CRWD - NASDAQ

Hello, and welcome to CrowdStrike Holdings, Inc.'s Fiscal Third Quarter 2026 Financial Results Conference Call. At this time, participants are in a listen-only mode. After the speakers' presentation, we will conduct a question and answer session. Please be advised that today's conference is being recorded. I would now like to hand the call over to Andy Nowinski, Vice President of Investor Relations and Strategic Finance. Andy, please go ahead.

Good afternoon, and thank you for your participation today. With me on the call are George Kurtz, Chief Executive Officer and founder of CrowdStrike Holdings, Inc., and Burt Podbere, Chief Financial Officer. Before we get started, I would like to note that certain statements made during this conference call that are not historical facts, including those regarding our future plans, objectives, growth, including projections, and expected performance, including our outlook for the fourth quarter and fiscal year 2026 and any assumptions for fiscal periods beyond that, are forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995. These forward-looking statements represent our outlook only as of the date of this call. While we believe any forward-looking statements we make are reasonable, actual results could differ materially because the statements are based on current expectations and are subject to risks and uncertainties. We do not undertake and expressly disclaim any obligation to update or alter our forward-looking statements whether as a result of new information, future events, or otherwise. Further information on these and other factors that could affect the company's financial results is included in the filings we make with the SEC from time to time, including the section titled Risk Factors in the company's quarterly and annual reports. Additionally, unless otherwise stated, excluding revenue, all financial measures disclosed in this call will be non-GAAP. A discussion of why we use non-GAAP financial measures and a reconciliation schedule showing GAAP versus non-GAAP results is currently available in our earnings release, which may be found on our Investor Relations website at ir.crowdstrike.com or on our Form 8-K filed with the SEC today. With that, I will now turn the call over to George. Thank you, Andy. And a warm welcome to the CrowdStrike Holdings, Inc. team.

