Academy Sports and Outdoors, Inc.

Hello, and welcome to CrowdStrike's fiscal second quarter 2026 financial results conference call. At this time, all participants are in a listen-only mode. After the speaker's presentation, we will conduct a question and answer session. Please be advised that today's conference is being recorded. I would now like to hand the call over to Maria Riley, Vice President of Investor Relations. Maria, please go ahead.

Good afternoon, and thank you for your participation today. With me on the call are George Kurtz, Chief Executive Officer and Founder of CrowdStrike, and Bert Podbear, Chief Financial Officer. Before we get started, I would like to note that certain statements made during this conference call that are not historical facts, including those regarding our future plans, objectives, growth, including projections, and expected performance, including our outlook for the third quarter and fiscal year 2026, and any assumptions for fiscal periods beyond that are forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995. These forward-looking statements represent our outlook only as of the date of this call. While we believe any forward-looking statements we make are reasonable, actual results could differ materially because the statements are based on current expectations and are subject to risks and uncertainties. We do not undertake and expressly disclaim any obligation to update or alter our forward-looking statements, whether as a result of new information, future events, or otherwise. Further information on these and other factors that could affect the company's financial results is included in the filings we make with the SEC from time to time, including the section titled Risk Factors in the company's quarterly and annual reports. Additionally, unless otherwise stated, excluding revenue, all financial measures disclosed on this call will be non-GAAP. A discussion of why we use non-GAAP financial measures in a reconciliation schedule showing GAAP versus non-GAAP results is currently available in our earnings release, which may be found on our investor relations website at ir.crowdstrike.com or on our form 8K filed with the SEC today. With that, I will now turn the call over to George.

