Analysis

The selloff is less about near-term earnings impairment and more about a narrative de-rating: investors are conflating AI-assisted tooling with AI-native replacement. That creates a mismatch where the first victims are the most visible software names, even though enterprise security budgets are typically sticky, compliance-driven, and slow to re-architect; that lag should support a mean-reversion trade over the next 3-6 months as fundamentals reassert themselves. Second-order, AI is likely to expand the attack surface before it compresses it. Agentic workflows increase machine-to-machine authentication, privilege sprawl, and data lineage risk, which should structurally favor identity, policy enforcement, and data resilience vendors over point solutions. That means OKTA and RBRK have a cleaner “picks-and-shovels for AI adoption” angle than pure platform narratives, while PANW benefits if buyers continue consolidating onto one control plane rather than experimenting with AI-native replacements. The market may still be underestimating the adoption friction on the offensive side: AI can accelerate vulnerability discovery, but real-world exploitation still requires infrastructure, persistence, and operational maturity. That gives incumbent security vendors a window of multiple quarters to monetize increased urgency, especially if breach headlines re-accelerate. The main risk is not product displacement today, but a sentiment gap closing faster than fundamentals if AI security demos keep improving and management teams guide conservatively. This looks more like a valuation reset than a fundamental thesis break. The best trade is to own the names where AI increases the value of trust, identity, and data integrity, not where it merely adds another feature layer. Expect the strongest relative performance if the broader software complex remains weak, because capital will rotate toward companies with visible net retention, large installed bases, and expansion via consolidation rather than net-new greenfield spend.