VRNS - NASDAQ

Greetings, and welcome to the Varonis Systems, Inc. Fourth Quarter 2025 Earnings Conference Call. At this time, all participants are in a listen-only mode. A question and answer session will follow the formal presentation. As a reminder, this conference is being recorded. It is now my pleasure to introduce Tim Perz, Investor Relations. Please go ahead.

Thank you, operator. Good afternoon. Thank you for joining us today to review Varonis Systems, Inc.'s fourth quarter and full year 2025 financial results. With me on the call today are Yakov Faitelson, Chief Executive Officer, and Guy Melamed, Chief Financial Officer and Chief Operating Officer of Varonis Systems, Inc. After preliminary remarks, we will open the call to a question and answer session. During this call, we may make statements related to our business that would be considered forward-looking statements under federal securities laws, including projections of future operating results for our first quarter and full year ending December 31, 2026. Due to a number of factors, actual results may differ materially from those set forth in such statements. These factors are set forth in the earnings press release that we issued today under the section captioned Forward-Looking Statements, and these and other important risk factors are described more fully in our reports filed with the Securities and Exchange Commission. We encourage all investors to read our SEC filings. These statements reflect our views only as of today and should not be relied upon as representing our views as of any subsequent date. Varonis Systems, Inc. expressly disclaims any obligation or undertaking to release publicly any updates or revisions to any forward-looking statements made herein. Additionally, non-GAAP financial measures will be discussed on this conference call. The reconciliation for the most directly comparable GAAP financial measures is also available in our fourth quarter 2025 earnings press release and our investor presentation, which can be found at varonis.com in the Investor Relations section. Lastly, please note that a webcast of today's call is available on our website in the Investor Relations section. With that, I'd like to turn the call over to our Chief Executive Officer, Yakov Faitelson. Yakov?

