Rubrik, Inc.

Good afternoon, ladies and gentlemen, and welcome to the rubric, the first quarter fiscal year 2026 results conference call. At this time, all lines are in listen-only mode. Following the presentation, we will conduct a question and answer session. If at any time during this call you require immediate assistance, please press star zero for the operator. This call is being recorded on June 5th, 2025. I would now like to turn the conference over to Melissa Franke, Vice President of Investor Relations, please go ahead.

Hello, everyone. Welcome to Rubrik's first quarter fiscal year 2026 financial results conference call. On the call with me today are Bipul Sinha, CEO, Chairman, and co-founder of Rubrik, and Karen Chowdhury, Chief Financial Officer. Our earnings press release was issued today after the market closed and may be downloaded from the Investor Relations page at www.ir.rubric.com. Also on this page, you'll be able to find a slide deck with financial highlights that, along with our earnings release, includes a reconciliation of GAAP to non-GAAP financial results. These measures should not be considered in isolation from or as a substitute for financial information prepared in accordance with GAAP. During this call, we will make forward-looking statements including statements regarding our financial outlook for the second quarter and the full fiscal year 2026, our expectations regarding market trends, our market position, opportunities, including with respect to generative AI, growth strategy, product initiatives, and expectations regarding those initiatives, and our go-to-market motion. These statements are only predictions that are based on what we believe today and actual results may differ materially. These forward-looking statements are subject to risks and other factors that could affect our performance and financial results, which we discuss in detail in our filings with SEC. Rubrik assumes no obligation to update any forward-looking statements we may make on today's call. With that, I'll hand the call over to Bipul.

