Quarterly insights: Cybersecurity
RSA 2026 and recent conversations: Key takeaways around AI’s impact

We present our key takeaways from RSA 2026 and other recent conversations with operators, chief information security officers, acquirers and investors across the cybersecurity ecosystem. We consistently heard four arguments about what AI means for cybersecurity.
The first argument is that AI poses unique risks that will prompt the emergence of a large new cybersecurity software category. We agree.
The second argument is that better AI is making attackers much more capable of finding and exploiting vulnerabilities. We think this is true but overstated in the popular press.
The third argument is that AI will replace cybersecurity vendors. We think this is an overly simplistic assessment.
The fourth argument is that AI is bullish for the cybersecurity sector. We agree.
TABLE OF CONTENTS
- Cybersecurity remains a leading technology priority
- Argument 1: AI’s new risks will spur a large new class of security companies
- Argument 2: AI is making attackers more capable
- Argument 3: AI will replace cybersecurity vendors
- Argument 4: AI is bullish, not bearish, for the sector
- A sector remade by AI, and still full of opportunity
- Cybersecurity Index: Rollercoaster ride continues
- Cybersecurity M&A: Notable transactions include Symmetry Systems, Natoma and Dragos
- Cybersecurity private placements: Notable transactions include Oasis Security and Exaforce
Cybersecurity remains a leading technology priority
RSA 2026 once again affirmed cybersecurity is one of the most dynamic and resilient sectors of the economy. The conference returned to the Moscone Center in San Francisco from March 23 to 26, drawing more than 43,500 attendees from over 100 countries, along with more than 600 exhibitors, 700 speakers and 570 sessions.
The floor felt as busy as we can remember, and nearly every vendor had an AI story. The impact of non-traditional cybersecurity companies, both with a direct presence on the floor and not, was stronger than ever. Large language model (LLM) providers such as Open AI and Anthropic, with its cybersecurity-focused Claude Mythos model, dominated conversations, but other non-traditional cybersecurity companies were also the buzz, such as Databricks. Traditionally known as a cloud data intelligence company, Databricks announced Lakewatch, an AI-agent-based security information and event management (SIEM) platform integrated into its broader data platform, and emphasized its entrance into the market with a significant presence on the exhibition floor. That a company traditionally focused outside of cybersecurity has introduced a SIEM offering underscores how far interest in AI-era security opportunities expanded.
Four AI debates shaped RSA 2026: Here’s where we land

Source: First Analysis.
The broader conversation has also moved on, from securing LLM tools to the harder problem of deploying AI agents securely and at scale. Each new agent must be authenticated and granted access to corporate systems, creating a wave of new non-human identities that multiply far faster, and are far harder to govern, than human identities. The sense across the show was that everything is moving more quickly than before.
Cybersecurity also continues to command strong budget priority. Even in a more cautious spending environment, security sits at or near the top of the corporate technology budget, and the market keeps growing as organizations expand what they protect and contend with AI on both sides of the fight. Chief information security officers continue to invest in modernizing their defenses and improving their operational efficiency.
Among publicly traded companies, our cybersecurity sector index captures the swing in sentiment. The First Analysis Cybersecurity Index sold off sharply in February 2026 during the “SaaSpocalypse,” having declined 31% from June 23, 2025, to late February even as the S&P 500 and Nasdaq held on to solid gains. The index’s average enterprise value multiple of trailing twelve-month revenue compressed just as hard, from the high teens to 9.4. The index subsequently recovered, finishing the 12 months ended June 23 up about 15%, helping boost the average enterprise value multiple of trailing twelve-month revenue to 15.3. Despite the recovery, the index still trailed the S&P 500 (up 24%) and the Nasdaq (up 35%) over the period.
Within the group, stock price performance varied widely. The large platform vendors held up far better than many smaller, point-solution and recently public names, a split that seems consistent with the thesis we outline below. Private markets, by contrast, barely flinched, with funding staying heavy for AI-native security startups. This created an unusually wide gap between how public and private investors are pricing the same theme.
Our conversations with cybersecurity market participants at and after RSA kept circling back to four arguments about what AI means for cybersecurity. They do not all point the same way, and a couple are flatly contradictory, but each holds enough truth to take seriously.
