The AI That Spooked Wall Street’s Cyber Darlings

Cybersecurity stocks slid sharply last weekend after Anthropic introduced Claude Code Security, an AI capability designed to scan codebases for vulnerabilities and suggest fixes. Shares of companies including CrowdStrike, Palo Alto Networks, Okta, Zscaler, GitLab and JFrog declined following the announcement, with market coverage describing billions of dollars erased in a single session as investors reacted to the product release.

Anthropic described Claude Code Security as “making frontier cybersecurity capabilities available to defenders,” stating that the system can analyze repositories, trace code interactions, identify vulnerabilities, and generate remediation guidance using large language models.

Those functions sit inside application security. Static application security testing tools scan code for known patterns. Software composition analysis tools flag vulnerable dependencies. Remediation workflows guide developers through patching. The overlap between AI-driven detection and traditional AppSec workflows fueled debate among analysts, some of whom argued the selloff overstated competitive displacement risk.

The episode is a noticeable shift in how investors are evaluating cybersecurity companies, with AI capability now central to the discussion.

Large Models Are Moving Into Code Security

Claude Code Security was introduced as an autonomous vulnerability detection and patch suggestion system designed to help defenders identify and fix software vulnerabilities through contextual reasoning across codebases.

Traditional static analysis tools rely on deterministic rules and pattern matching. Large language models operate differently. They ingest multiple files at once and generate natural-language explanations alongside remediation suggestions. That architectural difference does not eliminate legacy tools. Precision can vary, and hallucination risk remains. But AI systems are increasingly embedded directly into development pipelines.

The industry is accelerating AI integration.

Palo Alto Networks has increased investment in AI-driven capabilities, and recent reporting noted that integration costs tied to AI-related acquisitions weighed on shares after earnings, underscoring how central AI has become to vendor strategy.

At the macro level, the World Economic Forum’s Global Cybersecurity Outlook 2026 found that 94% of respondents identified AI as the most significant driver of change in cybersecurity this year, describing AI as reshaping both offensive techniques and defensive systems.

Security leadership commentary reinforces that framing. Mandy Andress, Chief Information Security Officer at Elastic, said cybersecurity must be treated as a board-level business priority as AI and digital adoption increase operational complexity.

Capital is following the shift. Vulnerability management startup VulnCheck recently raised $25 million to expand AI-assisted vulnerability prioritization and remediation capabilities, signaling investor appetite for AI-native security tooling.

AI is no longer positioned as an enhancement layer. It is being integrated into detection, remediation, prioritization, and governance functions across the stack.

Vendors Are Competing Around AI Integration

The selloff did not imply shrinking cybersecurity demand. AI expands the attack surface. AI-generated code and AI-enabled attackers introduce new risks that require oversight.

The shift concerns competitive structure.

If foundation models perform scanning and remediation tasks, vendors whose revenue centers on those functions face new competitive dynamics. Companies are responding by embedding AI deeper into workflow, governance, and enterprise controls rather than positioning it as a standalone feature.

Privately held Snyk operates in this environment. Snyk reported $278 million in revenue for 2024, up 26% year over year, and recorded an operating loss of more than $188 million. The company also stated it surpassed $325 million in annual recurring revenue. These figures were disclosed alongside reporting that Snyk had previously raised capital at an $8.5 billion valuation in 2021, later marked down to $7.4 billion, and had held discussions with private equity firms at valuations below $3 billion, which it declined.

In 2025, Snyk launched its AI Trust Platform, positioned as a framework for securing AI-generated code and agentic workflows, integrating AI-assisted remediation and governance into developer pipelines.

CEO Peter McKay recently announced he would step aside once a successor is found. In his statement, he wrote, “Snyk is entering ‘Part Two’: an era of hyper-intensive AI innovation,” adding that the next phase requires “a visionary, AI-immersed leader ready to commit their full energy to a multi-year journey of technical disruption”.

Snyk does not build foundation models. It integrates AI into development workflows and policy controls. Its differentiation has centered on embedding security directly into software development environments.

The repricing of cybersecurity stocks does not determine long-term winners. Some analysts argue AI may increase demand for layered security controls rather than reduce it.

What is clear is that AI capability is now central to how investors evaluate the sector. Foundation models are advancing. Vendors are integrating them into products and operations. Leadership decisions and capital allocation across the industry are increasingly framed around AI execution.

Markets reacted quickly. The competitive landscape is adjusting around the same shift.