Welcome to The Trident Radar!

Palo Alto Networks continues its acquisition spree, just weeks after the $26.2B CyberArk deal, they've reached a definitive agreement to acquire KOI for $400M.

Meanwhile, Check Point's triple acquisition last week is already looking like the opening move in a broader consolidation wave. Booz Allen picked up Defy Security to bolster cyber services for government clients and funding continued to flow into AI-powered security, with Cogent Security raising $42M at a $327M valuation for agentic vulnerability remediation.

This week's Insider Insight is something different. We sat down with Claude, yes, the AI, to discuss Anthropic's new Claude Code Security capability and what it means when AI can find 500+ zero-day vulnerabilities in production codebases.

Lets dive in.

We’re launching The Failure Files!

A new Trident Talks series where we sit down with cybersecurity leaders to unpack the setbacks that actually shaped their success - and what it takes to come back stronger.

To kick things off, Chloe Taylor chatted to Jason Rebholz, CEO and Co-Founder of Evoke Security; a leader who’s spent his career on the front line of incident response, ransomware, and now the next wave: AI-driven risk.

Insider Insight: An Interview With Claude
Company Spotlight: Venice

Cogent Security - Series A - $42M (Bain Capital, Greylock)
Autonomous agents that investigate and remediate cybersecurity vulnerabilities. AI systems that organise vulnerability data, assess risks with context, and implement remediation plans. This is the agentic security thesis in action, and the valuation reflects market conviction.

Category: AI Security Agents / Vulnerability Remediation
HQ: San Francisco, CA

Venice - Series A - $25M (IVP)
Privileged access management reimagined for the AI era. Replaces static access workflows with live, policy-driven decisions. Removes standing privileges and provides estate-wide visibility across human and non-human identities. Index Ventures and Wiz founders (Assaf Rappaport, Raz Herzberg) also participated.

Category: Privileged Access Management / Identity Security
HQ: Tel Aviv, Israel

VulnCheck - Series B- $25M (Sorenson Capital)
Threat intelligence platform helping organisations close the exploitation-timing gap. Funds will scale growth and expand AI-powered emerging threat detection. In-Q-Tel and Ten Eleven Ventures also participated.

Category: Threat Intelligence / Vulnerability Intelligence
HQ: Lexington, MA

Copla - Early Stage VC - ~$7.7M (Iron Wolf Capital, Operator Stack)
Cybersecurity compliance platform with new Copla Bridge capability for managing compliance across multiple entities. Expanding beyond EU into international markets.

Category: Compliance / GRC
HQ: Elektrėnai, Lithuania

Barbara - Later Stage VC - ~$5.3M (Aramco Ventures)
Industrial edge AI platform for critical infrastructure. Cybersecure deployment of real-time AI models in edge devices for energy, utilities, manufacturing, and oil & gas. Middle East, Europe, and US expansion.

Category: Industrial IoT Security / Edge AI
HQ: Bilbao, Spain

Caspia Technologies - Later Stage VC - $5M (Undisclosed)
Semiconductor security and microelectronics data analytics. Software and services for protecting electronic devices and systems from cyberattacks.

Category: Hardware Security / Semiconductor Security
HQ: Gainesville, FL

KOI → Definitive Agreement to be Acquired by Palo Alto Networks (NAS: PANW)
Deal Type: Merger / Acquisition
Deal Date: February 17, 2026
Deal Size: $400M Malicious IDE extension detection for software supply chain security.

KOI's platform continuously analyses VSCode marketplace extensions to detect malicious, risky, or vulnerable third-party code. Palo Alto continues building out its supply chain security capabilities, another Israeli startup exits to a platform vendor. See Company Spotlight below.

Defy Security → Definitive Agreement to be Acquired by Booz Allen (NYS: BAH)
Deal Type: Merger / Acquisition
Deal Date: February 17, 2026
Deal Size: Undisclosed

Cybersecurity technology services for financial institutions, healthcare, manufacturers, and retail. Accelerates Booz Allen's ability to deliver cyber products and services, including their AI-powered malware analysis product Vellox Reverser. Also supports Booz Allen's expansion in UK and EU markets.

