CyberArk Software Ltd.

will be a question and answer session. If you would like to ask a question during this time, simply press star followed with the number one on your telephone keypad. If you would like to withdraw your question, press star one again. Thank you. I would like to turn the call over to Srinivas VP of Investor Relations. Please go ahead.

Thank you, operator. Good morning. Thank you for joining us today to review CyberArk's strong first quarter 2025 financial results. With me on the call today are Matt Cohen, our Chief Executive Officer, and Erica Smith, our Chief Financial Officer. After prepared remarks, we will open up the call to a question and answer session. Before we begin, let me remind you that certain statements made on the call today may be considered forward-looking statements which reflect management's best judgment based on currently available information. I refer specifically to the discussion of our expectations and beliefs regarding our projected results of operations for the second quarter, full year 2025, and beyond. I also refer to our expectations and beliefs regarding the integration of NFI and Zilla Security into our operations. Our actual results might differ materially from those projected in these forward-looking statements. I direct your attention to the risk factors contained in the company's annual report on Form 20F, filed with the U.S. Securities and Exchange Commission and those referenced in today's press release that are posted to CyberArk's website. CyberArk expressly disclaims any application or undertaking to release publicly any updates or revisions to any forward-looking statements made herein. Additionally, non-GAAP financial measures will be discussed on this conference call. Reconciliations to the most directly comparable GAAP financial measures are also available in today's press release, as well as in an updated investor presentation that outlines the financial discussion in today's call. A webcast of today's call is also available on our website in the IR section. With that, I would like to turn the call over to our CEO, Matt Cohn.

