In the constantly shifting domain of cybersecurity, few firms have challenged established norms as forcefully as Cylance. Long before artificial intelligence became a mainstream topic, Cylance staked its viability on mathematics and machine learning to forecast and halt cyber dangers—as opposed to merely responding to them. This forward-thinking method not only upended conventional antivirus paradigms but also remodeled how organizations and public sectors perceive security at the device level.
From its inception in 2012 through its prominent takeover by BlackBerry in 2018 and subsequent transfer to Arctic Wolf in 2025, Cylance’s trajectory represents a compelling narrative of ingenuity, strategic adjustments, and lasting technological effect.
Founders’ Insight: Anticipating Threats Before They Emerge
Cylance was established in 2012 in Irvine, California, by Stuart McClure and Ryan Permeh. Both brought substantial expertise from the cybersecurity sector, notably their tenure at McAfee.
Stuart McClure, a noted personality in cybersecurity, previously served as Global CTO at McAfee following the purchase of his prior venture, Foundstone, for $86 million in 2004. He was also the author of the influential Hacking Exposed collection, which became essential reading for security practitioners. His outlook for Cylance was grounded in a straightforward yet potent concept: the majority of cyber incursions are avoidable if caught early enough.
Ryan Permeh, Cylance’s co-founder and Chief Scientist, augmented McClure’s concept with deep technical proficiency. Also a former Chief Scientist at McAfee, Permeh concentrated on creating machine learning structures capable of examining the mathematical characteristics of files rather than depending on known malware definitions.
Together, they introduced a radical premise: “No definitions, no initial victim.” Rather than awaiting malware execution and then reacting, Cylance’s AI structures could determine if a file posed a threat before it ever launched. This anticipatory capability reportedly allowed the system to block dangers up to 25 months before they surfaced broadly.
Key Junctures: From New Venture to Industry Alterer
Cylance’s expansion path was swift and reshaping, characterized by vital milestones that redefined device protection.
2013: Rollout of CylancePROTECT
Cylance debuted CylancePROTECT, a lightweight, AI-powered endpoint security module. Unlike established antivirus options, it needed infrequent updates and utilized a small machine learning component (under 30MB) to spot threats, including novel and fileless attacks.
2014: Corporate Approval and Financing
The enterprise gained significant validation by securing U.S. Department of Defense IL4/5 accreditations. It also garnered $22 million in Series B capital led by Sequoia Capital, indicating robust investor belief.
2015: Unicorn Status Attained
Cylance achieved a valuation above $500 million, becoming one of the initial AI-driven cybersecurity “unicorns.” It further broadened its offerings with CylanceOPTICS, entering the Endpoint Detection and Response (EDR) arena.
2016: Expansion Phase
A $100 million Series D infusion fueled growth into server, mobile, and IoT environments, solidifying Cylance’s standing as a comprehensive endpoint security provider.
2017: IPO Preparation
Cylance filed its S-1 for a prospective initial public offering, reporting an impressive $130 million in yearly recurring revenue (ARR). The firm also forged crucial alliances with major Original Equipment Manufacturers (OEMs) such as Dell.
2018: Takeover by BlackBerry
In a noteworthy transaction, BlackBerry acquired Cylance for $1.4 billion in cash– its largest acquisition to date. Cylance became the core of BlackBerry’s cybersecurity strategy and was integrated into the BlackBerry Spark framework.
2024–2025: Changeover to Arctic Wolf
In December 2024, BlackBerry announced the divestiture of Cylance assets to Arctic Wolf for $160 million in cash and stock. The transaction was finalized in February 2025, marking a fresh phase. While BlackBerry retained a government resale role, Arctic Wolf incorporated Cylance’s AI capabilities into its Managed Detection and Response (MDR) solution.
BlackBerry Period: AI-Driven Prevention at Scale
Under BlackBerry, Cylance’s technology matured into BlackBerry Protect, a prevention-focused endpoint security offering. In contrast to typical EDR instruments emphasizing detection and remediation, BlackBerry Protect prioritized stopping threats prior to execution.
Key attributes comprised:
- AI-guided threat stopping without definitions
- Safeguarding against ransomware, fileless malware, and zero-day assaults
- A unified agent and control panel for simplified administration
- Predictive Advantage (PA), enabling early threat detection
- Incorporation into BlackBerry Spark for endpoint and IoT security
This methodology substantially decreased dwell time—the duration attackers remain unseen within systems—and aligned with emerging Zero Trust frameworks.
Arctic Wolf Period: AI Integrates with Managed Security
Following its acquisition by Arctic Wolf, Cylance’s technology found a new domain within a rapidly expanding MDR ecosystem. Arctic Wolf meshed Cylance’s AI models into its system, pairing predictive prevention with expert-guided threat searching.
This combined force boosts:
- Endpoint defense via inherent AI blocking
- SOC-as-a-service functionalities
- Constant oversight across networks and apparatuses
- Quicker incident resolution and recovery
In an era where AI increasingly drives cyber threats, Cylance’s foundational structures remain highly applicable.
Key Executive and Leadership Transitions
Original Cylance Leadership
Stuart McClure – Founder & CEO
Led Cylance from inception to its $1.4 billion acquisition.
LinkedIn: https://www.linkedin.com/in/stuartmcclure
Ryan Permeh – Co-founder & Chief Scientist
Creator of Cylance’s AI-driven detection frameworks.
John McClurg – VP (joined 2016)
Subsequently became CISO at BlackBerry in 2019, overseeing worldwide security strategy.
BlackBerry Leadership (2018–2025)
John Chen – CEO & Chairman
Managed Cylance’s procurement and incorporation.
John Giamatteo – CEO (post-2024)
Played a vital role in the strategic choice to divest Cylance assets.
https://www.linkedin.com/in/johnjgiamatteo/
Mattias Ljungman – SVP Secure Communications
Contributed to BlackBerry’s wider cybersecurity portfolio.
Arctic Wolf Leadership (Post-2025)
Nick Schneider – President & CEO
Directing the assimilation of Cylance science into the Arctic Wolf platform.
https://www.linkedin.com/in/schneidernick/
Arctic Wolf’s broader executive collective (2,000+ specialists) now drives advancement across MDR, merging AI with human expertise.
Influence and Sector Effect
Cylance did more than create a tool, it altered the industry’s viewpoint. At a juncture when most cybersecurity provisions relied on reactive, definition-based identification, Cylance demonstrated that anticipatory AI could stop dangers before they activated.
Its impact is visible throughout the cybersecurity landscape today:
- Broad acceptance of AI/ML in device protection
- Movement towards prevention-first setups
- Embedding of AI within Zero Trust constructs
- Advancement of EDR into XDR and MDR arrangements
Even rivals and market leaders have since adopted analogous methods, confirming Cylance’s initial vision.
Summary: A Lasting Template for AI-Powered Security
Cylance’s path from an ambitious startup to a crucial holding within two primary cybersecurity infrastructures exemplifies the potency of innovation in a rapidly changing threat environment. Its core ethos, anticipate, preempt, and safeguard, is as pertinent in 2026 as it was at its founding.
Now incorporated into Arctic Wolf’s MDR system, Cylance’s AI structures continue to defend organizations and governments against increasingly complex hostile actions. For cybersecurity practitioners and technology executives, Cylance serves as a model for how transformative thinking, supported by solid execution, can redefine an entire sector.
