Snowflake, CrowdStrike, Cyera: $1.1B Spending Spree Reshapes Enterprise Security

So, What Actually Happened?

We scanned 190,000 articles this week so you don't have to, and the M&A machine is running hot while everyone else is still recovering from CES.

Snowflake just acquired Observe to bolt AI-powered observability onto their data cloud. CrowdStrike dropped $740 million on SGNL, betting that identity security is the next frontier in stopping AI-powered attacks. Cyera raised $400 million at a $9 billion valuation—because apparently data security is the new enterprise gold rush. And Gmail just got Gemini, turning your inbox into an AI assistant whether you asked for one or not.

The Bottom Line: Security and observability are the new battlegrounds. The companies that can see everything and protect everything are writing the checks.

The Tracks That Matter

1. Snowflake Swallows Observe: The Observability Land Grab

Snowflake announced its intent to acquire Observe to deliver AI-powered observability at enterprise scale. The deal brings Observe's log analytics and infrastructure monitoring capabilities directly into Snowflake's platform.

This is Snowflake playing offense. As enterprises pile more workloads into their data clouds, they need to see what's actually happening across those systems. Observability was the missing layer—and now Snowflake owns it. The strategic logic is sound: you can't optimize what you can't observe, and you can't secure what you can't see.

The timing matters too. Databricks has been eating into Snowflake's positioning with unified analytics. By adding observability, Snowflake becomes the platform where you run your data, see your data, and debug your data—all in one place. That's a powerful moat.

Here's what works: If you're running significant Snowflake workloads, evaluate the Observe integration when it lands. Native observability beats bolted-on solutions for troubleshooting at scale.

2. CrowdStrike's $740M Bet: Identity Is the New Perimeter

CrowdStrike acquired SGNL for $740 million to counter AI-driven cyberattacks. SGNL specializes in identity security—specifically, ensuring that the right people (and only the right people) can access sensitive systems.

The logic is defensive: as AI makes attacks more sophisticated, identity becomes the weakest link. Traditional authentication assumes that once you're in, you're trusted. But AI-powered attacks can mimic legitimate users with uncanny precision. SGNL's approach treats every access request as potentially hostile—continuous verification rather than point-in-time authentication.

For CrowdStrike, this fills a gap. They've dominated endpoint security, but endpoints are meaningless if attackers can simply steal credentials. Identity security completes the picture: protect the device AND protect the identity using it.

Here's what works: Review your identity security posture against AI-powered threats. If your authentication system was designed before LLMs could generate convincing phishing at scale, it's time for an upgrade.

3. Cyera Hits $9B: Data Security's Unicorn Factory

Cyera raised $400 million in Series F funding, reaching a $9 billion valuation. The AI-powered data security platform has become one of the fastest-growing companies in enterprise security.

What Cyera does is deceptively simple: it finds all your sensitive data, classifies it, and ensures it's protected. But in practice, that's a nightmare problem. Enterprise data sprawls across cloud services, SaaS apps, databases, and file shares. Most organizations genuinely don't know where their sensitive data lives—until it shows up in a breach notification.

The $9 billion valuation reflects a bet that data security will be foundational infrastructure, not optional tooling. As AI systems process more enterprise data, the attack surface grows exponentially. The companies that can map and protect that data will command premium valuations.

Here's what works: Conduct a data discovery exercise. If you can't answer ”where is all our sensitive data?” within 24 hours, you have a Cyera-shaped problem.

4. Gmail Gets Gemini: Your Inbox Is Now an AI Agent

Gmail is entering the Gemini era with AI features that turn email into an intelligent assistant. US users can now get AI-powered summaries, smart replies, and contextual suggestions directly in their inbox.

This is Google's answer to Microsoft's Copilot push. If Microsoft is embedding AI into Office (sorry, ”Microsoft 365 Copilot App”), Google is doing the same with Workspace. The race is on to make AI assistance feel native to productivity tools rather than a separate chat window.

