the moment we’ve all been waiting for - a $32B exit of Wiz to Google 🤯.

This is an amazing outcome...may the floodgates open + let the game of musical cybersecurity chairs begin 🍿.

Some other deal dynamics - this is up from the $23B from last year’s rumors and a couple other key concession points were given to help the Wiz get over potential antitrust concerns still linger with the new administration (from the FT).

Cole Grolmus from The Strategy of Security lays out comparative multiples in trailing terms - forward multiple if we believe the $1B for 2025 would imply 32X for the Wiz deal.

The real question is whether or not cybersecurity investing is broken. Very few startups reach escape velocity like the Wiz and the industry continues to move towards massive platforms. How will this play out for all? I’ve been thinking about this a long time and reminds me of my post from November 2022 - read it as I believe it’s playing out exactly as I wrote about 2.5 years later…

What's 🔥 in Enterprise IT/VC #316

Ed Sim

·

November 19, 2022

There are way too many cybersecurity companies with way too much funding, and the road ahead is not going to be smooth for many. Palo Alto Networks just announced its latest acquisition of Cider Security at a price or $195M in cash and perhaps up to $300M with other incentives. In fact, PANW apparently “walked away from a $600 million deal for Apiiro in…

Read full story

The conclusion was:

It’s going to be an interesting 2023 in cybersecurity. The space is absolutely huge and growing, and there are still lots of opportunities for founders, especially those creating new categories under the radar of the 🦍. For those founders, keep innovating on product, be capital efficient, and remember that each subsequent round of capital you raise also limits your exit options as your investors will also be looking for a solid return. 

To be fair, PANW and CRWD are not the only acquirers as Google Cloud and Microsoft have made some large acquisitions over time, but you get my point. I’m sure PANW’s acquisition will kick off a domino effect as the game of musical chairs begins and a few more companies in the CNAPP space get acquired. If you’re the last man standing, I hope you are the one who can go the distance and reap the rewards because those will be huge. Let the games begin 💪🏼!

Irrespective if you go super long or sell early, I do know that being first on the cap table, leading those Inception rounds, is what delivers the best returns for venture invesstors. Here are a few thoughts to chew on…

1. You get what you pay for and reserve Jumbo rounds for those special founders. Index, Sequoia and Cyberstarts led a sizable inception round - so if we assume the first round was split 3 ways and Index invested $3.5M for a 250x return it implies a valuation of $128M but assuming dilution let’s call it a $10M round at a $100M valuation - from WSJ
   
   ”A promising Israeli cybersecurity founder that he had been asking for years to launch a company was in need of funding. “It’s time,” the voice on the other end of the line said. Shah kicked in $3.5 million on behalf of Index Ventures.

   Flash forward five years and that original seed money earned a 250-fold return this week, turning into an $875 million stake, when Alphabet’s Google agreed to buy Wiz for $32 billion.”

2. Play the long game in venture - both Index and Sequoia were in the early rounds of the Wiz founders prior co, Adallom, which was sold for $350m so were the first calls along with Cyberstarts when Wiz started.

3. Best founders will find the market - Wiz was in a different sector of cybersecurity before it pivoted based on customer feedback (WSJ)
   
   ”Wiz’s founding team first called its company Beyond Networks and focused on network security, before pivoting to developing software that works to scan and identify security risks from cloud platforms such as Microsoft Azure and Amazon Web Services. The team renamed the company Wiz.”

4. If you’re not first, you’re last - being first generates best returns although the carry check is not too shabby on the growth piece
   
   ”Index Ventures’ first two checks into Wiz gave it a stake valued at $3.1 billion. The $200 million or so that it invested in subsequent rounds returned less than half that amount—illustrating the tried-and-true principle in venture capital that the biggest returns come from backing companies when they first get off the ground.”

Here’s another take from this past week using the latest CIO survey data from Morgan Stanley.

If you’re a glass half full founder or investor, then the fact that security is still a best-of-breed market should get you excited. The opportunity for new infra for machines and agents is also 🔥. Morgan Stanley believe that AI-SPM and AI runtime security will be a $15B TAM.

In addition, MS estimates a $10B TAM for Machine Identity. Who wins these markets, incumbents or startups or some of both, is the game to be played but these are massive new TAMs for sure.

And yes, sprinkled in the press releases from both Google and Wiz are references to the importance of AI security.

Today’s news comes back to that same guiding principle. Wiz and Google Cloud are both fueled by the belief that cloud security needs to be easier, more accessible, more intelligent, and democratized, so more organizations can adopt and use cloud and AI securely.  

For founders who decide to go for it and choose to evolve from best-of-breed to multi-product to platform, just remember these wise words from Dharmesh Shah of Hubspot - it doesn’t get any easier!

One of other 🔑 lessons from Wiz is time to value matters! The agentless approach and almost magic like implemenation process was one of keys to rapid growth in early days.

Huge congrats again to the Wiz and to provide some other historical context, this would be the largest ever acquisition of a VC-backed company according to Pitchbook 🤯!