Thanks, Sri, and thanks everyone for joining the call today. We're excited to kick off 2025 with a strong first quarter that exceeded all of our guided metrics. This performance highlights not only the critical role identity security plays in the broader cybersecurity landscape but also our team's unwavering focus on excellence in execution. In Q1, we achieved total ARR of 1.215 billion, revenue of 318 million, an 18% operating margin, and generated 96 million in free cash flow, a great quarter all around. Our results continue to demonstrate that identity is the new perimeter and that demand remains robust. With more than 90% of organizations experiencing identity-related breaches, security leaders recognize that identity security is a mission-critical imperative. CyberArk is at the forefront of this imperative, offering the most comprehensive and most effective platform for securing every identity, human, machine, and now AI. Before I dive into the quarter, let's touch on the broader macro environment. As you can see from our results, demand for our solutions is increasing and we continue to deliver strong growth. Despite ongoing macro uncertainty, we have not seen any impact on our business. Given the elevated threat landscape, cybersecurity remains a top priority for organizations, and within that, identity security is a non-distressionary investment. It is a foundational to business continuity, customer trust, and regulatory compliance. Of course, we are carefully monitoring the economic situation and its potential impact, and as we have always done, if we see any negative trends, we will be disciplined in our execution and make the necessary strategic adjustments. We have successfully navigated similar conditions before by staying close to our customers and infusing even more rigor into our -to-market execution. Importantly, we believe times like these push customers towards our platform and consolidation, and specifically, consolidation of trust. Our confidence in the underlying demand trends was further reinforced recently with thousands of customers in attendance at the recent Impact and RSA conferences. At these conferences, I had the opportunity to engage directly with hundreds of customers and partners in -on-one meetings. The feedback was clear and consistent. Identity security continues to be a top spending priority. Organizations are actively seeking to consolidate fragmented security tools, modernize legacy systems, address the growing challenges of machine identities, and get advice on how to integrate security from day one into their eugenic AI initiatives. The level of strategic discussions we are having with the C-suite at our customers and prospects has never been more constructive and underscores the growing demand for our unified identity security solutions. I come away from these events more confident than ever in our vision and ability to win and drive long-term, durable growth. I want to center our discussion today around three key pillars that anchor so many of these -on-one conversations I have been having. First, the identity security imperative. Second, our unified platform for every identity. And third, our relentless innovation. Starting with the identity security imperative. As I mentioned at our impact conference last month, we are living and operating in an exponential era, an age where the speed of change, the scale of threats, and the complexity of digital ecosystems are compounding at a pace we've never seen before. The threat landscape continues to intensify with state-sponsored actors, cyber criminals, and emerging threats like AI-driven exploits increasing in both frequency and sophistication. Identity is the connective tissue of every digital interaction across every user, system, cloud, and application, making it foundational to any modern cybersecurity strategy. With identity at the center of virtually every breach, it's crystal clear that if you don't have a strong identity security, you simply don't have security at all. We are seeing the identity security imperative proliferate across the three different identity groups that our platform is purpose-built to protect, human, machine, and AI. For humans, privileges have proliferated across the entire spectrum of identities, including IT admins, cloud ops, developers, and SaaS admins. In today's dynamic work environments, every employee interacts with sensitive data or critical systems. Identity security requires us to reimagine privilege as a dynamic, contextual, and tightly controlled concept delivered across the workforce without friction. We're bringing layered, in-depth defense to every human identity without compromising user experience. Applying privilege controls against all identities is among the most complex cybersecurity challenge, and our deep expertise and leadership position sets us apart from the competition, which you see in our results. When it comes to machine identities, a year ago, you heard us talk about a 45 to one ratio of machine to human identities. Today, it's over 80, and that number is still rising rapidly. These machine identities are granted access to critical infrastructure and sensitive information, yet they often operate without oversight. Without an identity-first approach to securing machines, organizations leave a massive blind spot in their defenses. Identity security is the only way to bring visibility, control, and governance to this rapidly growing attack surface. With the addition of NFi, our machine identity solutions are setting a new standard on how to address this challenge. And turning to AI, we are seeing AI everywhere, embedded in organizational workflows and opening the door to new use cases. It's challenging how privileges are assigned, creating new identities, and becoming a force multiplier for both defenders and attackers. The need to secure AI agents, both autonomous and human-directed, is becoming increasingly top of mind. And as we dive deeper into the depths of agentic approaches, it's increasingly understood that securing AI agents is an identity security problem, not a data problem. The identity security imperative is clear. Rise to meet the exponentially increasing threat landscape by securing every identity with the right level of privilege controls. Which takes us to our second pillar, our unified identity security platform. Our platform starts with the idea that discovery and context is critical. Understanding what identities exist across human, machine, and AI, their associated access rights, risk profiles, and appropriate privilege controls is foundational to any effective identity security strategy. Once discovered and onboarded, applying industry-leading privilege controls is the most essential step and cornerstone of our differentiation. Privilege controls that cover credential management, authentication management, session management, and entitlements management are the secret sauce of our platform and create a deep competitive mode against all competitors. Next comes policy automation, which is also crucial. Given the scale and scope of modern identity security, it's no longer enough to merely impose policies. They must be automated. We offer automated enforcement of contextual security policies to eliminate manual overhead, reduce time to value, and support rapid scalability across complex environments. Along with policy automation, you need to automate life cycles, which is the ability to onboard and off-board dynamically provisioned entitlements and provide -in-time access, with the goal of streamlining security to reduce risk and ensure continuous compliance. And lastly, governance and compliance are essential for meeting the growing oversight, both within organizations and increasing regulatory standards being imposed by government organizations. As we'll talk about later, with Zillow's modern IGA, we are setting out the free organizations from the longstanding challenges of legacy IGA. These components are the building blocks and the unique differentiators of our platform. They are the blueprint for how we talk with our customers and partners. More importantly, they enable us to deliver measurable customer outcomes, reducing cyber risk, strengthening business resilience, satisfying audit and compliance, all while increasing efficiency and automation. This is why, while customers may come to us hoping to solve one use case, instead, they often expand to secure additional identities across our solutions and consolidate on our platform over time. Moving on to our third pillar, which is innovation, at Impact, we introduced new solutions and capabilities across human, machine, and AI identities. And I wanna highlight a few of them one more time today. For securing human identities, we announced the availability of Zillow provision and comply modules. Since we closed the acquisition, customer feedback has been overwhelmingly positive, especially around how CyberArk and Zillow can simplify access reviews and automate provisioning across modern environments. Both customers and partners recognize the powerful combination of having modern IGA on our platform and the synergies we are confident we can realize. On the machine identity side, we announced our secure workload access solution, which combines modern workload identity management with CyberArk's secrets management capabilities for the industry's first and most comprehensive protection for all non-human identities that matter, giving security teams visibility and control throughout the machine identity lifecycle. I did wanna pause to quickly mention another key development in machine identity security around the lifespan of certificates. The Certification Authority Browser Forum, which sets guidelines for certificate life cycles, recently voted to significantly reduce certificate lifespans from 398 days to just 47 days. Major industry players, including Apple, Google, and Microsoft supported this change, emphasized the growing need for automated management of short-lived certificates. In an increasingly complex security environment, this is top of mind for our customers. At the recent RSA conference, this industry change drove more traffic to our booth than any other topic. Customers are realizing that the time to get this part of the machine identity security under control is now. The final major innovation we talked about was in the field of agentic AI. Agentic AI sits at the intersection of human and machine identity security. AI agents are machine identities that act like or on behalf of humans, proliferating at machine scale, getting access to and granting privileges over critical infrastructure. As a result, they will require the same security principles as human identities, and soon, billions of AI agents will require robust access controls, governance, and privilege management frameworks. To address the security challenges of AI agents, we introduced our secure AI agent solution, which integrates our platform capabilities with AI specific discovery and context, privilege controls, policy automation, lifecycle management, and governance. We expect this solution to be widely available to customers later this year. Additionally, we announced the strategic partnership with Accenture, integrating our identity security platform with Accenture's AI refinery. Together, we'll offer customers out of the box security for AI driven agents, ensuring secure adoption of emerging AI technologies at an exponential scale. Beyond these highlighted announcements, we also launched major innovations across workforce, IT, developer, and machine solutions that deliver incremental value and real world security controls to meet the demands of the current and future threat landscape. The product and engineering team at Cybrar continues to amaze me in their ability to lead the market. As I said, Q1 was a great way to start the year, and I did wanna quickly highlight just a few deals from the quarter to illustrate how we are delivering valuable customer outcomes across our platform, as well as an early Zillow deal. And a deal that showcases the power of our full platform, a leading US enterprise software company replaced a competing PAM vendor, prioritizing Cybrar's ability to deliver a complete identity security platform. They are boldly focused on -in-time access and zero spending privilege to secure IT and developers, and a complete solution for their machine identities in a multi-figure, six-figure ACV deal. In another full platform deal, focused solely on modern use cases, a leading US healthcare company wanted to secure modern cloud workloads for developers, protect their entire workforce, both the user and at the endpoint, and secure machine identities with Secrets Hub in another -six-figure ACV add-on deal. We continue to see great momentum with VentiFY and this quarter, a Fortune 100 financial services company, who is a long-time Cybrar customer on the human identity side is now deploying all of our certificate lifecycle management and PKI offerings in a competitive, -six-figure ACV deal. And in a great VentiFY deal that demonstrates our cross-cell motion, PDS Health, a leading integrated healthcare support organization, who has been a Cybrar customer since 2019, built on that long-standing relationship, expanding further on the machine identity side with our certificate manager and zero-touch PKI in a six-figure Q1 ACV deal. The excitement around VentiFY deals continues to build across our -to-market teams, and stories like this are becoming commonplace as the business begins to scale. Finally, in a Q1 Zilla deal, we saw early success after the acquisition closed with a financial services company who landed as a new logo with a six-figure ACV deal, replacing a competing legacy IGA vendor. The customer highlighted that the acquisition by Cybrar gave them strong confidence in closing out this deal and starting their modern IGA journey. In summary, I wanna leave you with the following takeaways today. First, the identity security imperative is real and accelerating. As the digital ecosystem grows more interconnected and decentralized, the threat landscape is not just expanding, it's evolving at an unprecedented pace. Organizations must respond. Second, Cybrar is uniquely positioned with the only unified platform for securing every identity and addresses a critical pain point for overburdened CISOs by simplifying identity security. Third, our relentless innovation is strengthening our competitive mode as we solve our customers' problems of today and the future. Fourth, cybersecurity spend, and certainly identity, is defensible in all macro environments as organizations realize the importance of protecting their most critical assets, particularly in this escalating threat environment. And finally, we are executing with discipline and confidence. Our -to-market teams are an exceptional differentiator for us. Our continued execution and strong demand environment positions us to deliver strong growth and profitability. Now I'll turn it over to Erika to walk through our strong financials and updated guidance.