Andy is no stranger to many on this call, and I'm glad to have him with us to lead investor relations. I'm excited to share CrowdStrike Holdings, Inc.'s fantastic Q3. It was a record quarter as the business continued accelerating. On the back of record attendance at Falcon Global and Falcon Europe, the momentum we're seeing with customers, prospects, and partners drives my conviction in our near-term and long-term growth. Last quarter, Q2, we delivered our forecasted reacceleration a quarter early. This quarter, we furthered the trend with relentless execution. Across the entire CrowdStrike Holdings, Inc. team, I'm extremely proud of our Q3 with highlights including one, record Q3 net new ARR of $265 million, which grew 73% year over year, beating our expectations by more than 10%. Two, ending ARR of $4.92 billion, which accelerated to 23% growth year over year. Three, record Q3 free cash flow of $296 million or 24% of revenue. Four, all-time record operating income of $265 million or 21% of revenue. This is the second consecutive quarter of record operating income. Five, broad-based ending ARR acceleration across cloud, next-gen identity, and next-gen SIEM collectively, as well as acceleration in our endpoint business. And six, more than $1.35 billion in ending ARR from accounts that have adopted the Falcon Flex subscription model, growing more than 200% year over year. Underpinning these financial highlights is the CISO, CIO, and board feedback I regularly hear. CrowdStrike Holdings, Inc. is mission-critical in today's agentic society. No matter how the market swings, geopolitical tensions evolve, or what technologies are in vogue, our digital society mandates cybersecurity as a necessity. And now more than ever, synonymous with that, CrowdStrike Holdings, Inc. is a necessity. Our growth is driven by pervasive, durable, and thematic market forces. Organizations of all sizes are in the midst of AI transformations, investing in the future of workforce productivity in the name of speed, scale, and cost benefits. In the midst of this societal shift, what I've shared over the past few years and quarters is unfolding before our very eyes. One, AI is rapidly expanding the attack surface. Businesses are onboarding a whole new type of workforce today, the agentic workforce. Humans, using agents to do more, and agents working by themselves, each with access to data, applications, compute, and sometimes even other agents. While the benefits of this newfound workforce are exciting and increasingly vital for market competitiveness, the rapidly expanding risk profile of this realm cannot be ignored. Every single agent expands the attack surface, necessitating protection. CrowdStrike Holdings, Inc. is both the armor and intelligence layer that keeps each agentic identity secure. The intelligence layer provides visibility and context to organizations from agentic threats and risks. And the armor protects agents from attacks, influence, exfiltration, and data manipulation. In addition, CrowdStrike Holdings, Inc. is also present as the foundational protector of the underlying technologies powering the AI revolution. Providing security by design, for the world's clouds and token factories. Two, the democratization of destruction wasn't just a bold prediction. It's already today's reality. Businesses every day are having jarring, light bulb moments witnessing AI-powered adversarial tradecraft firsthand. Just a few weeks ago, a major AI company shared that China's state-sponsored adversaries were using their LLM to create and operationalize active cyber intrusion agents. This is just one of the many AI-enabled attacks we've seen. The AI cyber battleground is no longer theoretical; it's now real. Now just as anyone can use AI to vibe code and become a software engineer, anyone can now also vibe hack, becoming a sophisticated adversary with AI. Three, cybersecurity in the agentic era demands a single platform. The criticality in being able to operate with agility, efficacy, and speed to stop breaches is having the data, the controls, and the actions in a single platform, not multiple platforms. Because when you have multiple platforms, by definition, you don't have a platform. Tab switching and context switching cost time, data stitching doesn't scale. These are the seams and cracks where adversaries thrive. The leaky lifeboat of PowerPoint platforms and point product fragments simply cannot offer the protection, scalability, and cost benefits or the ease of use of a single platform solution. CrowdStrike Holdings, Inc. wins as the market's broadest and only single platform solution. Taking my three points together, one, we've built the right architecture, a single console, single data back end, single sensor, AgenTeq Hyperscale platform, that is frictionless, and one of a kind in cybersecurity. Two, it's the right time with the rapid growth of AI agents raising the threat risk profile and driving a holistic technology shift. And three, we're in the right position. CrowdStrike Holdings, Inc.'s technology innovation engine and ecosystem position us as the operating system of cybersecurity for the Agentic era. Market demand is high because the need is real. We have the right architecture. We have the right products. And we're in the right market position to continue taking share. Successful AI adoption requires cybersecurity transformation, necessitating a new operating system to create a structure around the next chapter of enterprise security programs. Falcon NextGen SIEM is the foundation of our platform, turning CrowdStrike Holdings, Inc. into our customer's operating system for cybersecurity. NextGen SIEM has become a scale disruptor in a market that has historically been slow to evolve as customers embrace the speed and efficiency advantages versus legacy competitors. And with the acquisition of Onum, we're making it even easier to build on CrowdStrike Holdings, Inc. with a hyper-scalable telemetry detection pipeline that brings CrowdStrike Holdings, Inc. even closer to all our customers' critical data. FalconXion SIM had a record net new ARR quarter. A clear outcome of the deliberate strategic choices we've made over the past several years. We know that the value of the technology is only as good as the platform on which it's delivered. So we invested heavily in integrating next-gen SIEM to create a unified single platform. This isn't just a single console. It's a truly integrated and unified data back end that brings together all of CrowdStrike Holdings, Inc. in one place. Delivering not just economies of scale, but far superior outcomes. And with Charlotte as the agentic sock orchestrator, now FedRAMP High approved, we're delivering the AI SOC of the future today. Furthering our position as the operating system of cybersecurity, we recently announced our expanded partnership with AWS. Through this announcement, all of AWS's millions of customers will have access to Falcon NextGen SIM, natively within their AWS security console. Enabling them to immediately access, interact with, and analyze AWS telemetry directly in NextGen SIEM. Going a step further, we've also enabled federated search so that AWS customers can query their data from a single console. We're incredibly excited about what the future holds, and thank AWS for both our amazing partnership and for the validation of FalconXion SIM as the best choice for their customers. A large European bank renewed their more than 500,000 workload EDR deployment, adding next-gen SIM, ONEM, and Charlotte in a large 8-figure expansion deal. With our acquisition of Ownham, this financial institution was able to eliminate their existing streaming pipeline point product as well as migrate off Splunk. Competing against hyperscalers and firewall vendor SIEMs, Falcon NextGen SIEM won the hearts and minds of the security and IT team as the easiest solution, fastest to see value, and best agentic SOC transformation platform. Our identity business continues to perform exceptionally well. While the demand for our ITDR offering has increased, it's the launch of both our PAM and Falcon Shield offerings that has our customers increasingly excited. FalconShield had a record net new ARR quarter, growing nearly 50% sequentially as market demand for SaaS application security has become a mainstream necessity. Securing SaaS app misuse from human and nonhuman identities has never been more important or challenging. Nefarious agentic behavior is targeting data-rich SaaS applications that have quickly become a feeding ground for breaches. From on-prem apps to cloud apps, we stop these breaches. A Fortune 500 logistics company used Falcon Shield to uncover exfiltrated CRM data in less than thirty minutes from deployment resulting in a 7-figure deal. A leading customer experience platform saw a Shield demo and activated the module via Flex within an hour. And lastly, a Global 500 personal care leader conducted a shield assessment uncovering 25 unknown shadow instances of their CRM. This customer quickly transacted a 7-figure expansion bringing their SaaS environment under control. As these examples illustrate, today's elevated third-party SaaS risk environment demands visibility and protection. Falcon Shield delivers near-immediate time to value and is a product that we can land new logo accounts with even without endpoint deployments. Turning to the cloud where we delivered Q3 record net new ARR. While CrowdStrike Holdings, Inc. continues to benefit from M&A-related market disruptions, it is our customers' embrace of best-in-class runtime protection that continues to push us forward. As the cloud security market matures, customers are realizing that posture doesn't equate to prevention. Security teams now understand that they need active defense within their cloud environments and this can only be delivered in runtime. CrowdStrike Holdings, Inc. is the cloud runtime security leader as validated by the most recent Frost and Sullivan CWP report. And with our recent acquisition of Pangea, we're now positioned to protect the entirety of our customer's AI infrastructure. At our recent analyst day at our Falcon conference, we discussed how protecting AI is akin to protecting a building. Security teams don't want a non-integrated, fragmented series of solutions to protect their critical AI infrastructure because they know this complexity creates gaps that are increasingly