Earnings Call
JFrog Ltd (FROG)
Earnings Call Transcript - FROG Q1 2026
Operator, Operator
Ladies and gentlemen, thank you for joining us, and welcome to the JFrog First Quarter 2026 Financial Results Earnings Call. I will now hand the conference over to Jeffrey Schreiner, Head of Investor Relations. Jeffrey, please go ahead.
Jeffrey Schreiner, Head of Investor Relations
Thank you, Nicole. Good afternoon, and thank you for joining us as we review JFrog's first quarter 2026 financial results, which were announced following the market close today via press release. Leading the call today will be JFrog's CEO and Co-Founder, Shlomi Ben Haim; and Ed Grabscheid, JFrog's CFO. During this call, we may make statements related to our business that are forward-looking under federal securities laws and are made pursuant to the safe harbor provisions of the Private Securities Litigation Reform Act of 1995, including statements related to our future financial performance and including our outlook for the second quarter and full year of 2026. The words anticipate, believe, continue, estimate, expect, intend, will and similar expressions are intended to identify forward-looking statements or similar indications of future expectations. You are cautioned not to place undue reliance on these forward-looking statements, which reflect our views only as of today and not as of any subsequent date. Please keep in mind that we are not obligating ourselves to revise or publicly release the results of any revision to these forward-looking statements in light of new information or future events. These statements are subject to a variety of risks and uncertainties that could cause actual results to differ materially from expectations. For a discussion of material risks and other important factors that could affect our actual results, please refer to our Form 10-K for the year ended December 31, 2025, which is available on the Investor Relations section of our website and the earnings press release issued earlier today. Additional information will be made available in our Form 10-Q for the quarter ended March 31, 2026, and other filings and reports that we may file from time to time with the SEC. Additionally, non-GAAP financial measures will be discussed on this conference call. These non-GAAP financial measures, which are used as a measure of JFrog's performance, should be considered in addition to, not as a substitute for or in isolation from GAAP measures. Please refer to the tables in our earnings release for a reconciliation of those measures to their most directly comparable GAAP financial measures. A replay of this call will be available on the JFrog Investor Relations website for a limited time. With that, I'd like to turn the call over to JFrog's CEO, Shlomi Ben Haim. Shlomi?
Shlomi Ben Haim, CEO & Co-Founder
Thank you, Jeff. Good afternoon, and thank you all for joining the call. We entered 2026 strong. Our first quarter performance reflects both the clarity of our strategy and the discipline in execution. Our continued focus on powering the world software through JFrog Artifactory as a system of record for trusted binaries, software packages and AI artifacts is resonating deeply with market demand. We are seeing growing adoption among the world's leading organizations and AI labs, which are choosing JFrog as they transform to adopt modern software supply chain practices. Across industries, geographies and deployment environments, whether cloud or on-prem, our customers are partnering with JFrog as their foundational platform while they navigate a complex transition of adding AI technologies and tools to their software supply chain. They tell us they are prioritizing AI adoption while simultaneously maintaining legacy pipelines and open source packages, all as they demand stronger security, governance and fast release cycles. We are working closely with our customers, the broader developer community and AI-native companies to support them through this period of change. Our Q1 results reflect this momentum with AI redefining the software supply chain and powering our continued expansion. In the first quarter, JFrog delivered total revenue of $154 million, representing 26% year-over-year growth. Cloud revenue grew 50% year-over-year, underscoring the accelerating shift towards our cloud-first platform. This performance was driven by continued strength across our core growth vectors, increasing consumption of our cloud services, rising demand for our software supply chain security solutions, higher ASP on new customer acquisitions and robust expansion within our existing customer base. We also saw continued momentum at the high end of our customer portfolio. The number of customers with annual spend exceeding $1 million grew to 80, up from 54 a year ago, representing 48% year-over-year growth. Customers spending more than $100,000 annually increased to 1,225 compared to 1,051 in the prior year, representing 17% year-over-year growth. These results reflect our alignment with the evolving needs of modern enterprises. Developers and increasingly AI agents are producing software at scale and speed. This surge in binaries fueled by AI is driving the need for a single trusted system of record to manage, secure, and govern these assets across the entire supply chain. On today's call, I will walk you through the quarter in detail, and Ed will follow with our updated outlook and additional financial insights. Now I will highlight the key drivers behind our performance this quarter. First, continued cloud growth, driven by increasing consumption and rising demand for a true system of record as a service, delivering scale and universality. Second, the sustained momentum in our security business as customers prioritize end-to-end protection and governance amid rising software supply chain attacks. And finally, I will highlight our ongoing innovation that leads to solid adoption of our platform and Enterprise Plus subscription growth. Let me start with our cloud business. As mentioned earlier, cloud revenue in Q1 grew 50% year-over-year, an exceptional result that reflects not one single driver, but a broader trend we have been observing over the past several quarters. As AI makes human-to-technology interaction nearly costless and source itself increasingly commoditized, binaries become king. Organizations