ProductBeacon — State of Cyber Security Markets 2026, Front 7: The Emerging AI Theater

Disclosure: This is ProductBeacon's independent, impartial market research, based solely on publicly verifiable signals, published on the open web. No vendor sponsors, no paywalled data, no analyst-firm reuse. It reflects ProductBeacon's independent view and is not investment advice. Full independence and sourcing methodology: Methodology →.

By Yohay Etsion · Head of Product (Fractional), AXIA · Creator of Product Org OS · Author of Leading the Charge (2023) and Vision to Value (coming 2026)

AXIA is an AI-powered data-security (Insider Risk Management / DLP) company.

7.1 The Playing Ground

The AI Security front is the youngest battleground in this report, and the only one where the category itself is still being assembled in front of the buyer. It is not one market. It is three, bound together by a single demand driver — agentic AI — but sold to different buyers, on different timetables, against different threats. Naming them cleanly is the first job of this front, because the marketing collateral does not.

Where AI Security Sits — Three Sub-Markets, Two Cross-Front Boundaries PRODUCTBEACON — STATE OF CYBER SECURITY MARKETS 2026, FRONT 7 Demand driver: AGENTIC AI (pulls all three at once) AI Application Security "Protect the AI" — secure models & apps at runtime Prompt-injection & jailbreak defense LLM input / output inspection Adversarial-ML & model-theft protection Guardrails on agent tool calls Buyer: CISO / AI leader e.g. HiddenLayer · Prisma AIRS AI-Native SecOps "AI runs the SOC" — AI doing security operations Agentic SOC analysts Autonomous alert triage AI detection-engineering Investigation automation Buyer: CISO / SOC team e.g. Anvilogic · Tines · Prophet AI Governance & Assurance "Govern the AI" — govern the systems themselves Model-risk management Bias & algorithmic auditing Framework alignment evidence EU AI Act · NIST AI RMF · ISO 42001 TWO buying centers: Security org + Legal / Compliance org e.g. Credo AI · Holistic AI Boundary 1 — Runtime vs Egress AI App Sec owns the RUNTIME — the prompt, the agent, the tool call. Part-1 DLP owns the EGRESS — wherever data leaves, AI runtime or not. Two adjacent controls, one clean seam — not the same product. Boundary 2 — Standalone vs Embedded Only STANDALONE, AI-native SOC platforms are contenders here. AI shipping INTO an existing SIEM / XDR stack is Front-5 territory. AI-Native SecOps sits ON TOP of the SIEM layer, not replacing it. In one line: AI Security is not one purchase. It is three sub-markets, two buying centers, and two cross-front seams. The defining structural fact of this front: there is no pure-play AI-security Gravity vendor in 2026 — the category is being absorbed into platform incumbents faster than any independent can graduate. A market still forming its own center of gravity.

Three sub-markets — runtime defense, AI-run security operations, and AI governance — share an agentic-AI demand driver but split across two buying centers and two cross-front boundaries (DLP egress; the SOC stack).

AI Application Security (AI App Sec) secures AI applications and models at runtime: prompt-injection and jailbreak defense, LLM input/output inspection, adversarial-ML and model-theft protection, and — increasingly the center of gravity — guardrails on agent tool calls. Palo Alto's Prisma AIRS, for example, markets itself as blocking 30-plus prompt-injection and jailbreak techniques and discovering AI agents across cloud, SaaS, and endpoints with per-agent identity and audit trails.1 AI-Native SecOps is the inverse: AI doing security operations — agentic SOC analysts, autonomous alert triage, AI detection-engineering. Microsoft's phishing-triage agent claims to surface 6.5x more malicious alerts than analysts working alone, and its Security Analyst Agent runs multi-step investigations across Defender and Sentinel telemetry.2 AI Governance & Assurance governs AI systems themselves: model-risk management, bias and algorithmic auditing, and alignment to frameworks like the EU AI Act, NIST AI RMF, and ISO 42001.

Two cross-front boundaries are decisive, and both are drawn in this report's shared taxonomy. The first separates AI App Sec from Part 1's DLP front. The boundary: AI App Sec owns the runtime — the prompt, the agent, the tool call — while DLP owns the egress, regardless of whether the data leaves through an AI runtime or any other channel.3 The second separates AI-Native SecOps from Front 5's SOC platform war. AI-augmented detection that ships into an existing SIEM/XDR stack is characterized in Front 5; only standalone, AI-native SOC platforms are contenders here. As the taxonomy frames it, AI-Native SecOps sits as an analytic layer on top of the SIEM/XDR stack — it does not replace it.3

The defining structural feature of this front, and its sharpest finding, is what is missing: as of mid-2026 there is no pure-play AI-security Gravity vendor — none public, none past the roughly $100M-private mark that the report's vendor-tier rubric uses for Gravity. The category is being absorbed into platform incumbents — CrowdStrike's Falcon AIDR and Continuous Identity for AI Agents, Microsoft's Defender for Cloud AI, Palo Alto's Prisma AIRS — faster than any pure-play can graduate. The clearest evidence is acquisition. Palo Alto bought Protect AI for a reported figure above $500M (the deal value was not officially disclosed), and Cisco acquired Robust Intelligence — both pure-play AI-security startups, folded into platforms before they could reach escape velocity alone.4 I read this as the market's defining condition for 2026: the incumbents are buying the category faster than it can self-organize. The test is public and falsifiable. If a pure-play crosses into Gravity (an IPO, or a disclosed $100M-plus round at a standalone valuation) within the next four quarters, the absorption thesis weakens. If the next two notable AI-security exits are again acquisitions into platforms, it holds.

A second structural note: AI Governance & Assurance has two distinct buying centers — the security org and the legal/compliance org — and they do not buy the same way. The CISO buys runtime controls and SOC tooling; the GC or Chief Compliance Officer buys model auditing and regulatory-alignment evidence. A vendor selling "AI governance" to both is selling two products under one word, which is one reason the analyst sizings for this slice diverge so widely.

