RBRK - NYSE

Good afternoon, ladies and gentlemen, and welcome to the Rubrik First Quarter Fiscal Year 2026 Results Conference Call. [Operator Instructions]. This call is being recorded on June 5, 2025. And I would now like to turn the conference over to Melissa Franchi, Vice President of Investor Relations. Please go ahead.

Hello, everyone. Welcome to Rubrik's First Quarter Fiscal Year 2026 Financial Results Conference Call. On the call with me today are Bipul Sinha, CEO, Chairman and Co-Founder of Rubrik; and Kiran Choudhary, Chief Financial Officer. Our earnings press release was issued today after the market closed and may be downloaded from the Investor Relations page at www.ir.rubrik.com. Also on this page, you'll be able to find a slide deck with financial highlights that, along with our earnings release includes a reconciliation of GAAP to non-GAAP financial results. These measures should not be considered in isolation from or as a substitute for financial information prepared in accordance with GAAP. During this call, we will make forward-looking statements, including statements regarding our financial outlook for the second quarter and the full fiscal year 2026, our expectations regarding market trends, our market position, opportunities, including with respect to generative AI, growth strategy, product initiatives and expectations regarding those initiatives and our go-to-market motion. These statements are only predictions that are based on what we believe today, and actual results may differ materially. These forward-looking statements are subject to risks and other factors that could affect our performance and financial results, which we discuss in detail in our filings with the SEC. Rubrik assumes no obligation to update any forward-looking statements we may make on today's call. With that, I'll hand the call over to Bipul.

