Newsletter · · Ashutosh Agarwal

Cybersecurity Becomes Wall Street's Top AI Trade Behind a Model Named Mythos - Cybersecurity - Week of July 14, 2026

Cybersecurity for the week of July 14, 2026. Palo Alto CEO Nikesh Arora and Jim Cramer put cyber at the top of the AI spending list on CNBC, and the demand catalyst finally got a name in Mythos, Anthropic's autonomous vulnerability-hunting model, even as operators warned the economics of running these models at scale are brutal.

Cybersecurity

Week of July 14, 2026: Cybersecurity Becomes Wall Street's Top AI Trade Behind a Model Named Mythos


TL;DR

  • Cybersecurity graduated from "interesting theme" to Wall Street's favorite AI trade this week. Palo Alto CEO Nikesh Arora sat for a CNBC exclusive (the stock is up around 75% this year), and hours earlier on the same network Jim Cramer put cyber at the very top of the corporate spending list: "our number one priority is cybersecurity." His reason for the move in Palo Alto was one word: "unbelievable since Mythos."
  • Mythos is the reason. It's Anthropic's most powerful AI model, an autonomous "vulnerability hunter" that in government tests reportedly broke into classified NSA and Cyber Command systems in hours. The U.S. military blacklisted Anthropic as a "supply chain risk", while CISA and the NSA quietly use the same model to defend federal code. This is the demand catalyst the bulls have described for months, now with a name and a body count of found flaws.
  • The numbers finally showed up too. A dedicated investing podcast walked through CrowdStrike ($5.5B in recurring revenue, growing 24%, 33x sales) versus Palo Alto (over $8B in recurring revenue, 21x sales, fresh off a $25B deal for CyberArk). Both are "priced for perfection." The bull case: AI will force the world to buy "10 times as much cybersecurity" over the next year or two.
  • The quieter, important counter-story: the economics of AI-powered security are brutal. One startup CEO said running these models on a big customer would have cost $4 million a week, and running Mythos on every code change at a 10,000-person company would run $52 million a year. Whoever masters cost, not just capability, wins.

The Single Biggest Thing That Happened: Cyber Went Mainstream on the Money Shows

For months this newsletter has tracked operators and threat researchers making the case that AI blows up the demand for security. This week the pitch jumped from the security podcasts to the mainstream financial ones, with the actual CEOs and the actual stock moves.

Palo Alto's CEO went on CNBC, and the framing was pure demand story. On the July 9 episode of Squawk on the Street: OpenAI's Sam Altman, Palo Alto CEO on AI Spending, the anchors introduced Nikesh Arora by noting that "more than a thousand customers have asked for meetings around its frontier AI defense offering, and CEO Nikesh Arora has personally taken hundreds of them," with the stock "up around 75% this year." Arora's own comments were less about his company and more about the plumbing of the whole AI economy:

  • On whether cheaper AI is coming: OpenAI had just claimed its new model is 54% more efficient. Arora called that "a good start," but said pricing has to keep falling: token efficiency needs to reach "about 1.5 to 1.8" over the next 12 months and "about 1.10" the year after, before enterprises will "bet the farm" on AI. ("Token efficiency" just means getting more useful work out of the AI for each dollar of computing you pay for.)
  • On demand: "demand for AI consumption is still infinite. We do not have enough compute in the world to satisfy the demands of both the consumer side and the enterprise side."
  • A striking stat on who's actually paying: "70% of the consumption today on AI is happening in the consumer space. Only 30% is happening in enterprise, and two-thirds of that is happening in coding." His point: the free consumer chatbots are being subsidized by the enterprise, and mostly by coding tools, and that math has to change.

Cramer said the quiet part out loud: cyber is now the #1 line in the IT budget. On the Squawk on the Street: 9am Hour earlier that morning, Jim Cramer role-played a chief information officer setting priorities: "our number one priority is cybersecurity... Our number two is memory... And then number three is tokens." He described companies phoning in the cyber CEOs as consultants: "They're calling in Nikesh. They're calling in George Kurtz" (CrowdStrike's founder). And on why Palo Alto has been on a tear, he was blunt: "that stock has just been unbelievable since Mythos. Unbelievable." Same segment, a bearish note for the software incumbents: Starbucks reportedly spends $400 million a year on tech and is now building in-house, and KeyBank downgraded Salesforce on slowing adoption of its "Agentforce" AI product.

