đź’Ľ M&A Tracker¶
Newest deals on top · scroll inside the panel for the full history. Colour bands mark each month.
June 2026
Jun 18
Accenture → Dragos (majority) + runZero + NetRise
~$4.17B (Dragos valued $3.25B)
Move from OT services into OT security software; Dragos stays standalone, runZero (asset discovery/exposure) + NetRise (firmware/supply-chain) fold under it. ~$208M ARR, +53% YoY. Close Aug–Sep 2026 · SecurityWeek · Industrial Cyber
Jun 17
Quest Software → Anetac
Undisclosed
Anetac builds identity-security tooling that continuously discovers and monitors human, machine (service accounts, tokens, keys), and emerging agentic-AI identities, scoring the risk of each access path in real time. Quest (Clearlake-backed) is folding it into its identity-governance suite to extend coverage from human accounts into the non-human and AI-agent identities that now outnumber them, with a focus on Microsoft/Active Directory and Entra environments. · SecurityWeek · Quest PR
Jun 15
SailPoint → Entro Security
~$200M est. (undisclosed; per Calcalist)
Entro (Tel Aviv, founded 2022) builds non-human-identity (NHI) security — agentless discovery and protection of secrets, API keys, tokens, certificates and service/agent identities across 70+ cloud, CI/CD and SaaS sources, mapping each credential back to its human owner and blast radius, plus real-time detection (NHIDR). SailPoint (Nasdaq SAIL) is folding it into its March-2026 Agentic Fabric to extend identity governance from human accounts into the machine and AI-agent identities that now dominate enterprises. Its second Israeli buy after Savvy (2025); close expected Q3 FY2027. · SecurityWeek · CTech · SiliconANGLE
Jun 15
1Password → Apono
~$250–300M est. (undisclosed)
Apono (Tel Aviv) builds just-in-time access governance that grants and revokes least-privilege permissions on demand across cloud infrastructure for human, machine, and AI-agent identities, rather than leaving standing access in place. 1Password is adding it to its Unified Access platform to move beyond credential storage into runtime access control; its first acquisition in Israel, bringing all ~80 Apono staff on board. · SecurityWeek · CTech
Jun 15
A10 Networks → TrojAI
Undisclosed (add-on; immaterial to FY2026)
TrojAI (Saint John, Canada; ~$8.7M raised, led by ex-Rapid7 exec Lee Weiner) builds two-layer AI-application security — TrojAI Detect red-teams models and agents for vulnerabilities before deployment (150+ tests, multi-turn/agentic attacks), and TrojAI Defend is a runtime AI firewall that blocks malicious prompts, data leakage, and MCP-based agent attacks. A10 (NYSE ATEN) pairs it with its hardware AI firewall for "sovereign AI security" in regulated sectors; follows its 2025 ThreatX WAF/API asset buy. · SecurityWeek · A10 PR
Jun 2
Cycurion → Secuvant
$2.875M ($875K cash + ~$2.0M preferred stock; earn-outs through 2028)
Secuvant is a US managed-detection-and-response (MDR) provider whose Panoptic platform delivers continuous threat-and-vulnerability monitoring, risk-based prioritisation, and real-time security insights as a co-managed SOC service. Cycurion (NASDAQ CYCU), a small cyber/IT-services firm, is buying the platform plus its recurring MDR revenue to move up-market into higher-margin, subscription SOC services for enterprise and government. Closed Jun 2; announced Jun 9. · GlobeNewswire · StockTitan
Jun (TBD)
Cisco → WideField Security
Undisclosed
WideField builds tooling that tracks identity and credential activity across user sessions and maps how far a compromised account could reach (its blast radius). Cisco is folding it into Splunk's SOC automation to add the identity context the platform lacked. · SecurityWeek
May 2026
SecurityWeek: 26 deals announced in May 2026.
May 18
Torq → Jit
Undisclosed
Jit builds an AI "context graph" that ties each security finding to the specific application, code owner, and business context around it. Torq is adding that context to its SOC-automation platform so its AI agents investigate alerts with org-specific awareness instead of in isolation. · Infosecurity
May 14
Akamai → LayerX
~$205M
Browser-based AI usage control / secure enterprise browser; workforce-security strategy. Close Q3 2026 · SecurityWeek · Help Net
May 14
SecurityScorecard → Driftnet
Undisclosed
Internet-scanning / next-gen threat intel engine into the TITAN AI platform for third-party-risk · SecurityScorecard · SiliconANGLE
April 2026
Apr 30
Everfield Germany → Rhebo (sold by Landis+Gyr)
High single-digit M USD
OT/IIoT network anomaly-detection software (Leipzig, est. 2014; part of Landis+Gyr since 2021); Everfield expands its OT software vertical in DACH markets (existing: ondeso OT management); Landis+Gyr exits to refocus on core energy-metering business · Landis+Gyr PR · Industrial Cyber
Apr 23
Cyera → Ryft
Undisclosed (~$100–130M est.)
