Palo Alto Networks announced Tuesday its plans to buy security startup Koi, a deal aimed at addressing the security risks emerging as organizations rapidly adopt agentic AI.

Terms were not disclosed, but Israeli business outlet Globes reported that Palo Alto will pay approximately $400 million. The deal is another among a trend of larger cybersecurity industry companies buying AI-focused security startups. 

In a statement announcing the agreement, Palo Alto Networks argues that “agentic” tools are reshaping endpoint risk because they can act with broad privileges, interact with multiple systems and move data in ways that older security products were not designed to monitor. For years, endpoint protection emphasized detecting malicious files and stopping known malware techniques. The new concern described in the announcement centers on legitimate software that can become dangerous through compromise, misconfiguration or abuse. AI agents, in this framing, resemble highly capable insiders: they operate using a user’s credentials, can take actions on a user’s behalf and may do so automatically and at speed.

“AI agents and tools are the ultimate insiders,” said Lee Klarich, Palo Alto’s chief product & technology officer. “They have full access to your systems and data, but operate entirely outside the view of traditional security controls. By acquiring Koi, we will be closing this gap and setting a new standard for endpoint security. We will give our customers the visibility and control required to safely harness the power of AI — ensuring that every agent, plugin, and script is governed, verified, and secure.”

Palo Alto Networks says Koi’s technology would be integrated into its Prisma AIRS AI security platform and would enhance the company’s Cortex XDR endpoint product. The stated goal is better visibility into AI-driven activity on endpoints and additional controls over tools that fall outside conventional security monitoring.

Palo Alto Networks and Koi describe their approach moving forward as “Agentic Endpoint Security,” built around visibility into AI-related software, continuous risk analysis and real-time policy enforcement. The language suggests an attempt to define a new product category at a moment when enterprises are still deciding how to govern AI tools that are proliferating through developer workflows and everyday office software.

The proposed acquisition also signals how major security vendors may respond to enterprise AI adoption: by packaging agent governance, monitoring and control into endpoint and cloud security portfolios, and by treating AI-driven automation as a distinct source of risk rather than a feature layered onto existing defenses.

The acquisition is the second AI-focused deal for Palo Alto in the plast six months. In November, the company announced it was acquiring Chronosphere, an AI-focused observability firm, for $3.35 billion. 

The post Palo Alto Networks’ Koi acquisition is all about keeping AI agents in check appeared first on CyberScoop.

Proofpoint announced Thursday it has acquired Acuvity, an AI security startup, as the cybersecurity company moves to address security risks stemming from widespread corporate adoption of agentic AI.

The acquisition strengthens Proofpoint‘s capabilities in monitoring and securing AI-powered systems that are increasingly handling sensitive business functions across enterprises. 

Financial terms of the deal were not disclosed, but Ryan Kalember, Proofpoint’s chief strategy officer, told CyberScoop that the acquisition was beyond a pure “technology acquisition,” with Acuvity’s engineering team slated to join the California-based company. 

Acuvity specializes in visibility and governance for AI applications, including the ability to track how employees and automated systems interact with external AI services and protect custom AI models developed within organizations. The startup’s platform monitors AI usage across multiple deployments, from web browsers to specialized infrastructure including Model Context Protocol (MCP) servers and locally installed AI tools.

The deal reflects growing concern among enterprises about security gaps created as organizations deploy agentic AI across departments, like software development, customer support, finance, and legal operations. These systems increasingly access sensitive data and execute tasks previously handled exclusively by humans.

Additionally, AI-specific attack vectors such as prompt injection and model manipulation have emerged as potential threats that traditional cybersecurity tools were not designed to address.

Kalember said CISOs are seeing the potential risk combined with agentic AI growth, and are sensing the need to maintain governance without impeding innovation, particularly as the pace of AI adoption has outstripped many companies’ ability to secure these systems effectively.

“It has definitely been a pivot from, ‘I got to be able to stop prompt injection’ to ‘I have to be able to figure out what the AI is even doing,’” he told CyberScoop.

