The defence tech boom is quietly spawning an entirely new category of cybersecurity startup, one less concerned with phishing emails and compromised laptops and far more interested in what happens when autonomous machines start talking to each other at scale.
Buried inside Resilience Media’s recent ‘100 Startups to Watch 2026’ list is a pattern that looks increasingly difficult to ignore.
A huge chunk of the companies attracting money across Europe and the US are not building traditional enterprise security products – they’re building software and infrastructure for drones, autonomous vehicles, satellite networks, AI systems, battlefield sensors, and machine-to-machine communications.
In doing so, many are effectively creating a new kind of cybersecurity market almost by accident.
For a long time, the security industry largely revolved around protecting employees and corporate infrastructure. The attack surface was people clicking things they should not click, laptops connecting from coffee shops, and servers waiting to be patched. Even cloud security largely followed the same logic: protect the workforce, secure access, monitor behaviour, repeat.
But that model breaks down pretty quickly once the “users” are autonomous drones sharing data across jammed and contested networks.
A glance through the Top 100 list shows how quickly the market is shifting. Companies such as Helsing, Shield AI, Saronic and SWARMER are building increasingly autonomous military and defence systems powered by AI, sensor fusion, and machine decision-making. Others, including Auterion and Applied Intuition, focus on the software layers underpinning autonomous vehicles and robotic systems.
Alongside them sits a parallel ecosystem of startups tackling the security and trust problems those systems inevitably create.
Estonia’s Vegvisir and Latvia’s Origin both sit at the overlap between autonomy and cybersecurity, while Britain’s Arondite is building software designed to manage and orchestrate autonomous defence systems securely across complex operational environments. Reality Defender focuses on detecting synthetic media and AI-generated deception, which becomes increasingly important as autonomous systems rely heavily on machine-generated intelligence and communications.
Even companies that do not describe themselves primarily as cyber firms increasingly operate inside what looks like a security problem: Tekever builds autonomous surveillance drones and maritime intelligence systems; True Anomaly focuses on space security and orbital defence infrastructure; and Alpine Eagle develops airborne counter-drone systems designed to detect and intercept hostile autonomous aircraft.
All three rely heavily on secure communications, resilient software, trusted sensor data, and systems capable of operating in contested environments where spoofing, jamming, and interference are routine.
The underlying problem is trust. Autonomous systems need to keep operating through GPS spoofing, jammed communications, manipulated sensor data, and hostile attempts to tamper with the software feeding updates into machines already deployed in the field.
That is pulling a much wider range of security and infrastructure companies into the defence ecosystem. British startup Post-Quantum focuses on quantum-resistant encryption, while Sitehop builds encrypted networking hardware for high-speed systems where reliability and latency matter. Both now sit alongside autonomous defence and drone companies because modern military systems increasingly depend on secure machine-to-machine communications.
Elsewhere, startups such as Augur and DefSecIntel Solutions focus on the growing mess that arises when AI systems start making decisions in real-world environments. Suddenly, the risks are no longer limited to someone tricking a chatbot into saying something stupid – the problems now include manipulated sensor feeds, poisoned data, AI deception, and autonomous systems making bad decisions at machine speed.
The result is a defence startup ecosystem that increasingly resembles a parallel cybersecurity industry.
That doesn’t mean the old security market disappears. Companies will still need endpoint protection, identity management, cloud security, and phishing defences for a very long time yet. Humans remain more than capable of clicking on catastrophic things without any assistance from AI.
But the centre of gravity is beginning to shift. The next major security battleground may not be employee laptops or corporate SaaS accounts. It may be fleets of autonomous systems making decisions independently across hostile networks while trying to determine whether the machine on the other side is friendly, compromised, or lying.