Three buyer misconceptions are worth retiring.

This front shares its layer map with the rest of the report. The runtime/egress and embedded/standalone boundaries follow the report's shared layer map, which sets the control-plane boundary policy and cross-Part vendor rules this front inherits.

7.2 The Terrain

Market sizing — three lenses, deliberately not averaged. Because AI Security is three sub-markets, there is no single number. The three analyst lenses below measure genuinely different things, so read them side by side, not blended.

The first lens is agentic-AI-security — the slice closest to AI App Sec plus agent-runtime defense. MarketsandMarkets sizes it at USD 1.65 billion in 2026, growing to USD 13.52 billion by 2032 at a 42.0% CAGR. Threat-detection-and-response is the largest segment at 23.1% of 2026 spend, and North America is 41.9%.5

The second lens is much broader: AI-in-cybersecurity, which folds in every AI-augmented security tool — most of which this report characterizes inside Fronts 5 and 6 rather than here. The same firm puts 2026 at USD 25.53 billion, reaching USD 50.83 billion by 2031 at a 14.8% CAGR. Grand View Research, on a similar definition, estimates USD 25.35 billion in 2024 reaching USD 93.75 billion by 2030 at a 24.4% CAGR.6 The gap between MarketsandMarkets' 14.8% and Grand View's 24.4% on nominally the same category is a definitional artifact: it turns on how much embedded-AI tooling each firm counts. That is exactly why averaging them would destroy information.

The third and narrowest lens is AI governance. MarketsandMarkets sizes it at USD 0.89 billion in 2024 growing to USD 5.78 billion by 2029 at a 45.3% CAGR. On its own cut, Research and Markets puts 2026 at roughly USD 0.61 billion reaching USD 2.63 billion by 2030 at a 44.3% CAGR.7

The honest summary across all three: the narrower and newer the slice, the steeper the headline growth rate. Agentic security and governance both clear 40% CAGR off small bases, while the broad embedded-AI category grows slower off a base ten-to-fifteen times larger.

Buyer and user trends. The buyer for this front is not one person. The runtime-defense and AI-SOC slices sell to the CISO and the SOC; the governance slice splits between security and the legal/compliance org, per the two-buying-centers note in §7.1. The user-side signal worth watching is the AI-SOC analyst. KuppingerCole stood up a dedicated Emerging AI Security Operations Center report category in 2026 and named Microsoft an overall leader. The creation of an analyst category is itself a public signal that AI-Native SecOps has crossed from feature to market.8 Buyers are also consolidating their entry point through platforms they already own. Microsoft's Security Copilot now hosts partner agents (OneTrust, Tanium, BlueVoyant, Aviatrix, Fletch), turning the incumbent platform into the distribution channel for third-party AI-security capability rather than a competitor to it.9

Technology trend anchor — agentic AI across all three sub-markets. The single demand driver tying this front together is agentic AI, and it pulls on all three slices at once. AI applications and agents need runtime defense (App Sec); AI is increasingly running the SOC itself (AI-Native SecOps); and the agents being deployed must be governed and audited (Governance). The clearest production signals are converging on agent identity and authorization as the control point. CrowdStrike's June 2026 Continuous Identity for AI Agents (built on its SGNL acquisition) grants, denies, and revokes agent access in real time with no standing privileges, and Palo Alto's Prisma AIRS 3.0 assigns per-agent identity with RBAC and audit trails.10 I read agent identity as the contested center of this front for the next several quarters. The falsifiable test is whether the platform incumbents report named agent-security or AI-runtime SKUs as disclosed growth drivers in upcoming earnings, rather than burying them as undifferentiated platform line-items.

Regulatory trend (context only). Three frameworks form the regulatory backdrop for the Governance slice: the EU AI Act, the NIST AI Risk Management Framework, and ISO 42001, the AI-management-system standard.11 These are real and they shape what the governance buyer must eventually demonstrate. But they are context, not a market-timing mechanism: this report does not predict buying on the strength of a regulatory effective date or a policy-adoption forecast. The forward-looking claims in this front ground only on observable public signals. Those signals are the agentic-AI-security sizing clearing 40% CAGR off a real revenue base, the platform incumbents' acquisitions of Protect AI and Robust Intelligence, KuppingerCole's creation of an AI-SOC analyst category, and CrowdStrike's and Palo Alto's shipped agent-identity products. If the absorption-into-platforms pattern continues to show up in dated acquisitions and earnings disclosures, the thesis holds; if a pure-play graduates to Gravity on its own, it weakens. The regulation is the weather, not the trade.

Sourcing note. AI governance is the thinnest-sourced slice here. The named-analyst sizings diverge by base and definition more than in any other front in this report. Several firms publish governance numbers an order of magnitude apart (sub-$1B versus low-hundreds-of-millions in 2026), depending on whether tooling, services, or model-audit consulting is counted. The two figures cited above are the most clearly defined and consistently scoped; the wider divergence is flagged rather than resolved, and no governance number carries the weight of a forward claim.

7.3 The Contenders

The AI Security Vendor Landscape — 2026 PRODUCTBEACON — STATE OF CYBER SECURITY MARKETS 2026, FRONT 7 PROTECT THE AI AI App Sec AI RUNS THE SOC AI-Native SecOps GOVERN THE AI Governance & Assurance AI-Security Function → ↑ Consolidation Status Independent pure-play Absorbed into a platform incumbent TIER COLOR — NO GRAVITY Attention — funded, hard-dated Wildcard — earliest-stage / thin Pre-Gravity finding: no pure-play at Gravity in 2026 HiddenLayer lone surviving independent Lakera → Check Point Protect AI → Palo Alto Tines ~$1.125B unicorn (going horizontal) Anvilogic detection-engineering Prophet Security agentic AI SOC analyst Credo AI public-sector / compliance route Holistic AI algorithmic auditing 2 of 3 App-Sec names already absorbed Author's read of public material, June 2026. Vendor positions are conceptual, not data-derived. The Y-axis surfaces the Pre-Gravity consolidation thesis.