exploitable by AI-enabled adversaries. CrowdStrike Holdings, Inc. Falcon cloud security offers customers a unified, integrated, end-to-end solution that enables secure adoption of transformative technology without slowing the end user down. A Fortune 500 consumer packaged goods company grew their Falcon deployment with Falcon Cloud Security and a 7-figure expansion deal. This customer took the opportunity to displace Wizz bringing their cloud security program to Falcon for the benefit of our consolidated CSPM, ASPM, CIEM, and CDR approach. The outcome delivered is single platform management, better visibility, and the ability to stop cloud breaches versus simply alerting on them. This was just one of multiple Wizz replacements. In addition, Falcon cloud security was selected to protect a leading Neo cloud in an 8-figure transaction. This token factory decided it was time to secure AI from the source so that enterprises of all sizes would trust and build with confidence on them. Cybersecurity became a differentiator and business enabler, not a cost. And finally, I wanted to touch on our endpoint business. Our endpoint business accelerated in the quarter, on the heels of AI-driven demand. In the world of AI, so much is being pushed to the edge. Employees are now deploying new applications such as Claw Desktop and ChatGPT directly onto their machines driving both rapidly improved productivity and also significant new risks. This is further exacerbated by the rapid adoption of new AI browsers such as Common at Atlas, which bring new opportunities and concurrently new vulnerabilities and threats. AI adoption is supercharging renewed interest in the endpoint as the endpoint is the epicenter of human and nonhuman interaction with AI. In this new agentic world, the endpoint has quickly become the risk point, the productivity point, and the opportunity point. A large government agency took the opportunity to modernize, replacing more than 75,000 endpoints of legacy AV with Falcon, as well as deploying us in their AWS environment for cloud protection in what was a strong federal quarter for CrowdStrike Holdings, Inc. In addition, brought us into a Fortune 500 health care account where in just a few months we were able to modernize the endpoint, cloud, and sim environments, an 8-figure end-to-end flex expansion deal, where we displace two sims, Defender for Endpoint, and a Point Cloud security product. Frequently imitated but never duplicated, Falcon Flex makes it easier than ever for our customers to experience the full power of the Falcon platform without procurement friction. The flex model cultivates more platform utilization, accelerating module adoption. Falcon Flex is an unlock, not an ELA. Flex customer ending account ARR more than tripled year over year. But what has us even more excited is the momentum we're seeing in Reflex activity. The number of Reflex accounts more than doubled quarter over quarter to more than 200 with 10 customers reflexing more than two times their initial flex subscription. This demonstrates that flex customers can and do increase their ARR and TCV spend with CrowdStrike Holdings, Inc., which is contrary to the ELA model. Where all the economic value is realized once upfront. When we launched Flex, we believed that it would allow customers to more quickly benefit from the full value of our platform, and that's exactly what's happening. As customers and partners alike continue to embrace Flex, as the best way to adopt Falcon, we expect it to become our licensing standard. Our community, or crowd, powers our technology, and that's who we build for. Our ecosystem partners continue leading us to new heights, affirming CrowdStrike Holdings, Inc.'s market and category leadership. Our alliance team delivered a record quarter in terms of deal value closed with partners. CrowdStrike Holdings, Inc.'s market position comes to light in mission-critical times. F5 asked us to partner with them to further secure their BIG IP hardware and virtual appliances. We rapidly deployed our sensor on BIG IP, which they certified, and F5 took the opportunity to purchase Falcon and Overwatch licensing for their install base in a large flex transaction. We are pleased to be taking our industry-leading protection capabilities to new insertion points designed to enhance network perimeter protection. Today, hundreds of F5 customers are now securing their F5 appliances with CrowdStrike Holdings, Inc. Many of whom weren't CrowdStrike Holdings, Inc. customers prior. Partners take us into new account environments implementing Falcon as part of their broader AgenTic enterprise architecture vision. Experiencing the success of next-gen SIEM in the market, took a bold step to standardize their SIEM practice on Falcon in a large 7-figure transaction. Is migrating accounts for which they own and operate multiple legacy SIEM technologies. Consolidating on CrowdStrike Holdings, Inc. Additionally, is a leading global partner of ours for next-gen SIEM implementations taking numerous Fortune 500 accounts through the journey from legacy SIEM to next-gen SIEM migration. Deloitte announced next-gen SIEM in their MXDR practice, replacing their legacy SIEM provider. And Wipro, too, has standardized security delivery and incident response on Falcon. The GSI community is quickly seizing the SIEM and SOC transformation opportunity that only our single platform provides. The ecosystem embrace of partner-led services on Falcon is correlated to the opportunity we represent. A recent Canalys report showed that our ecosystem creates up to $7 in services opportunities for every dollar of Falcon product sales, illustrating the large ecosystem opportunity surrounding the Falcon platform. I want to return to yesterday's announcement that we made with AWS. AWS selected Falcon NextGen SIEM as the default SIEM for all their customers. Offered in their Security Hub console. This brings Falcon NextGen SIEM with pre-populated AWS data to millions of AWS customers in a product-led growth motion. Our intent is to convert next-gen SIEM usage into flex subscriptions as more accounts experience the power, speed, and actionability of their AWS data, CrowdStrike Holdings, Inc. data, and other third-party data in NextGen SIEM. Our next-gen SIEM helps AWS fill a critical market gap now competing with other hyperscaler SIEMs and doing so with Falcon. Our next-gen sim delivers value for AWS customers, even those who don't yet use Falcon. Because we've become a federated, pre-populated, and affordable security data lake, for observability, triage, threat hunting. And Charlotte is there to help operate the whole system on a customer's behalf. In addition, Accenture is our launch partner with AWS helping AWS customers leave their legacy SIEM for Falcon NextGen SIEM on AWS. Our partnership with AWS continues from strength to strength, with CrowdStrike Holdings, Inc. announced as AWS's global security partner of the year and AWS's global marketplace partner of the year yesterday at re:Invent. We're excited about the opportunity to engage AWS accounts onboarding them to Falcon, and serving as their operating system for cybersecurity. Lastly, I want to share a noteworthy MSSP partnership which we've announced today with Kroll, a leading mid-market professional services firm. Kroll's cybersecurity division performs thousands of incident response engagements yearly for mid-market firms around the world. Largely from their cyber insurance panel inclusion. Had been using a point product DVR in their incident response and managed detection response business. Now Kroll exclusively uses Falcon, and in an almost 8-figure rip and replace transaction, Kroll is migrating nearly half a million endpoints to Falcon, which were previously running on a point product SMB EDR, and up leveling their own MDR service with Falcon Complete for service providers. With our Falcon Complete team becoming the SOC for Kroll. This partnership announcement illustrates the value that only CrowdStrike Holdings, Inc. can deliver. The best technology platform with numerous expansion opportunities to help customers and partners alike consolidate the services opportunities partners need to see value, whether that be an incident response, proactive assessments, managed detection response, or SOC transformation, and our skilled and agentic MDR teams to up level partners so they can focus on selling, and client services while we focus on stopping breaches as the world's SOC. We've improved Kroll's technology stack, displaced an inferior point product, improved their margins with Falcon Complete, and they migrated their entire practice to us. This transaction highlights the power of Falcon to be a business creator for our ecosystem. We're not selling products. We're delivering outcomes. Introducing the world to a whole new way of performing cybersecurity and risk management. In closing, this was one of our very best quarters in company history. Acceleration is back. We're winning and we're living the company's mission of stopping breaches. AI represents our largest opportunity and demand driver yet. We're using AI to revolutionize cybersecurity. And even larger, we're securing the world's use of AI, so businesses of all sizes can adopt more AI faster, securely, and with confidence. The takeaway is this, AI adoption necessitates the right cybersecurity. It necessitates CrowdStrike Holdings, Inc. Jensen Huang summed up our market position best saying, quote, I can't imagine a better defender than CrowdStrike Holdings, Inc. End quote, on the stage at NVIDIA GTC in Washington DC. The transformative work we're doing with NVIDIA is representative of how we're securing AI at its very source all the way down to its human and nonhuman users, and its outcomes. I see this as a generational opportunity for the company. AI is but one of many tailwinds continuing to propel CrowdStrike Holdings, Inc. to new heights. One thing is certain, whenever our customers engage in technology change and transformation, cybersecurity has been a constant necessity, and that constant is CrowdStrike Holdings, Inc. With that, we have a big Q4 opportunity in front of us. A robust demand environment, and no shortage of breaches to stop. Cybersecurity doesn't slow down for the holidays, and neither do we. Stay safe, happy holidays, and I'll pass the call over to Bert Podbere, CrowdStrike Holdings, Inc.'s CFO.

