CRWD - NASDAQ

Welcome to CrowdStrike Holdings, Inc.'s fiscal first quarter 2026 financial results conference call. At this time, all participants are in a listen-only mode. After the speakers' presentation, we will conduct a question and answer session. Please be advised that today's conference is being recorded. I would now like to hand the call over to Maria Riley, Vice President of Investor Relations. Maria, please go ahead.

Good afternoon, and thank you for your participation today. With me on the call are George Kurtz, Chief Executive Officer and Founder of CrowdStrike Holdings, Inc., and Burt Podbere, Chief Financial Officer. Before we get started, I would like to note that certain statements made during this conference call that are not historical facts, including those regarding our future plans, objectives, growth, including projections, and expected performance including our outlook for the second quarter and fiscal year 2026 and any assumptions for fiscal periods beyond that, are forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995. These forward-looking statements represent our outlook only as of the date of this call. While we believe any forward-looking statements we make are reasonable, actual results could differ materially because of statements are based on current expectations and are subject to risks and uncertainties. We do not undertake and expressly disclaim any obligation to update or alter our forward-looking statements whether as a result of new information, future events, or otherwise. Further information on these and other factors that could affect the company's financial results is included in the filings we make with the SEC from time to time, including the section titled Risk Factors in the company's quarterly and annual reports. Additionally, unless otherwise stated, excluding revenue, all financial measures disclosed on this call will be non-GAAP. A discussion of why we use non-GAAP financial measures and a reconciliation schedule showing GAAP versus non-GAAP results is currently available in our earnings press release which may be found on our Investor Relations website at ir.crowdstrike.com or on our Form 8-K filed with the SEC today. With that, I will now turn the call over to George.

