May 2026 saw 31 cybersecurity M&A transactions, a modest month by volume that signaled a strategic deep dive into AI agent and non human identity (NHI) security, far removed from the mega deal frenzy of 2025. The month was defined by four targeted acquisitions: Cisco bought Astrix Security ( $400M) for NHI governanc...

Create a landscape editorial hero image for this Studio Global article: What key trends and transactions characterized the cybersecurity M&A landscape in May 2026, including the total number of deals, how this co. Article summary: ## Cybersecurity M&A Landscape — May 2026. Topic tags: general, general web. Reference image context from search candidates: Reference image 1: visual subject "Of note, the average U.S.- and/or U.K.-based business has deployed an estimated 36.9 AI agents into their workflows, according to Gravitee’s State of Agent Security 2026 report.[2]" source context "Cybersecurity Market Update – May 2026 - Capstone Partners" Reference image 2: visual subject "Of note, the average U.S.- and/or U.K.-based business has deployed an estimated 36.9 AI agents into their workflows, according to Gravitee’s State of Agent Security 2026 report.[2]" source context "Cybersecurity Mark
The cybersecurity M&A landscape in May 2026 did not roar with record-breaking volume. Instead, it advanced with precise, strategic intent. The month’s 31 total transactions, as tracked by Momentum Cyber, signaled a market in the midst of a structural reset . After 2025’s unprecedented $96 billion in deal value—a 270% year-over-year leap anchored by Google’s $32 billion acquisition of Wiz—the industry is no longer consolidating for scale alone
. In 2026, M&A strategy is laser-focused on a single, urgent problem: securing the proliferating masses of AI agents and non-human identities (NHIs) now operating inside the enterprise.
The moderation in May is consistent with the first half of 2026’s more discerning capital deployment. While the volume of deals has fallen from 2025's breakneck pace, the strategic urgency behind them has only intensified. In Q1 2026 alone, cybersecurity companies raised $4.62 billion, more than double the $2.22 billion raised a year earlier, with agentic AI cited as the single biggest driver . This funding is a direct response to a rapidly expanding attack surface. The average U.S. or U.K. business has now deployed an estimated 36.9 AI agents into its workflows, yet less than 47% have mature risk policies to govern them
. This gap is the prime mover behind May’s dealmaking.
The acquisitions in May were not about buying revenue. They were capability acquisitions, designed to give large platform vendors immediate control over the emerging security layer for the “agentic workforce.” AI security, model defense, and AI gateways are now the fastest-rising target class, and platform vendors are racing to own the category early .
Four transactions defined the month, each a window into a different facet of the AI security challenge.
Cisco acquires Astrix Security for approximately $400 million — May 4
Cisco’s announced intent to acquire Astrix Security was the month's most impactful deal. Astrix, an Israeli pioneer in non-human identity security, secures the API keys, service accounts, and OAuth tokens that AI agents use to authenticate and act at scale [23, 19]. Cisco framed the acquisition as a move to extend its Zero Trust architecture to the “agentic workforce.” Astrix’s capabilities are being integrated into Cisco Identity Intelligence, Duo, Secure Access, and Splunk, enabling security teams to discover, govern, and continuously monitor autonomous AI actors across the network [15, 16]. The final purchase price of roughly $400 million, reported by Israeli media, validated NHI governance as a platform-level control problem, not a niche add-on [23, 8].
Akamai acquires LayerX for $205 million — May 14
A week later, Akamai entered a definitive agreement to acquire LayerX in an all-cash deal valued at approximately $205 million [15, 11]. LayerX, another Israeli firm, provides browser-based AI usage control and secure enterprise browser technology. The strategic logic was clear: with the majority of enterprise work now happening in the browser, and with employees engaging generative AI applications and AI agents directly there, Akamai needed a way to enforce AI governance and Zero Trust at that critical edge . The acquisition extends Akamai’s application security portfolio directly into user interactions with AI, with LayerX’s co-founders and team joining Akamai’s Zero Trust organization [8, 13].
Zscaler acquires Symmetry Systems for $175 million — May 21
The month’s third major platform play came from Zscaler, which announced its intent to acquire Symmetry Systems for $175 million in cash and restricted shares . Symmetry Systems brings an “access graph” technology that maps every interaction between human and non-human identities and enterprise data. Combined with Zscaler’s Zero Trust Exchange, the acquired technology aims to enable real-time anomaly detection and policy enforcement specifically for AI agent communications—a blind spot that traditional identity and access management systems cannot cover [2, 3]. Zscaler’s move underscored the growing realization that knowing an identity is no longer enough; security teams must understand and govern how that identity behaves across the entire data landscape
.
Torq acquires Jit — May 2026
Rounding out the strategic activity, Torq, an agentic security operations platform, acquired Jit, a provider of AI Context Graphs . Unlike the other deals, this was a pure-play consolidation within the AI-native security operations space. The acquisition is designed to ensure that Torq’s AI SOC Platform integrates organization-specific contextual data into its automated investigations, making agentic threat response more precise and relevant
.
Beyond these headline deals, the remaining transactions in the 31-deal total further diversified the AI security landscape. Activity was concentrated in AI security, model defense, and AI gateway technologies, sectors that industry reports identify as the fastest-rising target class for platform vendors seeking early category ownership [30, 37]. While the individual terms of these smaller acquisitions are less publicized, their collective direction is unmistakable: the industry is methodically buying up the building blocks required to make Agentic AI safe for the enterprise.
The May transactions are best understood not as a slowdown but as a market reset. A May 2026 analysis from Lyrie.ai describes a “structural reset, not a cyclical dip,” where AI is fundamentally changing the build-versus-buy calculus in cybersecurity . The era of acquiring security vendors for broad horizontal capability is giving way to a sharp focus on AI defensibility. This is why a startup that might have commanded a peak valuation in 2023 can now be acquired for a fraction of that price, while companies with genuine AI security technology—like Astrix, LayerX, and Symmetry Systems—are commanding strategic premiums [34, 38].
Strategic buyers, not private equity, are driving this transformation. In 2025’s record year, strategic buyers controlled 92% of disclosed M&A value, and that pattern has only intensified in 2026 [33, 43]. The race is on to own the control points that will define Zero Trust in an AI-native enterprise: the identity of the agent, its authorized behaviors, its communication pathways, and the data it can touch. May 2026 demonstrated that the biggest names in infrastructure and security are now willing to pay hundreds of millions to fill each of these specific gaps, one acquisition at a time.
Studio Global AI
Use this topic as a starting point for a fresh source-backed answer, then compare citations before you share it.
May 2026 saw 31 cybersecurity M&A transactions, a modest month by volume that signaled a strategic deep dive into AI agent and non human identity (NHI) security, far removed from the mega deal frenzy of 2025.
May 2026 saw 31 cybersecurity M&A transactions, a modest month by volume that signaled a strategic deep dive into AI agent and non human identity (NHI) security, far removed from the mega deal frenzy of 2025. The month was defined by four targeted acquisitions: Cisco bought Astrix Security ( $400M) for NHI governance, Akamai acquired LayerX ($205M) for browser based AI control, Zscaler picked up Symmetry Systems ($175M) fo...
This tactical dealmaking is a reset from 2025’s record $96 billion in cybersecurity M&A, with 2026 buyers focused on plugging specific AI coverage gaps created as the average enterprise deploys an estimated 36.9 AI ag...