are actively encouraging developers to utilize AI coding agents as well as explore agentic capabilities, causing software output to accelerate, resulting in more compiled code, a true AI-fueled tsunami of binaries. Observing our customers' consumption trends, we noticed that this growth is not tied to one package type or a specific AI-native workload. It is not a spike in usage or a one-time increase in open source caching. It is the result of a fundamental shift in how software is being generated, delivered and consumed across the software supply chain. We are seeing an acceleration in the volume of compiled software flowing through the JFrog platform. This trend, which began taking shape in 2025, is driven by two major forces. First, developers are being supercharged by AI coding agents. Simply put, the world is creating more software packages. In this AI mass adoption reality, we see organizations willing to accept budget overruns until they gain better clarity on long-term usage requirements and prior to increases in annual commitment. Second, as AI drives more software creation, it is also accelerating the flow of all open source components. Open source consumption by developers and AI agents is rising across nearly every software package we support. And as the ultimate Switzerland of binaries, JFrog sits at the center of this growth. Whether through on-demand increased usage momentum or annual commitments, we believe JFrog Cloud is positioned to benefit from these trends. Now to the continued momentum we are seeing in security. As we mentioned in previous calls, modern software supply chain security is moving beyond traditional DevSecOps and fragmented scanners. AI coding agents are increasingly securing, scanning and even fixing code rapidly at scale. And while still evolving, we see agents replacing some human skills in code protection. We believe a trusted software supply chain requires a single authoritative system of record for all binaries and AI artifacts. Building on this foundation, we deliver protection and governance beyond traditional scanning, analyzing, tracking and proactively blocking risk at the point of entry or before distribution to production. As AI adoption accelerates in binary scale, the threat landscape is becoming more complex. Software supply chain attacks are rising, increasingly targeting open source creators and package maintainers. This dynamic drives the growing demand for a trusted control layer and stronger DevOps practices. In Q1, we again demonstrated that customers subscribed to JFrog Curation were effectively protected from recent software supply chain attacks. Curation serves as a critical control point at the gate, enforcing policies that ensure only trusted packages enter the system, keeping Artifactory clean. Once artifacts are stored, JFrog Xray and JFrog Advanced Security continuously secure and govern the binary flow, providing ongoing visibility and protection. In addition, as advanced AI models like OpenAI, GPT, Cyber and Anthropic Cloud become increasingly embedded in development workflows, we believe modern software supply chain security and governance are defined by four core pillars. First, a centralized system of record, a single source of truth across multi-agent environments; second, universal governance, consistent visibility and enforcement across all types of artifacts, whether consumed or generated. Third, predictable and deterministic protection, continuous policy-driven guardrails that prevent malicious or vulnerable components from progressing. And finally, comprehensive coverage, securing both newly generated assets and the extensive base of existing mission-critical legacy binaries. Our customers tell us they are accelerating software development and generating more binaries through the JFrog platform. As AI adoptions expand, JFrog provides a unified system of record to secure, govern and manage AI-generated open source or legacy binaries in one place. Our customers' adoption, Q1 results, sales pipeline and future roadmap innovation are aligned with these observations. Looking ahead, we expect security to remain a key growth driver for JFrog. This set the stage for an update on the innovation we introduced at our annual LEAP conference in New York this past March. LEAP is JFrog's top customer event held globally during H1 every year. At LEAP New York, we demonstrated GA-ready solutions to concrete customers' need for a trusted infrastructure layer for software supply chain management in the AI era. We introduced the JFrog MCP Registry, the first enterprise-grade registry for MCP servers, extending our platform to support the growing AI ecosystem. As MCP adoption expands, customers need a centralized trusted way to manage, secure, and govern these new assets, which logically sits in Artifactory as a system of record. MCP is rapidly adopted alongside agent skills based on AI ecosystem demands. In Q1, we expanded our platform for AI-driven development with the introduction of the JFrog Skills Registry, providing a centralized way to manage and govern reusable AI capabilities. In collaboration with NVIDIA, we announced the Skills Registry at GTC, enabling the governance and trust layer enterprises need to run agentic workflows securely and at scale. We further announced that JFrog Artifactory will serve as a registry for AI models and agent skills within NVIDIA AI-Q Blueprint, part of the NVIDIA Agent toolkit. The Vice President of Enterprise Partnerships at NVIDIA, Pat Lee, noted, "Security and governance are key to deploying AI agents in the enterprise. JFrog's Agent Skills Registry for NVIDIA NemoClaw supports security and control for deploying long-running agents to help scale enterprise productivity with powerful new AI tools." JFrog unifies all artifact types, binaries, models, skills and MCP servers into a single platform governed by one framework, one set of policy and complete visibility and traceability in one place. These innovations, combined with a growing ecosystem of strategic partnerships are driving increased adoption across the enterprise, amplifying the value of our enterprise-class subscriptions and accelerating expansions within organizations. With that, I will hand it over to Ed for a detailed review of our Q1 financials and our updated outlook for Q2 and the full year 2026. Ed?