Thank you, Maria, and thank you all for joining our Q1 FY2026 earnings call. Our fiscal year started from a position of strength. While the market navigates evolving conditions, CrowdStrike Holdings, Inc. is capitalizing on accelerated demand through continuous innovation, increasing win rates, and platform consolidation at scale. We consolidate point products without compromise and most importantly, CrowdStrike Holdings, Inc. stops the breach. In Q1, we met or exceeded our key metrics, highlights include: one, Q1 net new ARR of $194 million, double-digit millions ahead of our expectations; two, Q1 ending ARR surpassing $4.4 billion, maintaining our leadership as the only pure-play cybersecurity software company of this size; three, subscription gross margin of 80% demonstrating our AI platform efficiency; four, sustained 97% gross retention as customers remain firmly committed to Falcon; five, free cash flow of $279 million or 25% of revenue demonstrating double-digit quarter-on-quarter growth; and six, added $774 million of total FalconFlex account value bringing the total deal value of accounts that have adopted FalconFlex to $3.2 billion, growing 31% sequentially and more than six times year-over-year. Seeing our customers and ecosystem embrace FalconFlex at this speed and scale gives me confidence. Confidence in improving sequential net new ARR growth next quarter and accelerating back half net new ARR. Falcon Flex is significantly evolving our go-to-market and customer experience. The subscription model sparks Falcon platform adoption, delivers point product consolidation, and fuels partner success. I'd like to share where we are with Falcon Flex, as well as a thematic customer win showcasing the power of the model. In less than two years since starting FalconFlex, we've closed more than $3.2 billion of total account deal value, across more than 820 accounts that have adopted this subscription model. Here are the trends we're seeing: one, customers spend more. The average flex customer deal size is greater than $1 million in ending ARR; two, customers commit to longer durations. The average flex subscription length is 31 months; and three, flex customers adopt Falcon faster. More than 75% of flex contracts are already deployed. The outcome of these points taken together is a phenomenon we're already seeing, Reflexes. 39 flex customers have already deployed their initial contract demand plan and have returned to us for a reflex. These customers' initial flex contracts were 35 months, nearly three years on average, and within just five months, they came back to CrowdStrike Holdings, Inc. wanting more of the Falcon platform to achieve their cybersecurity consolidation goals. The model we pioneered is a game changer. Flex accelerates what would have taken years of module sales cycles into rapid platform transformations unlocking adoption and spend while creating even more platform stickiness. Now let's witness flex in action with a Fortune 100 technology firm. We began our relationship with this account pre-Falcon Flex when they selected CrowdStrike Holdings, Inc. to displace and consolidate a point product EDR and legacy AV. Our initial EDR contract was for $12 million over a three-year term. When we launched FalconFlex, this customer took the opportunity to accelerate their cyber modernization executing a five-year $100 million plus contract. This is the power of Flex. Evolving Falcon from what was a singular outcome sale into a multidimensional platform experience more than eight times the size of the initial deal. This transformational flex contract was for securing cloud workloads, expanding in other business units, next-gen SIEM to replace two legacy SIEMs, and broad-based adoption of Falcon Complete to standardize detection and response. Within just nine months of the initial flex contract, this customer had already utilized 95% of their initial subscription and still had more point products to consolidate and cybersecurity outcomes to deliver. As a result, in Q1, this customer reflexed to realize the following new outcomes: expansion of Falcon Endpoint Protection across multiple additional business units, replacing and consolidating cloud protection with Falcon cloud security, which has since become the standard across a vast and growing cloud estate. Identity protection became an imperative across sensitive assets, Next Gen SIM quickly became the central enterprise data store replacing multiple legacy SIEMs and expanding beyond security use cases into IT. Data protection is replacing legacy DLP from endpoint to cloud, Falcon for IT is replacing a legacy endpoint management tool, and Charlotte AI will deliver agentic analyst capabilities and automation accelerating security outcomes at scale. This customer more than doubled their initial Flex subscription in their Q1 nine-figure reflex over an unchanged subscription duration. Through flex, this customer now spends nearly 20x their initial EDR purchase. Replacing more than eight technologies and deploying more than 10 Falcon modules, this customer still has much more to achieve with the Falcon platform across millions of workloads, petabytes of data, and hundreds of thousands of identities. With Flex dramatically accelerating Falcon platform adoption, customers are already seeing our Agentic AI transforming their security outcomes. We're on the cusp of the fifth industrial revolution with artificial general intelligence on the horizon. What excites me the most is the necessity Agentic AI is creating for CrowdStrike Holdings, Inc.'s AI-native security. Growing our total addressable market each and every day. Here's why and how. In a recent market survey, 96% of respondents plan to expand their use of AI agents in the next twelve months, with two-thirds already building agents and some targeting to reach over 1 billion in production agents. At their core, every AI agent represents a unique superhuman identity necessitating visibility, control, and protection for every single agent. These autonomous AI agents increasingly have access to multiple internal and external data stores, applications, and machines automating business processes and workflows at scale. Simply put, AI agents dramatically increase the size, severity, and speed of the enterprise attack surface. Size, more agents everywhere. Severity, everything is connected faster than it can be contained. Speed, autonomous agents move at machine speed. This is the new attack surface and it's an adversary's paradise. Just as enterprises need best-in-class protection for devices, data, workloads, and human identities, every AI agent has the same needs too. As an AI-first company, CrowdStrike Holdings, Inc. is uniquely positioned to secure the identity, the workload, the infrastructure, the data, and underlying AI models themselves. We have the platform, have the expertise. We have the track record. CrowdStrike Holdings, Inc. will be the protector of autonomous AI agents. While we see a massive opportunity to protect AI agents, our use of Agentic AI is already transforming the SOC. Charlotte AI is our Agentic security analyst, completing tasks, making decisions to supercharge human SOC personnel. With the launch of Charlotte AI's expanded detection triage, customers now have access to an agentic SOC analyst delivering autonomous expert-level triage, reasoning, and response at machine speed, flattening the hiring curve, saving time, and delivering even better security outcomes. The power of Charlotte AI came to life in an 8-figure FalconFlex expansion for a global healthcare provider. Charlotte AI was the tip of the spear in this customer's AI-native SOC transformation with NextGen SIEM where we displaced a legacy SIEM. Charlotte AI and NextGen SIEM started a new chapter of cybersecurity for this customer. Charlotte AI enables this customer's level one threat analyst team delivering on the promise of agentic security today. We deliver an AI-first automated approach eliminating clicks, panes of glass, and manual operations for a predictive, fast, and cost-efficient SOC. Next, I'll share updates on the momentum we're experiencing in our