Paris, January 8, 2026 – WALLIX (Euronext ALLIX), the European cybersecurity champion and a key player in identity, access and privilege management, provides a simple and secure platform enabling organizations to operate freely across digital (IT) and industrial (OT) environments. Today, WALLIX unveils its 2026 outlook, presented by Julien Cassignol, Chief Product & Technology Officer (CPTO). Against a backdrop of geopolitical tensions and accelerating digital transformation, four major forces are reshaping cybersecurity: stricter regulations, AI-driven intelligent automation, the exponential growth of digital identities, both human and machine, and the emergence of the post-quantum era.
European cybersecurity regulations continue to evolve, with the goal of creating digital environments where data protection and resilience are central. The NIS2 Directive, DORA Regulation, IEC 62443, Cyber Resilience Act, AI Act, and others now define demanding standards. In an unstable geopolitical context where cyber threats increasingly target the foundations of our economies and daily lives, these frameworks go beyond compliance. They reflect a collective ambition to build trusted digital ecosystems aligned with the interests of governments, organizations, and users.
The challenge is to ensure that sensitive data, particularly personal and industrial data, which represent critical assets, remains protected. It also requires keeping encryption keys under local control and strictly managing digital access within each organization. Achieving this level of operational sovereignty depends on scalable identity and access management platforms. By 2026, these platforms will be compliant by design with international standards and efficient by nature. They must be deployable across all environments, on-premises, hybrid, or cloud, without creating unwanted extraterritorial dependencies.
Digital autonomy is a strategic priority for WALLIX. With its modular WALLIX One platform, the company enables organizations to strengthen control over digital access and both human and non-human identities, while retaining full freedom of deployment. WALLIX is fully aligned with regulators’ vision of resilient, interoperable, and trusted digital ecosystems.
The number of digital identities is growing exponentially. Beyond human users, non-human identities (machines and agentic systems) are becoming a major security challenge. Service accounts, PLCs, robots, medical devices, and an estimated 30 billion connected objects by 2030 (according to Gartner) represent invisible identities that can cause significant breaches if left unmanaged. This issue is critical to the reliability of industrial environments and the resilience of essential and critical organizations.
By 2026, Machine Identity Management will be a core security discipline, applying the same rigorous controls to machines as to human users. Every secret, certificate, and key must be inventoried, protected, and automatically renewed. However, securing secrets alone is not enough. Each process using those secrets must also be identified, verified, and authorized. Even frequently rotated credentials cannot ensure security if the legitimate process using them has been compromised or replaced with malicious code.
WALLIX is fully committed to this approach, delivering open and innovative solutions to manage machine identities at scale. In particular, the company has joined the OpenBao open-source community, which pools efforts to secure secrets across hybrid and multi-cloud environments. This open approach enables organizations to retain control over their keys and access without dependence on a single proprietary vendor—and, most importantly, to scale securely. It reflects WALLIX’s commitment to open standards as a foundation for trust, interoperability, and long-term freedom.
As threats become faster and more sophisticated, intelligent automation is emerging as a key pillar of cybersecurity. While attackers increasingly leverage generative AI to enhance their techniques, defenders are turning to agentic AI capable of operating autonomously in complex environments. Embedded within Security Operations Centers (SOCs), this technology analyzes incidents end-to-end, prioritizes alerts, and frees teams from constant manual monitoring.
Cybersecurity is shifting from a reactive posture to proactive defense, capable of responding within seconds or even anticipating attacks. Intelligent automation makes it possible to manage what was previously unmanageable, such as millions of continuously evolving access rights. By combining machine learning for anomaly detection with large-scale data analysis across millions of events, AI can instantly identify abnormal behavior from a compromised or unsafe service account and neutralize it before a breach occurs, where it once took days to detect.
WALLIX continues to invest in combining AI with human expertise to deliver truly proactive defense. Agentic AI requires strict governance: it must only access the data necessary for its mission. This reinforces the strategic importance of Machine Identity Management in controlling non-human identities and permissions. The recent acquisition of Malizen strengthens WALLIX’s capabilities in detecting anomalous behavior and automating data analysis, helping organizations stay ahead of increasingly rapid and sophisticated attacks.
Quantum computing represents a long-term strategic risk to data security, industrial systems, IoT networks, and other interconnected environments. Its ability to break current cryptographic algorithms means that data encrypted today could be exposed tomorrow if organizations fail to prepare. This includes industrial networks, hospital medical devices, and smart buildings.
The transition to post-quantum cryptography is therefore both a technical and strategic priority. Organizations must adopt a crypto-agility approach now, enabling them to evolve encryption mechanisms and security policies as standards mature.
Through its WALLIX One platform, WALLIX will integrate post-quantum encryption standards to support quantum-resistant algorithms. This includes securing backups, internal communications, and privileged access with encryption designed to withstand future quantum attacks. By supporting organizations in migrating their keys, certificates, and protocols to these new standards, WALLIX continues to contribute to building European cryptographic autonomy.
A transaction that creates value for shareholders
The transaction involves the acquisition of 100% of the shares comprising Malizen’s share capital on the basis of an enterprise value of €1.6 million, including €0.2 million in net financial debt, under the following terms:
All Malizen shareholders will thus become WALLIX shareholders and have undertaken to hold all the shares received for a minimum period of six months.
As of June 30, 2025, WALLIX had a solid financial position, with cash of €9.4 million and financial borrowings of €8.1 million. The transaction, which is non-equity-dilutive, preserves the Group’s financial strength.
