CRWD - NASDAQ

Hello, and welcome to CrowdStrike Holdings, Inc.'s Fiscal Second Quarter 2026 financial results conference call. At this time, all participants are in a listen-only mode. After the speakers' presentation, we will conduct a question and answer session. Please be advised that today's conference is being recorded. I would now like to hand the call over to Maria Riley, Vice President of Investor Relations. Maria, please go ahead. Good afternoon, and thank you for your participation today.

With me on the call are George Kurtz, Chief Executive Officer and Founder of CrowdStrike Holdings, Inc., and Burt Podbere, Chief Financial Officer. Before we get started, I would like to note that certain statements made during this conference call that are not historical facts, including those regarding our future plans, objectives, growth, including projections, and expected performance, including our outlook for the third quarter and fiscal year 2026 and any assumptions for fiscal periods beyond that, are forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995. These forward-looking statements represent our outlook only as of the date of this call. While we believe any forward-looking statements we make are reasonable, actual results could differ materially because the statements are based on current expectations and are subject to risks and uncertainties. We do not undertake and expressly disclaim any obligation to update or alter our forward-looking statements, whether as a result of new information, future events, or otherwise. Further information on these and other factors that could affect the company's financial results is included in the filings we make with the SEC from time to time, including the section titled Risk Factors in the Company's Quarterly and Annual reports. Additionally, unless otherwise stated, excluding revenue, all financial measures disclosed on this call will be non-GAAP. A discussion of why we use non-GAAP financial measures and a reconciliation schedule showing GAAP versus non-GAAP results is currently available in our earnings release, which may be found on our Investor Relations website at ir.crowdstrike.com or on our Form 8-Ks filed with the SEC today. With that, I will now turn the call over to George.

Thank you, Maria, and thank you all for joining our Q2 FY26 earnings call. Reflecting on our second quarter, the key theme was reacceleration. We've talked about reacceleration coming in the back half of this fiscal year, and it's here now. I'm proud of CrowdStrike Holdings, Inc.'s ability to deliver reacceleration, our return to year-over-year net new ARR growth a quarter early. Our reacceleration is driven largely by AI necessitated demand for the Falcon platform and stellar execution across the business. Q2 was a robust quarter where we exceeded all guided metrics. Highlights included one, record Q2 net new ARR of $221 million, double-digit millions ahead of our expectations, showcasing accelerating net new ARR. Two, ending ARR of $4.66 billion, growing more than 20% year over year. Three, record Q2 free cash flow of $284 million or 24% of revenue. Four, record operating income of $255 million or 22% of revenue. Five, total revenue growth of 21% year over year, reaching $1.17 billion and exceeding the high end of our guidance. Six, cloud, next-gen identity, and next-gen SIEM platform solutions are now more than $1.56 billion in ending ARR, growing more than 40% year over year. And seven, we surpassed the 1,000 Falcon Flex customer milestone, with the average Flex customer representing more than $1 million of ending ARR. Building on last quarter's reflex momentum, now more than 100 customers have already reflexed. We're very pleased with adoption rates, seeing so many customers reflex validates the flex model and illustrates customers accelerating consolidation with CrowdStrike Holdings, Inc. Quarters like this one highlight our momentum and progress on the path to $10 billion in ending ARR. Setting new records, achieving net new ARR reacceleration sooner than anticipated, and rising competitive win rates highlight CrowdStrike Holdings, Inc. leading the way in cybersecurity. Our innovative solutions are winning at scale, like exposure management, which surpassed $300 million in ending ARR and was named a leader in the 2025 IDC worldwide Exposure Management MarketScape. CrowdStrike Holdings, Inc.'s market leadership was further in Gartner's latest Magic Quadrant for endpoint protection platforms, where we were placed in the leader box for the sixth consecutive year. Our position was furthest right for completeness of vision and highest for ability to execute out of all vendors. For the third year in a row. In cybersecurity, as well as the broader technology market, AI's impact is palpable. As organizations of all sizes embrace AI transformation, I hear several thematic concerns from executives and boards. One, where is ShadowAI emerging in my business? Two, how do I control what data enters AI systems? Three, how do I control what AI systems can do in my enterprise? Which ultimately leads to the focal question of four, how do I secure AI agents? AI has made the role of CISOs and COs more complicated than ever. Answering these four questions is far too difficult, expensive, nuanced, conditional, and incomplete. At the same time, adversaries are now using AI democratizing the structure at mass scale. Our threat intelligence research uncovered famous Jelima, a North Korean nexus group using Gen AI to infiltrate more than 320 enterprises by automating fabricated resumes and conducting deepfake interviews. The threat is real. CrowdStrike Holdings, Inc.'s role in the agentic era is staying ahead of AI-armed threat actors to secure AI at every layer. Beginning with the AI model itself to the workloads and hosts on which they run to the actual human and agentic identities, to the end-user devices accessing these systems and applications. In this time of societal and technological revolution, we secure where AI happens. Enterprises are quickly realizing AI security is not a network problem. AI doesn't happen in transit. Model creation and AI development happen in the cloud and in the data center. AI adoption happens at the endpoint on the computing device itself. An AI access happens by users with human and increasingly non-machine identities. CrowdStrike Holdings, Inc. secures each of these attack surfaces. We deliver AI for security, where we revolutionize security operations with our own SOC agent, Charlotte. We also deliver security for AI, helping the world securely adopt the power of agentic outcomes. This combination, grounded in our data foundation, is a competitive moat. You can't just stitch or acquire a unified AI-native platform. AI security's primary enforcement mechanism is not and will not be the firewall. AI security must be on the devices, workloads, data, and identities anywhere, everywhere, and always on. AI security, and now enterprise security in the Agentic era, is fundamentally a data, speed, and enforcement problem. One that CrowdStrike Holdings, Inc. solves today and is uniquely positioned to solve tomorrow. Driving adoption of the Falcon platform as the operating system of cybersecurity is our next-gen SIEM. Every day, customers are discovering the power of our native hyper-scalable data foundation to solve their most complex security and IT problems. Falcon NextGen SIEM had a stellar Q2 with year-over-year growth of more than 95% and ending ARR of more than $430 million. Next-gen SIEM is becoming synonymous with AI SOC transformation, akin to upgrading from a typewriter to a computer unlocking new capabilities, cost efficiencies, and agentic speed. A leading global 2,000 communications platform chose next-gen SIM in a highly competitive 7-figure legacy SIM replacement. Synthesizing EDR and third-party data proved easier, faster, and more effective than going with a network-first SIM product. And we're not stopping. Today, we're incredibly excited to announce intent to acquire Onum, a leading data pipeline platform. Built on a proprietary stateless in-memory architecture, we believe ONEM is the perfect complement to next-gen SIEM. It offers unparalleled speed, scale, and efficiency in onboarding to next-gen SIEM while giving customers control of their data. Onum will bring Falcon's AI-powered detections closer to third-party data sources in the pipeline, starting analysis before data even enters the Falcon platform. Here's why ONEM stood out to us.