cloud, identity, exposure management, and next-gen SIEM platform products. First, turning to our cloud business. Cloud had a very strong start to the year, with Q1 net new and total ARR growth accelerating year-over-year over the prior quarter. Our native unified offering combines cloud workload protection, posture management, application security, and SaaS security on a single back end and with both agent and agentless form factors. In Q1, we built on this approach with the launch of cloud data protection all on our unified sensor, the very same sensor that also delivers our world-class workload protection, which is what the market now wants and needs. Our innovation and commercial success was recognized in the 2025 Frost Radar Cloud and Application Runtime Security Report where we scored highest out of all vendors on the innovation index. Further driving our success is recent M&A in the space, increasing our relevance, and competitiveness as a hyperscaler-agnostic independent solution. We also announced the general availability of both our AI model scanning and AI security dashboard technologies at RSA. With the rapid growth of AI tools across the enterprise, CrowdStrike Holdings, Inc. is ensuring that enterprises can safely adopt AI while managing potential risks such as model vulnerabilities, data leakage, unsanctioned use, and identity-based privilege. A prime example of a customer adopting Falcon cloud security was a 7-figure technology customer doubling their spend with us. This customer had CrowdStrike Holdings, Inc. on the endpoint and was using a competitor's point product, CSPM for cloud protection. The incident response call came into CrowdStrike Holdings, Inc. when the competitor CSPM didn't stop the breach. A rapid platform expansion, including Falcon cloud security, quickly illustrated the difference between just alerting on a breach and actually stopping one. This customer was able to consolidate on Falcon, save money, and most importantly, see the benefits of Falcon cloud securities protection. Moving on to our exposure management business, which includes vulnerability management and attack surface management. CrowdStrike Holdings, Inc. is rapidly evolving from an incumbent complement to a scaled disruptor. Historically, our biggest displacement gap was the lack of network scanning, something near and dear to me as someone who pioneered the vulnerability management space. With the launch of AI-powered network vulnerability assessment, CrowdStrike Holdings, Inc. now delivers unified exposure management for both managed and unmanaged devices. With this innovation, CrowdStrike Holdings, Inc. customers no longer need to rely on legacy third-party VM point products. Our winning offering in this space is yielding exciting share gains. A large financial services customer purchased Falcon Exposure Management across 120,000 devices through their Flex subscription. Utilizing Charlotte AI and Falcon Exposure Management together allows for AI to finally automate vulnerability detection. Now with network vulnerability scanning, this customer is moving away from their long legacy VM vendor and their existing attack surface management vendor as well. Moving on to our next-gen SIEM business, where we're disrupting the proverbial horse and buggy with the combustion engine. Our next-gen SIEM delivered triple-digit ending ARR growth while displacing antiquated, expensive, and poor-performing point products. With lock scale as a foundational component of the Falcon platform, we're creating even deeper tie-ins across the rest of the CrowdStrike Holdings, Inc. and third-party ecosystem. This quarter, we announced Falcon Adversary Overwatch for next-gen SIEM, which brings together our world-class threat hunting, and our hyper-performant, cost-efficient, data platform. This makes the AI-powered SOC turnkey hunting across native and third-party data with real-time intelligence and automation to deliver full visibility, high-fidelity alerts, and accelerated response. This is exactly why a leading payments company displaced the legacy SIEM in a large 7-figure win. Next-gen SIEM was our entry point to the account where they were frustrated with ballooning costs, latency, and complexity. Substantially faster query times, accelerated and customizable dashboarding, and significant cost savings resulted in this new logo win. Within our identity business, we continued rapid expansion in both coverage and functionality. In April, we announced the general availability of Falcon Privilege Access. Before CrowdStrike Holdings, Inc.'s identity customers relied on third-party integrations for enforcement. Today, CrowdStrike Holdings, Inc. customers experience just-in-time access and permissions for critical applications and services all within our single AI-native platform. The need is real. A foreign government expanded their 7-figure existing Falcon platform subscription with identity protection. Gaining insights into stale accounts, exposed credentials, shared passwords, and agent-free unmanageable devices went beyond the incumbent's limited approach. Falcon was the clear winner providing immediate time to value in securing identities. Our ecosystem partners continue accelerating CrowdStrike Holdings, Inc.'s growth with 60% of our Q1 annual deal value sourced by partners. Several highlights include first, GuidePoint joins our $1 billion partner ranks as our fifth partner to achieve this noteworthy milestone, joining AWS, Optiv, CDW, and SHI. And further cementing CrowdStrike Holdings, Inc. as cybersecurity's benchmark for partner success. Second, our MSSP business continues growing at a rapid pace now representing more than 15% of our Q1 deal value. We won our largest Latin American deal of all time through our MSSP channel last quarter. And third, NVIDIA's recently announced Enterprise AI Factory, their reference AI architecture, integrates Falcon as the cybersecurity standard for securing NVIDIA's hardware and software. A marquee partnership with Microsoft, which we announced yesterday, highlights our bold ecosystem leadership. Since last summer, we've worked to find common ground where together we can make the world a safer, more resilient place. I was pleased to have Satya join me at Falcon last fall, and yesterday, we announced a joint threat actor strategic collaboration where we map each other's adversaries naming conventions. Through this Rosetta Stone collaboration, we unite defenders in knowing the adversary. Both in our nomenclature and Microsoft's, so they can better defend. Together, we take the guesswork out of adversary attribution for the benefit of our joint customers and the entire market. In closing, I'm very pleased with where we are and even more excited about where we're going. Q2 will be a quarter of improving sequential net new ARR growth followed by back half net new ARR acceleration. Here's why. The platform wins. Across 30 Falcon modules. We have the products and innovation engine that stops breaches. In addition, we're seeing momentum build across the entire business. I began today's comments talking about uncertainties facing the world. What's certain is that the world increasingly needs cybersecurity and increasingly needs CrowdStrike Holdings, Inc. CrowdStrike Holdings, Inc. is best positioned to protect the workloads, identities, data, and infrastructure for the AIH and the superhuman AI agents themselves. Our FalconFlex subscription model is accelerating platform at a faster pace than we've ever seen before. And our execution is delivering speed and efficiency across the business. Excitement in our future. It's all of these elements together that gives me confidence and that's why the company has authorized up to $1 billion in share repurchases. I'm more certain than I have ever been of CrowdStrike Holdings, Inc.'s place as the world's leading cybersecurity platform for the AI era. With the unequivocal mission of stopping breaches. Thank you to our team, partners, and customers who tell me that they cannot live without CrowdStrike Holdings, Inc. And I'll now turn the call over to Burt Podbere, CrowdStrike Holdings, Inc.'s CFO.

