Proofpoint

Proofpoint

Cybersecurity subscription services protecting digital channels

Overview

Proofpoint is a cybersecurity company that protects organizations from advanced threats and compliance risks. It serves enterprises, government agencies, and small to mid-sized businesses with a subscription-based suite of solutions that safeguard email, social media, and other digital communication channels from phishing, malware, and ransomware. The products use machine learning and artificial intelligence to detect and mitigate threats in real time and are designed to be easy to integrate with existing IT systems. Revenue comes from recurring subscription tiers and professional services such as threat assessments and incident response. Compared with competitors, Proofpoint emphasizes real-time threat detection, broad coverage of communication channels, and a focus on ease of integration and user-friendly operation. The company's goal is to help organizations strengthen their security posture and reduce compliance and cyber risk across their digital communications.

About Proofpoint

Simplify's Rating
Why Proofpoint is rated
B-
Rated B on Competitive Edge
Rated B on Growth Potential
Rated C on Differentiation

Industries

Enterprise Software

Cybersecurity

Company Size

5,001-10,000

Company Stage

IPO

Headquarters

Sunnyvale, California

Founded

2002

Your Connections

People at Proofpoint who can refer or advise you

Simplify Jobs

Simplify's Take

What believers are saying

  • over 90% of organizations adopted AI assistants beyond pilot stage, creating urgent need for governance advisory services.
  • Active Exploits Protection reduces exposure to AI-accelerated vulnerabilities in minutes using real-world threat intelligence.
  • Claude Compliance API integration enables unified data loss prevention and insider risk detection for AI agents.

What critics are saying

  • Sublime Security's zero-indicator detection POC may displace Proofpoint in Fortune 100 accounts within 12–18 months.
  • Frontier AI models crafting multilingual BEC lures with zero indicators will bypass legacy email filters in 12–18 months.
  • Claude API integration fails to detect agentic runtime threats, leaving 42% of orgs exposed within 6–12 months.

What makes Proofpoint unique

  • Proofpoint uniquely integrates AI security with human-centric email and data protection across unified platforms.
  • Its OpenAI Daybreak partnership enables GPT-5.5 integration for defensive workflows without customer direct model access.
  • The new MSP Platform post-Hornetsecurity acquisition delivers AI-native Total Protection 365 tailored for SMBs via MSPs.

Help us improve and share your feedback! Did you find this helpful?

Funding

Total Funding

$12.4B

Above

Industry Average

Funded Over

4 Rounds

Buyout funding comparison data is currently unavailable. We're working to provide this information soon!
Buyout Funding Comparison
Coming Soon

Benefits

Health, dental, & vision

Employer-paid life, disability & employee assistance programs

Unlimited PTO

401K match

Remote work option

Stock Price

Growth & Insights and Company News

Headcount

6 month growth

0%

1 year growth

0%

2 year growth

0%
Channel Partners
May 21st, 2026
Proofpoint expands channel strategy with ai-native security platform for MSPs and SMBs.

Proofpoint expands channel strategy with ai-native security platform for MSPs and SMBs. Proofpoint expands its channel strategy post-Hornetsecurity acquisition, launching an AI-native Total Protection 365 suite tailored for MSPs serving SMBs. 272 2 minutes read In a recent interview at the Channel Partners Conference and Expo 2026, Craig Galbreith, "the voice of the channel," sat down with Jason Henry, Vice President of MSP Platform Sales for the Americas at Proofpoint. The discussion highlighted Proofpoint's strategic moves following its acquisition of Hornetsecurity, including the launch of a new channel program and an AI-integrated security suite tailored for managed service providers (MSPs) and small-to-medium businesses (SMBs). The deal, announced in May 2025, brings in the Germany-based provider of AI-powered Microsoft 365 security, data protection, compliance, and security awareness solutions. Hornetsecurity serves MSPs and SMBs, with nearly $200 million in ARR and ~20% YoY growth. Building a new channel market post-acquisition. Henry, who previously worked at Hornetsecurity, described the acquisition as an exciting period for the company. In his role, he is spearheading the development of Proofpoint's channel strategy in the Americas, centered around the new Total Protection 365 suite. Proofpoint operates as a pure channel-focused organization. It partners with major distributors to reach MSPs and their end customers. The company supports MSPs not only with technology but also with tools to address customer challenges and effectively communicate the value of the new platform. AI as Core to Operations and Security. A key theme was Proofpoint's deep integration of artificial intelligence. Henry emphasized that AI is "native to everything we do," drawing from his background in data management and transformation where machine learning has long been foundational. In the security platform, AI enhances usability through features like natural language querying for reports and agent-based tools that help users quickly find needed information. On the sales side, it streamlines operations, reduces friction, and improves messaging accuracy. Henry stressed using AI to simplify processes rather than add complexity: "It's really about how do we use AI effectively to make things easier." The company also recently released advancements in email and data security designed for the agentic workspace, reflecting broader AI adoption in threat protection. Targeting the SMB market through MSP partners. Proofpoint is making a significant bet on the SMB segment, which Henry noted represents a market opportunity exceeding $100 billion in the Americas. The ideal partner and customer profile includes MSPs serving growing businesses that require robust protection against evolving threats. For partners visiting the booth, Henry's core message was clear: Proofpoint is building an easy-to-use, streamlined protection platform specifically tailored for the MSP market and SMB needs. Outlook. The interview underscores Proofpoint's commitment to channel-driven growth, leveraging its expanded portfolio post-Hornetsecurity acquisition to deliver AI-powered, user-friendly security solutions. By focusing on MSP enablement and SMB protection, the company aims to simplify cybersecurity in an increasingly complex threat landscape while empowering partners to drive business growth. This positioning aligns with broader industry trends where AI integration and channel partnerships are critical for scaling effective security solutions.