Ed Grabscheid, CFO
Thank you, Shlomi, and good afternoon, everyone. We are pleased by the results of our first quarter, which exceeded the top end of our guidance range on every metric. It was a strong start to the year, highlighting our consistent strategic execution and ongoing operational discipline. During the first quarter, total revenues equaled $154 million, up 26% year-over-year. These results demonstrate the continued execution of our go-to-market strategy, fueled by our cloud revenues, ongoing demand for our security core products and growth in our Enterprise Plus subscription. Our first quarter cloud revenues grew to $78.9 million, up 50% year-over-year, now representing 51% of total revenues versus 43% in the prior year. Our outperformance in the cloud was driven by robust usage across our customer portfolio, which exceeded contractual minimum commitments. We strategically work towards converting this usage into higher annual commitments. During the first quarter, our self-managed or on-prem revenues were $75.1 million, up 8% year-over-year. We continue to proactively engage our on-prem customers to migrate DevSecOps workloads to our cloud or explore solutions better aligned with their specific use cases, including hybrid and fit-for-purpose deployments. In Q1, 58% of total revenues came from Enterprise Plus subscriptions, up from 55% in the prior year. Driven by the ongoing execution of our enterprise go-to-market strategy and broader customer adoption of the JFrog platform, revenue contribution from Enterprise Plus subscriptions grew 33% year-over-year in Q1 2026. Net dollar retention for the four trailing quarters was 120%, representing a year-over-year increase of four percentage points and a one percentage point improvement sequentially. These results highlight the continued adoption of our security core products, increased cloud usage across a broad set of conventional software packages and AI workloads and conversion of customers with usage over minimum commitments into higher annual contracts. We continue to demonstrate that our customers view JFrog as a mission-critical system of record to their software supply chain with gross retention that equaled 97% as of the first quarter of 2026. Now I'll review the income statement in more detail. Gross profit in the quarter was $129 million, representing a gross margin of 83.8% versus 82.5% in the year-ago period. We remain focused on cloud hosting cost optimization as we anticipate a larger share of our revenues being generated from the cloud. Given our expected increase in cloud revenue contribution to total revenue, we reiterate our annual gross margins to be in the range of 82% to 83% in 2026. Operating expenses in the first quarter were $96 million, equaling 62% of revenues. This compares to $79.7 million or 65% of revenues in the year-ago period. Our operating profit in Q1 was $32.9 million or an operating margin of 21.4% compared to 17.4% operating margin in the first quarter of 2025. The continued balance between strategic investments and operational efficiency demonstrates our commitment to profitable growth. Cash flow from operations equaled $38.4 million in the first quarter. After taking into consideration CapEx requirements, our free cash flow reached $37.3 million or 24.2% margin compared to $28.1 million or 23% margin in the year-ago period. Now turning to the balance sheet. We ended the first quarter with $741.2 million in cash and short-term investments compared to $704.4 million at the end of 2025. Given our strong balance sheet, consistent free cash flow generation and confidence in our strategy to execute on durable growth opportunities, JFrog announced in late February our first-ever share repurchase authorization of up to $300 million in ordinary shares. As of March 31, 2026, our RPO totaled $574.9 million, a 36% increase year-over-year, highlighting the successful execution of our go-to-market strategy as customers continue to make larger multiyear commitments to our DevSecOps solutions. As a reminder, our RPO excludes any benefit from customers' usage over contractual minimum commitments. And now let's turn to our outlook and guidance for the second quarter and full year of 2026. As we enter the second quarter of 2026, we remain encouraged by the strength in our pipeline and emerging AI workload trends driving increased cloud usage. Even if cloud usage trends accelerate, our guidance philosophy will remain unchanged as we continue to derisk our largest deals due to timing uncertainties and any benefit from cloud usage above contractual commitments. Our outlook reflects growing contributions from our JFrog Security core products, ongoing adoption of our full platform and cloud growth driven from higher annual customer commitments. We are raising our estimated full year 2026 baseline cloud growth to be in the range of 33% to 35%. Given the anticipated contribution from our security core and increased baseline cloud growth assumptions, we now expect our net dollar retention floor to be 118% for 2026. Turning to operating expenses. We continue to prioritize investments in innovation across our platform. We remain committed to a disciplined spending philosophy and are confident in our ability to manage expenses and drive ongoing efficiency in line with prior execution. For Q2, we anticipate revenues to be in the range of $154 million and $156 million, with non-GAAP operating profit anticipated to be between $28 million and $30 million and non-GAAP earnings per diluted share of $0.23 to $0.25, assuming a share count of approximately 126 million shares. For the full year of 2026, we anticipate a revenue range of $628 million to $632 million, representing 18.5% year-over-year growth at the midpoint. Non-GAAP operating income is expected to be between $112 million and $116 million and a non-GAAP diluted earnings per share of $0.93 to $0.97, assuming a share count of approximately 128 million shares. Now I'll turn the call back to Shlomi for some closing remarks before we take your questions.
