CrowdStrike Holdings, Inc.

Hello and welcome to CrowdStrike's Fiscal Fourth Quarter 2026 Financial Results Conference Call. At this time, all participants are in a listen-only mode. After the speaker's presentation, we will conduct a question and answer session. Please be advised that today's conference is being recorded. I would now like to hand the call over to Andy Nowinski, Vice President of Investor Relations and Strategic Finance. Andy, please go ahead. Thank you.

Good afternoon, and thank you for your participation today. With me on the call are George Kirch, Chief Executive Officer and founder of CrowdStrike, and Bert Podbear, Chief Financial Officer. Before we get started, I would like to note that certain statements made during this conference call that are not historical facts, including those regarding our future plans, objectives, growth, including projections, and expected performance, including our outlook for the first quarter and fiscal year 2027 and any assumptions for fiscal periods beyond that are forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995. These forward-looking statements represent our outlook only as of the date of this call. While we believe any forward-looking statements we make are reasonable, actual results could differ materially because the statements are based on current expectations and are subject to risks and uncertainties. We do not undertake and expressly disclaim any obligation to update or alter our forward-looking statements, whether as a result of new information, future events, or otherwise. Further information on these and other factors that could affect the company's financial results is included in the filings we make with the SEC from time to time, including the section titled Risk Factors in the company's annual and quarterly reports. Additionally, unless otherwise stated, excluding revenue, all financial measures disclosed on this call will be non-GAAP. A discussion of why we use non-GAAP financial measures and a reconciliation schedule showing GAAP versus non-GAAP results is currently available in our earnings release, which may be found on our investor relations website at ir.crowdstrike.com or on our Form 8K filed with the SEC today. With that, I will now turn the call over to George.

