"Untrue": Zscaler CEO shoots down Broadcom buyout rumours

Anonymous Substack post with AI signs put the fear of Tan in Zscaler staff

"Untrue": Zscaler CEO shoots down Broadcom buyout rumours

President and CEO Jay Chaudry said today that the cybersecurity company is “neither seeking or entertaining any offers to acquire Zscaler.” 

He took to LinkedIn to shoot down the rumour that Broadcom had made a $38 billion offer for the Zero Trust company – a claim which appears to have first emerged on a week-old Substack with no named author.

The site, “Cyber’s Substack” has just three posts, all focused on Zscaler. They will likely have struck living fear into Zscaler's staff given Broadcom's recent record of sweating assets and alienating customers.

See also: Root, but no response: 6 pre-auth RCEs in VMware ignored

They appear to be at least in part AI-generated, with one post this week including the line that “Broadcom’s bid for datacentre software provider VMware is also being examined by competition enforcers in the US, Europe, and the UK” – that deal actually closed in November 2023.

“I want to set-the-record-straight that neither I nor the Zscaler board of directors are seeking or entertaining any offers to acquire Zscaler. Any reports stating otherwise, are untrue,” wrote Chaudry, adding “Zscaler is at the forefront of a major technology disruption, and I believe that we are in an excellent position to lead the future of zero trust security.”

He pointed readers to the company’s investor relations page as well as SEC filings and blog posts for any future material information. 

Zscaler and Broadcom have history: In 2020 the two signed a $15 million deal that saw Broadcom provide Zscaler with "a patent license, release, and covenant not to sue" after it bought Symantec's enterprise security business for $10.7 billion. Symantec had been suing Zscaler over alleged patent breaches. The other terms of that settlement were confidential.

(Zscaler in February reported $525.0 million in quarterly revenues and a GAAP net loss of $28.5 million and followed CATO Networks by introducing an SD-WAN to its SASE offering. It reports Q3 earnings on May 30, 2024. Whilst peculiarly timed given markets were closed, the Substack post may have been intended to manipulate its share price.)

Thus far, 2024 has hardly been a hotbed of cybersecurity M&A activity.

The most recent of the year’s deals was last week’s $1.5 billion agreement by CyberArk for Venafi for $1.5 billion. Cohesity’s deal for Veritas’s data protection business in February for $3 billion and and Crowdstrike’s buyout of Flow Security also stand out as notable but deal size and levels of activity have, thus far, been somewhat muted with investor attention seemingly thus far fixated on all things AI-related. 

Pitchbook data shows that information security startups brought in less than $7.5 billion in exit value for investors in 2022 and 2023 combined, after topping $30 billion in 2021.