Palo Alto Networks Inc Q2 FY2026 Earnings Call

Good day, everyone, and welcome to Palo Alto Networks Fiscal Second Quarter 2026 Earnings Conference Call. I'm Hamza Fodderwala, Senior Vice President of Investor Relations and Strategic Finance. Please note that this call is being recorded today, Tuesday, February 17, 2026 at 1:30 p.m. Pacific Time. With me on today's call to discuss our fiscal second quarter results are Nikesh Arora, our Chairman and Chief Executive Officer; and Dipak Golechha, our Chief Financial Officer. Following our prepared remarks, Lee Klarich, our Chief Product and Technology Officer and Board member will join us for the question-and-answer portion. You can find the press release and other information to supplement today's discussion on our website at investors.paloaltonetworks.com. While there, please click on the link for quarterly results to find the Q2 '26 supplemental information and Q2 '26 earnings presentation. During the course of today's call, we'll be making forward-looking statements and projections regarding the company's business operations and financial performance as well as the company's recent acquisitions. These statements made today are subject to a number of risks and uncertainties that could cause our actual results to differ from these forward-looking statements. Please review our press release and recent SEC filings for a description of these risks and uncertainties. We assume no obligation to update any forward-looking statements made in the presentation today. This presentation contains non-GAAP financial measures and key metrics relating to the company's past and expected future performance. Non-GAAP financial measures should not be considered a substitute for financial measures prepared in accordance with GAAP. The most directly comparable GAAP financial measures and reconciliations are in the press release and the appendix of our investor presentation. Unless specifically noted otherwise, all results and comparisons are on a fiscal year-over-year basis. I will now turn the call over to Nikesh.

