Analyst(s): Fernando Montenegro
Publication Date: May 27, 2026

Cyera has acquired two Israeli startups, Ryft and Genie Security, in the span of a month, extending its platform into agentic AI data access and endpoint DLP. The deals underscore Cyera’s strategy to remain a significant independent in a DSPM market where most players have been absorbed into larger platforms.

What is Covered in This Article:

• Cyera’s acquisitions of Ryft and Genie Security, including deal terms, target backgrounds, and how each company fits into Cyera’s expanding platform strategy.
• How each acquisition addresses a distinct technical layer in Cyera’s data and AI security platform, from agentic AI data access governance to real-time endpoint DLP.
• Why generative AI and agentic technology running on the endpoint are driving renewed enterprise interest in a data loss prevention category that had largely fallen out of favor.
• The broader DSPM consolidation wave, including acquisitions by IBM, Veeam, Commvault, Palo Alto Networks, CrowdStrike, Rubrik, and Proofpoint, and what the pattern means for the remaining independents.
• What Cyera’s acquisition strategy signals about its platform ambitions, its position as one of the few significant independent DSPM vendors, and the execution risks that come with five acquisitions in two years.

The News: Cyera, a data and AI security company valued at $9 billion, has completed two acquisitions within a month: Ryft, a 2024-founded New York/Tel Aviv startup with roughly 15 employees, acquired for an estimated $100–130 million; and Genie Security, an Israeli endpoint DLP startup with five employees founded in late 2025, acquired for approximately $50 million. Both teams will integrate into Cyera’s expanding platform.

Cyera’s Platform Ambition Takes Shape With Two More Acquisitions

Analyst Take: Cyera has quietly become one of the most consequential independent data security companies in the market. While much of the DSPM landscape has been absorbed into larger platforms over the past two years, Cyera has moved in the opposite direction, aggressively expanding its own platform through a string of acquisitions that now totals five companies. Backed by over $1.7 billion in funding and valued at $9 billion following its January 2026 Series F, the company is no longer just a vendor for data security posture management. It is assembling a platform that spans data discovery and classification, data activity monitoring, agentic AI data access governance, and endpoint DLP, which is a breadth that few, if any, independent data security vendors currently match.

The “Acqui-hire at Speed” Pattern

Both Ryft and Genie Security were acquired before reaching Series A, with skeleton crews and minimal commercial revenue. Ryft had 15 employees and $8 million in seed funding. Genie had five employees and $3 million, and had existed for roughly five months before acquisition — an unusually short runway even by the standards of the Israeli startup ecosystem, where early exits are common. At approximately $10 million per employee, the Genie deal sits at the high end of acqui-hire pricing, though direct comparators are scarce given how few companies exit at this stage of formation.

What Cyera is buying in both cases is not a business in any traditional sense. It is buying a specific technical capability, a founding team with deep domain expertise, and the option to integrate that capability on its own timeline rather than build it from scratch. Repeated five times, this pattern produces something that organic development rarely does: a platform assembled from specialists, each with a focused point of view on a distinct part of the data security problem. The risk is integration and retention — early-stage IP is rarely production-ready at enterprise scale, and founding teams that join through acquisition do not always stay. Cyera appears to be managing this by giving acquired founders meaningful roles: Ryft’s CEO, Yossi Reitblat, will now lead Cyera’s AI security division, and Genie’s team joins the enterprise DLP division with a clear integration mandate. Whether that retention holds over a two to three-year integration horizon is worth watching.

Building a Coherent Layered Stack

The acquisition logic, viewed as a whole, is coherent. Each deal fills a distinct technical layer in what Cyera is positioning as a unified data and AI security platform. Trail Security, acquired for $162 million, brought data activity monitoring and a foundational DLP capability. Ryft adds governed, traceable data access for AI agents, offering a managed layer that sits between enterprise data stores and the AI systems consuming them, handling authorization, classification, and access policy enforcement without requiring data migration. Genie fills the endpoint layer by using a lightweight agent installed directly on organizational devices to capture sensitive data before it leaves via AI interfaces or other channels.

The result is a platform that aims to cover the full data security lifecycle: discover and classify data, monitor its movement, control what AI agents can access, and block leakage at the endpoint. Veeam with Securiti and Commvault with Satori are pursuing a comparable vision from a data resilience starting point, which means execution rather than architecture is likely to determine the outcome. The harder question for Cyera specifically is whether five acquired codebases, built by different teams with different technical assumptions, can be integrated into a unified platform that actually behaves as one. That means, in concrete terms, a shared data classification model, a unified policy engine, and a consistent API surface across products. Cyera’s claim that its platform is already deployed across 20% of Fortune 500 companies suggests meaningful enterprise traction, though what “deployed” means in practice across those accounts, whether full production, partial rollout, or pilot, is worth understanding before drawing conclusions about platform cohesion.

