Analysis

Generative AI agents change the attack surface more than the threat model: they convert low-skill probing into high-frequency, automated reconnaissance that can pivot across code, infra-as-code, and identity stores in minutes. Defenders who can enforce policy in-line (network and gateway), run lightweight inference on-device, and correlate cross-layer telemetry will shrink mean-time-to-detect materially; vendors lacking those capabilities face attrition by commoditized scanning tools. Second-order winners are not only pure-play security vendors but also telemetry-aggregation platforms, secure-enclave silicon, and continuous-deployment observability stacks that make remediation frictionless. Conversely, companies whose revenue mixes remain tied to one-time appliance upgrades or seat-based licensing are exposed to a two-way squeeze: lower unit demand and pricing pressure as buyers prefer usage/traffic-aligned economics for AI-heavy workloads. Key catalysts to watch in the next 6–24 months are enterprise AI pilots that grant agents data-plane access, major zero-day exploit clusters that force accelerated renewals, and regulatory moves around agent governance and data residency. Tail risks include rapid commoditization of automated patching, or a breakthrough in purely preventative security (e.g., pervasive hardware roots-of-trust) that re-rates the market; both would compress multiples for incumbent software-heavy names and reallocate spending to silicon and observability plays.