Claude’s New AI Vulnerability Scanner Sends Cybersecurity Shares Plunging

The stock of major companies such as CrowdStrike (NASDAQ: CRWD), Cloudflare (NYSE: NET), Okta (NASDAQ: OKTA), Zscaler (NASDAQ: ZS), Tenable (NASDAQ: TENB), Sailpoint (NASDAQ: SAIL), SentinelOne (NYSE: S), Fortinet (NASDAQ: FTNT), JFrog (NASDAQ: FROG), and Palo Alto Networks (NASDAQ: PANW) plunged in response to Anthropic’s announcement, in some cases more than 10%, erasing billions in market capitalization.By Tuesday, some companies saw partial recoveries, while others remained lower as of Tuesday’s close.Cybersecurity industry respondsThe cybersecurity industry is downplaying fears that AI could replace existing solutions or entire categories of tools, arguing that AI is an ally rather than a threat.Just days before the Claude announcement and the stock dive, Palo Alto Networks CEO Nikesh Arora said in an earnings call thatAI will not replace cybersecurity productsanytime soon. Arora said he is “confused” regarding why the market would treat AI as a threat to cybersecurity.CrowdStrike CEO George Kurtzrespondedto the Claude announcement, highlighting that when asked about it even Anthropic’s AI says the new security tool is not meant to replace CrowdStrike solutions, and that it would be very difficult for AI to replicate all the work that has gone into developing CrowdStrike products.“AI is powerful. It’s transformative. And it absolutely makes security better. But AI doesn’t eliminate the need for security. It increases it,” Kurtz said, adding, “If you want to build AI, you need GPUs. If you want to deploy AI, you need security. That’s not a hallucination – it’s a fact.”Glenn Weinstein, CEO of software artifact management platform Cloudsmith, toldSecurityWeekthat while the new Claude security tool is a welcome addition to developers’ toolset, it’s designed to complement existing security application testing tools, not replace them.Weinstein also noted, “The vast majority of code running in production is typically sourced from third-party binaries, not code you or your AI agents wrote in-house.”Guy Flechter, CEO and co‑founder of Sola Security, which provides an AI platform for security teams, commented, “Friday’s market reaction to Anthropic’s announcement says more about how powerful AI has become than about the collapse of the security stack.”“Claude Code Security doesn’t replace your endpoint, identity, or cloud platforms, it starts to change the state of mind of how you can do security and replaces the manual glue work between them,” Flechter toldSecurityWeek.“For years, security teams have relied on big solutions and humans to stitch together posture reviews, identity audits, compliance evidence, and cross-tool investigations across multiple consoles. AI is now strong enough to take on that burden. That’s not disruption for disruption’s sake, it’s long overdue evolution for the entire security industry,” he added.Joe Silva, CEO of vulnerability management firm Spektion, believes this moment represents a fundamental shift in application security that goes beyond tooling, and challenges the core assumptions of how defenders and attackers operate.“Think of this as the ultimate red-team tool and one that can reason about code like a seasoned analyst, not just match patterns. That’s powerful and it’s exactly why this announcement is sending ripples through the cybersecurity market,” Silva said.“However, don’t mistake this for a plateau,” Silva added. “In adversarial environments, capabilities are symmetrical but speed to operationalize is asymmetrical in favor of attackers. The very AI skills defenders laud today will be weaponized by attackers tomorrow to find unpredictable vectors, to pivot at machine speed, to uncover dangers static tools never even dreamed of.”Related:Taiwan Security Firm Confirms Flaw Flagged by CISA Likely Exploited by Chinese APTsRelated:Cybersecurity Firms React to China’s Reported Software Ban