One,

speed. ONEM delivers five times more events per second than its nearest competitor and processes data in real-time versus legacy batch and store methods. Two, cost. ONEM smart filtering reduces data storage costs by 50%. Three, superior outcomes. Onnam's real-time pipeline detection starts before data enters the Falcon platform, delivering up to 70% faster incident response with 40% less ingestion overhead. If our next-gen SIEM is the engine that powers the modern SOC, then data is the fuel that makes the engine run. ONEM is both the pipeline and the filter, streaming high-quality filter fuel quickly into the engine to drive robust, efficient, and superior performance. With ONEM, CrowdStrike Holdings, Inc. will align with each stage of the AI lifecycle. Ingestion and detection of data, filtration and optimization of data, as well as actioning and enforcement to produce high-fidelity autonomous outcomes across security non-security use cases. Before, migrating data into next-gen SIEM was a long pole in the displacement tent. Often requiring third-party tools. Our acquisition of Onum is a direct response to a growing chorus of frustration with the incomplete data and punitive cost from today's third-party tools. We're forging a new path ONEM and Next Gen SIM will enable CrowdStrike Holdings, Inc. customers to focus on earlier in pipeline detection, blazing fast data streaming, and high-fidelity data filtration optimizing the agentic next-gen SIEM experience. Most importantly, the acquisition of ONEM will give our customers control of their security, observability, and IT data, uniquely positioning CrowdStrike Holdings, Inc. as our customer's data foundation. With our Performant Data Platform as its foundation, CrowdStrike Holdings, Inc. is rapidly expanding our pace of AI innovation. Charlotte is our AgenTix SOC analyst. Automating actions and now end-to-end autonomous workflows across the SOC. Charlotte had a record quarter growing more than 85% over Q1. We're embedding Charlotte across the entirety of the Falcon platform, empowering customers to achieve their agentic security goals out of the box with immediate ROI. Charlotte is constantly learning and improving as we train it on our market-leading threat intelligence battleground incident response, and scaled Falcon Complete MDR analyst behavior. As one of cybersecurity's largest MDRs, our Falcon Complete SOC data is akin to the encyclopedia of threat telemetry resulting in a powerful cybersecurity AI feedback loop. Our unique cyber data advantage coupled with our data science expertise create a reinforcement learning flywheel continuously adapting and improving autonomous detection and response. The outcome is Charlotte turning our data mode into a fortified and dynamic AI wall. Our customers are facing AI disruption, which is driving our next-gen identity business. As agentic identities proliferate, customers require an identity security solution to safely leverage AgenTic AI. Preventing exploitation, misuse, and breaches. We recently announced the launch of next-gen identity protection which extends our best-in-class identity protection to nonhuman identities or NHI. SaaS applications, and most importantly, AI agents. Including Falcon Shield, our next-gen identity protection business exceeded $435 million of ending ARR in Q2, growing more than 21% year over year. Based on customer demand and seeing another opportunity to innovate, We launched our own PAM offering in Q1. Elevated uncertainty around the future of legacy PAM tools is driving heightened interest in our next-gen PAM solution. Driven by the excitement for next-gen identity protection, and next-gen privilege access, these new solutions significantly expand our identity opportunity. A leading global consulting firm decided to replace their legacy PAM after years of frustration with cost, limited efficacy, and point product woes. Our ability to deliver privileged account password rotation, privileged user identification, and risk assessment privileged escalation detection, user risk profile insights, and flexible MFA controls for different departments help this customer consolidate with confidence. With nothing new to deploy, this customer seamlessly met all device trust escalating privilege, and cyber insurance requirements. Moving to our cloud business, the rapid adoption of AI has placed a spotlight on the importance of securing cloud infrastructure at runtime. While out-of-band posture tools can lend an overall view of security health, they are incapable of stopping breaches. CrowdStrike Holdings, Inc. is a leader in cloud runtime protection, with the largest and most sophisticated enterprises trusting us to protect their most critical production environments. With the need to secure AI as a backdrop, we delivered impressive net new ARR in cloud this past quarter. Total cloud ending ARR exceeded $700 million growing more than 35% year over year. A Fortune 500 energy supplier selected Falcon Cloud Security in a 7-figure win. The ease of adoption for our single platform approach and having ASPM already natively integrated drove this win. Our ASPM reduced months of manual work into minutes. Through this upsell, Falcon Cloud Security consolidated more than 10 products across CNAP, CSPM, ASPM, CDR, and container security. Contributing to our platform growth is our revolutionary FalconFlex model, helping customers accelerate and maximize Falcon platform adoption. In Q2, we crossed 1,000 Falcon Flex customers, adding more than two twenty new Flex customers. Not only are we and our partners successfully landing new flex deals, we also continue to see increases in one, platform adoption. Utilization of flex contracts is more than 75% across the flex customer base. Two, reflexes, We more than doubled the number of reflexed accounts to nearly 10% of All Flex customers. In just an average of five months from their initial Flex subscriptions, this cohort of Flex customers found themselves wanting more modules and more consolidation. Reflexes on average are yielding a nearly 50% uplift in flex customer ending ARR illustrating the strength of the Falcon platform and the power of our game-changing licensing model. Reflex activity gives us conviction our net new ARR acceleration highlighting the difference between a one-time ELA and the recurring flex model. A lighthouse example of the reflex motion was with a Fortune 500 software firm which completed an 8-figure reflex. Eighteen months prior to their initial flex subscription expiration, this customer decided to take their next strategic step with CrowdStrike Holdings, Inc., enabling them to modernize their SOC by replacing a legacy SIEM and a hyperscaler SIEM. They also adopted Charlotte to agentify threat hunting and SOC operations. What was recently a very successful flex has become an even more impressive reflex. Consolidation isn't just a phenomenon, with our customers, we also see it with our ecosystem partners. Diverse partner types are continuing to standardize on Falcon as their cyber platform of choice. Take Red Canary, an MDR focused on the mid-market to small enterprise recently acquired by