Thanks, Tim, and good afternoon, everyone. We appreciate you joining us to discuss our fourth quarter and full year 2025 results. Over the past year, we have talked about Varonis Systems, Inc. as a story of two companies. The first is our strong SaaS business, which reflects the present and future of our company, and the second is a legacy on-prem business, which is serving as a headwind to our total company ARR growth. In Q3, the headwind was especially pronounced. As a result, we are now disclosing additional metrics. The purpose of this is to allow investors to understand all the drivers of our business. Guy will expand upon this later. In the fourth quarter, our SaaS business continued its momentum, and our decision to end-of-life our self-hosted platform, combined with the lessons we learned in Q3, led to a record number of conversions. In Q4, SaaS ARR was $638.5 million or 86% of total ARR. Q4 SaaS ARR increased 32% year over year, excluding the impact of conversion, and total ARR increased 16% year over year to $745.4 million. Now I would like to give you some additional color on last quarter's decision to announce the end-of-life for our self-hosted deployment model and the decision to transition our business to be 100% SaaS by the end of 2026. Prior to the introduction of Varonis SaaS, we believed self-hosted software was the best way to secure data, but the downside of this software was that it required significantly more resources to do so. Our SaaS product is fully automated. It is different from our self-hosted solution, like a self-driving car to a bicycle. You can get to the same destination in either method, but with one, you do the majority of the work yourself, and with the other, it gets you there automatically and with minimal effort. We can do this because we built our SaaS platform using world-class architecture, the newest technologies, and the lessons we learned with securing data in large, complex, dynamic environments for thousands of customers. This allows us to protect our SaaS customers in ways that were not possible with our self-hosted solution. For instance, we can only provide MDDR to our SaaS customers because of the automation and centralized visibility within our platform. It is important to understand that for most other companies that underwent SaaS transition, the technological gap between their self-hosted and SaaS products was not as large as it is with our platform. This provides our SaaS customers with much higher satisfaction, which leads to higher renewal rates when compared to our remaining self-hosted customers, many of which are what we call single-threaded customers. This means they only use Varonis Systems, Inc.'s self-hosted platform for a single use case on one data store, and because they do not use the full data security platform, they began to show a greater resistance toward paying a premium to move to Varonis SaaS in Q3. In order to move quickly and maximize customer retention, we are focusing less on uplift or conversions of our remaining on-prem customers. We believe we can show even more value to SaaS to these customers and then have opportunities to upsell them in the future. In the fourth quarter, our decision to end-of-life our self-hosted platform was a catalyst that caused many of our remaining self-hosted customers to convert to SaaS. We converted approximately $65 million or one-third of our remaining non-SaaS ARR in the quarter and believe that between $50 to $75 million of the remaining self-hosted customers will convert by the end of the year. At the same time, we continue to see strong demand from both new and existing customers because they can secure data with minimal effort because of our automation. Other DSPM tools may be able to identify a portion of sensitive data, but no other tool can find sensitive data in the complete way, fix misconfigurations at scale automatically, and alert and respond to threats, delivering automated outcomes like Varonis Systems, Inc. does. Within our SaaS portfolio, MDDR and CoPilot continue to show strong adoption trends, and Varonis for cloud environments continued its momentum, which was driven by the investment we have made in our platform to expand our use cases and protect many more data platforms. We are seeing this demand because customers are realizing that visibility alone is not enough and classification without protection is a liability. Automation is necessary to achieve real outcomes. Early conversations with customers on our database activity monitoring and email security products underscore our belief that these are a strong fit for our portfolio in 2026. We expect our reps to put significantly more focus on new business and SaaS customers. Over time, we believe this focus will help us unlock the potential of this market. Now, I would like to step back from our near-term results and discuss why we believe we are best positioned to help companies safely adapt AI and prevent data breaches. Varonis Systems, Inc. was founded on the belief that managing and protecting data would be impossible without automation. Over time, our goals have been fueled by the constant balance between productivity and security. Today, the emergence of AI is accelerating both the volume and complexity of data at an unprecedented rate. The scale of data growth is matched only by the AI's ability to increase the sophistication of modern cyber threats. Cybercriminals are leveraging AI agents to infiltrate organizations with minimal human involvement. Recent incidents, such as Chinese state actors using cloud code to breach major corporations, highlight the sensitivity and ease of these attacks. Most of these AI-powered attacks start with social engineering. Attackers are not hacking computers; they are hacking trust, and users cannot tell what is real or fake anymore. Cybercriminals are using AI without Companies want to adapt AI as quickly but struggle to due to concerns over data security. The deployment of AI agents raises critical compliance questions: What data does the agent have access to? Is that data sensitive? Is the agent behaving as expected? Most organizations struggle to answer these questions for human users, and the challenge is amplified as they must now secure exponentially more AI agents. Agents are nothing without data. The more data agents can access, the more useful and more risky they become. They operate faster than humans, collaborate autonomously, and maximize their privilege by design. AI security depends on data security. In addition, companies will need guardrails and controls around their AI agents and toolsets. To accelerate our ability to help companies safely adapt AI, Varonis Systems, Inc. announced today that it has acquired Altu, an AI security company. The acquisition strengthens Varonis Systems, Inc.'s ability to protect enterprises from emerging AI risks by combining Altu's end-to-end visibility and guardrails for AI tools with Varonis Systems, Inc.'s ability to protect the underlying data and identities using my AI agent. Altu adds end-to-end visibility and control across the AI lifecycle. It inventories AI components and infrastructure, locks it down, monitors AI tools, and automates compliance. The acquisition reinforces our data-first strategy and extends our platform to secure all AI systems and the data powering them. Our SaaS platform allows for much faster organic innovation and integration of tuck-in acquisitions, which enhance our customers' ability to stay ahead of bad actors. Since launching SaaS, we have gone wider and deeper with our customers, stopped breaches everywhere, and we can now tap into more budgets than ever, including data and AI security, database activity monitoring, and email security. We have unified unstructured, semi-structured, and structured data security into a single platform, which is essential in an age of AI because AI uses all data types. When you combine Interceptor, which is our image security offering, with our SaaS platform and MDDR, it becomes a force multiplier. It stops threats even faster and keeps threat actors even farther from data. With that, I would like to briefly discuss a couple of key customer wins from Q4. We continue to see strong demand from new customers. One example of this was a healthcare service organization that was performing a risk assessment during a multi-cloud migration and realized that the native tools were insufficient to lock down their data. As a result, they launched a DSPM RFP process and ultimately chose Varonis Systems, Inc. after we immediately uncovered several hundred physical misconfigurations, many of which were automatically fixed. We also identified over 900,000 exposed PII records and executive strategy materials. Varonis Systems, Inc.'s simplicity, advanced threat detection, unified interface, and automatic remediation were decisive against competitors, and they ultimately purchased Varonis SaaS with MDDR for hybrid environments, CoPilot, AWS, Azure, and Google Cloud Platform, as well as Unix and Linux, and the Universal Database Connector. In addition to strong new customer momentum, we continue to see existing customers realizing the benefits of SaaS. One example was a hospital system of 45,000 employees that originally bought Varonis Systems, Inc. to remediate overexposure of on-prem HIPAA data. As they began a cloud migration process, they noticed gaps in the ability of native tools to remediate overexposure and label data at scale. During our cloud risk assessment, we discovered over half a million instances of HIPAA and PII data open to everyone in the organization. Our ability to identify and remediate these exposures led this customer to convert to Varonis SaaS with MDDR for hybrid environments, CoPilot, and data lifecycle automation for Windows SaaS. In summary, we are excited by the performance of our SaaS business, which is being driven by the automated value proposition that we deliver to our customers on top of our scalable architecture. We look forward to continuing our momentum and ending the year as a fully SaaS company, which will unlock many more benefits as we capture our growing market opportunity, and we believe in the path to achieving our 2027 financial targets. With that, let me turn the call over to Guy. Guy?

