The Wrong $350 Million
In September 2023, CrowdStrike CEO George Kurtz stood on stage at Fal.Con and explained exactly what he was buying.
“The cloud is cybersecurity’s new battleground,” he said. The answer the industry had given so far was “disjointed point security tools or platforms with multiple consoles and agents.” Bionic fixed that. For $350 million, CrowdStrike would own application security posture management. Complete code-to-runtime cloud security from one unified platform. The first company to close the gap.
The thesis was clean. CrowdStrike had the endpoint. Add application visibility and you own the stack. No upstart could build that from scratch fast enough to matter.
Three years later, Google paid $32 billion for Wiz.
Wiz was founded in 2020 by Assaf Rappaport and three colleagues who had all worked together building Microsoft Azure’s internal security architecture. They knew the cloud stack from inside the machine. By the time Google closed the deal in March 2026, Wiz had passed $1 billion in ARR and was inside more than 50 percent of the Fortune 100.
The $350 million bet was supposed to close the category. It proved the category was worth $32 billion and that someone else was already winning it.
CrowdStrike’s market cap is north of $90 billion. It has the resources to respond. After the Wiz deal closed, it acquired SGNL for $740 million and kept building. The platform thesis is intact. The runway is real.
But Kurtz described the exact gap in 2023. He named the battleground. He bought the company that was supposed to fill it. Then the team that built Microsoft’s internal answer to the same problem reached $1 billion in revenue without a single CrowdStrike sensor.
The acquisition did not close the category. It announced it.
Every dollar CrowdStrike spent on Bionic is now a footnote in the Wiz deal memo.
👉 Read the agentic security news. Instantly analyze the threat vector, see if it applies to your setup, and find the gaps with our interactive playbook. All free.
👉 Follow me on LinkedIn | X | Substack for weekly analysis of real agent failures, control gaps, and what the frameworks are and are not catching.