摩根士丹利-北美软件行业：AI原生企业：网络安全领域的挑战者抑或制造新挑战-AI-Natives：Challengers,orCreatingChallenges,forCyber-20260420

MorganstanleyRESEARCH

April20,202604:01AMGMT

Software|NorthAmerica

AI-Natives:Challengers,or

CreatingChallenges,forCyber

CybernameshavesoldoffafterAI-nativecyberannouncementsinthepastcoupleofweeks.Weseea$220bnopportunityforcybernamesasaresultofgreaterAIthreat,farbiggerthanthe10%ofthecybermarketweseemoreatrisktodisruption.FavorPANW,CRWD,OKTA,SAILasbestpositionedforAI.

KeyTakeaways

AIexpandsthethreatsurface,drivinga~$220bnincrementalcyberopportunity

—outweighing~10%ofmarketsatrisk

Runtimesecurityemergesasthekeycontrollayer,reinforcingincumbents’positioningvs.AI-nativechallengers

AIacceleratesattacks(80–90%AI-generated),butalsoincreasesdemandfordetection,response,andidentitysecurity

Disruptionriskisconcentratedinpreventativesecurity;runtime,identity,andplatformlayersremainmoredefensible

FavorCRWD,PANW,OKTA,SAILasbestpositionedviaplatformscale,AIproductvelocity,andflexiblepricingmodels

DefinitionofwhatmakesagreatcybercompanymaychangewithAI,butstill

viewcybercompaniesasbestabletocompete.WhileAIintroducesanewsetofchallengesandchallengers,italsoreinforcestheneedforreal-timedetection,

responseandcontrolasthreatsscaleinvolumeandcomplexity.With80-90%of

attacksalreadyAIgenerated,andthecostofattackgoingto$0,cyberorganizationsandcybernamesarescramblingtoprotectthemselves,beforethelatestsetof

modelreleasescometomarket.Webelievethebestpositionedcybernamesinthefuturewillhavethefollowingattributes.(1)Clearlydefinedagenticsecurity

roadmapsandademonstratedabilitytoaccelerateAI-drivenproductreleases,

particularlyasenterpriseadoptionofAIagentsbeginstooutpacetheavailabilityofdedicatedAI-securitysolutions.(2)Evolvingpricingmodelssuchasflexible,

consumption-basedframeworks(e.g.,FalconFlex),whichlowerfrictionforadoptingnewcapabilities.(3)Acohesivevaluepropositionrootedinruntimeenforcement,

expandedvisibility,proprietarydataadvantages,andcost-efficientdeliveryrelativetoAI-nativealternatives.Thus,weseeCRWD,PANW,OKTA,SAILasbest

positionedtocaptureopportunitygivenbroaderplatformcoverage,paceof

relatedAI-solutionsalreadyinthemarkettoday,andevolvingbusinessmodels.

Threatsurfaceexpanding,butgreaterinvestordebatearoundwhobestto

address.RecentannouncementsfromtheAI-nativeshavehighlightedboththe

opportunitytoexpandintoadjacentcybersecuritycategories(beyondcode

security),andthegrowingriskassociatedwithincreasinglycapablemodels.Notably,

IDEA

MoRGANSTANLEy&Co.LLCMetaAMarshall

EquityAnalyst

Meta.Marshall@

+1212761-0430

KeithWeiss,CFA

EquityAnalyst

Keith.Weiss@

JonathanEisenson

ResearchAssociate

+1212761-4149

Jonathan.Eisenson@

+1212761-2808

RyanLountzis

ResearchAssociate

Ryan.Lountzis@

AbhishekSMurli

ResearchAssociate

+1212761-3189

Abhishek.S.Murli@

+1212761-7388

SoFTwARE

NorthAmerica

IndustryViewAttracti∨e

MorganStanleydoesandseekstodobusinesswith

companiescoveredinMorganStanleyResearch.Asaresult,investorsshouldbeawarethatthefirmmayhaveaconflictofinterestthatcouldaffecttheobjectivityofMorganStanley

Research.InvestorsshouldconsiderMorganStanley

Researchasonlyasinglefactorinmakingtheirinvestmentdecision.

