CRWD and PANW Earnings Report; Mythos Expands; and MSRC Threatens Researcher
Plus: Security funding is up, Bumblebee lands, Cyera eyes $12B, and Dragos moves deeper into xIoT.
Welcome to The Cybersecurity Pulse (TCP)! I’m Darwin Salazar, Head of Growth at Monad and former detection engineer in big tech. Each week, I bring you the latest security innovation and industry news. Subscribe to receive weekly updates! 📧
The 2026 AI in Enterprise Security Survey
We built Surf AI to fix how enterprise security teams operate. Before we publish our take on where things stand in 2026, we want to hear from the people running those teams.
17 questions. Five minutes. One respondent wins a Peloton.
Hi 👋 - Hope you’re having a great week wherever you’re reading from!
Two of the biggest players in security reported earnings this past week and of course, AI was at the center. Truly impressive numbers and performance though. This past week has been one of the most newsworthy in recent months. However, before we dive in, I’ve been digging into the telemetry that agentic dev tools like Claude Code, Codex, and Cursor emit.
While I haven’t done much detection work in recent years, my brain is truly intrigued by what’s possible to detect with what these tools emit natively and thus, I’ve been shipping some of that research via the Monad blog which you can read here.
The latest in the series takes a look at what OpenAI Codex emits through OpenTelemetry. Logs, metrics, traces. All pretty rich with detection value. Below is a map of key fields emitted and what detection opportunities they unlock:
Now, onto the news!
TL;DR ✏️
🧠 CrowdStrike and Palo Alto blowout the AI quarter — Both anchored strong quarters to frontier AI, but Palo Alto’s faster growth and raised guidance made the cleaner case.
🪟 Microsoft’s disclosure problem gets messy — Windows zero-day PoCs turn into a broader fight over trust, researcher access, and coordinated disclosure.
🪽 Anthropic expands Mythos access — ENISA nears Project Glasswing access as Anthropic expands Mythos to 150 orgs across 15+ countries.
🏆 Security investors climb the Midas List — Wiz’s $32B exit lifts Cyberstarts, Sequoia, and Index near the top of Forbes’ 2026 venture rankings.
🐝 Perplexity open sources Bumblebee — Read-only dev-machine scanner checks risky packages, extensions, AI configs, and local tool metadata.
🔐 Cyera nears $300M at $12B valuation — Data security keeps heating up as AI makes access, classification, and exposure harder to govern.
📧 Doppel launches agentic email security — Product traces phishing campaigns to attacker infrastructure and coordinates takedowns across domains, profiles, and kits.
🛡️ Dragos acquires Phosphorus — Dragos adds xIoT discovery and remediation depth for OT and critical infrastructure environments.
Plus: ZeroDrift raises $10M for AI compliance controls; RevEng.AI raises $15M for binary analysis; and Lastwall raises $11.5M for quantum-resilient identity.
⚒️ Picks of the Week ⚒️
CrowdStrike and Palo Alto both anchored their quarters to AI, Mythos, and faster remediation
The two biggest names in security reported quarterly performance a day apart, and both pretty much ran the exact same pitch: AI broke the threat model, and they’re the ones selling the fix.
CrowdStrike put up fiscal Q1 revenue of $1.39B, up 26%, ARR at $5.51B, and beat on earnings. Shares still dropped more than 9%, after climbing ~60% this year. Palo Alto Networks posted fiscal Q3 revenue of $3B, up 31%, NGS ARR of $8.13B, up 60% (28% if you strip out the CyberArk and Chronosphere buys), and its best hardware quarter in a decade. It raised guidance everywhere and the stock shrugged.
George Kurtz: “the worlds of cybersecurity and frontier AI collided: this was the Mythos moment.” Arora went further, claiming frontier models can weaponize a vuln in minutes, so the only thing that survives is a platform that gets smarter as it scales.
No surprise on performance or themes to me and probably not for you either, but somehow Wall St. always seems surprised by security outcomes ¯\_(ツ)_/¯
Dig Deeper: CrowdStrike Q1 FY27 (SiliconANGLE) | Palo Alto Q3 FY26 transcript (Motley Fool)
Microsoft’s disclosure problem is bigger than one researcher
Microsoft is catching heat after a messy public fight with the researcher known as Nightmare Eclipse / Chaotic Eclipse, who published exploit code for several Windows zero-days tied to products including Defender and BitLocker. Microsoft says the disclosures were not coordinated and put customers at risk. The researcher claims Microsoft mishandled prior reports, cut off access, and left them with no good path back through the front door.
The easy take is that Microsoft should not threaten researchers. True, but incomplete.
The harder issue is that coordinated disclosure only works when researchers believe the process is real, fair, and available to them. Once the vendor response becomes account bans, legal language, and public condemnation, the incentive model breaks. You may stop one disclosure, but you also teach the next researcher to stay quiet, go anonymous, or skip coordination entirely.
Microsoft is right that public PoCs for unpatched bugs can turn into a fire drill fast, especially when the affected products sit close to the security foundation of Windows. But in security, trust is part of the patch pipeline. If researchers don’t trust the intake path, vendors lose early warning. And customers lose the thing they actually need most: time.
