This week's issue is backed by Drata, Risk Ledger, and Varonis.
Hope you had a great weekend!
If you were like me, you were locked in on the timeline, monitoring the situation with the US government and Anthropic (again). It was widely reported (but not yet confirmed at the time of writing) that one of Amazon’s teams discovered a narrow jailbreak on the new Fable 5 and Mythos 5 models, triggering a notification to the US government of the team’s concerns.
From Anthropic’s own announcement:
The US government, citing national security authorities, has issued an export control directive to suspend all access to Fable 5 and Mythos 5 by any foreign national, whether inside or outside the United States, including foreign national Anthropic employees. The net effect of this order is that we must abruptly disable Fable 5 and Mythos 5 for all our customers to ensure compliance.
Little did I know I would be calling the top just one day prior to Anthropic flying too close to the sun:
Who could have predicted that if a company clashed with the current US administration and ran marketing campaigns claiming its models were disruptive and dangerous, this kind of thing would happen?!
This is potentially a generational fumbling of the bag by Anthropic, and it’s already causing IT and Security teams to pivot into resilience mode. Businesses can wait in limbo in a future where the models they need to run their businesses can be regulated or regionally sanctioned on a whim. My take is that this will massively push the industry towards open-source models that can be run locally, and that’s going to have huge impacts on the IT and Security communities and industries. Companies are already increasingly focused on cutting AI costs by routing work to cheaper open-source, and this will be the tipping point for everyone else.
I’m not sure about you, but I’m ready for some “precedented” times on all this AI stuff, but hope is not a plan. Act accordingly and stay frosty.
PARTNER
How Leading CISOs Are Building Continuous Compliance
Discover how automation transforms compliance into a continuous advantage.
Compliance isn’t a once-a-year task anymore.
As regulatory scrutiny intensifies and cyber threats evolve, compliance leaders are rethinking how they manage risk and maintain assurance across frameworks.
The CISO Guide to Continuous Compliance explores a modern, automation-driven approach that enables organizations to stay audit-ready year-round.
Table of Contents
😎 Vibe Check
Click the options below to vote on whether you are a practitioner, founder, or investor. Feel free to leave a comment, and I'll feature the best takes in next week’s write-up!
This week, the US government effectively forced Anthropic to pull Fable 5 and Mythos 5 for every customer overnight. Does "your model can vanish on a policy whim" change what you actually run?
Last issue’s vibe check:
When frontier AI companies Anthropic or OpenAI go public via IPO, how do you think public cybersecurity stocks will respond?
🟨🟨🟨🟨⬜️⬜️ ↗️ Up and to the right
🟨🟨🟨🟨🟨⬜️ ↘️ Down bad
🟩🟩🟩🟩🟩🟩 ↔ No change
Last week’s vibe check results and comments were quite the mixed signal (just like the market itself).
We’re going to have a unique IPO market, what with SpaceX coming online last week in the largest IPO in history, and with the top frontier AI companies about to go public. We have no idea how these things will play out, but I don’t expect cyber stocks to go anywhere anytime soon.
What will be really interesting is to see how the cyber stock reacts this week to the latest Anthropic model news, as that plays out. Don’t worry, your boy will be watching it closely. 😤 👊
Some of the top comments from last week’s vibe check:
💬 “AI won’t be successful without cybersecurity wrapping its loving arms around it.“
💬 “Emperor has no clothes -- legacy cybersecurity cannot admit they've already failed to prevent sensitive data exfiltration. AI agents accelerate sensitive data exfiltration.”
💬 “It all feels priced in.”
That comment reminded me of this tweet:
🔭 Zooming Out
Stories hidden in the numbers
The Offensive Saga Continues - The new money from last week continued to cluster around autonomous offense, as much of the year has already done. A Security’s funding to “outpace weaponized AI” and Pi Security’s funding for agentic product security show there is no sign of red-teaming or offensive security ever being a “once-a-year thing for compliance” ever again.