Jean-Noël de Galzain, Chairman and Chief Executive Officer of WALLIX Group, said: “We are delighted to welcome Malizen to the WALLIX Group, along with the team led by Christopher Humphries. This targeted strategic transaction accelerates the deployment of AI in our PAM and IAM solutions to extend their ability to detect cyber risks for clients. We are also united by the roadmap we have built around AI and cybersecurity, as well as our ability to strike the right balance between innovation and ease of use. The integration of the Malizen team opens up tremendous opportunities to enrich our portfolio in the future, with even more AI-driven solutions capable of detecting anomalies, anticipating risky human behavior, machine risks and agentic risks, that is, the anticipation of non-human risks, which represents a market potential of USD 8 billion by 2030 compared to USD 1.8 billion in 2025[2]. Finally, this transaction confirms our desire to participate in the inevitable consolidation of the market in Europe and our ambition to offer an independent European solution to improve the resilience of companies’ IT and OT environments.”
Christopher Humphries, CEO of Malizen, said: “We are delighted to be joining WALLIX. This merger represents a key step in our development, enabling us to draw on recognized solutions and extensive marketing and sales resources.”
Bruno Sportisse, Chairman and CEO of Inria, added: “It is a great source of pride to see a spinoff from Inria and public research, and supported by the Inria Startup Studio, join a company in the national cybersecurity sector. The consolidation by WALLIX will contribute to French and European technological dynamism and expertise in this strategic field.”
Next publication: Full-year 2025 turnover, February 5, 2026
About WALLIX
WALLIX (Euronext: ALLIX, listed since 2015) is a European cybersecurity publisher, leader in privileged access management (PAM), which helps organizations strengthen their security and digital sovereignty. Rooted in the European values of security and freedom, and recognized for the technological excellence of its WALLIX One platform by the largest analyst firms, WALLIX supports more than 4,000 organizations around the world. Its mission is simple: to protect identities, access, and privileges across all IT and OT environments, giving organizations the freedom to confidently move in a more secure digital world.
FINANCIAL COMMUNICATION CONTACTS
ACTUS Finance & Communication
Investor Relations – Hélène de Watteville
+33 (0)1 53 67 36 33 / WALLIX@actus.fr
Press Relations – Déborah Schwartz
+33 (0)6 27 09 05 73 / dschwartz@actus.fr
2026
2025
2024
2023
WALLIX provides cybersecurity solutions for simple, secure and trusted access, to protect digital and industrial environments. Quality and security are therefore at the heart of our concerns.
| Cookie | Duration | Description |
|---|---|---|
| IDE | 1 year 24 days | Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile. |
| test_cookie | 15 minutes | This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies. |
| VISITOR_INFO1_LIVE | 5 months 27 days | This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website. |
| Cookie | Duration | Description |
|---|---|---|
| __hstc | 1 year 24 days | This cookie is set by Hubspot and is used for tracking visitors. It contains the domain, utk, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session). |
| _ga | 2 years | This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors. |
| _gid | 1 day | This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the wbsite is doing. The data collected including the number visitors, the source where they have come from, and the pages viisted in an anonymous form. |
| hubspotutk | 1 year 24 days | This cookie is used by HubSpot to keep track of the visitors to the website. This cookie is passed to Hubspot on form submission and used when deduplicating contacts. |
| trackalyzer | 1 year | This cookie is used by Leadlander. The cookie is used to analyse the website visitors and monitor traffic patterns. |
| Cookie | Duration | Description |
|---|---|---|
| __hssc | 30 minutes | This cookie is set by HubSpot. The purpose of the cookie is to keep track of sessions. This is used to determine if HubSpot should increment the session number and timestamps in the __hstc cookie. It contains the domain, viewCount (increments each pageView in a session), and session start timestamp. |
| bcookie | 2 years | This cookie is set by linkedIn. The purpose of the cookie is to enable LinkedIn functionalities on the page. |
| lang | session | This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website. |
| lidc | 1 day | This cookie is set by LinkedIn and used for routing. |
| messagesUtk | 1 year 24 days | This cookie is set by hubspot. This cookie is used to recognize the user who have chatted using the messages tool. This cookies is stored if the user leaves before they are added as a contact. If the returning user visits again with this cookie on the browser, the chat history with the user will be loaded. |
| Cookie | Duration | Description |
|---|---|---|
| __cfduid | 1 month | The cookie is used by cdn services like CloudFare to identify individual clients behind a shared IP address and apply security settings on a per-client basis. It does not correspond to any user ID in the web application and does not store any personally identifiable information. |
| __hssrc | session | This cookie is set by Hubspot. According to their documentation, whenever HubSpot changes the session cookie, this cookie is also set to determine if the visitor has restarted their browser. If this cookie does not exist when HubSpot manages cookies, it is considered a new session. |
| cookielawinfo-checbox-analytics | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics". |
| cookielawinfo-checbox-functional | 11 months | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". |
| cookielawinfo-checbox-others | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other. |
| cookielawinfo-checkbox-necessary | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". |
| cookielawinfo-checkbox-performance | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance". |
| JSESSIONID | session | Used by sites written in JSP. General purpose platform session cookies that are used to maintain users' state across page requests. |
| viewed_cookie_policy | 11 months | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. |
| Cookie | Duration | Description |
|---|---|---|
| _gat_UA-12183334-1 | 1 minute | No description |
| AnalyticsSyncHistory | 1 month | No description |
| CONSENT | 16 years 9 months 23 days 12 hours 13 minutes | No description |
| UserMatchHistory | 1 month | Linkedin - Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor's preferences. |
| wp-wpml_current_language | 1 day | No description |
| Cookie | Duration | Description |
|---|---|---|
| YSC | session | This cookies is set by Youtube and is used to track the views of embedded videos. |
