This is the second in a three-part series on the AI Governance market. Part 1: Understanding AI Governance: A Market Map. Part 3: We Built the Enforcement Layer. Here’s Why.
Every major computing shift produces the same governance crisis. Cloud was no different. Neither is AI.
A new computing paradigm arrives faster than security and governance can respond. Point solutions emerge to address specific slices of the problem. The market fragments. Enterprises struggle to make sense of dozens of vendors all claiming to solve “the” problem. And then the platform players start writing checks.
This is exactly what happened with cloud security between 2015 and 2025. And the way it played out tells you almost everything you need to know about where AI governance is headed.
The Cloud Security Fragmentation Problem
When enterprises started moving workloads to the cloud in earnest around 2013-2015, the security tooling landscape was a mess of point solutions addressing different slices of a problem nobody fully understood yet.
Qualys and Tenable were scanning for vulnerabilities. Splunk was ingesting logs. CyberArk was handling privileged identity. Palo Alto Networks was doing network security. Veracode was scanning code. Each was genuinely good at its specific problem. None of them covered the full picture.
Then containers happened. Then serverless. Then infrastructure-as-code. Each new pattern created a new security gap, and a new set of startups rushed to fill it.
By 2018, a CISO trying to secure a cloud-native environment was managing a sprawling set of tools: a CSPM for cloud posture, a separate tool for container security, another for IaC scanning, another for runtime workload protection, another for cloud identity. The vendors all claimed to be “cloud security platforms.” Most were genuinely solving one specific layer.
Sound familiar?
The Consolidation Arc
Here’s what happened next, and why the sequence matters.
The enforcement layer got acquired first.
In May 2019, Palo Alto Networks acquired Twistlock — the leader in container runtime security — for $410 million. At the time, Twistlock had raised $63 million in total funding. The acquisition multiple was built almost entirely on strategic value, not revenue. The reason Palo Alto paid that price is the same reason it matters: Twistlock sat in the execution path of every container workload. It was the thing that evaluated what a container was actually doing at runtime and decided whether to allow or block it.
That’s the enforcement layer. And the platform players understood, before the market did, that whoever owned the enforcement layer owned the architecture.
Six weeks later, Palo Alto acquired PureSec, the serverless security leader. In 2021, they acquired Bridgecrew — an open-source IaC security scanner with over a million downloads — for $156 million. Two years old at the time of acquisition, $18 million raised. Again, the multiple was strategic. Bridgecrew sat at the point in the development workflow where infrastructure configuration decisions got made. Owning that layer meant influencing everything downstream.
Meanwhile, CrowdStrike was running the same playbook on the endpoint and identity side. In 2020 they acquired Preempt Security, adding identity-based threat detection to the Falcon platform. In 2021 they acquired Humio for $400 million, adding log ingestion and analytics. Not because CrowdStrike couldn’t build logging — because buying Humio was faster than building it, and the data layer feeds everything else.
The endpoint enforcement layer came first. The observability and analytics layers came later.
Then Gartner invented the category name.
CNAPP — Cloud-Native Application Protection Platform — didn’t exist as a term until 2021. By the time analysts published the first Market Guide for CNAPP, Palo Alto had already assembled most of the capability through acquisitions. Wiz had already reached $100 million ARR. The consolidation wave was already underway.
The category name arrived after the market had already decided who the players were.
Then the hyperscalers closed the loop.
In March 2025, Google acquired Wiz for $32 billion — the largest cybersecurity acquisition in history. Wiz had reached $100 million ARR in 18 months. The multiple was somewhere between 45x and 65x revenue. Why? Because Wiz had become the de facto cloud security layer across AWS, Azure, and GCP simultaneously. Owning Wiz meant Google owned a governance and visibility layer that sat above all three clouds.
The enforcement layer, once again, commanded the strategic premium.
The AI Governance Parallel
The AI governance market in 2026 looks almost identical to the cloud security market in 2018.
