May 2026 Newsletter

Firm Updates

Congratulations to our colleague on a well-deserved promotion, and welcome to our newest team member who joined this past quarter. We are also actively expanding the Investment Team with the search below.

Promotions

• William Garrison: Director, U.S. Trading — (21 Years with TimesSquare)

New Hires

• Mitch Murdock, Ph.D. Equity Research, Associate – Biopharmaceuticals

Open Positions

• U.S. Research Analyst – Technology

Latest Vehicle Launch

TimesSquare Quality Mid Cap Growth ETF (TSCM) This product leverages TimesSquare’s 25-year investment history of creating quality growth portfolios into a taxefficient and transparent ETF structure. We believe TSCM fills the necessary gap of actively managed mid cap growth ETFs being offered in today’s marketplace.

$42M AUM (as of 05/7/26)

Read the full Press Release here.

Complexity Is the Moat: How AI Expansion Is Widening Cybersecurity's Opportunity

Executive Summary

As AI adoption accelerates, cybersecurity is becoming an increasingly critical area of enterprise investment. The growing use of AI-generated code, autonomous systems, and machine-speed attacks is expanding the cyber threat landscape and driving demand for advanced security platforms capable of protecting complex digital environments.

Recent developments from leading AI providers reinforce the importance of established cybersecurity vendors, as enterprises prioritize independent security controls, governance, and real-time threat response. Rising breach costs and increasingly sophisticated AI-powered attacks continue to elevate cybersecurity spending as a missioncritical priority.

At TimesSquare, we believe cybersecurity represents a durable, long-term growth opportunity. Our investments in companies such as JFrog and Palo Alto Networks reflect our conviction that businesses enabling secure AI deployment, software supply chain protection, and integrated cybersecurity platforms are well-positioned to benefit from this multi-year structural trend.

‍

Research Analyst Deep Dive  –  Resiliency and Sovereignty in International Markets

In 2026, the global investment landscape is being reshaped by the focus on resilience and sovereignty across different regions. Energy independence, defense, and technology infrastructure are some vital areas for investment. The ongoing conflict in Iran has further underscored the critical necessity of national resiliency, forcing a re-evaluation of global supply chains and energy dependencies. Global priorities are shifting from efficiency toward resilience and strategic autonomy.

‍

‍

‍

‍

‍

‍

‍
‍

Thematic Outlook

The Surge in Defense and Infrastructure Spending

• Strategic Infrastructure Built-up: There has been a decisive shift from purely green initiatives toward Energy Sovereignty.
• Supply Chain Decoupling: Capital is flowing into domestic and local processing hubs to shorten vulnerable global supply lines.

Energy & The Derivative Implications

• Strategic Industrial Input: We view energy as a strategic industrial moat rather than a mere commodity. In a decoupled world, lowcost, reliable power becomes the primary determinant of a nation’s manufacturing competitiveness.
• Power-Dense Infrastructure: The AI-Energy Nexus is driving unprecedented demand for base-load power, forcing a massive recapitalization of aging electrical breakthroughs to support both high-tech data centers and re-industrialized manufacturing bases.

Metals & Mining

• Governments are increasingly backstopping once-uneconomic projects, particularly in critical minerals and energy, creating a new sovereignty premium for infrastructure and extraction assets.
• Sovereignty Premium: Investors are pricing in the security of ally-sourced minerals over the lowest-cost global spot price.

‍
Regional Deep Dive

Europe: Defense & Energy Transition

Energy independence remains a dominant structural theme, with large-scale spending packages scheduled to begin in 2026 expected to create significant tailwinds for infrastructure and defense.

• The Grid Overhaul: Implementation of a ~€1.2 trillion¹ plan to upgrade and digitize the EU’s power grid by 2040, prioritizing cross-border connectivity and high-capacity renewable integration.
• Defense Industrialization: The €1.5 billion² European Defense Industry Program (EDIP) is now addressing urgent production bottlenecks to ensure the domestic industry can meet immediate security challenges.

Japan: Electrification & Efficiency

As an energy-importing country, Prime Minister Takaichi’s reform agenda emphasizes energy independence.

• Energy Resilience & Security of Supply: Under the 2026 mandate, Japan’s energy strategy was shifted to a nuclear-led and national resilience-focused model. New utility-scale renewable projects are increasingly required to include co-located BESS (Battery Energy Storage Systems) to prevent grid curtailment and manage peak demand. As a result, grid-scale BESS applications in Japan have surged, reaching over 170 gigawatts as of March 2026.³ Please see important disclosures on pages 7-8. 2 / 8
• Supply Chain Nationalism: The country is moving away from foreign-made (predominantly Chinese) silicon panels by subsidizing the rollout of domestically made products.
• Energy Efficiency is treated as a core pillar. New 2026 mandates require medium-scale non-residential buildings to meet the same strict energy-saving standards as large facilities. The government is also funding advanced cooling technologies to ensure the grid remains stable as power demand from AI and data centers is projected to triple over the next decade.