Thank you, Maria, and thank you all for joining our Q2 FY26 earnings call. Reflecting on our second quarter, the key theme was reacceleration. We've talked about reacceleration coming in the back half of this fiscal year. It's here now. I'm proud of CrowdStrike's ability to deliver reacceleration, our return to year-over-year net new ARR growth, a quarter early. Our reacceleration is driven largely by AI necessitated demand for the Falcon platform and stellar execution across the business. Q2 was a robust quarter where we exceeded all guided metrics. Highlights included, one, record Q2 net new ARR of $221 million, double digit millions ahead of our expectations, showcasing accelerating net new ARR. Two, ending ARR of $4.66 billion, growing more than 20% year over year. Three, record Q2 free cash flow of $284 million, or 24% of revenue. Four, record operating income of $255 million, or 22% of revenue. Five, total revenue growth of 21% year-over-year, reaching $1.17 billion and exceeding the high end of our guidance. Six, cloud next-gen identity and next-gen SIM platform solutions are now more than $1.56 billion in ending ARR, growing more than 40% year-over-year. And seven, we surpassed the 1,000 Falcon Flex customer milestone, with the average Flex customer representing more than $1 million of ending ARR. Building on last quarter's Reflex momentum, now more than 100 customers have already Reflexed. We're very pleased with adoption rates, seeing so many customers Reflex validates the Flex model and illustrates customers accelerating consolidation with CrowdStrike. Quarters like this one highlight our momentum and progress on the path to $10 billion in ending ARR. Setting new records, achieving net new ARR reacceleration sooner than anticipated, and rising competitive win rates highlight CrowdStrike leading the way in cybersecurity. Our innovative solutions are winning at scale, like exposure management, which surpassed 300 million in ending ARR and was named a leader in the 2025 IDC worldwide exposure management market scape. CrowdStrike's market leadership was further reflected in Gartner's latest magic quadrant for endpoint protection platforms, where we were placed in the leader box for the sixth consecutive year. Our position was furthest right for completeness of vision and highest for ability to execute out of all vendors for the third year in a row. In cybersecurity, as well as the broader technology market, AI's impact is palpable. As organizations of all sizes embrace AI transformation, I hear several thematic concerns from executives and boards. One, where is shadow AI emerging in my business? Two, how do I control what data enters AI systems? Three, how do I control what AI systems can do in my enterprise? Which ultimately leads to the focal question of four, how do I secure AI agents? AI has made the role of CISOs and COOs more complicated than ever. Answering these four questions is far too difficult, expensive, nuanced, conditional, and incomplete. At the same time, adversaries are now using AI democratizing destruction at mass scale. Our threat intelligence research uncovered Famous Chalima, a North Korean nexus group using Gen AI to infiltrate more than 320 enterprises by automating fabricated resumes and conducting deep fake interviews. The threat is real. CrowdStrike's role in the agentic era is staying ahead of AI-armed threat actors to secure AI at every layer, beginning with the AI model itself, to the workloads and hosts on which they run, to the actual human and agentic identities, to the end-user devices accessing these systems and applications. In this time of societal and technological revolution, we secure where AI happens. Enterprises are quickly realizing AI security is not a network problem. AI doesn't happen in transit. Model creation and AI development happens in the cloud and in the data center. AI adoption happens at the endpoint on the computing device itself. And AI access happens by users with human and increasingly non-human machine identities. CrowdStrike secures each of these attack surfaces. We deliver AI for security, where we revolutionize security operations with our own SOC agent, Charlotte. We also deliver security for AI, helping the world securely adopt the power of agentic outcomes. This combination, grounded in our data foundation, is a competitive moat. You can't just stitch or acquire a unified, AI-native platform. AI security's primary enforcement mechanism is not and will not be the firewall. AI security must be on the devices, workloads, data, and identities anywhere, everywhere, and always on. AI security, and now enterprise security in the agentic era, is fundamentally a data, speed, and enforcement problem, one that CrowdStrike solves today and is uniquely positioned to solve tomorrow. Driving adoption of the Falcon platform as the operating system of cybersecurity is our next-gen SIM. Every day, customers are discovering the power of our native hyperscalable data foundation to solve their most complex security and IT problems. Falcon Next Gen SIM had a stellar Q2 with year-over-year growth of more than 95% and ending ARR of more than $430 million. Next Gen SIM is becoming synonymous with AI SOC transformation, akin to upgrading from a typewriter to a computer, unlocking new capabilities, cost efficiencies, and agentic speed. A leading global 2000 communications platform chose NextGen SIM in a highly competitive 7-figure legacy SIM replacement. Synthesizing EDR and third-party data proved easier, faster, and more effective than going with a network-first SIM product. And we're not stopping. Today, we're incredibly excited to announce our intent to acquire ONIM, a leading data pipeline platform. Built on a proprietary, stateless, in-memory architecture, we believe ONIM is the perfect complement to Next Gen SIM. It offers unparalleled speed, scale, and efficiency in onboarding to Next Gen SIM while giving customers control of their data. ONIM will bring Falcon's AI-powered detections closer to third-party data sources in pipeline, starting analysis before data even enters the Falcon platform. Here's why ONIM stood out to us. One, speed. ONIM delivers five times more events per second than its nearest competitor and processes data in real-time versus legacy batch and store methods. Two, cost. ONIM's smart filtering reduces data storage costs by 50%. Three, superior outcomes. ONIM's real-time pipeline detection starts before data enters the Falcon platform, delivering up to 70% faster incident response with 40% less ingestion overhead. If our next-gen sim is the engine that powers the modern SOC, then data is the fuel that makes the engine run. ONIM is both the pipeline and the filter. Streaming high-quality, filtered fuel quickly into the engine to drive robust, efficient, and superior performance. With ONUM, CrowdStrike will align with each stage of the AI lifecycle, ingestion and detection of data, filtration and optimization of data, as well as actioning and enforcement to produce high-fidelity, autonomous outcomes across security and non-security use cases. Before, migrating data into Next-Gen SIM was a long pole in a displacement tent, often requiring third-party tools. Our acquisition of Onum is a direct response to a growing chorus of frustration with the incomplete data and punitive costs from today's third-party tools. We're forging a new path. ONIM and Next Gen SIM will enable CrowdStrike customers to focus on earlier in pipeline detection, blazing fast data streaming, and high fidelity data filtration, optimizing the agentic Next Gen SIM experience. Most importantly, the acquisition of ONIM will give our customers control of their security, observability, and IT data, uniquely positioning CrowdStrike as our customer's data foundation. With our performant data platform as its