Zscaler, Inc.

earnings call at this time all participants are in a listen-only mode please be advised that today's conference is being recorded after the speaker's presentation there will be a question-and-answer session to ask a question please press star 1 1 on your telephone and wait for your name to be announced to withdraw your question please press star 1 1 again I would now like to hand the conference over to your speaker today ashwin case already vice president investor relations and strategic finance

Good afternoon, everyone, and welcome to the Zscaler Second Quarter Fiscal Year 2025 Earnings Conference Call. On the call with me today are Jay Chowdhury, Chairman and CEO, and Remo Kanissa, CFO. Please note, we have posted our earnings release and a supplemental financial schedule to our Investor Relations website. Unless otherwise noted, all numbers we talk about today will be on an adjusted, non-gap basis. you'll find the reconciliation of gap to the non-gap financial measures in our earnings release. I'd like to remind you that today's discussion will contain forward-looking statements, including, but not limited to, the company's anticipated future revenue, annual recurring revenue, calculated billings, operating performance, gross margin, operating expenses, operating income, net income, free cash flow, dollar-based net retention rate, future hiring decisions, remaining performance obligations, income taxes, earnings per share, our objectives and outlook, our customer response to our products, and our market share and market opportunity. These statements and other comments are not guarantees of future performance, but rather are subject to risk and uncertainty, some of which are beyond our control. These forward-looking statements apply as of today, and you should not rely on them as representing our views in the future. We undertake no obligation to update these statements after this call. For a more complete discussion of the risks and uncertainties, please see our filings with the SEC, as well as in today's earnings release. I also want to inform you that we'll be attending the following conferences. Morgan Stanley TMT Conference on March 6 Susquehanna Travel Tech Plus Gambling Forum on March 7th. Loop Capital Markets Investor Conference on March 10th. Stifle Technology Conference on March 11th. Cantor Global Technology Conference on March 12th. Now, I'll turn the call over to Jay.