We achieved record Q2 net new ARR of $221 million and net new ARR reacceleration a quarter ahead of our expectations, growing ending ARR to $4.66 billion up 20% over last year. Market demand for our AI-native Falcon platform and FalconFlex subscription model drove strength across the business. The number of deals with total deal value over $10 million doubled year over year. And we reached a new milestone of 800 customers with ending ARR exceeding $1 million. As George highlighted, customers are increasingly consolidating their security operations onto the Falcon platform as they modernize their security stack for the AI era. This momentum is reflected in our module adoption metrics, with 48%, 33%, and 23% of subscription customers adopting six, seven, and eight or more modules respectively. Most notably, among our customers with over $100,000 in ending ARR, we reached a new milestone with 60% adopting eight or more modules demonstrating the power of our platform consolidation strategy. Looking into the back half of the year, the combination of strong Falcon Flex momentum, record Q3 pipeline, and increasing demand for our AI-powered innovations reinforces our conviction in driving year-over-year growth acceleration in both net new ARR and ending ARR.

Moreover,

we have a clear line of sight to well exceed the $5 billion ending ARR mile by fiscal year end, achieving the ambitious goal we set in 2022 as we execute on our path to $10 billion in ending ARR by FY '31. Moving to the P and L, total revenue exceeded our guidance range and grew 21% over Q2 of last year, to reach $1.17 billion. Subscription revenue grew 20% over Q2 of last year, to reach $1.1 billion and professional services revenue was a record $66 million. The geographic mix of second quarter revenue consisted of approximately 67% from The U.S., and 33% from international geographies, with both U.S. And EMEA year-over-year growth accelerating compared to Q1. Total non-GAAP gross margin was 78% and non-GAAP subscription gross margin remained best in class at 80% of revenue. Total non-GAAP operating expenses in the second quarter were $652.5 million or 56% of revenue. In the second quarter, non-GAAP operating income was a record $255 million and operating margin was 22% exceeding our guidance. Strong top-line performance and efficiency gains from our strategic plan drove the outperformance in profitability highlighting our commitment to profitable growth as we accelerate net new ARR growth and execute on the path to achieving our target operating model. GAAP net loss attributable to CrowdStrike Holdings, Inc. was $77.7 million and included $35.7 million of expenses for outage and related matters and $38.4 million of strategic plan-related charges. Non-GAAP net income attributable to CrowdStrike Holdings, Inc. was a record $237.4 million or $0.93 on a diluted per share basis, exceeding our guidance. In Q2, our long-term projected non-GAAP tax rate decreased to 21% from 22.5% reflecting recent changes in tax legislation and resulting in a $0.3 benefit on a diluted per share basis. Moving to cash, Our cash and cash equivalents grew to a record $4.97 billion. We generated record Q2 cash flow from operations of $332.8 million and record Q2 free cash flow of $283.6 million or 24% of revenue. Expenses for outage-related and strategic plan costs impacted Q2 free cash flow by approximately $29 million. Moving to our outlook and modeling notes. Our leadership is showcased by our record Q2 performance, strong FalconFlex adoption and expansion, continued strong retention rates, and broad success across our AI-powered Falcon platform. This momentum further bolsters our conviction in continued net new ARR acceleration for the back half of FY 2026. While we do not guide to ending ARR or net new ARR, our revenue guidance includes the following assumptions. High single-digit sequential net new ARR growth Q2 to Q3 and at least 40% year-over-year net new ARR growth for the back half of the fiscal year bringing ending ARR growth for FY 2026 more than 22%. Our revenue guidance also assumes a wider than typical range for professional services given the strong Q2 performance. Additionally, as we discussed last quarter, as a result of our successful CCP and related partner programs, our ARR to subscription revenue assumptions includes a separation of $10 million to $15 million per quarter through Q4, When this impact begins to subside, we ask that you please reflect