Thank you, Andy, and thank you all for joining CrowdStrike's Q4 FY26 earnings call. I couldn't be more pleased with our results. AI is driving elevated demand for the Falcon platform and is a key accelerant for our business. At the same time, AI is weaponizing adversaries to attack with increased speed, sophistication, and precision. We're seeing this play out in real time in the Middle East as emboldened adversaries fuel nation state activity. FY26 was CrowdStrike's best year yet, capped by a blockbuster Q4 where we set new records across the business. Summarizing our results, One all-time record net new ARR of $331 million for the quarter, which grew 47% year-over-year, coming in well ahead of our expectations. For the year, we delivered $1.01 billion in net new ARR of 25% year-over-year, our first year delivering over $1 billion of net new ARR. Two, ending ARR of $5.25 billion, crossing the $5 billion milestone, which accelerated to 24% growth year over year. CrowdStrike is the fastest and only pure play cybersecurity software company to achieve this milestone. Three, record free cash flow of $376 million for the quarter, or 29% of revenue. And for the year, we delivered record free cash flow of $1.24 billion, or 26% of revenue. Four, all-time record operating income of $326 million for the quarter, or 25% of revenue. This is the third consecutive quarter of record operating income For the year, we delivered $1.05 billion of operating income, exceeding the billion-dollar operating income milestone for the first time. Five, record net new ARR from cloud, next-gen identity, and next-gen SIM collectively. Ending ARR for these solutions collectively grew more than 45% year over year. Amidst today's AI backdrop, our endpoint business accelerated for the second consecutive quarter. Six, dollar-based net retention of 115% and gross retention of 97%, showcasing best-in-class durability and stickiness, which leads to my final point. Seven, we delivered $1.69 billion in ending ARR from accounts that have adopted the Falcon Flex subscription model, growing more than 120% year-over-year, turbocharging our land and expand motion. Our Q4 and FY2026 execution showcases CrowdStrike's leadership in every theater, every segment, and every route to market. In our third consecutive quarter of net new ARR acceleration, the voice of the market is clear. CrowdStrike is durable, mission-critical infrastructure for both securing AI and accelerating global AI adoption. We find ourselves in one of the most defining times in the history of modern technology. AI has gone from dreamworks to reality, now increasingly in production across the enterprise. From CrowdStrike's founding, we've been building AI innovation for cybersecurity. Yet the pace of AI innovation is broadly misunderstood. Novel discoveries are often interpreted as the death knells of existing categories. The market is questioning enterprise software's role in an agentic world. It's in moments like these where opportunity is created. In the same way that we anticipated the cloud revolution, we pioneered and built for the agentic revolution. Here's what I see unfolding in the market. we see the AI revolution creating two disparate groups of software companies. Group one, those who are now existentially vulnerable. These are historically nice to have technologies that are productivity features and point products geared to legacy pricing models. Group two, those who will thrive. These are mission critical, trusted infrastructure technologies necessary for global continuity with deep IP. These technologies are net data creators producing novel, fresh and proprietary data that doesn't exist elsewhere. Data that is fuel for the agentic business outcomes. In these companies, proprietary data is just one part of the advantage. The other is trusted enterprise architectural superiority, which drives stickiness, adoption, and scale. Here's why CrowdStrike is winning and how AI is driving even more competitive success for us. One, our competitive moat is becoming an opportunity ocean. Falcon is a vertically integrated net data creator and third-party data aggregator. We generate real-time data that no one else has from customer environments and our world-class threat intelligence. What Frontier AI Labs cannot do, we've been doing for over a decade. Cyber-reinforced learning from human feedback, or RLHF, at scale. Our MDR analysts, threat hunters, and incident responders produce expert-labeled data as a byproduct of operations. These labels don't come from internet text. They come from stopping real breaches in real time. ThreatGraph correlates more than a trillion security events per day across approximately 2 trillion vertices, analyzing 15 plus petabytes of data. Structured, queryable, security signals at scale no one can replicate. Frontier models can augment security, summarize alerts, draft queries, speed up triage. That's extremely valuable, but stopping breaches requires sensors, real-time telemetry, continuous expert validation, and enforcement. A closed-loop system, not a text model. As our technology evolves, our data improves. As our data improves, our platform evolves. As our experts validate outcomes, our AI agents get better. This is a flywheel and network effect that no one else has in cybersecurity at our size and scale, and it's how we stand behind our brand promise of stopping breaches. This dynamic is not cyclical. It is structural. Two, we win because Falcon is purpose-built for securing AI at every layer. The layers of the new AI stack are the attack surface of the future, and Falcon can secure all of them. AI must be secured at every level, including, one, GPU foundation, partnering with NVIDIA, AMD, Intel, and others to secure AI at the source. Two, hardware and infrastructure OEMs, securing AI factories such as Dell, HPE, and Supermicro, and novel AI operating systems such as Vast Data. Three, neoclouds and hyperscalers, securing where AI happens in the cloud across AWS, OCI, GCP, Azure, and inference disruptors such as CoreWeave, Nebius, and Caruso. Four, token factories, securing the use of frontier model creators like Anthropic, OpenAI, and Google Gemini. And five, AI applications and agents, securing AI native software and the agentic workforce. Not only do we secure the use of each of these companies' products, but we also secure nearly all of the companies themselves. We secure the world's AI future by securing the world's AI leaders. And three, we win because efficacy and precision matter more than ever. In cybersecurity, you simply cannot have a hallucination. You can't prompt twice. It's first time final. It's the difference between thwarting an adversary or experiencing a breach. Cybersecurity is a unique paradigm. Success for us and our customer is, did we stop a breach? We win because cybersecurity needs to be faster and more deterministic than ever before, and we uniquely deliver superior outcomes. Argentic SOC and AI technologies are transforming security. CrowdStrike's AI innovation is setting new adoption standards on the journey to delivering security AGI. Charlotte is our flagship agent, and now we have 10 other agents representing specific security skills and roles within security teams. Between Charlotte and our other agents, we can already see the mobilization of security's agentic workforce working hand in hand with human security professionals. Coming back to Charlotte, our agentic SOC workforce built from multiple models, allowing us to optimize from the latest and greatest LLMs. We couple industry innovation with our own AI expertise, training and models from security's richest data source, Falcon adversary, threat and security analyst training data. We saw Charlotte usage soar more than 6X year over year as ARR more than tripled. A thematic win was in a leading cloud software provider in an eight-figure Reflex transaction. The Reflex expanded the adoption of NextGen SIM and Charlotte. Their 30-day use of Charlotte tells a compelling story, achieving a 3x faster mean time to respond. Using the power of our domain-specific AI, Charlotte accelerates, streamlines, and democratizes security outcomes. Technology innovation is just one part of our success. Our results are also driven by our go-to-market innovation, creating the revolutionary Falcon Flex subscription model, which we now see mimicked across cybersecurity. The model transformed our discussions with customers to demand planning based on risk, data, attack surface, and overall platform capabilities. Let me share our Q4 Falcon Flex performance within the now $1.69 billion ending ARR cohort of Flex account value, growing greater than 120% year over year. We now have more than 1,600 customers who have adopted Falcon Flex and added more than 350 Flex customers in Q4. That amounts to nearly four new Falcon Flex customers each day of the quarter. The average Flex customers ending ARR is greater than $1 million. The proof of Falcon adoption success is in the Reflex. Customers are using what they buy and expanding their Flex commitments. More than 380 