As always, 🙏🏻 for reading and please share with your friends and colleagues.

Scaling Startups

#what it takes to build or invest in something big…on being first, being early - IMO does not just have to be likable, and yes crazy is good meaning that folks look at you and think why are you doing this - these are the traits IMO of being “bleeding F*&#ing early” versus just trying to be consensus or nonconsensus

#the assymetric opportunity - going big

#💯

#succinctly said…

Enterprise Tech

#what JPM is up to - reminder, it has a $17B IT budget and one of largest banks but also earliest adopters of tech - yes, they are all in on AI

#Aaron continues to nail many of the themes I’ve been harping on the last 6 months - agent interoperability, new infra, perhaps, needed?

#regarding completely new use cases, May Habib of Writer AI explains just that in Runtime - those are the easiest ones for agents to scale

#Perplexity (AI search) to raise at $18B valuation on $100M ARR? (Bloomberg)

#solid breakdown of what’s needed to build AI Agents - so much below IMO needs to be rebuilt (from Andreas Horn Head of AIOps IBM)

𝗟𝗲𝘁'𝘀 𝗯𝗿𝗲𝗮𝗸 𝗶𝘁 𝗱𝗼𝘄𝗻: ⬇️
1️⃣ 𝗙𝗿𝗼𝗻𝘁-𝗲𝗻𝗱 – The user interface, but that’s just the surface. 
2️⃣ 𝗠𝗲𝗺𝗼𝗿𝘆 – Managing short-term and long-term context. 
3️⃣ 𝗔𝘂𝘁𝗵𝗲𝗻𝘁𝗶𝗰𝗮𝘁𝗶𝗼𝗻 – Identity verification, security, and access control. 
4️⃣ 𝗧𝗼𝗼𝗹𝘀 – External plugins, search capabilities, integrations. 
5️⃣ 𝗔𝗴𝗲𝗻𝘁𝗶𝗰 𝗢𝗯𝘀𝗲𝗿𝘃𝗮𝗯𝗶𝗹𝗶𝘁𝘆 – Monitoring, logging, and performance tracking. 
6️⃣ 𝗔𝗴𝗲𝗻𝘁 𝗢𝗿𝗰𝗵𝗲𝘀𝘁𝗿𝗮𝘁𝗶𝗼𝗻 – Multi-agent coordination, execution, automation. 
7️⃣ 𝗠𝗼𝗱𝗲𝗹 𝗥𝗼𝘂𝘁𝗶𝗻𝗴 – Directing queries to the right AI models. 
8️⃣ 𝗙𝗼𝘂𝗻𝗱𝗮𝘁𝗶𝗼𝗻𝗮𝗹 𝗠𝗼𝗱𝗲𝗹𝘀 – The LLMs that power the agent’s reasoning. 
9️⃣ 𝗘𝗧𝗟 (𝗘𝘅𝘁𝗿𝗮𝗰𝘁, 𝗧𝗿𝗮𝗻𝘀𝗳𝗼𝗿𝗺, 𝗟𝗼𝗮𝗱) – Data ingestion and processing pipelines. 
🔟 𝗗𝗮𝘁𝗮𝗯𝗮𝘀𝗲 – Vector stores and structured storage for knowledge retention. 
1️⃣1️⃣ 𝗜𝗻𝗳𝗿𝗮𝘀𝘁𝗿𝘂𝗰𝘁𝘂𝗿𝗲/𝗕𝗮𝘀𝗲 – Compute environments and cloud execution. 
1️⃣2️⃣ 𝗖𝗣𝗨/𝗚𝗣𝗨 𝗣𝗿𝗼𝘃𝗶𝗱𝗲𝗿𝘀 – The backbone of AI model execution.

#Moore’s Law for Agents?

#power of word of mouth and viral loops - lovable.dev continues to 📈

#but vibe coding creates even more security issues!!!

#been writing about MCP a long time and for those who want a simple overview with examples, Min nails it

# 🤯 - this is insane, breakdancing, flipping over - must watch 👇🏼

#AuthZ Agents of Chaos - new thinking and framework needed for agent security - great read from CISO of Gitlab

The emergence of agentic AI represents a significant inflection point in computing that requires strategic recalibration of our traditional assumptions of authentication frameworks and RBAC implementations. Whereas a human intuitively knows not to take an action even where permitted to do so, agents optimize for efficiency. As these autonomous systems evolve beyond traditional automation boundaries, over-provisioned access patterns between disparate systems will be exposed aggressively and at-scale. Expecting a period of chaos that will ultimately improve technology safety though not graceful and not without a high operational cost. At times the logical action may not be the best action for the business. Bring on the great reordering, what an exciting time to be alive.

The established security principles that have guided our defense strategies now likely to face new and significant challenges as we integrate autonomous or non-deterministic capabilities...

#Evals are so so important but humans needed vs. pure automation…for now

#💯

Markets

#Economic warning signs

#synthetic data is going to get even more important now that Nvidia bought Gretel - sources say for well over the last round of $320M (only 80 employees)