Thank you, George, and good afternoon, everyone. As a quick reminder, unless otherwise noted, all numbers except revenue mentioned during my remarks today are non-GAAP. Additionally, the results we are reporting today include the acquisitions of Oum and Pangaea, which closed during the quarter and were de minimis to revenue and ARR. We delivered an exceptional third quarter driven by organic growth, exceeding expectations across all guided metrics. We achieved record Q3 net new ARR of $265 million, exceeding our expectations by double-digit millions and more than 10 percentage points. Net new ARR growth accelerated to 73% year over year, and ending ARR reached $4.92 billion, accelerating to 23% growth over last year. As George highlighted, our performance reflects the success of our single platform strategy as organizations prioritize cybersecurity in the agentic era and customers consolidate on Falcon, as the operating system of the SOC. We delivered acceleration across the platform, with cloud, next-gen SIEM, and next-gen identity all delivering strong results. Momentum was broad-based across customers of all sizes. From enterprise to down market and MSSPs achieving record results in our corporate business and strong performance in the public sector, particularly in US federal and higher education. Falcon Flex continues to be a powerful driver of platform consolidation with over $1.35 billion in ending ARR from accounts that have adopted the flex subscription model. Falcon Flex is quickly becoming the standard licensing model as it makes it easier for customers to adopt more of the Falcon platform faster. Customers continue to leverage Falcon to consolidate their security needs and lower their total cost of ownership resulting in higher retention rates, over the prior quarter and increased module adoption rates. As of Q3, 49% of subscription customers are now using six or more modules, 34% are using seven or more, and 24% are using eight or more modules. With our business momentum increasing and our all-time record pipeline entering Q4, we have strong conviction in our ability to deliver profitable growth as we finish FY '26 and look into FY '27 and beyond. Moving to the P&L, total revenue exceeded our guidance range and grew 22% over Q3 of last year to reach $1.23 billion. Subscription revenue grew 21% over Q3 of last year to reach $1.17 billion, and professional services revenue was $65.5 million. The geographic mix of third-quarter revenue consisted of approximately 67% from the US and 33% from international geographies, with both US and APAC year-over-year revenue growth accelerating compared to Q2. Total non-GAAP gross margin was 78% and non-GAAP subscription gross margin increased to 81% of revenue. Total non-GAAP operating expenses in the third quarter were $703.2 million or 57% of revenue. In Q3, we saw a typical step-up in sales and marketing expenses from our annual Falcon conference we hosted in September, which was our biggest selling event of the year and set multiple records with over 8,000 attendees joining us. Non-GAAP operating income was a record $264.6 million, and operating margin was 21%, exceeding our guidance. The outperformance was driven by our strong top-line performance, gross margin improvement, and sales execution underscoring our commitment to profitable growth as we balance accelerating net new ARR growth with operational excellence. GAAP net loss attributable to CrowdStrike Holdings, Inc. was $34 million, which included $26.2 million of costs associated with the July 19 incident and related matters, and $5.6 million of acquisition-related expenses. Non-GAAP net income attributable to CrowdStrike Holdings, Inc. was a record $245.4 million or 96¢ on a diluted per share basis, exceeding our guidance. Moving to cash, our cash and cash equivalents were $4.8 billion. We generated record cash flow from operations of $397.5 million and record Q3 free cash flow of $295.9 million or 24% of revenue. Payments for incident-related and strategic plan costs impacted Q3 free cash flow by approximately $53 million. Moving to our outlook and modeling notes. The AI-driven demand environment combined with our record pipeline and the continued momentum in customer platform consolidation on Falcon gives us strong conviction as we finish Q4 and look toward FY '27. While we do not guide to ending ARR or net new ARR, our revenue guidance includes the following assumptions. Low to mid-teen sequential net new ARR growth Q3 to Q4 bringing ending ARR growth for FY '26 to 23% year over year. At the midpoint of our net new ARR assumptions, we expect second-half net new ARR growth of at least 50% year over year well above our previously provided assumptions of at least 40% year over year driven by our strong Q3 outperformance and record pipeline. Additionally, we continue to expect FY '27 year-over-year net new ARR growth of at least 20% from our now increased FY '26 net new ARR assumptions. As we discussed during our September investor briefing, as a result of our successful CCP and related partner programs, our ARR to subscription revenue assumptions include a separation of $13 million to $15 million in Q4, consistent with what we noted at Falcon, this gets you to the midpoint of our FY '26 revenue guidance. Which we have raised by $24.1 million at the midpoint to reflect our strong Q3 outperformance and record pipeline. We ask that you please be mindful of these dynamics when updating your models. Moving to cash, we expect Q4 free cash flow margin to be 27% and include cash payments of approximately $33 million in connection with incident-related costs. This brings our full-year FY '26 free cash flow margin expectation to 25%. Finally, we remain confident in our previously provided assumptions for FY '27 partner rebates, non-GAAP operating margin, and free cash flow margin, which are detailed in the modeling assumptions slide of our Q3 FY '26 earnings presentation. Available at ir.crowdstrike.com following our prepared remarks today. Moving to our outlook. For the '26, we expect total revenue to be in the range of $1.29 to $1.3 billion, reflecting our year-over-year growth rate of 22 to 23%. We expect non-GAAP income from operations to be in the range of $315 to $319 million and non-GAAP net income attributable to CrowdStrike Holdings, Inc. to be in the range of $282 to $287 million. We expect diluted non-GAAP net income per share attributable to CrowdStrike Holdings, Inc. to be approximately $1.09 to $1.11. Utilizing a 21% tax rate and weighted average share count of approximately 258 million shares on a diluted basis. For the full fiscal year of 2026, we currently expect total revenue to be in the range of $4.797 to $4.807 billion reflecting a growth rate of 21 to 22% over the prior fiscal year. Non-GAAP income from operations is expected to be between $1.036 and $1.04 billion. We expect fiscal 2026 non-GAAP net income attributable to CrowdStrike Holdings, Inc. to be between $950 and $954 million. Utilizing a 21% tax rate and approximately 256 million weighted average shares on a diluted basis, we expect non-GAAP net income per share attributable to CrowdStrike Holdings, Inc. to be in the range of $3.70 to $3.72. George and I will now take your questions.

