Quarter 1
Q2 2026 Earnings Call — February 26, 2026
Management: Thank you. Certainly.
As a reminder, to ask a question, please press star 1-1 on your telephone and wait for your name to be announced.
To withdraw your question, please press star 1-1 again.
Analyst Saket Kalea (Barclays): Okay, great. Hey, guys, thanks for taking my question here, and thank you, team, for the increased disclosure on Red Canary. Very, very helpful. Jay, maybe for you, I'd love if we could talk about just the competitive backdrop a little bit and anything you can touch on in terms of competitive win rates and what you saw this quarter. I mean, clearly this is a rising tide market, but there are other players as well. Maybe
the question is where are you winning and what impact, if any, are they having?
Management: Thank you, Saket. We haven't seen much change in the competitive dynamics over the past few quarters. What we saw was a record pipeline conversion for Q2, which is wonderful. And we also had a record Q2 in terms of large deal wins. And in Q2, in large deal wins, I mean over a million dollars. I mean, there's a fair amount of noise the market creates out there. SASE this, SASE that. SASE is a collection of all kinds of products. In many of these SASE numbers, legacy firewalls, VPNs get thrown out. But what we are seeing in the market is our customers care about zero trust. And as we engage and explain zero trust, we almost always win. And by the way, SASE is not equal to zero trust. And zero trust is what eliminates lateral movement. Very pleased with the performance. Our brand has grown. Most of the large enterprises like us, they know us, and I think the future is great for us.
Analyst Brad Zelnick (Deutsche Bank): Oh, great. Thank you so much. Congrats again on another great quarter, guys, and also appreciate the additional disclosure. Kevin, it seems you're raising your full year ARR expectation by more than your overachievement in Q2. How much might be from newer acquisitions, and are there any seasonal anomalies we should consider, perhaps slip deals out of Q2 or anything like that?
Management: Thanks, Brad. Appreciate the comments and the question. First of all, just remember our business seasonality tends to favor H2, so we are going into the second half of the year feeling confident. We do see a strong pipeline of deals going into the back half, which does give us confidence in the raise, excluding Red Canary. So I would point to strength in the overall business as well as just general seasonality that we see in the back half of the year.
Analyst Greg Moskowitz (Mizuho): Great. Thank you very much for taking the question. I also welcome the additional disclosures. Thank you for that. Very interesting that your non-seat-based metered usage solutions are now over 25% of new ACV. That's higher than a lot of people had thought. And with the related ARR more than doubling year over year, this has the potential to put some upward pressure on the growth algorithm for Zscaler in the future. But, you know, Jay, when you kind of look deeper at these non-seat-based solutions, you gave some good color in your prepared remarks, but can you help us better understand what's really most resonating with customers today, as well as what you're most excited about going forward?
Management: Of course. Yes, we started early on with Zscaler. For users with zero trust, that has largely been seat-based, but now we have zero trust for workloads, branches, devices, and now we're extending it to AI agents as well. Now, even for users, we did have a number of use cases that are non-seat-based. This is AIO's EPA, where we are doing third-party contractors, guest Wi-Fi, or B2B data exchange with suppliers and customers. And yet our growth on zero trust branch and club has been very strong and that's all non-user or metered pricing. Our AI security solutions which are starting small but growing pretty rapidly are all non-user based rather they are token based. We are pleased to say that a quarter of a new business came from metered uses and we expect it to grow over time especially with AI agents because we believe that there will be billions of AI agents. The only way to secure communication of AI agents is to go through zero-trust exchange that scales, that's highly reliable and globally distributed. And that's what we have.
Analyst Brian Essex (J.P. Morgan): Great, thank you. Good afternoon. Thank you for taking the question and another set of kudos to Kevin for the organic versus inorganic disclosure. Maybe a question for you Jay, and I, you know, we saw this look quite a lot during, you know, like a decade ago when digital transformation was the buzzword and a lot of different IT projects were classified as digital transformation products. Similarly, we're starting to hear of a lot of projects, you know, where executives are throwing AI on top of their projects to get more budget. And from that perspective, are you beginning to see any attached to budgets outside of security? How are CIOs thinking about, you know, funding some of these projects? And is Zscaler a beneficiary of that?
Management: Yeah. So we are seeing CIOs trying to really move as fast as they can to implement AI security projects. And the feeling is, if I'm not doing something, I'll be left behind. That's a clear thing I see as I talk to lots and lots of them. But they do all worry about cybersecurity, especially when you see all these agents showing up every other week. I mean, last night was for FlexT computer and the pod before that, and all these guys keep on coming. They are definitely creating security issues. So our customers are asking us, what can you provide me? but visibility into AI assets and risk associated with that. And then start moving around. How do we control agents? How do we have a policy that can say certain agents can access certain applications? Agents are someone like you. They're just more dangerous, and they're growing at a rapid pace. So there is a high degree of interest in proper security, especially zero trust for agents that we provide. The budget opens up. The budget either comes from the security side of it, or the CIOs are allocating some number of budget out of the AI project. If you're spending $100 on an AI project, to spend $4, $5, $6 on security is viewed as a very nominal thing. So we're not seeing budgets as an issue to do AI security projects. It does require that you need to engage at the C-level, and we have very good C-level relationships, and we have a pretty good brand and credibility with Fortune 500 companies.
