AI Driving Cybersecurity Investments, Widening 'Valley of Death' TechTarget and Informa Tech’s Digital Business Combine.TechTarget and InformaTechTarget and Informa Tech’s Digital Business Combine.Together, we power an unparalleled network of 220+ online properties covering 10,000+ granular topics, serving an audience of 50+ million professionals with original, objective content from trusted sources. We help you gain critical insights and make more informed decisions across your business priorities.Dark Reading Resource LibraryBlack Hat NewsOmdia CybersecurityAdvertiseNewsletter Sign-UpNewsletter Sign-UpCybersecurity TopicsRelated TopicsApplication SecurityCybersecurity CareersCloud SecurityCyber RiskCyberattacks & Data BreachesCybersecurity AnalyticsCybersecurity OperationsData PrivacyEndpoint SecurityICS/OT SecurityIdentity & Access Mgmt SecurityInsider ThreatsIoTMobile SecurityPerimeterPhysical SecurityRemote WorkforceThreat IntelligenceVulnerabilities & ThreatsRecent in Cybersecurity TopicsApplication SecurityAttackers Weaponize RubyGems for Data Dead DropsAttackers Weaponize RubyGems for Data Dead DropsbyAlexander CulafiMay 13, 20264 Min ReadСloud SecurityLatAm Vibe Hackers Generate Custom Hacking Tools on the FlyLatAm Vibe Hackers Generate Custom Hacking Tools on the FlybyAlexander CulafiMay 13, 20265 Min ReadWorld Related TopicsDR GlobalMiddle East & AfricaAsia PacificLatin AmericaSee AllThe EdgeDR TechnologyEventsRelated TopicsUpcoming EventsPodcastsWebinarsSEE ALLResourcesRelated TopicsResource LibraryNewslettersPodcastsReportsVideosWebinarsWhite Papers Partner PerspectivesDark Reading Resource LibraryCybersecurity OperationsCyber RiskСloud SecurityCybersecurity AnalyticsNewsAI Drives Cybersecurity Investments, Widening 'Valley of Death'In a role reversal, investment dollars in AI security startups exceeded the value of AI acquisitions in 1Q26 by more than $1 billion, a rare occurrence.Rob Wright,Senior News Director,Dark ReadingMay 14, 20267 Min ReadSource: Aleksey Funtap via Alamy Stock PhotoArtificial intelligence has turbo-charged cybersecurity investments this year, but the technology has also generated a substantial amount of noise and uncertainty for investors and end-user organizations alike.Technology upheaval in the cybersecurity industry is nothing new, but the seismic shift from Anthropic's Mythos recent preview, Project Glasswing, continues to produce shockwaves. While large language models have offered tantalizing benefits for enterprises, they've at the same time sparked concerns about abuse by threat actors.The technology has also created financial upheaval. Investors are flocking to new security companies that are entirely AI-focused, while "AI-native" startups have also emerged — and are fetching top dollar in an active acquisitions market. And while the influx of capital is a positive sign for the cybersecurity industry, it also means more noise to contend with for CISOs, investors, and would-be suitors.Related:Dark Reading Celebrates 20 Years as a Leading Authority on Cybersecurity, Highlighting the People, Events, Ideas, and Technologies Shaping the Modern Risk LandscapeBigger Investments, Smaller AcquisitionsInvestors and analysts observed an unusual trend in the first quarter of 2026: mergers and acquisition (M&A) activity was high, with 108 deals in Q1, according to a recent report from security investment bank Momentum Cyber. But the value of those deals was much smaller compared to the capital flowing into cybersecurity startups. In short, smaller fish have been acquired this year, while bigger investment bets are being placed on hot startups. "There was a very interesting dynamic in Q1 that we've only seen three other times before, and that was the financing volume at $3.8 billion outdid the M&A volume at $2.6 billion," says Eric McAlpine, founder and CEO of Momentum Cyber, adding that quarterly M&A value is usually higher than financing totals.A big driver for this trend is, of course, AI. An already crowded cybersecurity market will have more overlapping players as a new enterprise AI security market takes shape, which Alberto Yépez, cofounder and managing partner at Forgepoint Capital, compared to the early days of the commercial Web and Web security industries. "We're in the very early innings," he says, adding it will be a challenge for investors and potential customers to cut through the noise and pick out the eventual winners.While the volume of cybersecurity financing so far this year has been quite high, the venture capital (VC) dollars are going to fewer companies. "What we see in the numbers is a lower number of deals at seed and Series A, but more money being raised," says Robert Ackerman, cofounder and managing partner at DataTribe.Related:20 Leaders Who Built the CISO Era: 2 Decades of ChangeThat