The case for owning cybersecurity stocks in the age of artificial intelligence got stronger after new evidence showed that hackers are using AI to accelerate more sophisticated attacks. In a report this week, the Google Threat Intelligence Group found that, for the first time, a threat actor used an AI-developed zero-day exploit designed to circumvent two-factor authentication. That is the latest upgrade in the endless arms race: one side automates the breach, the other side sells the lock.
Who Benefits When Fear Sells
Google researchers said this is an example of adversaries increasingly leveraging AI to automate vulnerabilities, phishing campaigns and malware development. The article said this heightened threat environment is bullish for AI-native cybersecurity companies like Club holdings CrowdStrike and Palo Alto Networks because it reinforces the idea that cyber spending is mission-critical as companies need to partner with platform providers capable of detecting and responding to threats in real time.
The investment case for CrowdStrike is strengthened by its Falcon platform and Charlotte AI offerings around autonomous threat detection and response, while Palo Alto has emphasized its AI-driven platform strategy and intelligence capabilities. The Club has long owned buy-equivalent, 1-rated CrowdStrike, which it likes the best in the group, and has Palo Alto as a 3 rating, meaning it is looking to sell it into strength. Jim Cramer decided the portfolio only needs one cybersecurity name and wants to make room for other opportunities in other sectors.
Both cybersecurity companies were higher Tuesday after CrowdStrike and Palo Alto returned 44% and 38%, respectively, over the past month. CrowdStrike is just over 2% away from its closing record high of $557.53 on Nov. 10, 2025. Palo Alto is less than 3.5% off its Oct. 28, 2025 record close of $221.38. Both stocks are up roughly 16% year-to-date, while the S&P 500 is up about 7.5% year to date, down slightly Tuesday from the prior session's record closing high. The pair is also bucking the negative performance of the iShares Expanded Tech-Software Sector ETF, which is down nearly 16% in 2026. Jim has long argued that the IGV, as it is also called, should not be a comparison benchmark for cyber companies. CrowdStrike and Palo Alto together have a roughly 11.5% weighting, which is a drop in the bucket versus all the software names.
The Security Industry's Favorite Crisis
Google's threat report lands at a critical moment for the cybersecurity industry as companies race to secure increasingly complex AI environments. Investors have spent the last year debating whether AI could eventually reduce cyber costs by automating defensive solutions. Instead, Google's findings suggest the opposite may be happening, with AI lowering the barrier to entry for sophisticated attacks while the advent of companies adding AI agents exponentially increases points of vulnerability.
Barclays believes that dynamic could force companies to spend even more aggressively on cyber security defense systems like CrowdStrike and Palo Alto Networks. Barclays wrote in a Monday research note to investors that hackers are increasingly using large language models to find and exploit vulnerabilities, a trend that "will only accelerate with more advanced AI models." Barclays added, "This could only drive more spending on cybersecurity," and said the increase in AI-enabled attacks could drive demand for security tools. The analysts predicted security vendors could start to see "real revenue opportunity" this year from safeguarding against AI-driven attacks.
That is the clean little loop of corporate capture: the more fragile the digital world becomes, the more the market celebrates the firms selling protection from the damage. The people and companies exposed to these systems are left to buy their way into safety, while the vendors and investors read the threat as upside.
Project Glasswing and the Platform State
Anthropic's Claude Mythos, the AI startup's general-purpose cybersecurity-focused AI model, is also putting this conversation at the forefront. Last month, Anthropic launched Project Glasswing, a defensive cybersecurity initiative tied to its unreleased Claude Mythos model, alongside CrowdStrike and Palo Alto, as well as Amazon, Apple, Broadcom, Alphabet, Microsoft and Nvidia. Also part of the project are Cisco Systems, JPMorganChase and the Linux Foundation.
The initiative is designed to help companies use Mythos to identify vulnerabilities and strengthen defenses after Anthropic said the model has already found "thousands of high-severity vulnerabilities." CrowdStrike CEO George Kurtz made a similar case on "Mad Money" last month after Mythos findings were unveiled. Kurtz said, "You can't have AI without security. We're the experts at it." He added that one of the things holding back AI adoption is AI securitization, and said that is why CrowdStrike was chosen to be part of the solution in the Mythos partnership.
The roster tells its own story: the same giant firms building, funding, and profiting from the AI stack are also gathered around the table to manage the risks that stack creates. Project Glasswing is presented as defense, but it is also a consolidation of power across the companies best positioned to turn insecurity into recurring revenue.
Jim Cramer's Charitable Trust is long CRWD and PANW. As a subscriber to the CNBC Investing Club with Jim Cramer, readers receive a trade alert before Jim makes a trade. Jim waits 45 minutes after sending a trade alert before buying or selling a stock in his charitable trust's portfolio. If Jim has talked about a stock on CNBC TV, he waits 72 hours after issuing the trade alert before executing the trade. The article also included links to other CNBC Investing Club analysis stories. The whole setup is a polished pipeline: threat report, analyst note, media segment, trade alert, portfolio move. The public gets the narrative; the market gets the money.