Thank you, Melissa. I want to start by thanking everyone for joining us today. Our first quarter results were excellent. This quarter, we once again exceeded all guided metrics across top line and profitability. Here are five key numbers. First, subscription ARR reached approximately 1.2 billion, growing 38% year over year. Net new subscription ARR reached 89 million in the first quarter, a standout for a company at our scale. Second, our subscription revenue was 266 million, growing 54% year-over-year. Third, our subscription NRR remained strong, yet again above 120%. Fourth, customers with 100K or more in subscription ARR reached 2,381, growing 28% year-over-year. Finally, on profitability, we once again made material improvements in subscription ARR contribution margin, up over 1,800 basis points year over year. On cash generation, we are very happy to report we had over 33 million in free cash flow this quarter. This combination of top line growth and cash flow margin at our scale is rare. These outcomes are a result of a very deliberate strategy. First, we have a very differentiated product and comprehensive offering for cyber resilience. Second, we offer a true platform that enables multi-product leverage for our customers. Third, Rubrik has a unique innovation engine that delivers a steady stream of new products and solutions that lead and define the future of cybersecurity. And finally, we have a culture of long-term thinking where we continuously conceive yet unproven, bold ideas to unlock new markets. As a result, we remain confident about our opportunity, and we have raised our guidance for the year. Let me start by giving you the broader context on our market opportunity. Cyber resilience is the top cybersecurity priority. My conversations with leading CISOs and CIOs around the world point to a growing recognition that cyber breaches are inevitable in spite of significant investments they make in cyber defenses. At the same time, enterprises are looking to replatform and modernize their infrastructure in preparation for AI. In this increasingly complex environment, customers are turning to Rubrik for uniform and consistent data policy controls, as well as rapid, accurate recovery from cyber attacks. From our inception, Rubrik was designed to help customers achieve the fastest cyber recovery time. At the center of our unique architecture is the Rubrik preemptive recovery engine. Our natively integrated platform continuously and automatically scans all protected data and identities across a customer's entire IT ecosystem to pre-calculate clean recovery points. And our ability to pre-compute metadata unlocks the necessary data context and tooling needed to recover quickly from a cyber attack. Legacy backups as well as new gen backup vendors can't match this proactive capability because their solutions weren't natively built for it. And their capabilities are often bolted on from acquisitions or from third party tools. For these reasons, we win the vast majority of deals in head to head competition. Now let me talk about innovation. We continue to innovate across data security and AI vectors as we tackle more and more complex problems for our customers. Rubrik employs a unique portfolio approach to S-curves, managing innovations at different stages to maintain maximal momentum while preparing for what's next. Let me expand on that further. We live in an age of technology acceleration. Microsoft took 20 years to become a household name. Facebook two years, and ChatGPT just three months. Rapid technology changes means businesses must reorient and evolve constantly. The key to building an enduring institution in this technology era is to continuously layer concurrent S-curves. To achieve this, we use the combination of forward motion, which focuses on scaling current successes, such as our cyber-resilient data protection business, as well as Lateral Motion, which focuses on a portfolio of new initiatives to unlock future S-curves. Our Forward Motion team is expanding our cyber-resilient data protection solution across new applications and workloads, while exploring new routes to market, accelerating distribution networks, serving new customers, and expanding our value proposition within our customer base. But you can't just rely on Forward Motion to achieve sustained success. Failing to innovate could lead to eventual stagnation. In fact, we deploy a specialized team as lateral motion to discover new product market fit and launch innovative initiatives to unlock the next S-curves. We already have a track record here, as we have successfully built our M365 protection solution from a sketch to a scale business. We are using the same approach to introduce new identity resilience solutions that brings identity and data context together for the first time in the industry. Rubrik's innovation engine is powered by our unique platform architecture, one that combines data and metadata across enterprise, cloud, and SaaS applications, as well as identity providers. The Rubrik platform uniquely brings data security and cyber recovery together to deliver comprehensive cyber resilience for both data and identity. This makes us a true platform company. Let me explain further. Rubrik manages mission critical business data as the common unit of currency across the whole organization. Our platform strategy allows us to innovate faster and deliver effective solutions to critical challenges at the epicenter of data security and AI. All our solutions leverage the same underlying preemptive recovery engine to deliver risk and remediation solutions across data and identity. In fact, our customers realize more value from the Rubrik platform as they adopt more Rubrik products and solutions. This is because our platform gets smarter as we cover more of our customers' data and identity landscape. Let me detail some of the opportunities and wins across our initiatives at varying scales. If you recall, our forward motion is propelling our cyber resilient data protection business from scale to super scale. As companies shift deeper into cloud and gen AI, they choose Rubrik to deliver comprehensive cyber resilience and quicker cyber recovery times across clouds. Of the many examples, let me give you two specific wins from this quarter. The first, a major US pharmacy solutions