IT Europa Media & Intelligence
May 6th, 2026
Proofpoint's Paris opening better supports customers and partners

Proofpoint's Paris opening better supports customers and partners

Mexico Business News
Apr 9th, 2026
Cyber risk becomes systemic across ecosystems.

Cyber risk becomes systemic across ecosystems. By Diego Valverde | Journalist & Industry Analyst - Thu, 04/09/2026 - 15:53 In Mexico, supply chain attacks and the alleged breach of Ministry of Navy underscore systemic exposure, while globally, nation-state actors exploit industrial systems like those from Rockwell Automation. The implication for leadership is that cybersecurity is turning into an enterprise-wide risk function, where human behavior, third-party dependencies, and AI-driven attack vectors redefine the role of the CISO. Ready? This is your Week in Cybersecurity! Supply chain cyberattacks in Mexico reached a critical threshold as 43% of organizations reported incidents in the last 12 months, reveals Kaspersky. These figures place the country above the global average and highlight a significant rise in threats targeting trust-based corporate relationships. A cybersecurity journalist reports that the Ministry of the Navy (SEMAR) experienced a data exfiltration from its Safe Smart Port (PIS) platform, affecting 640,000 port operators. A threat actor identified as "marssepe" from the group Sociedad Privada 157 leaked 39.7GB of sensitive information on a public forum. Indra Group inaugurated new corporate offices in Parque Toreo in the State of Mexico as part of its strategy to strengthen its presence in the country and expand its role in digital transformation projects across Latin America. The new facilities complement the company's existing operations in Mexico City, Queretaro, Merida, and Monterrey, aligning Indra Group's plans to achieve double-digit sales growth and create new jobs in Mexico over the next three years. Iranian-affiliated actors are exploiting internet-facing Rockwell Automation programmable logic controllers, report the US Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the National Security Agency (NSA). These malicious activities target project files and human machine interface displays, causing operational disruptions and financial losses across multiple US critical infrastructure sectors. MBN Experts As 93% of Mexican organizations race to deploy AI agents by 2027, Proofpoint is redefining security for the "agentic workspace." Following the acquisition of Acuvity, the firm is moving beyond traditional email protection to secure the interactions between humans and AI agents, where "prompt engineering" has become the new social engineering. With Mexican CISOs ranking human vulnerability as the top threat globally, Proofpoint's new Satori platform introduces behavioral guardrails and AI-driven automation to ensure that rapid innovation doesn't come at the cost of catastrophic data loss. Read the full interview with Luis Isselin, Country Manager, Proofpoint, on MBN! With AI-driven attacks in Mexico skyrocketing 89% year-over-year, the window between vulnerability and exploit has shrunk from weeks to minutes. Borealix is countering this "new baseline" by moving beyond basic compliance to offer behavior-based detection and "secure by design" application development. By integrating auditor-developers and automated guardrails, the firm helps Mexican SMEs and regulated fintechs bridge the gap between rapid digital innovation and the escalating risk of autonomous, AI-led breaches. Read the full interview with Juan Carlos Calderón, CEO, Borealix, on MBN!

Epium Limited
Mar 30th, 2026
Proofpoint expands security for the agentic workspace.