Thank you, Hamza. Good afternoon. Thank you, everyone, for joining us today for our earnings call. We delivered a strong Q2 fueled by robust demand for cybersecurity and continued execution against our platformization strategy. This led to strong organic results in Q2, with NGS ARR up 28% and revenue growth of 15%, excluding the impact of recently closed Chronosphere. We saw broad-based strength across our products from SASE, software firewalls and XSIAM through our emerging leadership in AI security and Prisma AIRS. We paired this growth with improving profitability achieving a 30% plus operating margin for the third consecutive quarter. We're excited to head into the second half of the year having closed both the CyberArk and Chronosphere acquisitions, and I want to extend a warm welcome to both teams. Both companies continue to deliver record numbers in their most recent quarters, and we look forward to building on the momentum as we hit the ground running on our integration plans. These investments are a direct response to the inflections we see taking shape in the market. And while it's still early, initial feedback from our customers has been very encouraging. We believe we are now entering the next phase of AI adoption. Large enterprises are moving beyond experimentation and beginning to integrate foundational models into real workflows. As AI becomes embedded in day-to-day work, the central question that organizations face is shifting from capability to control. That shift has meaningful implications for security. As AI becomes more pervasive across the enterprise, it expands the attack surface area, more agents, more infrastructure, more machine-to-machine activity, and new classes of risk that simply did not exist before. In that environment, security cannot sit on the sidelines. Despite the current sentiment about AI and software, we firmly believe that security is an enabling layer that allows innovation to move forward safely and at scale. And as AI agents become autonomous employees, the old security playbook is not just slow, it's obsolete. Security must operate in real time at the critical control points where decisions are made across network, endpoint, cloud, browser, and identity. This is where Palo Alto Networks operates. And as AI becomes more embedded across the enterprise, those control points are converging. A fragmented defense of disparate products is no longer a viable strategy. The risk is simply too high and adversaries are moving at machine speed. Our latest Unit 42 research confirms this: end-to-end attacks are now four times faster than a year ago. And in nearly one-quarter of the cases, attackers were able to break in and exfiltrate data in under an hour. The good news is that 90% of those breaches were preventable, caused by basic gaps in visibility and controls across multiple attack vectors. This is why we committed to our platformization strategy a few years ago. A platformized approach built on a real-time data-driven model that gets smarter with scale is the only way to secure the modern enterprise and our results continue to prove that out. In Q2, we delivered approximately 110 net new platformizations, a quarterly record outside of our seasonally strong Q4. This brings our total platformization count to approximately 1,550, up 35%. The success of this strategy is also reflected in our best-in-class net retention rate amongst platformized customers, which stands at 119% with low single-digit churn. This proves that once customers adopt our platform, they not only stay, but continue to invest more with us over time. This momentum isn't accidental. It is a result of a deliberate flywheel motion we've built. When we committed to our platformization strategy years ago, we were betting on the shift that has now become an industry standard. This approach allows us to not only solve today's problems but also provides the foundation to address new ones as they emerge. It starts by providing multiple clear landing paths. In network security, customers can begin with SASE, hardware, or software firewalls, and now AI security with Prisma AIRS. In the SOC, they can land on our Cortex platform via XDR, cloud security, or directly under XSIAM. From any starting point, customers experience the superior outcomes of an integrated platform, which leads them to adopt more deeply across our ecosystem. In a market changing this quickly, we believe our responsibility is to anticipate the next inflection and ensure our platform is ready. That philosophy guides our strategic investments and results give us the confidence to continue. A secure browser, for example, was one such early investment that is now accelerating our SASE business with over 9 million licenses sold to date. Similarly, in AI security, Prisma AIRS, launched just a few quarters ago, and is already rapidly scaling with over 100 customers ending Q2. This is the discipline we now plan to apply to two large established markets poised for inflection, identity and observability. If AI becomes a new interface for how work gets done, identity security will be required to create the permissions and boundaries that teams can trust. And as AI introduces unprecedented scale, observability is essential for building resilient systems that can operate reliably. By bringing our platformization discipline to these new pillars, we believe we can deliver even greater value to our customers and solidify our role as their trusted partner to navigate the complex security and data challenges of the AI era. Let me share a few examples of how this strategy is translating into deeper, more strategic customer relationships. First, a global automotive leader selected us for a major security transformation. Their goal was to modernize their security architecture and dramatically improve efficacy. This resulted in an over $50 million deal, including $30 million for SASE and $20 million for XSIAM to run their global SOC. Similarly, a global technology supplier selected us for our transformation initiative for over $40 million, choosing XSIAM to modernize their security operations globally while expanding their investment in SASE. Finally, a transaction with a leading IT service provider perfectly illustrates our flywheel. Building on existing investments, they committed for a $20 million expansion centered on XSIAM and have now platformized across network security and security operations. These aren't just transactions; they're architectural decisions. When the stakes are highest, these wins validate that industry leaders are choosing the superior outcomes delivered by Palo Alto Networks. With that, let's dive deeper into the individual performance of our platforms, starting with our largest segment. Our Network Security business delivered a standout quarter demonstrating the power of a platform designed to meet customers wherever they are in their hybrid journey. In Q2, our SASE business continued to go from strength to strength, surpassing the $1.5 billion ARR milestone while growing approximately 40% year-on-year, solidifying our position as the fastest growing SASE provider at scale. What's particularly telling is the shift we are seeing in the market. Many early adopters of SASE, who made choices 4 or 5 years ago during the pandemic, are now finding that those early solutions are not comprehensive enough for today's threats and complexity. As a result, they are reconsidering their first-generation point products in favor of a platform approach that provides a single unified architecture to secure the entire hybrid environment from the data center to the cloud and the remote workforce. A key driver of these wins is also our secure browser, which stems from a strategic bet we made a few years ago with the acquisition of Talon. Our thesis was that the browser is the most critical unmanaged edge for users, data, and now AI agents to intersect. The results show our customers agree. As of Q2, Prisma Browser has been adopted by over 1,500 customers, 10% of which are in the Global 2000, with an additional 2 million licenses sold in Q2. This success has clearly not gone unnoticed. It's encouraging to see others in the industry waking up to the idea that they must secure the browser layer, validating the importance of this increasingly critical control point. While many of these approaches similarly extend existing architectures into the browser, we continue to believe the browser itself should function as a native security platform, architected for real-time control rather than retrofitted through extensions. We also continue to see strong momentum in our software firewall business. Last quarter, we labeled it our hidden gem. That was validated once again in Q2 with our ARR growth of approximately 25%, driven by the need to secure increasingly dynamic multi-cloud environments, a need that grows as AI workloads scale. This is complemented by our strongest hardware performance in several quarters with revenue up nearly 10%, driven in part by early adoption of our latest Gen 5 firewalls. Finally, we remain focused on where the market is going, and that includes preparing our customers for the post-quantum era. The threat is already here. Adversaries are using a harvest now decrypt later strategy, stealing encrypted data today to break in the future. We're seeing this become a C-level priority in our early customer conversations. The broader interest in this topic was confirmed by nearly 5,000 attendees at our quantum summit last month. This is a critical part of our customers' long-term roadmap, and we believe we are uniquely positioned to guide them through