Logo of jester cap with thought bubble.

Image source: The Motley Fool.

Date

Nov. 25, 2025, at 4:30 p.m. ET

Call participants

  • Chairman and Chief Executive Officer — Jay Chaudhry
  • Chief Financial Officer — Kevin Rubin

Need a quote from a Motley Fool analyst? Email [email protected]

Takeaways

  • Annual recurring revenue (ARR) -- On an adjusted non-GAAP basis, exceeded $3.2 billion, up 26% year over year, positioning Zscaler (ZS +3.53%) among the few enterprise SaaS providers with over $3 billion in ARR growing above 25%.
  • AI security ARR -- On an adjusted non-GAAP basis, surpassed the $400 million fiscal 2026 target three quarters early, posting over 80% year-over-year growth, and is expected to exceed $500 million by fiscal year-end.
  • Zero Trust Everywhere enterprises -- Exceeded 450 enterprises adopting Zero Trust Everywhere, meeting the target three quarters ahead of schedule.
  • Data Security Everywhere ARR -- Accelerated to approximately $450 million.
  • Revenue -- Was $788 million on a non-GAAP basis, increasing 20% year over year and 10% sequentially, exceeding guidance high end.
  • Remaining performance obligation (RPO) -- Reached $5.9 billion, up 35% year over year, with 47% classified as current.
  • Z Flex program total contract value (TCV) -- Exceeded $175 million this quarter, up over 70% sequentially, now representing roughly 20% of total bookings.
  • Customer metrics -- Closed with 698 customers generating over $1 million in ARR and 3,754 customers above $100,000 in ARR.
  • Gross margin -- Came in at 79.9% versus 80.6% the prior year, reflecting continued product mix evolution and near-term margin pressure from new offerings.
  • Operating margin -- Was 21.8%, an increase of approximately 40 basis points year over year.
  • Operating expenses -- Increased 11% sequentially and 23% year over year, totaling $458 million.
  • Free cash flow margin -- Achieved 52%, including data center capital expenditures at 2% of revenue.
  • Cash and investments -- Ended the quarter with $3.3 billion in cash, cash equivalents, and short-term investments.
  • Guidance for Q2 2026 -- Adjusted non-GAAP revenue expected in the $797 million to $799 million range (23% year-over-year growth), gross margin around 80%, operating profit of $172 million to $174 million, and diluted earnings per share of $0.89 to $0.90.
  • Full year fiscal 2026 guidance -- Adjusted non-GAAP revenue in the $3.282 billion to $3.301 billion range (22.8%-23.5% year-over-year growth), ARR of $3.698 billion to $3.718 billion (22.7%-23.3% growth), operating profit of $732 million to $740 million, and free cash flow margin of 20%-26.5%.

Summary

Zscaler demonstrated accelerated growth across all three strategic pillars—AI security, Zero Trust Everywhere, and Data Security Everywhere—driving both top-line and key financial metrics above established targets. Management noted that the transition to the Z Flex contract model yielded a significant increase in multi-module commitments and improved long-term revenue visibility. Product innovations in AI security, including the rapid integration of recent acquisitions such as SPLX and Red Canary, have expanded addressable use cases and positioned the platform for continued ARR expansion.

  • Jay Chaudhry said, "we operated at rule of 78, making us one of the rare companies consistently outperforming the coveted rule of four d metric."
  • The acceleration of bookings attributed to Z Flex reflects management's focus on upsell velocity through bundled offers and contracting flexibility.
  • AI security’s outsized growth contributed a disproportionate share of incremental ARR, supported by customer adoption across Fortune 500 and Global 2000 segments.
  • The expansion of Zero Trust Everywhere to 450 enterprises signals rapid market penetration, with the company stating, "have only gone to about 10% of them," referencing its enterprise-class customer base.
  • Red Canary’s integration, while not material at the group level, is “trending slightly better than our previous guidance,” according to Kevin Rubin; the company will not provide further segment-specific updates going forward.
  • Management stated that gross margin pressure persists mainly due to rapid adoption of new offerings prioritized for go-to-market speed over near-term profitability.