foundation, CrowdStrike is rapidly expanding our pace of AI innovation. Charlotte is our agentic SOC analyst, automating actions and now end-to-end autonomous workflows across the SOC. Charlotte had a record quarter growing more than 85% over Q1. We're embedding Charlotte across the entirety of the Falcon platform, empowering customers to achieve their agentic security goals out of the box with immediate ROI. Charlotte is constantly learning and improving as we train it on our market-leading threat intelligence, battleground incident response, and scaled Falcon Complete MDR analyst behavior. As one of cybersecurity's largest MDRs, our Falcon Complete SOC data is akin to the encyclopedia of threat telemetry, resulting in a powerful cybersecurity AI feedback loop. Our unique cyber data advantage coupled with our data science expertise create a reinforcement learning flywheel, continuously adapting and improving autonomous detection and response. The outcome is Charlotte turning our data mode into a fortified and dynamic AI wall. Our customers are facing AI disruption which is driving our next-gen identity business. As agentic identities proliferate, customers require an identity security solution to safely leverage agentic AI, preventing exploitation, misuse, and breaches. We recently announced the launch of Next-Gen Identity Protection, which extends our best-in-class identity protection to non-human identities, or NHI, SaaS applications, and most importantly, AI agents. Including Falcon Shield, our Next-Gen Identity Protection business exceeded $435 million of ending ARR in Q2, growing more than 21% year over year. Based on customer demand and seeing another opportunity to innovate, we launched our own PAM offering in Q1. Elevated uncertainty around the future of legacy PAM tools is driving heightened interest in our next-gen PAM solution. Driven by the excitement for next-gen identity protection and next-gen privilege access, these new solutions significantly expand our identity opportunity. A leading global consulting firm decided to replace their legacy PAM after years of frustration with cost, limited efficacy, and point product woes. Our ability to deliver privileged account password rotation, privileged user identification and risk assessment, privileged escalation detection, user risk profile insights, and flexible MFA controls for different departments help this customer consolidate with confidence. With nothing new to deploy, this customer seamlessly met all device trust, escalating privilege, and cyber insurance requirements. Moving to our cloud business, the rapid adoption of AI has placed a spotlight on the importance of securing cloud infrastructure at runtime. While out-of-band posture tools can lend an overall view of security health, they are incapable of stopping breaches. CrowdStrike is a leader in cloud runtime protection, with the largest and most sophisticated enterprises trusting us to protect their most critical production environments. With the need to secure AI as a backdrop, we delivered impressive net new ARR in cloud this past quarter. Total cloud ending ARR exceeded $700 million, growing more than 35% year over year. A Fortune 500 energy supplier selected Falcon Cloud Security in a seven-figure win. The ease of adoption for our single-platform approach and having ASPM already natively integrated drove this win. Our ASPM reduced months of manual work into minutes. Through this upsell, Falcon Cloud Security consolidated more than 10 point products across CNAP, CSPM, ASPM, CDR, and container security. Contributing to our platform growth is our revolutionary Falcon Flex model, helping customers accelerate and maximize Falcon platform adoption. In Q2, we crossed 1,000 Falcon Flex customers, adding more than 220 new Flex customers. Not only are we and our partners successfully landing new Flex deals, we also continue to see increases in, one, platform adoption. Utilization of Flex contracts is more than 75% across the Flex customer base. Two, reflexes. We more than doubled the number of reflexed accounts to nearly 10% of all Flex customers. In just an average of five months from their initial Flex subscriptions, this cohort of Flex customers found themselves wanting more modules and more consolidation. Reflexes, on average, are yielding a nearly 50% uplift in flex customer ending ARR, illustrating the strength of the Falcon platform and the power of our game-changing licensing model. Reflex activity gives us conviction in our net new ARR acceleration, highlighting the difference between a one-time ELA and the recurring flex model. A lighthouse example of the reflex motion was with a Fortune 500 software firm which completed an 8-figure reflex. 18 months prior to their initial flex subscription expiration, this customer decided to take their next strategic step with CrowdStrike, enabling them to modernize their SOC by replacing a legacy SIM and a hyperscaler SIM. They also adopted Charlotte to agentify threat hunting and SOC operations. What was recently a very successful flex has become an even more impressive reflex. Consolidation isn't just a phenomenon with our customers. We also see it with our ecosystem partners. Diverse partner types are continuing to standardize on Falcon as their cybersecurity platform of choice. Take Red Canary, an MDR focused on the mid-market to small enterprise recently acquired by Zscaler, one of our strategic technology partners. Red Canary decided to consolidate and migrate their legacy point product EDR install base of more than 100,000 endpoints across hundreds of customers onto Falcon. Through a multi-million dollar Q2 transaction, Red Canary is migrating these customers to CrowdStrike, where they will enjoy Red Canary's MDR services delivered on the Falcon platform. Red Canary is just one of the many MSSPs who build their business on CrowdStrike. Further into the SMB market, Amazon Business Prime selected CrowdStrike Falcon Go for millions of businesses around the world. Business Prime members now receive Falcon Go as part of their subscription, opening a significant sub-100 user TAM. This partnership highlights our ability to strategically monetize new markets and migrate underserved segments from legacy ineffective technologies. And lastly, industry stalwarts like NVIDIA continue to choose CrowdStrike as their cybersecurity partner of choice. With our recently announced integration of Falcon Cloud Security with NVIDIA Universal LLM NIM Microservices and NEMO Safety, NVIDIA customers now benefit from full AI lifecycle protection for over 100,000 LLMs through Falcon. Partners sourced over 60% of Q2 new business, highlighting our ecosystem's competitive advantage and leadership across all customer segments. I started my remarks talking about acceleration. AI is accelerating every aspect of our society and revolutionizing the way we work, but it's also accelerating the adversary. I know all too well that there is no peacetime in cybersecurity. The adversary never rests. The world is soon to embark on the largest arms race ever, the arms race over AI superiority. The world's AI infrastructure necessitates protection from development to deployment, from cloud to endpoint, and from human to agent. CrowdStrike isn't just a passenger in this revolution, we're driving it. We're becoming the foundation of our customers' AI future, delivering the security platform that makes AI transformation possible. Looking forward, AI-driven market demand and customer-driven consolidation brought together by our revolutionary Flex licensing model drive my belief in sustained growth. In light of the demand environment and our platform superiority, our guidance now assumes back half net new ARR will grow at least 40% versus last year. With that, I'll turn the call over to Bert Podbear, CrowdStrike CFO.