trend, according to experts, also comes with peril, especially for companies that may be struggling to adapt to an AI-centric world. With huge sums of money being injected into AI-native companies, fewer dollars are available for other firms. Ackerman says this had widened the so-called "valley of death" for startups, which is a phase of a company's life cycle after it receives initial funding but has yet to achieve consistent revenue to sustain operations, putting it in jeopardy."The 'valley of death' has never been wider in cybersecurity," Ackerman says. The AI Effect: 'Gasoline on a Bonfire'Overall, investors and analysts agree the M&A activity and investment volumes so far this year are positive signs for a growing cybersecurity industry, with more jobs and more AI-driven security offerings. That was a reflected in the upbeat mood at RSAC Conference 2026 in March, according to Yépez."There was a lot of excitement because there were more M&A transactions and a lot more money was being poured into new companies," Yépez tells Dark Reading. "In general, the market is very positive and very energetic."Eric Parizo, president and chief analyst at Cernivera Research, says the cybersecurity industry had a banner year for financing in 2025, and that looks to continue into 2026. And it's not just AI; the track record for cybersecurity investments is quite strong, he says, with around 75 companies with $1 billion-plus valuations, an increase of approximately 40% from just two years ago.Related:Has CISA Finally Found Its New Leader in Tom Parker?"Adding AI to the mix, I believe, is going to be like throwing gasoline on a bonfire," Parizo says, noting that some native-AI startups have already attracted record investments. For example, managed detection and response vendor Tenex recently pulled in $250 million in Series B financing after scoring $27 million in its first round.And it's not just financing, either. McAlpine notes that Momentum Cyber has observed another interesting trend of AI-native companies selling to suitors for considerable sums less than three years after launching, in some instances, which has driven a lot of recent M&A volume. "There's an insatiable appetite for cybersecurity right now, and there's a lot of consolidation happening within the space," McAlpine says.Additionally, Parizo says the proliferation of AI creates more cybersecurity spending, as major platforms like Claude and ChatGPT are creating new vulnerability and attack surfaces that must be secured for enterprise adoption. For example, according to a KPMG Global AI Pulse survey earlier this year of more than 2,000 enterprise C-suite executives and decision makers, half were planning to invest between $10 million and $50 million to secure agentic AI systems."There's a reason why nearly every cybersecurity vendor is rushing to offer capabilities to secure AI usage: enterprise budgets are rapidly flowing in that direction," he says, adding that cybersecurity market appears to be poised for long-term success despite macro-economic uncertainty. "Indeed, I'm not sure there's ever been a better time to be a cybersecurity investor."Investment Darlings: Native-AI Startups AI isn't good news for everyone in cybersecurity, however. Anthropic's Project Glasswing put many in the industry on edge over concerns that the new Mythos frontier model reveal a super-abundance of new zero-day vulnerabilities, but the AI technology itself may render some vendors and sectors like vulnerability management obsolete."The broad trend is that cybersecurity is in a unique spot because I think the large, frontier-model companies, namely Anthropic, have released capabilities that seem to throw some of the well-defined sectors within cybersecurity into chaos," Ackerman says.Yépez agrees, adding that many cybersecurity companies that are in between the AI-native startups and the established vendors are finding themselves in a tough spot. "Some of them are walking dead because they think Mythos is going to take over what they do," he says.McAlpine says the large number of mergers and acquisitions this year has involved many non-native AI companies that may have received some funding in previous rounds but "need to find a soft landing" now that financing is drying up. "Those companies are struggling to get additional VC dollars on top of the dollars already spent," he says.This has created challenges for cybersecurity startups, even for those that are native-AI because competition is stiff and many new startups are being created. And while it's never been easier to start a company, Ackerman says, "scaling it to something meaningful that has lasting power is really hard right now because differentiation is hard."Big Acquisitions on the HorizonM&A activity in 2026 has featured much smaller deals, compared to Google's $32 