Thank you, Melissa. I want to start by thanking everyone for joining us today. Our first quarter results were excellent. This quarter, we once again exceeded all guided metrics across top line and profitability. Here are 5 key numbers. First, subscription ARR reached approximately $1.2 billion, growing 38% year-over-year. Net new subscription ARR reached $89 million in the first quarter, a standout for a company at our scale. Second, our subscription revenue was $266 million, growing 54% year-over-year. Third, our subscription NRR remained strong, yet again above 120%. Fourth, customers with $100,000 or more in subscription ARR reached 2,381, growing 28% year-over-year. Finally, on profitability, we once again made material improvements in subscription ARR contribution margin, up over 1,800 basis points year-over-year. On cash generation, we are very happy to report we had over $33 million in free cash flow this quarter. This combination of top line growth and cash flow margin at our scale is rare. These outcomes are a result of a very deliberate strategy. First, we have a very differentiated product and comprehensive offering for cyber resilience. Second, we offer a true platform that enables multiproduct leverage for our customers. Third, Rubrik has a unique innovation engine that delivers a steady stream of new products and solutions that lead and define the future of cybersecurity. And finally, we have a culture of long-term thinking where we continuously conceive yet unproven bold ideas to unlock new markets. As a result, we remain confident about our opportunity, and we have raised our guidance for the year. Let me start by giving you a broader context on our market opportunity. Cyber resilience is the top cybersecurity priority. My conversations with leading CISOs and CIOs around the world point to a growing recognition that cyber breaches are inevitable in spite of significant investments they make in cyber defenses. At the same time, enterprises are looking to replatform and modernize their infrastructure in preparation for AI. In this increasingly complex environment, customers are turning to Rubik for uniform and consistent data policy controls as well as rapid accurate recovery from cyber attacks. From our inception, Rubrik was designed to help customers achieve the fastest cyber recovery time. At the center of our unique architecture is the Rubrik preemptive recovery engine, our natively integrated platform continuously and automatically scans all protected data and identities across a customer's entire IT ecosystem to precalculate green recovery points and our ability to pre- compute metadata unlocks the necessary data context and tooling needed to recover quickly from a cyber attack. Legacy backup as well as new-gen backup vendors can't match this proactive capability because their solutions weren't natively built for it and their capabilities are often bolted on from acquisitions or from third-party tools. For these reasons, we win the vast majority of deals in head-to-head competition. Now let me talk about innovation. We continue to innovate across data security and AI vectors as we tackle more and more complex problems for our customers. Rubrik employs a unique portfolio approach to S-curves, managing innovations at different stages to maintain maximum momentum while preparing for what's next. Let me expand on that further. We live in an age of technology acceleration. Microsoft took 20 years to become a household name. Facebook 2 years and ChatGPT just 3 months. Rapid technology changes means businesses must reorient and evolve constantly. The key to building an enduring institution in this technology era is to continuously layer concurrent S curves. To achieve this, we use the combination of forward motion, which focuses on scaling current successes such as our cyber resilient data protection business as well as lateral motion, which focuses on a portfolio of new initiatives to unlock future S curves. Our forward motion team is expanding our cyber resilient data protection solutions across new applications and workloads, while exploring new routes to market, accelerating distribution network, serving new customers and expanding our value proposition within our customer base. But you can't just rely on forward motion to achieve sustained success. failing to innovate could lead to eventual stagnation. In fact, we deploy a specialized team as lateral motion to discover new product market fit and launch innovative initiatives to unlock the next S curves. We already have a track record here as we have successfully built our M365 protection solution from a scratch to a scale business. We are using the same approach to introduce new identity resilience solution that brings identity and data context together for the first time in the industry. Rubrik's innovation engine is powered by our unique platform architecture, one that combines data and metadata across enterprise, cloud and SaaS applications as well as identity providers. The Rubrik platform uniquely brings data security and cyber recovery together to deliver comprehensive cyber resilience for both data and identity. This makes us a true platform company. Let me explain further. Rubrik manages mission-critical business data as the common unit of currency across the whole organization. Our platform strategy allows us to innovate faster and deliver effective solutions to critical challenges at the epicenter of data security and AI. All our solutions leverage the same underlying preemptive recovery engine to deliver risk and remediation solutions across data and identity. In fact, our customers realize more value from the Rubrik platform as they adopt more Rubrik products and solutions. This is because our platform gets smarter as we cover more of our customers' data and identity landscape. Let me detail some of the opportunities and wins across our initiatives at varying scale. If you recall, our fraud motion is propelling our cyber resilient data protection business from scale to super scale. As companies shift deeper into cloud and GenAI, they choose Rubrik to deliver comprehensive cyber resilience and quicker cyber recovery times across clouds. Of the many examples, let me give you 2 specific wins from this quarter. The first, a major U.S. pharmacy