this when updating your models. Moving to cash, payments related to strategic plan costs are expected to be de minimis in Q3 and we expect to make Q3 cash payments of approximately $1 million in connection with outage-related costs. As previously discussed, we expect to exit this fiscal year with a free cash flow margin of 27% in Q4 expanding to more than 30% for the full year FY '27. Moving to our outlook. For the '6, we expect total revenue to be in the range of $1.208 to $1.218 billion reflecting a year-over-year growth rate of 20% to 21%. We expect non-GAAP income from operations to be in the range $256.0 to $262 million and non-GAAP net income attributable to CrowdStrike Holdings, Inc. be in the range of $238.1 to $242.8 million. We expect diluted non-GAAP net income per share attributable to CrowdStrike Holdings, Inc. to be approximately $0.93 to $0.95 utilizing a 21% tax rate and weighted average share count of approximately 257 million shares on a diluted basis. For the full fiscal year 2026, currently expect total revenue to be in the range of $4.7495 to $4.8055 billion reflecting a growth rate of 20% to 22% over the prior fiscal year. Non-GAAP income from operations is expected to be between $1.001 and $1.0401 billion. We expect fiscal 2026 non-GAAP net income attributable

CrowdStrike Holdings, Inc. be between $922.4 and $954 million.

Utilizing a 21% tax rate and approximately 256 million weighted average shares on a diluted basis we expect non-GAAP net income per share attributable to CrowdStrike Holdings, Inc. be in the range of $3.60 to $3.72. Finally, Falcon 2025 begins on Monday, September 15. With over 100 sponsors and over 8,000 attendees, Falcon is going to be our largest customer event yet. We will hold an investor briefing during the conference on Wednesday, September 17. The briefing will be webcast live on our Investor Relations website and we look forward to seeing many of you there. George and I will now take your questions. Thank you.

If you would like to ask a question, please click on the raise hand button can be found on the bar on the bottom of your

Okay. Good afternoon. Thank you for taking the question. So I I'm

I'm really impressed with the many new products you launched this quarter, particularly on the identity side. But I I do have a question around the revenue guidance that you gave for both Q3 and the full year. I'm wondering if the partner rebate program you talked about last quarter you know, remains in effect for the remainder of the year or or if it goes beyond that. And if so, you know, is that 10 to 15 million per quarter that you you just mentioned, I mean, is that I guess, is that factored in you know, into into your revenue guidance, or is there more to it than just the partner rebate program? Thank you.

Thanks, Andy. It's Bert. Hey. First, let me start off by saying that ARR is the best leading indicator of our business. We've used it since we went public. George and I talk about it all the time. First and foremost, we're very pleased with net new ARR performance in the quarter as well as our record Q3 pipeline. Second, our guidance now assumes back half net new ARR will grow at least 40% versus last year with high single-digit sequential net new ARR growth in Q2 to Q3, and ending ARR growth for FY '26 to be more than 22%. Finally, we did give a wider range than typical for pro services and for partner rebates, Last year after the outage, we made an investment in our partners through these programs and that has paid off and has helped us sustain our high retention rates and accelerating net new ARR. As previously stated, we expect the impact of CCP and special partner programs to subside starting in '26, We we would do this all again, Andy. 100% of the time. Making those investments really paid off for us.

And, Leila, we can go to our next question.

Your next question will come from Matt Hedberg with RBC.

Great. Thanks for taking my question, guys. You know, George, it was really interesting to hear you talk about identity. It seems like you're having a lot of success there with Shield and even some legacy displacements as well as your PAM acquisition. Now given the announced Palo Alto CyberArk deal, can you talk a little bit more holistically about how you're thinking about targeting in the identity market versus some of the pure plays and and just kind of, you know, how you see this market evolving over time? Well, yeah, thanks for that.

