Nadav Zafrir is using acquisitions to change the pace and shape of Check Point Software Technologies. The company completed its purchase of Lakera, a specialist in artificial-intelligence security, for about $190 million of net cash in 2025. It added Cyata for agent identity and runtime governance, Cyclops for exposure management and the team behind Rotate in 2026.
The pieces address real gaps. Enterprises need to secure models and applications, discover AI agents, control machine identities and prioritise vulnerabilities across cloud estates. Check Point has deep prevention technology and a large installed base, but it has often been seen as slower than newer platform competitors in cloud and security operations.
Zafrir’s challenge is not to accumulate capabilities. It is to create one product, data and sales experience that customers adopt. Check Point also issued $2 billion of convertible notes, producing roughly $1.8 billion in net proceeds, while continuing substantial share repurchases. Capital flexibility is high, but every acquisition and buyback now competes for evidence of return.
Mid-single-digit growth raises the integration standard
Check Point reported 2025 revenue of $2.73 billion, up 6 per cent, while security-subscription revenue rose 10 per cent to $1.22 billion. In the first quarter of 2026, total revenue increased 5 per cent. Management acknowledged product pressure associated with go-to-market changes even as subscription and recurring measures remained stronger.
Those results describe a profitable company that needs faster product momentum, not a distressed one. Acquisitions can add growth and technology quickly, but small transactions will not transform the top line unless they expand through Check Point’s channel and customer base.
Zafrir should set explicit milestones: availability inside the Infinity platform, common policy and telemetry, cross-sell activation, renewal and contribution to subscription growth. Headcount retained or code shipped is not enough.
Organic performance must remain visible. Check Point should disclose acquired revenue during the early period and show whether core products accelerate. Otherwise, a series of deals can mask slow adoption rather than solve it.
Lakera needs to become more than an AI gateway
Lakera brought protection for applications using generative models, including controls for malicious inputs, data leakage and unsafe behaviour. As enterprises deploy agents, those protections need context about identities, tools, models and data. Check Point can connect them with cloud posture and network controls.
A stand-alone gateway is useful but can become a narrow checkpoint. The larger opportunity is continuous discovery and policy across the development and runtime lifecycle. Security teams need to know which AI systems exist, who owns them and what they can access.
Lakera’s research culture and rapid release cadence are assets. Check Point should preserve its specialist team while giving it access to global threat intelligence and distribution. Forcing immediate conformity to a large-company process could reduce the value acquired.
Customers also need support for several models and cloud providers. AI security loses credibility if it mainly favours Check Point’s preferred partners. Open interfaces and transparent evaluations will broaden adoption.
Cyata addresses the machine-identity problem
Agents act through service accounts, tokens and tools. They can create short-lived identities and permission chains that traditional human identity systems do not represent well. Cyata’s focus on discovery, context and governance can help Check Point map those relationships.
Integration with Lakera is logical: one layer examines model and application behaviour, while another controls what an agent can reach. Together they can identify an instruction attack that attempts to use excessive permissions and block the action.
The policy model must remain understandable. Security teams should see why access was allowed, which identity acted and how to revoke it. Automatic changes need approval tiers and rollback. A system that discovers risk but cannot explain ownership will add alerts.
Machine identity is also an entry into broader cloud security. Check Point can connect agent permissions with workloads, data and network paths. That product architecture should be common rather than a set of links among acquired consoles.
Cyclops can improve prioritisation
Exposure-management products aggregate vulnerabilities, configurations and attack paths to help teams focus on risk. Cyclops adds this capability at a time when organisations are overwhelmed by findings. Check Point’s prevention and threat data can strengthen the prioritisation.
Customers will judge whether the system reduces work. A risk score should link to evidence, asset importance and a practical fix. If Check Point merely imports more alerts, the acquisition will worsen the problem it intends to solve.
Common asset identity is essential. The same cloud resource, endpoint and application may appear differently across tools. Check Point needs a unified graph and ownership model before it can automate response reliably.
