Cybersecurity's AI Panic: Narrative Contagion or the Beginning of a Real Disruption?

✦

CrowdStrike lost nearly 20% of its market value in two trading sessions. Zscaler fell 11%. Fortinet and Okta each dropped roughly 6%. The trigger was not an earnings miss or a competitive product launch from a peer. Anthropic on Friday debuted a new security tool for its Claude model in a limited research preview. The AI lab said the service could scan software code for vulnerabilities and suggest solutions. By Monday's close, the Global X Cybersecurity ETF had fallen to its lowest level since November 2023.

The entire cybersecurity sector was repriced on the assumption that AI-native code scanning could eat into the addressable market for endpoint detection, zero-trust networking, and identity management.

We are launching primary research — 30 CISO interviews at Fortune 500 companies that are active customers of CrowdStrike, Zscaler, Fortinet, and Okta — to find out whether that assumption has any basis in how enterprises actually buy and deploy security.

The financial context makes the sell-off particularly disorienting:

• CrowdStrike's Q3 FY26 saw Net New ARR up 73% year over year, with management raising full-year ARR growth guidance to 23%. For Q4 FY26, the company guided revenue to $1.290–$1.300 billion, reflecting 22–23% year-over-year growth. Subscription revenue grew 33% year over year in its most recent quarter, with net retention rates above 120%.
• Okta has bounced back in 2026 with improving revenue growth and stronger guidance. Q2 revenue came in at $728 million, up 13% year over year.
• Zscaler continues to expand in cloud-based information security, guiding for nearly 20% revenue growth in 2026.
• Fortinet's deals over $1 million rose 29%.

None of these companies reported deteriorating fundamentals. The sell-off was driven entirely by narrative.

Key Insights

Anthropic's Claude Code Security addresses a different threat surface than the platforms being sold off. The tool is designed to detect high-severity vulnerabilities in open-source software repositories and offer patches to fix bugs. Claude Opus 4.6 has already identified over 500 vulnerabilities in production open-source codebases during internal stress testing. Bank of America said the Anthropic tool only poses a significant threat to code scanning platforms such as GitLab and JFrog. The companies hit hardest — CrowdStrike, Zscaler, Fortinet, and Okta — operate in endpoint detection, zero-trust networking, firewall infrastructure, and identity management. These are distinct domains from static code analysis.

CrowdStrike's CEO mounted an unusual public defence. George Kurtz published a lengthy LinkedIn article over the weekend and employed a novel strategy to support his claim that Claude Code Security and CrowdStrike's Falcon platform are not rivals: he asked Claude itself. The AI's response was direct — they sit at completely different points in the security lifecycle, and Claude Code Security competes more directly with static analysis tools like Snyk, Checkmarx, or Veracode. Kurtz argued that the proliferation of AI actually increases the need for runtime security, not the reverse.

Wall Street is split, but the bulls have specific arguments. JPMorgan analysts called the rotation out of cybersecurity "relatively indiscriminate." UBS argued that cybersecurity fundamentals are better than application fundamentals and that cyber will still see a net benefit from AI adoption. Wedbush's Dan Ives wrote that AI will be a major tailwind to the cybersecurity sector as protection of use cases, data, and endpoints expand. On the other side, Robert W. Baird's Shrenik Kothari described the market response as "a panic-driven, narrative-led selloff." Stifel reduced its price target on CrowdStrike from $600 to $480 per share while keeping a Buy rating.

Valuation amplified the damage. CrowdStrike was valued at more than 21 times its yearly sales, which left little room for uncertainty. Cybersecurity stocks had run hot coming into 2026, trading at premium multiples that assumed perpetual 30%+ growth. At those levels, even the perception of competitive disruption triggers aggressive de-risking. The sell-off may reveal more about positioning and multiple compression than about any actual change in enterprise buying behaviour.