Analyst Meta Marshall (Morgan Stanley): Great. Thanks. Maybe a question for me kind of following up on Brian's question of just what you're seeing in terms of sales cycles once kind of a deal is encompassing more AI. I guess just how does it change the dynamic of either kind of needing to take a more holistic view or needing to include more modules? Just what are you seeing there?
Management: Thank you. So sales cycle depends upon the scope of the project. The first thing our customers are trying to do is put their hands around what do they have in the AI environment, what public AI application is being used, and what private AI is being used. So for that, we offer AI asset management. Then they want to do vulnerability assessment, red teaming kind of stuff. As they roll out the project, guardrails becomes important. Last month, we launched a very integrated AI security portfolio. The sales cycle, based on what modules they're doing, is generally faster because they're not really trying to go after everything. They want to start somewhere, but they want an integrated solution. A number of customers have told me, hey, we bought this solution from a startup, but for one year till I figure out what integrated solution can I get from a trusted vendor like Zscaler who will be around for the long term. So deals, sell cycles are faster. They are smaller deals to start with, and I think they'll grow over time, especially most of those deals are based on consumption of tokens. And as usage grows, usage of tokens will grow.
Analyst Fatima Bulani (Citi): Good afternoon. Thank you for taking my question. Kevin, this one's for you. I was hoping to take a step back to have you reconcile the comments around Red Canary seeing elevated churn but also the close to 30% revision on your financial contribution expectation from Red Canary, both to ARR and top line on revenue. So just wanted to kind of better understand. I know you sort of flagged that the Red Canary business generally had much higher levels of churn relative to Zscaler proper. So I just kind of wanted to better understand, you know, the dichotomy between those statements and if you can opine on that.
Management: Yeah, I appreciate the question. So, look, I mean, there is an element here that, you know, as we talked about when we did the acquisitions, as we do secure the renewals, there is a positive impact to ARR, and so you are seeing some of that come in. My commentary just around the elevated levels of renewals is just to give color around what we are seeing. You know,
as a reminder, Red Canary was a technology and talent acquisition, and it is a core feature of the agentic SOC that we are putting together and combining.
And I mentioned that we moved into the next phase of our integration earlier this month and now consolidating those teams, which we're really excited about. So, I mean, the reconciliation is really just to give you guys a sense for what we're seeing in the business and how you should think about the second half of the year.
Analyst Roger Boyd (UBS): Great. Thanks for taking the question. Jay, I wanted to touch on sales productivity. You've made a number of changes to the go-to-market strategy over the past year in order to really help guide customers towards more transformational projects. And I know you mentioned another improvement this quarter, but can you talk about kind of the future ramp you're expecting in terms of Salesforce productivity? Do you see further room to upside given the push towards more of these transformational deals that are bigger but maybe more complex?
Management: I'll give you a broader view, and Kevin can get into more specific stuff. With the changes we've gone through, we are driving more transformational deals, better engaging with our customers. With that, we're seeing bigger deals, Z-flex type of deals that are happening out there that's leading to improved productivity. In fact, we had a double-digit sales productivity growth. Very pleased with the way sales transformation has happened. As we said last quarter, the transformation is done. Now we keep on executing further.
Management: Yeah, thanks, Jay. So I want to just kind of double-click on that last point, right? So as we engage with our customers, the account-centric model is a much different level of engagement. We're seeing a lot of interest in ZFlex and what that looks like from a strategic point of view. And so the nature of the conversation, the way in which we're engaging, the larger deals that we're seeing all will lend itself to continued productivity opportunity going ahead. So as I look forward, I would expect that we will continue to see improvement in productivity as a result. So we are seeing the benefits and expect that we'll continue to see an improvement over time. The record pipeline conversion in Q2 is a good indication of that. What we want to do is working record million dollar deals in Q2 in another indication of that results we're getting.
Analyst Etai Kidron (Oppenheimer and Company): Thanks. Kevin, I wanted to dig into your comment on the core ZIACPA growth. I think you mentioned meetings and ARR. Can you give us a little bit more color? What was that growth rate over the last two or three quarters, perhaps, and how do we think about expectations for your core ZIA, ZPA business for the next two or three quarters?
Management: Yeah, thanks, Etai. I appreciate the question. We have seen pretty consistent performance in ZIA, ZPA. We did get some feedback that it would be helpful for you guys to get a little bit more color in that regard, which is why I added that into the script. You know, keep in mind that ZIA, ZPA, as it relates to Zero Trust Everywhere, is the foundation and, to a large degree, the base and the opportunity. If you look at the number of customers that we have today, roughly 4,400 out of more than 20,000 potential companies that we think can be customers, you look at it in terms of Fortune 500, where we still have over half of those to prospect against. There is a massive opportunity left with ZIA, ZPA, as we think about it. And even within the companies that we do have on ZIA, ZPA, you know, we have an opportunity to upsell those to zero trust everywhere and then adjacently through the other pillars, data security and AI. So from our point of view, it just reiterates the stability in the underlying business and really gives a sense for what's driving kind of the core of the business. But again, you know, we've got these other three growth pillars that have been doing exceptionally well. One interesting stat is that customers on average are tripling their initial purchase in four years.
