When AI developer Anthropic recently introduced security features in its AI coding tool Claude Code, the cybersecurity sector took a direct hit. Concerns emerged that AI tools could replace security work, and shares of leading cybersecurity firms fell. A broad view is that AI will not be able to shake cybersecurity firms' core businesses easily.

On Feb. 23, CrowdStrike and Zscaler each fell 9 percent, while Netskope dropped nearly 10 percent. SailPoint slid 6 percent, and Okta, SentinelOne and Fortinet fell more than 4 percent. Palo Alto Networks also closed down 2 percent.

As speculation grows that AI tools like Anthropic's could replace enterprise software, some see a risk that a stock slump in related sectors could spread to the security market. Claude Code Security, introduced by Anthropic on Feb. 20, scans code written by Claude Code to find vulnerabilities and suggest patches.

The company said Claude Code Security performs context-based analysis rather than simple static code analysis. It says the tool understands interactions among components like a human security researcher, tracks data flows and detects complex vulnerabilities that rule-based tools miss. Claude Opus 4.6 found and verified more than 500 high-risk vulnerabilities in open-source code, it said.

People make the final decision on whether to apply patches. The company said Claude Code Security only finds problems and proposes solutions. Claude Code Security has not been officially released and is available as a limited research preview, but it still sent ripples through major cybersecurity stocks. It was a broadly similar scene to when Anthropic earlier introduced a co-work feature in Claude Code that lets non-developers build apps to automate tasks using natural language, which led to a selloff in enterprise software.

As AI models improve their ability to analyse application security vulnerabilities, it does not appear likely that Anthropic will stop its security push at Claude Code Security. OpenAI is also continuing to roll out its own AI-based tools.

With that in mind, a scenario in which AI companies go head-to-head with security firms seems plausible. The recent declines in major cybersecurity stocks also appear related. The idea is that when an AI model company releases a feature, it can affect shares in industries tied to that function, and the cybersecurity sector is no exception.

The playing field around AI security continues to expand. Big Tech companies are also increasing the money they put into AI security.

Amazon runs its own system that uses AI agents to detect security flaws and suggest fixes. Microsoft has a group of security agents that prioritise vulnerabilities, identify affected devices and automate patching. Google announced in November 2024 that its large language model-based bug detection tool, Big Sleep, found a memory safety vulnerability in a real environment and fixed it before the code's official release. It also recently introduced an automatic patch-generation agent, CodeMender. OpenAI said in October last year it was internally testing a GPT-5-based security agent system called Aardvark.

Still, many view the security sector's stock declines stemming from Anthropic's moves as an overreaction.

Axios reported recently that Claude Code Security will compete directly with other code security companies, but it will not be easy to shake security firms' core businesses. Companies need a layered approach to defend against and detect cyber attacks. Axios said Claude Code Security can help write vibe-coding projects more safely, but it cannot detect an intruder hiding in a network or an employee clicking a phishing link.

Aaron Jacobson (에런 제이콥슨), a partner at NEA, said, "AI may make it more likely that more secure software will come out from the design stage, but cybersecurity is a human problem, not a technical one." Raymond James analyst Mark Cash said in a report the market reaction was "excessive" and pointed out that the market was "speculating far beyond current functionality" of Claude Code Security.

Axios said it has been gauging venture capital investors' assessment of the investment value of standalone AI-based code security companies in recent months, and that VCs believe corporate security teams are unlikely to try to consolidate all security requirements into a single AI vendor.

People in the security sector also moved quickly to counter the evolving AI-driven threat narrative. CrowdStrike CEO George Kurtz said on LinkedIn, "AI is powerful and transformative. And it definitely raises the level of security. But AI does not eliminate the need for security. It increases that need."