Dealmaking for North American cybersecurity companies slowed sharply in 1Q26 as buyers reassessed valuations and technology defensibility due to the impact of artificial intelligence, said executives, advisors and investors.

The pullback marks a sharp reversal from 2025, which saw near-record deal volume of USD 62.9bn from several landmark transactions, including Google’s USD 32bn acquisition of Wiz, the largest cybersecurity deal ever, according to Mergermarket data.

After that surge, companies and investors have stepped back to evaluate which assets can withstand rapid AI‑driven disruption and which business models risk being commoditized.

Executives said uncertainty around how AI will reshape security products, pricing, and operating models has slowed decision‑making, while public‑market volatility for software companies has made valuation discussions more difficult.

Public cybersecurity stocks have undergone a broad valuation reset – the Nasdaq CTA Cybersecurity Index is down 14% from its October high – while private company valuations have slid well below the levels seen during the 2021–2022 funding boom.

Aleksandr Yampolskiy, CEO of SecurityScorecard, a third-party risk management specialist, described the current environment as a buyers’ market, with many startups seeking exits at steep discounts after raising capital at peak valuations.

Even with the steep discounts, caution abounds.

One company was recently offered to SecurityScorecard at a valuation of about USD 50m, down from roughly USD 800m during the prior cycle’s peak. Even at that price, the asset was unappealing, he said, because artificial intelligence had eroded much of its underlying value and defensibility.

^{Source: Mergermarket, data correct as of 30-Apr-26}

Valuation contraction

Deal discussions are now clustering around valuation multiples of 6x–8x annual recurring revenue, according to Yampolskiy, with only highly strategic targets that possess proprietary data, defensible technology, or system‑of‑record status commanding 8x–10x multiples.

Smaller startups with USD 10m–USD 20m of revenue, modest growth, and ongoing cash burn may struggle to achieve even 2x–3x ARR, he said.

That gap between leaders and laggards is widening, according to Domenic Perri, a partner and cofounder of boutique advisory Altitude Cyber.

Speaking at last month’s RSAC conference, Perri noted that in 2025, the median multiple for high-growth cybersecurity companies expanded to 13.7x revenue from 10.6x the year before, while slow-growth peers saw multiples contract to 3.5x from 4.5x.

“The market has become more selective,” Perri said. Revenue growth alone is no longer sufficient; buyers scrutinize the quality of the business, margins, platform relevance, and how AI helps or hinders it.

For some acquirers, the traditional build‑versus‑buy calculus has shifted. Previously acquisitive companies are pausing deal activity as AI makes internal development faster and cheaper. Reuven Aronashvili, CEO of cyber exposure management platform CYE, said his company had been in talks with three acquisition candidates in 2025, but those discussions no longer make sense.

“With AI it costs less to build in‑house,” Aronashvili said, adding that it now considers acquisitions primarily for capabilities, expertise, and differentiation rather than to accelerate time to market.

Despite the slowdown, funding pressure is creating a growing pool of potential acquisition targets. John Pagliuca, CEO of cybersecurity software provider N‑able, said he had seen more acquisition candidates in recent weeks than in the previous six months. Many software companies are facing refinancing needs and are choosing between down rounds and outright sales, he said, as valuations remain lower across both public and private markets.

“Fear of AI disruption has pressured (public) software company valuations,” said Mourad Yesayan, managing director at Paladin Capital. “But since those companies still have large cash positions, they are likely to use them fairly aggressively to acquire AI-native innovation.”

^{Source: Mergermarket, data correct as of 30-Apr-26}

Sponsors versus strategics

Financial sponsors have largely pulled back from new platform investments, constrained by a higher cost of capital and pressure to stabilize existing portfolio companies. Executives warned that private equity‑backed assets that fail to innovate risk further valuation erosion as AI reshapes the competitive landscape.

Strategics have partially filled that void. Check Point, Palo Alto Networks, CrowdStrike, and Zscaler have all made acquisitions in recent months, noted Perri. Cloud and data analytics platforms have also made big bets: ServiceNow agreed to pay USD 7.8bn for Armis last December, while Databricks entered the cybersecurity sector in March with the launch of Lakewatch, a security information and event management (SIEM) service, alongside the acquisition of Antimatter.

Kumar Saurabh, CEO of managed detection and response company AirMDR, said the current pause in activity is likely temporary. As AI technology matures and deployments reach scale, companies that can demonstrate real return on investment (ROI) should become attractive acquisition targets. The market needs time for “the dust to settle” before dealmaking resumes, he said.

An AirMDR survey of venture capital firms, private equity investors, and family offices found that 80% plan to increase investment in AI cybersecurity in 2026. Yet investments will be far more selective than before: only startups that show measurable ROI, help lower total security costs, and have defensible technical differentiation will win funding.

Next frontier

Agentic AI will be the next major competitive battleground. As organizations deploy autonomous agents, the challenge of securing non‑human identities, permissions, and actions becomes more acute.

Ankur Sheth, senior managing director at FTI Consulting, said demand is rising for AI-native governance frameworks that manage identity, task-level permissions, and oversight of autonomous agents. “Everyone is doing pieces of the puzzle. No one has brought them all together.”

Early movers in governance include Credo AI and Uno.ai.

Industry participants see the IPO market as volatile and are watching for high‑profile listings such as Anthropic and SpaceX as potential catalysts for a more favorable environment. Many continue to see selective M&A as the primary exit route for startups and sponsor‑backed companies.

Fundamentals remain supportive. Gartner projects global cybersecurity spending will grow 12.5% year-over-year to USD 240bn in 2026.

“Cybersecurity is still critical,” said Perri. “But the market feels it needs a reset compared to the record year we’ve just had.”