This week’s big news that Google’s parent company Alphabet is reportedly in advanced talks to acquire Israeli cybersecurity provider Wiz for $23 billion has excited VCs, sparking hopes of a rebound in venture-backed exits in the not-too-distant future.
The reported price tag is more than double the $11 billion pre-money valuation that Wiz achieved on raising its $1 billion Series E round just two months ago from such investors as Lightspeed Venture Partners and Andreessen Horowitz. A cyber company with a private or public valuation of over $1 billion was hard to find not very long ago, said Barmak Meftah, co-founder and general partner at Ballistic Ventures, a cybersecurity-focused VC firm.
“This deal marks a significant milestone in the cybersecurity exit landscape, and a strategic move by Alphabet demonstrating Google’s conviction to fortify its cloud security offerings,” Meftah told Venture Capital Journal. “This also illustrates the pace at which cybersecurity companies are scaling and exiting at unprecedented valuations.”
Building on momentum created by Palo Alto Networks becoming the first $100 billion cyber company in December, the Wiz acquisition signals “that the market is heating up and assuming stability in capital markets; all indications point to 2025 being a big year for both IPO and M&A activity,” Meftah added.
The deal could also motivate more companies that have experimented with generative AI pilot projects to overcome their hesitation and put them into full production, integrated into their workflows. Gen AI is a key focus for Wiz, whose PEACH framework is among a handful of security structures designed to help companies combat an increase in cyber threats arising from the expanded attack surface created by Gen AI.
Only 3 percent of 150 executives at major North American and European companies with revenues topping $1 billion had already scaled at least one Gen AI use case in their operations, according to a report McKinsey released in April. The survey also found that while 24 percent were piloting use cases, 63 percent were either still in exploratory mode or had not begun to deploy Gen AI in their operations at all.
McKinsey listed five reasons for the Gen AI production lag, including companies’ uncertainty about which type of AI tools to adopt, data architectures unsuited for training large language models and change management that could entail rewiring a company’s operating model to better align with IT needs.
Notably absent from the list: insufficient cybersecurity for AI.
In a May report on the rise of CyberAI, Silicon Valley Bank speculated that concerns about securing GenAI applications might impede their wider adoption. As investment in AI-related start-ups as a percentage of total US venture deals more than quadrupled from under 5 percent in 2011 to over 20 percent in 2023, investment in cybersecurity deals held steady at under 3 percent over the same period, according to SVB.
New tools
The pilot-production gap in Gen AI is something that Chip Hazard, a general partner at Flybridge Capital Partners, is thinking about. Flybridge backs Gen AI products and services.
While Gen AI relies on the availability of industry-specific proprietary data to be most effective, Hazard said he doubts companies will be willing to turn over their source code or other proprietary data to a vendor to build a better AI coding assistant. But giving customers the ability to use a third-party system to run their own analytics within their own security controls and compliance framework is different.
“The opportunity for a lot of companies that have well-organized data is to build their own internal AI stack,” said Hazard. He said that every Fortune 500 company will eventually be able to do that, likely aided by open-source models like OpenAI, and will build those models “to their purposes to address this issue of security and privacy.”
One of Flybridge’s portfolio companies, TrojAI, sells security options that “make sure that if you build those models, those models are secure and they don’t leak data,” Hazard noted. “That’s a significant opportunity because customers are smart and recognize that they need to control their own data and make sure they don’t divulge corporate secrets but also don’t divulge [personally identifiable information] and other information inadvertently.”
YL Ventures, whose newest partner, Justin Somaini, was profiled by VCJ this week, sees a similar opportunity for cybersecurity start-ups that aren’t designed specifically for Gen AI risks. Its portfolio company Miggo, whose application detection and response platform aims to stop application breaches, hopes to assure customers that their AI-enabled apps are running safely and that adversaries can’t exploit them for their own purposes.
And Palo Alto Networks announced in May that it was launching new security solutions imbued with Precision AI to help customers protect themselves from advanced threats and safeguard AI adoption.
“From a category that didn’t exist in 2022, last year we saw 7 new Israeli cybersecurity start-ups in this field – and if the RSA expo [held in San Francisco in May] was any indication, we’ll be seeing many more in the next few years,” YL Ventures noted in its recent online magazine. “Their main focus will inevitably be allowing the adoption of this technology without suffering security repercussions.”