Nikesh Arora, the CEO of Palo Alto Networks, has pushed back against the panic caused by Anthropic's Mythos. As artificial intelligence (AI) models like Anthropic's 'Mythos' send shockwaves through the tech world, the stock market has become increasingly 'paranoid' about the future of software companies.
In a series of recent statements, Arora argued that investors are failing to distinguish between software that AI will replace and software that AI will actually make stronger. According to Arora, while some sectors are in trouble, cybersecurity belongs to a rare group of industries that AI cannot easily disrupt.
Three Categories of SaaS Survival
Arora broke down the software-as-a-service (SaaS) world into three categories to explain who survives:
- The Impacted: Analytical and Creative software (likely to be replaced by AI).
- The Evolvers: Productivity and human workflow tools (must change to survive).
- The Beneficiaries: Infrastructure and Cybersecurity (AI makes these more essential).
Here are the three specific reasons Arora believes AI models—no matter how powerful—cannot replace dedicated cybersecurity companies.
1. The 'Hallucination' Problem
One of the biggest hurdles for even the most advanced AI models is accuracy. Arora pointed out that Large Language Models (LLMs) currently have a 'false positive' rate of about 30%. In the world of cybersecurity, being wrong 30% of the time is catastrophic. If an AI incorrectly flags a harmless file as a virus, it could shut down an entire company's operations. Conversely, if it misses a real threat, the damage is done. Currently, no AI model can validate its own findings well enough to be trusted with the 'keys to the kingdom.'
2. Lack of 'Inline Sensors' and Enforcement
Knowing there is a threat is only half the battle; stopping it is the other. Arora noted that cybersecurity companies have spent 'a lifetime' deploying physical and digital sensors everywhere—on employee laptops (endpoints), inside web browsers, and within cloud firewalls. AI models like Mythos live in the cloud, but they don't have these 'boots on the ground.' A model might identify a vulnerability, but it cannot physically 'enforce' a block or stop an attack in real-time. To be effective, an AI would have to be merged into the existing, massive infrastructure that companies like Palo Alto Networks have already built over decades.
3. The Complexity of Enterprise Policy
Every company has a different set of rules. A bank has different security needs than a hospital or a retail store. Arora argues that AI models are currently unable to write or manage 'enterprise policies' that are specific to a customer's unique business needs. Cybersecurity software isn't just about catching 'bad guys'; it's about managing a complex set of permissions and rules that are unique to each organization—something that requires the specialized logic found in dedicated security software, not just a general AI model.
The Arora Outlook: Opportunity in the Panic
Arora believes the current market fear is creating 'buying opportunities' for smart investors. While the world worries that AI might make security software obsolete, Arora contends that the reality is the opposite: as AI makes attacks faster and more frequent, the massive, physical infrastructure of cybersecurity companies becomes the only thing capable of standing in the way.
