Morgan Stanley has identified three cybersecurity stocks as its top choices heading into earnings season, noting that the cybersecurity sector has outpaced the broader software basket by more than 20% over the past month. The firm attributes the recent divergence from general software names to a softening of worries around artificial intelligence-related threats.
According to Morgan Stanley, year-to-date performance among cybersecurity stocks has been significantly influenced by each company's exposure to AI-related threat narratives. The firm cautions that it is still early to observe meaningful AI-driven revenue, but it expects outperformance from vendors that address accumulated technical debt - specifically in firewalls, endpoint detection and response (EDR), and select secure access service edge (SASE) offerings.
That recent run-up, the bank notes, raises expectations for names that are off-cycle, although Morgan Stanley still sees potential catalysts ahead. Earnings reactions have been split sharply for both cybersecurity and broader software companies: stronger-than-expected results have generated rewards, while more challenged outcomes have met with penalties. This bifurcation has produced wide dispersion in stock-level performance, with the overall universe roughly flat for the year but individual returns ranging from roughly +50% to -50%.
Top picks
1. Palo Alto Networks (PANW)
Morgan Stanley views Palo Alto Networks as a higher-quality play among the group, citing discernible AI tailwinds as the company approaches its reporting period. The firm expects Palo Alto to benefit from work that replaces or upgrades technical debt in the firewall and SASE categories. In addition, pre-purchasing behavior intended to lock in capacity ahead of anticipated memory-driven price increases is expected to be beneficial for the company.
The bank also highlights the identity market as an area where AI dynamics are beginning to emerge, positioning Palo Alto favorably. Recent analyst activity noted in the firm's review includes price-target increases from Cantor Fitzgerald, Stifel and Morgan Stanley itself. The company has also announced Idira, a new identity security platform.
2. CrowdStrike (CRWD)
CrowdStrike is singled out for its exposure to technical-debt remediation in the endpoint-detection-and-response space. Morgan Stanley expects CrowdStrike to be among the better-performing off-cycle names heading into earnings, although the firm flags competitive pressure from other cybersecurity vendors and Microsoft as a headwind to monitor.
Analyst actions mentioned include price-target increases from Cantor Fitzgerald, KeyBanc and TD Cowen. CrowdStrike has also introduced Jet, a new mobile application intended for its sales partners.
3. SentinelOne (S)
Morgan Stanley also favors SentinelOne entering the reporting period, again pointing to the company's exposure within categories that tackle technical debt. The firm assigns a $17 price target to SentinelOne based on a valuation of 36 times enterprise value to fiscal 2027 estimated free cash flow of $165 million, discounted at 12%.
The firm cautions that SentinelOne faces risks including intensifying competitive pressure and challenges around moving further up-market into larger enterprise accounts. Separately, Cantor Fitzgerald and TD Cowen have reaffirmed their respective Overweight and Buy ratings on the company.
Context and market response
Morgan Stanley's view underscores a thematic emphasis on vendors that can monetize upgrades and replacements tied to technical debt across core security categories. While the firm sees encouraging near-term demand signals for these areas, analysts also acknowledge the bifurcated nature of recent earnings reactions across the software and cybersecurity landscape, which has created notable dispersion in returns.
Investors should weigh the potential for continued sector rotation toward cybersecurity names addressing technical debt against the elevated expectations embedded in some stocks following the recent rally.