Thank you.

If you would like to ask a question, please click on the raise hand button that can be found on the bar at the bottom of your

Great. Thank you for taking the question and nice results. And, Andy, congratulations on the new role. Maybe for George, great to hear the acceleration in the endpoint segment of the business. And I know you guys aren't giving any update until year-end on the emerging segments of the business. But could you offer a little bit of color on how those segments are behaving as you kind of lap the initial CCP initiatives of last year? And then maybe for Bert, I know you're not offering any kind of impact from Pangea on ARR, but any sense of the seasonality organic seasonality for net new ARR? Thank you.

Hey, Brian. Thanks. Yeah. When we look at, obviously, the emerging products, which was the heart of your question, they performed fantastic. If you look at NextGen SIM, it's been an all-star standout for us. We've seen just incredible results from a perspective and what they're able to do and driving down the cost to get better outcomes. Identity as well. That's key to securing the AI in an enterprise. And then, obviously, cloud, we talked about some of the big wins throughout the quarter. So when we look at those and as you mentioned, we'll be reporting out on those next quarter, we're very, very pleased with the results. And customers are embracing the technology and the consolidation the single platform delivers. So from that standpoint, I think we're very happy. And then as we lap the CCP, CCP was designed to do exactly what we delivered. Right? We helped customers through a situation. And, also, we provided a way to accelerate flex adoption, and we've seen that with our flex license adoptions throughout the quarter, which we called out. And then, obviously, we had a fantastic endpoint quarter, which continues to help drive all the other modules. So overall, I couldn't be happier with the quarter that we just put up.

Yeah. And on your question with respect to, you know, Pangea, you know, I think that I called out that you know, we had got a de minimis impact both the revenue standpoint and the new ARR. And we're excited that, you know, those are gonna roll into the platform in Q4. So that's how we think about it.

Thanks for the question, Brian. Operator, next question.

Your next question will come from Saket Kalia with Barclays.

Hey, great. Hey, guys. Thanks for taking my great quarter and congrats, Andy.

George, maybe for you. I just wanna pick up on your comment earlier on SIM. It feels like the SIM market is starting to see more velocity of displacements. You just maybe talk about what sort of value you're able to capture in those opportunities compared to what customers were maybe spending before? And then maybe relatedly, how do you kinda think about the timetable for legacy SIM renewals in the coming quarters, years, which, of course, I imagine you'd be targeting. Thanks.

Yeah. So I'm I'll try to wrap this up into, you know, one answer here. But, Saket, let me just kinda lay this out. If you look at the journey that we've been on and how we've been able to replace legacy AV, it feels a lot like that market in the early days when we think about replacing legacy SIM. Customers are looking for better outcomes. They're looking for faster results, and they're looking for lower cost. And because we already have the EDR data in the platform, we can offer disruptive pricing versus our competitors. The stickiest data that's out there is the EDR data. We already have it. And, really, what it becomes is a journey to activate NextGen SIM for our customers. So when we think about the opportunity to work with customers and how we get in and, you know, the opportunity going forward. Keep in mind all of our customers are next-gen SIEM enabled. All of our customers are next-gen SIEM enabled. It's a huge difference between us and everyone else in the marketplace, and all we need to do is go through the licensing, exercise, and Flex is helping to accelerate that. So we can offer competitive disruptive pricing and then overall grow our total wallet share with the customer over time. So it's a multiyear long tail journey that feels very similar to the displacement of legacy AV.