Thanks, Yakov. Good afternoon, everyone. Thank you for joining us today. We are excited by the momentum we are seeing in our SaaS business, which now accounts for the vast majority of our ARR. SaaS is both the present and the future of our business, and the new disclosures we are making today are intended to enable investors to evaluate the progress of both our SaaS business and the end-of-life of our self-hosted business. We plan to disclose these additional metrics for the duration of 2026, after which we will be 100% SaaS, and we will revert to more traditional metrics. You can find more on this in our investor deck. In 2026, we will provide guidance for SaaS ARR excluding conversions on a quarterly basis. Specifically, we will report the following on a quarterly basis: one, SaaS ARR; two, SaaS ARR excluding conversion; three, conversions ARR; and four, non-SaaS ARR to help you understand how much conversion opportunity remains available. On an annual basis, we will disclose and also provide guidance for one, SaaS ARR, and two, SaaS ARR excluding conversion. We will also continue to report subscription customer count and SaaS dollar-based net retention on an annual basis. Our intention is to provide you with the tools to understand the various drivers of our business and to illustrate how we believe our SaaS business can continue to grow at very healthy levels in 2026 and beyond. In the fourth quarter, SaaS ARR was $638.5 million or 86% of total ARR, and SaaS ARR increased 32% year over year when excluding the impact of conversion. We are proud of our record number of ARR conversions in Q4, which totaled approximately $65 million, including the uplift. We believe that this result was driven by our lessons learned in Q3 and our decision to end-of-life our self-hosted platform. At the end of Q4, we had approximately $105 million of non-SaaS ARR remaining. In 2025, ARR from new customers was approximately $80 million. We ended the year with approximately 6,400 subscription customers, which grew 14% year over year. Our dollar-based net retention rate for SaaS customers was 110% at the end of 2025. To be clear, this metric only includes customers that were SaaS customers in the prior year and therefore is reflective of the organic expansion of ARR within our SaaS customer base. We believe that this metric can trend higher over time as we put more focus on the upsell motion with our SaaS customers. Our renewal rate for the year ending December 31, 2025, continued to be over 90%. Although our renewal activity from our non-SaaS customers was slightly below our historical level, it was better than what we experienced in the third quarter. Our renewal rate disclosure going forward will be the SaaS renewal rate. This metric aligns with our new business model and how we view the business. Now I'd like to recap our Q4 results in more detail. In the fourth quarter, ARR was $745.4 million, increasing 16% year over year. In 2025, we generated $131.9 million of free cash flow, up from $108.5 million in the same period last year. In the fourth quarter, total revenues were $173.4 million, up 9% year over year. SaaS revenues were $142.3 million. Term license subscription revenues were $21 million, and maintenance and services revenues were $10.1 million. Moving down to the income statement, I'll be discussing non-GAAP results going forward. Gross profit for the fourth quarter was $138.7 million, representing a gross margin of 80%, compared to 84.4% in 2024. Our gross margin continues to be healthy and in line with our long-term target set at our Investor Day. Operating expenses in the fourth quarter totaled $134.1 million. As a result, fourth-quarter operating income was $4.6 million or an operating margin of 2.6%. This compares to an operating income of $15.3 million for an operating margin of 9.7% in the same period last year. Fourth-quarter ARR contribution margin was 15.9%, down from 16.6% last year. If our non-SaaS business would have renewed at historical levels this year, our contribution margin would have shown a significant improvement versus 2024. In 2026, we expect a lower ARR contribution margin and lower free cash flow due to the impact of the end-of-life announcement. While this announcement negatively impacts 2026 ARR contribution margin and free cash flow by $30 to $50 million based on our guidance, we believe it will allow us to show a healthier financial profile beginning in 2027 due to the removal of our lower renewal self-hosted customer base. During the quarter, we had financial income of approximately $9.6 million, driven primarily by interest income on our cash, deposits, and investments in marketable securities. Net income for 2025 was $11.1 million or net income of 8¢ per diluted share, compared to net income of $23.9 million or net income of 18¢ per diluted share for 2024. This is based on 133.3 million diluted shares outstanding and 135.1 million diluted shares outstanding for Q4 2025 and Q4 2024, respectively. As of December 31, 2025, we had $1.1 billion in cash, cash equivalents, short-term deposits, and marketable securities. For the twelve months ended December 31, 2025, we generated $147.4 million of cash from operations, compared to $115.2 million generated in the same period last year. And CapEx was $15.5 million, compared to $6.7 million in the same period last year. During the fourth quarter, we repurchased 448,439 shares at an average purchase price of $33.45 for a total of $15 million. I will now briefly recap our full-year 2025 results. Total revenues increased 13% to $623.5 million. Our full-year operating margin was negative 0.6%, compared to 2.9% for 2024. Turning now to our initial 2026 guidance. Apart from conversions, which we included a wide range to account for a pessimistic and optimistic scenario, our guidance was set using the same philosophy that we have used historically. As a reminder, our new KPI for this year is SaaS ARR growth excluding conversions, which reflects our ability to add new SaaS customers and also expand with existing ones, as this will be the primary growth driver of our business in the years ahead. In 2026, we will provide quarterly SaaS ARR including conversion guidance, for this year only. We are doing this because of the difficulty in modeling the year-over-year growth rates due to the impact of conversions in 2025 and 2026. We will also provide a bridge to quarterly total SaaS ARR in our investor deck, which assumes zero conversions for the upcoming quarter. For the full year 2026, we will provide annual guidance for both SaaS ARR excluding conversions and total SaaS ARR. We have provided a wide range of outcomes for the conversions of our non-SaaS ARR to SaaS ARR within our guidance framework in order to bridge SaaS ARR excluding conversion to SaaS ARR for modeling purposes. We believe this range of conversion captures a pessimistic and optimistic scenario, with a midpoint representing our base case for 2026. From a modeling perspective, we have assumed no uplift for these conversions. The largest cohort of customers that we do not expect to convert to SaaS are federal and state government customers. As a reminder, we expect this to have a $30 million to $50 million headwind on free cash flow and ARR contribution margin in 2026. For more information, please see our earnings deck on our Investor Relations website, which includes a more detailed breakdown of our financial guidance. For 2026, we expect SaaS ARR growth of 27% to 28%, excluding conversions, total revenues of $164 million to $166 million, representing growth of 20% to 22%, non-GAAP operating loss of negative $11 million to negative $10 million, and non-GAAP net loss per basic and diluted share in the range of 6¢ to 5¢. This assumes 118 million basic and diluted shares outstanding. For the full year 2026, we expect total SaaS ARR of $805 million to $840 million, representing growth of 26% to 32%. This represents SaaS ARR growth of 18% to 20% excluding conversion. Free cash flow of $100 million to $105 million, total revenues of $722 million to $730 million, representing growth of 16% to 17%. Non-GAAP operating income of breakeven to $4 million, non-GAAP net income per diluted share in the range of 6¢ to 10¢. This assumes 134.2 million diluted shares outstanding. In summary, we are continuing to see momentum across our SaaS business. This demand is coming from both new customers and existing SaaS customers looking to secure more of their data footprint with Varonis Systems, Inc. We remain focused on executing on the many tailwinds we see ahead. With that, we would be happy to take questions. Operator?