Thanks. Excuse me, thanks Matt. We're off to a strong start in 2025 with our first quarter results exceeding all of our guided metrics. We delivered solid top-line growth, expanded operating profitability, and generated robust free cashflow. As we review our results, please note that Venafi, which closed in October 2024, and Zilla, which closed in February 2025, contributed to our Q1 results of this year, but were not part of the comparable period in 2024. Moving to our results. Annual recurring revenue reached $1.215 billion. Net new ARR was 46 million, up from 37 million in Q1 of last year. As a reminder, Zilla brought to CyberArk approximately 5 million of ARR when we closed the acquisition. Lastly, fluctuations in the euro and pound created about a $1 million headwind to ARR in the first quarter. As Matt mentioned, the Venafi integration is progressing ahead of expectations. Pipeline continues to build, and we are executing on the cross-sell synergies. Momentum in our machine identity business overall, including secrets management, was strong in the first quarter, with Venafi and Secrets included in nine of our top 10 deals. As we noted on our last earnings call, we don't plan to break out Venafi's contributions separately, given that customers are increasingly buying across our platform, and our machine identity solutions can include both Venafi and Secrets management. The value proposition we outlined at the time of the Venafi acquisition is being validated by strong cross-sell into existing customer base, new customers being added, and growing activation of our channel partners, with several hundreds certified since we closed the acquisition. Subscription ARR grew to $1.028 billion, with subscription net new ARR of $51 million, compared to $39 million in Q1 of last year. Our maintenance ARR was $188 million. Like for like, conversion activity remains a single digit percent of our -over-year ARR growth. As you saw in the release we posted this morning, we are now reporting revenue in two lines, a subscription line, which includes SAS and self-hosted subscription, and a maintenance professional services, another line, which includes perpetual maintenance, services, and perpetual license revenues. Given that nearly 95% of our business is recurring revenue, and we expect our perpetual license revenue to represent about 1% of total revenue, we changed the P&L to better reflect the value we provide to our customers, and to represent the way we look at our business. Total revenue significantly beat our guidance, reaching $317.6 million in Q1. For the first quarter, recurring revenue reached $298.2 million, representing 94% of total revenue. Our subscription revenue reached $250.6 million, or 79% of total revenue. The outperformance in Q1 was from two primary factors, the strengths in our overall business compared to our guidance, and in a slightly higher than expected mix of self-hosted subscription. Maintenance and professional services and other revenue was $67 million in the quarter. The business remains geographically diverse. America's revenue was $193.5 million, AMIA revenue came in at $93.8 million, and APJ revenue was $30.4 million. We had strong organic and inorganic revenue growth across the platform in all regions. In addition, we're leveraging the strength of our Salesforce to drive venified demand and experienced healthy overall growth, particularly in AMIA. In the first quarter, we signed about 200 new logos, consistent with prior periods, we continue to see strong momentum in multi-solution adoption, with approximately half of new logos purchasing two or more solutions at land. This contributed to a year over year, double digit percent increase, and new business deal sizes in the first quarter of 2025. All P&L line items will be discussed on a non-GAAP basis. Please see the full GAAP to non-GAAP reconciliation in the tables of our press release. First quarter gross profit was $269 million, or an 85% gross margin. The expansion of our gross margin was in part due to that higher self-hosted subscription revenue in the quarter, as I mentioned earlier. Our operating income was $57.5 million, or 18% operating margin, well ahead of our guidance. Our operating margin expanded by three percentage points from Q1 of last year, even as we absorbed over 400 employees from Venafi, and incurred approximately six weeks of expenses from the Zilla acquisition. We ended March with approximately 3,930 employees worldwide, including adding approximately 60 employees from Zilla. We had approximately 1,590 employees in sales and marketing at the end of the quarter. Net income came in at $50.3 million, or 98 cents per diluted share, also ahead of our guidance. We generated strong free cash flow of $95.5 million, or a margin of about 30% in the first quarter. This performance reflects the power of our recurring revenue model, our disciplined execution, and the continued operating efficiency. We continue to maintain a strong balance sheet in the end of the quarter with approximately $776 million in cash, which takes into account the approximately $165 million of consideration paid for the Zilla acquisition in Q1. Before moving to our guidance, I wanna comment on the macroeconomic environment. As you can see from our strong Q1 results, the recent macroeconomic conditions have not impacted our business. Demand remains robust across our platform and our solutions. Execution is strong, and Venafi is performing ahead of our expectations. As Matt discussed, identity security continues to be a top priority for CIOs and for CISOs, and we believe spending on security is resilient across macroeconomic environments. That said, despite the strength in our pipeline in the strategic importance of identity, we are taking the current macroeconomic environment into consideration in our full year 2025 outlook. Now, turning to our guidance. For the second quarter of 2025, we expect total revenue to be between 312 to $318 million. We expect non-GAAP operating income to be in the range of $41.5 million to $46.5 million for the second quarter. That includes the seasonal increase in marketing expenses related to our impact customer event, as well as our impact world tour. It also reflects a full quarter of costs related to the Zilla acquisition. We expect our non-GAAP EPS to be in the range of 74 cents to 81 cents per diluted share. Our guidance assumes 51.5 million weighted average diluted shares outstanding. It also assumes about $8.5 million in financial income and a tax rate of 24% in the second quarter. For the full year, we are increasing our total revenue to be in the range of $1.313 billion to $1.323 billion, representing 32% year over year growth at the midpoint of the range. Keep in mind, the 2025 growth rate includes a full year of VENIFY contribution in 2025 compared to just one quarter in 2024. We are increasing our full year non-GAAP operating income to be between $221 million and $229 million. We expect our non-GAAP EPS to be between $3.73 and $3.85 per diluted share for the full year. That assumes 51.6 million weighted average diluted shares and approximately $32 million in financial income. We are now assuming a tax rate of 24% for the full year. We expect our annual recurring revenue to be in the range of $1.410 billion and $1.420 billion at December 31, 2025, representing about 21% year over year growth at the midpoint. Turning to cashflow, we expect adjusted free cashflow for the full year 2025 to be in the range of $300 to $310 million, representing an adjusted free cashflow margin of 23% at the midpoint. As outlined in our press release, adjusted free cashflow excludes the estimated one-time tax payment of $42 million related to the migration of VENIFY SAS IP to our Israeli entity and about 15 million of capital expenditures associated with lethal improvements to our new US headquarters. We signed a lease for this office space in the second quarter.

