Earnings Call Transcript - S Q2 2025

Operator, Operator

Good afternoon. Thank you for attending the SentinelOne Second Quarter Fiscal Year 2025 Earnings Conference Call. My name is Cameron, and I'll be your moderator for today. All lines will be muted during the presentation portion of the call with an opportunity for questions-and-answers at the end. I would now like to pass the conference over to your host, Doug Clark, Vice President of Investor Relations. You may proceed.

Doug Clark, Vice President of Investor Relations

Good afternoon, everyone, and welcome to SentinelOne's Earnings Call for the Second Quarter of Fiscal Year 2025, which ended July 31, 2024. With us today are Tomer Weingarten, CEO, and Dave Bernhardt, CFO. Our press release and a shareholder letter were issued earlier today and are posted on the Investor Relations section of our website. This call is being broadcast live via webcast, and an audio replay will be available on our website after the call concludes. Before we begin, I would like to remind you that during today's call, we will be making forward-looking statements about future events and financial performance, including our guidance for the third fiscal quarter and full fiscal year 2025, as well as long-term financial targets. We caution you that such statements reflect our best judgment based on factors currently known to us and that our actual events or results could differ materially. Please refer to the documents we file from time to time with the SEC, in particular, our Annual Report on Form 10-K, and our Quarterly Reports on Form 10-Q. These documents contain and identify important risk factors and other information that may cause our actual results to differ materially from those contained in our forward-looking statements. Any forward-looking statements made during this call are being made as of today. If this call is replayed or reviewed after today, the information presented during the call may not contain current or accurate information. Except as required by law, we assume no obligation to update these forward-looking statements publicly or to update the reasons actual results could differ materially from those anticipated in the forward-looking statements, even if new information becomes available in the future. During this call, we will discuss non-GAAP financial measures unless otherwise stated. These non-GAAP financial measures are not prepared in accordance with generally accepted accounting principles. A reconciliation of GAAP and non-GAAP results other than with respect to our non-GAAP financial outlook is provided in today's press release and in our shareholder letter. These non-GAAP measures are not intended to be a substitute for GAAP results. Our financial outlook excludes stock-based compensation expense, employer payroll tax on employee stock transactions, amortization expense of acquired intangible assets, acquisition-related compensation costs, restructuring charges, and gains and losses on strategic investments, which cannot be determined at this time and are therefore not reconciled in today's press release. And with that, let me turn the call over to Tomer Weingarten, CEO of SentinelOne.