💰 Market Summary
Private Markets
9 deals from 8 companies across 5 countries raised $501.0M across 8 unique categories
Average disclosed deal size was $83.5M (median: $27.0M)
100% of funded companies were product companies
2 companies from 2 countries were acquired across 2 unique categories
M&A activity was evenly split between product and service companies
Public Markets
1 public company raised $1.4M via Post-IPO Equity
1 company had an earnings report last week - $SAIL ( ▼ 0.21% )
📸 YoY Snapshot
Rolling 13-week charts that compare funding and acquisitions week over week, year over year, comparing 2025 to 2026.
Funding continues in fits and starts, with a lower volume activity this year, dotted with very large funding rounds and a concentration to the later-stage companies.
M&A now starts its own deceleration, being down 5.5% YTD.
PARTNER
New report: What 500 security leaders told us about supply chain risk in 2026
Supply chain risk is changing. As supplier ecosystems become more connected, understanding exposure beyond direct third parties is becoming increasingly important.
Based on insights from 500 UK security leaders and data from 16,000 organisations, our latest report explores the risks shaping supply chain security in 2026, where visibility gaps remain, and what leading organisations are doing to strengthen resilience.
🧩 Funding By Product Category
$400.0M for Endpoint Protection across 1 deal
$37.0M for Continuous Automated Red Teaming (CART) across 2 deals
$29.0M for Cloud Security Posture Management (CSPM) across 1 deal
$25.0M for Application Security across 1 deal
$8.7M for Security Operations across 1 deal
$1.4M for Secure Communications across 1 deal
$1.3M for Digital Forensics and Incident Response (DFIR) across 1 deal
An undisclosed amount for Embedded Security across 1 deal
An undisclosed amount for Threat Intelligence across 1 deal
🏢 Funding By Company
» Interact with all the data in real-time on The Signal or via MCP.
Product Companies:
A Security, an Israel-based autonomous offensive security platform, raised a $32.0M Series A from Lightspeed Venture Partners and an additional $5.0M Seed from CyberStarts. (more)
Aryon Security, an Israel-based cloud security guardrails and misconfiguration prevention platform, raised a $29.0M Series A from Brightmind Partners. (more)
Pi Security, a United States-based agentic AI-driven product security platform, raised a $25.0M Series A from Brightmind Partners and Third Point Ventures. (more)
Incalmo, a United States-based autonomous security monitoring and response platform, raised an $8.7M Seed. (SEC Filing - may be incomplete)
Sekur Private Data, a United States-based secure communications and privacy-focused collaboration suite, raised a $1.4M Post-IPO Equity from Public Offering. (more)
Strand Intelligence, a United Kingdom-based automated digital forensics and incident response platform, raised a $1.3M Seed from Osney Capital. (more)
Cyberrant, a United Kingdom-based cyber threat intelligence and information sharing platform, raised an undisclosed Pre-Seed round.
Service Companies:
None
SEC filings may reflect partial or interim fundraising and can understate the final round numbers.
🌎 Funding By Country
$410.1M for the United States across 3 deals
$66.0M for Israel across 3 deals
$25.0M for Unknown across 1 deal
$1.3M for the United Kingdom across 2 deals
An undisclosed amount for Germany across 1 deal
🤝 Mergers & Acquisitions
Product Companies:
Strata Identity, a United States-based multi-cloud identity and access management (IAM) orchestration platform, was acquired by Rubrik for an undisclosed amount. Strata Identity had previously raised $37.5M in funding. (more)
Service Companies:
📚 Great Reads
The World's Most Surprising Economic Success Story - Is North Korea, apparently, based on arms sales to Russia and goods from China, which provide a boost, despite sanctions.
*SearchLeak: How One-Click Leads to Data Exfiltration in M365 Copilot - The conversation about AI risk at the board level is often abstract. SearchLeak, a new AI vulnerability discovered by Varonis Threat Labs, makes it concrete. While this critical CVE may be patched, the pattern isn't going away.
Europe wants to wean itself off US tech - Risky Business talks about the European Union’s digital sovereignty push and the desire to divorce from US tech giants.
*A message from our partners
🧪 Labs
Not all benchmarks are created the same 🫠
🫡 Signing Off
Have questions, comments, or feedback? Just reply directly, I’d love to hear from you.
If you find this newsletter useful and know others who would, I'd really appreciate it if you'd forward it to them!
Mike P
P.S. Feel free to connect with me on LinkedIn.