Skip to main content

Investor Event Transcript

JFrog Ltd (FROG)

Investor Event Transcript 2026-06-30 For: 2026-06-30
Added on July 04, 2026

Conference Transcript - FROG 2026-06-03

Jason Ader, Analyst — William Blair

How's everybody feeling? Good? All right. A lot of happy faces in there. I'm Jason Ader from William Blair. I'm very pleased to introduce Ed Grabscheid, CFO of JFrog, and Jeff Schreiner, who's VP of Investor Relations. We're going to go through some slides, but before we begin, I'm required to inform you that a complete list of research disclosures or potential conflicts of interest is available on our website at WilliamBlair.com.

Ed Grabscheid, CFO

That out of the way, Ed. Thank you very much. Thank you. Good morning, everybody. My name is Ed Grabshott. I'm the CFO of JFrog. And with me today, we have Jeff Schreiner, who is our VP of Investor Relations. I'm going to show some slides, but I'm going to be relatively quickly. I see a lot of familiar faces, maybe new faces in the crowd that don't know JFrog. I'll give a high-level overview, but I'll give the time to Jason to ask some questions. I'm guessing you want to hear a little bit about AI. It's not a topic that we've heard much on the investments circuit, but I'm guessing this group will want to ask about AI. So we'll jump into that a little bit. I won't read the disclosure slides. I'm sure you've seen that a million times. All right. So let me go ahead and start. I'll give you a quick overview of JFrog and who JFrog is and what we've done over the last year or so. We're a little over 6,000 customers, 6,600 at the end of 2025 and continuing to grow. We have more than 80% of the Fortune 100. So not only do we have a large number of diverse customers, we also target the enterprise with more than 80% of the enterprise customers, 83% to be exact. Today, we're now over 1,900 employees. The last reported was 1,800, and we're continuing to grow. So unlike some other companies that are releasing employees, we continue to hire and invest in our workforce, but also utilization of a lot of AI internally, but we have a good balance of both. We see a very large opportunity in DevSecOps, now more than $40 billion in terms of the TAM that's reported. Very strong revenue growth over the last year, 25% over the last 12 months in terms of revenue growth. In the last reported quarter, we did 26%. But more importantly, free cash flow, very strong free cash flow generation, over $150 million in free cash flow, representing a 27% free cash flow margin. So not only are we growing very strong in the top line, we also have a very strong discipline around expansion of operating margins and free cash flow. It's very much focused on our compass of remaining a rule of company. Today, it's a rule of 50, and that is our compass that we continue to guide towards. And lastly, net dollar retention rate of 120% on a trailing four-quarter net dollar retention rates are very strong in terms of expansion of the existing customer base as well. Just our vision overall, we started as a company that was focused on Artifactory, which is the core product, DevOps, but we've expanded that to a platform, which not only is DevOps, DevSecOps, and now focused on governance, DevGovOps, which is in the era of AI, very critical as we manage and govern the software supply chain. But you see here it's about secure software supply chain automation governed and most importantly in this era of AI trusted whatever is coming into the organization it is trusted in terms of the binaries we manage the binaries and this is why it is critical infrastructure for enterprises and organizations around the globe to have JFrog as their binary management platform in the software supply chain. I talked about the number of customers that we have, over 6,600 customers, a penetration in the global 2K, and of course in the Fortune 100, you can see we penetrate more than 8 out of 10 in every single industry. Names that you recognize, I don't need to read them, they're very well-known names, and they're all customers. They rely on JFrog, and we continue to expand on that number of customers and how critical for the enterprise JFrog has become across all industries. It's interesting to see it's not just tech, but it's oil and gas. It's the automotive industry. It's the financials all using JFrog. Everyone is becoming a software company. Everyone is releasing software. And JFrog is the critical infrastructure that allows those trusted and secure releases. It's a busy slide, but it really kind of summarizes the journey of JFrog, and I think it's important. We started originally as a developer-loved tool with Artifactory, a repository, and we've expanded that to a platform. So the heart of the system is Artifactory. This is the DevOps solution, and we've built on top of that. We did the acquisition of VDU many years ago, and we created the DevSecOps opportunity that sits on top of the DevOps solution, and then we further expanded that with the Quok acquisition to enable large language models and training, and then from that acquisition was able to build DevGovOps. So you see the stack of how we continue to grow our critical infrastructure to be able to capture this surge of binaries that is coming from this era of AI. The amount of source code that is being created that then becomes a production binary and goes into the organization hosted by JFrog is a platform solution, not only hosted, but secured and delivered through distribution. We support over 36 languages. We support all of the native AI labs and the number of models that are supported and come into the organization. All of the open repositories are a control plane into JFrog, and this is a visual of how that has evolved over the past 12 years with JFrog. We just released the State of the Union. If you haven't had an opportunity to read that, it's very compelling about what's taking place right now, in particular around AI and the vulnerabilities that are created as models are now coming into the organizations at a lightning pace of creation and the vulnerabilities that it creates. We see here that AI models, you have 1.4 million new AI packages being created. The defenses are out of date, so you see in terms of what's happening and the number of vulnerabilities, and you hear it, you see it daily. There's all types of vulnerabilities in NPM, the Shai-Haloud attack, and the vulnerabilities that are created and the importance of governance and what is needed in order to protect your organization and why JFrog is so critical in that process. And then lastly, the shadow AI. These are packages that are being used within the organization that the CISO may not have awareness. Organizations are adopting AI at a pace that can't necessarily be controlled. We see that. JFrog allows for that governance layer and protection. And again, seeing this opportunity around governance will be the next vector of growth for JFrog, and this is what's driving the continuation and expansion of the platform. Just real quickly on some customer success stories, maybe skip through this fast but what you see here is three fortune 100 companies that depend on JFrog one of those being an automotive company they needed to expand in the cloud they were on a previous version that didn't allow them to a previous competitor I should say that didn't allow them to expand they moved over their workloads to JFrog into the cloud giving them the opportunity to move at a very quick pace and adopt the security solution. The second one being a financial services company. They went wall to wall with security, very quickly adopted it, not only with curation, but advanced security, replacing disparate tools, and able to do that in hours to replace disparate solutions. And then the last one there being a tech company, tech company that has multiple developers. They were able, in an organization with 20,000 developers, consolidate that, have full control over their system, save significant amount of money, and make sure there was continuity across their software supply chain. So great success stories with very large companies and continuing to expand their footprint with JFrog, modernizing their tech stack and also growing significantly within JFrog. Just quickly on the outlook from a revenue perspective over the last year, 24% on a year-over-year basis. When you look at the quarter, we've guided, and we'll talk a little bit about the guidance philosophy, but if you look at the guide for next quarter, it's at 18%. However, we only guide on commitment. So what is contractually committed to JFrog and what we've seen over the last year or so has been significant usage over minimum commitments, but that's not considered in our guidance, nor is large migration opportunities and very large deals. So that's being de-risked out of there and we'll see where we go for the remainder of the year, but we're pretty optimistic and positive with how things are playing out for the year. And the right-hand side just shows this progressive growth as a SaaS company in our revenues. In addition to not only having very strong net dollar retention, we also have exceptionally strong gross retention. So once customers are with JFrog, they understand the mission-critical nature of the infrastructure, and they don't churn. We've maintained best-of-class gross retention rates well above 97%, between 97% and 98% over the last 24 months, two years or so. Very strong retention rates, and customers stay with JFrog. There's no reason for them to churn once they come to JFrog. It's a very sticky product, and they continue to stay with JFrog. and, in fact, expand it at a rate of 120% gross retention rates or net retention rates. Thank you very much.

