The US government spends $1B on cyberattacks while cutting $1.2B from civil defense. In the same week of June 2026, two startups revealed what this means in practice: the privatization of cyber warfare is happening, and governance has not kept up. We have been tracking this movement and the signal is clear — something structural has changed.
Dream Security — from Pegasus to defense
According to the company, Dream Security raised $260M in a Series B on June 18, 2026, at a $3B valuation. The names behind it are significant: Shalev Hulio, the same figure behind NSO Group and Pegasus, and Sebastian Kurz, former chancellor of Austria. Hulio stated he wanted to move from the offensive side to defense.
The products tell the story. According to the company, SPHERE is for national defense — critical infrastructure protection at country scale. HERO performs autonomous vulnerability discovery and remediation — defensive agents that find and fix flaws before attackers exploit them. And ATLAS is sovereign AI for governments: air-gapped, no telemetry, no data leaving the country.
ATLAS responds to a real geopolitical need. According to reports, the US blocked access to Anthropic models for non-citizens. When AI becomes critical infrastructure, depending on foreign models is a sovereign risk. Sovereign AI is not a product feature — it is a state necessity. Dream Security has ARR above $100M and government-only clients. The market validated the thesis.
Twenty — industrializing offensive cyber warfare
Twenty is the other end of the spectrum. According to the company, CEO Joe Lin is a former Navy Reserve officer and former Palo Alto Networks executive. The $100M Series B on June 17, 2026 pushed the valuation to $1B — unicorn status. The investors say everything: Accel, In-Q-Tel (the CIA venture arm), and General Catalyst.
The product is AI-enabled offensive cyber warfare. According to the company, AI agents orchestrate every phase of Lockheed Martin''s Cyber Kill Chain. Twenty calls them agentic kill chains: agents that cycle through Reasoning-Action-Observation loops across hundreds of targets simultaneously. Humans stay in the loop at authorization points — but execution is autonomous.
Lin stated that Twenty was founded to industrialize cyber warfare. Clients: US military and intelligence only. Contracts: $12.6M with CYBERCOM in 2024, done in stealth. The message is clear: cyber warfare has gone from art to industry.
The three structural changes
Three structural changes enable the privatization of offensive cyber operations:
1. CYBERCOM AI budget: According to budget data, CYBERCOM allocated $138M for AI for Cyber Operations in FY2027, up from $5M in FY2026. That is a 2,660% increase. The signal to the market is unequivocal: the government wants AI in cyber operations, and is willing to pay.
2. The One Big Beautiful Bill: According to the law text, the One Big Beautiful Bill (July 2025) allocated $1B for offensive operations in INDOPACOM and $250M for CYBERCOM AI. But it cut $1.2B from civil defense. CISA lost 1/3 of its budget. The government invests in offense and divests from civil defense — a choice with consequences.
3. NDAA and civilian contractors: According to the NDAA text, the Senate included a provision for civilian contractors to conduct cyber operations under CYBERCOM. Including destructive effects. This means private companies can conduct operations with real destructive impact under military authority, without the obligations that bind commanders.
The March 2026 strategy called for unleashing the private sector to disrupt adversary networks. The three changes are the execution of that strategy.
The governance vacuum
According to Ronald Deibert of Citizen Lab, military commanders have congressional notification obligations. Corporate CEOs of defense contractors do not. This is the structural failure: the privatization of offensive operations lacks oversight.
Companies like Twenty operate under Title 10 and Title 50 without the obligations that bind commanders. AI agents, private capital, and government contracts create a new actor — neither military nor civilian — with speed and scale that oversight cannot match. When a defense contractor CEO can authorize operations with destructive effects without notifying Congress, something fundamental has broken.
The problem is not that private companies do cybersecurity — that has been happening for decades. The problem is that AI agents change the scale and speed of what is possible. A manual attacker has human limits. An AI agent in an agentic kill chain does not. And when that agent operates under a private contract without congressional oversight, the vacuum is structural.
Conclusion
The same AI agents that write your code can orchestrate a kill chain. The difference is who deploys them and under what authority. We built the agents — we need the governance to match. At Tech86, we help organizations assess their exposure to AI-enabled offensive operations and implement defensive postures that keep pace with modern threats. Cyber warfare has been privatized. Governance needs to catch up.