Proofpoint expands security for the agentic workspace. Proofpoint introduced new email and data security capabilities designed for workplaces where humans and Artificial Intelligence agents interact across communication and data environments. The updates combine email protection models, add data access governance for human and non-human identities, and extend data security posture management into on-premises systems. Proofpoint unveiled new capabilities across its collaboration security and data security portfolios aimed at securing the agentic workspace, where people and Artificial Intelligence agents operate across email, cloud, and data environments. The company said enterprise risk is changing as organisations deploy assistants and autonomous agents that draft communications, access sensitive data, and take action at machine speed. In this environment, static access controls and identity checks alone are no longer enough, increasing the need for behavioural insight across communication and data activity. A central part of the update is a unified email security architecture that combines Secure Email Gateway and API-based protection. Proofpoint said the integrated model links perimeter protection for north-south traffic with defence for east-west internal email activity, allowing threat intelligence and behavioural signals to flow across pre-delivery and post-delivery controls. The company said this gives customers a single workbench to manage inbound, outbound, and internal email protection, while improving visibility into compromised accounts, automated agents, internal-to-internal compromise, and direct send vulnerabilities. Proofpoint said the approach reduces console switching, simplifies policy management, and eases investigation and response workflows. The company said the platform delivers 99.999% detection efficacy. Proofpoint also introduced Artificial Intelligence data access governance capabilities that provide visibility into access to sensitive data across SaaS, cloud, and on-prem environments. The scope includes human users, service accounts, and Artificial Intelligence agents. Security teams can identify stale entitlements, orphaned accounts, and over-permissioned access, while automated remediation workflows are designed to reduce exposure without manual, ticket-driven processes. By correlating identity activity, data sensitivity, access patterns, data loss prevention signals, and other risk indicators within the Data Security Graph, the platform is intended to support continuous risk reduction based on behavioural context and inferred intent. The company is also extending its Artificial Intelligence-native data security posture management capabilities to on-premises environments, adding intelligent data discovery and classification across hybrid and cloud systems as well as legacy infrastructure. Proofpoint said this broader coverage gives organisations more consistent visibility into sensitive data regardless of where it resides, helps prioritise risk more accurately, and reduces exposure caused by fragmented tooling across cloud and on-prem systems. These capabilities are expected to become available in Q2 2026, with timing subject to standard product rollout considerations and regional availability. 52. Impact score. March 30, 2026 Mistral has expanded its Voxtral family with a text-to-speech system aimed at enterprise voice applications. The company is positioning the open-weights model as a flexible alternative for organizations that want more control over deployment, cost and customization. March 30, 2026 A UK Parliament committee is examining how Artificial Intelligence is changing business and work, with a focus on both economic opportunity and labour disruption. The inquiry is seeking evidence on government priorities as adoption expands across the economy. March 30, 2026 Microsoft is changing Windows 11 kernel policy so new drivers must be signed through the Windows Hardware Compatibility Program. Older trusted drivers will still be allowed in some cases to preserve compatibility during the transition. March 30, 2026 Generative Artificial Intelligence is becoming a mainstream consumer and marketing tool in the US, reshaping targeting, creative production, measurement, and search visibility. Growing adoption is paired with persistent concerns around trust, accuracy, and governance. March 30, 2026 The Universities of Wisconsin list a broad mix of Artificial Intelligence courses, certificates, webinars, forums, and training programs for non-degree learners. Offerings span business, education, government, healthcare, agriculture, engineering, and technical development across multiple campuses.

GetAIGovernance
Mar 29th, 2026
AI agents carry the same insider risk profile as human employees. Your governance program was not built for that.