A dedicated investing podcast did the homework on the two leaders. The Wall Street Wildlife Investing Podcast: Is AI Making Cybersecurity Stocks Unmissable? $CRWD vs $PANW (July 12) laid out the fundamentals in plain terms:

  • CrowdStrike: annual recurring revenue of "$5.5 billion in the most recent quarter... up 24% year over year," with "record free cash flow of $469 million, with a 34% free cash flow margin." Growth had dipped to about 20% in mid-2025 (partly the hangover from its 2024 outage that "took down the internet") and has since re-accelerated to roughly 25%, helped by "Falcon Flex," a pricing model that lets customers buy fungible credits they can spend across any module. The catch: it trades at about "33 times enterprise-to-sales," which the host himself called "nosebleed valuations," on a roughly $174 billion market cap. He still holds it as a high-conviction position.
  • Palo Alto: "next-gen security" recurring revenue "now over $8 billion," on a roughly $228 billion market cap and about "21 times trailing sales", expensive, but "objectively cheaper than CrowdStrike." A caution flag: headline revenue growth of ~31% is flattered by acquisitions; the host pegged organic growth "closer to like the 14, 15%." Palo Alto spent "$25 billion" this year absorbing identity-security leader CyberArk, plus a smaller observability deal, and runs three platforms: Strata (network), Prisma (cloud), and Cortex (AI-driven security operations). He described the stitched-together result, fairly or not, as a bit "Frankenstein" versus CrowdStrike's single-agent design.

The thesis tying it together: "AI... is going to viscerally demonstrate, over the next 12 to 24 months, why the world needs like 10 times as much cyber security as it does today," forcing CIOs to spend far more with the elite vendors.

Meet Mythos: The AI That Turned the Demand Story Into Headlines

If you want to understand why these stocks moved, you have to understand Mythos. Two podcasts went deep on it this week.

What Mythos is. Per the Elon Musk Podcast: Why the US Military Blacklisted Anthropic (July 9), Mythos is Anthropic's most capable model, working as "an autonomous, agentic vulnerability hunter", it searches, tests, and adapts on its own to find weak spots in software and networks without a human guiding each step. In controlled red-team tests it "penetrated classified NSA and U.S. Cyber Command systems in a matter of hours," and it has surfaced thousands of flaws, including 271 in Firefox and a 27-year-old bug in OpenBSD.

The dual-use trap, explained simply. The same skill that lets an AI fix a security hole lets it find and exploit one. Anthropic tried to manage that by shipping two versions of the same underlying model: a public one called Fable, wrapped in safety filters that reroute any offensive request to a weaker, older model, and the unfiltered Mythos, restricted to vetted defenders through a program called Project Glasswing, with 30-day logging of everything it does. The host's line captured the business model shift neatly:

The actual product is the safety policy, the continuous monitoring layer, and the access boundary wrapped around the intelligence. We are trusting the invisible fencing rather than the dog.

The whiplash that spooked everyone. The Artificial Intelligence Show #224 (July 7) walked the timeline: Amazon researchers found a way to bypass Fable's guardrails and get it to identify software vulnerabilities, in one case producing exploit code, which is "exactly the type of AI-assisted cyber attack that regulators have been most worried about." The Commerce Department ordered access blocked for foreign nationals; because a cloud provider can't reliably verify who's behind an API key, Anthropic pulled both models offline globally for a few days, briefly cutting off allied governments. Controls were lifted June 30 in a letter from Commerce Secretary Howard Lutnick after Anthropic added a new filter and agreed to help the government set standards. Two details worth noting for investors: Anthropic swapped negotiators, with co-founder Tom Brown taking over White House talks from CEO Dario Amodei, "whom officials reportedly found harder to deal with"; and the deal is specific to Anthropic, not OpenAI, Google, Meta, or xAI. In Anthropic's own words, quoted on the show:

Claude Mythos 5 can be used to find and exploit software vulnerabilities more effective than any other model... These prodigious cybersecurity capabilities make it uniquely attractive to malicious actors.

Why it matters: for the first time, the market can point at a specific, real, named tool, not a hypothetical, that makes attacking faster and cheaper. That's the engine under the "buy the security leaders" trade.