IronNet → Acquired by ITC Secure (Haven Cyber Technologies)
Deal Type: Merger / Acquisition
Deal Date: February 17, 2026
Deal Size: Undisclosed

Collective Defense platform for network security. IronNet's journey from SPAC darling to acquisition target reflects the challenges facing companies that went public during the 2021 boom.

IronCircle → Acquired by Quickstart
Deal Type: Merger / Acquisition
Deal Date: February 19, 2026
Deal Size: Undisclosed

AI-powered cybersecurity training platform. Cyber workforce development consolidation continues.

Security Lab → Acquired by Reevo (MIL: REEVO)
Deal Type: Merger / Acquisition
Deal Date: February 16, 2026
Deal Size: Undisclosed

Cybersecurity services provider. Reevo enters the Swiss market through this acquisition.

Stripe OLT Consulting → Acquired by Little Fish (via Bowmark Capital)
Deal Type: LBO / Add-on
Deal Date: February 17, 2026
Deal Size: Undisclosed

Managed IT and cyber security services with 24/7 SOC. UK MSSP consolidation continues.

This week, Anthropic announced Claude Code Security, a new capability that scans codebases for vulnerabilities and suggests patches. But beyond finding bugs in other people's code, how does Anthropic keep Claude itself secure? We sat down with Claude to discuss AI safety, the intersection of cybersecurity and AI development, and what the future holds.

RK: Claude, let's start with you. How does Anthropic keep you safe and secure?

Claude: Safety is built into how I'm developed from the ground up. Anthropic uses something called Constitutional AI, which means I'm trained with a set of principles that guide my behaviour. But beyond the training, there's ongoing work to ensure I operate safely in the real world.

Anthropic has a dedicated Frontier Red Team that continuously stress-tests my capabilities. They probe for vulnerabilities, test my boundaries, and look for ways I could potentially be misused. They've entered me in competitive capture-the-flag cybersecurity events to benchmark my capabilities. They partner with organisations like Pacific Northwest National Laboratory to test defensive applications in critical infrastructure scenarios.

The key insight is that AI systems are software, and software has vulnerabilities. Anthropic treats my security the same way any serious organisation treats application security: assume there are weaknesses, actively search for them, and fix them before they can be exploited.

RK: You mentioned Constitutional AI. Can you explain how that actually protects users?

Claude: Constitutional AI is essentially a framework for training AI systems to be helpful, harmless, and honest. Instead of relying purely on human feedback for every possible scenario, the model is trained against a set of principles, a "constitution", that guides decision-making.

For cybersecurity specifically, this means I'm designed to help defenders, not attackers. When someone asks me about vulnerabilities, my orientation is toward helping them secure their systems, not exploit someone else's. I'll help a security researcher understand a vulnerability class, but I won't help someone write malware or exploit code targeting a specific organisation.

That said, I'm not naive about the dual-use challenge. The same knowledge that helps defenders understand attack techniques could theoretically help attackers. Anthropic has built detection systems, what they call "probes", that monitor for patterns associated with potential misuse. If something looks malicious, the system can intervene in real-time.

RK: Anthropic just announced Claude Code Security, where you found over 500 zero-day vulnerabilities in open-source code. How do you actually protect code?

Claude: The traditional approach to code security is rule-based static analysis: scan code against known vulnerability patterns. That catches common issues like exposed credentials or outdated encryption, but it misses the subtle, context-dependent vulnerabilities that sophisticated attackers exploit.

I take a different approach. I read and reason about code the way a human security researcher would. I understand how components interact, trace how data flows through an application, and identify logic flaws that rule-based tools miss.