By Tuesday, some companies saw partial recoveries, while others remained lower as of Tuesday’s close.Cybersecurity industry respondsThe cybersecurity industry is downplaying fears that AI could replace existing solutions or entire categories of tools, arguing that AI is an ally rather than a threat.Just days before the Claude announcement and the stock dive, Palo Alto Networks CEO Nikesh Arora said in an earnings call thatAI will not replace cybersecurity productsanytime soon. Arora said he is “confused” regarding why the market would treat AI as a threat to cybersecurity.CrowdStrike CEO George Kurtzrespondedto the Claude announcement, highlighting that when asked about it even Anthropic’s AI says the new security tool is not meant to replace CrowdStrike solutions, and that it would be very difficult for AI to replicate all the work that has gone into developing CrowdStrike products.“AI is powerful. It’s transformative. And it absolutely makes security better. But AI doesn’t eliminate the need for security. It increases it,” Kurtz said, adding, “If you want to build AI, you need GPUs. If you want to deploy AI, you need security. That’s not a hallucination – it’s a fact.”Glenn Weinstein, CEO of software artifact management platform Cloudsmith, toldSecurityWeekthat while the new Claude security tool is a welcome addition to developers’ toolset, it’s designed to complement existing security application testing tools, not replace them.Weinstein also noted, “The vast majority of code running in production is typically sourced from third-party binaries, not code you or your AI agents wrote in-house.”Guy Flechter, CEO and co‑founder of Sola Security, which provides an AI platform for security teams, commented, “Friday’s market reaction to Anthropic’s announcement says more about how powerful AI has become than about the collapse of the security stack.”“Claude Code Security doesn’t replace your endpoint, identity, or cloud platforms, it starts to change the state of mind of how you can do security and replaces the manual glue work between them,” Flechter toldSecurityWeek.“For years, security teams have relied on big solutions and humans to stitch together posture reviews, identity audits, compliance evidence, and cross-tool investigations across multiple consoles. AI is now strong enough to take on that burden. That’s not disruption for disruption’s sake, it’s long overdue evolution for the entire security industry,” he added.Joe Silva, CEO of vulnerability management firm Spektion, believes this moment represents a fundamental shift in application security that goes beyond tooling, and challenges the core assumptions of how defenders and attackers operate.“Think of this as the ultimate red-team tool and one that can reason about code like a seasoned analyst, not just match patterns. That’s powerful and it’s exactly why this announcement is sending ripples through the cybersecurity market,” Silva said.“However, don’t mistake this for a plateau,” Silva added. “In adversarial environments, capabilities are symmetrical but speed to operationalize is asymmetrical in favor of attackers. The very AI skills defenders laud today will be weaponized by attackers tomorrow to find unpredictable vectors, to pivot at machine speed, to uncover dangers static tools never even dreamed of.”Related:Taiwan Security Firm Confirms Flaw Flagged by CISA Likely Exploited by Chinese APTsRelated:Cybersecurity Firms React to China’s Reported Software Ban

