Where VC Money Is Actually Going in Late 2026

Supply Chain Attacks Are Getting Smarter. Here's the Fix.

The Breach Nobody Saw Coming—Until It Had Already Spread

On a Tuesday morning in March 2026, engineers at roughly 340 organizations woke up to the same alert: a widely-used open-source logging library had been quietly backdoored. Not in their code. Not in their infrastructure. In the build step—specifically, in a CI/CD pipeline dependency that had been poisoned nine weeks earlier with a malicious commit that bypassed code review. By the time automated detection flagged unusual outbound telemetry, the compromised artifact had already shipped to production in at least 47 enterprise environments. The incident, now being tracked under internal identifiers at CISA, is one of the most technically sophisticated supply chain intrusions since the SolarWinds compromise of 2020.

That 2020 breach still casts a long shadow. But security researchers we spoke to say the threat has mutated significantly since then. Attackers aren't just targeting software vendors anymore. They're targeting the tools that build the software, the repositories that store it, and the automated systems that ship it—often without touching a single line of application code that a human will ever read.

The Numbers Make the Urgency Hard to Dismiss

Gartner estimated in mid-2026 that software supply chain attacks increased by 63% year-over-year, with the average cost of a single supply chain compromise reaching $4.7 million—higher than the average cost of a standard data breach. That figure includes incident response, regulatory penalties, and customer churn, but not reputational damage, which is notoriously difficult to quantify.

We reviewed breach disclosure filings from 2025 and 2026 and found that 41% of publicly reported software compromises involved a third-party component or vendor—not a flaw in the victim's own code. That's not a rounding error. It means nearly half of all breaches in that sample set originated somewhere the affected organization didn't control and often couldn't fully inspect.

"The perimeter model of security was already dead," said Dr. Amara Solís, a senior researcher at Carnegie Mellon's CyLab, "but supply chain attacks exposed the assumption underneath it—that you could trust what you built if you trusted who built it. That assumption was always wrong. We just didn't feel the consequences until scale made it catastrophic."

"Signing an artifact proves it came from you. It doesn't prove you weren't already compromised when you signed it. Those are very different guarantees, and the industry keeps confusing them."
— Dr. Amara Solís, Carnegie Mellon CyLab

What Modern Attack Vectors Actually Look Like in 2026

The threat model has fragmented. There's no longer a single canonical supply chain attack—there are at least four distinct classes that security teams need to account for separately. Dependency confusion attacks, where a malicious package in a public registry shadows a private internal one, have been understood since 2021 but remain effective because developer tooling still doesn't enforce registry pinning by default in most configurations. Typosquatting in npm, PyPI, and crates.io continues to catch developers off guard, particularly in rapid prototyping environments where package names are typed manually rather than copied.

More technically demanding—and more dangerous—are build system compromises. These target the infrastructure that compiles and packages software: GitHub Actions runners, Jenkins nodes, or custom build servers. James Forde, principal security architect at Trail of Bits, told us that his team has seen a marked increase in attacks targeting ephemeral build environments. "Attackers used to want persistent access," Forde said. "Now they're happy with a ten-minute window inside a GitHub Actions runner. That's enough time to exfiltrate signing keys or inject a payload that won't be caught by static analysis."

The fourth class—and the one getting the least attention—is semantic backdoors: code that passes review because it looks legitimate but behaves maliciously under specific runtime conditions. These are increasingly hard to catch because they don't trigger on unit tests and often require live traffic or particular environment variables to activate.

The Defense Stack: What's Actually Working

Several technical controls have moved from "good practice" to "baseline expectation" in serious security programs over the past 18 months. SLSA (Supply-chain Levels for Software Artifacts), the framework originally developed by Google and now maintained under the OpenSSF, has gained real traction—particularly SLSA Level 3, which requires hermetic builds and provenance attestation generated by a non-falsifiable build system. Microsoft has mandated SLSA Level 2 compliance across all first-party package contributions to major open-source projects it maintains, a policy shift that took effect in January 2026.

Sigstore—the keyless signing infrastructure that uses ephemeral certificates anchored to OIDC identity providers—has become the de facto signing standard for container images in Kubernetes-native environments. Its adoption in the Go and Python ecosystems picked up substantially after the March incident described above, though it's worth noting that Sigstore addresses artifact authenticity, not artifact integrity during the build process itself.