Thank you, George, and good afternoon, everyone. As a quick reminder, unless otherwise noted, all numbers except revenue mentioned during my remarks today are non-GAAP. CrowdStrike Holdings, Inc. delivered a strong first quarter to kick off the new fiscal year. Our robust Q1 performance, focused execution, and growing FalconFlex momentum including reflexes, further reinforce our conviction in improved sequential net new ARR growth in Q2 as well as net new ARR reacceleration and margin expansion in the second half of FY2026. Additionally, the share repurchase authorization of up to $1 billion that we announced today reflects our confidence in CrowdStrike Holdings, Inc.'s long-term strategy, including M&A, growth prospects, and robust cash flow generation capabilities, as we scale on the path to $10 billion in ending ARR. We will continue to prioritize investing in our growth and innovation while retaining the flexibility to opportunistically repurchase shares to maximize returns and deliver increased value to our shareholders. In Q1, we achieved net new ARR of $194 million, growing ending ARR to $4.44 billion, up 22% over last year. Highlights in the quarter included significant big deal activity driven by Falcon Flex momentum, and reflexes. Record MSSP channel results, strength in multiple geographies including the U.S., Europe, Canada, Japan, and Latin America, deep platform adoption, with subscription customers with six, seven, and eight or more modules representing 48%, 32%, and 22% respectively, strong and increasing competitive win rates, and sustained 97% gross retention and consistently strong net retention in line with our expectations demonstrating our success in both customer retention and expansion. Moving to the P&L, total revenue was within our guidance range and grew 20% over Q1 of last year to reach $1.1 billion. Subscription revenue grew 20% over Q1 of last year to reach $1.05 billion, and professional service revenue was a record $52.7 million. The geographic mix of first-quarter revenue consisted of approximately 67% from the U.S. and 33% from international geographies. Total gross margin was 78% and subscription gross margin was best in class at 80% of revenue. Total non-GAAP operating expenses in the first quarter were $656 million or 59% of revenue. In the first quarter, non-GAAP operating income was $201.1 million and operating margin was 18%, exceeding our guidance. We achieved strong non-GAAP operating income performance alongside strategic upfront investments in internal automation, go-to-market, and AI innovation. We expect these investments to fuel our growth in the back half of FY2026 and beyond as we progress towards our long-term targets. GAAP net loss attributable to CrowdStrike Holdings, Inc. was $110.2 million and included $39.7 million of expenses for outage and related matters. Non-GAAP net income attributable to CrowdStrike Holdings, Inc. was $184.7 million or $0.73 on a diluted per share basis, exceeding our guidance. Cash and cash equivalents grew to a record $4.61 billion. Cash flow from operations was a record $384.1 million and free cash flow was $279.4 million or 25% of revenue. Expenses for outage and related matters impacted Q1 free cash flow by approximately $61 million. Moving to our outlook and modeling notes. We believe cybersecurity remains mission-critical in today's AI-accelerated threat environment. We continue to see strong demand for the Falcon platform, growing momentum with Falcon Flex including reflexes, and a robust and growing pipeline. Building for the second half of FY2026. While we do not guide to net new ARR, our Q2 assumptions include the sequential net new ARR growth rate to be at least double over what we saw from Q1 to Q2 in the prior fiscal year. I'd like to take a minute to discuss the near-term relationship between ARR and subscription revenue in FY2026. As we previously discussed, our successful CCP program that concluded in Q4 of FY2025 provided customers the one-time ability to choose more product, more time, or both which results in an impact on subscription revenue. In addition, a limited special partner program related to CCP success also has an amortization impact on subscription revenue. As a result of these CCP-related programs, we expect to see a temporary near-term separation between ARR and subscription revenue recognition which was reflected in our revenue guidance. This amounted to approximately $11 million in Q1. We expect the impact to be in the range of $10 million to $15 million in each remaining quarter of this fiscal year subsiding in Q4. Moving to the strategic realignment plan we announced in early May. We continuously look for optimizations and efficiencies across the business. Identified opportunities to reallocate and focus investment in one, platform growth areas of cloud, identity, exposure management, AI, next-gen SIEM as well as platform resilience. Two, AI to accelerate our internal execution and efficiency. And three, go-to-market and customer success as we scale. The timing of executing the realignment in early May was focused on minimizing in-quarter business disruption while maximizing in-quarter financial benefit. We expect the full benefit of the realignment to add at least 1% to next year's non-GAAP operating margin from our previously discussed target, increasing our target in FY2027 to at least 24%. Additionally, we now anticipate an FY2027 improved free cash flow margin of more than 30%. Moving to cash, we expect to incur Q2 cash charges of approximately $26 million in connection with the aforementioned strategic plan. Additionally, we expect Q2 free cash flow to be impacted by approximately $29 million for outage and related expenses. As I just mentioned, we now anticipate an FY2027 free cash flow margin of more than 30%. Moving to our outlook. For the second quarter of FY2026, we expect total revenue to be in the range of $1,144.7 to $1,151.6 million reflecting a year-over-year growth rate of 19%. We expect non-GAAP income from operations to be in the range of $226.9 to $233.1 million and non-GAAP net income attributable to CrowdStrike Holdings, Inc. to be in the range of $209.1 to $213.8 million. We expect diluted non-GAAP net income per share attributable to CrowdStrike Holdings, Inc. to be approximately $0.82 to $0.84 utilizing a 22.5% tax rate and weighted average share count of approximately 255 million shares on a diluted basis. For the full fiscal year 2026, we currently expect total revenue to be in the range of $4,743.5 to $4,805.5 million reflecting a growth rate of 20% to 22% over the prior fiscal year. Non-GAAP income from operations is expected to be between $970.8 to $1,010.8 million. We expect fiscal 2026 non-GAAP net income attributable to CrowdStrike Holdings, Inc. to be between $878.7 and $909.7 million. Utilizing a 22.5% tax rate and 256 million weighted average shares on a diluted basis, we expect non-GAAP net income per share attributable with CrowdStrike Holdings, Inc. to be in the range of $3.44 to $3.56. Please refer to our earnings presentation with modeling notes that we just posted on the website. George and I will now take your questions.

