AI-powered cyberattacks are up 89% year over year, and Google just paid $32B to buy a cloud security startup because of it. That's the short answer. The longer answer is more interesting.
Cybersecurity has quietly become one of the clearest places to watch AI's economic impact in real time, because both sides of the fight — attackers and defenders — are using the same underlying models. That symmetry is producing some of the largest deals and fastest-growing threat numbers in tech right now.
AI Cybersecurity in 2026: How Attack and Defense Are Both Escalating
AI cybersecurity in 2026 means an arms race where attackers use AI to automate phishing and find vulnerabilities at machine speed, while defenders use AI to detect and respond faster than human analysts alone. CrowdStrike's 2026 Global Threat Report found attacks involving AI-using adversaries rose 89% year over year, while the global cybersecurity market is projected to hit $248B this year as enterprises rebuild defenses around that shift.
The AI Cybersecurity Attack Surface in 2026: Attacks Up 89%
The attacker side of this story is not subtle. Beyond CrowdStrike's 89% year-over-year jump in AI-adversary activity, 82.6% of phishing emails now use AI, and AI-generated phishing achieves click-through rates more than 4x higher than human-written attempts — one campaign against 800 accounting firms hit a 27% click rate using AI-written emails alone. Business Email Compromise losses totaled $2.77B, with BEC volume up 54% in the first half of 2025 versus 2023.
Deepfakes are the sharpest edge of it. Deepfake fraud attempts are up 2,137% over three years, averaging nearly $500,000 in losses per incident in 2024 — and engineering firm Arup lost $25.6M to a single deepfake video call impersonating its CFO. The FBI formally tracked "AI-related" fraud as its own crime category for the first time in 2026, logging over 22,000 complaints and roughly $900M in attributed losses, a figure investigators believe significantly undercounts the real total. The World Economic Forum's Global Cybersecurity Outlook found 73% of organizations were directly hit by cyber-enabled fraud in 2025.
AI-Driven Attack Growth Across Categories
Deepfake fraud has scaled faster than any other AI-attack category over the same multi-year window.
CrowdStrike 2026 Global Threat Report, World Data, Vectra AI, CNIC Solutions — figures cover 2023–2026 as noted.
AI Cybersecurity Defense: Inside the $32B Wiz Deal and the M&A Wave
Google first offered Wiz $23B in the summer of 2024; Wiz turned it down to chase an IPO instead. Eight months later Google came back with $32B in cash, a 39% premium over the rejected bid, and the deal finally closed on March 11, 2026 after US and EU regulators signed off. At roughly 32x Wiz's $1B+ ARR, it's the richest multiple paid in any major cybersecurity acquisition and the third-largest tech deal in recent memory, behind only Microsoft-Activision ($69B) and Broadcom-VMware ($61B).
Wiz isn't the only deal reshaping the field. CrowdStrike, whose market cap crossed $90B in March 2026, bought identity security startup SGNL for $740M in January and added another $1.5B in XDR-platform acquisitions in Q1. Palo Alto Networks spent $2.8B on a cloud security startup in the same quarter. Track how these late-stage marks compare to broader private-market pricing on our AI Valuations dashboard.
| Deal / Metric | Value | Date / Context |
|---|---|---|
| Google–Wiz acquisition | $32B | Closed Mar 11, 2026; ~32x ARR |
| Wiz annual recurring revenue | $1B+ | Crossed in 2025 |
| CrowdStrike market capitalization | $90B+ | As of March 2026 |
| CrowdStrike–SGNL acquisition | $740M | Identity security, closed Jan 2026 |
| Palo Alto Networks cloud security deal | $2.8B | Q1 2026 |
| Global cybersecurity market size | $248B | 2026 projection |
| Cybersecurity VC funding | $18B | Full-year 2025, seed–growth, +26% YoY |
| Q1 2026 cybersecurity VC funding | $4.9B | Per Crunchbase |
Figures are 2025–2026 deal and market-size data blended from TechCrunch, CNBC, Crunchbase News, and Help Net Security. Market-size and VC-funding figures are third-party estimates; acquisition prices reflect confirmed, closed deal terms.