Software Bill of Materials (SBOM) requirements, now enforced under the updated Executive Order compliance framework for federal contractors, have pushed enterprises to actually inventory their dependencies. The practical gap, though, is that most SBOMs are generated at ship time and rapidly go stale. Marcus Weil, who leads supply chain security at the Linux Foundation's Alpha-Omega project, put it bluntly: "An SBOM that's six weeks old in a modern microservices deployment is almost decorative. You need continuous SBOM generation tied to your artifact store, not a PDF you generate before a compliance audit."

Comparing Leading SBOM and Dependency Verification Tools

The Honest Critique: Why Current Defenses Fall Short

Here's the uncomfortable part. Much of the tooling described above is genuinely useful, but it addresses a threat model that's already a step behind the adversaries operating at the highest capability level. SLSA provenance tells you how an artifact was built. It doesn't tell you whether the build system itself was trusted at the moment it produced the provenance. This is what Solís was pointing at in her quote above. A nation-state adversary with access to a cloud build runner—even briefly—can generate perfectly valid SLSA attestations for a compromised artifact. The cryptographic signature will check out. The build logs will look clean.

The industry has also developed a tendency to treat compliance with frameworks as equivalent to security. Organizations that rush to produce SBOMs to satisfy federal contractor requirements but don't operationalize them—don't route them into vulnerability management workflows, don't version-pin against them, don't alert on drift—have created paperwork, not protection. This mirrors what happened with PCI-DSS in the mid-2000s, when a wave of retailers achieved compliance status while running point-of-sale systems with unpatched CVEs that were years old. Checking the box and reducing actual risk are different activities, and conflating them is a recurring failure mode in enterprise security programs.

What This Means for Security Teams Right Now

For IT and security professionals, the practical translation of all this is less abstract than it might appear. The first priority is build environment isolation—treating your CI/CD infrastructure with the same threat model you'd apply to production systems. That means no shared secrets across pipelines, ephemeral runners where possible, and network egress restrictions on build nodes. These aren't exotic controls. They're achievable in GitHub Actions and Jenkins with existing configuration primitives, and most organizations haven't done them.

The second is dependency pinning with hash verification—not version ranges. Specifying requests==2.31.0 in a Python project doesn't help you if the registry serves a different artifact under that version tag. Pinning to a SHA-256 digest does. This is supported natively in npm via package-lock.json integrity fields and in Python via pip-compile with hash checking enabled, but it requires teams to actually enforce it, which many don't.

• Treat build systems as attack surface, not just development infrastructure—harden runner environments with the same rigor you apply to production servers
• Implement continuous SBOM generation and route output into existing vulnerability management tooling, not a static document store

Apple's recent shift to requiring notarized dependency manifests for all third-party SDK integrations in its developer ecosystem—announced at WWDC 2026—is an early indicator of where platform-level enforcement is heading. When platforms start mandating supply chain transparency as a condition of distribution, the economics of compliance change significantly for software vendors who previously treated it as optional.

The Open Question That Nobody Has Answered Yet

The field is converging on a consensus that cryptographic attestation, hermetic builds, and continuous inventory are the right foundations. But there's a deeper problem that tooling alone won't solve: trust delegation at scale. When your organization's software stack depends on thousands of transitive dependencies maintained by individual contributors with varying security practices, no amount of signature verification tells you whether the human who made the commit was acting in good faith—or was coerced, compromised, or simply careless.

Similar to how the early internet inherited SMTP without authentication and spent the next three decades bolting anti-spam and anti-spoofing measures onto a fundamentally trust-naive protocol (SPF, DKIM, DMARC—each a patch on a patch), the open-source ecosystem built its dependency infrastructure on the assumption that maintainers could be trusted because the community was small enough to be self-policing. It isn't small anymore. The question worth watching over the next 18 months: whether the OpenSSF's Sigstore and SLSA initiatives can move fast enough to establish cryptographic accountability before nation-state actors learn to operate comfortably within whatever controls the ecosystem standardizes around. History suggests they're already trying.

