Rubrik, Inc.

Thank you.

Good afternoon, ladies and gentlemen, and welcome to the Rubric Second Quarter Fiscal Year 2026 Results Conference Call. At this time, all lines are in listen-only mode. Following the presentation, we will conduct a question-and-answer session. If at any time during this call you require immediate assistance, please press star zero for the operator. This call is being recorded on Tuesday, September 9, 2025. I would now like to turn the conference over to Melissa Franke, Vice President, Head of Investor Relations. Please go ahead.

Hello, everyone. Welcome to Rubric Second Quarter Fiscal Year 2026 Financial Results Conference Call. On the call with me today are Bipul Sinha, CEO, Chairman and Co-Founder of Rubric, and Karen Chowdhury, Chief Financial Officer. Our earnings press release was issued today after the market closed and may be downloaded from the Investor Relations page at www.ir.rubric.com. Also on this page, you'll be able to find a slide deck with financial highlights that, along with our press release, includes a reconciliation of GAAP to non-GAAP financial results. These measures should not be considered in isolation from or as a substitute for financial information prepared in accordance with GAAP. During this call, we will make forward-looking statements, including statements regarding our financial outlook for the third quarter and full fiscal year 2026, our expectations regarding market trends, our market position, opportunities, including with respect to generative AI, growth strategy, product initiatives, and expectations regarding those initiatives, and our go-to-market motions. These statements are only predictions that are based on what we believe today, and actual results may differ materially. These forward-looking statements are subject to risks and other factors that could affect our performance and financial results, which we discuss in detail in our filings with the SEC. Rupert assumes no obligation to update any forward-looking statements we may make on today's call. With that, I'll hand the call over to Bipol.