You look at identity, this is something that we will we were well ahead of the curve in identifying in 2020, which is why we did the preempt acquisition. We took the time. We've integrated it. It's it's a key part of our platform and our fabric today. Our customers love it. And they want more. They've been asking us for years to, come out with a PAM solution, which we did in Q1. They're looking for alternatives, and they're looking for a next-gen technology that, isn't just legacy, it's stitched together. So from the standpoint of identity, we've identified it very early as a key element to to solving, the security, breach problems that are out there. With the announcement we made this quarter in terms of our next-gen identity, which includes Shield, the uptake has been fantastic. We look at the breaches that are happening today. A huge part of that is in the, is in the enterprise SaaS market. Right? And our product shield combined with our other identity solutions are key in helping prevent these. So I think we're in the perfect spot and, we're in a position where customers are demanding alternatives to legacy solutions. And, we're gonna continue to evolve. But the good news is we've been in the market since 2020. We've recognized identity is critical very early on.

And, Layla, we'll take the next question.

Your next question will come from Saket Kalia with

Barclays.

Please go ahead.

Okay, great.

Hey, guys. Thanks for taking my question here. And nice quarter.

Thank you.

George, maybe for you. A lot for that comment on just the second half net new ARR growth. Of 40%. That's great to hear, and I think very useful. Maybe the question is,

what are you seeing from the customers who bought those customer care packages? Know, that, of course, offered the those those customers great value in the wake of the outage. Do you maybe think about that net retention in the second half? And and just as importantly, how how helpful can Falcon Flex be in in that process? Does that make sense?

Yeah. It's a great question. And I I have to go to the historical numbers on our our renewal rates for modules. So 95 plus percent of the time, a customer will renew a module once they adopt it. So I gotta start with that. Obviously, CCP was a a new element for us. Right? But when you look at the value that we provide in these modules and once customers see it, integrated into the platform and into their workflows, 95% plus, they're gonna renew it. So we feel confident that we'll see the the CCP packages roll into renewals. And we've spent the last number of, you know, months working with customers and making sure that we've got the right level of success there. So I feel good about that, and, obviously, that will take place in in Q3. And Q4. And know, overall, when you've got the right platform solving real problems that are out there, that's a good thing for us, and it's good thing for for customers. Flex, of course, is a big part of that. Remember, our CCP program a lot of it was delivered through Flex, so we were able to seed the market much more rapidly in the Flex licensing mechanism than we would have. So we leveraged this CCP program to actually see flex and now we have the ability to reflex them on those CCP packages as they burn off.

And, Leila, we'll take our next question.

Your next question will come from Brian Essex with JPMorgan.

Great. Thank you very much for taking the question.

You know, George, I had a question for you on

ONAM. It looks like this is is pushing in the direction of

you know, real-time analysis on streaming data And I'd love to get your sense of you know, how this how you envision this competing against legacy solutions and also how you think it will either complement or potentially cannibalize what you're seeing on scale. In other words, from a practical standpoint, how the customer how do you anticipate customers utilizing this platform? Relative to what they're already using on a next-gen SIEM basis.

Well, it first, let me say how excited I am about this acquisition. This is something I think really gonna supercharge our next-gen SIEM business which includes lock scale and something customers have been asking for. They're they're looking for a modern pipeline technology that will be able to get data, whether security data or IT data, from one place to another. But the the amazing thing about the technology is the in-pipeline detection. So we can begin, doing detection ions at the the point really of forwarding for third-party data, which is critical, and it gives us tremendous flexibility And it's a great value prop for customers. Right? Less data to move around and you know, quick results, if you will. I think what's important, and I wanna reiterate, is our pricing in next-gen SIEM is very disruptive. Why is that? Well, we actually don't charge customers for data that CrowdStrike Holdings, Inc. generates. This is why we're seeing so many displacements. If you think about legacy SIEMs, people have to take data out of our platform and put it somewhere else and pay for it. They actually don't have to do that with CrowdStrike Holdings, Inc. They only pay for the ingest of the third-party data. Now we have other ways to monetize retention and those sort of things, but between ONEM and between the way we actually price and and the way we can run it because the technology is very scalable, we get we again think this is a a tremendous value for customers and will be disruptive to the

And we'll take the next question.

Your next question will come from Gabriela Borges with Goldman Sachs.

Hi. Good afternoon. Thank you. George, I actually want to revisit some of the dynamics of competition on EDR in one of the things we see in technology is invariably CrowdStrike Holdings, Inc. has been really good at innovating with some of the leading edge modules that you've introduced over the years. Maybe just remind us how do you feel about EDR? Are you seeing within the flex contracts equal interest in EDR, or are customers maybe is is it all else equal with modules between EDR and stuff? And to what extent are you still landing customers on EDR? Thank you.