Flex accounts have already Reflexed, representing more than 23% of the Flex customer base, up from 5% in Q1. The average ARR lift after a reflex is 26% happening on average within seven months. And the platform adoption grows even further from there. We're now tracking the number of customers who are repeat reflexers. Nearly 100 customers have reflex multiple times. The multiple time reflex cohort now represents approximately 6% of total flex customers and over a quarter of all reflex customers. Our multiple time reflexers on average have an ARR lift of an additional 48% from their initial Flex subscription. In summary, Falcon Flex unlocks never seen before adoption for customers. Flex is now how we go to market. A key win includes a major enterprise software player that started with using one module, threat intelligence, and spending low six figures. Through Falcon Flex, this customer is now using 25 modules and spending $86 million in total Flex contract value with us. Flex is creating its own flywheel. Demand drives use, use drives more demand. Flex is the stage on which our platform solutions shine. Collectively, our next-gen identity, cloud and next-gen SIEM businesses grew more than 45% year-over-year, reaching more than $1.9 billion and ending ARR. Our next-gen identity business ended FY26 with more than $520 million of ending ARR, growing more than 34% year-on-year, a double-digit acceleration versus two quarters ago. Key drivers include our privileged account security solution, which grew more than 170% sequentially. Falcon Shield and the ARR grew more than 300% year over year, more than 5X since our acquisition of Adaptive Shield, as customers protect the rapidly growing agentic SaaS attack surface. Our ability to secure both human and agentic identities wherever they exist is rapidly turning CrowdStrike into our customer's identity secure control plane. A key identity win, an iconic department store selecting CrowdStrike over an SMB point product and a seven-figure deal driven by the ease of use of our ITDR and PAM solutions in a flex consolidation. While our next-gen identity business had an excellent quarter, we're most excited for what's ahead. We recently closed the acquisition of Signal AI. This is SG&L, bringing the power of zero-standing privilege for all identities to the Falcon platform. With Signal AI, CrowdStrike is delivering high fidelity, context-driven, real-time authorization to the market, enabling our customers to rapidly reduce their identity attack surface, even as they rapidly expand the number of identities within their organization. We're moving access from static point-in-time to real-time and redefining zero-trust. Access should be always on, granular, and dynamic. But we're not stopping there. Our recent acquisition of Seraphic turns any browser into a secure enterprise browser without impacting user behavior. The browser has become the front door for AI applications, and Seraphic meets human and non-human users where they are and where they're going, agentic browsers for real-time visibility and protection. Turning to our cloud business, where net new ARR growth accelerated for the second consecutive quarter and ending ARR grew more than 35% year over year. For the first time, our cloud business exceeded $800 million in ending ARR as our customers look to us to secure the infrastructure powering their AI future. Our unique ability to operate in runtime at scale continues to set us apart from the rest of the market. A key win in our cloud business was with a major enterprise data platform company who deployed Falcon Cloud Security in an eight-figure total deal value flex. After extensive testing, this account ripped out their existing provider for our runtime protection first approach, realizing the integrated benefits of CSPM, CIEM, CDR, and Overwatch threat hunting, which resulted in a 90% reduction in mean time to detect and respond for their cloud environment. Turning to our next-gen SIM business, where we delivered a record quarter, our next-gen SIM business grew over 75% year-over-year, delivering ending ARR of more than $585 million. NextGen SIM has proven itself a scaled market disruptor where our performance and cost advantages set us apart from legacy competitors. At the same time, our launch of agentic security workflows is powering the cybersecurity operating system of the future. With Falcom Onum, we're enabling our customers to connect data sources quickly and efficiently, resonating with both security and IT teams. A key win in the quarter was with a Fortune 500 retailer, highlighting our strength and momentum in the next-gen SIM space. In this seven-figure deal, we replaced the legacy SIM and its attached point product data pipeline. Falcon's fully native data pipeline and an expected 80% faster query performance was a game changer in helping this customer build out their agentic SOC. Rounding out our product portfolio, I want to touch on our endpoint and other AI-specific businesses. Amidst the backdrop of accelerating AI proliferation, our endpoint business accelerated for the second consecutive quarter. The endpoint is rapidly becoming the epicenter of AI usage, driven by the growth of technologies ranging from MCP servers to coding tools to localized LLMs. AI is the fastest growing attack surface on the endpoint. As of Q4, our sensors detected more than 1,800 distinct AI applications running on enterprise devices, representing nearly 160 million unique application instances across our customer base. And with the acquisition of Seraphic, we now give our customers even more control over their knowledge workers' usage of AI tools. Lastly, I want to touch on our recently launched AIDR offering. In just a short time, AIDR has become one of our most in-demand products, growing more than 5x versus last quarter, despite having only been available for a few weeks. AI adoption is moving faster than can be controlled, and our AI DR offering gives customers immediate visibility into their employees' usage of AI tools, including the specific models being used, as well as detections into potentially malicious or non-compliant usage. bringing model scanning, visibility, guardrails, and detections to AI usage positions CrowdStrike as a catalyst for enterprise AI adoption. Concluding the discussion on our platform solutions, Seeing is Believing, please reference our investor deck, which now includes a link to product demo videos showcasing AI innovation across the Falcon platform. Our partner go-to-market delivered beyond expectations this past year. We saw growing practices across EY, Accenture, Deloitte, HCL, WePro, KPMG, and Infosys taking shape focused on next-gen SIEM migrations. Our MSSP business also continues to grow at a rapid pace. In just over three years, we've gone from a sub-$100 million MSSP business to more than $1.3 billion spanning market-leading partners like Kroll, Pax8, and NinjaOne. Finally, our hyperscaler leadership continues to differentiate CrowdTrack from every other cybersecurity player. This past year alone, we did nearly $1.5 billion of total contract value on the AWS marketplace, growing nearly 50% year over year. Then, a few weeks ago, Satya Nadella and I spoke to CrowdStrike's go-to-market team together. We are now open for business on the Microsoft Marketplace, and customers can use their Microsoft Azure consumption commitment dollars on Falcon. This is a watershed moment reflecting a clear evolution of how our companies see each other and how Microsoft and CrowdStrike are working together to make the world a safer place. In summary, we didn't just have a great partner year, we built an ecosystem to win the next decade. Closing my remarks today, I'm proud of the team and our partners for executing a terrific FY26. Here are my key takeaways as I look at the business today and into the future. First, CrowdStrike is an AI adoption accelerator. Our customers are safely and securely using more than 1,800 distinct AI applications on their endpoints, which would not be possible without CrowdStrike. Second, AI use necessitates AI security. Every enterprise deploying AI needs an independent protection layer for visibility, compliance, and enforcement. As AI adoption grows, CrowdStrike becomes even more of a necessity to these organizations. And third, our data moat creates a structural advantage. Delivering cybersecurity at scale requires more than a prompt. It requires expert label telemetry from our global sensors, MDR analysts, and elite incident responders. It is a structural advantage no LLM provider can replicate. In addition, agentic cybersecurity requires inline prevention as well as real-time remediation. Since the founding of CrowdStrike, we created an AI-native platform. Enterprises have trusted us to help them safely navigate market transitions like digital transformation and cloud migration. The AI revolution is now upon us, and just like prior market transitions, adoption of AI will be secured by CrowdStrike. Thank you for your trust. I'll now turn the call over to Bert Podbear, CrowdStrike CFO.

