$33.9 Billion in 90 Days: The AI Security Acquisition Frenzy and What It Means for You

In the first 90 days of 2026, more than $33.9 billion changed hands in AI security acquisitions.

That's not a typo. In one quarter, the security industry spent more on AI security acquisitions than most AI security startups will ever generate in lifetime revenue. And the pattern is clear: every major security platform is buying its way into AI security, because none of them built it.

If you're a CISO or CTO choosing AI security tooling right now, this matters. Because the product you buy today might not exist as an independent product in six months.

The Deals

Here's what happened in Q1 2026 alone:

Acquirer	Target	Price	Date	What They Got
CrowdStrike	SGNL	$740M	Jan 8, 2026	AI identity security, dynamic credential management
Proofpoint	Acuvity	Undisclosed	Feb 12, 2026	AI governance, MCP server visibility
Palo Alto Networks	Koi	~$400M	Feb 17, 2026	Agentic endpoint security, MCP/agent governance
OpenAI	Promptfoo	~$86M valuation	Mar 9, 2026	AI security testing, red teaming
Google	Wiz	$32B	Mar 11, 2026	Cloud + AI security (largest VC-backed acquisition ever)

Sources: CNBC, Proofpoint, TechCrunch, Google/Wiz public announcement.

And this follows the H2 2025 spree:

Acquirer	Target	Price	What They Got
Check Point	Lakera	~$300M	Prompt injection defense, runtime guardrails
SentinelOne	Prompt Security	~$250M	GenAI DLP, shadow AI discovery
F5	CalypsoAI	$180M	AI guardrails, red teaming
Palo Alto Networks	Protect AI	Undisclosed	Model scanning, AI red teaming
ClickHouse	Langfuse	Undisclosed	LLM observability
Mintlify	Helicone	Undisclosed	LLM observability (now maintenance mode)

The AI security market — projected to grow from $30.92B in 2025 to $86.34B by 2030 — is consolidating before most teams have even finished their first procurement cycle.

What's Actually Happening

Every deal follows the same pattern:

1. A big platform company (CrowdStrike, Palo Alto, Check Point, SentinelOne, F5, Proofpoint) realizes it has zero AI security capability.
2. It buys a startup that built something relevant.
3. The startup's product gets absorbed into the platform. Enterprise sales. Platform pricing. Existing customers get locked in.
4. The startup's independent roadmap dies. Features that don't serve the platform get deprioritized.

This is the Cisco playbook applied at speed. And it's happening across the entire AI security category simultaneously.

Lakera was developer-friendly before Check Point bought it. Prompt Security had a reasonable standalone product before SentinelOne absorbed it. Helicone had 16,000 organizations using it before Mintlify acquired it and put it in maintenance mode. Langfuse was the most popular open-source LLM observability tool before ClickHouse acquired it.

Each acquisition removes an independent option from the market.

Why This Matters If You're Buying

1. The product you evaluate isn't the product you'll use in a year

When Check Point bought Lakera for ~$300M, Lakera was an API-first prompt security tool with a free tier (10K API calls/month). Post-acquisition, it's being integrated into Check Point Infinity — an enterprise platform that requires Check Point infrastructure.

When SentinelOne bought Prompt Security for ~$250M, Prompt Security had browser extensions, desktop agents, and API monitoring that worked independently. Now it's bundled with SentinelOne Singularity. You can't buy it standalone.

The product demo you saw last quarter may no longer be available as a standalone tool. Ask your vendor: "If you get acquired next quarter, can I keep using this without adopting the acquirer's full platform?"

2. Platform lock-in is the real cost

The sticker price of these tools isn't the problem. The problem is what happens after.

Netskope's full SASE platform runs $200-536/user/year. Zscaler is $72-375/user/year, with recent 35%+ price increases. Palo Alto is the most expensive vendor in the space with custom enterprise pricing. SentinelOne bundles AI security into Singularity platform pricing.

Once you're on one of these platforms, switching costs are enormous. Your security policies, your alert configurations, your integration points — all platform-specific. That's the point. The acquisition isn't about the technology. It's about customer acquisition and lock-in.

3. The observability tools are disappearing

This one caught me off guard.

Helicone — used by 16,000 organizations for LLM observability — was acquired by Mintlify and immediately entered maintenance mode. If you were using Helicone for cost tracking and request logging, you need a new tool. Now.

Langfuse — the most starred open-source LLM observability project — was acquired by ClickHouse in January 2026. It's still running, but the roadmap now serves ClickHouse's database strategy, not independent observability needs.