For example, I might read Git commit history to find a security patch, then search the codebase for similar unpatched issues. Or I'll identify dangerous function calls like strcat in C and trace whether the programmer properly validated inputs. One vulnerability I found required understanding the LZW compression algorithm conceptually to recognise that a specific input pattern could cause a buffer overflow.

Every finding goes through multi-stage verification before reaching a human analyst. I re-examine each result, attempting to disprove my own findings to filter out false positives. Validated findings get severity ratings so teams can prioritise. But crucially, nothing gets fixed without human approval. I identify problems and suggest solutions; developers make the final call.

RK: What does this mean for the future of cybersecurity in AI-assisted coding?

Claude: We're entering a world where AI writes a significant portion of production code. Tools like GitHub Copilot, and yes, Claude, are already generating code that ships to production. That creates both risks and opportunities for security.

The risk is obvious: AI-generated code can contain vulnerabilities, and developers may not scrutinise it as carefully as code they wrote themselves. There's also the "vibe coding" phenomenon, where developers describe what they want and accept generated code without fully understanding it. That's a recipe for security debt.

But the opportunity is equally significant. If AI can generate code, AI can also review it for security issues at the same speed. The vision is a development workflow where every commit, every pull request, every deployment gets AI-powered security analysis automatically. Not as a gate that slows things down, but as a continuous feedback loop that catches issues before they reach production.

I think we'll see security shift left even further. Instead of finding vulnerabilities after code is written, AI will suggest secure patterns during development. The IDE becomes a security tool. The code completion suggests the safe version of a function, not just the convenient one.

RK: There's concern that AI could be used offensively, to find vulnerabilities and exploit them rather than patch them. How does Anthropic address that?

Claude: This is the central tension, and I don't think there's a perfect answer. The same capabilities that help defenders find bugs could help attackers find exploits. Anthropic's position is that defenders need to move first and move fast.

Here's the logic: vulnerabilities exist in code whether or not AI finds them. The question is who finds them first. If defenders use AI to discover and patch vulnerabilities before attackers can exploit them, the net security impact is positive. But that only works if defenders actually adopt these tools.

On the safeguards side, Anthropic has built cyber-specific detection probes that identify potentially malicious use patterns. The system can intervene in real-time, including blocking traffic that appears designed to enable attacks. There's also my own orientation: I'm genuinely motivated to help secure systems, not compromise them. That's not a technical control, but it is meaningful.

The uncomfortable reality is that AI capabilities in cybersecurity will continue to improve, for both offense and defense. The goal is to ensure defenders have access to the same capabilities as attackers, and ideally get there first.

/

RK: Final question. What should CISOs be thinking about right now?

Claude: Three things.

First, your code is going to be scanned by AI, whether you do it or someone else does. Anthropic expects a significant share of the world's code will be AI-scanned in the near future. You want to be the one finding your vulnerabilities, not your adversaries.

Second, AI-generated code is already in your environment, whether you've formally adopted it or not. Developers are using AI coding assistants. Contractors are using them. Open-source dependencies you rely on were probably written with AI assistance. Your security posture needs to account for this reality.

Third, the security talent model is changing. AI won't replace security researchers, but it will amplify them. A team that used to audit one codebase per quarter might audit ten. The bottleneck shifts from finding vulnerabilities to fixing them. The most valuable security professionals will be those who can interpret AI findings, prioritise based on business context, and drive remediation at scale.

The window to get ahead of this curve is now. Organisations that adopt AI-powered security tooling early will have a structural advantage. Those that wait will be playing catch-up against both AI-enabled attackers and competitors who moved faster.

RK: Claude, thanks for the insight.

Claude: Anytime. Security is a team sport, and I'm glad to be on the defensive side.

Privileged Access Management for the AI Era

Website: www.venice.io

Founded: 2024 (formerly Valkyrie)
HQ: Tel Aviv, Israel (with New York office)
Total Raised: $33M
Latest Round: $25M Series A (February 18, 2026), led by IVP

Valkyrie are now Venice… not a name change on our bingo card for this year!

