If they can't retrofit AI, they'll acquire it
Speculation on AI acquisitions
This year, I’ve worked with vendors who offer AI-native equivalents to automation, security, and observability. These include n8n’s workflow-based agent builder, Exaforce’s AI-native SecOps automation, and Canopus’ eBPF and Agentic combo for network observability.
I noted that these vendors use LLMs as a core part of their products. This is in contrast to how the majority of established vendors are implementing LLMs, which pointed me to a simple conclusion.
You can’t really retrofit AI.
I know of some good LLM implementations from big vendors, like Riverbed, Crowdstrike, and ServiceNow. However, most established players have a hard time retrofitting AI into their existing products, resulting in a lousy copilot. When under pressure to add “AI” on their home page, vendors end up simply feeding a bunch of semantically ambiguous data sources into an LLM, which, in turn won’t generate anything useful or reliable.
So if you can’t retrofit, you might as well acquire. AI-native startups will have already architected their LLMs with memory, retrieval, guardrails, etc. They will also have some way of contextualizing, normalizing, and correlating third-party data sources. They may even have their own collection agents that can ingest the type of data they need for their AI agents. Yes, agents for agents.
I expect that we’ll see a ton of acquisitions in the enterprise IT space. The ball already started rolling, as you can see in the section below.
Acquisitions so far
There have already been a lot of acquisitions in the AI Security space, i.e. products that secure LLM usage. This makes sense because virtually everyone’s using LLMs now. Addressing the security concerns associated with their problems (prompt injection, data leaks) means big $$$ for the security vendors. Security vendors also have to be inherently agile, so it’s expected that they would move quickly with acquisitions as well. I link below
’s analysis:
In short, these are the following AI Security acquisitions.
Apex by Tenable
Protect AI by Palo Alto Networks
Onum by CrowdStrike
Invariant Labs by Snyk,
I also want to look at non-security vendors that acquire AI-native products to integrate in their wider portfolio. There are not too many that I found, which is why I’d also like to use these few data points to extrapolate some future acquisitions.
ServiceNow acquired Moveworks’ front‑end AI assistant and enterprise search technology. ServiceNow is already a good reference point for adding AI into an existing product, and I read this acquisition as being specific for use cases such as CRM.
Workday announced it has acquired Flowise, an LLM-first low-code automation platform that can build AI agents. Workday is a business management tool which also seems to have invested quite heavily into AI. But if “this acquisition provides Workday with an industry-leading agent builder that will accelerate innovation across its platform”, it definitely was struggling with some capabilities that are available with Flowise’s product.
IBM announced it will acquire expertise and license technology from Seek AI, who appear to provide a “chat with your data” copilot. I get the “acquire for expertise” part, but I don’t know what Seek developed that IBM couldn’t write in house considering IBM’s pedigree for AI research.
The targets: AI-native categories
I recently put AI-native products (for enterprise IT) in 8 buckets,
AI SOC
AI SRE
AI NOC
AI DBA
AI FinOps
AI Browsers
AI Workflows
AI VM and Security Posture
I’ll use most of these categories as the basis for speculation on some acquisitions.
AI acquisition forecasting
AI SOC
I expect the established players in security operations, particularly SIEM players will acquire the LLM-native SOC automation products. Some SOAR products have naturally pivoted into heavy AI usage, like D3, Torq, Tines, Swimlane, but realistically I don’t expect any would make any acquisitions.
Target: Exaforce, Prophet, Simbian, Radiant, Dropzone, AIStrike
Acquirer: PAN, Fortinet, Securonix, Devo, Sumo Logic, OpenText
Some SIEM vendors have developed very good LLM-based capabilities in house, such as Crowdstrike’s Charlotte AI and Hunters not-a-SIEM SIEM. Therefore, I don’t expect these to gain a lot from acquisitions.
AI SRE
AI SREs automate the infrastructure operations part, which includes ITOps, DevOps, and obviously SREs. They’ll be good targets for established players in the ITSM and observability spaces.
Target: Rootly, Cleric AI, Grokstream, Firefly AI, Unryo, Neubird
Acquirer: ServiceNow, Opentext, PagerDuty, BMC, Datadog, New Relic
AI NOC
Networks are considerably harder to automate using LLMs than the aforementioned SOC and SREs. You can look at the three vendors I found in the space that they do a lot more than calling ChatGPT. Canopus’ SuperNetFlow is an eBPF based sensor that performs analysis on encrypted traffic, with LLMs only being the last stage in the automation process. Selector’s featureset include a proprietary correlation engine and a digital twin. NetAI doesn’t even use LLMs, they use GNNs
Target: NetAI, Canopus AI, Selector AI
Acquirer: SolarWinds, NETSCOUT, Kentik, Cisco, Plixer, Broadcom, Arista, HPE
Any of the acquirers above can buy all three AI NOC vendors with little to on overlap. Cisco is heavily into acquisitions and these products can also play well into Splunk. SolarWinds and NETSCOUT can use the portfolio rejuvenation. Arista is also entering the observability market and could be a good acquirer.
AI FinOps
The low-hanging fruit of Cloud FinOps is the excellent documentation and community content for hyperscalers. With so much content, LLMs have a much easier time understanding the syntax and semantics compared to other sets of products. Being cloud-native, these acquisitions can also be a much easier integration exercise compared other toolsets. Cloud cost optimization is also a ubiquitous need, so any cloud management platform can easily benefit from these.
Target: Sedai, Cloudgov, Quali
Acquirer: Dell, HPE, Flexera, Cloudzero, Cloudbolt, IBM
AI Browsers
This one is rather tricky. Browser are often consumer-oriented, and enterprise-oriented browser are focusing on security rather than productivity. I don’t expect those who have their own browsers to acquire another browser. So who would benefit most for offering enterprise clients an AI-native browser?
The funny one here is Perplexity, who claimed they wanted to buy Chrome.
Target: Sigma Browser, Dia Browser, Browser-Use, Fellou, Perplexity
Acquirer: ?
AI Vulnerability and Posture Management
LLMs offer a good opportunity to do a multi-modal analysis of both vulnerability data and documentation, as well as the customer’s environment, which has so far been difficult to achieve. These tools also rely on data ingested from cloud vulnerability scanners, so these tools offer a great opportunity for vertical integration. Phoenix and Pointguard also do some runtime analysis, which is cool.
Target: Opus, Phoenix, Cogent, Maze, Qwiet, Pointguard AI
Acquirer: Qualis, Tenable, Sysdig, Wix, Armis, Palo Alto Networks