Claw & Talon

Cylake

Cybersecurity Dual-Use Technology Priority Signal Founded 2026

Last updated: May 29, 2026

Cylake is an Israeli AI-native cybersecurity startup founded by industry veterans Nir Zuk, Ehud Shamir, and Wilson Xu, developing sovereign data-driven security platforms for government, defense, and critical infrastructure that operate entirely on-premises or in private cloud environments, eliminating public cloud dependencies.

Visit Website

Company Overview

Cylake represents a paradigm shift in how governments and critical-infrastructure operators approach cybersecurity in an era of AI-driven threats and stringent data sovereignty requirements. Founded by Nir Zuk (founder of Palo Alto Networks), Ehud Shamir (co-founder of SentinelOne), and Wilson Xu (former VP of Engineering at Palo Alto Networks), Cylake is building the first AI-native, completely on-premises cybersecurity platform designed for organizations that cannot tolerate data exfiltration to public cloud providers. The strategic insight underlying Cylake is that modern AI-powered security analysis generates enormous operational telemetry—logs, behavioral profiles, threat signals—and conventional cloud-based SIEMs and EDR systems are fundamentally incompatible with sovereign-data-protection mandates. When sensitive telemetry must remain within national borders or behind air-gapped networks, centralized cloud analytics become impossible. Cylake solves this by embedding unified security analytics, AI reasoning, and threat detection directly in customer infrastructure, ensuring all data remains under local control.

The market context is profound and growing urgent. Governments, militaries, and critical-infrastructure operators (energy, water, transport, communications, financial systems) face escalating regulatory pressure to achieve "data localization"—requiring all operational data to remain within specific jurisdictions. The EU's NIS2 directive, Israel's data residency laws, U.S. CISA guidelines for critical infrastructure, and similar mandates across allied nations are pushing organizations away from public cloud security tools toward sovereign, on-premises alternatives. Additionally, as AI becomes both a critical defensive capability and an emerging threat vector, security teams need to control the data used to train and operate their AI models—particularly for government and defense AI systems. Cloud-dependent security solutions create unacceptable risk if the cloud provider is compromised, if geopolitical disputes limit cloud access, or if proprietary algorithms are exposed to third parties. Cylake's approach—analyzing all security events locally, using AI locally, storing all data locally—addresses these anxieties directly.

From a technical perspective, Cylake's platform combines unified data ingestion across infrastructure layers (endpoints, network, cloud resources, applications, identity), local AI-driven analytics (anomaly detection, threat correlation, attack-chain reconstruction using large language models), and agentified response workflows (autonomous investigation, evidence collection, remediation suggestions). The team emphasizes "zero fragmentation"—a single unified view of organizational security posture rather than disconnected point tools (EDR here, SIEM there, DLP elsewhere), which is a major operational benefit even before considering data sovereignty. The on-premises architecture means no dependency on internet connectivity; security analysis and threat detection continue even if external cloud services fail or if the organization operates on disconnected networks. This is particularly valuable for military and intelligence systems that operate in contested or comms-degraded environments.

Competitively, Cylake occupies a position that incumbent cloud-centric vendors (Microsoft, Google, Splunk, CrowdStrike) have largely ceded. The primary competitors are legacy on-premises SIEM vendors (IBM QRadar, ArcSight, Micro Focus) and purpose-built sovereign-infrastructure security companies emerging in other countries (e.g., Russia, China, India-focused alternatives). However, most legacy on-premises vendors have downplayed on-prem investment in favor of cloud, leaving a market gap for a modern, AI-driven, on-prem-first platform. Cylake's founding team pedigree (Palo Alto founder, SentinelOne co-founder, experienced engineers) is a significant competitive advantage; their understanding of what works in security platforms, what customers need, and how to navigate the regulatory and sales cycles of government/defense accounts gives them credibility that a typical startup cannot claim. The risk is that incumbents could rapidly develop on-prem AI capabilities or that budget constraints might limit purchase intent even as regulatory mandates increase.

Strategically, Cylake is critical infrastructure for allied governments and defense organizations that need sovereign, AI-native security without public cloud dependencies. The company is positioned to become the de facto standard for on-premises AI-driven security in NATO, Five Eyes, Israeli, and other allied-partner governments. The dual-use implications are explicit: while Cylake's platform has commercial applications in heavily regulated sectors (finance, healthcare), the primary near-term traction will come from government and defense procurement. Israel's position as a global cybersecurity leader and the founding team's reputation amplify the company's strategic profile. If Cylake successfully deploys to Israeli government and allied partners, the company could become a foundational layer of allied-partner cyber-defense infrastructure. Long-term, the company could be a significant acquisition target for large defense contractors or remain an independent global powerhouse if it can build sufficient scale and defensibility in the sovereign-security category.

Cylake emerged from stealth in March 2026 with a $45 million seed round led by Greylock Partners and supported by other blue-chip investors, indicating strong institutional conviction. The company is currently in design-partner phase with select government and infrastructure customers, with general availability of the platform anticipated in early 2027. This timeline aligns with increasing regulatory pressure and geopolitical factors driving demand for sovereign security solutions. The small founding team (size not publicly disclosed but likely under 20 people at launch) will need to scale rapidly to serve government customers, navigate procurement cycles, and build the ecosystem integrations necessary for adoption. However, the team's experience and the market tailwind suggest strong execution potential.

