This week's theme: agents everywhere. Socket raised $60 million at a billion-dollar valuation to stop supply chain attacks before they hit developer laptops. Ocean emerged from stealth with $28 million to deploy AI agents that investigate every inbound email. Torq acquired Jit to add context graphs to their AI SOC. The word "agentic" appeared in four separate funding announcements.

Meanwhile, Armada pulled in $230 million for edge AI infrastructure, Nextron Systems is heading to Eurazeo in a secondary buyout, and four more companies quietly shut down. The market is separating: companies with real product-market fit are raising at premium valuations, and everyone else is running out of runway.

Let's dive in.

What our Placements Taught Us About Where Candidates Actually Come From

Here's something we didn't expect to find in our own data.

From over 50 cybersecurity placements we've made in 2026, 40% came from referrals and network, not LinkedIn outreach.

That's unusual for a search firm. Most agencies live and die by InMail response rates. The whole business model is outbound: find people on LinkedIn, message them, hope they reply.

We do that too. But over a third of our hires came because someone vouched for them. A candidate we placed three years ago texts us about a former colleague. A CISO we've known for a decade mentions someone from their last company. A founder asks if we know anyone who "gets" their space.

Those introductions convert at a completely different rate than cold outreach. The candidates are warmer. The references are real. The fit is better.

But sourcing is only half the story. The same network that surfaces candidates also vets them.

Back-channelling is how we actually know if someone is good. The references a candidate provides are curated, they'll give you names of people who'll say nice things. The real signal comes from the people they didn't list. Former colleagues. Peers at competitors. CISOs who evaluated their product. Investors who passed on their last company. You can't get those conversations from a LinkedIn profile. You get them from years of relationships in a specialist market.

When we're assessing a VP Sales candidate, we're not just checking if they hit quota. We're calling the SE who worked deals with them, the CSM who inherited their accounts, the CEO who decided not to promote them. That's where you learn if someone inflates numbers, burns bridges, or takes credit for team wins.

This isn't advice to stop using LinkedIn. It's a reminder that relationships compound, for sourcing and for vetting. The best candidates aren't always actively looking. They're being vouched for by people who've worked with them. And the risky candidates? They're being flagged by the same network, if you know who to ask.

If you're hiring, ask your team who they'd bring with them. If you're a candidate, stay referable. Your reputation travels faster than your CV.

Socket
Series C, $60M (Thrive Capital, a16z, Abstract Ventures, Capital One Ventures)
Developer of a supply chain security platform protecting enterprises from malicious open-source dependencies. AI-assisted analysis detects potential compromises before affecting production. Customers include Anthropic, Cursor, Figma, Vercel. Post-money valuation $1B.

Category: Software Supply Chain Security
HQ: Wilmington, DE

Armada
Series B, $230M (8090 Industries, Overmatch Ventures, BlackRock)
Developer of an edge computing platform for AI data centres in remote and tactical environments. Deploys modular AI infrastructure across military operations, oil fields, mining sites, and industrial locations. Pre-money valuation $2.13B.

Category: Edge Computing / AI Infrastructure
HQ: San Francisco, CA

Ocean
Series A, $20M (Lightspeed Venture Partners Israel, Picture Capital, Cerca Partners)
Developer of an agentic email security platform deploying AI agents to investigate every inbound email in real time. Analyses sender intent, validates business relationships, follows evidence chains. Processing 1B+ emails/month. Total funding $28M. Angel investors include Assaf Rappaport (Wiz), Yevgeny Dibrov and Nadir Izrael (Armis founders).

Category: Email Security / Agentic AI
HQ: New York, NY

Prelude
Series A, €17.2M (~$20M) (20VC, Deel, Seedcamp, Singular)
Operator of a phone verification and authentication platform for secure user onboarding and fraud prevention. Expanding to full-stack trust platform including Auth API and Intel API. Pre-money valuation €54M.

Category: Identity Verification / Authentication
HQ: Paris, France

InCountry
Venture Funding, $15M (Arbor Ventures, Global Founders Capital, Mubadala Capital)
Operator of a data residency platform helping organisations comply with local data sovereignty regulations. AI-powered sensitive data detection and application-level data residency infrastructure for cross-border AI operations.