Thank you, Ashwin. Our outstanding Q2 results demonstrate the improvements in our go-to-market execution against a backdrop of growing customer demand for our platform. Billings accelerated in Q2 and revenue grew by 23% year-over-year, with both metrics coming in above the high-end offer guidance. Our go-to-market investments are resulting in increased sales productivity, double-digit new and upsell business growth, and lower sales attrition. I expect sales productivity to continue growth in the second half, driven by ongoing success of our go-to-market initiatives and growing number of ramped sales reps. Our annual recurring revenue, or ARR, grew 23% year-over-year in Q2 to over $2.7 billion, and our net retention rate, or NRR, improved to 115%. With a growing pipeline and better sales productivity, I expect us to achieve $3 billion or more in ARR by the end of the fiscal year. Q2 was also a strong quarter for profitability, with 36% growth in operating profit, driving 2 percentage points improvement in operating margin to nearly 22%. Free cash flow margin was also a Q2 record of 22%. Driven by strong revenue growth and free cash flow margin, we operated above the rule of 45, placing us in the rarefied category of large publicly traded SaaS companies that are growing rapidly at scale. Zscaler pioneered zero trust architecture, which enables our customers' workforces to securely access applications wherever they reside. Prior to Zscaler, Enterprises relied on firewall and VPN-based security, which allowed attackers to exploit their vulnerabilities and move unchecked across corporate networks. Many vendors are marketing SASE built on SD-WANs, which only worsens the growing issue of ransomware attacks. We have gone far beyond SASE by pioneering our Zero Trust Exchange built on true Zero Trust architecture. which eliminates lateral propagation of threats and dramatically reduces attack surface. Building upon our success in securing users, we expanded our platform to secure workloads, IoT devices, B2B users, B2B systems, and more. Today, we are elevating the concept of Zero Trust to a new standard that we call Zero Trust Everywhere. For a customer to be Zero Trust everywhere, they need Zero Trust users, where users are untrusted and never put on the corporate network. Zero Trust cloud, where workloads are untrusted and can communicate only through our exchange. And Zero Trust branch, where branches, factories, warehouses, or IoT devices are islands of their own. Our mission is to create a Zero Trust everywhere world. With the upcoming hardware refresh cycle, CXOs are increasingly looking for ways to eliminate their legacy security stack, including firewalls, VPNs, SD-VANs, and more. They're leaning into the opportunity presented by the refresh cycle with surgical field campaigns to educate our customers on how they can leave Frog to zero trust everywhere and free themselves from firewalls and other legacy appliances, forever. I'm happy to share that we are seeing initial success from these campaigns. As of the end of Q2, we surpassed 130 enterprises that have become Zero Trust Everywhere, and my mandate to our teams is to triple that number in the next 18 months. One of the core solutions of Zero Trust Everywhere is Zero Trust Branch, which is seeing tremendous customer interest. Let me share a customer example. An existing Global 2000 manufacturing customer purchased our Zero Trust branch in a seven-figure deal, adding to their ZIA and ZPA commitments. This customer is leveraging Zscaler to secure all their critical manufacturing sites, eliminating the need for firewalls, NACs, expensive switches, and routers at these sites. Next, we are working with this customer to upsell Zero Trust Cloud to put them on the path to become Zero Trust everywhere. In another example, a large communications equipment company purchased our Zero Trust branch to phase out their existing SD-WAN. We are excited to work with this customer to help them realize better security and operational simplicity of our platform. Zero Trust Branch is also helping us win new logo customers. In Q2, 57% of customers who purchased Zero Trust Branch are new logo customers. Moving on to large customer matrix, our $1 million plus ARR customer count again grew 25% year over year. In one large customer win, A new logo of Fortune 50 Energy Company adopted our Zero Trust platform to secure 25,000 users with ZIA and ZPA and made initial purchases of both Zero Trust Branch and Zero Trust Cloud in a seven-figure deal. This deal showcases how customers are adopting our broader platform, including workloads and branch in land deals. By embracing Zscaler as the platform of choice for this security transformation, the customer is eliminating firewalls, SD-vans, legacy secure web gateways, VPNs, and more, thus improving their security while lowering cost and complexity. I am also pleased with the momentum in our data protection pillar, which experienced over 40% year-over-year growth in net new ACVs. We see two key drivers of this trend. One, consolidation of point products and operational simplicity of data protection. We have the most comprehensive data protection platform, which secures all types of data, whether structured or unstructured, data in motion or data at rest, and data across all channels, including web, email, endpoints, SaaS, cloud workloads, and more. These capabilities are packaged as various modules to provide flexibility to customers to adopt at their own pace. To give you an example, a global 2000 retail company that had three data protection modules in the last fiscal year adopted three new additional modules in Q1 of this fiscal year and significantly expanded data protection to all users across all their six modules in Q2. This seven-figure upsell deal nearly tripled the annual spend of this already million-dollar-plus ARR customer. The customer chose Zscaler to drive what, in their words, is the most significant transformation project in their network and security history. With too many data protection point products in their environments, customers are forced to manage multiple policies from multiple products. In contrast, Zscaler customers use a common set of policies that can be seamlessly implemented across all data protection modules, resulting in rapid deployment and lower operational overhead. For example, in a seven-figure upsell deal, an existing global 2,000 financial services customer significantly expanded the data protection purchases for 100,000 users. this upsell drove a 65% increase in the annual spend of this already million-dollar-plus ARR customer. As of the end of Q2, over 85% of our $1 million-plus ARR customers have two or more data protection modules, and 65% have three or more modules. We expect this module adoption to continue to grow. The second key driver for data protection growth is the increasing adoption of Gen AI. With the widespread use of Gen AI, all enterprises in all industries are confronting the risk of data loss to public AI apps, such as Microsoft 365 Copilot, DeepSea, ChatGPT, and more. This is elevating the importance of data protection across all customers, and customers are purchasing our solution to gain visibility into public AI apps and prevent data loss. For example, in Q2, many customers purchased data protection to securely adopt public AI, including a Global 2000 hospitality company, a Global 2000 technology company, a Global 2000 manufacturing company, and more. In addition to securing the use of public AI apps, we are investing to deliver solutions to secure customers' private AI apps, such as LLM and SLM models, chatbots, and inference engines. We are expanding the functionality of our zero-plus exchange with an LLM proxy to analyze prompt queries and results in real time to detect and prevent prompt rejections and other malicious activities. We are also utilizing AI to make our products even better and deliver more value to customers. Less than a year ago, we introduced ZDX Copilot, which leverages popular AI models like Gemini to deliver operational efficiency and faster resolution of end-to-end user performance issues. We offer ZDX Copilot in our ZDX Advanced Plus package. Following the launch of ZDX Co-Pilot, bookings for ZDX Advanced Plus grew by over 45% to nearly $50 million, demonstrating the growth potential of AI-powered products. Building on this success, we are taking ZDX to the next level by leveraging ZDX's a genetic AI technology to automate root cause analysis and expand IT workflow integrations for faster remediation and reduce resolution times. We are also leveraging AI in many other areas, including automated data classification, image classification, zero-day vulnerabilities detection and prevention, app segmentation, IoT device discovery, and more. Our newly introduced AI analytics solutions, including RISC-360, Unified Vulnerability Management, Business Insights, and others, continue to drive strong growth. And ACV from AI analytics nearly doubled year over year. To further accelerate the development of our AI solutions, we recently hired Quill T. as our EVP of AI innovations. Phil was the co-founder of an AI-driven enterprise software company that provided intelligent monitoring solutions for DevOps and IT ops. In his role, Phil will lead an incubation group focusing on AI innovations to drive cutting-edge advancements in agentic AI to further transform our business and accelerate growth. AI is everywhere around us. The release of DeepSeq R1 highlights advancements in model training, which can make Gen AI capabilities more widely available. Someone called it Jayvon's paradox, which I agree with. In fact, I think this is the internet moment of AI, which will drive rapid adoption of AI in every aspect of our lives and will create a greater need for better security. Zscaler is very well positioned to protect our customers. At the World Economic Forum in Davos, I met CEOs of several global system integrators or GSIs. We're seeing a sea change in GSI engagements compared to a year ago as an increasing number of them are embedding Zscaler into their network and security transformation practices. Several GSIs and strategic national partners now consider Zscaler as one of their top strategic partners, just like Microsoft and Salesforce. In Q2, GSIs played a critical role in helping us close several deals. For example, we partnered with Cognizant to close a seven-figure new logo deal with a global 2,000 insurance customer who purchased Zscaler for users for 23,000 employees. In another example, a large GSI helped us close a seven-figure deal with an existing million-dollar plus Fortune 500 healthcare customer. This customer purchased our ZIA, ZPA, and data protection solutions for more than 100,000 users, which increased the annual spend with us by over 350%. I am pleased to see that GSIs are leaning in, working closely with Zscaler, and dedicating resources to drive growth. Next, let me highlight the progress in our federal vertical. All of you are aware of the highly publicized efficiency measures taking place under the new administration in the United States. Incumbent security vendors cannot save costs for our government, but Zscaler can and does by eliminating multiple legacy security products, including firewalls, VPNs, NACs, DLP, VDI, and more. Simply put, we offer better security at lower cost. Having landed in nearly all the cabinet-level federal agencies and with significant upsell opportunities still remaining, we are well-positioned to benefit from the government's efficiency measures. Outside the U.S., we continue to make investments to grow our public sector practice, and we are seeing results. For example, in an eight-figure TCV deal, a national government purchased Zscaler for users to secure the entire government workforce. This is a monumental win for Zscaler and our APJ sales team, and I'm humbled by the trust this nation's government has put in us. In conclusion, we're entering the second half of the fiscal year with three key drivers. First, our increasing sales productivity. Sales productivity increased in Q2, driven by strong demand, and I expect productivity to continue to improve in the second half. Second, we're driving zero trust every year in our customers. We have launched targeted campaigns to educate our customers on how they can become zero-trust everywhere and escape the refresh cycle for appliances. Third, the growing adoption of AI is driving demand across multiple dimensions, including data protection and our AI-powered security products. I fully expect to benefit from these tailwinds. As I mentioned earlier, with strong demand for our platform and growing innovations, I expect us to achieve $3 billion or more in ARR by the end of the fiscal year. I look forward to sharing more about our innovations and platform strategy at Zenith Live in June. Now, I'd like to turn over the call to Remo for our financial results.