Foranalystcertificationandotherimportantdisclosures,refertotheDisclosureSection,locatedattheendofthisreport.

2

Morganstanley

RESEARCH

IDEA

severalmodeldevelopershaveintroducedpre-releaseprogramswithcybersecurityvendors,eitherselectivelyormorebroadly,tohelpestablishguardrailsaheadof

deployment,underscoringtheexpectationthatfuturemodelsmayintroducenew

classesofvulnerabilities.Whilewegenerallyviewamuchlargeropportunityforcyberstocksasthethreatsurfaceexpands,the~(25%)performanceofthestockspointstolessinvestorconfidence.Long-onlyinvestorswetalktointhespace

generallyremainconstructiveonthesector,supportedbytheviewthatthethreatlandscapeisexpandingrapidly,asAllowersthecostofattacksandincreasestheirfrequencyandsophistication.lncontrast,hedgefundinvestorsappearmoremixed,withgreaterskepticismaroundthelong-termdefensibilityofincumbent

cybersecurityvendorsrelativetoAl-nativeentrants.lmportantly,weviewthe

currentdebateasstructurallysimilartopriorcyclesofdisruptionincybersecurity,includingconcernsthat“cloudproviderswouldsubsumesecurity”whenthe

industryinitiallymovedtothecloudorthatpersistentbreachesunderminethevaluepropositionoftheindustry.

KeyInvestorsQuestions:

•Whyis'RuntimeSecurity'KeyforVendorDefensibility?RuntimesecurityiscriticalinAlbecausetheprimaryrisksemergewhenmodelsareactively

deployedandinteractingwithusers,data,andconnectedsystemsin

production.Atthatstage,organizationsmustmanagethreatssuchas

promptinjection,dataleakage,andmisuseinrealtime,whichcannotbefullymitigatedduringdevelopment/training.Asaresult,leadingsecurity

platforms,includingCrowdStrike,PaloAltoNetworks,Okta,and

SailPoint,arepositioningruntimecontrolsasacorepillaroftheirAI

strategiesbyextendingtheirrespectivestrengthsinendpoint,network,andidentitysecurityintotheAIlayer.Thesecapabilitiesmonitorand

filterinputsandoutputs,enforceaccessandusagepolicies,anddetect

anomalousbehavior,effectivelycreatingadynamicenforcementlayer

(i.e.,guardrails)aroundliveAIsystems.Thisapproachreflectstherealitythat,giventheprobabilisticandnon-deterministicbehaviorofthesemodels,continuousoversightatruntimeisthemostpracticalwaytoreducerisk,andrepresentsanaturalevolutionofestablishedsecuritycategorieswithintheAlera.

•WhatDoTheAI-NativeReleasesMean?OverthepastcoupleofweekstherehavebeenanumberofannouncementsfromAl-natives,both

highlightingpreviouslyundiscoveredvulnerabilitiesaswellaspotential

cyber-relateddangerswithupcomingmodels.Atthesametime,therehasbeenamarkedshiftfromtheAl-nativestotryandpartnerwith/enablespecificgroupsofcybersecurityvendors/platformsforearlyreleasesoftheirmodelstohelpdevelopguardrailsaheadofrelease(i.e.,

PANWa

nd

CRWD)

.lntheseannouncements,theAl-nativeshavenotednovel

vulnerabilitiesidentifiedwithanincreasingabilityforbadactorstoexploitthem.Therehavealsobeenreleasesofspecificabbreviatedmodelsbettertunedtofindvulnerabilitiesaswell,thoughnottotheextentwheretheseprovidersareremediatingtheactualthreats.Giventhedangerthese

modelspose,AI-nativesknowthatcybersecurityisgoingtobeahurdleforadoption–morerecentlychoosingtoidentifytheproblem(s)and

Morganstanley

RESEARCH

IDEA

enableanecosystemofpartnerswhocanthwartpotentialzero-day

attacksshouldeasemodeladoption.Outsideofareasthatarenot

runtime-specific,orwherebusinessmodelsarenotconducivetoutilizingamulti-billionparameterLLM,wedothinkAI-nativescouldeventuallyintroducemorestandaloneproducts.

