Anthropic’s Claude Code Security sent cybersecurity stocks sliding — roughly $20 billion in market cap, gone in one session. Right after the announcement JFrog lost nearly a quarter of its value, CrowdStrike and Cloudflare dropped about 8% each. Investors are asking a very simple question: if an AI can find vulnerabilities and suggest patches, why pay for expensive enterprise tools?
There’s a lot to welcome here. Claude Code Security doesn’t just flag an issue — it explains the risk, suggests a fix, and formats the output for a pull request or a ticket. For small and mid-sized businesses running one-off audits or pre-release checks, that’s a genuine step forward. Competitors — cloud, on-prem, local — will inevitably follow, and that raises the floor for the entire industry.
The risk I’d watch for is false comfort. A developer writes code, Claude checks it, suggests a fix, the pull request goes through — and suddenly the dedicated security tools feel like overhead. Just another audit layer that shows up after the decision is already made. But today’s best AI model produces code that is both working and secure only 56% of the time. The more teams rely on that alone, the more vulnerabilities make it to production. Skipping dedicated analysis doesn’t simplify the pipeline but weakens it.
There are also things AI simply can’t do yet. In some countries regulators won’t let you replace a certified scanning tool that has an audit trail with a chat conversation. Language models still struggle with binary analysis when there’s no source code. And the most critical work in threat defence — real-time darknet monitoring, fresh indicators of compromise, attribution of threat actors, spotting intentional backdoors in supply chains — all of that runs on proprietary intelligence that no public model has access to. That’s where specialised platforms remain indispensable. The market will stratify, no question — but deep cybersecurity expertise isn’t going anywhere.