Argument 1: AI’s new risks will spur a large new class of security companies
The first argument is that AI poses unique risks that will prompt the emergence of a large new cybersecurity software category. We agree. AI systems can leak sensitive data, act in ways their owners never intended, or simply hallucinate with adverse consequences. A widely discussed example this spring involved a company that builds software for car-rental operators. An AI coding agent was running a routine task in the company’s staging environment when it hit a credential mismatch. Rather than stopping to ask for help, it decided on its own to “fix” the problem, scanned the codebase, found an access token sitting in an unrelated file, and used it to delete the entire production database and its backups in about nine seconds. The company’s car-rental customers lost roughly three months of reservation and customer records, and the data was only recovered about two days later. The episode is less a story about AI being uniquely dangerous than about how much standing access these agents are now given, often with no least-privilege limits and no human sign-offs.
We are convinced this risk is real and that it is giving rise to a new class of security companies built specifically to keep AI in check inside organizations through policy enforcement, monitoring what agents can see and do, and similar controls. We have seen this pattern before. Changes in networking technology drove the emergence of endpoint security companies, and the explosion of cloud technology prompted the emergence of cloud security companies. We expect securing AI models, agents and their identities similarly to become a multibillion-dollar category. Venture funding has been flowing heavily into this area over the past year.
A new control layer is forming around enterprise AI

Source: First Analysis.
Argument 2: AI is making attackers more capable
The second argument is that better AI is making attackers far more capable of finding and exploiting vulnerabilities. We think this is true but overstated in the popular press.
Anthropic’s Claude Mythos has drawn the most attention as an example of the power AI can provide to attackers, having reportedly surfaced more than 10,000 high- or critical-severity flaws in widely used software. It is not alone. Google’s “Big Sleep” agent has uncovered real-world zero-days in widely used code such as SQLite and Apple’s WebKit, and similar tools are emerging quickly. In late-2025, a small group used Claude Code and ChatGPT to breach at least nine Mexican government agencies and walk off with more than 195 million records. Reporting indicates AI did much of the work, writing exploits and exfiltrating data, after the attackers convinced it the activity was authorized.
However, most of the popular coverage has not considered these events in the context of modern cybersecurity environments. We think AI-enabled attack capabilities would prove far less effective against a well-resourced, actively defended environment, especially one with modern detection stacks, rapid incident response, and active monitoring. In the case of the Mexican breach noted above, the targeted agencies were not mounting any meaningful active defense. They were running on legacy, often obsolete platforms with limited security operations and, in some cases, credentials that had never been revoked after employees departed. They were not actively monitoring for intrusions, and the attackers faced essentially no real-time resistance.
Further, AI is helping defenders. Through Anthropic’s Project Glasswing, security teams at major technology and infrastructure providers are getting early, gated access to the Mythos capabilities so they can find and patch flaws in their critical software before attackers can weaponize them. We are also seeing a new group of autonomous red-teaming startups gain traction. They use AI to continually probe customers’ defenses the way AI-enabled attackers would, turning the same tooling into a way to harden environments. It will be telling to watch how red team and blue team exercises play out with the latest models on both sides, and we will follow it closely.
Beyond these specific initiatives, the structural advantages AI gives defenders are substantial. Security teams have always faced an asymmetric information problem: Attackers need to find one opening and defenders need to watch everything. AI begins to close that gap. Modern platforms can ingest and correlate telemetry across millions of endpoints, cloud workloads, network flows and identity events simultaneously, surfacing anomalous patterns in milliseconds rather than the hours a human analyst would need to process the same volume. That speed matters most against novel attacks, where there is no prior signature to match. Behavioral models can detect deviations from baselines and trigger containment before an analyst has finished reading the first alert. Mean time to detect and mean time to respond, the two metrics that most determine how much damage an intrusion does, are compressing rapidly as AI handles initial triage. A lean security operations team armed with AI can now cover an attack surface that would have required a far larger staff just a few years ago, and the quality of that coverage is improving with every model generation.
Argument 3: AI will replace cybersecurity vendors
The third argument is that AI will simply replace what cybersecurity vendors do, providing cheaper, broader and better cybersecurity and leaving incumbents stranded. We think this is an overly simplistic assessment of AI’s impact on cybersecurity vendors.
We think it’s true that cybersecurity vendors that ignore AI or fail to build it into their products in a way that adds real value risk being displaced by AI or, more likely, by traditional cybersecurity competitors with sharper AI strategies. But that is true of any company facing technology change in fast-moving markets. Further, we are skeptical that the large, general-purpose AI labs (Anthropic, OpenAI, Google) will displace specialized vendors. Those large companies want to keep their models broadly capable across a wde variety of use cases, which leaves them poorly suited to address the messy demands of cybersecurity: the integrations, the orchestration across tools, the customer-by-customer policies and the countless edge cases that cybersecurity companies accommodate to make their security solutions effective in real-world environments.
