- Epistrophy Capital Research
- Posts
- Epistrophy Week Ahead
Epistrophy Week Ahead
The Week Of May 26, 2025
Lots of earnings ahead, and a lot more to look at than Nvidia. Three companies in particular to watch this week—each a proxy for a different layer of the AI stack. Dell (DELL:NYSE) sells the infrastructure that makes model training possible, but its results may tell us whether hyperscalers are still expanding or pulling back. Synopsys (SNPS:Nasdaq) reports amid rising scrutiny of semiconductor IP and export controls. And Elastic (ESTC:NYSE) — rarely mentioned in AI headlines — quietly remains central to how search, analytics, and observability blend in this new era.
Also, a housekeeping note: I’ve temporarily removed the password wall on our website at beehiv.epistrophy.com. The goal is to make access easier for you. But keep this under wraps: this site and newsletter are intended for working journalists. Let’s keep it among professionals.
As always, I’m focused on three things:
1) Technology-driven change;
2) the latest in innovation and startup trends, and;
3) stock fraud.
Companies Discussed
Ticker | Name | Market Cap | Current Price |
|---|---|---|---|
DELL | Dell Technologies | $76.62 B | $112.11 |
SNPS | Synopsys | $77.13 B | $498.85 |
ESTC | Elastic NV | $9.63 B | $92.25 |
PANW | Palo Alto Networks | $124.52 B | $186.74 |
UNH | UnitedHealth Group | $268.12 B | $295.57 |
FTNT | Fortinet | $78.96 B | $103.16 |
CSCO | Cisco Systems | $249.92 B | $63.11 |
CRWD | Crowdstrike | $113.48 B | $455.59 |
SPIR | Spire Global | $0.35 B | $10.64 |
AAPL | Apple | $2,916.52 B | $195.27 |
In This Note:
“The Dog At The Door” by Fairfield Porter, 1971
Source: MoMA
Of HIPAA & Hacking
Palo Alto’s New Opportunity
Palo Alto Networks (PANW:NASDAQ) FY Q3 earnings report reminds us of the many top-line drivers that will reveal themselves this year.
Healthcare is top of mind.
Why? Here’s an example: a February 2024 Blackcat ransomware strike on Change Healthcare (a UnitedHealth Group (UNH:NYSE) subsidiary) crashed the nation’s largest medical-claims switchboard and ultimately exposed data from some 190 million records — as much as half of the U.S. population.
That was just one. In 2024, the industry logged 566 similar serious breaches affecting 170 million people – not including the Change Healthcare hacks.
The White House responded. In January 2025, on the way out the door, the Biden administration proposed a 125-page overhaul of the HIPAA Security Rule with tough cybersecurity rules. But the Trump administration’s day-one memorandum “Regulatory Freeze Pending Review” paused every rule finalized but not yet effective – and reopened the comment period for the HIPAA Security Rule for another 60 days.
Physician groups seized that window telling President Trump the 12-month compliance clock would bankrupt small practices. Yet Trump’s Justice Department moved the opposite direction: on April 8, it activated a national-security Data Security Program that bans transferring bulk health data to companies tied to China, Russia, Iran or North Korea and license applications trigger a DOJ decision within 45 days. The result is a two-front compliance campaign—one focused on clinical safety, the other on geopolitical risk—that will reshape cyber-spending just as Palo Alto Networks pushes an integrated, AI-laden platform built for exactly these mandates.
Trump’s Two-Front Mandate
Officials say the substance of the Biden rules will return largely intact because it aligns with the National Cybersecurity Strategy endorsed by both parties. The aim is to kill loopholes left behind by a 2023 rule. For example, providers will no longer be able to plead “hardship” and skip controls such as multifactor authentication, encrypted backups and network segmentation.
The good news for Palo Alto Networks, and other cybersecurity vendors, that the healthcare system will spend a fortune to comply – this year. The Office for Civil Rights (OCR) put the costs at nearly $9 billion. Subsequent “recurring compliance activities” will result in $6 billion in annual spending.
The Medical Group Management Association warned that the proposal’s 12-month implementation window could bankrupt rural practices , while the American Hospital Association asked for phased audits tied to revenue tiers. Yet the administration’s national-security flank is moving faster. Executive Order 14117, issued in February 2024 and now adopted as Department of Justice regulation, treats large health-data sets as strategic assets that adversaries can weaponize for AI model training. Civil fines reach twice a transaction’s value, HIPAA’s statutory penalties can be as much as $2.2 million per violation category, per year.
