Cybersecurity stocks have sold off this year alongside the rest of the software sector, but with artificial intelligence increasing the potential threats from bad actors, investors risk missing out on the burgeoning demand for their services.
“Right now software investors are selling first and asking questions later, but I think we’ll look back and see this as a really interesting time to get into security,” said Manthan Shah, who helps oversee more than $7 billion as head of US investments at WestBridge Capital. “This is one of the top areas where we’re excited about the long-term potential.”
Software stocks have seen widespread selling for months on concerns that offerings from AI companies like OpenAI or Anthropic will sap demand from legacy providers, eroding their growth and pricing power. The proliferation of so-called AI agents, designed to complete multi-step processes without human interference, has been a particular challenge for software-as-a-service stocks.
Cybersecurity software makers have felt that pessimism. The Global X Cybersecurity ETF is down 15% in 2026 and recently closed at its lowest price since November 2023. While that’s better than the 31% plunge in an index dedicated to software-as-a-service, it’s still far worse than the 3.4% decline in the S&P 500 Index and the 4.2% drop in the technology-heavy Nasdaq 100 Index this year.
But not all software is the same, and in the case of cybersecurity investors may be misreading the landscape. Those same AI agents that are expected to eat away at the business are also being used for nefarious purposes, a risk that’s likely to become more acute as AI models become more powerful. Hackers have already applied AI tools to breach more than 600 firewalls in dozens of countries, including Mexican government agencies.
Given this threat, the thesis goes, greater AI adoption means customers will require more protection from cybersecurity software.
“AI is also going to massively increase the surface area that can be vulnerable, meaning the need for security is going to compound significantly going forward,” Shah said.
For example, look at JFrog Ltd. The Sunnyvale, California-based company’s shares rose 17% in March, their best month since November, as analysts said attacks on software supply chains underscored the value of its security portfolio.
“Attacks like this may only become more widespread given agentic AI adoption,” Guggenheim analyst Howard Ma wrote in a note to clients on March 25.
Selling Headlines
With the market jumpy and uncertainty high, whether it’s because of AI or the war in Iran, investors are heavily reactive to headlines right now. Security stocks sank last month after Fortune reported on an AI model from Anthropic PBC that “poses unprecedented cybersecurity risks.” A similar thing happened in February when Anthropic introduced new security features into its Claude AI model.
However, Wall Street says investors may be getting it backward, as these developments point to the increasing importance of digital security.
“Stronger models increase the need for governance, not reduce it,” Baird analyst Shrenik Kothari wrote in a March 27 note, calling the selloff “another burst of irrational fear.” Adam Tindle at Raymond James echoed this view, noting that the narrative about AI disrupting security “is fundamentally wrong, but the herd mentality gets frustratingly difficult to fight and may cause some capitulation regardless of fundamentals.”
This explains why analysts are upgrading cybersecurity shares. Arete Research raised its rating on Palo Alto Networks Inc. to buy from sell last month, saying the stock’s weakness was overdone as agentic AI shifts IT budgets to different types of security. Crowdstrike Holdings Inc. has received multiple upgrades, with Piper Sandler analyst Rob Owens seeing AI “as an opportunity, not a replacement threat” because it will “create the next multibillion security opportunity as enterprises look to secure a new attack surface.”
To be sure, AI developers may end up launching services that closely match offerings from legacy providers, reviving concerns about disruption even if there’s greater overall need for security services. Plus, cybersecurity stocks aren’t exactly cheap, at least compared to the bargains that can be found elsewhere in the software universe.
Crowdstrike, for example, trades at 78 times estimated earnings, making it the ninth-most expensive name in the S&P 500 even though its valuation is down dramatically from the 128 multiple it had in July. Palo Alto Networks shares are priced at 42 times earnings over the next 12 months, putting them among the 50 priciest stocks in the index. And Fortinet Inc. and SentinelOne Inc. have multiples that are well above the S&P 500 and Nasdaq 100.
“It’s hard to say these are value stocks, especially since it will take a few years before we can say whether growth has been disrupted, and in the meantime the risk is impossible to disprove,” said Ryan Isherwood, chief investment officer of Significance Capital Management, which holds shares of Palo Alto Networks.
“It seems hard to imagine that security stocks will get the premium multiples they’ve been afforded in the past, but it still looks like the best place to be within software,” he added. “We don’t want to touch a lot of application software stocks, but within software, cyber looks like the best house in a bad neighborhood.”
Tech Chart of the Day
Samsung Electronics Co. earned a far stronger-than-expected eight-fold leap in quarterly profit, underscoring robust demand for AI memory chips in the face of markets roiled by war in the Middle East.
A message from Advisor Perspectives and VettaFi: Discover something new! Click here to register for our upcoming webcasts.
Bloomberg News provided this article. For more articles like this please visit
bloomberg.com.
Read more articles by Ryan Vlastelica