The enterprise implications are significant. Gmail handles billions of business emails daily. If Gemini can summarize threads, draft responses, and surface action items automatically, that's hours saved per knowledge worker per week. The question is whether enterprises will trust Google with even more contextual access to their communications.

Here's what works: Pilot Gmail's Gemini features with a small team. Measure actual time saved versus theoretical productivity gains before rolling out widely.

5. Microsoft Copilot Checkout: AI Wants Your Credit Card

Microsoft launched Copilot Checkout, bringing shopping directly into the AI assistant experience. PayPal is powering the payments, making Copilot a transactional platform, not just a conversational one.

This is the logical endgame of AI assistants. If Copilot can research products, compare prices, and answer questions, why shouldn't it also complete the purchase? The friction of switching to a browser and finding the checkout page is exactly what AI is supposed to eliminate.

But it's also a massive bet on trust. Letting an AI handle your payment information requires confidence that it won't be manipulated, phished, or simply confused. Microsoft is betting that Copilot's safety guardrails are robust enough for financial transactions. We'll see.

Here's what works: If you're a retailer, start thinking about AI-native commerce channels. The checkout flow that wins in 2026 may not involve a website at all.

6. OneStream Goes Private: The $6.4B CFO Software Play

OneStream is going private in a $6.4 billion deal with Hg Capital. The corporate performance management software company is exiting public markets just a year after its IPO.

The take-private trend continues. OneStream went public in 2024, and now private equity has decided the public market wasn't valuing it correctly. At $6.4 billion, Hg is betting they can grow the company faster without quarterly earnings pressure—and eventually sell at a premium.

For CFOs, this is a signal. The financial software market is consolidating. The tools you choose today will likely be owned by different companies within 2-3 years. Build for integration and portability, not for vendor lock-in.

Here's what works: Review your CPM vendor's ownership structure and M&A exposure. Private equity ownership often means aggressive upselling and eventual resale.

7. Databricks Instructed Retriever: RAG's Next Evolution

Databricks announced Instructed Retriever, which beats traditional RAG data retrieval by 70%. The new approach uses instruction-tuned models to understand context better than standard vector search.

RAG has become the default pattern for enterprise AI—retrieve relevant documents, then generate responses based on them. But vanilla RAG has limits: it often retrieves tangentially related content and misses the documents that would actually answer the question. Instructed Retriever addresses this by training the retrieval model to understand intent, not just similarity.

For enterprises building AI applications, this is meaningful. The gap between ”good enough” RAG and ”actually useful” AI often comes down to retrieval quality. If Databricks can close that gap, their platform becomes stickier for AI workloads.

Here's what works: Benchmark your current RAG implementation against Instructed Retriever. A 70% improvement in retrieval accuracy translates directly to better AI outputs.

Signal vs. Noise

🟢 Signal: Snowflake's Observe acquisition shows that observability is becoming infrastructure, not tooling. The data platforms that can show you what's happening across your systems will command premium pricing. This isn't hype—it's operational necessity as AI workloads become more complex and harder to debug.

🔴 Noise: Apache Iceberg and Kafka are getting a lot of mentions, but the PageRank data shows flat influence. Everyone's talking about these technologies, but the actual implementation remains niche. The hype cycle is running ahead of enterprise adoption.

From the 190K

We scanned 190,000 articles this week. Here's what no one's talking about:

The Security Acquisition Trifecta

Three massive security deals in 48 hours: CrowdStrike-SGNL ($740M), Cyera's Series F ($400M at $9B), and Snowflake-Observe. Combined, that's over $7 billion in capital flowing into security and observability in a single week.

This isn't coincidence—it's coordination. The enterprise buyers are demanding integrated security-and-observability platforms, and the vendors are racing to build them through M&A. Palo Alto started this wave; now everyone's catching up.

The hidden implication: standalone security tools are becoming targets, not vendors. If you're building a point solution in security or observability, your exit strategy just became ”get acquired before you get marginalized.”