Analyst Gray Powell (BTIG): Oh, great. Thanks for taking the question. Can you hear me okay? I cut out there for a second.
Management: Yes, you can.
Analyst Gray Powell (BTIG): Excellent. Okay. So I want to follow up on some of the earlier questions. And I think you've hit on this somewhat. So you are seeing a lot of momentum in ZFlex deals. If I'm doing the math correctly, I'm calculating that ZFlex was over 30% of RPO bookings. I'm not sure if that's how you look at it. But I guess the question is, how does the ARR ramp on a ZFlex deal compare to customers under historical contracts? And then just any directional commentary you can give on how big a typical ZFlex customer is at maturity versus traditional or like what they spend. And what's sort of like giving you the most upside from a product perspective?
Management: Yeah, thanks for the question. Let me maybe just orientate. I mean, the way that we look at ZFlex is it is another opportunity for us to offer a package to a customer that we think is mutually compelling. It gives them flexibility so they have less concern about being locked into a particular product or product decision in the future. It gives them an opportunity to focus more on the long-term partnership versus more transactional selling in nature. And then it does give an opportunity for them to try in a much easier, less friction way, new modules and expand into those modules. So from an offering perspective, it is a much better and more strategic way to engage. We do think over time that more and more of our customers will adopt Z-Flex. It is not something that we mandate or push, but where we feel that it really is well-positioned, the field is enabled to be able to offer Z-Flex going forward. Your question around differences in ramps, et cetera, fundamentally two deals, if it's a Z-Flex or if it's a non-Z-Flex, so long as they're similar structure, there's no difference in how that shows up in ARR.
ZFlex is by their nature, because they're longer term, they've got more products, they may have a ramp that is built in so that the customer can deploy along their deployment plan, which could take anywhere from six months to a year. But I wouldn't think about ZFlex as creating a different dynamic with respect to ARR, other than it's just another level of indication that we are very strategic in that environment. The average ZFlex deal is typically an eight-figure TCV commitment, and for those deals that we've done thus far, it's been about a four-year period. As we've talked about, they tend to be three- to five-year deals, and right now the average is about four.
Analyst Jonathan Rookover (Cancer Fitzgerald): Yes, thank you. So I think, Jay, this is for you. Just curious, when you look at Square X, from my understanding, you're embedding browser security via an extension rather than having a dedicated secure browser. Can you just talk about that? It seems like the flexibility could be a plus, but is there any trade-off between, you know, control and functionality between extension and full browser? And then just curious also on your view of, you know, how critical is the browser layer to winning broader zero-trust deals over the next couple of years?
Management: Very good question. So we have been offering a zero trust isolation solution using any standard browser for managed and unmanaged devices. No managed, no problem. Unmanaged devices means they were using their standard browser. Some customers wanted something like a device posture check on an unmanaged device. And for that, one option was you buy a full-blown enterprise browser from a third party. We looked at some of those acquisitions a couple of years ago. We did not like it. Full-blown browser with its own vulnerabilities and customers don't like one more agent. Or in this case, this is one more mega agent on the endpoint. So what we found was with SquareX acquisition, we could add the security functionality such as device posture check using browser extensions from unmanaged devices. It's a wonderful use case. or generally for third-party type of stuff for us. So it's a clean, better solution rather than trying to have full-blown third-party browsers. And it really takes good off the gap that we have in this environment. So we think it expands our time. We have lots of customers who are using browser isolation. This actually will help us expand it to handle some of the third parties who will come from unmanaged devices. So very pleased with the acquisition and the fit and the early mock reaction.
Analyst Eric Keith (KeyBank): Hey, thanks for taking the question. Maybe I wanted to come back as an extension to Greg's earlier question. I'm thinking about AI agents. So AI agents will drive a lot of network traffic. So Jay, Kevin, how should we think about how you can monetize that increased traffic, and Kevin, how we should think about it impacting the model over a longer time period?
Management: Yeah, thank you. We think these agents that are going at a pretty rapid pace will generate a fair amount of traffic. That traffic means they're going to access application A or B, or one agent is going to talk to a second agent. In order to do that, we believe the best security is that they should be going through a zero trust exchange so that a given agent can only talk to a given agent or applications. Otherwise, imagine one infected or hijacked agent could infect the whole enterprise. That's the biggest value we bring to the table. The more agents, the more agentic traffic, the more value we deliver, and the better revenue opportunity for us. So we look at it as probably the biggest opportunity upside for growth of these kind of business.
Analyst Matt Hedberg (RBC): Great. Thanks for taking my questions, guys. You know, strong results in your raising, Kevin, you said, by more than the beat, but I just had a clarification on ARR, and I just want to make sure that I'm not missing anything. It looks like you raised the ARR midpoint by $30 million, but it looks like in the disclosure, and maybe this is where I'm mistaken, but it looks like you took your Red Canary expectations up from 95 million to 135 million. So to me, that looks like a $35 million raise. So am I interpreting that right? Because I'm just not totally certain about what kind of the organic raise here is for the year.
