Cybersecurity Market Update – May 2026

Artificial Intelligence Leads Cybersecurity Market M&A amid Growing Threat Landscape

Artificial intelligence (AI) and machine learning (ML) have reshaped the competitive landscape within the Cybersecurity market, supporting sector merger and acquisition (M&A) activity. Widespread increases in Private sector AI usage have significantly expanded exposure to attacks, demanding cybersecurity solutions tailored towards defending AI agents and large language model (LLM) data sets. Robust government demand for cybersecurity solutions has continued to serve as a strong backbone of the Cybersecurity market. Moreover, cyber threats targeting U.S. companies and government infrastructure—particularly those backed by adversary nations—have supported increases in Department of War (DOW) cyber budgets, outweighing shrinking funding among civilian federal agencies. Competition has increased between acquirers, venture capital (VC) firms, and private equity (PE) funds eager to secure a footprint in the sector. Combined, these developments are likely to support frothy M&A activity and uplift valuations in the Cybersecurity market.

We are at an inflection point in cybersecurity as AI driven platforms are required to thwart today’s sophisticated AI driven threats. This is leading to a broad-based makeover of the industry and rapid growth opportunities for innovative next generation companies.

Tom McConnellManaging Director, Capstone Partners

AI Introduces Competitive Shifts and New Opportunities within the Cybersecurity Market

AI has initiated a two-fold shift in cybersecurity operations, influencing renewed product development while expanding the sector’s total addressable market. On the product side, software developers and service providers have integrated AI to enhance existing, traditional cybersecurity offerings. User demand for intelligent, automated solutions has prompted vendors to reapproach existing portfolios, unveiling new opportunities for innovative developers to capture market share. On the demand side, the proliferation of agentic AI systems has expanded the attack surface of organizations across industries. In 2025 alone, threat actors—particularly those backed by adversary nation states—attempted to extract proprietary data and information from Google’s Gemini LLM more than 100,000 times, according to a report from Alphabet’s (Nasdaq:GOOGL) Google Threat Intelligence Group.¹ Underdeveloped risk policies for AI use among organizations have exacerbated cybercrime activity. Of note, the average U.S.- and/or U.K.-based business has deployed an estimated 36.9 AI agents into their workflows, according to Gravitee’s State of Agent Security 2026 report.² However, less than half (47%) of organizations have implemented monitoring and security solutions despite 88% experiencing confirmed or suspected AI-based data privacy incidents. These insights have suggested a strong demand backlog for cybersecurity solutions capable of securing AI endpoints. Maturing AI policies, rising use cases, and the realization of AI-related cyberattacks are likely to incentivize widespread organizational adoption. These market dynamics and opportunities have shifted sector dealmaking and attracted recent M&A schemes from strategic and financial buyers alike.

Government Funding Remains Strong, Uplifts Cybersecurity Market Demand

Cybersecurity has remained a priority for the U.S. government despite recent shifts in funding composition, uplifting end market demand and influencing M&A strategies. Federal civilian agencies’ cybersecurity budgets have been reduced since reaching a record-high ($13 billion) in 2024, according to the Office of Management and Budget (OMB).³ Proposed cybersecurity budgets for civilian agencies in 2026 fell $900 million year-over-year (YOY) to $11.7 billion. This followed a 3.1% YOY budget decrease in fiscal year (FY) 2025 for a combined 10% decline in federal civilian cybersecurity funding since 2024.

Despite decreases in civilian agency funding, aggregate federal cybersecurity budgets have remained nearly constant since 2024 due to significant growth in the DOW’s spending power. Over the same period, defense cybersecurity budget requests have grown 11.9%, according to the DOW.⁴ The rising threat of offensive cyberattacks sponsored by U.S. adversaries has endangered sensitive government data and critical infrastructure, requiring significant investments in cybersecurity capabilities. Rising implementation of AI within the DOW—including the reported use of Anthropic’s Claude AI in support of military action in Venezuela (Operation Absolute Resolve, January 2026) and Iran (Operation Epic Fury, February 2026)—has broadened government cyberattack exposure. Further sources of demand have stemmed from goals to establish zero trust architecture in support of U.S. Cyber Command (USCYBERCOM) operations. This shift in government funding has positioned companies serving Commercial and Defense/Government end markets as particularly attractive M&A targets.