company selected Rubrik as their cyber resilience partner for their cloud transformation. We not only replaced a longtime legacy vendor, but also out-competed a new gen vendor. Key differentiators included Rubik's clean and rapid cyber recovery, hybrid cloud scalability, and the simplicity of our Rubik's Security Cloud, or RSC platform. The customer adopted RSC Enterprise Edition, unstructured data protection, and SAS data protection for M365. This customer also combined our DSPM and identity recovery solutions for complete cyber resilience while being a design partner for our Annapurna AI product. And the second, a large European insurer chose Rubrik RSC Enterprise Edition with unstructured data protection to protect critical structured and unstructured data across cloud and enterprise environments. Rubric was chosen over competitors for our ability to meet and exceed board level cyber recovery time objectives for critical business services. This customer also noted our simplicity, cost effectiveness, and superior performance in securing significant cloud workloads. Let me shift gears and talk about four key cloud innovations that deliver differentiated product. First, we introduced code to cloud cyber resilience. As a result, we can now protect from the first line of code to the full stack of applications in production. Second, we created new purpose-built technology for advanced protection of cloud relational databases, starting with AWS RDS. Third, We expanded our cyber resilience capabilities for Google Cloud. And finally, we also introduced rubric for Oracle Cloud Infrastructure, essentially strengthening critical coverage of all four major hyperscalers. Ultimately, our differentiation in cloud protection is built on our assumed breach approach. To deliver this, we combine DSPM and cyber recovery natively on our RSC platform. which is powered by our native data threat and preemptive recovery engines to achieve complete cyber resilience. No one else does this. Now let me highlight a few customer wins with cloud and SaaS protection. This quarter, a Fortune 500 financial services company expanded its rubric deployment by adding cloud protection enterprise edition for its complete Azure environment. Our POC showed not only significantly faster recovery time, but also a 25% saving in cloud cost over three years compared to their existing cloud-native backup solution. This customer also added identity recovery for EntraID, enhancing their MC65 protection for more than 10,000 users. A global quantum computing company chose Rubrik this quarter to safeguard their vital SaaS data. Resilience and availability are crucial in their industry. Their legacy backup provider posed too many security vulnerabilities and was ill-equipped to secure cloud workloads at the speed and scale. In under two months, they transitioned to Rubrik as their unified platform, now securing critical workloads such as M365, Jira, and Salesforce. As I mentioned before, We are leveraging the lateral motion approach to scale our Data Security Posture Management, or DSPM, and identity resilience solutions. Together, these solutions help customers achieve cyber resilience by bringing identity and data context together with cyber recovery to solve cybersecurity challenges before, during, and after an attack. Let me discuss our opportunity in identity resilience. Active Directory and EntraID are the backbone of identity. for companies worldwide. However, their ubiquity makes them prime targets for attacks. Attackers go after identity infrastructure because it gives them access to all the critical data. And when identity systems are compromised, every subsequent recovery effort becomes exponentially more complex. We see a huge opportunity in securing identity. Our newly released identity recovery solution has seen notable momentum due to our unique ability to orchestrate hybrid cloud recovery across Active Directory and EntraID, all while avoiding malware reintroduction. This transforms identity recovery times from weeks to under an hour. I already mentioned a few customer wins for identity recovery, but let me add a few more. A major US hospital network added rubric identity recovery in Q1. choosing Rubrik over a standalone identity recovery competitor. This represents the customer's third expansion since their initial purchase in August of last year. Traditionally, a large U.S. estate county expanded with Rubrik to bolster its cyber resilience after a significant ransomware attack impacted a nearby county. This customer added Rubrik AD Forest Recovery and added RSC Enterprise Edition to ensure minimal disruption in the face of an inevitable cyber attack. Lastly, I'll spend a minute talking about some of our longer-term initiatives, such as Rubrik Annapurna. Rubrik Annapurna is designed to help break through the barriers preventing GenAI applications from broad-based enterprise deployment. This solution enables secure and scalable GenAI by leveraging Rubrik's unique ability to extract, manage, and secure business data, the most important real estate in GenAI. Annapurna now integrates with Google Agents Space, facilitating secure GenAI deployment on Google Cloud. We are in the early phases of optimizing product market fit for Rubrik Annapurna. We plan to add more capabilities and investments to help organizations deliver secure GenAI applications faster. As a reminder, this is a multi-year initiative to bring our GenAI solutions from zero to one and then to a scale. Just as our successes in cyber resilience was built through the years of dedicated effort and calculated market risk. In closing, I would like to share my personal gratitude. First, thank you to my fellow Rubricans Your unwavering customer focus and disciplined execution have given us an incredibly strong start to the year. As a result, we continue to win the cyber resilience market, and I believe our opportunity is bigger than ever. Also, a big thank you to our customers and partners. Your trust in us to secure your data and business pushes us to continue to define the frontiers of cybersecurity. And lastly, thank you to you, our shareholders, for your continued support and trust. We are just getting started. The best is yet to come. With that, I'm pleased to pass it over to our Chief Financial Officer, Kiran Chaudhary.