solutions company selected Rubrik as their cyber resilience partner for their cloud transformation. We not only replaced a long-time legacy vendor, but also outcompeted a new gen vendor. Key differentiators included Rubrik's clean and rapid cyber recovery, hybrid cloud scalability and the simplicity of our Rubrik Security Cloud or RSC platform. the customer adopted RSC Enterprise Edition, unstructured data protection and SaaS data protection for M365. This customer also combined our DSPM and identity recovery solutions for complete cyber resilience while being a design partner for our Annapurna AI product. And the second, a large European insurer chose Rubrik RSC Enterprise Edition with unstructured data protection to protect critical structured and unstructured data across cloud and enterprise environments. Rubrik was chosen over competitors for our ability to meet and exceed board-level cyber recovery time objectives for critical business services. This customer also noted our simplicity, cost effectiveness and superior performance in securing significant cloud workloads. Let me shift gears and talk about 4 key cloud innovations that deliver differentiated product. First, we introduced code-to-cloud cyber resilience. As a result, we can now protect from the first line of code to the full stack of applications in production. Second, we created new purpose-built technology for advanced protection of cloud relational databases, starting with AWS RDS. Third, we expanded our cyber resilience capabilities for Google Cloud. And finally, we also introduced Rubrik for Oracle Cloud Infrastructure, essentially strengthening critical coverage of all 4 major hyperscalers. Ultimately, our differentiation in cloud protection is built on our assumed breach approach. To deliver this, we combine DSPM and cyber recovery natively on our RSC platform, which is powered by our native data threat and preemptive recovery engines to achieve complete cyber resilience. No one else does this. Now let me highlight a few customer wins with cloud and SaaS protection. This quarter, a Fortune 500 financial services company expanded its Rubrik deployment by adding Cloud Protection Enterprise Edition for its complete Azure environment. Our POC showed not only significantly faster recovery times, but also a 25% saving in cloud cost over 3 years compared to their existing cloud-native backup solution. This customer also added identity recovery for Entra ID, enhancing their M365 protection for more than 10,000 users. A global quantum computing company chose Rubrik this quarter to safeguard their vital SaaS data. Resilience and availability are crucial in their industry. Their legacy backup provider posed too many security vulnerabilities and was ill-equipped to secure cloud workloads at speed and scale. In under 2 months, they transitioned to Rubrik as their unified platform, now securing critical workloads such as M365, Jira and Salesforce. As I mentioned before, we are leveraging the lateral motion approach to scale our data security posture management or DSPM and identity resilience solutions. Together, these solutions help customers achieve cyber resilience by bringing identity and data context together with cyber recovery to solve cybersecurity challenges before, during and after an attack. Let me discuss our opportunity in identity resilience. Active Directory and Entra ID are the backbones of identity for companies worldwide. However, their ubiquity makes them prime targets for attacks. Attackers go after identity infrastructure because it gives them access to all the critical data. And when identity systems are compromised, every subsequent recovery effort becomes exponentially more complex. We see a huge opportunity in securing identity. Our newly released identity recovery solution has seen notable momentum due to our unique ability to orchestrate hybrid cloud recovery across Active Directory and Entra ID, all while avoiding malware reintroduction. This transforms identity recovery times from weeks to under an hour. I already mentioned a few customer wins for identity recovery, but let me add a few more. A major U.S. hospital network added Rubrik Identity Recovery in Q1, choosing Rubrik over a stand-alone identity recovery competitor. This represents the customer's third expansion since their initial purchase in August of last year. Additionally, a large U.S. state county expanded with Rubrik to bolster its cyber resilience after a significant ransomware attack impacted a nearby county. This customer added Rubrik AD Forest Recovery and added RSC Enterprise Edition to ensure minimal disruption in the face of an inevitable cyberattack. Lastly, I'll spend a minute talking about some of our longer-term initiatives such as Rubrik Annapurna. Rubrik Annapurna is designed to help break through the barriers preventing GenAI applications from broad-based enterprise deployment. This solution enables secure and scalable GenAI by leveraging Rubrick's unique ability to extract, manage and secure business data, the most important real estate in GenAI. Annapurna now integrates with Google Agent Space, facilitating secure GenAI deployment on Google Cloud. We are in the early phases of optimizing product market fit for Rubik and Apona. We plan to add more capabilities and investments to help organizations deliver secure GenAI applications faster. As a reminder, this is a multiyear initiative to bring our Gen AI solutions from 0 to 1 and then to a scale. Just as our successes in cyber resilience was built through the years of dedicated effort and calculated market risk. In closing, I would like to share my personal gratitude. First, thank you to my fellow Rubrikans. Your unwavering customer focus and disciplined execution have given us an incredibly strong start to the year. As a result, we continue to win the cyber resilience market, and I believe our opportunity is bigger than ever. Also, a big thank you to our customers and partners. Your trust in us to secure your data and business pushes us to continue to define the frontiers of cybersecurity. And lastly, thank you to you, our shareholders, for your continued support and trust. We are just getting started. The best is yet to come. With that, I'm pleased to pass it over to our Chief Financial Officer, Kiran Choudhary.