We

expect to incur a $15 million in capital expenditures, primarily in the third and fourth quarters of 2025. Accordingly, we are raising our CAPEX forecast to be between .5% and 3% of revenue. I also wanna comment on taxes. The reduction in our estimated IP transfer tax payment from approximately 70 million to 42 million is in part due to the certain tax credits and the strong growth in our US business. As a result of this growth, Cyberg is now subject to approximately 17 to 20 million of US-based erosion taxes under the Tax Cuts and Jobs Act, also referred to as BEAT tax. This tax expense was not anticipated in the initial February guidance, and it is in part related to the IP transfer. The BEAT tax will be an ongoing expense, and as a result, we've absorbed it within our reported free cashflow guidance. To sum up, we're pleased with our strong first quarter results, which underscores the continued prioritization of identity securities by enterprises around the world. As a market leader, we are well positioned to capture greater share of security spend as customers consolidate around strategic platforms. Our solutions continue to deliver significant value by addressing critical security challenges, improving resiliency, and driving operational efficiencies. With that, I will turn the call over to the operator for Q&A. Operator?

At this time, I would like to remind everyone in order to ask a question, press start then the number one on your telephone keypad. We encourage everyone to limit yourselves to one question and one follow-up. We will pause for just a moment to compile the Q&A roster. Your first question comes from the line of Saket Kaliou with Barclays, your line is open.