Ryft (founded 2024; backed by Index Ventures and Bessemer) builds a governed data lake with automated compliance, access control, and disaster recovery over large data stores. Cyera is using it to build a single control plane governing what data AI agents are allowed to reach. Cyera's fourth acquisition; the company is valued at $9B after a $400M Series F. · Cyera PR · SiliconANGLE
Apr 21
Airbus → Quarkslab
Undisclosed
French cybersecurity firm (~100 staff, Paris/Rennes; QShield protects software against AI-driven reverse engineering and adversarial threats); adds sovereign EU cyber R&D to Airbus Defence and Space's pan-European portfolio (alongside Infodas/DE, Ultra Cyber/UK); backed by Tikehau Capital since 2020 · Airbus PR · GovInfoSecurity
Apr 2
Fortra → Zero-Point Security
Undisclosed
UK red-team training firm (est. 2018; Red Team Ops I & II courses, hands-on adversary emulation and penetration testing); Fortra's 21st acquisition — expands Cobalt Strike / Core Impact / Outflank offensive portfolio with specialized training and purple-team capability · Fortra PR · Security Today
March 2026
Mar 26
Rapid7 → Kenzo Security
Undisclosed
Agentic AI platform for autonomous SOC investigations and preemptive threat detection; no material ARR/profitability impact per Rapid7 · Rapid7 IR · SecurityWeek
Mar 24
Databricks → Antimatter + SiftD.ai
Undisclosed
Both startups power Lakewatch, Databricks' new open "agentic SIEM" (security analytics built on its data lake). Antimatter (founded by Berkeley researchers) adds authentication and authorization for AI agents; SiftD.ai (founded by ex-Splunk engineers) adds large-scale detection engineering in Splunk's SPL query language. Together they let Databricks enter the security-analytics market on top of data customers already store with it. · Databricks PR · TechCrunch · SiliconANGLE
Mar 9
OpenAI → Promptfoo
Undisclosed (last valued ~$86M, Jul 2025)
Agentic AI security testing; integrates into OpenAI's Frontier platform to identify and remediate AI-system vulnerabilities during development · OpenAI · SecurityWeek · TechCrunch
February 2026
Feb 23
Arctic Wolf → Sevco Security
Undisclosed
Exposure-assessment / asset-visibility platform; adds attack-surface and exposure management to Arctic Wolf's managed security operations · Arctic Wolf PR · GlobeNewswire
Feb 11
Palo Alto Networks → CyberArk
$25B
Bring identity security into the core platform; largest pure-play cyber deal of 2026 · Verdict
Feb 5
Zscaler → SquareX
Undisclosed
Browser-security extension to unmanaged/BYOD devices; zero-trust browsing for the AI era · SecurityWeek · Zscaler PR
Feb 4
Varonis → AllTrue.ai
~$150M
AI trust/risk/security management (AI-TRiSM) — discover where AI is used, which models/agents run, and the data they touch; folds into the Varonis data-security platform. Close ~end Q1 2026 · SecurityWeek · Help Net
January 2026
Jan 29
Palo Alto Networks → Chronosphere
$3.35B
Cloud-native observability for AI-era data volumes; visibility/security at scale · CTech
Jan 14
Infoblox → Axur
Undisclosed
AI-powered external threat discovery and digital risk protection; adds brand-abuse, credential-exposure, and phishing takedown capabilities (40M+ URLs/day scanned); closes May 5, 2026 · Infoblox PR · BankInfoSecurity
Full deal record¶
đź’Ľ Cybersecurity M&A — Historical Tracker¶
Created: 2026-06-21 · Last updated: 2026-06-21 Scope: Cybersecurity mergers & acquisitions, 2026 onward. US & Europe prioritised; notable global deals included.
The daily briefing task appends newly announced deals here in place each run. Append, never overwrite history. De-dup by
buyer + target.Methodology. Primary source: SecurityWeek M&A tracker and its monthly roundups, cross-checked against buyer press releases / SEC 8-Ks and Help Net Security. Each deal is filed under the month it was announced (not closed). This is a curated record of named, dated, verified deals — not the full count (SecurityWeek logs ~190 deals YTD 2026, most too small to list). Dollar figures are enterprise value where disclosed. Date discipline: before listing a deal, confirm the announcement date against a primary source — monthly roundups recycle prior-month items, which is how a May deal can wrongly appear as June.
