Quick heads up before we get into May: a shorter weekly edition will follow in the next few days to catch up on the first week of June's deals, so look out for that one landing separately.

May was the month the platforms went shopping for AI security. Cisco paid $400 million for Astrix. Akamai took LayerX for $205 million. Snowflake bought Natoma, Zscaler bought Symmetry, and Torq spent $70 million on Jit only weeks after raising its own round. None of that was coincidence. The biggest names in the industry have stopped treating AI security as something to build later and started buying the capability outright, with the identity and governance layer for AI agents the part everyone wants.

The funding tells the same story from the other side. XBOW raised $155 million for autonomous penetration testing, Exaforce raised $125 million for cloud security, and Gray Swan pulled in $40 million to secure the AI models the frontier labs are shipping. Capital is concentrating in the exact layer the acquirers are circling.

Let's dive in.

Cisco acquires Astrix for $400M. The networking giant buys its way into non-human identity and AI agent security, its second AI-security move in two months after picking up Galileo for AI observability in April.

Akamai acquires LayerX for $205M. Browser-based AI usage control joins Akamai's zero trust portfolio. Its fourth Tel Aviv cyber acquisition in five years.

Snowflake acquires Natoma. A native governance and identity layer for AI agents and MCP. The data cloud moves to secure the agentic stack its customers are building on.

Zscaler acquires Symmetry. Data security posture management folds into the zero trust platform.

Torq acquires Jit for $70M. The AI SOC platform adds developer security, weeks after its own $140 million raise.

Terra Quantum goes public via a $3.5B reverse merger. Quantum computing and quantum security hit the public markets through Mountain Lake Acquisition II.

XBOW raises $155M. Autonomous AI penetration testing crosses a $1.3 billion valuation.

Exaforce raises $125M. Cloud security at a $725 million valuation.

Eighteen cybersecurity companies ceased operations. Down from April's record of 29, but the mid-market squeeze has not gone away.

Here's a number we're quietly proud of: two thirds of our placements this year, went to clients who came back to us for more than one hire.

In recruitment, repeat business is the one metric that cannot be talked up. A client uses you once on the strength of a referral, a warm intro, or a good first conversation. They use you a second time, a third, a sixth, only because the first hire worked.

That matters more than it might sound, because of when these hires happen and what they cost. Most of the companies we work with are scaling hard against board milestones, and in a market as unforgiving as this one, a single bad senior hire can swallow a meaningful slice of a Series A and stall a go-to-market plan for a year. No founder runs that risk twice with a firm that got the first search wrong. Repeat business is simply quality, proven on a delay.

There is a compounding effect too, and it is the real reason clients stay. Every search we run for a company teaches us something a brief never can: their actual hiring bar, the kind of person who thrives in their culture, the way their product is really sold, the difference between a candidate who looks good on paper and one who closes. By the third search we are not starting from zero, we are starting from a deep read on what good looks like inside that specific business. A new agency brought in cold has to learn all of that from scratch while the clock runs.

If you are a founder choosing a search partner, this is the question worth asking before you sign anything: what share of your work comes from clients who have hired you before? A firm living off one-off mandates and cold outreach will dance around the answer. A firm with real, durable relationships will give you the number without blinking. And if you are a commercial operator weighing up who to work with, the firms with high repeat rates are the ones with the deepest client relationships, which in practice means earlier access to the best roles and a far more honest read on whether a given company is somewhere you actually want to be.

We would rather place ten people well at five companies that keep calling, than fifty people once at fifty companies that never do. This year, the clients voted with their mandates, and most of them voted to come back to us. Result.

Astrix Security → Acquired by Cisco Investments (NASDAQ: CSCO)
Deal Type: Acquisition
Deal Date: May 4, 2026
Deal Size: $400M

Cisco buys its way into non-human identity and AI agent security. Astrix discovers and governs the API keys, service accounts, OAuth tokens and AI agents that now outnumber human users inside the enterprise, and will fold into Cisco's identity and security platform. It is Cisco's second AI-security move in two months, following its April acquisition of Galileo for AI observability.

LayerX → Acquired by Akamai Technologies (NASDAQ: AKAM)
Deal Type: Acquisition
Deal Date: May 12, 2026
Deal Size: $205M

Akamai extends zero trust into the browser, where most enterprise work and most AI usage now happens. LayerX controls how employees and agents use generative AI tools across both standard and agentic browsers, without forcing a browser switch. It is Akamai's fourth Tel Aviv cyber acquisition in five years.

Natoma → Acquired by Snowflake (NYSE: SNOW)
Deal Type: Acquisition
Deal Date: May 27, 2026
Deal Size: Undisclosed

Snowflake moves to secure the agentic stack. Natoma provides a governed identity and access layer that connects AI agents and MCP to enterprise systems through a single control point. The data cloud is building native governance for the AI agents its customers are already deploying.

Jit → Acquired by Torq
Deal Type: Acquisition
Deal Date: May 19, 2026
Deal Size: $70M

The AI SOC platform adds developer security, only weeks after raising $140 million. Jit lets developers own application security from the start of the build. Torq is assembling a platform through acquisition, one fragment at a time, which is exactly why it features in this month's Bold Call.

Terra Quantum → Reverse merger with Mountain Lake Acquisition II (NASDAQ: MLAA)
Deal Type: Reverse Merger
Deal Date: May 26, 2026
Deal Size: $3.5B

Hybrid quantum computing and quantum security hits the public markets, with the combined business valued at around $3.5 billion.

Symmetry → Acquired by Zscaler (NASDAQ: ZS). Data security posture management folds into the zero trust platform.

Genie → Acquired by Cyera. A data security platform absorbed by the data-security unicorn.

