Jefferies has released a research report stating that while large language models (LLMs) introduced by companies like Anthropic have sparked market fears about the erosion of existing security architectures, three core areas—identity authentication, network security, and endpoint security—have demonstrated strong resilience amid the AI wave and are largely insulated from potential AI disruption. Analyst Joseph Gallo emphasized in the report that recent collective selling in the cybersecurity sector reflects an excessive market concern over AI substitution effects, overlooking the fundamental distinction between "deterministic needs" in security defense and "probabilistic generation" inherent to AI. The analyst team led by Joseph Gallo stated, "We acknowledge that advancements in LLM technology do pose a risk of eroding certain cybersecurity segments. However, we believe this risk is primarily concentrated in areas already recognized as vulnerable—such as threat intelligence, code scanning, vulnerability management, security automation, and security operations centers—rather than impacting more resilient fields like identity, network protection, and endpoint security. This differential risk distribution makes the recent large-scale sell-off particularly surprising. The most impactful debate remains whether LLM technology will divert incremental cybersecurity budgets that enterprises would otherwise allocate; however, based on our previous survey data, the risks associated with cross-domain budget reallocation have been significantly mitigated." The market volatility was largely triggered by Anthropic's latest model, Claude Mythos, which demonstrated exceptional reasoning and programming capabilities, leading investors to fear that traditional security software could be directly replaced by highly intelligent AI tools. Affected by such sentiment, industry giants including CrowdStrike, Palo Alto Networks, Fortinet, and SentinelOne recently experienced significant stock price corrections. However, Jefferies' in-depth research indicates that this "substitution theory" is difficult to justify in the short term, as LLMs are inherently probabilistic prediction tools, whereas critical infrastructure like authentication and endpoint defense require extremely precise, binary decisions. In environments with near-zero tolerance for error, such as real-time intrusion prevention or user authorization, existing deterministic architectures remain essential, unlike the ambiguous inferences AI might produce. In terms of vulnerability across sub-sectors, Jefferies categorizes the cybersecurity field into "immune zones" and "risk zones." Areas like threat intelligence analysis, static code scanning, and vulnerability management, which rely heavily on pattern recognition and massive data processing, are indeed more susceptible to direct LLM impact, as these align with generative AI's strengths. In contrast, identity security providers such as Okta, and network and endpoint defense leaders like Zscaler and Palo Alto Networks, benefit from inherent technical barriers due to their involvement in complex underlying protocol interactions and hardware-level integration. Jefferies believes that LLMs will act more as "efficiency enhancers" rather than "disruptors" in these areas—for instance, by using AI assistants (Copilots) to help security operators reduce response times, not replace existing defense mechanisms. Furthermore, Jefferies highlighted that AI labs like Anthropic are proactively sharing their models with security firms ahead of public release, indicating a partnership rather than a competitive relationship. Gallo noted, "Anthropic's documentation suggests its model could exploit vulnerabilities faster than defenders can respond, yet Anthropic appears to be providing early access to cybersecurity vendors, allowing them time to fortify their codebases and enhance defenses. We view this as a sign of collaboration, not competition, and believe it is positive for overall cybersecurity demand." Gallo added, "While we understand that headline-driven uncertainty has created a 'shoot first, ask questions later' market environment, we do not find model improvements from Anthropic and other LLM companies surprising—this trend will continue. Given the market's broad-brush approach to assessing this risk, we see increasingly attractive investment opportunities in companies with solid fundamentals, competitive advantages in AI—particularly in identity and network/endpoint security—and reasonable valuations." At the close of trading on Monday, several cybersecurity stocks trended upward. Specifically, CrowdStrike rose 2.84%, Palo Alto Networks gained 4.99%, and Fortinet increased by 1.09%.
Comments