Anthropic’s Project Glasswing sent shudders through the world of cybersecurity as the launch of Mythos exposed catastrophic security flaws throughout the software ecosystem. The threat is so dire that the U.S. Treasury Secretary and the Federal Reserve Chair hastily convened banking leaders to make sure they are ready to secure the nation’s finances against these newly revealed threats.
The launch of Mythos also provided a timely opportunity for me to launch PAIROS, the Panic AI Research On Software. The first results looked like an easy win with PAIROS concluding that a cybersecurity software company like Palo Alto Networks (PANW) would emerge a winner in the wake of Mythos. Within a day, the market suddenly reversed its assessment and cybersecurity stocks nosedived. PANW fell so sharply that the stock reversed all its gains since news of its CEO buying $10M of his company’s shares.
This flip-flop in market sentiment motivated me to run PAIROS again, this time on an article with a detailed review of Mythos. In “Are You Mythos-Ready?“, Proactive Risk explains how Mythos significantly compresses timelines for addressing software vulnerabilities. The article concludes that “security teams are being asked to absorb an exponential increase in workload…without proportional investment in headcount, tooling, or support.” This observation looks consistent with the PAIROS assessment given the opportunity for cybersecurity software vendors and software companies that already have robust security layers and processes. The PAIROS assessment on Proactive Risk’s analysis has produced an even more compelling case for cybersecurity stocks.
Why Mythos Matters to PAIROS
Mythos is AI directly affecting the security economics of software:
- Faster vulnerability discovery compresses defense timelines
- Security software demand likely rises
- Weakly defended software becomes less viable
- Tools embedded in enterprise workflows may gain importance
- Systems of record become more valuable if trust/governance matter more
This is a broad industry-level shock.
PAIROS Scoring for Mythos
PAIROS provided a stronger scoring assessment than the last round.
Unit of Analysis: Public Software Industry (especially cybersecurity and enterprise software). Scoring range is from 1.0 to 5.0, from negative to positive.
| Dimension | Score | Confidence | Reason |
|---|---|---|---|
| Agent Substitution Boundary | 3.8 | Medium | AI increasingly performs security research tasks humans did manually |
| System Layer Position | 3.6 | Medium | Trusted control layers become more valuable |
| Data Control & Context Ownership | 4.0 | Medium | Proprietary telemetry and enterprise context gain importance |
| Model Dependency Structure | 2.8 | Medium | Firms dependent on external frontier models face risk |
| Workflow Embedding Depth | 4.1 | Medium | Embedded security workflows become more necessary |
| Agent Enablement Function | 4.2 | Medium | Platforms that govern AI agents gain value |
| AI Supply Chain Resilience | 2.4 | Medium | Many firms require external AI/security capabilities |
| Monetization Position | 3.9 | Medium | Security vendors likely monetize urgency |
| Persistence Layer Role | 4.0 | Medium | Durable systems of record strengthened |
| Information Processing Ownership | 3.2 | Low | Mixed effects |
| Human Interface Dependency | 2.7 | Medium | Human-only interfaces weakened relative to APIs/automation |
| Value Capture Layer | 3.8 | Medium | Data/control layers favored |
| Barrier to Software Replication | 2.6 | Medium | AI lowers replication barriers generally |
| Commercial Defensibility Under Software Abundance | 2.9 | Medium | More pressure on undifferentiated vendors |
| Demand Expansion Under AI | 4.4 | High | Cybersecurity demand likely rises materially |
| Domain Complexity Requirement | 4.1 | Medium | Security expertise still valuable |
| Capability Frontier Sensitivity | 3.9 | Medium | Security winners benefit as AI advances |
| Recursive Improvement Exposure | 2.8 | Medium | Attack capability may compound rapidly |
| Human-AI Complementarity Potential | 4.0 | Medium | Human defenders augmented by AI |
| Tool Dependence of AI Systems | 3.7 | Medium | Agents still need tools/platforms in many settings |
Aggregated Scores (compared to last evaluation of Mythos)
| Index | Score |
|---|---|
| VI (Viability Index) | 3.5 (up from 2.94) |
| SCI (Structural Condition Index) | 3.7 (down from 3.78) |
| EVI (Economic Value Index) | 3.8 (up from 3.62) |
Interpretation:
- The software industry is not being destroyed.
- However, commodity and weakly differentiated vendors face greater pressure.
- Security, governance, observability, orchestration, and trusted data platforms likely strengthen.
- Economic value shifts toward firms that help enterprises manage AI-driven risk.
Likely Winners
- Crowdstrike (CRWD)
- Palo Alto Networks (PANW)
- Microsoft (MSFT) security stack
- Identity, detection, incident response, secure infrastructure vendors
So, PANW came up as a winner again. Based on my first analysis, I bought more shares of PANW during the stock’s setback. At the time of writing, PANW is rebounding. However, the stock now looks poised to churn in a range as the dust continues to settle on the Mythos narrative.
Likely Losers
- Small undifferentiated software vendors
- Products with weak security posture
- UI-only tools without deep workflow integration
- Firms slow to patch or lacking telemetry advantages
Updates for PAIROS
Unlike the last round, PAIROS recommended updates for itself. I expect these updates to generate even stronger scores for cybersecurity stocks.
Add New Dimension: Security Trust Premium
Measures whether AI-driven threat escalation increases willingness to pay for trusted vendors.
- Positive: Vendor gains demand because trust/compliance/security matter more
- Negative: Security concerns reduce adoption
Add New Dimension: Patch Velocity Readiness
Measures ability to respond when exploit windows collapse.
- Positive: Fast remediation, automation, customer trust
- Negative: Slow patch cycles, operational fragility
I accepted both recommendations by inserting these new dimensions in the Structural Conditions Index (SCI). These dimensions received the second highest weightings in the index, and I rescaled the remaining weights. (In a future update, I could rebalance the scoring by moving the security trust premium to the Economic Value Index (EVI)).
Conclusion: Critical Valuations
The market is in a heightened state of uncertainty about the trajectory of AI’s impact on software companies, including cybersecurity software companies. The market has expressed its concerns by compressing valuations.
Yet, valuable software companies like PANW are retaining lofty valuations. PANW trades at a rich 11.8 times forward sales. The stock’s price/earnings ratio (P/E) on a forward GAAP basis is a nosebleed 83, non-GAAP is still 44. Thus, I acknowledge the upside for such expensive stocks looks limited in the near-term. Moreover, I must respect higher than usual risks to the downside during the next periods of disruptive AI-related news. Still, given my conclusion, with the help of PAIROS, that a company like PANW is more valuable, I am retaining a positive long-term outlook. The future could even deliver a rerating and return to the even loftier valuations the market once paid for the likes of PANW.
Be careful out there!
Full disclosure: long PANW, long CRWD, long MSFT