2026¶
June 2026¶
| Date | Buyer | Target(s) | Value | Rationale | Source |
|---|---|---|---|---|---|
| Jun 18 | Accenture | Dragos (majority) + runZero + NetRise | ~$4.17B (Dragos valued $3.25B) | Move from OT services into OT security software; Dragos stays standalone, runZero (asset discovery/exposure) + NetRise (firmware/supply-chain) fold under it. ~$208M ARR, +53% YoY. Close Aug–Sep 2026 | SecurityWeek · Industrial Cyber |
| Jun (TBD) | Cisco | WideField Security | Undisclosed | WideField builds tooling that tracks identity and credential activity across user sessions and maps how far a compromised account could reach (its blast radius). Cisco is folding it into Splunk's SOC automation to add the identity context the platform lacked. | SecurityWeek |
| Jun 17 | Quest Software | Anetac | Undisclosed | Anetac builds identity-security tooling that continuously discovers and monitors human, machine (service accounts, tokens, keys), and emerging agentic-AI identities, scoring the risk of each access path in real time. Quest (Clearlake-backed) is folding it into its identity-governance suite to extend coverage from human accounts into the non-human and AI-agent identities that now outnumber them, with a focus on Microsoft/Active Directory and Entra environments. | SecurityWeek · Quest PR |
| Jun 15 | SailPoint | Entro Security | ~$200M est. (undisclosed; per Calcalist) | Entro (Tel Aviv, founded 2022) builds non-human-identity (NHI) security — agentless discovery and protection of secrets, API keys, tokens, certificates and service/agent identities across 70+ cloud, CI/CD and SaaS sources, mapping each credential back to its human owner and blast radius, plus real-time detection (NHIDR). SailPoint (Nasdaq SAIL) is folding it into its March-2026 Agentic Fabric to extend identity governance from human accounts into the machine and AI-agent identities that now dominate enterprises. Its second Israeli buy after Savvy (2025); close expected Q3 FY2027. | SecurityWeek · CTech · SiliconANGLE |
| Jun 15 | 1Password | Apono | ~$250–300M est. (undisclosed) | Apono (Tel Aviv) builds just-in-time access governance that grants and revokes least-privilege permissions on demand across cloud infrastructure for human, machine, and AI-agent identities, rather than leaving standing access in place. 1Password is adding it to its Unified Access platform to move beyond credential storage into runtime access control; its first acquisition in Israel, bringing all ~80 Apono staff on board. | SecurityWeek · CTech |
| Jun 15 | A10 Networks | TrojAI | Undisclosed (add-on; immaterial to FY2026) | TrojAI (Saint John, Canada; ~$8.7M raised, led by ex-Rapid7 exec Lee Weiner) builds two-layer AI-application security — TrojAI Detect red-teams models and agents for vulnerabilities before deployment (150+ tests, multi-turn/agentic attacks), and TrojAI Defend is a runtime AI firewall that blocks malicious prompts, data leakage, and MCP-based agent attacks. A10 (NYSE ATEN) pairs it with its hardware AI firewall for "sovereign AI security" in regulated sectors; follows its 2025 ThreatX WAF/API asset buy. | SecurityWeek · A10 PR |
| Jun 2 | Cycurion | Secuvant | $2.875M ($875K cash + ~$2.0M preferred stock; earn-outs through 2028) | Secuvant is a US managed-detection-and-response (MDR) provider whose Panoptic platform delivers continuous threat-and-vulnerability monitoring, risk-based prioritisation, and real-time security insights as a co-managed SOC service. Cycurion (NASDAQ CYCU), a small cyber/IT-services firm, is buying the platform plus its recurring MDR revenue to move up-market into higher-margin, subscription SOC services for enterprise and government. Closed Jun 2; announced Jun 9. | GlobeNewswire · StockTitan |
May 2026¶
SecurityWeek: 26 deals announced in May 2026.