Management: Yeah, no, I appreciate the clarification. If you look at this on an organic basis, we are raising the organic net new from 6.7 as our initial raise in the beginning of the year to 9.5% growth for 26. So yes, there is some element of Red Canary that is mechanically inherent in the raise, but the underlying growth and strength in the organic business giving us confidence to raise to 9.5% net new growth this year is what you're seeing fundamentally in the raise guidance. And keep in mind, just in the first half of this year, net new without Red Canary grew 10% against the backdrop of last year where it grew 1%. So we are seeing very healthy acceleration in net new ARR growth, both first half and signaling for the back half.
Analyst Keith Bachman (BMO): Okay, thank you. I broke up a little bit there, but I wanted to go ahead and ask the question about zero trust everywhere. And Jay, the question for you is, how significant could this be? You're at 550 customers now. You were at 130 a year ago. Two dimensions of the question are, A, what's the average ARR uplift that you experience when a customer goes to zero trust everywhere? Is there some kind of lift that you could help guide us on? And then how deep do you think this could get with your installed base? What's the potential reach here?
Management: So, first of all, we are very pleased with the number of customers becoming zero-trust aggregate customers. The number 550 is very good, and these are enterprise customers. They're large customers. In terms of lift on ARR, I think we even shared last quarter that we are seeing 2 to 3x essentially move in the ARR when customers are buying, moving to Zero Trust everywhere, which is very good. In terms of potential out there, I can tell you a year ago when I was talking to customers about Zero Trust launch, which essentially replaces MPLS or SD-WAN. I was wondering how many customers will be saying I love my SD-WANs. Okay, I can tell you I don't find any Zscaler customer now. These are our customers; they all want to replace SD-WAN for cost reasons and for security reasons. Remember SD-WAN enables lateral movement, so attention is interest is very high in the branch on the cloud side of it too. It's a fascinating new disruptive play. We literally know real competition other than old-school firewalls. And trying to do firewalls with IP address and ACL is a nightmare, so we're seeing that traction going. So very bullish on both Zero Trust branch and Zero Trust Cloud. So I would love to see that every Zscaler customer, in a matter of time, will be a Zero Trust everywhere customer.
Management: And that concludes our Q&A session. I would now like to turn the conference back to Jay Chaudhry, CEO, Chairman, and Founder, for closing remarks. Thank you for joining us. We look forward to seeing you at one of the investor conferences we'll be attending. Thanks again. And this concludes today's program. Thank you for participating. You may now disconnect.
Quarter 2
Q1 2026 Earnings Call — November 25, 2025
Management: Thank you.
As a reminder, to ask a question, please press star 1 1 on your telephone and wait for your name to be announced.
To withdraw your question, please press star 1 1 again. Please limit yourself to one question. One moment for questions.
Analyst Brad Delnick (Deutsche Bank): Excellent. Thank you so much and congrats on such a strong start to the year and hitting your Zero Trust Everywhere goal three quarters ahead is just amazing. Jay, I wanted to ask about Zero Trust Branch, which we continue to hear good things about. It's showing some nice early adoption. But as we look ahead, how much more work needs to be done on the product and or go-to-market fine-tuning to see real acceleration from here? Thanks.
Executive Jay (Title): Thanks, Brad. We have done some amazing work on the technology side to build a zero-trust branch where each branch is merely an island, no lateral movement that's generally caused by traditional networking with SD-WAN and MPLS. Product is in great shape. Go to market, we put together a specialty team that can actually engage with the right buyers to explain the solutions. The numbers are pretty impressive. I often joke internally that Zero Trust Branch needs no pipeline generation effort because there's so much demand in the customers. I think we shared some numbers. Our Zero Trust Branch customers have now exceeded over 450 customers. A lot of customers start small. They do the smaller rollout, and then they move on to bigger deals. In my prepared remarks, I gave an example of over 2,000 manufacturing customers whose ARR more than tripled. I think there are many, many such examples. We got about 4,400 enterprise-class customers. They've only gone to about 10% of them. So I see a big opportunity. I think it's an exciting area for us, and it's part of our Zero Trust Everywhere platform.
Analyst Saket Khalil (Barclays): Okay, great. Hey, guys. Congrats on the strong start to the year. Thanks for taking my questions, and congrats, Ashwin. Yes. Maybe a little bit of a joint question for you, Jay, and Kevin. You know, the billion dollars in ARR that's coming from the three emerging areas is clearly outgrowing the rest of the business. In fact, I think you said it accelerated, and for good reason. But I was wondering if you could help us think about the other two billion in ARR. And maybe specifically, is it fair to think about that other tranche as more of a la carte zero-trust tools like ZIA and ZPA? And maybe relatedly, how do you think about the growth rate for that $2 billion versus an emerging bucket that's clearly growing faster than the rest of the business?
