The first trillion-dollar cybersecurity company will be here in the next five years, Rubrik CEO Bipul Sinha told me last week at his company's HQ in Palo Alto.

• I sat down with Sinha for a new monthly-ish series we're starting in Future of Cybersecurity where I dive into a security prediction for the cyber world — and what it would take to get there.

Why it matters: If Sinha is right, cybersecurity could be one of the few economic areas that will see high growth in the next half decade — alongside artificial intelligence.

The big picture: No cybersecurity company has ever achieved a trillion-dollar market cap, but several publicly traded companies are well on their way.

• Palo Alto Networks sits at around $113 billion, as of close of market yesterday. CrowdStrike has an estimated $87 billion market cap, and Fortinet is worth $74 billion.
• A trillion-dollar cybersecurity company "sounds unbelievable right now, but I remember 10 years ago, if somebody told me that there will be a $100 billion cyber company, I would say it's impossible," Sinha told me.

Driving the news: Google's $32 billion, all-cash purchase of cloud security company Wiz adds more fuel to the fire, Sinha said.

Reality check: Sinha has plenty of incentive to want a $1 trillion cyber player. He's running one of the few cyber companies that's gone public in the last year.

• It's now valued at around $12 billion.
• And before that, he was a venture capitalist at Lightspeed and Blumberg Capital, where he was a founding board member at Nutanix and Hootsuite.

Between the lines: Geopolitical tensions and growing defense tech investments in cyber warfare are likely to have a trickle-down effect on the industry, Dave Zilberman, a general partner at Norwest Venture Partners, told Axios.

• "CrowdStrike will continue to get bigger, Palo Alto will continue to get bigger," he said. "There's enough revenue in the industry, [and] there's enough adversarial action to demand that kind of revenue."

What they're saying: "The trends are very clear. If you look at cloud: massive trend. AI: massive trend. AI-led productivity gains: massive trend," Sinha said.

• "But all of these massive trillion-dollar trends create massive risks, and businesses have to transform themselves … to be able to take advantage of AI opportunity."

Yes, but: None of this growth happens if the macro conditions aren't right, and the second Trump administration has proven more unpredictable than the business world had anticipated.

What's next: Mergers and acquisitions like Google's will play a huge role in the industry's growth.

• "The largest player is less than 10% of the market," Sinha said. "It is a highly fragmented market — the largest player will try to consolidate and acquire technology to grow."

Google Workspace is rolling out a new encryption model designed to make sending secure emails with Gmail dramatically easier.

Why it matters: Google's new enterprise model will lift several of the burdens both IT teams and end users face when sending encrypted messages, including the need to manage certificates.

The big picture: Organizations in highly regulated industries are required to encrypt sensitive emails sent internally and to other businesses.

• However, current encryption protocols are clunky, hard to scale and frustrating for users, Neil Kumaran, a group product manager at Gmail Security, told Axios.
• IT managers typically have to rotate and assign new certificates, which act like digital IDs for email users.
• Recipients outside an organization usually need to set up a guest account or use a third-party service to receive messages.

Zoom in: Under the new protocol, IT administrators and users will no longer need to trade certificates or install a customer's software before sending a message. Gmail will handle that work behind the scenes.

• Gmail will start rolling out its new encryption model in beta to enterprise customers this week.
• In the coming weeks, that feature will expand to emails sent between any two Google Workspace Gmail users, no matter their workplace.
• Organizations will also continue to manage and store their own encryption keys, meaning Google can't access message contents.

How it works: End users can turn on encrypted messaging in their settings — or, if admins choose, it can be set as the default for specific groups, like legal or finance teams.

• Encrypted messages won't show preview text in recipients' inboxes, and they cannot be forwarded or downloaded.

Between the lines: Google built the new tool in close partnership with several customers, including a U.S. government agency that previously was printing out its materials and sending them via physical mail to avoid the hassle of setting up encryption, Kumaran said.

