Published on: 2026-05-08
Cybersecurity stocks spent early 2026 being treated as collateral damage in the AI trade. Capital rotated into chips, servers, and infrastructure while software names sat out the rally. Then Fortinet reported a quarter so far above expectations that it forced the market to revisit a question it had stopped asking: what happens to security spending when AI becomes the attack?
The answer is showing up in revenues, billings, and enterprise budgets simultaneously. Cybersecurity is not being disrupted by AI. It is being restructured by it, and the Nasdaq-listed companies leading that restructuring are now recording some of their strongest forward numbers in years.
The numbers around AI-driven attacks are striking on their own. Phishing campaigns built with generative AI have grown 1,265% since Q4 2022. They achieve click-through rates of 54%, compared to roughly 12% for traditional attempts. Cybercrime is projected to cost the global economy $10.5 trillion annually, up from $3 trillion a decade ago.
Those figures explain the urgency. They do not fully explain the rally.
The spending case for cybersecurity stocks does not rest on fear alone. It rests on a structural change in how enterprises buy security.
Before AI, a company could run 20 different security vendors, each owning a specific layer: firewalls, endpoints, cloud access, identity, email. Fragmentation was manageable because threats moved slowly enough for analysts to correlate alerts across siloed systems.
However, AI-driven threats do not move slowly. They cross identity, cloud, endpoint, and data layers within the same attack sequence. A fragmented security architecture cannot respond fast enough. The answer enterprises have landed on is consolidation: fewer vendors, deeper integrations, and platforms that use AI to correlate threats automatically.
That procurement shift is what makes cybersecurity stocks a structural story, not just a reaction to headlines. The scale of spending confirms it:
Global cybersecurity spending is forecast to exceed $520 billion in 2026, up from $260 billion in 2021
The AI security subset alone is projected to grow from $26.55 billion in 2024 to more than $234 billion by 2032
The demand is not being manufactured. It is being pulled by enterprises that have no viable alternative.
CrowdStrike built Falcon as a cloud-native platform across endpoints, cloud workloads, identity and AI agent workflows. Annual recurring revenue reached $5.25 billion in Q4 fiscal 2026, up 24% year over year. Net new ARR rose 47% to a record $331 million. Falcon Flex accounts reached $1.69 billion in ending ARR, up more than 120%.
Falcon Flex allows customers to add modules without restarting long procurement cycles. That makes CrowdStrike less dependent on single-product decisions and more tied to broader platform adoption. The company estimates its addressable market could grow to $300 billion by 2030, from $140 billion today.
Palo Alto Networks is pursuing a similar endgame through platformization. Its model spans corporate networks, cloud environments, security operations, AI protection and identity. Fiscal second-quarter revenue rose 15% to $2.6 billion. Next-generation security ARR increased 33% to $6.3 billion, while remaining performance obligation rose 23% to $16.0 billion.
Its completed $25 billion CyberArk acquisition adds a more important layer: identity security. Palo Alto described identity as a core pillar for the AI era, covering human, machine and agentic identities.
Zscaler sits in a different part of the stack. Its zero trust platform sits inline, which means traffic between users, AI tools and enterprise applications passes through its system before reaching the destination. That position gives Zscaler unusual visibility into AI adoption.
Enterprise AI and machine-learning activity across Zscaler’s platform rose 91% year over year in 2025. Data transfers to AI and machine-learning applications rose 93% to 18,033 terabytes. The number of AI and machine-learning applications generating transactions also climbed above 3,400.
Those figures show why AI creates a data-security problem, not just a threat-detection problem. Every prompt, upload and automated workflow can move sensitive information into new environments.
Zscaler’s latest quarter showed the financial side of the same trend. Revenue grew 26% year over year to about $816 million, while ARR increased 25% to $3.36 billion.
Traditional perimeter security was built for a world where most threats came from outside the network. AI changes the map. Risk can now enter through compromised agents, stolen credentials, embedded AI tools and unmanaged data transfers. Zero trust becomes relevant as the perimeter disappears.
Fortinet delivered the clearest market signal that AI security demand has moved into real budgets.
In Q1 2026, revenue reached $1.85 billion, above the $1.73 billion expected by analysts. Adjusted earnings were $0.82 per share, compared with expectations of $0.62. Billings increased 31% year over year to $2.09 billion, above estimates of $1.82 billion. The stock surged 23% after the report.
The important point was not the beat alone. It was the source of demand.
Enterprises are upgrading firewall and network infrastructure to handle higher traffic loads, encrypted workloads and the performance needs of AI data centers. This is not routine software spending. It is infrastructure replacement tied to a different threat environment.
Fortinet also brings a less obvious angle to the AI security trade. The company combines custom chips, hardware appliances and security software. That gives it exposure to physical network upgrades, not only cloud security subscriptions. In a market crowded with pure software stories, Fortinet offers a more infrastructure-linked profile.
Fortinet says it holds a 55% unit share of the global firewall market. That installed base gives the company a direct path into the AI-driven network upgrade cycle.
Every AI agent operating inside an enterprise needs credentials, permissions, and access controls. Most companies do not have a clear inventory of their machine identities today. As agentic AI workflows scale through 2026 and beyond, machine identity management becomes a security imperative, not a nice-to-have. Palo Alto’s CyberArk acquisition and CrowdStrike’s identity modules are both positioned for this specific problem.
AI governance frameworks are advancing across the U.S. and Europe. Requirements around data sovereignty, model access controls, and AI audit trails are pushing cybersecurity spend from discretionary into compliance-driven. Budgets tied to regulatory requirements are stickier and less vulnerable to macroeconomic slowdowns.
The move from 20 vendors to 3 platforms does not reduce security spend. It concentrates it. Platform companies capture a larger share of a customer’s total security budget, which is why ARR metrics at CrowdStrike and Palo Alto continue to grow even as enterprise IT budgets face scrutiny.
The evidence leans toward durability for structural reasons. AI deployment inside enterprises is still early. Platform consolidation is a multi-year transition. Regulatory pressure is increasing, not stabilizing. Each of these forces creates compounding demand for the leading Nasdaq cybersecurity stocks.
The risk is concentrated in valuation. These companies carry premium multiples. A guidance miss, a macroeconomic shock, or a rotation back to AI infrastructure could produce sharp drawdowns regardless of underlying business quality.
Evaluating the setup requires separating two different causes of a stock decline. A pullback driven by macro sentiment is different from one driven by slowing ARR, shrinking deal sizes, or declining billings growth.
The first reflects the market. The second reflects the business. High-conviction positions in software growth companies are typically built during the first type and reconsidered during the second.
Cybersecurity stocks were mispriced because the market applied a software-disruption framework to a category where AI works in the opposite direction. More AI deployment means more attack surface, more machine identities, more data in motion, and more pressure to consolidate fragmented security stacks.
CrowdStrike, Palo Alto Networks, Zscaler, and Fortinet each capture a different dimension of that pressure: platform consolidation, identity security, data governance, and infrastructure upgrades. Together, they represent a sector where the spending case has shifted from strategic to structural.
The rally no one saw coming has a straightforward explanation. The threat is real, the spending is following, and the market had priced the sector as if neither were true.