Executive Jay (Title): So, yes, it's very true that our three buckets of billion-dollar ARR has been growing very well. The remaining $2 billion, yes, a big part of that, ZICPA, it has been going quite well. But the big opportunity for that business is also to emerge into zero trust everywhere. Remember we said that zero trust journey started with users. We've taken it to branches. We've taken it to cloud and next to IoT. While other vendors who tried to claim zero trust tried to say we got SASE, they're merely sitting with zero trust trying to do for users. And we have expanded the platform to give a lot of opportunities. The core business by itself will grow at a smaller rate than the rest of the overall business. But our goal is really to take every customer to Zero Trust every day. And that's what we are successfully doing.
Analyst Meta Marshall (Morgan Stanley): Great. Thank you. Maybe just wanted to ask a question about Red Canary and just, you know, how it's kind of performing towards expectations given that, you know, you guys have been looking at a fair amount of churn within your kind of assumptions for that business. Just any context around that performance would be helpful. Thanks.
Executive Jay (Title): I'll start with broad comments and Kevin can go deeper. The integration of Red Canary with Zscaler is going very well. The GNA integration is done right away. The two other main areas were, one, engineering and products. We're integrating Red Canary's HNT AI technology with Zscaler platform, doing well. Second is go-to-market. Red Canary's go-to-market team has become security operations specialist team. It's working with our field sales organization, which is uncovering opportunity. So seeing a vast majority of Zscaler Red Canary pipeline is now coming from Zscaler customers.
Executive Kevin (Title): Yeah, look, I would just add that Red Canary is trending slightly better than our previous guidance. But keep in mind that, you know, we don't believe that Red Canary's contribution is material to our overall business. So as we go forward, we don't intend to provide specific color on Red Canary.
Analyst Taliani (Bank of America): Hi, guys. This quarter was stronger than actually we see because if I look at the year-over-year growth in dollars last year, first of all, first quarter last year was very strong. So you're growing 26% almost on a very strong quarter. And second, last year, on a year-over-year basis, you added between 122 to 130 million every quarter on a year-over-year basis. And this quarter, you're adding 160. So that means that the growth is strong. And I'm trying to understand if you can break down on revenue level, not on ARR level, what is driving the strength? I mean, the stock is down, but the trends beneath the surface seem very strong. And I'm trying to understand what is driving it, and if you can break it down, even not in numbers, even if it's just qualitative, to discuss what's happening in the core versus what are the key leading products that are driving this strength.
Executive Jay (Title): I'll start with the broad product area. As you know, we built the platform that we're expanding. The three big pillars of our platform have been zero trust everywhere, AI security, and data security. All three areas are growing very well. They're actually accelerating and that's our part of the strategy. Our strategy is if every customer starts moving to zero trust everywhere, we become very, very differentiated because no one in the market is even coming close to that. They're all trying to figure out how to solve the user side of it. And the data security, our customers are basically saying we are tired of seeing point products, so many point products in data security, and we are the best platform. AI security is evolving. It's a new area for us. HNT Corporations has done well for us. And security of AI products is young. It's going pretty well so I think they're very pleased with that growth we wanted from the three key pillars and it's beating or it's exceeding our expectations.
Executive Kevin (Title): I mean, I think that's frankly both the qualitative and the quantitative response which is we are seeing accelerated growth in our three growth pillars which is contributing in a well to the business. I also mentioned in my prepared remarks that, you know, we saw organic growth come in at similar levels to what we saw last quarter. So we are seeing very strong performance. And the business did come in better. I was just going to add some color that, you know, we did see the business perform better than our internal expectations in the quarter.
Analyst Joseph Gallo (Jefferies): Hey, guys. Thanks for the question. Jay, I think when some look at the recent massive M&A in this space, they're fearful of the implications for underlying cyber growth. In your conversations with customers, how are they thinking about spending calendar 2026 and what are the priority areas that they have as a part of that? Thanks.
Executive Jay (Title): So customers' priorities for spending? Yes. How is the fundamental cyber growth and how do you expect it next year and what the priorities are? Broadly speaking, there's no significant growth in macro environment, IT budgets, remain tight. There is pressure on CIOs. There is far less pressure on the cyber side of it. So cyber is under less pressure. We do see scrutiny for large deals, similar to what we shared in the past. But two areas are still of high interest to customers. One is zero trust security because all these breaches happening out there. And second is AI security because everyone is trying to do some level deployments of AI applications because CIOs feel like if they aren't doing anything in this area, they'll be viewed as laggards. That is also mixed. Some of the customers are seeing better results than others in terms of AI, but as soon as they start thinking about doing AI applications and models, the security becomes a worry for them. So we are going in with two leading messages: zero trust everywhere being one, and AI security being two. So with that, we're able to get the pipeline created.
And the second part is to close deals, we must show strong cost takeout. And we can do that as we eliminate a lot of foreign products. So we are able to do both of those things. That's what's really leading us to deliver these strong results. And also, if I mention that, since our brand has become so much stronger, and we've become pretty strategic partners to customers. All these CIO, C-source meetings I do, it's wonderful to see them, to say, "Jay, I mean, we moved from company A to company B, and we called your team to help us here as well." So, look, we are tracking well. We are excited about what lies ahead for us.
