Accenture announced Thursday it would acquire a majority stake in industrial cybersecurity firm Dragos for $3.25 billion and purchase two smaller security companies outright, essentially making a $4.18 billion bet that defending the IT networks of power grids, pipelines, factories and critical infrastructure sectors will become one of the defining challenges of the AI era.

The deals — which also include two Austin, Texas-based companies, runZero and NetRise —  represent a significant strategic pivot for Accenture toward operational technology (OT) security,  a segment of the cybersecurity market that has long been underfunded relative to traditional IT defenses. The announcement comes as the consulting giant faces pressure on its core business from the same AI tools reshaping the threat environment it is now moving to address.

Dragos, founded in 2016 by former intelligence specialists and based in Hanover, Maryland, has built what the industry regards as a leader detecting threats in OT environments. Its proprietary dataset of industrial threat intelligence has made it a trusted partner to critical infrastructure operators globally.

RunZero specializes in asset discovery and attack-surface intelligence — essentially mapping what is connected to a network and identifying where it is exposed. NetRise focuses on firmware-level visibility and software supply chain security, areas that have drawn increased scrutiny since high-profile incidents revealed how deeply embedded vulnerabilities can propagate through industrial device ecosystems.

Dragos co-founder and CEO Robert M. Lee will continue leading the combined entity, which will operate as an independent business under Accenture’s ownership. The CEOs of runZero and NetRise, HD Moore and Tom Pace, respectively, along with NetRise’s chief technology officer Michael Scott, will join Dragos as senior executives.

The acquisitions are not Accenture’s first move in OT security. The company acquired Cimation in 2015 and Revolutionary Security in 2020, along with several other OT-focused firms. 

Thursday’s deal, however, is of a different scale and ambition. Where previous acquisitions built out Accenture’s services capabilities, the addition of Dragos, runZero and NetRise moves the company firmly into OT cybersecurity software, a market it had not previously entered at scale.

Accenture and Dragos describe this expanding environment — which also encompasses Internet of Things devices, cloud-connected sensors and related IT infrastructure — as “xOT.” The concern is that as AI is integrated into industrial decision-making, the attack surface grows. At the same time, adversaries are using AI to shorten the window between compromising an IT network and pivoting to OT systems underneath it.

Despite that convergence, most cybersecurity budgets remain concentrated on traditional IT, leaving critical infrastructure comparatively exposed. The OT cybersecurity services market is estimated at roughly $7 billion in 2026. The broader OT cybersecurity market, which includes software, is estimated at $27 billion this year and projected to reach nearly $59 billion by 2031, growing at approximately 16% annually.

“Our energy and water systems, manufacturing plants, data centers and other operational environments need cybersecurity built from the ground up for xOT and designed to keep pace as threats evolve. The consequences of getting it wrong become societal threats,” Lee said in a release. “Organizations need solutions, not a patchwork of software and services. The addition of runZero and NetRise will allow the Dragos Platform to be a unique end-to-end platform for global defense, and Accenture will bring its decades of trusted relationships and deep expertise to help us scale and secure more critical infrastructure and physical operations globally.”

The transactions are expected to close in August or September, pending customary regulatory approvals.

The post Accenture shells out $4.18B on three companies in big industrial cybersecurity push appeared first on CyberScoop.

If you had time to walk the expo floor at this year’s RSA Conference, it was impossible to miss the shift in our industry. Artificial intelligence has moved from an emerging layer to the foundation of what powers cybersecurity companies. But from our vantage point as investors who work closely with founders and operators, the bigger shift is how AI is changing how these companies are formed, funded and scaled.

The past year marked an inflection point. A surge in venture funding and headline acquisitions underscored a market moving faster than many expected. Startups that once spent years iterating toward product-market fit are now emerging from stealth with mature products and raising large early rounds almost immediately. Meanwhile, the traditional progression from seed to Series A is compressing into a much shorter, higher-stakes window, and legacy companies are being forced to move faster than ever to stay relevant in today’s landscape.  