Thank you, Bipul. Good afternoon, everyone, and thank you for joining us today. Q1 was a strong start to our fiscal year, demonstrating our continued leadership in the growing market for cyber resilience. Strong market drivers, our competitive positioning and a unique land-and-expand strategy fueled another quarter of solid top line growth at scale. We also saw strong and continued improvement in profitability. We are pleased to have exceeded all guided metrics in Q1, and we are raising our outlook. Let me start by briefly recapping our first quarter fiscal 2026 financial results and key operating metrics, and then I'll provide guidance for the second quarter and full year fiscal 2026. All comparisons, unless otherwise noted, are on a year-over-year basis. We are very pleased to have ended Q1 with subscription ARR of $1.18 billion, growing 38%. We added $89 million in net new subscription ARR. We continue to drive adoption of our Rubrik's Equity Cloud, which resulted in $972 million of cloud ARR, up 60%. Our differentiated land-and-expand model benefits from multiple avenues to gain new customers and grow our footprint after the initial contract. Expansion occurs through increased data in existing applications, securing more applications or adding more security functionality. As a result, we continue to see a strong subscription net retention rate, which remained over 120% in the first quarter. All vectors of expansion are healthy contributors to our NRR, highlighting the meaningful runway we have to more deeply penetrate our customer base. Adoption of additional security functionality contributed slightly more than 30% of our subscription net retention rate in the quarter. We ended the first quarter with 2,381 customers with subscription ARR of $100,000 or more, up 28%. These larger customers now contribute 85% of our subscription ARR, up from 81% in the year ago period as we become an increasingly strategic partner to our enterprise customers. For our first quarter, subscription revenue was $266 million, up 54%. Total revenue, $278 million, up 49%. Revenue in Q1 benefited from our strong ARR growth and tailwinds from our cloud transformation journey. We also saw higher nonrecurring revenue, which was accounted for as material rights related to our cloud transformation. This contributed approximately 7 percentage points to revenue growth this quarter, which was a few percentage points above our expectation. Turning to the geographic mix of revenue. Revenue from the Americas grew 51% to $203 million. Revenue from outside the Americas grew 43% to $75 million. Before turning to gross margins, expenses and profitability, I would like to note that I'll be discussing non-GAAP results going forward. Our non-GAAP gross margin was 80.5% in the first quarter compared to 75.4% in the year ago period. Our gross margin benefited from the revenue outperformance, including higher nonrecurring revenue and the improved efficiency of our customer support organization. We anticipate total gross margin to remain within our long-term target of 75% to 80% in fiscal 2026. As a reminder, we look at subscription ARR contribution margin as a key measure of operating leverage. We believe the improvement in our subscription ARR contribution margin demonstrates our ability to drive operating leverage and profitability at scale. Subscription ARR contribution margin was positive 8% in the last 12 months ended April 30 compared to negative 11% in the year ago period, an improvement of over 1,800 basis points. When normalizing for the $23 million in employer payroll taxes associated with the IPO in the prior period, the improvement was over 1,500 basis points. The improvement in subscription ARR contribution margin was driven by higher sales, the benefits of scale and improving efficiencies and management of costs across the business. Free cash flow was positive $33 million compared to negative $37 million in the first quarter of fiscal 2025 or negative $16 million when adjusting for the $21 million in employer payroll taxes associated with our IPO. This increase was driven by higher sales and improved operating leverage, offset by an increasing mix of annual and monthly payment terms and shorter contract terms related to the year ago period. Turning to our balance sheet. We ended the quarter in a strong cash position with $762 million in cash, cash equivalents, restricted cash and marketable securities and $323 million in debt. Let me now provide some context on our outlook for fiscal 2026. We remain confident about the strength of the cyber resilience market and demand for our differentiated offerings. We believe these drivers alongside our strong and consistent execution will deliver strong subscription ARR growth ahead. In terms of operating investments, we'll continue to invest in R&D to drive innovation in the large and growing markets we operate in across data, security and AI. We'll also continue to make investments in go-to-market where we see the most compelling ROI across select regions and verticals and to find product market fit and scale up new innovations. Let me discuss our current outlook on quarterly seasonality. After our strong Q1, we anticipate that the first half of the fiscal year will contribute approximately 46% of the total net new subscription ARR with the remaining approximately 54% expected in the second half. In addition, subscription ARR contribution margin has some seasonality due to the timing of net new subscription ARR and operating expenses each quarter. Based on our current net new ARR linearity and investment plans, we continue to anticipate that subscription contribution margins will be the seasonally lowest in Q3 before moving higher in Q4. Please see additional modeling points for fiscal 2026 on Slide 31 of our investor presentation, which can be found on our Investor Relations website. Now turning to our guidance for the second quarter and full year fiscal 2026. In Q2, we expect revenue of $281 million to $283 million, up 37% to 38% -- we expect non-GAAP subscription ARR contribution margins between 4.5% and 5.5%. We expect non-GAAP earnings per share of negative $0.35 to negative $0.33 based on approximately 196 million weighted average shares outstanding. For the full year fiscal 2026, we expect subscription ARR in the range of $1.380 billion to $1.388 billion, reflecting a year-over-year growth rate of 26% to 27%. We expect total revenue for the full year fiscal 2026 in the range of $1.179 billion to $1.189 billion, reflecting a year-over-year growth rate of 33% to 34%. We expect non-GAAP subscription ARR contribution margins of approximately 6% we expect non-GAAP earnings per share of negative $1.02 to negative $0.96 based on approximately 198 million weighted average shares outstanding for the full year. We expect free cash flow of $65 million to $75 million. In closing, we are pleased with the strong start to our second year as a public company and a higher outlook for fiscal 2026. We remain confident in our ability to deliver efficient and durable growth as a market leader in cyber resilience. With that, we'd like to open up the call for any questions.

