A bad week.
A version of this post originally appeared in the Cyber Saturday edition of Data Sheet, Fortune’s daily tech newsletter.
It’s been a rough week for two darlings of the cybersecurity scene. First, an investigation by geek site Ars Technica called out Cylance, known for its “next generation” anti-virus protection, for stuffing what look to be false positives into its testing demos.
And then on Wednesday, the Wall Street Journal reported that mighty Tanium used live data from one of its customers (a hospital no less!) in its sales pitch—without telling the customer. That report followed an expose from Bloomberg that portrayed a Game of Thrones style work environment at Tanium, replete with humiliation and cruel firings.
So does this point to a larger problem in the cybersecurity industry? On one hand, no. Every firm is going to have a bad week or two, and the media easily gets carried away with bad news narratives.
But on the other hand, Tanium and Cylance (which claims it did nothing wrong) are the shining stars of the cyber space. Both are bona fide unicorns that dazzled investors with whiz-bang technology, and are near the front of the line for an IPO. Tales of marketing shenanigans and toxic culture at these two companies are the last thing the cybersecurity industry needs right now.
Meanwhile, the recent misadventures at Tanium and Cylance remind me of another industry I used to cover: ad tech. Both industries—cybersecurity and ad tech—are characterized by two things that can make it easy executives to obscure how their companies are performing: 1) giant marketing budgets that shut down skeptics; 2) complicated technology most people (including many analysts) don’t understand. Even if things are really wrong under the hood, it can take a long time for investors to figure that out.
For now, the negative press around the cyber-security stars look more like warning signs than emergency evacuation signals. But more missteps and that could change.