On February 20, Anthropic shipped Claude Code Security as a research preview, an AI scanner that reviews full codebases, validates findings to reduce false positives, and suggests patches for human review.

The same week, Opus 4.6 reportedly surfaced over 500 high-severity vulnerabilities that had survived decades of expert review. The market’s read was immediate and unambiguous.

CrowdStrike dropped 8% and deepened toward 11% over the week, Zscaler fell 5.5% and kept sliding toward 10-11%, SailPoint dropped 9.4%, Okta 9.2%, JFrog 25%, Palo Alto 3.2%, and Cloudflare 8.1%. The Global X Cybersecurity ETF hit its lowest level since November 2023, down 4.9% in a single session.

The thesis the market was pricing was simple and clean. Frontier labs will eat cybersecurity. If the model can find vulnerabilities, write detections, and suggest patches, the entire security vendor stack becomes a middleman awaiting disintermediation.

As I wrote at the time in When the Frontier Labs Sneeze, the Cybersecurity Market Catches a Cold, the selloff reflected a structural anxiety that frontier labs were moving up the stack into territory that historically belonged to standalone security vendors.

Three months later, the evidence says the thesis was half right and half backwards. The frontier lab is both competitor and partner, and which one depends entirely on the category and the offering. Recent week’s integrations are the clearest proof yet, and they tell a fundamentally different story from the one the market sold in February.

The Reframe

The analyst community pushed back on the February selloff almost immediately, and their reasoning holds up. Berenberg stressed that Claude Code Security sits in application security, roughly 1.2% of total cyber TAM, and drew a clear distinction between build-time vulnerability finding and runtime security across endpoint, network, and identity. The reaction was harsh relative to the actual surface area being threatened.

JPMorgan called the selloff indiscriminate and kept Overweight ratings on all five affected names. Baird’s Shrenik Kothari called it a panic-driven, narrative-led selloff. Wedbush labeled the entire episode “AI Ghost Trade fears” and called it an overreaction, arguing that cybersecurity is a key beneficiary of AI rather than a casualty and expecting OpenAI and others to follow Anthropic’s path. As an aside, the NYT recently highlighted how cybersecurity roles are in high-demand with the rise of AI, counter-acting the layoff narrative that many circulate.

CrowdStrike CEO George Kurtz made the argument more directly and he’s right. AI increases the need for security, not less. Every enterprise AI deployment creates new surfaces to monitor, new data flows to govern, new identities to manage, and new compliance obligations to satisfy. The model doesn’t replace the security stack, it feeds it and in many ways, the rise of LLMs and Agents is a boon for cybersecurity as well. More attack surface, more code volume, more deployments, new novel attack vectors etc.

That framing sounded like corporate spin in February. By late May, it looks like a reasonable description of what’s actually happening.

The market data makes the reversal concrete.

On May 22, the same day Anthropic published its latest Glasswing update, which I published a comprehensive write-up and video on.

The three largest public cybersecurity companies sat at or near all-time high market capitalizations. Palo Alto Networks crossed $211 billion. CrowdStrike reached $168 billion after its stock hit a record $674 and its ARR topped $5 billion. Fortinet approached $100 billion.

As Elad Erez pointed out, the headline was supposed to be “Mythos is about to kill cybersecurity,” and instead the largest cyber companies were posting record valuations on the same day the lab’s most advanced offensive model shipped new results. The BUG ETF, which hit its lowest level since November 2023 during the February selloff, has fully recovered and then some.

The performance data underneath the headlines tells a more nuanced story.

As Nikoloz K. documented, the rally isn’t lifting all boats equally.

CrowdStrike is growing ARR at 24% at $5 billion scale. Zscaler is at $3.36 billion growing 26%. Palo Alto’s stock is up more than 30% this year following its $25 billion acquisition of CyberArk.

The companies winning are the ones that repositioned their messaging from “we sell security” to “we secure AI workloads, identities, and agents,” and the ones that leaned into platform consolidation as CISOs cut vendor counts. As I mentioned above, AI and the need to secure it is helping drive both revenue and market valuations for cybersecurity firms.

Meanwhile, Zscaler fell more than 50% from its 2025 highs before bouncing back, Check Point faces execution questions, and Microsoft quietly runs a $37 billion security business that’s larger than CrowdStrike, Palo Alto, and Zscaler combined. The gap between winners and losers in cyber has widened, but the category itself is growing, not shrinking.

That’s the opposite of what the February thesis predicted.