Last May, Proofpoint acquired Hornetsecurity Group, a Germany-based provider of Microsoft 365 security services, in a deal reportedly valued at more than $1 billion. Kalember told CyberScoop he sees Acuvity helping small- and medium-sized organizations that leverage Hornetsecurity’s offerings to boost its AI security. 

“That is going to be a world in which, independent of the size of the organization, they are going to very much leverage AI, and some of that will be built into the tools like M365 that is tightly coupled with the Hornetsecurity architecture,” Kalember said.

The acquisition follows a theme within the industry where larger security companies are buying AI-focused security startups. Just last week, data security firm Varonis acquired AI security firm AllTrue.ai for $150 million. 

The post Proofpoint acquires Acuvity to tackle the security risks of agentic AI appeared first on CyberScoop.

LevelBlue, a Dallas-based managed security services provider, announced Tuesday that it is expanding its managed detection and response business through a strategic partnership with cybersecurity firm Fortra that includes the acquisition of Fortra’s Alert Logic managed services unit.

The companies said the agreement covers Alert Logic’s Managed Detection and Response services, along with associated Extended Detection and Response and Web Application Firewall managed services. The announcement positions the deal as both a consolidation in the crowded managed security market and a reconfiguration of how Fortra intends to sell and support parts of its portfolio.

At the center of the arrangement is a split between software and services. LevelBlue will take on the delivery of certain Alert Logic managed offerings, while Fortra becomes a prominent technology partner whose software and platforms will be made available to LevelBlue’s customers through its managed services model. The result is a tighter coupling between product vendors and outsourced security operators, reflecting a broader industry pattern in which clients seek a single point of accountability for security operations, while vendors look for distribution through channel partners rather than direct service delivery.

Sundhar Annamalai, LevelBlue’s chief strategy officer, told CyberScoop that he sees the deal as “all upside” for AlertLogic’s MDR users. 

“Nothing’s going to change for customers,” Annamalai told CyberScoop. “The experience remains the same as they go through their changes down the line, whether that’s through their own acquisitions or they’re expanding globally. We want to be the partner they turn to to manage their cybersecurity outcomes. Given where we operate, the scale at which we operate, our ‘Follow the Sun’ strategy, we believe we’re a logical choice to grow with our customers.”

Both companies framed the move as an effort to broaden coverage across the attack surface, from cloud infrastructure to employee email accounts to public-facing applications. In practical terms, the firms are arguing that combining telemetry, tooling and operational staffing under a single managed provider can improve detection speed and response coordination, especially for customers with complex environments. 

“When we made the strategic decision to redouble our focus on providing software, as well as looking for a home for the Alert Logic services and team, it was important to us to find a place where customers would be protected, and our employees would not only be taken care of but also have potential for continued career growth,”  Matt Reck, CEO of Fortra, told CyberScoop.  “We could not be more excited about LevelBlue as a partner — both for our customers and our shared vision of the need in the market, but also for the Alert Logic team members.” 

LevelBlue said the acquisition will give Alert Logic’s existing customer base access to what it described as a larger global footprint and broader threat telemetry. The emphasis on telemetry highlights a key competitive lever in managed detection: providers claim advantage not only through staffing and procedures in a security operations center, but also through the volume and variety of signals they can ingest across clients and environments.

The companies also emphasized complementary capabilities. Fortra’s tools were cited as extending LevelBlue’s existing strengths in data security, brand protection, email security and offensive security. The language signals an attempt to offer customers a broader menu of security functions without requiring them to integrate and manage multiple vendors on their own, a recurring pain point in enterprise security operations.

The acquisition is LevelBlue’s fourth in the past year. In July, the company acquired Trustwave and Aon’s cybersecurity and intellectual property litigation consulting groups, which include Stroz Friedberg and Elysium Digital. In October, the company announced it would acquire Cybereason.

Annamalai told CyberScoop that the Fortra deal, along with the others, shows the company is very particular about the services it wants to provide to its customer base as it grows. 