this coming architectural uplift and shift. Now moving to Cortex. Customers continue to partner with us on their AI SOC modernization. In Q2, XSIAM surpassed the $0.5 billion ARR milestone. We welcomed almost 150 new customers, bringing our total base to over 600, paying an average of nearly $1 million in ARR. But the key story here remains not just the growth; it's the outcomes. Over 60% of our deployed customers are now achieving a mean-time-to-remediation of less than 10 minutes, a profound shift from the days or weeks they measured before. The success of XSIAM is a great example of our ability to identify a market inflection early, invest aggressively, and execute to scale. We made a bet on the AI-driven SOC well before it became an industry-wide theme. The results are showing at scale just 3.5 years after GA. The same focus on what's next led us to develop AgentiX. The simplest way to think about it is we're enabling our customers to build a workforce of autonomous AI agents, but the key differentiator and what makes this a real breakthrough is where these agents can operate. Unlike traditional security tools confined to their own ecosystem, our agents can securely extend into first and third-party infrastructure. This means an agent can not only detect an issue in XSIAM but can also go out and remediate it directly in a cloud console, an identity provider, or a firewall at machine speed. This capability, already enabled by 200 XSIAM customers, is the key to delivering true enterprise-wide automation. This is a powerful example of how we use technology to create better security outcomes. But that's only one part of our AI security strategy. Over the last couple of years, we have expanded our AI security capabilities aligned to what our customers need as they deploy AI at scale. We're bringing those capabilities together as part of a universal AI security platform. One designed to protect AI deployments of models, agents, and the environments in which they operate. It starts with Prisma AIRS to secure AI models and AI-powered applications across our lifecycle, from model training and red teaming to runtime defense. We launched this platform just a few quarters ago, and its adoption has been remarkably strong. From Q1 to Q2, we more than tripled our customer count to over 100, while bookings also doubled during the same period with a nine-figure pipeline already materializing. It's clear the market has been waiting for a comprehensive platform to secure AI. At the same point, we're also seeing a new class of autonomous agents emerge, software that can perform tasks and interact with local systems on its own. This naturally extends security requirements to the endpoint. This is why I'm excited to announce our intent to acquire Koi, a pioneer in securing the next major inflection point in security, the agentic endpoint. Koi will enhance our endpoint capabilities within XTR 2.0 while also becoming an integrated part of our universal AI security platform, extending security and governance to autonomous agents at the device layer. We are witnessing a dramatic shift in how software lives on the endpoint. Traditional security tools are often blind to the new AI layer of software. The massive rise of microservices, browser extensions, plug-ins, and ephemeral code that bypasses standard security controls represents a significant unmanaged attack surface. We identified this new threat vector early and Palo Alto Networks has been a customer of Koi since the summer of 2025. On my recent trip to Israel in December, Lee Klarich and I met with the Koi team and were immediately impressed by their foresight into the next generation of endpoint threats. Since then, we've seen the risk pattern intensify, including security concerns that have been recently popularized by the widespread adoption of open cloud. We believe this is the latest example of what the future of an AI attack surface will look like, and Koi will help our XDR platform remain well positioned to provide the most innovative security solutions to our customers. After closing, Koi will also enable unique extensions to Prisma AIRS and Prisma Browser to ensure that our customers have visibility to any AI software and browser that are only present on the endpoint, resulting in the most comprehensive visibility to the AI attack surface. Over time, this will help ensure that the endpoint becomes more agentic, and our customers will remain fully protected. Now this focus on visibility is critical. But to act with precision, you first need to see with clarity. This is why a new level of observability is so essential, which brings me to Chronosphere. In the age of AI, Chronosphere offers a unique value proposition, delivering observability at a massive scale, proven in production today by many of the world's leading born-in-the-cloud and AI-native companies. During Q2, after we closed the Chronosphere acquisition, we signed a multiyear nine-figure expansion deal with a leading AI model provider, a testament to Chronosphere's ability to scale in the largest and most complex environments. The momentum is clear in the numbers, with the company generating approximately $200 million in ARR as of Q2, well above our expectations. The end-to-end observability platform is also gaining traction with over 80% of new logos last year landing with multiple products such as metrics, logs, and traces. By combining Chronosphere's deep visibility with the automated reaction of AgentiX, we are enabling our customers to build self-healing autonomous enterprises of the future. So we have prevention, we have visibility, and we have automation. But every action, whether by a human or any agent, is governed by an identity, which brings me to our newest major pillar. We're delighted to have closed the acquisition of CyberArk early in Q3 and are ready to execute on what I believe is a massive opportunity in identity security. As many of you noted earlier this month, CyberArk is coming off an exceptional December quarter, with record net new ARR and 30% subscription ARR growth at scale. We've been rigorously building and refining our integration plans and we're moving fast to put these plans into execution. This includes aligning our go-to-market engines. We're already well underway on detailed account planning and aligned sales incentives to ensure our teams are collaborating from day one. From a product perspective, the innovation roadmap here is massive. We aren't just looking at legacy IAM, which, in our view, is basic hygiene. We're building a next-generation identity security platform that protects across humans, machines, and AI agents. We also look forward to delivering machine identity and certificate lifecycle management to our 65,000-plus firewall customers. Longer term, we remain excited about the opportunity to address the growing needs of identity to secure AI agents. We bought CyberArk because when AI agents start logging in at machine speed, logging in becomes a primary attack factor. We believe we are now the only company that can verify the who has secured the what simultaneously. Given the momentum in the business currently and our innovation roadmap, we believe we are well-positioned to become the largest identity security player over time. In summary, we continue to execute against our platformization strategy in Q2 with momentum building across multiple areas of business. Our core innovation engine remains strong with great traction in new products like AIRS and AgentiX and we are ready to put our integration plans into action with CyberArk and Chronosphere. Before I hand over to Dipak, I want to take a few minutes to reflect on the recent advancements in AI. We're seeing significant innovation in new agentic platforms targeting the enterprise, and while it's still early, it is causing some companies to reassess how applications are built, how workflows are automated, and how decisions are made. Long-standing assumptions about systems of record are being revisited and perhaps even more so the analytics layer built on top of them. In many enterprise applications, data reflects structured business processes within defined workflows. Security data is different. In our case, it is real-time threat activity generated at the control point where our platforms operate and continuously refined through more than 30 billion attacks blocked daily and 15 petabytes of telemetry processed in our AI SOC. That distinction matters. When we say precision AI, it is not AI layered onto a feature set. It is AI trained on our proprietary assets and embedded directly at those critical control points. As AI begins interacting autonomously across application infrastructure, fragmented security introduces delay at precisely the wrong moment. Security must operate as a coordinated system, unified, consistent, and real-time. Because our platform sits at these control points, we see these shifts as they happen. The data generated across the network, cloud, identity, endpoint, and browser continually informs our models, creating a feedback loop that compounds at scale. But scale is not enough. Sustaining leadership requires a willingness to adapt and challenge our own assumptions. Technology cycles change, architectures evolve. For the past 7.5 years, we have consistently aimed to invest ahead of inflection points and technology, even when the path is not fully defined. Maintaining this discipline is vital to ensuring that we remain the digital guardian for our customers, however the technology stack could evolve. With that, I will hand over the call to Dipak to review the quarterly results in detail.

