Anthropic’s Claude AI tool slashes $15 B from cybersecurity stocks as agents reshape

Anthropic’s rollout of Claude Code Security has sent the market re‑evaluating the competitive moat of traditional cyber‑defense vendors. Bloomberg reported that the new tool, which integrates Claude’s large‑language‑model capabilities with real‑time code‑analysis APIs, prompted a $15 billion erosion in the combined market capitalization of publicly traded cybersecurity firms within days of its launch. The sell‑off was led by heavyweight names such as Palo Alto Networks, Fortinet and CrowdStrike, whose shares fell 6‑9 % in the immediate aftermath, according to Bloomberg’s price data. Analysts cited the tool’s ability to automatically audit code for vulnerabilities, generate patches, and simulate exploit scenarios as a “potential game‑changer” that could compress the value chain for many security services (Bloomberg).

The market reaction is underscored by Anthropic’s own internal research, which shows that AI agents are already dominating high‑value software‑development workloads. In a study released on Feb. 22, 2026, Anthropic examined millions of human‑agent interactions through its public API and found that nearly 50 % of all agent tool calls were devoted to software development tasks (The Decoder). The same data reveal that other sectors—customer service, sales, finance—account for only a modest share of usage, prompting Anthropic to label broader agent adoption as still being in its “early days.” The concentration of agent activity in code‑centric workflows explains why Claude Code Security, built on the Opus 4.6 model, can immediately leverage an existing user base that is already comfortable delegating complex programming chores to AI.

The technical pedigree of Claude’s code‑generation engine further validates investor concerns. Nicholas Carlini, a senior researcher at Anthropic, detailed a proof‑of‑concept project that used parallel Claude instances to compile a full C compiler on top of Opus 4.6 (Simon Willison). The resulting Claude C Compiler was praised by former LLVM chief Chris Lattner as “a competent textbook implementation” that could be assembled by an undergraduate team in a semester (Willison). While Lattner noted that the compiler is not yet production‑ready—its design choices favor passing test suites over building reusable abstractions—the demonstration proves that Claude can autonomously handle multi‑hour, multi‑module software builds. Notably, Anthropic’s own metrics show that Claude Code’s longest autonomous work sessions nearly doubled between October 2025 and January 2026, rising from under 25 minutes to more than 45 minutes (The Decoder). This growth in sustained, unsupervised operation suggests that Claude agents are rapidly gaining the stamina required for end‑to‑end security analyses.

Investors are now weighing how Claude Code Security could reshape the economics of cyber‑risk mitigation. Traditional security platforms rely on a combination of signature databases, heuristic engines, and human analysts to detect and remediate vulnerabilities. Claude’s model can ingest raw source code, flag insecure patterns, propose remediation patches, and even generate exploit proofs—all within a single API call. If enterprises adopt the tool at scale, the demand for manual code‑review services could contract, pressuring revenue streams for firms that have built their businesses around labor‑intensive security consulting. Reuters highlighted that the broader software‑services sector has already seen nearly $1 trillion wiped from valuations as investors grapple with AI‑driven productivity gains (Reuters). The cybersecurity sell‑off appears to be a micro‑cosm of that larger trend, with the Claude upgrade acting as a “wake‑up call” for companies that have yet to embed generative AI into their core offerings (Reuters).

Nevertheless, the market’s punitive response may be premature. Anthropic’s internal data still show limited agent penetration outside software development, implying that many security use cases—network monitoring, threat intelligence aggregation, incident response orchestration—remain largely untouched by AI agents (The Decoder). Moreover, the Claude C Compiler’s reliance on test‑suite optimization rather than robust architectural design hints at potential brittleness when faced with the heterogeneous, legacy‑laden codebases typical of enterprise environments. As Lattner cautioned, “good software depends on judgment, communication, and clear abstraction”—qualities that current AI models can augment but not fully replace (Willison). Until Claude can demonstrate consistent performance across the full spectrum of cyber‑defense tasks, the $15 billion market correction may reflect a short‑term over‑reaction rather than a permanent re‑pricing of the sector.