Last week, Anthropic launched Claude Code Security — a tool that not only scans code for vulnerabilities using pattern matching but also reasons through it, similar to a human researcher. Markets responded almost immediately, and cyber stocks plummeted sharply. The familiar narrative emerged: “AI will eat cybersecurity.” I believe that’s an overreaction. However, I also think ignoring it entirely would be a mistake.
Having spent significant time in technology and cybersecurity, I recognise that the most disruptive moments often demand our full attention. Currently, several issues are unfolding simultaneously that I cannot help but keep contemplating.
Here’s what’s actually going on in my mind.
If I were the CISO of a global bank — multi-cloud, heavily regulated
A large bank relies on multiple cloud providers. It uses Amazon Web Services (AWS) for certain workloads, Microsoft Azure for others, Google Cloud for data and ML pipelines, Salesforce for CRM, SAP for finance, and maintains a layer of legacy on-premises systems beneath all of these that nobody likes to discuss publicly. This complexity isn’t easy to simplify, and anyone proposing a single-platform solution deserves healthy scepticism.
1. Identity Governance
Let me start with identity governance, because it’s where I’ve spent a significant part of my career — and where the gap between theory and operational reality is most often underestimated.
I’ve managed user access certification programmes for nearly 100,000 employees at a global bank. On paper, the concept is simple — every six months, thousands of line managers review and certify the access entitlements of their direct reports across hundreds of applications. In practice, it was one of the most operationally demanding programmes I’ve been involved in. On the technology side, you’re constantly navigating system upgrades, dealing with legacy applications never designed with modern access controls in mind, and trying to translate high-level access roles and entitlements — often too broad to be meaningfully detailed — into something a business manager can actually understand.
On the business side, you’re chasing thousands of managers who have their own day jobs, find the certification process somewhere between confusing and deeply tedious, and are simultaneously told by their superiors that this is a regulatory obligation they cannot ignore. And above all of that, regulators expect you to demonstrate — clearly, evidence-based, without caveats — that every access entitlement across the organisation has been properly reviewed and certified. The pressure from all sides at once is something you have to experience to fully appreciate.
That experience shapes my view on identity governance tools. I do not favour any specific vendor in this area — the landscape has changed, and reputable options are now available. What I do recognise is that the governance layer — including access certifications, role lifecycle management, and audit trails that meet regulatory standards — is genuinely specialised work that general-purpose identity platforms do not reliably replicate, at least not yet. SailPoint has been a major player here, but the real test for any vendor in this space isn’t what their platform shows in a trial — it’s how it handles entitlement complexity at scale, across legacy systems, with thousands of non-technical managers involved.
2. Privileged Access Management
Privileged access management is a specialised field. Managing continuous privileged access across multi-cloud environments, legacy systems, and an ever-changing technology landscape is genuinely difficult. CyberArk and BeyondTrust are the most commonly mentioned — not as endorsements, but as a reminder that this is an area where capacity matters more than cost, and cutting corners can cause issues in audits or, worse, incidents.
3. Endpoint Detection and Response
CrowdStrike was one of the hardest hit when cyber stocks fell following the Claude Code Security announcement — it is important to distinguish market noise from the actual signal here. Its Falcon platform demonstrates substantial enterprise depth and authentic AI-native investment in endpoint detection and response. SentinelOne is its closest competitor, positioning itself as the more autonomous, less analyst-dependent alternative — the rivalry between the two is genuine and reflects a market still working out what AI-native EDR truly entails in practice. Palo Alto Networks Cortex XDR expands the discussion beyond the endpoint to include network and cloud, and has been one of the more credible voices on AI-driven security operations overall.
Microsoft Defender for Endpoint cannot be ignored — especially given the wider bundling trend. For organisations already using E5, many CISOs are quietly questioning whether a separate contract with CrowdStrike or SentinelOne still makes sense. Then there’s Carbon Black, now owned by Broadcom after the VMware acquisition — still part of many large enterprise setups, but its future roadmap and support under new ownership have become serious concerns. It underlines the importance of monitoring vendor financial health across the board.
The question for any of these vendors is the same — is their AI integration truly enhancing their capability, or is it just a layer of language applied to an unaltered product?
