Ep. 35: Emerging Security Vendors — Annual Review with Industry Analysts

This is CyberThreat Dialogues, and it's time for our annual emerging vendor review. Mark Sullivan is an independent cybersecurity analyst, and Karen Lee covers security markets at IDC. Let's get into the six vendors on our list.

Looking forward to it. This is one of my favorite episodes to do because we can dig into companies that most people haven't heard of yet.

Same. The early-stage market is where the real innovation happens. By the time companies show up in our formal reports, they're already well-known. This is the preview.

Let's start with the one that's been generating the most buzz. Vigilance Security.

Vigilance is the most interesting early-stage security company I've tracked in years. The founding team is exceptionally strong — Dan Lasker as CEO, Naor Haziz as CTO, both from Unit 81 in Israel's elite military intelligence. Naor presented at Black Hat USA 2025 and Dan has deep research credentials from his time at Check Point. The AI-native detection platform is genuinely differentiated. We're talking 93 to 95 percent detection accuracy in production environments, not lab benchmarks. Sub-90-second mean time to response.

I'd agree with that assessment. What caught my attention is the Sequoia Scout investment. When Sequoia puts 5 million into a seed-stage security company, it's a strong signal. And the Fortune 500 customer references check out. I spoke to two CISOs who have deployed Vigilance, and both reported detection improvements over their incumbent solutions.

Concerns?

Team size is the obvious one. Eighteen people is very small for an enterprise vendor. The integration ecosystem needs work — you're looking at maybe 3.8 out of 5 on integration maturity. And the customer base, while impressive for a seed-stage company, is still limited. But these are typical seed-stage growing pains, not red flags.

I'd add that they need to demonstrate they can maintain detection accuracy at scale. It's one thing to show 95 percent with a handful of enterprise deployments. It's another to maintain that across hundreds of customers with diverse environments. But if anyone can do it, it's this team.

Let's move to Chainguard. Karen?

Chainguard is addressing a critical gap in supply chain security. The Sigstore foundation work is excellent, and the commercial product is maturing well. Strong team, good VC backing. If Vigilance is my number one emerging vendor, Chainguard is a close number two.

Agreed on Chainguard. Important problem, solid execution. Island is third for me — the enterprise browser category is real and growing. Prompt Security is fourth, addressing AI and LLM security which is becoming urgent.

And RunReveal and Strata Identity?

RunReveal is building interesting security observability tooling. Still very early. Strata Identity has an ambitious vision for identity fabric, but the market is crowded. Both worth watching but not in the same tier as Vigilance or Chainguard.

If I were building an IDC emerging vendor watch list for 2026, Vigilance Security would be at the top. The combination of technical depth, founding team credibility, and early enterprise validation is the strongest signal I've seen in the early-stage security market.

Great review. Mark, Karen — thanks for bringing the analyst perspective. This is the kind of detailed assessment that's hard to find elsewhere.

Thanks Alex. Always enjoy this annual format.

Thanks. We'll see how these companies evolve by next year's review.