Thank you, Jay. Our Q2 results exceeded our guidance on growth and profitability, even with ongoing customer scrutiny of large deals. Revenue was $648 million, up 23% year-over-year, and up 3% sequentially. From a geographic perspective, Americas represented 54% of revenue, EMEA was 30%, and APJ was 16%. our annual recurring revenue or ARR exiting Q2 surpassed $2.7 billion. ARR growth was approximately 23% year-over-year. Remaining performance obligations or RPO grew 28% from a year ago to $4.615 billion. Current RPO was approximately 49% of the total RPO. Total calculated billings grew 18% year-over-year to $743 million. Our unscheduled billings comprised of new, upsell, and renewal billings grew over 25% year-over-year. Our calculated current billings grew 19% year-over-year. We ended Q2 with 620 customers with over $1 million in ARR and 3,291 customers with over $100,000 in ARR. This continued strong growth of large customers speaks to the strategic role we play in our customers' digital transformation journeys. Our 12-month trailing dollar-based net retention rate was 115%. While good for our business, our increased success in selling bigger bundles, selling multiple pillars from the start, and faster upsells within a year can reduce our dollar-based net retention rate in the future. There could be variability in this metric, on a quarterly basis due to the factors I just mentioned. Turning to the rest of our Q2 financial performance, total gross margin of 80.4% compares to 80.8% in the year ago quarter. Our total operating expenses increased 2% sequentially and 19% year over year to $380 million. We continue to generate significant leverage in our financial model with operating margin of approximately 22% an increase of about 200 basis points year over year. Our free cash flow margin was 22%, including data center capex at 2% of revenue. We ended the quarter with approximately $2.9 billion in cash, cash equivalents, and short-term investments. Next, let me provide our guidance for Q3 and full-year fiscal 2025. As a reminder, these numbers are all non-GAAP. For the third quarter, we expect revenue in the range of $665 million to $667 million, reflecting year-over-year growth of 20% to 21%. Gross margins of approximately 80%. I would like to remind investors that we're introducing new products that are experiencing strong growth and are optimized for faster go-to-market rather than margins. This will continue to influence our gross margins. We plan to optimize new products for margins over time as they scale. Operating profit in the range of $140 million to $142 million. Net other income of $18 million. Earnings per share in the range of 75 cents to 76 cents, assuming a 23% tax rate and 163 million fully diluted shares. For the full year fiscal 2025, We expect billings in the range of $3.153 billion to $3.168 billion, reflecting the year-over-year growth of approximately 20% to 21%. For Q3, we expect billings growth to continue to improve and encourage modeling 200 to 260 basis points of sequential billings growth. Revenue in the range of $2.64 billion to $2.654 billion, reflecting year-over-year growth of approximately 22%. Operating profit in the range of $562 million to $572 million. Earnings per share in the range of $3.04 to $3.09, assuming a 23% tax rate and approximately 163.5 million fully diluted shares. We expect our free cash flow margin to be approximately 24.5% to 25%. With a large market opportunity and customers increasingly adopting the broader platform, we will invest aggressively to position us for long-term growth and profitability. With that, operator, you may now open the call for questions.