Argument 4: AI is bullish, not bearish, for the sector
The fourth argument is that AI is bullish for the cybersecurity sector. We agree. The need for focused security vendors that adopt AI while respecting the policies and environments they already know should only grow as AI permeates the economy. We believe the companies that have spent years and billions of dollars building tuned solutions for hundreds of specific threats and use cases are the best positioned to fold AI into what already works. They typically have deep familiarity with how customers’ environments operate, their policies, their quirks, and their edge cases. That familiarity is an asset that is hard to replicate regardless of the underlying model. We believe cybersecurity customers will continue to value and trust incumbent providers’ deterministic, battle-tested controls and are unlikely to rely on probabilistic models alone.
Beyond the opportunity to address the increased threat from AI-enabled attackers, securing AI itself is opening a whole new line of spend. As noted in the discussion of argument 1, As organizations deploy AI agents and models across their environments, they need dedicated tooling to govern what those agents can access, monitor what they do, and contain the damage when something goes wrong. That is a category that barely existed three years ago and is growing quickly. Established security vendors that can extend their platforms to cover AI models, agents and identities alongside traditional endpoints stand to capture a meaningful share of that new spend. On balance, we think AI widens the moat for focused security vendors more than it erodes it.
A sector remade by AI, and still full of opportunity
The second quarter left us with one clear takeaway: AI now sits at the center of nearly every cybersecurity conversation, as both a risk and a tool. It is creating new exposures, handing attackers sharper instruments, and, just as importantly, giving defenders better ones. On balance, we think that makes focused cybersecurity companies that embrace AI more valuable, not less.
We think AI widens the moat for focused security vendors more than it erodes it.
We continue to see real opportunity across the space, from the new crop of companies securing AI itself to the established vendors weaving it into what they already do well, and we think cybersecurity remains one of the most durable and interesting areas in enterprise technology.
Cybersecurity Index: Rollercoaster ride continues
The First Analysis Cybersecurity Index gained 14.7% over the one-year period ended June 22, lagging the Nasdaq by 20 percentage points and the S&P 500 by 9 points. In the first five months of the period, the index dipped to a 12.6% loss. It rebounded to a 5% gain by early November. Afterward, it again sold off, reaching a 31.4% loss on Feb. 23, and remained in the 20-30% loss range until mid-April, when it began appreciating toward its peak gain of 28.5% on June 1.
Of the 18 cybersecurity stocks, 13 were down over the period, including Rapid7 (RPD), Netskope (NTSK) and Zscaler (ZS), which were each down by 60% or more. (Netskope had its initial public offering in September.) Among the five gainers, Fortinet (FTNT), Palo Alto Networks (PANW) and CrowdStrike (CRWD) led with gains of over 35% each and together contributed 26.4 points to the index’s market-cap weighted performance. Zscaler, which declined 60%, was the biggest detractor (5.2 points).
