This week's issue is backed by Endor Labs and runZero.
Hope you had a great weekend, and a shoutout to all the dads who celebrated Father’s Day this past weekend! 🫡
I did a fun little bit of data analysis last week (yes, I consider that fun) to see how many companies that have sponsored this newsletter over the years have been acquired since sponsoring. It just so happens that one of this week's sponsors, runZero, was acquired last week!
We’ve got sponsors acquiring sponsors, a real circle of life here
That Accenture megadeal doesn’t close for a few months, but I’m still counting it.
Looking at the math, companies that sponsor this newsletter have a >11% of being acquired, which I thought was kind of wild. That percentage chance is in addition to all the other positive momentum and goodwill the company generates through normal things like having a product people want to buy at the right time for the right reasons. Sponsoring is the proverbial icing on the cake, and “good value for money,” as the Brits say. Companies are leaving potential exit value on the table by not sponsoring the newsletter, and that’s just not being fiscally responsible.
Also, if you’re into football/soccer, I hope you’ve had a chance to enjoy the World Cup so far. May the team(s) you support do well (unless they’re playing the ones I support, in which case they can kick rocks).
Let’s get to it!
PARTNER
AI Coding Agent Security Benchmark
See the functional and security correctness of popular AI coding agents.
AI coding agents write working code up to 91% of the time. They write secure code less than 24% of the time.
Endor Labs independently benchmarked 18 agent + model combinations across 200 real-world tasks and 77 CWE classes. See which agents pass the security test, and which ones don't.
Table of Contents
😎 Vibe Check
Click the options below to vote on whether you are a practitioner, founder, or investor. Feel free to leave a comment, and I'll feature the best takes in next week’s write-up!
Accenture just bought three cyber companies in one shot. Who makes the next billion-dollar cyber acquisition before year-end?
Last issue’s vibe check:
This week, the US government effectively forced Anthropic to pull Fable 5 and Mythos 5 for every customer overnight. Does "your model can vanish on a policy whim" change what you actually run?
🟨🟨🟨⬜️⬜️⬜️ 🟩 Already moving
🟨🟨🟨⬜️⬜️⬜️ 🟨 Building the exit
🟩🟩🟩🟩🟩🟩 🟥 Staying put - Claude is my ride or die
An interesting split last week! Half of the people who voted said they were either already moving off Claude or building an exit ramp to avoid getting caught up in the drama of a private company having a tiff with the US government (not advisable, btw).
While individuals and startups can move quickly in the never-ending AI enhancement race, larger companies are another matter entirely. Many large companies are just getting through AI strategies and pilot rollouts of AI coding agents outside of core developer teams. This is both a good thing and a bad thing for many companies. It’s good in the sense that some companies that are earlier on the maturity scale may not have had their entire setup rocked by the recent Fable/Mythos rollback. Big companies have to weigh decisions carefully because they have big, long-term impacts from their sheer size and complexity alone.
However, it’s bad in the sense that now this may set AI programs even further back than they already were, because now they need many more meetings with many more people and groups. 😵💫
Some of the top comments from last week’s vibe check:
💬 “Don’t Tread on my Claude!”
💬 “The future is smaller and open-source models, so we’ve been working towards this as a cost-saving play for months.”
🔭 Zooming Out
Stories hidden in the numbers
Quantum Breakout - No, this isn’t the name of the latest Ant-Man movie from Marvel (but it would be a good title), but Quantum is starting to hit escape velocity in some spaces. It’s also starting (albeit slowly) to move from the academic and esoteric and into the more mainstream. Post-Quantum Crypto, “crypto-agility,” confidential computing, and more have pulled in ~3x as much funding this YTD as in all of 2025. I recently revamped the Quantum categories on The Signal after realizing that Quantum is having its own “AI for Security” and “Security for AI” moment. You can dig into the details using the MCP.
💰 Market Summary
Private Markets
12 deals from 11 companies across 5 countries raised $979.0M across 8 unique categories
Average disclosed deal size was $108.8M (median: $20.0M)
100% of funded companies were product companies
10 companies from 4 countries were acquired across 10 unique categories
80% of acquired companies were product companies
1 company shut down/entered administration
Public Markets
1 public company raised $106.1M via Post-IPO Equity
No public cyber companies had an earnings report last week
📸 YoY Snapshot
Rolling 13-week charts that compare funding and acquisitions week over week, year over year, comparing 2025 to 2026.
Last week was quite the rebound week in dollar terms. As it turns out, there was a billion-dollar week during this same timeframe last year. It seems venture in cyber does cluster quite seasonally.
Another breakout week on the M&A, pushed up mainly by a “triple threat” deal, with one company doing two outright acquisitions, and one PE-style, majority investment play.
PARTNER
Is Your Segmentation Real or Just a Comfortable Illusion?
runZero shatters the illusion
AI-generated exploits don't need sophistication, just a gap you don't know exists. Target-specific attacks are generated in minutes and built to find what your security investments don't cover.
runZero exposes the gaps. Attack path mapping and topology visualizations reveal how attackers can move through your environment. Deep OT intelligence uncovers sub-assets other tools miss entirely.
