This forensic audit was commissioned to map the economic, operational, and ideological footprint of CyberArk Software Ltd., with the specific objective of determining the company’s level of complicity in supporting the State of Israel’s military-industrial complex, occupation infrastructure, and systems of surveillance. The investigation integrates financial disclosures, corporate genealogies, supply chain audits, and strategic foreign direct investment (FDI) data to construct a comprehensive profile of the subject.
The forensic analysis indicates that CyberArk is not merely a passive commercial entity operating within the Israeli technology sector. Rather, it functions as a Structural Pillar of the Israeli cybersecurity ecosystem, a status confirmed by its deep integration with state defense apparatuses, its reliance on military-trained human capital, and its strategic role in securing the “Digital Iron Dome”—the nation’s critical infrastructure defense grid.
Founded in 1999 by veterans of the Israel Defense Forces (IDF) intelligence units, CyberArk commercialized the operational security doctrines of Unit 8200 and Mamram (Center for Computing and Information Systems). The company’s core technology, the “Network Vault,” is a direct commercial adaptation of military-grade information compartmentalization strategies. Over the past two and a half decades, CyberArk has evolved from a niche security vendor into an “Aggregator,” absorbing smaller Israeli defense startups and consolidating their intellectual property into a global platform. This process effectively privatizes and monetizes the R&D output of the Israeli military, creating a feedback loop of capital and technology between the IDF and the NASDAQ.
The audit identifies the pending $25 billion acquisition by Palo Alto Networks 1 as a critical inflection point. This transaction, finalized during the “Swords of Iron” war (2023–2026), represents a massive injection of foreign liquidity into the Israeli war economy. It signals to the global market that the Israeli technology sector remains a viable investment destination despite geopolitical instability and allegations of genocide, thereby providing crucial economic legitimacy to the state during a period of international isolation.
Furthermore, the company’s spatial footprint—specifically its expansion into the Beersheba “CyberSpark” industrial park—demonstrates active participation in the state’s strategic objective to Judaize the Negev region and displace indigenous Bedouin populations.3 By anchoring its R&D operations in this government-designated cyber capital, CyberArk physically and operationally integrates itself with the IDF’s technology campus and the National Cyber Directorate.
Consequently, this report classifies CyberArk Software Ltd. as a Level 5: Structural Pillar on the complicity band scale. The company serves as a vital node in the state’s security architecture, provides economic resilience during conflict, and ideologically aligns itself with the military objectives of the State of Israel.
To understand the economic complicity of CyberArk, one must first deconstruct its origins. The company was not formed in a vacuum of private enterprise; it is a direct biological product of the Israeli military’s human capital development pipeline. The “Start-Up Nation” narrative often obscures the reality that many flagship Israeli firms are essentially commercial spin-offs of the defense establishment. CyberArk is a quintessential example of this phenomenon.
The foundational DNA of CyberArk is derived from two specific units within the Israel Defense Forces: Unit 8200 (Signals Intelligence/SIGINT) and Mamram (Center for Computing and Information Systems). These units function not only as military operational centers but as de facto incubators for the country’s high-tech elite.
The company was founded in 1999 by Alon N. Cohen and Ehud (Udi) Mokady.4 The division of labor between these two founders mirrors the division of labor within the IDF’s technological directorates. Alon Cohen, who served in Mamram, was responsible for the technical architecture. During his service, Cohen identified a critical vulnerability in how sensitive information was stored and accessed within military networks. The story of his inspiration—a personal letter hacked and distributed by a fellow soldier—serves as the foundational myth of the company.6 However, the solution he engineered, the “Network Vault,” was not merely a civilian invention; it was a commercial application of the rigid compartmentalization protocols required in military data centers. The “Vault” creates a hardened perimeter within a network, isolating privileged credentials—a digital equivalent of a secure facility (SCIF) used for handling classified intelligence.