•WhatAreasofCybersecurityDoesThisEncroachOn?Inourview,the

cybersecuritylandscapecanbroadlybesegmentedintothreecategories:(1)preventative,(2)controlpoint/perimeter,and(3)runtime(seeExhibit1formoredetail).Preventativesecurityfocusesonidentifyingandmitigating

vulnerabilitiespriortodeployment,includingareassuchasvulnerability

management,applicationsecuritytesting,andcloudposture/configurationmanagement.Controlpoint(orperimeter)securitygovernsaccessatthe

networkandidentitylayer,determiningwhoandwhatisallowedintoa

system,andincludessolutionssuchasfirewalls,zerotrustnetworkaccess,andidentitysecurity.Runtimesecurity,bycontrast,operatesduring

execution,detectingandstoppingthreatsinrealtimethroughsolutionssuchasendpointdetectionandresponse(EDR),extendeddetection&response(XDR),andSecurityOrchestration,Automation,andResponse(SOAR).

Therefore,webelieveAI-nativesecuritymodelsaremostlikelytodisruptthepreventativelayer,whereanalysiscanbeperformedasynchronouslyandwherelatencyislesscritical.Bycontrast,controlpointandespeciallyruntimesecurityrequirelow-latency,deterministicresponses,making

themlesscompatiblewithtoday’sprobabilisticAImodels.ThisdoesnotprecludeincumbentsfromincorporatingAI,especiallygiventheir

proprietarydataanddomainexpertise,butitdoessuggestthatthepaceanddegreeofdisruptionwillvarymeaningfullyacrossthecyberspace.

•IsThereaValueTransferHappening?Arelatedquestionfrominvestorsiswhetheremergingpre-modelreleasepartnershipsordata-sharing

arrangementsimposelimitationsontheabilitytomonetizederivedinsights.Basedonourdiscussionswithcybersecurityvendorsnotyetinquietperiods,wehavenotpickedupsignsofexplicitrestrictionsonmonetizinginsights

generatedfromtheseinitiatives.Thatsaid,themarketremainsintheearlyinningsofAIsecurityadoption,andthereisstilllimitedtransparencyintothestructureandlong-termimplicationsoftheseagreements.Assuch,the

potentialforvaluetransfer,namelyasmodels,dataaccess,anddistributiondynamicsevolve,remainsanareatomonitor.

•WhatIstheValueofCybersecurityifAI-NativeModelsCanDiscover

Vulnerabilities?AcommoninvestorconcernisthatifAI-nativemodelscanidentifypreviouslyundiscoveredvulnerabilities,thevalueoftraditional

cybersecuritysolutionscouldlessen.Webelievethisframing

fundamentallyconflatesvulnerabilitydiscoverywithsuccessful

exploitationofavulnerability.Identifyingaweaknessdoesnotequatetotheabilitytooperationalizeanattack,particularlyinmodernenvironmentswithlayereddefenses(averageenterpriseutilizes50-70securityvendorstoday).Thisdistinctionunderscorestheimportanceofruntimesecurity,

wherecontrolssuchasEDRandXDRaredesignedtodetect,contain,andpreventexecutioninreal-time.Notably,severalcodesecurityvendorshave

MoRGANSTANLEyREsEARcH3

4

Morganstanley

RESEARCH

IDEA

indicatedthatrecentAI-assistedvulnerabilitydiscoveries,oftendrivenbysmaller,specializedmodels,havenottranslatedintowidespreadsuccessfulattacks,asexistingruntimedefensescontinuetoblockorlimitexecutionofwhatwouldbeoutrightzero-days.Allin,AImayacceleratevulnerabilitydiscovery,butitsimultaneouslyreinforcestheimportanceofdetectionandresponsecapabilities,ratherthandisplacingthem,whichleans

favorablyonthecorecybersecurityvendors,namelyCRWD,PANW,OKTA,SAIL.