Australia: Strategic Mining

• From Exporter to Supply Hub: Australia is undergoing a structural evolution, moving from a generic raw material exporter to a critical security-of-supply hub for the Western alliance. It is increasingly the primary node for friend-shoring strategies within the Indo-Pacific.
• Resource & Energy Convergence: With its access to key resources and energy bases as well as rare metals, Australia is well positioned in the new world order.

Bottom Line

As countries and regions accelerate efforts to redefine strategic autonomy and long-term growth vectors, we believe our broad, crosssector generalist framework, combined with deep local expertise, is well positioned to capture these multi-year, multi-sector opportunities. Small and mid cap companies, in particular, stand to disproportionately benefit as these strategic priorities are implemented, often serving as the primary beneficiaries of policy-driven capital allocation. By focusing on businesses with sustainable competitive advantages, strong balance sheets, and disciplined management teams aligned with shareholders, we believe this complex environment can yield attractive, risk-adjusted returns for our clients.

“The same force disrupting every other software category is writing the growth story for cybersecurity.”

‍

‍

‍

‍

‍

‍

‍

Complexity Is the Moat: How AI Expansion Is Widening Cybersecurity's Opportunity

Generative AI has resulted in broad based sell-off in software stocks and cybersecurity stocks haven’t been immune either. However, the broad-based sell-off in cyber names seems misplaced. After Anthropic rolled out Project Glasswing and Claude Mythos Preview, OpenAI quickly followed with GPT-5.4-Cyber, a targeted model for defensive use-cases being deployed in a limited way to approved security vendors/organizations. OpenAI’s rollout to vetted cyber vendors including Palo Alto Networks (Nasdaq: PANW) and CrowdStrike Holdings (Nasdaq: CRWD), coming right on the heels of Anthropic’s, reinforces the same core point; rather than declaring war on cyber vendors, these labs are doing close to the opposite by explicitly bringing key cyber vendors into the tent as launch partners. These labs explicitly recognize that their models require enterprise-grade security frameworks to function safely within complex corporate environments, reinforcing the value of established cybersecurity platforms rather than seeking to disrupt them.

The advancement of AI creates a more dangerous landscape where threat actors can exploit new technologies just as effectively as defenders. The proliferation of machine-speed traffic and ephemeral non-human identities has drastically expanded the attack surface, making zero-trust processes more critical than ever. While AI may commoditize repetitive tasks such as basic code hygiene and patch suggestions, the overall security environment is becoming increasingly chaotic. This complexity shifts the true value upward toward orchestration, governance, and incident response. More AI-generated code, more agentic traffic, more ephemeral non-human identities, more open source dependencies, and more autonomous experimentation all widen the attack surface. As AI-generated code and autonomous experimentation increase, the resulting messiness underscores the need for sophisticated enforcement and telemetry that only leading cybersecurity platforms can provide.

The urgency is driven by a rapidly accelerating threat landscape. Recent data from Microsoft suggests that 80% to 90%⁴ of all phishing cyberattacks now leverage AI in some capacity, making them more sophisticated and harder to detect. The speed of these attacks has reached a breaking point; Palo Alto Networks recently noted that hackers can now break in and steal data in under an hour.⁵ That is four times faster than just a year ago. This isn't just a technical headache; it’s a massive financial liability. The average cost of a data breach in the U.S. now exceeds $10 million.⁶ The cost of "getting it wrong" has never been higher.

‍

‍

Crucially, the rise of powerful AI models actually increases the need for independent security providers. Companies are unlikely to trust an AI developer to grade their own homework when it comes to safety. Instead, they are layering specialized security controls around their AI workloads to prevent employees from leaking sensitive data and to block autonomous bots from being weaponized by bad actors. This creates a "redundancy by design" that favors incumbent security vendors with established relationships within the enterprise.

How is TimesSquare positioned for this secular change?

At the time this piece was written, we maintain an active overweight to the cybersecurity space, expressed through a select number of positions across our small- and mid-cap portfolios. Importantly, we believe we are still in the early innings of AI-driven cybersecurity challenges, which we expect to drive sustained demand for innovative solutions. One such investment held across both strategies is JFrog Ltd (Nasdaq: FROG). JFrog is a software development company that provides a comprehensive software supply chain platform, offering end-to-end visibility, security, and control to automate the delivery of trusted software releases.