Thank you, Melissa. I want to start by thanking everyone for joining us today. We are pleased with our second quarter results that once again exceeded all guided metrics across top line and profitability. There are five key numbers. First, subscription ARR surpassed 1.25 billion, growing 36% year over year. Net new subscription ARR reached 71 million in the second quarter. Second, our subscription revenue was 297 million, growing 55% year-over-year. Third, our subscription NRR remained strong, once again above 120%. Fourth, customers with 100K or more in subscription ARR crossed 2,500, growing 27% year-over-year. Finally, on profitability, we once again made material improvement in subscription ARR contribution margin, up about 1,800 basis points year over year. On cash generation, we are very happy to report we generated over $57 million in free cash flow this quarter. This combination of top-line growth and cash flow margin at our scale is rare. We remain confident about the opportunity ahead, and thus, we are raising our outlook for the year. Let me first give you some context on where we are focused. Rubrik is evolving into the security and AI company. In the last several quarters, it is clear to us that as we continue to focus on and win the vast cyber resilience market, we also have a tremendous opportunity in the enterprise AI acceleration. Let's start with cyber resilience and the broader context of the market opportunity. From our inception, Rubrik was designed to help customers achieve the fastest cyber recovery time. To deliver this, we uniquely combine data security posture management, identity resilience, and cyber recovery natively on our Rubrik Security Cloud or RSC platform to achieve complete cyber resilience. And at the center of our differentiated architecture is the Rubrik preemptive recovery engine. In Q2 alone, I had over 125 meetings with customers and prospects worldwide. What was abundantly clear is that IT and security leaders now have assumed breach mindset, simply meaning they are certain that cyber attacks are inevitable despite significant investments they have made in cyber prevention and detection. At the same time, These enterprises are also looking to replatform and modernize their infrastructure in preparation for the imminent enterprise AI transformation. As companies shift deeper into cloud and gen AI, customers continue to turn to us, Rubrik, for complete cyber resilience, delivering uniform and consistent data security policy control, as well as rapid, accurate recovery from cyber attacks. Concurrently, Our PrediBase acquisition, which I'll discuss later in my remarks, also allows us to deliver enterprise AI acceleration. The bottom line is this. We have tremendous opportunities ahead of us. First, we continue to lead the vast cyber resilience market. And second, at the same time, we continue to build a new future for enterprise AI. Now I'll detail some of the wins across our initiatives at varying scales. For our cyber resilient data protection business, we continue to add solutions across new applications and workloads, leveraging the same underlying preemptive recovery engine to deliver risk and remediation capabilities. This unique architecture consistently enables us to outperform both legacy and new gen backup vendors. Let me highlight this with two illustrative customer events from the quarter. A major North American oil and gas company selected Rubrik after its legacy backup provider was unable to support a fast recovery following a disruptive cyber attack. Rubrik was selected because of our superior recovery time relative to both legacy as well as new gen alternatives. Our comprehensive yet radically simple platform for cyber recovery across all workloads, including the cloud, was another key reason for the legacy backup replacement. In another example, a Fortune 50 pharma leader turned to Rubrik to protect its critical applications, displacing its 20-year-old legacy backup vendor, as well as native cloud backup solutions. We also out-competed new gen backup vendors for this opportunity. Rubrik was selected due to not only our ability to deliver greater cyber resiliency in the face of escalating cyber risk, but also more efficient cloud storage costs. Let me now talk about innovations in cloud protection that are delivered from RSC, which is a single unique platform across data center, cloud, SaaS, and identity workloads. We continue to expand our purpose-built cloud data protection solution to more applications, services, and databases in the public cloud. This quarter, we expanded our cyber protection of AWS RDS database, and added comprehensive protection for Amazon DynamoDB, strengthening rubrics leadership in cyber resilience for cloud databases. We'll continue to build upon our Code2Cloud cyber resilience platform, which offers protection from the first line of code to full stack of applications in production across the major hyperscalers. Now let me highlight a few customer wins with cloud and SaaS protection. First, a global Fortune 500 transportation organization increased their investment in Rubrik this quarter, adding M365 protection, protection for Azure workloads, code-based recovery for GitHub, and Azure DevOps, as well as Jira protection. This expansion bolsters the company's cyber resilience and reduces recovery times across its critical cloud applications. Another example is with the Fortune 500 logistics and supply chain company that also expanded its partnership with Rubrik by fortifying its mission-critical data state in Azure and M365 applications after adding Rubrik to safeguard its data center applications in the past. Furthermore, the customer added identity recovery, reducing recovery time of Active Directory and Entra ID from several weeks to