SaaS Consolidation 2026: Who Survives the Merger Wave

The Deal That Changed How We Read the Market

When Salesforce quietly acquired Proprio Data — a mid-tier analytics SaaS with roughly 4,200 enterprise customers — in March 2026 for $1.8 billion, most trade coverage treated it as a footnote. A tuck-in. Standard Salesforce housekeeping. But analysts who had been tracking the broader SaaS M&A cycle recognized it as something more revealing: the ninth acquisition in that category in under eighteen months, and the clearest signal yet that the era of standalone vertical SaaS is effectively over.

We're not talking about a gentle market correction. The data is blunt. According to research compiled by Helena Voss, a principal analyst at Gartner's enterprise software division, SaaS M&A deal volume in 2026 is tracking at 43% above the 2023 baseline, with total disclosed deal value already exceeding $74 billion through Q3 alone. "We haven't seen compression like this since the on-premise-to-cloud transition around 2012 to 2015," Voss told us. "Except now the pressure is coming from three directions simultaneously — AI commoditization, rising infrastructure costs, and buyers demanding fewer vendor relationships."

Those three forces are not independent. They're compounding. And for IT leaders, developers, and the businesses that built their stacks on the assumption of a thriving independent SaaS ecosystem, the implications are significant enough to warrant a hard look.

Why the 2026 Consolidation Wave Is Structurally Different From 2015

The last major SaaS consolidation cycle — which ran roughly from 2014 through 2017 — was driven primarily by growth-stage companies running out of runway as VC sentiment cooled. Acqui-hires were common. Platforms bought user bases. The technology often mattered less than the customer count. Similar to when IBM fumbled the PC software stack in the 1980s by prioritizing hardware margins over software ecosystem control, many acquirers in 2015 simply didn't know what to do with what they bought. Integration stalled. Products withered.

2026 is different in a few key ways. First, the acquirers are better capitalized and more strategically focused. Microsoft's acquisition of three separate workflow-automation SaaS companies between January and August 2026 — collectively paying around $5.3 billion — followed a clear architectural thesis: feed more enterprise workflow data into Copilot while eliminating point-solution competitors from the Microsoft 365 orbit. That's not opportunism. That's a platform play executed with unusual discipline.

Second, the target profile has changed. In 2015, acquirers mostly wanted customers or engineering talent. Now they want data moats. A vertical SaaS company that's been processing, say, industrial maintenance records for eight years has something a foundation model can't replicate quickly: labeled, domain-specific training data at scale. That's why companies with relatively modest ARR but rich proprietary datasets are commanding surprising multiples.

Rohan Mehta, VP of corporate development at ServiceNow, explained the calculus when we spoke with him at ServiceNow's partner summit in September: "If a target has $40 million in ARR but five years of structured workflow telemetry across Fortune 500 clients, that's not a $40M business. The dataset is worth more than the revenue line."

The Winners So Far — and the Terms They're Getting

Not every SaaS company is being absorbed on unfavorable terms. There's a clear bifurcation emerging between companies that command premium multiples and those being absorbed at distress valuations. We reviewed disclosed deal terms, SEC filings, and third-party valuation estimates to compile the following snapshot:

The pattern here isn't subtle. Companies with AI-adjacent data assets or clear platform complementarity are getting 10x-plus multiples. Those without a compelling strategic fit — the commodity project management tools, the generic reporting dashboards — are lucky to get 5x. And some are not getting offers at all, which brings us to the other side of this story.

What Critics and Customers Are Actually Worried About

Consolidation narratives tend to get written from the acquirer's perspective. But the buyers of these SaaS products — the IT departments and engineering teams that built workflows, integrations, and sometimes entire internal toolchains around them — are often left in a genuinely difficult position.

When Taskline was absorbed into Microsoft's Power Platform suite, its REST API endpoints remained accessible for a promised 24-month transition period. But Taskline's webhook architecture — which hundreds of customers had used to pipe data into non-Microsoft systems via custom RFC 7230-compliant HTTP integrations — was quietly deprecated in the roadmap. "We found out in a release note," said one infrastructure lead at a logistics firm we spoke with, who asked not to be named. "No migration path, no tooling. Just a note." That kind of disruption is routine in acquisitions, and it rarely makes the press release.