What's next: Later this year, Gmail in Google Workspace will introduce the ability to send end-to-end encrypted emails to users outside the Google ecosystem.

China-based manufacturer Unitree Robotics pre-installed an apparent backdoor on its popular Go1 robot dogs that allowed anyone to surveil customers around the world, according to findings from two security researchers.

Why it matters: Clear evidence of a backdoor in widely sold consumer technology is rare, and it affirms longstanding concerns from U.S. officials that Chinese-made devices could quietly enable foreign surveillance.

Driving the news: A new Common Vulnerabilities and Exposures listing confirms the issue as a critical vulnerability, formally cataloged under CVE-2025-2894.

• The CVE listing recommends that owners "disable the local endpoint" that has been enabling this backdoor.

Zoom in: Anyone who came across the public-facing web API could see where Go1 robot dogs were — and if the robot was online, they could view live camera feeds without needing to log in.

• If the robot's default Raspberry Pi credentials hadn't been changed, attackers could also use those to fully control the dog.
• Andreas Makris and Kevin Finisterre — who are also known for exposing vulnerabilities in DJI drones — discovered the issue while tinkering with their own Go1s. They tested the flaw on each other's devices to confirm it worked.
• They also found that robot dogs from major U.S. research universities, including MIT, Princeton and Carnegie Mellon, could have been vulnerable at some point.

What they're saying: "If this was abused or not does not matter in this case," the duo wrote in their paper. "The mere presence of this service without letting the user know is not a good practice and can be seen as malicious."

Yes, but: They can't decisively say whether Unitree intended to create a surveillance backdoor or if it was simply a case of "sloppy architecture, sloppy programming," Makris told Axios.

The big picture: U.S. officials, lawmakers and security agencies have long warned about backdoors inserted into equipment and devices manufactured in China.

• Rep. John Moolenaar (R-Mich.), chair of the House China Select Committee, called the vulnerability a "direct national security threat" and said in a statement to Axios that the committee is actively investigating the risk it poses.
• "This isn't merely a technology flaw — it's an intentional and dangerous breach of our national security," Moolenaar said. "American families, officers, and students have a right to know about any CCP access to their private environments."

What to watch: Unitree said in a statement this morning that its newer models — like the Go2 and its humanoid robots — have a "more secure upgraded version" and were unaffected by this vulnerability.

• Unitree added that "hackers illegally obtained the management key of the third-party cloud tunnel service" and "used it to modify data and programs within the user's machine with high-level permission."
• Unitree said it has completely shut down the service that allowed for the Go1 backdoor, but it noted that its installation is a "common feature among many robots on the market."

@ D.C.

👀 President Trump nominated Karen Evans, who has been leading the cyber mission at the Cybersecurity and Infrastructure Security Agency in recent weeks, to be the new undersecretary for management at the Department of Homeland Security. (Nextgov)

📲 The White House told DOGE employees to preserve their Signal messages after last week's scandal. (Politico)

👨🏻‍💻 The State Department has ordered consular offices to expand their social media screening processes for student visa applicants, according to an obtained cable. (The Guardian)

@ Industry

💰 Island raised a $250 million round, led by Coatue Management, that values the enterprise browser startup at $4.8 billion. (Wall Street Journal)

🪖 Oracle is the latest company to lose a Pentagon contract as the Defense Department undergoes mass cost-cutting. (Bloomberg)

@ Hackers and hacks

🤖 People are already using ChatGPT's new image generator to make fake restaurant receipts, raising concerns about how fraudsters may use the tool. (TechCrunch)

⚠️ Security providers have started to warn their customers about the potential fallout from a reported Oracle Cloud breach. (Cybersecurity Dive)

📋 A guide to help you figure out if your online accounts have been hacked — and what to do if they have been. (TechCrunch)

📲 The Signal group chat debacle got the "Saturday Night Live" cold-open treatment, and I'm living for it.