We will now be conducting a question and answer session. If you'd like to ask a question, please press 1 on your telephone keypad. One moment, please, while we poll for questions. The first question is from Matthew Hedberg with RBC Capital Markets.

Guys, thanks for taking my question. Thanks for all the additional disclosures. I think it will be really helpful when we think about the standalone SaaS business on a go-forward basis. I think we're getting some inbound from some investors, and I think some of the confusion is around kind of the growth rate assumptions from this year. You're guiding for 18% to 20% SaaS ARR growth excluding conversions. Yet, you know, if you look at sort of just, like, your exit rate SaaS ARR for '26 relative to kind of like the $745 million that you ended 2025 with, it looks like closer to 10% growth. So I know there's some headwinds to conversions here and some churn, but maybe could you just help sort of like again, sort of like square off like the 10% kind of total ARR guide with, you know, how optimistic you are on the SaaS side of the house.

Thanks, Matt, for the question. I think we had many conversations with investors throughout the last several months, and they've all asked for the SaaS growth excluding conversion to really understand the true growth of the business. And, really, what we want to try and help everyone understand all of this better. So we're providing today more disclosures around our business to help you understand what drives our business in the present and in the future. Now the SaaS ARR excluding conversions is really the most important KPI, which we're going to focus on the ability to sign new customers and expand existing SaaS customers. And that's what's going to drive the business in 2026, 2027, and beyond. When we sit here today, we feel very good about guiding this growth rate of 18% to 20%, which really calls for $120 million of net new organic SaaS ARR versus the $109.5 million that we had in 2025. And that's our starting point. So we're still keeping the same philosophy of guidance. This is our starting point. And we know what we need to do in order to continue throughout the year and increase that number going forward. So as a starting point, looking at the ARR would be extremely misleading because it takes into account the conversions, which are really the rearview mirror of this company. If you want to focus on the present and the future, the right thing to look at is SaaS ARR, excluding conversion, and as a starting point with this with the same guidance philosophy, we're at $120 million versus $109.5 million in 2025.

And, Matt, you also believe Move to the next one. Thank you. Our next question is from Saket Kalia with Barclays.

Great. Guys, thanks for taking my questions here. And echo the point earlier just on appreciate the additional disclosure. I think it's really helpful. And to your point, really focuses on kind of what the future of the business will look like. Right? That SaaS part. And so for that reason, I just want to dig into that 18% to 20% growth excluding conversions. Guy, maybe the question is for you. Can we just talk about how much of that you think comes from new customers versus existing? And, again, SaaS is the future, but just to make sure we're all squared away, can you touch on whether there's going to be any remnants of on-prem ARR at the end of '26 as well?

So I'll start with the last part of your question. Our assumption is that we won't have any non-SaaS ARR at the end of the year. So, basically, 2026 is going to be equal ARR. So for this year, if you want to focus on what is right for the business, what is driving the business, in the present and in the future, the right metric to look at is SaaS ARR excluding conversion. Now when you look at the performance in 2025, we had SaaS NRR of 110%, and we had approximately $18 million of new customers ARR. When you look at our expectation going forward, we believe that with the fact that reps won't have to focus on the conversion the way they focused on conversions in 2025, they can go back to selling to new customers and selling to existing customers. And we have so much more to sell, so our expectation is that the SaaS NRR can increase. And, obviously, with the offering that we have, we can increase our sales to new customers. So as a starting point, I'm going back to that 18% to 20%. It's a good starting point that we feel very confident with where we sit here today. Obviously, we believe that we can increase that throughout the year.

Our next question is from Brian Essex with JPMorgan.

Hi, good afternoon. Thank you for taking the question. Thank you for me as well for all the additional color. I guess, Guy, I wanted to dig in a little bit to current period results. 110% net dollar retention, how does that compare with prior periods? And then maybe you can also help us understand how much has Copilot and, you know, AI driven some of the demand? Do you have maybe an attach or an exposure rate you can provide for the SaaS business attributable to that demand in the quarter? Thank you.

So I'll take the first part of the question. When we look at the SaaS, you have to remember that this only takes SaaS customers last year and compares what their ARR is a year later. So, obviously, it's on a much larger base, and it's at 110, and we absolutely think that it was impacted with some headwind because reps had to focus their time on the conversions. Keep in mind that we had close to $190 million of conversions in 2025 alone. So that doesn't happen in itself. The reps had to focus on those conversions. And when we think about NRR, when you only take SaaS customers and look at the progression, that is actually an indication of how we can grow within our SaaS customer base going forward. We actually believe that that number can improve. So, again, when you look at kind of the mix between existing and new customers, I think that going forward, as we kind of went through the transition and there's not much of a non-SaaS ARR left, the reps can actually focus on acquiring new customers in a better way and can actually go back to the base and sell them additional products going forward.

My definitely was, you know, just a big driver, but AI in general is a big driver because everything that's related to AI, these agents are as good as as risky as the data they can access. And, definitely, the AI train left the station, and the ability to understand the identity and the data that it can access is everything. So it's not just the conversion and Copilot. The other thing that we saw in the fourth quarter is this a lot of success with everything that related to other cloud repositories in, you know, AWS, and Azure and also the database activity monitoring with pipeline is starting to sell the product and everything that is happening with the acquisition of Fleishnex. Important to understand that AI, just from the agency, is a big problem, but also from bad actors. So everything that's related to a compromise to get compromised from trusted sources is something that the Fleishnex acquisition, the product called Interceptor, is doing extremely well. So definitely in terms of the platform, we hit on all cylinders and also have a very good understanding of the cohort of customers, as we explained before, that will not go to SaaS. And with the 86% SaaS business, it's just the end of it, and the SaaS KPIs are extremely strong. And we are very, very happy with where the platform is and how it will perform. And primarily, we believe that the whole AI revolution is a big tailwind to everything we want. Our next question is from Rob Owens with Piper Sandler.

