On February 20, 2026, Anthropic published a blog post. Not a product launch keynote. Not a conference announcement. A blog post. And within hours, JFrog had lost nearly 25% of its market value (close to $3 billion), while CrowdStrike dropped 8%, Okta tumbled 9.2%, Cloudflare fell 8.1%, SailPoint shed 9.4%, and Zscaler retreated 5.5%. The Global X Cybersecurity ETF fell nearly 5% in a single session.
One blog post. Billions gone.
Markets overreact. That's a given. Investors priced in worst-case scenarios before anyone had a chance to actually test the product. Analysts at Raymond James called JFrog's plunge an exaggerated short-term reaction that doesn't affect the company's strategic position. The CTech piece summed it up cleanly: "Cyber stocks plunge, but Anthropic's security tool isn't a killer app."
They're probably right, in the short term. But here's the mistake CISOs make by focusing on whether the market was right or wrong: the investors weren't reacting to the current version of Claude Code Security. They were reacting to the trajectory.
What Claude Code Security Actually Does
Claude Code Security is built into Claude Code on the web, launched in a limited research preview for enterprise and team customers. It scans codebases for security vulnerabilities and suggests targeted software patches for human review.
That description sounds modest. The underlying capability is not.
Traditional SAST tools (Veracode, Checkmarx, Snyk, SonarQube) work through rule-based pattern matching. They look for known-bad patterns: code that matches signatures of previously documented vulnerabilities. They're good at what they do, but they have a hard ceiling. They can't reason about code; they can only recognize patterns.
Claude Code Security reasons about code. It understands how different components interact with each other, traces how data flows through an application, and detects vulnerabilities that emerge from those interactions — things like business logic flaws, authentication bypasses, and broken access control that don't surface in any signature database because they're unique to that specific codebase.
Each finding goes through a multi-stage check where the model re-examines its own conclusions to filter out false positives before anything surfaces for human review. Results include severity ratings and confidence scores. Nothing gets applied automatically — humans review and approve any patches.
The backstory behind the product announcement matters as much as the product itself. Two weeks before the Claude Code Security launch, Anthropic published research on what Claude Opus 4.6 had done in autonomous testing.
Running in a sandboxed environment against real open-source projects, the model identified over 500 previously unknown, high-severity zero-day vulnerabilities in Ghostscript, OpenSC, CGIF, and other widely-used libraries.
These were real flaws, confirmed by Anthropic's Frontier Red Team, in codebases that had been fuzzed for millions of hours. Some had gone undetected for decades.
That's the gap between a spell checker and a copy editor. One knows the rules. The other understands the argument.
The Limitations Are Real (But Not Permanent)
Claude Code Security performs static analysis. It reads code but cannot test runtime behavior. It can't send requests through API stacks, validate whether middleware chains hold under actual authentication loads, or confirm whether a finding is exploitable in a live environment. Runtime vulnerabilities require separate DAST tooling.
Researchers have also noted performance variability on specific vulnerability classes. Detection rates on benchmark categories like path traversal and SSRF show room for improvement. And unlike mature enterprise tools, Claude Code Security lacks the policy enforcement, compliance reporting, and CI/CD pipeline governance features that enterprise teams depend on.
The tool isn't replacing your full security stack tomorrow. The analysts calling the market reaction overblown have legitimate points on that narrow question.
But none of those limitations are fundamental constraints. They're developmental ones. The runtime gap closes once the model pairs with dynamic testing. The governance gaps close as the product matures. The benchmark numbers improve with each model generation.
The question isn't "can it replace everything today?" The question is "what does this capability trajectory mean for which parts of my stack?"
The Commoditization Problem
Enterprise security teams have operated on a stable mental model for years: buy specialized point solutions for each layer of your security posture. SAST for code scanning. Vulnerability management platforms to track and prioritize. Compliance tools for policy enforcement. Each vendor charges accordingly for their specialized expertise.
What's shifting is that the "specialized expertise" in many of those categories is primarily the ability to encode security knowledge into detection logic. That's exactly what large language models are becoming very good at, at scale.
When a technology commoditizes the core function of an established software category, the market response is brutal for incumbents who can't credibly differentiate. This has happened before. GitHub Copilot didn't kill the code editor market, but it permanently changed the value equation for autocompletion tools. ChatGPT's arrival gutted Chegg's stock by making instant, free homework help available to anyone with a browser. DeepSeek's open-source model in early 2025 crashed Nvidia's stock 17% in a single day by demonstrating that AI compute costs were heading toward commoditization.
The pattern is consistent: an AI capability demonstrates that something people were paying a premium for can now be approximated at dramatically lower cost. The market doesn't wait for perfect substitution. It prices in the possibility.
For security tooling, the category most immediately in the crosshairs is code-level vulnerability scanning: SAST tools, dependency scanning, and basic compliance checks. These are rule-based systems where the specialized value is "we've encoded a lot of security knowledge." An AI that reasons about code the way a senior security researcher would doesn't need those rules.
JFrog's 25% drop wasn't irrational. JFrog's platform includes software security scanning. Investors did the math on what AI-native code analysis means for that revenue.
Which Parts of Your Stack Are Actually at Risk?
Not every security category faces the same pressure, and the distinctions matter.
High exposure: Point solutions that primarily do code analysis, vulnerability pattern detection, or compliance checking against known rules. If the core value proposition is "we've encoded security expertise into detection logic," that logic is becoming reproducible by general-purpose AI. Traditional SAST scanners, basic software composition analysis tools, and standalone vulnerability management platforms that don't go beyond tracking and scoring fall squarely in this category.
Medium exposure: Tools that combine code scanning with workflow management, ticketing, and developer experience features. The scanning component becomes less defensible, but the integrations, workflow automation, and compliance reporting layer retain some stickiness. Vendors here have time to reposition, but only if they're honest about which part of their value is actually defensible.
