News Daily Nation Digital News & Media Platform

collapse
Home / Daily News Analysis / AI Drives Cybersecurity Investments, Widening 'Valley of Death'

AI Drives Cybersecurity Investments, Widening 'Valley of Death'

Jul 08, 2026  Twila Rosenbaum  5 views
AI Drives Cybersecurity Investments, Widening 'Valley of Death'

Artificial intelligence has turbo-charged cybersecurity investments this year, but the technology has also generated a substantial amount of noise and uncertainty for investors and end-user organizations alike. The first quarter of 2026 saw an unusual trend: merger and acquisition (M&A) activity was high, with 108 deals completed, according to a recent report from security investment bank Momentum Cyber. However, the total value of those deals—$2.6 billion—was eclipsed by the $3.8 billion in venture capital and other financing flowing into cybersecurity startups. This inversion, only seen three times before, underscores how AI is reshaping the financial landscape of the industry.

Eric McAlpine, founder and CEO of Momentum Cyber, noted that quarterly M&A value is usually higher than financing totals. The big driver for this shift is, of course, AI. An already crowded cybersecurity market will have more overlapping players as a new enterprise AI security market takes shape. Alberto Yépez, cofounder and managing partner at Forgepoint Capital, compared the current moment to the early days of the commercial web and web security industries. "We're in the very early innings," he said, adding that it will be a challenge for investors and potential customers to cut through the noise and pick out the eventual winners.

While the volume of cybersecurity financing so far this year has been quite high, the venture capital dollars are going to fewer companies. Robert Ackerman, cofounder and managing partner at DataTribe, observed a lower number of deals at seed and Series A stages, but more money being raised overall. This concentration of capital comes with peril, especially for companies that may be struggling to adapt to an AI-centric world. With huge sums of money being injected into AI-native companies, fewer dollars are available for other firms. Ackerman says this has widened the so-called "valley of death" for startups—the critical phase after initial funding when a company has yet to achieve consistent revenue to sustain operations.

"The 'valley of death' has never been wider in cybersecurity," Ackerman warned. This dynamic is creating a challenging environment for many cybersecurity startups, even those that are native-AI, because competition is fierce and differentiation is hard. Meanwhile, the technology upheaval from Anthropic's Mythos recent preview, Project Glasswing, continues to produce shockwaves. While large language models have offered tantalizing benefits for enterprises, they've simultaneously sparked concerns about abuse by threat actors and have thrown some well-defined sectors within cybersecurity into chaos.

Nevertheless, investors and analysts agree that the M&A activity and investment volumes so far this year are positive signs for a growing cybersecurity industry, with more jobs and more AI-driven security offerings. The upbeat mood at RSAC Conference 2026 in March reflected that optimism. Yépez described the market as "very positive and very energetic." Eric Parizo, president and chief analyst at Cernivera Research, noted that the cybersecurity industry had a banner year for financing in 2025, and that looks to continue into 2026. The track record for cybersecurity investments is strong, with around 75 companies holding $1 billion-plus valuations, an increase of approximately 40% from just two years ago.

Adding AI to the mix, Parizo said, is like "throwing gasoline on a bonfire." Some native-AI startups have already attracted record investments. For example, managed detection and response vendor Tenex recently pulled in $250 million in Series B financing after scoring $27 million in its first round. And it's not just financing: Momentum Cyber observed another interesting trend of AI-native companies selling to suitors for considerable sums less than three years after launching, driving a lot of recent M&A volume. "There's an insatiable appetite for cybersecurity right now, and there's a lot of consolidation happening within the space," McAlpine said.

The proliferation of AI creates more cybersecurity spending, as major platforms like Claude and ChatGPT are creating new vulnerability and attack surfaces that must be secured for enterprise adoption. According to a KPMG Global AI Pulse survey earlier this year of more than 2,000 enterprise C-suite executives, half were planning to invest between $10 million and $50 million to secure agentic AI systems. Parizo emphasized that nearly every cybersecurity vendor is rushing to offer capabilities to secure AI usage because enterprise budgets are rapidly flowing in that direction. The cybersecurity market appears poised for long-term success despite macroeconomic uncertainty. "Indeed, I'm not sure there's ever been a better time to be a cybersecurity investor," he said.

But AI isn't good news for everyone in cybersecurity. Anthropic's Project Glasswing put many in the industry on edge over concerns that the new Mythos frontier model could reveal a super-abundance of new zero-day vulnerabilities, and the AI technology itself may render some vendors and sectors like vulnerability management obsolete. Ackerman noted that the large, frontier-model companies—namely Anthropic—have released capabilities that seem to throw well-defined sectors into chaos. Yépez agreed, adding that many cybersecurity companies sitting between AI-native startups and established vendors are finding themselves in a tough spot. "Some of them are walking dead because they think Mythos is going to take over what they do," he said.

McAlpine pointed out that the large number of mergers and acquisitions this year has involved many non-native AI companies that may have received some funding in previous rounds but now "need to find a soft landing" as financing dries up. Those companies are struggling to get additional VC dollars on top of the dollars already spent. This has created challenges even for AI-native startups because of stiff competition and the difficulty of scaling a company to something meaningful with lasting power. "Differentiation is hard," Ackerman stated.

M&A activity in 2026 has featured much smaller deals compared to Google's $32 billion all-cash purchase of Wiz, finalized in March. Ackerman calls deals in the $200 million to $400 million range the market's sweet spot. However, experts say major consolidation is coming with bigger fish. Yépez believes that in cybersecurity, there's an element of Darwinism, and that consolidation is a good thing because the market cannot support too many companies doing the same thing. Ackerman predicts that the coming consolidation wave will rapidly shrink the number of unique security solutions within the average enterprise, which currently stands between 60 and 80. "I think the number of solutions being used within companies will get much smaller," he said.

McAlpine predicts a Wiz-size acquisition in the next 12 to 18 months, with strategic moves from AI frontier model providers and hyperscalers. He notes that tech giants like Microsoft and Google didn't start out as cybersecurity companies but made strategic acquisitions and investments over the years to strengthen their positions. Given the higher stakes of the post-Mythos world, he expects multibillion-dollar deals because companies like OpenAI and Anthropic have hired experienced M&A corporate development professionals from the likes of Google. "You don't hire people like that to do small deals," McAlpine concluded.


Source: Dark Reading News


Share:

Your experience on this site will be improved by allowing cookies Cookie Policy