This week's issue is backed by Drata.
Hope you had a nice, shorter week and a great weekend. Keeping the intro short and sweet this week, so we can all get this bread faster. 😤 👊
I’ll be bouncing around Infosecurity Europe in London this week, so please feel free to stop me and say hello (and let’s save water for Claude Code together)!
PARTNER
Real-Time Visibility for Modern Security Teams
Drata helps you stay audit-ready and resilient—continuously.
In a world where cyber threats evolve faster than manual audits, visibility and automation are key to reducing risk. Drata empowers security & compliance teams to continuously monitor and prove compliance across frameworks like SOC 2 and ISO 27001, without slowing business operations.
Our platform integrates with existing tech stacks to surface real-time risk insights, streamline evidence collection, and eliminate the manual overhead of compliance readiness.
Protect your organization’s reputation and build trust with customers and stakeholders.
Table of Contents
😎 Vibe Check
Click the options below to vote on whether you are a practitioner, founder, or investor. Feel free to leave a comment, and I'll feature the best takes in next week’s write-up!
By the end of 2026, will AI governance rules actually keep pace with how quickly teams are deploying AI agents?
Last issue’s vibe check:
If you were starting a cybersecurity company today, which category would you pick?
🟩🟩🟩🟩🟩🟩 Security for AI/Agents
🟨⬜️⬜️⬜️⬜️⬜️ Data Protection
🟨⬜️⬜️⬜️⬜️⬜️ Identity Security
🟨🟨🟨🟨🟨⬜️ Something nobody's talking about
🟨🟨⬜️⬜️⬜️⬜️ I wouldn't start one right now
It looks like, despite all the competition and hype in the market, people who voted in the vibe check last week would still mostly focus on Security for AI/Agents if they were to start a new company. I think this is indicative of just how big people think the market is, and how AI and Agents have fundamentally changed the way people are thinking about what it means to “work.”
Coming in at a close second was “something nobody’s talking about,” which is where I expected a large amount of the votes to go. If I were to vote, I would have picked this one too (and it would be killer, bro, trust me!).
In a sense, both answers ring true for the same reason. Cyber is an industry that can support “multiples of X.” There can be multiple EDR, IAM, and Network Security players (even as they all try to elbow in on each other’s turf), and the heterogeneity of companies out in the world that need cyber products and services (i.e., all of them) makes it possible for many players to survive, and thrive quite well.
Some of the top comments from last week’s vibe check:
💬 “Something in vendor management/supply chain management.”
💬 “No point piling up on the thing du jour, because if it's hot, it's most likely also already crowded, and you are late to the game. Unless, of course, you have a clearly different angle and differentiation.”
🔭 Zooming Out
Stories hidden in the numbers
The AI Trade - Many publicly traded cyber companies have been on a rip this year, reaching new market caps and posting higher stock gains than ever before. While this looks like a “cyber” thing, it’s almost certainly just tailwind from the overall AI trade. AI continues its historic, record-breaking run, lifting the tide of all tech and, by proxy, much of cyber. It’s not one-size-fits-all, of course, and as the companies that were already struggling (about 50% of the public cyber companies listed in US indexes) are continuing to struggle, as AI “enhances” anything it’s pointed at. Good or bad.
💰 Market Summary
Private Markets
8 companies from 4 countries raised $118.4M across 8 unique categories
Average deal size was $14.8M (median: $15.0M)
99% of disclosed funding was for product companies
2 companies from 2 countries were acquired across 2 unique categories
M&A activity was evenly split between product and service companies
1 company announced layoffs
Public Markets
1 public company had an earnings report - $S ( ▲ 8.37% )
📸 YoY Snapshot
Rolling 13-week charts that compare funding and acquisitions week over week, year over year, comparing 2025 to 2026.
Funding volumes were back down to a more “normal” level last week, but still quite a few big moves in the private markets.
M&A momentum pulled back a bit last week, but is currently still up~6% YTD.
❌ Layoffs
SentinelOne, a United States-based autonomous AI endpoint security platform, laid off 240 employees, or 8% of its workforce, due to restructuring and AI investment. (more)
🧩 Funding By Product Category
$40.0M for AI Security across 1 deal
$30.0M for AI Governance across 1 deal
$16.0M for Identity and Access Management (IAM) across 1 deal
$15.0M for Software Supply Chain Security across 1 deal
$15.0M for Attack Surface Management (ASM) across 1 deal
$1.6M for Security and Compliance Automation across 1 deal
$736.1K for Identity Verification across 1 deal
$100.0K for Secure File Sharing across 1 deal
🏢 Funding By Company
Product Companies:
Gray Swan, a United States-based enterprise LLM security and safety platform, raised a $40.0M Series A from Madrona and Wing Venture Capital. (more)
Geordie AI, a United Kingdom-based governance and monitoring platform for AI agents and autonomous workflows, raised a $30.0M Series A from Balderton Capital. (more)
Lastwall, a United States-based identity security platform for defense and government organizations, raised a $16.0M Series A from Business Development Bank of Canada. (more)
RevEng, a United Kingdom-based automated malware reverse engineering and software supply chain security platform, raised a $15.0M Series A from NATO Innovation Fund. (more)
MnemoShare, a United States-based secure file sharing and data exchange platform, raised a $100.0K Pre-Seed. (SEC Filing - may be incomplete)
Service Companies:
CRACI, a Finland-based security and compliance automation platform for the EU Cyber Resilience Act, raised a $1.6M Pre-Seed from Lifeline Ventures. (more)
SEC filings may reflect partial or interim fundraising and can understate the final round numbers.
🌎 Funding By Country
$56.1M for the United States across 3 deals
$45.7M for the United Kingdom across 3 deals
$15.0M for France across 1 deal
$1.6M for Finland across 1 deal
🤝 Mergers & Acquisitions
Product Companies:
Terra Quantum, a Switzerland-based post-quantum key distribution and cryptography platform, was acquired by Axiom Intelligence Acquisition Corp 1 for an undisclosed amount. Terra Quantum has not previously disclosed funding. (more)
Service Companies:
TAO Digital Solutions, a United States-based professional services firm focused on strategy and cybersecurity consulting, was acquired by Cyient for an undisclosed amount. TAO Digital Solutions had previously raised $50.6M in funding. (more)
📚 Great Reads
The Security Bandwidth Gap - Founders and practitioners are often speaking two different languages, despite looking at the same problem.
What the hell is going on at CISA?? - Title says it all, but Matt Jay covers what, exactly, is going on with a recent security breach with what is left of the US CISA.
*A message from our partners
🧪 Labs
My body is a machine that turns Guinness into tokens for LLMs 🫡
🫡 Signing Off
Have questions, comments, or feedback? Just reply directly, I’d love to hear from you.
If you find this newsletter useful and know others who would, I'd really appreciate it if you'd forward it to them!
Mike P
P.S. Feel free to connect with me on LinkedIn.