Venture funding is concentrating around fewer, larger AI bets

The acceleration reflects real capability. AI has cut the time and cost of building and iterating on cybersecurity products, allowing small teams to move at unprecedented speed. But faster development doesn’t change the basics: durable businesses still require clear differentiation, strong go-to-market execution and proven customer demand.

What has changed is how capital is being deployed. Venture funding in cybersecurity is increasingly concentrated into fewer companies, with larger rounds and higher valuations. The market is increasingly binary: startups are expected to either secure AI systems or use AI to deliver clear, measurable improvements in security outcomes. Companies that can’t clearly stake out one of those positions are finding it harder to attract attention from both investors and acquirers.

Higher valuations can accelerate momentum, but they also raise the bar for performance. When growth does not materialize as expected, the path forward becomes more difficult, particularly in a market that is moving as quickly as this one.

AI-native startups are operating with smaller, more technical teams

AI is also reshaping how cybersecurity companies are staffed and operated. The most effective teams today are smaller and more technical, relying heavily on automation to extend their capabilities. Engineers are increasingly focused on orchestrating AI systems rather than building every component from scratch, shifting the nature of technical work toward higher-level problem solving and system design. They can iterate faster than ever before, putting pressure on fast-paced innovation and high-capacity outputs. 

This is creating a widening gap between companies that are built around AI from the start and those trying to retrofit it into existing models. For newer startups, this approach is often foundational. For incumbents, it can require significant changes to both technology and culture, leading to an upcoming M&A wave that’s already in the early innings.  

Threat actors are using AI to scale attacks and lower barriers to entry

At the same time, the threat landscape is evolving. AI is lowering the barrier to entry for offensive cyber capabilities, enabling less sophisticated actors to execute attacks that previously required significant expertise. This is increasing both the volume and complexity of threats facing organizations. We’re seeing early responses to that with things like Anthropic’s Project Glasswing, which aims to bring together leading organizations to protect critical software.

The expansion is not limited to traditional network or endpoint attacks. AI is introducing new attack surfaces, from machine identities to autonomous agents and decision-making systems. It is also unleashing new forms of risk, including more advanced disinformation campaigns and other narrative-driven attacks that can impact markets and corporate reputations as much as technical systems.

Cyber defense is shifting toward autonomous, machine-driven models

As attackers scale their use of AI, defenders are being forced to do the same. Cybersecurity is moving toward a model where machine-driven systems play a central role in both detecting and responding to threats. In many cases, the dynamic is moving from human vs. machine, to machine vs. machine.

This shift is driving innovation across the market. New categories are emerging around securing AI systems and workloads, while established areas like endpoint security, data protection and vulnerability management are being rebuilt with AI at their core. These changes are enabling new capabilities but also increasing the pace of competition across the industry.

M&A and platform strategies are accelerating alongside AI innovation

The speed of innovation is also reshaping consolidation across cybersecurity. Larger platforms are moving to incorporate AI capabilities more quickly, while startups are building toward platform strategies earlier in their lifecycle. This is compressing timelines for both growth and acquisition. When incumbents can’t innovate quickly enough, they can buy instead.

Capital continues to play a central role in this dynamic. Strong funding environments are enabling companies to scale quickly, but they are also introducing risk when valuations outpace underlying performance. Some of the largest rounds are functioning as signals of market leadership as much as sources of operating capital.

There is growing awareness that not all these companies will meet expectations. The same conditions that enable rapid growth can also expose weaknesses quickly, particularly if customer adoption and revenue do not keep pace.

What founders and investors are watching for the rest of 2026

The defining characteristic of the current market is speed. The gap between companies that can adapt to these changes and those that cannot is widening quickly.

For founders, that means balancing urgency with discipline – building AI-native products while staying focused on real customer problems. For investors, it means identifying teams that can execute in a rapidly changing environment and build companies that endure beyond the current cycle.

The cybersecurity landscape has always evolved alongside technology and threat activity, but the pace of change today is different. The companies that emerge as leaders in the next phase of the market will be those that can operate effectively in that reality, where AI is foundational, competition is global, and the timeline for success is shorter than ever.

The post AI is separating the companies built to scale from the ones built to sell appeared first on CyberScoop.