Snapshot

  • Ticker: PANW (Nasdaq)
  • Bucket: Software in the AI Crosshairs
  • Q1 2026 position: $90.1M common (561,797 shares, 1.80% of 13F) — new position
  • HQ: Santa Clara, CA
  • Business: The largest pure-play cybersecurity platform — network security, cloud security (Prisma), security operations (Cortex), plus identity security via the CyberArk acquisition

Business Overview

Palo Alto Networks is executing a “platformization” strategy: consolidating customers from dozens of point security products onto three integrated platforms (network, cloud, SecOps), and it has been acquiring aggressively to extend the platform into the AI era — CyberArk (identity security, announced at ~3.35B), and Koi Security among recent deals.

The most recent quarter (fiscal Q3 2026, ended April 30, 2026, reported June 2) showed the strategy compounding: revenue rose 31% YoY to 388M from CyberArk and Chronosphere), Next-Generation Security ARR surged 60% to 1.6B of it acquired), RPO grew 36% to 0.85 beat guidance; the GAAP loss of 11.4B revenue (+24%) and NGS ARR of $8.90–8.95B. Underneath the M&A, organic growth remains mid-teens — the headline numbers should be read accordingly.

Financial Trajectory

PeriodRevenueGrowthNotes
FY2025 (ended Jul 2025)~$9.2B~+15%pre-CyberArk
Q3 FY2026 (ended Apr 2026)$3.0B+31% YoYincl. 8.13B (+60%)
FY2026 guide$11.4B+24%NGS ARR 20.9–21.0B

Why Atreides Owns It

New in Q1 2026, Palo Alto is Atreides’ expression of cybersecurity as AI-defensible software — the category of SaaS that AI strengthens rather than cannibalizes. Baker’s framework (“anything you can verify, you can automate,” Invest Like the Best, Dec 2025) implies the software that survives is software whose job is adversarial and unverifiable: security is the canonical case, because the threat model changes faster than any static automation, and AI raises both attack volume and attack sophistication — which raises security budgets.

The agent era adds a second leg: every deployed AI agent is a new machine identity with credentials and privileges, which is precisely the problem CyberArk’s identity-security franchise addresses. Palo Alto management has pitched the CyberArk deal explicitly as positioning for securing agentic AI. For a fund that spent 2025 cutting software exposure on AI-margin fears (GitLab built to ~90M alongside Akamai, Zoom, and the Twilio add marks a deliberate rotation into the names where AI is a demand tailwind. Notably, Atreides chose the consolidator at scale over the higher-growth point vendors it previously owned.

Position History

QuarterTypeShares/NotionalValue% of 13F
Q4 2024not held
Q1 2025not held
Q2 2025not held
Q3 2025not held
Q4 2025not held
Q1 2026Common561,797$90,067,2951.80%

First-ever PANW position in the period tracked, initiated in the same quarter the fund’s prior cybersecurity exposure (Rubrik trimmed, SentinelOne long gone) was consolidated. One quarter of history; sized at 1.8% — meaningful but not yet conviction-weight.

Risks

  • Integration risk is the headline: digesting CyberArk (~3.35B) simultaneously is the largest M&A program in cybersecurity history, and GAAP losses from deal costs will persist for several quarters.
  • Reported growth (+31%) substantially overstates organic growth (mid-teens); if acquired-ARR momentum slows, the multiple compresses.
  • CrowdStrike, Microsoft, and Zscaler contest every platform layer; Microsoft in particular bundles security into enterprise agreements the way it bundled Teams.
  • Platformization deals are often struck with deferred billing and free-product periods, which can flatter ARR relative to near-term cash economics.
  • If AI agents do become verifiably reliable at SOC automation, security operations seats — part of Cortex’s value — face the same agent substitution risk as the rest of SaaS.

Sources