AI Security Risks Escalate: Scotiabank Upgrades Five Cybersecurity Stocks
Miles Bennett
Scotiabank upgraded five cybersecurity stocks — Okta, SentinelOne, Check Point, Qualys, and Tenable — to sector outperform, arguing that frontier AI models can now autonomously find vulnerabilities and launch attacks. This means cybersecurity is shifting from discretionary budget to mandatory spend.
Why upgrade five stocks at once?
Analysts Patrick Colville and Joe Vandrick moved Okta, SentinelOne, Check Point, Qualys, and Tenable from sector perform to sector outperform, while reaffirming CrowdStrike and Palo Alto Networks as core holdings.
This means → Scotiabank sees the entire cybersecurity sector benefiting, not just the leaders.
All seven stocks rose Monday morning: Tenable +8.6%, Qualys +6.5%, CrowdStrike +6%, SentinelOne +5.7%, Palo Alto Networks +4.6%, Okta +3%, Check Point +1.5%.
How did AI models become cyber weapons?
The report names two new models: Anthropic's Mythos and OpenAI's GPT-5.5-Cyber, saying they can autonomously discover system vulnerabilities and execute multi-stage attacks.
In plain terms = hackers used to find exploits and write attack scripts themselves; now AI handles the entire chain, dramatically lowering the barrier.
Colville's view: "Risk will keep escalating from now through late 2026 and into 2027."
Where is the real inflection point?
The White House has restricted public access to Mythos on national-security grounds. OpenAI and Anthropic have built in guardrails against misuse.
But Colville warns the real breakout comes when open-weight models — models whose parameters are public and anyone can download and modify — such as Kimi, Alibaba's Qwen, DeepSeek, and Z.ai reach similar attack capability.
This means → closed-source models can add guardrails; once open-weight models match them, those guardrails become irrelevant.
Have attacks already moved from experiment to live operations?
Google's Threat Intelligence team reported in May 2026 that attackers have shifted from experimenting with AI to deploying it in real operations.
Google documented five malware families integrating large language models at runtime — dynamically generating scripts, obfuscating code, and automating data exfiltration with no hard-coded instructions.
In plain terms = the malware writes its own code on the fly. Each attack looks different, making traditional signature-based antivirus far less effective.
How much will enterprise security budgets grow?
AI expands the threat surface on two fronts: it introduces entirely new attack vectors (models, prompts, agents, data pipelines) and amplifies traditional methods (phishing, identity theft, lateral movement).
Gartner forecasts global cybersecurity spending will rise 14.5% year-on-year in 2026, growing from $207 billion in 2025 to nearly $350 billion by 2030. Scotiabank calls that forecast "potentially conservative."
This reflects a shift among chief information security officers from case-by-case budget approval to mandatory expansion.
How much did price targets rise — and what to watch next?
Scotiabank raised targets sharply: Tenable from $26 → $50 (+92%), Qualys from $100 → $190 (+90%), Check Point from $125 → $185, Okta from $135 → $165, SentinelOne from $16 → $23.50.
The key milestone ahead: when open-weight models reach Mythos-level attack capability.
This means → if open-weight models catch up to closed-source ones offensively, the cybersecurity budget-expansion thesis strengthens further; if they lag, spending growth may undershoot expectations.
Content is for reference only, not financial advice.