CyberSecurity
Cyber 150 Awards Reveal AI Security Startups Are Leading Industry Growth
Cyber 150 Awards Reveal AI Security Startups Are Leading Industry Growth
What does it take to stand out in a field of 4,000 cybersecurity vendors? For 33 fast-growing companies, the answer is artificial intelligence. The latest Cyber 150 awards from analyst firm IT-Harvest spotlight the mid-size security companies scaling fastest globally, and a clear trend has emerged: AI security isn’t just a niche—it’s becoming the engine of industry innovation.
AI Security Takes Center Stage in 2026 Rankings
The numbers tell a compelling story. Of the 150 companies honored in the 2026 cohort, 33—or 22%—are categorized as AI security providers. This category now represents one of the largest and most dynamic segments among the winners. It’s a significant concentration of talent and capital in a specific technological approach to digital defense.
These aren’t just theoretical ventures. They’re well-funded operations attracting serious investment. Take 7AI, which has secured $202 million in funding and employs 76 people. Or Adaptive Security, with $136 million raised in 2025 and a team of 187. Noma Security rounds out the heavy hitters with $132 million in total funding, $100 million of which arrived last year, supporting 105 employees.
The growth metrics are even more striking. Topping the list for expansion is Tenex.ai, a US-based provider of AI-enhanced managed detection and response (MDR) services. The company recorded a staggering 318% growth over the past year. Its model, which blends artificial intelligence with human security expertise, appears to be resonating strongly with enterprises facing increasingly sophisticated threats.
A Snapshot of the Broader Cybersecurity Landscape
While AI security dominated the headlines, other traditional cybersecurity domains remain vital. Governance, risk, and compliance (GRC) was the second-most represented category, with 24 companies making the list. Security operations followed with 15 companies, while application security and data security tied with 13 companies each.
The geographic distribution of winners highlights established tech hubs. The United States is home to 89 of the 150 companies. Israel, often called the “Startup Nation,” claims 27 spots. The European Union hosts 16 winners, and non-US Five Eyes countries (Canada, Australia, and the UK) account for 14.
Funding stories within the cohort reveal diverse paths to scale. Upwind, a US security operations startup, holds the record for the largest total raise at $430 million. Meanwhile, Italian IoT security firm Exein had an exceptional 2025, pulling in nearly $190 million in a single year.
Constant Churn Defines the Fast-Growth Arena
The Cyber 150 list is designed to capture a specific moment in a company’s lifecycle: the rapid growth phase between 50 and 500 employees. This creates natural turnover. The 2026 cohort saw 103 brand-new entrants, meaning nearly 70% of the list was fresh faces.
Only 47 companies managed to stay on the list from the previous year. Their continued presence indicates sustained positive growth, but not enough to push them past the 500-employee ceiling that defines “graduation.”
And graduate some did. Eight companies from the 2025 list grew so successfully they exited the mid-size category altogether. Chainguard, Coralogix, Cyera, Group-IB, miniOrange, Persona, Silverfort, and Tines have all surpassed 500 employees, moving into a new tier of the cybersecurity market. Their departure makes room for the next wave of contenders.
What This Means for the Future of Cybersecurity
Richard Stiennon, founder of IT-Harvest, positions the Cyber 150 as a tool to “identify the companies that are emerging as the next leaders of cybersecurity.” The data suggests those future leaders are increasingly betting on artificial intelligence. The concentration of funding and growth in AI security startups points to a broader industry shift.
Enterprises are voting with their budgets, seeking solutions that can automate threat detection, accelerate response times, and manage the overwhelming volume of security data. The success of companies like Tenex.ai, which combines AI with human oversight, also hints that the winning formula may not be pure automation, but intelligent augmentation.
The cybersecurity market continues to expand at a breakneck pace, now encompassing those 4,000 vendors and 11,000 products. In such a crowded and critical field, awards like the Cyber 150 provide a valuable signal. They cut through the noise to highlight who is scaling, who is innovating, and which technological bets—like AI—are currently paying off the most.
Zero-Day Attacks Hit Record High as Enterprise Software Becomes Prime Target
Imagine discovering a hidden door into your company’s most secure systems—a door the builders didn’t know existed. That’s the reality of zero-day vulnerabilities, and according to Google’s Threat Intelligence Group, attackers are finding more of these secret entrances than ever before. Their latest analysis reveals a troubling shift in where cybercriminals are focusing their efforts.