Udi Mokady, the long-serving CEO and current Executive Chairman, brought the operational intelligence perspective. Mokady served in Unit 8200, the IDF’s elite intelligence gathering unit.7 Unit 8200 is frequently compared to the US National Security Agency (NSA), but with a broader mandate that includes offensive cyber operations and deep integration with combat units. Mokady’s background in intelligence provided the strategic vision for the company: understanding that the “insider threat” (a compromised user with high privileges) is the most dangerous vector for espionage and sabotage. This doctrine is central to Israeli intelligence operations, which often rely on turning human assets or compromising credentials to infiltrate adversary networks. By commercializing the defense against these tactics, Mokady effectively monetized the offensive capabilities he studied during his service.
The synergy between Cohen’s Mamram-derived infrastructure focus and Mokady’s Unit 8200-derived threat intelligence focus created the “Privileged Access Management” (PAM) category. This was not a generic software innovation; it was the export of a specific military operational security (OPSEC) philosophy to the global commercial market.
The nexus between CyberArk and the IDF did not end with its founders. The company maintains an active “revolving door” policy, recruiting senior officers directly from the IDF’s technology and intelligence branches to staff its executive suite. This ensures that the company’s strategic direction remains synchronized with the operational needs of the Israeli defense establishment.
Table 1: Executive Leadership and Military Service Correlation
| Executive Name | Current/Former Role | Military Unit | Strategic Implication of Service |
|---|---|---|---|
| Udi Mokady | Founder / Exec. Chairman | Unit 8200 (Intelligence) | Transferred SIGINT/Intelligence methodologies to commercial identity security strategy.7 |
| Alon N. Cohen | Founder / Former CEO | Mamram (C4I Corps) | Invented the core “Network Vault” IP based on military infrastructure vulnerabilities observed during service.4 |
| Chen Bitan | GM Israel / Chief Product Officer | Mamram (Dept. Manager) | Leads global R&D; ensures product roadmap aligns with high-security defense standards. Former head of programming education at Mamram.9 |
| Omer Grossman | Chief Information Officer (CIO) | Mamram (Commander) / C4I / Cyber Defense | Served as Head of IDF Cyber Defense Operations Center (2022-2023). Direct transfer of active war-room tactics and national defense strategy to corporate policy.10 |
| Peretz Regev | Chief Product Officer | Mamram (Commander) | Former Head of Mamram (2018-2020); managed the IDF’s central cloud infrastructure. Responsible for the military’s digital transformation before joining CyberArk.12 |
| Dan Amiga | Investor / Partner (Related) | Intelligence Unit | Part of the broader “8200 Alumni” network investing in and founding related cyber companies.13 |
The profile of Omer Grossman is particularly revealing of the porosity between the military and the corporation. Grossman did not merely serve in the IDF; he was a Colonel who served as the Head of the IDF’s Cyber Defense Operations Center as recently as July 2023.10 In this capacity, he functioned as the de facto CISO of the IDF, overseeing the defense of military networks against state-sponsored attacks during periods of high tension. His transition to CyberArk’s CIO role in late 2023 implies a continuity of mission: the protection of critical Israeli digital assets is seamlessly handed off from the uniformed sector to the private sector. Similarly, Peretz Regev served as the Commander of Mamram, the IDF’s central cloud service provider, effectively the “AWS of the Army”.12 His move to CyberArk, where he oversees product strategy, suggests that CyberArk’s product development is informed by the specific, high-stakes requirements of the Israeli military’s cloud infrastructure.
The “8200 Alumni” network is a recognized phenomenon in the global tech industry, acting as a powerful informal cartel that facilitates funding, recruitment, and business development. CyberArk acts as a flagship node in this network. By employing a high density of veterans from these units, the company perpetuates a culture of militarized problem-solving. The operational mindset of Unit 8200—characterized by aggressive problem solving, disregard for hierarchy, and a focus on “offensive defense”—permeates the corporate culture. This environment makes CyberArk an attractive landing zone for demobilized officers, ensuring that the company has first-mover access to the latest cyber-warfare techniques developed in the military sector.
This ecosystem is self-reinforcing. As CyberArk grows, it acquires smaller startups founded by other 8200 alumni (discussed in Section 4), effectively consolidating the human capital of the unit under one corporate umbrella. This centralization of talent transforms CyberArk into a privatized extension of the unit’s capabilities, available for export to global markets.
