This week's issue is backed by Speakeasy and SpecterOps.
Hope you had a great weekend!
*slaps knees* Welp, it’s about that time again. Brace yourselves, Black Hat US party invites are coming!
Be on the lookout soon for an invite coming from me, and if there are any events I absolutely need to know about, just reply back and let me know. 🫡
Speaking of Black Hat, I’ll be speaking again this year at the Innovators & Investors Summit

There’s still time to get a ticket for the summit, and code USAINNOVATE500 for $500 off at checkout: https://blackhat.com/us-26/innovators-summit.html
PARTNER
82% of enterprises are running AI agents they don't know about.
That's from a CSA survey of 418 security teams who reported that 65% of them had already had an AI agent-related incident, most of them causing data exposure.
The Speakeasy AI control plane is the architecture enterprises are adopting to govern agentic actions within their orgs. It ensures that every agent, tool, and MCP server is authenticated, policy-compliant, auditable, and inspected for prompt injection and data exfiltration.
Table of Contents
😎 Vibe Check
Click the options below to vote on whether you are a practitioner, founder, or investor. Leave a comment, and I'll anonymously feature the best takes in the next issue!
What does the future of AI & Cyber look like?
Last issue’s vibe check:
Will AI eliminate more cybersecurity jobs than it creates?
🟨⬜️⬜️⬜️⬜️⬜️ Net job creator
🟨🟨⬜️⬜️⬜️⬜️ Net job destroyer
🟩🟩🟩🟩🟩🟩 Same jobs, just retitled
⬜️⬜️⬜️⬜️⬜️⬜️ Something different
It seems like the tide of public perception has turned when it comes to AI taking cyber jobs. It’s a bit hard to parse out marketing hype and vibes from what might actually be happening in the job markets.
The saying, “The future is here, it’s just not evenly distributed,” comes to mind when I think about what AI might do to jobs in cyber. I’m positive there have been negative effects, and if you look at the latest layoff announcements I’ve covered here, you’ll often see AI cited as one of many reasons the layoffs were necessary. But if you zoom out to the software industry, software engineering hires are on the rise again. AI ends up creating more work overall. Yeah, sure, maybe you can do more per person, but that just means we all have the opportunity, nay the privilege, to create even more shareholder value. 😤
I suspect that cyber won’t be far behind when it comes to this same kind of whiplash
Some of the top comments from last week’s vibe check:
💬 “AI seems to actually create more work than ever before, so we're going to have more jobs with more people using AI for everything”
💬 “The cybersecurity job market is already a lot tighter than it looks. If it seems like there is a lot of unemployment in cyber, that´s a matter of LinkedIn showing you what will keep you on their platform and contributing to it. LinkedIn creates personal reality distortion zones. AI´s progress is blocked by the inability of organizations to govern it. Demand for AI-savvy GRC talent is already sky high. GRC specialists who are eager to learn can write their own tickets. Those who still think AI is overhyped, fancy Google had better get real or get out.”
🔭 Zooming Out
Important stories hidden in the numbers
The Roll-Up Economy - Three of this week's five M&A deals were MSP roll-ups of companies you’ve never heard of, but that are important to call out nonetheless. MSSP and Professional Services together account for more than ten times the next-busiest category (Application Security). The most acquisitive corner of cybersecurity is still the last mile of services.
💰 Market Summary
Private Markets
5 companies from 3 countries raised $1.0B across 5 unique categories
Average disclosed deal size was $256.3M (median: $12.0M)
100% of funded companies were product companies
5 companies from 2 countries were acquired across 3 unique categories
60% of acquired companies were service companies
Public Markets
No public cyber companies had an earnings report last week

📸 YoY Snapshot
Rolling 13-week charts that compare funding and acquisitions week over week, year over year, comparing 2025 to 2026

$7.6B across 144 deals over the past quarter, and are down 21% from a year ago.

77 acquisitions over the past quarter, and down 23% from a year ago.
PARTNER
Train with the team that wrote the book on attack paths
Adversary Tactics training at Black Hat USA 2026
SpecterOps is back at Black Hat with Adversary Tactics training: Red Team Operations, Detection, Identity-Driven Offensive Tradecraft, and more. Every course is taught by the researchers behind BloodHound and 400+ published techniques. Prices increase on July 17.
If your team is heading to Vegas, this is the week to lock in their seats.
🧩 Funding By Product Category

$1.0B for Data Protection across 1 deal
$17.0M for Crypto-Agility & Migration across 1 deal
$7.0M for Personal Cybersecurity across 1 deal
$1.1M for Identity Threat Detection and Response (ITDR) across 1 deal
An undisclosed amount for Distributed Denial of Service (DDoS) Protection across 1 deal
🏢 Funding By Company
» Interact with all the data in real-time on The Signal dashboard or via the MCP.
Product Companies:
Keyfactor, a United States-based private key infrastructure (PKI) management platform for human and machine identities, raised a $1.0B Private Equity from Summit Partners. (more)
QIZ Security, a United States-based post-quantum cryptographic discovery and posture management platform, raised a $17.0M Seed from Bessemer Venture Partners and Merlin Ventures. (more)
Savi Security, a United States-based consumer app for protecting families from AI-powered scams and fraud, raised a $7.0M Seed from Acrew Capital. (more)
8Layers, a Spain-based identity threat detection and response platform, raised a $1.1M Pre-Seed from Bankinter and Criteria Venture Tech. (more)
MazeBolt, an Israel-based anti-DDoS testing and protection platform, raised an undisclosed Venture Round from CerraCap Ventures. (more)
Service Companies:
None
SEC filings may reflect partial or interim fundraising and can understate the final round numbers.
🌎 Funding By Country

$1.0B for the United States across 3 deals
$1.1M for Spain across 1 deal
An undisclosed amount for Israel across 1 deal
🤝 Mergers & Acquisitions

Product Companies:
Evo Security, a United States-based managed identity and access management platform for MSSPs, was acquired by Barracuda Networks for an undisclosed amount. Evo Security had previously raised $16.3M in funding. (more)
Service Companies:
Sundance Networks, a United States-based managed IT and security services provider, was acquired by The 20 MSP for an undisclosed amount. Sundance Networks has not previously disclosed funding. (more)
The Logic Group, a United States-based managed IT and security services provider, was acquired by Compass MSP for an undisclosed amount. The Logic Group has not previously disclosed funding. (more)
Tiplu, a Germany-based professional services company focused on data security and software development for hospital systems, was acquired by LOGEX for an undisclosed amount. Tiplu has not previously disclosed funding.
🤘 IPO-h Yeah
None
🪦 Stop, Drop, Shut’em Down…
None 😮💨
❌ Layoffs
None 😮💨
📚 Great Reads
How America Talked Itself Into Chinese Open-Source AI - The Mythos episode, the open-weights surge, and why restrictions hurt defenders more than attackers.
Pitching security startups to VCs in the AI era - Patrick Gray and James Wilson chat with Jon Sakoda from Decibel Partners about pitching cybersecurity startups to VC firms in the AI age.
*Sponsored
🧪 Labs
Haven’t felt this alive since
🫡 Signing Off
Have questions, comments, or feedback? Just reply directly, I’d love to hear from you.
If you find this newsletter useful and know others who would, I'd really appreciate it if you'd forward it to them!
Mike P
P.S. Feel free to connect with me on LinkedIn.