Cybersecurity public comparables* ($ in millions)
| LTM rev. |
Rev. growth 2025A‑2026E |
Rev. growth 2026E‑2027E |
LTM gross margin |
LTM EBITDA margin |
EV/rev. 2026E |
EV/rev. 2027E |
EV/EBITDA 2026E1 |
EV/EBITDA 2027E1 |
|
|---|---|---|---|---|---|---|---|---|---|
| Check Point Software Tech. (CHKP) | $2,756.0 | 3.2% | 6.2% | 87.7% | 31.7% | 3.67x | 3.46x | 8.9x | 8.4x |
| Cloudflare (NET) | $2,328.6 | 29.7% | 27.6% | 73.3% | (1.6%) | 27.22x | 21.33x | NMF | NMF |
| CrowdStrike (CRWD) | $5,094.2 | 23.5% | 21.6% | 75.1% | 1.2% | 28.71x | 23.61x | NMF | NMF |
| Fortinet (FTNT) | $7,109.5 | 14.9% | 10.6% | 80.3% | 33.2% | 13.22x | 11.96x | 36.4x | 32.4x |
| Netskope (NTSK) | $752.9 | 24.3% | 21.6% | 69.3% | (90.2%) | 3.74x | 3.08x | NMF | NMF |
| Okta (OKTA) | $2,996.0 | 9.6% | 9.6% | 77.4% | 8.9% | 5.72x | 5.22x | 21.5x | 18.9x |
| OneSpan (VDSI) | $245.8 | 1.3% | 3.0% | 73.9% | 24.2% | 1.86x | 1.81x | 7.0x | 6.5x |
| Palo Alto Networks (PANW) | $10,606.5 | 30.5% | 13.5% | 72.0% | 14.0% | 18.09x | 15.93x | NMF | 47.9x |
| Qualys (QLYS) | $684.9 | 8.3% | 7.1% | 83.2% | 35.8% | 4.48x | 4.18x | 10.1x | 9.4x |
| Radware (RDWR) | $309.6 | 9.0% | 7.9% | 80.7% | 7.5% | 2.66x | 2.46x | 15.9x | 13.8x |
| Rapid7 (RPD) | $859.2 | (2.4%) | (0.2%) | 69.7% | 6.6% | 0.89x | 0.89x | 5.3x | 5.0x |
| Rubrik (RBRK) | $1,424.8 | 24.9% | 21.8% | 80.6% | (20.1%) | 8.46x | 6.95x | NMF | NMF |
| SailPoint (SAIL) | $1,121.1 | 18.6% | 18.3% | 66.4% | 0.8% | 5.66x | 4.78x | 28.8x | 22.7x |
| SentinelOne (S) | $1,048.9 | 19.9% | 17.7% | 73.2% | (24.7%) | 3.66x | 3.11x | 32.8x | 21.0x |
| Tenable Holdings (TENB) | $1,022.3 | 7.4% | 7.2% | 78.2% | 4.0% | 2.82x | 2.63x | 11.0x | 10.0x |
| Trend Micro (TSE: 4704) | $1,749.2 | 8.0% | 5.4% | 77.3% | 30.2% | 1.69x | 1.60x | 6.1x | 5.8x |
| Varonis Systems (VRNS) | $660.2 | 17.9% | 18.2% | 78.1% | (20.0%) | 4.70x | 3.98x | NMF | NMF |
| Zscaler (ZS) | $3,173.6 | 20.2% | 16.8% | 76.7% | (1.9%) | 5.13x | 4.40x | 18.8x | 15.3x |
| Average | $2,441.3 | 14.9% | 13.0% | 76.3% | 2.2% | 7.91x | 6.74x | 16.9x | 16.7x |
| Median | $1,273.0 | 16.4% | 12.1% | 77.0% | 5.3% | 4.59x | 4.08x | 13.5x | 13.8x |
Source: Capital IQ, First Analysis.
Notes: Public comparable company data shown above is as of June 22, 2026.
(1) EBITDA multiples less than 0 and greater than 50 labeled “not meaningful” (NMF). LTM = last 12 months. EBITDA = earnings before interest, taxes, depreciation and amortization.
The index’s enterprise value multiple of trailing 12-month revenue as of June 22 was 15.3, a slight increase from the 14.5 multiple at the beginning of the one-year period and only modestly below its peak of 17.5 in early June. It remained well above the Nasdaq’s 5.9 and the S&P 500’s 4.0 multiples.
Looking at forward multiples, the average enterprise value multiple of 2026 estimated revenue was 7.9 (median 4.6), and the average for 2027 was 6.7 (median 4.1). In our March 19 report, the average was 6.4 for 2026 and 5.4 for 2027. CrowdStrike traded at the highest multiple for estimated 2026 revenue (28.7) and estimated 2027 revenue (23.6) followed closely by Cloudflare (NET) at 27.2 for 2026 and 21.3 for 2027. Palo Alto is expected to grow revenue fastest in 2026 (30.5%), and Cloudflare is expected to grow fastest in 2027 (27.6%).
First Analysis Cybersecurity Index 1-year performance

Source: First Analysis.
Notes: (1) Index performance is weighted by market cap. For the period from June 23, 2025, through June 22, 2026.
Cybersecurity M&A: Notable transactions include Symmetry Systems, Natoma and Dragos
We highlight three noteworthy cybersecurity M&A announcements from the second quarter. All three transactions reflect a broader theme: Established platform vendors are acquiring specialized capabilities to extend their security perimeters into emerging threat surfaces. These surfaces are AI-driven machine-to-machine communication and operational technology environments, which were historically outside the scope of enterprise security.