[Operator Instructions] Your first question comes from the line of Saket Kalia from Barclays.

Okay. Great. a nice start to the year. Bipul, maybe I'll make the one question for you. I think we all -- we all think about the share shift that's happening in this market from legacy to next gen, which is clearly benefiting Rubrik. But I'm curious, how long of a runway do you think that has? And particularly with some of the points that you're making on identity, do you think the move to cyber resilience is expanding this TAM at all that's available for conversion. Does that make sense?

Absolutely. So Saket, if you take a step back, Rubik is a true platform company. We actually took on legacy backup and recovery and transformed that into a data security platform to deliver cyber resilience. And this Rubik Security Cloud has built in preemptive recovery engine that takes the cyber recovery time from weeks and months to hours. And that is what is making us win. We are the only vendor that provides comprehensive cyber resilience across data and identity, both across risk and remediation. And because of our unique offering and platform approach, we are winning customers, and we are winning vast majority of the deal in head-to-head competition. And this new identity resilience angle is expanding our TAM. -- because not only data risk comes from ransomware and other data sensitivity, but the identity stealing and identity-based attacks are on the rise in a very significant way. And we are giving our customer a peace of mind against those attacks. And that's what is helping us to deliver end-to-end cyber resilience, which is very unique in the marketplace, and we are the only ones doing it. To give you an example, a world-renowned cancer medical center replaced their legacy backup vendor, and we also outcompeted an associated new gen vendor, and they chose RSC Enterprise Edition because of our demonstrated ability to not only deliver the fastest cyber recovery at scale, but also give them the complete risk information. So this is an example of why customers are choosing us, how we are displacing legacy vendors and expanding the market and TAM by combining data and identity.

Your next question is from the line of Kasthuri Rangan from Goldman Sachs.

Congratulations to the Rubrik team on a spectacular start to the fiscal year. Bipul one for you. As you continue to innovate, add functionality at a pretty rapid pace and the market continues to be receptive in that this is not just a replacement TAM, but replacement TAM and some more. What is the what is happening to sales cycles, the broader awareness of what Rubrik can do replacement cycles of older legacy technology? Could we be at a point where we're at the at the front end of what could be an S curve of adoption, and we maybe are at a point where what used to be obscure in the back orders is now all of a sudden more front and center. Maybe I'm overstating the case, but I'm sure you have a strong view on that.

Absolutely, Kash. If you -- if you think about the current market environment we are in, which is generative AI and productivity gains, Generative AI is pushing all enterprise and governments to really replatform and modernize their infrastructure to take care of -- to take advantage of Generative AI opportunity. But generative AI is all about data and understanding data integrity in the data and security in the data and that's Rubrik's business. We have pegged our whole company on data security. That's what we built a data security platform by transforming legacy backup and recovery. So we definitely believe that we are on the front end of a very long, large secular trend around data, security and AI. And as our customers transform and adopt more cloud as they use GenAI, we are actually helping them have confidence and peace of mind that their services will be up. They can actually feed safe data into their GenAI application. Just to give you a sense of what is happening with replacement, a very large Japanese industrial company that had multiple native cloud backup tools, they replaced all of them with Rubrik Security cloud protection to safeguard critical AWS, Azure plus Oracle workloads. And Rubrik was selected over new gen vendors because of our unique ability to mitigate cyber threats and deliver cyber resilience, cyber recovery at a lower cost. And we are saving cloud cost. So in some ways, we are delivering double impact cyber resilience plus cost savings and making our customers secure and giving them the ability to take secure data and feed into GenAI, giving them ability to confidently do cloud transformation. And these are some of the trends that are propelling us.

Your next question is from the line of Andrew Nowinski from Wells Fargo.

Great quarter. I wanted to ask another question around identity resilience that you introduced at RSA. I think it's a really interesting product it really could be a game changer because no 1 else is combining identity with cyber resilience. So I'm wondering, I guess, first, is the integration with Laminar complete? And then would this new capability allow customers to replace any sort of point products they may be using with other identity security vendors?

