This website uses cookies

Read our Privacy policy and Terms of use for more information.

This week's issue is backed by Speakeasy and SpecterOps.

Hope you had a great weekend!

*slaps knees* Welp, it’s about that time again. Brace yourselves, Black Hat US party invites are coming!

Be on the lookout soon for an invite coming from me, and if there are any events I absolutely need to know about, just reply back and let me know. 🫡

Speaking of Black Hat, I’ll be speaking again this year at the Innovators & Investors Summit

There’s still time to get a ticket for the summit, and code ⁠USAINNOVATE500⁠ for $500 off at checkout: https://blackhat.com/us-26/innovators-summit.html

PARTNER

82% of enterprises are running AI agents they don't know about.

That's from a CSA survey of 418 security teams who reported that 65% of them had already had an AI agent-related incident, most of them causing data exposure.

The Speakeasy AI control plane is the architecture enterprises are adopting to govern agentic actions within their orgs. It ensures that every agent, tool, and MCP server is authenticated, policy-compliant, auditable, and inspected for prompt injection and data exfiltration.

😎 Vibe Check

Click the options below to vote on whether you are a practitioner, founder, or investor. Leave a comment, and I'll anonymously feature the best takes in the next issue!

Last issue’s vibe check:
Will AI eliminate more cybersecurity jobs than it creates?
🟨⬜️⬜️⬜️⬜️⬜️ Net job creator
🟨🟨⬜️⬜️⬜️⬜️ Net job destroyer
🟩🟩🟩🟩🟩🟩 Same jobs, just retitled
⬜️⬜️⬜️⬜️⬜️⬜️ Something different

It seems like the tide of public perception has turned when it comes to AI taking cyber jobs. It’s a bit hard to parse out marketing hype and vibes from what might actually be happening in the job markets.

The saying, “The future is here, it’s just not evenly distributed,” comes to mind when I think about what AI might do to jobs in cyber. I’m positive there have been negative effects, and if you look at the latest layoff announcements I’ve covered here, you’ll often see AI cited as one of many reasons the layoffs were necessary. But if you zoom out to the software industry, software engineering hires are on the rise again. AI ends up creating more work overall. Yeah, sure, maybe you can do more per person, but that just means we all have the opportunity, nay the privilege, to create even more shareholder value.  😤

I suspect that cyber won’t be far behind when it comes to this same kind of whiplash

Some of the top comments from last week’s vibe check:

💬AI seems to actually create more work than ever before, so we're going to have more jobs with more people using AI for everything”

💬The cybersecurity job market is already a lot tighter than it looks. If it seems like there is a lot of unemployment in cyber, that´s a matter of LinkedIn showing you what will keep you on their platform and contributing to it. LinkedIn creates personal reality distortion zones. AI´s progress is blocked by the inability of organizations to govern it. Demand for AI-savvy GRC talent is already sky high. GRC specialists who are eager to learn can write their own tickets. Those who still think AI is overhyped, fancy Google had better get real or get out.

🔭 Zooming Out

Important stories hidden in the numbers

  • The Roll-Up Economy - Three of this week's five M&A deals were MSP roll-ups of companies you’ve never heard of, but that are important to call out nonetheless. MSSP and Professional Services together account for more than ten times the next-busiest category (Application Security). The most acquisitive corner of cybersecurity is still the last mile of services.

💰 Market Summary

Private Markets

  • 5 companies from 3 countries raised $1.0B across 5 unique categories

  • Average disclosed deal size was $256.3M (median: $12.0M)

  • 100% of funded companies were product companies

  • 5 companies from 2 countries were acquired across 3 unique categories

  • 60% of acquired companies were service companies

Public Markets

  • No public cyber companies had an earnings report last week

📸 YoY Snapshot

Rolling 13-week charts that compare funding and acquisitions week over week, year over year, comparing 2025 to 2026

$7.6B across 144 deals over the past quarter, and are down 21% from a year ago.

77 acquisitions over the past quarter, and down 23% from a year ago.

PARTNER

Train with the team that wrote the book on attack paths

Adversary Tactics training at Black Hat USA 2026

SpecterOps is back at Black Hat with Adversary Tactics training: Red Team Operations, Detection, Identity-Driven Offensive Tradecraft, and more. Every course is taught by the researchers behind BloodHound and 400+ published techniques. Prices increase on July 17.

If your team is heading to Vegas, this is the week to lock in their seats.

🧩 Funding By Product Category

  • $1.0B for Data Protection across 1 deal

  • $17.0M for Crypto-Agility & Migration across 1 deal

  • $7.0M for Personal Cybersecurity across 1 deal

  • $1.1M for Identity Threat Detection and Response (ITDR) across 1 deal

  • An undisclosed amount for Distributed Denial of Service (DDoS) Protection across 1 deal

🏢 Funding By Company

» Interact with all the data in real-time on The Signal dashboard or via the MCP.

Product Companies:

Service Companies:

  • None

SEC filings may reflect partial or interim fundraising and can understate the final round numbers.

🌎 Funding By Country

  • $1.0B for the United States across 3 deals

  • $1.1M for Spain across 1 deal

  • An undisclosed amount for Israel across 1 deal

🤝 Mergers & Acquisitions

Product Companies:

  • Evo Security, a United States-based managed identity and access management platform for MSSPs, was acquired by Barracuda Networks for an undisclosed amount. Evo Security had previously raised $16.3M in funding. (more)

  • Kentik, a United States-based network detection and response (NDR) platform, was acquired by Infoblox for an undisclosed amount. Kentik had previously raised $40.0M in funding.

Service Companies:

  • Sundance Networks, a United States-based managed IT and security services provider, was acquired by The 20 MSP for an undisclosed amount. Sundance Networks has not previously disclosed funding. (more)

  • The Logic Group, a United States-based managed IT and security services provider, was acquired by Compass MSP for an undisclosed amount. The Logic Group has not previously disclosed funding. (more)

  • Tiplu, a Germany-based professional services company focused on data security and software development for hospital systems, was acquired by LOGEX for an undisclosed amount. Tiplu has not previously disclosed funding.

🤘 IPO-h Yeah

  • None

🪦 Stop, Drop, Shut’em Down…

  • None 😮‍💨

Layoffs

  • None 😮‍💨

📚 Great Reads

*Sponsored

🧪 Labs

Haven’t felt this alive since

🫡 Signing Off

Have questions, comments, or feedback? Just reply directly, I’d love to hear from you.

If you find this newsletter useful and know others who would, I'd really appreciate it if you'd forward it to them!

Mike P

P.S. Feel free to connect with me on LinkedIn.

Reply

Avatar

or to participate

Keep Reading