Jason Ader, Analyst — William Blair

Okay. Thanks, Ed. I want to just level set the conversation because I know for some investors that I talk to, JFrog is a little bit intimidating because of the technology and software development is not a natural thing that people understand how it works. So maybe if you can start out, explain where JFrog plays in the process of software development.

Ed Grabscheid, CFO

Yeah, I think it is a bit intimidating because I think when you understand code and writing software, you understand English, German, Spanish, and how you write the code, and you understand that you have to observe the code once it goes into production. But what happens in the middle is the binaries. And binaries were kind of the redheaded stepchild. Nobody really talked about binaries. They didn't understand binaries because 20 years ago you wrote the code and you deployed it maybe once every year or every two years. Open source packages came into play and then you'd start to pull open source. The pace of code creation exponentially grew. Now in the era of AI, code is basically becoming commoditized. You can write code every single day, hundreds of codes, and maybe not even need humans to do that anymore. But what you need is the machine language, the binary, and the management. That becomes the primary asset, and this is what JFrog has always, always focused on. And it's around secure and trusted infrastructure to be able to deploy those machine languages, the binary. And this is what JFrog does.

Jason Ader, Analyst — William Blair

Gotcha. So source code is text-based that is not readable by machine, by computers. So you have to do some type of a conversion into the… Compile, convert, and then you release. And you guys are in that process of right before production, you're sort of like the last, I guess, step in the process. before it goes into, like...

Ed Grabscheid, CFO

We become the system of record for that production code.