“A lot of this is, how do you drive towards security outcomes, and do that in the way that customers have chosen their own security destinies,” he told CyberScoop. “We want to do that through a technology platform that lets us be adaptable to the journey customers are on, but also platform-centric in the way that we support our customers on a go-forward basis. And so when we think about our investments, it’s on a platform strategy that lets us serve customers on their own security journey.”

Terms of the deal were not disclosed. 

The post LevelBlue scoops up Alert Logic’s managed services from Fortra appeared first on CyberScoop.

CrowdStrike announced Tuesday an agreement to acquire Seraphic Security, a browser runtime security provider, in a move that signals growing recognition among cybersecurity firms that traditional protective measures have failed to keep pace with how employees actually work.

The acquisition, expected to close during CrowdStrike’s first fiscal quarter of 2027, will integrate Seraphic’s browser-level protection into CrowdStrike’s Falcon platform. Financial terms were not disclosed, but a source tells CyberScoop that the deal is worth $420 million, to be paid predominantly in cash with a portion in stock subject to vesting conditions.

The deal reflects an emerging challenge in enterprise security: while browsers have become the primary workspace for most employees, they remain largely unmonitored by existing security infrastructure. CrowdStrike cited data indicating 85% of the workday is now spent in web browsers, yet traditional security models have treated browsers as peripheral rather than central to threat detection.

Current approaches to browser security typically force users into specific enterprise browsers or route traffic through network monitoring systems that can slow performance. Seraphic’s technology operates within the browser runtime itself, working across Chrome, Edge, Safari, and Firefox on both company-managed and personal devices without requiring users to switch platforms.

The acquisition arrives as enterprises grapple with security implications of generative AI tools and autonomous AI agents that increasingly operate through browser interfaces. CrowdStrike specifically highlighted concerns about unauthorized AI applications potentially extracting corporate data, an issue the company refers to as “shadow AI.”

The deal continues CrowdStrike’s expansion beyond its core endpoint detection business into adjacent security domains. Last week, the company announced its intention to buy identity management startup SGNL for $740 million. CrowdStrike plans to combine Seraphic’s browser monitoring with technology from SGNL in order to enable dynamic access controls that adjust permissions based on real-time risk signals rather than static credentials.

This approach represents a departure from perimeter-based security models that dominated enterprise cybersecurity for decades. By monitoring activity at the session level within browsers, the combined technology aims to detect threats that occur after initial authentication, including session hijacking and sophisticated phishing attempts.

The strategy also addresses a persistent challenge in enterprise security: protecting data accessed by contractors, temporary workers, and employees using personal devices. Seraphic’s browser-level approach provides monitoring capabilities without requiring full endpoint security software installation.

CrowdStrike CEO George Kurtz characterized the acquisition as part of a broader strategy around “Zero Standing Privilege,” a security model that grants minimum necessary access for specific tasks rather than maintaining permanent permission levels.

The post CrowdStrike is buying Seraphic Security to lock down the browser, where work actually happens appeared first on CyberScoop.

CrowdStrike is buying identity management startup SGNL, a move that underscores how identity security has become a central battleground in enterprise cybersecurity as companies add cloud services and deploy AI-driven tools.

The cybersecurity firm did not disclose financial terms in a Thursday announcement, but CrowdStrike CEO George Kurtz told CNBC the deal is valued at nearly $740 million.

The acquisition targets a growing problem for large organizations: Access is no longer limited to employees logging into a handful of internal systems. Modern environments include contractors, automated scripts, cloud workloads and an expanding set of non-human identities, such as service accounts and machine credentials. More recently, companies have begun experimenting with AI agents that can take actions across multiple systems, sometimes with broad privileges.

Kurtz framed that shift as a security challenge, saying AI agents can operate with “superhuman speed and access,” effectively turning each agent into a privileged identity. The company argues that older models built around static policies and “standing privileges” can leave gaps because access rights may remain in place even as conditions change, such as with a compromised device, suspicious behavior or a new threat signal.