4. Application Security
Then there’s application security — and this is where 2026 feels like a genuine turning point. Snyk has established itself as a developer-first security tool. GitHub Advanced Security has brought vulnerability scanning closer to where developers actually work. And now Claude Code Security is analysing code vulnerabilities in context rather than just flagging patterns. The more established application security testing vendors are facing real pressure from both sides simultaneously. I would be asking any vendor in this space what their AI integration actually looks like in practice, not just in a pitch deck.
5. Vulnerability Management
Qualys has long been a respected name in vulnerability management within complex hybrid environments. My consideration is how the standalone vulnerability management market evolves as cloud-native platforms integrate more of that capability internally — and I would want my vendor to provide a convincing answer to that.
6. Cloud Security and Hyperscalers
Regarding cloud security posture, Wiz has garnered considerable attention — and Google’s acquisition of it is noteworthy. Not as a product endorsement but as a signal. Hyperscalers are no longer just competing with cybersecurity vendors; they are acquiring them. If you’re a bank standardised on a security tool now owned by a hyperscaler, your roadmap discussions, pricing leverage, and vendor independence have all become more complex. That’s worth considering when structuring contracts today.
7. Network Security
On the network and access front, Zscaler and Netskope are serious contenders in zero-trust network access, especially for banks with large, dispersed workforces operating across multiple regions. Both companies have developed credible platforms and have real enterprise deployments; however, I advise monitoring this space closely. The line between cloud infrastructure and cloud security is genuinely becoming less distinct, and pure-play SASE (Secure Access Service Edge) vendors working in that middle ground face a fundamental question about their position in a world where hyperscalers are continually expanding their perimeters. This is not a reason to avoid them — rather, it’s a prompt to scrutinise their independence, roadmaps, and how they differentiate themselves in a landscape where AWS, Azure, and Google are all advancing further into native network security.
8. Threat Intelligence
Palantir Technologies warrants mention in a different context — deploying AI for threat intelligence and security operations on a large scale, especially in environments where the volume and complexity of signals surpass what traditional tools can handle effectively. It isn’t suitable for every organisation, but for those operating at sufficient scale and complexity, it is a field worth understanding.
The question I keep returning to as a hypothetical bank CISO isn’t “does AI replace my security vendors?” It’s “which of my vendors are genuinely integrating AI in ways that make them more capable, and which ones are retrofitting the language without the substance?” That distinction matters more than most vendor conversations will naturally reveal.
And I would be monitoring vendor financial health more closely than usual. Smaller pure-play security companies facing simultaneous pressure from hyperscalers and AI platforms are targets for consolidation. Some of those acquisitions will benefit customers. Others won’t. Midway through a multi-year enterprise contract is not the time to discover your vendor’s roadmap has fundamentally changed.
The Small Business Reality
The calculus is genuinely simpler. If my entire environment runs on Microsoft 365 E5, Azure, and Teams, I would question which standalone security vendors still deserve their place. Entra manages identity. Defender covers endpoints with growing vulnerability management capabilities. Sentinel handles SIEM. Would I still pay separately for Okta or Ping Identity in that setup? I would need a truly compelling reason. The case for consolidating onto Microsoft’s native stack is becoming increasingly persuasive for smaller organisations — provided you stay focused on where governance and compliance gaps still exist.
So where does this leave us?
I don’t have definitive answers, and I am somewhat sceptical of anyone claiming to know at this moment. What I do believe is that the comfortable assumption — that the security vendors you chose three years ago are still the best — is worth reconsidering. Not out of panic, but out of genuine intellectual honesty about whether the landscape has shifted enough to matter.
The threat landscape is growing, not shrinking. AI reduces barriers for attackers just as much as it does for defenders. The need for strong security isn’t decreasing — but the origins of it and who provides it seem truly more uncertain than they were even 18 months ago. That uncertainty is unsettling. However, frankly, it makes this moment worth noticing.
I am curious about what those of you in technology and security leadership are thinking — especially those managing the multi-cloud, regulated environment on a daily basis.
About the author
Viren Mantri is a cybersecurity advisor and former senior technology leader across Standard Chartered, UBS, McAfee, and KPMG. With 30 years of navigating the intersection of technology, risk, and regulation, he now helps organisations cut through complexity and make better security decisions.
CC-BY Viren Mantri, 2026, licensed under a Creative Commons Attribution 4.0 International License.
Disclaimer: All views expressed here are entirely mine.