mere hours. Rubrik's cyber resilience platform now avoids an estimated $65 million losses per day for this customer in case of downtime due to cyber attacks. Now let's turn to our opportunity in identity resilience. In just a couple of quarters of general availability, we have seen notable momentum for Rubik Identity Recovery Solutions with now over 200 customers. Rubik is addressing a critical need for enterprises by enabling the rapid recovery of their identity services following cyber attacks, or operational failure so that they can return to business as usual. We are the only vendor in the market that delivers rapid recovery of both Active Directory and EntraID in a hybrid cloud manner, the backbone of identity solution worldwide. Let me give you two specific customer wins in identity. This quarter, a leading UK financial services company strengthened its partnership with Rubrik by adopting Rubrik Identity Recovery. Prompted by a recent cyber attack on a major UK retailer, the company evaluated vulnerabilities within its own Active Directory environment. They recognized that these weaknesses could lead to significant post-attack disruption, resulting in substantial market cap declines and potentially affecting millions of pensioners. By consolidating data and identity protection with Rubrik, this company now considers Rubrik one of its top three strategic IT vendors. In another example, a Fortune 500 financial institution in the US turned to Rubrik after an audit uncovered that its Active Directory recovery would take upwards of seven days with millions of dollars at risk each day. By adding Rubrik identity recovery, they reduced recovery times to under two hours, preventing potentially significant business disruption and satisfying board mandates. We continue to invest in our identity solutions. We deepen our innovation with the general availability of Rubric Identity Resilience. Like I mentioned in the last quarter's earnings call, we are bringing together Rubric Identity and DSPM solutions. Our latest Rubric Identity Resilience solution brings together data security context and identity intelligence for the first time. Similar to how we monitor and sustain data, Rubric Identity Resilience continuously monitors and protects human and non-human identities, tracking misconfigurations as well as high-risk and malicious changes in the Active Directory and Entra ID. It also ties identity-based information like privilege access to Rubrik's DSPM sensitive data context and activity to strengthen risk posture and accelerate cyber recovery. Next, let's talk about our innovations in the Gen AI space. As I noted during our IPO, Rubrik by design perpetually lives on the frontier of innovation. And our long-term success depends upon our ability to continuously create and commercialize pioneering products. As part of this, we continue to build a portfolio of innovation at different stages and at different levels of risk. This approach allows us to stack multiple S-curves to maintain maximal momentum while preparing for what's next. Along these lines, I will talk about our longer-term initiatives for GenAI. While GenAI can unlock significant new efficiencies for every organization, there are significant barriers like accuracy, cost, and security, which hinders its adoption beyond proof of concept. We are addressing these challenges by leveraging our unique ability to extract, manage, and secure business data. Rubrik's data platform not only delivers robust cyber recoveries, but also provides clean, secure data with the necessary permission and policy enforcement to power generative AI applications. This ensures only the right person has access to the sensitive data. Our recent acquisition of PrediBase furthers this vision. Just as Rubrik is working to simplify secure data access for GenAI, PrediBase works to solve performance and cost issues around deploying GenAI models for proprietary AI applications. The PrediBase platform allows enterprises to fine-tune GenAI models and run an optimized inference stack for faster, accurate results at a lower cost. We believe the combination of Rubrik and Predibase is incredibly powerful in accelerating Gen AI from proof of concept to full production and value realization. We welcome the Predibase team to Rubrik, where they have hit the ground running and continue to innovate and define new frontiers in enterprise agentic AI. We recently announced Agent Rewind, built on our Rubrik secure data platform underpinned by PrediBase's AI technology. We have spent years helping our customers recover from cyber attacks and operational errors. With Agent Rewind, we can now help customers undo the mistakes of AI agents without full system rollbacks, which is crucial for scalable and secure AI adoption. We are still in the early stages of optimizing product market fit for our AI solutions. including Agent Rewind. We plan to add more capabilities and investments to enable confident enterprise AI transformation and agentic work adoption. This is our multi-year initiative to scale Rubrik's AI solutions. In closing, I would like to share my gratitude. First, thank you to all my fellow Rubrikans. Rubrik continues to win the cyber resilience market because of Rubrikans' collective focus and disciplined execution. We continue to break new grounds for enterprise AI acceleration. And you know what? It's still early days for all the opportunities ahead of us. Also, a big thank you to all our customers and partners. Your trust inspires us to continue to lead and define the future of cybersecurity and enterprise AI. And lastly, of course, thank you to you, our shareholders, for your continued support and trust. With that, I'm pleased to pass it over to our Chief Financial Officer, Kiran Chaudhry. Thank you, Vipul.

