CISOs Name Top 30 Startups to Plug Widening AI Security Gap

SAN FRANCISCO, CA – May 12, 2026 – As corporations race to deploy artificial intelligence, a stark warning has emerged from the front lines of digital defense: the security tools needed to protect these new systems are dangerously lagging. In response, top security executives have identified 30 private companies they believe are best equipped to handle the threats of the AI era.

Notable Capital, a venture firm with a global footprint, today unveiled its third annual ‘Rising in Cyber 2026’ list. The roster, which includes innovators like 1Password, Cyera, and Island, is unique not for who compiled it, but for who voted: a panel of 150 active Chief Information Security Officers (CISOs) and senior security leaders. The announcement coincides with a new report, produced with Morgan Stanley, that paints a sobering picture of a rapidly widening chasm between AI adoption and security readiness.

"The CISO vote is what makes this list different," said Oren Yunger, Managing Partner at Notable Capital, in a statement. "These are the practitioners making implementation decisions every day, not investors. When they speak, the industry listens. Rising in Cyber reflects what security leaders actually trust, adopt, and believe in."

The AI Security Chasm

The ‘Rising in Cyber 2026 Report’ reveals a critical disconnect within the enterprise. Over 70% of surveyed CISOs confirmed their organizations already have AI agents in production environments. Yet, more than half of those same leaders described their own AI security tooling as “early-stage or immature.”

This gap represents a significant and expanding attack surface. AI agents—autonomous programs that can perform tasks, access data, and interact with other systems—are proliferating across corporate networks. Unlike human users, these agents operate at machine speed, 24/7, creating novel security and governance challenges that traditional security models were never designed to handle. The report suggests that while CISOs are pragmatic about the threat, with nearly half labeling AI-powered attacks a “medium priority,” the uncertainty around agent behavior is a primary concern.

This gap is precisely where the startups honored on the Rising in Cyber list are focusing their efforts. The 30 companies, which have collectively raised over $6.9 billion in funding according to PitchBook data, are developing solutions for a new class of security problems, from agentic AI security to advanced data protection and security operations.

Identity: The New Battleground for AI

Among the myriad challenges presented by AI, one issue has risen to the top of the CISO worry list: identity and access management (IAM). According to the report, 20% of CISOs named controlling access for AI-based applications and agents as their single most pressing concern for the coming year.

Traditional IAM systems are built around the concept of a human user—a person who logs in, performs tasks during work hours, and whose behavior follows somewhat predictable patterns. Autonomous AI agents shatter this paradigm. They may need to access vast and varied datasets, connect to numerous APIs, and operate independently without direct human oversight. This raises fundamental questions: How do you authenticate an AI agent? How do you grant it the principle of least privilege? And how can you monitor and audit its actions in real-time to prevent misuse or compromise?

The report indicates that legacy access governance models are breaking down under this strain. In response, a new wave of startups is pioneering identity-first security for AI. Companies like honorees Descope and Opal Security are building platforms designed to manage the complex web of permissions for non-human entities, ensuring that as AI agents become more integrated into business processes, they don't become an open door for attackers.

A Market Reshaped by M&A and Investment

The urgent need for AI-era security solutions is not just a technical challenge; it's a massive economic driver. The report highlights a historic surge in cybersecurity M&A, with transaction volume rocketing to $81 billion in 2025—a more than fourfold increase from the previous year. This trend, which has continued into 2026, shows large technology companies aggressively acquiring specialized startups to bolster their security portfolios.

This M&A frenzy is fueled by a market that continues to defy broader economic headwinds. Morgan Stanley projects the cybersecurity market will grow from $151 billion in 2025 to an estimated $250 billion by 2029. Budgets are also on the rise, with nearly a quarter of CISOs anticipating budget increases of up to 10% and a significant portion expecting gains of 25% or more, driven primarily by the need to secure new AI workloads.

For investors and corporate strategists, the ‘Rising in Cyber’ list serves as a CISO-validated roadmap to where innovation and capital are converging. The inclusion of companies across different stages—from emerging players like Clover Security and Echo Security to growth-stage leaders like Orca Security and Drata—provides a comprehensive look at the ecosystem of innovators poised for growth.

The CISO Stamp of Approval

In an industry saturated with analyst reports and vendor-driven marketing, the ‘Rising in Cyber’ list's reliance on practitioner voting offers a refreshingly direct signal of value. Unlike traditional rankings that can be influenced by vendor relationships or market share, this initiative polls the executives who are directly responsible for defending enterprises against cyber threats.

This methodology provides a grounded perspective on what truly works in real-world environments. The repeated inclusion of companies like Orca Security, a three-time honoree, suggests sustained trust in its agentless cloud security platform. The presence of automation platforms like Tines and Torq points to the ongoing pressure on security teams to do more with less, using code to scale their operations.

The diversity of the list—spanning identity, data security, cloud-native application protection, and security operations—reflects the multifaceted nature of modern cybersecurity. It underscores the reality that there is no single silver bullet. Instead, CISOs are piecing together a mosaic of best-in-breed tools to build a resilient defense-in-depth strategy for the complex, AI-driven landscape ahead.

In recognition of the honorees, Notable Capital and the New York Stock Exchange are hosting a private event, bringing together the founders of these 30 companies with the security leaders and investors who see them as critical partners. As enterprises continue their charge into the AI frontier, the innovations pioneered by these startups are becoming less of a competitive advantage and more of an essential foundation for survival.