Welcome back to the Trident Radar!
If December was about consolidation and platform plays, January was about conviction. The market opened 2026 with a clear message: offensive security is back, and it's being rebuilt from the ground up with AI.
The headline story is obvious, over $300M poured into AI-powered red teaming and autonomous penetration testing in a single month. Armadin, Horizon3.ai, and Novee all raised substantial rounds within weeks of each other, which says a lot about where investors think the market is heading.
But January wasn't just about offence. We also saw Claroty continue its march toward OT dominance with a $150M Series F, Mitsubishi Electric acquire Nozomi Networks, and the AWS & CrowdStrike Accelerator reveal its 2026 cohort, packed with agent security, identity intelligence, and AI-native SOC plays.
Let's dive in.
Trident Tours!
A very busy month of travelling for the team.
A few of our smiley consultants attended Cybertech Global Tel Aviv a few weeks ago!
Over 100+ meetings with founders, candidates and VC’s! Tel Aviv is a hot bed of cyber and some of the things that will come out from this small city this year will be insane!!
Trident Talks!
This week, Josh Keeley spoke with Fred Kneip, CEO & Co-Founder of Helmet Security (previously Founder/CEO of CyberGRX), about what’s changing as organisations move from contained AI use cases to agentic AI.
January Overview
AI-powered offensive security dominated January headlines. Armadin ($165M), Horizon3.ai ($100M), and Novee ($51.5M) all closed rounds this month, representing over $300M flowing into AI-driven attack simulation which is a fundamental shift from periodic assessments to continuous validation.
Platform M&A stayed aggressive. Mitsubishi Electric acquired Nozomi Networks, reinforcing OT security as critical infrastructure for the next decade. ServiceNow's Veza acquisition in December continues to ripple through the identity space.
The AWS & CrowdStrike Accelerator cohort is a market roadmap. Fifteen companies across identity intelligence, agent security, AI-native SOC, and GenAI data protection. Every category addresses problems that didn't exist five years ago.
Developer security and AI governance continue to attract capital. Aikido Security's €58.7M Series B and WitnessAI's $58M round show investors doubling down on securing the software supply chain and governing enterprise AI usage.
Deals of the Month
Mega Rounds & Late Stage
Upwind Security — Series B — $250M (Bessemer Venture Partners) — Cloud security, runtime-first approach
Armadin — Early Stage — $165.2M — AI-powered red teaming and vulnerability validation
Claroty — Series F — $150M (Golub Growth) — OT/CPS security, $3B valuation
Torq — Series D — $140M (Merlin Ventures) — Security automation, unicorn status
Horizon3.ai — Series D — $100M (NEA) — Autonomous penetration testing
Aikido Security — Series B — €58.7M (DST Global) — Developer security platform
WitnessAI — Early Stage — $58M (Sound Ventures) — AI governance and visibility
Novee — Series A — $51.5M (YL Ventures, Canaan, Zeev) — AI-driven continuous pentesting
Memcyco — Series A — $37M (NAventures) — Digital impersonation protection
Stoïk — Series C — €20M (Opera Tech Ventures) — Cyber insurance and SME security
Seed & Early Stage
Zepo Intelligence — Seed — $15M (eCAPITAL) — Human risk and social engineering defense
Symbiotic Security — Seed — $10M (Alven, Drysdale) — AI developer coaching platform
AiStrike — Seed — $7M (Blumberg Capital) — AI-powered security operations
Theorem — Seed — $6M (Khosla Ventures) — AI verification for secure code
DigitalXForce — Early Stage — $5M — AI-powered enterprise risk posture management
Asymmetric Security — Seed — $4.2M (Susa Ventures) — Security automation for incident response
X-Analytics — Seed — $3.33M — Cyber risk analytics and insurance modeling
Aisy — Seed — $2.3M (6 Degrees Capital) — AI-native security intelligence
Mantas — Pre-Seed — $1.77M (Nuwa Capital) — Cloud downtime insurance
Pallma AI — Seed — £1.19M (Marathon VC) — Agentic enterprise security
The Security Bulldog — Pre-Seed — $400K (Right Side Capital) — AI threat intelligence curation
Hex Security — YC W26 — $125K — Autonomous application security testing
Major M&A
Altamira Technologies → Acquired by Parsons — $375M
Parsons expands its national security footprint with Altamira's multi-intelligence consulting, cyber operations, and data insights capabilities. Defense-adjacent cyber services continue consolidating.
