Cybersecurity equities have come under pressure after announcements from AI-native firms, but Morgan Stanley analysts contend that the growing AI threat landscape creates a substantially larger addressable market for security vendors. The bank models a $220 billion opportunity driven by incremental demand tied to AI risks, noting this figure substantially exceeds the relatively small slice of the market vulnerable to disruption - roughly 10% by their estimate.
Morgan Stanley underscores two central themes. First, AI materially expands the attack surface - the analysts estimate that 80% to 90% of attacks are already generated by AI - which raises the importance of controls that operate during runtime rather than solely in preventative layers. Second, runtime security, together with identity and platform controls, is viewed as a more defensible area for incumbents versus newer AI-native challengers, where disruption risk is concentrated primarily in preventative security.
Companies highlighted
The bank singles out four cybersecurity software names it believes are best positioned to capture the surge in AI-related security spending. Each firm is discussed below with the valuation metrics and rationale Morgan Stanley provides.
1. CrowdStrike Holdings Inc
Morgan Stanley assigns a $510 price target for CrowdStrike based on 37 times calendar year 2030 estimated free cash flow of $5.0 billion. The analysts argue CrowdStrike’s strengths include its platform scale, rapid AI product development, and flexible pricing constructs such as the Falcon Flex consumption-based model. Those attributes, together with the company’s runtime security capabilities in endpoint detection and response, are cited as positioning CrowdStrike to capture a significant share of incremental AI-driven security budgets.
The note also records that multiple research firms - including Cantor Fitzgerald, Benchmark, and Piper Sandler - have reiterated positive ratings on the company, pointing to its central role in the emerging AI security market and its improving traction in enterprise deals.
2. Okta, Inc.
For Okta, Morgan Stanley derives a price target based on 15 times base case calendar year 2027 estimated free cash flow, which the bank says implies roughly 4 times enterprise value to CY27 sales. The analysts emphasize identity security’s growing importance as non-human identities - such as APIs, machine identities, and autonomous agents - proliferate in AI environments. Okta’s portfolio is presented as a control layer that governs these identities through access controls and continuous monitoring.
The company recently reported fourth-quarter fiscal 2026 results that exceeded consensus estimates for both revenue and earnings per share. The Morgan Stanley write-up also notes that Barclays and Raymond James upgraded their ratings on Okta, reflecting identity security’s elevated priority within corporate security budgets.
3. Palo Alto Networks Inc
Morgan Stanley’s valuation for Palo Alto Networks is based on 32 times base case 2027 estimated free cash flow, with per-share free cash flow in that year modeled at $6.31. The firm highlights Palo Alto’s efforts to partner with AI-native firms on early model releases to build security guardrails and extend its network and cloud security capabilities into AI-driven contexts through runtime controls and policy enforcement.
Recent corporate moves cited include the completion of Palo Alto Networks’ acquisition of Koi, described as a company focused on securing AI coding agents, which is intended to bolster its Agentic Endpoint Security capabilities. The note also references Berenberg initiating coverage on the company with a Buy rating.
4. SailPoint Inc
Morgan Stanley sets an $18 price target for SailPoint on a valuation of 26 times base case 2030 free cash flow, implying roughly 7 times enterprise value to CY27 sales. SailPoint’s core focus is identity governance - managing lifecycle controls across both human and non-human actors. The analysts frame identity governance as converging with runtime security, serving as both gatekeeper and enforcement layer in AI-enabled environments.
SailPoint reported fourth-quarter fiscal 2026 results that beat consensus on revenue and margins, and the company named Levent Besik - previously affiliated with Microsoft and Okta - as its new chief product officer, a personnel move Morgan Stanley highlights.
Market sizing and net opportunity
Summarizing its view of the market, Morgan Stanley estimates that the uplift in AI-driven security demand more than offsets the portions of the market vulnerable to competitive disruption. On that basis the bank models a net cyber opportunity roughly 10% larger than today’s $300 billion cybersecurity market.
Implications for investors and the security sector
The report suggests that vendors with scalable platforms, runtime controls, identity governance solutions, and adaptable pricing frameworks are best positioned to convert elevated AI-related risk into revenue growth. The emphasis on runtime and identity implies potential demand shifts across endpoint, network, cloud, and identity security segments.
Conclusion
Morgan Stanley’s analysis highlights a sizeable AI-driven security opportunity and identifies four established software vendors it believes have the product portfolio, go-to-market motion, and strategic moves to capture incremental spending. The bank’s valuation frameworks and recent corporate developments for each firm form the basis for its constructive view on their prospects within an AI-augmented threat landscape.