Wall Street Says Cybersecurity Selloff Is Panic, Not Reality — Here’s Who’s Buying the Dip

Cybersecurity stocks are in the middle of a punishing stretch, and Wall Street’s biggest banks are stepping in to say the selling has gone too far. The catalyst was Anthropic’s debut of Claude Code Security, an AI tool that scans code for vulnerabilities and suggests fixes. The market read this as an existential threat to the cybersecurity industry. Analysts at UBS, JPMorgan, and Morgan Stanley read it very differently.

The iShares Cybersecurity and Tech ETF (IHAK) fell more than 3% on Friday following the Anthropic announcement. CrowdStrike (CRWD) and Cloudflare (NET) each shed around 8% that session, while Okta (OKTA) tumbled more than 9%. The selloff extended into Monday, with IHAK dropping another 4.7% and both CrowdStrike and Cloudflare losing more than 9% again.

Month to date, CrowdStrike has lost more than 20% of its value, Okta is down nearly 18%, and Zscaler (ZS) has shed 28%.

UBS: The Overlap Is Minimal

UBS analyst Roger Boyd pushed back hard on the market’s interpretation in a Monday note. His core argument is that Claude Code Security has little meaningful overlap with the actual revenue streams of established cybersecurity companies. The real driver of the selloff, Boyd argues, is fear — not fundamentals.

“While we expect the model companies to introduce more cybersecurity products, we don’t think it’s realistic to think they will devote resources to building infrastructure controls like endpoint agents, distributed security gateways networks (SASE), or identity authentication platforms,” Boyd wrote.

Boyd’s view is that AI companies like Anthropic are building tools to make their own models more secure and to develop security operations agents — not to compete with the deep infrastructure that CrowdStrike, Okta, and Zscaler have spent years constructing. He added that those same companies could actually benefit from broader AI adoption as demand for security infrastructure grows alongside AI deployment.

JPMorgan Sees Buying Opportunities

JPMorgan analyst Brian Essex took an even more direct stance, calling the indiscriminate selling within the sector a buying opportunity. Essex noted that these companies are facing high demand as enterprises look to defend their cyber platforms from AI-powered attacks, and that their strong existing networks and years of experience make them difficult to displace.

Essex named CrowdStrike, Okta, Palo Alto Networks (PANW), SailPoint (SAIL), Check Point Software Technologies (CHKP), Netskope, and JFrog (FROG) as resilient names well-positioned amid the AI shift.

Morgan Stanley Defends JFrog

Morgan Stanley reiterated its overweight rating on JFrog in a Monday note, drawing a sharp distinction between what Anthropic’s tool does and what JFrog’s business is actually built on.

“Most of JFrog’s overall business, as well as its security business, is tied to storing, managing and securing binaries — the immutable files/artifacts that code gets compiled into — that run on servers so that end customers can actually execute the software,” wrote analyst Sanjit Singh.

The distinction matters. Claude Code Security scans source code for vulnerabilities before compilation. JFrog operates at the binary level after compilation, managing and securing the artifacts that actually run in production. Morgan Stanley views the market’s conflation of the two as a fundamental misread.

The Bottom Line

Three of Wall Street’s most influential banks are aligned on one message: the cybersecurity selloff triggered by Anthropic’s Claude Code Security launch is driven by fear and misunderstanding, not a genuine reassessment of these companies’ competitive positions. The infrastructure that CrowdStrike, Okta, Zscaler, and their peers have built — endpoint agents, identity platforms, SASE networks — is not something a code-scanning AI tool replaces.

With CrowdStrike down more than 20% this month, Okta off nearly 18%, and Zscaler shedding 28%, the question for investors is whether the panic has created an entry point. UBS, JPMorgan, and Morgan Stanley appear to think it has.