The AI-security M&A map (2023–2026)

Who bought whom in the AI governance/security landscape, verified against primary sources (acquirer press releases, SEC filings) during the Phase 3 research pass. Dates and confidence are explicit. This page is the filed-back answer to “which of these vendors is still independent, and who owns the rest?” — the question that dates half a survey’s answer options.

Convention: closed = completion confirmed by a primary source with a date. announced / pending = agreement public but no completion source found as of 2026-06-28. Deal values are marked reported when press-sourced rather than officially disclosed.

The platform roll-ups (who is consolidating)

Palo Alto Networks — building the AI-security platform by acquisition

TargetWhat it broughtStatusDateValue
cyberarkPrivileged access + machine/NHI identityClosed2026-02-11~$25B
portkeyAI gateway (now the Prisma AIRS gateway component)Closed2026-05-29undisclosed
Protect AI → prisma-airsModel scanning, red-teaming, posture, runtimeClosed2025-07-22reported ~$650–700M
Talon → prisma-access-browserEnterprise browserClosed2023-12-28reported ~$625M

PANW is assembling identity (cyberark) + AI gateway (portkey) + AI runtime/posture (prisma-airs) + browser under one roof. For a CTO this means several formerly-independent “best of breed” tools now arrive as one suite — fewer throats to choke, more lock-in.

Cisco — buying the AI trust & SOC layer

TargetWhat it broughtStatusDateValue
splunkSIEM / observabilityClosed2024-03-18$28B
Robust Intelligence → cisco-ai-defenseAI runtime security / validationClosed~2024-09-24undisclosed
galileoLLM eval / guardrailsClosed (reported)~2026-05-22undisclosed
astrix-securityNon-human / agent identityAnnounced intent — pending2026-05-04reported ~$400M

Note: the seed listed Astrix as “acquired”; as of 2026-06-28 it is announced intent, not closed. Treat as pending.

CrowdStrike — adding SaaS posture + AI detection/response

TargetWhat it broughtStatusDateValue
pangeaAI detection & response (AIDR) / guardrailsClosed~2025-09 (announced 2025-09-16)reported ~$260M
adaptive-shieldSaaS security posture (SSPM)Closed~2025-01 (announced 2024-11-06)reported ~$300M
Charlotte AIAgentic SOC (built in-house, not acquired)

SentinelOne

TargetWhat it broughtStatusDateValue
prompt-securityPrompt-layer DLP / AI runtimeClosed~2025-11 (announced 2025-08-05)reported ~$250M

F5

TargetWhat it broughtStatusDateValue
calypsoaiAI guardrails + red-team (now F5 AI Guardrails / AI Red Team)Closed2025-10-08reported ~$180M

Other notable AI-security tuck-ins

TargetAcquirerWhat it broughtStatusDateValue
aim-securitycato-networksAI/agent security (Cato’s first acquisition)Announced2025-09-03reported ~$350M
lakeraCheck PointAI guardrails / prompt-injection defenseAnnounced (close exp. Q4 2025)2025-09-16reported ~$300M
apex-securityTenableAgent/AI security → Tenable OneAnnounced/integrating2025-05-29reported >$105M
promptfooOpenAIOpen-source eval/red-team → OpenAI FrontierClosed2026-03-09undisclosed
trojaiA10 NetworksAI detect (red-team) + defend (runtime firewall)Announced2026-06-15undisclosed

TrojAI→A10 Networks was NOT in the seed CSV — surfaced during research. A recent (2026-06-15) deal; confirm completion.

Deals surfaced during research — NOT in the seed CSV

These were not flagged in the seed; the research pass found and verified them. They materially date several survey answer options.

TargetAcquirerWhat/whyStatusDate
vezaServiceNowIdentity/data-access governanceClosed2026-03-02 (~$1B)
securitiVeeamDSPM / data+AI governanceClosed2025-12-11 ($1.725B)
symmetry-systemszscalerDSPM / data-access graph for AI agentsAnnounced2026-05-21
splxaizscalerAI red-team + runtimeClosed2025-11-03 (Q1 FY26)
stytchTwilioAgent/auth identityClosed2025-11-14
natomaSnowflakeMCP-native NHI/agent governanceAnnounced (intent)2026-05-27
trulens (TruEra)SnowflakeLLM eval (TruLens stays OSS)Closed2024-05-22
langfuseClickHouseLLM observability (core stays OSS)Announced2026-01-26
heliconeMintlifyLLM observability (now maintenance mode)Announced2026-03-03
whylabsAppleML monitoring (acqui-hire; product wound down)~2025 (med conf.)
seraphicCrowdStrikeEnterprise browser securityAnnounced2026-01-13 ($420M)
layerxAkamaiBrowser security extensionAnnounced2026-05-14 (~$205M)
styra / OPA teamAppleAuthorization (acqui-hire; OPA stays CNCF)~2025-08 (med conf.)

Snowflake and Zscaler are each running two-deal AI roll-ups here (Snowflake: TruEra + Natoma; Zscaler: SplxAI + Symmetry Systems). Apple quietly absorbed two open-source-adjacent teams (WhyLabs, Styra/OPA) as acqui-hires.

Independents that are themselves acquirers (consolidating, not consolidated)

1password → Apono (2026-06, JIT/agent access); cranium → Aiceberg (2026-05); varonis → Cyral (2025-03); menlo-security → Votiro (2025-02); bitsight → Cybersixgill (2024); securityscorecard → HyperComply (2025); workos → Warrant/FGA (2024); snyk → Probely + Invariant Labs (2024–25); okta → Auth0 (2021). These remain independent.

Big-platform / infrastructure M&A (context, not AI-native)

TargetAcquirerStatusDateValue
wizGoogle / AlphabetClosed2026-03-11$32B (largest Google deal)
HashiCorp (hashicorp-vault)IBMClosed2025-02-27$6.4B
normalyzeProofpointClosed (reported)~2024-11/12undisclosed
sumo-logicFrancisco Partners (take-private)Closed2023-05-12~$1.7B
forgerockThoma Bravo → merged into Ping IdentityClosed2023-08-23~$2.3B
weights-and-biasesCoreWeaveClosed2025-05-05reported ~$1.7B

Still independent (verified, as of 2026-06-28)

  • hiddenlayer — AI model security; $50M Series A (2023), M12 + Moore. Independent.
  • witnessai — AI access governance + runtime; $86.5M total, Series B 2026-01. Independent.
  • (more confirmed as research waves complete — see each vendor page)

What it means for a hedge-fund CTO

  • Half the AI-runtime/guardrail field has been acquired by platform vendors (PANW, Cisco, CrowdStrike, SentinelOne, F5, Check Point, Cato) in 2025–2026. If you standardize on a platform you already own, you may get an AI-firewall/guardrail capability “for free” — check before buying a standalone.
  • The independents that remain (hiddenlayer, witnessai, pillar-security, and others pending research) are the ones to diligence on viability vs acquisition risk.
  • Survey implication: several answer options are now product lines inside a suite, not companies. The survey-blueprint and each category’s Survey notes flag these.

Sources

Per-deal primary sources are cached under raw/sources/ (acquirer press releases + SEC filings), cited on each vendor page’s Sources section. This map aggregates those; see the vendor pages for the specific citation + confidence per claim.

History

  • [2026-06-28] Created from Phase 3 Wave 1 verified M&A research (33 vendors). Pending-deal and reported-value caveats preserved. To extend as later waves surface more deals.