Thank you, George, and good afternoon, everyone. As a quick reminder, unless otherwise noted, all numbers except revenue mentioned during my remarks today are non-GAAP. We delivered exceptional fourth quarter results and a record finish to the year, exceeding expectations across all guided metrics driven by continued flex and reflex momentum and strong organic growth across the platform. FY26 was a milestone year for CrowdStrike. For the full fiscal year, ending ARR growth accelerated to 24% and net new ARR accelerated to 25% year over year. We delivered this record top line performance while exceeding our profitability and free cashflow targets. Operating income reached a record $1.05 billion, or 22% of revenue, and we delivered record free cash flow of $1.24 billion, or 26% of revenue. The combination of growth, scale, profitability, and cash flow puts CrowdStrike in rare error. The strength of our platform and the significant market opportunity ahead further reinforce our conviction in the path to achieving our future growth milestones of $10 and $20 billion of ending ARR, as well as our target profitability model. Our full year momentum was punctuated by an exceptional fourth quarter. We achieved record net new ARR of $330.7 million, up 47% year over year, and well ahead of our stated expectations, driving ending ARR to $5.25 billion. Our fourth quarter results showcase the success of our flex-led go-to-market strategy. Momentum was broad-based across customers of all sizes, from enterprise to downmarket and MSSPs, achieving another record quarter in our corporate business. Customers continue to leverage Falcon to consolidate their security needs and lower their total cost of ownership, resulting in higher retention rates over the prior quarter and strong module adoption rates. As of Q4, 50% of subscription customers are now using six or more modules, 34% are using seven or more, and 24% are using eight or more modules. Our gross retention rate remained high at 97%, and our dollar-based net retention rate increased to 115% in the quarter. At our more than $5 billion ending ARR scale, these retention rates highlight the durability of our customer relationships and our ability to both retain and expand our customer base. Our strong business momentum and Q1 record pipeline entering FY27, which grew 49% year over year, gives us conviction in our ability to deliver profitable growth throughout FY27 and beyond. As we lapse the one-year mark from the end of our highly successful CCP program, we have seen that accounts that took CCP deals have gross and net retention rates higher than the company average, have shown a strong trend of early renewal, and have already expanded more than twice the total $80 million of ARR value we provided. Moving to the P&L, total revenue exceeded our guidance range and grew 23% over Q4 of last year to reach $1.31 billion. Subscription revenue grew 23% over Q4 of last year to reach $1.24 billion, and professional services revenue remains strong at $63.1 million, up 26% year-over-year, driven by the elevated threat environment. The geographic mix of fourth quarter revenue consisted of approximately 66% from the U.S. and 34% from international geographies, with both EMEA and APAC year-over-year revenue growth accelerating compared to Q3. We saw broad strength across all our major geographic markets, with the U.S., Japan, Europe, the Middle East, and Africa all exceeding expectations. Total Q4 non-GAAP gross margin was a record 79% and Q4 non-GAAP subscription gross margin was a record 81% of revenue, primarily as a result of continued cloud optimization. Fourth quarter non-GAAP operating income was a record $325.8 million and non-GAAP operating margin was 25% exceeding our guidance. The outperformance was driven by our strong top-line performance, gross margin improvement, and sales execution, underscoring our commitment to durable, profitable growth as we continue to balance strong net new ARR growth and operational excellence. In Q4, we delivered positive gap net income attributable to CrowdStrike of $38.7 million. Non-GAAP net income attributable to CrowdStrike was a record $289.1 million, or $1.12 on a diluted per share basis, exceeding our guidance. Moving to cash, our cash and cash equivalents increased to $5.23 billion. We generated record cash flow from operations of $497.9 million and record free cash flow of $376.4 million, or 29% of revenue. Our FY27 outlook reflects our confidence in the durability of CrowdStrike's growth trajectory, profitability expansion, and cash flow generation. The fundamental tailwinds, platform consolidation, AI proliferation, and flex adoption are continuing to gain momentum. As George mentioned earlier, we see the AI revolution creating two disparate groups of software companies. One, those who are now existentially vulnerable, and two, those who will thrive. CrowdStrike is thriving amid the AI revolution as we not only leverage AI within our entire platform, but our platform helps organizations adopt AI safely and securely. The AI revolution represents a new and generational growth opportunity for CrowdStrike as accelerating AI adoption necessitates security built for this next era of technology. As AI adoption accelerates, combined with our record Q1 pipeline and continued platform consolidation momentum, we have strong conviction to once again raise our FY27 ARR outlook. The outlook we are providing today includes the acquisitions of Signal and Seraphic, both of which closed in February and are expected to contribute a combined $5 to $8 million of acquired net new ARR in Q1. We are assuming minimal organic contribution from these acquisitions in the remaining quarters of FY27 as we remain committed to natively integrating their capabilities into the Falcon platform before fully scaling go-to-market consistent with our proven M&A strategy and brand promise. We expect FY27 net new ARR seasonality to remain unchanged relative to FY26, with approximately 41% in the first half and 59% in the second half. Beginning in Q1, we are changing the sales commission amortization expense period from four to five years to reflect our longer customer relationship periods. We expect this change to benefit non-GAAP operating income by $85 to $95 million in FY27, partially offset by additional operating expenses resulting from the integration of our recent acquisition of Signal, Seraphic, Onum, and Pangea of $74 to $80 million. For a detailed breakout of the acquisition impacts to our guidance, please refer to the guidance slides of our Q4 FY26 earnings presentation available at ir.crowdstrike.com following our prepared remarks today. Additionally, we remain confident in our previously provided assumptions for FY27 partner rebates to represent approximately 0.8% of total revenue. Moving to interest income, based on expected market rates and cash outlay from our recent acquisitions, we are assuming interest income of $160 to $170 million for FY27. Moving to cash, at the midpoint of our guidance, we expect free cash flow margin to be approximately 33% in Q1 and at least 30% for the full fiscal year. In FY27, we expect the seasonal mix of free cash flow dollars between the first and second half of the fiscal year to be 43% in the first half and 57% in the second half, with Q2 remaining our seasonally lowest quarter. We anticipate capital expenditures as a percentage of revenue to be 7% to 8% in FY27, with these investments more weighted to the first half of the year. Finally, as of March 2nd, we repurchased approximately 144,000 shares following our fiscal year end and had approximately $950 million remaining under our current share repurchase authorization. We will remain opportunistic in returning capital to shareholders as we remain focused on capturing the significant growth opportunities ahead of us. For the first quarter of FY27, we expect annual recurring revenue to be in the range of $5.502 to $5.504 billion, inclusive of the estimated acquired ARR and reflecting a year-over-year growth rate of 24%, translating to net new ARR of $249 to $251 million, reflecting a year-over-year growth rate of 29 to 30%. We expect total revenue to be in the range of $1.360 to $1.364 billion, reflecting a year-over-year growth rate of 23% to 24%. We expect non-GAAP income from operations to be in the range of $308 to $310 million, and non-GAAP net income attributable to CrowdStrike to be in the range of $275 to $277 million. We expect diluted non-GAAP net income per share attributable to CrowdStrike to be approximately $1.06 to $1.07, utilizing a 21.0% tax rate and weighted average share count of approximately 259 million shares on a diluted basis. For the full fiscal year 2027, we expect annual recurring revenue to be in the range of $6.466 to $6.516 billion, reflecting a year-over-year growth rate of 23% to 24%, and translating to net new ARR of $1.213 to $1.264 billion, reflecting a year-over-year growth rate of 20% to 25%. We expect total revenue to be in the range of $5.868 to $5.928 billion, reflecting a growth rate of 22% to 23% over the prior fiscal year. Non-GAAP income from operations is expected to be between $1.422 and $1.462 billion. We expect fiscal 2027 non-GAAP net income attributable to CrowdStrike to be between $1.241 and $1.271 billion. Utilizing a 21.0% tax rate and approximately 260 million weighted average shares on a diluted basis, we expect non-GAAP net income per share attributable to CrowdStrike to be in the range of $4.78 to $4.90. George and I will now take your questions.