Good afternoon, everyone, and thank you for joining us today. We had a strong Q2, which was highlighted by solid growth at scale and continued improvement in profitability. We continue to benefit from our leadership in the growing market for cyber resilience, and we are pleased to raise our outlook for the year. Let me start by briefly recapping our second quarter fiscal 2026 financial results and key operating metrics, and then I'll provide guidance for the third quarter and full year fiscal 2026. All comparisons, unless otherwise noted, are on a year-over-year basis. We are very pleased to have ended Q2 with subscription ARR of over $1.25 billion, growing 36%. We added $71 million in net new subscription ARR. We continue to drive adoption of our Rubrik security cloud, which resulted in 1.1 billion of cloud ARR up 57%. Our differentiated land and expand model benefits from multiple avenues to gain new customers and grow our footprint after the initial contract. Expansion occurs through increased data in existing applications, securing more applications or identities, or adding more security functionality. As a result, we continue to see a strong subscription net retention rate, which remained over 120% in the second quarter. All vectors of expansion are healthy contributors to our NRR. Highlighting the meaningful runway, we have to more deeply penetrate our customer base. Adoption of additional security functionality contributed approximately 35% of our subscription net retention rate in the quarter. We ended the second quarter with 2,505 customers with subscription ARR of $100,000 or more, up 27%. These larger customers now contribute 85% of our subscription ARR, up from 82% in the year-ago period as we become an increasingly strategic partner to our enterprise customers. For our second quarter, subscription revenue was $297 million, up 55%. Total revenue was $310 million, up 51%. Revenue in Q2 benefited from our strong ARR growth and tailwinds from our cloud transformation journey. We also saw a higher non-recurring revenue, which was accounted for as material rights related to our crowd transformation. This contributed approximately seven percentage points to the revenue growth this quarter, which was a few percentage points above our expectation. Adjusting for the benefit from material rights in Q2, total revenue grew approximately 44%. Turning to a geographic mix of revenue. Revenue from the Americas grew 53% to $225 million. Revenue from outside the Americas grew 46% to $85 million. Before turning to gross margins, expenses, and profitability, I would like to note that I'll be discussing non-GAAP results going forward. Our non-GAAP gross margin was 82% in the second quarter compared to 77% in the year-ago period. Our gross margin benefited from the revenue outperformance, including higher non-recurring revenue, reduced hosting costs from new cloud contracts, including a one-time hosting cost credit, and the improved efficiency of our customer support organization. We anticipate total gross margin to remain within our long-term target of 75% to 80% in fiscal 2026. As a reminder, we look at subscription ARR contribution margin as a key measure of operating leverage. We believe the improvement in our subscription ARR contribution margin demonstrates our ability to drive operating leverage and profitability at scale. Subscription ARR contribution margin was positive 9% in the last 12 months ended July 31st compared to negative 8% in the year-ago period, an improvement of approximately 1,800 basis points. When normalizing for the $23 million in employer payroll taxes associated with the IPO in the prior period, The improvement was approximately 1,500 basis points. The improvement in subscription-era contribution margin was driven by higher sales, the benefits of scale, and improving efficiencies and management of costs across the business. Pre-cash flow is positive 57.5 million compared to negative 32 million in the second quarter of fiscal 2025. This increase was driven by higher sales, including timing of renewals, improved operating leverage, and optimizing our capital structure. Turning to our balance sheet, we ended the second quarter in a strong cash position with $1.5 billion in cash, cash equivalents, restricted cash, and marketable securities, and $1.1 billion in convertible debt. Let me now provide some context for our outlook for fiscal 2026. We remain confident about our outlook given the strength of the fiber resilience market and demand for our differentiated offerings. We believe these drivers alongside our strong and consistent execution will deliver strong subscription ARR growth ahead. In terms of operating investments, we'll continue to invest in R&D to drive innovation in the large and growing markets we operate in across data, security, and AR. We'll also continue to make investments in go-to-market, where we see the most compelling ROI across select regions and verticals, and to find product market fit and scale our new innovations. Let me discuss our current outlook on quarterly seasonality. After a strong first and second quarter, we anticipate Q3 will contribute approximately 21 to 22% of full year net new subscription ARR. In addition, subscription ARR contribution margin has some seasonality due to the timing of net new subscription ARR and operating expenses each quarter. Based on our current net new ARR linearity and investment plans, we continue to anticipate that subscription contribution margins will be the seasonally lowest in Q3 before moving higher in Q4. In terms of revenue, we now expect material rights related to our cloud transformation to contribute approximately six percentage points to revenue growth for the full year, up from our prior expectation of a few percentage points. As a reminder, the revenue related to material rights is non-recurring, and we expect minimal revenue contribution from material rights in fiscal 2027. Please see additional modeling points for fiscal 2026 in our investor presentation, which can be found on our investor relations website. Now turning to our guidance for the third quarter and full year fiscal 2026. In Q3, we expect revenue of 319 million to 321 million of 35 to 36%, which includes a few percentage points higher benefit from material rights than previously expected. We expect non-GAAP subscription error contribution margins of approximately 6.5%. We expect non-GAAP earnings per share of negative 18 cents to negative 16 cents based on approximately 200 million weighted average shares outstanding. For the full year fiscal 2026, we expect subscription ARR in the range of 1,408,000,000 to 1,416,000,000, reflecting a year-over-year growth rate of 29% to 30%. We expect total revenue for the full year fiscal 2026 in the range of $1,227,000,000 to $1,237,000,000, reflecting a year-over-year growth rate of 38% to 40% or 32% to 34% without the benefit from material rights in fiscal year 2026. We expect non-GAAP subscription ARR contribution margins of approximately 7%. We expect non-GAAP earnings per share of negative 50 cents to negative 44 cents based on approximately 197 million weighted average shares outstanding for the full year. We expect free cash flow of 145 million to 155 million. Finally, we are pleased with our execution in the first half of the year as we continue to deliver cyber resilience to organizations around the world. With that, we'd like to open up the call for any questions.