The cybersecurity industry is downplaying fears that AI could replace existing solutions or entire categories of tools, arguing that AI is an ally rather than a threat.Just days before the Claude announcement and the stock dive, Palo Alto Networks CEO Nikesh Arora said in an earnings call thatAI will not replace cybersecurity productsanytime soon. Arora said he is “confused” regarding why the market would treat AI as a threat to cybersecurity.CrowdStrike CEO George Kurtzrespondedto the Claude announcement, highlighting that when asked about it even Anthropic’s AI says the new security tool is not meant to replace CrowdStrike solutions, and that it would be very difficult for AI to replicate all the work that has gone into developing CrowdStrike products.“AI is powerful. It’s transformative. And it absolutely makes security better. But AI doesn’t eliminate the need for security. It increases it,” Kurtz said, adding, “If you want to build AI, you need GPUs. If you want to deploy AI, you need security. That’s not a hallucination – it’s a fact.”Glenn Weinstein, CEO of software artifact management platform Cloudsmith, toldSecurityWeekthat while the new Claude security tool is a welcome addition to developers’ toolset, it’s designed to complement existing security application testing tools, not replace them.Weinstein also noted, “The vast majority of code running in production is typically sourced from third-party binaries, not code you or your AI agents wrote in-house.”Guy Flechter, CEO and co‑founder of Sola Security, which provides an AI platform for security teams, commented, “Friday’s market reaction to Anthropic’s announcement says more about how powerful AI has become than about the collapse of the security stack.”“Claude Code Security doesn’t replace your endpoint, identity, or cloud platforms, it starts to change the state of mind of how you can do security and replaces the manual glue work between them,” Flechter toldSecurityWeek.“For years, security teams have relied on big solutions and humans to stitch together posture reviews, identity audits, compliance evidence, and cross-tool investigations across multiple consoles. AI is now strong enough to take on that burden. That’s not disruption for disruption’s sake, it’s long overdue evolution for the entire security industry,” he added.Joe Silva, CEO of vulnerability management firm Spektion, believes this moment represents a fundamental shift in application security that goes beyond tooling, and challenges the core assumptions of how defenders and attackers operate.“Think of this as the ultimate red-team tool and one that can reason about code like a seasoned analyst, not just match patterns. That’s powerful and it’s exactly why this announcement is sending ripples through the cybersecurity market,” Silva said.“However, don’t mistake this for a plateau,” Silva added. “In adversarial environments, capabilities are symmetrical but speed to operationalize is asymmetrical in favor of attackers. The very AI skills defenders laud today will be weaponized by attackers tomorrow to find unpredictable vectors, to pivot at machine speed, to uncover dangers static tools never even dreamed of.”Related:Taiwan Security Firm Confirms Flaw Flagged by CISA Likely Exploited by Chinese APTsRelated:Cybersecurity Firms React to China’s Reported Software Ban

Just days before the Claude announcement and the stock dive, Palo Alto Networks CEO Nikesh Arora said in an earnings call thatAI will not replace cybersecurity productsanytime soon. Arora said he is “confused” regarding why the market would treat AI as a threat to cybersecurity.CrowdStrike CEO George Kurtzrespondedto the Claude announcement, highlighting that when asked about it even Anthropic’s AI says the new security tool is not meant to replace CrowdStrike solutions, and that it would be very difficult for AI to replicate all the work that has gone into developing CrowdStrike products.“AI is powerful. It’s transformative. And it absolutely makes security better. But AI doesn’t eliminate the need for security. It increases it,” Kurtz said, adding, “If you want to build AI, you need GPUs. If you want to deploy AI, you need security. That’s not a hallucination – it’s a fact.”Glenn Weinstein, CEO of software artifact management platform Cloudsmith, toldSecurityWeekthat while the new Claude security tool is a welcome addition to developers’ toolset, it’s designed to complement existing security application testing tools, not replace them.Weinstein also noted, “The vast majority of code running in production is typically sourced from third-party binaries, not code you or your AI agents wrote in-house.”Guy Flechter, CEO and co‑founder of Sola Security, which provides an AI platform for security teams, commented, “Friday’s market reaction to Anthropic’s announcement says more about how powerful AI has become than about the collapse of the security stack.”“Claude Code Security doesn’t replace your endpoint, identity, or cloud platforms, it starts to change the state of mind of how you can do security and replaces the manual glue work between them,” Flechter toldSecurityWeek.“For years, security teams have relied on big solutions and humans to stitch together posture reviews, identity audits, compliance evidence, and cross-tool investigations across multiple consoles. AI is now strong enough to take on that burden. That’s not disruption for disruption’s sake, it’s long overdue evolution for the entire security industry,” he added.Joe Silva, CEO of vulnerability management firm Spektion, believes this moment represents a fundamental shift in application security that goes beyond tooling, and challenges the core assumptions of how defenders and attackers operate.“Think of this as the ultimate red-team tool and one that can reason about code like a seasoned analyst, not just match patterns. That’s powerful and it’s exactly why this announcement is sending ripples through the cybersecurity market,” Silva said.“However, don’t mistake this for a plateau,” Silva added. “In adversarial environments, capabilities are symmetrical but speed to operationalize is asymmetrical in favor of attackers. The very AI skills defenders laud today will be weaponized by attackers tomorrow to find unpredictable vectors, to pivot at machine speed, to uncover dangers static tools never even dreamed of.”Related:Taiwan Security Firm Confirms Flaw Flagged by CISA Likely Exploited by Chinese APTsRelated:Cybersecurity Firms React to China’s Reported Software Ban

