Welcome back to The Trident Radar!

Apologies! I was on holiday for a week, so this is a double issue. And what a fortnight to miss. Cisco dropped $400 million on Astrix Security. Akamai paid $205 million for LayerX. Both Israeli. Both focused on securing things that aren't humans. The message from the market is clear: non-human identity security just became a boardroom priority.

Meanwhile, XBOW raised another $155 million at a valuation north of a billion dollars. An AI pentesting platform is now worth more than most of the companies it's testing. We're living in interesting times.

This week we're covering the NHI security land grab, why your AI agents probably have more access than your employees, and wrapping up our RPO series with the final question: build internal TA or outsource?

Let's dive in!!

Weeks 3 & 4: Build vs Buy - The Final Chapter

We've covered the stages of growth and the financial breakdown. Now for the question we get asked most often: should we build an internal talent acquisition function or use RPO?

The honest answer: it depends on volume. And the numbers are clearer than most founders realise.

The Real Economics of Internal TA

A senior internal recruiter in the US costs $85,000-115,000 fully loaded. That's base salary times 1.25-1.4x to cover employment taxes and benefits, per MIT Sloan's widely-cited employee cost methodology and confirmed by BLS data showing benefits account for roughly 30% of total compensation.

SHRM's 2025 Recruiting Benchmarking Report found the median recruiter handles 20 requisitions per year. At larger organisations (500+ employees), that rises to 50-60. So a $100K fully-loaded recruiter filling 25 roles costs you $4,000 per hire in recruiter payroll alone.

But that's not your true cost-per-hire. Add ATS subscriptions, LinkedIn Recruiter seats ($9,000-13,000/year), job board spend, and the real killer: hiring manager time.

Ashby's 2026 Talent Trends data shows the average technical hire requires 23+ interview hours across the hiring team. Business hires average 12 hours. At $100/hour fully loaded for senior managers, that's $1,200-2,300 per hire just in interview time. Gem's 2025 benchmarks found hiring teams now conduct 42% more interviews per hire than in 2021. Manager time is the fastest-inflating component of cost-per-hire.

When you add it all up, SHRM's 2025 data shows median cost-per-hire of $1,200 for non-executive roles, but the average runs $4,700-5,500 because a handful of expensive hires pull the mean up. Executive hires average $28,000-36,000.

And if you get it wrong? SHRM estimates a bad hire costs 50-200% of annual salary. CareerBuilder's survey of 6,000 hiring managers found the average bad hire costs $15,000, with 27% reporting losses over $50,000.

The Case for Building Internal

Internal recruiters understand your culture deeply. They're in your Slack channels, your all-hands meetings, your hallway conversations. They pick up on nuances that external partners miss.

The maths work when you have volume. At 40 hires per year, one senior recruiter ($100K loaded) plus tools ($25K) costs $125K total, or $3,125 per hire. That's 3-5x cheaper than contingency agencies charging 15-25% of salary.

But building takes time. Recruiter ramp-up runs 6-9 months under structured onboarding, per Vantage Point research. Standing up a full TA function from scratch, including hiring the leader, implementing an ATS, designing process, and ramping to scale, takes 6-12 months before you hit break-even against RPO.

The Case for RPO

RPO makes sense when you need to scale faster than you can build. You close a Series B in March and need 15 salespeople by September. You don't have time to hire a TA team, train them, and then start filling roles. RPO can be operational in 30-90 days.

RPO also wins when hiring is spiky. Growth-stage cybersecurity companies often hire in waves: 10 people after a funding round, quiet for six months, then another burst. Paying for internal TA capacity during the quiet months is expensive.

Typical RPO pricing runs $3,000-8,000 per hire for mid-level roles, $8,000-15,000 for senior, and $15,000-25,000 for executives. Management-fee models run $8,000-15,000 per month per embedded recruiter. Enterprises that switch from contingency agencies to RPO report 60-75% reduction in agency spend.

The Break-Even Thresholds

The data points to clear volume thresholds:

Under 15 hires per year: use contingency agencies or recruiter-on-demand. The loaded cost of an internal recruiter ($90K+) exceeds the agency fees you'd pay, and you'll under-utilise them.