The broader software sell-off compounds the sector-specific fear. Software stocks have been battered in recent months by market fears around the growing capabilities of AI tools, particularly following the launch of plug-ins from Anthropic's Claude. Cybersecurity is being dragged into a sector-wide re-rating that has already punished SaaS companies across the board. The risk is that indiscriminate selling obscures genuine differences in competitive positioning between application software and mission-critical security infrastructure.

Participation Opportunity

Woozle Research is inviting professional investors to sponsor or co-sponsor this primary research. Participation is collaborative. All funds receive full access to research outputs including interview summaries, transcripts, and the final synthesis report.

• Launch: February 25, 2026
• Delivery: March 7, 2026
• Participation cap: Limited to 5 funds
• Catalyst: AI disruption narrative, Anthropic Claude Code Security launch, CrowdStrike Q4 FY26 earnings on March 3, sector-wide cybersecurity re-rating
• Research scope: 30 CISO interviews at Fortune 500 companies that are current customers of CrowdStrike, Zscaler, Fortinet, or Okta, supplemented by 10 SOC leads and security architects, and 5 cybersecurity channel partner and VAR conversations
• Deliverables: Raw data, transcripts, synthesis report, analyst access

This research will proceed with a minimum of one fund and is limited to a maximum of five. Email to confirm your interest.

The Catalyst

George Kurtz co-founded CrowdStrike in 2012 after a stint as CTO of McAfee. The company launched Falcon, a cloud-native, intelligence-driven model intended to shift away from traditional on-premise solutions. The thesis was elegant. Rather than relying on signature-based detection that required constant updates, Falcon would sit at the kernel level of an endpoint, observe behaviour in real time, and use a threat intelligence graph fed by trillions of security events to identify adversaries. The approach worked. CrowdStrike grew into a $4.24 billion ARR business, was added to the S&P 500 in 2024, and became the default endpoint protection platform for much of the Fortune 500.

Now the market is asking whether the foundation that Kurtz built — and the analogous platforms built by Zscaler in zero trust, Fortinet in network security, and Okta in identity — can withstand the arrival of AI-native security tooling.

Anthropic predicted that a significant share of the world's code will be scanned by AI in the near future. That prediction is probably correct. The question the market has not adequately separated is whether AI code scanning competes with or complements the runtime detection, network inspection, and identity authentication that CrowdStrike, Zscaler, Fortinet, and Okta provide. These are fundamentally different layers of the security stack:

• Code scanning happens before deployment.
• Endpoint detection happens after.
• Zero-trust networking governs access control in real time.
• Identity management authenticates users and machines.

None of these functions is replicated by a tool that reads source code and flags logic flaws.

The more troubling narrative — and the one that may have more staying power — is not about Claude Code Security specifically. It is about what Claude Code Security represents. If AI platforms begin bundling security capabilities directly into their development and deployment workflows, the standalone security vendor could face margin pressure not from a competing product but from a shift in where security is consumed. This is the "built-in utility" thesis, and it is what keeps the bear case alive even when the specific capabilities of Claude Code Security do not overlap with CrowdStrike's or Zscaler's.

Meanwhile, the incumbents are not standing still:

• CrowdStrike's Falcon Flex subscription model is driving larger, stickier deals, with Flex ARR up 200% year over year and representing 27% of total Ending ARR. CrowdStrike has already shifted from Copilots to agents — its Charlotte Agentic SOAR arguably groups the company with the agentic disruptors, not the legacy SaaS stocks.
• Okta's identity platform is becoming more, not less, critical as enterprises deploy AI agents that need machine-to-machine authentication.
• Zscaler's zero-trust architecture addresses network-layer security that no code scanner touches.
• Fortinet's hardware-software integrated approach serves a segment of the market, particularly operational technology and distributed enterprise environments, where AI code scanning is irrelevant.

The risk is not that Claude Code Security replaces these platforms. The risk is that the narrative persists long enough, and the sell-off deepens far enough, that it begins to affect enterprise purchasing psychology. If CISOs start questioning their vendors because their boards saw the stock drops, a self-fulfilling prophecy could emerge.