Well, I mean, two things are important. One is to realize that the modern SOC is

built on EDR, and it's built on, SIM, and in our case, next-gen SIM. So without that that EDR data, you know, it becomes very difficult to to manage and execute on next-gen SIM and all the AI elements on top of it. We're the leader you know, as many, third-party organizations have, pointed to in that space. We've pioneered it. And, we continue to innovate, which is really important. And the thing to remember is you know, when you look at EDR, it's a it's a way to get telemetry into the platform. But then you have all of the other AI elements across the platform. It also then allows the collect once reuse many, philosophy that we have so we can light up all the other modules. And I think a key element is and customers are seeing this. There is a huge difference in the service layer that we put on top of EDR, things like Overwatch or Complete. Competitors not even close in this area. So what we're focused on is stopping the breach, and it's a combination of our technology and the service overlay. Which is highly automated. But between those, people are really seeing the distinction Then when you wrap it with next-gen SIEM and Charlotte AI on top of it, it's really a winning combination. So we're the leader in it. We continue to invest, and we continue to innovate, and, that's a core part of our DNA.

And, Lailu, we'll take your next question.

Your next question will come from Joe Gallo with Jefferies. Hey, guys. Thanks for the question.

It was awesome to see the $700 million in cloud ARR growing 35%. Can you just talk

through an update on that competitive environment? Has that stabilized? And where are customers in the journey to, vendor consolidation for cloud security? Thank you.

Sure. It's it's still in the early days. You know, when you look at cloud security, they're really too fast to go down. Right? CSPM, is really more of a kind of a vulnerability exposure policy It doesn't really do any enforcement, and that was an easy button for a lot of customers, and and, certainly, vendors had success in that area. I think what people have realized is the market matures a bit is you really need cloud workload protection, which is something that CrowdStrike Holdings, Inc. helped to pioneer, and and we have leading technology in that area. So when you combine that with ASPM, right, or DSPM, or SaaS security posture management and all of the other technologies, we have a very fulsome offering underpinned by cloud workload protection. So given the disruption in the market, we've seen tremendous interest and conversions, with customers. So still very early innings. But we are very excited about being one of the largest cloud security providers in the market by revenue. And we continue to invest and innovate there. And I think it's a perfect time given the market dynamics to to take advantage of it.

And, Layla, we'll take the next question.

Your next question will come from Mike

Mike, your line is open. Feel free to unmute. Leila, maybe we can go to the next question and come back to Mike. Sure. We'll go to Taliani with Bank of America.

Yes. Hi. Can you hear me?

Yes. Hi, Tal.

Perfect. Hi. So

if you wouldn't tell me that ARR is gonna grow 40% a year 40% year over year in the second half, I would have told you that

growth is clearly decelerating.

Because you're growing AR is growing on a constant basis, 5%, around 5% a quarter on a sequential basis. And that translates into deceleration on a year over year You started with about 32% last year, and every

quarter, it slows down to about 20.5%. But now you're giving this guidance of of 40% growth in the second half. And the question is, what drives it and how sustainable is it? So when you think kind of beyond just the year over year impact of the CPP CCP, sorry, and and the the what happened last year. How sustainable is this acceleration of growth?

Thanks.

Yeah. I'll start, and then George could kick in. So there are a lot of factors that give us confidence in the back half. We talk about how we're a consolidator that continues. AI, that's a big piece of who we are. And I think that when you combine those two with the strength of the platform, these are the things that give customers confidence in going with us. Certainly as we've moved through our journey, the biggest piece that I see out there for us in terms of we're going to continue to reaccelerate growth is this opportunity for customers to lean in more with with Flex. Flex has been extremely well received. Customers are able to easily implement it. It's very easy in terms of to procure And at the end of the day, it allows customers to be able to use Flex as they need it. We've already given out a lot of stats with respect to how fast they're burning through their their flex licenses, which has been, you know, fantastic for them and fantastic for us. With that, I'll turn it over to to George.

Yeah. I think Bert covered sort of the the the financial mechanics around that. I I guess what I would comment on is what I hear in the field. I spend day and night with customers, and it's all about how we're solving problems that can't be solved by other companies, how we are the number one security product, for stopping breaches in some of the largest enterprises around the world and how customers wanna go in more with us and consolidate around CrowdStrike Holdings, Inc. So I kinda look at the feedback that I get and I look at the threat environment. You know, we have one of the largest incident response practice in the world, and we're we're in helping noncustomers clean up breaches from, you know, other technologies that they thought were they were getting a good deal on. As I've said in the past, you know, a good deal on a leaky lifeboat isn't really a good deal. So when you look at the end goal of saving time, money, and consolidation with the right outcome of stopping breaches, that's what our customers are buying, and that's what I'm hearing. So that's why I get confident in the back half.

And we'll take the next question.

Our next question, we'll return to Mike

Hi, this is Jeff Hopson on for Mike. You guys hear me okay?

Yep.

Perfect.

Congrats on the impressive Charlotte AI growth. I'm just looking for any insights to specific features that may have pushed customers to adopt. Or, I guess, on the flip side, any hurdles that are keeping some organizations on the sidelines as know, some are still hesitant to adopt AI overall.

Well, if you look at Charlotte and its maturation, as with many technologies, you know, these these technologies mature very quickly. We've invested a lot into Charlotte, and the fact is we spent a lot of time early on on the architecture. So it's not a chat bot. Right? It is something as an orchestration layer that is wired into all of our modules. It's wired into our workflows. And it was really designed for agentic security, and security use cases. So customers are solving problems. What do I mean by that? Tasks that would take four days to actually investigate and understand and kind of piece things together are now taking an hour. The ability to have Charlotte write reports for you, the ability for Charlotte to triage and act autonomously as a as a tier one analyst. This is what gets customers excited, and this is really what's powering the next-gen SOC. So customers are seeing every release more and more features and more and more capabilities. And just like any Gen AI product keeps getting more mature and better and better.