Okay, great. Hey guys, thanks for taking my questions here, and nice start to the year. Thanks, Saket.

Thanks, Saket.

Sure. Matt, maybe for you, I'd love if you could just talk a little bit about customers' willingness to buy multiple products here as you become more of an identity platform. I mean, you had some great customer examples, right, that you spoke about in prepared remarks. Erica, I think, threw out some stats in her prepared remarks as well, but maybe you could just bring that home for us and maybe also touch on what are you doing to drive that multi-product sale more?

Yeah, sure, Saket. And listen, I shared a little bit of some examples of the conversations I was having at Impact and the conversations I had at RSA, and frankly, the conversations I have every day here at our visit center, and I would tell you that there's not one conversation I have, not one, that isn't multi-product or multi-solution based. Customers want to engage in a conversation that is specifically around how do they tackle their entire identity security problems or opportunities there? It can be that they want to talk about human and machine, and we're talking about PAM plus machine identity either in the former Secrets and Identify or both. It can be on the human spectrum. How do they actually get all of their human identities covered from IT to developers back into the workforce? And we're talking about not only our IT solutions but also our endpoint solutions as well as our access solutions. It's really across the board, and it's the foundation of our entire discussion. It's our entire strategy at this point. So what are we doing? We continue to elevate the team's ability to talk platform versus individual areas. We go in and we talk about three-year roadmaps really around value, around architecture, and then ultimately how do you build that into a plan? Even customers that want to get started with one solution, Erica mentioned that about 50% or so of new logos land with multiple solutions, but even the ones that don't are working with us on that roadmap, on that architecture about where they're going to go over time. And ultimately that lends itself to our confidence in what we're going to be able to get from a lifetime value out of our customer base.

That makes a ton of sense. Erica, maybe for my follow-up for you, obviously a smaller and smaller part of the business, but can we just talk a little bit about the maintenance business? How do you think about that sort of decline or shift this year? And how are you thinking about that conversion opportunity?

Yeah, it's a great question on that maintenance business. We're at about that $188 million. And I think all of the things that Matt just talked about really do apply to that maintenance business as well, meaning that the customer base is now more willing to move to our SaaS and our subscription solutions. We saw a little bit of an uptick in the conversion activity in Q1. As I mentioned in the prepared remarks, it was still a single digit percent of our overall growth, but we did see a slight uptick. I think as we progress through the year, our expectation is that the readiness of our customer base is increasing. And we do think we'll see an increase of that maintenance ARR coming down. Think about it in the tune of about $15 million, roughly. But I think really there is a tremendous opportunity for us there to continue to execute on that maintenance ARR and the customer readiness is moving in that direction. We don't expect it to be a meaningful change in what we've seen in the past and still a single digit percent to the overall growth, but there should be an uptick as we move through the year here.

And maybe just one add for me, just again, back, because it's so fresh in my mind, all the customer conversations we've been having. At Impact, I got a chance to meet with several customers who have been customers of ours for a long time, think financial institutions. And we're having conversations with them about migration and conversion. Now, it takes a while to plan those things out, but the number one comment I heard coming into those conversations was, I'm excited by what you guys are talking about on stage. I want that platform, help me figure out how to get there. And I think that sets the stage for the next couple of years as we think about the migration and conversion opportunity.

Super helpful guys, thank you.

Any second. Your next question comes from the line of Joe Gallovey Jeffries. Your line is open.

Hey everyone, thanks for the question. Erica, I wanted to circle back to what you said regarding guidance. Have you seen macro headwinds or you're just embedding that it gets worse in your updated guidance? Can you just walk us through any changes to your process versus 90 days ago?

We have not seen any macro headwinds. Our Q1 results were strong, pipeline continues to be strong, close rates were consistent. I think we just wanted to, as we looked at the macro volatility we were seeing in the market, we wanted to make an assumption in the guide that took a bit more conservatism than certainly we were seeing in the trends and the data. And so when you think about that guidance, if the macro holds and the trends we saw in Q1 persist as we move through the year, there's room for us to move that guidance up. But given that we were in the first quarter, there were a lot of moving parts around the tariffs and around the broader macro. We thought it best to take a more prudent approach to those very strong metrics we were seeing coming out of the first quarter and apply that to the guidance as we move forward here.

Crystal clear. And then maybe as a follow-up, how should we think about sales capacity, sales comfortability, selling, VENIFY in this ever broadening portfolio and where your -to-market investments are going?

Yeah, I'll jump in there. I mean, we see an uptick of VENIFY pipeline at a really strong rate. We see sales across not just America where they were traditionally strong, but actually into EMEA and APJ, running VENIFY and kind of machine identity as a whole, cross-sell campaigns. We see a real exceptional reception from the customers. In fact, actually, while we talk here, the European impact events are going on this week. And I got notes this morning about the level of attendance in our machine identity sessions that are going on there. So I think across the board, we see a -to-market organization that's poised to attack that opportunity. I think they're also extremely excited about the Zillow opportunity in the IGA space. And they continue to see momentum in just our core business around human identity security. And so across the board, it's a good time to be in -to-market at CyberArk. And we feel that when we're out there in the field meeting with the teams. Thanks, and nice job, guys. Thank you.