Author's read of public material, June 2026. Vendor positions are conceptual, not data-derived.

The first thing to say about this front is what it does not have. Every other chapter in this report opens its contender section with a Gravity tier — the public companies and the late-stage private platforms whose pricing and packaging set the reference point the rest of the field prices against. The emerging AI-security front has none. No pure-play AI-security vendor is public, and none has crossed the roughly $100-million-private threshold that the Gravity label requires. The largest independents in this set have raised tens of millions, not hundreds. The vendors that would otherwise be the heavyweights have either been absorbed into platform owners or are still living on Series A and Series C rounds. I call this the Pre-Gravity finding, and it is the single most important structural fact about the front: this is a market still forming its own center of gravity, and the gravity it has is borrowed from the larger platforms buying into it.

That borrowing is the second structural fact. The clearest example sits in AI Application Security, where two of the three notable vendors are no longer independent companies — Lakera is now inside Check Point, and Protect AI is now inside Palo Alto Networks. Both moves landed inside a single twelve-month window in 2025, and they leave one surviving independent, HiddenLayer, carrying the pure-play App-Sec story alone. That pattern — a category being bought into existence by the platform players before any independent reaches escape velocity — is the through-line of this section.

The eight vendors below are grouped by sub-market rather than by tier, because the sub-market is where the structure lives. Within each group I note the tier each vendor would carry on the report's standard scale: Attention for the established, funded, hard-dated players; Wildcard for the earliest-stage or thinnest-sourced. But the reader should hold the Pre-Gravity finding throughout. With no Gravity anchor and most vendors raised below sixty million dollars, every card here is descriptive positioning extraction only. No vendor in this section is framed as a winner or a loser. The two acquired App-Sec vendors are described through their public, dated acquisitions — that is factual, not a verdict. Each card is anchored to a single dated vendor-controlled surface and at least one verbatim messaging pillar lifted from that surface on 2026-06-16.

AI Application Security

This is the sub-market where the buy-in story is loudest, so it leads. Of the three vendors that defined model-and-application-layer AI defense, two are now units inside larger platforms and one remains independent. The independent — HiddenLayer — gets the elevated, central treatment here, because it is the only place left to read what a pure-play AI Application Security company sounds like when it speaks for itself.

HiddenLayer

"The most comprehensive security platform for AI. Backed by patented technology and industry-leading adversarial AI." — [hiddenlayer.com, accessed 2026-06-16]12

HiddenLayer is the lone surviving independent in AI Application Security, and the elevated card of this front. Its stated USP is model-specific runtime and adversarial-ML defense delivered as a platform rather than a point tool. The homepage positions it as "the most comprehensive security platform for AI," built on "patented technology and industry-leading adversarial AI," and frames the coverage as securing "agentic, generative, and predictive AI applications" through AI Discovery, AI Supply Chain Security, and AI Attack Simulation.13 The product story is the security of the model itself — the weights, the supply chain, and the runtime behavior — rather than the network or the data around it. That is what distinguishes the App-Sec category from the SecOps and governance sub-markets below. The target buyer is the CISO or AI leader inside organizations deploying models into production, with a stated lean toward financial services, technology, and US federal; the surfaces carry no public pricing signal, routing instead through a book-a-demo motion. Architecturally HiddenLayer classifies as a model-layer AI-security platform, vendor-controlled and pure-play.

The capital picture is modest by the standards of every other front in this report, but central to the Pre-Gravity reading. HiddenLayer has raised roughly $56 million in total, anchored by a roughly $50-million Series A in September 2023 led by M12 (Microsoft's venture arm) and Moore Strategic Ventures. It remains independent, with a headcount around 169 as of March 2026, and was founded in Austin in 2022 by Chris Sestito, Tanner Burns, and Jim Ballard.14 Published-material tier is vendor-controlled plus named-outlet funding coverage; as an early-stage private company there is no public reporter. My read: HiddenLayer is the cleanest articulation of what a stand-alone AI Application Security company is — a model-defense platform speaking the model's language rather than the network's. The fact that it is the last independent of its original three is itself the descriptive center of gravity for this sub-market, which is precisely why the front has no Gravity tier of its own.

Check Point / Lakera (acquired unit)

"AI Is Moving From Language To Action. Are You Ready? Secure AI usage across browsers, SaaS, and copilots. Protect model inputs and outputs at the application edge. Control tool calls, file access, and autonomous runtime behavior." — [Check Point AI Security, checkpoint.com/ai-security, accessed 2026-06-16]15

Lakera is no longer an independent contender, and that is the story. Check Point acquired the LLM-security company for a figure reported at roughly $300 million, announced on 2025-09-16 and closed on October 22, 2025, and made it the foundation of a Global Center of Excellence for AI Security.16 On Check Point's live AI-security surface the Lakera heritage now reads as a three-part frame: securing AI usage at the workforce layer ("across browsers, SaaS, and copilots"), protecting "model inputs and outputs at the application edge," and controlling agent runtime behavior ("tool calls, file access, and autonomous runtime behavior"). That language carries Lakera's original LLM input/output-security DNA up into a network-security platform.15 Because the acquisition is the descriptive fact, this card extracts positioning from the acquirer's page, which is the live surface; Lakera's pre-acquisition prompt-injection and Gandalf-education heritage survives mainly as a brand reference on that page. The target buyer is Check Point's installed base extending AI controls across an existing security relationship; the architecture classifies as application-edge AI security now embedded inside a larger platform. Published-material tier is named-outlet acquisition coverage plus vendor-controlled. My read: the Lakera acquisition is the clearest single data point behind the App-Sec buy-in finding — an independent LLM-security pure-play folded into a network-security platform as a center-of-excellence anchor, which describes the direction of the sub-market more than any independent's roadmap does.