Thank you, George, and good afternoon, everyone. We delivered a strong second quarter, exceeding expectations across all guided metrics. We achieved record Q2 net new ARR of $221 million and net new ARR reacceleration a quarter ahead of our expectations, growing ending ARR to $4.66 billion, up 20% over last year. Market demand for our AI native Falcon platform and Falcon Flex subscription model drove strength across the business. The number of deals with total deal value over $10 million doubled year over year, and we reached a new milestone of 800 customers with ending ARR exceeding $1 million. As George highlighted, customers are increasingly consolidating their security operations onto the Falcon platform as they modernize their security stack for the AI era. This momentum is reflected in our module adoption metrics, with 48%, 33%, and 23% of subscription customers adopting six, seven, and eight or more modules, respectively. Most notably, among our customers with over $100,000 in ending ARR, we reached a new milestone with 60% adopting eight or more modules, demonstrating the power of our platform consolidation strategy. Looking into the back half of the year, the combination of strong Falcon Flex momentum, record Q3 pipeline, and increasing demand for our AI-powered innovations reinforces our conviction in driving year-over-year growth acceleration in both net new ARR and ending ARR. Moreover, we have a clear line of sight to well exceed the $5 billion ending ARR milestone by fiscal year end, achieving the ambitious goal we set in 2022 as we execute on our path to $10 billion in ending ARR by FY31. Moving to the P&L, total revenue exceeded our guidance range and grew 21% over Q2 of last year to reach $1.17 billion. Subscription revenue grew 20% over Q2 of last year to reach $1.10 billion and professional services revenue was a record $66.0 million. The geographic mix of second quarter revenue consisted of approximately 67% from the U.S. and 33% from international geographies, with both U.S. and EMEA year-over-year growth accelerating compared to Q1. Total non-GAAP gross margin was 78%, and non-GAAP subscription gross margin remained best in class at 80% of revenue. Total non-GAAP operating expenses in the second quarter were $652.5 million, or 56% of revenue. In the second quarter, non-GAAP operating income was a record $255.0 million, and operating margin was 22%, exceeding our guidance. Strong top-line performance and efficiency gains from our strategic plan drove the outperformance in profitability, highlighting our commitment to profitable growth as we accelerate net new ARR growth and execute on the path to achieving our target operating model. Gap net loss attributable to CrowdStrike was $77.7 million and included $35.7 million of expenses for outage and related matters and $38.4 million of strategic plan related charges. Non-GAAP net income attributable to CrowdStrike was a record $237.4 million, or 93 cents, on a diluted per share basis, exceeding our guidance. In Q2, our long-term projected non-GAAP tax rate decreased to 21% from 22.5%, reflecting recent changes in tax legislation and resulting in a 3-cent benefit on a diluted per share basis. Moving to cash, our cash and cash equivalents grew to a record $4.97 billion. We generated record Q2 cash flow from operations of $332.8 million and record Q2 free cash flow of $283.6 million, or 24% of revenue. Expenses for outage-related and strategic plan costs impacted Q2 free cash flow by approximately $29 million. Moving to our outlook and modeling notes, our leadership is showcased by our record Q2 performance, strong Falcon Flex adoption and expansion, continued strong retention rates, and broad success across our AI-powered Falcon platform. This momentum further bolsters our conviction in continued net new ARR acceleration for the back half of FY26. While we do not guide to ending ARR or net new ARR, our revenue guidance includes the following assumptions. high single-digit sequential net new ARR growth Q2 to Q3, and at least 40% year-over-year net new ARR growth for the back half of the fiscal year, bringing ending ARR growth for FY26 to more than 22%. Our revenue guidance also assumes a wider than typical range for professional services given the strong Q2 performance. Additionally, as we discussed last quarter, as a result of our successful CCP and related partner programs, our ARR to subscription revenue assumptions includes a separation of $10 to $15 million per quarter through Q4 when this impact begins to subside. We ask that you please reflect this when updating your models. Moving to cash, payments related to strategic plan costs are expected to be de minimis in Q3, and we expect to make Q3 cash payments of approximately $51 million in connection with outage-related costs. As previously discussed, we expect to exit this fiscal year with a free cash flow margin of 27% in Q4, expanding to more than 30% for the full year FY27. Moving to our outlook, for the third quarter of FY26, we expect total revenue to be in the range of $1,208.0 to $1,218.0 million, reflecting a year-over-year growth rate of 20 to 21%. We expect non-GAAP income from operations to be in the range of $256.0 to $262.0 million, and non-GAAP net income attributable to CrowdStrike to be in the range of $238.1 to $242.8 million. We expect diluted non-GAAP net income per share attributable to CrowdStrike to be approximately 93 to 95 cents, utilizing a 21% tax rate and weighted average share count of approximately 257 million shares on a diluted basis. For the full fiscal year 2026, we currently expect total revenue to be in the range of $4,749.5 to $4,805.5 million, reflecting a growth rate of 20% to 22% over the prior fiscal year. Non-GAAP income from operations is expected to be between $1,000.1 and $1,040.1 million. We expect fiscal 2026 non-GAAP net income attributable to CrowdStrike to be between $922.4 and $954.0 million. Utilizing a 21% tax rate and approximately 256 million weighted average shares on a diluted basis, we expect non-GAAP net income per share attributable to CrowdStrike to be in the range of $3.60 to $3.72. Finally, Falcon 2025 begins on Monday, September 15th. With over 100 sponsors and over 8,000 attendees, Falcon is going to be our largest customer event yet. We will hold an investor briefing during the conference on Wednesday, September 17th. The briefing will be webcast live on our investor relations website, and we look forward to seeing many of you there. George and I will now take your questions.