Tomer Weingarten, CEO

Good afternoon, everyone, and thank you for joining our fiscal second quarter earnings call. We reported strong results and exceeded our expectations on all key metrics, including ARR, revenue, gross margin, and operating margin. Our teams executed well during the quarter. We maintained our industry-leading revenue growth and set new company records for gross, operating, and net income margin. Importantly, we achieved a significant profitability milestone, our first-ever quarter of positive net income and earnings per share. This is a tremendous achievement, and I would like to congratulate all Sentinels who made this possible. In addition, our Q2 net new ARR outperformed our expectation by a double-digit percentage and we continue to expect new business growth trends to improve in the second half of the year. Based on our business and go-to-market momentum, we're also raising our revenue guidance for fiscal year '25. Superior technology is the cornerstone of how we empower our partners and customers to build more resilient enterprises. SentinelOne leads the industry with best-in-class AI-powered security and customer transparency. These are our guiding principles. Mission-critical businesses around the world rely on our technology, platform architecture, and engineering best practices. As I mentioned in a prior earnings call, bigger brands do not mean better security. Sub-standard platform architectures are extremely risky and can cause single points of failure. This is evidenced by the string of recent breaches at Microsoft and the largest IT outage in history caused by our direct competitor, CrowdStrike. The dependency on fragile software can rapidly disrupt our way of life and cause billions in damages to the businesses they're supposed to protect. Self-proclaimed industry leadership and overzealous marketing can create a false perception of reliability, eventually, the end user suffers, which is why we must focus on facts, not fiction. Operational hygiene and process controls are essential for any reliable software, and anything short of that is a breach of customer trust. Another big takeaway from recent events is this: architecture matters. SentinelOne's platform and patented behavioral AI security approach do not require constant antivirus-like updates, detection delays, or configuration changes to secure enterprises, period. Singularity is purpose-built to deliver top-tier autonomous security without requiring extensive integration into the kernel, the most sensitive part of an operating system, where even minor errors can cause significant disruption. To be clear, the combination of deployment processes fully controllable by the customer and advanced behavioral AI architecture significantly improved security and operational resilience. I'll elaborate on this later. As always, please read our shareholder letter published on the Investor Relations website, which provides more detail. Let's review the details of our second quarter performance, which exceeded our top- and bottom-line expectations. Revenue grew 33% and total ARR grew 32% year-over-year. Net new ARR increased 16% sequentially, driven by stronger new business generation. Our pace and progress towards profitability remain best-in-class. We delivered a record high gross margin of 80% with our operating margin nearing breakeven. Q2 also marked a record operating margin, once again improving by double-digit percentage points year-over-year. And we achieved positive net income and earnings per share for the first time in the company's history, which is a significant milestone. Demand in Q2 was broad-based. We're securing an increasing number of businesses of all sizes and geographies from the largest global enterprises to smaller businesses to our partnerships with MSSPs. We lead with best-in-class technology, transparency, and trust. Customers with more than $100,000 in ARR grew 24% year-over-year and customers with more than $1 million in ARR grew even faster, reaching yet another company record. The endpoint segment remains a significant growth driver for our business, and we continue to win market share. According to the IDC Worldwide Modern Endpoint Security market shares 2023 report, SentinelOne grew at the fastest pace among the Top 10 vendors in 2023. We expect this momentum to continue, especially as we expand strategic partnerships to bring SentinelOne to more businesses and endpoints than ever before. In addition, our emerging solutions like Data, Purple AI, and cloud continue to outpace the overall company growth rate in Q2. For instance, Purple AI is proving to be truly transformative and we're seeing great customer traction. Within only months after general availability, Purple AI adoption has surpassed all our expectations and contributed to Q2 outperformance. For instance, we achieved a double-digit attach rate for Purple AI across all eligible endpoints sold in the second quarter, indicating incredible momentum. As the industry's most advanced generative AI security solution, Purple AI unifies, accelerates, and simplifies security operations. Customers are seeing real gains in productivity with 80% faster threat hunting and investigations. With Purple's generative AI capabilities, enterprises are enjoying blazing-fast performance, machine-speed protection, and better security outcomes, and it's only going to get better from here. Integrating AI into all aspects of security and data operations is a transformative step for the industry and SentinelOne is once again at the forefront. Growth of our emerging solutions and success with large enterprises continues to drive higher ARR per customer, which increased by double-digit percent year-over-year to a record high in the second quarter. Platform expansion rates remain healthy and consistent with recent trends. Our strategy is to drive a higher portion of our business mix to new customer growth and it's working well. Long-term, this will open doors for significant future expansion opportunities. On the competitive front, our platform differentiation and market position are stronger than ever. We continue to win a significant majority of competitive evaluations against both next-gen and legacy vendors across endpoint data and cloud. Our AI-powered protection, unified Data Lake, and platform architecture can deliver better security, simplicity, and savings for the enterprises. Among many exciting customer wins in the quarter, let me highlight a few illustrative examples. First, a growing number of customers are choosing a wider range of Singularity platform solutions. Our Data and SIEM solutions remain a source of outsized growth for our company. In one example, a global aerospace company expanded from endpoint security to add AI-SIEM coverage, identity, Purple AI, and began adopting our new CNAPP solution. Once again, the technological and core superiority of the Singularity platform was clear. This enterprise is now ingesting twice the data and still saving money compared