Nozomi Networks → Acquired by Mitsubishi Electric
A significant OT security exit. Nozomi's AI-powered industrial and critical infrastructure monitoring platform joins Mitsubishi Electric's portfolio, reinforcing the Japan-US axis in operational technology protection.
Cycuity → Acquired by Arteris
Hardware security verification meets chip-level IP. Arteris acquired Cycuity to embed security analysis into semiconductor design flows for automotive, medical, and aerospace applications.
Seald → Acquired by OVHcloud
European cloud provider OVHcloud picks up Seald's end-to-end encryption platform. Data sovereignty and encryption remain strategic priorities for European infrastructure players.
Unipath → Acquired by ControlUp
ControlUp acquires Unipath to strengthen its autonomous endpoint management strategy with agentic AI capabilities for issue diagnosis and remediation.
Market Intel Deep Dive
Red Teaming is Back: Why Offensive Security Just Raised $300M+ in January
Armadin ($165.2M), Horizon3.ai ($100M), and Novee ($51.5M) all closed rounds this month. That's over $300 million into AI-powered offensive security in the space of a few weeks, and it tells us something important about where the market is heading.
What's driving it?
For years, enterprises have relied on annual penetration tests, expensive, point-in-time assessments that age the moment the consultant walks out the door. The problem is that attack surfaces now change daily. Cloud workloads spin up and down. APIs proliferate. AI agents take actions across systems. A once-a-year snapshot just isn't defensible anymore.
The new model is continuous validation, and all three of these companies are building for it:
Armadin (founded by Kevin Mandia of Mandiant fame) applies AI to red teaming, examining security weaknesses from the attacker's perspective to identify which vulnerabilities are actually exploitable, not just theoretically present.
Horizon3.ai delivers autonomous pentesting across internal, external, cloud, and hybrid environments without requiring agents, custom code, or external consultants. Their NodeZero platform has now been used in over 150,000 autonomous pentests.
Novee chains weaknesses together the way real attackers do, validating actual exploit paths and prioritising issues based on demonstrated impact. The company raised its Series A just four months after founding making it one of the fastest trajectories in offensive security.
What connects them is that they all simulate real adversarial behaviour using AI, and they all operate continuously rather than episodically.
Why now?
A few things have converged. AI has changed offence faster than defence. The same models that power security copilots also power attack generation, and enterprises can no longer assume static threat landscapes. At the same time, CISOs are getting tired of dashboards that show "posture scores" without demonstrating actual exploitability. Boards want evidence. Regulators want evidence. Insurance underwriters want evidence.
There's also the talent reality: there will never be enough human pentesters to test every enterprise continuously. AI-driven offensive security scales where humans simply cannot. And with the explosion of cloud, SaaS, APIs, and AI agents, the number of potential entry points has grown so fast that manual testing can't keep pace.
What this means for the market
Security validation is becoming a platform category, not a services category. We'll likely see more M&A as traditional consulting firms look to acquire AI-native offensive security vendors. Defensive vendors (EDR, SIEM, CNAPP) will start adding "validation" modules to prove their own efficacy. Cyber insurance carriers may start requiring continuous testing as a condition of coverage. And compliance frameworks like SOC 2, ISO 27001, and PCI DSS will evolve to accept automated evidence.
The companies winning this market aren't building better pentest reports, they're building operating systems for continuous attack simulation.
The Trident Take
Red teaming isn't back, it never really left. What's changed is the economics. AI makes continuous offensive security affordable at enterprise scale for the first time, and January's $300M+ tells us investors believe this market is about to move quickly.
