← Back to blog
AI security M&A vendor consolidation cybersecurity sales Palo Alto Networks agentic security competitive intelligence market trends

You Can't Outpitch an Acquisition. What the AI Security Land Grab Did to the Cybersecurity AE's Pitch.

2026-06-04 Jonathan

In thirteen days in September 2025, four independent AI security companies were taken off the board. On September 3, Cato Networks announced it had acquired Aim Security. On September 5, SentinelOne completed its purchase of Prompt Security. On September 11, F5 announced it was acquiring CalypsoAI. On September 16, Check Point announced it was acquiring Lakera. Four category players, four different acquirers, less than two weeks. None of it was coordinated. All of it pointed in the same direction.

Widen the frame and the pattern is bigger than one frantic September. Cisco announced its acquisition of Robust Intelligence in August 2024. Palo Alto Networks agreed to pay a reported $700 million for Protect AI in the spring of 2025. By the time the September cluster closed, six of the most recognizable names in AI application security had been folded into larger security platforms in roughly thirteen months. The category did not mature into a steady state. It got bought.

Black Hat USA 2026 runs August 5 and 6 at Mandalay Bay, which puts it about two months out as I write this. The show floor will look like a healthy, competitive category: dozens of AI security vendors, a wall of logos, plenty of booth real estate. It is worth being honest about what that real estate now represents. Some of those booths belong to companies that just got acquired, flying a parent's flag. The rest belong to a thinner field of independents, and a buyer walking the floor cannot easily tell a genuine category leader from a startup coasting on the category's brand.

This matters to anyone carrying a cybersecurity quota, and it splits into two very different problems. If you sell AI security, you are now being compared to logos that live inside Cisco and Palo Alto Networks, and you cannot outpitch an acquisition. If you sell endpoint, network, or identity, the buyer's confusion about which AI security category is even theirs becomes a lever you can pull, because confusion delays a six or seven figure decision longer than budget ever does.

This article lays out the consolidation timeline and the money behind it, what the acquirers actually bought and renamed, why the category is so hard for buyers to parse, the two plays it creates for AEs depending on what they sell, and the one independent I would still bet on to make it through 2026 on its own.

The Timeline: Six Acquisitions in Thirteen Months

Start with the data, because the speed is the story. These are the six deals that reshaped AI application security between the summer of 2024 and the fall of 2025.

Four of those six deals landed inside a single two-week window in September, three of them freshly announced and one closing. Add up the prices that were disclosed or reliably reported and the wave clears well over a billion and a half dollars in under fourteen months, and Cisco never attached a public number to the Robust Intelligence deal at all. That is not a category settling down. That is a land grab.

It is also faster than most of the people buying security software realized. A CISO who built a mental model of the AI security market in early 2024 and never refreshed it is now shopping a market where a third of the names on the old shortlist answer to a different parent company. The category consolidated before its buyers updated their list. That gap, between how the market actually looks and how buyers think it looks, is the whole opportunity for the rep who keeps up.

What the Acquirers Bought, and What They Renamed It

The acquired companies did not disappear. They were absorbed and rebranded, which is exactly why this is so hard to track from the outside. The product a buyer evaluated last year under a startup's name now ships under a platform's name, with a platform's sales motion behind it.

Cisco turned Robust Intelligence into the foundation of Cisco AI Defense, launched in January 2025. The technology that tested models for prompt injection, data poisoning, and jailbreaks, with detections mapped to OWASP and MITRE ATLAS, is now a line item in Cisco's security platform rather than a standalone purchase.

Palo Alto Networks folded Protect AI into Prisma AIRS, its AI runtime security platform, bringing model scanning, posture management, AI red teaming, runtime protection, and AI agent security under one roof. What a buyer once bought from a focused startup is now bundled into the Palo Alto stack they may already own.

The September acquirers did the same thing in their own language. SentinelOne pointed Prompt Security at generative and agentic AI protection. F5 turned CalypsoAI's inference-layer defense into F5 AI Guardrails and F5 AI Red Team. Check Point rebranded Lakera, and its Gandalf red-teaming community of more than 80 million adversarial patterns, into Check Point AI Red Teaming and AI Agent Security. Cato Networks pulled Aim Security into its SASE platform so AI protection rides along with the network.

The common thread is the mechanic behind a phrase every AE selling AI security now lives with: you cannot outpitch an acquisition. The buyer at your booth is not comparing you to a scrappy peer anymore. They are comparing you to a product that a hundred-billion-dollar platform paid real money to own, integrated into a suite, and put a global sales team behind. This is the same consolidation pressure I wrote about in what 108 cybersecurity acquisitions in a single quarter do to the AEs underneath, now concentrated into one category.