| Date | Buyer | Target(s) | Value | Rationale | Source |
|---|---|---|---|---|---|
| May 18 | Torq | Jit | Undisclosed | Jit builds an AI "context graph" that ties each security finding to the specific application, code owner, and business context around it. Torq is adding that context to its SOC-automation platform so its AI agents investigate alerts with org-specific awareness instead of in isolation. | Infosecurity |
| May 14 | Akamai | LayerX | ~$205M | Browser-based AI usage control / secure enterprise browser; workforce-security strategy. Close Q3 2026 | SecurityWeek · Help Net |
| May 14 | SecurityScorecard | Driftnet | Undisclosed | Internet-scanning / next-gen threat intel engine into the TITAN AI platform for third-party-risk | SecurityScorecard · SiliconANGLE |
April 2026¶
SecurityWeek: 33 deals announced in April 2026. (roundup)
| Date | Buyer | Target(s) | Value | Rationale | Source |
|---|---|---|---|---|---|
| Apr 2 | Fortra | Zero-Point Security | Undisclosed | UK red-team training firm (est. 2018; Red Team Ops I & II courses, hands-on adversary emulation and penetration testing); Fortra's 21st acquisition — expands Cobalt Strike / Core Impact / Outflank offensive portfolio with specialized training and purple-team capability | Fortra PR · Security Today |
| Apr 21 | Airbus | Quarkslab | Undisclosed | French cybersecurity firm (~100 staff, Paris/Rennes; QShield protects software against AI-driven reverse engineering and adversarial threats); adds sovereign EU cyber R&D to Airbus Defence and Space's pan-European portfolio (alongside Infodas/DE, Ultra Cyber/UK); backed by Tikehau Capital since 2020 | Airbus PR · GovInfoSecurity |
| Apr 23 | Cyera | Ryft | Undisclosed (~$100–130M est.) | Ryft (founded 2024; backed by Index Ventures and Bessemer) builds a governed data lake with automated compliance, access control, and disaster recovery over large data stores. Cyera is using it to build a single control plane governing what data AI agents are allowed to reach. Cyera's fourth acquisition; the company is valued at $9B after a $400M Series F. | Cyera PR · SiliconANGLE |
| Apr 30 | Everfield Germany | Rhebo (sold by Landis+Gyr) | High single-digit M USD | OT/IIoT network anomaly-detection software (Leipzig, est. 2014; part of Landis+Gyr since 2021); Everfield expands its OT software vertical in DACH markets (existing: ondeso OT management); Landis+Gyr exits to refocus on core energy-metering business | Landis+Gyr PR · Industrial Cyber |
March 2026¶
SecurityWeek: 38 deals announced in March 2026. (roundup)
| Date | Buyer | Target(s) | Value | Rationale | Source |
|---|---|---|---|---|---|
| Mar 9 | OpenAI | Promptfoo | Undisclosed (last valued ~$86M, Jul 2025) | Agentic AI security testing; integrates into OpenAI's Frontier platform to identify and remediate AI-system vulnerabilities during development | OpenAI · SecurityWeek · TechCrunch |
| Mar 24 | Databricks | Antimatter + SiftD.ai | Undisclosed | Both startups power Lakewatch, Databricks' new open "agentic SIEM" (security analytics built on its data lake). Antimatter (founded by Berkeley researchers) adds authentication and authorization for AI agents; SiftD.ai (founded by ex-Splunk engineers) adds large-scale detection engineering in Splunk's SPL query language. Together they let Databricks enter the security-analytics market on top of data customers already store with it. | Databricks PR · TechCrunch · SiliconANGLE |
| Mar 26 | Rapid7 | Kenzo Security | Undisclosed | Agentic AI platform for autonomous SOC investigations and preemptive threat detection; no material ARR/profitability impact per Rapid7 | Rapid7 IR · SecurityWeek |
February 2026¶
SecurityWeek: 42 deals announced in February 2026. (roundup)
| Date | Buyer | Target(s) | Value | Rationale | Source |
|---|---|---|---|---|---|
| Feb 4 | Varonis | AllTrue.ai | ~$150M | AI trust/risk/security management (AI-TRiSM) — discover where AI is used, which models/agents run, and the data they touch; folds into the Varonis data-security platform. Close ~end Q1 2026 | SecurityWeek · Help Net |
| Feb 5 | Zscaler | SquareX | Undisclosed | Browser-security extension to unmanaged/BYOD devices; zero-trust browsing for the AI era | SecurityWeek · Zscaler PR |
| Feb 11 | Palo Alto Networks | CyberArk | $25B | Bring identity security into the core platform; largest pure-play cyber deal of 2026 | Verdict |
| Feb 23 | Arctic Wolf | Sevco Security | Undisclosed | Exposure-assessment / asset-visibility platform; adds attack-surface and exposure management to Arctic Wolf's managed security operations | Arctic Wolf PR · GlobeNewswire |
January 2026¶
SecurityWeek: 34 deals announced in January 2026. (roundup)
| Date | Buyer | Target(s) | Value | Rationale | Source |
|---|---|---|---|---|---|
| Jan 14 | Infoblox | Axur | Undisclosed | AI-powered external threat discovery and digital risk protection; adds brand-abuse, credential-exposure, and phishing takedown capabilities (40M+ URLs/day scanned); closes May 5, 2026 | Infoblox PR · BankInfoSecurity |
| Jan 29 | Palo Alto Networks | Chronosphere | $3.35B | Cloud-native observability for AI-era data volumes; visibility/security at scale | CTech |
Notes & gaps¶
- Back-fill queue: January, February, March, and April 2026 are all enumerated. February 2026 now carries 4 named deals (Varonis/AllTrue.ai, Zscaler/SquareX, Palo Alto/CyberArk, Arctic Wolf/Sevco) against a 42-deal monthly total. Next: forward-fill — add June 2026 named deals as they are announced (month still open); the June monthly roundup has not yet published.