Cybersecurity Market M&A Slows to Start 2026, Pacing Recent Years

Transaction activity in the Cybersecurity sector in year-to-date (YTD) 2026 has shifted upmarket, replacing higher deal volume with stronger deal size and valuation. Overall deal count in the Cybersecurity market has totaled 79 transactions announced or closed in YTD 2026—representing a 9.2% YOY decrease. While cybersecurity M&A in YTD 2026 has been off to a weaker start than the prior year, volume has remained on par with historical dealmaking trends. Of note, YTD 2024 also began the year with 79 deals, ultimately posting a total of 466 transactions through year end—finishing ahead of full year 2025. This context has suggested that deal velocity could accelerate throughout the remainder of 2026, particularly as competition continues to heighten with advancements in AI.

The strength of inorganic growth tactics has sustained overall strategic-led dealmaking to date, ticking upwards one deal to a total of 50 in YTD 2026. Public strategics have increased dealmaking by 33.3% YOY to 20 deals in YTD 2026 amid shareholder pressure to bring tangible AI services and solutions to market. While Palo Alto Networks’ (Nasdaq:PANW) $24.6 billion acquisition of CyberArk Software in February 2026 grabbed headlines, much of the public M&A thus far has focused on the middle market (less than $500 million EV). Notably, six of the eight public-led deals with disclosed values have fallen within the lower ($10 – $100 million EV) and core ($100 – $250 million EV) middle market. These bolt-on transactions have bolstered public buyers’ financial health and market viability via strong synergies and additional cross-selling opportunities from acquired assets. Private strategic dealmaking has pulled back 11.8% YOY to 30 deals in YTD 2026. Increased M&A competition from public counterparts for quality AI-enabled assets has likely contributed to this decline. Furthermore, selective consumer spending, government contracting volatility, and AI competition have likely forced smaller companies to prioritize resources on internal development.

The rapidly evolving market has led to a pullback in sponsor-backed transactions, contributing to a 23.7% decrease in PE deal volume in YTD 2026. Sponsors have established just six platforms to date, marking a second consecutive year of contraction (-25% YOY) among this buyer type. This muted activity is likely attributable to market uncertainty, with financial buyers pausing entry via M&A until AI cybersecurity matures. The market moving release of Anthropic’s Claude Code Security in February 2026 underscored this uncertainty by seemingly dethroning historical sector leaders overnight. Add-on transactions have represented 79.3% of PE deal volume to date, despite falling 23.3% YOY to 23 deals. For firms with existing investments in the space, competitive advantage is likely to be obtained via acquisition, supporting the continuation of buy-and-build strategies.

Service providers have captured a growing share of M&A in YTD 2026, as both the Public and Private sectors have accelerated efforts to defend against more frequent and increasingly complex cyberattacks. Despite financial constraints, monetary losses from ransomware, combined with brand reputation damage from customer data leaks, have compelled companies to continue selective spending on cybersecurity. Budget limitations have incentivized end users to reduce manual cybersecurity operations in favor of automation and AI. As a result, both general cybersecurity service providers and managed security service providers (MSSP) have accounted for 59.5% of dealmaking in YTD 2026. Capstone has seen the impact of these trends first-hand and maintains an active presence in the space. Capstone’s Cybersecurity investment banking team recently advised IOvations—a Massachusetts-based cybersecurity solutions provider—on its acquisition by Alchemy Technology Group, a portfolio company of Advance Investment Management. The transaction closed in April 2026 and terms of the deal were not disclosed.

Capstone demonstrated a deep understanding of the markets they specialize in and took the time to truly understand our business, including the unique nuances that every company faces. Once engaged, they were highly efficient—never wasting time on potential deals that were unlikely to succeed. Most importantly, after an agreement was reached, their commitment intensified as they worked tirelessly to see the transaction through to a successful final close.

Jim SaccoFounder, IOvations

Capstone is actively advising a current client that provides ransomware incident report services. To learn more about this and other opportunities, please contact Capstone Managing Director Tom McConnell.

Cybersecurity Market Multiples Display Stability, Disclosed Deal Values Trend Upwards

The Cybersecurity sector has maintained the valuation strength of recent years, with buyers continuing to place healthy valuations on market-proven targets as acquirers shift focus upmarket. Transaction revenue multiples have averaged 4.3x from 2025 through YTD 2026, compared to 3.9x from 2023–2024. M&A EBITDA multiples have registered slightly lower than the prior period at an average 11.7x from 2025 through YTD, compared to the 12.1x average from 2023–2024. However, recent M&A valuations have paced the eight-year sector average of 4.6x EV/Revenue and 11.6x EV/EBITDA. Capstone expects sector valuations to strengthen in 2026 as competition for robust AI cybersecurity software developers and service providers is likely to drive bids upward. Stable valuations have been paired with significant increases in average and total disclosed deal size in YTD 2026, supplementing a slight downtick in deal volume. Excluding the $24.6 billion outlier acquisition of CyberArk Software by Palo Alto Networks, disclosed deal values to date have totaled $5.5 billion, with an average transaction size of $461.2 million; a considerable increase over the disclosed sum of the prior year period, which totaled $2 billion and averaged $170.7 million per deal.