To assess economic complicity, we must examine the nature of the product itself. CyberArk’s core offering is Privileged Access Management (PAM). In a civilian context, this is a tool for IT compliance and security. In a military or repressive context, it is a tool for digital supremacy and control.
The “Network Vault” technology creates a secure enclave for administrative credentials—the “keys to the kingdom.” In a democratic society, this protects bank accounts and healthcare records. In a surveillance state or an occupation regime, this technology is essential for:
The acquisition of Agata Solutions in 2016 introduced Deep Packet Inspection (DPI) technology into CyberArk’s portfolio.5 DPI is a controversial “dual-use” technology. While it can be used for benign network optimization and security, it is also the fundamental technology required for:
By integrating DPI capabilities, CyberArk moved beyond merely securing passwords to actively interrogating network traffic. This capability is highly sought after by authoritarian regimes and military occupiers to control the information environment. In the context of the Israeli occupation, where control over Palestinian telecommunications infrastructure is total, DPI technology is a critical component of the digital blockade.
Recent acquisitions, such as Venafi (Machine Identity Management) for $1.54 billion 5 and Conjur (DevOps security) 12, indicate a strategic pivot toward securing automated systems. Modern warfare is increasingly autonomous, relying on drones, AI-driven targeting systems (like the “Lavender” system used in Gaza), and automated logistics. These systems do not have human users; they have “machine identities”—API keys and certificates that allow them to communicate.
CyberArk’s evolution into “Identity Security” for both humans and machines positions it as the foundational security layer for the “AI era” of warfare.2 As the IDF integrates more AI-driven systems into its combat operations, the reliance on CyberArk’s machine identity solutions likely deepens.
CyberArk operates as an “Aggregator” within the Israeli economy. It absorbs smaller, specialized startups, integrating their technologies and talent into a monolithic platform. This behavior serves a strategic economic function: it prevents the leakage of Israeli defense IP to foreign competitors and ensures that the value created by military R&D remains within the “Silicon Wadi” ecosystem until a massive exit event occurs.
A forensic review of CyberArk’s M&A activity reveals a consistent pattern of “in-housing” Israeli defense innovation.
Table 2: Key Strategic Acquisitions of Israeli Entities
| Target Company | Date | Cost | Core Competency | Strategic Relevance to Military/State |
|---|---|---|---|---|
| Cybertinel | Aug 2015 | ~$20M | Cyber Threat Detection | Specialized in detecting “credential threats” at the early stage of a kill chain. Staffed by security veterans. Enhanced proactive defense capabilities used in cyber-warfare. |
| Viewfinity | Oct 2015 | $30.5M | Endpoint Privilege | While US-HQ’d, R&D was in Beit Dagan, Israel. Secured the “endpoint” (laptops, terminals), critical for securing field devices used by military personnel. |
| Agata Solutions | Mar 2016 | $3.1M | Deep Packet Inspection (DPI) | Acquired technology for network traffic analysis. DPI is a core technology for surveillance and censorship infrastructure. |
| Gardeviance | – | – | Security Value Chain | (Contextual) Integration of DevOps security practices. |
| C3M | Aug 2022 | $28.3M | Cloud Security Posture | Secured cloud configurations. Essential for “Project Nimbus” compliance (government cloud). |
| Venafi | Oct 2024 | $1.54B | Machine Identity | Massive acquisition consolidating machine-to-machine security. Critical for autonomous systems and AI-driven warfare. |
The acquisition of Cybertinel is particularly illustrative. The company was staffed by “cyber experts” and focused on detecting attacks at the “beginning stages of the attack cycle”.17 This proactive posture—detecting the adversary before they strike—is a hallmark of Israeli military doctrine (preemption). By acquiring Cybertinel, CyberArk absorbed this doctrinal capability into its commercial product.
The definitive agreement by Palo Alto Networks (NASDAQ: PANW) to acquire CyberArk for approximately $25 billion 2 is the most significant economic event in the company’s history and carries profound implications for economic complicity.