That is why talking to CISOs now — before the narrative calcifies — is the single most valuable research exercise available.

Key Intelligence Questions

Our primary research will focus on how Fortune 500 CISOs who are current customers of CrowdStrike, Zscaler, Fortinet, and Okta are interpreting the AI disruption narrative, whether it is changing their purchasing behaviour, and where they see genuine competitive risk versus market noise. Each question targets a specific commercial input that public data cannot resolve.

Threat Surface Overlap: Do CISOs See AI Code Scanning as a Substitute or a Supplement?

The entire investment debate turns on a classification question. If Claude Code Security and similar AI tools address a different threat surface than endpoint detection, zero-trust networking, and identity management, then the sell-off is an overreaction driven by pattern matching from the broader SaaS rout. If CISOs view these tools as the beginning of a platform expansion that will eventually subsume runtime security, the market may be right to reprice these stocks.

Claude Code Security does not handle real-time security tasks such as detecting live intrusions, stopping attacks in progress, or managing compiled software components in production. Bank of America's analysts wrote that AI could improve efficiency in specific workflows, particularly code scanning, but does not now have the visibility, control, or reliability to replace end-to-end security platforms. But analysts are not the buyers. CISOs are.

The distinction between code-level security and runtime security is clear to a security professional, but that does not mean it is clear to a CFO reviewing the security budget or a board member who just read a headline about AI replacing cybersecurity. The research will ask CISOs directly: are you evaluating Claude Code Security or similar AI-native tools as a replacement for any portion of your CrowdStrike, Zscaler, Fortinet, or Okta deployment, or do you view them as a supplementary layer that sits alongside your existing stack? If the latter, does that supplementary layer come from new budget, or does it cannibalise spend that would otherwise flow to your existing vendors?

Budget Allocation: Is AI Spending Cannibalising Security Budgets?

The primary concern in the bear case is that the AI tax on corporate budgets could cannibalise other areas of IT spending, leaving cyber firms to fight over a finite pool of capital. Enterprise IT budgets are growing in the low-to-mid single digits overall, but AI infrastructure is consuming a disproportionate share of the incremental dollar.

The question for cybersecurity specifically is whether security budgets are ring-fenced — as they have historically been due to regulatory and compliance requirements — or whether the AI spending wave is large enough to breach that ring fence. CISOs at Fortune 500 companies typically report to either the CIO or the CEO, and their budgets are governed by a mix of compliance mandates, risk assessments, and board-level priorities. If AI spending pressure is forcing trade-offs within the security budget itself — swapping out a Fortinet appliance renewal for an AI-native tool, or consolidating Okta licences to fund an AI initiative — that would be a meaningful data point the market cannot extract from quarterly earnings.

The research will probe how CISOs are allocating their 2026 security budgets, whether AI-related spending is additive or substitutive, and whether any planned renewals with CrowdStrike, Zscaler, Fortinet, or Okta are being reconsidered in the context of AI capabilities.

Vendor Consolidation: Is the AI Narrative Accelerating Platform Bundling?

One underappreciated dynamic is that AI disruption fears may actually accelerate the platformisation trend that benefits the largest incumbents. If CISOs feel pressure to simplify their security stack — particularly in a world where AI introduces new threat vectors — they are more likely to consolidate onto fewer platforms rather than add point solutions. CrowdStrike's Falcon platform, Palo Alto's Cortex suite, and Zscaler's integrated zero-trust offering are all positioned to benefit from this consolidation.

Wedbush's data shows that vendors are hiking their sales targets by as much as 30% this year to keep up with a strengthening demand pipeline. On average, channel partners reported high-20% growth for the calendar year and slightly raised their first-half outlooks for 2026. If the pipeline data is correct, the sell-off is pricing in a future that the channel is not yet seeing. But channel data is backward-looking. The question is whether AI disruption fears change the forward pipeline, and if so, in which direction.