Thank you. If you would like to ask a question, please click on the raise hand button which can be found on the bar at the bottom of the

Okay. Great. Thanks for taking my question here and solid start to the year here, guys. George, maybe for you. I'd love to dig a little bit more into Falcon Flex. You had a couple of interesting customer examples in your prepared remarks. Maybe the question is, as you look broadly at the growing FalconFlex install base, what products do you feel like are benefiting most in terms of usage as customers adopt FalconFlex? Maybe relatedly, how is the sales motion changing as Falcon Flex gets more broadly adopted?

Well, I think the net of it is Falcon Flex has been a real home run for us, Saket. And as I said in my prepared remarks, a real game changer for adoption. Customers are asking for it. They're talking to each other. They're hearing more about it. Our partners are now able to talk about it. And so part of it is through it. And a big part of this has been around next-gen SIEM, cloud, and identity. I think if you look at next-gen SIEM with some of our larger GSIs, Falcon Flex is the perfect complement to running out existing legacy licenses and then being able to bring up next-gen SIEM. So I think, for sure, next-gen SIEM is one of the areas that's benefiting. And when you look across the metrics, $3.2 billion total account value FalconFlex customers, 820 customers, 31 months on average, it's been just unbelievable and more successful than we thought. And one of the things that I pointed out here in the earnings script is the reflex. We're seeing more and more reflexes faster than we thought. And the key to flex is it does change our selling motion where we're not selling module by module. What we're selling outcomes, we're doing demand planning with our customers. And ultimately, they're using more of our licenses faster which ultimately results in net new increase in ARR.

Very helpful. And we'll move to our next question.

Our next question comes from Tal Liani with Bank of America. Please go ahead with your question.

Hi, guys. I would like to go back to something you said about the divergence between revenue growth and ARR growth. I understand why CCP is pressuring revenue growth just near term. But why is it causing a divergence? Why isn't it impacting the same way ARR? And just to follow-up on this is why you said that you expect ARR growth to accelerate in the second half. Why is it what drives it? Thanks.