Braintrust raised $80M at an $800M valuation in February 2026 — one of the few remaining independent observability players, but at that valuation, an acquisition is a matter of when, not if.

If you built your AI monitoring stack on one of these tools, you're either already migrating or you will be.

4. Even AI providers are buying security

OpenAI acquiring Promptfoo in March 2026 broke the pattern. Promptfoo isn't a security platform — it's a red-teaming and testing tool used by 25% of the Fortune 500. OpenAI bought it to build "secure by default" into their own platform.

This signals something important: AI providers don't trust third-party security either. They're building (buying) their own. And when the provider owns the security tool, the security tool serves the provider's interests — not yours.

The Pattern Behind the Pattern

Step back and look at the full picture:

• CrowdStrike bought SGNL ($740M) for dynamic credential management. They now control how AI agents get credentials.
• Palo Alto bought Protect AI and Koi (~$400M+). They now own model scanning and agent endpoint security.
• Check Point bought Lakera (~$300M). They now own runtime prompt injection defense.
• SentinelOne bought Prompt Security (~$250M). They now own shadow AI discovery and GenAI DLP.
• F5 bought CalypsoAI ($180M) and LeakSignal. They now own AI guardrails and data leakage detection.
• Proofpoint bought Acuvity. They now own AI governance with MCP server visibility.
• Google bought Wiz ($32B). They now own the cloud security platform everyone else was building on.

Every layer of the AI security stack is being claimed by a platform company. Runtime protection, prompt security, credential management, observability, testing, governance — all being absorbed.

The AI security startup ecosystem that existed in mid-2025 is being dismantled. What replaces it is a set of platform-specific features that only work if you've bought the platform.

What to Do About It

I'm biased — I build an independent AI security tool — but here's what I'd tell anyone evaluating vendors right now:

1. Avoid single-vendor dependency for AI security

If your AI security runs on Palo Alto and Palo Alto decides to deprioritize the feature you need, you have no recourse. If your observability ran on Helicone, you already learned this lesson.

Diversify your AI security stack the same way you diversify cloud providers. No single vendor should control your visibility into AI traffic.

2. Favor tools that run locally

Cloud-routed security (Netskope, Zscaler) creates a structural dependency: your security only works if their infrastructure works. It also routes every AI prompt — every line of code, every credential, every piece of context — through a third party's cloud.

Local-first tools eliminate both problems. If the vendor disappears tomorrow, the tool keeps running on your machine.

3. Favor open source where possible

When Helicone got acquired, its 16,000 users had no option but to migrate. If the tool had been self-hosted open source, the acquisition wouldn't have affected anyone's production system.

Open-source tools with local deployment give you independence from the M&A cycle. The code is on your machine. The vendor's corporate strategy doesn't affect your security posture.

4. Lock in data portability now

Before you deploy any AI security tool, ask: "Can I export my data in a standard format?" If your security alerts, cost data, and usage logs are locked in a proprietary format, every acquisition makes the switching cost higher.

SQLite databases, standard JSON exports, open telemetry formats — these are the tools that survive vendor churn.

The Market in Six Months

Here's my prediction for H2 2026:

More acquisitions are coming. Noma Security (1,300% ARR growth, $132M funding), Lasso Security, Pillar Security, and Knostic are all plausible targets. The Israeli AI-security corridor alone has half a dozen acquisition-ready startups.

$18 billion was invested in cybersecurity startups in 2025 — a 26% increase over 2024. That money needs to exit. Acquisitions are the exit.

By the end of 2026, the "independent AI security startup" category will be a fraction of its current size. What remains will be platform features inside Palo Alto, CrowdStrike, Check Point, SentinelOne, and Zscaler.

The question for every team is simple: do you want your AI security controlled by one of these platforms, or do you want something that runs independently, locally, and survives regardless of what happens in the M&A market?

Where We Stand

CitrusGlaze is a local MITM proxy for AI traffic. It scans every AI request for secrets (254+ patterns), tracks costs per request, discovers shadow AI tools, and does all of it on your device. Your data never touches our infrastructure because we don't have infrastructure to touch.

We're open source. We run locally. We store everything in SQLite. If we disappeared tomorrow, the tool would keep working on your machine.

That's not a bug in our business model. In a market where $33.9 billion in acquisitions happened in 90 days, it's the feature.

Install in 5 minutes: bash install.sh

citrusglaze.dev

---

All acquisition prices and dates are sourced from public announcements, CNBC, TechCrunch, and company press releases. Market size projections from Gartner. Funding data from Crunchbase and company announcements. "Maintenance mode" status for Helicone confirmed via their official blog post.