• BriefBites
  • Posts
  • The AI trend that's unlocking frozen security budgets

The AI trend that's unlocking frozen security budgets

What 32 earnings calls reveal about the AI security spending surge

Author

Brief Bites
November 13, 2025

🎯 THE QUOTE

"AI is making our mission more critical and our opportunity larger."
John Pagliuca, CEO, N-Able
Q3 2025 Earnings Call, November 7, 2025

Not buried in the Q&A. In prepared remarks. While reporting 14% ARR growth and 31% EBITDA margins.

Here's why this matters: CEOs don't lead earnings calls with opportunity statements unless the board is already bought in. This isn't a pilot program. This is a budget reallocation.

Cross-reference this with:
"The adversary has never been more dangerous... N-able is rising to the challenge."
— Same call, same CEO, a few minutes earlier

When a CEO bookends their opening with threat language AND opportunity language, they're signaling to investors (and competitors): this market is moving.

📰WHAT'S ACTUALLY HAPPENING

Eleven companies across six industries said nearly identical things in the last two weeks: AI is accelerating cybersecurity threats, and they're spending now to stay ahead.

The catalyst isn't new technology—it's new math:

  • 1,200% increase in phishing attacks since 2022 (McKinsey data, cited in N-Able's Q3 call)

  • 80% of breaches start with compromised credentials
    — Caryn Seidman-Becker, CEO, Clear Secure, Q3 2025 Earnings

  • "AI-powered threats are putting systems under greater pressure"
    — John Pagliuca, N-Able Q3 2025

  • Insurance carriers now require AI threat assessments before renewal
    (Mentioned by 3 separate companies in late October calls)

What changed for your deals:

Decision urgency increased: "Next year's roadmap" → "Before insurance renewal"
Budget source shifted: IT innovation → Risk mitigation/compliance
Buying criteria changed: Best features → Proven AI defense capabilities
Your competition: Vendors without AI security stories are losing to those who can quantify threat reduction

📞THE TALKING TRACK THAT'S WORKING

Stop selling AI features. Start selling AI threat protection.

Opening line:
"McKinsey reported a 1,200% increase in AI-powered phishing attacks since 2022. How is your board thinking about AI-accelerated threats?"

Then shut up. Let them tell you about their insurance carrier's new requirements.

When they do:
"We helped [Company X] demonstrate AI threat resilience in their last audit. The framework reduced their cyber insurance premium by 18%. Want to see the approach?"

You just skipped two months of "let me socialize this internally."

🔢 BY THE NUMBERS

13-15% — Average cybersecurity revenue growth across tracked vendors
45% — Year-over-year pipeline growth for strategic enterprise deals
— James Benson, CFO, Dynatrace, Q2 FY2026 Earnings (reported Nov 6)

$528M — N-Able ARR (up 14% YoY), driven by AI threat demand
— Q3 2025 Results, November 7

100+ — Internal AI use cases deployed by Jack Henry to control headcount
— Gregory Adelson, CEO, Jack Henry & Associates, Q1 FY2026 (October 2025)

93% — Potential efficiency improvements in cyber GRC tasks using Xacta.ai
— John Wood, CEO, Telos, Q3 2025 Earnings (November 2025)

Translation: AI isn't replacing security spending—it's expanding it. Companies are investing in both AI defense AND AI efficiency tools.

💨WHO'S MOVING (AND WHEN)

RIGHT NOW → Financial Services, Healthcare, Defense

  • Board mandates active. Insurance carriers requiring AI threat assessments.

  • Real example: Defense contractor purchased 4 Workiva solutions specifically for AI-powered GRC capabilities
    — Julie Iskow, CEO, Workiva, Q3 2025: "This is a prerequisite for doing business with the U.S. military."

  • Military context: "Wars are going to be fought that way... major military contracts we've signed recently are the result of expansion in [cyber] areas."
    — Brian Mueller, CEO, Grand Canyon Education, Q3 2025

  • Timeline: Decisions in 4-6 weeks, not quarters

Q1 2026 → Mid-Market Enterprises, Manufacturing

  • Watching regulatory developments. Building business cases now.