Your next question comes from the line of Brian Ethics with JP Morgan. Your line is open.

Hi, this is Charlotte Biedegon for Brian Ethics. Thank you so much for taking the question. And it was nice to see great results. Now that we're in still in early days of Zillow and VENIFY, can you talk about if you've seen any trends of adoption across segments or even just like size of customers? Is there anyone that's particularly looking to adopt those types of technologies? Thank you.

Sure. So let me start, they're obviously in different points of maturity of absorption within the company. So VENIFY, we've got a couple quarters under our belts. We've been out there training, enabling, working with our customers, working with our sales teams, working with our partners. And ultimately what we're seeing is kind of universal interest. And I mentioned that little story about our RSA booth around this 47 day mandate around certificate life cycles because it was really remarkable. It was remarkable to see customers come in and basically from all segments, big and small, and say, can you help us with this problem? And I think that's what we're seeing across the board is a shift. I think we talked about it when we acquired VENIFY that we were seeing that shift in the market where the time for a machine identity security was now, where certificate life cycle management was becoming top of mind. And even though it had been a long process to get here, we felt like we could really amplify the success that VENIFY was gonna be able to have in the market. Well, that is what we're seeing across the board. We see it in our sales reception, we see it in our customer reception, and ultimately we see it in the pipeline build. Zillow is earlier days. Zillow, we're starting the conversations, but I would say there it's been an interesting set of dozens and dozens, if not hundreds of conversations where customers are coming to us and they're really leaning in to the thesis of the acquisition. They're saying, we've deployed a traditional IGA provider out there in the market. We've spent a lot of money deploying that and the time to value has taken a very long time. Can you help us get started on managing the governance and administration of our modern environments because we need to move faster. We need it to be more efficient, more effective. We need to have apps online in days and weeks, not months and years. And that type of discussion is what frames our early discussions around Zillow. And ultimately it gives us the optimism that as we get into the back half of this year and certainly into 2026, that Zillow can start to contribute as we get past the sales cycles that we need to build.

Thank you so much for the call.

Your next question comes from the line of Matt Hedberg with RBC Capital Markets. Your line is open.

Great, thanks for taking my question guys. Matt, I had a question on pricing. In your prepared remarks, you noted that the number of machines to humans has increased pretty significantly. I think you said it was 45 to one, now it's 80 to one. I can imagine a similar dynamic will play out for agents as agent proliferation continues. I guess the question is, is how do you think about pricing longer term from these non-human identities, especially if the numbers increase? I mean, do you kind of think that it has to evolve over time? Yeah,

Matt, great question. I think as we look forward, the lens we should look through is the machine lens, even when we're applying it against the AI agent space, which is the idea that it becomes a curve, right? As you get exponential numbers, the price per agent or in the case of machines, the price per application or workload starts to come down. And in some cases, it comes down dramatically. I don't think anyone's gonna be, if they have hundreds of millions of agents running around, they're not gonna be paying us top dollar for every agent, but you're gonna start to see the deals as a deal size continue to increase. Already we see the average deal size on the machine side is often two or three acts what we see if we're just going out there and selling PAM. And I expect that to be similar on the AI agent side, even at the scale we're talking about. So I think it is a slightly different pricing model in that you're able to scale the cost effectively or efficiently as the numbers become really large. But ultimately it's the total deal size that matters and we're optimistic about what those average deal size will look like as we scale that piece of the business.

Very clear, thanks a lot. Well done guys.

Thank you, Matt.

Your next question comes from the line of Keith Wise with Morgan Stanley, your line is open. Mr. Keith Wise, your line is open.

Sorry, thank you guys for taking the question and congratulations on a good border. Two questions, one kind of more strategic, one more tactical. On the strategic side of the equation, definitely heard and felt the excitement around identity and identity security at RSA. A lot of vendors are running around trying to tell their new identity stories. And I think that's a good point, have you been seeing any change in a competitive environment? I'm sure you do to some extent now that like kind of find Zillow are part of the equation. So perhaps you could talk to us about the evolution of your competitive environment, who you see yourselves coming up against more so as you sell the broader set of solutions into the customers. And then on the more tactical side, and this is I think one of the debates that's going on in our email boxes right now, you haven't spoke specifically to the contribution of ARR from Venafi or Zillow. But if we think about that 51 million in NetNew ARR, is that still growing on a year on your basis if we take out the incremental contributions from Venafi and Zillow?

Yeah, so why don't, Eric, why don't you jump in on the second one and then I'll come back around on the first.

Yeah, so I think the way you should really think about the contribution and the growth of NetNew ARR, we are seeing their growth on the subscription NetNew ARR side. And so that would be where we would anchor. We aren't gonna break out the various component parts. I think that the reality is, is that there's a lot of customers that are buying, are beginning to buy the combined SKUs. And then when you kind of think about the broad platform selling motion, you are seeing some very strong synergies across the broader platform. But you should think of that as being a NetNew ARR growing, but we aren't gonna break it out with more granularity.