The bet behind the SGNL purchase is that access decisions can be made more dynamic and more automated. CrowdStrike said SGNL functions as a runtime enforcement layer between identity providers and the software and cloud infrastructure, including SaaS applications and major cloud platforms. In practice, that implies shifting controls closer to the moment an account tries to access a resource, allowing permissions to be continuously reevaluated and, if necessary, revoked.

The company is also positioning the deal as an expansion of its identity security portfolio within the Falcon platform, which it says spans privileged access management, identity threat detection and response, SaaS identity security, and protections aimed at AI-driven identities. It said SGNL would extend “just-in-time” access controls beyond Microsoft Active Directory and Entra ID to additional identity systems, including AWS Identity and Access Management and Okta.

The announcement points to a broader industry trend: Identity has become a primary attack path, particularly as organizations connect more cloud services and integrate them with single sign-on systems. Even when organizations harden endpoints and networks, a stolen credential can offer a direct route into business applications and data. The rise of automated identities adds another layer of complexity, because these accounts are often created for operational convenience and may be poorly tracked or overprivileged.

SGNL CEO Scott Kriz said the company was founded to connect access decisions with “business reality,” describing standing privileges as a persistent risk. The companies have not detailed how SGNL will be integrated operationally, but the rationale centers on using real-time signals about identity, device and behavior to determine whether access should continue.

The deal also reflects the industry’s focus on artificial intelligence, which is increasingly seen both as a defensive tool and as a source of new security risks.

In the latter half of 2025 alone:

• Palo Alto Networks announced it will acquire Chronosphere, a cloud observability platform, for $3.35 billion in cash and equity.
• Cloud security company Zscaler announced it has acquired SplxAI, an artificial intelligence security platform.
• Veeam acquired Securiti AI for $1.7 billion.
• Check Point acquired AI security firm Lakera.

The proposed acquisition is expected to close during CrowdStrike’s first quarter of fiscal 2027.

The post CrowdStrike to buy identity startup SGNL for nearly $740M appeared first on CyberScoop.

ServiceNow has agreed to buy cybersecurity firm Armis for $7.75 billion in cash, a deal that would push the enterprise software company deeper into a fast-growing corner of security focused on tracking and reducing “exposure” across sprawling networks of connected devices.

The companies said Tuesday that combining ServiceNow’s workflow and risk products with Armis’ asset discovery and cyber-physical security tools would create an end-to-end system intended to detect vulnerable devices, prioritize risks and route remediation through automated operational processes. That vision reflects a broader shift in cybersecurity: visibility and response are increasingly being treated as continuous, integrated business functions rather than standalone technical tools. 

“ServiceNow is building the security platform of tomorrow,” said Amit Zavery, president, chief operating officer, and chief product officer at ServiceNow. “In the agentic AI era, intelligent trust and governance that span any cloud, any asset, any AI system, and any device are non-negotiable if companies want to scale AI for the long-term. Together with Armis, we will deliver an industry-defining strategic cybersecurity shield for real-time, end-to-end proactive protection across all technology estates. Modern cyber risk doesn’t stay neatly confined to a single silo, and with security built into the ServiceNow AI Platform, neither will we.”

Armis specializes in mapping and classifying devices across information technology systems and operational technology, including industrial controls and medical devices. Those environments, often essential to manufacturing, hospitals and critical infrastructure, have become prominent concerns as more equipment is connected to networks but remains difficult to inventory with traditional security software. Armis says it performs “agentless” discovery, meaning it can identify devices without installing software on each endpoint, a key consideration for older or regulated systems.

“AI is transforming the threat landscape faster than most organizations can adapt. Every connected asset has become a potential point of vulnerability,” said Yevgeny Dibrov, co-founder and CEO of Armis. “We built Armis to protect the most critical environments and give both public and private sector organizations the real-time intelligence they need to stay ahead – so they can see their entire environment clearly, understand risk in context, and take action before an incident occurs. Together with ServiceNow, customers will have a powerful new way to reduce their exposure and strengthen security at scale.”

