Cybersecurity M&A Targets AI Agents and Browser Security

AI has upended long-held assumptions about cybersecurity, and a wave of acquisitions by large vendors indicates a race to secure the tools and talent needed to navigate the new landscape. 

This is a new layer to the cybersecurity stack, adding agents, prompts, and data flows to the list of items that need to be monitored, checked, and verified. 

Agents, which enterprises are rushing to implement across systems, exacerbate the problem because they can take actions autonomously across many devices and applications. Agent-to-agent communication makes it far more difficult to ascertain where a problem started and how to fix it without jeopardizing the whole workflow.

Palo Alto Networks adds agentic AI and endpoint security capabilities

Palo Alto Networks has been one of the most active of the old guard, investing in several startups to build out its AI security portfolio. It acquired Portkey, which secures the connection between AI agents and other models and tools, and enforces rules for the agent to follow. 

Palo Alto Networks said it would embed Portkey into its Prisma AIRS security system as the AI gateway. 

A month earlier, it spent $400 million on the endpoint security company Koi. While it operates a traditional endpoint security system, it has been tailored to monitor new connections with AI models, AI agents, browser extensions, and automated coding tools. Its risk-scoring tool helps businesses understand what tools employees are using, and whether they should be. 

The two deals are small compared with Palo Alto Networks’ total M&A last year, when it spent $29 billion acquiring CyberArk, Chronosphere, and Protect AI. However, the shift in focus indicates Palo Alto Networks sees AI agents as an important part of the future cybersecurity stack. 

CrowdStrike brings browser runtime security into its platform approach

Palo Alto Networks is not the only large cybersecurity vendor investing more heavily in protection from AI. CrowdStrike announced at the start of the year its intent to acquire Seraphic, which provides browser runtime security for Chrome, Edge, Safari, and Firefox. 

This is critical, as most enterprises don’t want to go through the trouble of setting up a dedicated enterprise browser for their employees, which most won’t like or will try to bypass. 

Much of the agentic workflow happens in-browser, and it has become a critical execution layer. If security is only at endpoints or along the network path, it misses session-level data in the browser, such as phishing attacks and session hijacking. 

CrowdStrike spent around $400 million on Seraphic, a significant sum for a company that spent only $550 million on M&A in 2025. 

Check Point consolidates AI security capabilities

Israeli cybersecurity firm Check Point Software made a flurry of small acquisitions in the first months of this year, for Cyata, Cyclops, and Rotate. 

The company indicated that these acquisitions would lead to new tools from Check Point specifically for enterprises looking to deploy and maintain AI. 

While around the same level of investment as the other Palo Alto Networks and CrowdStrike deals, the flurry of acquisitions for three Israeli startups feels more like local consolidation than the others. 

OpenAI addresses prompt injection risks with Promptfoo acquisition  

Moving from security vendors to pure-play AI companies, OpenAI announced in March that it was acquiring app-building platform Promptfoo for an undisclosed amount. 

The Promptfoo platform was designed specifically for testing large language models and AI agents, with tools to simulate prompt injections, jailbreaks, and data leaks. OpenAI said that it will merge Promptfoo’s platform with its Frontier platform for building, deploying, and managing AI applications. 

Again, this is an indication that, even for companies flush with money and the ability to hire talent, the cybersecurity space is evolving so rapidly that M&A is often the fastest and best way to boost capability.