KeyQuestionsInvestorsAren'tAsking:

•HowShouldWeThinkAbouttheEconomicsofAI-Nativevs.Existing

Solutions?Inourview,discussionsaroundAI-nativecybersecuritysolutionsoftenoverlooktheunderlyingcostdynamics.Leveraginglarge-scalemodelstoperformhigh-frequencysecurityfunctionssuchasemailfilteringor

identityverificationcanbeordersofmagnitudemoreexpensivethanexistingsolutions,evenassumingcontinuedimprovementsinaccuracyandlatency.Today,productslikeemailsecurityandidentityplatformsaretypicallypricedatlow-tomid-single-digitdollars/user/monthwhileprocessinghundredsofthousands(ormore)ofevents,implyingamarginalcostthatiseffectively

fractionsofapennypertransactionwithnear-zerolatency.Bycontrast,

applyingtoken-basedAImodelsatsimilarscalecouldintroducemateriallyhighercomputecosts.Notably,inareassuchasvulnerabilitydetectionin

code,smallerandmoreefficientmodels,whichoperateatafractionofthecostoflarge,general-purposemodels,havedemonstratedcomparable

performanceincertainusecases.Whileweexpectthecostpertokento

declineovertime,wedonotanticipateitconvergingtothelevelrequiredtoeconomicallyreplacehigh-throughput,latency-sensitivesecurityfunctionsoverthenear-term.Asaresult,weviewAIasaugmentingexisting

architecturesratherthanfullydisplacingthem,particularlyincost-sensitive,real-timeenvironments.

•WhatTypesofCybersecuritySolutionsAreEmergingtoAddressThese

IncreasedThreats?Asdiscussedinourpreviouslypublishedreports(i.e.,

GoingtoNeedaBiggerBoat:AIandSecurity(22Sep2025))

,thethreat

surfacehasexpandedmeaningfullywiththeproliferationofAI,drivenbytherapidadoptionofgenerativemodels,increaseddataconnectivity,andthe

riseofautonomousagentsinteractingacrossthenetwork/enterprise.This

shiftisdrivingtheemergenceofnewsecuritycategoriesalongsidethe

evolutionofexistingones.Inparticular,weareseeingthedevelopmentofAI-specificcontrollayersdesignedtositintherequest/responsepath,includingpromptinjectiondetection,input/outputfiltering,anddataleakage

prevention,effectivelyextendingtraditionalapplicationandAPIsecurityintotheAIstack.Atthesametime,identityandaccesscontrolsarebeing

adaptedtogovernnotjusthumanusersbutalsoAIagentsandmachine-

driveninteractions,whiledatasecuritysolutionsareevolvingtoprovide

moregranularvisibilityandcontrolovertheinformationbeingaccessedandgeneratedbymodels.Importantly,manyoftheseinnovationsarebeing

MoRGANSTANLEyREsEARcH5

Morganstanley

RESEARCH

IDEA

deliveredbyincumbentplatforms(suchasCrowdStrike,PaloAltoNetworks,Okta,andSailPoint),whichareextendingtheirexistingcapabilitiesin

endpoint,network,cloudandidentitysecurityintoAI-drivenenvironments.Inourview,ratherthancreatingentirelynewstandalonecategories,AIis

acceleratingtheconvergenceofsecuritylayers,withruntimemonitoring,policyenforcement,anddatagovernancebecomingincreasinglycentraltosecuringmodernapplications,whilealsoaligningwiththebroaderplatformconsolidationthemeacrosssecurity(discussedmorebelow).

•GivenExpandingThreatSurface–WhatWillOrganizationsSpendMoreOn?AndWhereDoestheBudgetComeFrom?Asthethreatsurface

expandswiththeadoptionofAI,weexpectincrementalcybersecurityspendtoconcentrateinareasclosesttoreal-timeenforcementandcontrol.In

particular,asdiscussed,organizationsarelikelytoprioritizeruntimesecurity(e.g.,EDR/XDR,monitoringandresponse),identityandaccessmanagement(includingnon-humanidentities),anddatasecurity/governance,wheretheriskofmisuseorexfiltrationismostsignificant.Additionally,newAI-specificcontrolssuchaspromptfiltering,modelmonitoring,andagentgovernanceareemergingasextensionsoftheseexistingcategoriesratherthan