Acquirers Descend upon Innovative Targets to Upgrade Solutions and Secure AI

Recent M&A activity has displayed the value that revenue stream diversification—across Commercial and Defense markets—delivers to acquirers. Nearly one-third (29.1%) of the 79 deals in YTD 2026 have targeted companies with established Public sector relationships. Of note, Parsons (NYSE:PSN) acquired national security information technology (IT) and cybersecurity service provider Altamira Technologies from VC firm ClearSky in January 2026 for an enterprise value of $375 million, equivalent to ~12.8x next twelve months (NTM) EV/EBITDA, according to a press release.⁵ This premium valuation has displayed the heightened demand and willingness to pay premium prices for targets with government customers, particularly the rapidly growing Defense Technology space. Acquiring exposure to both Commercial and Government markets has helped alleviate contracting uncertainty and related customer concentration concerns for sector participants. Altamira’s advancements in AI- and ML-enabled analytics served as an additional transaction motivation, further displaying acquirer appetite for thoughtfully developed integrations of AI into data security.

M&A buyers have crowded around the AI Cybersecurity market, seeking to expand portfolios and enhance existing software and service offerings. In YTD 2026, 30% of dealmaking has targeted vendors of services and solutions either powered by or securing AI. Buyers have initially targeted this segment of the Cybersecurity sector to capitalize on AI tailwinds. However, the AI demand cycle has reached a recent inflection point—showcased by a volatile Public Equities market. Buyers are likely to show more selectivity in their acquisitions amid fears of overinflated valuations. Developers and service providers that deliver robust and proven capabilities are expected to be highly attractive targets as AI use cases mature and associated risk appetite diminishes. Robust appetite for AI cybersecurity vendors between both equity investors and M&A buyers is likely to fuel competitive investing activity across both cohorts. This dynamic is anticipated to support premium M&A valuations for companies with advanced and proven solutions. A selection of AI-targeted Cybersecurity market transactions follows.

• CrowdStrike to Acquire SGNL (January 2026, $740 Million) – Diversified cybersecurity provider CrowdStrike announced its intent to acquire SGNL for an enterprise value of $740 million (January 2026). SGNL is a pure-play identity access management (IAM) security provider. The company has historically focused on traditional human and non-human access control but expanded its capabilities to securing system connections to AI agents in March 2025 with the release of its Model Context Protocol (MCP) Gateway. This development served as a key factor behind the acquisition, allowing CrowdStrike to rapidly expand its capabilities and remain competitive in the face of rising AI use. SGNL’s product and technology will be integrated into CrowdStrike’s Falcon Next-Gen Identity Security platform at closing. The combined solution will enable enterprise customers to enforce zero standing privilege (ZSP) backed by real-time, continuous access control. The acquisition of SGNL closely mirrors that of Pangea in September 2025, which CrowdStrike acquired for an enterprise value of $260 million shortly after it revealed its own AI Guard and Prompt Guard solutions. CrowdStrike used these products to establish its AI Detection and Response (AIDR) platform.
• KKR-backed FGS Global Acquires Memetica (January 2026, Undisclosed) – FGS Global, a strategy consulting company backed by PE firm KKR (NYSE:KKR), acquired AI-driven threat intelligence provider Memetica in January 2026 for an undisclosed sum. Memetica, a longtime partner of FGS, provides cyber threat intelligence services including early warning detection, tipping point analysis, and threat mitigation backed by AI. The transaction highlights the attractiveness of AI-driven data security solutions for buyers operating outside of traditional IT markets. Memetica serves as a key component of KKR’s roadmap for FGS since it first obtained a minority stake in the company for an enterprise value of $1.4 billion (April 2023), followed by KKR’s acquisition of FGS in August 2024 for an enterprise value of $1.6 billion (3.3x EV/Revenue, 17.2x EV/EBITDA). This acquisition furthers KKR’s strategy of expanding FGS’ market share, service lines, and AI capabilities through inorganic growth. Alongside the acquisition, FGS launched its AI Advisory practice, with Memetica’s solutions serving as an integral part of the offering. Through this new business unit, FGS will provide AI-focused services including generative engine optimization (GEO), AI risk and crisis management, strategic intelligence and analytics, and organizational AI transformation.
• ThreatModeler Acquires IriusRisk (January 2026, $100 Million) – In January 2026, New Jersey-based ThreatModeler acquired Spain-based IriusRisk for an enterprise value of $100 million. The cross-border deal bolsters ThreatModeler’s existing AI-driven threat modeling platform with IriusRisk’s development phase-focused threat modeling solution, expanding ThreatModeler’s addressable market across the software development life cycle (SDLC). The acquisition of IriusRisk also marks ThreatModeler’s entry into the European market. The combined entity is majority owned by existing ThreatModeler investor Invictus Growth Management (May 2024, $60 million), with existing IriusRisk investor Paladin Capital Group (October 2022, $29 million and September 2020, $6.7 million) retaining a minority share.

