The stocks of major cybersecurity companies have fallen sharply after AI firm Anthropic unveiled a new security capability for its Claude LLM. 

Anthropic announced on Friday that its AI-powered coding assistant Claude Code is being enhanced with a new capability designed for finding vulnerabilities.

The new capability is named Claude Code Security and it’s currently available in limited preview to Enterprise and Team customers. It’s designed to scan code for vulnerabilities and suggest patches. Developers can review the patch suggestions and decide whether they want to apply them.

Similar tools have been available for some time. GitHub has been offering AI-powered vulnerability remediation capabilities for years, and Google has also been making significant progress in this area.

While the new Claude capability is limited to finding vulnerabilities in code, the markets reacted to the announcement and the shares of major cybersecurity companies fell over fears that AI could replace their solutions. 

Broader software stocks have faced pressure in recent weeks amid AI disruption concerns, and cybersecurity firms are now experiencing similar volatility.

The stock of major companies such as CrowdStrike (NASDAQ: CRWD), Cloudflare (NYSE: NET), Okta (NASDAQ: OKTA), Zscaler (NASDAQ: ZS), Tenable (NASDAQ: TENB), Sailpoint (NASDAQ: SAIL), SentinelOne (NYSE: S), Fortinet (NASDAQ: FTNT), JFrog (NASDAQ: FROG), and Palo Alto Networks (NASDAQ: PANW) plunged in response to Anthropic’s announcement, in some cases more than 10%, erasing billions in market capitalization. 

By Tuesday, some companies saw partial recoveries, while others remained lower as of Tuesday’s close.

Cybersecurity industry responds

The cybersecurity industry is downplaying fears that AI could replace existing solutions or entire categories of tools, arguing that AI is an ally rather than a threat.

Just days before the Claude announcement and the stock dive, Palo Alto Networks CEO Nikesh Arora said in an earnings call that AI will not replace cybersecurity products anytime soon. Arora said he is “confused” regarding why the market would treat AI as a threat to cybersecurity. 

CrowdStrike CEO George Kurtz responded to the Claude announcement, highlighting that when asked about it even Anthropic’s AI says the new security tool is not meant to replace CrowdStrike solutions, and that it would be very difficult for AI to replicate all the work that has gone into developing CrowdStrike products.

“AI is powerful. It’s transformative. And it absolutely makes security better. But AI doesn’t eliminate the need for security. It increases it,” Kurtz said, adding, “If you want to build AI, you need GPUs. If you want to deploy AI, you need security. That’s not a hallucination – it’s a fact.”

Glenn Weinstein, CEO of software artifact management platform Cloudsmith, told SecurityWeek that while the new Claude security tool is a welcome addition to developers’ toolset, it’s designed to complement existing security application testing tools, not replace them.

Weinstein also noted, “The vast majority of code running in production is typically sourced from third-party binaries, not code you or your AI agents wrote in-house.”

Guy Flechter, CEO and co‑founder of Sola Security, which provides an AI platform for security teams, commented, “Friday’s market reaction to Anthropic’s announcement says more about how powerful AI has become than about the collapse of the security stack.”

“Claude Code Security doesn’t replace your endpoint, identity, or cloud platforms, it starts to change the state of mind of how you can do security and replaces the manual glue work between them,” Flechter told SecurityWeek. 

“For years, security teams have relied on big solutions and humans to stitch together posture reviews, identity audits, compliance evidence, and cross-tool investigations across multiple consoles. AI is now strong enough to take on that burden. That’s not disruption for disruption’s sake, it’s long overdue evolution for the entire security industry,” he added.

Joe Silva, CEO of vulnerability management firm Spektion, believes this moment represents a fundamental shift in application security that goes beyond tooling, and challenges the core assumptions of how defenders and attackers operate.

“Think of this as the ultimate red-team tool and one that can reason about code like a seasoned analyst, not just match patterns. That’s powerful and it’s exactly why this announcement is sending ripples through the cybersecurity market,” Silva said. 

“However, don’t mistake this for a plateau,” Silva added. “In adversarial environments, capabilities are symmetrical but speed to operationalize is asymmetrical in favor of attackers. The very AI skills defenders laud today will be weaponized by attackers tomorrow to find unpredictable vectors, to pivot at machine speed, to uncover dangers static tools never even dreamed of.”