The economic case for DLP rested on a stable ratio between attacker cost per exfiltration event and defender cost per prevented event. Six weeks of pipeline data show that ratio fully inverted. Large language models collapsed attacker cost to a prompt; defender cost has not moved. DLP programs that have not restructured their architecture are now structurally underwater, and five independent exfiltration channels are the evidence.
Eight AI agent framework RCEs in a single week, a first-ever AI proxy addition to CISA's KEV catalog, and CrowdStrike's $1.1 billion identity bet all converging in the same week signals that the agentic AI security market has moved from thesis to demonstrated demand.
Eight AI agent framework CVEs in one week and ShinyHunters' no-exploit identity breach wave validate the two fastest-growing investment theses in cybersecurity, while CIRCIA's 316,000-entity reporting mandate positions a multi-year compliance procurement cycle.
Adversaries exploited four AI platforms in under 24 hours each while $3.8B in Q1 cybersecurity capital concentrated 46% into AI security: the market validated the attack surface before defenders finished reading the advisories.
Weekly market intelligence: Linx Security's $50M identity bet, $4.62B in Q2 cybersecurity funding, and why NIS2 enforcement and CIRCIA deadlines are about to reshape enterprise buying criteria.
Weekly market intelligence: Anthropic's $100M Glasswing commitment, the FBI's $21B cybercrime figure, and why developer security tooling is the next VC cycle.
Security