AI Drives Cybersecurity Investments, Widening 'Valley of Death'

AI Driving Cybersecurity Investments, Widening 'Valley of Death'

Newsletter Sign-UpNewsletter Sign-UpCybersecurity TopicsRelated TopicsApplication SecurityCybersecurity CareersCloud SecurityCyber RiskCyberattacks & Data BreachesCybersecurity AnalyticsCybersecurity OperationsData PrivacyEndpoint SecurityICS/OT SecurityIdentity & Access Mgmt SecurityInsider ThreatsIoTMobile SecurityPerimeterPhysical SecurityRemote WorkforceThreat IntelligenceVulnerabilities & ThreatsRecent in Cybersecurity TopicsEndpoint SecurityChina's Webworm Uses Discord, Microsoft Graphs to Hack EU GovernmentsChina's Webworm Uses Discord, Microsoft Graphs to Hack EU GovernmentsbyAlexander CulafiMay 22, 20264 Min ReadApplication SecurityGitHub Confirms Breach, 4K Internal Repos StolenGitHub Confirms Breach, 4K Internal Repos StolenbyAlexander CulafiMay 20, 20263 Min ReadWorld Related TopicsDR GlobalMiddle East & AfricaAsia PacificLatin AmericaSee AllThe EdgeDR TechnologyEventsRelated TopicsUpcoming EventsPodcastsWebinarsSEE ALLResourcesRelated TopicsResource LibraryNewslettersPodcastsReportsVideosWebinarsWhite Papers Partner PerspectivesDark Reading Resource LibraryCybersecurity OperationsCyber RiskСloud SecurityCybersecurity AnalyticsNewsAI Drives Cybersecurity Investments, Widening 'Valley of Death'In a role reversal, investment dollars in security startups exceeded the value of mergers and acquisitions in 1Q26 by more than $1 billion, a rare occurrence.Rob Wright,Senior News Director,Dark ReadingMay 14, 20267 Min ReadSource: Aleksey Funtap via Alamy Stock PhotoArtificial intelligence has turbo-charged cybersecurity investments this year, but the technology has also generated a substantial amount of noise and uncertainty for investors and end-user organizations alike.Technology upheaval in the cybersecurity industry is nothing new, but the seismic shift from Anthropic's Mythos recent preview, Project Glasswing, continues to produce shockwaves. While large language models have offered tantalizing benefits for enterprises, they've at the same time sparked concerns about abuse by threat actors.The technology has also created financial upheaval. Investors are flocking to new security companies that are entirely AI-focused, while "AI-native" startups have also emerged — and are fetching top dollar in an active acquisitions market. And while the influx of capital is a positive sign for the cybersecurity industry, it also means more noise to contend with for CISOs, investors, and would-be suitors.Related:Interpol's 'Operation Ramz' Pioneers Cross-Region Collabs in Middle EastBigger Investments, Smaller AcquisitionsInvestors and analysts observed an unusual trend in the first quarter of 2026: mergers and acquisition (M&A) activity was high, with 108 deals in Q1, according to a recent report from security investment bank Momentum Cyber. But the value of those deals was much smaller compared to the capital flowing into cybersecurity startups. In short, smaller fish have been acquired this year, while bigger investment bets are being placed on hot startups. "There was a very interesting dynamic in Q1 that we've only seen three other times before, and that was the financing volume at $3.8 billion outdid the M&A volume at $2.6 billion," says Eric McAlpine, founder and CEO of Momentum Cyber, adding that quarterly M&A value is usually higher than financing totals.A big driver for this trend is, of course, AI. An already crowded cybersecurity market will have more overlapping players as a new enterprise AI security market takes shape, which Alberto Yépez, cofounder and managing partner at Forgepoint Capital, compared to the early days of the commercial Web and Web security industries. "We're in the very early innings," he says, adding it will be a challenge for investors and potential customers to cut through the noise and pick out the eventual winners.While the volume of cybersecurity financing so far this year has been quite high, the venture capital (VC) dollars are going to fewer companies. "What we see in the numbers is a lower number of deals at seed and Series A, but more money being raised," says Robert Ackerman, cofounder and managing partner at DataTribe.Related:CISA Exposes Secrets, Credentials in 'Private' RepoThat trend, according to experts, also comes with peril, especially for companies that may be struggling to adapt to an AI-centric world. With huge sums of money being injected into AI-native companies, fewer dollars are available for other firms. Ackerman says this had widened the so-called "valley of death" for startups, which is a phase of a company's life cycle after it receives initial funding but has yet to achieve consistent revenue to sustain operations, putting it in jeopardy."The 'valley of death' has never been wider in cybersecurity," Ackerman says. The AI Effect: 'Gasoline on a Bonfire'Overall, investors and analysts agree the M&A activity and investment volumes so far this year are positive signs for a growing