Sebastian Kurz's DREAM raises $260M at a $3B valuation for sovereign AI cyber defense

Why it matters

DREAM's round shows sovereign AI has become a funding thesis, but its edge is inseparable from its founders: Kurz's government access and Hulio's NSO baggage.

Sebastian Kurz and Shalev Hulio's DREAM announced a $260 million Series C on Thursday, giving the Tel Aviv AI cybersecurity company a $3 billion valuation and turning Kurz's post-politics second act into one of Europe's more closely watched sovereign-tech bets.

The financing, first reported by Business Insider, was led by Bicycle Capital and Group 11. Bain Capital, Tru Arrow Partners, investor James Rothschild, Norway's Antler, and other global investors also participated, according to the report. DREAM has not disclosed total capital raised to date or whether the valuation is pre-money or post-money.

Kurz is not a typical cyber founder. Before DREAM, he worked from Austria's Ballhausplatz chancellery, became foreign minister at 27, and became Austria's youngest chancellor at 31. In the Business Insider interview, the 39-year-old framed DREAM less as an enterprise-security vendor and more as infrastructure for states. His thesis is blunt: "The next cyber war will be fought by AI against AI."

Hulio brings the other half of the bet. He co-founded and later led NSO Group, the Israeli spyware maker behind Pegasus, then moved from offensive cyber into a company selling defensive systems to governments, militaries, intelligence agencies, healthcare systems, and critical-infrastructure operators. A Bain Capital Ventures founder profile published in February 2025 also names Gil Dolev, a cyber-intelligence executive with Microsoft and Israeli defense-unit experience, as a DREAM co-founder.

DREAM is selling sovereignty, not just threat detection

DREAM's public positioning is built around national control. On its website, DREAM describes itself as a sovereign AI platform for nation states that can be deployed inside government-controlled environments. The company says its systems can run on-premises, with no foreign cloud dependency.

That is the commercial wedge behind the round. Hulio told Business Insider that countries should not have to depend on either the U.S. or China for cybersecurity, and that DREAM builds systems governments "own, operate, and control themselves." DREAM's site uses the same language of sovereignty: national borders, no telemetry, no foreign control.

The pitch is landing in a market where cyber buying is increasingly tied to state capacity, not just compliance budgets. Business Insider reports that DREAM has customers across Europe, the Middle East, and Southeast Asia. Kurz told the outlet that DREAM has generated roughly $300 million in revenue to date, has about 350 employees, and became profitable this year. Those figures come from Kurz; DREAM has not disclosed ARR, contract lengths, gross margin, or customer concentration.

Those missing details matter because government cyber revenue can be lumpy. A few national contracts can produce large bookings without proving repeatable sales motion. But the topline claim is still meaningful: if DREAM's roughly $300 million cumulative revenue figure is accurate, it suggests the company has moved beyond pilot theater and into budget-bearing national-security deployments less than four years after launch.

The founder story is also the trust question

Kurz and Hulio are unusually well matched for the category DREAM is trying to own. Kurz can speak the language of heads of government because he was one. Hulio can speak the language of state-grade cyber operations because NSO put him at the center of that world. That combination is exactly what investors are underwriting.

It is also what will follow DREAM into every procurement conversation.

NSO's Pegasus history remains one of the defining controversies in commercial spyware. Human Rights Watch said in 2022 that one of its senior staff members was targeted with Pegasus spyware and argued that researchers and rights groups had repeatedly documented use of the tool against journalists and human-rights defenders. The U.S. Commerce Department added NSO Group to the Entity List in 2021, saying the company had supplied spyware to foreign governments that used it to target government officials, journalists, businesspeople, activists, academics, and embassy workers.

DREAM is not selling Pegasus. DREAM's stated mission is defensive: detect state-sponsored attacks, map exposure, and give governments systems they can operate themselves. But Hulio's NSO background is not incidental color. It is part of why DREAM can claim unusual cyber depth, and part of why buyers, regulators, and civil-society groups will look closely at what DREAM sells, how DREAM's systems are governed, and which governments get access.

Kurz's own political history also cuts both ways. His government experience gives DREAM direct credibility with the customers it wants most. It also makes DREAM a company built around political trust, not just technical performance. For a sovereign AI cyber vendor, that is the product.

The market is moving toward bigger checks and consolidation

DREAM's Series C arrives as critical-infrastructure security is pulling in larger pools of capital and strategic buyers. Claroty announced a $150 million Series F in January 2026 to secure mission-critical infrastructure. ServiceNow completed its acquisition of Armis in April 2026 in a transaction ServiceNow described at roughly $7.75 billion. Mitsubishi Electric agreed in September 2025 to acquire Nozomi Networks, another industrial and operational-technology security company.

The threat backdrop is not theoretical. Dragos said its 2026 OT report tracked 119 ransomware groups targeting industrial organizations in 2025, up from 80 in 2024. DREAM's own claim goes higher up the stack: Hulio told Business Insider that most attacks DREAM has prevented originated from China, Russia, Iran, and North Korea. That assertion has not been independently validated in the materials reviewed.

The distinction DREAM is trying to draw is sovereignty. Claroty, Armis, Nozomi, and Dragos are associated with industrial, operational-technology, and cyber-physical security. DREAM is packaging AI cyber defense as a national capability layer that can sit inside government-controlled environments. That matters in regions where buying from U.S. hyperscalers or Chinese infrastructure vendors can become a geopolitical decision before it becomes an IT decision.

What the $260 million buys

Business Insider reports that DREAM is preparing to expand in Abu Dhabi and establish an R&D center in Germany, with the city still undecided. Hulio told the outlet that a direct flight to Tel Aviv is important. That small detail says a lot about how DREAM is being built: Israeli cyber talent, European political access, and Gulf expansion capital and demand all tied together by government procurement cycles.

Kurz also told Business Insider an IPO is a realistic option for DREAM, though there is no stated timeline. At a $3 billion valuation, DREAM has already moved into a zone where the next stage is less about proving that AI cyber defense can be sold and more about proving that DREAM can become a durable national-security supplier without being defined by the liabilities of its founders' past lives.

The wager behind the round is that governments will pay for AI systems they can control, especially as attacks become faster and more automated. Kurz gives DREAM a founder who understands how states buy, fear, and negotiate. Hulio gives DREAM a founder who understands what elite cyber operators can do when the rules of the market allow it.

That is why this round is larger than a funding milestone. DREAM is testing whether sovereign AI can become a venture-scale category, and whether the same backgrounds that make the company credible with governments can also make it trustworthy enough to scale.