Analyst Mike Psychos (Needham): Great. Thanks for taking the question. I just wanted to come back to the SASE market specifically. And Jay, I know you're probably already cringing at the word SASE, but just, there was a lot of security vendor out there last week discussing some success and competitive displacements in the SASE market. I'd just love to get your feedback specifically on what you're seeing as far as trends from a competitive or pricing discipline standpoint. Appreciate it.
Executive Jay (Title): Yeah. Look, we remain very strong in when it comes to, I will call the zero trust market because the SASE word has no meaning. Every vendor claims them to be calling SASE. For example, if you do zero trust, you don't do SD-WAN. And most of these SD-WAN vendors get viewed into the SASE. Our expansion and our custom base is because of all the new functionality we are bringing to take zero trust everywhere. Our expansion is happening as we have taken the data security platform and made it much bigger so we've done so many innovations in so many spaces so we think in spite of new entrants in the market, I think the market is already and I've sorted out the winners and we are creating more distance among the number of the vendors but sorry among the number of other vendors who are entering the space so I feel very strong. Our pipeline remains strong. Our win rate remains strong. And you see our results. They're very, very strong.
Analyst Brian Essex (J.P. Morgan): Hi. Good afternoon. Thank you for taking the question. I guess, Kevin, for you, I understand that you don't want to break out Red Canary, but can you give us a sense for organic net new ARR in the quarter? And then maybe one for Jay. With the acquisition of Red Canary and what you've done with Avalor and now SPLX, we'd love to get your sense of any sense of how you might align with the threat intelligence market and value you might be able to add given the data visibility potential for incremental add in terms of the quality of data that you might be ingesting on the platform and ability to provide better visibility for customers on the threat intelligence side? Thanks.
Executive Kevin (Title): Yeah, thanks for the question. I'll go ahead and start. As I had previously mentioned, organic growth in Q1 was consistent compared to Q4. And again, as I said, we're very pleased that the organic business came in better than our internal expectations.
Executive Jay (Title): So on the second part, we talked about two acquisitions we've had. ABVAR has become our data fabric, which can ingest data from Zscaler platform and some of the third parties to really create what we call entity relationships. And, you know, AI is only as good as data. So we're able to do some very powerful threat detection intelligence that couldn't be done otherwise. So that's the foundation of the platform. The reason for us to get into AI-powered set-offs is the strength of our data. Avalon gave that stuff. We have the data that Red Canary gave us, agentic AI technology on top of it. So using some of these smart agents, we can do security operation, what security analysts need to do. The amount of information we are getting, the meaningful intel we're getting is unbelievable. I was talking to the CISO of a Fortune 100 company recently. He said, "I have a sizable security operation team, very sophisticated operations, but your solution, in this case, taking advantage of Red Canary working with us, it is finding things, a few things every month that we aren't able to find." That's amazing incremental value for them.
We think this is only going to get better as our solution evolves. Your second point of the SPLX, that's accelerating our completion of our solution for AI security. The market has so many point product solution and AI security out there. And customers tell me, one, I don't want to deal with 10 vendors, number one. Number two, I don't want to share my data with a startup that started 10 months ago. So they're looking for a platform we have built a number of AI security platforms internally for example gen AI security, AI guard, AI discovery, and then SPLX brought red teaming technology to us so it had made our portfolio pretty complete so zero trust everywhere in a very great shape agentic operations evolving nicely and AI security operations growing very nicely. We feel very comfortable with the portfolio built.
Analyst Srenik Kothari (RW Baird): Yeah, thanks for taking my question. So, Jay, on the AI security tracking 500 million and you mentioned traction across all the modules, the AI God, SPM, with teaming. Just can you help us unpack where there's more traction, what's currently driving in terms of use cases, are most deployments at visibility governance via SPM, or are you seeing CISOs truly prioritizing all the runtime AI with AI God as well? And then a quick follow-up.
Executive Jay (Title): Yeah, this is a very good question. About two years ago, two plus years ago, when chat GPT came on the scene, the number one thing customers wanted to do was visibility into genius solutions or sorry applications that users are going to go to since we're sitting in the traffic that very quickly we built our first product general security that's being used by quite a large number of these customers. Next, we launched AI asset discovery and posture management tons of interest because everything starts by understanding AI assets you have. Third, last summer, early summer, we launched AI guardrails. When customers are building their internal AI applications and models, they want to use guardrails to make sure the models are protected and only right people with right kind of prompts can really access them. That's an early stage, but it's growing nicely. The pipeline is growing very well. And the fourth thing we brought to the market came through SPLX acquisition. That's called red teaming technology. And as applications are being built, customers want to make sure they don't have vulnerabilities. And we aren't stopping. The fifth, extending our platform to agentic exchange so we can have right agent-to-agent and agent-to-application communication. All that is proceeding well. So I think we are very well positioned. We will keep on investing in these innovations, but we balance our investments with our operating margins.
Analyst Kevin (Title): Very helpful, Jay. So, Kevin, a quick follow-up on your comment around these modules ramping, as Jay was saying. How are you thinking about the investment horizon overall as you're scaling these data-rich products, the AI card, and how to think about the margins here?