Very helpful. Thanks, doc.

Thanks, Saket. Operator, next question.

Your next question will come from Matt Hedberg with RBC.

Great. Thanks for taking my question. Congrats from me as well in the quarter, Andy, to you as well. George, building on your next-gen SIEM success and ONAM, and a little bit related to Saket's question, do you see a further push into observability? Obviously, there's been some movement with some of your cyber competitors to go deeper into observability. Just curious on kind of how you view that market? And is that consolidation opportunity for you as well?

Well, we do view it as a consolidation opportunity, and I'll remind everyone on the call that when we acquired Shumio, which became LogScale, 50% of their business was actually in observability. So we have all of the technology. And in fact, because the platform is collecting so much data and so much telemetry, we have customers today that are using it for observability use cases. You combine that with our agent technology, which does deep inspection within its platform, and we have data that goes well beyond security data that is already being consumed by customers. Then you combine that with ONEM, the pipelining technology, the data fabric which, again, has the ability to take IT data, and we have a fantastic in front of us to consolidate in those areas, which, you know, again, this is nothing new to us. We've actually been doing this. And this has been, you know, part of our selling motion as well as what customers are embracing. So it's already there, and there's certainly more that we can do and certainly more we will do.

Great. Thanks, Matt. Operator, next question.

Next question will come from Gabriela Borges with Goldman Sachs.

Hi. Good afternoon. Thank you. Question for Bert. So CrowdStrike Holdings, Inc. has years and years of data on customer cohorts and how your customer cohorts typically expand with you over time. You've now got several quarters of data on Flex and how the Flex customers expand with you over time. There's a piece of this which is structural, which is, you know, making it easier for customers to consolidate with you. But I'm wondering if there's also a dynamic where you see an elevated tailwind to NRR for a period of time because of Flex, and Flex starting with your best and most excited customers and then perhaps normalizes lower. So my question for you is how do you think about that dynamic? How do you think about the tailwind that Flex is driving in the model and how sustainable that is? Thank you.

Thanks, Gabriela. So the way I think about this is our flex license, it's continuous. Net ARR will be continuous throughout time. And the beauty of this whole program is that it's designed for customers to easily buy more. So over time, you know, we're excited about the opportunity as we bring more products to market and offer more availability to our customers easily. And I think that's the biggest piece that everybody on the call should just remember is that that's exactly what Flex was designed to do, make it easier for customers to buy, make it very easier for us to, you know, be able to deploy, and be able to give value and lower TCO. That's how we think about it. And the benefit is that we're seeing bigger deals and longer deals. And that's all good for us, and it's great for the customers. You know? And I think what I think the most important thing is and not get lost in, you know, in things I've just said is consolidation. You know, we started this company talking about consolidation, the ability for customers to do more with us, spend more with us, and lower their total TCO by spending more with us. So I think that's the biggest point. That I wanna drive home.

Thanks, Gabriela. Operator, next question.

Your next question will come from Dan Ives with Wedbush.

Yeah. Thanks. And also congrats on the Mercedes deal, George. Can you just talk about AI? Like, as you're starting to see more and more deployment, talk about how that's changing the conversations with customers. Even over the last three, six, nine months relative to where CrowdStrike Holdings, Inc. sits. Can you just maybe just give some, you know, some insight into how those have changed from your perspective?

Yeah. Great. Thanks, Dan. Thanks as always. Yeah. When we think about the conversation of AI, what customers have realized is that CrowdStrike Holdings, Inc. is probably the only company in security that's moved beyond chatbots. And what I mean by that is Charlotte AI and its related agents are deeply embedded into the platform. Our last Falcon in Europe, we talked about 11 AI agents and agent work which allows our customers to actually create their own security agents, which we think is gonna be a massive opportunity for us. So it's moved from chatbots to actual doing work, and this is something that we continually hear differentiates us from our competitors. Our competitors are still stuck on chatbots where we've done the within the platform. We've created models around each of our model. Modules, and we're delivering results, you know, things that would take four days of work, we're delivering in minutes for customers. And at the various events that I was at both, in Las Vegas for Falcon and in Europe for our Falcon In Europe, I had customers talk about just the evolution of Charlotte, the maturation of it, and how it's become a key part of their success in their stock. And it gets back to what I said earlier. You know, CrowdStrike Holdings, Inc. has become the operating system for the SOC. And Charlotte is a big piece of it.

Alright. Thanks, Dan. Operator, next question.

Your next question will come from Joseph Gallo with Jefferies.

Hey, guys. Thanks for the question, and congrats, Andy, on the new role. It was awesome to see you guys maintain the fiscal twenty-seven net new ARR growth of 20% on higher numbers. You mentioned several key components of business accelerated in 3Q. Is there one or two products that you think have an outsized growth impact for upside next year? And then as a part of that, you know, security for AI feels necessary, but very early. Is that accounted for in your preliminary fiscal twenty-seven guidance, or is that more longer term? Thank you.

Yeah. Sure. So

I think when we look at next year, again, seeing the momentum that we talked about with next-gen SIM, again, it's an all-star product. It delivers a lot of value. Which is key in this market when you're talking about consolidation. And it's enabling customers to do things that they haven't been able to do. And I think one of the areas that maybe is really not appreciated is that many organizations of all sizes are making a decision in the past to not collect certain data because of the cost. With CrowdStrike Holdings, Inc., we can actually open the aperture and we can provide value to collect all that data. So in general, we're expanding the wallet share, but we're giving them more value because we're collecting data they didn't have seen, and we're giving them outcomes that weren't available to them previously. So I would look at that as an all-star. I would look at cloud. We'd look at the displacements that we talked about in the call. We looked about the we talked about the runtime protection, which is key. Customers want that protection. And then we look at Falcon Field, which is, you know, again, cloud and identity. But it is a key technology to help protect the SaaS applications. So these are all fantastic opportunities for us, you know, in the coming year, and we'll continue to double down on

Alright. Thanks, Joe. Next question, please.

