Opinion
Anthropic’s revolution is a wake-up call for Israeli cyber
The Israeli market remains strong, but the question of whether cyber is still an "excellent" investment now yields a complex answer.
A few days ago, Anthropic announced that a model it developed- not a dedicated cybersecurity product, but a general reasoning engine- demonstrated unprecedented autonomous capabilities. It identified a 27-year-old security flaw in the OpenBSD operating system, known for its extreme hardening, and exposed a 16-year-old bug in the FFmpeg software library that automated tools had scanned 5 million times and missed. The model chained vulnerabilities in the Linux kernel to achieve privilege escalation, and in tests on the popular Firefox browser, it generated 181 working exploits, compared to just two by the previous model. These capabilities did not stem from specific cyber training, but from a fundamental leap in the model's ability to reason through code.
For entrepreneurs and investors in the Israeli cyber sector, this is a moment that demands a total re-examination of the assumptions we have grown accustomed to.
A Record-Breaking Year Meets a New Technological Reality
2025 was a historic peak for Israeli cyber, with exits totaling $72.6 billion and funding rounds reaching $8.27 billion. Wiz was sold for $32 billion, CyberArk for $25 billion, and Cyera tripled its valuation to $9 billion. Yet, simultaneously, the emergence of models like Claude Mythos raises a concrete question: What happens when the ability to detect and exploit vulnerabilities- skills that were once rare and expensive- becomes cheap, fast, and ubiquitous? Which parts of the ecosystem were priced based solely on that rarity?
The cybersecurity field exists on a spectrum. At one end is vulnerability discovery and exploitation; at the other is enforcement and operations. AI hits the "Discovery" end first. The cyber firm XBOW recently took first place on HackerOne by completing tasks in 28 minutes that would take a veteran researcher 40 hours. JFrog lost a quarter of its market value in a single day as the market internalized the implications of AI-driven code security.
On the other hand, enforcement and operations remain complex. The "defensive moat" is no longer finding the bug; it is the ability to filter 10,000 findings down to the three that are relevant to the client, integrate the fix into the CI/CD pipeline, prove regulatory compliance, and ensure the fix doesn't crash production. Therefore, companies relying on deep integration and customer trust will survive the plummeting cost of discovery.
The "8200 Premium" Under Question
The myth of Israeli cyber is built on roughly 1,000 graduates of Unit 8200 per year, who make up 80% of company founders, with an average acquisition price of $317 million. But we must ask: How much of this premium was derived from the scarcity of vulnerability researchers?
A SANS report for 2026 shows that 61% of organizations have reduced security roles due to AI. If the local advantage was the "handcrafting" of exploits, that scarcity is evaporating. Another warning sign appeared with Anthropic’s Project Glasswing; while its partner list included giants like Microsoft and Palo Alto Networks, not a single young Israeli company was included in the initial cohort.
Is this the end of Israeli cyber? Absolutely not. The ecosystem is known for its rapid adaptation. Companies like Noma Security and Check Point's recent acquisitions show that the industry is responding. However, the direction must shift.
Value is moving toward areas AI cannot touch: physical constraints. Hardware-based security, supply chain verification, and network isolation are becoming strategic assets. No reasoning model can generate an algorithmic hack that bypasses a physical limitation. Much like how AWS didn't destroy software but rather empowered companies like Salesforce that "owned" the customer relationship, AI models will do the same for cyber.
The Israeli market remains strong, but the question of whether cyber is still an "excellent" investment now yields a complex answer. The $72.6 billion year may have been the peak of the old model. The industry won't disappear, but for companies that fail to anchor themselves deep within operations or the physical world, returns may shift dramatically. In the world of Claude Mythos, the talent to find a bug is no longer the ticket to becoming a unicorn; the ticket is the talent to manage the incident within the actual guts of the organization.
Yaniv Golan is a Co-founder and General Partner at lool ventures, a firm specializing in early-stage startup investments.