Industry glossary

  • Zero Trust Exchange: Zscaler's cloud-based platform that enforces security policies on user- and application-based access, based on the zero trust model.
  • Z Flex: A contractual program allowing customers to commit spend up front and flexibly redeploy it across new modules without additional procurement cycles.
  • AISPM: AI Security Posture Management; a module for discovering, classifying, and managing AI assets and model deployment governance.
  • Red Canary: An acquired provider of agentic AI-driven SOC tools, now integrated into Zscaler's agentic operations suite.
  • SPLX: Acquired AI red teaming and asset posture management provider, augmenting Zscaler’s AI security portfolio.
  • ZDX: Zscaler Digital Experience; a solution for application and network performance monitoring with AI-powered analytics.
  • Data Security Everywhere: Zscaler platform modules for data discovery, classification, posture management, and loss prevention, spanning enterprise data environments.

Full Conference Call Transcript

Jay Chaudhry, Chairman and CEO, and Kevin Rubin, CFO. Please note, we have posted our earnings release and a supplemental financial schedule to our investor relations website. Unless otherwise noted, all numbers we talk about today will be on an adjusted non-GAAP basis. You will find the reconciliation of GAAP to the non-GAAP financial measures in our earnings release. I'd like to remind you that today's discussion will contain forward-looking statements, including, but not limited to, the company's anticipated future revenue, annual recurring revenue, calculated billings, operating performance, gross margin, operating expenses, operating income, net income, free cash flow, dollar-based net retention rate, future hiring decisions, remaining performance obligations, income taxes, earnings per share, our objectives and outlook, our customer response to our products, and our market share and market opportunity. These statements and other comments are not guarantees of future performance but rather are subject to risk and uncertainty, some of which are beyond our control. These forward-looking statements apply as of today, and you should not rely on them as representing our views in the future. We undertake no obligation to update these statements after this call. For a more complete discussion of the risks and uncertainties, please see our filings with the SEC, as well as in today's earnings release. I also want to inform you that we'll be attending the following conferences: UBS Global Technology and AI Conference on December 3, Barclays Tech Conference on December 11, and Needham Growth Conference on January 14. Before I turn the call over to Jay, I wanted to share that I recently transitioned to a new role as product manager of AI security at Zscaler. So this will be my last earnings call as the IR leader. It's been a pleasure engaging with all of our shareholders over the last few years. Kim Watkins, who some of you may know from her tenure at Intuit, will be joining Zscaler in early December to lead investor relations and strategic finance. Please join me in welcoming Kim to Zscaler. Now I'll turn the call over to Jay.

Jay Chaudhry: Thank you, Ashwin. We had a strong start to our fiscal year. In Q1, annual recurring revenue or ARR growth accelerated to 26% year over year, and RPO growth accelerated to 35%. Combining our strong free cash flow margin of 52%, and revenue growth of 26%, we operated at rule of 78, making us one of the rare companies consistently outperforming the coveted rule of four d metric. We are one of the only five enterprise SaaS companies with over $3 billion in ARR, growing at over 25%. The continued success of our three growth pillars—AI security, zero trust everywhere, and data security everywhere—is driving our strong top-line performance. ARR from these three growth pillars accelerated in the quarter.

I'm particularly pleased with our AI security pillar, which grew over 80% year over year and has already exceeded our FY '26 target of $400 million ARR, three quarters earlier than expected. With the strong demand, I expect AI security ARR to exceed half $1 billion by the end of this fiscal year. Diving deeper into our AI security pillar, while enterprises are leveraging AI to drive innovation and accelerate productivity, the proliferation of AI is also making them increasingly susceptible to attacks. One of the largest AI companies recently reported that a bad actor hijacked its AI coding assistant to autonomously perform a large-scale cyber attack against multiple organizations. This incident highlights two important trends.

First, threat actors are using AI to dramatically increase the speed, effectiveness, and blast radius of attacks. We have been predicting an increase in this type of automation by AI agents, and we are now seeing it happen. Second, just like users and organizations, AI agents are also becoming the weakest link in their security. It is only a matter of time before millions of AI agents interact with each other across enterprises. Imagine a threat actor hijacking even one of an organization's trusted agents, and thereby accessing critical corporate resources and sensitive information resulting in a serious breach.

We have a long history of securing users with our Zero Trust Exchange, which enabled our customers to safely adopt the latest technologies such as mobile, cloud, and SaaS. Over 45% of Fortune 500 companies and nearly 40% of global 2,000 companies have adopted our Zero Trust Exchange and trust Zscaler to secure their businesses. With the rise of consumer GenAI applications, including ChatGPT, Perplexity, and more, security issues related to access control, data loss, and content moderation made enterprises cautious about allowing employees access to these popular apps.