standalonebudgetlineitems.Importantly,thisshiftisdrivinggreater

consolidationtowardplatformvendors,ascustomersincreasinglyprefer

integratedsolutionsthatcanenforcepoliciesconsistentlyacrossendpoints,networks,identities,andAI-drivenworkflows.Asaresult,leading

platforms,namelyPaloAltoNetworksandCrowdStrike,arecurrentlybestpositionedtocaptureincrementalspendbyembeddingAIsecuritycapabilitiesintotheirexistingplatforms.Thisdynamicisalsoacceleratingtheadoptionofmoreflexibleconsumptionmodels,including“all-you-can-eat”contractstructures(e.g.,CrowdStrike’sFalconFlex),whichallow

customerstodeploynewmodulesandcapabilities(likeAI-relatedtools)withoutincrementalprocurementfriction.Fromabudgetperspective,weseethisspendbeingfundedthroughacombinationofreallocationand

incrementalinvestment.Inthenearterm,dollarsarelikelytoshiftawayfrommorefragmentedpointsolutionstowardconsolidatedplatformsthatcanaddressabroadersetofrisks.Longer-term,however,theexpansionoftheattacksurfaceandthecriticalityofsecuringAI-drivenworkflowsare

likelytosupportnetnewbudgetgrowth,reinforcingcybersecurityasadurableandhighlydefensibleprioritywithinenterpriseITspending(seeExhibit4).

•WhyisIdentitySecurity,ParticularlyforNon-HumanIdentities,

IncreasinglyCritical?AsAIadoptionaccelerates,identitysecurityhas

emergedasacentralcontrolpointinthemodernsecurityarchitecture,

particularlyasthenumberofnon-humanidentities(NHIs),includingAPIs,

machineidentities,andautonomousagents,hasbeguntoscalerapidly.

Unliketraditionalenvironmentswherehumanusersweretheprimaryaccessvector,AI-drivensystemsintroduceaproliferationofmachine-to-machine

interactions,oftenoperatingwithelevatedprivilegesandaccessingsensitivedataacrossdistributedenvironments.Thismateriallyexpandstheattack

surfaceandcreatesnewrisksaroundcredentialmisuse,privilegeescalation,

6

Morganstanley

RESEARCH

IdEA

andunintendedaccesspathways.Tothatend,identitysecurityisevolving

beyondauthenticationtoencompasscontinuousverification,granularaccesscontrols,andlifecyclemanagementforbothhumanandnon-humanactors.SolutionsfromvendorssuchasOktaandSailPointareincreasinglyfocusedongoverningtheseidentitiesbyensuringthatagentsandserviceshave

appropriate,least-privilegedaccess,andthattheirbehaviorcanbemonitoredandauditedinreal-time.Importantly,asAIagentsbegintotakeactions

autonomously(e.g.,queryingdatabases,triggeringworkflows,interacting

withexternalsystems),identitybecomestheprimarymechanismfor

enforcingtrustboundariesandpolicycontrols.Weviewthisasastructuraltailwindforidentity-centricplatforms,assecuring'who(orwhat)hasaccesstowhat'becomesmorecomplexandmission-criticalinAI-enabled

environments.Morebroadly,identityisconvergingwithruntimesecurity,

actingasbothagatekeeperatthecontrolpointandanenforcementlayerduringexecution,reinforcingitsroleasafoundationalpillarofcybersecurityintheAIera.

OffsettingOpportunityvs.PotentialThreatFromAINatives.Thecybersecuritymarkettodayis~$300bn,includingservices,representing~6–7%ofoverallIT

budgets.Bycontrast,AIsecurityremainsnascent,immaterialwhenviewedagainstthe$600bn+hyperscalersareexpectedtoinvestincapexthisyear(seeExhibit2).Importantly,whileAInativesintroducedisruptionrisktothecybervendors,

especiallywithinthe'preventative'securityareas,thenetimpactappearsmore

balancedwhenincorporatingexpectedincrementalAI-drivensecurityspend,whichshouldlargelyoffsetanypotentialcybermarketdisplacementfromtheAInatives.AsillustratedinExhibit2,weestimatethatincrementalAI-drivensecuritydemand(e.g.,securingmodels,agents,anddataflows)morethanoffsetsthemarkets

currentlyatriskandservicesthatmaybeautomated,resultinginanetcyber

opportunitythatis~10%largerintheoutyearsthantoday.Therefore,evenunderascenariowhereAI-nativesdisplaceportionsofthe'preventative'securitystack,theneedtosecureanexpandingandincreasinglycomplexattacksurface,whichspansruntimeenvironments,identity,anddata,drivesincrementalspendthatshould

outweightheseheadwinds,inourview.