NetNew ARR organic subscription growth. Yeah, 100%. Yeah, exactly. Okay, I think on the more strategic question, I was at that RSA conference as well and I like to do it too. I do it to myself. I walk the booths and I walk around the floor and I feel out what's going on. And at one level you're right, it's like identity, identity, identity in every booth. And on the other side, it's what is the message that they're trying to tell? And I think what you see with those kind of upstart competitors is that they're trying to solve a small slice of the identity security problem. They may be talking a big message, but when you actually pin them down and ask, what's the use case, they're solving a very narrow use case. I think what differentiates us in the market and is the reason for our strong results and our outlook going forward is identity security can't be solved in small little increments. In fact, CISOs are overwhelmed with all the tools they already have. They don't need more tools to go do small levels of solutions. They need a tool that actually can solve human and machine. We are the only one in the market that's able to do that. They need one that can apply privilege controls effectively not only in a standing access motion, but also in this just in time zero standing privilege access. We're the only ones who can do that. And ultimately, those are the conversations we're having with customers where, yeah, of course they hear the noise and they see some of these other providers. And then we sit down and we do these, again, value architecture roadmap workshops. And coming out of that, they see that actually their best path forward for actual coverage and ultimately consolidation is to come onto our platform. So ultimately the answer, the short answer to that is, we don't really see a strong change in the competitive positioning or competitive situation. We don't see somebody growing in competitiveness at the moment. And ultimately we find the market to be the same market that we were operating in from a competitive positioning last year and the year before.

Your next question comes from the line of John DeFucci with Guggenheim Securities. Your line is open.

Thank you. I wanna go back to Joe Gallo's question, Erica. You said you're just being more conservative with the annual ARR guidance, but just trying to gauge that a little bit more. Matt talked a lot about conversations with customers for machine identity that make that work feel good about the future there. I mean, even though the quarter was strong and it was in pipeline is good, is it customer conversations that give you pause on that guidance or is it just the press? Cause that could change day to day.

Yeah, no, I mean, it's a great question, John. And it really, customer conversations as Matt's outlined have been incredibly positive. And so, if you think about impact, our impact event where we had very constructive conversations with the customers, not just about machine identities, but across the broader platform and our offerings, it's been very consistently positive. So really when we provided the guidance, it was more around the fact that we weren't sure of what the impact would be on our customers if there were things around tariffs that had moved forward. So we wanted to be more prudent in the guidance and really take a haircut against some of the metrics that we saw in the first quarter to ensure that if something were to happen in the back half of the year, that we accounted for that in the guidance. At this point, it just didn't seem like there was much benefit to us being more aggressive on the guide, despite the positive feedback we were getting from the customers. So nothing to make us pause at this point, but we thought that it was the right approach for us to take given the noise that we were hearing in the broader macro.

Yeah, maybe just, since I'm in those customer conversations and I'm generally talking to C-suite there, and in some cases, even higher on a board or two, what is on their mind is the macros. Like, let me be clear, like our customers, when you meet with an auto OEM in Germany, they're worried about the tariffs. When you meet with manufacturing organization here in the US that's planning out their strategy, they're worried about the economics and the tariffs. We get into a conversation about that, and I noticed the worry. We then get into a conversation about their cybersecurity strategy, what they have to go do, and where identity security ranks on their list, and my worry kind of moves away for a while. But when you're having those conversations about the overall macros with customers, you have to take that into account from where you sit, and you're watching carefully to understand if it's ever gonna come in to your space and have impact on your business, that's the smart thing to go do. So I think what Eric is really emphasizing is, we sat down and we said, listen, based upon that uncertainty that our customers have around the broader macros, not specific to us, do we pass our beat through or not? The thought process was it's Q1, and there's a lot going on, and we probably shouldn't pass our beat through, because that's the responsible thing to go do. So just taking it down to that level there for you.

That makes total sense to me, that and Erica, but I think the confusion out there with the investment community is that not everybody's done what you've done, but thank you for all the explanation, it makes total sense. Great, thank you.

Thank you, Joan. Your next question comes from the line of Roger Boyd with UBS, your line is open.

Great, thanks for taking the questions, and yeah, congrats on a great quarter. Matt, I appreciate your comments on identity consolidation. I think maybe just to play devil's advocate, when we talk to CISOs, there's general admission that projects around identity can be lengthy, complex, expensive, and to your point around IGA, in some cases have significant costs. It sounds like you're seeing very good momentum on that consolidation kind of play, but as you think about the next couple quarters, what are you contemplating from a sales cycle perspective? Have you seen any sort of expansion to date? When Erica, when you think about a more conservative outlook, is that the primary way that's manifesting, is your sales cycle is taking longer? Thanks.