What Shipped In Recent Weeks

Between May 19 and 21, a wave of integrations landed that represent a fundamentally different relationship between Anthropic and the cybersecurity vendor ecosystem.

The enabling primitive is the Claude Compliance API, which opens Claude Enterprise’s activity, audit, and data-flow surface to the existing enterprise security stack. The throughline is that Claude Enterprise becomes a governed enterprise application that the existing security infrastructure now covers like any other SaaS or application platform.

Wiz built an integration that pulls Claude Enterprise activity into the Wiz platform and onto its Security Graph, currently in Private Preview. The integration gives security teams visibility into how Claude is being used across their environment with the same posture management and risk contextualization that Wiz applies to cloud infrastructure.

Cyera extended its Omni DLP through the Compliance API, adding data loss prevention, insider risk, and audit coverage over Claude Enterprise conversations, files, and user activity. Their public claims are that it delivers 95% precision on classification and risk scoring. Cyera CEO Yotam Segev framed it as "extending the same data security governance to AI that organizations already expect for every other enterprise application.

Datadog built an integration that ingests Claude Platform audit logs into Datadog for SIEM and compliance purposes, covering admin activity, API key lifecycle, and authentication events.

The same week, KPMG announced a strategic alliance integrating Claude across its core business and 276,000-person workforce.

The trajectory is clear, Claude is entering enterprise environments at scale, and the security and governance requirements that come with enterprise deployment at scale are real, growing, and not something the lab is positioned to solve alone.

Why This Is Not Glasswing

The Glasswing comparison matters because both are alliances between Anthropic and major cybersecurity vendors, but they are fundamentally different models of collaboration, and conflating them misses key distinctions.

Project Glasswing, which launched earlier this spring, is a coalition using the unreleased Claude Mythos Preview model defensively to find and fix vulnerabilities in partners’ own foundational systems.

The partner list includes AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, Nvidia, and Palo Alto Networks, among others. The work covers vulnerability detection, black-box binary testing, endpoint security, and penetration testing.

Mythos uncovered thousands of previously unknown zero-days across major operating systems and browsers, including a 27-year-old bug in OpenBSD. Anthropic committed $100 million in credits and $4 million in donations to open-source security.

Cisco’s engagement illustrates the Glasswing model clearly. Cisco stress-tested its own products and infrastructure against Mythos, and CSO Anthony Grieco said Anthropic’s models forced a rethink of how Cisco builds and secures its products. That is the lab lending an offensive-grade model inward so a vendor can red-team and harden its own systems.

Others such as Palo Alto Networks (PANW) have done the same, and publicly have discussed how they have identified 7x their usual monthly volume of vulnerabilities in their products through its use.

Recent week’s integrations such as Cyera, Wiz and Datadog are a different collaboration model entirely. The two modes are worth unpacking due to their key differences.

Mode one is capability injection for hardening, where the lab lends a frontier model inward so vendors can red-team and patch their own systems, that is Glasswing.

Mode two is platform embedding and surface governance, where the vendor extends its platform across the lab’s enterprise footprint, and the lab opens an API so the vendor’s tooling can govern the new surface, that is this the recent announcements from Wiz, Cyera, Datadog and others.

Both are alliances, but they are not the same alliance, and the distinction matters because the economic logic, the direction of value flow, and the competitive dynamics are entirely different with each approach.

In Glasswing, the lab provides offensive capability and the vendor is the consumer. In the Compliance API integrations, the vendor provides governance capability. The lab is the consumer, and so is every enterprise that deploys Claude. The direction reverses, and the dependency runs the other way.

The Economics

The zero-sum framing that dominated February assumed a fixed pie.

The lab builds security capabilities, takes revenue from security vendors, and the vendors shrink. The positive-sum reality is more interesting and more supported by the evidence now that the initial panic has died down some.

For the labs, governance was a procurement blocker. Regulated industries need DLP over AI conversation data, audit trails for compliance, and visibility into how AI tools interact with sensitive information.

These are requirements that traditional tools were never built to monitor, and they were stalling enterprise sales cycles. By opening the Compliance API and enabling Wiz, Cyera, and Datadog to extend their platforms over Claude Enterprise, Anthropic de-risks adoption for the buyer, expands seats, and shortens the sales cycle.

The lab doesn’t need to build governance tooling itself. It just needs to make its surface governable. Mythos is a separate revenue lane on top, priced as premium API access for security research and hardening.

Another angle to the recent integrations and partnerships between Anthropic and cyber vendors is it helps the cyber vendors differentiate and bolster their products among competitors, providing visibility and coverage to the faster growing enterprise software arguably ever seen.