Great. Thank you, George. We'll go to the next question.

Your next question will come from Jonathan Reichhaver with Cantor Fitzgerald.

Yeah. Hi. So so my question is,

when I look at the cloud native attack

surface, to me, it seems like it starts in code with this configuration. You have open source vulnerabilities, insecure secrets. So all those issues originate in the development stage. And, you know, we've seen CNAPs you know, move move left. They capture issues. Obviously, in runtime, but but it's often too late. So I love to hear your your strategy, George, or or your view on know, where seen apps move to when you look at shift left? Will will we see further move beyond just AppSec container scanning, etcetera?

Well, like anything else in security, if you could move left and capture these issues before they're put in production, it it's gonna be a good thing. We've spent time in that area and have technologies. Our ASPM technology, covers a lot of that. Our container scanning to understand vulnerabilities, no source before things are published, you know, understanding what gold golden images are and providing some guard rails around that. So we've invested in those areas. We continue to invest in those areas. I think a big part of it is going to be the AI story of understanding how all these interdependencies work. You know, in the build environments, in code and and, obviously, in sort of these interactions with MCP type services. So this is something that, you know, we continue to invest in in this area. And I think the the the AI elements we've already built are gonna be extremely helpful to solve these challenges in the future.

And, Leila, we'll take the next question.

Your next question will come from Shaul Eyal with TD Cowen.

Hi.

Good afternoon. George Orbert.

A question which is not being asked frequently on your conference calls in in recent quarters. 5 billion on your balance sheet. You guys focus predominantly on those tuck in acquisitions. We've just seen another one announced this evening. Those have been expanding the platform really nicely. Indeed, we see the great results of those historical investments. It would appear as if nothing transformational is on the horizon, and indeed, there's no need for that right now. What's what's the current thinking of that utilization? Pretty much steady as she goes? More tuck ins, How how are you guys thinking about it? You know, for the second half and, obviously, for calendar '26 and beyond?

Well, as you pointed out, we have an incredible balance sheet Myself and Mike Sintonis and the team has spent a lot of time looking at the market, looking at the different, segments that are out there, and really thinking about strategically know, where we need to go. We certainly have a history of buying acquisitions. And taking the time to integrate them. I mean, this is a hallmark of what we do and a proven track record of not just stitching things together. So we're very thoughtful about these acquisitions. We have a certain sweet spot, which you've seen. Doesn't mean that we can't go outside of that, but we've gotta find the right team, the right technology, the right company that makes sense for CrowdStrike Holdings, Inc. So our number one goal is to be thoughtful, make sure that it's a fantastic user experience for our customer, And, you know, we're not just trying to buy ARR for the sake of ARR. It's gotta make sense and it's gotta be something that we can execute on and feel really good about.

And with that, we'll take our next question.

Our next question will come from Ittai Kidron with Oppenheimer. Congrats again on a good quarter.

Wanted to go back to Gabriela's question on your core EDR business. If you take a look at your ARR and you exclude your Fab three, your SIEM identity and

security, and you look at the AR growth of your core business, it seemed like it's significantly decelerated. Was growing 18% plus year ago. It's growing 11% now. How should we think about your core business growth going forward? Do you expect stability there? Are there any potential accelerators in that business? Or just given the size, we should expect that business to continue to decelerate going forward?

Yeah. I I don't look at it as core. I look at it as platform. And the platform piece actually sets up all the other modules. So when you look at three that you just articulated, whether it's identity, cloud, next-gen SIM, it's all predicated on getting the telemetry into the cloud, which starts with with EDR. So you know, we feel really good about that, and I think when you look across the entire platform, you need to look at it as a platform, not, you know, separate, kind of things out. But from my perspective, we continue to innovate there, and we continue to win. We continue to drive new business. And I think people, again, looking for the best technologies with the right outcome, stopping the breach, choose CrowdStrike Holdings, Inc., and that's what we've seen time and time again.

And we'll take the next question. Your next question will come from Roger Boyd with UBS. Can you hear me okay?

Yes. Awesome. Thanks for taking the question. Georgia, I wonder if you could compare and contrast your businesses in in SIM and identity. Both are roughly similar scale, but the growth rates are are are pretty different. How much of that difference would you attribute to

the M and A disruption you've seen in the SIEM market? And given what's happening in the identity market, well as your expanded portfolio there, what's the level of conviction in in reaccelerating that identity business from here? Thanks.

Sure. Well, identity is a is a key area for us as I talked about. Obviously, we've got the next-gen offering that we we announced. And I I guess the the positive news is that identity was was a very popular choice, for CCP packages. So you'll see a little bit of impact, from that. So I think when you look at identity it is something that is going to be con you know, continue to be adopted by customers. There's still a lot of white space out there. And, I think when you look at the SIM market itself, we're we're in the perfect spot. Customers are coming to us. They've come to us for years saying, want something different. We're we're locked into a vendor. We're we're being charged too much. You know, give us something that's better, faster, cheaper, that's integrated into your platform. And as I mentioned earlier, it's pretty disruptive. Customers are not paying to take data out of our platform and putting it somewhere else. They actually get it, and they're only paying for data they put in. So I feel really good about both of those businesses, and, again, when you when you put them together and you look at how we're solving problems, identity, next-gen SIM, cloud. I mean, these are all critical elements, you know, to to the future of the company, and, I think we've got really good performance around

And we will move to the next question.