Why This Category Is So Hard for Buyers to Parse

The consolidation is only half of the buyer's problem. The other half is that nobody agrees on what to call this category, including the analysts. Gartner files it under AI Trust, Risk and Security Management, or AI TRiSM. Vendors sell AI security posture management, AI firewalls, AI red teaming, AI guardrails, model scanning, and runtime protection. Those are six or seven labels for an overlapping and only partly distinct set of problems.

Now layer the acquirers' brands on top. The same capabilities are sold as Cisco AI Defense, Prisma AIRS, F5 AI Guardrails, and Check Point AI Agent Security. A buyer trying to compare options is not comparing products. They are comparing marketing taxonomies, and they have no reliable way to tell which two are actually the same thing under different names.

This is not a niche the buyer can ignore until it settles. The AI TRiSM market was worth roughly $2.3 billion in 2024 and is projected to reach about $7.4 billion by 2030, a compound annual growth rate near 21.6 percent. Gartner expects worldwide information security spending to reach about $244.2 billion in 2026, up 13.3 percent. And Gartner projects that 40 percent of enterprise applications will include task-specific AI agents by the end of 2026, up from less than 5 percent in 2025. The thing buyers need to secure is arriving faster than the market that secures it can explain itself.

Here is why that matters to a rep who does not even sell AI security. Confusion does not just slow the AI security purchase. It slows everything around it. A buyer who cannot map one fast-moving category starts to distrust their own ability to evaluate the next one, and a buyer who does not trust their own judgment defaults to the safest choice available, which is no decision at all. In cybersecurity, the no-decision loss already outnumbers the competitive loss. Category confusion is one of its quiet engines.

If You Sell AI Security: You Are Being Compared to a Logo Inside Cisco

For the AE selling AI security, the consolidation is brutal, and pretending otherwise does not help. The buyer evaluating you very likely has Cisco AI Defense or Prisma AIRS on the same shortlist, often from a vendor they already buy three other products from. You are the standalone. They are the standard, with the relationship, the roadmap, and the procurement paperwork already in place.

You cannot outpitch that with a better feature slide. The acquired companies were bought precisely because their problem-and-solution fit was real, and that fit did not vanish in the integration. Meanwhile the independents left standing are smaller and hungrier, which can be a genuine advantage, but it is worth being clear-eyed: a portion of the remaining field is coasting on the category's brand without the leadership or the depth the acquired companies had. The buyer cannot tell which is which, and neither can a logo wall at Black Hat.

The play is not to ignore the platforms. It is to name the consolidation out loud in discovery, before the buyer raises it. Make the comparison explicit and then make the platform earn it. A capability that a platform acquired and bolted on is not automatically better integrated or better supported than a tool built to do one thing. Quite often the opposite is true in the first eighteen months after a deal, while the acquired team gets reorganized and the roadmap gets renegotiated. Your job is to make the buyer ask whether the suite's version actually does what they need, instead of letting the logo answer that question silently.

Doing that well requires knowing the map cold. Which competitor got acquired, when, by whom, for how much, what got renamed, and what changed for existing customers afterward. A rep who can say that a competitor's product was acquired eight months ago, repackaged into a suite, and has not shipped a meaningful release since is not badmouthing anyone. They are giving the buyer information the buyer cannot easily get for themselves. That is the competitive intelligence that wins the room.

If You Sell Endpoint, Network, or Identity: The Confusion Is a Lever

Now the other side. Most cybersecurity AEs do not sell AI security at all. They sell endpoint, network, identity, or one of a dozen established categories. For them, the AI security land grab is not a threat. It is an opening, and most reps are walking right past it.

Your prospect is being pitched AI security from every direction. They are confused about whether it is even their problem yet, and that confusion is sitting unresolved in the back of their mind while they evaluate you. You do not need to compete in the category. You need to clarify it for them while they are still researching. A rep who can calmly explain the difference between AI posture management, an AI firewall, and model red teaming, and then say honestly which of those, if any, the buyer's current stack actually calls for, becomes the trusted voice in the room on a topic the buyer is anxious about.

This works because of how buyers research now. They define most of their requirements before they ever talk to a vendor, and the overwhelming majority lean on LLMs to do it. I covered the wreckage that causes in the AE's new job of fact-checking what ChatGPT told the buyer, and AI security is the worst-case version of that problem: a fast-moving, acronym-dense, freshly consolidated category where the buyer's self-research is most likely to be stale or simply wrong. Correcting that drift is high value and low risk for you, because you are not selling against anyone when you do it.

