Over the last few months, we’ve seen an onslaught of AI Security acquisitions - all at strong margins for investors. One might look at these and think they’re all the same, but each actually tells a slightly different story. We just published an in depth AI security market report on each of these vendors, so it’s worth unpacking some similarities and differences between these acquisitions.

In this article, we’ll discuss the six recent AI Security acquisitions:

Breaking Down the Acquisition Strategies and Customer Value

The two acquisitions with the clearest use cases :

While each of these acquisitions makes a surprising amount of sense, there are two that bring clear and immediate value propositions to their customers:

1. SentinelOne’s acquisition of Prompt Security. Of the acquisitions so far, Prompt and Aim provided the most comprehensive AI security platforms. They had solutions for browsers, endpoints, APIs, network proxies - basically anywhere that AI lived, they could provide visibility and some amount of control. In part because of that breadth, they were weakest at advanced application protection use cases, as well as what’s being referred to as “semantic permissioning,” i.e. determining if access is appropriate for a user based on the context of their request.Prompt and Aim were both strongest on the endpoint side of the AI security equation: providing visibility and protection for end users navigating workplace AI tools from ChatGPT to Microsoft Co-pilot. Both provided strong detection capabilities via browser plugin and other forms of endpoint controls. This acquisition makes sense for SentinelOne, looking to use their endpoint technologies to provide greater visibility and control for employee usage of generative AI - a clear and immediate value to their customer base.

2. Cato Network’s acquisition of Aim Security. Similar to the SentinelOne acquisition, this makes a lot of sense to bolster Cato’s visibility and control of employee facing AI usage. SASE providers already have the necessary data to control AI Security usage, but they need the expertise to capitalize on the possibilities of their deep network controls. Aim’s familiarity with the data and the approaches will enable them to move quickly on the possibilities, expanding what’s possible on the AI front.

The acquisitions with more nuanced value adds

While Cato and SentinelOne’s acquisitions make straightforward sense for expanding endpoint security, the other acquisitions fit into broader AI acquisition territory.

1. Palo Alto’s acquisition of ProtectAI was an interesting one because it indicates their confidence in building the firewall use cases in house. Palo has already deployed a lot of network based AI security controls, and an acquisition here wouldn’t have been as helpful for them. Conversely, ProtectAI was very application focused - providing testing, red teaming, runtime protection, etc. This acquisition points to Palo’s continued diversification of a security portfolio, building out more of their capabilities around what might be considered application or cloud security.

2. Tenable’s acquisition of Apex is the least straight-forward of the acquisitions, and likely has more to do with the team than the product. Apex’s approach to AI security was heavily network based, providing some great capabilities around in-flight data protection and alerting, but they expanded into the more platform areas like APIs. Tenable’s acquisition notes here involve expanding to cover the “AI Attack Surface” which I interpret to mean incorporating Apex’s LLM detections from an attack surface management perspective, highlighting what AI technologies are in use. I would be shocked to see Tenable release a network proxy however to bring Apex’s capabilities in house.

3. Snyk’s acquisition of Invariant Labs is the most targeted of the acquisitions here, and is built around bringing runtime AI application protection in house. Invariant provided a series of tools for building application guardrails for AI applications. This seems to indicate that Snyk has a targeted product specific approach for getting into the real time AI protection game, which makes sense given LLM’s being non-deterministic, and static analysis providing less value (e.g. “you’re not begging the model hard enough not to be vulnerable to prompt injection!”). Snyk’s focus here is an early indicator of application security vendors focusing more on AI development and AI protection than the larger AI platform offerings, which makes sense.

4. CrowdStike’s acquisition of Onum is a pure data play rather than having much to do with AI security. CrowdStrike’s backend data model has heavily evolved over the last ten years, and the acquisition of Onum is about that continued evolution - from batch oriented SIEM architecture, to faster processing of telemetry. This is an important step in their ability to function as a modern holistic data platform that can process massive diverse logs at scale.

Key thoughts on the AI security market for companies and customers:

1. The AI Security platforms have set themselves up well for acquisition success, especially for the massive endpoint security market. While installing an additional agent or browser plug–in was a tough pill to swallow for the capabilities by themselves, they’re well accepted in the context of existing platforms.

2. Palo and Snyk’s acquisitions are the most forward thinking, as the real long term risk resides in letting non-deterministic outputs loose with sensitive user information. CISO’s continue to worry about employee AI usage falling in line with company policies, but it’s difficult to see how much longer this concern lasts outside of being just another flavor of DLP. For unregulated industries, an employee using LLM carries little more risk than a search engine.

3. It’s a go big or go acquisition time for the AI Security market. Noma’s fundraising of 100 million dollars suggests a bet on a distinctive AI Security platform that can rise as the “next CNAPP” opportunity, but there are several rivals who have yet to make the decision.

4. There’s an interesting subtext here as well that every acquisition is also in some way an “AI acquisition” as companies look to aqui-hire specialist talent, and the investor story needs some AI juice to get it to the finish line, regardless of what the current product does.

5. Creating a strong brand that sets you apart is critical for a winning business strategy- there are a ton of startups here, but the ones getting acquired quickly and at a premium are the ones with the biggest names and most hype behind them. As I stated in our Black Hat summary, AI Security at the moment is really whatever you say it is as best practices have yet to be established, so brand and trust carry more weight than product details.