Palo Alto Networks / Protect AI (acquired unit)

"Secure the entire enterprise AI lifecycle and get the visibility, assurance and runtime governance to deploy autonomous AI agents safely." — [Prisma AIRS, paloaltonetworks.com, accessed 2026-06-16]17

Protect AI is the second of the three App-Sec vendors to leave independence. Palo Alto Networks announced its intent to acquire the ML/AI model-security company on 2025-04-28 and completed the deal on July 22, 2025 (its fiscal Q4 FY2025), folding Protect AI's heritage into Prisma AIRS — Palo Alto's AI runtime security platform.18 On the live Prisma AIRS surface the inherited capability reads as a lifecycle frame: "secure the entire enterprise AI lifecycle" across Discover, Assess, and Protect. The platform statement is that "the Prisma AIRS platform secures all AI agents, apps, models and data from development to deployment," with a capability set spanning agent security, AI red teaming, AI runtime security, AI model security, and AI posture management.17 As with Lakera, the descriptive fact is the acquisition, so positioning is extracted from the acquirer's page. The target buyer is Palo Alto's enterprise installed base extending into AI-lifecycle security; the architecture classifies as full-lifecycle AI security embedded inside a larger platform. Published-material tier is named-outlet acquisition coverage plus vendor-controlled (PANW, NASDAQ). My read: Protect AI's absorption into Prisma AIRS completes the App-Sec buy-in pattern — two of the three notable model-security independents are now platform modules, leaving HiddenLayer as the descriptive anchor of an independent category that the larger platforms are otherwise building out by acquisition.

AI-Native SecOps

The second sub-market is the security operations center rebuilt around AI — vendors applying detection engineering, triage, and investigation automation to the SOC workflow. The three here range from an established detection-engineering platform to an agentic automation layer that is consciously growing beyond security, to an early-stage agentic SOC analyst. The agentic-SOC thesis itself is examined in Front 5; these cards extract positioning only.

Anvilogic (Attention)

"Scale your SOC, Keep your stack. Agentic SecOps platform that onboards, searches, detects, and investigates across every data source — without moving a single byte." — [anvilogic.com, accessed 2026-06-16]19

Anvilogic is the detection-engineering play in this sub-market — the vendor applying AI across the SOC lifecycle without forcing data migration. Its stated USP is captured in the homepage promise to "scale your SOC, keep your stack": an "agentic SecOps platform that onboards, searches, detects, and investigates across every data source" while leaving data in place — "without moving a single byte" — and running "standalone on your security data lakes or alongside your SIEM."20 The product applies AI throughout the detection lifecycle: AI-enhanced detection and investigation, automated detection tuning with ML recommendations, and agentic triage via an agentic workbench. It supports Snowflake, Databricks, and Azure data lakes directly as the underlying store. The target buyer is the SOC team, detection engineer, or security architect modernizing detection without ripping out the existing SIEM. No public pricing signal surfaces; the motion routes through a demo. Architecturally Anvilogic classifies as a data-lake-native agentic SecOps platform, founded in 2019 and independent. The capital picture sits squarely in the Pre-Gravity band: Anvilogic raised a $45-million Series C led by Evolution Equity Partners, bringing total funding to roughly $85 million.21 Published-material tier is vendor-controlled plus named-outlet funding coverage. My read: Anvilogic's distinctive descriptive claim is the no-data-movement architecture. It positions as the SOC AI layer that sits on top of the customer's existing data estate rather than demanding a new one — a different bet than the rip-and-replace SOC platforms, and a clean fit with the data-lake-centric direction of modern security operations.

Tines (Attention)

"The intelligent workflow platform. Securely scale AI and automation. Integrate agents, teams, and tools with speed and control." — [tines.com, accessed 2026-06-16]22

Tines is the automation-layer incumbent going horizontal, and that repositioning is the central descriptive fact of this card. Tines came up as a security-automation platform — a SOAR alternative built for analysts rather than coders. Its current surfaces consciously frame it instead as "the intelligent workflow platform," positioned as a foundational layer "no matter how many tools you change," explicitly spanning "Security, IT Ops, Infrastructure, Engineering, and Product teams" rather than security alone.23 The product organizes around three workflow types — human-led, deterministic, and agentic — with the agentic layer carrying the AI message ("flexibility, ambiguity, safe actions"), and the pitch leans hard on time-to-value and non-developer accessibility. The target buyer has broadened accordingly: the surfaces describe multi-functional enterprise teams, not just the SOC. That is why Tines reads as the automation layer widening beyond its security origin rather than a pure AI-SOC analyst. Architecturally Tines classifies as a horizontal agentic-workflow-automation platform with security heritage; it is based in Dublin. The capital picture is the largest independent valuation in this front: Tines raised a $125-million Series C that lifted its valuation to roughly $1.125 billion — unicorn status — on roughly $272 million raised in total.24 Published-material tier is vendor-controlled plus named-outlet funding coverage. My read: Tines is best described not as an AI-SOC vendor but as the automation layer that started in security and is deliberately becoming horizontal. It is the most-capitalized name in this section, but its center of gravity is moving toward IT and ops workflow generally, which makes "AI security vendor" an increasingly partial label for it.