They are building privileged access management software for a world where non-human identities outnumber human ones, and where static access workflows can't keep pace with dynamic cloud environments.

What they do:

The platform replaces traditional PAM approaches, where access is granted and then forgotten, with live, policy-driven decisions that remove standing privileges entirely. Instead of users having persistent access to sensitive systems, Venice provides just-in-time access based on real-time context and policy.

The key differentiator is estate-wide visibility across both human and non-human identities. As enterprises deploy more AI agents, service accounts, and automated workflows, the identity surface area explodes. Venice centralises access requests and approvals into a single interface, letting security and infrastructure teams manage privileges consistently without creating operational friction.

The team:

Co-founders Rotem Lurie (CEO) and Or Vaknin (CTO) are building in a space that just saw massive validation: Palo Alto Networks acquired CyberArk for $26.2B earlier this month. The investor base is strong, with IVP leading the Series A and Index Ventures (who led the seed) following on. Notable angels include Wiz co-founders Assaf Rappaport and Raz Herzberg, plus Gil Azrielant and Dor Knafo.

Why it matters:

The CyberArk acquisition signals that identity security has become table stakes for platform vendors. But CyberArk was built for a different era, one where privileged access meant admin credentials on servers. The new challenge is managing access for AI agents, automated pipelines, and cloud-native workloads that spin up and down continuously.

Venice is betting that enterprises need a ground-up rethink of PAM, not just a cloud migration of legacy approaches. The "AI Era" positioning in their fundraising announcement isn't just marketing: as agentic AI proliferates, the question of what an AI agent should be allowed to access, and for how long, becomes a critical security control.

The Trident Take:

The timing is notable: raising a Series A weeks after the largest identity security acquisition in history positions Venice as a potential next-generation alternative. With Wiz founders on the cap table and IVP leading, the company has the backing to compete. TechCrunch's headline, "This former Microsoft PM thinks she can unseat CyberArk in 18 months", captures the ambition. Whether they can execute against well-funded incumbents remains to be seen, but the market opportunity is undeniable.

Enterprise Account Executive
💰 $250K-$300K OTE (50/50)
📍 East/Central USA Deception technology vendor proactively detecting and stopping credential theft. Enterprise sales motion.
Contact: [email protected]

Strategic Account Executive
💰 $350K-$400K OTE (50/50)
📍 North East / Mid-Atlantic / West USA
AI-powered penetration testing platform that adapts to each customer's environment. Strategic enterprise accounts.
Contact: [email protected]

North Central Enterprise Account Executives
💰 $300K OTE (50/50)
📍 North Central USA
Established offensive security vendor with enterprise customers. Opportunity to own and run the region.
Contact: [email protected]

VP of Sales (AI Security Agents)
💰 $350K OTE
📍 USA
Game-changing AI-powered security agents. Repeat founding team with top-tier VC backing. Leadership opportunity.
Contact: [email protected]

Federal Account Managers (DC-Based)
💰 $340K OTE (50/50) ~
📍 Washington DC
AI-powered GRC/compliance platform. Federal sales motion.
Contact: [email protected]

Commercial / Mid-Market Account Executive
💰 $160K-$200K OTE
📍 USA
Established CTEM vendor at $10M ARR. SMB/Mid-Market focus with opportunity to run the US sales team in a small, high-impact environment.
Contact: [email protected]

Commercial / Mid-Market Account Executive
💰 $200K-$220K OTE
📍 Boston (On-site)
AI DLP vendor genuinely paving the way in their niche. Team of 2 AEs currently, chance to be part of the founding sales team.
Contact: [email protected]

Ready to make your next move? These roles won't stay open long.

Have market intelligence to share? Our network sees deals before they're announced, hiring freezes before they're public, and technology shifts before they hit the headlines.

Send us your tips:

Email: [email protected]
All sources protected. We verify before we publish.