Why Palo Alto and CrowdStrike Are Winning the AI Threat War

Why Palo Alto and CrowdStrike Are Winning the AI Threat War

Hackers aren't writing code manually anymore. They're deploying autonomous systems that probe enterprise networks at speeds humans can't track. This fundamental shift explains why Palo Alto Networks and CrowdStrike just booked their best quarters ever.

Between April and June 2026, Palo Alto surged 113% and CrowdStrike rallied 95%. When OpenAI and Anthropic introduced highly automated, frontier AI models like Daybreak, they didn't just give developers better tools. They handed bad actors an automated weapon. As a result, corporate security budgets are rotating away from legacy firewall hardware and moving directly toward the only two platforms capable of matching this scale.

If you think this corporate spending surge is driven by regular IT upgrades, you're missing the bigger picture.

The Mythos Moment Shifting Corporate Budgets

Security infrastructure is facing an unprecedented scaling challenge. According to data from J.P. Morgan, the number of recorded Common Vulnerabilities and Exposures (CVEs) skyrocketed to over 16,000 in early 2026, up from roughly 9,000 just two quarters prior. This spike isn't a statistical fluke. It represents the realization of automated vulnerability discovery.

CrowdStrike CEO George Kurtz recently labeled this phase the "Mythos moment." He noted that the entire tech world, starting with the frontier AI labs themselves, has realized that autonomous software requires a matching security layer. Hackers are using model infrastructure to generate highly targeted, polymorphic attacks that change their signature every time they hit a network. Legacy detection filters can't catch them because the attack footprint never looks the same twice.

The market reaction on June 29 proved that Wall Street finally recognizes this reality. Palo Alto jumped 9% to cross $332 per share, while CrowdStrike climbed 7% to reach $748. Corporate buyers are no longer picking and choosing small, isolated security tools. They're panicking into massive platform consolidation. Palo Alto CEO Nikesh Arora revealed that his team fielded inquiries from over 1,200 enterprises looking to protect their AI deployment pipelines, leading to 800 deep-dive technical meetings in six weeks.

Two Different Paths to Dominating the Same Attack Surface

While both companies are booking record revenues, they look entirely different under the hood. Understanding where to place your capital means looking closely at how each company approaches identity and data ingestion.

Palo Alto Networks and the Aggressive Acquisition Strategy

Palo Alto chose a broad consolidation play. They recently finalized a massive $25 billion acquisition of CyberArk, cementing identity management as the core pillar of their Next-Generation Security (NGS) suite. In their fiscal third quarter, Palo Alto grew total revenue 31% year over year to $3.0 billion, with NGS Annual Recurring Revenue (ARR) hitting an impressive $8.1 billion.

Arora’s strategy relies on "platformization." The goal is to lock corporate buyers into a massive, multi-year contract that covers cloud security, operations, and identity protection simultaneously. By buying up specialized firms like CyberArk and Chronosphere, Palo Alto can offer a single billing line item that appeals directly to chief financial officers who want to cut down on separate software subscriptions. It's working. Over 56% of enterprise tech chiefs expect to increase their commitments with Palo Alto this year.

CrowdStrike and the Organic Consumption Model

CrowdStrike relies on a completely different operational playbook. Instead of buying legacy firms, they rely on a single, lightweight software sensor installed across enterprise endpoints. They ended their latest quarter with an ARR of $5.25 billion, growing 24% year over year.

What makes CrowdStrike fascinating right now isn't just their top-line growth, but their internal customer expansion metrics. Their net retention rate accelerated to 115%. At a multi-billion-dollar scale, that expansion rate defies normal software metrics. Existing customers are spending more money each quarter without needing a sales team to pitch them.

This happens because of a consumption setup called Falcon Flex. Instead of forcing companies to negotiate a new contract every time they want to protect a cloud server or an identity database, Falcon Flex allows teams to shift their spending across the platform dynamically. This flexible model has grown into a $1.69 billion machine, up 120% year over year. Customers aren't being forced to buy more; the expanding nature of automated threats forces them to activate more platform features on their own.

The Valuation Reality Check for Software Portfolios

Before throwing money at this sector, look closely at the multiples. These stocks have run hard, and the public markets are pricing them for flawless execution.

Palo Alto trades at roughly 37x Next Twelve Months (NTM) Enterprise Value to EBITDA, and a forward Price-to-Earnings (P/E) multiple of 75x. That sounds expensive until you look at CrowdStrike, which commands a premium forward P/E of 143x and an NTM EV to EBITDA multiple of nearly 64x. The broader software sector median sits at a modest 4.0x EV to Revenue.

This valuation gap exists because of recurring revenue margins. CrowdStrike boasts a 78% gross margin and operates a pure cloud subscription model. Palo Alto still carries a mix of hardware security lines, giving them a lower overall multiple but faster near-term revenue growth at 31% versus CrowdStrike's 26%.

If you prefer faster top-line growth at a lower relative entry price, Palo Alto's recent quarterly performance makes it a highly defensive, predictable anchor. If you want pure exposure to autonomous endpoint defense and high-quality recurring cash flows, CrowdStrike justifies its steep premium, especially with their upcoming 4-for-1 stock split lowering the retail entry barrier.

Your immediate next step shouldn't be chasing either stock at historic highs. Instead, audit your portfolio allocations. If you hold general tech funds or software sector indexes, check their weightings for Palo Alto and CrowdStrike. Ensure you aren't overexposed after this massive multi-month run. If you manage an enterprise IT budget, expect your security vendors to leverage these threat metrics to push you away from standalone point products and force you into a broader platform package before your next renewal cycle.

EJ

Evelyn Jackson

Evelyn Jackson is a prolific writer and researcher with expertise in digital media, emerging technologies, and social trends shaping the modern world.