Great. Good afternoon. Thanks for taking my question. I wanted to focus a little bit on go-to-market. I know there were some changes to the federal team back in Q3. Just curious, as you enter the new fiscal year, any broader changes overall, where you are from a sales capacity perspective, and how you're feeling from a sales maturity perspective relative to the folks you have in those seats? Thank you.

So there are two elements to that question that I want to address. One is in terms of the federal business, we're still focused on trying to sell. As you remember, our federal business is approximately 5% of total ARR. But we still see an opportunity there. We did make some adjustments in terms of our investments there. I will say that the second component that I want to address is the conversion. The non-SaaS ARR we're actually baking a good portion of that federal business that will not convert. And that's why we gave a range of more of a bare case and an optimistic range, which is a really wide range, that $50 million to $75 million that will convert in 2026. So when you look at the element and what is impacting kind of the conversion number, the assumption that we have had is that many of the federal and state and government customers might not convert, and that was baked in that number. And the expectation is that we can go and sell to new customers in that federal space, but some of them will not move to SaaS with us. But in terms of the coverage and capacity, you believe we, you know, the new product's now building a good pipeline. And that will kick in, and we can have a we believe that we can have strong productivity gain. We have now these sales motions that are attaching to, you know, the budget and everything that's related to social engineering and business email compromise, the in the email space, and we have some other in the API and the browser extension. Very good assets there. Database activity monitoring. You know, most of the install base of the incumbent wants to replace them. This is another one for us. Everything, the expansion of the data security, including the MDR, and now the Altu acquisition that really just finalizing the whole vision to be end-to-end in the AI world. So when the we believe and we're starting to see that we see a lot of budgets that are related to AI from security and AI, and we really believe that we can be the foundation for acceleration and adoption of SecureAI within organizations. So we're really happy with where we are. And the way that the pipeline is developing, and we think that, you know, in the next few quarters, we are going to reverse.

Alright. Thank you. Our next question is from Joshua Tilton with Wolfe Research.

Thanks for sneaking me in here. I have two. One is a follow-up. One is not. I'll start with the non-follow-up one, and that's when we look at kind of the benefits of SaaS from converting the on-premise base relative to kind of, you know, the dollars that you lost in on-premise business last year. It kind of feels that you the uplift that you were getting was below that 26% to 25% ish blended rate that you've been communicating to us. Is there any way to help us understand, like, what you are actually getting from a conversion at Uplift? Or what you're getting on Uplift at a conversion and, you know, what we should expect that rate to be if you can, you know, sustain that for next year. And then I have a follow-up.

So I want to focus the analysts and the investors on what's important. And what's important is SaaS growth excluding conversion. We've been asked many times by investors recently to try and break it out and show what would be the growth rate. Because if you think about it, by the end of 2026, the assumption is that there will be no non-SaaS ARR left. So the question that you're asking actually relates to 2026 only. Our assumption for 2026 is that from a modeling perspective, is that the conversions will come in flat. The intention is to break down on a quarterly basis what is the SaaS growth excluding conversion, so every single investor can understand how the business is performing, present, and what is the driver for the business going forward. To us, the conversions are obviously an important factor, but they're not the driver. They are the rearview mirror that every investor obviously, we care about getting as many customers over to SaaS as we can. But that's not the driver of the business. The driver of the business is SaaS ARR excluding conversions. And that's why we spent a lot of time in order to break it out in what we hope is a very simplistic way for investors to be able to understand what is the growth rate of SaaS ARR excluding conversion. We gave a range of what the expectation of the conversion is. And remember, at the end of Q3, we got asked every single investor asked us what is the expectation to get the conversions over? We talked about approximately $180 million of non-SaaS ARR that are up for renewal, and we said that about a third of them. And we were able to get in Q4, including the uplift, were up for renewal in Q4, approximately $65 million. So the non-SaaS ARR left has come down significantly. It's now approximately $105 million going into 2026. We're giving this range of $50 million to $75 million, but our desire and the way management is focused in terms of the forward-looking health of the business is SaaS ARR excluding conversions.

It's also critical to understand that this massive expansion we did in the platform, this is what will grow the business, the new licenses. This is not the uplift. It's selling new licenses and adding more value, covering more data, securing our customers end-to-end from a data breach, making sure that they can use AI in the right way, making sure that they don't have a compliance fine, and doing everything on an architecture with tremendous scale. You need to understand that the amount of data that we need to crunch in order to provide this value is massive. And this is the whole growth is driven by the just the new license. Our next question is from Jason Ader with William Blair.

Yes, thanks. Hi, guys. Guy, can you help us understand the $30 million to $50 million headwind to contribution margin and free cash flow in 2026? I'm not sure I quite get that.

Yeah. So first of all, I want to say that there's really no change from a philosophy perspective of how we are trying to run the business. We believe the business should grow on the top line at healthy levels, but also generate better margins and more meaningful cash flow over time. I think that's been the way we ran the business for many, many years, and there's really no change in the way we're thinking about that going forward. We're facing that $30 million to $50 million headwind from the end-of-life announcement in 2026, but what's important to note is that, one, the announcement of end-of-life actually generated a sense of urgency for customers to move. The second thing that's important to note is that we would have had a headwind, and we did see that in Q4, from the remaining self-hosted customers having a lower renewal rate that would have really masked the strength of our SaaS business. And you can see that in the H2 2025 results and also in the 2026 guidance. And the third thing to keep in mind is that if we didn't have the end-of-life announcement, the cost of maintaining the same set of customers would have increased exponentially over time. So when we look at this $30 million to $50 million headwind, that's really with a lower expected renewal rate for the non-SaaS business, but I think we've proven over time our ability to show better margins and cash flow, and we believe in our ability to continue to do that going forward. So when we think about the 2027 target, we really completed the transition two years ahead of schedule. But as we sit here today, we see a path to achieving the 2027 targets laid out in the investor day. So we feel confident with that.