to the incumbent legacy SIEM solution. Second, cloud remains a strong driver of new customer growth and expansion. Large enterprises routinely expand their cloud security footprint for enhanced coverage and visibility with SentinelOne. Regardless of the endpoint incumbency, enterprises continue to select our AI-powered cloud security offerings for better security and operational performance. Third, legacy displacements and breach activity are driving strong demand for our endpoint solutions. At one global financial institution, we replaced a patchwork of four different next-gen and legacy endpoint vendors through a rigorous POC evaluation, Singularity platform was selected because of its multi-tenancy, broad operating system coverage, and leading AI-based security. Finally, at one of the largest hospitals in the United States, SentinelOne and another endpoint vendor had been deployed in select geographies. Unfortunately, every system secured by this other vendor got breached, while systems secured by SentinelOne remained protected. The difference was clear, and the customer fully deployed SentinelOne with a multi-million dollar expansion. Our AI-powered singularity platform is fueling new customer wins and significant expansions. We remain in the early stages of market share gains and expansion of our platform footprint across multiple large end markets. From a macroeconomic perspective, little has changed in recent months. Our Q2 performance showcases strong execution and significant progress on the go-to-market initiatives outlined last quarter. We brought in proven leaders. We're optimizing our processes and expanding our market presence. This is a constant evolution and we're on the right track. Our progress on these initiatives is yielding positive results, which is evidenced by stronger new business generation, competitive win rates, and growth outlook. We've entered a new dawn, a stronger SentinelOne in a more complex cyber landscape. In Q2, we made significant strides to elevate our market presence and create new strategic routes to market. Let me share a few themes that showcase the expanding scale and scope of SentinelOne across the cyber ecosystem through strategic partnerships. For instance, in the Incident Response segment, we expanded our partnership with Google, becoming a strategic endpoint vendor for Mandiant Consulting. This allows Google to help migrate their customers from incumbent protection solutions and also make SentinelOne a partner of choice across a majority of the incident response providers, including Aon, Booz Allen, KPMG, and others. Our collaboration with Google brings together SentinelOne's leading AI-powered autonomous security and Google Cloud's extensive threat intelligence, creating the most comprehensive telemetry data for security insights. For the cyber insurance industry, we launched the SentinelOne Risk Assurance Initiative in partnership with an extensive network of leading cyber insurers, including Chubb, Coalition, CFC, and more. We're helping millions of SMBs seamlessly up-level security at preferred rates while extending the reach and scale of SentinelOne. In the federal arena, we recently launched a partnership with CISO to deliver government-wide cyber defense. As part of CISO's persistent access capability initiative, the Singularity platform and Data Lake will provide AI-powered autonomous threat detection and response across federal IT assets, helping to safeguard our nation's most critical and sensitive information. Finally, we continue to strengthen our position across the MSSP ecosystem as we help new and existing partners build managed security practices. With multi-tenancy, automation capabilities, and role-based access control, SentinelOne remains the partner of choice for MSSPs. All of this is just the beginning of a new growth chapter for us. I've never been more excited about our platform differentiation and go-to-market momentum. We're positioning SentinelOne for long-term success in a $100 billion-plus security and data market opportunity. The leading indicators are positive. Having achieved profitability, we're paving the way for durable growth and substantial market share gains. Let's turn to the broader cybersecurity landscape. This is an unprecedented time for our industry. The frequency, complexity, and cost of cyberattacks are reaching new highs. At the same time, the performance shortcomings of other market offerings are becoming visible to the public. In just the last few months, we've seen high-profile breaches and security failures from the top two endpoint vendors by market share. These incidents are extremely disruptive for the millions of people and thousands of businesses who expect reliability from their security providers. Self-proclaimed gold standard and market share leadership do not equate to better security or customer experience. The latest global IT outage highlights the significance of platform architectures. The cost of protection should never exceed the consequences of a breach. The scale and disruption caused by this incident is a stark reminder of the risks posed by vendor concentration. This was an avoidable incident that was born out of disregard for software deployment best practices. This failure will not be quickly dismissed. As I said last quarter, putting all eggs in the same basket is not advisable in security. Following this incident, customers and partners are looking to reduce their reliance on vendors that enforce closed garden platforms. At SentinelOne, we take an open ecosystem approach to security to give enterprises flexibility and choice. Our goal is not to force cell modules. It is to provide optionality and access to best-of-breed capabilities that minimize security risk and maximize resilience. At Black Hat a few weeks ago, we heard from enterprises that they want to diversify cybersecurity technologies and mitigate the risk of another global outage. There was a lot of excitement and interest in SentinelOne. Companies do not make snap decisions. They need to figure out how to make the transition, but this shift is positive for SentinelOne in the broader enterprise security landscape. This will play out for years as companies dig through the web of liabilities and risks uncovered by this historic outage. As enterprises look to mitigate risk, we help them boost resilience in their security posture. In the cybersecurity industry, we share a fundamental goal to deliver protection and reliability. Security vendors must prioritize security over profits, facts over fiction, and innovation over marketing. Beyond this, the biggest lesson our industry has learned is the importance of product architecture. Understandably, customers and partners are now looking for better platform architectures and building more resilient cyber defenses. This is resulting in significant pipeline pickup for us and high levels of customer interest. This is coming from some of the largest enterprises and partners in the world that did not have a