Congress is pushing its own lever. The bipartisan Health Care Cybersecurity and Resiliency Act of 2024 re-emerged in April 2025 in committee mark-ups and would yoke Medicare reimbursement to documented cyber drills and privileged-access controls. Its co-sponsors (Senators Bill Cassidy, R-La., Tammy Baldwin, D-Wis., Maggie Hassan, D-N.H., John Cornyn, R-Texas, and Mark Warner, D-Va.) signal they may attach the bill to the fiscal-2026 defense authorization to bypass schedule gridlock. If even one of these levers survives negotiation, the sector’s discretionary “could do” hardens into “must do,” with board-level attestation and loss of payer status as back-stops.
Three deadlines now define the calendar:
Oct. 6, 2025 — DOJ due-diligence requirements take effect
Winter 2025 — Final HIPAA security amendments once the freeze review ends.
CY 2027-28 — Probable Medicare Conditions of Participation that mirror HIPAA controls.
Hospitals accustomed to stretching upgrades over five-year depreciation cycles will be forced to compress the work into 30 months and document progress every quarter.
Palo Alto Netoworks customers buying multiple products at scale.
Palo Alto’s One-Stop Shop
The regulatory shopping list—continuous asset inventory, real-time risk analysis, immutable backups, segmentation, 24-hour incident reporting—reads like a feature matrix for Palo Alto Networks. The company’s next-generation firewalls enforce segmentation and multifactor authentication at clinic edges, while Prisma secure access service edge (SASE) extends policy to roaming clinicians and unmanaged devices. The secure Chromium-based Prisma browser now blocks more than 30 billion daily web threats and captured more than a third of new SASE seats last quarter, giving administrators proof that data-loss controls cover the browser, the new workspace of record.
At the analytics tier, Cortex XSIAM 3.0 ingests 11 petabytes of customer telemetry every day and wields more than 10,000 machine-learning detection models—an order of magnitude beyond legacy SIEM rule libraries. In recent deployments XSIAM slashed raw vulnerability queues from 1.2 million to fewer than 500 exploitable findings and automated remediation via playbooks that rewrite firewall policy on the fly. These closed-loop fixes align neatly with the rule’s demand for “continuous, documented risk reduction” instead of annual attestations.
Palo Alto couples that detection engine to operational-technology gateways certified for imaging networks, a gap true-play endpoint vendors cannot fill. Competitors offer pieces—Fortinet (FTNT:NASDAQ) sells robust edge hardware; Cisco Systems (CSCO:NASDAQ) bundles secure networking; CrowdStrike (CRWD:NASDAQ) dominates endpoint detection—but none integrates network, cloud, Operational Technology (OT) and and Security Operations Center Automation (SOC) automation under one AI control plane. That matters to compliance officers now required to file unified incident-response evidence within 24 hours.
The company’s sales motion has pivoted accordingly. Platform deals bundling at multiple product families jumped to 1,250 in the April quarter, up from 900 a year earlier. Prisma browser bookings grew 11x year-over-year, crossing three million customers. XSIAM deployments topped 270 customers despite being only in its third generation. Such momentum demonstrates that buyers are already consolidating around a single throat to choke before auditors arrive.
Investment Implications
Regulatory math is blunt. The Justice Department can impose civil penalties of greater than $250,000 or twice the value of any illicit bulk-data transfer. Cyber-insurers now treat multifactor authentication (MFA) and offline backups as prerequisites for renewal; and DOJ fines for illicit data transfers can double a transaction’s value. Even modest allocation of that enforced spend to perimeter controls, identity infrastructure and SOC automation suggests a multibillion-dollar demand curve perfectly synchronized with Palo Alto’s subscription cadence.
The Trump administration’s freeze may adjust timelines but not direction. National-security framing makes rollback politically costly: no lawmaker wants to defend foreign access to genomic data or insulin-pump telemetry. Instead the real debate centers on staging and subsidies. Congress is likely to expand the proposed $700 million grant pool to cushion rural providers, yet grant dollars flow only to solutions that can prove control maturity quickly—favoring integrated platforms over piecemeal tools.