For the vendors, every Claude Enterprise deployment is a new monitored surface and a new SKU. Cyera and Wiz aren’t competing against Claude. They’re becoming the control plane for the fastest-growing enterprise application category.

Every organization that adopts Claude Enterprise and needs DLP, audit, or posture management becomes a potential customer for the vendor’s platform extension. The TAM doesn’t shrink, it expands, because the AI surface that needs governing didn’t exist two years ago and is growing faster than any other enterprise software category. This same dynamic exists for agents, as those proliferate as well.

CrowdStrike’s framing from its 2026 Global Threat Report is relevant here. The same frontier models that expand the attack surface hand defenders a capability advantage that didn’t exist a year ago, and that report found an 89% year-over-year rise in AI-driven adversary attacks. The threat generates the demand, and the lab’s enterprise expansion generates the surface. Both feed the security vendor’s addressable market.

The frame is straightforward and much different than the initial market driven panic narrativre. Zero-sum thinking said the lab eats cyber.

The positive-sum reality is the lab grows the enterprise AI surface, and cyber sells the governance that the lab will not build and cannot credibly sell itself. The stock market has already priced this in, with the companies that repositioned fastest around AI workloads, identities, and agent governance posting the strongest performance in 2026.

A frontier lab telling a regulated enterprise “trust us, we govern ourselves” is a structural conflict of interest that no compliance officer will accept, and that structural gap is where the vendor value lives.

Where This Could Still Break

I’ve been skeptical of narratives that assume permanent alignment between parties whose incentives may diverge, and the same discipline applies here. Partner versus competitor is a roadmap decision, not a permanent state, and several dynamics could shift the boundary.

Code scanning genuinely pressures SAST and segments of application security, and nothing stops a lab from building natively into a category it partners on today. If Anthropic decides that first-party DLP or compliance tooling is a higher-value product than an open API that feeds third-party vendors, the partnership model changes overnight. The Compliance API is an invitation today, but it could become a competitive moat tomorrow if the lab decides to internalize the governance layer.

This is even more stark when you consider the funding and explosive growth of ARR companies like Anthropic have to deploy when it comes to building and shipping capabilities, which they’ve demonstrated to be excellent at. There is also another aspect, in the sense that each frontier lab is its own walled garden, much like CSP’s prior in the cloud security era, so security vendors can and should differentiate on multi-provider coverage (e.g. covering models and agents across the diverse landscape they are offered and can be deployed in).

Embedding and preferred-model status also raise concentration and lock-in questions. When your DLP, your SIEM integration, and your security graph are all built around one lab’s API and data schema, the switching cost isn’t just the model. It’s the entire governance architecture you’ve constructed on top of it. As I explored in Orchestrating Agentic AI Securely, the dependency surface of agentic AI extends well beyond the model itself, and every integration deepens that dependency.

The category boundary between build and partner is the whole story here, and it will move in time, as the market continues to evolve. It’s clear these partnerships are genuine today, in this moment. That said, the question is what structural incentives would cause the boundary to shift, and whether the organizations on either side of it are building with that possibility priced in, and going into the partnerships with eyes wide open versus rose colored glasses.

Takeaways

For practitioners, the operating model is straightforward. Treat every frontier lab relationship as category-specific rather than categorical. Claude Code Security is competitive pressure on AppSec, but even then AppSec programs are complex endeavors and code scanning is only a piece of that, and leading AppSec vendors also have various levels of differentiation from the labs native offerings.

The Compliance API integrations are partnership infrastructure for governance. Both can be true simultaneously, and the rational response is to evaluate each surface independently rather than making a binary bet on “lab as friend” or “lab as foe.”

For security leaders evaluating vendors, the Compliance API wave is a signal that the governance layer for enterprise AI and agents is going to be built by the security ecosystem, not by the labs themselves.

The vendors that move fastest to embed across the largest AI enterprise surfaces will have a structural advantage, and the organizations that wait for the lab to build governance natively will be waiting for a product the lab has no incentive to build well because it conflicts with the lab’s core commercial interest in frictionless adoption and even if it did come, it would be confined to that specific labs walled garden, rather than multi-lab coverage.

For investors, the February selloff priced the entire cybersecurity sector as a victim of frontier AI capability. The May integrations price a meaningful segment of it as a beneficiary. The truth is probably both, distributed unevenly across categories, and the allocation of winners and losers will track the build-versus-partner boundary as it moves over the next 12-24 months.