Dual-Use Assessment

Military & Commercial Applications

Cylake's AI-native on-premises cybersecurity platform is inherently dual-use. Commercial applications span regulated sectors (finance, healthcare, telecom) where data sovereignty is legally mandated. Defense and government applications are the primary strategic focus: the platform enables sovereign cyber defense for military networks, intelligence agencies, critical-infrastructure control systems, and allied-partner joint operations where data cannot be exposed to commercial cloud infrastructure. The technology directly supports resilience, threat anticipation, and autonomous defense capabilities for defense operations. Cylake is explicitly positioned as a sovereign-security solution for government and defense customers.

Strategic Fit Assessment

Research priority signal

Priority signal means this entry may be worth researching within the Claw & Talon thesis. It does not mean investable, suitable, endorsed, available, or likely to produce returns.

Cylake addresses a massive and rapidly growing market need: sovereign, AI-driven cybersecurity for government and critical infrastructure. The founding team combines legendary security credentials (Palo Alto founder, SentinelOne co-founder, experienced engineering leaders) with deep understanding of what customers need. The market tailwind is strong: regulatory mandates (NIS2, CISA, national data-residency laws) are pushing procurement away from cloud-dependent vendors; geopolitical tensions highlight the risk of cloud-based security dependencies; and AI-native threat analysis is increasingly essential. The $45M seed from Greylock and other blue-chip investors validates the thesis. Primary execution risks include navigating long government procurement cycles, scaling the team for deployment complexity, and maintaining differentiation as incumbents develop on-prem AI capabilities. However, the combination of team credibility, market need, and regulatory drivers suggest strong potential for both strong independent growth and potential acquisition by large defense contractors seeking to accelerate sovereign-security portfolios.

Strategic Value to U.S.-Israel Alliance

Cylake strengthens Israeli and allied-partner cyber-defense resilience by providing AI-native, sovereign, on-premises security architecture not dependent on potentially vulnerable public cloud infrastructure. For military and intelligence operations, the platform enables secure, autonomous threat detection and response in contested or disconnected environments. For critical infrastructure protection, the technology reduces exposure to cloud-provider compromise or geopolitical disruption. If Cylake becomes the standard for government and allied cyber defense, the company contributes directly to allied-partner resilience and operational readiness. Israel's positioning as a global cybersecurity leader is reinforced. The strategic value also extends to ecosystem: Cylake could become a foundational layer for sovereign AI infrastructure beyond just security, influencing broader Allied approaches to AI governance and data control in sensitive domains.

Key Technologies

  • On-premises AI-native security analytics and threat detection
  • Unified data ingestion across infrastructure and application layers
  • LLM-powered threat correlation and attack-chain reconstruction
  • Agentified autonomous investigation and response workflows
  • Local data processing with zero cloud dependencies
  • Sovereign data residency enforcement and control

Use Cases & Applications

  • Government and military cyber defense with strict data sovereignty requirements
  • Critical infrastructure (energy, water, transport, communications) security operations
  • Intelligence agency and special-operations network security
  • Financial institution SOCs with regulatory data residency mandates
  • Healthcare and public-health cybersecurity with strict data localization
  • NATO and allied-partner joint cyber-defense operations
  • Air-gapped and isolated network security (military, research, control systems)
  • Autonomous threat detection and response in disconnected or contested environments

Sources and verification

This profile is based on public-source research, Claw & Talon curation, and editorial judgment. Inclusion does not imply endorsement, partnership, investment, or a recommendation to transact. Readers should still confirm current status, customers, funding, and product claims before relying on this profile.

Public sources

The links below are visible public references used for source discipline around company identity, status, funding, customer, acquisition, public-company, or other material claims where available.

Investor Lens

What this entry is

Private startup

Why it may matter

Cylake may matter as a Cybersecurity entry with not currently an investable standalone company for Israeli technology research.

How an independent investor should read this

Not currently an investable standalone company. Read this profile as a starting point for independent verification, not as a recommendation or suitability assessment.

Evidence to verify

  • Verify current status
  • Verify traction
  • Verify cap table/funding
  • Verify technical claims
  • Verify regulatory/export-control issues
  • Verify customer concentration

Main investor questions

  • Is the company currently active, independently financeable, and raising or not raising on terms you can verify?
  • What customer, revenue, product, and technical evidence supports the company story?
  • What valuation, cap table, rights, and follow-on assumptions would govern any private exposure?
  • Does the dual-use claim map to actual commercial and government/defense/resilience buyer evidence?
  • What evidence would change the thesis or show that the profile is stale?

What not to infer

  • Inclusion does not imply endorsement.
  • Inclusion does not imply allocation availability or current fundraising.
  • Scores do not indicate investment suitability or expected returns.
  • Strategic importance does not automatically imply venture return potential.
Related checklist: Cybersecurity company diligence Related sector page: Cybersecurity sector page Related Dependency Atlas theme: Sovereign cloud and software resilience

Diligence questions

  • What evidence verifies Cylake's current customer traction, deployment status, and revenue concentration?
  • Which technical claims are independently demonstrable today, and which remain roadmap or pilot-stage assertions?
  • Where does the product create real defense, intelligence, critical-infrastructure, or emergency-response value beyond ordinary commercial adoption?
  • How does the platform integrate into existing SOC, cloud, identity, or compliance workflows without adding operational burden?
  • What would disconfirm the priority signal: weak customer references, thin technical differentiation, poor capital efficiency, or limited allied-market access?

Related sector

See the Cybersecurity sector page for market context, related subcategories, and other Israeli companies in this part of the database.

Related companies

Wiz Cybersecurity Irregular Cybersecurity Linx Security Cybersecurity Astelia Cybersecurity Dream Security Cybersecurity

Need a diligence readout?

Use the profile and related checklists as a starting point. If the decision needs more context, request a company screen, founder-call prep, diligence memo, or sector readout.

Contact Claw & Talon Read database guide