Thank you. If you would like to ask a question, please click on the raise hand button, which can be found on the bar at the bottom of the Zoom window. You may remove yourself from the queue at any time by lowering your hand. When it is your turn, you will hear your name called and receive a message on your screen notifying you that you may unmute yourself. In the interest of time, participants will be limited to one question. Our first question comes from Joe Gallo at Jefferies. Please unmute your line.

Hey guys, thanks for the question. Really nice results and guide. George, securing AI is a huge market opportunity. Would love your thoughts on one, when securing AI materializes to ARR meaningfully for you, is that a fiscal 27 story? And then two, how much of the new market opportunity goes to pure play cyber vendors? In cloud, people certainly use the hyperscalers for some of their security needs. So just curious how much of that new AI market goes to pure play cyber vendors like yourselves. Thank you.

Yeah, thanks, Joe. Obviously, we're still in the early innings, but we continue to ramp in protecting AI, and it's happening today in terms of ARR growth. And we're obviously blown away of what we've seen with Pangea and AIDR. It was up 5x over a quarter from when we acquired the company. So we're really excited about that. The other piece to keep in mind is that not only is it going to drive AI DR growth, but we're going to see growth in protecting attack services like cloud. We're going to see growth in next gen SIM. We're going to see growth in other areas that all touch AI. So from that standpoint, as I said, early innings, but lots of opportunity for us. And I think with regards to hyperscalers, I'm glad you asked the question because when I started the company in 2011, we pioneered cloud delivered security. And over the years, as cloud was maturing, I heard a lot about the hyperscalers actually providing all the security services. Well, that didn't happen. In fact, as you've seen with our results and our partnership with AWS as an example, we transact billions through these platforms and they're a great partner, and there's a lot more exposure in the cloud. So we see the same thing happening with what I call AI hyperscalers. being able to actually partner with these hyperscalers, leveraging AI and their LLMs, and also being able to leverage the technology to provide better outcomes within the platform of record for our customers, which is felt.