The research will ask CISOs whether the AI disruption narrative is changing their vendor consolidation strategy. Are they moving faster to consolidate onto a single platform, or are they pausing renewals to evaluate AI-native alternatives? The answer has direct implications for net retention rates and deal sizes at CrowdStrike, Zscaler, and Fortinet.

AI as Attack Surface: Are CISOs Spending More Because of AI, Not Less?

The bull thesis has a specific, testable mechanism. Every new AI deployment creates fresh attack surfaces, and the same generative AI tools that help defenders are equally available to bad actors. As hackers use AI to launch faster and more sophisticated attacks, corporations are effectively forced to spend more on defence. If this is correct, then AI is net additive to cybersecurity spending, and the current sell-off is pricing in the wrong directional outcome.

CrowdStrike has demonstrated how an initial access into an AI ecosystem like Claude allows bad actors to leave open backdoors that can establish persistent access. Once a threat actor gets into Claude through a software vulnerability, account compromise, or phishing, they can modify hooks in the workflow to embed malicious code. This is not a theoretical risk. AI platforms are already being targeted. And the companies best positioned to protect those platforms are the same ones being sold off.

The research will ask CISOs whether they have increased their security budgets specifically because of AI-related threats. Are they deploying additional CrowdStrike Falcon modules to protect AI workloads? Are they extending Zscaler's zero-trust perimeter to cover AI agent traffic? Is Okta's identity platform being used to authenticate AI agents alongside human users? If the answer is yes, the revenue uplift from AI-as-threat-surface may more than offset any competitive erosion from AI-as-security-tool.

Renewal Behaviour: Are Any Fortune 500 CISOs Actually Walking Away?

The most direct test of the disruption thesis is renewal behaviour. CrowdStrike's net retention rate above 120% means existing customers are spending more, not less, each year. Zscaler and Fortinet report similar expansion dynamics. If AI disruption is real, it should show up first in renewal conversations — either as pricing pressure, scope reduction, or outright non-renewal.

The market's response might speak more about CrowdStrike's exorbitant valuation than about Anthropic's new technology. The stock was priced for a future with no significant competition challenges, at almost 21 times sales coming into this week. Sharp declines at those multiples can be triggered by even slight uncertainty about pricing pressure or market share. If renewal data from CISOs shows no change in purchasing intent, the sell-off is a valuation adjustment masquerading as a disruption event.

The research will ask CISOs whether any renewal or expansion conversations with CrowdStrike, Zscaler, Fortinet, or Okta have been affected by the emergence of AI-native security tools. Have procurement teams or CFOs raised the AI disruption narrative in budget discussions? Is there any concrete evidence that AI tools are being evaluated as a reason to reduce scope with incumbent vendors?

How to Participate

Woozle Research is inviting professional investors to sponsor or co-sponsor this primary research. Participation is collaborative. All funds receive full access to research outputs including interview summaries, transcripts, and the final synthesis report.

• Launch: February 25, 2026
• Delivery: March 7, 2026
• Participation cap: Limited to 5 funds
• Catalyst: AI disruption narrative, Anthropic Claude Code Security launch, CrowdStrike Q4 FY26 earnings on March 3, sector-wide cybersecurity re-rating
• Research scope: 30 CISO interviews at Fortune 500 companies that are current customers of CrowdStrike, Zscaler, Fortinet, or Okta, supplemented by 10 SOC leads and security architects, and 5 cybersecurity channel partner and VAR conversations
• Deliverables: Raw data, transcripts, synthesis report, analyst access

This research will proceed with a minimum of one fund and is limited to a maximum of five. Email to confirm your interest.

This document is for informational purposes only and does not constitute investment advice or a recommendation to buy or sell any security. Woozle Research conducts primary research on behalf of institutional investors. All research is conducted in compliance with applicable regulations.