Cybersecurity stocks have faced significant headwinds so far in 2026, driven by a combination of AI disruption fears, rotation into AI hardware names, and broader multiple compression across high-growth software. CNBC reported that the selloff accelerated in late February after Anthropic introduced Claude Code Security, a new AI capability designed to scan codebases for vulnerabilities.1 Markets quickly extrapolated the announcement into a broader threat to cybersecurity vendors, triggering a sharp sector-wide decline. According to GovInfoSecurity, public cybersecurity companies have largely met or exceeded earnings expectations in 2026—stock prices are falling even as fundamentals hold, raising the question of whether the market is mispricing the sector.2

The AI Disruption Narrative vs. Reality

The concern is understandable on the surface: if AI can automatically identify and patch vulnerabilities, does that undercut the business model of cybersecurity vendors? CNBC noted that the Claude Code Security tool primarily challenges specialised code-scanning platforms such as GitLab and JFrog, rather than the comprehensive cybersecurity platforms that handle endpoint protection, threat detection, and incident response.1 The pattern is a familiar one in technology investing: an AI model demonstrates a new capability, investors panic, the sector sells off, and, as J.P. Morgan notes, fundamentals are temporarily ignored.6

Industry leaders have pushed back strongly against the disruption narrative. CrowdStrike CEO George Kurtz has emphasised that AI ultimately expands the need for cybersecurity rather than replacing it: as automation accelerates development and deployment cycles, the potential attack surface grows alongside it.1 Palo Alto Networks CEO Nikesh Arora similarly questioned why the market is treating AI as a threat to the sector when the technology is simultaneously making attacks more sophisticated and harder to detect.3

Rather than retreating from AI, both companies are investing aggressively to embed it into their platforms. Palo Alto Networks completed a $25 billion acquisition of CyberArk and purchased AI observability platform Chronosphere, while CrowdStrike launched Charlotte AI AgentWorks, a no-code platform enabling customers to deploy custom AI-powered security agents at scale.3,4,5

Real-World Threats Are Escalating, Not Retreating

While markets debate the long-term implications of AI for cybersecurity business models, real-world cyber threats are escalating at an unprecedented pace. The Middle East conflict has emerged as a powerful illustration of why cybersecurity spending is structurally non-discretionary.

Calcalist reported that following Israeli strikes on Iran in June 2025, cyberattacks targeting Israel surged 700% within 48 hours, spanning government, financial, telecommunications, and critical infrastructure targets.7 The situation intensified further in February 2026 when coordinated U.S.–Israeli strikes triggered a multi-vector Iranian cyber retaliation campaign. Palo Alto Networks Unit 42 reported that over 60 active hacktivist groups were observed within days, while Halcyon documented that Iranian state-aligned APT groups escalated targeting of critical infrastructure, healthcare, and telecommunications across the region and beyond.8,9

The Center for Strategic and International Studies (CSIS) has assessed that cyber has become a distinct warfighting domain, with spillover risks extending to countries far beyond the immediate conflict zone.10 For organisations across North America, Europe, and the Asia-Pacific, the message is clear: cybersecurity budgets are not a line item that can be deferred when markets get jittery about AI.

Sentiment vs. Fundamentals: A Familiar Disconnect

Taken together, the recent cybersecurity selloff appears more reflective of near-term sentiment and valuation compression than a deterioration in fundamentals. AI is reshaping how software is built and secured, but it is simultaneously increasing the scale, speed, and sophistication of cyber threats. The escalating geopolitical cyber landscape reinforces the long-term importance of diversified cybersecurity providers capable of integrating AI directly into their platforms.

Diversified Cybersecurity Exposure Through CYBR

The recent pullback may present an attractive entry point for investors seeking exposure to a structurally growing industry. The Evolve Cyber Security Index Fund (CYBR) provides exposure across multiple leaders in endpoint protection, cloud security, and network defence, reducing single-company and concentration risk while capturing innovation across the broader ecosystem.

As volatility driven by AI headlines creates dispersion within the sector, diversified exposure can help investors participate in long-term growth while mitigating company-specific uncertainty. A broad-based approach may help investors avoid the risk of being on the wrong side of a single-name bet.

For more information, visit https://evolveetfs.com/product/cybr/.