Palo Alto Networks’ CEO Nikesh Arora
Nikesh Arora, CEO of Palo Alto Networks, has pushed back against the panic caused by Anthropic’s Mythos. As artificial intelligence (AI) models like Mythos send shockwaves through the tech world, Arora says that the stock market has become increasingly “paranoid” about the future of software companies.
In two different posts on X (formerly Twitter), Arora argued that investors are failing to distinguish between software that AI will replace and software that AI will actually make stronger.
Three types of SaaS companies
According to Arora, while some sectors are in trouble, cybersecurity belongs to a rare group of industries that AI cannot easily disrupt. He said that this due to the fact that AI has to be embedded into the inline sensors, which has taken years to integrate. Arora broke down the software-as-a-service (SaaS) world into three categories to explain who survives:The first category is the ones that will be impacted. These include Analytical and Creative software.
The second category is productivity and human workflow tools that must change to survive. Third are the beneficiaries, like the Infrastructure and Cybersecurity where AI makes these more essential.“I would have expected the market to start discerning between SaaS that is impacted by AI, SaaS that needs to evolve, and SaaS that benefits from AI. Analytical SaaS, Creative SaaS is in category 1, System or Record, Human workflow and Engagement and Productivity are in category 2 and Infrastructure SaaS and Cybersecurity are in 3.
This constant paranoid reaction of the market will continue to create buying opportunities for the discerning,” he said in the post.
Arora on why AI cannot replace cybersecurity software companies
Here are the three specific reasons Arora believes AI models, no matter how powerful, cannot replace dedicated cybersecurity companies.First is the “Hallucination” problem, which is considered to be one of the biggest hurdles for even the most advanced AI models. Arora pointed out that Large Language Models (LLMs) currently have a “false positive” rate of about 30%.
In easier words, in the world of cybersecurity, being wrong 30% of the time is catastrophic. If an AI incorrectly flags a harmless file as a virus, it could shut down an entire company’s operations. Conversely, if it misses a real threat, the damage is done. Second is lack of “Inline Sensors”. Arora noted that cybersecurity companies have spent “a lifetime” deploying physical and digital sensors everywhere, on employee laptops (endpoints), inside web browsers, and within cloud firewalls.
AI models like Mythos live in the cloud, but they don’t have these “boots on the ground.” A model might identify a vulnerability, but it cannot physically “enforce” a block or stop an attack in real-time. Thirdly, the complexity of enterprise policy. Every company has a different set of rules. A bank has different security needs than a hospital or a retail store. Arora argues that AI models are currently unable to write or manage “enterprise policies” that are specific to a customer’s unique business needs.“The false positive rate for LLMs is about 30%, so as of now no model can validate those and to deploy models to assess threats they need to be merged into the inline sensors – they have taken a lifetime to deploy, endpoints,agents (old world), browsers, firewalls on prem and cloud, models can’t enforce, nor write enterprise policy which is customer specific,” Arora explained.
