CHKP ( ▲ 2.1% )
📸 YoY Snapshot
Rolling 13-week charts that compare funding and acquisitions week over week, year over year, comparing 2025 to 2026.
Funding is feeling a bit quiet as of late. Average deal size over the last 13 weeks climbed to $24.4M, while the median dropped to $12.1M, meaning a few mega-rounds are propping up otherwise sparse activity.
M&A is up 32% year-to-date (YTD) in 2026 as of last week!
PARTNER
Strengthen Access, Defend Credentials & Stay Ahead at #GartnerSEC
Elevate your security strategy with Gartner’s trusted expertise
World Password Day is fast approaching. Securing your organization starts with robust passwords and innovative authentication solutions. Join us at Gartner Security & Risk Management Summit 2026, June 1 – 3, in National Harbor, MD, to learn how passwordless solutions, multi-factor authentication, and AI-powered defenses are shaping the future of identity security.
Gain actionable insights on credential management, user awareness, and tools to prevent breaches. Register before April 10 to save $450!
🧩 Funding By Product Category
$15.2M for Bug Bounty across 1 deal
$13.6M for Internet of Things (IoT) Security across 1 deal
$10.0M for Continuous Automated Red Teaming (CART) across 1 deal
$8.6M for Threat Intelligence across 1 deal
An undisclosed amount for Identity and Access Management (IAM) across 1 deal
🏢 Funding By Company
Product Companies:
Bug Bounty Switzerland, a Switzerland-based managed bug bounty platform, raised a $15.2M Series A from Deutsche Beteiligungs and Direttissima Growth Partners. (more)
General Analysis, a United States-based automated red teaming platform, raised a $10.0M Seed from Altos Ventures. (more)
QuoIntelligence, a Germany-based cyber threat intelligence platform, raised an $8.6M Series A from Elevator Ventures. (more)
Cyphercor, a Canada-based zero trust identity and access management platform, raised an undisclosed Grant from the Ontario Centre of Innovation. (more)
Service Companies:
None
SEC filings may reflect partial or interim fundraising and can understate the final round numbers.
🌎 Funding By Country
$15.2M for Switzerland across 1 deal
$13.6M for the United Kingdom across 1 deal
$10.0M for the United States across 1 deal
$8.6M for Germany across 1 deal
An undisclosed amount for Canada across 1 deal
🤝 Mergers & Acquisitions
Product Companies:
CyberCatch, a United States-based security and compliance automation platform for defense contractors, was acquired by Datavault AI for $100.7M. CyberCatch has not previously disclosed funding. (more)
Annex Security, a United States-based browser extension security platform, was acquired by Socket for an undisclosed amount. Annex Security has not previously disclosed funding. (more)
Audra Security, a United Kingdom-based network security platform, was acquired by Ikigai Ventures for an undisclosed amount. Audra Security has not previously disclosed funding. (more)
Emulated Criminals, a United States-based breach and attack simulation platform, was acquired by Suzu Labs for an undisclosed amount. Emulated Criminals has not previously disclosed funding. (more)
Fabrix Security, an Israel-based agentic AI platform for automating identity and access management tasks, was acquired by Silverfort for an undisclosed amount. Fabrix Security had previously raised $8.0M in funding. (more)
Portkey, a United States-based unified AI gateway platform, was acquired by Palo Alto Networks for an undisclosed amount. Portkey has not previously disclosed funding. (more)
Service Companies:
Concensus Technologies, a United States-based identity and access management platform for K-12 school systems, was acquired by Novacoast for an undisclosed amount. Concensus Technologies has not previously disclosed funding. (more)
iC Consult, a Germany-based managed security services provider (MSSP) focused on identity and access management (IAM), was acquired by Bridgepoint for an undisclosed amount. iC Consult has not previously disclosed funding. (more)
Risk Mitigation Consulting (RMC), a United States-based professional services firm focused on securing critical infrastructure, was acquired by ABSG Consulting for an undisclosed amount. Risk Mitigation Consulting (RMC) has not previously disclosed funding. (more)
Rpm Technologies, a United States-based managed security services provider focused on the Life Sciences industry, was acquired by Corporate Technologies for an undisclosed amount. Rpm Technologies has not previously disclosed funding. (more)
📚 Great Reads
The Loom Didn't Kill the Weaver - Tom Gorup shares his views on why he thinks AI won't be the end-all, be-all for replacing jobs, and what you can do about it.
Mythos the Nothingburger - The same as it ever was, only now with AI!
*A message from our partners
🧪 Labs
Big if true