Prophet Security (Wildcard)

"AI SOC Agents that Accelerate Detection and Response. Investigate every alert in minutes. Hunt threats before they surface. Close detection gaps before attackers find them." — [prophetsecurity.ai, accessed 2026-06-16]25

Prophet Security is the agentic AI SOC analyst of the trio — the earliest-stage of the three SecOps names and a Wildcard on the report's scale. Descriptively, its surfaces lead with "AI SOC Agents that Accelerate Detection and Response." They frame the product as agents that "investigate every alert in minutes, hunt threats before they surface, and close detection gaps before attackers find them," working "every alert end-to-end."26 The described capability is first-pass alert triage and investigation handled by AI agents alongside the human SOC. That places Prophet directly in the agentic-SOC thesis that Front 5 examines in depth, where Dropzone is the Wildcard analog — a deliberate cross-front link rather than a separate finding. The described buyer is the SOC team seeking to absorb alert volume through autonomous investigation. Architecturally Prophet presents as an agentic AI SOC analyst, cloud-delivered, founded by Kamal Shah and Arun Sreeshankar. On capital, Prophet has raised roughly $41 million across a Bain Capital Ventures seed, a $30-million Accel-led Series A, and a strategic round joined by American Express Ventures and Citi Ventures dated 2026-02-25. That is the freshest hard-dated and strongest-sourced funding signal of the SecOps trio.27 Published-material tier is vendor-controlled plus named-outlet funding coverage. This is a Wildcard-tier card under the front-wide descriptive discipline: the treatment is positioning extraction only, and Prophet is not carried into any directional pattern claim. My read: Prophet is the purest expression of the "AI SOC analyst" descriptive category in this set — an agentic-triage layer with strategic-investor validation from two financial incumbents. Its cleanest read is as the independent counterpart to the agentic-SOC dynamic that Front 5 treats as a thesis in its own right.

AI Governance & Assurance

The third sub-market is the assurance layer — vendors that do not defend the model at runtime but govern it: cataloguing the AI an organization runs, testing it for bias and safety, and mapping it to regulatory frameworks. Both names here carry the Wildcard tier on the report's scale. A note on framing discipline applies to this pair specifically: any forward-looking observation about governance vendors is grounded only on a vendor, analyst, or funding proxy, never on a regulatory-effective-date or policy-adoption forecast. The regulation is the customers' problem, and treating its timeline as a vendor's tailwind would be exactly the kind of unverifiable claim the report's method excludes.

Credo AI (Wildcard)

"Govern AI Everywhere. One platform to discover, assess, and govern every AI agent, model, and application — continuously and in context." — [credo.ai, accessed 2026-06-16]28

Credo AI is the governance-platform Wildcard with the freshest hard-dated 2026 signal of the pair. Descriptively, its surfaces lead with "Govern AI Everywhere" and frame the product as "one platform to discover, assess, and govern every AI agent, model, and application — continuously and in context." A continuous risk-assessment pillar covers "bias, security, privacy, and compliance," with explicit mapping to the EU AI Act, NIST AI RMF, ISO 42001, SOC 2, GDPR, and HITRUST.29 The described buyer skews toward Fortune 500 and regulated-industry enterprises scaling AI beyond pilots. Architecturally Credo AI presents as an AI governance and assurance platform; it is based in Palo Alto and was founded in 2020. The verifiable proxies are unusually dense for a Wildcard: a January 2026 Carahsoft partnership opening public-sector procurement, a #6 placement on Fast Company's Most Innovative Companies 2026 (Applied AI), and a Gartner "Cool Vendor in AI Cybersecurity Governance" recognition. Total funding sits at roughly $41.3 million, anchored by a $21 million Series B in July 2024.30 Published-material tier is vendor-controlled plus named-outlet and analyst recognition. This is a Wildcard-tier card under the descriptive discipline: positioning extraction only, no directional verdict. My read: Credo AI's descriptive identity is the model-and-agent governance catalog mapped to named frameworks. Its messaging is squarely about governing AI systems for bias, safety, and regulatory alignment, not about monitoring people or data flows, and the 2026 public-sector and analyst proxies are what make it the better-evidenced of the governance pair.

Holistic AI (Wildcard)

"The end-to-end AI governance platform trusted by global enterprises running AI at scale." — [holisticai.com, accessed 2026-06-16]31

Holistic AI is the algorithmic-auditing Wildcard — the governance vendor whose heritage is bias testing and algorithm assessment, framed today around end-to-end AI governance. Descriptively, its surfaces carry the verbatim positioning line "the end-to-end AI governance platform trusted by global enterprises running AI at scale," organized around the pillars "Identify," "Protect," and "Enforce." The coverage spans AI model discovery and inventory, bias and safety testing (a stated 40-plus specialized tests), shadow-AI discovery across cloud and code, and regulatory mapping to the EU AI Act, NIST AI RMF, and ISO 42001.32 The EU AI Act framing is the deepest of the pair, consistent with the company's UK origin (London, founded 2020). The described buyer is the global enterprise running AI at scale that needs auditing and compliance evidence. Architecturally Holistic AI presents as an algorithmic-auditing and AI governance platform. On capital, the honest currency note is that the widely circulated $200-million figure does not belong to this London AI-governance vendor. It is the funding of a similarly-named but distinct company, and is therefore not stated here as Holistic AI's funding. The London governance vendor's own disclosed funding is in the low tens of millions, and no fresh post-baseline round was confirmed in the bounded scan. The position rests instead on the dated vendor surface (with blog activity into May 2026) and named-outlet and buyer-guide corroboration.33 Published-material tier is vendor-controlled plus named-outlet corroboration. This is a Wildcard-tier card under the descriptive discipline: positioning extraction only. My read: Holistic AI's descriptive identity is auditing the model — bias, safety, and EU-AI-Act conformity of the AI system itself — with no messaging touching employee monitoring, insider risk, or data-loss prevention. Like Credo AI, it governs models, not people, and its sharpest differentiator is the depth of its algorithmic-audit and EU-AI-Act feature framing.

7.4 Their Plays

The AI-security front is the youngest theater in this report, and its strategic moves read differently from the mature fronts. There are no decade-old incumbents defending installed bases here; there are venture-funded specialists racing a clock, and platform incumbents deciding whether to buy the specialists or build past them. The four plays below are not four answers to one question the way the edge front's were. They are four distinct motions happening at once: the platforms absorbing the independent "Security-for-AI" layer; the cross-front incumbents embedding AI-security into tools the buyer already owns; AI agents being pointed at the SOC's own first-pass work; and a governance category testing whether it is a business or a feature. Each play below is stated as a public observation, its named participants, and a conditional outcome that resolves against a signal an outsider can watch.

