12 Cybersecurity Deals, $258M, 5 Days: AI Is Both the Threat and the Shield

Over five days this week, twelve cybersecurity startups collectively raised more than $258 million. That figure alone would be noteworthy. But look closer at what these companies actually do, and a pattern emerges that says more about the current state of technology than any earnings call or market forecast.

Nearly every deal this week involved AI — not as a buzzword bolted onto a pitch deck, but as the core product thesis. Some of these companies use AI to attack. Others use AI to defend. And a growing number exist specifically because AI itself has created new categories of vulnerability that didn't exist two years ago.

The $120M Elephant: Identity Is the New Perimeter

Oasis Security's $120 million Series B dwarfed every other cybersecurity deal this week, and for good reason. As organizations accelerate their adoption of non-human identities — API keys, service accounts, machine credentials — the attack surface has quietly multiplied. Oasis is building the management layer for this new reality, and investors clearly agree that identity security is where the next major breach will originate.

The round is one of the largest cybersecurity Series B raises of 2026 so far, reflecting a broader market conviction that identity management is no longer a niche concern but a foundational infrastructure requirement.

AI Agents Go on Offense

The most striking trend this week wasn't defensive. It was offensive.

RunSybil raised $40 million in a Series A specifically to deploy AI agents that autonomously probe and attack systems — ethical hacking at machine speed. The premise is simple and unsettling: if threat actors are using AI to find vulnerabilities faster, defenders need AI that can find them first.

Meanwhile, Corridor, founded by two 26-year-olds who left the Department of Homeland Security, pulled in $5.4 million in seed funding for a similar thesis — AI-native cyber tools built by people who've seen the threat landscape from the inside. The company's DHS pedigree lends it a credibility that most seed-stage startups can only dream of.

When AI Writes the Bugs

Here's the part that should make every CTO pause: AI-generated code is introducing vulnerabilities at scale, and a new class of security companies is emerging specifically to deal with this problem.

Paris-based Escape raised €15 million ($18 million) in a Series A that directly addresses the explosion of security flaws in AI-generated code. As development teams increasingly rely on coding assistants, Escape's bet is that the volume of insecure code will grow faster than human reviewers can keep up with. The only viable defense is automated scanning that matches the speed of automated code generation.

Eclypsium's $25 million raise in Portland tackles an adjacent problem: securing the actual infrastructure that AI systems run on. From firmware to supply chain integrity, Eclypsium is building security for the hardware layer that most AI companies take for granted.

Together, these two deals paint a picture of a market where AI is simultaneously the product, the threat, and the thing being protected.

Europe Punches Above Its Weight

Four of this week's twelve deals came from outside the United States, and Europe in particular showed strength.

France contributed two deals: Escape's $18 million Series A and Lupin & Holmes' $5.9 million pre-seed, an unusually large pre-seed that signals strong early conviction in the French cybersecurity ecosystem. Italy added two as well: Gyala's €4 million Series A focused on IoT security, and a PE-backed M&A deal where Errevi System acquired Netech to build an Italian IT security consolidation platform targeting €50 million in revenue.

Even Nigeria appeared on the board. Cybervergent's $3 million seed round targets AI-powered compliance — a sign that cybersecurity demand is genuinely global, driven by regulatory pressure that doesn't stop at Western borders.

Seed Rounds Are Not What They Used to Be

Raven raised $20 million in what was technically a seed round for runtime application security. That number would have been a healthy Series A just three years ago. The company is building real-time security monitoring for applications in production — a problem that grows linearly with every new deployment.

The average seed round across this week's cybersecurity deals was $9.6 million, while Series A rounds averaged $20.7 million. Series B came in at $54 million on average, pulled up by Oasis Security's outsized raise. These numbers suggest that cybersecurity investors are willing to write larger checks earlier, likely because the market's growth rate justifies faster scaling.

Allure Security's $17 million Series B rounds out the picture — the company fights digital impersonation and disinformation using AI, another threat category that barely existed at scale before generative AI made it trivial to create convincing fakes.

What This Tells Us About Q2

Twelve deals in five days is a pace that, if sustained, would produce nearly 125 cybersecurity transactions per quarter. The capital intensity is rising, the geographic base is widening, and the problem set is expanding faster than the solution set.

Three forces are converging. First, AI adoption is creating new attack surfaces — non-human identities, AI-generated code, deepfake-powered social engineering. Second, regulatory pressure in Europe, Africa, and Asia is forcing organizations to invest in compliance-grade security infrastructure. Third, the cybersecurity talent shortage means that AI-powered tools aren't a nice-to-have; they're the only way to scale defense capabilities without proportionally scaling headcount.

For investors, the takeaway is clear: the cybersecurity market is no longer just about defending traditional IT infrastructure. It's about defending AI systems, defending against AI-powered attacks, and using AI to do both. The companies that raised this week are building for that reality. The ones that didn't may already be behind.