chance to appreciate Singularity platform's breadth and superiority relative to the competitive offerings, all of that isn't changing now. And they are impressed by what we can offer. For instance, several of the world's biggest companies are now engaging with SentinelOne, and some of them have already made the decision to switch. This is just a start. SentinelOne purpose-built an agent that can simultaneously run dual AI-based detection engines both cloud natively and on device. We patented behavioral AI for real-time protection on the device complemented by comprehensive context and triage in the cloud. Solid cybersecurity requires both. Redundancy in this context is mission-critical, not constant software updates. Most importantly, our platform architecture and behavioral AI-based detection capabilities are patented and unique. When we say autonomous, these are not marketing claims, but a description of how our product works. The difference is clear when you consider minor attack evaluations for endpoint over the past several years. Let me highlight just one specific element of minor attack evaluations that is often overlooked. Every year, multiple vendors claim 100% detection with more than one claiming they had the best results. This can't be true, and it's not. Two important metrics everyone should look at are the number of delays and configuration changes during the MITRE evaluations. Making dozens of configuration changes during an attack evaluation simply means that the vendor had to modify its product for detection and protection; otherwise, it failed. This is, obviously, unrealistic in real-world and real-time scenarios, especially when coupled with brittle kernel-level updates. In our Q3 shareholder letter from fiscal year '24, you can see the mightier evaluations chart showing overuse of configuration changes and delays. The two largest endpoint vendors by market share combined had more than 50 delays and configuration changes. SentinelOne had zero. In our view, customers and partners deserve transparency from the first conversation through multi-year relationships to build trust and a secure future. This should be the industry standard. We lead with better technology instead of aggressive marketing claims. As a result, we win a significant majority of technical evaluations. We've been a leader in the Gartner Magic Quadrant for endpoint protection platforms for three years in a row. We are ranked among the highest-rated vendors in the Gartner Peer Insights Voice of the Customer for endpoint protection platforms report, and our Singularity platform has ranked number one in Gartner Critical Capabilities for all of the three use cases for two years in a row. A platform is only as good as some of its parts, and we intend to deliver leading capabilities in all aspects of our platform with an open ecosystem approach. At the center of every SentinelOne solution is the Singularity Data Lake. Our fully integrated and unified Data platform offers leading AI-powered protection, simplicity, and savings for customers. Enterprises benefit from a single unified Data back-end that combines Data across all enterprises' critical services, endpoint, cloud, identities, and any third-party source. Every customer, regardless of the size of the contract, gets autonomous protection and visibility. We are transforming the legacy SIEM market with our modern AI-SIEM, scalable, automated, and fully integrated with leading AI capabilities. We're also seeing tremendous customer interest and adoption of our advanced Purple AI capabilities. Purple's generative AI capabilities are a major competitive advantage, and we have a clear time-to-market lead. Purple AI is natively integrated across our entire platform. Purple touches every aspect of managing security and has the ability to see and manage all security events, including those of competing products. Unlike other market offerings with multiple platforms, co-pilots, and data silos, we're building a unified experience with Purple as a security partner for humans. Purple alleviates the challenges of machine speed response, talent shortage, alert fatigue, and enhances analyst productivity, all while autonomously securing the enterprise. The difference is vast, and we're constantly pushing the envelope with Purple AI. In Q2, we launched Alert Summaries. These provide AI-generated contextual summaries of alerts so analysts can easily view and understand the details and scope of their alerts across their environment. Finally, we have rapidly expanded our cloud security product offerings, which now provide extensive and highly performant runtime protection and posture management solutions. Our CNAPP portfolio is the highest-rated by G2 Summer Grid Report. It now includes CSPM, available worldwide, and SIEM, securing identities and entitlements for cloud infrastructures. Our pace of innovation and autonomous security approach is setting new industry benchmarks. We're widening the gap in a significant way. As we look beyond the second quarter, the path forward for SentinelOne is bright. Demand indicators are strong, new business growth trends are poised to improve, and we're achieving new profitability milestones. The continuation of high-profile breaches and the recent global outage once again reinforced that cybersecurity is not a winner-take-all market. The systemic risks of single-vendor concentration are abundantly clear. After recent events, customer interest in our platform and AI-based security have distinctly risen. This is a new era of cybersecurity, and we are in a leading position. It's certainly early and will play out in months and years to come. As always, our goal remains delivering the best possible security and value to customers and partners. We're focused on keeping customers up and running. This should be a given. Enterprises need reliability, not disruption. As we look ahead, our teams are executing well, and our go-to-market is gaining momentum. We have the winning technology, and our competitive position is stronger than ever. Our financial performance remains industry-leading, and we achieved positive net income for the first time. This is an incredibly dynamic time for us and the industry. Investing in the business for growth and scale is the right step forward. For years, we've led the industry with innovations, and now we're seeing an expanding interest in SentinelOne's AI-powered autonomous security. In closing, our technology teams and financial profile are stronger than ever. I extend my gratitude to our incredible team. Together, we are paving the path to maximizing our business potential. Most importantly, we're focused on helping enterprises advance their infrastructure and security. I want to thank all Sentinels, as well as our valued customers, partners, and shareholders. We look forward to connecting again at our Investor Technology Session at our OneCon conference in October. With that, I will turn the call over to Dave Bernhardt, our Chief Financial Officer.

