Cylus
Last updated: May 5, 2026
Cylus is an Israeli cybersecurity startup focused on securing rail and mass-transit systems against cyber and operational disruptions.
Visit WebsiteCompany Overview
Cylus develops CylusOne, a unified cybersecurity platform purpose-built for rail and mass-transit operators. The platform provides continuous monitoring, threat detection, and operational risk reduction across all critical rail systems—signaling and train control, CCTV, rolling stock, dispatch, SCADA, and passenger information systems—in a single pane of glass. Unlike generic industrial cybersecurity tools designed for IT/OT convergence, Cylus' domain-specific approach recognizes that rail environments combine extreme uptime requirements, legacy system heterogeneity, safety-critical operations, and operational technology architectures that differ significantly from utility SCADA or manufacturing environments. The core capability is rapid asset visibility and anomaly detection tuned to rail-specific operational patterns, enabling security teams to distinguish actual threats from normal operational variation in real time.
Cylus was founded in 2017 by Israeli cybersecurity entrepreneurs and now operates with a team of 51–200 across Tel Aviv headquarters and growing international presence. The company has completed a Series B funding round (approximately $37 million in early 2024, bringing total funding to roughly $77 million) from a mix of strategic infrastructure-sector investors and financial backers. Notable endorsements include Alstom, a global rail system integrator, citing Cylus as a partner to enhance rail network resilience. The company holds industry certifications including IEC 62443-4-2 Security Level 3 (the first rail cybersecurity solution to achieve this), IEC 62443-4-1, ISO 27001, ISO 27017, and ISO 9001, reflecting both technical depth and mature operational security governance. Cylus has achieved early customer deployments among major European and international rail operators, positioning itself as the dedicated market leader in rail cybersecurity.
The commercial market for rail cybersecurity is driven by regulatory momentum (EU NIS2 Directive, national critical infrastructure mandates, ISO/IEC rail security standards), modernization of legacy signaling and train control systems, and rising threat visibility following high-profile transit sector incidents globally. Rail operators face acute procurement and integration challenges due to the safety-critical nature of changes, extreme uptime requirements (99.99%+), and complexity of coordinating across multiple legacy system vendors. Cylus' domain expertise and railroad-specific understanding of these constraints give it advantage over broader OT security vendors. The market addressable base includes hundreds of major rail operators across Europe, North America, Asia-Pacific, and emerging rail networks, with ongoing digital transformation investments in signaling modernization, autonomous operations, and cybersecurity resilience. Pricing models (per-asset, per-operator, or managed service SaaS) remain typical for mid-stage infrastructure software, with annual contracts favored by operator procurement.
Dual-use potential is strong and substantive. Transportation infrastructure cyber resilience is critical for both civilian economic mobility and defense logistics continuity. Rail disruption can paralyze urban mobility, damage supply chains (especially in critical sectors like defense manufacturing and energy), and degrade mobilization readiness for national defense. Adversary interest in rail sabotage (cyber, physical, or hybrid) is documented in both peer and non-peer conflict contexts. A capable rail cybersecurity platform that operates across all layers of train control, signaling, and operational technology directly supports national resilience against infrastructure-level cyber attack or sabotage. Israeli defense and security authorities have recognized critical infrastructure cyber resilience as a national strategic priority, and Cylus' technology and market position position it as a natural strategic asset for broader national cyber defense policy and international technology partnerships.
Competitive positioning is strong within the narrow rail-security domain but faces broader competition from mature OT security vendors (Claroty, Nozomi Networks, Waterfall Security Solutions) that are expanding into vertical specialization, and major industrial controls vendors (Cisco, Nokia) with OT security arms. However, Cylus' dedicated rail domain model, proven rail certifications, and established operator relationships create high switching costs and strong moat relative to generic entrants. The primary competitive risk is acquisition of rail-security capability by a much larger vendor, which could commoditize the market. Cylus' size, strategic value, and Israeli origin make it an attractive acquisition candidate for European or North American infrastructure-security consolidators or for Israeli strategic investors.
Dual-Use Assessment
Rail and transit cyber defense is inherently dual-use. Civilian transportation networks (metro, commuter rail, freight corridors) are both economic-critical and defense-critical infrastructure; their disruption affects urban mobility, supply chains, and national logistics readiness. Cyber attacks on rail signaling, train control, or dispatch systems can cause derailments, collisions, or operational shutdown. Defense and emergency services depend on civilian rail networks for mobilization, supply logistics, and personnel movement. A rail cybersecurity platform with comprehensive visibility and response capabilities across train control, signaling, and OT layers directly enhances both civilian rail resilience and national defense preparedness against cyber or hybrid attacks.
Strategic Fit Assessment
Priority signal means this entry may be worth researching within the Claw & Talon thesis. It does not mean investable, suitable, endorsed, available, or likely to produce returns.
