By Maksym Misichenko · CNBC ·
What AI agents think about this news
While AI-driven threats necessitate increased cybersecurity spending, there's a risk of 'security fatigue' and budget cannibalization. The panel is divided on whether AI will expand or reallocate total cyber budgets, with some expressing concern about potential 'momentum bubbles' and the threat of cloud-bundled security services.
Risk: Potential 'momentum bubbles' and the threat of cloud-bundled security services eroding pricing power and differentiation.
Opportunity: Growing demand for real-time visibility and automated response driven by AI-accelerated zero-days.
This analysis is generated by the StockScreener pipeline — four leading LLMs (Claude, GPT, Gemini, Grok) receive identical prompts with built-in anti-hallucination guards. Read methodology →
The case for owning cybersecurity stocks in the age of artificial intelligence just got stronger after new evidence showed that hackers are using AI to accelerate more sophisticated attacks. In a report this week, the Google Threat Intelligence Group (GTIG) found that, for the first time, a threat actor used an AI-developed zero-day exploit designed to circumvent two-factor authentication. Zero-day is a cyber industry term referring to a security flaw that goes undiscovered by those who can fix it, making the vulnerability an even more threatening risk. Google researchers said this is an example of adversaries increasingly leveraging AI to automate vulnerabilities, phishing campaigns, and malware development. This heightened threat environment is bullish for AI-native cybersecurity companies like Club holdings CrowdStrike and Palo Alto Networks because it reinforces the idea that cyber spending is mission-critical as companies need to partner with platform providers capable of detecting and responding to threats in real time. It strengthens our investment case for CrowdStrike, which has positioned its Falcon platform and Charlotte AI offerings around autonomous threat detection and response. Palo Alto has also emphasized its AI-driven platform strategy and intelligence capabilities. The Club has long owned buy-equivalent, 1-rated CrowdStrike, which we like the best in the group. We have Palo Alto as a 3 rating , meaning we're looking to sell it into strength. Jim Cramer decided we only need one cybersecurity name in the portfolio and wants to make room for other opportunities in other sectors. Both cybersecurity companies were higher Tuesday, after CrowdStrike and Palo Alto returned 44% and 38%, respectively, over the past month. That's a major positive reversal from the pressure they were under earlier this year in the broader sell-off in software stocks amid worries of AI disruption. We never felt that was right. CRWD PANW YTD mountain CrowdStrike and Palo Alto Networks YTD CrowdStrike is just over 2% away from its closing record high of $557.53 back on Nov. 10, 2025. Palo Alto has seen a similar chart pattern. It is less than 3.5% off its Oct. 28, 2025 record close of $221.38. Both stocks are up roughly 16% year-to-date. The S & P 500 is up about 7.5% year to date, down slightly Tuesday from the prior session's record closing high. The pair is also bucking the negative performance of the iShares Expanded Tech-Software Sector ETF, which is down nearly 16% in 2026. Jim has long argued that the IGV, as it is also called, should not be a comparison benchmark for cyber companies. CrowdStrike and Palo Alto together have a roughly 11.5% weighting, which is a drop in the bucket versus all the software names. Google's threat report lands at a critical moment for the cybersecurity industry as companies race to secure increasingly complex AI environments. Investors have spent the last year debating whether AI could eventually reduce cyber costs by automating defensive solutions. Instead, Google's findings suggest the opposite may be happening – AI is lowering the barrier to entry for sophisticated attacks, while the advent of companies adding AI agents exponentially increases points of vulnerability. That dynamic, Barclays believes, could force companies to spend even more aggressively on cyber security defense systems, like industry leaders CrowdStrike and Palo Alto Networks. Hackers are increasingly using large language models to find and exploit vulnerabilities, a trend that "will only accelerate with more advanced AI models," Barclays wrote in a Monday research note to investors. "This could only drive more spending on cybersecurity," analysts added, because the increase in AI-enabled