ServiceNow, best known for IT service management and enterprise workflow products, has been building a security and risk business that it said crossed $1 billion in annual contract value in the third quarter of 2025. The company described the Armis deal as a way to “more than triple” its market opportunity in security and risk. While such projections are inherently forward-looking, the figure underscores how cybersecurity has become a major battleground for large platform vendors seeking to consolidate multiple functions into a single suite.

The announcement also highlights the industry’s preoccupation with artificial intelligence, both as a tool for defenders and a driver of new risks. ServiceNow framed the acquisition around “AI-native” and “agentic” capabilities, language that has become common as vendors race to incorporate autonomous features into security operations. The premise is that, as networks expand and threats move faster, human analysts cannot manually triage every alert or vulnerability, making automation and prioritization central selling points.

In the second half of 2025 alone: 

• Palo Alto Networks announced it will acquire Chronosphere, a cloud observability platform, for $3.35 billion in cash and equity.
• Cloud security company Zscaler announced it has acquired SplxAI, an artificial intelligence security platform.
• Veeam acquired Securiti AI for $1.7 billion.
• Check Point acquired AI security firm Lakera.
• Mitsubishi Electric acquired OT and IoT cybersecurity specialist Nozomi Networks for $1 billion.

The companies cited a forecast that worldwide end-user spending on information security will rise 12.5% in 2026 to $240 billion, attributing growth to evolving threats and the expanding use of AI and generative AI. Whether those drivers translate into better security outcomes remains debated, but the spending trajectory signals continued pressure on organizations to manage risk across more endpoints, more software and more interconnected supply chains.

If completed, the deal would also strengthen ServiceNow’s position in so-called cyber-physical security, an area that blurs the line between digital compromise and real-world disruption. The integration described by the companies links Armis’ real-time device intelligence to ServiceNow’s configuration management database, which ties technical assets to business services and responsible teams. That connection, they argue, would make remediation more actionable by directing fixes to the people who can implement them.

Armis, founded in 2015, reported more than $340 million in annual recurring revenue and said it employs about 950 people. The company counts Global 2000 customers, including more than 35% of the Fortune 100, and said it serves government agencies and public-sector organizations.

The post ServiceNow agrees to buy cyber firm Armis for $7.75B appeared first on CyberScoop.

Palo Alto Networks announced Wednesday it will acquire Chronosphere, a cloud observability platform, for $3.35 billion in cash and equity, marking the cybersecurity company’s latest move to expand beyond its traditional security perimeter into adjacent infrastructure monitoring capabilities.

The acquisition represents a significant bet on the convergence of security and operational observability as organizations grapple with increasingly complex AI workloads and cloud-native applications. The deal underscores how the demands of artificial intelligence infrastructure are reshaping enterprise software markets and driving consolidation across previously distinct technology categories.

“The foundational requirement for every modern AI data center is constant uptime and resilience, which demands real-time, always-on observability delivered at the right cost,” Nikesh Arora, chairman and CEO of Palo Alto Networks, said in a release. “Chronosphere was built to scale for the data demands of the AI era from day one, which is why it is chosen by leading AI-native and born-in-the-cloud organizations. And once we leverage AgentiX with Chronosphere, we will take observability from simple dashboards to real-time, agentic remediation. We are excited to not just enter this space, but to disrupt it.” 

Chronosphere, founded to provide monitoring and observability for large-scale digital operations, reported annual recurring revenue exceeding $160 million as of September 2025, with triple-digit year-over-year growth. The company has been recognized as a leader in Gartner’s 2025 Magic Quadrant for Observability Platforms and counts major AI companies among its customers, including two leading large language model providers.

The California-based cybersecurity company has been on a spending spree over the past year. In July, it announced it was buying identity security firm CyberArk for approximately $25 billion in one of the largest technology acquisitions to date. 