Dave Bernhardt, CFO

Thank you, Tomer, and thank you, everyone, again for joining us. This afternoon, I'll discuss our quarterly financial performance and provide additional context regarding our guidance for Q3 and fiscal year '25. As a reminder, all comparisons are year-over-year, and financial measures discussed here are non-GAAP unless otherwise noted. Once again, our second quarter results not only met but exceeded our revenue and margin expectations. We continue to lead the industry in terms of technology, revenue growth, and margin expansion. We also delivered our first-ever quarter of positive net income and earnings per share, another significant milestone on our path to sustained profitability. Revenue grew 33% to $199 million in the second quarter. Our growth was also balanced across geographies. Revenue from international markets grew 36%, representing 37% of our quarterly revenue. Our total ARR grew 32% to $806 million. We added $44 million in net new ARR in the quarter, which exceeded our expectations by a double-digit percentage. New customer logos and wins across endpoint, cloud, and data remain the key drivers of new business growth. We also maintained healthy expansion rates from existing customers. Consistent with the view we shared last quarter, we continue to expect better net new ARR growth trends in the second half of the year, driven by a strong pipeline, new product contributions, and expanding go-to-market. Compared to ARR, remaining purchase obligations once again grew at a strong pace, up 40% year-over-year as we continue to sign larger and longer-term contracts. This is important as it provides us with longer-term visibility and sustainable future growth. Looking beyond our top-line, gross margin also increased sequentially to a record-high of 80%. This was an increase of 3 percentage points year-over-year. Our best-in-class gross margin indicates healthy pricing and the success of our value-added approach. Our unified platform architecture delivers better unit economics for SentinelOne and our customers. In addition, we continue to make extraordinary improvements to our operating and net income margins. Q2 was truly a record-setting quarter, our first with positive net income and earnings per share. In parallel, our EBIT margin of negative 3% outperformed our Q2 guidance by 3 percentage points. This also shows an improvement of 19 percentage points compared to a year ago. Our increasing scale, efficiencies, and cost discipline continue to drive substantial operating margin improvement. In Q2, we continue to generate positive operating cash-flow margin, and I'm extremely proud to achieve a positive 2% net income margin and positive earnings per share. We have been working towards achieving profitability since our IPO and have been unwaveringly delivering industry-leading margin expansion every single quarter. Our unit economics and financial position remain incredibly strong. We have over $1 billion in cash, cash equivalents and investments, and zero debt. This provides us with ample durability and flexibility. To this extent, we have already demonstrated tremendous potential for leverage across the business. Moving to our guidance for Q3 and full fiscal year '25. Looking ahead, we remain optimistic about our growth trajectory. For Q3, we expect revenue of about $209.5 million, up 28% year-over-year. For the full year, we expect revenue of about $815 million, up 31% year-over-year. Our higher revenue guidance reflects a $3.5 million increase compared to the midpoint of our prior guidance range, which exceeds the magnitude of our Q2 overperformance. This increase reflects our confidence despite the persistently challenging macroeconomic environment. As I mentioned earlier, we continue to expect better growth trends in the second half of the year. Specifically, we expect second half net new ARR growth to improve compared to the first half of the year. Our confidence is driven by early indications from go-to-market enhancements, a strong second-half pipeline, improved competitive position, and traction with newer solutions like CNAPP, AI, and Data. Turning to our outlook for margins. In Q3, we expect gross margin to be about 79%. We are also raising our full-year gross margin guidance to 79%, the high end of our prior range. We expect Q3 operating margin to be negative 3%, an improvement of about 8 percentage points year-over-year. On a full-year basis, we are narrowing our range to between negative 5% to negative 3%, an improvement of about 15 percentage points at the midpoint compared to fiscal year '24. We are operating in an incredibly dynamic environment. Given the profound evolution of our technology and the competitive opportunities in front of us, we are leaning into investment to grow in scale and market presence. We're encouraged that it's already yielding positive results, including strong Q2 growth and record margins. Based on the demand trends and opportunities for increased market share gains, we may elect to invest more in the business. Our elective investments weigh long-term growth potential with delivering a solid, responsible, and profitable financial profile. This has never been more important than today, and is the right strategy. This year, we have proven the ability to drive profitability and positive free cash flow. Our platform has strong underlying retention rates with potential for significant future expansion opportunities. Our investments in AI, Data, and Cloud Security are reshaping the cybersecurity landscape and will drive our next phase of growth, bringing greater scale and cementing a more diverse business mix. We've entered a new dawn for cybersecurity. To say it's right for disruption is an understatement. Self-proclaimed industry leaders are now facing the same challenges as legacy solutions. Better security and reliability must be the way forward. With the Singularity platform, we deliver superior protection, leading AI capabilities, an open architecture to improve resilience, and a streamlined analyst experience to prevent modern attacks. We're investing in our scale and reach that over time will bring SentinelOne to the forefront of millions more endpoints and businesses. I couldn't be more proud of our commitment and performance to making SentinelOne profitable. We have come so far so fast, the future is just as bright. Thank you all for joining us today. We will now take questions. Operator, please open up the line.

Operator, Operator

Thank you. We will now begin the question-and-answer session. The first question is from Gabriela Borges with Goldman Sachs. You may proceed.

Gabriela Borges, Analyst

Good afternoon. Thank you. Tomer, I wanted to follow-up on some of the architectural strengths that you highlighted in the prepared remarks, particularly the fewer updates and the lower level of kernel access that you talked about. How are you able to maintain the same level of efficacy with mitigating the risk of kernel updates? And how is that architectural strength translating to some of the pipeline conversations you're having? Is there a way to think about what percentage of customers are thinking about dual sourcing versus single sourcing and where the industry might grow from a sole sourcing versus dual sourcing standpoint? Thank you.

Tomer Weingarten, CEO

Let me clarify what occurred. We experienced the largest IT outage ever, impacting millions and disrupting thousands of businesses, resulting in billions of dollars in costs. This outage was unprecedented in scope, affecting systems globally. The duration was also remarkable, as typical technology services do not take days to recover; we saw outages lasting days to weeks, needing manual interventions and reboots of millions of devices. I've never encountered anything like this before, which understandably raised concerns among customers. This situation has brought the software development practices of the vendor into question. Looking at SentinelOne, our architecture allows us to operate differently. We do not need as many updates, as we integrate AI models into the endpoint agent and have significantly reduced our dependence on the kernel over the past five to seven years. On Mac systems, we don't touch the kernel at all, and on Linux, we avoid it completely. Even on Windows, we minimize our interaction with it. Our updates reside in a separate part of the system, which enhances stability. Updates involving the kernel can lead to critical failures like blue screens, so most vendors limit their kernel activities. For us, our testing methodology, deployment scheduling, and customer control over deployments have been established practices for the past decade. We do not start our deployment process without established protocols, which our customers value. There's a concerning lack of testing in deploying kernel updates elsewhere, raising the question of whether such practices meet basic care standards. Customers are seeking clarity on their control during deployments, and with SentinelOne, they maintain full control. We never deploy without their knowledge or on a fleet-wide basis, contrasting sharply with what competitors like CrowdStrike do. These fundamental architectural differences are important, as is our patented behavioral AI designed to handle real-time attacks without needing constant updates. This differentiates next-generation vendors from traditional antivirus solutions, allowing for detection without relying on signatures or specific indicators. We have moved away from frequent updates and are supported by cloud technology, which does not require the same frequency of updates. Other vendors still depend heavily on signature-type updates, highlighting the differences in our approaches, which have not always been clear to customers. Recent issues reported in Europe, including cloud service problems linked to Falcon, suggest that a cloud-dependent strategy may not be as advantageous as once thought. SentinelOne's embedded approach has proven much more effective over the years.