Thank you. If you would like to ask a question, please click on the Raise Hand button, which can be found on the bar on the bottom of your Zoom window. You may remove yourself from the queue at any time by lowering your hand. When it is your turn, you will hear your name called and receive a message on your screen notifying you that you may unmute yourself. In the interest of time, participants will be limited to one question. Our first question comes from Andy Nowinski with Wells Fargo. Please unmute your line.

Okay, good afternoon. Thank you for taking the question. So I'm really impressed with the many new products you launched this quarter, particularly on the identity side. But I do have a question around the revenue guidance that you gave for both Q3 and the full year. I'm wondering if the partner rebate program you talked about last quarter, you know, remains in effect for the remainder of the year, or if it goes beyond that. And if so, you know, is that 10 to 15 million per quarter that you just mentioned? I mean, is that I guess, is that factored in, you know, into your revenue guidance, or is there more to it than just the partner rebate program? Thank you. Thanks, Andy.

It's Bert. Hey, first, let me start off by saying that ARR is the best leading indicator of our business. We've used it since we went public. George and I talk about it all the time. First and foremost, we're very pleased with net new ARR performance in the quarter, as well as our record Q3 pipeline. Second, our guidance now assumes back half net new ARR will grow at least 40% versus last year with high single-digit sequential net new ARR growth in Q2 to Q3 and ending ARR growth for FY26 to be more than 22%. Finally, we did give a wider range than typical for pro services and for partner rebates. Last year after the outage, we made an investment in our partners through these programs, and that has paid off and has helped us sustain our high retention rates and accelerating that new ARR. As previously stated, we expect the impact of CCP and special partner programs to subside starting in Q4 of FY26. We would do this all again, Andy, 100% of the time. Making those investments really paid off for us.

And Layla, we can go to our next question.

Your next question will come from Matt Hedberg with RBC.

Great. Thanks for taking my question, guys. You know, George, it was really interesting to hear you talk about identity. It seems like you're having a lot of success there with Shield and even some legacy displacements as well as your Pan-Mac position. Now, given the announced hell about the CyberArk deal, can you talk a little bit more holistically about how you're thinking about targeting the identity market versus some of the pure plays and just kind of how you see this market evolving over time?

Well, yeah, thanks for that. When you look at identity, this is something that we were well ahead of the curve in identifying in 2020, which is why we did the preempt acquisition. We took the time, we've integrated it. It's a key part of our platform and our fabric today. Our customers love it and they want more. They've been asking us for years to come out with a PAM solution, which we did in Q1. They're looking for alternatives and they're looking for a next-gen technology that isn't just legacy, it's stitched together. So from the standpoint of identity, we've identified it very early as a key element to solving the security breach problems that are out there. With the announcement we made this quarter in terms of our next-gen identity, which includes SHIELD, The uptake has been fantastic. We look at the breaches that are happening today. A huge part of that is in the enterprise SaaS market, right? And our product shield combined with our other identity solutions are key in helping prevent these. So I think we're in the perfect spot and we're in a position where customers are demanding alternatives to legacy solutions and we're going to continue to evolve. But the good news is we've been in the market Since 2020, we've recognized identity is critical very early on.

And Layla, we'll take the next question.

Your next question will come from Saket Kalia with Barclays. Please go ahead.

Okay, great. Hey, guys, thanks for taking my question here, and a nice quarter. Thank you. George, maybe for you, thanks a lot for that comment on just the second half net new ARR growth of 40%. That's great to hear and I think very useful. Maybe the question is, what are you seeing from the customers who bought those customer care packages? That of course offered those customers great value in the wake of the outage. How do you maybe think about that net retention in the second half? And just as importantly, how helpful can Falcon Flex be in that process. Does that make sense?

Yeah, it's a great question. And I have to go to the historical numbers on our renewal rates for modules. So 95 plus percent of the time, a customer will renew a module once they adopt it. So I got to start with that. Obviously, CCP was a new element for us, right? But when you look at the value that we provide in these modules and once customers see it integrated into the platform and into their workflows, 95% plus they're going to renew it. So we feel confident that we'll see the CCP grow. packages roll into renewals. And we've spent the last number of months working with customers and making sure that we've got the right level of success there. So I feel good about that. And obviously that will take place in Q3 and Q4. And overall, when you've got the right platform solving real problems that are out there, that's a good thing for us and it's a good thing for customers. Flex, of course, is a big part of that. Remember, our CCP program A lot of it was delivered through Flex. So we were able to seed the market much more rapidly in the Flex licensing mechanism than we would have. So we leveraged this CCP program to actually seed Flex. And now we have the ability to reflex them on those CCP packages as they burn off.

And Layla, we'll take our next question.

Your next question will come from Brian Essex with JP Morgan.

Great. Thank you very much for taking the question. Um, you know, George, I had a question for you on, uh, Odom. Um, it looks like this is, is pushing in the direction of, you know, real-time analysis on streaming data. And I'd love to get your sense of, you know, how this, how you envision this competing against legacy solutions and also, um, how you think it will either compliment or potentially cannibalize what you're seeing on log scale. In other words, from a practical standpoint, how do you anticipate customers utilizing this platform relative to what they're already using on a next gen SIM basis?

Well, first let me say how excited I am about this acquisition. This is something I think really going to supercharge our next-gen SIEM business, which includes LockScale, and something customers have been asking for. They're looking for a modern pipeline technology that will be able to get data, whether it's security data or IT data, from one place to another. But the amazing thing about the technology is the in-pipeline detection. So we can begin doing detections at the point, really, of forwarding for third-party data, which is critical and gives us tremendous flexibility. And it's a great value prop for customers, right? Less data to move around and, you know, quick results, if you will. I think what's important, and I want to reiterate, is our pricing in NextGen SIM is very disruptive. Why is that? Well, we actually don't charge customers for data that CrowdStrike generates. This is why we're seeing so many displacements. If you think about legacy SIMs, people have to take data out of our platform and put it somewhere else and pay for it. They actually don't have to do that with CrowdStrike. They only pay for the ingest of the third-party data. Now, we have other ways to monetize retention and those sort of things, but between Onum and between the way we actually price and the way we can run it because the technology is very scalable, we again think this is a tremendous value for customers and will be disruptive to the market.