The deal is yet another in a lengthy list of cybersecurity companies acquiring AI-focused companies in 2025. Similar deals this year include: 

• Check Point acquires AI security firm Lakera
• F5 Networks acquiring CalypsoAI
• Cato Networks acquires AI security startup Aim Security
• Varonis buys AI email security firm SlashNext

Palo Alto Networks plans to integrate Chronosphere with its AgentiX platform, aiming to transform observability from passive monitoring into what the company describes as autonomous remediation. The combined system would deploy AI agents to detect performance issues, investigate root causes, and implement fixes automatically, rather than simply alerting human operators to problems.

“We founded Chronosphere to provide scalable resiliency for the world’s largest digital organizations. Palo Alto Networks is the perfect strategic partner for our customers, partners, and employees,” Martin Mao, co-founder and CEO of Chronosphere, said in the release. “It allows us to combine our disruptive observability platform with the world’s best security company, accelerating our momentum in solving the most complex data and resiliency challenges. Together, we look forward to continuing to partner with industry-leading cloud and AI-native customers across the world on their mission-critical observability and security needs.” 

The deal is expected to close in 2026, during the second half of Palo Alto Networks’ fiscal year.

The post Palo Alto Networks to acquire observability firm Chronosphere for $3.35 billion appeared first on CyberScoop.

Virginia-based BigBear.ai announced Monday it will acquire Ask Sage, a generative artificial intelligence platform specializing in secure deployment of AI models and agentic systems across defense and other regulated sectors, in a deal valued at about $250 million.

Ask Sage focuses on safety and security in the growing field of agentic AI, or systems capable of independent reasoning and task execution. Designed to serve organizations handling classified and sensitive information, Ask Sage offers a model-agnostic framework and holds a FedRAMP High accreditation, a top-tier government certification for cloud security.

The emphasis on secure, compliant AI drew specific mention from BigBear.ai CEO Kevin McAleenan on an earnings call Monday, who characterized the acquisition as a direct fit with the company’s strategy of pursuing “disruptive AI mission solutions for national security.” 

McAleenan pointed out that safeguarding information, assuring compliance, and enabling scalable AI deployment have become central requirements in defense and intelligence markets as organizations seek to harness the abilities of increasingly autonomous AI agents.

Nicolas Chaillan, founder of Ask Sage and former chief software officer for the U.S. Air Force and Space Force, will join BigBear.ai as chief technology officer as part of the agreement. Chaillan’s background includes shaping cybersecurity and software development policy at the Department of Defense and the Department of Homeland Security, where he advocated for the adoption of secure, iterative technology practices across federal agencies.

BigBear.ai plans to integrate Ask Sage’s security-focused capabilities throughout its portfolio, cross-sell to its existing client base, and leverage the Ask Sage marketplace as a new distribution channel for compliant AI solutions. The company aims to address growing demands among government and regulated industry clients for artificial intelligence that meets increasingly complex standards for data protection and operational assurance.

The transaction highlights broader trends in the AI sector as providers — especially those serving national security and critical infrastructure — race to build tools that balance innovation with the safety and security requirements of highly regulated environments. 

The acquisition is expected to close late in the fourth quarter of 2025 or early in the first quarter of 2026.

The post BigBear.ai to buy Ask Sage, strengthening security-centric AI for federal agencies appeared first on CyberScoop.

Bugcrowd, a company known for its work in bug bounty and vulnerability disclosure, has announced the acquisition of Mayhem Security, an AI-driven offensive security firm. 

The terms of the deal were not disclosed. 

Organizations are dealing with more complicated cybersecurity risks as they build software faster, add more APIs, and work with many suppliers. Traditional security methods often find problems only after software is already being used, which can leave systems open to attack. Bugcrowd says that to keep up with new threats, companies need to combine the power of artificial intelligence with the knowledge of skilled security experts. By buying Mayhem Security, Bugcrowd plans to bring these tools together in one platform so security testing can happen throughout the entire software process.