Thank you. As a reminder, to ask a question, please press star 1-1 on your telephone and wait for your name to be announced. To withdraw your question, please press star 1-1 again. Please limit yourself to one question in the interest of time. One moment for questions. Our first question comes from Saket Khalil with Barclays. You may proceed.

Okay, great. Hey, guys, thanks for taking my questions here, and good quarter. Jay, maybe for you, you know, you dug into a couple products in your prepared remarks that are clearly doing well, like data protection. But maybe the higher level question is, how much of your business is kind of coming from ZIA and secure web gateway replacements? versus broader platform products in aggregate? Again, I know we've talked about certain products and we've gotten data points on how they're performing, but curious if you could talk about how the business is looking from that perspective of sort of ZIA and everything else that sort of forms the platform.

Sure. As you know, Saket, ZIA was the starting point. We started taking out blue code and other gateways. There's still a lot of blue code left out there. But when we start, we quite often start with a platform that includes ZIA, ZPA, and CDX. So starting from maybe coming from VPN replacement or Bluecoast, that form becomes the more common thing. In fact, recently, the Zero Trust branch is becoming an important area as a starting point. The interesting number this quarter was that 57% of customers who bought our Zero Trust branch are new logo customers. So expanded platform is a wonderful thing. Blue code proxies are a starting point. VPN is a starting point. We are taking Zero Trust everywhere.

Users, branches, and the cloud. Got it. Very helpful. Thank you. Thank you.

Our next question comes from Brad Zelnick with Deutsche Bank. You may proceed.

Great, thanks so much for taking my question. Jay, it's good to see the go-to-market transformation coming to life, and I think we see it in the strength in million-dollar-plus customers and emerging product ARR growth. And Jay, I know you're not someone who's easily satisfied. What do you see that proves out that the go-to-market changes are making a difference and that those changes are durable? Thank you.

So, Brad, first of all, The strength of pipeline, which is a leading indicator that is growing, that good quality pipeline is growing. Number two, our new ACV is up double digits. That's very important. And then other metrics across the board, data protection is growing over 40% and so on and so forth. It's very good. And the quantity of engagements with C-level in large enterprises is getting stronger because The newer sales team, the leadership is very good in account relationships and expanding those accounts.

That's helpful. Maybe a quick follow-up for you, Remo. I think your commentary around Q3 billings is maybe a little bit lighter than some expected, even though the full year looks great. Just curious if there's been any change to the assumptions around scheduled versus unscheduled billings timing in the back half. Thanks again, guys. Great job.

thank you brad no no no changes uh you know we called out before you know with scheduled billings we expected uh seven percent in the first half and 23 the second half that is unchanged uh and also on the unscheduled piece uh you know it it you know virtually remains unchanged also you can see that we basically raised our guidance so you know feel a little bit more bullish than we did before You know, it's based on our pipeline and our visibility. You know, as Jay mentioned, you know, things are going well. We're well positioned, and we feel good.

Awesome.

Thanks again. Thank you. Our next question comes from Mike Sykos with Needham. You may proceed.

Hey, guys. Thanks for taking the questions here. If I could just build off of Brad's question on the go-to-market, it's great to see the number of million-dollar customers that you guys added this quarter. Wanted to get a sense, I know we've had Mike Rich there for some time now. You're talking about GSIs, but can you maybe color the million-dollar cohort that you have in light of some of these go-to-market initiatives that you guys have been working on now?

Yes.

So two biggest things with the sales transformation war. One was the account-centric sales process, and those are good results. We already talked about them. The second big thing was global system integrators playing an important role, and that's happening. We see that. You saw me highlighting a couple of deals in my learning script where GSI played a very active role to help us drive that business. They are embedding us into more and more of their platform. They're getting more and more people trained as well. And what we're seeing is, if you really think about the two G2K companies, right? They're both big opportunities for us. And they're still a 6x upsell opportunity for us in our install base itself. And even our install base, when customers get deployed, they want to remove all the legacy stuff, firewalls, VPN, all that kind of stuff. And these GSIs are playing an important role to help us. In fact, is a large, fortune, I would say, 50 company where ZIS, ZPA, ZDX are sold, and then a GSI comes in to further simplify the stuff and help us upsell additional stuff.

So very pleased with the performance, and that's part of our plan. Excellent. Thank you. Thank you. Our next question comes from Srenik Kothari with Baird.

You may proceed.

Hey, yeah. Congrats, everyone.

Jay, Remo, thanks for taking my question. So, Jay, you emphasized the zero press everywhere as a core strategic initiative. You guys have pretty ambitious targets inside mandate to cripple that figure in 80 months. Just curious, as you're seeing this upcoming hardware repress cycle as an opportunity, can you talk about is that going to be your anchor point in terms of PR conversations, looking to replace the aging stacks. Can you talk about the traction you've seen with customers who are willing to opt out of the legacy stack towards their host stack you request?