Thanks, Joel. Operator, next question.

Our next question comes from Rob Owens at Piper Sandler. Please unmute your line.

Great. Thank you for taking my question. George, you talked about the 10 other agents that you guys have besides Charlotte and some of the traction that CrowdStrike's seeing with these security agents. But can you provide color on some of the recent acquisitions? When we look at agentic security more broadly, where are customers in their journey? And do you see identity as maybe one of the main hurdles for them getting agentic deployments at scale? Thanks.

Yeah, Rob, identity is one of the biggest threat vectors right now that we see. In fact, one of our latest threat reports, 80% of the breaches are non-malware based, right? So a lot of it is around identity. And between the identity stack that we've built over the years, again, we got into identity security in 2020. We built that out. It's a big business. And now really with the addition of Signal AI, this is, in my mind, game-changing technology. to have zero standing privileges, to be able to protect non-human identities and human identities in a much more modern stack than anything else that's out there in the market. It's a perfect fit to CrowdStrike in our platform. You combine that then with something like Seraphic in browser security. So now you're able to protect the front door of really where these attacks happen, plus where AI takes place. and you add the identity layer to that. And again, we're providing something that we think is going to be very unique in the industry. And of course, Pangea, which is our AIDR product. When you look at EDR, in today's market, EDR is a must. It's a compliance mandate. And we believe that EDR will be a similar opportunity, sorry, AIDR will be a similar opportunity to EDR in the coming years, driven by compliance and the need to accelerate protecting AI.

Thanks, Rob. Operator, next question.

Our next question comes from Fatima Bulani at Citi. Please unmute your line.

Good afternoon. Thank you for taking my question. George, I wanted to direct this to you. I had a question about the next generation SIM opportunity. There are very... much percolating fears that the open-ended SOC modernization, share capture opportunity that had thus far been pretty open-ended is perceived to maybe be at more risk from what the frontier labs may or may not be pursuing. So maybe in the context of the opportunity ocean commentary in your prepared remarks, can you help us with a deeper explanation and understanding of what your current nature is of relationship, partnership, and integration is with the frontier labs and the frontier models? And how should we very critically think about the durability of your moat from any potential commoditization from an architectural or technical or frankly, any other relevant contextual standpoint? Thank you.

Yeah. Yes, great question. So when you look at what we built, and I talked about this in the prepared remarks, we're a net data creator, right? We have telemetry that we create from our agents and from other parts of our platform that is unique. We put it into various data stores, including NextGen SIM and our threat graph, and we're able to understand the threats in real time with real-time prevention. That's vastly different than what the LLM providers and frontier models do. Now, certainly, We leverage the frontier models. We have our own small language models. We have our own curated data. So I think we get the best of both worlds, but we're doing this in a platform that is driving consolidation that we've got millions and millions of workflows on already, and it becomes very, very sticky. So from the standpoint of our next gen SIM, you've got to look at the next gen SOC opportunity and what we're doing with Charlotte and the agents that we've created, where we're driving meaningful change in the SOC. We're overall driving down costs and getting better outcomes. And we're doing it in a compliant way. To be a security vendor, you have to have trust. Customers are driven by compliance. And we are the epicenter of creating this data. So what we also are open to is having an open model. We have customers that create their own agents, that leverage our technologies, that leverage our MCP services. And this is part of having an open platform, which is why our customers Love CrowdStrike.

Thanks Fatima. Operator next.

Our next question comes from Saket Kalia at Barclays. Please unmute your line.

Okay, great. Hey guys, thanks for taking my question here. Great finish to the year. George, maybe for you, you know, the cloud security business, I think is the biggest piece of kind of that three platform product group, if you will. And it's continued to add a consistent amount of net new ARR dollars over the last few years, which has been great to see. Maybe the question is, how do you see the competitive environment in cloud security right now? And how do you think about the longevity of the growth in that market as you look out into the future?

Well, when we look at the cloud market, I couldn't be prouder of our execution and the products that we brought to market. One of the areas that we focused on, as you know, for a long time, is runtime protection. And that's the technology that really is focused on stopping breaches. And I think customers have realized just by having the ability to understand sort of exposures doesn't mean you're going to stop the breach. So with our CSPM technology, with a lot of the other technologies that we have acquired, like Falcon Shield, it has become an extremely potent offering for our customers. And again, why is it resonating? One, the technology works. Two, it all works together, and we're able to drive down cost complexity and get a better outcome, which is stopping the breach. It's not just about reporting on some exposures. It's about understanding the overall control plane in the cloud and being able to protect it. And we're giving the customers what they want, and that's the right outcome at a much lower cost than the competitors that are out there. So I think that's why, in a nutshell, you're seeing the results in our cloud business. Thanks. Operator, next question.

Our next question comes from Brian Essex at JPMorgan. Please unmute your line.

Great. Good afternoon. Thank you for taking the question and congrats on some nice results. And Bert, congrats on the return to gap profitability. Really good to see. Maybe a quick question for you, George, on identity. Great to see the acceleration there. Could you unpack that business a little bit and help us understand? I mean, obviously... Identity was one of the segments that was part of the CCP incentive plans that you guys were pursuing. How much of the resurgence and growth there on the identity side is, I guess, renewal of CCP or flex deals versus net new kind of emerging identity product? It would be great to get a feel underneath the covers there.