One, in terms of the divergence, we talked about it in the modeling notes. Where we went through our overall CCP programs, and then we highlighted specifically our CCP program that had with respect to a limited partner program. And we talked about how the amortization impacts revenue. So when you look at the two of them and you say, hey. How does this work with respect to our revenue? When you look at when partners have a program with us, we then are able to recognize the amortization within revenue. So this would be part of ASC 606. And so this is how we account for it. And that's why you see the divergence. In terms of how we think about reacceleration in the back half, so reacceleration in the back half is due to many things. One, we think about how we think about not only what we expect from our products that we have. You know, clearly, we have momentum with respect to what George talked about next-gen SIM, identity, cloud. So we feel great about where we have the momentum with respect to the products. We feel like we have momentum with respect to flex. We talked about Flex. We talked about the numbers that we had with respect to Flex. $774 million with respect to account value in the quarter. This is over double that we did, you know, year over year. So we're really excited about how we think about flex when we talk about reacceleration in ARR, we're also talking about how we think about the momentum just in our overall platform. We are the consolidator. We're the one that people are looking to not only get the best outcome but to save money. So when you wrap that all together, we get confidence with respect to our conviction in back half reacceleration.

And we'll go to our next question. Our next question comes from Gabriela Borges with Goldman Sachs. Please unmute your line.

Hi. Good afternoon. Thank you. George and Burt, some of these reflex deals are really interesting. Talk to us a little bit about the budget conversation that happens. If I was budgeting for 35 months and I burned through my usage in five months, where does the incremental budget come from, and how does the ROI conversation change? Customers are getting value out of it if they're using the product. Just curious how that math works out. Thank you.

Yeah. Great question. So a lot of what we're doing with customers is going through the demand plan, and our business value assessment. And that's really where we can talk about how we can replace other point products. So, typically, the conversation will look at the customer road map. They'll look at certainly, our road map and the products we have in the 30 modules. Then we'll begin to plan the phase rollout of our products to replace what they have. And, you know, in general, what we're focused on is how can we save them money by replacing those point products and ultimately getting a better outcome. So Flex is gonna give them the best discounted rates. The more they commit, the bigger the discounts. And then, also, it takes all the friction out of procurement. So they can roll us out, and within five months, as we talked about, they can consume that flex license. But we're now on a path to adding more modules faster. And once they see the value of it and they're using all of the products or the products that they're licensed for within the flex suite, it just incents them to use more and more of those. So that's the way we see it. It's instead of module by module sale, it's more of a demand planning exercise. With real tangible ROI and financial benefits, which has been a huge success for us and our partners.

And we'll take our next question. Our next question comes from Brian Essex with JPMorgan. Please unmute your line.

Great. Good afternoon. Thank you for taking the question. George, I was wondering if you could talk about sales go-to-market effort and how that's changed. Obviously, you're coming off a pretty meaningful period of disruption in the second half of the year, and you try to adjust compensation structures and focus to focus on CCP and penetration of flex. How have things changed in Q1? Have plans materially changed the way that you're compensating quota-bearing reps in the channel? And, you know, how has the response been from the Salesforce? Thank you.

Well, I think the response has been great from a Salesforce perspective and customer perspective. The customers have put it in the rearview mirror. We've moved forward with our customers and partners. And, you know, the focus really has been on innovation that we're delivering on how we can consolidate the point products they have. The power of the Falcon platform, Charlotte AI, you know, we're back to business in the areas that we've always focused on, which is really exciting for us. And the big takeaway is customers want to do more and more with us. And we're seeing that with the adoption rates, and we're seeing that with the burndown of the FalconFlex licensing much faster than we originally anticipated. So, you know, there's still more work to do in terms of educating partners and our own Salesforce in this go-to-market motion around demand planning. But, you know, that's an exercise that will always be ongoing, but we're seeing tremendous success both internally and with our partners.

And with that, we'll go to the next question. Our next question comes from Andy Nowinski with Wells Fargo. Please unmute your line.

Okay. Thank you for taking the question. I wanted to follow-up on Falcon Flex and the really the impact it has on both revenue and ARR because it seems like it has a very different impact. So I guess, when a customer burns through their contracted credits faster than they expected and they reflex, does that overage flow into your subscription revenue, or do they have to reflex to a new contract right away? And where do we see that showing up? I mean, does that show up in your net new ARR when they reflex, or is that RPO? Just any help you can give us on how we can measure the success of that reflex and where we see it showing up. Thank you.

Hey, Andy. Great question. So, you know, where it shows up is basically on the reflex. So when a customer burns through all of their flex, they're gonna come back to us and say, look. We wanna reflex with you. We enjoy what you have. We wanna do more of what you have, and that's where you're gonna start seeing, you know, the net new ARR come into play.

Then we can go to the next question. Our next question comes from Keith Weiss with Morgan Stanley. Please unmute your line.