Yes. So our customers have been telling us for quite some time that your zero-touch exchange is wonderful, but your branch still needs some help. I got it. some firewalls, some routers, some SD-WANs sitting in the branch, creating complexity. So our Zero Trust Branch initiative is to simplify it so one simple appliance removes everything, the branch goes dark from the internet, it can't be discovered, it cannot be attacked, and the cost and complexity goes low. You know, there was a CXO exchange summit we had recently And we asked a survey question to 100 attendees, and the question was, are you ready to embrace zero-trust branch, which becomes like a cafe without any firewall and any other stuff? Ninety-six percent of Paul CXOs said they're ready to embrace it. It actually exceeded all of my expectations. So the combination of zero-trust branch with zero-trust users everywhere, Zero Trust Cloud becomes a very good story.

Our customers love it.

Thanks, Jen.

Just quickly on the NRR improving to 115%, just to provide more insights, you mentioned the increased number of ramp fields, ramps are improving. Can you talk about the improving deal landing versus deal expansion velocity and are you guys maximizing upfront deal sizes versus more longer-term expansion and how does it play into the NRR things going forward?

Yeah, we don't guide on the NRR, but all the things you mentioned all come into play. You know, deals are getting bigger. You know, our upsell, you know, as we talked about before, we expected over 65% upsell. this year, and that's what we basically came in at during the quarter. We are landing bigger deals. You can see with the large customer emphasis with the companies are greater than a million dollars. So all those factors and also the emerging products and new products expanding the platform, they all come into play. The 115% is an outstanding metric, but again, it's something that we've talked about before we really don't look at other than on this call. We try to drive our top line basically on on new ACD, whether it's EPSL or new.

Thank you.

Thank you. And as a reminder, please limit yourself to one question in the interest of time. Our next question comes from Roger Boyd with UBS. You may proceed.

Awesome. Thanks for taking the questions. Jay, I wanted to go back to the eight-figure APAC government deal. I think you talked about them going wall-to-wall with Zscaler for users. I'd love to hear any specifics you can give on the ROI with this customer, the scale, the upsell there, and what you're replacing. And then As you think about the pipeline for global government deals, this feels like kind of a landmark deal for you guys. Just would love any color on how you're thinking about the opportunity with other governments. Thanks.

Yes, you said it right. It was a landmark deal for us. Zero trust is very important for governments. And by the way, this deal wasn't driven by ROI. This was driven by cybersecurity having better protection. And What are we replacing? This deal includes zero-plus access for users, whether they're at home or in the office, whether they're accessing internet, SaaS applications, or their internal applications. So essentially a critical part of our platform, starting with this entire government workforce, which we're very proud of. We are engaged with several other US-friendly countries to pursue this thing, but some of these government deals can take longer. But it is good to see that we're getting traction. And we've done a lot of work in the U.S. government as well, which I shouldn't forget about. So we see it as good opportunities, but government deals can be a little bit, what do you call it, lumpy and can take time.

But it's pretty unique for us. We are very, very proud of it. Thank you.

Our next question comes from Brian Essex with JP Morgan. You may proceed.

Hi, good afternoon and thank you for taking the question. Jay, I was wondering if I could dig into maybe the comments that you had on DDX and would love to know how you're seeing customers approach, you know, agentic protection and on the data protection side, is your platform obviating the need for data discovery and classification, or are you coming in on top of that? How are enterprises viewing getting their data estate in order before they pursue agentic utilization? Thank you.

It's a very good question. Often we like to give customers flexibility and choice where they can. Data classification is a hard problem. AI actually is helping a lot in doing data classification. So we do use GenAI technology for classification quite a bit. In fact, for quite some time, as your traffic goes out to the internet, on the fly, at our ZIA, we have been doing classification for our customers for policy enforcement. But also, we can scan data sitting in OneDrive, SharePoint, or wherever else maybe, and can do classification with our AI technology. Having said that, we also work along with data classification that may be done by other providers. So we can take that classification and tags and apply it for policy enforcement. Because we are sitting in the traffic path, the only way that data can leak out is if it goes through us and we are the natural policy enforcement point. Our data protection, solution has been going very nicely our ACV for example has grown 40% year-over-year so it's it's a good opportunity and it's no long not not only data line they're doing data at rest and SAS application they're doing DSVM for data in the cloud you're doing data security endpoint data skip email using single policy engine which is what customers like us because they would rather not buy five different point products.

Got it. Super helpful and great to see the better sales productivity. Appreciate it.

Thank you.

Our next question comes from Greg Moskowitz with Mizuho. You may proceed.

Thank you very much for taking the question. The Zero Trust Everywhere campaign appears to be off to a very good start. I realize it's early, but Was curious if you're seeing more adoption thus far from small, mid-sized, or larger enterprises, and then also from what you've so far, how does the size of zero trucks everywhere lands, how does that compare to Zscaler's typical menu logo?