1. War Economy Stabilization:
The deal was announced and finalized during the 2023–2026 “Swords of Iron” war. This was a period of extreme economic volatility for Israel, with credit rating downgrades, currency fluctuations, and a flight of foreign capital. A $25 billion transaction acts as a massive counter-weight to these negative trends. It signals to the global market that the Israeli tech sector is “too big to fail” and remains a safe harbor for capital, regardless of the political or military situation.22 This validation is a strategic asset for the State of Israel, preventing the economic isolation that BDS activists seek to impose.
2. Tax Revenue Windfall:
The transaction involves a mix of cash ($45.00/share) and stock.2 The capital gains realized by Israeli shareholders, founders, and employees will be taxed by the Israeli state. In a deal of this magnitude, the tax revenue could amount to billions of shekels. This revenue flows directly into the Israeli Treasury, which is currently burdened by the immense costs of the war (estimated at billions per day). Thus, the acquisition directly funds the military operations in Gaza and Lebanon.23
3. Integration of US-Israel Defense Tech:
Palo Alto Networks, led by Nikesh Arora but founded by Israeli Nir Zuk (an alumnus of Unit 8200), is a US defense contractor in its own right. The merger of CyberArk into Palo Alto Networks creates a transatlantic cybersecurity giant that integrates the US and Israeli “Digital Iron Domes.” Arora explicitly stated that Palo Alto intends to “double” its workforce in Israel post-acquisition, cementing the country’s status as a primary R&D hub.24 This deepens the interdependence between the US military-industrial complex and the Israeli tech sector.
CyberArk’s physical footprint is not neutral. Its real estate decisions align with the Israeli government’s strategic demographic and military goals.
In May 2021, CyberArk inaugurated a major R&D center in the Gav-Yam Negev Tech Park in Beersheba.3 This location is the heart of the “CyberSpark,” a government-initiated ecosystem designed to transform the Negev desert into a global cyber capital.
The Strategic Context:
The development of the Negev is a “National Priority Area.” The Israeli government’s “Negev 2015” and subsequent plans aim to move elite military units (C4I Corps, Intelligence) from the center of the country to the south. This move is accompanied by a civilian tech ecosystem intended to attract a Jewish professional class to the region. This development often comes at the direct expense of the indigenous Bedouin population, whose unrecognized villages are frequently demolished to make way for infrastructure and “security zones” supporting these high-tech parks.
CyberArk’s Complicity:
By establishing a significant presence in the CyberSpark, CyberArk is actively participating in this state project.
The global headquarters remains in Petach Tikva 27, a city in the Tel Aviv metropolitan area that serves as a major industrial zone for defense contractors. Proximity to other defense firms allows for the “cluster effect,” facilitating the rapid exchange of personnel and classified information between the private sector and defense agencies.
The concept of the “Digital Iron Dome” (or “Cyber Dome”) is the Israeli government’s initiative to build a national-level defense system against cyberattacks, modeled after the kinetic Iron Dome missile defense system. This system relies heavily on the private sector to provide the technology and manpower.
CyberArk is a key partner in this national defense architecture. The Israel National Cyber Directorate (INCD) is the civilian intelligence agency responsible for defending critical infrastructure (energy, water, banking).
While specific contract values are often classified, the supply chain evidence is robust:
CyberArk acknowledges in its SEC filings that its products may be subject to the Israeli Defense Export Control Law.32 This law regulates the export of “defense marketing activity” and “dual-use goods.” The fact that CyberArk must navigate these regulations confirms that its products are viewed by the state as having military utility. If the technology were purely for civilian commercial use (like a spreadsheet application), it would not fall under the purview of the Defense Ministry’s export control division.
CyberArk is a highly profitable entity that contributes significantly to the Israeli economy.
The $25 billion acquisition by Palo Alto Networks is an “all-stock and cash” deal. This structure creates a massive influx of value into the Israeli financial system.
The “Swords of Iron” war (beginning October 7, 2023) served as a stress test for corporate neutrality. Many global companies attempted to maintain a low profile. CyberArk, however, opted for full ideological and material alignment with the state’s military objectives.
This overt support has not gone unnoticed. Student bodies and divestment campaigns at universities such as Glasgow Caledonian University (GCU) and the University of Aberdeen have targeted CyberArk contracts.36