We believe JFrog is well-positioned to benefit from AI-driven growth. As demand for enterprise applications, development tools, and security solutions increases, so too should platform usage and workloads. In addition, heightened cybersecurity risks and evolving compliance requirements are accelerating the adoption of its security and add-on offerings, creating incremental revenue opportunities.

In our view, JFrog is particularly well-positioned among software developer tools companies to capitalize on this trend. Its universal platform enables customers to manage growing volumes of AI models and binaries across multi-cloud environments without vendor lock-in. Combined with its integrated security capabilities and natural upsell opportunities, we believe JFrog has the potential to become a foundational “liquid software” backbone for continuous, automated software delivery in the AI era.

A second investment held in our Mid Cap Strategy is Palo Alto Networks (Nasdaq: PANW). Palo Alto is a leading cybersecurity platform helping enterprises secure increasingly complex environments across network, cloud, AI, and endpoint.

We see the company as a direct beneficiary of generative AI adoption. As enterprises deploy AI at scale, both network traffic and identity complexity are rising, driving incremental demand for security across SASE, firewalls, and identity layers. At the same time, AI is expanding the threat landscape, enabling more sophisticated attacks while increasing the risk of internal data leakage, further elevating cybersecurity as a mission-critical spend priority.

Palo Alto’s inclusion in Anthropic’s Glasswing initiative provides early access to advanced AI models, strengthening its competitive positioning versus smaller vendors. In parallel, the company is benefiting from a structural shift toward vendor consolidation, as customers move away from fragmented point solutions to integrated platforms.

With a large installed base of over 70,000 customers and only a small portion fully onboarded to its platform, we see a significant runway for expansion. Platform adoption typically leads to higher retention and increased spend per customer, reinforcing durable growth. Recent acquisitions, including Chronosphere and CyberArk, further enhance this opportunity, particularly in identity security, where the rapid growth of non-human identities is creating a new and underappreciated layer of demand.

We believe Palo Alto can sustain mid- to high-teens revenue growth while expanding margins, driving low-20% operating income growth over the next several years.

Why This Matters for Long-Term Quality Growth Investors

Looking ahead, we expect this tailwind to become increasingly visible in corporate earnings over the next 12 to 18 months. As businesses move from "testing" AI to "deploying" it, they must first build the digital fences to keep it safe. For investors, the takeaway is clear: the complexity of the current threat environment creates significant barriers to entry for new competitors and a growing, addressable market for the leaders in the space. Consistent with our approach, we seek to look beyond near-term volatility and identify underappreciated opportunities driven by secular change rather than market narratives. As AI adoption accelerates, cybersecurity is evolving from a defensive allocation into a core growth opportunity, one where long-term fundamentals may prove stronger than current expectations. Cybersecurity is no longer just about protecting value; it is about capturing it by positioning yourself on the right side of a multi-year structural trend.

Strategy Performance

Updated Profiles & Commentaries Here‍

TimesSquare News & Insights

Inside the Investment Room (March 2026)

In the latest edition of Inside the Investment Room, we explore a global shift from efficiency to security as geopolitical tensions and supply chain vulnerabilities reshape capital allocation. Governments and industries are prioritizing resilience, driving investment across energy, defense, infrastructure, and critical minerals while redefining competitive dynamics across regions. We examine how this transition is creating a sovereignty premium, where strategic necessity increasingly guides capital flows, and highlight where long-term opportunities are emerging amid structural change. As markets evolve under policy driven forces, disciplined bottom-up investing remains key to identifying companies positioned to benefit from this new era of resilience.

The Business Brew Podcast, feat. Sonu Chawla, CFA

In the latest episode of The Business Brew, host Bill Brewster, CFA, JD, sits down with Sonu Chawla, CFA, Portfolio Manager of the TimesSquare Quality Mid Cap Growth ETF (TSCM). Sonu shares her “Growth with a Conscience” philosophy, focused on disciplined valuation, strong management teams, and identifying companies early in their growth journey.

‍Inside the Investment Room (February 2026)

In the latest edition of Inside the Investment Room, we examine market rotation as AI investment accelerates. AI-driven capex is fueling demand across cyclicals, including industrials, energy, and materials, while creating new competitive pressures elsewhere. We highlight where opportunities are emerging, where caution is warranted, and why disciplined, bottom-up stock selection remains essential in a market defined by dispersion.