The numbers are stark. In 2025, Google tracked 90 zero-day vulnerabilities that were actively exploited before patches were available. That’s up from 78 the previous year. What’s more significant than the total count, however, is where these attacks are landing. Nearly half—48%—targeted enterprise software and appliances directly. The corporate network is no longer just a pathway to individual targets; it’s become the main prize.
Why Attackers Are Targeting Your Company’s Core Infrastructure
Google’s researchers describe this as a “structural change in the threat landscape.” Why the sudden pivot? Enterprise tools offer something attackers crave: leverage. A single vulnerability in a security appliance or network switch can provide privileged access across an entire organization. It’s the digital equivalent of stealing a master key instead of picking individual locks.
Think about what sits at the edge of your network. Routers, firewalls, VPN concentrators—these devices often operate with high-level permissions. They’re also frequently overlooked during routine security checks. Attackers know this. They’ve realized that compromising one edge device can open pathways to sensitive data, financial systems, and intellectual property on a massive scale.
“Attackers are deeply embedding themselves in critical business infrastructure,” the Google report states. This isn’t about stealing a single laptop anymore. It’s about establishing a persistent, privileged position within the very systems that keep a business running.
Security Appliances: The New Front Line
Here’s a sobering statistic: of the zero-days targeting enterprise technology, almost half—21 out of 43—specifically hit security and networking solutions. The very tools designed to protect organizations are becoming primary targets. The irony is painful, but the logic is coldly rational from an attacker’s perspective.
Why target a security appliance? Because success grants extraordinary power. These systems often have permissions to inspect traffic, manage access controls, and communicate with nearly every other device on the network. A compromised firewall doesn’t just fail to protect; it can actively facilitate attacks while remaining invisible to monitoring tools.
This targeting represents a fundamental evolution in cyber strategy. Attackers are bypassing traditional defenses by exploiting the defenders’ own tools. It’s a reminder that no software is inherently trustworthy, and that defense-in-depth must include the security products themselves.
End-User Threats Persist as Browser Attacks Decline
While enterprise targeting grows, individual users haven’t been forgotten. 52% of tracked zero-days in 2025 still targeted end-user platforms, with operating systems—particularly Microsoft Windows—remaining the most frequent victims. Mobile operating systems saw a notable jump, with 15 zero-days compared to nine the previous year.
One surprising bright spot emerged in the data: browser-based zero-days dropped to just eight, what Google calls a “historical low.” This isn’t necessarily because attackers have lost interest. Researchers suggest improved browser security has made exploitation harder, while sophisticated attackers have become better at hiding their tracks, making their activities less visible to researchers.
The gap between enterprise and end-user targeting is narrowing. As corporate infrastructure becomes more valuable to attackers, the traditional distinction between “work” and “personal” targets blurs. Your company’s network is now the battlefield.
Defending Against the Inevitable Attack
Google’s conclusion is blunt: prepare for when you’re targeted, not if. The continuous discovery of zero-days by nation-state groups, cybercriminals, and ransomware operations means every organization is potentially vulnerable. What separates the compromised from the secure isn’t perfect prevention—it’s effective response.
The report emphasizes architectural security. Systems should be designed with “ingrained security awareness,” implementing segmentation and least-privilege access by default. Know what assets you have. Maintain a real-time inventory that’s regularly audited. You can’t protect what you don’t know exists.
Continuous monitoring becomes non-negotiable. Pair anomaly detection in both systems and networks with refined, actionable alerts. The goal isn’t to prevent every attack—that’s increasingly impossible with zero-days—but to detect and respond to threats as they occur. Speed is everything when dealing with vulnerabilities that have no known patch.
Ultimately, the record number of zero-day exploits targeting enterprise software serves as a wake-up call. The attack surface has expanded beyond individual devices to encompass the entire infrastructure that supports modern business. Defense must evolve accordingly, recognizing that the tools we rely on for protection have themselves become targets.
Zero-Day Attacks Hit Record High as Enterprise Software Becomes Prime Target
Cyber 150 Awards Reveal AI Security Startups Are Leading Industry Growth
Cyber 150 Awards Reveal AI Security Startups Are Leading Industry Growth