Thank you, Nikesh, and good afternoon, everyone. As Nikesh noted, our strong Q2 results reflect the consistent execution of our platformization strategy, coupled with a robust demand environment. The increasing adoption of our platforms is most evident in our next-generation security ARR, which grew 33% to $6.33 billion. This includes a $200 million contribution from our recent acquisition of Chronosphere. On an organic basis, NGS ARR was up 28% year-over-year and net new ARR was up 11% year-over-year. This performance was driven by an acceleration in SASE and software firewall ARR, alongside continued momentum in XSIAM. A key contributor to our software firewall growth in recent quarters is Prisma AIRS. As customers increase their AI deployments, they're looking for a trusted partner to secure this critical transformation. Prisma AIRS directly addresses this need, and as Nikesh mentioned, it is scaling rapidly with over 100 customers ending Q2. Our remaining performance obligation, or RPO, grew 23% to $16.0 billion. This includes approximately $150 million of RPO from our Chronosphere acquisition. It's important to note that RPO balances for Chronosphere can fluctuate from period to period given usage-based pricing with ARR and revenue being more representative of business performance. Our current RPO, which represents a near-term revenue realization, was $7.1 billion, representing 18% growth. Total revenue was $2.59 billion and grew 15%. Given the close of our Chronosphere acquisition came near the end of fiscal Q2, the revenue contribution was immaterial during the quarter. Product revenue was up 22% with 45% of the product revenue coming from software form factors over the trailing 12 months, which was up from 38% in the trailing 12 months ending Q2 '25. This was driven in part by strong demand for software firewalls as noted earlier. Our software growth was complemented by improving hardware demand led by the adoption of our latest Gen 5 firewall appliances and SD-WAN. Total services revenue grew slightly above 13%. Within this, subscription revenue was up 14%, while support revenue grew 12%. From a geographical perspective, we saw broad-based strength across all of our major theaters with the Americas growing 14%, EMEA growing 17%, and JPAC growing 17%. Moving further down the income statement, our disciplined focus on profitability and operational leverage continued to deliver strong results in Q2. Given the timing of the Chronosphere acquisition, the impact of this transaction to our P&L financials was immaterial. Our total gross margin for the quarter was 76.1%. Within this, product gross margin was 78.2%, an increase of 150 basis points year-over-year, driven by a higher software mix compared to last year. As noted earlier, we did see improvement in our hardware business during Q2. Therefore, on a sequential basis, the higher mix of hardware and product revenue resulted in a 180 basis point decrease to product gross margin versus Q1. The services segment delivered gross margin of 75.6%, down 100 basis points year-over-year. The year-over-year change in services gross margin reflects a positive mix shift towards our high-growth SASE offerings, which remain in the earlier part of their scaling curve. We continue to be pleased by the growth of our SASE offerings and remain focused on driving efficiencies here. Now turning to the supply chain, we observed a marginal impact on product COGS this quarter from higher memory and storage pricing, but we believe we are well positioned to manage through these dynamics. First, our high and growing software mix provides a natural hedge. Second, we will leverage our scale, deep supply chain expertise, and lessons learned through COVID and prior supply chain constraints. And third, pricing actions taking effect later this fiscal year will help offset corresponding cost increases. We have proactively factored these considerations into our Q3 and full year outlook. We delivered our third consecutive quarter of 30%-plus operating margins with Q2 operating margin of 30.3%, a 190 basis point expansion versus Q2 of last year. The strong expansion reflects our ability to drive consistent scale and efficiency across all OpEx line items. Our diluted non-GAAP EPS reached $1.03, which once again came in above the high end of our guidance. Q2 adjusted free cash flow was $502 million. On a trailing 12-month basis, we generated $3.75 billion in adjusted non-GAAP free cash flow, representing a margin of 37.9%. Our cash and cash equivalents for the period was $7.9 billion, reflecting a $2.6 billion cash consideration for the Chronosphere acquisition. Given the recent close of our CyberArk acquisition, we expect the $2.3 billion cash outlay in Q3. This results in a total combined cash outlay of $4.9 billion. In connection with our acquisition of CyberArk, we guaranteed the payment obligations on the CyberArk's convertible senior notes due 2030. The acquisition resulted in a make-whole fundamental change under the notes, and we will be making an offer to repurchase the notes in the coming days. We also issued 112 million shares in consideration for the CyberArk acquisition. Before I turn to guidance, I want to extend a warm welcome to the over 4,000 talented individuals from CyberArk and Chronosphere. We're thrilled to have them on board and excited to execute on our integration plans to unlock the full value of these acquisitions. Our focus is on a frictionless onboarding experience for our new colleagues. And within just the first few days, we've provided access to collaboration tools for every individual to work as one cohesive team. We remain confident in our ability to deliver significant scale and leverage across every line of each of our financial statements. From an operational standpoint, integration is being executed with the same rigor that we apply to running our core business. We've established clear governance, defined work streams across all functions, including IT, finance, HR, product, and go-to-market, and implemented measures to ensure continuity for customers, partners, and employees. Our priority is maintaining business momentum while methodically bringing platforms, reporting structures, and operating rhythms together. Taken together, we believe this disciplined approach to integration reinforces our confidence in delivering sustained growth and operating leverage, enabling us to achieve our target of 40% free cash flow margin by fiscal 2028, and our longer-term goal of $20 billion in NGS ARR by fiscal 2030. Now let me take you through the guidance. Please note that our Q3 and full-year 2026 guidance is inclusive of both the CyberArk and Chronosphere acquisitions, which have been aligned to our fiscal year and our definitions of certain non-GAAP metrics. This includes NGS ARR, which reflects only the subscription portion of CyberArk's ARR and has been conformed to our standard revenue-based definition. Our Q3 and full-year 2026 guidance assumes reported NGS ARR for CyberArk will be approximately 2% to 3% lower than the equivalent on the CyberArk previous bookings-based ARR definition. Please see the appendix of our earnings presentation for more detail on the comparison of the two ARR definitions. For the fiscal third quarter 2026, we expect NGS ARR to be in the range of $7.94 billion to $7.96 billion, an increase of 56%. This includes a $1.47 billion contribution from M&A, remaining performance obligation of $17.85 billion to $17.95 billion, an increase of 32% to 33%. This includes a $1.6 billion contribution from M&A. Revenue is to be in the range of $2.941 billion to $2.945 billion, an increase of 28% to 29%. This includes a $340 million contribution from M&A. A fully diluted share count of 812 million to 817 million shares, which accounts for the close of the CyberArk acquisition on February 11. Diluted non-GAAP EPS is to be in the range of $0.78 to $0.80. For the fiscal year 2026, we expect NGS ARR to be in the range of $8.52 billion to $8.62 billion, an increase of 53% to 54%. This includes a $1.52 billion contribution from M&A. Remaining performance obligation of $20.2 billion to $20.3 billion, an increase of 28%, which includes a $1.6 billion contribution from M&A. Revenue is to be in the range of $11.28 billion to $11.31 billion, an increase of 22% to 23%. This includes a $760 million contribution from M&A. Operating margins are to be in the range of 28.5% to 29%, diluted non-GAAP EPS is to be in the range of $3.65 to $3.70 per share. Our fully diluted share count is 768 million to 773 million shares, which accounts for the close of the CyberArk acquisition and adjusted free cash flow margin of 37%. We have included our typical modeling points in the presentation for your review, but I would like to highlight a few now. First, note that under our accounting policy, the upfront portion of term licenses and any perpetual license revenue from CyberArk will be recognized as product revenue, while all of our Chronosphere revenue will be included in services. For Q3, we expect product revenue growth of 25%. And for the year, we expect product revenue growth in the low 20s. With that, I will turn it back to Hamza for Q&A.