Thank you, Vipul. Good afternoon, everyone, and thank you for joining us today. Q1 was a strong start to our fiscal year, demonstrating our continued leadership in the growing market for cyber resilience. Strong market drivers, our competitive positioning, and a unique land and expand strategy fueled another quarter of solid top-line growth at scale. We also saw strong and continued improvement in profitability. We are pleased to have exceeded all guided metrics in Q1, and we are raising our outlook. Let me start by briefly recapping our first quarter fiscal 2026 financial results and key operating metrics, and then I'll provide guidance for the second quarter and full year fiscal 2026. All comparisons, unless otherwise noted, are on a year-over-year basis. We are very pleased to have entered Q1 with subscription ARR of $1.18 billion, growing 38%. We added $89 million in net new subscription ARR. We continue to drive adoption of our rubric security cloud, which resulted in $972 million of cloud ARR, up 60%. Our differentiated land and expand model benefits from multiple avenues to gain new customers and grow our footprint after the initial contract. Expansion occurs through increased data and existing applications, securing more applications, or adding more security functionality. As a result, we continue to see a strong subscription net retention rate, which remained over 120% in the first quarter. All vectors of expansion are healthy contributors to our NRR, highlighting the meaningful runway we have to more deeply penetrate our customer base. Adoption of additional security functionality contributed slightly more than 30% of our subscription net retention rate in the quarter. We ended the first quarter with 2,381 customers with subscription ARR of $100,000 or more, up 28%. These larger customers now contribute 85% of our subscription ARR, up from 81% in the year-ago period, as we become an increasingly strategic partner to our enterprise customers. For our first quarter, subscription revenue was $266 million, up 54%. Total revenue, $278 million, up 49%. Revenue in Q1 benefited from our strong ARR growth and tailwinds from our cloud transformation journey. We also saw higher non-recurring revenue, which was accounted for as material rights related to our cloud transformation. This contributed approximately seven percentage points to revenue growth this quarter, which was a few percentage points above our expectations. Turning to the geographic mix of revenue, revenue from the Americas grew 51% to $203 million. Revenue from outside the Americas grew 43% to $75 million. Before turning to gross margins, expenses, and profitability, I would like to note that I'll be discussing non-GAAP results going forward. Our non-GAAP gross margin was 80.5% in the first quarter compared to 75.4% in the year-ago period. Our gross margin benefited from the revenue at performance, including higher non-recurring revenue and the improved efficiency of our customer support organization. We anticipate total gross margin to remain within our long-term target of 75% to 80% in fiscal 2026. As a reminder, we look at subscription ARR contribution margin as a key measure of operating leverage. We believe the improvement in our subscription ARR contribution margin demonstrates our ability to drive operating leverage and profitability at scale. Subscription ARR contribution margin was positive 8% in the last 12 months ended April 30th compared to negative 11% in the year-ago period, an improvement of over 1,800 basis points. When normalizing for the $23 million in employer payroll taxes associated with the IPO in the prior period, the improvement was over 1,500 basis points. The improvement in subscription ARR contribution margin was driven by higher sales, the benefits of scale, and improving efficiencies and management of costs across the business. Pre-cash flow was positive $33 million compared to negative $37 million in the first quarter of fiscal 2025, or negative $16 million when adjusting for the $21 million in employer payroll taxes associated with our IPO. This increase was driven by higher sales and improved operating leverage, offset by an increasing mix of annual and monthly payment terms and shorter contract terms related to the year-ago period. Turning to our balance sheet, we ended the quarter in a strong cash position with $762 million in cash, cash equivalent, restricted cash, and marketable securities, and $323 million in debt. Let me now provide some context in our outlook for fiscal 2026. We remain confident about the strength of the cyber resilience market and demand for our differentiated offerings. We believe these drivers, alongside our strong and consistent execution, will deliver strong subscription ARR growth ahead. In terms of operating investments, we'll continue to invest in R&D to drive innovation in the large and growing markets we operate in across data, security, and AI. We'll also continue to make investments in go-to-market, where we see the most compelling ROI across select regions and verticals, and to find product market fit and scale our new innovations. Let me discuss our current outlook on quarterly seasonality. After our strong Q1, we anticipate that the first half of the fiscal year will contribute approximately 46% of the total net new subscription ARR with the remaining approximately 54% expected in the second half. In addition, subscription ARR contribution margin has some seasonality due to the timing of net new subscription ARR and operating expenses each quarter. Based on our current net new ARR linearity and investment plans, we continue to anticipate that subscription contribution margins will be the seasonally lowest in Q3 before moving higher in Q4. Please see additional modeling points for fiscal 2026 on slide 31 of our investor presentation, which can be found on our investor relations website. Now turning to our guidance for the second quarter and full year fiscal 2026. In Q2, we expect revenue of $281 million to $283 million, up 37% to 38%. We expect non-GAAP subscription ARR contribution margins between 4.5% and 5.5%. we expect non-GAAP earnings per share of negative 35 cents to negative 33 cents based on approximately 196 million weighted average shares outstanding. For the full year fiscal 2026, we expect subscription ARR in the range of $1,380,000,000 to $1,388,000,000, reflecting a year-over-year growth rate of 26% to 27%. We expect total revenue for the full year fiscal 2026 in the range of $1,179,000,000 to $1,189,000,000, reflecting a year-over-year growth rate of 33% to 34%. We expect non-GAAP subscription ARR contribution margins of approximately 6%. We expect non-GAAP earnings per share of negative $1.02 to negative 96 cents, based on approximately 198 million weighted average shares outstanding for the full year. We expect free cash flow of $65 million to $75 million. In closing, we are pleased with a strong start to our second year as a public company and a higher outlook for fiscal 2026. We remain confident in our ability to deliver efficient and durable growth as a market leader in cyber resilience. With that, we'd like to open up the call for any questions.

