Hope you had a great weekend, and a belated May the 4th (be with you) to all those who celebrated.
There’s a growing trend of companies laying off employees and citing AI as part (or sometimes all) of the reason. Two of them happened in the cyber world last week, as you’ll see below.
While that sounds like quite the headline, it’s unclear whether AI is the driving factor behind these layoffs. The aggregate cost of using AI is undoubtedly going up, and we’re seeing an inverse effect where, as the models get more powerful, people use them more, and as a result, spend more money doing more work.
The productivity trap of using AI is proving to be a lie. At least in the sense of AI making you more productive at work. If anything, it drives people to do much more work overall because they can (or feel like they can) do much more thanks to their AI superpowers. This is Jevons Paradox in action, and I’m totally guilty of this myself.
So now we’re at a time in history when more software is being written than ever before, thanks to AI (Capex), and more vulnerabilities are being discovered than ever before, thanks to AI (Capex), yet we’ve still got the same human bottlenecks in assessing, prioritizing, and managing the last mile of resolution to make sure things don’t break (Opex). It’s the automation of creating, not of deciding and fixing, which will be a much harder, more nuanced problem to throw AI at.
Add to this that using AI is still a bit like shaking the Magic 8 Ball. Results vary widely from person to person, meaning companies have to spend more on infrastructure and security (Capex) to ensure it runs in a consistent-ish manner.
Call me crazy (and this comes from someone who is an AI optimist and very bullish on the future), but I give it 12 months before we have a right-sizing on the human re-hiring front and become more discerning about where and when we use AI to do work.
What do you think?
PARTNER
AI changed the risk model. Security has to catch up
Your fastest path to safe and trustworthy AI
AI is moving faster than most security programs were built to handle. Varonis Atlas is a leading AI Security Platform that helps teams see what AI systems exist and how they behave, control AI activity with real‑time guardrails, and reduce AI‑driven risk across the entire lifecycle.
Table of Contents
😎 Vibe Check
Click the options below to vote on whether you are a practitioner, founder, or investor. Feel free to leave a comment, and I'll feature the best takes in next week’s write-up!
Is AI having its "ransomware moment" with cyber insurance?
Last issue’s vibe check:
By the end of 2026, the dominant story in cyber spending will be?
🟨⬜️⬜️⬜️⬜️⬜️ The AI bet pays off and replaces most work
🟨⬜️⬜️⬜️⬜️⬜️ The Great Consolidation finally happens
🟩🟩🟩🟩🟩🟩 We overspent on AI and need to correct
🟨🟨🟨🟨🟨⬜️ Same as it ever was - new logos, same line items
Cybersecurity is often a story of the more things change, the more they remain the same. Maybe we’re all cynics, or maybe we’ve all seen this movie before, but it looks like the industry is feeling some deja vu.
People think the most likely outcome at the end of 2026 will be that we, as an industry, have overspent on AI and will need to start making corrections. It’s a funny concept to think about. We’ve all spent the last three years trying to do everything with AI, but I’m hearing stories of pulling back now.
Say it with me now, just because you can do something with AI doesn’t mean that you should do that something with AI.
At a near tie was the “same as it ever was” crowd. Time can sometimes feel like a flat circle in the cyber industry, with the same sets of advances and setbacks recurring into infinity in slightly different ways. The good news is, we have the chance to take control, and while some may feel we’re overusing AI, I don’t think we really have a choice when it comes to cybersecurity.
Some of the top comments from last week’s vibe check:
💬 “I see a certain parallel with the California Gold Rush. Lots of organizations will be mesmerized by the shiny hypnosis of the technology of Fool's Gold. :-)”
🔭 Zooming Out
Stories hidden in the numbers
The AI Tax: This week, public markets punished legacy cyber companies that are bolting on a flavor of AI-driven exposure management to pre-AI businesses. Rapid7, Qualys, and Fastly all dropped after their earnings reports. The market is starting to price the difference between "we have AI now" and "AI changes our unit economics."