Gabriela Borges, Analyst

Thank you for the detail.

Operator, Operator

The next question is from the line of Brian Essex with JPMorgan. You may proceed.

Brian Essex, Analyst

Thank you for taking my question. Tomer, I wanted to go back to what you mentioned in your shareholder letter and remarks about the growing interest in your platform. Could you elaborate on the conversations you're having with customers? How do you think the recent outage might affect your pipeline growth, if you can quantify it? Is there any impact on pricing or win rates? Are you relying on deal losses from CrowdStrike to meet your target growth numbers mentioned in your guidance? I'm trying to understand the impact and any conservative estimates you have. Thank you.

Tomer Weingarten, CEO

For the second quarter, the majority of what we're experiencing is the natural momentum of our business. The significant overachievement in net new ARR is indicative of this organic growth. Looking ahead, our pipeline appears to be strengthening. Many customers are reconsidering their extension agreements, and we’ve already observed some customers choosing to transition to SentinelOne, with others in various stages of this process. While these decisions may take time to materialize, they indicate a broader trend among customers evaluating their next steps, which is favorable for SentinelOne. It’s important to note that sales cycles typically range from nine to twelve months, and while some customers may act quickly, most will take their time in making decisions. Customers are viewing us as the top alternative, seeking to diversify their risk rather than concentrating more capabilities with a single vendor. As our partner ecosystem explores expansion opportunities, they are looking to other providers, including us, especially at a time when we are heavily investing in enhancing our workforce and partner support. We are gearing up to present our comprehensive platform, and the significant traction we’ve witnessed with Purple AI underscores our ability to expand with our emerging products. We're not only seeing consistent progress in the endpoint sector, but we're also revisiting adjacent markets, with SentinelOne being recognized as the leading vendor for various opportunities.

Operator, Operator

The next question is from the line of Hamza Fodderwala with Morgan Stanley. You may proceed.

Hamza Fodderwala, Analyst

Great. Good evening. Thank you for taking my question. Tomer, thanks a lot for all the commentary on the increased pipeline, the new product attach rates with Purple, and a lot of the other things that you mentioned. I'm curious, given this opportunity in front of you, it seems like a lot more is coming SentinelOne's way. From a go-to-market execution standpoint, do you feel like the go-to-market engine has significantly improved, especially in light of the CRO transition that SentinelOne had recently? Thank you.

Tomer Weingarten, CEO

I do. Absolutely. I think we've seen good evidence of that in Q2. And I think we're seeing more and more of that. Look, when we look at the remainder of this year, there's a couple of things that are in play. I mean, obviously, we're looking for just overall better trends in the second half of the year. I think we're also seeing even a departure from our seasonality between Q2 and Q3 and more sequential growth into Q3. And everything I'm saying now is really regardless of this outage, regardless of the downstream effect, this is just our own business, really improving our go-to-market cadence. So as I mentioned, I think this in some way has come in a relatively good time for us. We've been improving our execution. I think our sales force DNA has been, I think, amplified. We brought in new leaders. We're seeing better cadence. We're seeing better pipeline retention, better conversion rates, better win rates, all of that is trending positively again regardless of what happened. So all in all, we feel encouraged. We're trying to take a responsible approach for the remainder of the year. These are very early days. It's still very, very dynamic. I don't know that we can fully quantify what we're seeing now. And obviously, things can change here and there. We still want to make sure that we're giving an accurate projection for you all, and that's why we're kind of sticking to the envelope that we know about, and that's kind of what guides us forward.

Operator, Operator

The next question is from the line of Saket Kalia with Barclays. You may proceed.

Saket Kalia, Analyst

Okay. Great, guys. Thanks for taking my question here. Maybe we'll change it up a little bit, and David, I've got a question for you. Very helpful commentary just on sort of directionally how to think about net new ARR here in the second-half, but just for everybody's benefit, I was wondering if you wanted to put a finer point on net new ARR. How should we be thinking about modeling net new ARR for this year? And is it fair to say that based on the commentary so far that doesn't include too much benefit from the CrowdStrike outage?

Dave Bernhardt, CFO

Thank you for the great question, Saket. Regarding ARR, I believe we successfully stabilized net new ARR growth in Q2, aligning with our previous quarter's commitment. We exceeded our expectations by double digits, driven by improved execution, strong underlying demand, and positive market responses to our platform solutions. As stated last quarter, we anticipated better growth trends in H2, even before the recent cyber event involving CrowdStrike. We were already expecting above-average growth from Q2 to Q3, which we've communicated. Our execution has improved, and we have seen better pipeline retention. It's also important to note that our revenue has increased significantly, moving us to the higher end of our range, indicating positive growth expectations for the second half. That said, while there may be potential benefits from new customers due to the CrowdStrike situation, our guidance does not rely on that.

Operator, Operator

The next question is from the line of Shrenik Kothari with Baird. You may proceed.

Shrenik Kothari, Analyst

Thanks for taking my question. So Tomer, I mean you highlighted the partnership with CISO, which delivers government-wide cyber defense, and that seems to be pretty meaningful, so how does the platform capabilities firstly align with the requirements of the agencies? And can you elaborate on the significance of the partnership and the potential implications that would have on the growth opportunity in the federal market overall, if you can provide some more color? Thanks.

