Cybersecurity Stocks Got Crushed After Mythos. Here's What the Smart Money Is Doing Now.

Last week, some of the most reliable names in cybersecurity lost billions in market value in a matter of days. Not because of an earnings miss. Not because of a scandal. Because an AI company announced a model they're not even releasing to the public.

That's the kind of thing that makes you stop and ask what's really going on.

If you missed the Mythos story, the short version is this: Anthropic built an AI model so capable at finding and exploiting software vulnerabilities that they decided it was too dangerous to release. Instead, they handed early access to a small group of tech giants and financial institutions through a program called Project Glasswing. → Full breakdown of what Mythos is and why Anthropic locked it down

The market's reaction to that announcement is what we're here to talk about today.

What Actually Happened to the Numbers

The sell-off hit fast and it hit hard.

CrowdStrike fell 11% over three sessions. Palo Alto Networks dropped 12%. Akamai Technologies shed 20%. Fortinet lost 8%. Zscaler was down more than 4%. The Global X Cybersecurity ETF — which tracks the sector broadly — closed at its lowest level since late 2023, bringing its year-to-date decline to over 21%.

To put that in perspective, the S&P 500 Software and Services Index is down about 25% since January, making it one of the worst-performing corners of the U.S. market in 2026. And analysts at several firms now point to Anthropic as a primary driver of that pain — not just from Mythos, but from a series of announcements this year that keep raising the same uncomfortable question.

Why Investors Panicked

The fear isn't complicated once you understand the business model of a traditional cybersecurity company.

Companies like CrowdStrike and Palo Alto have built their entire value proposition around human expertise and proprietary detection tools. Their pitch to enterprise customers is essentially: our team can find threats that yours can't, and our software catches things other software misses.

Mythos punches a hole in that pitch. If an AI model can autonomously find vulnerabilities that human researchers missed for 27 years — for roughly $50 in compute — then what exactly are customers paying legacy security vendors for?

One analyst at Raymond James framed it this way: Mythos signals "compression of traditional defensive advantages." In plain English, the moat that cybersecurity companies built over decades might be a lot narrower than investors thought.

That's what the sell-off was really about. Not Mythos itself, but what Mythos represents about where AI capabilities are headed — and how fast.

Then Something Interesting Happened

Here's the part most headlines missed.

After the initial panic, several of the same stocks that got hammered started bouncing back. CrowdStrike recovered more than 6% in a single session. Palo Alto gained back over 4%. The reason? Project Glasswing's partner list.

When Anthropic announced which organizations got early access to Mythos, CrowdStrike and Palo Alto were both on it. So were Microsoft, Google, Amazon, Apple, and Nvidia. The message the market eventually absorbed: the companies best positioned to use AI-powered security tools are the same ones that already have deep relationships with the firms building them.

That's a meaningful distinction. There's a big difference between "AI will replace cybersecurity companies" and "AI will change what cybersecurity companies do." The smart money appears to be betting on the second scenario.

→ Here's how Anthropic is still privately held — and how regular investors can get exposure

Two Scenarios From Here

This is where it gets interesting from a portfolio perspective.

Scenario A: AI disrupts legacy cybersecurity The bear case is that AI tools like Mythos make traditional security products obsolete. Enterprises stop paying for expensive software subscriptions and start running AI agents that do the same job for a fraction of the cost. In this scenario, the stocks that got hit hardest stay down — or go lower.

Scenario B: AI raises the stakes for everyone The bull case is that AI-powered attacks become so sophisticated that demand for advanced security tools actually increases. Companies can't afford not to invest. The firms that integrate AI fastest — CrowdStrike, Palo Alto, Microsoft — come out stronger, while the laggards fall away.

Nvidia CEO Jensen Huang publicly argued in February that markets are wrong about AI disrupting software. His view: agentic AI will use existing platforms, not replace them. He has a financial interest in saying that, obviously. But the earnings reports so far back him up — most of these companies are still posting solid growth.

What the Data Actually Suggests Right Now

A few things worth watching:

JPMorgan, Goldman, and other major banks are actively testing Mythos through Project Glasswing. If the model helps them find and patch vulnerabilities in their own systems, that's a direct argument for more security spending, not less.

Microsoft is one of Anthropic's biggest customers — reportedly on pace to spend around $500 million on Anthropic this year — while simultaneously being a Project Glasswing partner. They're on both sides of this trade.

The insurance angle is underrated. If AI makes cyberattacks more frequent and more damaging, cyber insurance premiums go up. Companies will spend more on security to keep their premiums down. That spending has to go somewhere.

My Read on This

I'm not going to tell you to buy the dip on cybersecurity stocks. I don't know your situation, and anyone who gives you a confident recommendation on a sector this volatile right now is oversimplifying.

What I will say is this: the Mythos sell-off looks more like a fear-driven overreaction than a fundamental reassessment. The companies that got hit hardest are the same ones now getting first-mover access to the technology that supposedly threatens them. That's not nothing.

The real risk isn't that AI replaces cybersecurity. It's that the timeline for AI-powered attacks is shorter than most companies — and investors — are pricing in. Wiz, one of the more credible security firms tracking this, estimates that open-source models with Mythos-level capabilities will be widely available within 12 to 18 months. When that happens, demand for serious security infrastructure is going to look very different than it does today.

❓ FAQ

Q: Should I buy cybersecurity stocks after the Mythos sell-off? That depends on your risk tolerance and time horizon. The sector is volatile right now. If you believe AI raises the stakes for cybersecurity overall — which the evidence supports — then the dip may be an opportunity. But do your own research before making any moves.

Q: Which cybersecurity companies are part of Project Glasswing? CrowdStrike and Palo Alto Networks are the two pure-play cybersecurity firms in the program. They're joined by Microsoft, Google, Amazon, Apple, Nvidia, Cisco, Broadcom, JPMorgan Chase, and the Linux Foundation.

Q: Is the cybersecurity sector actually in trouble long-term? Not necessarily. The more likely scenario is consolidation — stronger AI-integrated firms pull ahead while legacy players struggle. It's a transformation story, not a collapse story.

Q: What's the Global X Cybersecurity ETF (BUG)? It's an ETF that tracks a basket of cybersecurity companies. It took a significant hit after the Mythos announcement and is down more than 21% year-to-date as of this writing. It gives you broad exposure to the sector without picking individual stocks.

Q: How does Mythos connect to Anthropic's IPO? Anthropic is still privately held, but an IPO is widely expected in 2026. The Mythos situation cuts both ways for valuation — it establishes Anthropic as the clear capability leader, but the decision to withhold the model raises questions about near-term revenue. → Full breakdown of Anthropic's IPO and how to get exposure now

The Mythos Series

Part 1 → What Is Claude Mythos AI and Why Didn't Anthropic Release It to the Public? 

Part 2 → Cybersecurity Stocks Got Crushed After Mythos. Here's What the Smart Money Is Doing Now.  

Part 3 → How to Invest in Anthropic Before the IPO — Your Options in 2026 (coming soon)

Part 4 → How to Protect Your Bank Account From AI Hacking — A Practical Guide (coming soon)

Part 5 → Who Has Access to Claude Mythos Right Now — and What They're Finding (coming soon)