Category: Data Residency / Compliance
HQ: Wilmington, DE

Liongard
Convertible Debt, $3.5M
Developer of a configuration change detection and response platform for MSPs. IT monitoring and configuration management tools to streamline auditing and compliance reporting.

Category: IT Operations / MSP Tools
HQ: Houston, TX

Craci
Pre-Seed, €1.4M (~$1.6M) (Lifeline Ventures, Wave Ventures, First Fellow Partners)
Developer of a compliance automation platform for the EU Cyber Resilience Act. Automates vulnerability tracking, software supply chain visibility, and security documentation within development pipelines.

Category: Compliance Automation / CRA
HQ: Helsinki, Finland

IDsure
Seed, $600K
Developer of a decentralised digital identity platform for the maritime industry. Blockchain-backed credential verification for seafarer certifications using cloud-based SaaS and digital ID wallet.

Category: Digital Identity / Maritime
HQ: Odense, Denmark

Jit → Acquired by Torq
Deal Type: Merger / Acquisition
Deal Date: May 19, 2026
Deal Size: ~$70M (estimated)

Developer of an AI Context Graph platform mapping relationships between users, endpoints, identities, and alerts. Technology will be integrated into Torq's AI SOC platform. Jit had raised ~$40M from Boldstart, Insight Partners, TechAviv, and Tiger Global. 33 employees joining Torq.

Genie → Acquired by Cyera
Deal Type: Merger / Acquisition
Deal Date: May 20, 2026
Deal Size: Undisclosed

Developer of a data security platform monitoring data movement across workplace environments. Detects risky access and exposure events, applies automated protection controls. Strengthens Cyera's real-time data visibility capabilities.

Symmetry → Acquired by Zscaler (NAS: ZS)
Deal Type: Merger / Acquisition
Deal Date: May 2026
Deal Size: Undisclosed

Data security posture management vendor. Expands Zscaler's data protection portfolio within its zero trust platform.

Nextron Systems → Acquired by Eurazeo (PAR: RF)
Deal Type: Secondary Buyout (LBO)
Deal Date: May 19, 2026
Deal Size: Undisclosed

Developer of compromise assessment scanner and management platforms for continuous cybersecurity assessment. THOR scanner identifies unauthorised access to IT systems. German-headquartered, management participating in buyout.

Secuvant → Acquired by Cycurion (NAS: CYCU)
Deal Type: Merger / Acquisition
Deal Date: May 22, 2026
Deal Size: $2.9M

Provider of cybersecurity and risk management services including security monitoring, risk assessments, incident response, and SOC services.

MSP/MSSP Consolidation:

ComTech Computer Services → Acquired by Harbor IT (via Worklyn Partners)
Managed IT and cybersecurity for SMBs. (Graham, NC)

Roma ICT Diensten → Acquired by Iris One
Managed IT services provider. (Deurne, Netherlands)

DG Conseil Informatique → Acquired by Izitek (via Axio Capital)
IT managed services and cybersecurity consulting. (La Penne sur Huveaune, France)

Carrigan O'Dwyer → Acquired by Xeinadin Ireland
Accounting and advisory with cyber startup focus. (Kilkenny, Ireland)

Cyber Pop-up (Chicago, IL) — On-demand cybersecurity concierge for small businesses. Formerly VC-backed.

NXM (San Francisco, CA) — Autonomous IoT security platform. Had raised venture funding.

SpyGraph Systems (McLean, VA) — Threat intelligence platform.

Warlog (Paris, France) — Security operations.

Every funding announcement this week mentioned "agentic" something. Agentic email security. Agentic SOC. Agentic pentesting. Agentic vulnerability management.

Strip away the marketing and here's what's actually happening: security teams are drowning in alerts they can't investigate, and AI models are finally good enough to do the first-pass triage that junior analysts used to handle.

Traditional security tools detect and alert. Something looks suspicious, they flag it. A human investigates. The problem is scale. A mid-sized enterprise generates thousands of security events per day. Most are false positives. But buried in the noise are the real threats. And the attacker only needs to be right once.

"Agentic" means the AI doesn't just flag, it investigates. It follows the evidence chain. It enriches context. It makes a decision or escalates with a recommendation. The human reviews the AI's work rather than doing the work themselves.

Ocean's email agents investigate sender intent and business context before deciding if a message is safe. Torq's AI SOC (now enhanced with Jit's context graphs) autonomously triages and responds to security events. RunSybil's pentesting agents find and exploit vulnerabilities without human guidance.