1touch.io → Acquired by Everpure (NYSE: P). AI-driven sensitive data discovery, mapping and governance.

Driftnet → Acquired by SecurityScorecard. Internet exposure discovery feeding the TITAN threat intelligence platform.

SecureIQx → Acquired by Boost Security. Machine-learning cyber assessment and reachability analysis.

Halo Privacy → Acquired by Cycurion (NASDAQ: CYCU). Digital privacy and data control software.

ZKPassport → Acquired by Aztec Foundation. Zero-knowledge passport verification joins the Aztec network.

Nine23 → Acquired by Austability. Cyber-secure managed services for defence and government across Five Eyes nations.

Government Acquisitions → Acquired by Computacenter (LON: CCC), up to $92M. Federal IT and detection software.

Secuvant → Acquired by Cycurion (NASDAQ: CYCU), $2.9M. Managed cybersecurity and risk services.

Concensus Technologies → Acquired by Novacoast. Education-sector identity and access management.

Nexova → Acquired by Sopra Steria (PAR: SOP). Engineering and cybersecurity, expanding Sopra Steria's space and cyber capability.

Ledger → IPO (Paris). Crypto hardware security and digital asset custody goes public.

Aura → IPO (ASX). Consumer digital security and identity protection lists publicly.

If you read May's deal sheet as a list of unrelated transactions, you miss the point. Read it as one move made by five different companies and it becomes the clearest signal we have had all year. Cisco, Akamai, Snowflake, Zscaler and Torq all spent money in the same place: the layer that secures artificial intelligence itself. After Google paid $32 billion for Wiz in March and ServiceNow closed its $7.75 billion Armis deal in April, the pattern is no longer a trend. It is the strategy.

What the platforms bought falls into three buckets, and they are really three versions of the same bet. The first is identity and governance for AI agents. Cisco took Astrix to control the non-human identities, API keys and service accounts that now vastly outnumber human users, and Snowflake took Natoma to put a governed identity layer between AI agents and the systems they reach into. The second is controlling AI at the point of use. Akamai bought LayerX to govern how people and agents use generative AI inside the browser, Zscaler bought Symmetry for data security posture management, and Cyera absorbed Genie to deepen its hold on the data layer. The third is securing the code that AI now helps write, which is what Torq picked up when it bought Jit. Different entry points, same destination.

The reason this is happening now is not mysterious. Enterprises are deploying AI agents at a pace that has outrun their controls. Those agents hold credentials and take actions on their own, and the blast radius grows with every permission granted. The platforms have worked out that they cannot bolt this on after the fact, and that building it from scratch is slower than buying a team that already has the product and the expertise. When speed matters more than cost, build-versus-buy tips hard towards buy. That is why a company like Astrix, which more or less created the non-human identity category, becomes a $400 million acquisition rather than a slow internal project.

For founders building in this layer, whether that is model security, agent identity, AI in the browser or AI-era data governance, the acquirer set is now visible and it is forming fast. The Astrix path is the template: name a problem before anyone else does, build the product, educate the market, and become the obvious thing a platform buys when it decides it needs the capability. The catch is timing. The window is to be acquirable before the platform either builds its own version or buys your nearest competitor, and May showed how quickly those competitors get taken off the board.

For investors, the exits are validating the thesis and the funding is following it. XBOW at $155 million, Exaforce at $125 million, Gray Swan at $40 million, Frame at $50 million, plus a long tail of seed rounds into AI model security and machine identity, all point capital at the same layer the acquirers are circling. Returns will concentrate in the names that get there first and get bought.

For commercial operators, follow the money in both directions. The companies doing the buying are assembling AI-security portfolios, which is where the enterprise budgets and the senior GTM roles are heading. At the startup end, the founding and early commercial seats in this layer are the high-leverage bets, because they sit on top of a category the market has decided it needs.

For CISOs and buyers, the practical takeaway is blunter. Over the next year every platform you already run will try to sell you its version of AI security, bundled into the suite you bought for something else. The questions worth asking are whether you take the platform's bundle or hold out for best-of-breed, and, more urgently, whether you have actually inventoried the AI agents and non-human identities already operating in your environment. Most organisations have not, and that gap is precisely what this wave of dealmaking is built to fill.

The Trident Take: the layer that secures AI is being absorbed into the big platforms faster than almost any category before it. Whether that is good news (one vendor to hold accountable) or bad news (lock-in and less room for the independents) depends entirely on where you sit. Either way, the direction is set, and May was the month it became undeniable.

Eighteen cybersecurity companies went out of business in May, down from April's record of 29:

Ready to make your next move? These roles won't stay open long.

One prediction per month.

June 2026 Prediction: Microsoft makes a major AI-security acquisition before the end of 2026.

The Logic: Every platform of its size has already bought its way into the layer that secures AI: Google took Wiz for $32 billion, Palo Alto took CyberArk for $25 billion, and this month Cisco took Astrix and Snowflake took Natoma. Microsoft is the holdout. It owns the biggest enterprise identity platform in Entra and ships the most-used enterprise AI in Copilot, yet it keeps building its AI-security stack in-house rather than buying one. That is getting harder to justify when machine identities now outnumber humans by roughly 82 to 1 and the pool of independent targets is thinning fast, with Astrix and Natoma both gone in a single month.

If Microsoft wants the best team rather than the leftovers, it has to move while the likes of Oasis Security and Token Security are still standing. What could prove us wrong is Microsoft's real preference for organic builds, which is exactly what makes this a bold call.

Prediction Tracker

Have market intelligence to share? Our network sees deals before they're announced, hiring freezes before they're public, and technology shifts before they hit the headlines.

Email: [email protected]
All sources protected. We verify before we publish.