Shlomi Ben Haim, CEO & Co-Founder
Thank you, Ed. AI is transitioning from experimentation to tangible revenue, and we are seeing stronger momentum across our business. Looking ahead, demand signals for JFrog remain strong, including the durable cloud growth driven by AI, which is accelerating usage. New logo ASP is rising and demand for our security solutions amid the increasing frequency of software supply chain attacks is growing. To my fellow frogs around the world, thank you. This quarter, you didn't just deliver, you rose above. No matter the circumstances, you kept pushing forward, navigating with resilience, innovating with purpose and trying and doing things where it matters most for our customers. Because of you, we don't just move forward, we leap further. May the frog be with you. Operator, we are now ready for questions.
Operator, Operator
Your first question comes from the line of Sanjit Singh with Morgan Stanley.
Sanjit Singh, Analyst (Morgan Stanley)
I had two questions for the team. I wanted to start with Ed first. Obviously, great cloud growth, great total revenue growth in Q1. When I look at the outperformance versus what the estimates were, it seems like you guys came in about $7 million above on Q1. Q2, you guys came in ahead by a couple of million bucks, so roughly $10 million. When you look at the raise for the full year, it's somewhat less than that. And so I just wanted to sort of check any sort of revised assumptions about the second half ramp. That was sort of my first question. And then I had a more strategic one for Shlomi.
Ed Grabscheid, CFO
It's a good question. We had a very strong quarter in Q1, as you highlighted; the growth in the cloud is 50%. And more importantly, we now see the mix in our cloud above 50%. We delivered 51% for the first time — it's a milestone for JFrog, where we see more revenue coming from our cloud offering than we do from self-hosted. But we also are committed to our guidance philosophy, which is we will only guide on those commitments. So while we saw the strength in Q1, much of that was being driven by usage over minimum commitments. We are deploying our sales organization, of course, to convert that into annual commitments. But until it becomes an annual commitment, it will not be part of our guidance, aligned with our philosophy.
Sanjit Singh, Analyst (Morgan Stanley)
That's very clear. And then Shlomi, the question for you is, it's a really interesting time. Some of our own field work on JFrog shows a real inflection in demand for the security side of the portfolio. It seems very clear to us. And I think you highlighted that in your script. At the same time, there's more of this longer-term structural debate on security overall and what the model logs will subsume. There seems to be a take that scanning, vulnerability management, vulnerability scanning, posture management, code security could be more of the purview of model logs longer term. And so to the extent that you guys have some exposure to those parts of security, I'd just love to get your latest thoughts on the long-term durability of those pieces of the security product portfolio.
Shlomi Ben Haim, CEO & Co-Founder
Good question. So what we see in the market is a kind of flooding of software supply chain attacks coming mainly around open source maintainers, and the attackers are going after them. JFrog is positioned to secure our customers against that quite strongly. We called that in the script when we said that all the JFrog Curation customers were actually protected from those software supply chain attacks. Moving forward, what's the real question? The real question is: can you really secure and govern the binaries, the artifacts, the outcome of AI? And what JFrog provides is not only a place that scans. Scanners are important, but the system of record of where you secure, manage, store and govern your artifacts is actually more important because in a world of multi-agents that are all building and scanning and protecting and even fixing software, you still need to host it in a secure place. The second thing is you will have to protect yourself from the open source world that will still exist — the Python packages, NPM, Hugging Face, Docker — which JFrog is doing at the gate. And the third thing is how you combine security of the new outcomes coming from agents or multi-agents with the legacy that is now being built. You still need to manage dependencies with the binaries of yesterday that are still hosted and still regulated and still are on the servers in your production. The combination of the expertise that we built around binary security and not source code — because this is a big confusion in the market — and the moat around Artifactory, the system of record in a multi-agent world, including the open source on top of it and including the legacy, I think, gives JFrog customers the confidence to bet on that. This is also one of the things we called out: new logos are now buying JFrog with security, knowing that this is the future.
Operator, Operator
Your next question comes from the line of Radi Sultan with UBS.