And we'll take the next question.

Your next question will come from Gabriela Borges with Goldman Sachs.

Hi, good afternoon. Thank you. George, I actually wanted to revisit some of the dynamics of competition on EDR in particular. One of the things we see in technology is invariably CrowdStrike has been really good at innovating with some of the leading edge modules that you've introduced over the years. Maybe just remind us, how do you feel about EDR? Are you seeing within the Flex contracts equal interest in EDR or are customers maybe, is it all else equal with modules between EDR and some of the newer stuff? And to what extent are you still landing customers on EDR? Thank you.

Well, I mean, two things are important. One is to realize that the modern SOC is built on EDR, and it's built on SIM, and in our case, next-gen SIM. So without that EDR data, it becomes very difficult to manage and execute on next-gen SIM and all the AI elements on top of it. We're the leader, as many third-party organizations have pointed to in that space. We've pioneered it. And we continue to innovate, which is really important. And the thing to remember is when you look at EDR, it's a way to get telemetry into the platform. But then you have all of the other AI elements across the platform. It also then allows the collect once, reuse many philosophy that we have so we can light up all the other modules. And I think a key element is, and customers are seeing this, there is a huge difference in the service layer that we put on top of EDR, things like Overwatch or Complete. Competitors are not even close in this area. So what we're focused on is stopping the breach, and it's a combination of our technology and the service overlay, which is highly automated. But between those, people are really seeing the distinction. And then when you wrap it with NextGen, SIM, and Charlotte AI on top of it, it's really a winning combination. So we're the leader in it. We continue to invest and we continue to innovate. And that's a core part of our DNA.

And Leila, we'll take your next question.

Your next question will come from Joe Gallo with Jefferies.

Hey guys, thanks for the question. It was awesome to see the $700 million in cloud ARR growing 35%. Can you just talk through and update on that competitive environment? Has that stabilized? And where are customers in the journey to vendor consolidation for cloud security? Thank you.

Sure, it's still in the early days. You know, when you look at cloud security, they're really too past to go down, right? CSPM, which is really more of a kind of a vulnerability exposure policy, doesn't really do any enforcement. And that was an easy button for a lot of customers. And certainly vendors had success in that area. I think what people have realized as the market matures a bit is you really need cloud workload protection, which is something that CrowdStrike helped to pioneer. And we have leading technology in that area. So when you combine that with ASPM, right, or DSPM, or SaaS Security Posture Management, and all of the other technologies, we have a very fulsome offering underpinned by cloud workload protection. So given the disruption in the market, we've seen tremendous interest and conversions with customers. So still very early innings, but we are very excited about being one of the largest cloud security providers in the market by revenue. And we continue to invest and innovate there. And I think it's a perfect time given the market dynamics to take advantage of it.

And Layla, we'll take the next question.

Your next question will come from Mike Zicos with Needham. Mike, your line is open. Feel free to unmute.

Laila, maybe we can go to the next question and come back to Mike.

Sure. We'll go to Tal Liani with Bank of America.

Yes. Hi. Can you hear me?

Yes.

Hi, Tal. Perfect. Hi. If you wouldn't tell me that ARR is going to grow 40% a year, 40% year over year in the second half, I would have told you that growth is clearly decelerating because you're growing, ARR is growing on a constant basis, 5%, around 5% a quarter on a sequential basis. And that translates into deceleration on a year over year basis. You started with about 32% last year and every quarter it slows down to about 29%. But now you're giving this guidance of, oh, 40% growth in the second half. And the question is, what drives it and how sustainable is it? So when you think kind of beyond just the year-over-year impact of the CCP, sorry, and what happened last year, how sustainable is this acceleration of growth? Thanks.

Yeah, I'll start and then George could kick in. So there are a lot of factors that give us confidence in the back half. We talk about, you know, how we're a consolidator that continues, AI, that's a big piece of who we are. And I think that when you combine those two with the strength of the platform, these are the things that give customers confidence in going with us. Certainly as we've moved through our journey, the biggest piece that I see out there for us in terms of how we're going to continue to re-accelerate growth is this opportunity for customers to lean in more with us, with Flex. Flex has been extremely well-received. customers are able to easily implement it. It's very easy in terms of to procure. And at the end of the day, it allows customers to be able to use Flex as they need it. And we've already given out a lot of stats with respect to how fast they're burning through their Flex licenses, which has been fantastic for them and fantastic for us. With that, I'll turn it over to George.

Yeah, I think Bert covered sort of the basics financial mechanics around that. I guess what I would comment on is what I hear in the field. I spend day and night with customers and it's all about how we're solving problems that can't be solved by other companies. How we are the number one security product for stopping breaches in some of the largest enterprises around the world and how customers want to go in more with us and consolidate around CrowdStrike. I look at the feedback that I get and I look at the threat environment. We have one of the largest incident response practices in the world and we're in helping non-customers clean up breaches from other technologies that they thought they were getting a good deal on. As I've said in the past, a good deal on a leaky lifeboat isn't really a good deal. When you look at the end goal of saving time, money, and consolidation with the right outcome of stopping breaches, that's what our customers are buying, and that's what I'm hearing. So that's why I get confident in the back half.

And we'll take the next question.

For our next question, we'll return to Mike Zekos with Needham. Your line is open, Mike.

Hi, this is Jeff Hobson on for Mike. Can you guys hear me okay?