CrowdStrike CEO George Kurtzrespondedto the Claude announcement, highlighting that when asked about it even Anthropic’s AI says the new security tool is not meant to replace CrowdStrike solutions, and that it would be very difficult for AI to replicate all the work that has gone into developing CrowdStrike products.“AI is powerful. It’s transformative. And it absolutely makes security better. But AI doesn’t eliminate the need for security. It increases it,” Kurtz said, adding, “If you want to build AI, you need GPUs. If you want to deploy AI, you need security. That’s not a hallucination – it’s a fact.”Glenn Weinstein, CEO of software artifact management platform Cloudsmith, toldSecurityWeekthat while the new Claude security tool is a welcome addition to developers’ toolset, it’s designed to complement existing security application testing tools, not replace them.Weinstein also noted, “The vast majority of code running in production is typically sourced from third-party binaries, not code you or your AI agents wrote in-house.”Guy Flechter, CEO and co‑founder of Sola Security, which provides an AI platform for security teams, commented, “Friday’s market reaction to Anthropic’s announcement says more about how powerful AI has become than about the collapse of the security stack.”“Claude Code Security doesn’t replace your endpoint, identity, or cloud platforms, it starts to change the state of mind of how you can do security and replaces the manual glue work between them,” Flechter toldSecurityWeek.“For years, security teams have relied on big solutions and humans to stitch together posture reviews, identity audits, compliance evidence, and cross-tool investigations across multiple consoles. AI is now strong enough to take on that burden. That’s not disruption for disruption’s sake, it’s long overdue evolution for the entire security industry,” he added.Joe Silva, CEO of vulnerability management firm Spektion, believes this moment represents a fundamental shift in application security that goes beyond tooling, and challenges the core assumptions of how defenders and attackers operate.“Think of this as the ultimate red-team tool and one that can reason about code like a seasoned analyst, not just match patterns. That’s powerful and it’s exactly why this announcement is sending ripples through the cybersecurity market,” Silva said.“However, don’t mistake this for a plateau,” Silva added. “In adversarial environments, capabilities are symmetrical but speed to operationalize is asymmetrical in favor of attackers. The very AI skills defenders laud today will be weaponized by attackers tomorrow to find unpredictable vectors, to pivot at machine speed, to uncover dangers static tools never even dreamed of.”Related:Taiwan Security Firm Confirms Flaw Flagged by CISA Likely Exploited by Chinese APTsRelated:Cybersecurity Firms React to China’s Reported Software Ban