billion all-cash purchase of Wiz, finalized in March. Ackerman calls deals in the $200 million to $400 million range the market's sweet spot.However, experts say major consolidation is coming with bigger fish. "In cybersecurity, there's an element of Darwinism," Yépez says. "There are way too many companies doing the same thing today. And to me, [consolidation] is a good thing because the market cannot support that many companies."Ackerman agrees, and predicts that the coming consolidation wave will rapidly shrink the number of unique security solutions within the average enterprise, which he says is currently between 60 and 80, depending on the customer. "I think the number of solutions being used within companies will get much smaller."McAlpine predicts a Wiz-size acquisition in the next 12 to 18 months, with some strategic moves from AI frontier model providers and hyperscalers. He notes that tech giants like Microsoft and Google didn't start out as cybersecurity companies but made strategic acquisitions and investments over the years to strengthen their positions. "I have a strong belief in [in multibillion dollar acquisition deals] because I think the stakes of this new post-Mythos world have gotten much higher," he says, noting that OpenAI, Anthropic, and others have many open security requisitions. "And they've hired some of the best, most talented, and experienced M&A corporate development professionals away from the likes of Google and others, and you don't hire people like that to do small deals."Don't miss the latest Dark Reading Confidential podcast, How the Story of a USB Penetration Test Went Viral. Two decades ago Dark Reading posted its first blockbuster piece — a column by a pen tester who sprinkled rigged thumb drives around a credit union parking lot and let curious employees do the rest. This episode looks back at the history-making piece with its author, Steve Stasiukonis. Listen now!About the AuthorRob WrightSenior News Director, Dark ReadingRob Wright is a longtime reporter with more than 25 years of experience as a technology journalist. Prior to joining Dark Reading as senior news director, he spent more than a decade at TechTarget's SearchSecurity in various roles, including senior news director, executive editor and editorial director. Before that, he worked for several years at CRN, Tom's Hardware Guide, and VARBusiness Magazine covering a variety of technology beats and trends. Prior to becoming a technology journalist in 2000, he worked as a weekly and daily newspaper reporter in Virginia, where he won three Virginia Press Association awards in 1998 and 1999. He graduated from the University of Richmond in 1997 with a degree in journalism and English. A native of Massachusetts, he lives in the Boston area. See more from Rob WrightWant more Dark Reading stories in your Google search results?Add Us NowMore InsightsIndustry ReportsHow Enterprises Are Developing Secure ApplicationsInside RSAC 2026: security leaders reveal the risks redefining your defense strategyHow Enterprises Are Harnessing Emerging Technologies in CybersecurityDitch the Data Center: Understanding Flexible Cloud Infrastructure Security Management2025 State of MalwareAccess More ResearchWebinarsYour Guide to Securing AI Adoption in Your OrganizationWhat is the Right Role for Identity Threat Detection and Response (ITDR) in Your Organization?The New Attack Surface: How Attackers Are Exploiting OAuth to Own Your Cloud WorkspacePrompt Injection Is Just the Start: Securing LLMs in AI SystemsAnatomy of a Data Breach: What to Do if it Happens to YouMore WebinarsEditor's ChoiceThreat IntelligenceFrom Stuxnet to ChatGPT: 20 News Events That Shaped CyberFrom Stuxnet to ChatGPT: 20 News Events That Shaped CyberbyDark Reading Editorial TeamMay 6, 202631 Min ReadCyber RiskPhysical Cargo Theft Gets a Boost From CybercriminalsPhysical Cargo Theft Gets a Boost From CybercriminalsbyRobert LemosMay 4, 20265 Min ReadWant more Dark Reading stories in your Google search results?Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.SubscribeRSAC 2026: key news & insightsAt RSAC 2026, Dark Reading captured critical intelligence on AI, new attack methods, geopolitics, and much moreGet Your RecapWebinarsYour Guide to Securing AI Adoption in Your OrganizationTues, June 9, 2026 at 1pm ESTWhat is the Right Role for Identity Threat Detection and Response (ITDR) in Your Organization?Wed, June 3, 2026 at 1pm ESTThe New Attack Surface: How Attackers Are Exploiting OAuth to Own Your Cloud WorkspaceWed, June 24,2026 at 1pm ESTPrompt Injection Is Just the Start: Securing LLMs in AI SystemsTues, May 26, 2026, at 1pm ESTAnatomy of a Data Breach: What to Do if it Happens to YouJune 18th, 2026 | 11:00am -5:00pm ET | Doors Open at 10:30am ETMore WebinarsBlack Hat USA | Mandalay Bay, Las VegasThe