Cybersecurity stocks are getting hammered - and the trigger wasn't a breach. It was a product launch.

On February 20 at 1:00 PM ET, Anthropic announced "Claude Code Security," an automated AI tool designed to scan codebases for vulnerabilities. Within minutes, cybersecurity names began selling off.

Since the announcement:

  • CrowdStrike Holdings Inc. (CRWD  ) is down nearly 17%, marking its worst four-day stretch since 2022.
  • Okta Inc. (OKTA  ) has fallen 13%.
  • Zscaler Inc. (ZS  ) is down 11%.
  • Palo Alto Networks Inc. (PANW  ) has dropped 8.6%.
  • SentinelOne Inc. (S  ) is off 6%.
The broader sector, tracked by the First Trust Nasdaq Cybersecurity ETF (CIBR  ), has slid to late-April 2025 lows and is now down for seven consecutive weeks - the longest losing streak since 2015.

The market's message was clear: If AI can automate vulnerability scanning, are cybersecurity margins next?

Is This An Overreaction?

Bank of America analyst Madeline Brooks said the market reaction may be overdone.

"Anthropic's announcement... shook investor confidence in cyber stocks. We disagree," she wrote in a note to clients on Tuesday.

Claude Code Security focuses on pre-production code scanning - helping developers find vulnerabilities before deployment.

That's meaningful for application security.

But modern cybersecurity platforms operate at runtime - continuously monitoring endpoints, networks and cloud environments with near-perfect accuracy requirements.

"While AI-based tools offer an enhancement, they remain sensitive to prompt phrasing and lose context outside well-bounded tasks," Brooks wrote.

AI code scanning lacks runtime visibility, control authority and proprietary telemetry.

"We view them as augmentation layers, not platform displacement," Brooks said.

Cybersecurity Edge Still Intact

According to Brooks, the structural advantages of major cybersecurity platforms remain intact.

They collect massive amounts of proprietary data from endpoints, networks, user identities and cloud systems, giving them visibility AI tools alone don't have.

Their platforms also use real-time sensors that monitor live activity and can immediately block threats.

On top of that, they integrate all these signals into deep workflow systems that help security teams respond quickly across complex environments.

"These characteristics are difficult to replicate, and we believe diversified cybersecurity vendors are the best positioned," Brooks said.