Ladies and gentlemen, we will now begin the question and answer session. Should you have a question, please press star followed by the number one on your touchstone phone. You will hear a prompt that your hand has been raised. If you'd like to decline from the polling process, please press star followed by the number two. We will be taking only one question per participant. If you are using a speakerphone, please make sure that you lift your handset before pressing any case. One moment while we prepare our Q&A roster. Your first question comes from the line of Eshaka Talia from Barclays. Please go ahead.

Okay, great. Hey, guys, thanks for taking my question here. A nice start to the year. Thank you. Maybe I'll make the one question for you. You know, I think we all think about the share shift that's happening in this market from legacy to next gen, which is clearly benefiting Rubrik. But I'm curious, how long of a runway do you think that has? And particularly with some of the points that you're making on identity, do you think the move to cyber resilience is expanding this TAM at all that's available for conversion? Does that make sense?

Absolutely. So, Saket, if you take a step back, Rubrik is a two-platform company. We actually... took on legacy backup and recovery and transformed that into a data security platform to deliver cyber resilience. And this Rubrik Security Cloud has built in preemptive recovery engine that takes the cyber recovery time from weeks and months to hours. And that is what is making us win. We are the only vendor that provides comprehensive cyber resilience across data and identity, both across risk and remediation. And because of our unique offering and platform approach, we are winning customers and we are winning vast majority of the deal in head to head competition. And this new identity resilience angle is expanding our time because not only data risk comes from ransomware and other data sensitivity, but the identity stealing and identity-based attacks are on the rise in a very significant way. And we are giving our customer a peace of mind against those attacks. And that's what is helping us to deliver end-to-end cyber resilience, which is very unique in the marketplace, and we are the only ones doing it. To give you an example, a world-renowned cancer medical center replaced their legacy backup vendor And we also out-competed and associated new gen vendors, and they chose RSC Enterprise Edition because of our demonstrated ability to not only deliver the fastest cyber recovery at scale, but also give them the complete risk information. So this is an example of why customers are choosing us, how we are displacing legacy vendors, and expanding the market and TAM by combining data and identity.

Very helpful. Thanks, guys.

Thank you. Next question.

Your next question is from the line of Kash Rangan from Goldman Sachs. Please ask your question.

Yeah, thank you very much, and congratulations to the Rubric team on a spectacular start to the fiscal year. A Bipple one for you. As you continue to innovate, add functionality at a pretty rapid pace, and the market continues to be receptive in that it's not just replacement TAM, but replacement TAM and some more. What is happening to sales cycles, the broader awareness of what Rubrik can do, replacement cycles of older legacy technology? Could we be at a point where we're at the front end of what could be an S-curve of adoption and we maybe are at the point where what used to be obscure in the backwaters is now all of a sudden more front and center. Maybe I'm overstating the case, but I'm sure you have a strong view on that. Thank you.

Absolutely, Kash. If you think about the current market environment we are in, which is generative AI and productivity gain, generative AI is pushing all enterprise and governments to really replatform and modernize their infrastructure to take advantage of generative AI opportunity. But generative AI is all about data and understanding data, integrity in the data, and security in the data. And that's Rubrik's business. We have pegged our whole company on data security. That's why we built a data security platform by transforming legacy backup and recovery. So we definitely believe that we are on the front end of a very long, large secular trend around data, security, and AI. And as our customers transform and adopt more cloud as they use Gen AI, we are actually helping them have confidence and peace of mind that their services will be up. they can actually feed safe data into their Gen AI application. Just to give you a sense of what is happening with replacement, a very large Japanese industrial company that had multiple native cloud backup tools, they replaced all of them with Rubrik security cloud protection to safeguard critical AWS, Azure, plus Oracle workloads. And Rubrik was selected over new gen vendors because of our unique ability to mitigate cyber threats and deliver cyber resilience, cyber recovery at a lower cost. And we are saving cloud cost. So in some ways we are delivering double impact. Cyber resilience plus cost saving and making our customers secure and giving them the ability to take secure data and feed into gen AI giving them the ability to confidently do cloud transformation. And these are some of the trends that are propelling us.

Fantastic. Thank you so much.

Thank you, Kash. Next question.

Your next question is from the line of Andrew Nowinski from Wells Fargo. Please go ahead.

OK. Thanks, Melissa, for the question. Great quarter. I wanted to ask another question around identity resilience that you introduced at RSA. I think it's a really interesting product. It really could be a game changer because no one else is combining identity with cyber resilience. So I'm wondering, I guess first, is the integration with Laminar complete? And then would this new capability allow customers to replace any sort of point products they may be using with other identity security vendors?