Thank you for this question. Let me give you a broader sense of our strategy and what we are doing. As I said before, Rubrik pegged its future on data security. But the source of data risk is both from the intrinsic data sensitivity plus the identity interaction on the data. And we have this strong point of view that to secure data, you need to understand data and understand data risk as well as understand identity risk on data. The first step of this strategy was to acquire DSPM Laminar product that we have fully now integrated on the Rubrik platform. In fact, our DSPM ARR was up over 300% year-over-year this quarter. But that's not the point. The point is cyber resiliency requires both data resilience and identity resilience together. together in a single platform delivered in a single way because you need to understand what data you have, what is the sensitivity of the data, who has access to the data and who is doing what to your data. And by combining identity security with data context and data security, so essentially identity plus DSPM together, we are forging a whole new world of data security, which is complete and comprehensive. And that is our opportunity to replace point products across DSPM or purely identity recovery because these 2 separate products don't create as much value when you bring it identity and data all together. And that's where we are seeing great momentum in identity recovery. Just to give you an example, a very large health care odd experienced an outage with Entra ID. And it took them a week to recover with the competing solutions that they had. And they brought in Rubrik to deliver faster cyber recovery and increase their resilience posture. And if you think about the identity and data combination I talked about, European financial institution chose Rubrik to detect and mitigate exfiltration risk and which is around data, and that allowed them to be in compliance with DORA. So we have a number of significant tailwinds, both in and around data and identity, and we are taking the unique approach of combining these 2 into a singular strategy, singular platform, similar product. And again, we always take a very long-term view of these things. Again, we are experimenting, iterating, figuring out how we package, how we sell, which solutions work with what. And we'll update you as we evolve our strategy, but we are definitely seeing great traction in this space.

Next question is from the line of John DiFucci from Guggenheim Securities.

my question is more of sort of a macro question. You're near the end of the reporting companies for this quarter, and we've generally seen some sort of suppressive effects of an uncertain macro backdrop, especially in security, I think of 1 other exception, just one, and it has to do with identity, which you're talking about, it was CyberArk, but this is suppressive effects don't show up in your numbers at all? So first, I guess, how would you characterize the demand environment in general, and that's beyond Rubrik? And how are you able to execute against that environment? And if you can sort of talk about product, go-to-market prowess and the general demand in your end markets?

Thanks, John. That's an insightful question. Let me give you my context or my understanding of where things are. Rubrik is creating a new future for cybersecurity. The last 30 years of cybersecurity has been buying 80 to 100 different tools around prevention and detection of attack. And everybody had -- has in digestion right now with different tools, different vendors, in some cases, hundreds of vendors. And what to pick, what not to pick is like a whack-a-mole that you have a new threat and you buy a new tool to prevent and detect. We created this cyber resilience market. And our vision is why prevention and detection is important you cannot prevent the unpreventable. You need to have a recovery and resilience strategy. And we created a purpose-built platform around cyber resilience across data, identity, risk and remediation. And because of this comprehensive nature of our platform and what we do is not an optional thing. It's not 1 of the 5 tools that they are buying and you are increasing the posture by 1%, 2%, we are a quantum shift in terms of their security posture. So in my discussions with CIOs and CISOs around the world, cyber resiliency is the top cybersecurity priority, and we are not seeing any change in our demand environment. And again, we are very confident about the numbers that we have put up. We believe that we'll end this year very strong. and we continue to transform and help our customers with cyber resilience posture, giving them peace of mind. And what is also interesting is we are operating in a $50 billion market. And identity resilience and identity security is really expanding that market. And as at the end of this quarter, we are $1.2 billion ARR. So we are not opportunity constrained. We are not market constrained or demand constrained. We believe that we are positioned well. We have a unique offering in the marketplace, and we'll continue to innovate and scale.

Your next question is from the line of Eric Heath from KeyBanc Capital Markets.

Congrats on the strong results as well. I wanted to come back to the identity opportunity again. Clearly, it was a huge focus in the call today. And it's been a big focus on cyber more broadly. So maybe I just wanted to maybe help contextualize the size of this opportunity, if you will. And maybe how we should think about this workload opportunity relative to some other popular workloads like 365 and Kiran if there's any sort of color on how much of a contributor to that is today, that would be great.