Yeah, so no, we haven't seen any change in sales cycles, actually Q1 was, if anything, a little bit of a tick up in improvement, but overall they've been pretty consistent. They've been pretty consistent over the last, you know, more than several quarters. So I don't think we see any changes there. You know, in general, our sales process is to talk, as I said, about longer term roadmaps to design out how somebody might take advantage of the platform, but to get them started where they are. So if they're not ready to make a full platform purchase, then get started with one or two solutions. And you see that in some of the new logos that come in. And then over time, we'll expand your footprint and we'll expand you across the whole platform. Most cases, we have a roadmap, a plan for that already, even if they're getting started with less of the platform. That being said, as Erica mentioned, if you look at our top 10 deals in the quarter in Q1, you know, almost all of them, actually nine out of the 10, were multi-platform deals. I mean, multi-solution deals across the platform. And it speaks to the ability we already have to be able to drive that conversation with our customers. So no, I don't think it changes the sales cycle because our -to-market team is excellent at understanding where the customer is and to keep them moving on their buyers journey, if you will. I think what you will see is, you know, as you try to bring in some of these displacement opportunities, those will take a little bit longer. And so we're not building that into our guidance, you know, the idea that we're gonna go in and disrupt legacy IGA rather than sit alongside of it. We've built in an idea of how we sit alongside of it. We're not gonna build in disruption because that will take a little bit more time to materialize. But in a lot of cases, when we're talking about our platform, you know, they don't have in place the machine side yet. And so it's a pure expansion, not a replacement. When you're talking about going into the access or the workforce side, the EPM side, in a lot of cases, we're layering security controls on top of what they already have, so they don't have to replace. And that allows them to efficiently get onto our platform quickly, even in a tougher macro environment.

Super clear, thanks Matt.

Your next question comes from the line of Greg Moskovitz with Mizuho, your line is open.

All right, thank you very much for taking the question. In your recent identity survey, we found it interesting that 42% of machine identities have access to sensitive data, which is a little higher than it is for human users. And yet only 12%, I think, consider machine identities to be privileged users. Matt, you mentioned that Venafi is performing ahead of expectations so far, but the data here also shows that there's clearly still an awareness gap. So how do you go about closing this?

Yeah, listen, I think that's the moment of now, right? And I think we've been talking about it when we acquired Venafi. By the way, we talking about it beforehand with our secrets business and kind of the takeoff we've seen in the secrets business. The moment is now that security is getting involved into discussion. And I think we've talked about that before, right? Which is a lot of these machine identity security decisions were left to the DevOps teams, to the local developers to choose on their own, which left no visibility to central security on what was actually happening. That's the fact that comes out in that data. So what happens now is the CISO and the security team is saying, no way, no way are you making those decisions without us. No way are you having localized vault sprawl throughout your organization. No way are you doing certificates on spreadsheets anymore. And they're coming with a central authority. When the CISO gets the right to have central authority, CyberArk wins. And that's what we're seeing today in the market. And so it's really a matter of helping the CISO get control rather than it is us educating the market on something.

Very helpful. Thank you.

Your next question comes from the line of Shaul Liao with TD Common. Your line is open.

Thank you. Hi, good morning. Congrats on a great quarter all around. I wanted to go back to Matt Hedberg's question on machine identity and pricing. I understand the ratio of 80 to one. Specifically on pricing, sale point, for example, they indicate that pricing of their machine identity is gonna come at about one third of human identity. And I understand you guys are different companies yet operating in the same broader arena. What's the thinking along these lines? And maybe just as a follow-up, been getting some emails, some questions about the comment, commentary about the certificate life cycle change. Is that a recommendation or is that a decision being supported by some industry regulations? Thank you guys. Yeah, sure.

So to your pricing discussion, and again, specifically around what we see, I think it's, and I bring it back, I know it's the same answer I gave Matt, but I bring it back to the idea of, it's a deal size that matters, not the individual cost per identity. I think you should expect to see a fully deployed customer on the machine side to basically one and a half to 2X on the secret side and one and a half to 2X on the certificate side to what we are able to do on the human side. Ultimately, when you're fully deployed on the machine side, we're talking about somewhere between three to 5X, the size of the base that we can go sell to. And it's a big deal, it's an enterprise sale. And ultimately over time, it will continue to grow. I think that's what we see. Listen, I don't think sale point is really in the machine space. So I'm not sure where their pricing is coming from, but it's not really covering the type of machine identity that we're talking about. The second part of your question around certificate authority, it is a mandate. So it's called the CA Browser Forum. It is a kind of governing body, and it's mandated that it go down to 47 days. That mandate is for 2028 or 2029. But basically it indicates that the Google 90-day mandate, which was a kind of a Google specific thing, didn't go far enough, they wanna go even farther, and they wanna push the envelope there. It basically wakes people up to the idea that certificates are a thing that's gonna change. Their world of certificates and long-lived certificates are not gonna exist for long. And I think enterprise companies are coming in and saying, "'What can I do about it?' And we've got the perfect solution to solve that problem for them.

Thank you so much. Super helpful. Great caller. Thank you.

I will now turn the call back to Matt Cullen, CEO, for closing remarks.

So thanks everybody for the questions today and the dialogue. It was fun and appreciated. I wanna conclude by thanking our customers and our partners for their support and trust, and most importantly, our employees here at CyberArk who wake up every day and make sure we can deliver strong quarters like we did today. When we think about a world where identity security is an imperative, we feel ready to respond, continue to grow, and drive durable growth for the future. Thanks everybody.

Ladies and gentlemen, that concludes today's call. You can now disconnect. Thank you and have a great day.