By Robert Hackett
April 22, 2017

It’s been a rough week for two darlings of the cybersecurity scene. First, an investigation by geek site Ars Technica called out Cylance, known for its “next generation” of anti-virus protection, for stuffing what look to be false positives into its testing demos.

And then on Wednesday, the Wall Street Journal reported that mighty Tanium used live data from one of its customers (a hospital no less!) in its sales pitches—without telling the customer. That report followed an expose from Bloomberg that portrayed a Game of Thrones style work environment at Tanium, replete with humiliation and cruel firings.

So does this point to a larger problem in the cybersecurity industry? Probably not. Every firm is going to have a bad week or two, and the media easily gets carried away with bad news narratives.

But on the other hand, Tanium and Cylance are the shining stars of the cyber space. Both are bona fide unicorns that dazzled investors with whiz-bang technology, and are near the front of the line for an IPO. Tales of marketing shenanigans and toxic culture at these two companies are the last thing the cybersecurity industry needs right now.

Meanwhile, the recent misadventures at Tanium and Cylance remind me of another industry I used to cover: ad tech. Both industries—cybersecurity and ad tech—are characterized by two things that can make it easy for executives to obscure how their companies are performing: 1) giant marketing budgets that shut down skeptics; 2) complicated technology most people (including many analysts) don’t understand. Even if things are really wrong under the hood, it can take a long time for investors to figure that out.

For now, the negative press around the cyber-security stars look more like warning signs than emergency evacuation signals. But more missteps and that could change. Thanks as always for reading—more news below.

Jeff John Roberts

@jeffjohnroberts

jeff.roberts@fortune.com

Welcome to the Cyber Saturday edition of Data Sheet, Fortune’s daily tech newsletter. You may reach Robert Hackett via Twitter, Cryptocat, Jabber (see OTR fingerprint on my about.me), PGP encrypted email (see public key on my Keybase.io), Wickr, Signal, or however you (securely) prefer. Feedback welcome.

SPONSORED FINANCIAL CONTENT

You May Like