AI Cybersecurity Venture Funding in 2026: Where the Money Is Going
Cybersecurity VC funding hit roughly $18B in seed-through-growth rounds in 2025, up about 26% from an estimated $14.3B in 2024, and Crunchbase tracked $4.9B more in Q1 2026 alone — an annualized pace above $19B if it holds. AI-focused security products led deal volume, splitting into two camps: startups protecting AI models and agents as a new attack surface, and startups using AI to automate detection and response. See how this compares to overall AI capital flows on our Unicorns dashboard.
The early-stage deals show exactly where that split is playing out. Native, a cloud security startup founded by AWS veterans, raised a $31M Series A led by Ballistic Ventures in March 2026, part of a $42M total round with General Catalyst, YL Ventures, and Merlin Ventures. WitnessAI, which secures AI agents and enterprise LLM usage, raised $58M in January 2026 led by Sound Ventures with Forgepoint Capital and Qualcomm Ventures participating, up from a $27.5M Series A in May 2024. The specialist funds behind these rounds are themselves scaling: Ballistic Ventures is deploying a $360M Fund II plus a new $100M vehicle, and Forgepoint Capital now manages over $1B in AUM dedicated to security-only bets.
Cybersecurity VC Funding, 2024 vs 2025 vs Q1 2026 Annualized ($B)
2025 funding grew 26% over 2024, and Q1 2026's pace is already tracking above the full 2025 total.
Crunchbase News — seed-through-growth cybersecurity funding; 2024 figure derived from the reported 26% YoY growth rate; Q1 2026 annualized by multiplying the reported quarter by four.
The IPO Path: Why Netskope and Rubrik Went Public While Wiz Sold Instead
Not every cybersecurity company is choosing the M&A exit. Netskope, backed by Lightspeed Venture Partners, priced its September 2025 IPO at $19 a share against an initial $15–17 target, then popped 21% on debut to close near an $8.79B valuation — more than the $7.5B mark it carried after a 2021 growth round. Rubrik, also Lightspeed-backed, went public in April 2024 and jumped 16% on its first trading day, proving there was investor appetite for cybersecurity IPOs again after a multi-year drought.
Wiz had that same option and walked away from it. The company was reportedly gearing up for its own IPO before Google's $32B all-cash offer made staying private and building alone look like the worse bet financially. PitchBook has flagged roughly nine more cybersecurity startups as plausible 2026 IPO candidates, but the Wiz outcome makes clear that for AI-native security companies with real ARR, acquisition by a hyperscaler can now out-price even a strong public debut.
What Could Break the AI Cybersecurity Boom
The obvious risk is that valuations are running ahead of proof. A 32x ARR multiple for Wiz only makes sense if AI-native cloud security becomes as indispensable as the cloud itself — a bet Google is underwriting with $32B in cash. If AI-generated attacks plateau instead of compounding, or if incumbents like CrowdStrike and Palo Alto Networks out-build the AI-native upstarts through M&A rather than losing to them, a chunk of the $18B in fresh VC money lands in companies that get acquired for parts rather than built into independent platforms.
The other risk cuts the other way: AI-generated attacks are advancing faster than most enterprise security budgets can absorb. A 27% click rate on an AI-written phishing campaign against accounting firms, or a single $25.6M loss from one deepfake call, both suggest that the defense side of this market — despite $248B in projected 2026 spend — is still catching up to attackers who adopted AI first and cheaply.
The Bottom Line
AI cybersecurity is now a two-sided arms race with real money on both ends: 89% more AI-powered attacks, a $32B acquisition to answer them, and $18B in fresh VC funding chasing whoever builds the next Wiz or CrowdStrike. The deals so far — Wiz, SGNL, the Palo Alto Networks cloud security buy — say hyperscalers and incumbents would rather acquire AI-native defense than build it from scratch under attacker-speed pressure. For investors, the read is that this is now infrastructure spend, not a niche security category, and the next marker to watch is whether Wiz's 32x ARR multiple becomes the new floor or the peak for the cycle.