💰 Market Summary
Private Markets
5 companies from 3 countries raised $42.0M across 5 unique categories
Average disclosed deal size was $14.0M (median: $4.0M)
100% of funded companies were product companies
7 companies from 4 countries were acquired for $520.0M across 7 unique categories
100% of acquired companies were product companies
2 companies announced layoffs
Public Markets
5 companies had an earnings report last week - $QLYS ( ▼ 2.92% ), $RPD ( ▼ 7.68% ), $FSLY ( ▼ 4.53% ), $FTNT ( ▲ 1.2% ), $DDOG ( ▲ 1.08% )
📸 YoY Snapshot
Rolling 13-week charts that compare funding and acquisitions week over week, year over year, comparing 2025 to 2026.
We're in a markedly different funding environment than last year, at least from a reporting perspective. I suspect we’ll see more money being follow-on rounds and reinvestments than in 2025.
M&A activity continues to surge, up 27% year-over-year, as more companies decide to get off the merry-go-round.
PARTNER
Always-On Visibility For Security Teams That Can’t Afford Blind Spots
Stay continuously audit-ready, resilient, and ahead of emerging risk.
Today’s threats move faster than manual audits, so you need real-time visibility and automation to keep risk in check.
Drata connects to your tech stack to continuously monitor controls, map to frameworks like SOC 2 and ISO 27001, and surface live risk insights.
With Drata, you streamline evidence collection, reduce manual work, and protect your brand without slowing the business down.
❌ Layoffs
Arctic Wolf, a United States-based managed cloud security operations company, laid off 250 employees, or 10% of its workforce, due to investments in AI. (more)
Cloudflare, a United States-based platform of secure networking and website security tools, laid off 1100 employees, or 20% of its workforce, due to investments in AI. (more)
🧩 Funding By Product Category
$35.0M for Application Security Testing (AST) across 1 deal
$4.0M for Software Supply Chain Security across 1 deal
$3.0M for Security Awareness across 1 deal
An undisclosed amount for Cyber Insurance across 1 deal
An undisclosed amount for Passwordless Authentication across 1 deal
🏢 Funding By Company
Product Companies:
XBOW, a United States-based autonomous application security testing platform, raised a $35.0M Series C from Accenture Ventures, DNX Ventures, Liberty Global Ventures, NVentures, Samsung Ventures, and S Ventures. (more)
Boostsecurity.io, a Canada-based software supply chain security platform, raised a $4.0M Venture Round from Accelia Capital, Amiral Ventures, Sorenson Capital, and White Star Capital. (more)
Herd Security, a United States-based continuous security awareness training and simulation platform, raised a $3.0M Seed from Brian Bell, Forward Slash Capital, Team Ignite Ventures, Young Presidents Organization (YPO), and Aspiron Ventures. (more)
Secrets Vault, a Spain-based post-quantum passwordless authentication platform, raised an undisclosed Seed round from Archipelago Next. (more)
Service Companies:
None
SEC filings may reflect partial or interim fundraising and can understate the final round numbers.
🌎 Funding By Country
$38.0M for the United States across 3 deals
$4.0M for Canada across 1 deal
An undisclosed amount for Spain across 1 deal
🤝 Mergers & Acquisitions
Product Companies:
Astrix Security, an Israel-based non-human identity (NHI) security and governance platform, was acquired by Cisco for $400.0M. Astrix Security had previously raised $85.0M in funding. (more)
CYMOTIVE Technologies, an Israel-based industrial security platform, was acquired by KPIT Technologies for $120.0M. CYMOTIVE Technologies has not previously disclosed funding. (more)
Halo Privacy, a United States-based privacy-focused secure enterprise messaging platform, was acquired by Cycurion for an undisclosed amount. Halo Privacy has not previously disclosed funding. (more)
Korbit Technologies, a Canada-based application code quality and security platform, was acquired by Boostsecurity.io for an undisclosed amount. Korbit Technologies has not previously disclosed funding. (more)
Perimeters, a United States-based identity threat detection and response platform, was acquired by WatchGuard for an undisclosed amount. Perimeters has not previously disclosed funding. (more)
SecureIQx, a United States-based vulnerability prioritization platform, was acquired by Boostsecurity.io for an undisclosed amount. SecureIQx has not previously disclosed funding. (more)
Service Companies:
None
📚 Great Reads
Guardrails beyond Vibes - An [un]prompted 2026 conference talk from Jeffrey Zhang and Siddh Shah from Stripe on how they are shipping security agents in production.
Defending Society from Influence Operations - Influence operations make it harder to understand the world in which companies and humans operate.
*A message from our partners
🧪 Labs
“Imagine a world…”