There are point solutions addressing specific slices of the problem. Vendors are claiming comprehensive platform coverage while genuinely solving one or two layers. Analysts are publishing market guides that lump together fundamentally different problems. Enterprises are struggling to evaluate solutions against a backdrop of confusing and overlapping claims.
And the same three-layer structure is emerging:
| Cloud Security (2015-2020) | AI Governance (2024-?) |
|---|---|
| Vulnerability scanning | Model risk and bias assessment |
| Identity and access management | User and developer governance |
| Runtime enforcement | Agent runtime governance |
| Log management and observability | AI observability and audit |
| IaC / shift-left security | Policy-as-code for AI pipelines |
The pattern that played out in cloud security suggests a few things about what comes next in AI governance.
The enforcement layer gets acquired first, at strategic multiples. Twistlock was acquired at a multiple that had nothing to do with its revenue. The acquirer was paying for architectural position — being in the execution path. The same logic will apply to whatever sits in the execution path for AI agents. Not the dashboard. Not the policy document. The thing that evaluates what an agent is doing at the moment it does it, and decides whether to allow, block, or escalate.
The platform players will acquire to close gaps — but the acquirer pool is wider than most expect. Palo Alto didn’t acquire Twistlock because they wanted to get into container security. They acquired it because their existing customers were deploying containers and they needed to cover that layer. The same dynamic will drive AI governance acquisitions — security, observability, and infrastructure platform players acquiring to fill the layer their existing customers are asking for.
But there’s a second category of vendors that didn’t exist in the cloud security era: data and storage platform players whose core revenue is being disrupted by AI itself. Snowflake, Databricks, and Rubrik are all making moves in this space — not primarily because their customers are asking, but because frontier AI models are reshaping how enterprises store, process, and govern data. The deals are already happening. Veeam acquired Securiti AI for $1.7 billion in December 2025 to combine data resilience with AI governance. Snowflake acquired Natoma — an MCP governance and access control platform founded in 2024 — to build a trusted control plane for AI agents operating across enterprise systems. Rubrik acquired Predibase in June 2025 to accelerate agentic AI from pilot to production. And Palo Alto Networks, as we covered in a previous post, acquired Portkey to become the routing and visibility layer inside Prisma AIRS.
For these vendors, owning the AI runtime governance layer isn’t just a product expansion. It’s a defensive move. If AI agents become the primary interface through which enterprises interact with their data, then the governance layer for those agents is the new control plane — and whoever owns it owns the architecture. That’s a different and more urgent motivation than filling a customer request.
The category name will arrive after the consolidation has started. By the time an analyst firm publishes a Magic Quadrant for “AI Agent Governance” or “Agentic AI Security,” the enforcement layer leaders will already have been acquired or will be in late-stage conversations. The window between “emerging market” and “platform acquisition target” is shorter than most people expect — in cloud security it was roughly three to four years from category emergence to major consolidation.
What This Means If You’re Buying
If you’re an enterprise evaluating AI governance vendors today, the cloud security analogy suggests a few things worth keeping in mind.
The platform players will consolidate this market. The vendors you evaluate today may not exist as independent companies in two years. Ask about roadmap and ownership structure. Understand what happens to your implementation if the vendor gets acquired and integrated into a larger platform.
The enforcement layer is the hardest to replace. In cloud security, enterprises that had deeply integrated a runtime enforcement layer found it far more disruptive to replace than a dashboard or a reporting tool. The same will be true for AI governance. The tool that sits in the execution path of your agent workflows — that evaluates actions before they execute — is the one you want to choose carefully.
Gartner categories are a lagging indicator. The cloud security market proves this. By the time the analyst category is named and the Magic Quadrant is published, the best strategic positions are already taken. The enterprises that got cloud security right didn’t wait for the market to consolidate before making architectural decisions. They understood the layers, picked the right enforcement point early, and built from there.
The AI governance market is at approximately the 2018 moment in the cloud security analogy. The point solutions have emerged. The fragmentation is real. The platform players are paying attention.
The consolidation is coming. The question is whether you understand the layers well enough to make the right architectural bet before the market makes it for you.
Next in the series: We Built the Enforcement Layer. Here’s Why.
