Cybersecurity companies aren't likely to face the same dramatic, AI-induced apocalypse that's hit the software industry over the last month, analysts say.
Why it matters: Investors are panicking and security executives are now on the defensive. But insiders don't see this as a total identity crisis for the industry.
Driving the news: Anthropic on Friday announced its new Claude Code Security product, which can automatically scan codebases for vulnerabilities and suggest patches. The news caused shares of several major cyber companies to tumble.
- "The Global X Cybersecurity ETF fell 4.9% and closed at its lowest since November 2023" on Friday, according to Bloomberg.
- As of Monday, CrowdStrike shares have fallen 11%. Cloudflare took a 9.6% dive. Identity management company SailPoint slid about 8%.
Reality check: Claude Code Security will directly compete with other code-security companies, but won't disrupt most companies' core businesses.
- Corporations require a layered approach to defend against and detect cyberattacks.
- Claude Code Security can help make sure that the "vibe coding" projects employees are launching are written in a more secure way — but it can't detect when an intruder is lurking on a network or when an employee has clicked on a phishing link.
What they're saying: Over the weekend, CrowdStrike CEO George Kurtz wrote on LinkedIn that "AI is powerful. It's transformative. And it absolutely makes security better. But AI doesn't eliminate the need for security. It increases it."
- Before Anthropic's announcement, Palo Alto Networks CEO Nikesh Arora told analysts in an earnings call last week that he's "confused why the market is treating AI as a threat to at least cybersecurity," noting that customers are eager to strengthen their defenses as AI helps attackers get faster.
Between the lines: Most cybersecurity investors and analysts see the stock tumble as an overreaction.
- "Yes there is the potential for more software to be secure by design thanks to hashtag #AI (false positives from hallucinations notwithstanding), but cybersecurity is not a technological problem, it's a human one," Aaron Jacobson, partner at NEA, wrote.
- Raymond James analyst Mark Cash called the market reaction "excessive" and noted in a report that the market was likely "extrapolating well beyond the current functionality" of Claude Code Security.
Our thought bubble from Axios' enterprise software deals reporter Chris Metinko: "It looks like we'll see this type of thing happen anytime a large AI lab has a new release — overreaction will set in on the public market."
The intrigue: Over the last few months, Axios has been asking VC investors about the value of their investments in standalone AI-powered code security companies.
- They're betting corporate security teams likely won't want to consolidate all of their security needs into an AI provider.
What to watch: Anthropic is unlikely to stop at just Claude Code Security as the model gets better at analyzing applications for security flaws. OpenAI has also been rolling out its own AI-powered security tools.