  • Unisys seeing "strong secular growth tailwinds" in mid-market cybersecurity
    — Michael Thomson, CEO, Unisys, Q3 2025: "A top priority heading into year-end is defining more clearly a set of CA&I solutions tailored for [mid-market]... our pipeline is growing."

  • Timeline: Budget planning for FY26, decisions by February

Q2 2026+ → Everyone Else

  • Still in "pilot phase" with AI security tools

  • Will move when industry benchmarks solidify

  • Timeline: 6-12 months out

Your Q4 play: Only chase the first group. Financial services and healthcare have approved budgets and compressed timelines.

📚 WHAT THE SMART MONEY IS DOING

Three vendors made the same strategic bet this quarter:

  1. JFrog launched AppTrust with ServiceNow: automated governance for AI agent deployment

  2. Telos launched Xacta.ai: showing "93% efficiency improvements" in compliance tasks

  3. N-Able established CANI: industry standard for AI agent interoperability

The pattern: They're not selling AI security as a feature. They're selling it as a governance framework that boards can understand.

Steal this play:

Create a one-pager titled: "[Customer]'s AI Security Governance Framework"

Include:

  • Current state: AI adoption without security controls (quantified risk)

  • Proposed state: Governed AI deployment with audit trail

  • Compliance: Maps to CMMC, SOC 2, or industry standard

  • ROI: Insurance premium reduction, audit efficiency, breach risk mitigation

Make it board-ready. Your champion will print it and take it upstairs. You'll close 2x faster than anyone still demoing features.

💬 THREE MORE QUOTES WORTH KNOWING

On AI threat acceleration:

"Cyber criminals are leveraging generative AI to better mimic real-world people and messages, making phishing and ransomware harder to detect."
N-Able 2025 Annual Threat Report
Released Q3 2025, cited by CEO John Pagliuca in earnings call

Use this when: CFO asks "why is this different from normal security?" Your answer: "Because attackers now have AI too. Your defenses need to match the threat sophistication." Links their risk to a tangible external force.

Bonus stat from same source: "McKinsey reporting a 1,200% increase in phishing attacks since 2022 and the rise of generative AI." When you cite McKinsey data that a public company CEO already used, you borrow their credibility.

On vendor consolidation:

"Modern data centers replaced the basic server network card with an advanced programmable network card."
Lars Boilesen, CEO, Napatech
Q3 2025 Earnings Call

Context he provided: "Our advanced NICs ensure these servers can deliver [AI, cloud, mobile, security] services at the optimal mix of price, performance, space and power."

Use this when: If you're a platform play, this is your angle. Infrastructure is consolidating around AI-ready architecture. Show how you're part of the foundation layer, not just another tool. Lead with: "Napatech's CEO said data centers are replacing basic components with AI-optimized infrastructure. Where does your security stack fit in that transition?"

On budget justification:

"With our knowledge of our customers' infrastructure, we dramatically reduce risk, enhance security, and accelerate problem solving."
Martin Schroeter, CEO, Kyndryl
Q2 FY2026 Earnings Call

The setup he used: "Kyndryl Bridge, combined with our knowledge of our customers' infrastructure, dramatically reduces risk. It enhances security. It sets guardrails and accelerates problem solving."

Use this when: Selling managed services or consulting alongside tools. CFOs want to know you understand their specific environment. Generic solutions are losing to contextual expertise.

Mirror his language: "Like Kyndryl does for Fortune 500 companies, we combine platform capabilities with knowledge of YOUR infrastructure to reduce risk and accelerate outcomes."

✂️ THE PATTERN ACROSS INDUSTRIES

We tracked 32 earnings calls from October 15 - November 8. Here's the AI security spending sentiment:

BULLISH (Budgets increasing):

→ Financial Services: Zero trust, identity, AI threat detection

  • Clear Secure (Q3 2025): "Identity is the foundation of trust... 80% of breaches start with compromised credentials and 84% of security leaders have reported identity-related incidents that have disrupted their business."
    — Caryn Seidman-Becker, CEO

  • Ally Financial: Investing in cybersecurity alongside customer experience improvements
    — Russell Hutchinson, CFO, November 2025: "Necessary investments in things like cybersecurity... freeing up capacity to invest."