AI agents carry the same insider risk profile as human employees. Your governance program was not built for that. At RSAC Conference 2026 - the annual gathering where the security industry's most consequential product and strategy conversations happen - Sumit Dhawan, CEO of Proofpoint, made a statement that cuts directly across the AI governance category. He said AI agents behave like humans and carry the same risk profile. They operate non-deterministically. They can be manipulated through prompt engineering. They require what he called "a purpose-built integrity framework" - an AI behavior safeguard layer - that must be coded into the technology itself rather than applied as a policy or a governance document afterward. This is not a vendor press release or a marketing claim. This is an observation delivered to a security practitioner audience at the industry's most scrutinized stage. Traditional insider risk programs were built around one core detection mechanism - behavioral deviation. When a human employee's behavior diverges from their established pattern, the system escalates. Access to unusual systems, data exfiltration outside normal hours, communication with unknown external parties. The program works because human behavior is mostly predictable, deviations are detectable, and the human is accountable to a code of conduct. Dhawan's point is that AI agents satisfy none of those preconditions. They have no code of conduct. Their behavior is non-deterministic by design. They can be manipulated into taking unintended actions through inputs that look legitimate. They operate at machine speed across multiple connected systems simultaneously. The insider risk model was built for human actors with predictable behavioral patterns. AI agents are internal actors that can cause the same category of damage but through a fundamentally different mechanism - one the model was never designed to detect. The security industry is adapting its frameworks to cover AI agents because the threat model requires it. The governance industry has not yet made the equivalent adaptation. Most AI governance programs were built around the assumption that the systems being governed produce outputs that humans then interpret and act on. AI agents take action autonomously, which means the governance framework built around human interpretation of outputs does not reach the layer where agent behavior actually occurs. The governance question centers on what the agent did, why it did it, what systems it accessed, and what happened as a result. That is a behavioral governance problem. What makes AI agent risk structurally different. The non-determinism problem is central. Traditional security controls were designed for Boolean pattern-based logic. An action either matches a known pattern or it does not. AI agents do not operate this way. Their outputs are probabilistic. The same input can produce different outputs at different times depending on context, model state, and the chain of tools and systems the agent is interacting with. This means behavioral baseline approaches - the foundation of insider risk detection - are significantly harder to establish and significantly easier for an adversary to operate below. An agent that has been manipulated through prompt engineering may produce outputs that look normal in isolation while the cumulative pattern of its actions represents a significant deviation that only becomes visible after the damage has occurred. The accountability gap is equally important. When a human insider causes harm, there is a clear accountability chain. The person made a decision. There is a record of their access. There is a supervisor and a reporting structure. When an AI agent causes harm, the accountability chain is much less clear. Who authorized the agent to access those systems? What credential was it operating under? Who was the named human supervisor responsible for reviewing its behavior? What was the approval scope for the actions it took? In most current enterprise deployments the answers to those questions either do not exist or require significant forensic reconstruction after the fact. Dhawan's point is that this gap must be closed at the technology layer - coded into the system as an integrity framework - rather than addressed through policy documents that do not connect to what the agent actually does. What a purpose-built integrity framework actually means. Dhawan's specific language is important. He said AI agents require "a technology layer which is an AI behavior safeguard layer." That is a governance architecture description. What he is describing is a layer that sits between an AI agent and the systems it can access, observes the agent's behavior continuously, applies defined integrity constraints, and generates an audit trail from what the agent actually did rather than from what was approved before it was deployed. This is identical in function to what continuous production monitoring delivers in the AI governance context - a system that observes behavior as it happens rather than reviewing documentation after the fact. In the agentic AI context the stakes are higher because agents act autonomously and at speed, which means the gap between what was approved and what actually happened can grow very large in a very short window. The CISO bifurcation Dhawan named is also analytically useful. He said CISOs are splitting into two camps on AI safeguard implementation - proactive and wait-and-see. The proactive CISOs are building the behavioral governance layer now because they understand that the agent deployment surface is expanding faster than any reactive governance program can track. The wait-and-see CISOs are treating AI agent governance the same way they treated early cloud security - as something that can be addressed after the deployment has already scaled. The history of cloud security suggests that position creates a significant remediation problem when the regulatory or incident pressure arrives. What enterprise teams should be doing right now. Before deploying any AI agent into a production environment, three things need to exist. An authorization register - a written document specifying exactly what actions the agent is permitted to take, under what credentials, and who the named human supervisor is. A behavioral baseline - an established record of what the agent's normal output and action patterns look like so deviations can be detected rather than guessed at. And an audit trail mechanism - a technical system that records what the agent actually did, which systems it accessed, and what data it touched, automatically and continuously rather than reconstructed from logs after an incident. If none of those three things exist before an agent is deployed, the governance program has a gap regardless of how complete the pre-deployment approval process was. The moment this gap becomes a problem is when an agent takes an unauthorized action and no one can reconstruct the exact sequence that led to it. Its take. Dhawan's framing at RSAC is significant not because Proofpoint is building a governance platform - they are building a security product - but because the Proofpoint CEO is describing a governance requirement in a security context at the industry's most visible annual event. When security leaders at that level start defining AI agent behavioral integrity as a governance problem that requires a dedicated technology layer, it means the security market is arriving at the same conclusion that the governance market has been slow to reach. The two conversations - AI governance and AI security - are converging on the same operational problem. Enterprises need a layer that observes what AI agents actually do in production and enforces behavioral constraints as the agent runs, not after it has already acted. This aligns directly with the NIST AI RMF GOVERN function, which explicitly requires accountability across system components, including agentic behaviors, throughout the full system lifecycle. What remains unresolved is that the insider risk model for AI agents does not yet have the equivalent of 20 years of enterprise insider risk program development behind it. The behavioral baseline problem for non-deterministic systems is genuinely hard. The credential and identity framework for AI agents is still being built across the identity governance market. If your organization is deploying AI agents without an authorization register, a behavioral baseline, and a continuous audit trail mechanism, the GAIG marketplace is where to evaluate the platforms building that layer. Enterprise teams can compare solutions in the AI Security and AI Monitoring categories that are specifically designed for production agent behavior rather than pre-deployment documentation. Follow GetAIGovernance on LinkedIn

Recently Posted Jobs

Sign up to get curated job recommendations

Proofpoint is Hiring for 45 Jobs on Simplify!

Find jobs on Simplify and start your career today

Don't see your dream role? Check out thousands of other roles on Simplify. Browse all jobs →