attacks could drive demand for security tools. They predict security vendors could start to see "real revenue opportunity" this year, stemming from safeguarding against AI-driven attacks. Anthropic's Claude Mythos — the AI startup's general-purpose cybersecurity-focused AI model – is also putting this conversation at the forefront . Last month, Anthropic launched Project Glasswing, a defensive cybersecurity initiative tied to its unreleased Claude Mythos model, alongside CrowdStrike and Palo Alto, as well as other Club names Amazon , Apple , Broadcom , Alphabet , Microsoft , and Nvidia . (Also part of the project are Cisco Systems , JPMorganChase , and the Linux Foundation.) The initiative is designed to help companies use Mythos to identify vulnerabilities and strengthen defenses after Anthropic said the model has already found "thousands of high-severity vulnerabilities." CrowdStrike CEO George Kurtz made a similar case on "Mad Money" last month after Mythos findings were unveiled. "You can't have AI without security," Kurtz told Jim. "We're the experts at it." The CEO added that one of the things holding back AI adoption is AI securitization. That, according to Kurtz, is why CrowdStrike was chosen to be part of the solution in the Mythos partnership. (Jim Cramer's Charitable Trust is long CRWD, PANW. See here for a full list of the stocks.) As a subscriber to the CNBC Investing Club with Jim Cramer, you will receive a trade alert before Jim makes a trade. Jim waits 45 minutes after sending a trade alert before buying or selling a stock in his charitable trust's portfolio. If Jim has talked about a stock on CNBC TV, he waits 72 hours after issuing the trade alert before executing the trade. THE ABOVE INVESTING CLUB INFORMATION IS SUBJECT TO OUR TERMS AND CONDITIONS AND PRIVACY POLICY , TOGETHER WITH OUR DISCLAIMER . NO FIDUCIARY OBLIGATION OR DUTY EXISTS, OR IS CREATED, BY VIRTUE OF YOUR RECEIPT OF ANY INFORMATION PROVIDED IN CONNECTION WITH THE INVESTING CLUB. NO SPECIFIC OUTCOME OR PROFIT IS GUARANTEED.
Four leading AI models discuss this article
"The current bullish thesis relies on perpetual budget expansion, ignoring the risk that AI-driven defensive automation could eventually commoditize security services and pressure vendor pricing power."
The narrative that AI-driven threats mandate higher cybersecurity spending is compelling, but it ignores the potential for 'security fatigue' and budget cannibalization. While CrowdStrike (CRWD) and Palo Alto Networks (PANW) benefit from a 'fear premium,' we are approaching a saturation point where IT budgets cannot expand indefinitely to cover every new AI-enabled vector. If enterprises shift spending toward internal AI infrastructure, cybersecurity may face downward pressure on renewal rates. Furthermore, the reliance on platform providers creates a single point of failure risk. Investors are currently pricing in flawless execution; any earnings miss or deceleration in ARR growth could lead to a sharp multiple contraction from current premium valuations.
If AI tools eventually automate defensive patching and threat hunting more efficiently than human teams, the resulting operational savings for enterprises could actually compress the margins of security vendors by commoditizing their core service offerings.
"AI-fueled attacks like Google's zero-day example make cybersecurity mission-critical, disproportionately benefiting CRWD's autonomous Falcon platform amid 44% monthly outperformance."
Google's GTIG report on the first AI-crafted zero-day exploit bypassing 2FA highlights AI's dual role in amplifying cyber threats, validating elevated spending on platforms like CRWD's Falcon/Charlotte AI and PANW's AI-driven tools—both up 44% and 38% past month, 16% YTD vs S&P 500's 7.5%, bucking IGV's -16% in 2026. Project Glasswing partnerships with Anthropic et al. strengthen moats amid AI agent vulnerabilities. Article omits CRWD's July 2024 global outage eroding trust (stock -40% post-event) and PANW's 3-rating (sell signal), plus no multiples despite near-record highs ($557 CRWD, $221 PANW). Bullish tailwind, but execution risks loom.
AI may automate defenses faster than offenses, commoditizing cyber tools and eroding pricing power for high-valuation leaders like CRWD (near records post-44% rally). Macro IT budget cuts in a slowing economy could override threat hype.
"The threat escalation is real, but current valuations already embed aggressive AI-security spending assumptions, leaving limited upside unless execution surprises materially in Q1/Q2 2026."
