Token costs just became a cybersecurity story, whether investors expected it or not. Palo Alto Networks (NASDAQ: PANW) CEO Nikesh Arora told CNBC on Thursday that AI token prices need to fall by as much as 90% before enterprises will adopt AI at real scale. He called OpenAI’s recent 54% efficiency gain “a good start,” but said the industry needs another two rounds of cuts like it over the next two years.
That might sound like an AI infrastructure debate, not a cybersecurity one. But Arora isn’t talking as a bystander. Palo Alto, along with rivals like CrowdStrike (NASDAQ: CRWD) and Okta (NASDAQ: OKTA), is building token-hungry AI agents directly into its security platform: agents that hunt threats, triage alerts, and increasingly act without a human in the loop. Expensive tokens squeeze the margins on that new product layer. At the same time, cheaper tokens mean enterprises can deploy AI agents faster everywhere else in the business — and every one of those agents becomes a new identity that must be authenticated, governed, and protected.
That’s the trade worth watching. As token costs fall and agentic AI spreads through corporate workflows, the “agent economy” needs a security layer built for machine speed. Three cybersecurity companies are positioning to be that layer: Palo Alto Networks (PANW), CrowdStrike (CRWD), and Okta (OKTA). Each is approaching the same problem — securing an enterprise where AI agents outnumber people — from a different angle.
Palo Alto Networks: Building the AI Security Stack From the Inside
Arora isn’t just commenting on token economics from the sidelines. He’s restructuring Palo Alto around AI internally. Part of this means running a twice-weekly leadership meeting nicknamed “AI EIO” where technical leaders present what they’ve shipped with AI since the last session, explicitly designed to create competitive peer pressure. The company has also shifted toward hackathon-only hiring to screen for AI-native talent.
On the product side, Palo Alto launched Prisma AIRS 3.0, extending its cloud security platform with runtime controls and an agentic identity provider built specifically for AI agents. That’s a direct answer to the problem Arora describes: agents that call APIs, access sensitive data, and delegate to other agents at machine speed, often invisibly to legacy security tools.
The bull case here is two-sided. If token costs fall the way Arora predicts, Palo Alto’s own AI-powered cybersecurity features get cheaper to run and easier to scale across its customer base. And falling costs accelerate the enterprise AI adoption that creates demand for Prisma AIRS in the first place. Investors get a company with a credible claim to shaping the trend, not just reacting to it.
CrowdStrike: Making Identity the Control Plane for AI Agents
CrowdStrike’s answer to the agent-identity problem is Continuous Identity for AI Agents, launched in mid-June and built on technology from its roughly $740 million acquisition of SGNL. The pitch is blunt: “authorize once and trust indefinitely is not a security model; it’s a liability,” as CTO Elia Zaitsev put it. Every AI agent gets a cryptographically verifiable identity based on the SPIFFE standard, replacing static API keys, with access granted and revoked in real time based on risk.
The urgency behind this launch is real. CrowdStrike CEO George Kurtz has disclosed incidents at two Fortune 50 companies where an AI agent’s actions passed every identity check yet still produced a damaging outcome — a credential that was valid, access that was authorized, and an action that was catastrophic anyway. That’s the exact failure mode CrowdStrike is selling protection against.
CrowdStrike has also discovered more than 1,800 distinct AI applications running on customer endpoints without security team authorization, a shadow-AI number that should only grow as token costs drop and agent deployment accelerates. For investors, that’s a widening addressable market sitting directly inside CrowdStrike’s existing cybersecurity endpoint footprint — a distribution advantage that’s hard for new entrants to replicate quickly.
Okta: Governing the Fastest-Growing, Least-Governed Identity Type
Okta’s AI in cybersecurity angle is governance rather than endpoint telemetry. Its research found that 88% of organizations have already reported suspected or confirmed AI agent security incidents, yet only 22% treat AI agents as independent, identity-bearing entities that need their own access policies. Okta for AI Agents, which reached general availability on April 30, is built to close that gap by treating agents as first-class identities inside a single directory, with human owners assigned and a kill switch to revoke access from rogue agents.
The company’s open XAA protocol, designed to standardize how agents securely connect to enterprise applications, already has more than 25 early adopters, including Anthropic, Zoom, and Slack. That’s a meaningful signal: Okta is trying to become the neutral identity layer that works across every AI platform an enterprise touches, rather than a walled garden.
The risk-adjusted case for Okta is that it doesn’t need to win the endpoint or the model layer. It just needs enterprises to keep asking “where are my agents, what can they access, and what can they do” — questions that get harder, not easier, as token costs fall and agent count multiplies.
Cybersecurity is Key to the AI Revolution
Arora’s 90% token-cost call is really a bet on how fast enterprise AI adoption accelerates. Palo Alto, CrowdStrike, and Okta are three ways to invest in what happens next: a corporate environment where AI agents proliferate faster than security teams can track them by hand. Palo Alto is rebuilding itself around AI from the inside out. CrowdStrike is turning its endpoint dominance into an identity control plane for agents. Okta is betting that identity governance, not infrastructure, becomes the chokepoint. None of this removes the normal risks of investing in high-multiple software names, but all three cybersecurity companies offer direct exposure to a trend that’s still in its early innings.