Executive Kevin (Title): You know, since the models and things they're using are really on a fairly well-confined set of data, we haven't seen any massive change in gross margins. If these things change over time, I'm sure we'll let you guys know.
Executive Kevin (Title): Yeah, and maybe just to continue on that thread, you know, look, for Q1, we're pleased with, you know, the margin profile. We're comfortable with the Q2 guide. And then as we look into the back half of the year, you will notice that there's margin expansion in the guide in the back half. We are orientated to growth, but you know that we're also very mindful of the financial model and operating margin.
Analyst Roger Boyd (UBS): Great, thanks for taking the questions. Jay, I just wanted to go back to Zero Trust Gateway, and I wonder if you could talk a little bit more about the demand you're seeing there. Is that product getting pulled along with increasing AI infrastructure? Some of the firewall vendors have talked about growth in software firewalls in this capacity. And how are you thinking about customer buy-in around this approach over kind of that approach of deploying virtual firewalls? Thanks.
Executive Jay (Title): Sure. As you know, customers traditionally used firewalls everywhere. We replaced a lot of them when it comes to user protection that work in a branch. And cloud is pretty simple. When traditionally people would go to cloud and build cloud workload, they would do lift and shift. They have lift and shifted north-south firewalls to the cloud as VMs. They lift and shift east firewalls to the cloud as VMs as well. We go in and say, you don't really need a lot of these firewalls everywhere. Zero Trust Cloud is almost like Zero Trust for internet access, Zero Trust workload to workload communication. All the firewalls go away. Customers do not need to work with all these IP addresses and ACL lists. The Cloud Gateway simply makes it even more easier to deploy our solution. In the past, they had to deploy a piece of software we called Cloud Connector as a traffic cop. Now, we have a cloud gateway that's deployed and managed by Zscaler with a simple config change that say, point traffic to Zscaler cloud gateway. And we enforce policies and we do everything that needs to be done. Deployment that were taken a few hours now can be done in under 10 minutes. That's the kind of innovation we're bringing to make it easier for customers to move away from legacy firewalls and embrace Zero Trust about workload communication.
Analyst Eric Keith (KeyBank): Hey, great. Thanks for taking the question. Jay, maybe to come back to Zero Trust everywhere, just given how strong and successful it's been thus far. But I'm curious to hear how you're thinking about this going forward. Is the outperformance relative to your expectations because the book of firewall business refresh maybe was bigger or earlier than you anticipated? Or do you look at the pipeline and see an even bigger opportunity of displacements looking into calendar 26? Thanks.
Executive Jay (Title): Yeah. Overall, our customers are looking for saving money and making it easier for them to operate and deploy these solutions. And along with that, making sure they have better cyber protection. Number one reason for our customers' interest in the branch, Zero Trust branch, is to eliminate the lateral movement which leads to all kinds of ransomware attacks, number one. Number two, when we go in and say, by the way, it's also costing a lot more because we can eliminate multiple products in the branch, not just firewall, but SD-WAN, often they got these DHCP gateways, they often got east-west firewalls. They got NAC and VLANs kind of stuff. All that goes away. So cost goes down. Operational stuff goes down. That's a driver. Now, refresh may help, but most of the time, the deals are not waiting for Zscaler to say refresh is coming. As we present the story to our customers, they kind of say, "Wow, this makes sense. There's a lot of ROI to it. Let's get started." So tremendous interest, strong pipeline, and we've only done about 450 customers so far. There are millions of branches left out there for us to pursue.
Analyst Fatima Bulani (Citi): Oh, good afternoon. Thank you so much for taking my questions. Jay, I wanted to go back to a very specific remark in your script earlier in the call, just with respect to the migration of SAP from on-prem to SAP Rise being an opportunity that would be tantamount to the success and the tailwind that you saw from Microsoft Exchange going to Microsoft Office 365. And so I wanted to take the opportunity to have you unpack some of that in terms of how will that manifest in your business across the product lines today and then specifically, you know, with a portfolio that is significantly larger today than you had when the initial Microsoft platform migration was happening, where do you expect to see sort of, I'll frame it as option value in some of your newer products that frankly didn't exist in the last sort of precedent example?
Executive Jay (Title): Sure. You know, the customers moved to Office 365 several years ago because Office moved to the cloud or Exchange moved to the cloud. But SAP has taken a long time. It's a far more complex application. But now SAP is pushing for deployment of what they call SAP RISE in the cloud and telling customers that you've got to move, and they're giving some incentives as well. So if you do it the old way, using the legacy firewall technology and network, you move SAP RISE to the cloud, and you really then deploy all these express routes and direct connects for connectivity, and then you've got firewalls and all the stuff you deploy to access those applications, the VPN-type approach. We go in and say none of that stuff is needed, no special access routes and direct connects needed. You can access SAP RISE applications with Zscaler directly over the Internet, as you access Office 365 applications. It's a clean, simple, elegant architecture. So it gives us two opportunities for us. Number one, some of the cloud, zero-trust cloud technology to make sure we get protection and communication for SAP application, SAP Rise itself. Second, for users to access SAP with better and faster experience. Those are the two areas of growth for us, and it helps a customer deploy and get the application running faster, and reduces cost, and gets great user experience.
