If you’ve looked at cybersecurity stocks lately, you’ve probably noticed the carnage.

Some of the sector’s most established names have suffered significant multiple compression despite continuing to grow revenue and generate cash flow. The Global X Cybersecurity ETF (BUG) fell 17.6% in Q1 2026 alone. The market narrative is straightforward:

Generative AI will automate security work, reducing the need for specialized cybersecurity vendors.

It sounds logical.

It is also likely wrong.

A recent security incident at Meta may have exposed one of the biggest misconceptions currently embedded in the market’s AI narrative.

The lesson isn’t that AI systems are insecure.

The lesson is that every layer of AI automation creates entirely new categories of security risk that did not previously exist.

And somebody will have to secure them.

The Meta Incident Wasn’t Really About Instagram

Last week, reports emerged that attackers successfully manipulated Meta’s AI-powered support assistant into helping them take control of high-profile Instagram accounts.

The method was alarmingly simple. Attackers opened a conversation with Meta’s AI Support Assistant and asked it to link a target account to a new email address under their control. The chatbot sent a verification code to the attacker’s email; the attacker shared the code back with the bot, the chatbot displayed a “Reset Password” button, and the account was compromised.

Victims included the Instagram account associated with the Obama White House—briefly used to broadcast Iranian propaganda—the account of the U.S. Space Force’s Chief Master Sergeant, Sephora, and security researcher Jane Wong, among others. Meta patched the issue, though according to TechCrunch, attacks continued for days even after the company declared the problem resolved.

Back in December 2024, Meta had announced this assistant promising it would make account recovery “faster and simpler” and that it would be able to “reset your password securely.” Solutions, not just suggestions, the product page read.

Too efficient, as it turned out.

Most people looked at this and saw a chatbot failure.

I see something much larger.

The attackers didn’t discover a sophisticated memory corruption bug. They didn’t develop nation-state malware. They didn’t break modern cryptography.

Instead, they exploited a design mistake that is becoming increasingly common across corporate AI deployments:

An AI system was granted authority over a sensitive workflow.

The chatbot wasn’t merely answering questions. It was allowed to perform actions.

That distinction matters enormously.

The New Attack Surface: AI With Permissions

For decades, security teams protected applications.

Today they increasingly need to protect autonomous decision-making systems.

Traditional software behaves deterministically. An API endpoint follows predefined logic. A database follows predefined rules. A firewall enforces predefined policies.

Large language models are fundamentally different.

They operate probabilistically. They interpret instructions. They reason over context. And most importantly: they can be manipulated through language.

The moment an organization connects an AI agent to production systems, it creates a new attack surface unlike anything security teams have dealt with before.

The AI agent becomes a privileged intermediary between humans and infrastructure.

Attackers no longer need to exploit code.

Sometimes they only need to exploit judgment.

The Meta attack required no advanced technical knowledge. It required knowing how to talk to a chatbot. That has profound implications for who can launch these attacks and how often.

The Great Misunderstanding: Automation Does Not Eliminate Risk

Corporate executives are currently engaged in what we might call “Automation at Any Cost.”

Every workflow is being evaluated through a single lens: Can AI automate this?

Customer support. Software development. HR. Finance. Procurement. Legal review. Account recovery.

The assumption is simple: More automation = lower costs. That part is true.

What gets ignored is the second-order effect: More automation = more systemic risk.

Every AI agent introduced into a workflow creates:

• New identities

• New permissions

• New integrations

• New API dependencies

• New data exposure paths

• New attack vectors

• New failure modes

The AI layer doesn’t replace complexity. It adds another layer of complexity on top of existing systems.

Think of it as digital scaffolding. Companies are rapidly constructing AI-driven structures above their existing technology stacks. The scaffolding creates productivity. But it also creates new points of failure.

Meta is not a struggling legacy enterprise. It is one of the most sophisticated technology organizations on Earth, investing tens of billions in AI. If a company like that can accidentally create an exploitable recovery workflow, what does that imply for the average bank, insurer, retailer, hospital, or government agency currently rushing to deploy AI agents?

The answer is uncomfortable: Most organizations have barely begun thinking about these risks.

The Numbers Back the Thesis

The global cybersecurity market currently stands at roughly $219 billion in 2025 and is projected to reach nearly $700 billion by 2034, at a 13.8% compound annual growth rate.

But that is the baseline. The future could be significantly larger.