Thank you for this question. Let me give you a broader sense of our strategy and what we are doing. As I said before, Rubrik pegs its future on data security. But the source of data risk is both from the intrinsic data sensitivity plus the identity interaction on the data. And we have this strong point of view that to secure data, you need to understand data, and understand data risk as well as understand identity risk on data. The first step of this strategy was to acquire DSPM laminar product that we have fully now integrated on the Rubik platform. In fact, our DSPM ARR was up over 300% year over year this quarter. But that's not the point. The point is cyber resiliency requires both data resilience and identity resilience together. Together in a single platform, delivered in a single way. Because you need to understand what data you have, what is the sensitivity of the data, who has access to the data, and who is doing what to your data. And by combining identity security with data context and data security, so essentially identity plus DSTM together, we are forging a whole new world of data security, which is complete and comprehensive. And that is our opportunity to replace point products across DSPM or purely identity recovery, because these two separate products don't create as much value when you bring it identity and data all together. And that's where we are seeing great momentum in identity recovery. Just to give you an example, a very large healthcare org experienced an outage with EntraID. And it took them a week to recover with the competing solutions that they had. And they brought in Rubrik to deliver faster cyber recovery and increase their resilience posture. And if you think about the identity and data combination I talked about, European Financial Institution chose Rubrik to detect and mitigate exfiltration risk, and which is around data, and that allowed them to be in compliance with DORA. So we have a number of significant tailwinds, both in and around data and identity, and we are taking the unique approach of combining these two into a singular strategy, singular platform, singular product. And again, we always take a very long-term view of these things, Again, we are experimenting, iterating, figuring out how we package, how we sell, which solutions work with what, and we'll update you as we evolve our strategy, but we are definitely seeing great traction in this space.

That's very helpful.

Thank you.

Thank you, Andy. Next question.

Your next question is from the line of John DeFucci from Guggenheim Securities. Please ask your question.

Thank you. My question is more of sort of a macro question. You're near the end of the reporting companies for this quarter, and we've generally seen some sort of suppressive effects of an uncertain macro backdrop, especially in security. I think of one other exception, just one, and it has to do with identity, which you're talking about. It was CyberArk. But this is – The suppressive effects don't show up in your numbers at all. So first, I guess, how would you characterize the demand environment in general? And that's beyond rubric. And how are you able to execute against that environment? And if you can sort of talk about product, go-to-market prowess, and then the general demand in your end markets. Thank you.

Thanks, John. That's an insightful question. Let me give you my context or my understanding of where things are. Rubrik is creating a new future for cybersecurity. The last 30 years of cybersecurity has been buying 80 to 100 different tools around prevention and detection of attack. And everybody has indigestion right now with different tools, different vendors, in some cases, hundreds of vendors. And what to pick, what not to pick is like a whack-a-mole that you have a new threat and you buy a new tool to prevent and detect. We created this cyber resilience market. And our vision is while prevention and detection is important, you cannot prevent the unpreventable. You need to have a recovery and resilience strategy. And we created a purpose-built platform around cyber resilience across data, identity, risk, and remediation. And because of this comprehensive nature of our platform and what we do is not an optional thing. It's not one of the five tools that they are buying and you are increasing the posture by 1%, 2%. We are a quantum shift in terms of their security posture. So in my discussions with CIOs and CISOs around the world, cyber resiliency is the top cybersecurity priority. And we are not seeing any change in our demand environment. And again, we are very confident about the numbers that we have put up. We believe that we'll end this year very strong. And we continue to transform and help our customers with cyber resilience posture, giving them peace of mind. And what is also interesting is we are operating in a $50 billion market. And identity resilience and identity security is really expanding that market. And at the end of this quarter, we are 1.2 billion ARR. So we are not opportunity constrained. We are not market constrained or demand constrained. We believe that we are positioned well. We have a unique offering in the marketplace, and we'll continue to innovate and scale.

Thank you. That's all clear. And thanks again, Vipul. I love you. You give us quotes all the time, the whack-a-mole. So thank you.

Thank you, John. Next question.

Your next question is from the line of Eric Heath from Keyback Capital Markets. Please ask your question.

Hey, good afternoon. Thanks for taking the question and congrats on the strong results as well. I wanted to come back to the identity opportunity again. Clearly there's a huge focus in the call today and it's been a big focus in cyber more broadly. So maybe just wanted to maybe help contextualize the size of this opportunity, if you will. And maybe how would you think about this workload opportunity relative to some other popular workloads like M365? And Kieran, if there's any sort of color on how much of a contributor that is today, that'd be great. Thanks.

So the way to think about the identity opportunity, at least to start with, is the following. As you know, Identity is at the heart of cyber strategy for every business. And identity-based compromises and attacks have turned out to be near number one attack vector. And origin of identity, which is the identity service provider, has become the ground zero for cyber attacks. And the way identity recovery or identity resilience is built is not built with the modern cyber attack like principles and how to understand data risk with identity. And that's what we are doing. We are bringing these two things together. So again, these are early days for us in identity. And we believe that this is a very large opportunity that we are going after. And we believe that the identity security and data security will eventually merge. And it will be a singular opportunity strategy around how do we protect data across human, non-human identity across the whole enterprise.