The Catch Nobody on the Money Shows Mentioned: The Economics Are Brutal

The most useful counterweight came from operators, not anchors. On the Cloud Security Podcast: The Hidden Cost of BlackBox AI (July 9), Harry Wetherald, CEO of the Series A startup Maze, described running his cloud-security AI on a Fortune 100 customer for the first time: "when we extrapolated up to the whole environment, it was going to be $4 million a week... about the amount we'd raised at the time." His killer example: "if you run Mythos on every PR [code change] for a 10,000-person software company, it comes out as $52 million a year." That's simply not affordable, which is why he argues the real skill isn't wielding the fanciest model, it's cutting cost "by like 100x" through orchestration, dynamically routing between an expensive frontier model, a cheaper one, and sometimes no model at all. He also flagged that Mythos famously found that 27-year-old bug, at a reported cost of "$10,000" for that single vulnerability.

This dovetails exactly with Arora's point that AI pricing has to fall before enterprises commit. Read together: the demand is real, but the vendors who win will be the ones whose unit economics survive contact with a real customer environment.

The Other Identity-and-Agents Shoe Drops: Rubrik Agent Cloud

Last week Okta turned "agent identity" from a slide into a shipped product. This week Rubrik did the same. On Eye On A.I.: The Biggest AI Security Problem Isn't the Model (July 7), Devvret Rishi, CEO of Predibase, which Rubrik acquired last summer, detailed Rubrik Agent Cloud, now generally available. It does three things: automatically inventories every AI agent, what tools it can call, and what data it touches; runs a system called SAGE (Semantic AI Governance Engine) that uses small, fine-tuned AI models to check every agent input and output against plain-English policies (his example from a healthcare customer: "agents should not give clinical diagnoses"); and can "rewind" a destructive agent action back to a clean snapshot using Rubrik's backup data. The target market is the Global 2000. The pitch mirrors the whole week's theme: the thing you now have to secure is the agent, and legacy tools weren't built for it.

The Debate

Bull frame. AI simultaneously expands the attack surface (more agents, more code, more machine identities) and hands attackers cheap, fast, autonomous tools like Mythos. That forces CIOs to consolidate onto a few platforms with the most data and the best automation, the classic case for CrowdStrike and Palo Alto getting bigger wallets, not smaller. This week that argument stopped being theoretical: a named model, a CEO on CNBC, a #1-priority ranking, and 24%+ recurring-revenue growth.

Bear frame. Two problems. First, valuation: 33x sales (CrowdStrike) and 21x (Palo Alto) leave no room for error, and Palo Alto's headline growth leans heavily on acquisitions. Second, and newer this week, the economics: if AI security genuinely costs millions per customer to run, margins compress, and cheap open-source models plus "just wrap a frontier model" upstarts could collapse pricing before the incumbents monetize the boom. One panelist who builds with these models even argued the underlying AI has plateaued and that most customers are "still catching up on basics."

Stocks and Companies in Play

  • Palo Alto Networks (PANW). The week's protagonist. CEO on CNBC, stock up ~75% year-to-date, "unbelievable since Mythos" per Cramer, and named the cheaper of the two elite platforms (~21x sales, >$8B recurring revenue). Bull: platform consolidation plus the CyberArk identity deal positions it for the agent-security wave. Bear: organic growth may be ~14–15% under the acquisition-boosted 31% headline. Watch: how much of that "thousand customer" pipeline for its frontier AI defense converts to bookings next print.
  • CrowdStrike (CRWD). Growth re-accelerated to ~25%, $5.5B recurring revenue up 24%, record $469M free cash flow at a 34% margin, but 33x sales is the most expensive name in software. Bull: single-agent architecture, Falcon Flex flexibility, founder-CEO George Kurtz cited as a consultant companies call in. Bear: priced for perfection. Watch: net-new recurring revenue and Falcon Flex expansion.
  • CyberArk (CYBR). Now inside Palo Alto via a "$25 billion" acquisition (a correction from prior issues, which had treated it as an independent read-through). Its identity/machine-identity franchise is exactly the agent-security turf everyone is chasing, it's just no longer a standalone bet.
  • Rubrik (RBRK). A genuine new product datapoint: Rubrik Agent Cloud is GA, aimed at the Global 2000, pairing data resilience with AI-agent governance (SAGE) and "rewind." The clearest RBRK read-through in weeks.
  • Zscaler (ZS) / Okta (OKTA). No fresh operator catalyst this week, but both stay in every consolidation basket; last week's Okta agent-identity standard (XAA) now has a companion in Rubrik's product. Watch for their own prints.
  • Fortinet (FTNT). The week's punching bag. On the Cybersecurity Today Panel (July 11), the hosts praised its success but said it "keep[s] slapping duct tape on a problem that should require them to do a teardown and a rebuild. There's whole classes of bugs." A pointed AI angle: models are very good at finding one bug pattern (say, SQL injection) "at scale and speed", a structural reputational tax on any vendor with recurring vulnerability classes.
  • Datadog (DDOG) / Cloudflare (NET). On Bloomberg Surveillance (July 8), a Citi software analyst called cyber budgets a "death and taxes" certainty and said "we tend to also be bullish there", but named Datadog (up "88% year to date," described as "an MRI scan for your entire IT... topology") and Cloudflare ("basically the backbone of the internet") as the preferred, cleaner ways to play the agentic-AI build-out. A reminder that "AI security" money is leaking into adjacent infrastructure software, not just pure-play cyber.