“AI is powerful. It’s transformative. And it absolutely makes security better. But AI doesn’t eliminate the need for security. It increases it,” Kurtz said, adding, “If you want to build AI, you need GPUs. If you want to deploy AI, you need security. That’s not a hallucination – it’s a fact.”Glenn Weinstein, CEO of software artifact management platform Cloudsmith, toldSecurityWeekthat while the new Claude security tool is a welcome addition to developers’ toolset, it’s designed to complement existing security application testing tools, not replace them.Weinstein also noted, “The vast majority of code running in production is typically sourced from third-party binaries, not code you or your AI agents wrote in-house.”Guy Flechter, CEO and co‑founder of Sola Security, which provides an AI platform for security teams, commented, “Friday’s market reaction to Anthropic’s announcement says more about how powerful AI has become than about the collapse of the security stack.”“Claude Code Security doesn’t replace your endpoint, identity, or cloud platforms, it starts to change the state of mind of how you can do security and replaces the manual glue work between them,” Flechter toldSecurityWeek.“For years, security teams have relied on big solutions and humans to stitch together posture reviews, identity audits, compliance evidence, and cross-tool investigations across multiple consoles. AI is now strong enough to take on that burden. That’s not disruption for disruption’s sake, it’s long overdue evolution for the entire security industry,” he added.Joe Silva, CEO of vulnerability management firm Spektion, believes this moment represents a fundamental shift in application security that goes beyond tooling, and challenges the core assumptions of how defenders and attackers operate.“Think of this as the ultimate red-team tool and one that can reason about code like a seasoned analyst, not just match patterns. That’s powerful and it’s exactly why this announcement is sending ripples through the cybersecurity market,” Silva said.“However, don’t mistake this for a plateau,” Silva added. “In adversarial environments, capabilities are symmetrical but speed to operationalize is asymmetrical in favor of attackers. The very AI skills defenders laud today will be weaponized by attackers tomorrow to find unpredictable vectors, to pivot at machine speed, to uncover dangers static tools never even dreamed of.”Related:Taiwan Security Firm Confirms Flaw Flagged by CISA Likely Exploited by Chinese APTsRelated:Cybersecurity Firms React to China’s Reported Software Ban

Glenn Weinstein, CEO of software artifact management platform Cloudsmith, toldSecurityWeekthat while the new Claude security tool is a welcome addition to developers’ toolset, it’s designed to complement existing security application testing tools, not replace them.Weinstein also noted, “The vast majority of code running in production is typically sourced from third-party binaries, not code you or your AI agents wrote in-house.”Guy Flechter, CEO and co‑founder of Sola Security, which provides an AI platform for security teams, commented, “Friday’s market reaction to Anthropic’s announcement says more about how powerful AI has become than about the collapse of the security stack.”“Claude Code Security doesn’t replace your endpoint, identity, or cloud platforms, it starts to change the state of mind of how you can do security and replaces the manual glue work between them,” Flechter toldSecurityWeek.“For years, security teams have relied on big solutions and humans to stitch together posture reviews, identity audits, compliance evidence, and cross-tool investigations across multiple consoles. AI is now strong enough to take on that burden. That’s not disruption for disruption’s sake, it’s long overdue evolution for the entire security industry,” he added.Joe Silva, CEO of vulnerability management firm Spektion, believes this moment represents a fundamental shift in application security that goes beyond tooling, and challenges the core assumptions of how defenders and attackers operate.“Think of this as the ultimate red-team tool and one that can reason about code like a seasoned analyst, not just match patterns. That’s powerful and it’s exactly why this announcement is sending ripples through the cybersecurity market,” Silva said.“However, don’t mistake this for a plateau,” Silva added. “In adversarial environments, capabilities are symmetrical but speed to operationalize is asymmetrical in favor of attackers. The very AI skills defenders laud today will be weaponized by attackers tomorrow to find unpredictable vectors, to pivot at machine speed, to uncover dangers static tools never even dreamed of.”Related:Taiwan Security Firm Confirms Flaw Flagged by CISA Likely Exploited by Chinese APTsRelated:Cybersecurity Firms React to China’s Reported Software Ban