We extended our Zero Trust Exchange to provide visibility into thousands of GenAI apps, enabling enterprises to inspect prompts and responses and enforce proper guardrails for safe and secure use of GenAI apps. Several large enterprises adopted our GenAI solution in the quarter, including a G2K technology company, a Fortune 500 communications equipment company, and a large healthcare software provider. As AI adoption moved beyond consumer GenAI apps into building and running enterprise AI applications, we introduced solutions in three key categories to secure that. First, AI asset discovery and posture management. AI applications and agents are being developed and deployed today without full visibility for IT teams to safeguard them.

To provide organizations with visibility and control, last year, we introduced an AI asset discovery solution called AISPN. AISPM can detect unauthorized AI applications, prevent over-permissions for AI agents, and strengthen governance for model deployments. In Q1, several customers, including a leading software solution provider, a global 2,000 manufacturer, and a leading insurance company, purchased AISPM from Zscaler. With our recent acquisition of SPLX, we are extending our AI SPM capabilities by unifying discovery of LLMs, workflows, and MCP servers. These capabilities enable customers to meet evolving regulatory requirements for AI to be transparent and explainable, among others. The second key area of innovation is AI red teaming.

As part of the AI lifecycle, customers need to regularly test their applications for vulnerabilities. With SPLX, we now deliver AI red teaming to enable automated and continuous testing of AI apps at scale. Our AI red teaming solution integrates with customers' CICD pipelines, making it easy to test for hallucination, bias, behavior drift, and more. Several customers, including a Fortune 150 transportation company and a Fortune 100 service provider, have already deployed AI Red Team. The third area of innovation is AI guardrails. Customers need AI guardrails for inline policy enforcement for acceptable use of AI, for cybersecurity, and for data loss prevention.

Inline policy enforcement is one of our key differentiators, which we seamlessly deliver through our Zero Trust Exchange at scale. As we process half a trillion transactions daily, our AI Guard solution leverages this core competency for runtime protection. Zscaler AI Guard sits between the application and LLMs, inspecting prompts and responses inline to enforce customer-defined policies. To share an example, this quarter, a leading consulting firm purchased our AI Guard to secure the use of public AI applications and their private in-house applications such as AI chatbots and AI agents. With our platform capabilities, we are securing over 90 billion AIML transactions per month.

As AI and AI agents define the next era of transformation, we are further extending our platform to secure AI agents, agentic workflows, and AI applications. In addition to securing the use of AI, we are leveraging AI to deliver agentic operations, including agentic SecOps and AgenTeq ITOps. In our AgenTic SecOps, we are making great progress towards delivering an AI-powered SOC that simplifies customers' operations and hunts for threats. In August, we acquired Red Canary to combine the agentic technology with our data fabric technology to deliver actionable SOC insights for our customers.

This quarter, a Fortune 500 financial services company, a global 2,000 healthcare equipment company, and a global 2,000 energy company, and more purchased our AgenTek SecOps solution. In our agentic IT ops, we are introducing several Zscaler Digital Experience or ZDX innovations to enable faster resolution to application and network performance issues. Other innovations like the ZDX CoPilot continue to resonate with customers and have driven over 80% year-over-year growth in bookings of ZDX Advanced Plus in the last twelve months. I'm very pleased to see continued momentum for our AI security solutions. As I mentioned, we are expecting AI security ARR to surpass half $1 billion by the '26.

Turning to our second growth pillar, we continue to see strong momentum in Zero Trust Everywhere, which includes Zero Trust users, Zero Trust branch, and Zero Trust cloud. Three quarters ago, we introduced Zero Trust Everywhere and set a goal to secure 390 enterprises with Zero Trust Everywhere by the '26. I'm delighted to share that we now have over 450 Zero Trust Everywhere enterprises, achieving our goals three quarters ahead of our target date. Our Zero Trust Everywhere customers benefit from reduced cost and complexity by eliminating legacy network and security products. This expanded relationships through Zero Trust Everywhere also creates follow-on demand for data security and AI security.

One of the key components of Zero Trust Everywhere is Zero Trust Cloud, which allows customers to eliminate VPNs, north-south and east-west virtual firewalls, ExpressRoute, and Direct Connect networks, resulting in far better cybersecurity. To share a customer example, in an 8-figure TCV win, an existing million-dollar-plus Fortune 500 healthcare customer adopted our Zero Trust Cloud solution, along with ZDX Advanced Plus, data security modules, and more. Zero Trust Cloud secures workload communication across the VPC or virtual private cloud and SAP RISE cloud-based ERP. Without Zero Trust Cloud, the customer would have had to deploy a significant number of north-south and east-west firewalls, resulting in increased cost and many months of delay.