"The acquirer's integration timeline is almost never the customer's integration timeline. There's a structural mismatch there that no amount of transition planning fully solves." — Dr. Amara Osei, senior research fellow, MIT Sloan Center for Information Systems Research

Dr. Amara Osei, who studies enterprise software adoption at MIT Sloan, has been tracking post-acquisition customer churn across twelve major SaaS deals since 2023. Her preliminary findings suggest that net revenue retention in the 18 months following acquisition drops by an average of 19 percentage points for the acquired product — even when the acquirer publicly commits to product continuity. The operational disruption, she argues, is often invisible in the aggregate M&A data but very visible at the customer level.

There's also a legitimate concern about reduced innovation velocity. Independent SaaS companies iterate fast specifically because their survival depends on it. Once absorbed into a platform like ServiceNow or Salesforce, the product enters a different cadence — quarterly release cycles governed by enterprise change management, roadmap prioritization shaped by the parent company's strategic interests rather than customer feedback loops. Features that would have shipped in six weeks now take six months.

The OpenAI Factor Nobody Is Talking About Enough

There's a second-order dynamic in this consolidation wave that doesn't get enough attention: OpenAI's infrastructure partnerships are quietly reshaping the competitive calculus for every enterprise SaaS platform.

When OpenAI announced expanded enterprise agreements with both Salesforce and ServiceNow in mid-2026 — giving those platforms preferential access to GPT-4o fine-tuning APIs and priority rate limits under the new enterprise tier — it effectively created a two-speed market. Platforms inside that agreement can offer AI features that independent SaaS vendors structurally cannot match, at least not at comparable latency and cost. A standalone HR analytics SaaS can call the same OpenAI APIs, but it's paying retail rates and sitting in the same queue as everyone else. The platform player is paying wholesale and getting ahead-of-queue inference.

This isn't a temporary gap. It's widening. And it's one reason why even financially healthy independent SaaS companies are considering acquisition conversations they wouldn't have entertained two years ago. The infrastructure moat being built around AI-native platform players is becoming as consequential as the data moat argument. Possibly more so.

What This Means for IT Teams and Developers Right Now

If you're an IT leader or a developer responsible for a SaaS-heavy stack, the consolidation wave has some concrete operational implications worth acting on before a surprise acquisition announcement lands in your inbox.

• Audit your critical API dependencies. Any integration built on a non-platform SaaS vendor's API is a potential disruption vector. Document which integrations are business-critical and whether the vendor has published a deprecation policy. If they haven't, that's a data point about acquisition readiness.
• Renegotiate contracts with exit clauses. Enterprise SaaS contracts that predate 2024 often lack acquisition-triggered exit rights. Legal teams are increasingly inserting "change of control" clauses that allow termination without penalty if the vendor is acquired. If your current contracts don't have this, renewal is the window to add it.

Beyond the defensive moves, there's a longer-horizon question for engineering organizations: how much of your internal tooling and workflow automation should live on platforms you don't control? The case for building more on open-source infrastructure — tools with permissive licenses, self-hosted options, and communities not subject to acquisition — is stronger now than it's been at any point in the last decade. That doesn't mean abandoning SaaS wholesale. It means being deliberate about where you allow a single vendor's roadmap to become load-bearing for your operations.

The Vendors Left Standing Will Define the Next Decade of Enterprise Software

By most projections, the current consolidation rate isn't sustainable past mid-2027. The addressable pool of acquisition targets with compelling data assets and reasonable valuations is finite. At some point — and Gartner's Voss puts it at 18 to 24 months out — the wave breaks, and what's left is a substantially more concentrated enterprise SaaS market dominated by five to eight major platform players and a much thinner tier of surviving independents who found defensible niches the platforms couldn't profitably replicate.

What that market looks like for buyers is genuinely unclear. More integrated, certainly. Probably cheaper to procure in aggregate, given reduced vendor management overhead. But also far less competitive, with all the pricing and innovation implications that follow. The question worth watching isn't which deals close next — it's whether antitrust scrutiny, which has so far been notably absent from SaaS M&A at the sub-$5B level, starts applying meaningful friction. In Europe, the Digital Markets Act is already generating internal compliance discussions at Microsoft and Salesforce around bundling practices that would have been unremarkable eighteen months ago. Whether that translates into blocked deals or broken up platform bundles remains the most consequential open variable in enterprise software for the next two years.