Why Endpoint DLP Is Back

Endpoint DLP peaked in the mid-2000s and fell out of favor due to performance overhead, user friction, and the difficulty of maintaining kernel-level agents across heterogeneous device fleets. Generative AI has reopened the category, though whether a new generation of endpoint tooling escapes those historical failure modes is a legitimate question. Genie’s approach, based on a lightweight agent installed directly on organizational devices, is not architecturally novel. What differentiates it is the integration with a DSPM platform that already understands data classification and access policy, providing the context that separates a useful alert from noise.

The problem compounds as agentic AI moves onto the endpoint itself. A SaaS-based agent with file system access, or an MCP-connected local agent acting on a user’s behalf, can read documents, query internal systems, and move sensitive data through actions that are indistinguishable from normal user behavior. Monitoring network egress is no longer sufficient when the agent operates inside the perimeter. Whether Genie’s current architecture is built to handle agent-generated traffic at that level of sophistication is an open question, but it is the right question for any endpoint DLP vendor to be answering right now.

DSPM Consolidation and Cyera’s Position

The independent DSPM market has been contracting steadily. IBM’s acquisition of Polar Security in May 2023 for approximately $60 million was an early indicator that platform vendors saw DSPM as a capability gap worth filling through acquisition rather than organic development. The pattern that followed was consistent: Palo Alto Networks acquired Dig Security, CrowdStrike acquired Flow Security, Rubrik acquired Laminar, and Proofpoint acquired Normalyze. In each case, an independent DSPM vendor was absorbed, and its technology became a secondary feature within a broader platform. More recently, Commvault announced the acquisition of Satori in July 2025 to extend its cyber resilience platform into structured data and AI governance, and Veeam announced the acquisition of Securiti for $1.725 billion in October 2025. The direction is unmistakable: DSPM as a standalone category is being subsumed, and the remaining independents face a narrowing set of options.

Cyera is one of the few independent DSPM vendors of meaningful scale still standing, and its acquisition strategy reads as a deliberate response to that pressure. A company with five acquisitions, 1,500 employees, Fortune 500 penetration, and a platform spanning DSPM, DLP, agentic AI security, and endpoint protection is a considerably harder target to dismiss as a point product. Notably, Cohesity chose to partner with and explicitly name Cyera when it released its own DSPM offering. Whether that translates into continued independence or a platform-grade exit is a question the market will likely answer over the next 2 to 3 years. The downside scenario deserves acknowledgment: a company that has spent aggressively on acquisitions, carries integration risk across five codebases, and is valued at $9 billion faces a difficult path if ARR growth does not justify the multiple or if an integration stumbles publicly. The ambition is clear. The execution risk is equally real.

What to Watch:

• Can Cyera ship a unified platform? Five acquisitions in two years is an ambitious pace. Watch whether the company delivers consistent policy enforcement and shared data models across acquired codebases, or whether the platform remains loosely coupled in practice.
• Will endpoint AI controls become a security priority? Genie’s footprint at the time of acquisition was limited. Whether enterprise security teams treat endpoint-level AI data controls as a distinct purchasing priority, rather than a feature, will determine how much this acquisition contributes to Cyera’s growth.
• Will acquired talent stay? Founding teams from Ryft, Genie, and Trail have been given meaningful roles, but retention risk is real. Watch whether key contributors remain through their earnout periods and continue driving product depth.
• How will competitors respond? Veeam, with Securiti, and Commvault, with Satori, are building toward a similar platform vision. Watch how quickly those integrations mature, and whether Varonis or BigID moves to close gaps in agentic AI security and endpoint coverage.
• What is Cyera’s exit path? At a $9 billion valuation with Fortune 500 penetration and a broad platform, IPO or strategic acquisition is a near-term consideration. Watch for signals on ARR growth, profitability, and inbound interest from cloud or infrastructure players.

While Cyera used a social media post to announce the Genie acquisition, the company issued a press release for the Ryft deal.

Disclosure: Futurum is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.

Analysis and opinions expressed herein are specific to the analyst individually and data and other information that might have been provided for validation, not those of Futurum as a whole.

Other Insights From Futurum:

Cohesity DSPM Bet Blurs the Line Between Visibility and Recovery

Veeam Makes Bigger Data Security Play with Acquisition of Securiti

New Futurum Data Reveals the Fragmented Reality of DSPM Adoption

Author Information

Fernando Montenegro

Fernando Montenegro serves as the Vice President & Practice Lead for Cybersecurity & Resilience at The Futurum Group. In this role, he leads the development and execution of the Cybersecurity research agenda, working closely with the team to drive the practice's growth. His research focuses on addressing critical topics in modern cybersecurity. These include the multifaceted role of AI in cybersecurity, strategies for managing an ever-expanding attack surface, and the evolution of cybersecurity architectures toward more platform-oriented solutions.

Before joining The Futurum Group, Fernando held senior industry analyst roles at Omdia, S&P Global, and 451 Research. His career also includes diverse roles in customer support, security, IT operations, professional services, and sales engineering. He has worked with pioneering Internet Service Providers, established security vendors, and startups across North and South America.

Fernando holds a Bachelor’s degree in Computer Science from Universidade Federal do Rio Grande do Sul in Brazil and various industry certifications. Although he is originally from Brazil, he has been based in Toronto, Canada, for many years.