If you only skim the AI headlines, it looks like 2026 is the year of agents, copilots and “AI factories.” Look closer at the deal tape, and a quieter story emerges: in Q1, the largest cheques were written for infrastructure and security companies that sit between models and the real world.
From observability and identity to cloud security and AI guardrails, a handful of acquisitions in the first three months of 2026 show where strategic control in the AI era actually lives—and how fast that control is consolidating.
This isn’t a complete catalogue of AI‑related M&A. It is a look at the AI infra and security deals that did more to reshape the stack in Q1 than any model acquisition could.
1. Snowflake → Observe: Telemetry becomes Table Data
On 7–8 January, Snowflake announced its intent to acquire Observe, a cloud‑native observability vendor, to deliver “AI‑powered observability” directly on the Snowflake platform. Industry coverage pegs the deal at roughly 1 billion dollars, though Snowflake has not formally disclosed a price.
Observe already ran on top of Snowflake; the acquisition turns that alignment into a first‑party capability, allowing logs, metrics and traces to live alongside business data in the AI Data Cloud. For AI and SRE leaders, the strategic move is clear: the same data cloud that powers analytics and copilots now also powers incident analysis, cost optimisation and AI agent telemetry, compressing what used to be multiple toolchains into one shared substrate.
Why it matters: Q1 made it explicit that “observability as data” is no longer just an architectural idea—it is being productised into AI platforms. Snowflake’s move sets expectations that the AI data layer will also be the observability layer for agents and applications.
2. Palo Alto Networks → Chronosphere: From Logs to Autonomous Response
On 28 January, Palo Alto Networks closed its acquisition of Chronosphere, a high‑cardinality observability platform built for cloud‑native environments. Analysts and M&A trackers estimate the deal value at roughly 3.35 billion dollars, making it one of the largest observability exits to date.
Chronosphere brings a scalable time‑series and event engine that can ingest, aggregate and route telemetry from modern microservices at internet scale. For Palo Alto, the acquisition is explicitly about feeding that telemetry into its Cortex XSIAM and Prisma platforms, so AI‑driven threat detection and autonomous response can see what’s happening across infrastructure, networks and applications in real time.
Why it matters: Security‑first observability used to mean instrumenting specific security tools; this deal signals a shift to security on top of full‑stack observability, with AI systems acting on that data without human intervention in the fastest paths.
3. Palo Alto Networks → CyberArk: Identity becomes an AI Control Surface
Just two weeks later, on 10 February, Palo Alto Networks completed its acquisition of CyberArk, long regarded as a leader in privileged access and identity security. The purchase price—around 25 billion dollars according to multiple analyses—puts it among the largest security transactions on record.
Where earlier Palo Alto deals were about network, cloud and workload visibility, CyberArk plants a flag squarely in human and machine identity: who is allowed to do what, where, and under which conditions. As enterprises roll out agents that can open tickets, reset accounts or move money, that permissioning layer becomes an AI control plane in its own right.
Why it matters: Q1 confirmed that identity and privilege are not just compliance topics—they are foundational to how AI agents will be constrained, audited and trusted in production environments.
ALSO READ: Disrupting Threats Before They Materialise: AI’s Expanding Role in Investigations
4. F5 → CalypsoAI: Guardrails at the Application Edge
At the end of January, F5 announced its intent to acquire CalypsoAI, a startup focused on “advanced AI guardrails” for large enterprises. Previous reporting placed the transaction around 180 million dollars, though F5’s statement emphasised strategy over price: the company wants to embed model validation, policy enforcement and content controls where AI traffic already passes—through its application delivery and security stack.
CalypsoAI specialises in testing and constraining model outputs—detecting prompt injection, hallucinations, and policy violations, and enforcing rules on what agents and LLMs are allowed to say or do. Combining that with F5’s position in front of web and API traffic creates a path to “AI‑aware” application firewalls and gateways.