Read-Throughs

  • Anthropic (private). The epicenter this time. Its Mythos/Fable saga is simultaneously the demand catalyst for the whole sector and a case study in how AI access can be granted, revoked, and re-granted by Washington overnight. Whoever depends on a single lab's model now carries policy risk.
  • Legacy SIEM / log analytics (Splunk-in-Cisco, Microsoft Sentinel). On Risky Business Soap Box: Using threat hunting to drive detection (July 8, a disclosed sponsored interview), Nebulock founder Damian Lukey, a veteran of CrowdStrike, Palo Alto, and Arctic Wolf, pitched a "context graph" that lets teams write and validate a detection "in three minutes" instead of two-week sprints, positioning the tool as an eventual SIEM replacement. Directionally bearish for the old "collect all the logs for humans" model; supportive of the "security is a data problem, so consolidated data wins" argument behind the platform leaders.
  • Island (private). On Boardroom Club, Island CEO: Quantum Changes Everything (July 12), co-founder Mike Fey (Island has raised "$730 million" at a "$5 billion valuation") said "Mythos is the first taste" of weaponized, machine-speed vulnerability discovery, and that some of the world's largest banks, which "can't patch" fast enough, are using enterprise browsers as a "compensating control" or "virtual patch" at the perimeter. Also a fresh quantum warning: when quantum computing arrives it "rips through that encryption and turns it all into plain text."
  • The AI dev stack as the new soft underbelly. Multiple shows reinforced that attackers are targeting the tools, not just the targets. Daily Cyber Threat Brief Ep 1170 (July 9) cited incident-response firm Signia on a lone attacker who used "AI-assisted workflows to reach a large AWS environment in about 72 hours," chaining stolen credentials, code repos, and CI/CD pipelines, the recurring warning being over-permissioned AI agents. Identity risk, again, is the exposure everyone underestimates.

What Changed vs Last Week

Last week the story was consolidating around one idea, "the thing you now have to secure is the agent", carried mostly by operators and a single money show. This week that idea hardened into a full Wall Street conviction trade, and the abstract demand catalyst got a real name.

  • From narrative to CEOs and stocks. Last week it was Hightower's strategist making the consolidation call on a money show. This week the Palo Alto CEO himself was on CNBC, Cramer ranked cyber the #1 CIO priority, and a dedicated investing podcast walked the CrowdStrike-vs-Palo Alto numbers. The thesis is no longer whispered.
  • Jade Puffer (last week's proof-of-concept) to Mythos (this week's real weapon). Last week's autonomous-ransomware demo matured, and AI Inside and Smashing Security added detail (1,300+ files encrypted, a 31-second self-fix, and, tellingly, an attacker so sloppy it never saved the decryption key, so paying wouldn't have recovered anything). But the bigger escalation is that Mythos is a production-grade, government-tested tool, not a homemade script, and Cramer explicitly credited it for Palo Alto's run.
  • The identity thread widened. Okta's XAA last week; Rubrik Agent Cloud this week: a second named product for governing AI agents, plus repeated CISO warnings about over-permissioned agents.
  • A new, sobering variable: cost. Last week's debate was about seats and bundles. This week added the unit-economics reality: $4 million a week, $52 million a year to run these models at scale, which is both a moat for the efficient and a margin risk for everyone.
  • Quantum sharpened. Last week it was DigiCert noting only 22% of organizations feel quantum-ready. This week it's a hard deadline: per Cybersecurity Headlines (July 10), France's ANSSI will stop certifying non-quantum-resistant products in 2027 and require quantum-safe purchases by 2030, a real procurement clock, echoed by Island's CEO.