Know every asset, every exposure, every attack path. With runZero, defenders win by default. Even against AI.
🪦 Stop, Drop, Shut’em Down…
Salem Cyber, a United States-based security operations center (SOC) AI assistant, formally submitted the paperwork to shut down operations. Salem Cyber had previously raised $685K in funding. (more)
🧩 Funding By Product Category
$606.1M for Post-Quantum Cryptography (PQC) across 2 deals
$260.0M for Operational Technology (OT) Security across 1 deal
$100.0M for Continuous Automated Red Teaming (CART) across 1 deal
$82.0M for Identity and Access Management (IAM) across 2 deals
$27.0M for Agentic Runtime Security across 4 deals
$10.0M for Third-Party Risk Management (TPRM) across 1 deal
An undisclosed amount for Network Security across 1 deal
An undisclosed amount for Threat Intelligence across 1 deal
🏢 Funding By Company
» Interact with all the data in real-time on The Signal dashboard or via the MCP.
Product Companies:
SandboxAQ, a United States-based post-quantum cryptography (PQC) security platform, raised a $500.0M Grant from the U.S. Department of Commerce under the CHIPS and Science Act to support an AI-driven platform for discovering new semiconductor materials.
Dream (formerly Dream Security), an Israel-based operational technology and critical infrastructure security platform, raised a $260.0M Venture Round from Bicycle Capital and Group 11. (more) Unicorn Alert 🦄
BTQ (formerly BTQ Technologies), a Canada-based post-quantum encryption and security platform, raised a $106.1M Post-IPO Equity.
Twenty Technologies, a United States-based offensive cyber warfare operations platform, raised a $100.0M Series B from Accel.
NewCore raised a $66.0M Seed from Evolution Equity Partners and an additional $16.0M Pre-Seed from CyberStarts and Index Ventures. (more)
NeuralTrust, a Spain-based AI gateway and runtime security for LLM applications and agents, raised a $20.0M Seed from Alstin Capital. (more)
Magnitude, a United States-based continuous third-party risk management platform, raised a $10.0M Seed from Ballistic Ventures. (more)
Tenet Security, a United States-based AI agent runtime security, raised a $6.0M Seed from MizMaa Ventures and The Westly Group. (more)
Clawvisor, a United States-based authorization gateway and policy enforcement for AI agents, raised a $500.0K Pre-Seed from Y Combinator. (more)
Silmaril, a United States-based runtime prompt-injection defense for AI applications and agents, raised a $500.0K Pre-Seed from Y Combinator. (more)
Cyberrant, a United Kingdom-based cyber threat intelligence and information-sharing platform, raised an undisclosed Pre-Seed round from LvlUp Ventures.
EfficientIP, a France-based DNS and network security platform, raised an undisclosed Funding Round from Jean-Yves Bisiaux, Ronan David, and Sylvain Galliano.
Service Companies:
None
SEC filings may reflect partial or interim fundraising and can understate the final round numbers.
🌎 Funding By Country
$617.0M for the United States across 6 deals
$342.0M for Israel across 3 deals
$106.1M for Canada across 1 deal
$20.0M for Spain across 1 deal
An undisclosed amount for France across 1 deal
An undisclosed amount for the United Kingdom across 1 deal
🤝 Mergers & Acquisitions
Product Companies:
EfficientIP, a France-based DNS and network security platform, was acquired by Francisco Partners for an undisclosed amount. EfficientIP has not previously disclosed funding. (more)
Panther (formerly Panther Labs), a United States-based security operations-as-code platform, was acquired by Databricks for an undisclosed amount. Panther had previously raised $140.5M in funding. (more)
runZero (formerly Rumble Network Discovery), a United States-based asset discovery and attack surface management (ASM) platform, was acquired by Accenture for an undisclosed amount. runZero had previously raised $20.0M in funding. (more)
WideField Security, a United States-based identity threat detection and response platform, was acquired by Cisco for an undisclosed amount. WideField Security had previously raised $11.3M in funding. (more)
Service Companies:
Stelau Consulting, a France-based cybersecurity audit, assessment, and compliance consulting firm for digital identity systems, was acquired by iDAKTO for an undisclosed amount. Stelau Consulting has not previously disclosed funding. (more)
📚 Great Reads
I could've Rickrolled the Entire FIFA World Cup - A security researcher found a basic security flaw in FIFA's streaming management platform that could have ended in hilarity or disaster.
AI’s Biggest Problem? Your Data. - I sat down with Matt Lock from Varonis to unpack the reality of AI adoption and the data challenges that go with it.
*A message from our partners
🧪 Labs
It’s up to the CI/CD Gods now 🫡
🫡 Signing Off
Have questions, comments, or feedback? Just reply directly, I’d love to hear from you.
If you find this newsletter useful and know others who would, I'd really appreciate it if you'd forward it to them!
Mike P
P.S. Feel free to connect with me on LinkedIn.