So the way to think about the identity opportunity, at least to start with is the following. As you know, identities is at the heart of cyber strategy for every business. And identity-based compromises and attacks have turned out to be near #1 attack vector, and origin of identity, which is the identity service provider has become the ground 0 for cyber attacks. And the way identity recovery or identity resilience is built is not built with the modern cyber attack, like principles and how to understand data risk with identity. And that's what we are doing. We're bringing these 2 things together. So again, these are early days for us in identity, and we believe that this is a very large opportunity that we are going after. And we believe that the identity security and data security will eventually merge, and it will be a singular strategy around how do we protect data across human nonhuman identity across the whole enterprise.

Eric, this Kiran, just to add to your second part, we got off to a good start in terms of interest and demand, but it's still very early. We'll keep you updated as we progress more.

Next question is from the line of Gregg Moskowitz with Mizuho.

I also actually wanted to ask about identity resilience because it is a clearly important area within cyber, at least identity as a construct overall. Bipul, can you talk about the incremental investment to go after this, including how you expect to market the solution to prospective customers?

Identity is definitely an area of investment for us. We are focused on identity security as opposed to identity infrastructure. And we want to ensure that we combine our data security and identity security capabilities, features so that we give our customers a complete business understanding of risk and how do we solve it as opposed to different tools. So you'll see a lot from us in this space as we evolve and again, continue to build. Again, Rubrik's this -- we have this long-term vision about things. And what we truly believe is delivering the right data to the right user at the right time on the right platform for the right duration is Rubrik's business. And everything that comes with it, we are going to continue to kind of to innovate and evolve. And that's what we are doing here. And obviously, a lot to share as we make progress here.

Your next question is from the line of Todd Coupland from CIBC.

I wanted to come back to what seems to be a conservative guide even with the 7% growth headwind in Q1. what -- why are you thinking about the guide below trend, given all the tailwinds that we've talked about over the last 50 minutes or so? Talk about that, please.

This is Kiran. Thanks for the question. Just to clarify, the 7% we referred to was actually a tailwind to revenue growth in the quarter. And that is from an accounting concept called material rights wear to a cloud transformation. But in terms of the guide, both from an ARR and revenue perspective. And as you know, we focus on ARR as the best performance metric for the business. given our cloud journey. We had a strong quarter. We grew net new ARR 23%. And from a guidance perspective, we raised it a few points in terms of total growth. as well as net new ARR essentially passing the full beat from Q1 as well as raising a little bit more.

The next question is from the line of Joel Fishbein from Truist Securities.

Great execution. Bipul you've covered a little bit of this, but I'd love to take a broader look at the cyber resilience market, including Identity over the -- if you're looking at like 12, 18 months, how will this space evolve? And looking at from that perspective, what are the top 3 priorities for Rubrik to continue to be the dominant share there?

Thank you. So if you look at what we have done from day 1 of Rubrik, we built a data security platform. And we took a 2-platform strategy across all data landscape from enterprise data to cloud data to SaaS data, now identity is a single policy engine, it's a single control plane, it's a single orchestration of data security across all 3, now we are getting into the identity, and we will cover the identity in the similar vein. What we see is cybersecurity market tends to be very tool centric, and you have many, many tools. We took a strategy of a platform. And what does platform mean? Platform means that you have a single preemptive recovery engine, a single native data set engine across all your data landscape. And how do you correlate those threats? How do you present a singular view of the data security without loading the logs of different tools in a third-party platform and having some other third-party tool analyze it, that we believe is the result of a very archive development of this whole space. So we want to create a single platform around data and identity across all the data landscape, ensuring that our customers have peace of mind that when the inevitable cyber attacks comes to them, they can recover quickly, keep your services up and running and more importantly, understand the risk.

Your next question comes from the line of Keith Bachman from BMO.

Lots of interesting growth vectors if you think about more apps, more data, you're adding identity. Kiran, I didn't know if you would offer us some thoughts then on how you're thinking about the sustainability expansion? Any comments on the expansion rate, the net expansion rate? I understand it's a backward-looking metric. But if you think over the next number of quarters, any comments on how you think that may evolve, particularly given all the -- what seems to be very interesting portfolio expansion?