MoRGANSTANLEyREsEARcH7

RESEARCH

Morganstanley

Exhibit1:PreventCategoriesMostAtRisktoAI-Natives,butOnly~10%ofMarket

Source:MorganStanleyResearchestimates.

Exhibit2:WeEstimateNetCyberOpportunityforProduct/SoftwareVendorsStill10%LargerWithAIInfluenceDespitePotentialAIDisruptionRisk

CyberOpportunitywithAI($bns)

AI

AIServices

Services

Runtime

Runtime

Control

Control

Prevent

CyberOpportunityTodayIncrementalAIOpportunityMarketsAtRiskfromAI-NativeServicesThatCanBeAutomatedCyberOpportunityWithAI

400

350

300

250

200

150

100

50

0

Source:IDCandMorganStanleyEstimates.IncrementalAIOpportunityestimatedbyassuming

similar%ofcyber/ITbudgetsvs.cloud

capexspend.MarketsatriskassumingPreventcybermarkets.Assuming35%ofservicescanbeautomatedwithAI.

IDEA

8

RESEARCH

Morganstanley

Exhibit3:ThreatSurfaceStillGettingLarger,WithAI-NativesOnlyHelpingWithaFractionoftheDefenses

Source:MorganStanleyResearchestimates.

Exhibit4:SecuritySoftwareRemainsTheMostDefensiveAreaOfITSpendByASolidMargin,FollowedbyAI/ML/ProcessAutomationandNetworkingEquipment

%ITProjectsMost&LeastLikelytoGetCut

LeastLikelyMostLikely

0.0%5.0%10.0%15.0%20.0%

Net%

1Q26Survey

Net%

4Q25Survey

120%160%

SecuritySoftwareArtificialIntelligence/MachineLearning/ProcessAutomation

NetworkingEquipment ERPApplicationsDigitalTransformation ComplianceSoftwareInfrastructureHardwareCloudComputing

VerticalApplicationsSoftwareWirelessLAN

PrintersDW/BI/Analytics

QuantumComputing HyperconvergedInfrastructure FinancialPlanningSoftwareObservability/IncidentManagementDevOpsSoftware

ServiceManagement/WorkflowAutomation(includingITandnon-IT)VPN/RemoteAccess

StorageHardwareWindowsServer/OperatingSystem

StorageSoftwareInternetofThings FlashStorageHRSoftware

Contact/Customerservicecentersoftware/equipmentDataCenterAutomation

SocialSoftwareBusinessProcessOutsourcing(BPO)

VoiceoverIPWindowsDesktop/PCOperatingSystem

SystemsMgmtSoftwareServers/MainframeEquipment MobileHardware CollaborationSoftwareBlockchain

MobileApplications CloudRepatriationInfrastructureOutsourcing(ITO)

ServerVirtualization DesktopVirtualizationDesktop/LaptopEquipmentDataCenterBuildout

CRMApplicationsStrategyConsulting

.

11.0%

2.0%

6.0%

3.0%

3.0%

-2.0%4.0%1.0%1.0%0.0%-1.0%-1.0%-1.0%4.0%2.0%1.0%1.0%1.0%1.0%0.0%0.0%-1.0%-1.0%-1.0%-1.0%0.0%0.0%-1.0%-1.0%-1.0%-1.0%-2.0%-3.0%-3.0%-1.0%-1.0%-2.0%-2.0%-3.0%-4.0%-4.0%-6.0%-6.0%

-7.0%

.