Eric, just to add to your second part, we got off to a good start in terms of interest and demand, but it's still very early. We'll keep you updated as we progress more.

Understood. Thanks, people. Thanks, Kieran.

Thank you, Eric. Next question.

Next question is from the line of Greg Moskowitz from . Please ask your question.

Okay, thank you very much for taking the question. I also actually wanted to ask about identity resilience because it is a clearly important area within cyber, at least identity as a construct overall. Bipul, can you talk about the incremental investment to go after this, including how you expect to market the solution to prospective customers? Thanks.

Identity is definitely an area of investment for us. We are focused on identity security as opposed to identity infrastructure. And we want to ensure that we combine our data security and identity security capabilities, features, so that we give our customers a complete business understanding of risk and how do we solve it as opposed to different tools. So you'll see a lot from us in this space as we evolve and again, continue to build. Again, Rubrik has this, we have this long-term vision about things. And what we truly believe is delivering the right data to the right user at the right time on the right platform for the right duration is Rubrik's business. And everything that comes with it, we are going to continue to innovate and evolve. That's what we are doing here. And obviously, a lot to share as we make progress here.

Terrific. Thanks very much.

Thank you. Next question?

Your next question is from the line of Todd Copeland from CIBC.

Please go ahead. Yeah. Good evening, everyone. I wanted to come back to what seems to be a conservative guide, even with the 7% growth headwind in Q1. Why are you thinking about the guide below trend, given all the tailwinds that we've talked about over the last 50 minutes or so? Talk about that, please. Thanks.

Hi, Todd. This is Kiran. Thanks for the question. Just to clarify, the 7% we referred to was actually a tailwind to revenue growth in the quarter. And that is from an accounting concept called material rights related to a cloud transformation. But in terms of the guide, both from an ARR and revenue perspective, and as you know, we focus on ARR as the best performance metric for the business, given our cloud journey. We are a strong quarter. We grew net new error 23%. And from a guidance perspective, we raised it a few points in terms of total growth, as well as net new error, essentially passing the full beat from Q1, as well as raising a little bit more.

Thank you.

Thank you, Todd. Next question.

The next question is from the line of Joel Fishman from Tourist Securities. Please ask your question.

Thanks for taking the question and great execution. BitPol, you've covered a little bit of this, but I'd love to take a broader look out at the cyber resilience market, including identity. If you're looking at like 12, 18 months, how will this space evolve? looking at it from that perspective, what are the top three priorities for Rubrik to continue to be the dominant shareholder?

Thank you. So if you look at what we have done from day one of Rubrik, we built a data security platform. And we took a two-platform strategy across all data landscape from enterprise data to cloud data to SaaS data, now identity is a single policy engine, it's a single control plane, it's a single orchestration of data security across all three. Now we are getting into the identity and we will cover the identity in the similar vein. What we see is cybersecurity market tends to be very tool-centric and you have many, many tools. We took a strategy of a platform. And what does platform mean? Platform means that you have a single preemptive recovery engine, a single native data threat engine across all your data landscape. And how do you correlate those threats? How do you present a singular view of the data security without loading the logs of different tools in a third-party platform and having some other third-party tool analyze it? That, we believe, is the result of a very archaic development of this whole space. So we want to create a singular platform around data and identity across all the data landscape, ensuring that our customers have peace of mind, that when the inevitable cyber attacks come to them, they can recover quickly, keep their services up and running, and more importantly, understand the risk.

Okay, thank you, John. Next question?

The next question comes from the line of Keith Backman from BMO.

Please go ahead. Hi, thank you very much. Lots of interesting growth factors if you think about more apps, more data, you're adding identity. Karen, I didn't know if you would offer us some thoughts then on how you're thinking about the sustainability expansion, any comments on the expansion rate, the net expansion rate? I understand it's a backwards-looking metric, but if you think over the next number of quarters, any comments on how you think that may evolve, particularly given all the what seems to be very interesting portfolio expansion?

Thanks, Keith, for the question. So we're really pleased with our NRR of greater than 120% over the past four quarters. As you know, we disclose an average. The business model and the product platform lends itself to a high NRR, as we have multiple products in the portfolio with which you can land with as they expand. And historically, you know, we've spoken about it, we try hard to split the growth between new and expansion. Obviously, with scale, expansion tends to be a little bit bigger than the new business in terms of contribution. But just commenting on the expansion rate itself, in the past, we have benefited a bit more from our model transition from maintenance to subscription. That has normalized. But we do expect the NRR to moderate over time because we are also landing bigger now. with multiple products, and that is a little bit of a headwind to NRR. But we still expect NRR to be pretty strong.