Weinstein also noted, “The vast majority of code running in production is typically sourced from third-party binaries, not code you or your AI agents wrote in-house.”Guy Flechter, CEO and co‑founder of Sola Security, which provides an AI platform for security teams, commented, “Friday’s market reaction to Anthropic’s announcement says more about how powerful AI has become than about the collapse of the security stack.”“Claude Code Security doesn’t replace your endpoint, identity, or cloud platforms, it starts to change the state of mind of how you can do security and replaces the manual glue work between them,” Flechter toldSecurityWeek.“For years, security teams have relied on big solutions and humans to stitch together posture reviews, identity audits, compliance evidence, and cross-tool investigations across multiple consoles. AI is now strong enough to take on that burden. That’s not disruption for disruption’s sake, it’s long overdue evolution for the entire security industry,” he added.Joe Silva, CEO of vulnerability management firm Spektion, believes this moment represents a fundamental shift in application security that goes beyond tooling, and challenges the core assumptions of how defenders and attackers operate.“Think of this as the ultimate red-team tool and one that can reason about code like a seasoned analyst, not just match patterns. That’s powerful and it’s exactly why this announcement is sending ripples through the cybersecurity market,” Silva said.“However, don’t mistake this for a plateau,” Silva added. “In adversarial environments, capabilities are symmetrical but speed to operationalize is asymmetrical in favor of attackers. The very AI skills defenders laud today will be weaponized by attackers tomorrow to find unpredictable vectors, to pivot at machine speed, to uncover dangers static tools never even dreamed of.”Related:Taiwan Security Firm Confirms Flaw Flagged by CISA Likely Exploited by Chinese APTsRelated:Cybersecurity Firms React to China’s Reported Software Ban

Guy Flechter, CEO and co‑founder of Sola Security, which provides an AI platform for security teams, commented, “Friday’s market reaction to Anthropic’s announcement says more about how powerful AI has become than about the collapse of the security stack.”“Claude Code Security doesn’t replace your endpoint, identity, or cloud platforms, it starts to change the state of mind of how you can do security and replaces the manual glue work between them,” Flechter toldSecurityWeek.“For years, security teams have relied on big solutions and humans to stitch together posture reviews, identity audits, compliance evidence, and cross-tool investigations across multiple consoles. AI is now strong enough to take on that burden. That’s not disruption for disruption’s sake, it’s long overdue evolution for the entire security industry,” he added.Joe Silva, CEO of vulnerability management firm Spektion, believes this moment represents a fundamental shift in application security that goes beyond tooling, and challenges the core assumptions of how defenders and attackers operate.“Think of this as the ultimate red-team tool and one that can reason about code like a seasoned analyst, not just match patterns. That’s powerful and it’s exactly why this announcement is sending ripples through the cybersecurity market,” Silva said.“However, don’t mistake this for a plateau,” Silva added. “In adversarial environments, capabilities are symmetrical but speed to operationalize is asymmetrical in favor of attackers. The very AI skills defenders laud today will be weaponized by attackers tomorrow to find unpredictable vectors, to pivot at machine speed, to uncover dangers static tools never even dreamed of.”Related:Taiwan Security Firm Confirms Flaw Flagged by CISA Likely Exploited by Chinese APTsRelated:Cybersecurity Firms React to China’s Reported Software Ban

“Claude Code Security doesn’t replace your endpoint, identity, or cloud platforms, it starts to change the state of mind of how you can do security and replaces the manual glue work between them,” Flechter toldSecurityWeek.“For years, security teams have relied on big solutions and humans to stitch together posture reviews, identity audits, compliance evidence, and cross-tool investigations across multiple consoles. AI is now strong enough to take on that burden. That’s not disruption for disruption’s sake, it’s long overdue evolution for the entire security industry,” he added.Joe Silva, CEO of vulnerability management firm Spektion, believes this moment represents a fundamental shift in application security that goes beyond tooling, and challenges the core assumptions of how defenders and attackers operate.“Think of this as the ultimate red-team tool and one that can reason about code like a seasoned analyst, not just match patterns. That’s powerful and it’s exactly why this announcement is sending ripples through the cybersecurity market,” Silva said.“However, don’t mistake this for a plateau,” Silva added. “In adversarial environments, capabilities are symmetrical but speed to operationalize is asymmetrical in favor of attackers. The very AI skills defenders laud today will be weaponized by attackers tomorrow to find unpredictable vectors, to pivot at machine speed, to uncover dangers static tools never even dreamed of.”Related:Taiwan Security Firm Confirms Flaw Flagged by CISA Likely Exploited by Chinese APTsRelated:Cybersecurity Firms React to China’s Reported Software Ban

Source: SecurityWeek