Yep.

Perfect. Congrats on the impressive Charlotte AI growth. I was just looking for any insights to specific features that may have pushed customers to adopt, or I guess on the flip side, any hurdles that are keeping some organizations on the sidelines as some are still hesitant to adopt AI overall?

Well, if you look at Charlotte and its maturation, as with many technologies, you know, these technologies mature very quickly. We've invested a lot into Charlotte. And the fact is we spent a lot of time early on on the architecture. So it's not a chat bot, right? It is something as an orchestration layer that is wired into all of our modules. It's wired into our workflows. And it was really designed for agentic security and security use cases. So customers are solving problems. What do I mean by that? Tasks that would take four days to actually investigate and understand and kind of piece things together are now taking an hour. The ability to have Charlotte write reports automatically for you, the ability for Charlotte to triage and act autonomously as a tier one analyst. This is what gets customers excited. And this is really what's powering the next gen SOC. So customers are seeing every release more and more features and more and more capabilities. And just like any gen AI product keeps getting more mature and better and better.

Great. Thank you, George. We'll go to the next question.

Your next question will come from Jonathan Reikhaver with Cantor Fitzgerald.

Yeah, hi. So my question is, when I look at the cloud-native attack surface, to me, it seems like it starts in code with misconfigurations. You have open source vulnerabilities, insecure secrets, and all those issues originate in the development stage. And we've seen synapse move left. They capture issues. Obviously in runtime, but it's often too late. So I'd love to hear your strategy, George, or your view on where CNAPs move to when you look at shift lap. Will we see further move beyond just app sag, container scanning, et cetera?

Like anything else in security, if you could move left and capture these issues before they're put in production, it's going to be a good thing. We've spent time in that area and have technologies. Our ASPM technology covers a lot of that. our container scanning to understand vulnerabilities and open source before things are published um you know understanding what golden images are and providing some guard rails around that so we've invested in those areas we continue to invest those areas i think a big part of it is going to be the ai story of understanding how all these interdependencies work um you know in the build environments um in code and and obviously in sort of these interactions with mcp type services so this is something that you know we continue to invest in in this area and i think the the the ai elements we've already built uh are going to be extremely helpful to solve these challenges in the future and leila will take the next question your next question will come from michelle al with td cowan

Hi, good afternoon. George Orbert, a question which is not being asked frequently on your conference calls in recent quarters. Five billion on your balance sheet. You guys focus predominantly on those stocking acquisitions. We've just seen another one announced this evening. Those have been expanding the platform really nicely. Indeed, we see the great results of those historical investments. It would appear as if nothing transformational is on the horizon. And indeed, there's no need for that right now. What's the current thinking of that utilization? Pretty much steady as she goes, more tuck-ins. How are you guys thinking about it for the second half and obviously for calendar 26 and beyond?

Well, as you pointed out, we have an incredible balance sheet. Myself and Mike Santonis and the team has spent a lot of time looking at the market, looking at the different segments that are out there, and really thinking about strategically you know, where we need to go. We certainly have a history of buying acquisitions and taking the time to integrate them. I mean, this is a hallmark of what we do and a proven track record of not just stitching things together. So we're very thoughtful about these acquisitions. We have a certain sweet spot, which you've seen. Doesn't mean that we can't go outside of that, but we've got to find the right team, the right technology, the right company that makes sense for CrowdStrike. So our number one goal is to be thoughtful, make sure that it's a fantastic user experience for our customer. And we're not just trying to buy ARR for the sake of ARR. It's got to make sense, and it's got to be something that we can execute on and feel really good about.

And with that, we'll take our next question.

Our next question will come from Itai Kidron with Oppenheimer.

Hi, guys, and congrats again on a good quarter. I wanted to go back to Gabriela's question on your core ADR business. If you take a look at your ARR and you exclude your FAB3, your SIEM identity and cloud security, and you look at the ARR growth of your core business, it seems like it's significantly decelerated. It was growing 18% plus a year ago. It's growing 11% now. How should we think about your core business growth going forward? Do you expect stability there? Are there any potential accelerators in that business? Or just given the size, we should expect that business to continue to decelerate going forward?

Yeah, I don't look at it as core. I look at it as platform. And the platform piece actually sets up all the other modules. So when you look at the three that you just articulated, whether it's identity, cloud, next-gen, SIM, it's all predicated on getting the telemetry into the cloud, which starts with EDR. You know, we feel really good about that. And I think when you look across the entire platform, you need to look at it as a platform, not, you know, separate kind of things out. But from my perspective, we continue to innovate there and we continue to win. We continue to drive new business. And I think people, again, looking for the best technologies with the right outcome, stopping the breach, choose CrowdStrike. And that's what we've seen time and time again.

And we'll take the next question.

Your next question will come from Roger Boyd with UBS.

Can you hear me okay? Yes. Awesome. Thanks for taking the question. George, I wonder if you could compare and contrast your businesses in SIM and identity. Both are roughly similar scale, but the growth rates are pretty different. How much of that difference would you attribute to the M&A disruption you've seen in the SIM market? And given what's happening in the identity market, as well as your expanded portfolio there, What's the level of conviction in re-accelerating that identity business from here? Thanks.