Radi Sultan, Analyst (UBS)
Maybe just two quick ones. Shlomi, just on legacy code modernization — we've been hearing an uptick in JFrog getting pulled along in AI-driven legacy code modernization deals. So Shlomi, if you could just talk through how big of an opportunity legacy code modernization is for JFrog? And where do you expect to see the biggest potential pull-throughs to your business? And then maybe one more quick one for Ed. Could you speak to how impactful your AI-native customers were to the cloud strength in Q1? Just want to get a sense of how broad-based the strength was.
Shlomi Ben Haim, CEO & Co-Founder
Maybe I'll start, and Ed will take it from there. When we speak about legacy, we speak about legacy binary code, not source code. Basically, what you currently have in production is what we call legacy. What you have to regulate for the next seven years, if you are a bank, or the next 45 years, if you are an automaker, this is legacy. These are binaries that were built today or yesterday. And tomorrow, with coding agents, we still have dependencies that are in your servers in production. This means that those binaries need to be first-level citizens in the system of record. Otherwise, how can you protect what is shipped? What was made yesterday and approved and governed by the organization needs to still be maintained in the system of record. So it's a very important asset that our customers are protecting still while coding agents are building the new binaries that are also scanned and protected by JFrog.
Ed Grabscheid, CFO
And regarding the question on the native AI companies, we had a successful Q1 driven by a broad set of customers. So not only AI-native customers, but traditional customers as well. You recall last year, we talked about a $1 million land that we had with an AI-native customer that renewed, and we're in continuous conversations with many of the large AI-native companies, and we'll provide more updates later.
Shlomi Ben Haim, CEO & Co-Founder
Radi, if I may add to it, serving the AI labs is important, and we take pride in it, and we are very honored, but I think that once you become the power grid of these AI labs' software supply chain, you learn much more in how you should serve the rest of the portfolio. And that's the big plus — not just $1 million here or $1 million there, but mainly what we are building together with them as we power their software supply chain.
Operator, Operator
Your next question comes from the line of Michael Cikos with Needham.
Michael Cikos, Analyst (Needham)
Congratulations on the strong start to the year here. Shlomi, maybe for you — one of the things we've been going through this earnings season which is still pretty quick on the heels of the SaaS downturn, which seems overinflated at this point. But one of the things we're seeing is the budget is there for strategic vendors. And so I'm wondering when you're speaking with customers, is it fair to assume that this evolution of the agentic stack or how AI is playing out is causing customers to rethink or the need to modernize their existing architecture? And as a result, JFrog is being pulled into that conversation and benefiting with respect to cloud migrations. Can you talk to what the tempo of conversations you're seeing out there actually is like? And then I just had a quick follow-up for Ed.
Shlomi Ben Haim, CEO & Co-Founder
So what is it that we hear from the market? What we hear from our customers is that every application to your point, every technology that was built to have human interaction with technology is being questioned. Everything, every application, even source code, became cheap. Source code is something that now you can do on an experimental level and you can do it a thousand times faster. But what happens when the machine language, the binaries, need to be maintained? This is where they start to be a bit more cautious about how they plan the future. So for example, in order to enable AI, you need to use MCP servers. This is the interaction between machines and your solution. MCP servers are yet another binary. This is where — to your point — JFrog comes into the conversation: can JFrog become my MCP registry for all the MCP servers? The same thing happened with NVIDIA when they asked us about skills — skills for agents, yet another binary. Can JFrog become the Skills Registry? So all of what we are hearing is: how can I build a stronger, better, scalable, universal system of record to manage all of these binaries, because in tomorrow's world, what matters would be the machine language, not sources, not human language, but zeros and ones. And this is what JFrog did for the past 17 years.
Michael Cikos, Analyst (Needham)
And Ed, for a quick follow-up here, just trying to peel back layers of the onion as far as the strength in cloud that you guys saw. Is there any way to further qualify — I don't know if you could talk to either the size of the cohort that drove the magnitude of that upside or how cloud over consumption trended through the quarter from a linearity perspective? Can you just put any finer parameters around that strength?
Ed Grabscheid, CFO
It was a strong quarter from start to finish, Mike, to be honest with you. It was very broad-based. It wasn't concentrated in one geography or one industry. I will say that what you saw in terms of the cloud was represented in our increase in the cloud guide. So we were very happy. We're confident with what's happening right now in the cloud, and that's what gave us the ability to raise our guide from 30%-32% to 33%-35%.
Operator, Operator
Your next question comes from the line of William Miller Jump with Truist.
William Miller Jump, Analyst (Truist)
Last year, you guys were talking about AI experimentation driving consumption beyond commitments. It sounds very different today from your prepared remarks. So can you just talk about the difference you see in the amount of binaries in your system reaching production now versus a year ago? And I would also say it sounds like there's still a number of customers that are maybe waiting to commit bigger. So what are you hearing in terms of their hesitancy?