Play 1: The Platform-Absorbs-AI-App-Sec Consolidation Play

Play 2: The Incumbent-Embeds-AI-Security Play

Play 3: The Agentic-SOC Play

Play 4: The AI-Governance-as-a-Commercial-Category Play

7.5 War Chests & Casualties

The capital picture for the AI-security front is unlike any other front in this report, and the difference is the whole point. The snapshot below mixes the independent specialists with the two largest exits, which were not IPOs but acquisitions into platforms.

VendorMost Recent RoundValuation (if public)Strategic InvestorDistress Signal
HiddenLayer (private)$50M Series A, Sep 2023; ~$56M total45Not disclosedM12 (Microsoft's venture fund)(empty — no public distress event)
Tines (private)$125M Series C, ~$1.125B valuation46~$1.125B (private)Goldman Sachs Alternatives (lead)(empty — no public distress event)
Anvilogic (private)$45M Series C47Not disclosedEvolution Equity Partners (lead)(empty — no public distress event)
Prophet Security (private)~$41M total; strategic round Feb 202648Not disclosedAmerican Express Ventures, Citi Ventures(empty — no public distress event)
Credo AI (private)~$41.3M total; $21M Series B Jul 202449Not disclosedSands Capital, Decibel(empty — no public distress event)
Lakera → Check Point (exit)Acquired ~$300M, Sep 16 202550Consolidation exitCheck Point(empty — consolidation exit, not distress)
Protect AI → Palo Alto (exit)Acquisition intent, Apr 28 202551Consolidation exitPalo Alto Networks(empty — consolidation exit, not distress)

The defining feature of this front is the absence of a war chest at scale: no pure-play AI-security vendor has crossed a public listing or a disclosed $100M-plus private valuation as a standalone company, and the largest "exits" are acquisitions into platform incumbents rather than independent milestones. Lakera went to Check Point for a reported ~$300 million and Protect AI to Palo Alto Networks under its April 2025 intent — both public, dated, positive-or-neutral consolidation events, not distress. The independent capital here is early-to-mid venture. HiddenLayer's $50 million 2023 Series A with Microsoft's M12 on the cap table is the most prominent surviving independent. Anvilogic's $45 million Series C and Prophet Security's ~$41 million with American Express and Citi strategic backing fund the agentic-SOC bet. Credo AI's ~$41.3 million in total (anchored by a $21 million July-2024 Series B) funds the governance bet. Tines, the workflow-automation and agentic-security-operations vendor, is the rare unicorn-mark in the adjacency at a ~$1.125 billion valuation off its $125 million Series C, though its center of gravity is automation rather than AI-application security proper. No vendor in this front carries a citable public distress event; the front's defining motion is consolidation into platforms, not casualty.

7.6 Winning & Losing

This front is not won or lost the way the mature theaters are. There is no installed base to defend, no decade-old incumbent to dislodge, no public-market scoreboard to read. As Part 1 established, AI Security has zero pure-play Gravity in 2026 — not one independent vendor has reached the public market or the roughly $100M-private mark the report's tier rubric uses for Gravity. That single structural fact governs everything I can responsibly say here. With no Gravity vendor to anchor a verdict, and with most contenders sub-$60M-raised privates whose individual survival I cannot call from public material, I am deliberately not labeling any individual early-stage vendor a winner or a casualty. Every claim below is about the category's motion — how the sub-markets are forming, where the spend is consolidating, and which structural patterns the public evidence supports — not a directional bet on any one company's fate.

That discipline is not a hedge; it is the honest read of a pre-Gravity market. When the high ground itself is still being assembled in front of the buyer, the contest that matters is not vendor-versus-vendor but category-versus-absorption. The question is whether any of these three sub-markets can organize into a durable standalone business before a platform incumbent buys the capability and folds it into a box the buyer already owns. Three patterns explain the motion, each stated as a public observation, a labeled read, and a falsifiable conditional that resolves against a signal an outsider can watch. The first is the spine: the window in which a pure-play could still graduate to Gravity is closing because the platforms are buying the category faster than it can self-organize. The second is a bifurcation: AI governance is splitting across two buying centers, and the vendor that bridges them defines the category. The third is a layering claim: AI-native security operations is forming as a layer on top of the SOC stack, not a replacement for it.

Pattern Claim 1 — The Pre-Gravity Window Thesis

Observation.

My read.

Conditional prediction.

Sources. 52 53 54 55 56

The Pre-Gravity Window Thesis PATTERN CLAIM 1 — STATE OF CYBER 2026, FRONT 7 The window in which a pure-play could still graduate to Gravity is closing — on the absorption side, not the graduation side Absorption into platforms bought before reaching escape velocity alone 3 prominent independents exited in roughly eighteen months Lakera → Check Point (~$300M, Sep 2025) Protect AI → Palo Alto (Apr 2025 intent) Robust Intelligence → Cisco (2024) Plus embedding: Microsoft Defender for Cloud AI · CrowdStrike Falcon for AI · Prisma AIRS Consolidation EXITS, not failures — bought because they were good Named-outlet M&A coverage · dated Graduation to Gravity the structurally disadvantaged footrace Zero pure-play at Gravity in 2026 None public. None past the ~$100M-private mark. HiddenLayer ~$56M total — lone prominent independent not absorbed Platforms can buy + cross-sell faster than a specialist compounds alone The window's CLOSE = the inverse signal: a pure-play graduating instead of absorbed Category-level claim — no individual called window closing FALSIFIABLE TEST — next two-to-four quarters WINDOW STAYS A WAY STATION (absorption confirmed) if a fourth named AI-application-security or AI-SecOps independent is absorbed into a platform incumbent in named-outlet M&A coverage. WINDOW CLOSES UP / PURE-PLAY GRADUATES if the first pure-play AI-security acquisition above ~$200M as a standalone valuation, OR the first pure-play to cross to a public listing or a disclosed $100M-plus standalone private round, surfaces in named-outlet M&A coverage, SEC filings, or a dated funding announcement. Grounded on the public M&A and funding record — not on any regulatory date.