Mayhem Security, previously known as ForAllSecure, was founded by David Brumley and Thanassis Avgerinos, both PhDs from Carnegie Mellon University. Mayhem previously gained recognition after winning the 2016 DARPA Cyber Grand Challenge by deploying an autonomous system able to discover, diagnose, and repair software vulnerabilities in real time, earning the first DEF CON Black Badge for a non-human competitor. Mayhem’s technology is focused on continuous penetration testing, code security, dynamic SBOM (Software Bill of Materials) profiling, and reinforcement learning environments for foundational LLM model builders.

Upon completion of the acquisition, all 11 Mayhem Security employees have joined Bugcrowd. Brumley will serve as Bugcrowd’s chief AI and science officer. For Mayhem Security, the opportunity to join Bugcrowd is seen as a way to merge its automation technology with the expertise of the hacker community.

Statements from both companies reinforced the strategy behind the merger. Bugcrowd CEO Dave Gerry characterized the acquisition as a further step in the company’s goal to “transform the way organizations approach cybersecurity,” citing the objective of achieving an adaptive security platform that leverages both human and machine capabilities. Brumley described the partnership as “redefining modern security testing” and supporting efforts to eliminate zero-day vulnerabilities.

Mayhem Security reportedly raised at least $36 million prior to acquisition, including a $21 million Series B round in 2022.

“For over a decade, we’ve built technology that thinks and learns like an attacker to autonomously find new vulnerabilities,” Brumley said in a statement. “Joining forces with Bugcrowd amplifies that mission by combining AI-driven automation with the creativity and expertise of the global hacker community. Together, we’re redefining modern security testing, helping organizations preempt risk, close vulnerabilities faster, and eliminate zero-day threats.”

The post Bugcrowd acquires Mayhem Security to advance AI-powered security testing appeared first on CyberScoop.

Cloud security company Zscaler announced Monday it has acquired SplxAI, an artificial intelligence security platform, in a move to strengthen its ability to protect enterprise AI assets.

Terms were not disclosed. 

Zscaler said the purchase is aimed at enhancing its zero-trust security offerings by integrating Splx’s technology for AI asset discovery, automated red-teaming, and governance. The company said these features will help secure AI applications and services during development and after deployment.

“AI is creating enormous value, but its full potential can only be realized when it can be secured,” Zscaler CEO Jay Chaudhry said in a statement.

Founded by Kristian Kamber and Ante Gojsalic, Splx has developed a platform focused on helping organizations identify and protect AI models, workflows, and underlying infrastructure. The platform includes automated red-teaming, which simulates attacks to find weaknesses in AI systems before they are targeted by real-world threats. Splx’s technology also provides live recommendations to address any security issues it uncovers.

The acquisition comes as cybersecurity companies continue to add AI to their products and service offerings. The Splx deal follows Zscaler’s recent acquisition of Red Canary, an AI-driven threat management company. 

The deal is another in a lengthy list of cybersecurity companies acquiring AI-focused companies in 2025. Similar deals this year include: 

• Check Point acquires AI security firm Lakera
• F5 Networks acquiring CalypsoAI
• Cato Networks acquires AI security startup Aim Security
• Varonis buys AI email security firm SlashNext
• Veeam acquires Securiti AI 

Zscaler said Splx’s tools will help address the security risks created by new and largely untested AI applications. These systems often operate autonomously, connect to various data sources, and can introduce vulnerabilities that are difficult to detect using traditional security methods.

Splx, founded in 2023, is a venture capital-backed company that has raised about $9 million to date. Its investors include LAUNCHub Ventures, Rain Capital, Inovo Runtime Ventures, DNV Ventures AS and South Central Ventures.

Both companies said they share the same vision of tackling the expanding attack surface created by increased AI adoption. “By joining forces with Zscaler, we’ll bring our innovation to one of the most trusted security platforms in the world, securing AI innovation at the speed organizations are adopting it,” Kamber, co-founder and CEO of Splx, said in a statement.

The post Zscaler adds more AI to its offerings with Splx acquisition appeared first on CyberScoop.