Nikesh, looking back at 2018, 2019, there was a prevailing fear that cloud computing would render parts of the cybersecurity stack obsolete. At that time you leaned in via M&A, and repositioned the portfolio. Obviously, the business has tripled since that time. Now we enter this AI era and the narrative feels oddly similar. Could you compare that existential nature of this AI shift to what we saw in cloud, maybe what areas you think will be obsolesced. And then specifically, is M&A the primary lever again this time around? Or does your starting position differ at Palo Alto from where you were, let's say, at the start of the cloud cycle?

That's a long one question, Rob. Nice to see you again. So that's a good question. Look, I think when we looked at in 2018, '19, we were trying to manage 2 challenges. One challenge was, how do we get customers to shift from on-prem to cloud and then deliver them cloud security. The other challenge was how do we deliver services off the cloud that customers would accept because they're being delivered from the cloud. That's kind of where us, we had to refactor our entire security service in the firewall, delivering them from the cloud, which was a huge opportunity. We made a lot of acquisitions to deliver cloud security. We fundamentally architected XSIAM at that point in time as a cloud-delivered SOC, which was generally not a prevailing trend. I think this time, I’m still confused why the market is treating AI as a threat to at least cybersecurity. I can't speak for all software because one thing we're definitely seeing is that customers have figured out that they need to drive more consistency in their security stack to be able to respond faster using AI. You cannot respond fast if you've got 70 different vendors who have different data, different logs, and different APIs running. So we are seeing a trend towards more consolidation, more platformization and that's evident in what we said. We achieved our best number of platformizations this quarter, and we've ever done, barring Q4, which is seasonally strong. So I think that's one trend we're seeing. The other trend is slow adoption on the enterprise side, slower than the consumer side of AI, but as adoption is beginning to happen, we're beginning to hear conversations around security, which as you see with Prisma AIRS, we delivered over 100 customers. This is much faster than we did in cloud security. So from my perspective, AI is inevitable. It’s going to be used by enterprises. As enterprises start putting more critical functionality in the hands of AI, they will want control of AI agents or their AI infrastructure. That requires more security. So I think generally, it's a positive trend towards more security adoption. I particularly believe it's a bigger trend towards platformization and consistency of data and harmonization of data in the enterprise. We're just not collecting enough data right now to get good security outcomes.