Your next question will come from Jonathan Ho with William Blair.

Hi. Good evening, and let me congratulate you on strong quarter as well. You know, when we look at cybersecurity to protect agentic AI, you have many of the pieces to

customers solve the AI challenge, yet spending in AI remains

fairly fragmented.

You know, what are customers buying today? And specific to agentic AI, what categories are you most excited about right now?

Well, certainly customers in the early journey of how they leverage AI. And it it's moving from, hey. This is really a cool technology to how do we implement it and implement it securely. And do in a way that actually accrues value back to the business. If we believe in AI, and we think there's gonna be more AI the future, in the next year, three or five years. Then security is is a necessity. You're not gonna have more AI without security. And what that looks like is everything from helping organizations create secure models to deploying those models to creating guardrails to creating visibility into these AI agents and protecting them. If you look at what CrowdStrike Holdings, Inc. does, we're we're the leader in agent security and protecting computers and workloads, right, which is essentially protecting users' identities, data, workflows. A an AI agent is just a superhuman. So we're in the perfect situation to be able to capture protecting all of these super AI agents in the future, and that's a big part of our strategy. So we're working on what's here today, and we're also working on the future of protecting these, agents.

And we will move to the next question.

Next question will come from Adam Borg with Stifel. Awesome, and thanks so much for taking the question.

Maybe just on exposure management, it was great to hear crossing the $300 million threshold Love to hear the traction you're seeing. And is this really living alongside what you'll call the traditional

VM or exposure vendors, or is this

displacing it displace them? Any any thoughts here would be really helpful. Thanks.

Yeah. It's it's an exciting business for me. I mean, it's one, know, in a prior life, I started a company called Foundstone in in vulnerability management. Space. So to see where it's evolved and and now into exposure management, is exciting. We've got so many assets in terms of you know, agent vulnerability management, and one of the things, you know, that may have passed some by is that we a few quarters ago, added network vulnerability management. And we can do that right from our agents the network. So that's been very well received. And we've got, attack surface management and a host of sort of risk management technologies bundled in there. So I think we're really hitting the sweet spot in the market. And I think, again, it goes to customers want to consolidate, and we've got some great big wins out of it. So and guess the final piece is it's been recognized, as a leader in the inaugural IDC marketscape. So all good things and certainly a needed technology It may sometimes feel a little sleepy, but it's a it's a really rapid growing business for for CrowdStrike Holdings, Inc.

Thank you. And we'll take our last question.

Your last question will come from Adam Tindle with Raymond James. Okay. Thanks. Save the best for last.

I wanted to continue on the acceleration theme.

The net new ARR guidance implies another record of net new ARR for Q3. So I guess the first one for Bert, if you could just talk around assumptions for public sector given that's fed fiscal year end. And then, separately, you previously talked about net new ARR accelerating again in fiscal 2027. I wonder if that still holds. For George, real quick, since I'm last here, bigger picture, if I look at your back half guide, net new ARR, you're gonna be run rating over a billion dollars on that metric. It's a huge milestone, and I just wonder how you're thinking bigger picture about structure changes or things that you need to do to manage an organization of that size. Thank you.

Hey. It's Bert. I'll take I'll take the first part. You know, as as we've stated, many times, you know, Fed today is is not a big piece of our business. But if there's a great opportunity for us, The Fed has come out and said they wanna run like a you know, in the private sector, They wanna consolidate. They wanna reduce cost. They wanna become more efficient. That plays right into our sweet spot. So we feel that there's a Fed opportunity out there for us but those deals, they take time, and we're we're we're patient and we wanna we wanna land the right deals at the right time. But we're excited about that opportunity. For us, at the end of the day, we've got great certifications with the federal government, and we'll take and we'll take advantage of In terms of, you know, FY '27, we'll give more comments about FY 2020 FY '27. At the end of our Q4. But, you know, we're excited about, you know, just the 40% acceleration in net new ARR in the back half. That that that that to us should signal to you that we have a lot of confidence in the business. We've got a lot of things that I talked about earlier that give us that confidence in the business. If you have anything else, yeah. Yeah. I guess I would add there there's always ways to optimize. I think when you look at go to

and you look at how we've evolved from selling modules into selling flex and and platform and activation, you know, we've gotta we've gotta organize for success to make sure that we continue to work with our customers around this consolidation journey and more flex. And I think we've done a good job of that, but there's there's different ways to help optimize that, and then we have to take those learnings and apply it to our our partner and channel community. So we we're always looking at, again, how do we optimize and how do you take the the platform vision that we have and the execution that we see in the field from a selling perspective and make it as impactful as we can. So I think that will be, you know, something continue to to look at.

And that concludes the question and answer session for Day I'll hand it back to George for closing remarks.