Pattern Claim 2 — The Governance-vs-Compliance Bifurcation Thesis

Observation.

My read.

Conditional prediction.

Sources. 57 58 59 60

The Governance-vs-Compliance Bifurcation Thesis PATTERN CLAIM 2 — STATE OF CYBER 2026, FRONT 7 "AI governance" is two products under one word — the winner is whoever bridges the two buying centers, not who picks one Security org the CISO's stack Model-risk, runtime inspection SOC integration Buys runtime controls that plug into the SOC Holistic AI anchors the deeper assurance / auditing feature lane Legal / Compliance org the GC's / CCO's stack Algorithmic auditing Regulatory-alignment evidence Sits OUTSIDE the SOC entirely; wants defensible audit artifacts Credo AI anchors the public-sector / procurement route (Carahsoft) The bridge the contested high ground whoever bridges BOTH centers defines the category Analyst evidence: Gartner AI TRiSM four-layer market — governance + runtime inspection consolidating into one distinct new segment Both centers buy governance of AI systems themselves — the model, not the workforce. Category-level claim only. FALSIFIABLE TEST — next two-to-four quarters BIFURCATION RESOLVES TOWARD A BRIDGING WINNER if a single AI-governance vendor surfaces, in named-outlet coverage or its own disclosed go-to-market, BOTH a security-org motion (runtime inspection / SOC integration) AND a compliance-org motion (audit evidence, procurement availability such as the Carahsoft route) — and Gartner's AI TRiSM coverage keeps consolidating the governance and runtime-inspection layers into one named segment. CATEGORY STAYS BIFURCATED if signals stay split — vendors visibly anchored to one center and analyst coverage keeping the two layers apart. Grounded on vendor go-to-market, named partnerships, and Gartner's analyst category formation — not on when any AI regulation takes effect.

Pattern Claim 3 — The AI-SOC Layering Thesis

Observation.

My read.

Conditional prediction.

Sources. 61 62 63 64 65

The AI-SOC Layering Thesis PATTERN CLAIM 3 — STATE OF CYBER 2026, FRONT 7 AI-Native SecOps is forming as a layer ON TOP of the SIEM/XDR stack — an agentic analytic layer, not a rip-and-replace AI-Native SecOps — the agentic analytic layer first-pass triage · detection engineering · investigation acceleration — acting ON the telemetry the layer below collects Prophet Security ~$41M · Amex + Citi Ventures Anvilogic $45M Series C · ~$85M total Tines $125M Series C · ~$1.125B sits on top of ↓ SIEM / XDR layer below — entrenched, expensive, not retired data collection · retention · normalization — the work the AI layer presupposes keeps existing Cross-front seam: AI shipping INTO an incumbent SIEM/XDR is Front-5 territory; the contenders here are the standalone, AI-native layers Capital flows to augment-the-lifecycle, not to anyone publicly claiming to replace the SIEM Category-level claim only — the win is the architectural posture, not a survival call on any one AI-SOC vendor FALSIFIABLE TEST — next two-to-four quarters LAYERING THESIS HOLDS if the AI-SecOps independents continue to raise and ship against an augment-the-SOC-lifecycle framing — disclosed funding rounds, named-outlet enterprise deployments, and analyst category placement that positions them as a layer over the SIEM rather than a replacement. LAYERING THESIS WEAKENS if a credible AI-native vendor raises specifically to displace the SIEM AND a named-outlet enterprise win documents a SIEM rip-and-replace by an AI-native platform — the category becomes a replacement contest. Grounded on vendor funding, named-outlet enterprise deployments, and analyst coverage — not on hypotheticals.

Winners

Because this front has no Gravity vendor and most contenders are early-stage privates, I am framing winners at the level of categories and structural positions, not naming any individual vendor as a winner. Three positions are winning.

The platform incumbents are winning the absorption race. The clearest advancing position in this front is not a pure-play at all — it is the platform that buys or builds the AI-security capability and cross-sells it into an installed base. Two strands of public evidence point the same way: the M&A record (Check Point/Lakera at ~$300M; Palo Alto Networks/Protect AI into Prisma AIRS; Cisco/Robust Intelligence), and the embedding motion across Microsoft Defender for Cloud AI, CrowdStrike's Falcon protections for AI, and Prisma AIRS. Together they are, in my read, the strongest evidence available that the durable AI-security control is consolidating into platforms faster than any independent can graduate 52 55. The winning position is platform-with-distribution, not any single named acquirer.

The compliance-and-procurement go-to-market is winning a defensible lane in governance. The sub-market position that is converting fastest on public signals is governance sold through procurement and regulatory-alignment channels. The public-sector route is exemplified by Credo AI's Carahsoft Master-Government-Aggregator partnership and the analyst recognition clustering around it 57 58. My read is that this lane wins because it attaches AI governance to a buying center with budget authority and a mandate, independent of the SOC: legal, compliance, and public-sector procurement. I am attributing the win to the lane, not declaring the vendor that currently occupies it the category winner. That is the open bridging question of Pattern Claim 2.

The augment-the-SOC architectural posture is winning AI-Native SecOps. Within AI-native security operations, the position drawing capital and shipping into enterprises is the layer that sits on top of the SIEM/XDR stack — agentic triage, detection engineering, and automation that act on existing telemetry rather than replacing it. The funding flowing to SOC-lifecycle augmentation and to automation going horizontal is, in my view, the public signal that this architectural posture is the winning one in the sub-market 61 62 63. The win is the posture, characterized at the category level — not a verdict on which AI-SOC vendor survives.

Losers / Casualties

This front has no individual casualty I am willing to name, and I will not manufacture one — manufacturing a casualty in a pre-Gravity market of sub-$60M-raised privates would be exactly the directional verdict the front's discipline forbids. The two consolidation events of the period — Check Point/Lakera and Palo Alto Networks/Protect AI — are exits, not deaths: the category's most-funded independents were acquired because they were strong, and reading either as a casualty would invert what the public record shows 52 53. The P2-0 currency scan confirmed no deaths and no renames across the front's tracked vendors as of mid-2026.