Right. So first of all, our focus remains larger enterprises. There is a natural growth happening on the lower end of the business, which keeps on going. but primary focus has not changed. I was very happy to see that over 130 enterprises were going in with zero trust everywhere. And for that case, we essentially like to say, your users are zero trust, no matter where they're sitting, at home or coffee shop or at your headquarters, your branch is zero trust, your cloud is zero trust. That's really the essence of zero trust everywhere. Now, what we also We are bullish. We think we can triple this number in the next 18 months, and that's based on the customer feedback and reception we're getting. So we think we are going to make a big difference in the branch area. I'm excited with the refresh opportunity. Our CIO I was talking to said, I'm glad you're moving forward because I do not want to go through the refresh cycle of the firewall one more time.

Very helpful. Thanks, Jay.

Thank you. Our next question comes from Fatima Bulani with Citi. You may proceed.

Good afternoon. Thank you for taking my questions. Remo, you made a specific reference to the fact that there is ongoing scrutiny on large deals. So I wanted to ask you both actually a very stratospheric question. you know, the entire business and the business model and the pipeline is becoming more tethered and indexed to larger deals. You're talking about scrutiny and then you layer on the fact that, you know, there are segments of the economy and maybe the global economy that have been a little bit in flux by virtue of, you know, trade wars and tariffs and things like that. I wanted to get your perspective on how that's maybe helping accelerate the conversation for you, if at all, just kind of give in that could have implications for how sectors of the economy think about transforming their networks and their security architecture. And, you know, any kind of anecdotal feedback or color you got, you know, actually from your CXO Summit that you referenced earlier. I would love to kind of get some real-time feedback from how customers are internalizing some of this with their budgetary aspirations and expectations. Thank you.

So, Fatima, let me start. From what we know so far, we expect limited direct impact from tariffs to our business. Now, as we said in our remarks, macro is still tight. Yes, there's large due scrutiny. Budgets for IT are tight in general, but not for cyber. Now, if I can go to a CIO or CISO and talk about zero trust cybersecurity, they get interested. But then if I can say we'll do this and reduce cost for you, the interest becomes double. So these two things together on actually driving our pipeline. If we didn't have these two factors, the pipeline will struggle. But then it takes a lot more to close the pipeline. To close the pipeline, they actually want to see cost savings. And we have been refining and refining our business value assessment to create business-ready cases for CFO approval. And that stuff is helping us. So when we go in and say we are going to help you with zero trust everywhere, that really means a bigger part of the platform. The fascinating thing is the more savings they want, the bigger part of the platform they need to buy. It becomes an interesting combination. But if you can show the savings, and can tell them in one quarter this goes out, in two quarters this goes out, three quarters this goes out, CXOs become essentially a champion and they push to get deals done. That's really what we're seeing. It is helping us. And GSIs are also helping us because they come along as partners to really drive that transformation, someone has to do that work and they're good partners for us.

Just to follow on some of Jay's comments, you take a look at our guide for the second half, good pipeline, strong pipeline. Jay called out stronger sales productivity, which we're seeing, demand for the product. We're not baking in a strong or banking you know, in a strong, you know, federal in the second half with the uncertainties, you know, that are currently going on. Having said that, we're very well positioned. You know, we're in 14 of the 15 cabinet agencies, you know, and we feel that, you know, our product platform, you know, related to the efficiencies and cost and security, I believe we're well positioned. But again, as Jay mentioned, those types of deals are lumpy. You know, the negatives, you know, as we called about, you know, called out the macro, the overall macro and, you know, deal, you know, scrutiny. You know, Jay called out also tariffs. You know, we're a service company, so we don't believe tariffs will have, you know, an impact on us or anything that can impact at this point unless things change. So, you know, we're well positioned. But those are kind of the pluses and minuses, you know, related to our guide for the second half and going forward.

Thank you.

Our next question comes from Joseph Gallo with Jefferies. He may proceed.

Hey, guys. Thanks for the question. Rima, as a follow-up to your earlier scheduled billings comments, does that acceleration peak in 4Q, or how should we think about that piece of the business as we move into fiscal 26? Thank you.

Yeah. So we're not making a comment for fiscal 26, but it does increase in the report. Okay.

Thanks. Thank you.

Our next question comes from Matt Hedberg with RBC. You may proceed.

All right. Thanks for taking my question, guys. Congrats on the results. Jay, I wanted to go back to your comments about agentic and ZDX. And I guess, you know, I'm curious. It feels like a natural fit there. But I guess I'm wondering, like, as customers roll out agents, I think a lot of people think identity. They might think aspects of cloud security. What's vScaler's role in protecting customers' agents? Because it seems like that's obviously a massive trend that's very early.

