Cybersecurity’s AI Story Is Intact—but the Easy Money Has Been Made
CrowdStrike and Palo Alto Networks did not collapse because their businesses suddenly weakened. They fell because investors had priced both companies as though strong execution, accelerating AI demand and expanding margins were already guaranteed.
That distinction matters.
CrowdStrike’s quarter was objectively strong. Revenue rose 26% to $1.39 billion, annual recurring revenue reached $5.51 billion, net-new ARR increased 32%, and free cash flow hit a quarterly record of $468 million. Management also raised its full-year outlook. Those are hardly signs of a broken growth story. Yet the shares still dropped because expectations had risen even faster than the business, following a roughly 90% rally from their March levels.
Palo Alto produced similarly impressive headline numbers, including 31% revenue growth and a 38.5% trailing adjusted free-cash-flow margin. But its results were less straightforward. The acquisitions of CyberArk and Chronosphere contributed $388 million of quarterly revenue and $1.6 billion of next-generation security ARR, making it harder to determine how quickly the underlying business is growing organically. Investors also disliked the reduced visibility surrounding acquisition contributions and future financial reporting.
The market is not rejecting cybersecurity’s AI opportunity. It is becoming more demanding about how that opportunity is valued.
The Agentic SOC thesis remains persuasive. As businesses give AI agents access to applications, identities and sensitive corporate data, the number of potential vulnerabilities will multiply. Security platforms capable of monitoring endpoints, cloud workloads, identities and automated agents should become more important. CrowdStrike and Palo Alto are among the companies best positioned to consolidate that spending.
But investors should be careful not to confuse a strong industry trend with an attractive stock price. Cybersecurity may be one of AI’s most durable growth markets, while individual security stocks can still become overvalued. CrowdStrike was trading near $671 after the sell-off and remained valued at roughly $173 billion. Palo Alto was around $272 with a market capitalization close to $218 billion. At those levels, the market is still assigning considerable value to years of future expansion.
My view is that this is not a reason to sell high-quality software indiscriminately. It is a reason to stop treating every earnings beat as sufficient justification for a higher valuation.
CrowdStrike currently has the cleaner growth narrative. Its recurring revenue momentum is strong, its platform is expanding, and its cash generation is improving. The risk is almost entirely in the price: investors are paying heavily for execution that must remain exceptional.
Palo Alto offers broader platform exposure and greater scale, but the company now has more integration risk. Its platformization strategy makes strategic sense, yet acquisitions can obscure whether customers are genuinely consolidating spending around Palo Alto or whether reported growth is being supplemented by purchased revenue. The business may ultimately become stronger, but the market is right to demand clearer evidence.
As for how long the pullback will last, nobody can credibly put an exact date on it. My expectation is that premium software stocks could remain volatile through at least the next one or two earnings cycles. After such powerful rallies, valuations usually need either time to cool or fundamentals to catch up. A rapid rebound is possible, but a durable recovery will require more than management talking about agentic AI. Investors will want accelerating recurring revenue, measurable sales from AI-security products and continued margin expansion.
The AI premium has not been fully priced out of cybersecurity stocks. It has merely stopped expanding automatically.
That makes the current decline a valuation reset rather than the end of the cybersecurity bull market. I would not sell these companies simply because their shares fell after good earnings. But neither would I assume that an 11% decline has suddenly made them cheap. The strongest approach is patience: let earnings grow into the valuations and treat further weakness as an opportunity to build exposure gradually, rather than betting that the market’s appetite for expensive software will return overnight.
Disclaimer: Investing carries risk. This is not financial advice. The above content should not be regarded as an offer, recommendation, or solicitation on acquiring or disposing of any financial products, any associated discussions, comments, or posts by author or other users should not be considered as such either. It is solely for general information purpose only, which does not consider your own investment objectives, financial situations or needs. TTM assumes no responsibility or warranty for the accuracy and completeness of the information, investors should do their own research and may seek professional advice before investing.