Jason Ader, Analyst — William Blair

Gotcha. All right, so then maybe frame the case for investors for why JFrog is an AI winner.

Ed Grabscheid, CFO

Yeah, I'll go ahead and start, and then you can take it. So, I mean, it's clear today, as code is being written by machines or a combination of humans and machines, the amount of code that has been created has exploded, truly has exploded. and you see the statistics, it's something like growth in the amount of code 14, 15 times from historical levels. That code, once it becomes production ready and it's clean code, not slop and experimentation, but once it becomes clean code, ends up becoming this machine language, this binary. And so as code is being created, more binaries will be created. And there's a need to host those binaries to make sure that you're scanning those binaries for vulnerabilities because the attack surface is now coming through the open source packages of the binaries. And then those are being released and you have to update those binaries. So as more code is being created, more binaries are being created and more production binaries are being created. And this benefits JFrog based on how we monetize and primarily in the cloud that comes in as data consumption and then you deploy that.

Jeff Schreiner, Head of Investor Relations

And I think that what I would add to what Ed delivered and talked about in terms of binaries and the impact in the world of AI. I think that one thing that needs to be understood is the Lego-type effect of what JVOG has built, is that the underlying infrastructure or the platform is something I take, and that becomes more sticky to me as a user as I add on DevSecOps, and that becomes a combination of DevOps and DevSecOps. I now add on DevGovOps, which encompasses all three. And governance is going to be critical in the world of AI. Today, right now, we're at a level where management teams and the board are cracking the whip and saying, we want you to run fast and start building with these models, training these models. And that's the focus today. And you see that in the Git pushes and the tokenization usage. What's going to happen is when that agent becomes autonomous, it will shift quickly to the governance of that agent. And to give you guys kind of an analogy that we have used that I think has been received well, is the fact that the models will be akin to lawyers. And I don't think that any of us would like to find ourselves in a courtroom with just lawyers. They'd be smacking each other's motions down, lots of confusion, things of that nature. You're still going to need a judge. And that is the role that JFrog plays. And I want to reiterate that even as the machines no longer need us mere humans, and they start realizing that their end goal is to produce a binary, and they start building binaries, JFrog will still be critical and will still be the judge because the creators will never be the governors in the enterprise.

Jason Ader, Analyst — William Blair

Okay. Very hopeful. Maybe talk about the Anthropoc Day that we were talking about before the presentation started. I think the stock was down like 20% or 30% just on an announcement from Anthropik on a product called Cloud Code Security. Just talk about how that product would overlap or not overlap with what you guys offer.

Jeff Schreiner, Head of Investor Relations

Yeah, so that product was basically an announcement that they were going to be bringing to market something that's been in the market for the greater part of 20 to 30 years in a source code scanning tool. That is not where we play. We don't have any security pipeline revenue, you know, outstanding RPO that is related to static code analysis, which that is what that code scanning tool was and is related to. In fact, what I think what was missed on that day, other than the governance aspect on the security side, what was missed is that if they are doing this, there was a perception that if they are doing the source code scanning, that it's so good that by the time it gets to binaries, you don't have to do anything. That's not true because, one, I can tell you that secrets detection was done for 20-plus years in source code, and JFrog came along, and now it's being done in binaries because we found out that it's not being done as well as it should have. And what I think people missed is that if I create a better code, right, it's cleaner, it's more, you know, been scrubbed over several times with now their brilliant source code scanner, and we would tell you that scanning is, in fact, probably commoditized, that's probably better to reach what Ed was describing, which we wanted JFrog, which is a production asset, which is putting the binary into production, which isn't really happening yet today. And why is that? Because today with humans, we have customers who are doing 6,000 updates a day. What is going to happen in the world of AI? We are being asked by our customers to provide remediation guarantees of less than four hours today. We joke that by next year, it may be an hour. Two years from now, it may be minutes. That is the criticality. These models are very intelligent. They're equivalent to a thousand-person research security team. But finding the vulnerabilities is not where the value lies and in the world of ai and this new team pcp and the sophistication they have at hacking you know very large well-known repositories they are now you know having kind of a weapon in their own hands and it's a race between you and them as to who's going to patch that vulnerability first gotcha okay and and um i guess the those players

Jason Ader, Analyst — William Blair

in the market, the labs, do you have partnerships with them? How do you interact with them on a daily