Excellent. Thank you guys for taking the question and congratulations on a solid start to the fiscal year. George, I wanted to touch on something you said in your prepared remarks about the generative AI demand on the horizon. And definitely agree with you in terms of the expansive sort of demand potential there is behind generative AI. There's also a lot of different types of demand that you could see. Like, you're talking a lot about surface area, but you also have it in your products. There's also the threat environment. Can you give us a little bit of insight on what's hitting today? What's actually driving demand today for you guys? Is it what you guys are doing in your SIEM product? And what's up more on the horizon? What should we be looking forward to going forward in terms of what could be future demand drivers?

Sure. Well, when we think about AI, when I started CrowdStrike Holdings, Inc., it was an AI-first company. You know, years ago, it was machine learning, now AI. But at the end of the day, what we're able to do is to deliver the right outcomes for customers. We'll take Charlotte AI as an example. It just seemed tremendous growth in the product itself. The adoption within the customer base and what we're able to really solve for them in saving hours and hours of work coming up with the right results which really helps to automate level one triage and really free up those resources internally. So that's, again, how we use AI to drive workflow automation as well as get better security outcomes. When we think about the protection piece, we have a model scanning, model protection today, and we're doing that for customers. But, really, what I highlighted in the call is something that I'm really excited about and that is if you think about CrowdStrike Holdings, Inc. and you think about what we do, and how we've evolved, we protect workloads, computers, users' identities. Right? Those are today's needs. When we think about generative AI and really what I would call autonomous agents, they have the same needs, but they're superhuman. They have access to data. They have identities. They have access to systems outside of their own environment. They have workflows. They take action. So it's building those guardrails and then instrumenting the visibility and protection across the entire AI workflow. And every agent, there could be billions of agents, are gonna need protection and that's where we see a fantastic future opportunity. And we're gonna be at the tip of the spear being able to protect those in the future.

And we will move to the next question. Our next question comes from Matt Hedberg with RBC. Please unmute your line.

Great. Thanks for taking my questions, guys. Congrats on the results. Not an easy environment for sure. George, I wanted to ask about US Fed. I guess, how has it been trending? Sort of what's baked into the guide? And if there's any comment that you could make on, you know, the Bloomberg article earlier in May, that would certainly be helpful.

So I'll take the second part of your question. Any comments with respect to Bloomberg? So for us, the company, you know, and how Bloomberg reported what they reported. The company received a request for information from the DOJ and the SEC relating to revenue recognition and reporting of ARR for certain transactions, the July 19 outage, and related matters.

And with that, we'll go to the next question. Our next question comes from Joe Gallo with Jefferies. Please unmute your line.

Hey, guys. Thanks for the question. Burt, can you provide some guardrails on how to think about free cash flow margin this year? I think previously, you talked through an exit rate. Then maybe just talk a little bit more about what underpins your confidence in 30% plus margin next year.

Yeah. Sure. So, yeah, Joe, we did talk about, you know, the 27% exit rate on Q4 for free cash margin. We're excited about that. And then the 30% we get most of our conviction from, you know, what we've already been talking about. We get it from Flex. Get it from larger, longer, bigger deals, and we get a lot of momentum with respect to, you know, how customers, you know, burn through Flex. We gave you those examples faster than we anticipated. All that's gonna turn into dollars for us. And that's where we get excited about next year's free cash flow numbers that we provided.

Next question. Go to the next question. Our next question comes from Mike Sikos with Needham. Please unmute your line.

Great. Thanks for taking the questions here, guys. I just wanted to get a quick update on what you're seeing more from a macro standpoint as far as April and May. We received some differing data points depending on which of the fiscal quarter-end cyber companies you're speaking to. And just wanted to sanity check if you guys are seeing any movement at the margin when we think about how things are playing out in the month of April versus the linearity in the quarter, and then how things trended with May in the rearview mirror at this point? Thank you.

Yeah. I think we did a great job with the right platform and solving the problems that we're solving. You know, we powered through it. Like, you look at the results with net new ARR. It was fantastic. Again, customers want to buy more and more from us. Next-gen SIM has been a total home run. So, you know, I can only focus on what we can control, and I think the team did a fantastic job in an environment that had a lot of noise to power through it and deliver the results that we delivered.

We'll go to the next question. Our next question comes from Shaul Eyal with TD Cowen. Please unmute your line.

Thank you. Hi. Good afternoon, guys. George, my question is on next-gen SIM. Success is absolutely unquestionable. I listen to your tone. Looking at the presentation, it's unequivocal. If we think about one or two legacy same incumbents that you are most frequently displacing, who would those be?