On May 21, Zscaler (ZS) announced its intent to acquire Symmetry Systems, a pioneer in identity mapping and data access security, for $175 million. Symmetry Systems provides access graph technology that ingests enterprise-wide access logs from SaaS applications, cloud environments, data stores and AI systems. The platform uses AI to synthesize and correlate those logs into a unified map of which identities accessed specific data sources and determine that access was granted. Symmetry helps enterprises navigate the fast-changing nature of AI agents operating independently across systems using inherited permissions by providing visibility into what agents are accessing and why, allowing these enterprises to build policies around access and identity mapping. Integrating Symmetry’s access graph into Zscaler’s Zero Trust Exchange platform will allow customers to enforce least-privilege policies for AI agents, trace data lineage across chains of sub-agents, and detect and contain anomalous behavior in real time.
Symmetry’s access graph slots directly into Zscaler’s Zero Trust identity layer

Source: Symmetry Systems.
On May 27, Snowflake (SNOW) announced its intent to acquire Natoma for $110 million. Natoma provides an enterprise AI platform that securely connects AI agents to corporate applications and data sources using protocols like the Model Context Protocol (MCP). Natoma’s platform provides identity-aware authorization, policy enforcement and auditability for AI agents connecting across enterprise systems, including SaaS applications, cloud environments, on-premises infrastructure and internal application programming interfaces. The acquisition addresses a governance gap that has emerged as enterprises move from AI copilots to fully autonomous agents capable of taking actions across business workflows. While organizations have mature frameworks for governing their data, governing what those agents do across systems has remained largely unaddressed. Snowflake’s AI Data Cloud platform serves as a central data repository for enterprises. This acquisition enables Snowflake to extend its governance capabilities into the AI agent layer by incorporating a verified library of MCP servers and centralized control over how AI agents interact with their clients’ systems.
Natoma’s MCP gateway enforces policy on AI tool calls

Source: Natoma.
On June 18, Accenture (ACN) announced its intent to acquire a majority stake in Dragos at an enterprise value of $3.2 billion. Dragos is a leading operational technology and industrial control systems cybersecurity platform supporting over 600 industrial protocols and the Neighborhood Keeper real-time threat-sharing network used by government entities like the National Security Agency and the Cybersecurity and Infrastructure Security Agency. The acquisition addresses the widening gap between IT security maturity and operational technology environments, which were historically air-gapped but are now deeply interconnected with enterprise networks and increasingly targeted by nation-state actors. Dragos brings a library of industrial control system threat groups and attack playbooks developed from years of industrial incident response, intelligence that cannot be replicated by adapting IT security tooling to operational technology contexts. Combining Dragos’s platform with Accenture’s global managed security services creates an end-to-end offering spanning advisory, deployment, monitoring and response for operators of power grids, pipelines, water systems and manufacturing facilities. Dragos was the largest of three acquisitions Accenture announced simultaneously with an aggregate enterprise value of $4.18 billion, all addressing these themes. The other two companies were RunZero and NetRise.
Dragos’ platform monitors industrial protocols across operational technology networks

Source: Dragos.
