By 2026, the integration of artificial intelligence into cybersecurity solutions is expected to profoundly transform the way businesses protect themselves from cyber threats. Several start-ups are already illustrating this strategic shift by offering promising solutions and showcasing a new generation of tools capable of anticipating, automating and strengthening businesses' resilience to digital threats.

By 2026, the integration of artificial intelligence into cybersecurity solutions is expected to profoundly transform the way businesses protect themselves from cyber threats. Several start-ups are already illustrating this strategic shift by offering promising solutions and showcasing a new generation of tools capable of anticipating, automating and strengthening businesses' resilience to digital threats.

By S&D Magazine

 

Developing offensive tests

Despite still limited adoption in 2023 – at 15% – automated pentests are now growing rapidly1. In 2024, automated web scans increased by 126%, while vulnerabilities detected by automation increased by 38.7% compared to the previous year2. Since 2020, French start-up Patrowl has been helping companies anticipate threats and stay one step ahead of attackers. Its SaaS solution focuses on automating intrusion testing and continuously monitoring the external attack surface. Aware of the disparity in cyber maturity levels between organisations, Patrowl has structured its offering into two parts. The first, called Advanced EASM, offers dynamic mapping of exposed assets and includes educational tools such as Risk Insights to raise awareness among teams, as well as real-time monitoring of actively exploited vulnerabilities via the Trending Attacks module. This operational foundation enables even the smallest security teams to detect, understand and prioritise remediation actions. "Operational resilience cannot be improvised. Too many organisations still have basic gaps to fill before moving on to automation. Patrowl's first level allows them to structure their approach in an educational way, without false positives, using concrete indicators., explains Nicolas Mattiocco, chairman and co-founder of Patrowl3. The second level, CART (Continuous Automated Red Teaming), introduces continuous automated pentesting. It combines active monitoring, vulnerability contextualisation, remediation recommendations and the integration of human experts into the analysis loop. However, this hyper-automation requires organisations to have the means to react quickly and manage risk reduction on an ongoing basis. "Continuous pentesting is a powerful technology, but it requires an organisational capacity to react quickly, integrate feedback into development or operational cycles, and drive a continuous risk reduction strategy. Hence the need to offer a progressive path." says Vladimir Kolla, CEO and co-founder of Patrowl, winner of the Assises Innovation Award in 2023.

Detecting potential attack vectors using AI

991% of companies believe that AI enables faster detection of cyber threats4. 60% of them already use it for this purpose5. &As demand grows, so does supply! We are seeing more and more companies developing in this field, such as Cybi. Founded in 2022, the result of work by the RESIST team from Inria and Loria, it offers Scuba, a machine learning-powered solution capable of detecting potential attack paths in networks and proposing targeted countermeasures. With the rise of the Internet of Things — refrigerators, lamps, sockets, watches — every connected object can become an entry point to an entire network. "Today, most cyber attacks operate in a chain, moving from one object to another to find bridges and entry points. An object may have a good security score but can also become a gateway as soon as it is networked with other objects. I tested this at home, where my highly rated Internet box served as a bridge for all attack scenarios." emphasises Frédéric Beck, research engineer at Inria 6. Scuba therefore makes it possible to map these attack chains and neutralise risks upstream, thereby protecting critical systems without interrupting their operation. At the heart of the reactor, artificial intelligence analyses CVE (Common Vulnerabilities Exposure) databases, which list billions of vulnerabilities. It reads, correlates and anticipates intrusion paths, providing analysts with decision-making tools to prioritise defensive actions. « Scuba is not an autonomous robot, but an assistant designed to address the shortage of experts and speed up the processing of vulnerabilities. »7  explains Abdelkader Lahmadi, member of the RESIST team..

Securing data through fragmentation

44% of companies have already been victims of a data breach in the cloud8. Cyberattacks against the cloud are on the rise. The risk is high: access to sensitive data. Remember that 47% of company data stored in the cloud is considered sensitive.9. Data security is a major challenge for businesses. Astran's software could be part of the solution. It secures data by fragmenting it, meaning that in the event of a failure, bug or attack, the company will still have access to its strategic documents and data thanks to this fragmentation and dispersion of data across multiple cloud storage locations.« Beyond data security, companies want above all to be able to operate without interruption, even in the event of a crisis. So we are putting in place emergency systems that, with the help of an AI agent, can take over in the event of a failure. »10 says Yosra Jarraya, CEO and co-founder of the start-up. The company, winner of the Assises 2025 innovation award, is part of the acceleration programme to obtain the SecNumCloud label. Ultimately, the start-up's goal is to become the benchmark for secure cloud storage.

Automate in-depth incident analysis

The integration of AI into SOCs could improve their efficiency by 40% by 2026. And start-up Qevlar AI intends to become one of the key players in this transformation. Founded two years ago and incubated by Meta and Microsoft, Qevlar AI is developing technology based on an "agentic security engine", an autonomous API combining a large language model and a proprietary knowledge graph. The goal? To automate in-depth incident analysis and provide SOC teams with clear, contextualised and actionable insights. Thanks to this solution, the start-up claims significant efficiency gains: a reduction in the time spent analysing malicious alerts from 40 minutes to just 3 minutes, a 50% reduction in the time spent on investigations, and a near-perfect classification accuracy rate of 99.8%, compared to 97% for a human analyst11. Les Assises 2025 was spot on. The start-up, which raised €14 million in April, won the Special Public Prize at the 2025 Innovation Awards at the beginning of the summer.

 

 

______

1Penetration Testing Trends: A 2023 Perspective
2Pentesting in 2025: Insights, Trends, and Predictions
3Patrowl structure son offre de cybersécurité offensive selon deux niveaux de maturité
4Ai In The Cyber Security Industry Statistics
5Cybersecurity attacks statistics - sqmagazine.co
6Cybi, la cybersécurité intelligente pour prédire les attaques
7Ibid
8Les ressources dans le cloud sont devenues les principales cibles des cyberattaques, selon Thales
9Ibid
10Astran : une cybersécurité qui permet de fonctionner en cas de défaillance
11Cybersécurité : Qevlar AI lève 14 millions de dollars pour sa solution automatisée d'investigation