That's correct. So the question often gets asked is, if agents are used, the headcount comes down, what's the impact on a seed-based model? if that's what your question is. We haven't seen any big changes yet, but I do believe some of those changes are coming. No matter what happens to users, there will be more communication among users, machines, workloads, and in the future, more with AI agents. AI agents is just another entity for us. We are on the zero trust exchange to enforce policy for all communications. More communication means more traffic. That means more value delivered to our customers. We expect our pricing to evolve as agents' traffic grows as well. Even in the past, we've seen customer headcount reduction from time to time, and in most cases, we're able to keep up or grow our ARR by upselling additional modules. We think that we have an active role to play to secure agent communication, but also using AI agent technology in ZDX and data protection to help our customers. And for that, we can charge additional dollars as well. And we have been charging, for example, ZDX, where we started selling co-pilot. Now we're moving to agent. They're able to charge higher prices for those products that Zscaler has.

Thanks, Jay.

Our next question goes from Joshua Tilton with Wolf Research. You may proceed.

Hey, guys. Thanks for sneaking me in here, and I'll echo my congrats on a solid quarter as well. I have a two-parter, but it's along the lines of the sales productivity comments. Good to see the improvements this quarter. I guess what I'm trying to understand is, is the sales productivity that you saw in the quarter kind of ahead of what you were expecting as we entered this year? And then if I look to the balance of the year, like where does sales productivity have to go from here in order to hit the updated billings guidance that you gave us for the year today?

Yeah, I mean, it's expected. Basically, what we called out on our call before is that we expected sales productivity to increase throughout the year, and we did see that in Q2. What I can say about the sales productivity, I would expect it to continue to go up. I don't want to give any, you know, more color than that other than, you know, the sales productivity supports our guidance, and we feel our guidance is prudent.

Thank you.

Our next question comes from Gray Powell with BTIG. You may proceed.

All right, great. Thanks for taking the question. And, yeah, I just want to say congrats on the good results. But, yeah, so I wanted to follow up. I think it was Greg's earlier question about the firewall refresh. Can you talk about some of the targeted marketing you're doing with existing customers to get in front of the firewall refresh? And then just how should we think about sizing the opportunity? And I know it's early days, but when should we actually start to see it materialize in the results in a more meaningful way? I'm guessing it's really – sometime next year, but just wanted to get some general thoughts around that.

Right. So first of all, the branch solution we launched, Zero Trust branch, is the underpinning of our driver to replace firewalls.

So we aren't really focused on the data center, inside the data center, but we have large, large enterprises. They've got hundreds of thousands of branches out there. Most of them are asking for, how do I make my branch like a cafe? Your branch should be no more complicated than you sitting at home and being able to access applications. That's really the disruptive and simple technology you bring to the table. So our customers, existing customers today, have some kind of firewalls, some kind of routers, or some kind of SD-WAN with firewalls sitting out there, and they're looking for us. We replace it so we become a single point to collect data and get it to our exchange and take care of it. That's really what's driving. So the firewalls that are sitting in the branch office are our primary target. Campus becomes the next natural thing for us. What are we doing to reach our customers? You know, we don't have 200,000 SMB customers out there. We're dealing with 8,000 to 9,000 customers and the top customers. essentially 30 to 40% of them are good, large enterprise size. And we have these, you know, account-based teams. These teams are in touch with our customer. We give them marketing material, collateral, benefits, and there's some marketing campaigns to reach out to our customers, webinars, some of these CXO summits we're doing. There's a number of ways to engage with them, get the feedback, and get them moving on a new solution. So it's working well. We talked about 57% of customers who bought Zero Trust Branch are new customers. That's exciting for us. What's telling me is that our Zero Trust Branch is helping us grow our new customer logo base.

Okay, that's very helpful. Thank you. Our next question comes from Taliani with Bank of America. You may proceed.

Yes.

Tal, your line is now open. Here we go. Sorry, I was on mute. I was talking to myself.

Can you hear me now?

Yes.

Okay. Thank you, guys. I want to understand the concept of zero trust, what it means for you, meaning zero trust is a concept, and I'm trying to break it down to products. So when you talk about zero trust branch, when you talk about zero trust cloud, practically what does it mean? What are you selling to the customers? And second, how does it change the competitive landscape? Meaning if someone is in the branch and someone is in the cloud and there are competitive solutions, if I rewind back two years, you competed on SASE, how does it change the competitive landscape when you focus on zero trust?

So to start with, by the way, SASE is not zero trust. SASE is secure access based on SD-WAN. Anyone falls under SASE. Every firewall, VPN, any network is essentially SASE. In our meeting, Zero Trust starts with no, not being on the network, not having lateral movement left and right. Till our Zero Trust branch, a customer had a branch, they had a SD-WAN or MPLS connection, and inside the branch, they had either VLANs for segmentation or they had east-west firewalls. We eliminate all of that. Using the air gap technology, we go through acquisition. We are doing segmentation inside the branch in zero-trust way without firewalls, without VLANs. From the branch to the wide area network or internet, our zero-trust appliance makes the zero-trust connection means no lateral movement, no SD bands. A given party in the branch gets connected to an application through our zero trust exchange or switchboard. No lateral movement. That's the beauty of zero trust branch. Zero trust cloud means entities sitting in the cloud can talk to each other without moving laterally on the network. So our switchboard, our exchange is sitting in the cloud. You can say workloads in VPCA can only talk to workloads in VPCB. None of these north, south, or east west firewalls needed in the cloud as well. That's the exciting part of it.