Well, it's one of the modules everyone wanted, and certainly was a fan favorite in days of CCP. So we're seeing success from that. And as I have mentioned many times, once a customer engages with a module, there's an extremely high percentage that they're going to continue to renew that. So we continue to see that. But I think overall, you have to look at the threat landscape and the fact that identity is really one of the, you know, compromised identities, really one of the number one drivers of breaches, and customers are being, are focused on being able to protect those identities, both in the cloud and on premise, if you will, and there's a massive compliance need for something like ITDR. So we're getting the benefit from the platform consolidation piece, and we're also getting the benefit from having a very mature stack now. Not only can we prevent these sort of breaches with ITDR, but you include now Falcon Shield, protecting SaaS identities. And then you kind of look at what we've done with our PAM offering. It's been very, very well received by our customers. So I think that's why you're seeing our opportunity continue to grow there. And as I said earlier, we couldn't be more excited about the Signal AI acquisition that we just completed.

Thanks, Brian. Operator, next question.

Our next question comes from Brad Zelnick at Deutsche Bank. Please unmute your line.

Great. Thanks so much for taking the question. George Burt, congrats on a really strong finish to the year and impressive ARR guidance out of the gate for next year, implying 22.5% net new growth, which is above your prior commentary and now off of even a higher base. After such a strong fiscal 26, this obviously stands out in a very good way. Can you talk about the building blocks that get you there and especially how to think about the renewal opportunity that you have visibility to and the expansion opportunity given just how much you can address today versus when many of those customers might have last transacted? Thank you.

Hey, Brad. Thanks for your comments. And I'll give you an insight into how we thought about the guide. I mean, first and foremost, it starts with the strong momentum that we're seeing in business. We saw in Q4 broad-based demand from all sizes of businesses, from all business sizes, whether it was enterprise all the way down to MSSPs. And then that rolled over into Q1 when we talked about the record Q1 pipeline, which grew 49% UOB. Then as George mentioned, Proudstreck is thriving in this AI revolution. We are not only leveraging AI within the entire platform, but our platform also you know, helps organizations use AI securely. And that's the key. And then I think we're still benefiting from the consolidation tailwinds. Customers continue to seek the best outcomes, you know, at the lower TCO, which we're helped to provide. And the consolidation really comes from, you know, the strength of our platform. You know, you look at cloud, next-gen identity, and next-gen, you know, SIM collectively. We posted a record net new ARR resulting in 1.9 billion in ending IRR, up 45% year over year. And look at Endpoint. They accelerated for the second straight quarter on the heels of AI-driven demand. And then you tag onto that the success that we saw in Flex. We added over 350 Flex customers in Q4. The average Flex customer ending IRR that was over a million bucks, those guys have adopted nearly 10 modules, well over our company average. And then Reflex, you know, we have greater than 380 Reflex customers. The average time for a Reflex is seven months. 100 customers Reflex multiple times with the average ARR lift post Reflex for this cohort was 48%. These are really, really great numbers for us. And so you combine all those things and other things gave us, you know, the confidence to be able to come out with the guy that, you know, that we came out with for that new ARR for next year. Great, thanks.

Next question, please.

Our next question comes from Matt Hedberg at RBC. Please unmute your line.

Great, thanks for taking my question guys. Congrats from me as well. George, I wanted to ask about pricing. Obviously Flex and Reflex is doing extremely well, but there's obviously a lot of concerns that I think we're all seeing out there about potentially fewer knowledge workers seats in the future due to AI. The flip side of that is way more agents. So I guess two part question. First, how do you think about agent pricing? And second, how well does Flex position customers for this potential mix shift? And could consumption become a bigger element to the growth algorithm?

Well, when we look at the overall threat landscape and how we go to market, obviously we protect endpoints and cloud workloads. You have to look at those in totality. But now we have the opportunity to protect AI agents. And industry stats is that each knowledge worker will have 90 AI agents. So even if the mix moves around, we have a massive opportunity to protect AI agents. We have a massive opportunity to protect all of these AI cloud workloads. And from what I've seen in different technology shifts, we tend to create more opportunity as technology advances, not less opportunity. So that's the way we would view that piece of it. In terms of Flex, look, it's been a smashing success. There's a reason why so many other companies sort of copied our model or tried to copy it. Customers like it. You can see the success in the numbers. And it just makes it so much easier to, you know, help customers very quickly. You look at the acquisitions we did, they were available immediately to customers as soon as the deal closed, you know, and or we went to a GA, but we didn't have to go through another procurement cycle. So that's really the model that we're leading with going to market this year. And we couldn't be more excited about it. And I think the flex results speak for themselves.

Thanks, Matt. Operator, next question.

Our next question comes from Roger Boyd at UBS. Please unmute your line.

Great. Can you hear me okay?

Yep, go ahead.

Okay, great. George, I want to go back to your comments on why you're best positioned to benefit from AI SOC. And I appreciate your comments around your approach of tech plus human expertise and the floggle that creates giving you an advantage in terms of operationalizing this technology. I think it's also maybe the lowest friction way for some enterprises to benefit from some of this emerging tech. And I guess with that in mind, what sort of growth are you seeing with some of the managed service offerings like Complete and Overwatch relative to the acceleration you're seeing in the overall endpoint business right now? Thanks.