Great. Nice to see everybody. Nikesh, I pay close attention to the acquisitions you make and the things that you tell us because you've proven very astute at identifying future opportunities. As we think about XSIAM and the AI-driven SOC, I've heard investors concerned lately that LLMs are going to kill SIEM tools. How do we think about the balance of opportunity and threat of LLMs doing a lot of the things that we relied upon SIEM for? And even if you're competitive from a product standpoint, is there a risk that you now face a new strong competitor for these modernization opportunities?

I believe that LLMs add significant value to our security capabilities. They are particularly effective in tasks like data classification and data loss prevention because traditional methods often rely on exact matches. LLMs excel at understanding context, allowing them to identify restricted or personally identifiable information more accurately. There are specific scenarios where generative AI and LLMs can be highly beneficial, such as detecting patterns and identifying gaps in areas like offensive security or red teaming. However, the main challenge for LLMs in offering comprehensive security lies in their occasional inaccuracies. While they may succeed 95% of the time, we need to be correct 100% of the time because any failure can be exploited by malicious actors. Until LLMs achieve 99% or 99.9% accuracy, they won't pose a significant threat to security delivery; instead, they are tools that can streamline tasks. Every security company will need to incorporate AI to enhance the services they provide. It's common for security products now to include some form of AI assistance that can analyze patterns, improve efficiency, and provide quicker responses, but I don’t expect these to replace existing security products in the near future. Additionally, our security tools generate proprietary data and logs that are unique to our operations, which LLMs cannot replicate. We do not serve as a system of record or a work system; rather, we produce specific domain data based on observed threats and analyze this to advise customers on their protection strategies.

Congrats on closing Chronosphere and CyberArk. Nikesh, maybe on that point, I'd love to dig into the joint pipeline opportunity with CyberArk a little bit. You have a big go-to-market machine that we can leverage here. So I'm just curious how you think that opportunity unfolds. And maybe relatedly, Dipak for you, you gave some breadcrumbs earlier on CyberArk, but wondered if you could help us bridge maybe how much ARR we can include for CyberArk this year as we think about that buildup of organic versus inorganic?

So Saket, the good news is that CyberArk has a phenomenal team out there in the field, as does Palo Alto Networks. We have carefully been working with them after the close. Both teams have been made aware of how to pursue joint opportunities together. We understand our pipeline, and we understand their pipeline. We've built a roadmap for overlapping pipelines where there are customer opportunities in the fray in the next 3 to 6 months. We've already armed the teams with plans as to how to address the joint opportunity. But what's fascinating is, just anecdotally, we've already had CyberArk reps coming to us with an opportunity for Palo Alto's products in an account they're particularly strong in. I know that their President was on a call over the weekend, trying to help close a customer for CyberArk's reps with Palo Alto capability. It's happening in both directions, but I think it's early days, but I think the opportunity is real. As the teams get to know each other and understand their processes, I think we're going to see more and more momentum with both teams. It is going to be a bit of a crawl, walk, run because right now, both of our systems are different. So we have to do this stuff manually, and we have people helping us build a central acceleration team, which drives both. As CyberArk teams understand more and more of the Palo Alto products and capabilities of the platform, and as Palo Alto teams understand CyberArk capabilities and also as we work with CyberArk team to build the next generation of products that we've been ideating with them recently, I think we're going to see continued momentum in both those pursuits.