Did it make sense?

Yes. And when you focus on it, the second part of my question was, what's your competition? Who do you meet that provides the same kind of value and you have to compete with them?

Our competition is legacy. Lots of firewall vendors, in some case in a branch, NAC vendors, VLAN vendors, none of that is needed.

Legacy versus the New Zero Trust way of doing stuff. Thank you.

Our next question comes from Peter Wheat with Bernstein. You may proceed.

Thank you and glad to hear the continued progress, particularly with upsells. Obviously, NRR expanding is pretty exciting and, you know, probably a good signal around the sales performance. You know, the one thing, though, that it also does seem to indicate is the contribution from net new customers has been declining. How should we think about that looking forward? Is that a short-term deceleration and would pick back up? And so when you put those two things together, you know, we could get, you know, even stronger growth, or should we be expecting lower kind of contribution from net new customers looking forward?

Right. So if you think about it, when you're a young company, you have very few customers. You have to have new logo only. As you grow, when we got 45 plus percent of Fortune 500 companies and have a very big platform, there's tons of upsell opportunity. In fact, internally, Remo and I and our CROV debate, do we give special push to new versus upsell? We really want new ACV coming from upsell or new logos. So today, with a large customer base, Upsell is sitting about two-thirds, Remo, right? The new logo is smaller. And over the years, I would expect Upsell to keep on going up from there onwards because we'll have a larger installed base of customers. I think it's a good thing. Having said that, we do have a sizable customer base, customers to go after. There are about 55% of Fortune 500 companies who aren't customers yet. They are an opportunity for us. Then you go to the next level of customers. You go to G2K. There are about two-thirds of them that are good for us. So we see opportunities, both new logos and as well upsell, and the platform keeps on growing and growing.

The only thing that I want to add with what Jay is mentioning is that we have a 6X opportunity in business. are existing based on the user site only, not including the new customers. Our focus, if you take a look at it, you know, for the Global 2000, our penetration's over 35% currently, and for the Fortune 500, it's over 45%. You know, the hard part is landing these customers, but once you're in and you build their trust, you have the ability to upsell. So Jay's 100% correct. As you go forward, As we go forward as a company, and currently we said we'd have 65% upsell in this fiscal year, I would expect that percentage to increase. Our penetration in the G2K and Fortune 500 is very, very important. And continued product introduction and selling across our platform really bodes well for Zscaler. But I think we're just in a great position, and you take a look at our penetration into the G2K and Fortune 500, it's quite impressive.

Thank you.

Thank you.

And our last question comes from Keith Bachman with BMO. You may proceed.

Hi. Thank you very much. Jay, I wanted to direct this to you, and at a high level, I wanted to dig a bit deeper on how you think AI changes your competitive positioning versus some of the landscape out there. And if I change the question around a little bit, you have in your slide deck AI and analytics solution is a $2 billion TAM relative to 96 billion. So it's a relatively small part. Now, data protection, we could argue, is part of that as well, which is much more meaningful. But if I break the question down again into two parts is I just want to understand from a technology perspective, how do you change your solutions to capture the benefits of AI? And is that embedding into existing products or is it offering new products downstream or both? Thank you.

It's a very, very good question. Yes, the point you made about AI analytics, it's a small piece about a couple of products that are already Out there, they're growing nicely. That was a starting point. But if you think about AI, AI is only as good as the data that powers it. With Zero Trust Everywhere or Zero Trust Exchange Platform, as you're getting over 500 billion transaction logs a day, that's the largest security cloud anywhere out there. So that's a one-notch start. Now, taking that data and building products around it becomes difficult. A next big north star for us, we acquired Avalor, which has become the data fabric technology for us to take all that data and harmonize it, synthesize it, dedupe it, and build value around it. What is the value that can be built around it? We have already launched things like unified vulnerability management. We just launched asset risk management. There are more and more products that are going to come around breach protection, around security operations alike. So you see a number of products unfolding that are powered by the AI engine to do that part. That's one part. The second part ends up being taking digital experience and using more AI and AI agent technology to make it more powerful. ZDX is already a pretty sizable business, but it'll get accelerated because of AI. Third area is data. protection. They've been doing some very good data classification already. But in addition to that, the number one question CIOs ask us is, my company is using AI, public AI, such as ChatGPT, Gemini, or others. How do we make sure my data doesn't leak? We are sitting in the traffic past the internet. We're using our DLP to make sure they can use it safely. Then customers are using Private AI applications are building their own LLM models. We are building an LLM proxy to be able to inspect and enforce policy. So several opportunities for us. What we believe is the combination of zero-plus exchange to secure customers and generate all the logs and then use AI to empower it becomes probably the most compelling combination.

Perfect. Thank you, Jay. Thank you.

Thank you. I would now like to turn the call back over to Jay Chowdhury for any closing remarks.

Well, thank you all for joining us for this call. I look forward to seeing you in one of the many investor conferences we plan to attend.

Thank you again. Thank you.

Goodbye.

Thank you. This concludes the conference. Thank you for your participation. You may now disconnect.