Artificial intelligence (AI) has been touted as a breakthrough for tasks as diverse as detecting cancer and composing emails. Amid all the optimism, it’s possible to forget that, as with any powerful tool, large language models (LLMs) such as GPT and Claude can have a number of unforeseen impacts.
Take cybercrime. Though it was growing rapidly before the AI boom, it has ballooned in recent years, partly due to LLMs that can be used to create convincing and even targeted scams at scale. In 2019, online fraud cost U.S. consumers and businesses an estimated $65 billion. By 2025, that swelled to an estimated $640 billion and is forecast to top $3.3 trillion by 2030.
The workplace is changing, too. AI tools are being used to craft presentations, ads and even computer programs. Some companies have started using “agents,” semiautonomous tools that can be directed to handle tasks with little or no human input. However, these tools sometimes do unexpected things or take shortcuts a human wouldn’t. One company recently made headlines after one of its agents deleted several months’ worth of data, throwing its operations into chaos.
This has all underlined the need for robust cybersecurity, which is more necessary than ever to combat unauthorized access and to keep new technologies from compromising systems.
“Cybersecurity software alone is growing rapidly and could be a $250 billion industry by 2030,” says Capital Group equity analyst Nishith Kaushik. “It remains a top priority for corporate management across all surveys, and it is an area of tech spending that companies don’t feel comfortable trimming.”
Of course, there are challenges. Shares of cybersecurity providers have been highly volatile, with Kaushik explaining that they have often outpaced the broad market in upturns but skidded harder in downdrafts. They also face weighty competition, particularly from tech giants such as Microsoft and Google that have their own security offerings.
Nevertheless, aside from organic growth potential, there are other reasons for investors to look closely at the industry. It’s deeply fragmented, with thousands of specialty firms, and ripe for consolidation. That additional efficiency could benefit bottom lines and would be welcomed by clients, many of whom juggle dozens of vendors.
Traditionally, cybersecurity firms have tended to specialize — a response to both the complexity of their business and stiff competition in the industry. That’s resulted in a wide-open field with some 4,000 to 5,000 operators. However, that’s a headache for clients, which often have to juggle dozens of vendors.
“Fortune 500 companies typically have 50-plus cybersecurity vendors,” Kaushik adds. “That can result in higher costs, complicated supplier relationships and additional vulnerabilities that stem from forcing several security solutions to work together.”
Large cybersecurity companies have responded by moving toward a platform model in which they package a suite of services, often contracting with smaller specialist firms to fill out their offerings. The benefit to clients is clear — better integration means fewer vendors to track and can help limit vulnerabilities stemming from mismatched programs. Smaller firms may benefit, too: The all-in-one approach offers them the potential for steady business and a high-profile partner.
Novel technologies always come with hiccups, and LLMs are no different. There are the traditional worries — keeping private company data sequestered, for example, and properly integrating the software to avoid new vulnerabilities. But there’s a new concern.
Agents are being used across industries to address complex tasks, but the unique ways they function can introduce vulnerabilities. If they’re given too much access, they can take irreversible actions, such as releasing sensitive data into the wild. If they’re not given proper guardrails, they can dive into systems in unexpected ways, gathering permissions and becoming de facto super-users. Even when they’re well-behaved, they can be vectors for external attacks — an unauthorized user who can interact with an agent could potentially get it to take actions on their behalf, for example.
As the technology develops, it’s likely to result in other new tools that will come with their own security challenges. Cybersecurity firms could enjoy a durable, long-term lift as they confront and manage these risks.
There could be bumps in the road, of course. Some tasks currently handled by cybersecurity businesses might be better performed by AI, such as scanning programs for potential vulnerabilities. When Anthropic, an AI researcher, announced that its unreleased Mythos tool had uncovered vulnerabilities that had gone overlooked for decades in some widely used software, cybersecurity share prices tumbled.
The concerns aren’t entirely unfounded, Kaushik notes. He estimates that such tools could usurp about 10% of the firms’ business. However, he adds that “expanding threat vectors using AI will likely more than compensate for this potential disruption.”
These companies have experienced similar encroachment in the past: Cloud providers subsumed some of their market share when offsite storage started growing. Even with that competition, cybersecurity providers have grown strongly over the last 10 years.
Anthropic itself underlined the importance of human-powered cybersecurity know-how with its Project Glasswing. That venture, a partnership between the researcher and cybersecurity companies, is designed to evaluate software vulnerabilities before releasing tools like Mythos to the general public.
“AI is significantly increasing the attack surfaces, threat vectors and intensity of cyberattacks,” Kaushik says. “Cybersecurity will continue to be critical.”.
U.S. Federal Reserve
Economic Indicators