At a glance.
- Palo Alto Networks to acquire CyberArk for $25 billion.
- Axonius acquires medical device security specialist Cynerio for $109 million.
- HeroDevs raises $125 million.
Mergers and acquisitions.
US cybersecurity giant Palo Alto Networks has agreed to acquire Israeli identity and access management provider CyberArk for approximately $25 billion. The transaction is expected to close during the second half of 2026, subject to regulatory clearances and shareholder approvals. Palo Alto stated, "This strategic combination will mark Palo Alto Networks' formal entry into Identity Security, establishing it as a core pillar of the company's multi-platform strategy. Combining CyberArk's long-standing leadership in Identity Security and Privileged Access Management (PAM) with Palo Alto Networks' comprehensive AI-powered security platforms will extend privileged identity protection to all identity types, including human, machine, and the new wave of autonomous AI agents."
Paris-based Orange Cyberdefense, the cybersecurity business unit of Orange Group, has acquired Swiss IT security firm ensec. Orange stated, "In a fast-growing Swiss market characterized by increased regulatory requirements and strong demand for local expertise, the acquisition of ensec will expand Orange Cyberdefense’s presence in German-speaking Switzerland, complementing its existing footprint in the French-speaking part of the country."
New York-headquartered security asset management firm Axonius has acquired medical device security specialist Cynerio for $109 million, Axios reports. Dean Sysman, co-founder and CEO of Axonius, stated, "By integrating Cynerio’s deep clinical expertise with Axonius asset intelligence, we can offer healthcare providers what they’ve been asking for: a single source of truth capable of securing their entire clinical environment."
New Jersey-based cloud security company Commvault has agreed to acquire Israeli data security provider Satori, with the acquisition expected to close in August 2025. Commvault stated, "By acquiring Satori, Commvault will help enterprises further support compliance requirements, mitigate risks, and control access to sensitive data – who has access to it and how the data is being used – critical in the AI era."
San Francisco-based security data analysis company Monad has acquired asset visibility provider Tarsal. Monad stated, "The Tarsal team brings deep expertise in distributed systems, a track record of shipping production-grade security tools, and battle-tested experience solving real problems for real security teams."
Investments and exits.
Utah-based HeroDevs, a company that provides security and compliance solutions for deprecated open source software, has raised $125 million in a strategic growth investment led by PSG, with participation from Album. The company says it will "dedicate $20 million of capital towards its Open Source Sustainability Fund to support open source creators, maintainers, and projects that follow end-of-life best practices."
Austin-based security workflow automation company BlinkOps has raised $50 million in a Series B round led by O.G. Venture Partners, with participation from Lightspeed Venture Partners, Hetz Ventures, and Vertex Growth. The company's CEO and co-founder Gil Barak stated, "[W]e decided to expedite our next round of funding to accelerate our go-to-market efforts and help everyone automate security workflows. We expect to see thousands of security micro-agents deployed in the next couple of months."
Legion, an Israeli startup that provides a browser-based AI SOC companion, has emerged from stealth with $38 million in seed and Series A funding from Coatue Management, Accel, and Picture Capital.
Seattle-headquartered autonomous SOC provider Dropzone AI has secured $37 million in a Series B round led by Theory Ventures, with participation from Madrona, Decibel Ventures, Pioneer Square Labs, and IQT. The company says it will use the funding to expand its global footprint by growing its sales, marketing, and customer-success teams, fast-track the creation of autonomous AI agents for manual security tasks, and "deepen and extend its roster of ecosystem partnerships and technical integrations."
San Francisco-headquartered security compliance automation provider Delve has raised $32 million in a Series A round led by Insight Partners, with participation from angel investors. The funding brings the company's valuation to $300 million.
San Francisco-based human risk management platform Fable Security has launched with a total of $31 million in seed and Series A funding from Greylock Partners and Redpoint Ventures.
San Francisco-based LLM security firm Promptfoo has raised $18.4 million in a Series A round led by Insight Partners, with participation from existing investor Andreessen Horowitz. The company stated, "The funding will fuel Promptfoo's expansion as it moves to establish the industry standard for enterprise AI security. The company will scale its team and accelerate platform development to meet demand from Global 2000 companies seeking comprehensive solutions to secure their AI deployments."
Israeli application security company Seal Security has raised $13 million in a Series A round led by Vertex Israel, with participation from More Investments, SBI Group, and CCL. The company says the funding "will enhance Seal Security's go-to-market efforts and accelerate expansion of its core platform."
Idaho-based vulnerability management startup Root Evidence has secured $12.5 million in seed funding led by Ballistic Ventures, with participation from Grossman Ventures and others.
Israeli agentic identity security company Cyata has emerged from stealth with $8.5 million in seed funding led by TLV Partners, with participation from angel investors. The company was founded by veterans of Unit 8200 and former employees of Cellebrite and Check Point.
Israeli vulnerability management startup Tonic Security has emerged from stealth with $7 million in seed funding led by Hetz Ventures, with participation from Vesey Ventures, Bullet Ventures, and angel investors.
Italian deepfake detection firm IdentifAI has raised €5 million (US$5.7 million) in a funding round led by United Ventures. The company says the investment "will support our international expansion across Europe and the US, and accelerate the development of our platform."
New York-headquartered human risk management startup Maro has raised $4.3 million in seed funding from Downing Capital Group. The company "plans to use the seed round for team growth, product development, and executing its go-to-market strategy."
Tennessee-based AI exposure management and compliance startup Starseer has raised $2 million in seed funding round led by Gula Tech Adventures. The company says it will use the funding to "accelerate platform development, expand its engineering and go-to-market teams, and scale adoption among enterprises and government agencies prioritizing AI governance and secure deployment."
Executive moves.
Sonatype has named Bhagwat Swaroop as its new CEO. The company's former CEO, Wayne Jackson, will transition to Executive Chairman.
Adobe has appointed Aanchal Gupta as its new Chief Security Officer, SecurityWeek reports.
Asurion has hired David Nolan as CISO.
Reality Defender has appointed Alex Lisle as Chief Technology Officer.
SEON has named Angela Pierce as Chief Financial Officer.
Blue Mantis has promoted Scott Pintsopoulos from Vice President of Sales to Chief Revenue Officer (CRO). The company's current CRO, Terry Richardson, plans to retire this Friday.
Ballistic Ventures has added former NSA director and commander of US Cyber Command Gen. Timothy D. Haugh as a strategic advisor.