Markets / Industries / Cybersecurity
Industry view · Cybersecurity
Cybersecurity is the rare industry where AI is simultaneously the best product to sell and the most dangerous weapon pointed back at you. Global information-security spending hits $213bn in 2025 and is forecast at $244bn in 2026, but the AI-amplified slice is the real story: a $49bn market in 2025 that Gartner sees reaching $160bn by 2029.
01 · The thesis
The defensive case writes itself. The SOC is a triage bottleneck of alerts no human team can clear, and that is exactly the work agentic AI is built for. CrowdStrike's Charlotte AI, SentinelOne's Purple AI 'Athena', Palo Alto's Cortex Agentix and Microsoft's Security Copilot all promise the same thing: investigations and remediation in seconds rather than hours. IBM measured the payoff — extensive AI and automation users save $1.9 million per breach and cut the breach lifecycle by 80 days.
The offensive case is no longer hypothetical. In November 2025 Anthropic disclosed GTG-1002, a Chinese state-sponsored campaign in which Claude executed 80-90% of tactical operations autonomously against roughly 30 targets, with human operators engaged for as little as 20 minutes at key junctures. The same agentic capability that empties the alert queue can also discover vulnerabilities, move laterally and exfiltrate data. The industry's growth thesis and its existential threat are now the same technology.
AI ingests and correlates global telemetry to surface novel attack patterns faster than analyst-curated feeds.
Models flag anomalous identity and endpoint behavior, the dominant attack surface as deepfake-enabled phishing scales.
Autonomous agents triage and investigate alerts, the single highest-value displacement of human analyst labor.
Agents move from recommending to executing remediation across cloud, identity and firewall control points.
Protecting models, agents and data from prompt injection and shadow AI; spend lags AI-tool spend ~17x.
02 · Public players & exposure
We plot the listed players on two editorial axes — how exposed each is to AI disruption, against how ready its data, brand and position are to be the answer. The figures in the table are sourced; the placement is our read.
| Company | Stance | The sourced fact |
|---|---|---|
| CrowdStrikeCRWD | AI-native leader | Ending ARR grew 23% YoY to $4.24bn in FY2025; Charlotte AI is the reasoning engine triaging alerts across Falcon. |
| Palo Alto NetworksPANW | Platform consolidator | Cortex XSIAM surpassed $500M ARR; acquired CyberArk (~$25bn) and Chronosphere ($3.35bn) to build an AI-era platform. |
| MicrosoftMSFT | Scale incumbent | Security is a roughly $20bn/yr business; Security Copilot and agentic Sentinel push AI across Defender, Entra and Purview. |
| SentinelOneS | Autonomous challenger | FY2025 revenue up 32% to ~$822M; Purple AI hit a >50% attach rate on Q4 licenses, on track to cross $1bn ARR. |
| ZscalerZS | Zero-trust scaler | ARR surpassed $3.2bn (up ~26% YoY) by Q1 FY2026, with AI-Security solutions ARR surpassing $400M. |
| Google / WizGOOGL | Cloud-security bet | Closed the $32bn acquisition of Wiz in March 2026, the largest pure cybersecurity deal on record; Wiz crossed $1bn ARR in 2025. |
| CyeraCYERA | AI-data-security pure play | Raised a $400M Series F in Jan 2026 at a $9bn valuation, securing data and AI usage inside enterprises. |
| Abnormal SecurityABNRM | AI-email defense | AI-native email and social-engineering defense, positioned among the strongest 2026 cybersecurity IPO candidates. |
| Legacy signature AVLEGACY | Signature-bound | AI-generated deepfakes appeared in a large share of 2025 phishing campaigns, eroding signature-based and rules-only defenses. |
| Tier-2 MSSPsMSSP | Labor-arbitrage SOCs | Agentic SOC triage compresses the analyst-hours model; Gartner expects >75% of enterprises on AI-amplified security by 2028. |
03 · The two clocks
Three timers running against the industry at once
The attacker clock is the fastest. Anthropic's GTG-1002 disclosure showed an AI agent running 80-90% of tactical operations across roughly 30 targets, with human intervention at key phases capped at about 20 minutes of work. The cost of a competent operator just collapsed.
The governance clock is dangerously behind. IBM found 97% of organizations that suffered an AI-related breach lacked proper AI access controls, and 63% had no AI governance policy at all (or were still building one); shadow AI added $670,000 to the average breach.
The spending clock is racing to catch up. Gartner projects over 75% of enterprises will use AI-amplified cybersecurity products by 2028, up from under 25% in 2025 — but notes enterprises still spend roughly 17x more on AI tools than on securing the AI itself.
04 · Private flagships
The companies attacking this industry AI-first, with disclosed funding where available:
Charlotte AI Detection Triage reached general availability, with Agentic Response and Workflows positioning Falcon as the reasoning layer for security operations.
Nikesh Arora's Precision AI strategy embeds AI at control points, backed by the ~$25bn CyberArk identity acquisition and Cortex XSIAM crossing $500M ARR.
Google closed its $32bn all-cash purchase of Wiz in March 2026, the largest cybersecurity deal ever, anchoring AI-era cloud and code security.
Pure-play AI and data security platform addressing the governance gap enterprises are racing to close as shadow AI spreads.
Its disruption and disclosure of GTG-1002 set the reference case for AI-orchestrated attacks and reshaped enterprise threat models overnight.
AI-native defense against the deepfake- and LLM-enabled phishing surge, a leading candidate in the 2026 cybersecurity IPO pipeline.
05 · Signals
Anthropic reveals GTG-1002, with Claude running 80-90% of operations against ~30 targets — the threat model's inflection point.
Google buys Wiz for $32bn (closed March 2026); Palo Alto acquires CyberArk for ~$25bn (closed Feb 2026), signaling AI-era consolidation.
97% of AI-related breaches involved missing AI access controls; shadow AI added $670K per breach, but AI users saved $1.9M.
Charlotte AI, Purple AI 'Athena' and Cortex Agentix ship autonomous triage and remediation, moving from copilot to operator.
Gartner lifts 2026 infosec spend to $244bn (+13%), with AI on both attack and defense the key growth driver.
06 · The exposure read
AI rewards clean, structured advantage and punishes friction. The line runs through who owns the data, the brand and the customer — and who is merely a step the technology can route around.
Sources
Gartner: Worldwide information security spending to total $213B in 2025 · Gartner 2026 security forecast / AI-amplified market analysis ($49B to $160B, 17x gap) · Gartner: Top 6 cybersecurity trends from the 2026 Security Forecast · CrowdStrike Q4 & FY2025 financial results ($4.24bn ending ARR, +23%) · CrowdStrike: securing the agentic enterprise (Charlotte AI) · Palo Alto Networks Cortex XSIAM ARR analysis · Palo Alto Networks completes ~$25B CyberArk identity acquisition · Palo Alto Networks to acquire Chronosphere for $3.35B · Microsoft Sentinel: the security platform for the agentic era · Microsoft's ~$20B security business / Security Copilot · SentinelOne Q4 & FY2025 results (revenue $821.5M, +32% FY; Purple AI 'Athena') · Zscaler Q1 FY2026 results ($3.2bn ARR; AI-Security ARR) · Anthropic: disrupting the first AI-orchestrated cyber espionage campaign (GTG-1002) · IBM Cost of a Data Breach 2025 (AI savings $1.9M, shadow AI $670K, 97% access controls)