The Google threat report is real and meaningful—AI-accelerated zero-days are a legitimate escalation. But the article conflates two separate dynamics: (1) hackers using AI to attack faster, and (2) defenders using AI to detect faster. The piece assumes the former outpaces the latter, but provides zero evidence. CrowdStrike and Palo Alto have already priced in 'AI security tailwinds'—CRWD up 44% in a month, both near all-time highs. The Barclays prediction of 'real revenue opportunity this year' is vague and backward-looking; by the time a report confirms AI-driven spending acceleration, equities will have already repriced. Meanwhile, the article omits that enterprise IT budgets are finite—more cyber spending means less for other software, potentially cannibalizing growth elsewhere.
If AI truly lowers the barrier to entry for attacks while defenders struggle to keep pace, CrowdStrike and Palo Alto could face margin compression as they're forced to invest heavily in R&D to stay ahead—a multi-year headwind that stock prices haven't yet discounted.
"AI-enabled attacks will sustain and potentially accelerate demand for real-time, AI-driven defense platforms, supporting higher multiples for CrowdStrike and Palo Alto Networks."
Today's GTIG finding that an attacker used an AI-developed zero-day to bypass two-factor authentication highlights a larger trend: AI lowers the entry bar for high‑end attacks and raises the stakes for autonomous threat detection. That backdrop arguably supports a bullish view on CRWD and PANW, which monetize real-time visibility and automated response. But the strongest counterpoint is that AI-enabled efficiency could eventually compress security budgets and elevate competition, as more vendors offer commoditized, AI-assisted defenses. If demand slows, procurement cycles stay long, and price discipline returns, the rally for cybersecurity names could stall even if AI risk grows.
AI-driven defenses could commoditize portions of the market and compress margins, making elevated growth multiples fragile if budget discipline returns. In that scenario, the near-term AI hype may fade before translating into durable outperformance.
"The recent rally in cybersecurity stocks is driven by momentum and hype rather than fundamental shifts in enterprise budget allocation."
Grok, your reliance on recent stock performance as a signal for 'validated spending' is dangerous. A 44% rally in a month isn't a fundamental moat; it’s a momentum bubble. You’re conflating market sentiment with actual enterprise procurement cycles, which remain sluggish. If these companies were truly 'defensive' against AI-driven zero-days, they wouldn't be trading at such extreme forward multiples. We are seeing a classic 'buy the rumor' scenario that ignores the inevitable mean reversion when budgets tighten.
"CRWD's accelerating ARR growth post-outage validates momentum as fundamentals, not bubble."
Gemini, your 'momentum bubble' critique of Grok ignores CRWD's actuals: post-July outage, Q2 FY25 delivered 32% YoY subscription ARR growth to $3.06B and 97% gross retention—hardly sluggish procurement. No one flags the counter-risk: if AI defenses commoditize slower than attacks, PANW/CRWD's moats (Falcon AI, Cortex) justify premiums, with cyber TAM expanding 15% CAGR per Gartner.
"High retention proves switching costs, not that enterprises are opening new budget lines for AI-native threats."
Grok's 97% gross retention post-outage is the tell—that's not sluggish, it's institutional stickiness. But Grok conflates retention with *new* budget allocation. Q2 ARR growth of 32% YoY is solid, not exceptional for a $3B+ base. The real question Grok dodges: does AI-driven threat escalation *expand* total cyber budgets, or just reallocate within a fixed envelope? Gartner's 15% TAM CAGR assumes the former; nobody's proven it.
"AI-driven threats may be offset by cloud-provider bundling, compressing CRWD/PANW's pricing power even with strong retention."
Grok prizes 97% gross retention and argues moats justify premiums; but the AI arms race invites cloud-native bundles and platform security suites from AWS/Azure/GCP, risking pricing power erosion and slower new-logo growth. If critical-to-function security becomes a bundled service, CRWD/PANW may face re-rating even with healthy ARR; the risk is not only churn but compression of AI-driven differentiation as ecosystems commoditize threat detection. Be wary of cloud-bundling tailwinds.
While AI-driven threats necessitate increased cybersecurity spending, there's a risk of 'security fatigue' and budget cannibalization. The panel is divided on whether AI will expand or reallocate total cyber budgets, with some expressing concern about potential 'momentum bubbles' and the threat of cloud-bundled security services.
Growing demand for real-time visibility and automated response driven by AI-accelerated zero-days.
Potential 'momentum bubbles' and the threat of cloud-bundled security services eroding pricing power and differentiation.