Jeff Schreiner, Head of Investor Relations

basis? Basically, with the labs, we've had, as of March, what we've disclosed. Obviously, these are the type of customers you can't really name, but there's maybe five to seven. I always say four through seven is your own opinion, possibly, major frontier labs out there. We feel that we had captured three of those as of the March quarter. Those three had been deployments into our self-hosted side of the business. Knock on wood, Ed and I have learned that nothing is official until the quarter has closed. We hope to have some sort of general conversation about possibly talking about a fourth lab this quarter and I think the thing that we've tried to communicate that we can to the extent we can that's unique is that this would be a lab that would choose to engage with jfrog in a hybrid capacity so there would be some cloud exposure and we would start to learn i think over time i pause everyone don't come to me next quarter asking about cloud usage from this customer we need you know we want to see what a leading frontier lab will maybe decide as what is the right workload for self-hosted what is the right right workload for cloud um you know i don't think that it precludes the other three who have chosen to go down their own, build their data center path from becoming hybrid in the future. It's just this is how each has chosen to engage with JFrog.

Jason Ader, Analyst — William Blair

A good segue to the cloud business, maybe for you, Ed. Does it surprise you that investors seem to, like, I don't know, I want to say disrespect the self-managed part of the business, but everything's always about cloud, it feels like, with software companies right now. How do you just help people think about, you know, the mix of the business and why, you know, both are still super important?

Ed Grabscheid, CFO

Yeah, both are important, but we're strategically built and aligned on moving our customers to the cloud for a couple of reasons. Number one is the monetization mechanism, because we monetize in the cloud off of data consumption and storage. So you have an infinite amount of growth, unlike self-hosted, where it's monetized on the number of servers. Neither model is a seat-based model. So we're not concerned about number of seats, which is very important, especially as you see a transition. And I think there's a lot of pressure on companies that have a seat-based model because of what is a seat in the future. If it's an agent, are you going to charge that agent for a seat? And does one agent take 100 seats? We don't know that yet. So we're immune to that transition. But on the other hand, we really strategically are trying to move customers to our cloud. and this is what we're focused on and the results have been very good. We did 50% growth in the cloud. Now, why did we do that growth? There's a couple reasons that we saw. Number one, we only guide, as I mentioned, on what we have committed. So, we have a model that is not 100% based on data consumption. There is a commitment. So, you make a commitment to JFrog. Over the last year or so, we've seen many of our customers, in fact, the vast majority of our customers going over those minimum commitments. And in Q1 of this year, we saw significant growth being driven by those customers using more than their minimum commitments. And that usage over the minimum commit comes with an overage rate. It comes with a decision that they'll have to make in the future to do an upsell to a higher commitment. We'll see how that plays out in this token economy. And we're very focused on converting those customers. But cloud, and for the right reasons, investors in the market are focused on the cloud because of the growth potential. That's a great segue to the next

Jason Ader, Analyst — William Blair

question, which is, where is the money going to come from for all these customers? They're spending so much on tokens. There's a lot of stories of customers burning through their token budgets in three or four months, their annual token budgets. How do you see the buying behavior sort of evolving. Is this going to actually crimp the budget for tools like JFrog?

Ed Grabscheid, CFO

Yeah. Well, I don't think anybody's immune to it at this point, including ourselves. You want to adopt quick. You want to be relevant in the era of AI. You're adopting tools as quickly as you can. You're building as quickly as you can. You can't do an 80% build with an AI agent, and then you run out of tokens and then take that over as a human to finish the last 20%. you end up buying more tokens. That's just the nature of the business right now. There will be a rationalization. The CFO office today is probably a little bit looser based on this race to adopt, but religion will come into play at some point. We know that. It's always been the case. It will not infinitely grow without any rationalization. Today, what do we see? There's probably two ways to do it. There's a responsible way to do it, how we manage it, and we've always been very responsible. And there's other organizations that are just simply cutting headcount, reducing headcount. And I think that's what they're doing right now to manage their spend. So in addition to what you see in the news with organizations blowing through their budget, they're also cutting headcount right now at a very high pace. And, you know, very notable companies that have reduced headcount saying that it's efficiency through AI. And I think it's really a way to offset some of the costs that we're seeing today, which is a good thing because it gives you a bit of a runway to spend. And so when you're asked, is this durable? It's probably for a while it'll be durable because you're reducing headcount to offset those expenses.