For Palo Alto Networks the healthcare vertical thus offers three distinct monetization paths:
Immediate remediation — Hospitals racing to close MFA or segmentation gaps purchase appliance refreshes and SASE seats with capital already budgeted for 2025.
Grant-backed upgrades — Safety-net providers tap Resiliency Fund checks in 2026-27, selecting turnkey stacks that spare scarce IT staff.
Sustained consolidation — Multi-state chains rationalize disparate toolkits to cut audit overhead, locking in six- and seven-figure platform subscriptions.
That arc runs through fiscal 2030, outlasting any short-term macro wobble. Unlike discretionary telehealth pilots, cybersecurity spend now carries statutory teeth.
Risks remain. Trump’s regulatory review could loosen some requirements or extend deadlines, diluting urgency. Industry fatigue over concurrent HIPAA, DOJ and state mandates may spur litigation that drags rulemaking into 2027. And competitors, particularly Microsoft with its copilot-infused Defender suite, will tout lower integration friction for Office-centric clinics. But Palo Alto’s early platform traction, AI depth and OT-network pedigree position it to capture a disproportionate share of mandated spend even under softer rules.
In short, the intersection of national-security data controls and clinical-safety mandates has transformed healthcare cybersecurity from cap-ex deferral to compliance imperative. The Trump administration’s adjustments may slow the clock, yet its own data-localization agenda tightens the net. Vendors able to map policy text to automated controls—then prove it on a single dashboard—stand to benefit. Palo Alto Networks already sells that proposition, and every breach headline brings the deadline closer.
The mandate for “real-time risk analysis” aligns with Cortex XSIAM 3.0, unveiled at the April 2025 “Hello Tomorrow” forum: the platform ingests roughly 11 petabytes of telemetry each day, applies more than 10 000 machine-learning detection models, and trims raw vulnerability backlogs by 98 percent to a set of exploitable risks that can be remediated automatically. Hospitals that must furnish quarterly board-level attestation of cyber posture acquired in a single console as the evidence chain regulators will demand.
Financial signals corroborate the technical thesis. Palo Alto Networks has guided to fiscal-fourth-quarter revenue of $2.26 billion–$2.29 billion, up about 14.5% year on year, and non-GAAP EPS of $0.76–$0.77. Subscription and support already deliver close to 80% percent of total sales, while remaining performance obligations stand at $13.5 billion—evidence of multi-year platform commitments.
Regulatory economics point to durable demand. HHS pegs first-year compliance costs at the equivalent of roughly four percent of sector operating revenue. Even if only half that figure lands in perimeter controls, identity infrastructure and SOC automation, the resultant spending curve stretches across multiple budget cycles and dovetails with Palo Alto’s product cadence. Early adopters gain leverage: federal grants can offset capital outlays, insurers now condition cyber-policy renewals on multifactor authentication and immutable backups, and boards faced with rising breach-class-action settlements increasingly view cybersecurity upgrades as mission-critical infrastructure on par with MRI suites or cath labs.
Implementation risk lies chiefly in the provider base’s fragmentation. Two-thirds of medical practices with fewer than 25 physicians report no dedicated cybersecurity staff; most buy managed-detection subscriptions yet still struggle with multifactor roll-outs. For these organizations the platform argument—fewer vendors, unified telemetry, automated remediation—carries not only technical but labor-economics weight. Palo Alto’s secure browser, which blocks up to 30 billion daily web-borne threats and now represents one-third of Prisma Access seats sold each quarter, illustrates how browser-native defenses can eliminate point products without sacrificing user experience.
Three deadlines—the final HIPAA Security Rule expected in December 2025, anticipated Medicare conditions of participation in 2027, and full enforcement of DOJ data-transfer restrictions by 2028—now bracket the planning horizon. Hospitals that treat cybersecurity as an annual clipboard exercise will pay higher insurance premiums, face civil fines or risk exclusion from federal programs. Those that embrace a platform-based redesign can embed compliance into continuous operations and free scarce staff for higher-order resilience work. If management executes, Palo Alto Networks stands to become the reference architecture for that sector-wide reset, capturing the predictable, non-deferrable capital pivot from reactive breach response to proactive clinical safety.
PlanetiQ satellite with 4th gen. Pyxis radio-occultation sensor able to tap GPS, Galileo and Glonass.