15-40 hires per year: hire one senior internal recruiter plus ATS and LinkedIn Recruiter. Budget 6 months to ramp. Use contingency or recruiter-on-demand for surge capacity.

50-200 hires per year: build a hybrid model. Two to four in-house recruiters for specialised and leadership roles, project RPO for volume bursts.

300+ hires per year: engage enterprise RPO with management-fee plus hybrid pricing. Budget $1-3M annually.

The Hybrid Model

Most companies we work with land somewhere in the middle.

Internal TA for roles that require deep cultural knowledge: executive hires, founding team members, roles where fit matters more than speed.

RPO for roles that require volume and velocity: sales teams, SDR cohorts, customer success buildouts.

The internal team owns the candidate experience and employer brand. The RPO team delivers the pipeline and throughput.

The Bottom Line

The decision isn't philosophical. It's arithmetic.

If you're hiring fewer than 15 roles per year, don't hire a recruiter. If you're hiring 30+, do the maths on internal versus your current agency spend. And if you're somewhere in between with unpredictable volume, that's exactly where embedded RPO delivers the most value.

What matters is matching the model to your reality, not your aspirations. The company you are today, not the company you hope to be in three years.

And if you want to talk through what makes sense for your specific situation, you know where to find us.

Astrix Security | $400M Acquisition Cisco • Tel Aviv, Israel
Non-human identity security platform protecting API keys, service accounts, OAuth tokens, and AI agents. See Company Spotlight.

LayerX | $205M Acquisition Akamai • Tel Aviv, Israel
Browser-based AI usage control and secure enterprise browser technology. Extends Akamai's Zero Trust portfolio into browser-level protection.

XBOW | $155M Series C Seattle, WA
AI-powered autonomous penetration testing platform. Valuation reportedly exceeds $1B. The platform that topped HackerOne's leaderboard continues to scale.

Exaforce | $125M Series B San Jose, CA
Cloud security platform for infrastructure remediation and threat mitigation at scale.

Frame | $50M Early Stage New York, NY
Cybersecurity awareness and human risk management platform helping organisations identify and reduce human-driven security risks.

CyberSwarm | $50M Series A San Mateo, CA
Neuromorphic computing hardware enabling real-time adaptive intelligence at the edge for security applications.

White Circle | $11M Seed Dover, DE
AI security software for automated testing and protection of machine learning systems.

CyMotive Technologies | $10M Corporate Tel Aviv, Israel
Automotive cybersecurity solving the industry's most pressing vehicle security challenges.

VirtualBrowser | $7.05M Early Stage Paris, France
Browser cybersecurity software protecting workstations and sensitive web applications.

Crypto Quantique | $1.76M Later Stage London, UK
Quantum-driven cybersecurity platform ensuring end-to-end IoT security standards.

Attestiv | $830K Later Stage Lehi,
UT AI-powered digital media validation platform reducing risk through content authenticity verification.

High Entropy Security | $500K Angel Flagstaff, AZ
Computer security software for protection of cryptographic keys and distributed networks.

Avistar.AI | $300K Seed Chicago, IL
Identity verification platform offering machine identity risk intelligence for MSPs and security teams.

Axur → Infoblox (Add-on) Anti-fraud and digital risk protection platform. Miami, FL.

Driftnet → SecurityScorecard Bulk and custom threat intelligence feeds for security integrators. Cheltenham, UK.

SecureIQx → Boost Security ML-driven cybersecurity assessment and risk prioritisation. Cambridge, MA.

1touch.io → Everpure AI-based enterprise platform for data discovery and privacy management. New York, NY.

Halo Privacy → Cycurion Digital privacy software protecting sensitive information. Seattle, WA.

Link22 → MW Group Network security platform with cross-domain solutions. Linköping, Sweden.

HANDD Business Solutions → Acora/LDC Managed data security and consultancy. Reading, UK.

Thales (Managed Cloud Services) → Interactive Secure managed cloud services for hybrid/multi-cloud environments. Meudon, France.

Cisco just paid $400 million for Astrix Security. Akamai paid $205 million for LayerX. Both deals closed within days of each other. Both target the same fundamental problem: securing things that aren't human.

This isn't a coincidence. It's the market catching up to a reality that's been building for years.

