The cybersecurity industry has reached a genuine turning point. For years, security was treated as an afterthought in conversations about technological progress, a backstage concern that rarely shared the spotlight with the products and platforms it was meant to protect. That is no longer the case. As artificial intelligence moves from novelty to infrastructure, security has become inseparable from the broader story of AI adoption itself. One of the largest players in the space recently posted results that captured this moment: revenue of roughly $1.39 billion, growth of 26 percent year over year, earnings of about a dollar and ten cents per share, and a swing back into profitability. The numbers were better than expected, yet they tell only part of the story.
Strong Results, Volatile Market
Solid financial performance is more or less what one should expect from a large, established security company in this sector. The more interesting dynamic lies beneath the headline figures. Even when a business is executing well, its stock can move for reasons that have little to do with the quarter just reported. A company whose shares are still up more than 50 percent for the year is a natural candidate for profit-taking, and a four-for-one stock split announcement can further muddy the short-term picture. Heading into the summer months, it is always difficult to predict precisely why the market behaves the way it does on any given day. Those movements are largely short-term noise.
The longer-term trajectory is what matters, and that trajectory points toward continued growth, particularly in annual recurring revenue. The decisive question is not whether a company can post one good quarter, but whether it can keep making the right strategic moves: defending against AI-driven threats while also becoming proactive and programmatic about how its own systems respond to the new generation of automated, agentic attacks.
Is AI Friend or Foe?
The most natural question to ask about AI in this context is whether it is a friend or an enemy to the cybersecurity industry. The honest answer is that it is both, and the two roles are inseparable.
AI is unambiguously a foe. Attackers use it to their advantage, accelerating the speed, scale, and sophistication of their campaigns. But the very reason AI is also a friend follows directly from this threat. To defend against attacks that unfold at machine speed, an organization must itself operate at machine speed, and the only way to operate at machine speed is with AI. This is the core logic of the new era: you cannot outrun an automated adversary using manual methods.
This has profound implications for long-standing security practices. The familiar idea of keeping a "human in the loop" — a person watching events unfold, analyzing results, and verifying outcomes — was designed for a slower world. Those methods simply do not hold up against the velocity and the kinds of attacks that AI now makes possible. Human verification still has a role, but it cannot be the front line of defense when threats move faster than any person can react. The only credible way to combat AI-powered attacks is with AI.
Beyond Automation: Engineering the Defense Itself
The shift underway is larger than automating detection and response. We are entering a phase in which AI is used not only to respond, but to engineer how AI itself is used across every dimension of security — defending, responding, and taking further proactive action to build resilience into networks, organizations, and systems. The goal is not merely to react faster, but to design defenses that are themselves intelligent and adaptive.
This is why aggression has become a virtue in this field. The mature posture is no longer to wait and watch, but to take control of what happens with AI. Security has always rested on three pillars: understanding what exists in your environment, understanding what is happening within it, deciding what to do about it, and then automating that response wherever possible. AI raises the stakes on every one of those pillars and makes automation not optional but essential.
The New Attack Surface: Protecting Our Own AI
There is a second, subtler shift that deserves equal attention. Until recently, the conversation focused almost entirely on AI as part of the attack surface — AI as a tool wielded by adversaries and something to be defended against. But organizations are now building their own AI: creating agents, writing applications powered by AI, and deploying these systems across the enterprise. They appear on user desktops in productivity applications, and they run deep in back-end and management systems.
These internally deployed AI systems must themselves be protected. An autonomous agent acting on a company's behalf is a new and powerful asset, but it is also a new and powerful liability if it is not properly secured. This is where the concept of governance becomes central. You cannot protect what you cannot control, and you cannot control what you do not understand. If you do not know what an AI system's behavior is supposed to be — what it should and should not do — you have no basis for governing it.
The Battle for the Control Plane
All of this converges on a single, decisive concept: the control plane. Whether AI is being used to defend a network, protect a system, secure code an organization has written, or govern third-party products it depends on, there must be a layer that governs what the AI actually does. The control plane is what enforces the rules. It answers the essential questions: Did the AI do the right things? Is it operating within the controls, boundaries, and guardrails it is supposed to respect?
This is where the real competition will be decided. The market is heading not merely toward better defense, but toward ownership of the control plane — because whoever owns it governs the behavior of AI itself. If your organization is subject to another vendor's guardrails and another vendor's control plane, you are subservient to it. You have surrendered authority over the very systems that now run your business.
The structure of the market makes this a high-stakes contest. Enterprises are not going to operate twenty-five different control planes; the complexity would be unmanageable. They will consolidate around perhaps two, three, four, or five control planes supplied by the major vendors. Every serious player wants to be one of those few. The winners and losers in cybersecurity will increasingly be defined not by who can detect the most threats, but by who owns the control plane that governs how AI behaves across the enterprise.
Conclusion
The cybersecurity industry stands at a genuine inflection point, and the leaders in the field recognize it. Strong quarterly results are welcome, but they are not the real measure of who will thrive. The future belongs to those who treat AI as both adversary and ally, who accept that machine-speed threats demand machine-speed defenses, who extend their protection to the AI systems they build themselves, and above all, who position themselves to own the control plane. Governance, not just detection, is becoming the foundation of security — and the companies that understand this are the ones grabbing the bull by the horns.