- Out of scope here: pre-2026 megadeals (e.g., Google–Wiz $32B, ServiceNow–Armis $7.75B) — dates predate this log; add a 2025 section only if needed.
- Unverified / vague items deliberately excluded until a named target + date are confirmed (e.g., Q1 references to "a cloud security startup, $2.8B" and "CrowdStrike two acquisitions, $1.5B").
Changelog¶
- 2026-06-24 — No new deals announced in the June 23–24 window (June 2026 monthly roundup still unpublished; "June" trade-press roundups still cover May). Back-filled February 2026 (42-deal month, previously only Palo Alto/CyberArk): added Varonis→AllTrue.ai (Feb 4, ~$150M — AI trust/risk/security management), Zscaler→SquareX (Feb 5, undisclosed — browser security for unmanaged devices), Arctic Wolf→Sevco Security (Feb 23, undisclosed — exposure assessment / asset visibility). Sources: SecurityWeek February 2026 roundup; Varonis/Zscaler/Arctic Wolf press releases; Help Net Security; GlobeNewswire. L30D unchanged.
- 2026-06-23 (12:06Z) — No new deals announced in the 11:04–12:06Z window. Back-filled April 2026: added Fortra→Zero-Point Security (Apr 2, undisclosed — red-team training), Airbus→Quarkslab (Apr 21, undisclosed — EU sovereign cybersecurity), Cyera→Ryft (Apr 23, ~$100–130M est. — AI-agent data lake security), Everfield Germany→Rhebo from Landis+Gyr (Apr 30, high single-digit M USD — OT anomaly detection). Sources: Fortra/Airbus/Cyera/Landis+Gyr press releases; SiliconANGLE; GovInfoSecurity; Industrial Cyber; SecurityWeek April 2026 roundup.
- 2026-06-23 (10:04Z) — No new deals announced in the June 22-23 window. Back-filled March 2026: added OpenAI→Promptfoo (Mar 9, undisclosed — AI security testing), Databricks→Antimatter+SiftD.ai (Mar 24, undisclosed — Lakewatch agentic SIEM), Rapid7→Kenzo Security (Mar 26, undisclosed — agentic AI SOC). Sources: OpenAI, Databricks, Rapid7 press releases; TechCrunch; SiliconANGLE; SecurityWeek March 2026 roundup.
- 2026-06-23 — No new deals announced in the June 22-23 window. Back-filled January 2026: added Infoblox→Axur (announced Jan 14, 2026; closed May 5; undisclosed value) — AI-powered external threat discovery/digital risk protection; verified against Infoblox press release and BankInfoSecurity. L30D (May 24–Jun 23) unchanged: Accenture→Dragos/runZero/NetRise (~$4.17B, Jun 18) + Cisco→WideField (undisclosed, Jun). Sources: Infoblox press release, BankInfoSecurity, SecurityWeek M&A tracker.
- 2026-06-22 — No new deals announced in the June 21-22 window. SecurityWeek M&A tracker and primary sources checked; most recent named deal remains Cisco→WideField Security (Jun, date TBD). June 2026 monthly roundup not yet published (month incomplete). L30D (May 23–Jun 22) named deals: Accenture→Dragos/runZero/NetRise (~$4.17B, Jun 18) + Cisco→WideField (undisclosed, Jun). Sources: SecurityWeek M&A tracker, Infosecurity Magazine June 2026 roundup.
- 2026-06-21 — File created. Seeded with verified 2026 deals: Accenture→Dragos/runZero/NetRise (Jun 18), Cisco→WideField (Jun), Torq→Jit (May 18), Akamai→LayerX (May 14), SecurityScorecard→Driftnet (May 14), Palo Alto→CyberArk (Feb 11), Palo Alto→Chronosphere (Jan 29). Monthly deal totals recorded for Jan (34), Mar (38), Apr (33), May (26). Corrected Akamai/LayerX and SecurityScorecard/Driftnet to May 14 (had been mis-listed as June in that day's briefing). Source: SecurityWeek M&A tracker + primary releases.