Thank you. Ladies and gentlemen, we will now begin the question and answer session. Should you have a question, please press star followed by the number one on your touchtone phone. You will hear a prompt that your hand has been raised. Should you wish to decline from the polling process, please press star followed by the number two. If you are using a speakerphone, please lift the handset before pressing any keys. In the interest of time, please limit yourselves to only one question. Your first question comes from the line of Saket Kalia from Barclays. Your line is now open.

Okay, great. Hey, guys, thanks for taking my question here and another nice job this quarter.

Thank you.

Absolutely. You know, guys, the number that really jumped out to me the most, most of all, was the free cash flow margin at 19% in the quarter. I think that's now four consecutive quarters of positive free cash flow. Bipple, maybe the question is, What's changed strategically in driving that type of profitability? And Kiran, is there anything that we should think about in the second half on free cash flow as we fine-tune our models?

Thanks, Akit. As I've said before, I'm a capitalist and I love profitability and cash flow. But look, we are in a very large and... an expanding market of cyber resilience. And as customers are looking to transform their businesses into AI enterprises, they are doing multiple transformations around cloud, around infrastructure, and cyber resiliency is the number one topic for them because if your data doesn't have integrity or availability, none of the AI will be useful or helpful. So we are helping do that cyber transformation resilience transformation for our customers, giving them like AI-based ransomware detection, fast recovery capabilities like that. And that's what is helping us win in this large market. And as we are scaling our business, the efficiencies are kicking in. I would love to have Kiran add some more from finance perspective.

Sure, Bipul, and hi, Saket. I'll just give you a little bit more context, both for the cash flow in the quarter and assumptions on the guide. So super pleased with the 58 million we generated in free cash flow this quarter. As you said, 19%. It was 3,500 basis points improvement year over year, and then from 700 basis points from last quarter, Q1. A few reasons for that, starting off with stronger ARR performance than anticipated, and then the margin improvement as well, 9% sub-air margin. That was a key driver for the cash flow. In addition to that, you would have seen we made some capital structure optimization in the quarter. We settled our private company debt, which has a higher interest coupon with a 0% convertible. So we had more cash on the balance sheet and less interest expense, which we sometimes pay out in cash. So that helped as well. And then on the duration front, we saw favorable duration this quarter. As you know, we Increasingly sell cloud native products, which tend to have a shorter contract length as well as shorter payment terms. And we didn't see that compression duration this quarter. And the last thing I'll say is that there's probably more timing related, but we saw more early renewals related to the usual trend and some of which was multi-year as well. This was in the context mostly of customers co-terming renewals with active expansion. So all of that really drove the cash flow outperformance to a 19% margin this quarter. When you look at the guide, we are happy to raise the guidance for the year. We previously had a guide to around 6% margin, and we're getting to 12%, and that's 1,000 basis points or 10 percentage points improvement year-over-year. Some of the trends continue. Obviously, it's based on our ARR guide as well as the higher investments we are making in the second half from an OPEX perspective. Obviously, the capital structure portion will continue. But specifically in the duration, we are not assuming the favorable compression continues. We are modeling in a little bit more compression. I would say low to mid single digits through the rest of the year. And that is all the assumptions we have made in the guidance.

Super helpful, guys.

Thank you.

Thank you, Saket.

Your next question comes from the line of Andrew Nowinski from Wells Fargo. Your line is now open.

Okay, good afternoon. I just wanted to say, I think the net new ARR in Q2 is really impressive considering you went through a sales comp change, moving to annual sales comp plans this year. And so I know the change really didn't have an impact on your year of your growth in Q2, but I was wondering if you could just talk about whether you saw any impact from that and whether you're expecting higher seasonality in Q4 because of that change. Thank you.

Let me give you some qualitative perspective on it and I'll let Karen provide some more details. Look, we have been running our business on a per year net ARR basis. And it jumps this quarter, that quarter, depending upon the deal timing and deal closures. but we run our business on a full year new ARR. And we used to do a quota compensation for our sales team on a half yearly basis. So starting this fiscal year, fiscal year 26, we decided to align how we run the business with how we compensate our sales team. And that change in the first half so far has not brought out any material impact to how we see our business or their achievement. Obviously, we have the rest of the year in front of us and we'll know more about the impact by the end of this year, but so far it has gone well. Kiran?