10.0%

6.0%

4.0%

4.0%

2.0%

2.0%

1.0%

1.0%

1.0%

1.0%

1.0%

1.0%

1.0%

0.0%

0.0%

0.0%

0.0%

0.0%

0.0%

0.0%

0.0%

0.0%

0.0%

0.0%

-1.0%-1.0%-1.0%-1.0%-1.0%-1.0%-1.0%-1.0%-1.0%-1.0%-2.0%-2.0%-2.0%-2.0%-2.0%-2.0%-5.0%-5.0%-6.0%

-9.0%

Source:AlphaWise,MorganStanleyResearch.n=100(USandEUdata).Note:ProjectsarerankedbasedonthepercentageofCIOsindicatingtheprojectismostlikelytogetcut,adjustedforthepercentageofCIOsindicatingtheprojectisleastlikelytogetcut.

IDEA

MoRGANSTANLEyREsEARcH9

Morganstanley

RESEARCH

IDEA

ValuationMethodologyandRisks

CrowdStrikeHoldingsInc(CRWD.O)

Our$510PTisbasedon37XCY30eFCFof$5.0B,discountedbackat12%.Thismultipleimplies~18XEV/CY27Sales,apremiumtoLargeCapSaaS/Securitypeers.

RiskstoUpside

nStrongerthanexpectedendpointsecuritydemandremainselevatedduetorisingcyberthreats

nTAMexpansionopportunities(XDR,Identity,CloudWorkloadProtection)materializefasterthanexpected

RiskstoDownside

nCompetitionmakesnewcustomeracquisitiontougher

nLowercostalternativescommoditizeCRWD'spremiumpricing

nSofterhiringenvironmentpressuresupsellactivity

Okta,Inc.(OKTA.O)

Basedon15xBaseCaseCY27eFCFandimplying~4XEV/CY27esales,adiscounttothebroaderSecuritygrouptoaccountforthemorematuregrowthprofile.

RiskstoUpside

1)StrongerupselltractionwithAuth0;2)Emergingopportunityaroundsecuringexternalusers(customers,partners)comesintofruitionfasterthanexpected;3)MaterialpickupinactivityaroundemerginggovernanceandPAMusecases.

RiskstoDownside

1)Broadersecurityspendingslowsmaterially;2)increasedcompetitionfromlargervendorslikeMicrosoft;3)executionissuestakelongerthanexpectedtoresolve

PaloAltoNetworksInc(PANW.O)

Basedon32xBaseCase2027eFCFpershareof$6.31;thismultipleisrelativelyinlinewithsimilarlygrowinglargecapsoftwarepeers.

RiskstoUpside

nStrongerfirewallrefreshcycleandhighersubscriptionattachrates

nFasteruptakeofnewCloud-basedNext-GenSecuritysolutionssuchasCortex(AI-PoweredSecurityAnalytics)andPrismaSASE

RiskstoDownside

nSlowingfirewallrefreshescoulddriveagreaterthanexpectedimpacttoPANW'stoplinegrowth

nAnincreasinglycompetitiveenvironmentcouldnecessitateadditionalS&Mspending,limitingmarginleverage.

10

Morganstanley

RESEARCH

IDEA

SailPointInc(SAIL.O)

Our$18pricetargetisbasedupon26xourBaseCase2030FCF,implying~7xEV/CY27sales,roughlyinlinewiththeSecuritycompgroupaverage.Wediscountedbackto2027witha12.2%WACC.

RiskstoUpside

nMeaningfulsuccessinadjacentmarketsincludingMachineIdentityorDataGovernance

nSaaSmigrationsacceleratemorethananticipated

nEnterprisesreplaceon-premiseIGAsolutionsatafasterraterelativetohistory,drivingrobustpipelineconversionpotential

RiskstoDownside

nLackofsuccessoutsideofcoreIGAmarket

nFederal-relatedexposuredrivesincrementalheadwinds

nMaintenancebasemigratesataslowerpace

MoRGANSTANLEyREsEARcH11

Morganstanley

RESEARCH

IdEA

DisclosureSection

TheinformationandopinionsinMorganStanleyResearchwerepreparedbyMorganStanley&Co.LLC,and/orMorganStanleyC.T.V.M.S.A.,and/orMorganStanleyMexico,CasadeBo