Perplexity open sources Bumblebee
Perplexity open-sourced Bumblebee, a read-only scanner for macOS and Linux developer machines that checks for risky packages and tool configs. The use case is simple: when a bad package or version shows up in an advisory, security teams can ask which laptops have it sitting on disk right now.
What it looks for:
Risky packages and versions
Browser extensions
Editor extensions
AI tool configs
Other developer-tool metadata sitting on disk
That sounds boring, which is usually where useful security tooling lives. Bumblebee does not execute package managers or read source files, which matters when malicious packages abuse install scripts and dev workflows. It is not an SBOM replacement or EDR killer. It is a sharper way to answer the messy middle question between “what shipped?” and “what is running?”
Anthropic expands Mythos access in Europe and critical infrastructure
ENISA, the European Union’s cybersecurity agency, is close to getting access to Anthropic’s Claude Mythos through Project Glasswing. That would make it the first European entity in the program, while Anthropic is also expanding Mythos access to roughly 150 organizations across 15+ countries.
The rollout targets critical infrastructure operators across power, water, healthcare, communications, and hardware sectors.
Anthropic marketing continues to do the security thing well.
Security investors climb the Forbes Midas List
Forbes released its 2026 Midas List, with several security and infrastructure investors near the top. Gili Raanan of Cyberstarts ranked No. 4, Doug Leone of Sequoia Capital ranked No. 8, Shardul Shah of Index Ventures ranked No. 10, and Shaun Maguire of Sequoia Capital ranked No. 22. The common thread is Wiz, which was acquired for $32 billion.
Wiz created one of the cleanest and biggest venture outcomes in security, with Cyberstarts, Index, and Sequoia all tied to the cap table. Security is still producing elite venture outcomes when the company becomes a control point.
🔮 The Future of Security 🔮
AI Security
ZeroDrift raises $10M for AI compliance controls
ZeroDrift raised a $10 million seed round for an AI compliance layer that sits between models and end users, flagging and replacing responses that could create regulatory or policy problems. The company is starting with the least glamorous, most necessary slice of AI security: making sure model outputs do not casually create legal, compliance, or brand risk at runtime. Not everything in AI security needs to be jailbreak chess.
More AI Security News
Geordie Raises $30 Million for AI Security and Governance Platform
CrowdStrike Brings Enterprise-Grade Security to the AI Factory with NVIDIA Vera BlueField-4 STX
Application Security
RevEng.AI raises $15M for binary analysis
RevEng.AI raised $15 million in Series A funding led by the NATO Innovation Fund to expand its binary analysis platform for reverse engineering software and spotting malicious functionality inside compiled code.
Teams still need to understand what is actually inside the binaries they ship, buy, deploy, and execute, especially as AI-generated code makes the “who wrote this and what does it do?” question messier.
Data Security
Cyera nears $300M round at a $12B valuation, 80x ARR
Cyera is closing at least $300M led by Evolution Equity Partners at a $12B valuation, per TechCrunch. That’s around 80x its reported $150M+ ARR. The round lands five months after a $400M Series F at a $9B valuation. A second monster round five months after the last one says investors expect this to compound fast, and they’re probably right given how critical data security is to securing AI.
Email Security
Doppel launches agentic email security
Doppel launched an agentic email security product designed to disrupt phishing campaigns. The system traces phishing emails back to attacker infrastructure, then coordinates takedowns across spoofed domains, lookalike profiles, impersonation kits, and other campaign surfaces.
Exposure Management
CrowdStrike and NVIDIA scale exposure agents
CrowdStrike and NVIDIA are working to scale AI-native agents inside Falcon Exposure Management using NVIDIA Nemotron 3 Super models, NeMo Data Designer, and the NeMo Framework.
The goal is faster vuln remediation by letting specialized agents reason across exposure data, exploitability, asset context, and remediation paths. It is a vendor blog, so season accordingly, but the direction makes sense: exposure management is becoming less about ranking CVEs and more about turning messy context into decisions teams can actually act on.
Identity Security
Lastwall raised an $11.5 million Series A extension led by BDC Capital’s StrongNorth Fund to expand its quantum-resilient identity platform across North America. The company sells into defense and government use cases, combining passwordless authentication, PKI, zero trust, risk-based login signals, and post-quantum TLS protection.
IoT/OT Security
Dragos acquired Phosphorus, an xIoT security company focused on discovering, assessing, and remediating risks across connected devices. The move gives Dragos broader visibility into device-heavy OT and critical infrastructure environments, with integrated device intelligence coming first and automated remediation workflows expected later. Financial terms were not disclosed.
Interested in sponsoring TCP?
Sponsoring TCP not only helps me continue to bring you the latest in security innovation, but it also connects you to a dedicated audience of 20,000+ CISOs, practitioners, founders, and investors across 135+ countries 🌎
Bye for now 👋🏽
That’s all for this week… ¡Nos vemos la próxima semana!
Disclaimer
The insights, opinions, and analyses shared in The Cybersecurity Pulse are my own and do not represent the views or positions of my employer or any affiliated organizations. This newsletter is for informational purposes only and should not be construed as financial, legal, security, or investment advice.