New evidence confirming hackers are leveraging artificial intelligence to launch more sophisticated attacks has solidified the investment case for cybersecurity corporations, directly translating public vulnerability into private profit. A report released this week by the Google Threat Intelligence Group revealed the first instance of a threat actor employing an AI-developed zero-day exploit designed to bypass two-factor authentication. This development, which Google researchers cited as an example of adversaries increasingly automating vulnerabilities, phishing campaigns, and malware development, has been declared "bullish" for AI-native cybersecurity companies such as CrowdStrike and Palo Alto Networks, reinforcing the necessity for increased corporate spending on their platforms.
Profiting from Public Vulnerability
The heightened threat environment, where AI lowers the barrier to entry for sophisticated attacks and exponentially increases points of vulnerability, directly benefits the shareholders of cybersecurity firms. CrowdStrike and Palo Alto Networks have seen substantial gains in the market, with CrowdStrike returning 44% and Palo Alto 38% over the past month. CrowdStrike is now just over 2% away from its closing record high of $557.53, achieved less than one year ago on November 10, 2025. Palo Alto is less than 3.5% off its own record close of $221.38 from less than one year ago, on October 28, 2025. Both stocks are up approximately 16% year-to-date, significantly outperforming the S&P 500, which is up about 7.5% year-to-date.
Barclays analysts, in a research note to investors on Monday, May 12, 2026, predicted that the increasing use of large language models by hackers to find and exploit vulnerabilities "will only accelerate with more advanced AI models." This dynamic, according to Barclays, could force companies to spend "even more aggressively on cyber security defense systems," driving demand for security tools and creating "real revenue opportunity" for security vendors this year. CrowdStrike CEO George Kurtz articulated this market logic on "Mad Money" last month, stating, "You can't have AI without security. We're the experts at it," and linking AI securitization to the broader adoption of AI.
The Market's Solution: More Capital for Capital
The industry's response to this escalating threat is not a collective, public defense, but rather a further entrenchment of private solutions that generate profit. Anthropic, an AI startup, launched Project Glasswing last month, a defensive cybersecurity initiative tied to its unreleased Claude Mythos model. This project includes CrowdStrike and Palo Alto, alongside other major corporations such as Amazon, Apple, Broadcom, Alphabet, Microsoft, Nvidia, Cisco Systems, JPMorganChase, and the Linux Foundation. This collaboration among powerful private entities to address a systemic vulnerability underscores the privatization of what could be considered a collective security need, turning it into a new avenue for capital accumulation.
Jim Cramer, whose Charitable Trust is long CRWD and PANW, has advocated for owning cybersecurity stocks, further illustrating how financial media promotes investment in firms that profit from these escalating threats. The debate among investors over the past year regarding whether AI could reduce cyber costs by automating defensive solutions has been decisively answered: Google's findings suggest the opposite, with AI lowering the barrier to entry for sophisticated attacks while increasing points of vulnerability, thereby necessitating more spending and generating more revenue for cybersecurity corporations. This cycle ensures that the costs of navigating a technologically advanced threat landscape are borne by companies (and ultimately consumers and workers), while the profits are concentrated among a select group of corporations and their investors.