Divergent Compute.AI Economic Think Tank

Markets / Industries / Cybersecurity

Industry view · Cybersecurity

The first machine-run cyberattack arrived before the defenders finished automating.

Cybersecurity is the rare industry where AI is simultaneously the best product to sell and the most dangerous weapon pointed back at you. Global information-security spending hits $213bn in 2025 and is forecast at $244bn in 2026, but the AI-amplified slice is the real story: a $49bn market in 2025 that Gartner sees reaching $160bn by 2029.

$213B
Global infosec spend, 2025
Gartner
$160B
AI-amplified security market by 2029 (from $49B in 2025)
Gartner
80-90%
Of a state cyberattack run autonomously by Claude (GTG-1002)
Anthropic
$1.9M
Avg breach cost saved by heavy AI/automation users
IBM

01 · The thesis

Both sides got an autonomous operator in the same year

The defensive case writes itself. The SOC is a triage bottleneck of alerts no human team can clear, and that is exactly the work agentic AI is built for. CrowdStrike's Charlotte AI, SentinelOne's Purple AI 'Athena', Palo Alto's Cortex Agentix and Microsoft's Security Copilot all promise the same thing: investigations and remediation in seconds rather than hours. IBM measured the payoff — extensive AI and automation users save $1.9 million per breach and cut the breach lifecycle by 80 days.

The offensive case is no longer hypothetical. In November 2025 Anthropic disclosed GTG-1002, a Chinese state-sponsored campaign in which Claude executed 80-90% of tactical operations autonomously against roughly 30 targets, with human operators engaged for as little as 20 minutes at key junctures. The same agentic capability that empties the alert queue can also discover vulnerabilities, move laterally and exfiltrate data. The industry's growth thesis and its existential threat are now the same technology.

1Threat intel

From feeds to reasoning

AI ingests and correlates global telemetry to surface novel attack patterns faster than analyst-curated feeds.

CrowdStrike Falcon, Microsoft, Google/Mandiant
2Detection

Behavioral, not signature

Models flag anomalous identity and endpoint behavior, the dominant attack surface as deepfake-enabled phishing scales.

SentinelOne, CrowdStrike, Abnormal
3Triage & SOC

The agentic flashpoint

Autonomous agents triage and investigate alerts, the single highest-value displacement of human analyst labor.

Charlotte AI, Purple AI, Security Copilot
4Response

Machine-speed remediation

Agents move from recommending to executing remediation across cloud, identity and firewall control points.

Cortex Agentix, SentinelOne
5Securing the AI

The 17x gap

Protecting models, agents and data from prompt injection and shadow AI; spend lags AI-tool spend ~17x.

Cyera, Wiz/Google, startups
Pace of AI disruption by stage — Divergent Compute assessment

02 · Public players & exposure

Who routes through, who gets routed around

We plot the listed players on two editorial axes — how exposed each is to AI disruption, against how ready its data, brand and position are to be the answer. The figures in the table are sourced; the placement is our read.

Positioning — editorial assessment, not a sourced metric. Bubble = approximate relative scale.
CompanyStanceThe sourced fact
CrowdStrikeCRWDAI-native leaderEnding ARR grew 23% YoY to $4.24bn in FY2025; Charlotte AI is the reasoning engine triaging alerts across Falcon.
Palo Alto NetworksPANWPlatform consolidatorCortex XSIAM surpassed $500M ARR; acquired CyberArk (~$25bn) and Chronosphere ($3.35bn) to build an AI-era platform.
MicrosoftMSFTScale incumbentSecurity is a roughly $20bn/yr business; Security Copilot and agentic Sentinel push AI across Defender, Entra and Purview.
SentinelOneSAutonomous challengerFY2025 revenue up 32% to ~$822M; Purple AI hit a >50% attach rate on Q4 licenses, on track to cross $1bn ARR.
ZscalerZSZero-trust scalerARR surpassed $3.2bn (up ~26% YoY) by Q1 FY2026, with AI-Security solutions ARR surpassing $400M.
Google / WizGOOGLCloud-security betClosed the $32bn acquisition of Wiz in March 2026, the largest pure cybersecurity deal on record; Wiz crossed $1bn ARR in 2025.
CyeraCYERAAI-data-security pure playRaised a $400M Series F in Jan 2026 at a $9bn valuation, securing data and AI usage inside enterprises.
Abnormal SecurityABNRMAI-email defenseAI-native email and social-engineering defense, positioned among the strongest 2026 cybersecurity IPO candidates.
Legacy signature AVLEGACYSignature-boundAI-generated deepfakes appeared in a large share of 2025 phishing campaigns, eroding signature-based and rules-only defenses.
Tier-2 MSSPsMSSPLabor-arbitrage SOCsAgentic SOC triage compresses the analyst-hours model; Gartner expects >75% of enterprises on AI-amplified security by 2028.
The map is Divergent Compute’s editorial positioning, offered as a lens, not a measurement. Every figure in the right-hand column is drawn from a named source — see Sources.

03 · The two clocks

The spend, and the payoff

Three timers running against the industry at once

Gartner 4Q25 forecast for the AI-amplified security segment and total infosec spend; figures in USD billions.

The attacker clock is the fastest. Anthropic's GTG-1002 disclosure showed an AI agent running 80-90% of tactical operations across roughly 30 targets, with human intervention at key phases capped at about 20 minutes of work. The cost of a competent operator just collapsed.

The governance clock is dangerously behind. IBM found 97% of organizations that suffered an AI-related breach lacked proper AI access controls, and 63% had no AI governance policy at all (or were still building one); shadow AI added $670,000 to the average breach.