The payoff is trust, and trust accelerates the deal you actually came to close. RSA Conference 2026 made clear that AI security is no longer an emerging topic but the topic, which means every buyer you talk to has it on their mind whether or not it is on your price list. The rep who reduces the buyer's confusion about it earns standing on everything else. The rep who adds to the noise is just another vendor.

The One Independent I Would Still Bet On

All of which leads to the question the whole market is quietly asking. With the category consolidating this fast, who is left as an independent leader, and who actually survives 2026 without a parent company? I will give a real answer rather than a list. The clearest remaining independent in AI application security is HiddenLayer.

The case is straightforward. HiddenLayer raised a $50 million Series A in September 2023, led by M12, Microsoft's venture fund, and Moore Strategic Ventures, with Booz Allen, IBM, Capital One, and Ten Eleven Ventures participating, bringing its total raised to about $56 million. As of the middle of 2026 it has not been acquired, and it is still operating on that 2023 round while six of its peers got bought out from under the category. It is a Gartner-recognized AI application security company whose platform extends detection and response to machine learning models and maps its protections to the adversarial techniques catalogued in MITRE ATLAS. In March 2026 it shipped agentic runtime security capabilities and published an AI threat report. Independent and shipping, not independent and coasting.

For a buyer who specifically wants a dedicated AI security tool rather than a feature bolted onto a platform they already own, HiddenLayer is one of the few credible standalone options left. For an AE selling against the platforms, the last independent leader is a real differentiator, not a talking point. Independence is a position now, because almost nobody else in the category still holds it.

And that is exactly why it is precarious. Being the last credible independent in a category every platform wants to own is the precise profile that gets acquired. The acquisition premium for a proven category leader goes up as the field thins, and platform gravity is relentless, because every one of these acquirers has decided AI security has to be in their suite. The same logic that took Robust Intelligence, Protect AI, and Lakera is pointed directly at HiddenLayer.

So here is my actual bet. HiddenLayer makes it through 2026 independent. It has runway, having never needed to raise again, and its founders have shown no urgency to sell. But through 2026 is a low bar, and I would not put money on 2027. The honest answer to the question everyone is asking is that the independent category leader in AI security is an endangered species, and HiddenLayer is the clearest specimen left. If you think I am wrong, I genuinely want to know who you would name instead.

The AE Takeaway: Category Clarity Is the Advantage

Step back from the specific names and the takeaway is the same for every rep, whether you sell AI security or sell around it. In a category moving and consolidating this fast, the edge is not a sharper feature pitch. It is knowing the map better than the buyer does.

Knowing who got acquired, by whom, when, for how much, what got renamed afterward, and which independents are real versus coasting is not trivia. It is the difference between the rep who clarifies a confusing market for an anxious buyer and the rep who adds one more confusing voice to it. The first rep gets trusted and gets the deal. The second gets compared to a logo and loses to it.

That is the entire reason we are building KillChain Overwatch: to give cybersecurity AEs an unfair informational advantage in competitive deals, through real-time competitive intelligence and sales coaching delivered at the moment a buyer raises a competitor's name, not in a deal review three weeks later. It is a force multiplier for strong reps, the ones who already know how to sell and just need the map to keep pace with a market that rewrites itself every September.

The category will keep consolidating. By Black Hat 2027 the booths will tell a different story than they will this August. The reps who win the deals underneath all that motion are the ones who treat the map as a weapon instead of a surprise.

FAQ

Which AI security companies have been acquired?

In the most recent wave, six AI application security companies were absorbed into larger platforms in about thirteen months: Robust Intelligence by Cisco (August 2024), Protect AI by Palo Alto Networks (announced April 2025, completed July 2025), Aim Security by Cato Networks (September 2025), Prompt Security by SentinelOne (announced August 2025, completed September 2025), CalypsoAI by F5 (September 2025), and Lakera by Check Point (September 2025). Three of those six were announced within a two-week span in September 2025, with a fourth, the SentinelOne purchase of Prompt Security, closing in the same window.

Is HiddenLayer still independent?

Yes. As of the middle of 2026, HiddenLayer has not been acquired. It raised a $50 million Series A in 2023, has raised about $56 million in total, and continues to ship new products, including agentic runtime security capabilities released in early 2026. It is widely regarded as the most prominent remaining independent in AI application security, which also makes it a natural acquisition target.

What is the difference between AI-SPM, AI TRiSM, and an AI firewall?

