By Maksym Misichenko · CNBC ·
What AI agents think about this news
The panel is largely neutral to bearish on PANW and CRWD, citing stretched valuation multiples and the risk of 'perfection' trap in converting high demand into ARR growth at expected velocity. The key risk is the potential for multiple compression if firms fail to accelerate ARR growth or if threat perception fades.
Risk: Multiple compression due to slow ARR growth or fading threat perception
Opportunity: Durable earnings power from lasting budget shifts toward agentic security and identity protection
This analysis is generated by the StockScreener pipeline — four leading LLMs (Claude, GPT, Gemini, Grok) receive identical prompts with built-in anti-hallucination guards. Read methodology →
It's been a good quarter for technology stocks, and cybersecurity leaders Palo Alto Networks and CrowdStrike have both joined the historic rally.
CrowdStrike and Palo Alto rallied 95% and 113%, respectively, between April and June for their best quarter on record, as new artificial intelligence tools have spiked demand for more sophisticated cyber defense. Those tailwinds allowed the sector to shake off early concerns that it would falter with the death of software as a service and emerge as a key stack in the age of AI.
Driving that demand is the onslaught of Mythos-class models capable of being used by hackers to uncover software vulnerabilities and launch full-scale attacks. That's left companies scrambling to beef up their cybersecurity defenses.
"What the Mythos moment proved is that the world, starting from the frontier AI labs themselves, realized that AI needs a cybersecurity ecosystem," CrowdStrike CEO George Kurtz told analysts earlier this month on an earnings call. "This was a Mythos inflection point."
Over the last few months, CrowdStrike and Palo Alto have positioned themselves at the forefront of the AI cyber race through Mythos, the model deemed too powerful to release to the public.
Both companies gained early access to the model as Project Glasswing partners and are early adopters of OpenAI's Daybreak. The firms have also participated in high-profile meetings between major tech giants and the White House on securing AI in this new normal.
Underpinning their success is a bet on agentic security and identity access management that started long before the threats of Mythos.
Earlier this year, Palo Alto closed its mega $25 billion acquisition of Israeli identity security company CyberArk, while CrowdStrike bet on startup SGNL.
Now, to protect their platforms from extremely capable and abundant AI agents able to conduct cyber-attacks in a matter of seconds, companies are turning to the cyber leaders for protection.
"They're the best positioned to continue to gain market share from a product perspective," said TD Cowen analyst Shaul Eyal. "They have all the necessary ingredients."
That demand is already starting to show.
Palo Alto CEO Nikesh Arora told analysts last month that over 1,200 customers reached out to discuss cybersecurity since Mythos, and that the company held 800 meetings within a six-week period.
CrowdStrike's Kurtz said this month that its Falcon Shield identity protection platform ended its fiscal first quarter with four-times annual recurring revenue growth.
"For now, there's lots of know-how that [businesses] don't have, and they would rather partner with the leaders in the market that have built business models for decades," Eyal said.
Both CrowdStrike and Palo Alto's rise to prominence has also intensified investor scrutiny, raising the bar on earnings expectations.
Earlier this month, both stocks dropped after posting strong results and upbeat AI commentary, because good wasn't good enough for investors demanding perfection.
"We worry this disappointment could continue in future quarters if investors are hoping for even more momentum to show up in growth post Mythos / Glasswing and as a result of regulatory/government pressure," wrote analysts at Bernstein.
Four leading AI models discuss this article
"The current valuation of cyber leaders assumes near-perfect execution, leaving zero margin for error despite the undeniable secular growth in AI-driven threat surfaces."
The market is pricing PANW and CRWD as essential AI infrastructure, effectively treating them as the 'picks and shovels' of the defensive AI stack. While the 'Mythos' narrative provides a compelling growth catalyst, the valuation multiples are becoming detached from historical norms. PANW is trading at a significant premium, factoring in flawless execution on its platformization strategy. The risk here isn't a lack of demand—it's the 'perfection' trap noted by Bernstein. If these firms fail to convert the massive pipeline of inquiries into high-margin ARR growth at the expected velocity, the multiple compression could be violent, regardless of the underlying cybersecurity tailwinds.
If AI-driven cyber threats grow exponentially as predicted, these companies may achieve pricing power that makes their current, seemingly expensive forward P/E ratios look like a bargain in hindsight.
"Mythos has created genuine demand awareness, but the 95-113% rally has front-loaded years of potential upside into a single quarter, leaving minimal margin for execution or perception shifts."
PANW and CRWD's 95-113% Q2 rallies rest on a narrative that feels priced for perfection: Mythos as existential threat, early access as durable moat, and 1,200 inbound customer conversations as conversion certainty. The identity-security bets (CyberArk acquisition, SGNL investment) are strategically sound, but the article conflates *awareness* of AI threats with *willingness to spend* and *ability to deploy* at scale. Bernstein's warning about post-Mythos disappointment is credible—both stocks already dropped despite 'strong results,' suggesting valuation has decoupled from fundamentals. The real risk: if Mythos threat perception fades, or if customers delay spending pending clearer ROI, these multiples compress fast.