Shlomi Ben Haim, CEO & Co-Founder
Miller, this is an excellent question because basically, you're saying source code is being produced at a completely different pace, completely different volume. Everything produces source code now. It's not just human developers, but all the coding agents together with the human developers. So the big question is, we see binaries growing at the same time. You can think about it like digital photography replacing film. Film was expensive. You would take one shot before you printed it. Now assume that you can take 200 shots. Instead of one printing, you might post five. Binaries are the asset that you will take to production. Source code became cheap, and now you can make more binaries that need to be immutable. They need to be tracked. They need to be governed. And you will see this growth in binaries and what you can take to production because of the change from AI. Same thing goes for governance. Using the same metaphor, how can you make sure that the pictures you post don't carry sensitive data in the background? This is what JFrog brings: not only dealing with the volume of new secure artifacts, but also governing what goes out.
Operator, Operator
Your next question comes from the line of Howard Ma with Guggenheim.
Howard Ma, Analyst (Guggenheim)
I have two questions. First, I'd like to better understand how exactly JFrog's revenue benefits from Curation and Advanced Security. I believe there are a few parts. The first being you need tier upgrades where you have to be on Enterprise X and Plus to qualify for buying those products. And then as you make commitments, you obviously get that — you get a commitment. And then there's over-usage; I believe that's driven by increased traffic from attacks. So I just wanted to run that by you if those elements are correct.
Shlomi Ben Haim, CEO & Co-Founder
Yes. So I'll start speaking about JFrog Curation and JFrog Advanced Security and JFrog Xray, and Ed can speak about the over-usage and what we found. Everything that comes from open source, whether pulled by agents, AI agents or by human developers, is something that needs to be protected before it steps into Artifactory, your single source of truth. When we built Curation, it was based on customer requests. They asked us to give them a firewall that will enforce policy on what comes in. That was at a completely different volume when it was made by humans pulling open source packages. Now when you have a thousand times more pull requests for open source packages from public hubs — whether NPM, Docker, Hugging Face, Conda, PyPI — you know that you are subject to attack. And the attackers are also using coding agents; they also became more sophisticated. They're going after the maintainers that they know could be targeted. So what Curation did very successfully was not only apply this firewall enforcing your policies, but also scale to this level of AI. This is why our customers not only embrace Curation, but also increased the demand for it after every attack we saw since the last quarter of 2025, which I alluded to this quarter with MCP and Python and others. Regarding JFrog Advanced Security and JFrog Xray, once it is inside your system, once it's inside Artifactory, you still need to maintain the security of your software supply chain. You need to look for exposed secrets. You need to look for composition analysis. You need to look for dependency graph security. This is what JFrog Advanced Security and Xray are doing. And then when you shift to production, you ship something that you can actually trust.
Ed Grabscheid, CFO
And Howard, regarding the monetization of Curation, the monetization is based off of seats. This is a common currency in security, and we monetize based off of the seats. So regarding the attacks and an increase in attacks, that certainly drives demand from our customer portfolio and new customers to take either an increased number of seats or adopt Curation, but it doesn't necessarily drive data consumption. Data consumption is being driven by packages coming in and out of the organization or going into production. So Curation itself is not what is driving usage over minimum commitments.
Operator, Operator
Your next question comes from the line of Mark Cash with Raymond James.
Mark Cash, Analyst (Raymond James)
Shlomi, I wanted to build off a few previous questions and ask about the MCP Registry and AI catalog because there's a lot of companies saying they don't provide the visibility and security for AI agents. Where in the customer journey do organizations realize they need JFrog's governance capabilities? What pain points are they seeing that others can't solve before coming to you?
Shlomi Ben Haim, CEO & Co-Founder
What's happening now is that every software provider already provides an MCP server because we all know that if agents do not have an interaction with your software, that would be the end of your software usage. MCP servers are a binary code. No matter who provides that, it's a binary code. So our customers came to us and asked for an MCP registry. As they trust MPM packages inside Artifactory or Python inside Artifactory or Docker containers inside Artifactory, they also want to have a list of MCP servers that they can put in an MCP registry, which is what we released this quarter. Then they can pull all of the AI agents or human developers from a safe place. The same thing happened with Skills, which is a very growing trend when you use coding agents. And there is some movement now to CLI as well, which is a third technology. All of the above are binary code — a natural expansion of our solution — and therefore they are sourcing Artifactory.
Operator, Operator
Your next question comes from the line of Jason Celino with KeyBanc Capital Markets.
