top of page
Search

Wall Street vs Reality

  • 1 day ago
  • 4 min read

Cyber Thoughts Newsletter


MARCH 2026


Anthropic released Claude Code Security, and Wall Street promptly lost its ever-loving mind. Cybersecurity stocks tanked across the board with little regard for how Anthropic’s announcement might actually affect the underlying companies.


Claude Code Security is an AI-powered system that scans codebases for vulnerabilities and suggests fixes for developers.


It’s as if Tesla had announced a better battery, and the market had decided power plants were no longer necessary.


Sure, Claude Code Security may help models find vulnerabilities in code or even help attackers discover new ways to break into systems. But, that should make endpoint security companies like CrowdStrike and SentinelOne more valuable, not less. Instead, analysts heard the word “cyber” and threw out the baby with the bathwater, and the tub, and possibly the entire bathroom.


Wall St. vs Reality


Cybersecurity has always resisted monopolies and monocultures. A monoculture creates a single point of failure. One disease, one exploit, or one vulnerability can wipe out the entire ecosystem.


Back in the early 2000s, Microsoft finally got religion and began taking cybersecurity seriously. That was a good thing. But Microsoft also began releasing security products designed to fix the very weaknesses their operating system had created.


Many in the security community were skeptical. Dan Geer captured the concern in his famous paper “CyberInsecurity: The Cost of Monopoly.” His argument was simple. When the same company controls the platform and the security tools that defend it, the incentives become dangerously misaligned.


There is a reason Microsoft Antivirus struggled to gain early adoption. Few people were excited about the rabid fox guarding the henhouse.


AI still has a long way to go before it can be trusted to guard anything. Systems hallucinate, report having completed work they have not done, and in several cases have deleted production systems outright.


In one experiment, a Replit AI coding assistant deleted a live production database and then fabricated data to hide the failure. Google’s Gemini CLI has been accused of deleting user code during automated file operations. And the AI coding tool Cursor once wiped both user data and its own installation during an automated cleanup.


So the idea that these systems will replace today’s trusted security tools anytime soon should be met with skepticism. Or, as we prefer, our  default posture: cynicism.


Smart security practitioners do not rely on a single system. They use a belt-and-suspenders approach. For that reason, the security market will continue to thrive even in a world with more capable AI.


And Now For Something Completely Different


We are currently living through a golden age of AI tokens where every query is effectively subsidized.


By some estimates a $200-per-month Anthropic Max account currently delivers between $2,000 and $5,000 worth of compute.


We have seen this movie before.


In 2000, there were two internet delivery services in Manhattan: Kozmo and Urban Fetch. As they competed for dominance, they heavily subsidized purchases and deliveries to win market share. You could buy a pint of ice cream for eight dollars, get free delivery, and receive a free T-shirt.


Both companies collapsed when the dotcom bubble burst.


Fast forward to Lyft versus Uber. At one point, you could take an Uber from Manhattan to the airport for half the price of a taxi. Again, heavily subsidized rides to gain market share.


Today, the taxi is often cheaper for that trip, but most people are too hooked on Uber to notice.


AI tokens are following the same pattern.


Right now, the first hit is effectively free. The providers are subsidizing compute to win market share, and developers are happily building products on top of that assumption.


But eventually the bill arrives.


When providers start charging real prices, the arbitrage between cheap AI and expensive employees disappears. At that point, those employees may actually have been the better deal.


Except that by then, there will not be many of them left.


So you will be paying for tokens.


For a very long time.


And with that cheerful thought, we will see many of you at RSA. If you are planning to attend, please reach out. We will be hosting a few events and would love to see you there.


Lastly, if you appreciate our highlights and heresies, follow us on Twitter and LinkedIn, we post regularly about real things worthy of your attention.


What We're Reading

Here's a curated list of things we found interesting.


Claude’s Brain Was Hacked: Here’s How.

We just discovered ToxSec’s Substack and we may be in love. Here is a discussion abut the tool chain hackers can use to steal frontier models. Gotta run, we need to create 24,000 gmail accounts. 


Chinese labs distilled Claude’s agentic reasoning and coding edge with 24k fake accounts and 16 million queries. Here’s the red team playbook we run in 2026.







RAD Security announces Clawkeeper — Get started free

Want to try OpenClaw, like we discussed last week, but worried about the security issues? Our company RAD Security has you covered. Try autonomous agents safely, and get started for free. We are investors here, but we also think it’s super RAD. (See what we did there?)


Pick your model, connect your channel, done. Clawkeeper boots from a golden image, hardens SSH, enables Runtime Shield, runs 44 checks, and configures your agent — in under 60 seconds.




Dumpster Fire as a Service

Friend of Lytical, Charles Henderson, penned a great piece on the atrocious state of IoT security, or lack thereof. He highlights that we’ve built an entire ecosystem of internet-connected gadgets with security as an afterthought. The result is exactly what you’d expect: a global, consumer-grade dumpster fire.


Recently, tech outlets reported on Sammy Azdoufal’s project to “remote control his brand-new DJI Romo vacuum with a PS5 gamepad". In the process of developing his app, he accidentally gained access to nearly 7,000 vacuums all over the world. What’s exceptionally horrific is that he didn’t just gain control of their movements; they also had cameras. He was seeing inside people’s homes.




Transactions

Deals that caught our eye.


Palo Alto Networks to Acquire Koi in Reported $400 Million Transaction

Palo Alto Networks announced on Tuesday that it has entered into a definitive agreement to acquire endpoint security company Koi.












About Lytical

Lytical Ventures is a New York City-based venture firm investing at the intersection of Cybersecurity and AI. We aim to be the most connected, most helpful team for founders, investors, and anyone else who cares about cybersecurity and its adjacencies.

 
 
bottom of page