Yeah, I'll just add a few more thoughts here. So there are, of course, some shifts in seasonality, but it's only the first half, so we can give you a full update on our first year with this sales compliance change at the end of the year. But so far it's been smooth and there's been minimal disruption. But from a modeling perspective, since we don't have a Q2 accelerator as we had in the previous half-year plans, Q2 and Q3 will look somewhat similar, and that is reflected in our guidance, but Q4 will be seasonally strong. And this is reflected both in our subscription error guidance as well as the margins and free cash flow.

Thank you very much.

Thank you, Andy.

Your next question comes from the line of John DeFucci from Guggenheim. Your line is now open.

Great. Thank you. This is Howard Ma on for John. I guess either for Bipol or Karen, can you help us better understand how you're levered to data growth? For instance, there's an aspect to your pricing model that's based on volume tiers, which you could argue is directly tied to data growth. And then there's a user-based element, especially with securing SaaS apps. So what is the mix today, and is there opportunity for a purely consumption-driven component that gets bigger over time?

So Rubrik's products are a combination of data volume and data security features and capability that we attach to it. And the combination of the two is the pricing for our different edition, like Enterprise Edition, Foundation Edition. So we don't separate the two. and we help our customers identify all of their critical data and deliver all our security capabilities on those critical data. And as their data grows, as their applications or number of users grows, as they adopt more workload for Rubrik, we grow. So we have multiple growth vectors in Rubrik. One vector is organic data growth within workload and applications that we are already securing. Then new workloads that is coming to Rubrik or existing applications which is moving to Rubrik. And then the third piece is attaching the data security products. For a product such as M365, which is tied to the number of users, we have a licensing model that aligns to that SaaS program. So we'll make it easy for our customers to adopt Rubrik and for them to understand the pricing model and expense based on how they pay for their core platform. Does that answer your question? Yes, it does.

Thank you so much.

Thank you, Howard.

Your next question comes from the line of Eric Heath from KeyBank. Your line is now open.

Hey, guys. Thanks for taking the question and congrats on the results again. Kieran, I want to ask a few different questions on the model if I could. Could you just help us understand maybe what drove some of the early renewal activity given some of the sales comm structure changes to make it more year-end. I would have thought the opposite would have happened given the comm structure change. And if you could just speak to what's driving the decline in non-cloud error, quarter-for-quarters, a little bit bigger than the norm one. And lastly, if I could, if I could push it, but on the material rights, just what's driving that higher material rights activity that you're not necessarily expecting or you weren't expecting? Thanks.

Sure. So I'll take them in order. So from a renewal perspective, we always see some early renewals in every quarter. I mean, some of this is timing, right? We have some on-time renewals, which is the majority, and some early and some late. But the renewals which occurred this time were more related to our expansion deals, which were in process with the same customers. And typically, customers' core term the renewal activity with the expansion itself. So that was really the driver of the early renewals. And I also pointed out that some of those renewals are multi-year in nature. So that obviously impacted cashflow because of the higher billings. And just to add one more point, that is not related to the comp structure changes because that is tied to expansions which is occurring along with renewals. So I wouldn't relate those two activities. The second question, the non-cloud ARR, since we're about 85% cloud right now, most of the cloud ARR is net new in the sense that it's either coming from new customers or expansion with current customers. But there's still a small element of migrations which are happening from the non-cloud part. So you still see that declining a little bit. And at some point, we're getting towards the, I would say, the point where it optimizes to a more steady rate, maybe it's a few points more than 80%, after which you'll see the non-cloud era grow as well. And then on the last point on the material rights, just to give some context, these are related to some qualified customers who had gotten some credits at the time we started our cloud transformation, and those credits are beginning to expire. In some cases, where the qualification is possible, the customers use the credits to purchase some newer expanded products. In other cases, they expire. So the accountant treatment is slightly different when those credits are used to purchase something versus when it expires. So that drives variability as well. And there's some timing element to that, too, which we saw performance this quarter.

Thank you. I threw a lot at you, but appreciate that. Thank you.

Thank you.

Thank you, Eric.

Your next question comes from the line of Kash Rangan from Goldman Sachs. Your line is now open.