The Scale of the Problem

According to ManageEngine's 2026 Identity Security Outlook, organisations now report machine-to-human identity ratios of 100:1. Some hit 500:1. Obsidian Security's research puts the ratio at 25-50x in typical enterprises, with that number accelerating as AI agent deployment scales.

These aren't just service accounts for databases. They're API keys for every SaaS integration. OAuth tokens for every third-party app your employees authorised. Certificates for every microservice. Credentials for every CI/CD pipeline. And now, increasingly, identities for AI agents that make decisions and take actions autonomously.

The problem is that while we spent the last decade perfecting MFA rollouts and zero-trust architectures for human users, these machine identities proliferated with almost no governance.

The Security Gap

The numbers are stark. According to the 2025 State of Non-Human Identities report from Entro Security, 97% of NHIs have excessive privileges. Just 0.01% of machine identities control 80% of cloud resources. Compromise one of those accounts and an attacker owns your environment.

Sophos's State of Identity Security 2026 report, published this month, found that 71% of organisations suffered at least one identity-related breach in the last 12 months. Weak non-human identity management, including static credentials, API keys stored in code, and orphaned service accounts, accounted for 40.6% of breach root causes.

GitGuardian detected 13 million secrets exposed in public GitHub repositories last year. And those are just the public repos. The private repos, the Slack messages, the Confluence pages, the shared Google Docs are worse.

Why Now?

Three things changed.

First, cloud and SaaS adoption created an explosion of machine identities that traditional IAM tools weren't designed for. Your identity provider knows about your employees. It doesn't know about the 3,000 OAuth tokens your employees created when they clicked "Allow" on third-party app requests.

Second, several high-profile breaches traced root cause to compromised NHIs rather than human credentials. The Microsoft breach in 2023 that compromised 22 organisations. The Snowflake customer breaches. The Sisense incident. These weren't phishing attacks against employees. They were compromised service accounts and API keys.

Third, AI agents changed the calculus entirely. A traditional service account runs the same code doing the same thing every day. An AI agent might dynamically request access to multiple systems, execute privileged operations on behalf of users, and take actions that even its developers didn't anticipate. According to Cisco's AI Readiness Index, only 24% of organisations have the guardrails needed to control AI agent actions safely.

What Cisco Is Buying

Astrix built its platform around three capabilities. Discovery: finding every OAuth token, API key, service account, and AI agent across your environment. Governance: understanding which have excessive privileges, which are stale, which connect to risky third parties. And response: detecting when these identities behave anomalously and taking action.

The Cisco integration will push these capabilities into Identity Intelligence, Duo, Secure Access, and Splunk. The thesis is that NHI security can't be a standalone tool. It has to be embedded in the identity and security stack that enterprises already run.

What This Means for Security Teams

If you're a security leader, you probably already know you have an NHI problem. According to NHI Management Group research, NHIs are now viewed as a top 3 risk by CISOs. One in four organisations are already investing in dedicated NHI security capabilities, with 60% planning to do so within the next twelve months.

The Cisco and Akamai acquisitions validate that this isn't a niche concern. It's becoming core infrastructure.

The question isn't whether to address NHI security. It's whether you address it before or after an incident forces your hand.

Website - astrix.security

When Cisco announced its intent to acquire Astrix Security for $400 million, it validated a category that didn't exist five years ago.

The Founders

Alon Jackson (CEO) and Idan Gour (CTO) founded Astrix in 2021. Both are veterans of Israel's Unit 8200 intelligence division where they served for almost a decade. Jackson previously served as head of R&D at Argus Cyber Security, the automotive cybersecurity company. Gour led software development at Deep Instinct, the deep learning cybersecurity company.

The Thesis

When Astrix launched, non-human identity security wasn't a recognised category. There were no analyst quadrants, no market maps, no established playbooks. The founders spotted something others missed: the identities and credentials powering modern enterprise systems, API keys, service accounts, OAuth tokens, were dangerously under-secured.

They weren't wrong. Enterprises had invested heavily in human identity management. SSO, MFA, conditional access, device posture. Meanwhile, machine identities multiplied quietly. Every CI job, every SaaS integration, every automation workflow needed credentials. Those credentials were created during urgent launches and never reviewed. They were shared across services. They had administrator privileges because nobody knew the minimum scope.