Your next question will come from Fatima Boolani with Citi. Fatima, may unmute and ask your question.

Oh, here I go. Thank you for taking my questions. George, wanted to direct this to you. You gave us a lot of information about the strength of your strengthening partnership with AWS. Your proximity to AWS as a customer and a very, very strategic partner has only cemented further. So I wanted to ask you a very high-level strategic question. This proximity that precludes you or influences you or potentially maybe even complicates your relationship with other hyperscalers, and your customers who would, you know, presumably have multi-cloud footprints. Would love for you to sort of dive into some of those dynamics a little bit. Again, just by virtue of the strengthening partnership with AWS and the availability of the full Falcon suite, in a very deep integrated way inside AWS. Thank you.

So first, we couldn't be more excited about this partnership. And really, I think this is something that's gonna be incredible for AWS customers as well as customers at CrowdStrike Holdings, Inc. The fact that now natively, you can actually flow data from AWS into next-gen SIEM, it's right in your console, and it's gonna be a tremendous enabler, new customer acquisition. And it's a needed technology for AWS customers. So, you know, overall, fantastic relationship and we're excited to be deeply integrated. And when we think about the current environment, as you know, there's always an area to cooperate with many different companies that are out there. Just look at the AI space and, you know, how many people work with different companies that are out there. I think if you look at that and you apply it to security, of course, we're gonna work with other players that are out there. They're gonna leverage the best technology in the market, which is CrowdStrike Holdings, Inc. And we're there to support, you know, all of our customers and potential partners. So it doesn't preclude us from doing that, but, again, this reinforces what a great relationship we have with AWS. We've been able to partner with them, not only in the technology side but also in the marketplace. And you've seen the evidence of that by the awards that I called out. So overall, extremely excited about what the future brings.

Thanks, Fatima. Operator, next question, please.

Your next question will come from Meta Marshall with Morgan Stanley.

Great. Thanks. You noted core EDR acceleration in the quarter, and you kind of noted AI as a catalyst for that. But just is that kind of more endpoints getting protected as they become more intelligent or just existing customers looking to modernize as part of general AI adoption?

Sure. When you think about endpoints and the adoption of AI, a lot of it takes place at the endpoint. Think about all of the various technologies that are out there. Where people are running these as a user on their endpoints. I mean, we've seen some big announcements from consulting firms and others that are leveraging AI in their business because they have to, and they have to drive efficiencies. So what that means is that that creates opportunities and exposure for companies. So they're gonna need to monitor what sort of queries go in. They're gonna need to monitor what data comes out. They're gonna need to monitor what other services are connected into those AI desktop technologies. And that becomes another threat factor. So this becomes a catalyst. Again, I think this is underappreciated as a new risk factor that we hadn't had over the last number of years. Now with the adoption of this, this isn't AI creation. It's AI adoption. And that's, I believe, is gonna be a massive market for us. So that's where we see that. And, you know, overall, as I always say, 50% of the market is still legacy AV, and there's still a long runway in the endpoint business to be able to take that legacy market share.

Thanks, Meta. Operator, next question, please.

Your next question will come from Patrick Colville with Scotiabank.

Alright. Thanks, Andy, for having me on. I guess this one's for George. I wanna ask about discounting levels. Because if I think about this time last year, we had the CCP program, but we also had CrowdStrike Holdings, Inc. you know, very correctly being aggressive to cement and extend its position through, you know, through discounting. Know, that was the right strategy, and these results prove that. But as I think about, you know, the quarter we've just had, fiscal 3Q, as we look towards fiscal twenty-seven, I guess, you just talk about how you're thinking about just discounting a normal course of business discounting? Are those levels gonna diminish over time as we have the Falcon outage further and further in the rearview mirror and your position is looking very strong?

Sure. Well, I when you look at this market and you look at, say, enterprise sales, I mean, there's always some level of discounting. That's not unique to us. It's not unique to security, and it's, you know, not unique to software companies. It just happens as a normal course of business. And I think we've been very prudent in how we operate in those areas. And, you know, we've tried to focus on things like CCP, which, again, allow customers to take new technologies in, but protect the price point, and allow us to, basically capture them in a flex opportunity. So gonna use the tools available to us to be competitive. We continue to take share. We continue to drive new customer business. And, you know, we don't see anything out of the normal course of business, but we've got various tools in our toolbox and we tend to use those judiciously. And we're again, where it makes sense, for us and for the customer. And that just drives the growth that you've seen. And I'll also point out, you know, the 81% gross margin. Like, you have to look at the margin as well. And we've been able to be successful, and we've been able to protect the margin.

Thanks, Patrick. Operator, next question, please.

Your next question will come from Eric Heath with KeyBanc.

Hey, great. Thanks for taking the question. Nice set of results. George, I wanted to ask about the partnership with F5. I thought that was pretty interesting. But me if I'm wrong, but I believe this part of the infrastructure stack historically was never able to support endpoint agents before. So does this expand the endpoint TAM? How meaningful can this be? And are there other areas of the infrastructure stack you think this is applicable to?

Yeah. This is a great and insightful question. I'm really glad that you asked it because it does. And what we've seen over the years is that customers have been asking for a long time to protect these appliances. And in many cases, the appliances have not been available to us, the underlying operating if you will, to be able to protect, but there's been a huge demand there. So we worked with F5 in great partnership, and very quickly to be able to certify our agent to run on their platform. And we do think that this will create a model, a working model, that will open it up to other appliances. Vendors to be able to have it protected. And I can tell you just some anecdotal stories. You know, there was a story just last week of a noncustomer never used CrowdStrike Holdings, Inc. had the opportunity to actually use our technology because of F5, and was blown away. And within a week, we had him in an EBC and now we're getting into a proof of value. So this play works, and we're going to expand our market and be very forward-leaning in being able to protect other appliances that are out there. Which you probably have seen are the tip of the spear for many of these nation-state breaches.