Hey, guys. This is Matt Martino on for Kash. Thanks for taking my question. Bipple, Rubrik's brought to market a slew of new innovations across identity, AI, and data security. As you expand from a core product to a multi-product platform, how do you see your go-to-market and sales motion evolving to effectively sell this broader, more complex vision to the C-suite? Thanks.

So we have been doing multi-product sales for some time now because we started with our core data protection business for data center as well as cloud. Then we added M365. Then we added like Salesforce. Then we added now identity recovery, identity resilience. We are now building solutions for AI. So we have a kind of like a pipeline of three stages. So the stage number one is what we call Rubric X. That actually is the incubation phase of new products and go-to-market. And then the next phase is PLS, which is our product line sales team. That takes the early majority of product to scale it to be ready for the core sales team, and then we transfer it to the core sales team. That's how we kind of scale our multi-product go-to-market strategy. Obviously, we are doing all our products in a single platform, Rubric Security Cloud, so that when our customers adopt more of Rubric solutions, our platforms get smarter and smarter and delivers more value. For example, if our customers have M365, as well as on-premises data center solutions, then if there is a threat actor on both sides, we will be giving our customers smarter information about the complete picture of their data security and cyber resilience, as opposed to dumping logs and having them analyzed separately. So that's the platform strategy that we have taken from day one, and that's how we are building multi-product portfolio, but driving the value from a single platform.

Very helpful. Thank you, Bipul.

Your next question comes from the line of Greg Moskowitz from Mizuho. Your line is now open.

Great. Thank you for taking the question, and very nice quarter, guys. I wanted to ask about DSPM, first of all, how it did in the Q2, but more broadly because it remains a hot area within cybersecurity. But, you know, these days almost all the larger vendors have some sort of offering. Clearly a significant majority of enterprises have yet to implement DSPM. When I think about Rubrik, you know, you have a differentiated position here, but is there a point at which you think we'll see an inflection in DSPM market adoption? How do you think this will all evolve?

We have a belief that cyber resilience requires both data resilience and identity resilience. And combining DSPM, which is the data security posture management with identity information is needed to provide complete cyber resilience because when a privilege gets escalated for a user inside your Active Directory, you may want to understand what new sensitive data is now being exposed to this customer and what is the blast radius should the customer credential get compromised. So bringing the identity intelligence and data security intelligence in a single platform is differentiated. We have this new unique vision in this market, and we believe that the future is going to be holistic view for the customers from data identity and cyber recovery to be able to drive complete cyber resilience. And that's what we are driving for. Okay, that's helpful. Thank you.

Thanks, Craig.

Your next question comes from the line of Todd Coupland from CIBC. Your line is now open.

Great. Good evening, everyone. Vipul, you gave a number of examples on competitive wins this quarter. Could you just talk about the environment and your major sources of share and update us on your deal win rate. Thanks a lot.

As far as we are concerned, there is no change in the competitive environment for us. We still win vast, vast, vast majority of deals against all competition, legacy, as well as new gen vendors. And it is due to our unique platform. Rubik's Security Cloud is underpinned by preemptive recovery engine that pre-calculates a clean data state even before the cyber attack happens so that our customers are ready to recover as soon as they have a successful cyber attack. As a result, many of our customers are not in the news even when they are confronted with significant cyber attack and they are not disrupted. And that's what is differentiated about Rubrik And again, we are equal opportunity replacer for both legacy solutions as well as new gen solutions because they lack cyber resilience capabilities in a way of preemptive recovery engine. Just to give you an example, a European multinational industrial company replaced their legacy backup vendor with Rubrik cyber resilience platform because a third party audit found that they were not ready to recover upon a cyber attack and they needed to upgrade their resilience posture. And they chose Rubrik for fast recovery for a simplified software platform for cyber resilience. So that's what we see in the marketplace. Again, our win rate comes from a very differentiated platform that we envisioned and built in the last 10 years. Great.

Thanks for the call.

Thank you.

As a reminder, if you wish to ask a question, please press star one. Your next question comes from the line of Junaid Siddiqui from Truist. Your line is now open.

Great. Thanks for taking my question. Bipol, as the MCP protocol adoption gains traction across the cybersecurity ecosystem, do you view it as a strategic growth lever that could expand Rubrik's role from data protection into a broader security orchestration platform?