What is losing here is not a vendor but a position: the standalone-AI-security-pure-play-as-a-durable-independent path is the losing structural bet of 2026, and I state that at the category level. The honest read is not that any specific independent is failing — several are well-capitalized and on-thesis — but that the path of remaining independent all the way to Gravity is the one the public M&A record keeps foreclosing, as the consolidation exits demonstrate. The casualty, such as it is, is an architecture of the market: the assumption that a buyer's safest AI-security purchase is a standalone pure-play. The contested vendors therefore belong under Watch, not here.

Watch

The first pure-play graduation-or-absorption is the signal to watch above all others. The Pre-Gravity Window thesis resolves on whichever comes first. On the graduation side: a pure-play AI-security acquisition above ~$200M as a standalone valuation, or a pure-play crossing to a public listing or a disclosed $100M-plus standalone private round. On the absorption side: a fourth named independent absorbed into a platform, which leaves the window a way station 56. Either signal will surface in named-outlet M&A coverage, SEC filings, or a dated funding announcement.

The governance bridging-vendor is the wildcard motion to watch in AI Governance & Assurance, tracked at the category level only. Whether any single governance vendor surfaces both a security-org motion and a compliance-org motion — bridging the two buying centers Pattern Claim 2 describes — is the open category question. Three public signals are worth monitoring: vendor go-to-market disclosures, named partnerships (the Carahsoft public-sector route is one such dated signal), and Gartner's AI TRiSM coverage consolidating or holding apart the governance and runtime-inspection layers 57 60. I am watching the category's convergence, not handicapping individual vendors.

The AI-SOC layer-versus-replacement question is the architectural motion to watch in AI-Native SecOps. The layering thesis stays intact as long as the AI-native vendors keep raising and shipping against an augment-the-SOC framing. It weakens the moment a credible AI-native platform raises specifically to displace the SIEM and a named-outlet enterprise win documents a rip-and-replace 62 65. This is a category-level architectural watch, cross-referenced to Front 5's agentic-SOC analysis — not a survival call on any one AI-SOC vendor.

7.7 The Campaign Ahead

This is the youngest front in the report, and paradoxically the one whose decisive signals are easiest to watch — because in a pre-Gravity market, every move that matters is a public funding round, a public acquisition, or an analyst drawing a category boundary for the first time. None of the five signals below requires privileged access; each has a falsifiable threshold and a public source class anyone can monitor through H2 2026. Critically, not one of them is a regulatory date: this front's analytic trap is to mistake a policy deadline for a market event, and I am holding every threshold to a public market signal instead.

  1. The first >$200M AI-security pure-play acquisition. Signal: whether any standalone AI-security pure-play (AI App Sec, AI-Native SecOps, or AI Governance) is acquired by a platform incumbent above ~$200M as a standalone valuation, in named-outlet M&A coverage. Threshold: a documented >$200M pure-play AI-security acquisition marks the absorption pattern reaching nine-figure-plus scale, and closes the question of whether the category exits as features or as franchises. Continued sub-$200M tuck-ins leave the window in its current narrow-but-open state. Primary source: acquirer SEC filings (Form 8-K) and named-outlet M&A coverage 66.
  1. The first pure-play crossing to Gravity. Signal: whether any AI-security pure-play files a public S-1, completes an IPO, or discloses a $100M-plus standalone private round at a standalone valuation — the inverse signal that the window stayed open long enough for a pure-play to graduate. Threshold: a public listing or a disclosed $100M-plus standalone round validates that an AI-security pure-play can reach Gravity independent of a platform. A period passing with no pure-play crossing that line, while absorption continues, confirms the window is closing on the absorption side. Primary source: SEC EDGAR S-1 filings and dated funding announcements in named outlets 67.
  1. A Gartner AI-security / AI-TRiSM Magic Quadrant or Market Guide refresh. Signal: whether Gartner's AI TRiSM coverage advances from Market Guide toward a Magic Quadrant, and whether its four-layer model continues to consolidate the AI-governance and AI-runtime-inspection layers into a single named market segment. Threshold: a Gartner Magic Quadrant for AI security/TRiSM, or a Market Guide refresh that names a consolidated governance-plus-runtime segment, confirms the analyst-recognized category is cohering. A held or fragmented coverage map signals the category is still pre-consolidation. Primary source: the published Gartner AI TRiSM Market Guide / Magic Quadrant and vendor announcements citing placement 60.
  1. AI-governance vendor funding rounds and bridging go-to-market. Signal: whether an AI-governance vendor raises a disclosed round explicitly to span both buying centers — runtime/security-org capability and compliance-org audit/procurement reach (e.g., a public-sector-aggregator route like Credo's Carahsoft partnership) — surfacing in named-outlet funding coverage or the vendor's own disclosure. Threshold: a disclosed governance round funding a documented two-buying-center motion confirms the bifurcation is resolving toward a bridging winner. Governance rounds that stay anchored to a single buying center keep the category bifurcated. Primary source: dated funding announcements in named outlets and vendor partnership press releases 68.
  1. AI-SecOps platform funding and product-page positioning changes. Signal: whether the AI-native SecOps vendors keep raising against an augment-the-SOC-lifecycle framing and keep their product-page heroes positioned as a layer over the SIEM/XDR stack. The inverse signal is any credible AI-native vendor raising specifically to displace the SIEM, with a named-outlet enterprise rip-and-replace win to match. Threshold: continued funding and product-page positioning around SOC-lifecycle augmentation confirms the layering thesis; a funded SIEM-replacement claim plus a documented enterprise rip-and-replace weakens it. Primary source: dated funding announcements, vendor product-page hero snapshots, and named-outlet enterprise-deployment coverage 69.

References & Footnotes

References

Section