Cybersecurity was one of the more resilient areas of the technology market in recent years, supported in part by AI tailwinds as the proliferation of large language models contributed to a surge in cyber threats and heightened demand for advanced security solutions. However, as AI disruption fears spread across the broader software sector in recent months, valuations began to reset—with cybersecurity increasingly drawn into the sell-off.

The correction intensified following Anthropic’s release of Claude Code Security and its latest model demonstrating advanced “vibe coding” capabilities, alongside the emergence of new AI agents such as OpenClaw. These developments have increased market concerns over whether AI could meaningfully replace elements of core cybersecurity platforms rather than simply augment cybersecurity workflows. Recent share price reactions suggest markets are pricing in a disruption scenario, even as underlying fundamentals across much of the sector remain broadly intact.

Explaining Anthropic’s Claude Code Security

On February 20, 2026, Anthropic released Claude Code Security, an AI-powered application security tool currently in limited research preview. It scans codebases for vulnerabilities before suggesting fixes to a human reviewer. Human review is an important point to highlight, as Claude Code Security doesn’t automatically deploy patches or operate in live production environments. Its role is to assist security teams in managing growing vulnerability backlogs, not replace them.

However, the ensuing market reaction, which came on top of previous weeks of correction in the space, reflects concerns that AI-driven tools like Claude Code Security could eat into revenues of cybersecurity businesses and bode further disruption of the field. Investors fear that portions of the security stack could face margin pressure or reduced differentiation. These concerns have strongly weighed on the share prices of cybersecurity companies, resulting in significant discounts to recent highs observed after the release of ChatGPT in November 2022 (Figure 1).

Figure 1: Latest Sell-Off, Sales Growth and Valuations of Companies in the WisdomTree Cybersecurity Fund (WCBR)

However, it is important to highlight that Claude Code Security, while being a powerful tool showcasing how far AI has come, does not replace endpoint detection and response (EDR), identity and access management (IAM), zero trust network access, cloud security, SIEM/SOC platforms, or resilience infrastructure. These operate at runtime and enforcement layers of the security stack, which require telemetry ingestion, real-time response, infrastructure deployment, and compliance governance beyond code analysis.

Disruption Fears vs. Enterprise Reality

While developments such as vibe coding have fueled disruption narratives across the software sector, their real-world enterprise impact remains largely untested. Generative models capable of rapidly producing functional code may demonstrate impressive capabilities in controlled environments, but large organizations operate under strict governance, compliance, resilience and audit requirements—particularly in cybersecurity, where tolerance for failure is minimal and trust is foundational.

Enterprise security architectures are built not only on technical performance but also on reliability, explainability, regulatory alignment and accountability. In that context, AI-driven coding advances are more likely to augment existing workflows than to replace the deeply embedded security frameworks that underpin modern digital operations. At the same time, cybersecurity businesses are already integrating artificial intelligence into their offerings, both from the perspective of using AI to enhance cybersecurity capabilities and using cybersecurity to secure AI applications. Hence, they are well positioned to benefit from such AI developments while also serving as some of AI’s strongest adopters.

Expert view from Team8, WisdomTree’s expert partner on the WisdomTree Team8 Cybersecurity Index:

"The market's recent reaction to Anthropic’s Claude Code announcement—a ‘sell-off’ impacting giants like Okta and CrowdStrike—appears to be a significant overreaction that ignores the fundamental architecture of enterprise security. While Claude Code is a powerful 'Shift Left' tool that disrupts manual code-triage by automating vulnerability identification and patching, it is an evolution of the developer's toolkit, not a replacement for a cybersecurity platform.

Securing an organization is vastly more complex than a single developer’s experience. Critical functions like Product Security—which includes architectural threat modeling, cloud infrastructure configuration, and strict regulatory compliance – cannot be solved by a code-level LLM alone. We believe these frontier models will serve as the 'intelligent glue' that reduces the manual workload of security teams, rather than acting as a standalone vendor capable of replacing the identity, governance, and real-time protection layers that market leaders provide. For investors, the current dip likely represents a correction of sentiment rather than a shift in fundamental value, as the industry moves toward a future where AI handles the reasoning and existing platforms provide the enforcement."

—Liran Grinberg, Co-Founder & Managing Partner, Team8.

The Other Side of the Coin: AI Expands the Attack Surface

While markets have focused on AI as a potential disruptor of cybersecurity vendors, the more powerful structural force may be that AI is expanding digital risk itself. AI is accelerating both defenders and attackers: it improves vulnerability detection and secure coding capabilities, but it can also compress attackers’ discovery cycles and speed up exploitation. As software velocity rises, this dynamic strengthens the case for layered, AI-augmented security architectures.

More broadly, AI appears to be increasing the scale and complexity of cyber risk. A January 2026 World Economic Forum report shows that nearly nine in ten organizations view AI-related vulnerabilities as the fastest-growing source of cyber risk. At the same time, 64% now review the security of AI tools before deployment, up from 37% in 2025—clear evidence that AI adoption is translating into greater demand for security oversight.

As AI models become more capable and autonomous, from advanced vibe coding to agentic workflows, this dynamic is unlikely to slow. If anything, recent breakthroughs may accelerate both innovation and exploitation, reinforcing the need for comprehensive, enterprise-grade cybersecurity rather than diminishing it.

Bottom Line: Disrupted or Discounted?

The recent sell-off suggests markets might be increasingly pricing in a disruption scenario. Yet with valuations across the cybersecurity universe compressing sharply, as evident by historical valuations of the WisdomTree Cybersecurity Fund (WCBR) (Figure 2), the reset might be driven largely by sentiment, uncertainty around AI’s longer-term impact and liquidity-driven positioning shifts, rather than clear evidence of structural deterioration.

Figure 2: Valuations of the WisdomTree Cybersecurity Fund (WCBR) Have Just Touched a Historical Bottom

Periods of elevated macro uncertainty and rapid technological change often amplify short-term trading dynamics, particularly in high-growth areas. Importantly, there is no indication of broad customer rotation or significant slowdown in growth in the latest earnings reports. Given that long-term tailwinds for cybersecurity are being reinforced by AI, and that leading cybersecurity businesses are poised to remain the dominant choice for enterprise adoption, the current environment may represent a rare opportunity to build exposure to a foundational digital infrastructure theme at historically discounted levels.