Vellox™ AI Cyber Platform
Zero Trust + Identity Security
EO 14028 Compliance Driver
Federal Cyber M&A Wave 2026
Booz Allen Hamilton has acquired Defy Security, a 60-person identity security and zero trust specialist, in a move that significantly enhances its Vellox™ AI cyber platform. The acquisition brings Defy’s continuous authorisation technology — which enables real-time access adjustment based on behavioural signals and threat intelligence — into the Vellox platform, closing the loop between threat detection and automated access response. The deal positions Booz Allen as the most capable federal AI cybersecurity contractor entering Q2 2026.
The acquisition arrives in the context of an active federal cyber M&A wave: SAIC acquired Cylerian in January 2026, Leidos acquired ArcGuard in February 2026, and now Booz Allen has acquired Defy. All three deals reflect the same strategic logic — federal contractors need AI-native security capabilities to remain competitive for agencies pursuing zero trust implementation under Executive Order 14028.
Traditional access control is binary and static: you authenticate once and maintain access until the session expires. Zero trust demands continuous authorisation — persistent verification of every access request using current context including user behaviour, device health, network location, and threat intelligence. Defy’s technology operationalises this continuous model, enabling access to be dynamically adjusted or revoked in real time as risk signals change. This is the component most federal agencies lack in their zero trust implementations.
What Defy Security Built and Why Booz Allen Wanted It
Defy Security specialised in two interlocking problem areas: identity security and zero trust continuous authorisation. Identity security — ensuring that only the right humans, machines, and services have access to the right resources — is the first pillar of any zero trust architecture. But identity is not static. User behaviour changes, credentials get compromised, and threat context evolves continuously throughout a working day.
Defy’s answer was a platform that monitors behavioural signals continuously — login patterns, data access rates, application usage, geolocation, and device health — and uses AI to adjust access privileges in real time based on the current risk profile. This is fundamentally different from legacy multi-factor authentication or conditional access policies that trigger only at login. ITTech Pulse covered the announcement noting that Defy’s technology was already deployed in several federal civilian agency pilots before the acquisition.
What Vellox™ Becomes With Defy
Booz Allen’s Vellox™ was already a capable AI-powered threat detection and response platform, but it had a gap: the detection-to-response loop was not fully closed. Vellox could identify threats and generate recommendations, but the access adjustment response — actually changing what a potentially compromised user or device could access — required human review and separate tooling.
Defy’s continuous authorisation engine closes this loop. When Vellox detects an anomalous behavioural signal — a user accessing unusual data volumes, a device showing unexpected network activity — Defy’s engine can automatically restrict access for that specific identity or device while investigation proceeds, without requiring a SOC analyst to manually execute the change. This detection-to-response automation is the capability gap that Defy fills, and it transforms Vellox from a monitoring tool into an active defensive control.
Federal Cyber M&A Landscape in 2026
The three major federal cyber acquisitions of Q1 2026 — SAIC/Cylerian, Leidos/ArcGuard, and Booz Allen/Defy — reflect a common structural reality: the major federal IT contractors built their cybersecurity capabilities in an era before AI was a viable deployment technology. Rebuilding those capabilities organically is too slow given the pace of federal procurement cycles and agency demand. Acquisition is the fastest path to a competitive AI-native cyber offering.
The driver is Executive Order 14028, signed by President Biden in 2021, which mandated zero trust architecture adoption across US federal civilian agencies. The original deadline — end of fiscal year 2024 — was broadly missed, with most agencies achieving partial implementation. The Biden administration’s final push and the incoming administration’s continuation of zero trust as a policy priority means federal agencies are actively procuring zero trust implementation services and tools in 2026.
The missed FY2024 deadline for federal zero trust implementation did not reduce the pressure — it concentrated it. Agencies that haven’t yet achieved full zero trust compliance are now under scrutiny from OMB and congressional oversight committees. This translates into active procurement activity for zero trust implementation services, identity security tools, and continuous authorisation platforms. The Defy acquisition positions Booz Allen perfectly for this procurement wave.
What This Means for Zero Trust Adoption
The broader implication of the Booz Allen/Defy deal — and the federal cyber M&A wave it’s part of — is that zero trust is no longer a policy aspiration for federal agencies. It is an active procurement priority backed by executive mandate and increasingly backed by the mature tooling and services ecosystem to implement it.
For private sector organisations watching the federal space, the message is instructive: the capabilities being built and acquired by federal contractors will eventually migrate to commercial offerings. Zero trust continuous authorisation — real-time, AI-driven access adjustment based on live behavioural and threat signals — is the next evolution of enterprise identity security, and the federal government’s procurement activity is accelerating the maturation of the vendor ecosystem that will serve commercial customers within two to three years.
Frequently Asked Questions
Networkcraft tracks federal cyber policy, M&A activity, and zero trust implementation across government and enterprise.