Cylus is strategically relevant for strategic deep-tech and dual-use portfolios. The company operates in a critical, high-consequence infrastructure niche with clear regulatory tailwinds, genuine technical domain expertise that competitors lack, proven customer traction among major international rail operators, established certifications (IEC 62443-4-2 SL3, ISO 27001), and strong dual-use relevance. Series B stage with $77M total funding indicates mature investor confidence and meaningful de-risking of commercial viability. Rail cybersecurity is a mission-critical but historically underserved market, giving Cylus strong defensibility and strategic value. The main investment risks are long operator procurement cycles, integration complexity with legacy systems, and acquisition risk—Cylus is an attractive strategic target for larger infrastructure-security vendors.
Strategic Value to U.S.-Israel Alliance
Cylus enhances resilience of critical transportation infrastructure that underpins both economic continuity and defense mobilization. Rail network cyber resilience is a national strategic priority in Israel and increasingly across NATO and allied democracies facing peer-level cyber and hybrid threats. As the dedicated market leader in rail cybersecurity with proven operator adoption and leading certifications, Cylus represents a strategic asset for technology sovereignty in critical infrastructure defense. The platform's visibility across train control, signaling, and OT layers enables threat detection and incident response at the system level, supporting broader national critical infrastructure cyber defense strategy. Strategic value extends to Israeli technology leverage in international rail security partnerships and to broader industrial control system security advancement.
Key Technologies
- Rail-specific behavioral anomaly detection for train control systems
- OT asset discovery and vulnerability mapping across signaling and SCADA
- Threat hunting and forensics for signaling protocol anomalies
- Real-time monitoring for safety-critical operational technology networks
- Incident response orchestration and operational continuity for rail operators
- IEC 62443 SL3-compliant security architecture and compliance framework
- Multi-vendor rail system integration and heterogeneous OT environment support
Use Cases & Applications
- Detecting and responding to cyber threats in train control and signaling systems
- Securing passenger information systems and station CCTV against unauthorized access
- Monitoring SCADA and dispatch systems for operational anomalies and cyber sabotage
- Ensuring continuity of critical rail infrastructure during hybrid cyber-physical attacks
- Compliance demonstration for EU NIS2 Directive and ISO/IEC rail security standards
- Supporting national resilience and defense logistics through rail network hardening
- Incident forensics and threat intelligence for rail operators and infrastructure authorities
- Protecting modernized autonomous or semi-autonomous train operations from cyber disruption
Sources and verification
This profile is based on public-source research, Claw & Talon curation, and editorial judgment. Inclusion does not imply endorsement, partnership, investment, or a recommendation to transact. Readers should still confirm current status, customers, funding, and product claims before relying on this profile.
Public sources
The links below are visible public references used for source discipline around company identity, status, funding, customer, acquisition, public-company, or other material claims where available.
- Official website Primary public reference for company identity, positioning, and current web presence.
- Profile update timestamp Last updated in the Claw & Talon database on May 5, 2026.
Investor Lens
What this entry is
Private startup
Why it may matter
Cylus may matter as a Cybersecurity entry with not currently an investable standalone company for Israeli technology research.
How an independent investor should read this
Not currently an investable standalone company. Read this profile as a starting point for independent verification, not as a recommendation or suitability assessment.
Evidence to verify
- Verify current status
- Verify traction
- Verify cap table/funding
- Verify technical claims
- Verify regulatory/export-control issues
- Verify customer concentration
Main investor questions
- Is the company currently active, independently financeable, and raising or not raising on terms you can verify?
- What customer, revenue, product, and technical evidence supports the company story?
- What valuation, cap table, rights, and follow-on assumptions would govern any private exposure?
- Does the dual-use claim map to actual commercial and government/defense/resilience buyer evidence?
- What evidence would change the thesis or show that the profile is stale?
What not to infer
- Inclusion does not imply endorsement.
- Inclusion does not imply allocation availability or current fundraising.
- Scores do not indicate investment suitability or expected returns.
- Strategic importance does not automatically imply venture return potential.
Diligence questions
- What evidence verifies Cylus's current customer traction, deployment status, and revenue concentration?
- Which technical claims are independently demonstrable today, and which remain roadmap or pilot-stage assertions?
- Where does the product create real defense, intelligence, critical-infrastructure, or emergency-response value beyond ordinary commercial adoption?
- How does the platform integrate into existing SOC, cloud, identity, or compliance workflows without adding operational burden?
- What would disconfirm the priority signal: weak customer references, thin technical differentiation, poor capital efficiency, or limited allied-market access?
Related sector
See the Cybersecurity sector page for market context, related subcategories, and other Israeli companies in this part of the database.
Related companies
Need a diligence readout?
Use the profile and related checklists as a starting point. If the decision needs more context, request a company screen, founder-call prep, diligence memo, or sector readout.