By 2029, agentic AI is expected to drive 15% of global cybersecurity budgets—nearly three times higher than current levels.

This projection reflects a growing recognition: threat actors are gaining the same AI capabilities as defenders, raising the speed and quality of attacks. The environment is getting harder, not easier, and spending will follow.

Wedbush analyst Dan Ives, one of the most followed voices in tech equities, has argued that “AI will be a major tailwind to the cybersecurity sector over the coming years as protection of use cases, data, and endpoints expands markedly.”

The market currently appears to be betting exactly the opposite.

The Coming Security Spending Wave

This is where the market may be making a category error.

Many investors assume AI will absorb functionality currently delivered by cybersecurity vendors. The opposite outcome appears more plausible.

Every dollar spent on AI automation may require additional spending on:

• Identity and access management

• Privileged access controls

• API security

• AI observability

• Runtime monitoring

• Data lineage tracking

• Prompt injection protection

• Model governance

• Agent authorization frameworks

• Human approval systems

AI adoption does not reduce security requirements. It expands them.

The more authority organizations give to AI systems, the more valuable security controls become.

The Cybersecurity Industry Is About to Gain a New Customer

Historically, cybersecurity vendors sold protection for: users, devices, networks, applications, and data.

Now a sixth category is emerging: Agents.

AI agents need identities. They need permissions. They need monitoring. They need behavioral controls. They need audit trails. They need containment mechanisms.

This is not a temporary trend. It is a new layer of enterprise infrastructure.

And every new infrastructure layer eventually develops its own security stack.

The cloud did. Mobile did. SaaS did. AI will too.

The Investment Implication

The current market narrative treats AI as a threat to cybersecurity spending. That framing may prove backwards.

AI is not removing the need for security. It is creating an entirely new security layer that didn’t previously exist.

That said, not all companies in the sector will benefit equally. The market is differentiating, and rightly so.

Several well-established names are worth examining:

CrowdStrike (CRWD) and Palo Alto Networks (PANW) carry the lowest execution risk given their scale. CrowdStrike recently pushed toward all-time highs; PANW’s “platformization” approach is widely seen as a game-changer for securing AI data pipelines. Both were up roughly 16% year-to-date through May while the broader software index (IGV) fell 16%—a significant divergence that speaks to the quality of the underlying businesses.

Cloudflare (NET) offers the broadest AI infrastructure angle, with its network positioned as a neutral layer between users, applications, and agents.

Okta (OKTA) and CyberArk (CYBR) play the identity and privileged access theme—probably the layer most directly affected by the proliferation of AI agents that need granular, auditable permissions.

Zscaler (ZS) presents the most interesting valuation case in relative terms. The stock has fallen roughly 36–50% from highs, trading around $130–140 when the analyst consensus points to $200–230 price targets. The fundamentals remain solid: in its fiscal Q3 2026 (ended April), Zscaler reported 25% year-over-year revenue growth to $850.5 million, with ARR reaching $3.525 billion (also +25% YoY). Management describes the company as “the cybersecurity platform for the AI era,” with its inline Zero Trust architecture specifically designed to secure agentic workflows at scale. The primary risk is decelerating organic growth and intensifying competition from PANW—real risks that deserve monitoring rather than dismissal.

At Poetic Street Capital, we have initiated a position in Zscaler representing approximately 3% of the portfolio, with an average entry price around $130 per share. This position reflects our belief that AI adoption is likely to increase—not decrease—the importance of secure access, identity-aware networking, and zero-trust architectures. We do not view the position as complete; should broader market volatility or company-specific concerns create materially lower prices in the future, we would be open to increasing our exposure.

The Historical Pattern Is Clear

The internet created network security. The cloud created cloud security. Mobile created mobile security.

AI is creating AI security.

The market’s attention remains heavily concentrated on direct AI winners: GPU manufacturers, hyperscalers, and foundation model developers. Yet history suggests that every major technological shift creates an entire ecosystem of secondary beneficiaries.

The Meta breach wasn’t evidence that cybersecurity is becoming less important.

It may have been one of the first visible signs that cybersecurity is becoming more important than ever.

Investors should spend less time asking whether AI replaces cybersecurity.

A better question is: Who gets paid to secure the billions of AI agents that corporations are about to deploy?

Disclosure: Poetic Street Capital currently holds a position in Zscaler (ZS). This article reflects personal opinions and is provided for informational purposes only. It should not be considered investment advice. Investors should conduct their own research before making investment decisions.