premier cybersecurity event of the year returns to Mandalay Bay with a re‑engineered, six‑day program built to ignite innovation, push boundaries, and bring the global security community together like never before. Use code: DARKREADING to save $200 on a Briefings pass or $100 on a Business pass.GET YOUR PASSDiscover MoreBlack HatOmdiaWorking With UsAbout UsAdvertiseReprintsJoin UsNewsletter Sign-UpFollow UsCopyright © 2026 TechTarget, Inc. d/b/a Informa TechTarget. This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world’s technology buyers and sellers. All copyright resides with them. Informa PLC’s registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.’s registered office is 275 Grove St. Newton, MA 02466.Home|Cookie Policy|Privacy|Terms of UseYour Privacy Choices

Artificial intelligence has significantly accelerated cybersecurity investments, yet this technological upheaval has simultaneously generated considerable noise and uncertainty for both investors and end-user organizations. The emergence of large language models, such as Anthropic's Mythos preview, has created seismic shifts in the industry, raising concerns about potential abuse by threat actors. This dynamic has manifested as a financial upheaval, with investors flocking toward entirely AI-focused security companies, and "AI-native" startups commanding high valuations in the active acquisitions market.

In the first quarter of 2026, market activity revealed an interesting asymmetry: mergers and acquisition volume totaled $2.6 billion, whereas the total financing volume for cybersecurity startups reached $3.8 billion. This indicates that while substantial capital is flowing into the sector, the value attributed to mergers was relatively smaller compared to the financing activity. This trend suggests that smaller entities have been acquired while larger investment bets are placed on emerging hot startups. This pattern is driven by the increasing overlap among players as the market develops for enterprise AI security solutions, a situation compared by Alberto Yépez to the early days of the commercial web.

Despite the positive energy and robust financing, this trend has had a detrimental effect on the lifecycle of certain companies. Robert Ackerman noted that the influx of capital into AI-native firms has consequently widened the "valley of death" for startups, which is the critical phase following initial funding where companies struggle to achieve consistent revenue necessary for sustained operations, thereby jeopardizing their viability. Ackerman emphasized that this "valley of death" has never been wider in the cybersecurity sector.

The proliferation of AI also functions as a powerful accelerant for the entire industry, acting as "gasoline on a bonfire." This increased spending is fueled by the reality that major platforms like Claude and ChatGPT create new vulnerability and attack surfaces that demand security measures. Furthermore, major platforms are driving enterprise budgets toward securing agentic AI systems, with some enterprise decision-makers planning investments ranging from ten million to fifty million dollars for this purpose, as noted by Eric Parizo. This widespread demand ensures that nearly every cybersecurity vendor is prioritizing capabilities related to securing AI usage.

However, the AI revolution presents inherent challenges, particularly concerning established vendors and those positioned between established players and native AI startups. Some companies are perceived as struggling because they fear that frontier models may render existing security sectors obsolete. This dynamic has led to significant consolidation, as experts anticipate that there is an insatiable appetite for cybersecurity, prompting consolidation as the market seeks efficiency rather than supporting numerous redundant solutions.

Looking ahead, the landscape is shifting toward larger consolidation events. While recent M&A in 2026 featured smaller deals, experts predict that major consolidation is imminent, driven by a natural Darwinian process where only the most resilient solutions will survive. It is projected that this consolidation will rapidly reduce the number of unique security solutions within an average enterprise, which currently ranges between sixty and eighty solutions depending on the customer. Furthermore, there is an expectation for larger acquisition deals, with predictions suggesting a Wiz-size acquisition within the next twelve to eighteen months, potentially involving strategic moves from AI frontier model providers and hyperscalers. This future consolidation reflects a belief that the stakes in the post-Mythos world are elevating, as entities like OpenAI and Anthropic pursue diverse security requisitions, leading to an increased appetite for substantial M&A activity.