Thanks, Eric. Operator, next question.

Your next question will come from Roger Boyd with UBS.

Great. Can you hear me okay?

Yes.

Awesome. Well, congrats, Andy, on the new role. Wanted to double-click on the Kroll partnership. I know MSP has been a growing part of the channel for CrowdStrike Holdings, Inc. for the past couple of quarters. Can you walk us through that longer-term opportunity as you expand with Kroll and other beyond kind of the initial endpoint landing point? Landing spot. Thanks.

Sure. Yeah. We were excited about this opportunity. We took out another EDR vendor that was in there. We're providing a much better solution for them and their customers. And they're in a segment that allows us to bring our technology too. You know? There's a lot of incident response engagements they're doing. They're part of the insurance panels. And it opens up a market opportunity with one customer and just accelerates our ability to penetrate that. So these are the type of models that we like to create. We've been very successful in the MSSP market. This is just another proof point of us working with customers like Kroll and the reach that they have and the trust that they have. So the idea is to create more Kroll opportunities and certainly grow the opportunity that we have with Kroll, which I feel very confident we will.

Thanks, Roger. Operator, next question.

Your next question will come from Tal Liani with BofA.

Hi, guys. I'm trying you're a $5 billion revenue company, and you only provide one number. Revenue or ARR. There's no breakdown. So I'm trying to understand a little bit of the kind of any segmentation of your revenues and the question I have is, can you discuss verticals like contribution of SMB and trends in SMB, kind of new market opportunities that were not in your core before and how you are addressing them. And also new customers versus upsell to existing customers, are you the NRR and GRR I know you stopped doing it a few quarters ago. Thanks.

Actually, let me take the last part of your first. So, basically, we are gonna be giving out about retention and growth generate at the end of the year. So that's what we've that's what we've talked about, and we will do that, Tal. So I think you'll be you know, you'll you'll get that information. At the end of Q4. So and we do it every Q4. Now with respect to breaking out, you know, how we think about our business, you know, whether it's enterprise or SMB or MSSP, the great the great news about our business is that we sell all of it. We're successful with all of it. We're successful at the you know, with small deals. We're successful with large enterprise deals. And and for us, you know, we have that great technology that it's the same. It's the same technology for if you're a five-person shop, you're the largest company in the world. And the beauty of, you know, how we're able to deliver deliver, you know, our technology that it's up and running in seconds. So when you think about, you know, segmentation and you think about you know, who we sell to, it really is everybody. You know, our ability and our success is is agnostic. We are really driving new wins and displaying competitor the competitors, on a daily basis. Right? And for us, you know, to continue to invest in the business, and for us to be able to continue to make sure that we're able to deliver in a very timely manner, these are the successful things that we look at to be able to sell to all of our customers, whether big or small. So we're excited about that. And we're also rare. In in the entire security community to be able to do that successfully.

Alright. Thanks, Tal, for the question. Operator, next question.

Your next question will come from Mike Sikos with Needham.

Hi. This is Jeff Hopson on for Mike. Thank you for the question. With the increased amount of M&A activity in security we've seen this year, including CrowdStrike Holdings, Inc. recently, how are you guys approaching the buy versus build when it comes to a technology like AI that's developing pretty quickly? Thank you.

When we look at the market, certainly, there's a lot of activity out there, and you know, it's probably isn't a week that goes by that we don't talk to some bankers that are, you know, talking about other companies. The great news is we've got a tremendous balance sheet. We're in a fantastic position. To be able to build or buy or partner. And I think we've been very thoughtful about our act and a big part of our strategy has been the integration. And when you look at Pangaea, we're really starting to sell that in Q4 because we wanted to take the time and effort to integrate it. It's not just kinda stitched together. The single platform, which I talked about, is very important to our customers. So we're gonna continue to be thoughtful. We're gonna continue to buy what we perceive as best of breed in the market, not legacy technologies. We're gonna integrate them, which is part of our customer brand promise. And we're gonna continue to grow them within our sales motion and the channel that we built. So we'll be opportunistic, but we'll also be very strategic in what we buy.

Thanks for the question. Operator, last question, please.

Your last question will come from Adam Borg with Stifel.

Awesome. And so much for the question, and, Andy, congrats on the role. Maybe just on the identity business, it's great to hear the stronger quarter there qualitatively. I know we've talked in the past about being almost like a one dot o product. Love to hear more about how you're thinking about that product particular and the maturity in coming quarters. Thanks so much.

Yeah. So identity as as we've mentioned, super important in an AI era. Something that we got into many years ago, and we continue to evolve that. And we've seen some really nice wins specific to our PAM technology. You know, we have to look at what customers are telling us and, and basically, you know, skate to the puck of where where they're going, which is they're looking for more modern identity solutions. They're looking for solutions that can do just in time and you know, some of the kinda legacy vaulting they'd like to to move away from. So those are areas of focus for us. We'll continue to build out our identity stack. It's been very successful for us. But, certainly, there's more to do. There's more to build out, and there's more in front of us. The good news is there's demand from customers, as you've seen lots of market, movement. And as customers think about what they're gonna do next, they wanna make sure they set them themselves up for really in the next era of agentic identity, and that CrowdStrike Holdings, Inc. will be there for them.

This concludes today's question and answer session. I would now like to turn the call back to George Kurtz for closing remarks.