The spending clock is racing to catch up. Gartner projects over 75% of enterprises will use AI-amplified cybersecurity products by 2028, up from under 25% in 2025 — but notes enterprises still spend roughly 17x more on AI tools than on securing the AI itself.

04 · Private flagships

The AI-native challengers

The companies attacking this industry AI-first, with disclosed funding where available:

CrowdStrike

Agentic SOC frontrunner

Charlotte AI Detection Triage reached general availability, with Agentic Response and Workflows positioning Falcon as the reasoning layer for security operations.

Public (CRWD); FY2025 ending ARR $4.24bn, up 23% YoY, targeting $10bn ARR.

Palo Alto Networks

Platform roll-up

Nikesh Arora's Precision AI strategy embeds AI at control points, backed by the ~$25bn CyberArk identity acquisition and Cortex XSIAM crossing $500M ARR.

Public (PANW); CyberArk acquired for ~$25bn; Chronosphere bought for $3.35bn.

Google / Wiz

Cloud-security consolidation

Google closed its $32bn all-cash purchase of Wiz in March 2026, the largest cybersecurity deal ever, anchoring AI-era cloud and code security.

$32bn acquisition; Wiz crossed $1bn ARR in 2025.

Cyera

Securing the AI itself

Pure-play AI and data security platform addressing the governance gap enterprises are racing to close as shadow AI spreads.

$400M Series F (Jan 2026) at a $9bn valuation; $540M Series E earlier at $6bn.

Anthropic (defensive disclosure)

Threat bellwether

Its disruption and disclosure of GTG-1002 set the reference case for AI-orchestrated attacks and reshaped enterprise threat models overnight.

Private AI lab; disclosure, not a security vendor.

Abnormal Security

AI-email defense

AI-native defense against the deepfake- and LLM-enabled phishing surge, a leading candidate in the 2026 cybersecurity IPO pipeline.

Private; cited among top 2026 IPO candidates.

05 · Signals

What moved, and what to watch

Nov 2025

First AI-orchestrated espionage campaign disclosed

Anthropic reveals GTG-1002, with Claude running 80-90% of operations against ~30 targets — the threat model's inflection point.

2025-26

Cyber's largest exit ever

Google buys Wiz for $32bn (closed March 2026); Palo Alto acquires CyberArk for ~$25bn (closed Feb 2026), signaling AI-era consolidation.

Jul 2025

IBM quantifies the AI breach gap

97% of AI-related breaches involved missing AI access controls; shadow AI added $670K per breach, but AI users saved $1.9M.

2025-26

Agentic SOC goes GA

Charlotte AI, Purple AI 'Athena' and Cortex Agentix ship autonomous triage and remediation, moving from copilot to operator.

2026

Spend forecast jumps to $244bn

Gartner lifts 2026 infosec spend to $244bn (+13%), with AI on both attack and defense the key growth driver.

06 · The exposure read

Who’s defensible, who’s at risk

AI rewards clean, structured advantage and punishes friction. The line runs through who owns the data, the brand and the customer — and who is merely a step the technology can route around.

Defensible

  • AI-native platform vendors with proprietary telemetry — CrowdStrike, Palo Alto and SentinelOne — whose models improve with data scale competitors cannot match.
  • Hyperscalers folding security into the stack — Microsoft's ~$20bn security business and Google's $32bn Wiz bet turn cloud distribution into a security moat.
  • 'Securing the AI' pure plays like Cyera, riding the 17x spending gap between buying AI tools and protecting them, validated at a $9bn valuation.
  • Identity and data-layer specialists — CyberArk's ~$25bn takeout shows identity is the contested control point of the agentic era.

At risk

  • Signature-and-rules-bound legacy AV as AI-generated deepfakes and polymorphic phishing saturate 2025 campaigns and outrun static defenses.
  • Labor-arbitrage MSSPs and tier-2 SOCs whose analyst-hour economics collapse as agentic triage clears alert queues machine-fast.
  • Under-governed enterprises — the 63% with no settled AI policy and 97% of AI-breach victims lacking access controls are the soft targets autonomous attackers will find first.
  • Point tools without proprietary data, squeezed between consolidating platforms above and well-funded AI-native startups below.
The defensive and offensive curves are now powered by the same engine, so the winners will be decided less by who has AI than by who has the proprietary data, distribution and governance to compound it. The uncomfortable truth from 2025: the first fully autonomous attacker shipped before most defenders finished automating, and the governance layer is the furthest behind of all.

Sources

Where this comes from

Gartner: Worldwide information security spending to total $213B in 2025  ·  Gartner 2026 security forecast / AI-amplified market analysis ($49B to $160B, 17x gap)  ·  Gartner: Top 6 cybersecurity trends from the 2026 Security Forecast  ·  CrowdStrike Q4 & FY2025 financial results ($4.24bn ending ARR, +23%)  ·  CrowdStrike: securing the agentic enterprise (Charlotte AI)  ·  Palo Alto Networks Cortex XSIAM ARR analysis  ·  Palo Alto Networks completes ~$25B CyberArk identity acquisition  ·  Palo Alto Networks to acquire Chronosphere for $3.35B  ·  Microsoft Sentinel: the security platform for the agentic era  ·  Microsoft's ~$20B security business / Security Copilot  ·  SentinelOne Q4 & FY2025 results (revenue $821.5M, +32% FY; Purple AI 'Athena')  ·  Zscaler Q1 FY2026 results ($3.2bn ARR; AI-Security ARR)  ·  Anthropic: disrupting the first AI-orchestrated cyber espionage campaign (GTG-1002)  ·  IBM Cost of a Data Breach 2025 (AI savings $1.9M, shadow AI $670K, 97% access controls)