AI TRiSM, or AI Trust, Risk and Security Management, is Gartner's umbrella term for the whole category. AI security posture management, or AI-SPM, focuses on finding and fixing misconfigurations and risks across AI assets, much like cloud posture management does for cloud. An AI firewall, sometimes called runtime protection, sits in front of a model at inference time to block threats like prompt injection and data leakage. Model scanning and AI red teaming test models for weaknesses before deployment. The terms overlap, and most platforms now sell several of them together, which is a large part of why buyers find the category confusing.

When is Black Hat USA 2026?

Black Hat USA 2026 takes place August 1 to 6, 2026, at the Mandalay Bay Convention Center in Las Vegas, with the main Briefings on August 5 and 6. It is the event's 29th year.

What should an AE do when a competitor gets acquired?

Know the deal cold: the date, the acquirer, the price if disclosed, and what changed for existing customers after the close. Name the acquisition in discovery before the buyer does, and make the acquiring platform earn the comparison rather than win it on brand. Watch for the post-acquisition pattern of reorganization, repackaging, and a stalled roadmap in the first year, because that is real information a buyer needs and rarely has. Used honestly, an acquisition is more often a competitive opening for you than a threat.

References

  1. Cisco. Fortifying the Future of Security for AI: Cisco Announces Intent to Acquire Robust Intelligence. Acquisition announced August 26, 2024; terms not disclosed. Cisco Blogs
  2. Cisco. Robust Intelligence Is Now Part of Cisco. Robust Intelligence became the foundation of Cisco AI Defense, launched January 2025. Cisco
  3. Palo Alto Networks. Palo Alto Networks Announces Intent to Acquire Protect AI. The April 28, 2025 announcement valued the deal at a reported $700 million in cash and replacement awards. Palo Alto Networks
  4. Palo Alto Networks. Palo Alto Networks Completes Acquisition of Protect AI. The acquisition closed July 22, 2025, folding model scanning, posture management, AI red teaming, runtime protection, and AI agent security into Prisma AIRS. Palo Alto Networks
  5. Cato Networks. Cato Acquires Aim Security to Extend SASE Leadership and Secure Enterprise AI Transformation. Announced September 3, 2025, Cato's first acquisition; terms not officially disclosed. Cato Networks
  6. SentinelOne. SentinelOne to Acquire Prompt Security to Advance GenAI Security and Agent Security Strategy. Announced August 5, 2025 and completed September 5, 2025; the cash-and-stock deal was reported by multiple outlets at approximately $250 million. SentinelOne
  7. F5. F5 to Acquire CalypsoAI to Bring Advanced AI Guardrails to Large Enterprises. Announced September 11, 2025 for approximately $180 million; CalypsoAI became F5 AI Guardrails and F5 AI Red Team. F5
  8. Check Point Software. Check Point Acquires Lakera to Deliver End-to-End AI Security for Enterprises. Announced September 16, 2025; terms not disclosed. Check Point
  9. Calcalist. Check Point acquires Lakera in $300 million deal to expand AI security. Press report on the otherwise undisclosed Lakera deal value. Calcalist
  10. TechCrunch. HiddenLayer raises $50M for its AI-defending cybersecurity tools. September 19, 2023; led by M12 and Moore Strategic Ventures, total raised about $56 million. TechCrunch
  11. Grand View Research. AI Trust, Risk and Security Management Market Report. Market estimated near $2.34 billion in 2024, projected to reach about $7.44 billion by 2030 at a 21.6 percent CAGR. Grand View Research
  12. Gartner (4Q25 information security forecast), via Software Strategies Blog. Information Security Spending 2026. Gartner projects worldwide information security spending of about $244.2 billion in 2026, up 13.3 percent. Software Strategies Blog
  13. Gartner. Gartner Predicts 40% of Enterprise Apps Will Feature Task-Specific AI Agents by 2026. Up from less than 5 percent in 2025. Gartner
  14. Black Hat. Black Hat USA 2026. August 1 to 6, 2026, Mandalay Bay, Las Vegas; main Briefings August 5 and 6, the event's 29th year. Black Hat
  15. Momentum Cyber, via SiliconANGLE. Record cybersecurity deal activity in 2025. 2025 cybersecurity M&A reached about $102 billion across 398 deals, with 108 transactions following in Q1 2026. SiliconANGLE

*Written by Jonathan, co-founder of KillChain Sales. Former offensive security operator, now leading go-to-market for an AI competitive intelligence platform built for cybersecurity AEs. If you sell in or around AI security and have watched a deal get reshaped by an acquisition you heard about too late, join the waitlist or connect on LinkedIn.*

Sign Up for a Demo