Lower exposure, for now: Runtime security, endpoint detection and response, network security monitoring, identity and access management, and threat intelligence platforms. These deal with live behavior: active network flows, actual endpoint activity, identity anomalies in real time. AI can assist here, but it doesn't simply replace the category the way it can replace static code analysis. The operational complexity and enterprise switching costs remain high.
The CrowdStrike and Cloudflare problem. Their declines were genuinely puzzling, and this is worth spending a moment on. CrowdStrike does endpoint detection. Cloudflare does network security. Claude Code Security has essentially zero overlap with either business. And yet CrowdStrike lost 8% and Cloudflare lost 8.1% in a single session.
What actually happened is more unsettling than competitive displacement. Investors are now in a mode where any credible AI security announcement triggers broad sector repricing, regardless of actual product overlap. The market is applying a blanket discount to the entire cybersecurity vendor category, operating on the assumption that AI will find a way into every layer of the stack, even if the current tool doesn't touch it.
For a CISO, that's a meaningful data point. The vendors in your stack are living under that repricing pressure. Some will respond by genuinely innovating. Others will respond by AI-washing their existing products to maintain valuations. Knowing which is which will matter when contract renewal comes up.
How to Evaluate AI Security Tools Without Getting Burned
The evaluation framework for AI-native tools can't be the same one used for traditional security software. A few things that actually separate signal from noise:
Demand benchmark data on your actual codebase, not theirs. Any vendor claiming AI-powered detection should be able to tell you their true positive rate and false positive rate against your own code, not a sanitized lab dataset. If they won't run a trial on your real codebase, that tells you something.
Test the reasoning, not just the output. The best feature of AI-native tools is that they can explain why something is a vulnerability, not just flag it. Ask the tool to walk through a finding: what's the exploit path, what's the affected data flow, why should this be prioritized over the next finding? If the explanation is thin, it's probably pattern matching with better packaging.
Evaluate detection capability and enterprise maturity separately. An AI tool might genuinely outperform your SAST on raw detection while lacking the CI/CD integration, policy enforcement, audit logging, and governance features your team depends on operationally. These are two different questions. Mixing them in the same evaluation produces confused conclusions.
Pin down data handling before you start a trial. Giving an AI model access to your production codebase is a significant security decision on its own. Where does the code go? Who at the vendor can access it? Is it used to train models? What are the retention policies? Get the answers in writing before a single file leaves your environment.
Run a controlled adversarial test. If a vendor claims their tool catches authentication bypasses, submit code with deliberately crafted authentication bypasses and document what happens. Most enterprise evaluations skip this step. It's the fastest way to separate genuine capability from marketing.
Questions to Ask Vendors Who Are Scrambling to Add AI
Every established security vendor is now adding "AI-powered" to their collateral. Some of those additions are real. Many are not. The questions below tend to cut through the noise quickly.
"What model are you using, and did you build it or fine-tune an existing one?" The answer reveals whether AI is genuinely integrated into detection logic or bolted on as a UI layer. Neither approach is automatically better, but you need to know what you're buying.
"Has your AI layer been independently benchmarked, or only internally tested?" Internal benchmarks can be optimized for exactly this moment in the sales cycle. Ask for third-party validation against a standard like NIST's Software Assurance Reference Dataset, or independent red team results.
"What's your false positive rate in production, across your enterprise customer base?" Specifically in production, not on a demo environment. This is where most AI security tools quietly underperform relative to what's shown in trials.
"What happens when your AI makes a wrong call at scale?" Rule-based tools fail predictably. AI tools can fail in surprising ways, at volume. Ask how the vendor monitors for model drift and what the escalation path is when the AI starts flagging incorrectly across thousands of findings.
The Audit You Should Run Now
Go through your security tooling budget line by line. For each tool, ask one question you probably haven't asked since you signed the contract: does the primary value of this tool come from something AI will eventually do better and cheaper?
For each item, identify the core function. Is it primarily knowledge encoding and pattern detection? Or is it behavioral monitoring, workflow orchestration, incident response coordination, or compliance reporting? The former is under direct pressure. The latter isn't, at least not yet.
Where you identify tools whose core value is primarily knowledge encoding, build an evaluation roadmap. Don't cancel contracts today; that would be reactive and probably wrong. But get on the product roadmaps of your current vendors, understand their AI strategy, and run parallel evaluations of AI-native alternatives before your next renewal cycle. The goal is to make that decision from a position of deliberate choice, not forced urgency.
One pattern worth flagging: most enterprise stacks pay for the same vulnerability scanning function two or three times across different tools. SAST scanner. CI/CD plugin. Cloud security posture management. AI-native tools tend to collapse those layers. If consolidation is possible, that's where the real budget argument lives.
The Signal Worth Taking Seriously
One Anthropic blog post, and billions vanished from cybersecurity market caps in a single session. The market was wrong about some specifics. Cloudflare selling off over a code scanning tool is analytically difficult to defend. But markets are often correct about direction even when they're wrong about timing and magnitude.
The direction is legible. AI is beginning to commoditize the knowledge-encoding layer of security software, starting with code analysis. The inflection Jefferies analyst Joseph Gallo pointed to, that headwinds for cybersecurity vendors "will increase before there is clarity," is the honest read.
Security leaders who file this away as investor noise may find that reasonable in the short term. But the capability trajectory suggests treating it as advance notice is the more useful response: use the time while incumbents are still dominant to build evaluation infrastructure, map your stack's exposure, and develop the vendor relationships and institutional knowledge to make AI-native security tooling decisions before competitive pressure makes them for you.
The market's reaction was the signal. Whether the market's timing is right almost doesn't matter.