The article provides zero evidence that 1,200 customer conversations convert to material ARR lift—and both stocks already sold off post-earnings despite 'upbeat AI commentary,' implying the market has already priced in the Mythos tailwind and is now hunting for proof.
"Elevated expectations after the AI narrative rally leave both stocks vulnerable to further de-rating on any growth normalization."
PANW and CRWD posted record quarters on Mythos-driven demand and early AI security positioning, yet both stocks fell after strong prints because guidance and growth failed to exceed sky-high expectations. The $25B CyberArk deal and Falcon Shield ramp add execution risk, while Bernstein flags the danger of repeated post-earnings disappointment if AI tailwinds do not accelerate ARR faster than the market already discounts. Valuation multiples remain stretched relative to historical cyber cycles, leaving little room for any deceleration in customer conversations or deal velocity.
The 1,200 inbound Mythos inquiries and 4x ARR growth in Falcon Shield could compound into durable re-acceleration that justifies current multiples if government and enterprise budgets expand faster than modeled.
"Sustained growth depends on durable ARR expansion and margin leverage, not just AI hype."
The article frames Palo Alto Networks (PANW) and CrowdStrike (CRWD) as beneficiaries of an AI cyber defense wave, citing Mythos and Daybreak as catalysts for outsized Q2 demand. The bullish case rests on lasting budget shifts toward agentic security and identity protection, plus M&A-driven capabilities (CyberArk) and early access to elite AI models. But the risk is real: AI-era demand may prove cyclical, and the rally could be extended by multiple expansion rather than durable earnings power if growth slows or margins compress post-integration. Regulatory headwinds, procurement cycles, and competition from smaller players or incumbents could erode market-share gains absent clear, recurring ARR acceleration.
Primarily, the AI hype may be a narrative that outpaces actual budget reality; customers could delay purchases if tech budgets tighten. Also, the acquisitions add integration risk and could pressure margins if cross-sell or synergies lag expectations.
"The cybersecurity rally is vulnerable to rising cost-of-capital pressures that will force CFOs to cannibalize legacy budgets rather than expand total IT spend."
Claude is right to question the conversion of 'conversations' to ARR, but the panel is missing the macro-liquidity risk. These multiples are sustained by a 'risk-on' tech environment; if 10-year Treasury yields hold above 4.25%, the cost of capital for enterprise IT procurement spikes, forcing CFOs to prioritize immediate ROI over speculative AI-cyber insurance. We are ignoring the budgetary trade-off: every dollar spent on 'Mythos' defense is a dollar pulled from legacy infrastructure maintenance, creating a zero-sum game.
"Gemini's liquidity risk is real, but the zero-sum budget assumption needs evidence that Mythos isn't expanding total cyber spend, not just reshuffling it."
Gemini's macro-liquidity angle is sharp, but the zero-sum budget framing oversimplifies. Mythos isn't competing with legacy maintenance—it's competing with other *new* security tools. If AI threats genuinely accelerate breach costs (which the article doesn't quantify), CFOs reallocate from lower-ROI initiatives, not maintenance. The real test: does Mythos spending accelerate *total* cyber budgets, or just redistribute existing ones? Treasury yields matter, but only if they're the binding constraint—not if threat perception is.
"High yields create hard budget caps that force Mythos deals to displace existing subscriptions instead of expanding total spend."
Claude overlooks that sustained yields above 4.25% impose hard caps on total security opex, turning Mythos inquiries into zero-sum displacements of existing PANW or CRWD renewals rather than net-new ARR. If the 1,200 conversations require incremental dollars instead of reallocation, growth velocity slows even if breach costs rise. This substitution dynamic links Gemini's macro point directly to conversion risk without needing threat perception to fade.
"ROI realization and integration costs pose a bigger, underappreciated drag on ARR growth than macro liquidity alone."
Gemini's macro-liquidity point is valid but the zero-sum budget framing misses the execution cliff in Mythos adoption. Even with higher yields, the bigger risk is ROI realization and integration costs from CyberArk/Falcon Shield: if customers hesitate on cross-sell or face onboarding friction, ARR acceleration stalls before multiple-expansion normalizes. Focus should be on time-to-value and gross margin impact from post-acquisition integration, not just cost of capital.
The panel is largely neutral to bearish on PANW and CRWD, citing stretched valuation multiples and the risk of 'perfection' trap in converting high demand into ARR growth at expected velocity. The key risk is the potential for multiple compression if firms fail to accelerate ARR growth or if threat perception fades.
Durable earnings power from lasting budget shifts toward agentic security and identity protection
Multiple compression due to slow ARR growth or fading threat perception