Our next question is from Shaul Eyal with TD Cowen.

Thank you. Good afternoon, Yakov and Guy. Thanks for the new disclosures. Yakov, I know you might have touched on that earlier, but I want to go back to that topic du jour in recent weeks. AI eating software. Maybe not so much in the security category, but definitely we're seeing a guilt by association, you know, cyber-related names in recent days. If I have to look at today's performance, can you offer us and investors your viewpoint as to whether AI is augmenting security or whether there's room for concerns based on potential market disruption? And maybe also just a word about your current relations with Microsoft over the past quarter. Thank you.

Yeah. I think that in terms of the market, it's what we and primarily our market, as I said before, AI is as good as as risky as the data that it can access. And you are going to see velocity that we have never seen before and also for bad actors, the ability just to get in to do, you know, everything that related to the initial port to get identity, session token, and so forth is going to grow. The ability to build very sophisticated advanced persistent threats that don't need to, you know, to call home, can talk with local LLMs and agents talking to agents. And, also, the just the human mistake. I think that definitely AI is tremendous impact on development cycles, but we believe that still complicated architecture and deep tech would need a lot of expertise, and this is what we have. And believe that even in this environment, we have a very strong moat. And we also believe that in order for organizations to adapt AI, they need to make sure that they understand what it the data can access and if it's behaving correctly. This is the core competency of Varonis Systems, Inc., and you need to do it at a tremendous scale. And the second thing, Shaul, that it needs to do, and this is related to the Altu acquisition, is you need to understand the actual agents of stemming from which tool. The intent of what they plan to do, and also the pipelines, what data they are going to access. So in terms of AI, Altu starts from the beginning. To make sure, okay. This is the tool. This is the intent. And the pipeline. Then massive force multiplier with Varonis Systems, Inc. is what is the identity and the data that they can access. And, also, then back from Altu, how agents talk to each other. So, you know, maybe an agent can ask another agent that has the permission to do something on his behalf. And this is a big issue. Regarding Microsoft, you know, we have just a lot of synergy with them, and, you know, we're building a pipeline together and feel comfortable about the partnership. So we feel comfortable about the partnership, but the one thing that we are very excited about is just where the platform is. If you look at the year ago, you know, starting from where ataxo starting with Interceptor with Fleishnex, taking the database activity market with classification, the user behavior analytics, we have a lot of success on the cloud data stores, and these data stores have tremendous scale and, you know, and Varonis Systems, Inc. is doing the Varonis platform extremely well there. And now everything that we are doing today AgenTiKi and we combine it with our cost. Thanks. So we are very excited where the platform is. Where the platform is, and the value that you can provide in the marketplace. Our next question is from Meta Marshall with Morgan Stanley.

Great, thanks. Maybe building on that last answer that you gave, just as you guys look at products that you can now with more focus on kind of the core SaaS business, whether it's MDR or identity or database activity monitoring, or, you know, the acquisition that you just announced, like, what do you see as the biggest driver of upsells over the next year? Thanks.

I think that all of them. I think that all of them, and it's also, you know, we created this data security market. Now it was very natural expansion to go to other places. So, you know, the database activity monitoring is, you know, big market with just incumbents that we can replace. Everything that's related to social engineering, business email compromise, this is a type of product that every organization needs, and we're attacked are starting today. And we believe that in terms of multimodality, the problem starting with trusted sources, and we have the best solution for that. And every organization in this stage trying to use AI in order to survive and thrive. And we Altu together with what we have is a big force multiplier. So we are really excited about everything, and we're also excited about everything is integrated with everything else. Great. Thank you. Our next question is from Roger Boyd.

Great. Thanks for the question. Guy, I know this is not the focus point going forward, but I wonder if you could just unpack the rebound you saw in 4Q conversion rates. And as you look forward, you said $105 million of remaining on-premise software with the expectation that $50 to $75 million of that converts with zero uplift. When I back out Fed and SLED, my gut reaction is that's a pretty optimistic view on conversions going forward. So maybe just talk about kind of your confidence over the remaining commercial customer base there and in terms of timing, just any sense of how quickly you could get in front of this or if you expect to be maybe more back-half weighted? Thanks.

So let's start with the fact that we converted in Q4 approximately $65 million. That's a really large number. You can see that in comparison to any of the other quarters. It's 50% higher than Q2. It's close to 60% higher than Q3. I think part of it was absolutely driven by the fact that we had the end-of-life announcement. That generated a sense of urgency with our customers and actually helped us get customers to convert. In terms of 2026, we put a bare case and an optimistic case, and those are the two ranges. I would say that in terms of guidance, the $50 to $75 million is not expected to our expectation is to be within that range. Our base case is kind of that midpoint. We do expect some of the customers from the federal and state government to convert. So it's not like we're writing off every single customer. But I would say that the focus from a kind of a perspective of a vertical that would convert at lower rates is that federal business. But it's not an expectation that none of them will convert. So we feel very good with that $50 to $75 million range. And as you can see, that range is wide because there are a lot of uncertainties, but we do feel confident with that range itself. So our base case scenario is that midpoint. And I think we can do a really good job of getting those customers over. Keep in mind, we got questions about the $180 million of non-SaaS ARR at the end of Q3. And so many of the investors wanted to get a number and wanted to get a range. And many of the investors that we talked to had an expectation that we won't get any, which we thought was not reasonable either. So I think when you look at the actual performance of Q4, the fact that we were able to convert such a large portion had to do with the end-of-life announcement and the urgency that that generated within our customer base. And the expectation for 2026 is within those ranges of $50 to $75 million.

