Cylake is an AI-native cybersecurity platform that delivers unified threat detection and response exclusively through on-premises and private cloud deployment, ensuring all security data stays within the customer’s perimeter. It is an AI security platform built for government agencies, critical infrastructure operators, and regulated enterprises where data sovereignty is a hard requirement — not a preference.
Cylake launched in March 2026, founded by three cybersecurity veterans: Nir Zuk, who founded Palo Alto Networks in 2005 and served as its CTO for over two decades; Wilson Xu, who spent more than a decade building Palo Alto Networks’ engineering organization; and Ehud (Udi) Shamir, a co-founder of SentinelOne.
The company raised $45 million in seed funding led by Greylock Partners, with partner Asheem Chandna leading the investment. This ranks among the largest seed rounds in cybersecurity history, reflecting investor confidence in the founding team and the unaddressed market gap for sovereign AI-native security.
What is Cylake?
There is a real tension in enterprise cybersecurity: the best security platforms require sending data to vendor cloud infrastructure, but government agencies, critical infrastructure operators, and heavily regulated enterprises often cannot send security telemetry outside their perimeter.
Cylake combines hardware and software into a single system that collects operational and security data from network infrastructure, endpoints, cloud workloads, and existing security tools. All of it feeds into one data foundation processed entirely within the customer’s environment.
ML models and automated workflows run locally — analyzing patterns, correlating events across sources, generating alerts — without any data leaving the organization. Cylake calls this “agentic protection”: AI-driven security analysis that operates autonomously inside the customer’s own infrastructure.
Key Features
| Feature | Details |
|---|---|
| Deployment Model | On-premises and private cloud exclusively |
| Architecture | Combined hardware and software platform |
| Data Collection | Network, endpoint, cloud workload, and security tool telemetry |
| Analysis | AI-native ML models running locally |
| Correlation | Cross-source event correlation across entire technical stack |
| Automation | Agentic protection workflows for autonomous detection and response |
| Investigation | Automated investigation workflows without external data export |
| Data Sovereignty | All processing within customer-controlled environments |
| Integration | Connects to existing security tools and infrastructure |
| Target Market | Government, critical infrastructure, regulated enterprises |
| Funding | $45M seed (Greylock Partners, March 2026) |
| Product Status | Design partner phase; product availability anticipated early 2027 |
The data sovereignty gap
Most modern cybersecurity platforms — including those built by the Cylake founders’ previous companies — process data in vendor-operated cloud environments. This works for many organizations, but it creates a hard constraint for those subject to strict data residency requirements.
Government agencies, critical infrastructure operators (energy, water, transportation), and enterprises in highly regulated industries (defense, certain financial services, healthcare) often cannot use cloud-delivered security products at all. Their current options are either fragmented on-premises tools or selectively segmenting data to send only sanitized subsets to cloud platforms.
Cylake is trying to close this gap by bringing cloud-grade AI security capabilities inside the customer’s perimeter.
Unified data approach
Rather than deploying separate tools for network detection, endpoint protection, cloud workload security, and log analysis, Cylake consolidates all security-relevant data into a single foundation. The platform then applies AI-native analytics across the full dataset, finding patterns and correlations that siloed tools miss.
This mirrors the data-driven approach that cloud security platforms have proven effective — comprehensive visibility leads to better detection — but executes it entirely within the customer’s infrastructure.
Getting Started
When to use Cylake
Best for: Government agencies, defense contractors, critical infrastructure operators, and regulated enterprises that need AI-driven cybersecurity but cannot send security telemetry to vendor cloud infrastructure.
Cylake targets a specific market: organizations that need modern, AI-driven cybersecurity but cannot use public cloud infrastructure for security operations. If data sovereignty is a hard requirement — not a preference, but a regulatory or operational mandate — Cylake is one of the few platforms built from scratch for that constraint.
The founding team’s track record at Palo Alto Networks and SentinelOne gives credibility to the technical vision, and the $45M seed round from Greylock provides runway for platform development. However, Cylake launched in March 2026 and is currently working with design partners, with product availability anticipated in early 2027.
For a broader overview of AI security solutions, see the AI security tools guide. For cloud-delivered AI security with runtime protection, consider WitnessAI (single-tenant option) or NeuralTrust (split-plane architecture with on-prem data plane).
For AI-specific threat detection in cloud environments, see HiddenLayer or Protect AI Guardian. For open-source AI security testing, look at Garak or Promptfoo.