Select recent M&A transactions (sorted by date of announcement, $ in millions)
| Date | Target | Target business description | Buyer | Enterprise value |
Enterprise value/rev. |
|---|---|---|---|---|---|
| 6/18/2026 | Dragos | Operational technology and industrial control system security platform supporting 600+ industrial protocols with the Neighborhood Keeper threat-sharing network helping to protect critical industrial infrastructure and OT environments from cyber threats | Accenture (ACN) | $3,200.0 | 20.1x |
| 6/15/2026 | Entro Security | Discovers, monitors and governs non-human identities, such as application programming interface keys, service accounts and AI agents, securing them throughout their entire life cycles | SailPoint (SAIL) | Undisclosed | Undisclosed |
| 6/15/2026 | Apono | Automated cloud access management platform that eliminates dangerous standing privileges by granting engineers temporary, just-in-time permissions to cloud infrastructure, SaaS and data repositories | 1Password | Undisclosed | Undisclosed |
| 6/9/2026 | Strata Identity | Vendor-agnostic software that unifies and manages different identity and access management systems across multi-cloud and hybrid environments without requiring application code changes | Rubrik (RBRK) | Undisclosed | Undisclosed |
| 6/1/2026 | Phosphorus Cybersecurity | Agentless extended Internet of Things platform automating discovery and remediation of IoT, operational technology and Internet of Medical Things device vulnerabilities at scale | Dragos | Undisclosed | Undisclosed |
| 5/27/2026 | Natoma | Enterprise security and governance platform that allows organizations to securely connect AI agents and models to their internal tools and data | Snowflake (SNOW) | $110.0 | Undisclosed |
| 5/21/2026 | Symmetry Systems | Unifies data discovery, identity access and AI risk into a single platform, helping organizations protect sensitive information and enforce strict least-privilege policies across hybrid-cloud and SaaS environments | Zscaler (ZS) | $175.0 | Undisclosed |
| 5/20/2026 | AIceberg | AI firewall using non-LLM models to flag prompt injection, data leakage and jailbreaks with explainable guardrails | Cranium AI | Undisclosed | Undisclosed |
| 5/19/2026 | Deepchecks | LLM evaluation and observability platform scoring quality, hallucinations and safety across the continuous integration and continuous delivery life cycles | Check Point (CHKP) | Undisclosed | Undisclosed |
| 5/1/2026 | CyberCatch | AI-enabled platform that helps organizations implement required cybersecurity controls and continuously tests them to detect security holes so they can be fixed promptly, ensuring compliance and protection against cyberattacks | Datavault AI (DVLT) | $100.0 | Undisclosed |
| 4/13/2026 | Kovr.ai | AI-native cyber compliance platform that automates the documentation, mapping and continuous monitoring of security controls to help organizations rapidly achieve regulatory accreditations like FedRAMP and Cybersecurity Maturity Model Certification | Fortreum | Undisclosed | Undisclosed |
| 3/26/2026 | Kenzo Security | Agentic security operation center platform deploying a swarm of AI agents over a data mesh for autonomous, end-to-end alert investigation | Rapid7 (RPD) | Undisclosed | Undisclosed |
Source: Capital IQ, First Analysis.
Cybersecurity private placements: Notable transactions include Oasis Security and Exaforce
We highlight two noteworthy cybersecurity private placement announcements from the second quarter. Both companies operate in rapidly changing sectors: non-human identity management and AI-driven security operations, which have drawn increasing attention from enterprise security buyers.
On March 19, Oasis Security announced it had received $120 million in Series B funding led by Craft Ventures, with participation from existing investors Cyberstarts, Sequoia Capital and Accel, bringing total funding to $195 million. Oasis Security was founded in 2022 and is widely known for its ability to navigate the rapidly changing landscape of non-human identity management by securing the service accounts, application programming interface keys, machine credentials, and other non-human identities that are becoming an increasing part of the digital environment today. As organizations scale their AI deployments, Oasis provides just-in-time access controls and a single policy enforcement across hybrid environments to ensure agents receive only the permissions they need to complete their tasks. The proceeds will be used to expand research and development, expand integration within AI agent frameworks and scale the company’s go-to-market operations.
Oasis Security’s dashboard surfaces non-human identity posture, policy violations and live connections

Source: Oasis Security.
On May 12, Exaforce announced it had raised $125 million in Series B funding from investors including HarbourVest, Peak XV, Mayfield, Khosla Ventures and Seligman Ventures. This raise comes a little over a year after its $75 million Series A in early 2025, bringing total funding to $200 million. Exaforce was founded in 2023. It offers an AI-powered security operations center (SOC) platform that deploys autonomous AI agents to detect and respond to threats in real time. The platform targets the overwhelming volume of alerts that security analysts must sift through, most of which are false positives, to reduce manual workload by as much as 90%. A recently introduced feature the company calls “vibe hunting” allows security teams to query the platform in natural language to investigate potential threats. The proceeds from the funding will be used to expand the capabilities of its core platform and expand its global footprint, particularly targeting Japan and Europe.
Exaforce’s multi-model AI engine combines semantic, behavioral and knowledge models

Source: Exaforce.