Source: PlanetiQ
Lost In Space
Does NOAA Contract Activity = Technical Troubles for Spire?
Having skirted bankruptcy and selling a marine business that was greater than 40% of revenue, Spire Global’s (SPIR:NASADQ) recent vow to lift revenue 20% seems optimistic. That year-end goal depends of fatter checks from one customer: the National Oceanic and Atmospheric Administration (NOAA).
NOAA relies on Spire Global – and competitors PlanetiQ and GeoOptics – for commercial GNSS radio-occultation (RO) data. These companies’ small-satellite constellations record how GPS and other navigation signals bend through the atmosphere, turning those measurements into temperature, humidity and pressure-profiles that feed NOAA’s weather and space-weather models.
NOAA wants to increase its commercial radio-occultation samples from 3,300-a-day to 20,000, which Spire CEO Theresa Condor was more than happy to hype repeatedly on a May 8, 2025 conference call. “My expectation is that the budgets will continue to increase at NOAA,” said Condor. “I do expect the government to pay a reasonable price for radio-occultation data. This is not a, kind of, price to the bottom.”
But will Spire get the business? NOOA’s newest delivery orders cut Spire’s daily radio-occultation allotment by nearly 90% while shifting most of the volume— and most of the economics— to rival PlanetiQ.
Under Radio Occultation Data Buy II (RODB-2) Delivery Order 3 — which ran from Jan. 2024 to Sept. 2024 — Spire earned $9.4 million to supply 6 000 radio-occultation profiles a day. For Delivery Order 4, awarded in Sept. 2024 and running through Sept., 2025, NOAA cut Spire’s quota to 800 profiles a day and its fee to $3.83 million while boosting PlanetiQ’s share to 2,200 profiles a day for $6.54 million. In other words, Spire’s price per profile has roughly doubled even as its volume has fallen by about 90 percent.
Issue | NOAA priority | Spire | PlanetiQ |
Latency | < 30 min “needle-in-model” latency for neutral and ionospheric products | Typically 25–40 min; struggles in equatorial passes | Sub-20 min on latest GNOMES satellites |
Signal-to-Noise / Tropospheric reach | Deeper, cleaner soundings as COSMIC-2 ages | Good but variable; SNR ≈ 600–800 L1 dB-Hz | Mean L1 SNR ≈ 1 150 dB-Hz, giving better low-level penetration |
Reliability & price stability | Vendors must hit daily profile numbers and hold price for a year | NOAA flagged “lack of reliability” and “volatile pricing” among some vendors | Hit every DO-2 milestone; price per profile ~40 % lower than Spire in DO-4 |
Orbit diversity | Need more equatorial coverage as COSMIC-2 degrades and NOAA targets ≥ 20 000 profiles /day | > 80 % of Spire spacecraft are in high-inclination orbits | PlanetiQ’s newer birds fly 37–45° inclinations, filling equatorial gaps |
Space-weather add-ons | High-rate scintillation (S4, σφ) and TEC streams for SWPC models | Still GPS-only high-rate; pilot data only partially met 50 Hz spec | Dual-frequency, 100 Hz capability already validated in the 2024 Space-Weather Pilot |
January’s Phase 1 Radio-Occultation Analysis of Alternatives reset NOAA’s shopping list once again —more soundings, faster delivery, wider orbital spread—and the agency is now funneling dollars wherever the cost-per-impact curve is steepest. PlanetiQ’s fresh hardware and mid-latitude coverage hit every mark, so it has won the lion’s share.
Spire, by contrast, is left clinging to a five-year IDIQ—a so-called indefinite-delivery, indefinite-quantity contract that’s less a revenue stream than a hunting license. Until Spire slashes latency, stabilizes output and undercuts PlanetiQ’s price, those orders may well keep passing it by.
Epistrophy In The News
On NewsNation, I joined Connell McShane to examine Donald Trump’s demand that Apple (AAPL:Nasdaq) bring iPhone production to the U.S. We broke down what that would actually mean—$900 more per unit, pressure on margins, and retail prices that could alienate even loyal buyers.
Later on Yahoo Finance TV, I discussed the same topic with Julie Hyman and Josh Lipton, emphasizing Apple’s shift to India not as a cost play, but a geopolitical hedge. And in the BBC’s coverage of Google’s AI challenges, I noted that “Google is getting more efficient at answering questions, but less efficient at generating clicks—and clicks is how they get paid.”