Why it matters: Rather than treat AI guardrails as a separate product, this deal pushes safety and policy enforcement closer to where requests and responses already flow, which is where many enterprises prefer to enforce security.
5. Google → Wiz: Cloud Posture for the AI Age
On 10–11 March, Google announced that it had completed its acquisition of Wiz, a cloud security platform that quickly became one of the fastest‑growing cybersecurity companies of the last decade. The transaction, valued at around 32 billion dollars, is widely reported as the largest pure‑play security acquisition ever.
Wiz built its business by scanning cloud environments for misconfigurations, vulnerabilities and data exposure using an agentless architecture and a unified security graph. In Google’s press and investor framing, that same graph is now being positioned as a foundation for AI‑aware cloud security—protecting training data, inference workloads and cross‑cloud AI services as enterprises mix models, regions and providers.
Why it matters: Most AI risk discussions still focus on models and prompts; this deal underlines that cloud posture and data exposure are where many of the practical risks sit—and that controlling that layer is strategically worth tens of billions.
6. OpenAI → Promptfoo: Evaluation and Red‑teaming Go First‑party
Also on 10 March, OpenAI acquired Promptfoo, a tool that many teams were already using to test and evaluate LLM applications across a variety of criteria, from hallucinations and jailbreaks to task‑specific performance. Coverage notes that Promptfoo claimed usage at roughly a quarter of Fortune 500 companies, making it a de facto standard for evaluation in many enterprise teams.
Bringing Promptfoo in‑house gives OpenAI a mature framework for structured evaluation, red‑teaming and regression testing that can be integrated into its own agent platform, enterprise offerings and upcoming Workspace Agents. It also signals that evaluation—long treated as an implementation detail—is now part of the product surface for enterprise AI, not a sidecar maintained by customers.
Why it matters: Q1 showed that eval and safety tools are being pulled inside major model providers. For buyers, that raises the question: how much of your evaluation stack do you want to outsource to the model provider, and how much must remain independent?
ALSO READ: The Security Gap Enterprises Are Creating as They Scale AI Agents
7. ServiceNow → Armis: Connecting AI Workflows to the Physical World
ServiceNow’s acquisition of Armis, a cyber‑exposure platform focused on unmanaged and OT/IoT assets, sits at the edge of Q1: the intent and strategic framing were laid out in early January, with the final completion announcement arriving on 19 April. The price—7.75 billion dollars in cash—puts it in the top tier of security and infra transactions.
Armis gives ServiceNow detailed visibility into every connected device on a network: industrial control systems, medical devices, building automation, vehicles, and more. Combined with ServiceNow’s existing workflow and automation platform, the acquisition is being explicitly pitched as a way to tie agentic AI and automation to conditions in the physical world—where a model’s decision can close a valve, isolate a hospital device or reroute a logistics network.
ALSO READ: ServiceNow unveils AI Experience for Enterprise AI
Why it matters: This deal completes a triangle: ServiceNow already orchestrated digital work; with Armis, it can see the physical estate that work depends on, and then layer AI agents on top of both. For enterprises, it’s a preview of how “AI factories” will eventually span data centres, applications and real‑world assets.
What Q1’s AI Infra Deals Tell Us
Taken together, Q1’s AI infra and security deals sketch a clear pattern:
- Telemetry and observability are being absorbed into AI data clouds and security platforms so that agents and models can see what’s happening across systems in real time.
- Identity and exposure are being treated as the primary control surfaces for agentic systems, with multi‑billion‑dollar bets on who controls privileged access and cloud risk graphs.
- Guardrails and evaluation are shifting from niche tools to core product features inside major infra and model providers.
For AI and data leaders, the lesson is simple: when you plan your own stack and strategy for solution providers, pay as much attention to these control planes as you do to the models themselves. The buyers in Q1 certainly did.
ALSO READ: 2025’s Top 16 Acquisitions in AI & Data