Tomer Weingarten, CEO

These types of deals, including the cyber insurer coalition we are building, represent long-term, extensive partnerships. They gradually reveal their benefits over the years, similar to our CISO partnership. SentinelOne's ability to secure private clouds and on-premise environments is quite unique, aligning well with the needs of the federal government. Our Data solutions provide significant cost savings for these agencies, but it's important to view these partnerships as incremental opportunities that grow over time. There's no single solution that achieves everything at once; rather, we are looking at the potential to capture a larger market share over years. This includes our collaboration with Google, as they transition from their previous solution to our next-generation offerings, as well as partnerships with cyber insurers like Aon and Chubb, which allow their clients to choose SentinelOne with enhanced premiums and improved risk management. Overall, these strategic partnerships will help us gain more market share and drive future success.

Operator, Operator

Next question comes from the line of John DiFucci with Guggenheim. You may proceed.

John DiFucci, Analyst

Thank you. Tomer, you were already in the process to change go-to-market, you have a new CRO, I guess, any thoughts on redirecting that due to the recent issues with the CrowdStrike outage? And on a related point, I think last quarter you said you weren't in a chase to invest in marketing, but given what looks like an opportunity for you, has that approach changed due to these events?

Tomer Weingarten, CEO

We've been very focused on generating new business, which aligns well with recent developments. Our primary goal has always been to acquire new customers, and this remains consistent. We are sharpening our focus on our channel ecosystem, where we have been particularly strong. Our extensive partner network is now positioning us to assist customers who are reevaluating their security choices. This creates an opportunity to further accelerate a strategy we previously had, and now we have the discipline, systems, and processes in place to effectively pursue it, making it both timely and very advantageous.

Operator, Operator

The next question is from the line of Rudy Kessinger with D.A. Davidson. You may proceed.

Rudy Kessinger, Analyst

Thank you for taking my question. Tomer, in your prepared remarks, you mentioned that you have possibly displaced a few CrowdStrike customers since the outage, and there have been various comments throughout this call. You indicated that sales cycles could take nine to twelve months. Dave, you mentioned that the outlook for the second half is not reliant on any increase from CrowdStrike. I’m trying to understand, similar to what Saket asked, if you can quantify over the last five to six weeks whether you can directly attribute any significant portion of your new business to customers who may have signed contracts with you because of the CrowdStrike outage. I'm looking for a clearer understanding of the impact to date and your expectations for any positive effects for the rest of this year.

Tomer Weingarten, CEO

Yes. Look, I'm not going to delve into how material and not material it is. We still have quite a lot of book of business regardless. That said, there have been customers that have been switching away. There have been customers that have decided, and the switch to us, I hope, will happen quite soon. So it's all really work in progress, if you may. But these are marquee customers sometimes. So what the level of impact that would have and in what exact timeline? I mean, I'm not sure I can tell you right now. Customers need to test. Customers need to ensure interoperability. Customers need to come up with deployment plans. If anything, we've learned from this is that you just don't want to move too fast, especially not with such important pieces of software for critical infrastructure. So all in all, I think I'm very encouraged by the conversations. We're not pushing towards any timeline. Once again, we work at the pace of customers. We're there to support them. We're not there to ambulance chase. If somebody shows up at my hospital, I'm darn well going to let them in, but we're doing this at the pace of customers.

Operator, Operator

The next question is from the line of Peter Weed with Bernstein. You may proceed.

Peter Weed, Analyst

Thank you. I think one of the things you've been emphasizing for several quarters has been kind of the increasing proportion of growth coming from new customers, which is obviously really exciting for potential of future growth. But can you help us, I guess, maybe on two dimensions? One is just give us some comfort that that's not just because of the continued deceleration in growth of existing customers. So where is that kind of trailing 12-month NRR sitting now and that kind of line-of-sight to potential expansion in the second half? And I guess the other side is, in those new customers, is that coming from an increasing number of incremental lands? Is that coming from expansion and the size of those new customers? Maybe give us some color on the profile that's driving that really nice track record.

Tomer Weingarten, CEO

Expansion has been strong for us for as long as I can remember, and it continues to be so. Like last quarter, we are firmly in an expansion phase. We are growing our business with our current customers, who are extremely satisfied. Just look at the Gartner Peer reviews to see their feedback. This presents a clear opportunity that we can manage, and we are progressing at our chosen pace. However, our main focus remains on acquiring new accounts and bringing in more customers. This growth comes both from new accounts specifically in endpoint protection, where we still have a significant portion of the market available, and also from new opportunities in our cloud offerings and AI-SIEM product. Overall, we see our emerging capabilities becoming stronger, not just through cross-selling and upselling to existing customers, but also by attracting new customers through innovative solutions we offer. This is a deliberate strategy we are implementing. We are aiming to expand our customer base as much as possible while continuing to enhance our cross-sell and upsell efforts. Ultimately, given our finite sales team, we are currently prioritizing new account acquisition.

Operator, Operator

The next question comes from the line of Brad Zelnick with Deutsche Bank. You may proceed.