The startups raising now will define the category. The enterprises buying now will be years ahead in proving their security posture. And the consultancies still selling annual assessments will need to adapt or get left behind.
AWS & CrowdStrike Cybersecurity Accelerator — 2026 Cohort
The third annual accelerator cohort offers a roadmap for where enterprise security is heading. No equity exchanged, but strategic access to CrowdStrike's enterprise customer base and AWS infrastructure makes this one of the most valuable non-equity programs in cybersecurity.
Identity & Access Intelligence
Opti — AI-native IAM platform analyzing human and non-human access
Hush Security — Secretless, policy-based access controls for machine-to-machine interactions
AI Agent & Agentic Security
Aira Security — Agent security with interaction gating, tool call inspection, and unsafe action blocking
Simbian — Autonomous AI security platform for intelligent defense
Insider Risk & Data Protection
Above Security — Insider risk detection analyzing user behavior and intent
Jazz — AI-driven DLP with context-aware detection across endpoints and cloud
Application & API Security
Huskeys — Web application security designed to stop dynamic modern attacks
Raven — Function-level runtime security reducing vulnerability overload
Cloud & Infrastructure Security
Averlon — Cloud security with attack chain analysis and container security
Nano Corp. — High-performance network monitoring for cloud providers
Zepo — Human-centric cybersecurity with behavioral risk analytics
Specialized Security
Fortyx Security — AI-powered cybersecurity assistant (Nvidia-backed)
QIZ Security — Cryptographic risk management and post-quantum readiness
SurePath AI — GenAI data security controlling access and redacting sensitive data
Mate Security — Self-improving SOC platform with adaptive learning
The Trident Take: This cohort is a category preview. Every company addresses problems that either didn't exist or have fundamentally changed with the rise of AI-driven operations.
Hot Jobs
VP Engineering
💰 $250K–$300K + bonus + equity
📍 East Coast
AI Threat Intelligence vendor delivering predictive intelligence on threat actor infrastructure to disrupt attack pathways.
Contact: [email protected]
Field Marketing Manager
💰 ~$200K OTE
📍 East / Central US
AI SOC platform focused on modern, automated security operations and detection workflows.
Contact: [email protected]
Account Executive (PACNW)
💰 ~$300K OTE
📍 Pacific Northwest
Series C cybersecurity vendor ($60M raised) operating in the security operations and threat intelligence space.
Contact: [email protected]
VP Global Sales
💰 $400K–$500K OTE
📍 US (Remote)
Series A ($20M) web application security and PCI DSS-focused vendor scaling global enterprise sales.
Contact: [email protected]
Account Executive – West & East
💰 $320K–$350K OTE
📍 West & East US
Series A ($15M) AI-powered incident response platform selling into Fortune 5–250 enterprise customers.
Contact: [email protected]
Enterprise Account Executive (AI Security)
💰 $180K–$200K base | $360K OTE
📍 East Coast (Remote / Field-based)
Early-stage, VC-backed AI security company redefining how enterprises secure modern environments. True enterprise role owning complex sales cycles and $150K+ ACV deals with senior security stakeholders.
Contact: [email protected]
Federal Account Manager
💰 ~$350K OTE (50/50)
📍 DMV Area
Enterprise risk and compliance management platform. Requires strong Fed Civ network and prior success as a Federal AE or Account Manager.
Contact: [email protected]
Ready to make your next move? These roles won't stay open long.
📥 INBOX INTEL
Have market intelligence to share? Our network sees deals before they're announced, hiring freezes before they're public, and technology shifts before they hit the headlines.
Send us your tips:
Funding rounds in stealth mode
Executive movements and reorganizations
Customer wins/losses that signal market shifts
Technology partnerships before they're announced
Hiring sprees or freezes at specific companies
Email: [email protected]
All sources protected. We verify before we publish.
The Trident Radar - Intelligence that moves faster than your competition
Delivered by Trident Search Research Desk
Editor: Ryan Keeley | London