Jason Celino, Analyst (KeyBanc Capital Markets)
The value proposition of Curation is quite compelling, and as you noted, these Curation customers were protected in Q1 from the software supply chain attacks that we saw in the news. It seems like a no-brainer to me and to most investors. But to the customer, what might be the alternative if they don't choose Curation or what factors are being considered that might be delaying that customer's decision? And given you are seeing this tremendous demand, do you have the capacity to meet it?
Shlomi Ben Haim, CEO & Co-Founder
Jason, I think it's clear that for a very long time, JFrog has bet on a world of automation, a world where machines will have to manage the asset. Therefore we never shifted our focus from managing binaries. Every binary management tool is an alternative. The strong differentiators JFrog brings are universality — JFrog is the Switzerland of binaries. JFrog not only serves all the binary types, but all the coding agents, human beings and other citizens that are using our solution. We built 17 years of scalability. We went with the biggest organizations on the planet to scale to their level. Now we are elevating it more because of AI. So scalability matters. JFrog is hybrid. We give you the freedom of choice of running it in the cloud, on every cloud and on-prem, if this is what you prefer in a highly regulated environment. JFrog integrates with all your ecosystem tools when it comes to DevOps, DevSecOps and DevGovOps, which gives you the freedom of choice and not getting locked into a vendor. If a solution comes that provides all of this in a universal way and complements the AI change in the world of machine-language binaries, that would be a threat to JFrog. I hope that we put a strong moat around what we built best, which is the system of record.
Operator, Operator
Your next question comes from the line of William Kingsley Crane with Canaccord.
William Kingsley Crane, Analyst (Canaccord)
On the Q4 call, you called out that the November NPM attacks had driven both immediate Curation revenue as well as building pipeline. I'm trying to get a sense if there's more urgency around procuring Curation or Advanced Security versus some of these larger software architectural decisions that could take multiple quarters. More specifically, on Q1, how much did Curation drive the upside in cloud in Q1?
Shlomi Ben Haim, CEO & Co-Founder
Well, Kingsley, every time there is a software supply chain attack, we see a rise in the pipeline. A lot of our customers are concerned, and that's an immediate impact. But what happened is it's occurring every few weeks now. It used to be SolarWinds, then Log4j, etc. Now you refresh your browser and there's another software supply chain attack. Why? Because source code matters less now. Source code scanning was important, but people now understand that what needs to be protected is what's going to production. Attackers also understand that, and they go after package maintainers. You have to protect yourself from that. Will some companies react based only on fear? Possibly. But we see more responsibility on the customer side, knowing the magnitude they're facing is completely different than before.
Operator, Operator
Your next question comes from the line of Shrenik Kothari with Baird.
Shrenik Kothari, Analyst (Baird)
Shlomi, Ed, you have been careful in the past not to oversell AI as an immediate revenue windfall, and Ed's own words described 2025 more as an initial spark and fire. Shlomi, you drew a comparison with the transition from film to digital. As higher-quality AI code reaches more production, that definitely creates more valuable binaries for you to act as a system of record. Where are customers today on that journey from AI experiments to production-grade? And what indicators are you watching that would tell you that the broader adoption has really started?
Shlomi Ben Haim, CEO & Co-Founder
I think what we see today is more experimental. Everyone is trying many things. Not so long ago, we talked about Copilot and Cursor; now everyone is speaking about Anthropic, Codex and others. A lot is being adopted across organizations. But not a single customer has a fully autonomous process yet. It's still a combination of human developers and coding agents. There is no coding agent that starts from scratch, pushes to production, and fully maintains production autonomously. There are still some miles to go before AI takes over developers' positions. But we are starting to see collaboration between strong human developers and coding agents, and that's why there's a rise in activity on every front.
Operator, Operator
Your next question comes from the line of Brad Reback with Stifel.
Brad Reback, Analyst (Stifel)
Shlomi, back to your comment during the prepared remarks about customers willing to absorb meaningful overages in the cloud. What do you think is the gating factor? Why are they willing to do that and not commit and get a better rate?
Shlomi Ben Haim, CEO & Co-Founder
There is a race for AI adoption in every company now. Whether you're a small business or a large bank with 50,000 developers, it's coming from the board and top down. Boards ask about AI adoption and make sure the company is in the race. Usage in the cloud is part of this experiment. If you go to a CFO and ask for a commitment, the CFO will ask for clarity on what to commit to. So companies leave the meter on, they let teams experiment and use more, and they will even pay for overages. Our mission is to convert this over-usage into commitments to create a win-win with our customers. It will take some time because predictability is currently missing.
Operator, Operator
Your next question comes from the line of Lucky Schreiner with D.A. Davidson.