Yes. I want to clarify that we don't disclose every M&A deal individually all the time. However, as a reference point, we mentioned that CyberArk NGS ARR was approximately $1.2 billion as of December 2025. Additionally, I noted in my prepared remarks that $200 million of ARR was contributed by Chronosphere. I've also provided guidance on the overall M&A impact. I trust this gives you sufficient information to calculate the details.

Good question. We're obviously very excited about seeing that business accelerate at scale. I think Nikesh said it fairly well when he talked about sort of this notion of a first-gen adoption of customers that tended to be more sort of point product type adoption. They're trying to solve a particular problem. The existing solution at the time was pretty good at solving that one problem. Now we're seeing both new customers as well as many of those customers come back and look for a more comprehensive solution. Their employees might all in one day show up to an office and work from home while traveling. If they get three completely different experiences and application access, it doesn't work for them from a productivity perspective. What we can do by delivering this as a platform is to bridge how we apply network security from a hardware perspective, software perspective, SASE protective, and even into the browser with Prisma Browser, all in a very consistent way, both for security outcomes as well as the end-user experience and productivity they achieve. That is the overarching trend that I see driving the business right now in SASE and customer excitement about what we do.

Maybe just a high-level one for me. What are you guys seeing in regards to the volume of network traffic from your customers as they move more out of the experimentation phase and actually start to really adopt agents enterprise-wide? And how, if at all, will that impact the demand for the broader network security suite, whether that's firewall or SASE?

It's still too early to make definitive conclusions. If you examine AI adoption in enterprises, there's a notable increase in the coding sector. Many are utilizing tools like Codex, Cursor, and Claude Code. These tools are very specialized, aligning perfectly with Koi's operations. As coding evolves and moves to desktop environments, we’ll witness a rise in servers and clients operating on the edges. There will be considerable code existing at the edge that won't be detected by traditional XDR capabilities. This explains Koi's traction, as they have gained 40 to 50 clients, and we also utilized their services. This represents an unresolved issue in security and is where enterprise adoption is becoming significant. Additionally, we are starting to observe enterprise adoption where clients might be processing millions of tokens within specific applications using certain LLM providers, contributing to increased traffic. This traffic is primarily confined within the network. I don't believe this is traffic beyond the network's capacity. The current challenge lies in consolidating that traffic—finding ways to aggregate all AI traffic to facilitate understanding, provide visibility, and enable control and action. This will present the next hurdle: developing solutions for the evolving traffic nature within enterprises that requires new controls and tools, although it hasn't yet impacted network-level traffic significantly. I anticipate that it will in the future because as adoption increases, traffic will undoubtedly grow, especially with the construction of $600 billion worth of data centers. It's important to note that consumer adoption currently exceeds that of enterprises, but we expect enterprises to gradually catch up.

Nikesh, I agree with everything you're saying about AI and its positive effects on security. I genuinely appreciate the acquisitions you've made. However, for AI to effectively enhance security, it also needs to be secured. AI has potential implications for hacking if misused. My question is, when can we expect to see these benefits materialize? Currently, they are not reflected in your numbers or anyone else's, with perhaps a few exceptions. I'm uncertain about the timing.

No. I think the best analogy I can give you is looking at cloud security. It took time to see cloud security numbers because enterprise cloud adoption typically lagged behind consumer adoption. Even then, it was a two to three-year cycle before enterprises fully migrated their applications and workloads to the cloud. I expect a similar timeline with AI. Currently, if you consider how many enterprise AI applications are driving significant throughput, I can only think of coding apps. These coding apps are not resource-intensive on your infrastructure; they are demanding on the endpoint. Therefore, endpoint capabilities and large language models are where the focus is. It’s still early days. What encourages me is that the number of customers using Prisma AIRS is following the same trend as XSIAM. The volume isn't substantial yet because we’re not seeing throughput from LLMs at this time. So, it's still early days. You need to hold one of two beliefs. Either you think that the $600 billion worth of data centers being established will be utilized. If you believe that, as most people do, then 80% of that consumption will be by consumers and 20% by enterprises. However, those data centers have yet to be built. Right now, we are all laying the groundwork with a kind of arms race to see who can establish the AI security platform the fastest. Innovation is occurring in every direction. That's why we acquired Protect.ai, which is now well integrated. We transformed the firewall into an AI firewall, and now we are focusing on Koi. We see that as a critical area of action. The next question will be how to consolidate all AI traffic in one location. I believe you are witnessing the components being developed correctly, and you just need to exercise a bit of patience.