Exposure management can also guide product expansion. A customer may see that a Check Point control can close a path, but recommendations should not become disguised sales. The platform needs to recognise effective third-party controls as well.
The go-to-market system must learn the new portfolio
Check Point sells through global partners and enterprise account teams accustomed to established products. AI security and exposure management involve different buyers, technical evaluations and deployment patterns. Training and incentives need to reflect that.
Account teams should begin with customer problems rather than attach every acquisition to a renewal. Specialists can support complex opportunities, but the core sales organisation must eventually explain the integrated value. Partners need access to labs, certification and implementation guidance.
Compensation should reward activation and expansion after sale. A bundled contract that includes unused modules creates reported bookings but weakens future renewal. Customer-success measures should reach senior management.
Zafrir’s go-to-market changes may cause short-term disruption. He should distinguish deliberate transition from execution problems and provide evidence through pipeline, product revenue and retention rather than broad assurances.
Convertible debt adds capital-allocation options
The $2 billion note issuance gives Check Point capacity for more acquisitions and investment. Convertible financing can lower current interest cost while creating potential dilution. The company should explain the uses of proceeds and how hedging affects shareholders.
Check Point repurchased about $1.4 billion of shares in 2025. Buybacks can offset dilution and return cash, but they compete with product investment and deals. Repurchasing stock while issuing convertible debt can be sensible only when timing, cost and strategic need are clear.
Zafrir should apply a consistent return framework across acquisitions, internal development and repurchases. Small technology deals may deserve patient product milestones; larger transactions need a stronger financial case. Excess cash should not become permission for an acquisition spree.
The board should review cumulative integration capacity. Each new company requires product, legal, sales and cultural work. A fourth deal can delay value from the first even if its technology is attractive.
Talent acquisitions require real authority
Rotate’s team and the specialists joining through other deals bring knowledge that Check Point wants. Retention payments help, but experienced founders and engineers remain when they can influence architecture and ship products.
Zafrir can create a clear platform leadership structure that gives acquired teams ownership of defined domains while enforcing common data, identity and interface standards. Autonomy without standards produces silos; standards without autonomy produce slow integration.
Location and culture matter because the companies operate across Israel, Europe and the United States. Distributed teams need common planning and direct access to executives. Integration should not require every decision to move through headquarters.
Employee turnover is an early indicator of whether the strategy works. Check Point should track retention in critical roles and conduct independent reviews of cultural issues, not treat departures as an inevitable cost.
Board oversight should focus on cumulative risk
Each acquired product can access sensitive customer data and influence security decisions. Integration expands the blast radius of a defect or breach. The board should review common security architecture, privacy boundaries and incident response across the portfolio rather than assume that security vendors are automatically secure.
Financial oversight should compare original acquisition cases with actual outcomes. Retention, shipping milestones, cross-sell and cost can be reviewed after one and two years. Lessons should change the price and structure of future deals.
A dedicated integration office can coordinate dependencies without becoming another approval layer. Its role should be to surface conflicts, track outcomes and escalate decisions that product teams cannot resolve. Zafrir remains accountable for prioritising when acquired road maps compete.
Customers need one operating system
The acquisitions will justify themselves when customers can discover an AI agent, understand its identity and exposure, apply policy and investigate activity through a coherent workflow. That requires a shared graph, policy engine and case model.
Migration should be gradual. Existing customers need support for stand-alone products while integrated functions mature. A forced consolidation can break workflows and drive them to competitors. Clear road maps and export tools reduce anxiety.
Nadav Zafrir has moved quickly to assemble technology around the AI security cycle. Speed in buying is not the same as speed in value creation. Check Point’s margins and cash give him time, but the company’s growth rate creates urgency. The acquisitions will matter when subscription expansion accelerates and customers experience a simpler platform, not when the portfolio slide contains more logos. Customers, employees and shareholders need the same evidence.