You know, I would say it's across the board, but certainly, a big player out there is Splunk and QRadar. So, you know, others are out there, but you have to look at the legacy incumbents. And, you know, customers are looking for better, faster, and better value. So that's what we're delivering, and it's all in an integrated package. And a big part of our success has been it's already built in. All of our customers actually have next-gen SIEM, and they get 10 gigabytes of it basically built in. So it makes it easy for them to try it out. And then when they see the results of it, they don't have to move data out of our platform. It's already there. And then we're converting them internally and as well as working with our GSI partners. So I think this is one of the most exciting areas that we have. And for us, it feels a lot like the legacy AV market when I started the company. And I think, you know, we've got a tremendous amount of runway in front of us. And I just hear time and time again from customers, we cannot believe how fast it is, how well it works, and, you know, the value we're getting from it. So I think overall, we'll continue to see great success with it.

And we'll go to the next question. Our next question comes from Roger Boyd with UBS. Please unmute your line.

Great. Thanks for taking the question. George, I wanted to hit on MSSP. I think you said 15% of bookings coming from that channel this quarter. If I look at kind of two years ago, it was maybe kind of in the mid-single digits. So a much more significant piece today. Can you just expand on the momentum there? What's going well? Your competitive positioning with those partners, and where you see the channel going? Particularly as you look to engage partner-first on a managed stock basis? Thanks.

Yes. Well, we've spent a lot of time and effort over the last couple of years working with those channel partners. Working with the managed service providers, adding the capabilities that they need to be able to deploy and manage CrowdStrike Holdings, Inc. very easily. There's always been a demand for us in the SMB and through managed service providers, and we had to meet that demand in a way that makes sense for the managed service providers. We've made those changes very easy to use and deploy within those environments. And the big thing is customers have been and continue to ask for it. And we're winning against our competitors. I mean, we are now in a market that we weren't necessarily in, and we're having an impact on the competitive environment. And that, for me, is, I think, a bright spot and really highlights the partner-first mentality we have.

And we'll go to the next question. Our next question comes from Peter Levine with Evercore ISI. Please unmute your line.

Great. Now thank you for taking my question. Maybe for you, George, you know, at RSA, I think you announced a privileged access management product for identity. You know, you have identity, FalconFlex identity. So maybe if you could just share with us, like, what are you what's your vision within getting deeper into the identity management space?

Well, when you look at what we have, with our identity protection, we are there with our agent. We're built in. We've run on very critical domain controllers. And customers for years have asked us, can you do more in that space? They love our identity product. And now we have the ability to help them with privileged access. And we continue to add more and more capabilities. It's a big TAM. It's an area that we've got expertise. We've got the real estate of having these agents and customers are looking for the consolidation play and they're also looking to save money. Some of the other solutions are very expensive. And by consolidating on CrowdStrike Holdings, Inc. in that area, it's a win for them, and it's a win for us. So we'll continue to add more and more capabilities, and it does unlock a new TAM for us today and in the future.

And we'll go to our last question. Our last question comes from Keith Backman with BMO. Please unmute your line.

Thank you very much. Hopefully, you can hear me okay. Bert, I want to direct this to you if I could. On the CCP just trying to get a little bit of help on how to think about it in the second half of the year. So last year in the October and January quarter, you identified $80 million of CCP. And so, presumably, as you anniversary that, how does that layer into the back half of the year opportunities in terms of ARR? Would we just add it to kind of normal back half of the year growth? Or any comments on exactly how that layer cakes into the second half of the year? And if you don't mind, could you just repeat what you said about the July in terms of sequential growth in terms of net new ARR? Many thanks.

Yeah. So, Keith, thanks for the question. So first, let me just, you know, start with saying that, you know, as I said earlier about flex, you know, when the flex licenses start burning out, that's the opportunity for customers to buy more. If that and all the new purchases that they make, that all goes into net new ARR. And the momentum we're seeing, it gets us to that confidence level with respect to, you know, back half acceleration that we keep talking about. And have more and more, you know, conviction too. When we think about the $80 million, so the $80 million was with respect to deal value. That we gave out. And we talked about that number. And then, you know, when you heard my prepared remarks today, I'm talking about impact from CCP on revenue specifically. And then I got into specifically about, you know, the partner programs that we have. And, you know, we talked about basically, for Q2 and beyond, around $10 to $15 million per quarter. The other thing I want to mention is that when we think about our module and module retention rates, we're over we're around approximately 95%. With respect to module retention rate. That gives us that confidence with respect to where customers are gonna come back, to flex and re-up with flex. It's a big piece of how we're thinking about, you know, the back half of this year. Not only, by the way, do we think about, you know, net new ARR, but I talked about, Keith, you know, margin expansion. In the back half of next year. I don't want you to lose sight of that as well.

Thank you. This concludes today's question and I would now like to turn the call back over to George Kurtz for closing remarks.