Palo Alto Stock Is Looking Like an AI Winner. Here’s Why.
“We’re beginning to notice customers are facing spending fatigue in cybersecurity,” Arora said on the company’s February earnings call. “This is new, as adding incremental point products is not necessarily driving a better security outcome for them….Customers are demanding to get more for the amount of money they have allocated to cybersecurity.”
Arora’s comments triggered a one-day 28% drop in Palo Alto’s stock, dragging down other security stocks in its wake. The pall has lingered. The five largest security-software pure plays—Palo Alto,
Fortinet
,
Zscaler
,
and
—have an average year-to-date return of minus 1%. Palo Alto has outperformed—it’s up 1%.
A few months later, it looks like Arora’s message was less dire and more just inartfully conveyed. In fact, there’s a bullish takeaway over the long term for Palo Alto’s shareholders.
Arora’s intended message was that cybersecurity for too long has been dominated by “best of breed” software companies, with customers weaving together their security suite from a host of different providers. Today, software offerings are more often integrated—think of
Microsoft
’s
Office 365 or
Alphabet
’s
Google Workspace. And Arora sees that approach finally coming to cybersecurity, with Palo Alto Networks as the obvious winner.
Advertisement – Scroll to Continue
One other wrinkle from that fateful February call was Arora’s concession that to accelerate the company’s aggressive “platformization” goals, Palo Alto is giving away access to certain features to existing customers, with the goal of taking a larger share of IT spending budgets over the long run.
Remember the Borg, the Star Trek species that went around “absorbing” other creatures? Palo Alto wants to be the cybersecurity Borg. It hopes resistance is futile.
“If I don’t deliver the integration to the customer, then every one of them has to have the technical capability of integrating five, six, seven, 10, or 20 brands,” Arora told me this past week. “If an attack is in progress, and it is progressing through 15 security vendors, then whose job is it to take all the data, analyze it in AI, and come back and stop it in real time? I think AI is going to force people to have consistency across their stack.”
Advertisement – Scroll to Continue
Arora says that a few years ago, no security-software company had more than 2% market share. He says Palo Alto Networks now has about 5% share, and he’d like to be at 20%.
“We want to be the world’s first-ever evergreen cybersecurity company,” Arora adds. “Symantec used to be hot, and they’re gone. McAfee used to be out there….Who is left?” Arora answers his own question, pointing to
Software Technologies, Fortinet, and
in firewalls, plus CrowdStrike and Zscaler in other key niches. “We are trying to be relevant to every new technology transformation or transition,” he says, including AI.
It won’t be easy. The list of large, long-tenured cybersecurity companies is short. Guess how many have more than $10 billion a year in sales? Zero. And how many have market caps over $100 billion? None. Palo Alto is the biggest, with a $97 billion valuation. Just four others—CrowdStrike, Fortinet, Zscaler, and Cloudflare—are worth more than $25 billion. Microsoft is worth 11 times more than the five largest cybersecurity players combined.
There’s a reason for that. In cybersecurity, the problem set changes over time. We’ve come a long way from antivirus software and spam filters. With every new generation of threats, new software players emerge. But Arora sees consolidation under way, and he thinks AI will hasten the process.
“I don’t have to convince you that this is going to be big,” Arora says. “The fact that
Advertisement – Scroll to Continue
has sold more chips than they’ve ever sold in one year by a factor of four tells you that lots of AI data centers will be built over the next three years, more than in the last 15 years.” Cybersecurity spending, Arora says, is a derivative of higher overall IT spending.
That’s where Arora thinks Palo Alto has an edge. “Our customers have long relied on us to help them manage access to applications outside their infrastructure with employees,” he says. “Secure access, remote access, virtual private networks. Now all of their employees want to use AI tools.”
Advertisement – Scroll to Continue
And, as Arora notes, that raises new questions for data-focused businesses: “How risky is that AI application? What is the model doing with the data? Should I be sending this data outside my company?” He says companies have no choice but to monitor employees’ use of artificial intelligence, or risk significant consequences.
This past week, Palo Alto unveiled a new collection of AI security tools. There are products to monitor the growing set of AI services for safety and risk; to track and control which AI services employees access; to keep tabs on AI workloads running inside corporate networks, authorized or otherwise; and to act as an AI firewall, controlling what data can be uploaded to AI models while monitoring for security risks around the results coming back from those models.
All the while, Arora says, AI is making hackers smarter. “I can get a model to write a playbook on how to exploit a critical vulnerability,” he says.
Arora suspects hackers are collecting data on exploiting software vulnerabilities—and that AI will make the bad guys more effective, complete with hacking co-pilots. When it comes to the problems facing IT departments, AI risks are likely to trump “spending fatigue.”
Write to Eric J. Savitz at eric.savitz@barrons.com
