Back to News
Market Impact: 0.35

The AI arms race in cybersecurity has started. Most companies aren’t ready

Artificial IntelligenceCybersecurity & Data PrivacyTechnology & InnovationTrade Policy & Supply ChainCrypto & Digital AssetsFintech

The article argues that AI will materially accelerate cyberattacks, compressing timelines from weeks to hours and making supply chain attacks, privilege escalation, and data exfiltration faster and more frequent. Coinbase’s experience underscores the threat, but the piece is primarily forward-looking and defensive in nature, urging companies to adopt AI for security, tighten third-party controls, and redesign incident response for machine-speed adversaries. The likely market impact is moderate, with broad implications for cybersecurity, software supply chains, and crypto-related firms rather than an immediate price catalyst.

Analysis

The market is underpricing the second-order beneficiary set: not the headline cybersecurity vendors alone, but any workflow that shortens detection-to-remediation time in machine-speed attack environments. The biggest economic shift is toward organizations that already sit on proprietary system context and can operationalize AI defensively at scale; that should widen the gap between platform-native security stacks and point solutions. Expect budget share to migrate from pure alerting into code scanning, identity, supply-chain governance, and automated response orchestration over the next 12-24 months.

The more important risk is that open-source and software dependency exposure becomes a board-level procurement issue, not just a CISO issue. That creates a lagged but durable demand tail for secure software supply-chain tooling, artifact signing, dependency monitoring, and runtime containment. It also raises the probability of episodic, cross-sector selloffs whenever a widely used library or developer tool is implicated, because the blast radius will be broad and the remediation window short.

The contrarian point: consensus may be too focused on “AI attacks get better” while missing that defenders with privileged telemetry can also collapse false positives and automate remediation faster than attackers can exploit scale. That argues against a blanket bearish view on cybersecurity multiples; the winners should be the vendors whose products are closest to code, identity, and response automation, while legacy SIEM-only names face margin pressure and slower seat expansion. For crypto-adjacent assets, the message is mixed: DeFi remains structurally more exposed because attacker and defender context are closer to equal, but that risk is more protocol-specific than a broad beta call on digital assets.