📆 of Epistrophy Events
Ticker | Name | Market Cap | Date | Type |
|---|---|---|---|---|
🎉 | Memorial Day | May 26, 2025 | Market Holiday | |
BOX | Box | $5 B | May 27, 2025 | Earnings |
OKTA | Okta | $22 B | May 27, 2025 | Earnings |
META | Meta Antitrust Trial Week 6 | $1,577 B | May 27, 2025 | Conference |
NVDA | NVIDIA | $3,202 B | May 28, 2025 | Earnings |
HPQ | HP | $26 B | May 28, 2025 | Earnings |
SNPS | Synopsys | $77 B | May 28, 2025 | Earnings |
AI | $3 B | May 28, 2025 | Earnings | |
VEEV | Veeva Systems | $38 B | May 28, 2025 | Earnings |
NTAP | NetApp | $20 B | May 29, 2025 | Earnings |
MRVL | Marvell Technology | $52 B | May 29, 2025 | Earnings |
ZS | Zscaler | $39 B | May 29, 2025 | Earnings |
ESTC | Elastic NV | $10 B | May 29, 2025 | Earnings |
DELL | Dell Technologies | $77 B | May 29, 2025 | Earnings |
SAP | Sapphire Now | $324 B | Jun 1, 2025 | Conference |
AVGO | Broadcom Tech Forum | $1,075 B | Jun 1, 2025 | Conference |
DOCU | Momentum | $17 B | Jun 1, 2025 | Conference |
EA | EA Play Live | $37 B | Jun 1, 2025 | Conference |
HPE | HPE Discover | $23 B | Jun 1, 2025 | Conference |
INTU | Intuit Innovation Summit | $200.9 b | Jun 1, 2025 | Conference |
SNOW | Snowflake Summit | $66.7 b | Jun 1, 2025 | Conference |
CSP | Construction Spending | Jun 2, 2025 | Economic Event | |
META | Meta Antitrust Trial Week 7 | $1,576.6 b | Jun 2, 2025 | Conference |
AAPL | WWDC | $2,916.5 b | Jun 2, 2025 | Conference |
HPQ | HP | $26.4 b | Jun 3, 2025 | Earnings |
CRWD | Crowdstrike | $113.5 b | Jun 3, 2025 | Earnings |
MDB | Mongodb | $15.2 b | Jun 4, 2025 | Earnings |
RBRK | Rubrik | $17.9 b | Jun 5, 2025 | Earnings |
AVGO | Broadcom | $1,075.4 b | Jun 5, 2025 | Earnings |
DOCU | Docusign | $17.1 b | Jun 5, 2025 | Earnings |
UNRATE | Unemployment Rate | Jun 6, 2025 | Economic Event |
Availability This Week
I’ll be in San Francisco all week and available for meetings, calls, or press background. Reach out if you want to talk about crypto, AI chips, search or anything in between.
Written reports are available to clients, with video summaries on YouTube, and of course our popular summaries of the summaries on Instagram, TikTok, and YouTube Shorts.
I hope these notes are helpful to you. I’d love to discuss them further and, as always, comments, questions and ideas are appreciated. If you have a friend or even a frenemy whom you think might benefit from this note, have them reach out and I’ll put them on the list.
The information here is provided for informational purposes only and should not be construed as legal, financial, or professional advice. While we believe the facts are accurate, belief is not a substitute for diligence, and we offer no warranties.
This message and any attached files or graphics are confidential and intended only for the named recipient. If you received it in error, please alert the sender and delete it. Any unauthorized use—including tweeting cherry-picked quotes for clout—is prohibited. This is not an offer to buy or sell securities. Investment decisions should be made independently, and preferably with a professional who doesn’t own a ring light. We may retain this communication indefinitely. By reading and acting on it, you agree to the above.
We do not endorse or guarantee the content herein and have no obligation to update or correct any information that may be found to be inaccurate or incomplete. The full context and additional information may be necessary for a complete understanding of this communication, which may be known only to the intended recipient.
We may retain and archive copies of written communications, including emails, indefinitely. This may include this note and any replies to it. By reading and acting upon the contents of this email, you acknowledge and agree to the terms outlined in this disclaimer. If you do not agree with these terms, please notify the sender immediately and delete this note.
Reply