Outside Palo Alto Networks’ Santa Clara headquarters, the building sits quietly among the corporate campuses that line that section of Silicon Valley. There is nothing particularly striking about the building’s exterior, and there is no indication that the company inside has been immersed in one of the more unsettling enterprise tech narratives for the better part of a year.
The story goes something like this: cybersecurity will be impacted by AI. When a large language model may eventually be able to replicate CrowdStrike’s or Palo Alto’s capabilities at a fraction of the price, why pay premium prices for them? It’s the kind of argument that seems plausible enough to undermine investor confidence, and it has done so. So far in 2026, Palo Alto Networks and CrowdStrike have both lost about a fifth of their value. 20% less. That’s a figure worth closely examining for businesses that were meant to be among the more reputable names in technology.
Key Information: CrowdStrike & Palo Alto Networks — 2025–2026 Snapshot
| Companies Covered | CrowdStrike (CRWD) and Palo Alto Networks (PANW) — leading enterprise cybersecurity platforms |
| 2026 YTD Stock Performance | Both down roughly ~20% in 2026 — among the steepest declines in the cybersecurity sector |
| CrowdStrike Market Cap | ~$100 billion (April 2026); 52-week range $342.72–$566.90 |
| CrowdStrike Gross Margin | 74.53% — among the highest in enterprise software |
| CrowdStrike Module Adoption | 50% of customers using 6+ modules; 34% using 7+ — deepening platform lock-in |
| Palo Alto Networks HQ | Santa Clara, California — named part of Anthropic’s Project Glasswing (April 7, 2026) |
| AI Threat vs. Partnership Debate | Resolved April 2026: Anthropic’s Project Glasswing partners with Palo Alto and CrowdStrike rather than competing directly |
| Key AI Coalition | Anthropic’s Project Glasswing — coalition to strengthen cyber defences in the AI era, announced April 7, 2026 |
| Historical Growth Rates (Peak) | CrowdStrike: 52.9% revenue growth; Palo Alto: 25.3%; Fortinet: 32.6% (respective recent quarters) |
| Valuation Concern (2022 baseline) | CrowdStrike at 12.8x sales; Palo Alto at 7.8x; Fortinet at 10x — still high despite material declines |
| Sales Cycle Issue | CrowdStrike CEO George Kurtz flagged “elongated” enterprise sales cycles in 2022; pattern recurring in macro uncertainty of 2026 |
| Morningstar Top Picks (Mar 2026) | Palo Alto, CrowdStrike, Fortinet, Zscaler — named top cybersecurity stocks as AI reshapes industry |
| Seeking Alpha Rating (Mar 2026) | CrowdStrike maintains “Buy” — described as “cybersecurity gold standard” despite recent market volatility |
| Key Risk | GAAP profitability still absent or marginal; high stock-based compensation inflates free cash flow figures |
Then Anthropic revealed Project Glasswing on April 7, 2026. Palo Alto Networks was named a founding partner of the coalition, which aims to bolster cyber defenses in what Anthropic refers to as the AI era. The news caused CrowdStrike shares to move. The bull camp, which had spent months claiming that AI firms were much more likely to look for established cybersecurity vendors as partners than to replace them, let out a sigh. A debate this important might not be resolved by a single announcement. However, it did, at least momentarily, change the mood from existential anxiety to something more akin to validation.
There was some surface logic to the bear argument. The moat that businesses like CrowdStrike spent years creating—their proprietary threat intelligence, massive datasets of attack signatures, and deeply ingrained enterprise relationships—may erode more quickly than the market has priced in if AI can process threat data, spot anomalies, and flag intrusions more quickly than legacy software. That argument had gained some traction with the release of increasingly powerful models by Anthropic, OpenAI, and other companies. Shares were sold. The number of coverage notes increased. Both the cybersecurity industry and the Philadelphia Semiconductor Index had bad days.
The extent to which CrowdStrike and Palo Alto have integrated themselves into enterprise infrastructure may have been overlooked by the bears. A portion of the story is revealed by CrowdStrike’s own data, which shows that 50% of its clients currently use six or more of its product modules, and 34% use seven or more. That isn’t a relationship with a vendor. It’s an operational requirement. Replacing CrowdStrike when a company’s security architecture uses it for endpoints, cloud workloads, identity protection, and threat intelligence all at once is a multi-year migration with actual operational risk rather than a procurement decision. For years, CrowdStrike’s CEO George Kurtz has been aware of this dynamic and has built the company’s platform strategy around the idea that the deeper you go, the more difficult it is to remove.
Observing all of this over the past few months has given me the impression that the market has been mistaking a valuation issue for a business issue. These are not interchangeable. When rising interest rates compressed multiples across high-growth software in 2022, the cybersecurity companies that saw the biggest sell-off were not doing so because their products were no longer needed. In reaction to recession concerns, businesses were extending contract timelines, adding layers of approval, and approving purchases more slowly. On a conference call, Kurtz put it simply: deals were delayed rather than lost. The underlying demand was still present. Through procurement, it had simply slowed down. Even though it results in uncomfortable quarters, that distinction is crucial when considering long-term value.
The story of AI integration is becoming more complex than either the bulls or the bears first presented it. As AI transforms the threat landscape, CrowdStrike and Palo Alto are not standing still. They are incorporating AI capabilities into their own platforms, utilizing machine learning to reduce analyst workload, speed up threat detection, and process data volumes that would be impossible for a human team to handle. The impact of AI on cybersecurity was never really a question. It will, of course. Whether that effect would show up as improvement from within or disruption from the outside was the question. At least Anthropic, according to Project Glasswing, has determined that the latter is the more fruitful course.
It’s still unclear if the 2026 sell-off has produced a real buying opportunity or if the stocks are still too pricey in relation to their trajectory toward GAAP profitability despite their declines. The impressive 74.53% gross margin for CrowdStrike is the kind of figure that indicates solid underlying economics. However, gross margin and net profitability are not the same thing, and both businesses still have significant stock-based compensation loads that improve their free cash flow numbers over what a rigorous accounting treatment would reveal. Investors who are closely examining those specifics are not being irrational.
These companies are genuinely difficult to value because they are expanding quickly in an industry where the competitive landscape is constantly changing while the threat environment continues to grow the addressable market. There is a premium for cybersecurity. The question of whether it’s permanent is completely different.