The way we see Rubrik is we are not in the prevention and detection business. We are in the cyber resilience business because we have a fundamental belief that you can't prevent the unpreventable, and the world requires a cyber resiliency and cyber recovery capabilities, and that's what we are focused on. Having said that, if you take a step back, Rubrik is really a secure data lake, and we use that data lake data to recover applications and recover your systems. And this data is governed and secured and classified. And with Annapurna platform, we built a vetri search to deliver embeddings directly into Gen AI applications. And now Predibase, which is the fine-tuning and serving platform, and now we are building Agentic Rewind that combines our core cyber resilience plus the AI platform technology to really deliver capabilities around and doing the action, bad actions of agents. So we are looking at AI in a holistic way, but we are not just focused on securing the AI. What we are focused on security, which is the cyber resilience business, as well as AI operations business, which is about agent fine tuning, serving, agent rewind, plus plus. So that's why we are defining ourselves, rubric is the security and AI company.

Thank you.

Thank you.

Your next question comes from the line of James Fish from Piper Sandler. Your line is now open.

Hey, guys. Sorry for any background noise here. Just want to go back to the DSPM side. Any way to think about the updated penetration here and what you're seeing competitively just within this part of the market and then additionally what do you guys assume we're thinking about for fed here heading into you know the big fed and understanding it's been a small part historically you know what opportunities do you actually see for maybe some disruption there thanks guys sorry did you say fed okay as i said uh we see the opportunity in the data security market around combining data and identity together because i don't believe

Just the data classification itself is a long-term sustainable business or a platform. So our vision is that how do we combine identity and data together to give a full picture of not just the posture of the data and identity access to the data, but at runtime understanding what is really happening to the data and should anything bad happen? How do we do data recovery or identity remediation? And it's all data is the underpinning technology or the platform across all three. And that's the vision that we are driving. In terms of the Fed, again, this is still in the investment phase for us. And we are continuing to kind of build the cyber resilience transformation for our Fed customers. It is high priority for Fed organization given the the nation state actor and the threat that they face. We continue to kind of invest in the growth and develop the Fed market for ourselves. We recently received FedRAMP moderate. For example, this quarter, a Fed agency had a challenge of deployment of a new gen vendor that they had bought a couple of years ago. So they are replacing that new gen vendor with Rubrik to protect their mission-critical databases, which is required for their cyber resilience. And they picked Rubrik for our ability to deliver faster recovery times on the database. So Fed, again, we continue to win in the Fed. It's still a developing market for us. We continue to invest, and we believe that Fed will continue to be a significant opportunity for us, given how important cyber resilience and cyber recovery is for this market.

Thank you, James.

Your last question comes from the line of Srinik Pathari from Beard. Your line is now open.

Great. Hey, guys. This is Zach Schneider. I'm for Srinik. Thanks for taking our question. So I believe nearly half of new deals are landing in enterprise tier with foundations still a key entry point for budget-constrained customers. And please correct me if that number is wrong, but could you just walk us through how deal sizes, renewal patterns, or subsequent expansions differ across the tiers? especially over multi-year contracts? Thanks.

Hi, Srinik. So this is Kiran. I'll take your question. So on the first part, it's generally the trend has been similar. Close to half of our lands are coming from the enterprise edition and then a mix of both the business and foundation with foundation being the larger of those two. And the expansion path can vary. As you know, we are a multi-product company, so customers start with one of these additions and maybe a couple of one or two of these workloads, and then they can expand by either expanding to a higher-tier addition, if they start with foundation or business, or if they already started with enterprise, they could expand to other workloads as well. They can start with Microsoft 365, go to a native cloud workload, or an Oracle workload, a database workload. So the expansion paths are not limited just because you started in a higher edition, because you can always add more workloads as well.

Great. Thanks a lot.

Thank you. This concludes our Q&A session. I would now like to turn the call over to Bipul Sinha for closing remarks.

Thank you. Thank you, everyone, for joining us today. We remain very excited about the cyber resilience opportunity as we build the future of AI transformation in terms of the enterprise AI acceleration. Much appreciate your support and trust. Again, very early days for Rubrik. We are in the first decade of our multi-decade story. Thank you so much for your time. Talk to you three months from today. Thank you.

Ladies and gentlemen, this concludes today's conference call. Thank you for your participation. You may now disconnect.