It's also critical to understand that in most other companies that they are doing the SaaS transition, there is not a big discrepancy in features between the on-prem and the cloud. For us, it's something that is completely different in our cloud moving extremely fast, and we integrate the new acquisitions there. And these customers, as Guy said, these federal customers and some just local government customers and some customers that have hesitation and don't want to go to SaaS, I was just it's a huge, huge difference. And then when you have this growth business that is strong and profitable, and as Guy said, you know, we believe that we can get to the 2027 goals with these customers that will not convert to the 2027 goals that we in the investor day. Very important to understand that it's just it's something that is completely different. And not only that, with the way that we move and release features, the SaaS platform works, the discrepancy is growing and growing. And what will happen is that you will have a small cohort of customers that will take this a lot of operational resources to do something that is just not relevant. So this is what you see from us. We just, you know, we are now 86% there, and we just want to be 100% there and make sure that we, you know, we have this SaaS platform. We have high-quality SaaS metrics, and this is where we invest. This is how we move forward. And we just want to make sure that, you know, the last leg of conversion, anybody that we can convert will convert and fight for it. But folks who will not go to the cloud, we need to end the cloud. And partway with them.

Our next question is from Fatima Boolani with Citi.

Good afternoon. Thank you for taking my question. Guy, I wanted to just zero in on the OpEx and free cash flow expectations. You've been very clear about a number of different factors that are impacting that trajectory. But I was hoping you could sort of recrystallize some of what you shared with respect to the end-of-life headwind, the ARR contribution compression as it relates to some of the nonrenewal assumptions, as well as maybe some organic investments that you are making in growing your sales capacity and then also in the context of the Altu acquisition. So hoping you can stack rank the level of impact from an operating expense and free cash flow headwind perspective between the organic inputs and inorganic inputs, especially kind of given the number of acquisitions that you're absorbing into the cost base? Thank you.

Absolutely. I'll start by the fact that when you look at the free cash flow progression, I think we've done a good job of increasing kind of the free cash flow number over the last couple of years. And when you look at the ARR contribution margin, we've actually increased it to levels that are just below the 2027 model that we laid out in our 2023 investor day. So I think from a profitability perspective, we have proven to investors that we have the path, and we know how to improve and increase the top-line growth with bringing some of it to the bottom line. When you look at the 2026 numbers, especially when you look at some of the lower renewal rates for the non-SaaS business, that have been below our historical levels, obviously, when you think about renewals, they go directly to the bottom line. That's your pure profitability component, and they are way more profitable than the acquisition of new customers that have a higher cost. So when you think about kind of the non-SaaS ARR that is not going to renew, that obviously has that headwind, and we talked about the $30 to $50 million of headwind from that end-of-life announcement. But I think what's important to note is that if we didn't call that end-of-life, the impact would have been much higher. So if I have to break down kind of that headwind, I would say that for the most part, it relates to the lower renewal rate for that non-SaaS business. Obviously, the acquisitions have a cost. And when you think about the guidance, we didn't bake in any upside from those acquisitions. We saw very good momentum in Q4 with Interceptor. But we need to see how that progresses from 2026. So I think there's upside there for us. And the acquisition that we announced today, we feel good about our ability to capitalize on that as well. So from an expense perspective, we baked in those expenses as part of that guidance, obviously. We didn't fully bake in any real upside for 2026. And we do believe that we can get there. So if you had to break down that headwind, I would say that for the most part, it comes from the renewals, but, obviously, some of it is from the acquisitions themselves.

Our next question is from Mike Cikos with Needham.

Great. Thanks for taking the questions here, guys. And just, Guy, to be perfectly clear on the M&A assumptions. So you're not assuming any revenue or ARR contribution from Cyril or Slashneck even though both those products launched last year? And then I guess the follow-up, given some of the changes that were announced following Q3 with the 5% headcount reduction, and the downsized federal team, can you just help us think about your go-to-market organization today? What is the typical tenure of your sales rep? Have there been any changes to incentives as we enter the new year? Thank you.

Absolutely. So, yeah, when you think about kind of the assumptions that we had for guidance for 2026, we didn't bake in any real top-line contribution from any of the acquisitions. That doesn't mean that we don't think we can generate activity and top-line growth from them. But our starting point assumed a real modest contribution from them and nothing major, but we do feel that there's a path there, and we're seeing good momentum in conversation with customers. Keep in mind, the INTERCEPT acquisition only closed in September. So it's a really short runway when we sit here today for a company that didn't have any material ARR, but we definitely see significant opportunity going forward. In terms of kind of the rep profile, I think that one of the things that is interesting going into 2026 is that with those acquisitions, we actually do have a near-marked budget that we can go and replace. Which does change and simplify some of the go-to-market for the sale of those Interceptor and the viral acquisition. And it's definitely something that we need to see how that progresses, but we feel very good with that path. And when you think about the comp plan for 2026, and I want to touch on the 2025 comp plan. I know many of the investors asked us a lot about it throughout the year. But in 2025, reps had a lot of ways to make money. They could sell to new customers. They sell to existing customers. And they could make money from the conversion. In 2026, they cannot retire quota on the conversions themselves. So their way to make money is by selling to new customers and by selling to existing customers. And I want to put another caveat in. They can make money by selling to both. But they have absolutely no way of making big money if they don't sell to new customers. So there is a threshold from a new customer perspective for them to sell. And we believe that as we have gone through the non-SaaS ARR and got to 86% and can go back to focusing on new customers and existing customer sales and don't need to have the reps cannibalize their time by focusing on the conversion, that actually opens up their ability to increase their productivity levels. And that's the way the comp plan was structured. With no ability for them to make money towards their quarter retirement on the conversion side.