This one is for Lee. It's a CyberArk question, but it's a product-based CyberArk question. If we think about CyberArk historically being strong for privileged users at the high end, what is the technical lift that has to be done to make that technology more accessible for every user? I'm curious what you've learned in the last six months or so from your customer base on the method of securing agentic identity between PAM, IGA, and IAM. Any learnings from the last six months, would be curious to hear.

Good question. First, let me start with the general space of Privileged Access Management, which has largely been a more sophisticated category. As such, it's been the more security-conscious enterprises that have been the biggest adopters. There’s already a transformation underway of modern PAM and moving to just-in-time controls and zero standing privileges and things like that. Part of that is actually improving security, but part of it also is about making it easier for the end user to actually interact with these systems. So that's already happening. We have ideas for how we can leverage integrations between CyberArk and, for example, Prisma Browser in terms of how do we integrate capabilities in the place where the user is already doing work to make it even easier for them to take advantage of these capabilities. There’s already a lot of progress, and we have more ideas for how we're going to continue to make that easier, so we can drive broader adoption across existing customers, but also make it easier for non-customers to adopt. Ultimately, we think that leads to the broader full human identity solution that we're excited about. Now as that is happening, yes, there is a rapidly forming agentic identity market. My view on agentic identity is it's going to have aspects of machine identity and privileged users sort of wrapped into one. This is partly why I think CyberArk is well-suited for going after this because of their leadership in both foundational spaces. It's about how we adapt, add to, and optimize for agentic use cases, with some of that sort of being standalone CyberArk from an identity platform perspective, and some of it will be how we think about it in concert with Prisma AIRS where we already have hooks into the AI infrastructure, thus enabling integration opportunities to provide solutions to our customers.

Nikesh, in your comments, you talked about Chronosphere, a nine-figure expansion deal with a leading AI provider. I just want to ask about the key attributes that helped Chronosphere get that level of commitment. Were you displacing an existing vendor, the timing for that, the rationale for it? And maybe even the pipeline beyond that and just a quick clarification, Dipak, just because I know this is coming up in after hours after you talked about ARR in total. I think investors are shipping out the $1.47 billion from Q3 NGS ARR and looking like organic net new NGS ARR is down a lot. I think there's probably some flaws to that, but I just want to toss that out there to have you clear the air.

First thing first, Chronosphere is a highly scalable solution and its scalability is dependent on a net new architectural design for observability, which is different from what the current incumbents in the space have. That capability allows Chronosphere to deliver those capabilities at approximately half the price, if not more than some of the other players out there. They are displacing another vendor in that space. They have been partnering with the large language model over the last six months, and they have passed every technical hurdle, which allowed them to make a commitment to Chronosphere. We expect the full transformation over the next 6 to 12 months or a full transition from the other vendor. Part of the $200 million ARR is from one of those large LLM vendors. We expect that to continue to grow. In addition to that, they have other customers who are significant customers, and they are going to pursue significant customers over the next 3 to 6 months in partnership with us. But that's why we bought the company: because of the scalability, capability, from a technical as well as a commercial perspective.

Look, I'll just give you a high level. They've built something very unique for that very high end of the market, scalability, and the economic aspects even at the start of some of the AI analytics that will complement AgentiX. The next phase is going to be how do we build out a lot of enterprise off-the-shelf features that make it just really easy to do integrations to effectively replace existing incumbent infrastructure, whether that's commercial products or open source. We think in both cases, Chronosphere will scale down into that large enterprise segment very nicely.

We'll end it here with Gregg Moskowitz from Mizuho.

Closing in on Palo Alto's two largest ever acquisitions within a couple of weeks of each other. It's exciting. The potential is tremendous. But it could also add an unprecedented amount of stress on the management team, engineering, and go-to-market teams, etc. Nikesh, how do you keep everyone's eye on the ball, yourself included, and not be subject to execution or distraction issues?

Well, Gregg, these acquisitions, at least in the case of Chronosphere, have been in the works for the last 2 or 3 months, and CyberArk has been in the works for the last 7 months. I've visited their Boston facility and spent days with them. Lee and I were in Israel with the team and spent time with them. CyberArk just didn't come upon us this week; it has been in the works for the last many months. As you might have read, we worked with the management team to fully understand what role every employee at CyberArk was going to have. We were able to, on the date of close, inform every employee of their role in the future joint organization, what their plans are, gave OKRs, gave targets to every one of them. So they all had that within the first 48 hours. So it's not like we've been waiting. There are system transitions that we do in the case of CyberArk, which the teams are working hard on. Our teams have been working really hard over the last many months, and we have been adding capacity on our end to ensure we can handle some of these transitions required.

That concludes the Q&A portion of this call. I'll pass it back to Nikesh for any closing remarks.

I just want to say thank you to all of our customers, our employees around the world, and thank you to all of you for joining us on our conference call. We will see you guys next quarter.