Yeah, those businesses continue to grow extremely well and When you look at why, it's because we're getting the right outcome that customers need. One of the things that we track is meantime to detection, meantime to remediation. We're absolutely best in class for customers. It's very difficult for them to replicate what we do. Why? Because it's the network effect, right? It's the full view that we see in over 176 countries where we actually have our software operating. when you're at the tip of the spear in seeing the activity through our technology, the tip of the spear in responding to some of the biggest breaches in the world, combined with our threat intelligence, you've got the right understanding and the right DNA to create the right technology and outcome for customers. So that's what we continue to see. Obviously, they're leveraging our technology and we're providing the automation, but there are many, many customers who don't have the skills or expertise to get the outcomes that we provide, which is stopping the breach, identifying these sort of threats, remediating much faster than they ever could, and ultimately giving them the best outcome for a cost that it's very hard to replicate.

And that's why it's been a fantastic success for us. Thanks, Roger. Operator next.

Our next question comes from Gabriela Borges at Goldman Sachs. Please unmute your line.

Hey, good afternoon. Thank you, George. I really appreciated your description on what LLMs are not. And as it pertains to the RHLF commentary, I want to ask you the opposite question. What do you think the role is of Anthropic in cybersecurity use cases, whether it's on the coding side or the pen testing side, or even the data aggregation side? What role do you think they should have? Thanks.

I mean, I guess I'll talk just in general terms for LLM providers. And they're certainly good at a lot of things and can help sort through lots of data very quickly. And it's something that, you know, the security industry and most security players are leveraging. You know, in our particular case, we certainly leverage technology like that, but we've built our own bespoke models depending on the module and trained in a certain way with the vertical expertise to get the right outcome. Here's what you have to remember is that What customers want is real-time prevention. You have to be in line. You have to be able to get the data in milliseconds, and you have to make a decision. That's not the case with an LLM. There's many great things it can do, and it's certainly fantastic technology, but it's not stopping any breaches in real time. And that's one of the areas, I think, again, where we shine. So from my perspective, we continue to work with them. We continue to partner with them. and amazing technologies, and I think it really is going to be the better together approach as the industry goes forward. Customers want to leverage their own models. We leverage Numotron with Nvidia. It's an unbelievable time to be in tech, and you're going to have agents talk to agents, and our agents talking to customer agents that are inside their network. But at the end of the day, as the platform system of record for security, This is where you want to be. It is a very sticky place. We create the data, we curate the data. And again, we want to be open and work with any of the models that are out there. And we want to meet our customers where they have AI and leverage their technologies as well as ours.

Great. Thanks, Gabriella. Operator, next question.

Our next question comes from Todd Weller at Stevens. Please unmute your line.

Yes, good afternoon. Appreciate the question. George, this is the second quarter of endpoint acceleration. Can you talk about what's driving that, how you think about the durability of the growth acceleration? And then related to this, there's been a lot of action in the market recently around browser security. Do you see that as a new category or as an extension of endpoint? Thank you.

Well, when you think about endpoint acceleration, it's a simple answer, A.I. You know, we've talked about it and we're showing it in the results. And I mean, one of the biggest thing you look at, you know, open clock comes out, our customers immediately are looking at all of our technologies to be able to identify it, put controls around it and make sure that they can leverage these technologies in an efficient and compliant way. So that's where AI meets, the rubber meets the road is at the end point and that's how people consume it. So that's where we're seeing it. And then you combine that with, browser security, that's really the front door now for how people are interacting with AI models and LLMs and the various technologies that are out there, as well as how threats get into the environment. So you combine that with our agent and the ability to have protection across any browser, not just ask an organization to switch their browser, we can protect any browser that's out there, we tie it into our identity stack, and I can tell you the feedback from our customers, as soon as we made the announcement they were looking And how fast can we get this technology? Because they know on our platform it's going to be additive for them. And we're excited about the category and the great company in Serafic that we acquired. Thanks, Todd.

Operator, next question, please.

Our next question comes from Dan Ives at Wedbush. Please unmute your line.

Yeah, it's a great, great quarter as always. So, George, I was going to say, what, when it comes to Anthropic and Klon, and obviously all the worries out there, and you hit it on the Q&A, to some extent, can't this also be a huge benefit to you as it just further spreads the word and customers realize essentially what they don't have and you do have, especially with the Microsoft partnership at the same time? Thanks.

Yeah, you know, Dan, as I said in my prepared remarks, AI is a talent for us, and I mean, I take a simple approach is, do we have more AI in the next year or two or five years? And for me, the answer is absolutely yes. And if that AI is being deployed with AI agents, you're going to need protection. You're going to need something like AI DR. You're going to need identity security. You're going to need browser security. You're going to need compliance around this. And that's the way we look at it. And again, we leverage the technologies that are out there. Why wouldn't we? and we have our own unique IP and our own model. So we get the best of both worlds. And there's many things that, you know, customers are looking for in these workflows and sort of data curation and knowledge in the security industry that you can't just get from a general LLM model. So, you know, I've talked about this before. It is a great opportunity to work together and that's really what we're focused on.

Thanks.

Thank you. This concludes today's question and answer session.

All right. So thanks everyone for their time today. We appreciate your continued support and look forward to seeing you at our upcoming events. Thanks so much.