Our next question is from Rudy Kessinger with D. A. Davidson.

Hey. Great. Thanks for sneaking in here. So, Guy, actually, I again, as everybody on this call said, appreciate the new disclosure here. I actually want to dig into the SaaS net new ARR guidance, excluding the conversions midpoint of about $121.5 million. I certainly hear your comments about, you know, reps were really bogged down and tied up with conversions last year, and yet you still did about $110 million of net new SaaS ARR excluding those conversions. And so if I consider the reps being much more freed up to really focus on SaaS expansion, new logos this year, $121.5 million actually to me seems, you know, pretty conservative and or lower than it should be if I assume you maintain at least a 110% SaaS net retention rate. So could you just maybe take it a step further? Like, what are the assumptions in that $121 million figure around new logo contribution, net retention rate, etcetera? And just how conservative are those assumptions?

So you're absolutely right. We are guiding in a conservative way as a starting point for the year. And you're absolutely right that if you look at the net new SaaS ARR excluding conversions being at $109.5 million, but also accounting for approximately $190 million of conversion ARR, when you don't have that component, the conversion side, then you can go and sell to new customers and existing customers in a better way. So I agree with your statements, and I think that we fully understand what we need to do in order to execute and grow this business in the way that we believe we can grow the business. Sitting here today, we feel very comfortable with the guidance that we provided. And know what we need to do in order to execute and improve it throughout the year. But the assumptions from an NRR perspective is that we actually can do better. There's a lot for us to sell. Going back to the base. And we think that we're selling to new customers, freeing that time that was cannibalized by our reps, they can actually go to many more new customers and sell to them as well. So I agree with your statement. And that is our starting point for 2026.

If you look at the offering today versus just a year ago, we, you know, doubled the platform in terms of value. The focus needs to be not on the conversions to create value and make sure that the data of our customers is protected in an automated way. This is our mission, and this is what we are going to do.

Our next question is from Joseph Gallo with Jefferies.

Hey, Really appreciate the question and thanks for all the extra disclosures. Guy, can you just help me understand a little bit more the end-of-life headwind to free cash flow? I mean, your billings and ARR were really strong in 4Q. You're still guiding for ARR to grow in calendar '26. So I'd imagine billings and bookings are growing. So just is there something different with the cash collections? And then just any more that you can kind of quantify on, you know, what the benefit for not having to support on-premise can be? Is that a few points to margin? And is that a '26 story or '27? Thank you.

So, Joe, I actually think that the free cash flow headwind is a much simpler story than anything else, honestly. When you think if you took the renewal rate, the historical renewal rate of the business, and baked it into the non-SaaS ARR, that is the delta. That is the headwind. And we're obviously not getting the same oh, at least the assumption is that we won't be getting the non-SaaS ARR at the same renewal rate historical level, a, because we didn't see that in Q3, and, b, although Q4 renewal rates they were still below historical levels for the non-SaaS business were better than Q3. And I think the end-of-life actually helped us get a lot of the customers converted, and the expectation is that the end-of-life announcement will actually help us get a lot of our customers converted in 2026. But as you can see, that $50 to $75 million range from approximately $105 million denominator is not over 90% renewal. And I think it's a much simpler math, and I know we're getting a lot of questions on it. But to me, it's a pretty straightforward calculation in terms of the headwind itself. So when I look at the actual kind of profitability profile for us as an organization, nothing really has changed. We're not changing kind of the philosophy of investment. We're not trying to invest more in order to generate a lower top-line growth rate. If you look at the trajectory from an ARR contribution margin perspective, and you bake in the additional kind of loss on the headwind from the non-SaaS component, you would see that we would continue to grow at the same historical level. But the announcement of the end-of-life and I said this before, and I probably want to reemphasize this. The announcement of the end-of-life actually helped us in three ways. One is generating that sense of urgency for customers to convert. The second one and I think this is actually important to note, if we would have kept the on-prem subscription going forward, and we would have had a renewal rate that is historically lower than or lower than our historical levels, then the growth rate would have been masked. The total growth rate would have been masked by that component versus a really strong SaaS business. And that's why we spent so much time on breaking out the SaaS excluding conversions and putting the conversions as a separate bucket. Because that allows investors and analysts to actually see the two companies that Varonis Systems, Inc. is right now, the forward-looking and the rearview mirror, which is that conversion component. And, yes, we believe that announcing that end-of-life going to 2027 and beyond can actually generate benefits on the bottom line on savings, and that's why we feel confident with our 2027 model.

Our next question is from Junaid Siddiqui with Truist.

Great. Thank you for taking my question. You've talked about MDDR having software-like gross margins over time. As it becomes a material contributor to your business, how do you envision gross margins? Do you anticipate any changes from the range that in that high seventies, low eighties?

No. We don't expect any material change there. The MDDR has been very well received by both our customers and our sales force. And has been adopted very well. Keep in mind, we only introduced it in 2024, and it's been in a very positive way. We still believe that every single customer should have MDDR. It's going to take time, but we're definitely feeling very good about the path that we have taken so far and what is lying ahead with MDDR as well.

But, also, it's very important to understand that the MDDR is really an AI-based offering. It's just a genetic offering in most of the alerts are being reviewed and closed by the AI agents, the robot. And this is the beauty of it.

Thank you. There are no more questions at this time. I'd like to turn the floor back over to Tim Perz for any closing remarks.

Thanks, everybody, for the interest in Varonis Systems, Inc. We look forward to meeting with you all later this quarter. Goodbye.