By The Numbers

• $9B — Cyera's valuation after $400M Series F, making it one of the most valuable private security companies
• $740M — CrowdStrike's acquisition price for identity security startup SGNL
• $6.4B — OneStream's take-private deal value with Hg Capital
• 70% — Improvement in retrieval accuracy with Databricks Instructed Retriever vs traditional RAG
• 130 diseases — Number of conditions Stanford's SleepFM AI can predict from sleep data
• $4.6M — Seed funding raised by AI services startup Aivar

Deep Dive: The Great Platform Consolidation

CES is over, and the real news isn't in the gadgets—it's in the deals getting signed while everyone was distracted by AI refrigerators.

The Land Grab Is Real

Three patterns emerged this week that tell the same story: the major platforms are done building incrementally. They're buying their way to complete solutions. Snowflake acquiring Observe. CrowdStrike acquiring SGNL. Microsoft and Fiserv expanding their AI collaboration. Even EPAM partnering with Cursor to build AI-native development teams.

The Moat Strategy Has Changed

Two years ago, platforms competed on features. Now they compete on surface area. The winner isn't the best database or the best security tool—it's the platform that lets you do everything without leaving. Snowflake can now store your data, run your AI, AND tell you why it's broken. That's a harder moat to cross than ”we're 20% faster.”

The Startup Playbook Is Shifting

If you're building a dev tool or security product, the exit math just changed. Getting to $100M ARR independently is now competing with ”get acquired at $50M ARR and become a feature.” The acquirers have the balance sheets, and they're spending them.

What Actually Works

1. Bet on platforms, not point solutions — The standalone tool you buy today will be acquired or marginalized within 18 months
2. Build for integration — Whatever stack you choose, ensure clean APIs and data portability
3. Watch the M&A signal — When big players acquire in a category, that category is about to be table stakes
4. Audit your vendor concentration — If one platform owns your data, your security, AND your observability, understand the risk

The consolidation wave isn't slowing down. The question is whether you're surfing it or getting swept away by it.

What's Coming

UK ICO Warns on Agentic AI Governance

The UK's Information Commissioner's Office published new guidance on agentic AI, urging businesses to proceed with caution. As AI agents become more autonomous, the regulatory frameworks designed for human-supervised systems start to break down. Expect more regulators to weigh in on agent-specific governance.

Stanford's SleepFM Predicts 130 Diseases

Stanford researchers built SleepFM, a multimodal AI model that predicts 130 diseases from sleep data alone. The implications for preventive healthcare are significant—your sleep patterns may reveal disease risks years before symptoms appear.

Genmab + Anthropic: Agentic AI in Drug Discovery

Genmab partnered with Anthropic to accelerate R&D through agentic AI. The biotech company is betting that Claude's capabilities can speed up the traditionally glacial pace of drug development. This is Anthropic's biggest enterprise pharma deal to date.

For Your Team

Thursday's meeting prompt: ”If our primary data platform acquired an observability vendor tomorrow, would we consolidate—or would we resist because of switching costs? What does that tell us about our vendor strategy?”

The Platform Dependency Framework:
1. Map your data gravity — Which platforms hold data that would be painful to move?
2. Identify single-vendor risks — If one vendor owns 3+ critical functions, you're dependent
3. Test your portability — Can you actually export and migrate within 90 days?
4. Build escape hatches — Ensure clean APIs and documented data schemas for every critical system

Share-worthy stat: ”Security M&A hit $7B+ in a single week—CrowdStrike ($740M for SGNL), Cyera ($400M raise at $9B), and Snowflake acquiring Observe. The platforms are consolidating faster than enterprises can evaluate them.”

Go deeper: Track security and data platform trends in real-time →

The Track of the Day

”The companies that can see everything and protect everything are writing the checks.”

When security becomes the prerequisite for everything else, the security vendors stop being vendors and start being platforms. That's the shift we're watching.

We scanned 190,000 articles this week so you don't have to. Data Pains → Business Gains.

Published: January 9, 2026 | Curated by Yves Mulkers @ Ins7ghts