Jason Ader, Analyst — William Blair

Yeah, actually GitLab reported last night, you may have seen, they talked about seat contraction with some of their customers. And I imagine that's part of the sort of budget management that's going on right now. I want to ask you next on security, how material are security products to your business uh what's the long-term revenue mix in your mind between kind of the core artifactory product and security and maybe before you answer that just like explain what you guys

Ed Grabscheid, CFO

are doing in security yeah i'll start jeff and you know you can maybe go a little bit more technical than me on the security piece but we offer as an add-on today to security products we have curation which has been a very uh compelling security product for the enterprise and i think with the attacks that we've seen really starting in Q3 of last year. Not only did it create a bit of a fear buy, I think now it's no longer fear. I think it's now become pretty well known that you must have curation in your organization. And we see that in our pipeline and we're growing a very strong pipeline with curation. And then there's advanced security. We call it JAZ, JFrog Advanced Security, which is a platform security product that replaces disparate tools, seven plus disparate tools and that's still very critical to the software development lifecycle it sits on top of your repository both of those products have done exceptionally well we report annually those numbers so we had a very strong year in 2025 and we gave those metrics 10% of our ARR and 16% of our RPO so you see what it does in terms of contribution in the air and in the RPO It is a cross-sell, and customers typically take that on a multi-year basis. So when they're renewing an artifactory, they're taking security in a multi-year basis and driving RPO in a positive way. In addition to that, we see a big opportunity. What the mix will be, time will tell, but we see a big opportunity. Today we've got a small percentage of our customer base penetrated. We have over 3,000 customers today that use X-Ray, which is, I would say, ground zero for scanning capabilities. And you must use X-Ray in order to bring advanced security and curation into your organization. And so I think there's still a long runway of penetration and opportunity in security.

Jason Ader, Analyst — William Blair

Okay, great. Maybe just talk a little bit about the business model. pretty solid operating margins right now, but where do you think the operating margins for

Ed Grabscheid, CFO

this business could go over time? Well, the operating margins is not by luck or by chance. It's around a discipline that we employ, and you've followed us since the IPO. Four years ago, we were a break-even company. We said that there was a path to profitability. There was a path to free cash flow. We've always been free cash flow positive, but to generate strong free cash flow, And it's always been a strategy of ours. We went from breakeven to today. You see we're over 20% operating margin. We did over 21% in Q1. And much of that has to do around, again, the discipline. We're not going to spend $3 to earn $1, but we also recognize that there's an opportunity, especially in the era of AI, to capture value on the top line. But we'll do it in a smart way. When we outperform in the top line, we expect that a portion of that will flow to the bottom line. We saw that in Q1. We had a $7 million beat on the top line. All $7 million were able to flow to the bottom line, and we generated a very strong operating margin. We'll see what happens as we go through the year. If we continue to outperform at that pace, I'm sure there will be an opportunity to reinvest back in the business and make sure that we're capturing more value for shareholders in the future in developing new products and enhancing the products that we have today. But I would expect that operating margins, I don't know that they'll expand at the pace that we saw during Q1, but we would continue to focus on operating margin expansion.

Jason Ader, Analyst — William Blair

Okay, last question. Then we're going to go upstairs for a breakout for those that can join. You talked to a lot of investors. What do you think the most underappreciated aspect of the JFrog story is? It's governance.

Jeff Schreiner, Head of Investor Relations

But that's not fair. it's not in our guidance yet. It's on the come. But I think that what I'm telling people is that as new guys call or want to talk or they want to learn more about JFrog or find maybe a new edge given where things have gone and the equity valuation, I say look to DevGovOps and start really studying governance. And you're starting to see other people talk about the importance of governance. And in the world of AI, governance will be critical. And we feel that we are well positioned and own that particular you know have the right to win in in devgov ops and as i always say you know if it's not us it will be somebody else because the creators will not be the governors and so i think that that's probably something that's underappreciated because today um i think security and cloud are somewhat understood and those are the drivers of growth today so that's

Jason Ader, Analyst — William Blair

the lego you got an artifactory then on top of that you got security and then on top of that

Jeff Schreiner, Head of Investor Relations

you've got governance and that full platform is what differentiates you guys. And I would quickly add, Jason, you've got the scalability of two effects, and we'll talk about this maybe more in the breakout. But on the revenue side, you saw us talk about MCP registry, skills registry. We created skills registry in two weeks because it was a pain point for customer NVIDIA. Okay, now we've had POC shut down in a few weeks because they've been so good. It's not going to be a driver for 26. What it tells you is that customers are recognizing the value of maintaining agent 101 in Artifactory, to make sure he doesn't hallucinate, to make sure he's not acting differently, that he's not chosen to do a different function than what he was programmed for. Likewise with MCP. Is my JIRA connection correct? Is my JFrog connection connect? Is my Datadog connection correct? These are being useful tools that are going to scale revenue opportunities in Artifactory with little to no investment.

Jason Ader, Analyst — William Blair

Awesome. All right. I think we'll have to leave it there. Thank you all for joining. and we'll see you upstairs.