Analysis

AI-native security tooling is a tactical shock to incumbent vendors’ TAM composition rather than an outright existential threat; the bigger second-order effect is a bifurcation of demand toward (A) identity and runtime control (frictionless enforcement of who/what acts) and (B) telemetry-rich, cloud-delivered prevention that can retrain models quickly. Vendors with deep, high-frequency telemetry and sticky subscription models will be able to monetize model-driven defenses and sell managed-model-updates as a service, creating durable revenue uplifts even if point tools for static vulnerability scanning commoditize. Near-term downside is compressed multiples as conviction resets, but the true risks play out over 12–36 months: rapid enterprise pilots of agentic AI that reduce manual SOC headcount, a large customer consolidating spend to a single AI-security provider, or a high-profile breach tied to an incumbent’s failure to adapt could force faster market share rotation. Conversely, metrics that will re-rate winners include renewal cohorts, logo churn improving sequentially, and a widening gap in ARR retention between identity/runtime specialists and legacy network appliance vendors. The move appears partially overdone for identity-first businesses because agent proliferation increases authentication complexity — not reduces it — making identity controls more strategic, not less. Quantum-security claims are a marketing lever with multi-year adoption curves; avoid pricing near-term upside to that narrative. Tradeable edge: capture sentiment-driven multiple decompression in the short run while positioning for durable share gains in firms that can convert telemetry into recurring AI-defense services over the next 12–24 months.