Brad Zelnick, Analyst

Great. Thanks so much for taking the question. Tomer, I wanted to follow-up on an earlier question about architecture, and specifically, what if anything you're expecting of Microsoft's upcoming Cyber Summit on September 10th? What changes do you envision that they might make so that the industry never sees 8.5 million Windows endpoints go down again? And how might any of those changes impact SentinelOne and perhaps your competitive positioning? Thank you.

Tomer Weingarten, CEO

It's a good question. It's important to remember that the discussion about the kernel isn't new. Microsoft has been trying to limit broad-based kernel access for at least the past ten years, with several initiatives attempting to do so, all of which have not succeeded. I'm encouraged that this topic is being revisited, but it seems quite complicated. We might find ourselves in a lengthy transition, or it may take even longer to achieve meaningful changes. Nonetheless, SentinelOne has always prioritized the best outcomes for our customers. If we can obtain the necessary APIs and channels to move away from the kernel while maintaining the same visibility we currently have, we will certainly pursue that. Just like we successfully transitioned away from the kernel in Mac OS and Linux, we would welcome Microsoft's standardized approach to system monitoring. However, this issue extends beyond just security providers and their kernel access. Previous attempts by Microsoft to create an app ecosystem and permission-based controls on Windows have not really transformed the operating system. The Windows OS has shown itself to be fragile repeatedly, and that's a significant concern. Considering the level of refactoring that may be required for the operating system could be considerable. Additionally, other vendors with kernel access may also face substantial refactoring challenges if they need to exit the kernel. It's still early, and we'll see how things unfold, but I'm hopeful there will be productive discussions ahead.

Operator, Operator

The next question is from the line of Adam Tindle with Raymond James. You may proceed.

Adam Tindle, Analyst

Okay. Thank you. Tomer, one of the highlights this quarter was you reached positive non-GAAP net income for the first time ever, and congrats on that. If I'm listening, though, to Dave's closing comments in his prepared remarks, it does sound like you're maybe beginning to reevaluate the trade-offs in growth and profitability. Certainly seems to make sense given the market is now more wide-open than ever. But I guess the question would be if you're potentially asking shareholders to go through an investment journey with you, it would be helpful to give visibility into your thought process on that, sort of the key factors that would go into your analysis on that decision, any parameters that you might put on the magnitude of potential investment? Thanks.

Tomer Weingarten, CEO

First of all, we have guidance and we follow guidance, and I think that kind of sits our entire philosophy, our entire constraint base, and how we think about the growth journey. Our comments are just in a world where you can choose to invest or not invest, we want to make sure people understand there is a massive opportunity. This is a $100 billion TAM. We got the leading technology in the market. So obviously, I don't think our shareholders want to see us back away or back down by any degree. With that, we have committed to an envelope, and we're sticking to that envelope. I think that's all we're trying to say here. The opportunity is big. I think as we look at what we can potentially unlock in kind of the out years, that's always going to have to be balanced with our journey towards profitability. But I don't think you're going to see us veering away from the path that we've set. If anything, I think it's just on the pace of acceleration towards profitability. If you can imagine a world where we would invest less in growth and show more profitability, I think what we're just trying to let folks know is that this is the balance. What you're seeing from us is the balance is what we feel is responsible and is what we're following.

Dave Bernhardt, CFO

Yes, I would like to add that we are focused on the long-term growth potential while also delivering a solid, responsible, and profitable financial profile. Looking at the annual guidance, we have indicated a 15 percentage point improvement in year-over-year margins, and all we really did was refine the range we had for EBIT. We adjusted our estimates from negative 2 to negative 6, and then to negative 3 and negative 5, ultimately honing in on a specific range while preserving flexibility for potential investments that could drive growth next year. This is the key message we want to convey. There is a significant opportunity, and we may take advantage of it.

Operator, Operator

The next question is from the line of Gray Powell with BTIG. You may proceed.

Gray Powell, Analyst

Okay, great. Thanks for taking the question, and congratulations on the good results. So look, I know you've had a lot of questions on the CrowdStrike outage. If it's okay, I'd like to just ask one more. On the marketing side, just how aggressive are you being there following the incident? And do you have any specific programs in place to target Crowd customers who are potentially upset following the outage, like anything like a free six to 12-month limited trial period to ease the transition costs or just anything else that you're doing that could maybe help you leverage the situation? Thank you.

Tomer Weingarten, CEO

As I mentioned, we're just trying to be there for customers. Obviously, there's a lot of activity with our partner ecosystem, which is natural, but we have not devised any specific takeout programs. We don't feel like that's warranted or needed. We want to make sure that people understand the difference in architecture. So I think we put a lot of literature and collateral around the differences between the platforms. We're trying to educate folks. I think more than anything, we're just trying to make sure that people understand the kind of the ground truth of what happened. There's a lot of attempts to create alternative narratives. We've seen some appalling attempts to try and threaten customers publicly. We're obviously just trying to stay true to our North Star, which is no resilient marketing, staying true to facts, and I think that we're doing it here once again.

Operator, Operator

That concludes the question-and-answer session. I would now like to turn the call over to Tomer Weingarten, CEO of SentinelOne, for closing remarks.

Tomer Weingarten, CEO

Thank you, everybody. Appreciate your time today.

Operator, Operator

That concludes the SentinelOne Second Quarter Fiscal Year 2025 earnings conference call. Thank you for your participation. You may now disconnect your line.