cybersecurity industry, with more jobs and more AI-driven security offerings. That was a reflected in the upbeat mood at RSAC Conference 2026 in March, according to Yépez."There was a lot of excitement because there were more M&A transactions and a lot more money was being poured into new companies," Yépez tells Dark Reading. "In general, the market is very positive and very energetic."Eric Parizo, president and chief analyst at Cernivera Research, says the cybersecurity industry had a banner year for financing in 2025, and that looks to continue into 2026. And it's not just AI; the track record for cybersecurity investments is quite strong, he says, with around 75 companies with $1 billion-plus valuations, an increase of approximately 40% from just two years ago.Related:Looking Back, Looking Forward: Digesting a Dynamic Bouillabaisse of Cyber Evolution"Adding AI to the mix, I believe, is going to be like throwing gasoline on a bonfire," Parizo says, noting that some native-AI startups have already attracted record investments. For example, managed detection and response vendor Tenex recently pulled in $250 million in Series B financing after scoring $27 million in its first round.And it's not just financing, either. McAlpine notes that Momentum Cyber has observed another interesting trend of AI-native companies selling to suitors for considerable sums less than three years after launching, in some instances, which has driven a lot of recent M&A volume. "There's an insatiable appetite for cybersecurity right now, and there's a lot of consolidation happening within the space," McAlpine says.Additionally, Parizo says the proliferation of AI creates more cybersecurity spending, as major platforms like Claude and ChatGPT are creating new vulnerability and attack surfaces that must be secured for enterprise adoption. For example, according to a KPMG Global AI Pulse survey earlier this year of more than 2,000 enterprise C-suite executives and decision makers, half were planning to invest between $10 million and $50 million to secure agentic AI systems."There's a reason why nearly every cybersecurity vendor is rushing to offer capabilities to secure AI usage: enterprise budgets are rapidly flowing in that direction," he says, adding that cybersecurity market appears to be poised for long-term success despite macro-economic uncertainty. "Indeed, I'm not sure there's ever been a better time to be a cybersecurity investor."Investment Darlings: Native-AI Startups AI isn't good news for everyone in cybersecurity, however. Anthropic's Project Glasswing put many in the industry on edge over concerns that the new Mythos frontier model reveal a super-abundance of new zero-day vulnerabilities, but the AI technology itself may render some vendors and sectors like vulnerability management obsolete."The broad trend is that cybersecurity is in a unique spot because I think the large, frontier-model companies, namely Anthropic, have released capabilities that seem to throw some of the well-defined sectors within cybersecurity into chaos," Ackerman says.Yépez agrees, adding that many cybersecurity companies that are in between the AI-native startups and the established vendors are finding themselves in a tough spot. "Some of them are walking dead because they think Mythos is going to take over what they do," he says.McAlpine says the large number of mergers and acquisitions this year has involved many non-native AI companies that may have received some funding in previous rounds but "need to find a soft landing" now that financing is drying up. "Those companies are struggling to get additional VC dollars on top of the dollars already spent," he says.This has created challenges for cybersecurity startups, even for those that are native-AI because competition is stiff and many new startups are being created. And while it's never been easier to start a company, Ackerman says, "scaling it to something meaningful that has lasting power is really hard right now because differentiation is hard."Big Acquisitions on the HorizonM&A activity in 2026 has featured much smaller deals, compared to Google's $32 billion all-cash purchase of Wiz, finalized in March. Ackerman calls deals in the $200 million to $400 million range the market's sweet spot.However, experts say major consolidation is coming with bigger fish. "In cybersecurity, there's an element of Darwinism," Yépez says. "There are way too many companies doing the same thing today. And to me, [consolidation] is a good thing because the market cannot support that many companies."Ackerman agrees, and predicts that the coming consolidation wave will rapidly shrink the number of unique security solutions within the average enterprise, which he says is currently between 60 and 80, depending on the customer. "I think the number of solutions being used within companies will get much smaller."McAlpine predicts a Wiz-size acquisition in the next 12 to 18 months, with some strategic moves from AI frontier model providers and hyperscalers. He notes