The Product

Astrix built a platform that discovers OAuth tokens, API keys, service accounts, and webhooks across hundreds of SaaS applications. It tracks token age, last-used time, granted scopes, observed activity, and third-party vendor risk profiles. It surfaces tokens that should be revoked because of inactivity, over-privileging, or vendor reputation issues.

In early 2026, as AI agent deployment accelerated, Astrix expanded to cover agentic identities specifically, including discovery, runtime monitoring, and policy enforcement for both sanctioned and shadow AI agents across enterprise environments.

The Funding Journey

Astrix raised $91 million before the acquisition. The $51 million Series B in December 2024 was led by Menlo Ventures through their Anthology Fund, a partnership with Anthropic. Other investors included Workday Ventures, Bessemer Venture Partners, CRV, and F2 Venture Capital. The $25 million Series A in 2023 was led by CRV.

The Cisco Fit

Cisco plans to integrate Astrix into Identity Intelligence, strengthening visibility across the entire Cisco Security platform. The capabilities will extend into Cisco Secure Access and Duo for authentication and authorisation of non-human identities under a Zero Trust model. Intelligence feeds into Splunk for SOC visibility.

For Cisco, this is part of a broader push to secure the "agentic workforce." They've already acquired Galileo for AI observability. Astrix adds the identity layer.

The Takeaway

Astrix didn't just build a product. They defined a category. OWASP now publishes a Non-Human Identities Top 10. Gartner has dedicated research on Machine IAM. The problem Astrix identified in 2021 is now recognised as one of the most critical unsolved challenges in enterprise security.

For founders: this is what category creation looks like. Find a problem nobody's named yet, build the solution, educate the market, and become the obvious acquisition target when the platforms decide they need the capability.

VP Marketing
💰 $275K base
📍 US
Threat intelligence platform with strong technical differentiation. Building marketing function for growth phase.
Contact: [email protected]

Strategic Sales - US
💰 $200K base
📍 US
Threat intelligence and security analytics company. Strategic enterprise sales role.
Contact: [email protected]

Sales Engineer
💰 $200K base
📍 US
Identity security vendor with strong technical product. Pre-sales engineering role.
Contact: [email protected]

Regional Sales Director
💰 $175K base
📍 US (x2 openings)
AI-powered security platform. Building regional sales leadership.
Contact: [email protected]

Regional Sales Director
💰 $160K base
📍 US
Attack surface management platform with strong customer traction.
Contact: [email protected]

Founding AE
💰 $150K base
📍 US
Early-stage security vendor. Founding sales role with significant equity.
Contact: [email protected]

Sales Director
💰 $150K base
📍 US
Application security company protecting JavaScript. Building US sales presence.
Contact: [email protected]

BDM - UK
💰 £80K base
📍 UK
Offensive security company with continuous testing approach. Building UK presence.
Contact: [email protected]

Head of Channel
💰 TBC
📍 US
Security vendor building channel programme from the ground up.
Contact: [email protected]

Ready to make your next move? These roles won't stay open long.

Ten cybersecurity companies went out of business this fortnight:

Ascent Portal - Automated compliance platform for governance, risk, and compliance (Austin, TX)

Crypteron - Data security platform for backend applications in the cloud (San Diego, CA)

Fraud Doctor - Risk management platform for fraud identification (Wesley Chapel, FL)

Kaprica Security - Mobile security platform for cybersecurity services (Reston, VA)

Kryptaxe - Cybersecurity company protecting users from hacking (New York, NY)

MetaCert - Threat intelligence system for URL verification and protection (San Francisco, CA)

SightGain - Integrated risk management technology for government and enterprise (Fulton, MD)

Smart Armor - Bluetooth smart lock software for cabin security (San Diego, CA)

ThreatOptix - Cybersecurity platform protecting Linux servers (San Francisco, CA)

AV Living Lab - Transportation development services focused on autonomous vehicle security (Ljubljana, Slovenia)

Have market intelligence to share? Our network sees deals before they're announced, hiring freezes before they're public, and technology shifts before they hit the headlines.

Send us your tips:

Email: [email protected]
All sources protected. We verify before we publish.