The planned acquisition underscores how cyber protection is becoming a strategic priority not only for software companies but also for major industrial groups seeking tighter control over critical infrastructure, defence systems and sensitive data.
Airbus has agreed to acquire French cybersecurity company Quarkslab, deepening the European aerospace and defence group’s push into digital security as governments and industrial companies spend more to protect sensitive systems from a growing range of cyber threats.
The deal, announced by Airbus on Tuesday, is expected to close during 2026, subject to consultations with employee representatives and customary regulatory approvals. Financial terms were not disclosed.
Though modest in size compared with Airbus’s aircraft and space businesses, the transaction carries significance beyond its immediate scale. It points to how cybersecurity is increasingly being treated as a core industrial capability rather than a support function, particularly in sectors tied to defence, transportation, critical infrastructure and national sovereignty.
Paris-based Quarkslab was founded in 2011 and employs about 100 people, mainly in Paris and Rennes. The company has built a reputation in Europe’s cybersecurity ecosystem for combining advanced research with practical tools and services aimed at defending software, data and connected systems. Airbus said Quarkslab’s expertise would strengthen its cyber activities in France and reinforce its role as what it described as a trusted and sovereign partner for French authorities while expanding its position in the wider European cybersecurity market.
The takeover is the second cyber acquisition agreement signed by Airbus Defence and Space in less than a month. In March, Airbus said it had entered into a definitive agreement to acquire Ultra Cyber Ltd in Britain. In 2024, it completed the acquisition of Germany’s Infodas, another specialist in cybersecurity and IT solutions for the public sector, defence and critical infrastructure. Taken together, the moves show a clear pattern: Airbus is assembling a pan-European cyber business built around national capabilities in key home markets rather than pursuing one large transformative takeover.
That approach matters in Europe, where governments are increasingly focused on “sovereign” technology assets. In cybersecurity, the term generally refers to capabilities that can be controlled, developed and trusted within national or European frameworks, especially when they support defence, intelligence, transport or public administration. For a company like Airbus, whose customers include armed forces, ministries and institutions across Europe, cyber resilience is no longer peripheral. It is becoming part of the value proposition.
Quarkslab’s business fits neatly into that strategy. Airbus said the company develops solutions that help organisations protect critical assets, data and users from cyberattacks. It also highlighted Quarkslab’s software protection offering, QShield, which is designed to protect software against threats including reverse engineering, safeguard code and secrets, and secure edge components used in sectors such as aerospace and defence. At a time when connected devices, embedded software and AI-assisted attacks are multiplying the number of possible entry points for intruders, those capabilities have become more valuable for industrial operators.
The strategic logic is straightforward. Aircraft, satellites, defence electronics and connected industrial platforms are increasingly software-defined. They generate and process large amounts of sensitive data and rely on complex supply chains, secure communications and remote updates. Every new layer of connectivity can also create new vulnerabilities. As a result, companies once seen mainly as hardware manufacturers are investing more heavily in software assurance, threat detection, secure architectures and cyber services.
That trend has accelerated as geopolitical tensions have risen. European officials and companies have been forced to think more carefully about the security of critical systems after years of state-linked cyber incidents, ransomware campaigns and supply-chain attacks. In that environment, a defence contractor’s cyber arm is not simply an internal safeguard. It can also be a product business serving governments and strategic customers.
Airbus appears to be positioning itself for exactly that role. The group said its cyber operations now span France, the United Kingdom, Germany, Spain and Finland, securing complex digital systems and networks delivered to customers while also providing cyber expertise and products to governments, armed forces and institutions. By adding Quarkslab in France, Airbus gains a well-known local specialist with strong technical credentials and an established presence in one of Europe’s most security-sensitive markets.
The announcement also carries a distinctly French industrial message. For Paris, preserving domestic and European control over sensitive digital capabilities has become more important as cyber risk expands and as competition with U.S. and Asian technology groups intensifies. France has long tried to nurture national champions in strategic sectors ranging from aerospace to cloud computing and digital identity. Airbus, although multinational in structure, remains one of the country’s most important industrial actors and an obvious vehicle for building scale in areas tied to national security.
Fred Raynal, Quarkslab’s chief executive and founder, framed the deal partly in those terms. In Airbus’s statement, he said returning to Airbus, where he began his professional career in cyber, could help extend Quarkslab’s reach and support the emergence of stronger European players able to serve critical infrastructures and governments. The comment reflects a wider reality in European tech: many highly regarded cyber firms possess strong expertise but lack the balance sheet, sales network or political access needed to scale across the continent’s fragmented markets. Being folded into a larger defence and aerospace group can change that.
For Airbus, Quarkslab may offer another advantage: a bridge between advanced research and operational deployment. Quarkslab says its business combines research and development, consulting through its QLab team and software products through QShield. That mix can be attractive to a large industrial group that needs both bespoke services and reusable product capabilities. It also mirrors a broader shift in cybersecurity from reactive protection toward deeper engineering of secure software and systems from the design stage onward.
The transaction will inevitably invite questions about whether Airbus might eventually seek a bigger role in Europe’s cyber consolidation. In 2024, the company walked away from discussions over a possible acquisition of Atos’s Big Data and Security business, a much larger and more complex target. Since then, Airbus has pursued a more incremental route, adding smaller and more focused companies that strengthen specific sovereign capabilities in individual countries. The Quarkslab agreement suggests that strategy remains intact.
From an investor standpoint, the financial impact of the Quarkslab deal is likely to be limited in the near term, especially because no price has been disclosed and Quarkslab is small relative to Airbus’s overall size. But strategically, the acquisition may prove more meaningful than the numbers first imply. In Europe’s defence and industrial sectors, cyber capabilities can enhance margins, deepen customer relationships and create recurring service revenues that are less cyclical than aircraft production.
The symbolism is equally important. Cybersecurity continues to attract investment even as parts of the broader technology sector face tighter spending discipline. What is changing is where that money is flowing. It is no longer concentrated only in standalone software vendors or venture-backed start-ups. Large industrial groups, especially those with defence exposure, are increasingly treating cyber expertise as infrastructure: something to own, integrate and develop close to their most sensitive programmes.
That shift helps explain why a company best known for jetliners and military aircraft is buying a specialist in software protection and offensive-defensive security research. In the modern industrial economy, the perimeter of what needs protecting has expanded. It now includes not just office networks and databases, but also connected platforms, edge devices, mission systems, design data, supplier links and the code embedded across products that move through airspace, orbit and battlefields.
For Quarkslab, joining Airbus offers scale and access to customers that might be hard to win independently. For Airbus, it adds scarce talent and technical depth at a moment when cyber expertise remains expensive and difficult to recruit. For Europe, the deal is another sign that digital sovereignty is increasingly being built through targeted industrial combinations rather than rhetoric alone.
The acquisition will not transform Airbus overnight. But it is a telling move in a sector where strategic boundaries are shifting quickly. Aerospace, defence, software and national security are becoming more tightly connected, and companies that once competed mainly on physical engineering are now racing to secure their digital foundations as well. In that sense, Airbus’s move for Quarkslab is not simply a niche technology deal. It is part of a broader redefinition of what industrial power looks like in Europe’s next decade.