Lucky Schreiner, Analyst (D.A. Davidson)
Previously, you've spoken about some customers preferring to buy JFrog on a self-managed basis given better visibility and cost controls. I didn't get a sense of those trends from the prepared remarks today. One, is that fair to say? And two, is there any potential reason for a change in those trends?
Shlomi Ben Haim, CEO & Co-Founder
We still see customers asking for the self-managed or on-prem solution. It's split into two profiles. One is the big AI labs that are building their own data centers. They have enough capital and do not want to share certain workloads with the public cloud for various reasons. They will take an on-prem solution and embed it into their software supply chain architecture. The second group includes highly regulated companies, government entities or other organizations that need to be highly controlled. They will run on-prem for tests and experiments before moving to the cloud or to FedRAMP. Lastly, some established companies remain on-prem and are not ready to shift. As you can see in our numbers, it's part of our strategy to migrate business to the cloud, and this quarter we announced for the first time that cloud crossed 50% of total revenue. We remain the only company that gives a full hybrid solution with freedom of choice. No matter who you are, we can give you the freedom to embed AI or adopt AI in your environment.
Operator, Operator
Your next question comes from the line of Jason Ader with William Blair.
Jason Ader, Analyst (William Blair)
I wanted to revert to an earlier question, which was asked about the risk that the LLM labs encroach into the binary layer. Shlomi, could you talk about some of the announcements that the labs made during the quarter where they started to talk about binaries? It was too technical for me. Could you help enlighten us and explain why it's not something you worry about?
Shlomi Ben Haim, CEO & Co-Founder
Jason, let me start with the last sentence: I'm worried about everything; there's nothing I'm not worried about. But I have confidence that what we are building alongside companies is complementary to what the world is demanding. What you heard about reverse engineering binaries — I think you refer to an OpenAI announcement about capabilities to analyze binaries and understand them — that's a way to take binaries themselves and reverse engineer what they were built from. That does not replace JFrog because even if, two years from now, every organization uses multiple AI models, you still need a governance tool that provides a universal solution to contain them all. The second point: who will protect open source? It's not just reverse engineering packages; it's what the agent brings in. When you bring something from NPM or Docker, how do you make sure it passed your firewall? How do you make sure it's secure? Third, the attackers also use advanced tools to build more sophisticated attacks. How do you ensure the policies at the gate are enforced in your system of record? Finally, who takes the decision on what goes to production — an agent, multiple agents or humans, or company policy? We provide the infrastructure. We are the policy enforcers, not the policymakers, and we help ensure what goes to production comes from an untainted source. That's how we see it now, and this is what our customers tell us.
Operator, Operator
Your next question comes from the line of Andrew Sherman with TD Cowen.
Andrew Sherman, Analyst (TD Cowen)
Shlomi, on the security side, we've got a lot of questions on how much of your revenue comes from Xray since the labs now have similar products. It'd be great if you could clear that up for people. How should we think about the contribution of Xray versus Advanced Security and Curation, and what's the main barrier to entry for the latter?
Shlomi Ben Haim, CEO & Co-Founder
Xray is part of our DevOps offering. We don't think Xray should stand alone and do software composition analysis separately. We believe Xray should run over your Artifactory, ensuring, for example, that your containers are secured while in Artifactory. Can other tools replace that? Yes. But if you start with packages managed in Artifactory, why add another tool? The second thing Xray brings is understanding what's coming from the open source ecosystem and enabling security controls. Thousands of customers prefer to take it as part of their DevOps subscription with JFrog, knowing this is a built-in solution on top of their system of record.
Operator, Operator
Your final question comes from the line of Koji Ikeda with Bank of America.
Koji Ikeda, Analyst (Bank of America)
When I look at cloud, the net new revenue added this quarter seems the most ever in a quarter, let alone a first quarter. That implies customers are spending above commitment levels like never before. How long do customers typically take before they come to JFrog and start renegotiating their contracts for higher commitment levels, which presumably come with better volume discounts?
Shlomi Ben Haim, CEO & Co-Founder
Regarding the 'why,' it's simple: more code means more binaries, which means more JFrog, and JFrog understands binaries. Regarding timing, we are not waiting, Koji. Our enterprise sales practices changed about two years ago. We approach customers with a better offer and plan if they commit. The question is how long the experiment needs to mature before it becomes a commitment. We will continue to follow and provide more clarity on cloud evolution. But given our confidence in the guidance, we raised the cloud estimate even though we see a lot of it comes from usage over commitments; we raised the guide because this is not a spike, it's a trend that has lasted multiple quarters.
Operator, Operator
This concludes the question-and-answer session. I will now turn the call back to Shlomi for closing remarks.
Shlomi Ben Haim, CEO & Co-Founder
Everyone, thank you for your questions and for your trust. May you have a great year.
Operator, Operator
This concludes today's call. Thank you for attending. You may now disconnect.