AI and Security Automation Attracts Venture Capital Investment

New market opportunities and demanding AI software development costs have facilitated significant growth financing activity within the Cybersecurity market. Cybersecurity sector equity growth funding has increased 189.7% YOY, representing a total sum of $1.4 billion to date. Deal count has risen in tandem by 128.6% to 16 deals in YTD 2026, suggesting both increased capital deployment and investor crowding. Average deal size ($85.1 million) to date has remained below the 2025 average of $131.4 million. Average post-money valuations have also shrunk to $773.9 million from 2025’s $1.2 billion, signifying a greater appetite for smaller targets with high growth opportunities. These data trends have suggested an Equity Financing market that has largely targeted startup investments to kick-off 2026. Of note, early-stage fund raises (Seed to Series A) have represented the lion’s share (43.8%) of capital deployment to date. Funding targeting AI-focused cybersecurity companies has dominated sector financing activity, representing all but one deal to date, as the technology has remained a hot spot for sector investing. This dynamic has attracted risk-tolerant VC firms as opposed to PE firms looking for more established growth opportunities possessing market viability and profitability. As the market matures and brings clarity to competitive positioning and consumer behavior, Capstone expects increased capital deployment from PE firms.

Innovation has served as a significant disruptor to the sector’s competitive landscape. The Equities market proved this in February 2026 after Anthropic’s announcement of its AI-powered Claude Code Security. Anthropic has leveraged its powerful AI model to perform intelligent, automated vulnerability scanning. This development has led to significant share price pullback within the Public Cybersecurity market. On the day of the announcement, CrowdStrike (Nasdaq:CRWD) shares dropped 7.9%, Cloudflare (NYSE:NET) declined 8%, and JFrog (Nasdaq:FROG) plummeted nearly 25%, according to a February 2026 article from CNBC.⁶ The ability for a singular solution to reshape the sector’s competitive dynamics has attracted the attention—and wallets—of equity investors. For developers, intense software development costs have positioned equity financing as an attractive avenue for growth. Anthropic has been a seasoned fundraiser, receiving $60.6 billion in growth capital to-date, bolstered by a $30 billion February 2026 Series G round, led by 1888 Ventures, that saw the company’s post-money valuation balloon to $380 billion.

AI is likely to continue to receive the majority of capital for the near future, as the race to become the market leader in intelligently automated security remains unfinished, and the existing competitive landscape of the Cybersecurity market has displayed unprecedented instability. Notable AI-focused equity financing deals are highlighted below.

• Reco Secures Series B Funding (February 2026, $30 Million) – In February 2026, Reco received $30 million in Series B funding for a post-money valuation of $185 million. The round was led by Zeev Ventures, with participation from all existing investors and new investors TIAA Ventures and the investment arm of Workday (Nasdaq:WDAY). This latest cash injection follows a $25 million raise in April 2025 from a blended Series A-1 and A-2 round, which placed the company at a post-money valuation of $132 million. To date, Reco has raised $95 million in support of its objective to secure enterprise AI use. Reco utilizes intelligence and automation across a range of solutions including real-time threat detection, IAM, and data governance to aid customers with AI sprawl management and security. This latest funding round will be used to continue Reco’s significant growth trajectory; the company boasts annual recurring revenue increases of 500% in 2024 and 400% in 2025, according to a press release.⁷

“The Reco team is executing on a massive market opportunity at a time when AI SaaS security has become critical for organizations given the proliferation of AI application and agent adoption,” noted Thompson Barro, Managing Director at TIAA Ventures, according to the press release.