All right. Thank you very much.

Thank you, Keith. Next question?

The next question comes from the line of Srinath Kothari from Meriden. Please go ahead.

Hey, guys. This is Zach on for Srinath. Thanks for taking the question. Congrats on the great results. So curious what percent of large enterprise accounts have adopted the proactive addition SKU today, and are reps really leading with proactive as a primary SKU in new lands, or is it more of a post-land upsell motion? Any color there would be great. Thanks.

So our strategy is that we deliver to cyber resilience, and cyber resilience has two core components risk and cyber recovery, cyber risk and cyber recovery. And for the cyber risk piece, we combine ESPM and identity pieces, and some of the identity pieces also bleed into the cyber recovery, and then we provide enterprise edition as a complete cyber recovery tool. And that's the strategy we are taking across all the workloads as we kind of land and expand our customers. And that's what is leading to a strong product adoption and overall strong growth.

Great, thank you.

Thank you. Next question.

Your next question comes from the line of Param Singh from Oppenheimer. Please go ahead.

Hi, thank you for taking my question. I know, you know, we've talked about identity security ad nauseum today, but from my understanding, Resilience for Entry ID and Active Directory has existed for a very long time, and it's a product available for a lot of the companies in this market. What is unclear to me from our conversation today and from your press releases, what are some of the technical advantages and benefits that Rubrik specifically brings to the market that may not be available today? So I'd love for you to educate me on why Rubrik should be winning in identity security and resilience.

This is a really good question. So as I was saying before, that Ruby combines identity and data security in a single platform. And what that allows us to do is that not only we create the backup copy of identity in a cyber resilient immutable way, but upon recovery, we stop the reintroduction of malware. And so if you think about that, we have a very strong end-to-end solution. The second thing is that We also combine Active Directory and Entra-ID recoveries in a hybrid cloud manner, which is very unique. And this hybrid cloud understanding and replicated state to be able to deliver fully orchestrated identity recovery that takes the identity recovery time from like a week to 10 days to really minutes by creating a wizard-style click, click, click, done. And so we have really brought the rubrics core simplicity, deep technology, ability to deliver clean recovery fast into identity and combine that with the data security.

Thank you so much. That's really insightful. Appreciate it.

Thank you. We'll take the next question.

Your last question is from the line of Jonathan Reikhaver from Cantor. Please ask your question.

Yeah, congrats on the good quarter. Bipo, your comments on ANA pure and up seem very topical. I saw a quote from Gartner that predicts that at least 30% of Gen A, Gen AI projects will be abandoned after proof of concept this year. And one thing that we hear about from users is an impediment to those workloads. It's just the multitude of disparate data stores, both on-premise and in the cloud, and specifically the challenge around real-time identification and classification, which seems increasingly foundational to building data security. So what I would like to know in more detail is just how specifically Do you see that issue, and how does Moverick differentiate around identification and classification?

So if you look at our platform, from the very beginning, we combine security and data management in a single platform. And to deliver clean recovery, we need to understand the integrity of the data, sensitivity of the data by doing the classification, and ability to have a full understanding of user and user interaction on the data and and then a couple of years ago we realized was that this actually data and security coming together in a compliant and go in a full governance mode allows us to supply the right data to the right user at the right on the right platform at the right time for the right duration and it could be very appropriate for us to give this data to generative AI applications, LLM applications. And that's when we started this whole Annapurna effort. So again, it is very early in our journey. We believe that we are a unique company that sits at the intersection of data security and AI. And we have a unique way to accelerate gen AI adoption by delivering input security and the data at the same time. Again, this is a long-term effort for us, three to five years out. We are figuring out product market fit. We are figuring out how customers would buy, how they would consume. Again, it is one of those S-curves that we are building as part of our portfolio of risk that we built as part of our lateral motion. And again, we want to build the next 100-year company, and that long-term company will only be built if we think ahead understand where the market trends are, align our strategy and product thinking in those lines, and deliver the right product at the right time. Understood. Thank you.

Thank you.

There are no further questions at this time. I'd like to turn the call over to Bipol Senha for closing comments. Sir, please go ahead.

In closing, I want to thank to all Rubricans, all our customers and partners, all of you on this call who help us understand the market better, keep us disciplined. And to everybody in the ecosystem, we are very early in our journey. We are just 11-year-old company. We have large ambition. We want to build a platform company across data, security, and AI. And I will repeat, the best is yet to come. Thank you so much and have a wonderful day.

This concludes this conference call. Thank you very much for your participation. You may now disconnect.