→ Healthcare: Data protection, compliance automation

  • Epic adoption driving security framework requirements

  • CMMC compliance creating immediate demand

→ Defense/Government: AI-ready infrastructure, secure networks

  • Napatech: Partnerships with Tier 1 server vendors and AI inferencing companies (d-Matrix JetStream AI networking card announced)

  • Clavister (Q3 2025): European defense spending up to EUR 381B (from EUR 343B last year)
    — John Vestberg, CEO: "EUR 800 billion additionally for defence investments... NATO agreed on reaching 5% of GDP by 2035."

  • Real urgency: "Two of the largest parties in the Swedish parliament have a session about cybersecurity and dependencies on non-Swedish security solutions... invited Clavister as the speaker."
    — David Nordstrom, CFO, Clavister

CAUTIOUS (Budgets flat or "optimizing"):

→ Enterprise IT Services: Cost optimization before growth investment

  • Kyndryl: Strong H1, but cautious H2 outlook
    — David Wyshner, CFO, Q2 FY2026: "Enterprises' needs for IT modernization, their desire to invest in AI and their concerns around cybersecurity are all driving incremental demand."

  • Swisscom (Q3 2025): "General mood of B2B in Switzerland is a bit damp... customers are heavily saving money."
    — Christoph Aeschlimann, CEO
    However: "We really want to monetize and capitalize on the opportunity of the growing cybersecurity needs of B2B customers."

→ Telecommunications: Selective 5G security investments only

  • NetScout: "Service Provider space remains challenging"

OPPORTUNITY MAP:

If you sell to bullish sectors: Close deals by December board meetings. Use CMMC/compliance deadlines as urgency drivers.

If you sell to cautious sectors: Position as consolidation play—"Replace 3 tools with our platform, reduce your vendor spend 22%."

💡COMPETITIVE INTEL: WHAT YOUR RIVALS ARE DOING

CrowdStrike chose CoreWeave to advance AI agents for cybersecurity—they're productizing AI defense, not just talking about it.
— Confirmed in CoreWeave Q3 2025 earnings: "CrowdStrike chose CoreWeave to advance the development of AI agents for cybersecurity." — Michael Intrator, CEO

Fortinet committed to "Rule of 45" (revenue growth + free cash flow margin) and expects to "grow faster than the market" in all three pillars, including security.
— Christiane Ohlgart, CFO, Q3 2025: "We expect continued strong growth in the demand for our products, driven by increased investments in cybersecurity... the rise of AI is expected to further increase demand."

JFrog partnered with NVIDIA and ServiceNow on AI governance:
— Shlomi Haim, CEO, Q3 2025: "Justin Boitano, VP of Enterprise AI at NVIDIA, noted... that JFrog enables enterprises to securely build, manage and scale AI agents."

Smaller vendors are struggling because they're selling point solutions in a platform-consolidation market.

Your counter:

You don't need to out-feature the platforms. You need to:

  1. Show AI threat expertise they don't have (specialization wins in scared markets)

  2. Partner with platforms instead of competing (be the AI security layer on their stack)

  3. Speak compliance language better (CMMC, FedRAMP, SOC 2—these unlock budgets)

📖 YOUR WEEK-AHEAD PLAYBOOK

Monday: Review your pipeline. Flag financial services, healthcare, defense accounts. Pull any "on hold" deals from Q2/Q3—AI threat angle might reopen them.

Tuesday: Update pitch decks. Add section: "AI Threat Landscape & Your Protection Strategy." Put it on slide 3, before your product slides. If they don't care about the threat, they won't care about your solution.

Wednesday: Outbound blitz to stalled deals. New subject line: "The 1,200% increase in AI phishing—your Q4 strategy?" Include McKinsey stat. Ask for 15-minute call to discuss.

Thursday: Create your "AI Security Governance Framework" one-pager. Get legal/compliance to review it. Make it so clean your champion can forward it to their CFO without editing.

Friday: Team sync. Share these insights. New rule: Every discovery call must include "How is AI changing your threat landscape?" Make it mandatory in your CRM.