• Cogent Security Secures Series A Funding (February 2026, $42 Million) – Vulnerability management developer Cogent Security received $42 million in Series A funding for a post-money valuation of $295 million (February 2026). The round was led by Bain Capital Ventures, with participation from OpenAI, Datadog (Nasdaq:DDOG), and existing investor Greylock Partners. This recent investment brings the company’s total capital raised to $53 million, following an $11 million seed round in October 2024. Cogent’s agentic AI platform automates investigation, prioritization, and remediation tasks associated with cybersecurity and cyberthreats. The company plans to use the funds to invest in development resources to expand into security operations and IT automation workloads and scale its go-to-market team. The ability for Cogent’s solution to extend beyond threat identification and into full life cycle automation attracted the investment from Bain, differentiating the company from the approximately 500 potential AI-driven security investment opportunities that are presented to Bain partner Enrique Salem each year, according to a press release.⁸

“Cogent’s AI enables teams to accomplish five times more with the same resources. This represents a fundamental reset of what’s possible in security operations, and we’re proud to partner with this team as they continue to push the boundaries,” stated Enrique Salem, Partner at Bain Capital Ventures, according to a press release.⁹

The continued development and adoption of AI have fundamentally shifted the key players, solution types, and customer needs of the Cybersecurity market. The expansion of cyber threats has forced governments to defend critical Private and Public sector assets against attacks, incentivizing M&A demand for sector operators with government customers. Sustained AI adoption rates have continued to expand opportunities within the Cybersecurity sector. The incorporation of innovative AI offerings within solution sets will likely prove critical to maintaining a competitive edge in a rapidly evolving market, incentivizing strong future deal activity within the Cybersecurity market.

To discuss the market implications of AI, provide an update on your business, or learn about Capstone’s current activity and wide range of advisory services and Cybersecurity market knowledge, please contact us.

Brendan Bradley, Associate, was the lead Market Intelligence contributor to this article.

Endnotes

1. Google, “GTIG AI Threat Tracker: Distillation, Experimentation, and (Continued) Integration of AI for Adversarial Use,” https://cloud.google.com/blog/topics/threat-intelligence/distillation-experimentation-integration-ai-adversarial-use, accessed February 17, 2026.

2. Gravitee, “The State of AI Agent Security 2026,” https://www.gravitee.io/state-of-ai-agent-security, accessed February 10, 2026.

3. U.S. Government Publishing Office, “ Budget FY 2026 – Crosscut Tables, Budget of the United States Government, Fiscal Year 2026,” https://www.govinfo.gov/app/details/BUDGET-2026-CROSSCUT, accessed February 3, 2026.

4. Office of the Under Secretary of War, “DoD Budget Request,” https://comptroller.war.gov/Budget-Materials/Budget2026/, accessed February 3, 2026.

5. Parsons Corporation, “Parsons Acquires Altamira Technologies Corporation,” https://investors.parsons.com/news-releases/news-release-details/parsons-acquires-altamira-technologies-corporation, accessed February 3, 2026.

6. CNBC, “Cybersecurity Stocks Drop for a Second Day as New Anthropic Tool Fuels AI Disruption Fears,” https://www.cnbc.com/2026/02/23/cybersecurity-stocks-anthropic-ai-crowdstrike.html, accessed February 23, 2026.

7. Reco, “Reco Raises $30M B Round for a Total of $85M to Meet Rapidly Growing Demand for Saas & AI Security Among Enterprises,” https://www.reco.ai/blog/reco-raises-30m-b-round-for-a-total-of-85m-to-meet-rapidly-growing-demand-for-saas-ai-security-among-enterprises, accessed February 25, 2026.

8. Fortune, “Exclusive: Bain and Greylock bet $42 Million that AI Agents can Finally Fix Cybersecurity’s Messiest Bottleneck,” https://fortune.com/2026/02/18/exclusive-bain-and-greylock-bet-42-million-that-ai-agents-can-finally-fix-cybersecuritys-messiest-bottleneck/, accessed March 25, 2026.

9. PR Newswire, “Cogent Security Raises $42M Series A to Arm Security Teams with Autonomous AI Agents,” https://www.prnewswire.com/news-releases/cogent-security-raises-42m-series-a-to-arm-security-teams-with-autonomous-ai-agents-302691566.html, accessed March 25, 2026.