Sure, well, identity is a key area for us, as I talked about. Obviously, we've got the next-gen offering that we announced. And I guess the positive news is that identity was a very popular choice for CCP packages. So you'll see a little bit of impact from that. So I think when you look at identity, it is something that is going to continue to be adopted by customers. There's still a lot of white space out there. and um i think when you look at the sim market itself we're in the perfect spot customers are coming to us they've come to us for years saying we want something different we're locked into a vendor we're being charged too much you know give us something that's better faster cheaper that's integrated into your platform and as i mentioned earlier it's pretty disruptive customers are not paying to take data out of our platform and putting it somewhere else. They actually get it, and they're only paying for data they put in. So I feel really good about both of those businesses. And again, when you put them together and you look at how we're solving problems, identity, next-gen SIM, cloud, I mean, these are all critical elements to the future of the company. And I think we've got really good performance around it.

And we will move to the next question.

Your next question will come from Jonathan Ho with William Blair.

Hi, good evening, and let me congratulate you on a strong quarter as well. When we look at cybersecurity to protect agentic AI, you have many of the pieces to help customers solve the AI challenge, yet spending in AI remains fairly fragmented. What are customers buying today? And specific to agentic AI, what categories are you most excited about right now?

Well, certainly customers in the early journey of how they leverage AI and it's moving from, hey, this is really a cool technology to how do we implement it and implement it securely and do it in a way that actually accrues value back to the business. If we believe in AI and we think there's going to be more AI in the future, in the next year, three or five years, then security is a necessity. You're not going to have more AI without security. And what that looks like is everything from... helping organizations create secure models, to deploying those models, to creating guardrails, to creating visibility into these AI agents and protecting them. If you look at what CrowdStrike does, we're the leader in agent security and protecting computers and workloads, right? Which is essentially protecting users, identities, data, workflows. an AI agent is just a superhuman. So we're in the perfect situation to be able to capture protecting all of these super AI agents in the future. And that's a big part of our strategy. So we're working on what's here today. And we're also working on the future of protecting these agents.

And we will move to the next question.

Your next question will come from Adam Borg with Stiefel.

Awesome. And thanks so much for taking the question. Maybe just on exposure management, it was great to hear crossing the $300 million threshold. We'd love to hear the traction you're seeing. And is this really living alongside what you'll call the traditional VM or exposure vendors, or is this displacing them? Any thoughts here would be really helpful. Thanks.

Yeah, it's an exciting business for me. I mean, it's one, you know, in a prior life, I started a company called Foundstone in vulnerability management space. So to see where it's evolved and now into exposure management is exciting. We've got so many assets in terms of, you know, agent vulnerability management. And one of the things, you know, that may have passed some by is that we a few quarters ago added network vulnerability management. And we can do that right from our agents across the network. So that's been very well received. And we've got attack service management and a host of sort of risk management technologies bundled in there. So I think we're really hitting the sweet spot in the market. And then again, it goes to customers want to consolidate. And we've got some great big wins out of it. And I guess the final piece is it's been recognized as a leader in the inaugural IDC marketscape. So all good things and certainly a needed technology. It may sometimes feel a little sleepy, but it's a really rapidly growing business for CrowdStrike.

Thank you. And we'll take our last question.

Your last question will come from Adam Tindall with Raymond James.

Okay, thanks. Save the best for last. I wanted to continue on the acceleration theme. The net new ARR guidance implies another record of net new ARR for Q3. So I guess the first one for Bert, if you could just talk around assumptions for public sector, given that's Fed fiscal year end. And then separately, you previously talked about net new ARR accelerating again in fiscal 27. I wonder if that still holds. For George, real quick, since I'm last here, bigger picture, if I look at your back half guide for net new ARR, you're going to be run rating over a billion dollars on that metric. It's a huge milestone, and I just wonder how you're thinking bigger picture about structural changes or things that you need to do to manage an organization of that size. Thank you.

Hey, it's Bert. I'll take the first part. As we've stated many times, Fed today is not a big piece of our business. But there's a great opportunity for us. The Fed has come out and said they want to run in the private sector. They want to consolidate. They want to reduce costs. They want to become more efficient. That plays right into our sweet spot. So we feel that there's a Fed opportunity out there for us. But those deals, they take time. And we're patient. And we want to land the right deals at the right time. But we're excited about that opportunity. For us, at the end of the day, we've got great certifications with the federal government. And we'll take advantage of it. in terms of you know fy27 we'll give more comments about fy10 fy27 um at the end of our q4 um but you know we're excited about you know just the 40 acceleration net new ar in the back half that that that that to us um should signal to you that we have a lot of confidence in the business and we've got a lot of things that i talked about earlier that give us that confidence in the business George, if you have anything else, go ahead.

Yeah, I guess I would add there's always ways to optimize. I think when you look at go-to-market and you look at how we've evolved from selling modules into selling flex and platform and activation, we've got to organize for success to make sure that we continue to work with our customers around this consolidation journey and activating more flex. And I think we've done a good job of that. But there's different ways to help optimize that. And then we have to take those learnings and apply it to our partner and channel community. We're always looking at, again, how do we optimize and how do you take the platform vision that we have and the execution that we see in the field from a selling perspective and make it as impactful as we can. So I think that will be something we continue to look at.

And that concludes the question and answer session for today. I'll hand it back to George for closing remarks.

All right. Thanks, Maria. So thank you all for joining us today. We look forward to seeing you soon at Falcon 2025. Thank you.