Analyst Gray Powell (BTIG): Great. Thanks for taking the question. So, yeah, it's really interesting this quarter. I mean, I look at the numbers, and overall everything looks good. I do think there's some confusion on just organic ARR. So here's my question. You highlighted $175 million in flex bookings this quarter compared to RPO bookings at about $940. So basically flex is now 20% of the mix and almost doubled versus last quarter. Where do you see that going longer term? And then as flex becomes a bigger component of bookings, does that give you higher visibility on future period ARR? Because there's just inherently an installed ramp in those contracts as customers grow out.
Executive Kevin (Title): Yeah, great. So I'll start and Jay can add anything that he may want to share. Look, I appreciate you raising ZFlex. It is a program that has gotten a lot of interest and traction from our customer base. To your point, we did see bookings grossed over 70% sequentially, and it effectively allows customers to commit to spend. We typically see that as a more significant commitment than they would have made on an a la carte basis. It allows them to easily deploy additional modules without having to go through the friction of a negotiation procurement process. And then it provides them with the flexibility to swap in and out of modules as business dynamics for those customers change. And so it gives them confidence that they can make more meaningful commitments to us and generally over longer periods of time. It doesn't have necessarily a different impact to ARR than any other type of transaction. But to your point, it does give us greater visibility over the long term because they are longer contracts. We do understand the nature of those commitments and how they play out in the future. And I would say it's frankly a win-win for both the customer and the flexibility it offers in us in terms of the visibility going forward. So it is a very powerful tool that has gotten pretty significant interest from customers.
Executive Jay (Title): Yeah, I would say our business has performed very well on all metrics. So, we're very pleased with it.
Analyst Joshua Tilton (Wolk Research): Hey, guys. Thanks for sneaking me in, and congrats to Ashwin. Just one from me, and apologize if this was addressed already, bouncing back and forth between a few calls. Did your assumption for what Red Canary would contribute to the full year ARR change at all? And if not, is it fair to assume that what you raised ARR by for the full year is how much you outperformed organically in the first quarter? Thanks.
Executive Kevin (Title): Yeah, thank you for the call. I did make a comment earlier. We are seeing Red Canary trends slightly better than our previous guidance, but
as a reminder, we don't believe that Red Canary's contributions to our overall business are material, so we're not going to be making color commentary with respect to Red Canary going forward.
Executive Kevin (Title): With respect to the outperformance, I mean, we did pass that through the full year guide. But I think to further clarify, we said that before, organic growth in Q1 for us was consistent as compared to Q4. Very pleased, but it beat our internal expectations.
Analyst Jonathan Reuthaver (TANTR): Yeah. Hi. Good afternoon. Jay, I'm curious to hear your thoughts on the synergies you see between Red Canary and the data security portfolio, it would seem that you have opportunities around remediation, a possible governance layer for DSP and DLP. Can you just provide an update on that integration strategy and maybe just a little bit of color on how you see that driving differentiation relative to all the other vendors that are touting data security capabilities related to AI?
Executive Jay (Title): Yes, very, very good question. I would mention three points here that set us apart from many others. Number one, we have built a full portfolio of data security. There's no such thing as data security for AI only. Data is lost in many ways. So number one, the strongest portfolio is helping us. Number two, AI is helping us doing better data classification, which is important because better classification means better detection. Number three, the other point you made, it was the red canary synergy. That is the following. We are able to get all the signals from zero trust exchange to our data fabric platform where we are able to potentially look for any potential threats or breaches or any of the stuff that's happening. And if you're able to do that very quickly, we can do a closed-loop feedback sent to a zero-trust exchange if we need to block some kind of data loss that's happening out there. Today, data loss happens. Signals are found days or weeks later. This closed-loop system between our HNT corporations and in-line function is a clear, clear differentiator for us that should set us apart from many other vendors whether they're SASE vendors or they are AI security vendors.
Analyst Matt Hedberg (RBC): Great. Thanks for taking my questions, guys. And congrats on the results, really. You know, I wanted to follow up on, I think it was Gray's question on ZFlex. It really does show up in checks. And I think, Kevin, you mentioned reducing friction, additional consolidation opportunities. I realize it's difficult, but is there a way to think about what that average ZFlex upsell looks like? And then maybe just a little bit more color on how do you think about the pipeline of ZFlex deals for the rest of the fiscal year? Thanks, guys.
Executive Kevin (Title): So first of all, ZFlex was done to give our customers flexibility. It evolved from the traditional RAM deals we had done in the past. When we go after large customers, they can deploy it overnight. And if they bought lots of modules, they wanted some ability to say, give me some RAM because I won't be working on it. We have been doing RAM deals for quite some time, but this creates a form of program around it. The second thing it has created for us is the ability to swap modules so they don't have to keep on testing various modules for a long time and delaying the deal. So we believe that the deal, ability to close deal has gotten better. And three, ability to do larger deals has gotten better because now they know they can make a commitment to us without having to go through the friction of a negotiation process.