This is different from the "AI-powered" claims we've heard for years. Those were pattern matching with better models. This is autonomous action.

The shift matters for hiring. Junior SOC analyst roles are changing. The job is increasingly "review AI decisions and handle escalations" rather than "investigate every alert manually." Senior analysts who can tune, train, and oversee AI systems are becoming more valuable. The total headcount in a SOC might shrink, but the remaining roles require more judgment.

For vendors, the question is whether "agentic" becomes a category or a feature. Does every security tool add autonomous investigation, making it table stakes? Or do purpose-built agentic platforms (Ocean, Torq, RunSybil) consolidate the market?

Our bet: both. Every major platform will add agentic capabilities. But specialists with deep domain expertise (email, SOC, pentesting, cloud security) will command premiums because their agents understand context that generalist tools miss.

The hype is real. So is the capability shift.

Website - ocean.security

When Ocean emerged from stealth with $28 million in funding and a cap table that reads like a cybersecurity all-star roster, it signalled that AI-native email security has arrived.

The Founders

Shay Shwartz (CEO) and Oran Moyal (CTO) founded Ocean Security. Both are veterans of Israel's elite IDF intelligence units, where they later co-founded a joint unit for the IDF and Shin Bet. Shwartz worked on Iron Dome before joining Axis Security as an early employee (acquired by HPE). Moyal founded a security research group at Microsoft Azure after VisibleRisk was acquired by BitSight. Both are Forbes 30 Under 30 alumni.

The Thesis

Traditional email security was built for a different era. Proofpoint, Mimecast, even newer players like Abnormal — they match patterns. Known bad domains, suspicious attachments, spoofed headers. The detection logic assumes attackers follow templates.

AI-generated phishing doesn't follow templates. It's written fresh every time. Personalised. Grammatically perfect. Designed specifically to evade pattern-based detection. The founders spotted that defending against AI-written attacks requires AI that investigates, not just AI that classifies.

The Product

Ocean deploys AI agents that investigate every inbound email like a security analyst would. They analyse sender intent, enrich contextual signals, validate business relationships, and follow evidence chains before messages reach the inbox. The platform also autonomously triages reported phishing emails and quarantine release requests.

This is different from the "AI-powered" claims we've heard for years. Those were pattern matching with better models. Ocean's agents reason about context — is this person who they claim to be? Does this request make sense given the business relationship? Has this sender ever contacted this recipient before?

The Funding Journey

Ocean raised $28 million across two rounds. The $20 million Series A was led by Lightspeed Venture Partners Israel with participation from Picture Capital (founded by Island's Mike Fey) and Cerca Partners. Angel investors include Assaf Rappaport (Wiz CEO), Yevgeny Dibrov and Nadir Izrael (Armis co-founders), and Dor Knafo (Cyberstarts GP, former Axis Security CEO).

The Traction

Processing over one billion emails per month. Customers include Kayak, Kingston Technology, and Headspace. Already protecting hundreds of thousands of employee mailboxes globally.

The Takeaway

Email remains the top enterprise attack vector. BEC losses exceeded $2.9 billion in 2024 according to the FBI. The founder pedigree is exceptional — Iron Dome, IDF intelligence, Axis Security, Microsoft Azure security research. Lightspeed Israel has a strong track record backing category-defining Israeli security companies (Wiz, Armis).

Whether "agentic email security" becomes a standalone category or gets absorbed into broader platforms remains to be seen. But Ocean has the team, the backers, and the market timing to find out.

May 2026 Prediction: Torq will acquire at least one more company before the end of 2026.

The Logic: They just raised $140M at a $1.2B valuation and immediately spent ~$70M on Jit. That leaves significant capital for continued M&A. The AI SOC space is fragmenting across detection, investigation, response, and context. Torq is clearly building a platform through acquisition. Likely targets: a threat intelligence company for enrichment, or a cloud security posture tool to expand their context graph.

Confidence: Medium-High

Running hit rate: 0/0 (0%) — tracking begins

Have market intelligence to share? Our network sees deals before they're announced, hiring freezes before they're public, and technology shifts before they hit the headlines.

Send us your tips:

Email: [email protected]
All sources protected. We verify before we publish.