Snapshot
- Ticker: PANW (Nasdaq)
- Bucket: Software in the AI Crosshairs
- Q1 2026 position: $90.1M common (561,797 shares, 1.80% of 13F) — new position
- HQ: Santa Clara, CA
- Business: The largest pure-play cybersecurity platform — network security, cloud security (Prisma), security operations (Cortex), plus identity security via the CyberArk acquisition
Business Overview
Palo Alto Networks is executing a “platformization” strategy: consolidating customers from dozens of point security products onto three integrated platforms (network, cloud, SecOps), and it has been acquiring aggressively to extend the platform into the AI era — CyberArk (identity security, announced at ~3.35B), and Koi Security among recent deals.
The most recent quarter (fiscal Q3 2026, ended April 30, 2026, reported June 2) showed the strategy compounding: revenue rose 31% YoY to 388M from CyberArk and Chronosphere), Next-Generation Security ARR surged 60% to 1.6B of it acquired), RPO grew 36% to 0.85 beat guidance; the GAAP loss of 11.4B revenue (+24%) and NGS ARR of $8.90–8.95B. Underneath the M&A, organic growth remains mid-teens — the headline numbers should be read accordingly.
Financial Trajectory
| Period | Revenue | Growth | Notes |
|---|---|---|---|
| FY2025 (ended Jul 2025) | ~$9.2B | ~+15% | pre-CyberArk |
| Q3 FY2026 (ended Apr 2026) | $3.0B | +31% YoY | incl. 8.13B (+60%) |
| FY2026 guide | $11.4B | +24% | NGS ARR 20.9–21.0B |
Why Atreides Owns It
New in Q1 2026, Palo Alto is Atreides’ expression of cybersecurity as AI-defensible software — the category of SaaS that AI strengthens rather than cannibalizes. Baker’s framework (“anything you can verify, you can automate,” Invest Like the Best, Dec 2025) implies the software that survives is software whose job is adversarial and unverifiable: security is the canonical case, because the threat model changes faster than any static automation, and AI raises both attack volume and attack sophistication — which raises security budgets.
The agent era adds a second leg: every deployed AI agent is a new machine identity with credentials and privileges, which is precisely the problem CyberArk’s identity-security franchise addresses. Palo Alto management has pitched the CyberArk deal explicitly as positioning for securing agentic AI. For a fund that spent 2025 cutting software exposure on AI-margin fears (GitLab built to ~90M alongside Akamai, Zoom, and the Twilio add marks a deliberate rotation into the names where AI is a demand tailwind. Notably, Atreides chose the consolidator at scale over the higher-growth point vendors it previously owned.
Position History
| Quarter | Type | Shares/Notional | Value | % of 13F |
|---|---|---|---|---|
| Q4 2024 | — | not held | — | — |
| Q1 2025 | — | not held | — | — |
| Q2 2025 | — | not held | — | — |
| Q3 2025 | — | not held | — | — |
| Q4 2025 | — | not held | — | — |
| Q1 2026 | Common | 561,797 | $90,067,295 | 1.80% |
First-ever PANW position in the period tracked, initiated in the same quarter the fund’s prior cybersecurity exposure (Rubrik trimmed, SentinelOne long gone) was consolidated. One quarter of history; sized at 1.8% — meaningful but not yet conviction-weight.
Risks
- Integration risk is the headline: digesting CyberArk (~3.35B) simultaneously is the largest M&A program in cybersecurity history, and GAAP losses from deal costs will persist for several quarters.
- Reported growth (+31%) substantially overstates organic growth (mid-teens); if acquired-ARR momentum slows, the multiple compresses.
- CrowdStrike, Microsoft, and Zscaler contest every platform layer; Microsoft in particular bundles security into enterprise agreements the way it bundled Teams.
- Platformization deals are often struck with deferred billing and free-product periods, which can flatter ARR relative to near-term cash economics.
- If AI agents do become verifiably reliable at SOC automation, security operations seats — part of Cortex’s value — face the same agent substitution risk as the rest of SaaS.