Thanks, Keith, for the question. So we're really pleased with our NRR of greater than 120% over the past 4 quarters. As you know, we disclosed an average. The business model and the product platform lends itself to a high NRR as we have multiple products in the portfolio with which you can land with as well as expand. And historically, we've spoken about it. We try hard to split the growth between new and expansion. Obviously, with scale, expansion tends to be a little bit bigger than the new business in terms of contribution. But just commenting on the expansion rate itself. In the past, we have benefited a bit more from our model transition from maintenance to subscription, and that has normalized. But we do expect it to -- the NRR to moderate over time because we are also landing bigger now with multiple products, and that is a little bit of a headwind to NRR. But we still expect our NRR to be pretty strong.

Your next question comes from the line of Shrenik Kothari from Baird.

This is

So our strategy is that we deliver to cyber resilience and cyber resilience has 2 core components: risk and cyber recovery, cyber risk and cyber recovery. And for the cyber risk piece, we combine DSPM and identity pieces and some of the identity piece also bleed into the cyber recovery, and then we provide Enterprise Edition as a complete cyber recovery tool. And that's the strategy we are taking across all the workloads as we kind of land and expand our customers. And that's what is leading to a strong product adoption and overall strong growth.

Your next question comes from the line of Param Singh from Oppenheimer.

I know we've talked about identity security Ad nauseam today. But from my understanding, resilience for Entra ID and Active Directory I think has existed for a very long time, and it's a product available for a lot of other companies in this market. What is unclear to me from our conversation today and from your press release is what are some of the technical advantages and benefits that Rubrik specifically brings to the market that may not be available today. So I'd love for you to educate me on why Rubrik should be winning in identity security and resilience.

This is a really good question. So as I was saying before that Rubrik combines identity and data security in a single platform. And what that allows us to do is that not only we create the backup copy of identity in a cyber resilient immutable way. But upon recovery, we stopped the reintroduction of malware. And so if you think about that, we have a very strong end-to-end solution. The second thing is that we also combine Active Directory and Entra ID recoveries in a hybrid cloud manner, which is very unique. And this hybrid cloud understanding and replicated estate to be able to deliver fully orchestrated identity recovery that takes the identity recovery time from like a week to 10 days to really minutes by creating a wizard style click, click, click, done. And so we have really brought the Rubrik's core simplicity, deep technology, ability to deliver clean recovery fast into identity and combine that with the data security.

Your last question is from the line of Jonathan Ruykhaver from Cantor.

Yes. Congrats on the good quarter. Bipul, your comments on an purse very topical, as a quote from Gartner, that pretty ice 30% of AI projects will be added after a proof of concept this year. And one thing that we hear about from users is an impediment to those workloads, is just the multitude of disparate data stores, both on-prem and in the cloud, it's specifically a challenge around real-time identification and classification, which it seems increasingly foundational to building data security. So what I would like to know in more detail is just how specifically do you see that issue? And how does Rubrik differentiate around identification and classification?

So if you look at our platform from the very beginning, we combined security and data management in a single platform. And to deliver clean recovery, we need to understand the integrity of the data, sensitivity of the data by doing the classification and ability to have a full understanding of user and user interaction on the data. And then a couple of years ago, we realized was that this actually data and security coming together in a compliant and in a full governance mode allows us to supply the right data to the right user at -- on the right platform at the right time for the right duration. And it could be very appropriate for us to give this data to generative AI applications, LLM applications. And that's when we started this whole Annapurna effort. So again, it is very early in our journey. We believe that we are a unique company that sits at the intersection of data security and AI. And we have a unique way to accelerate GenAI adoption by delivering input security and the data at the same time. Again, this is a long-term effort for us 3 to 5 years out. We are figuring out product market fit. We are figuring out how customer would buy, how they would consume. Again, it is one of those S curves that we are building as part of our portfolio of risks that we built as part of our lateral motion. And again, we want to build the next 100-year company, and that long-term company will only be built if we think ahead, understand where the market trends are, align our strategy and product thinking in those lines and deliver the right product at the right time.

There are no further questions at this time. I'd like to turn the call over to Bipul Sinha for closing comments. Sir, please go ahead.

So at -- in closing, I want to thank to all Rubrikans, all our customers and partners, all of you on this call who help us understand the market better, keep us disciplined. And to everybody in the ecosystem, we are very early in our journey. We are just 11-year-old company. We have large ambitions. We want to build a platform company across data, security and AI. And I will repeat, the best is yet to come. Thank you so much, and have a wonderful day.