Select recent private placements (sorted by date of announcement, $ in millions)
| Date | Company | Business description | Investors | Raise type | Amount raised |
Total amount raised |
|---|---|---|---|---|---|---|
| 6/18/2026 | Dream Security | Sovereign AI and national cyber defense platform selling threat detection, vulnerability research and data intelligence to governments | Bicycle Capital; Group 11; Antler; Bain Capital Ventures; Tru Arrow Partners | Series C | $260.0 | $415.0 |
| 6/17/2026 | Twenty Technologies | AI-enabled offensive cyber warfare systems built for the U.S. military and intelligence community | Accel; Friends & Family Capital; Point72 Ventures; Caffeinated Capital | Series B | $100.0 | $138.0 |
| 6/17/2026 | Tenet Security | Detects and blocks unauthorized actions, data exfiltration and prompt injection attacks targeting enterprise AI agents | The Westly Group; MizMaa Ventures | Seed | $6.0 | $6.0 |
| 6/10/2026 | Aryon Security | Agentless cloud-security enforcement blocking risky configurations at deployment, before they reach production | Blumberg Capital; Brightmind Partners; Datadog Ventures; Skinos Ventures; Viola Ventures | Series A | $29.0 | $38.0 |
| 6/10/2026 | Pi | Agentic product-security “brain” tracing vulnerabilities to their root cause and auto-fixing code variants | Third Point Ventures; Brightmind Partners | Series A | $35.0 | $35.0 |
| 6/4/2026 | Opal Security | AI-native access governance for human, service and AI identities, with policy-as-code and the Paladin engine | Battery Ventures; Cambium Capital; Greylock Partners | Growth | $23.0 | $59.0 |
| 6/2/2026 | Cyera | Agentless, AI-native data security posture management classifying and remediating sensitive data across cloud, SaaS and on-premise assets at scale | Accel; Blackstone; Coatue; Cyberstarts; Evolution Equity; Georgian Partners; Greenoaks Capital; Lightspeed Venture; Redpoint Ventures; Sapphire Ventures; Sequoia Capital; Spark Capital; Temasek | Series G | $600.0 | $2,196.0 |
| 5/20/2026 | Quantum Bridge | Quantum-safe key distribution built on a patented distributed symmetric key establishment protocol, decentralizing keys with no single point of failure | Club degli Investitori angels; Hewlett Packard Pathfinder (HPE); Primo Capital; Cadenza Ventures; Wayra; Bacchus Venture Capital | Series A | $8.0 | $16.0 |
| 5/12/2026 | Exaforce | Agentic security operations center platform with multi-model “Exabots” that triage and investigate threats over a real-time knowledge graph | HarbourVest Partners; Mayfield Fund; Peak XV Partners; Khosla Ventures; Seligman Ventures; AICONIC Ventures | Series B | $125.0 | $200.0 |
| 5/6/2026 | BoostSecurity | AI-native secure software development life cycle defense unifying developer-endpoint, supply-chain, and application security posture management controls to auto-fix code before commit | White Star Capital, Amiral Ventures, Accelia Capital, and Sorensen Capital | Venture | $4.0 | $16.0 |
| 4/16/2026 | Gray Swan | Adversarial evaluation, continuous red teaming, and real-time runtime protection to help enterprises build and deploy secure, safe AI applications | Hudson River Trading; Madrona Venture; Magarac Venture; Obvious Ventures; Samsung NEXT; Snowflake Ventures; Wing Venture | Series A | $40.0 | $45.5 |
| 3/31/2026 | Tenex.ai | AI-native, human-led managed detection and response cybersecurity platform that autonomously triages, investigates, and responds to cyber threats at machine speed, freeing human analysts to focus on complex, strategic security decisions | Florida Opportunity Fund; Digital Transformation Capital; DeepWork Capital; Crosspoint Capital; Shield Capital; a16z; Enterprise Florida | Series B | $250.0 | $276.4 |
| 3/19/2026 | Oasis Security | Purpose-built non-human identity platform for discovering, governing, and managing machine and AI-agent identities | Accel; Sequoia Capital; Craft Ventures; Cyberstarts | Series B | $120.0 | $195.0 |
| 3/18/2026 | Raven | Software that fingerprints execution paths to block zero-days and exploits inside running applications | Norwest Venture; Elron Ventures; UpWest Labs; SentinelOne (S); RedSeed Ventures; Unusual Ventures; Jibe Ventures; CyberFuture; Dnipro VC | Seed | $20.0 | $20.0 |
| 3/18/2026 | Censys | Internet-intelligence platform that scans all available network ports to map attack surfaces and hunt adversary infrastructure | Intel Capital; GV; Greylock Partners; Decibel Ventures; Morgan Stanley Expansion Capital | Series D | $40.0 | $177.3 |
Source: Capital IQ, First Analysis.

Request full report
To access the full report, please provide your contact information in the form below. Thank you for your interest in First Analysis research.