This customer told me that in the last fifteen years, they have not been so excited about the solution that not only brought better security but also was easy to deploy and operate. Just like the migration of Microsoft Exchange to Office 365 was a big tailwind to our business a few years ago, I believe the migration of SAP on-prem to SAP RISE will have a similar impact on our business. We continue to see strong interest from customers for Zero Trust Branch, which is another key component of Zero Trust Everywhere. Zero Trust Branch eliminates the need for legacy point solutions at branches, factories, and campuses.

To give you an example, in a 7-figure upsell win, a global 2,000 manufacturing customer more than tripled their ARR and became a Zero Trust Everywhere customer by purchasing our Zero Trust Branch, CPA, ZDX Advanced Plus, Risk 360, and more. Moving to Data Security Everywhere, we offer a comprehensive data security portfolio with eight modules providing data discovery, data classification, posture management, data loss prevention, and more. Customers are eliminating data security point products in their environment by consolidating data security functionality on our unified platform. To share an example, in a seven-figure new logo ACV win, a large healthcare provider purchased five out of our eight data security modules for their 23,000 users.

This enterprise chose Zscaler over a leading CASB vendor due to our integrated platform, which delivers data security across all channels for all types of data. I'm excited to share that our Data Security Everywhere ARR accelerated to approximately $450 million. The growth across our three pillars is powered by our strong go-to-market engine. One of the key initiatives we recently introduced was our Z Flex program, which enables customers to commit to a spend and provide flexibility to swap or activate additional modules without undergoing new procurement cycles. Z Flex is driving meaningful upsells and reduced sales cycle and is consistently exceeding my expectations. Z Flex generated over $175 million in TCV, growing over 70% quarter over quarter.

To share a couple of customer examples, an existing large aerospace customer made a multiyear 8-figure TCV commitment under the Z Flex program, increasing the annual spend with us by over 40%. As part of the Flex commitment, the customer added nine new modules, including asset exposure management, identity threat detection, unified vulnerability management, email DLP, and expanded commitment for data security. In a 7-figure upsell win, a Fortune 500 business services provider more than doubled the annual spend with us as they expanded adoption of nine modules under the Z Flex program. In conclusion, our business is benefiting from the strong tailwinds from the combination of zero trust and AI security.

The best AI security is built on the foundation of Zero Trust. Our clear leadership in zero trust security combined with our comprehensive AI security offerings positions us well to capture the large and growing AI security market. And with our strong go-to-market engine, we are well positioned to exceed $10 billion in ARR. I would like to turn over the call to Kevin for our financial results.

Kevin Rubin: Thank you, Jay, and good afternoon, everyone. We exceeded our growth targets in Q1 and operated at rule of 78 for the quarter. We ended Q1 with over $3.2 billion in ARR, reflecting approximately 26% year-over-year growth. ARR from each of our three growth pillars accelerated in the quarter, including on an organic basis. Q1 revenue was $788 million, growing 20% year over year, 10% sequentially, and exceeding the high end of our guidance. Geographically, the Americas accounted for 58% of revenue, EMEA for 27% of revenue, and APJ for 15% of revenue. Our remaining performance obligation or RPO grew approximately 35% year over year to $5.9 billion, with approximately 47% classified as current RPO.

We closed Q1 with 698 customers generating over $1 million in ARR, and 3,754 customers exceeding $100,000 in ARR, demonstrating the strategic role we play in customers' digital transformation journeys. Turning to the rest of our Q1 financial performance, our gross margin was 79.9% as compared to 80.6% last fiscal year Q1. I'd like to remind investors that we are introducing new products that are experiencing strong growth and are optimized for faster go-to-market rather than margins. This will continue to influence our gross margins on a quarterly basis. We plan to optimize new products for margins over time as they scale. Operating expenses increased 11% sequentially and 23% year over year, reaching $458 million.

Operating margin was 21.8%, towards the higher end of our long-term range and growing by approximately 40 basis points year over year. Our free cash flow margin for Q1 was 52%, including data center CapEx at 2% of revenue. We ended the quarter with $3.3 billion in cash, cash equivalents, and short-term investments. Next, let me provide our guidance for Q2 and full year fiscal '26. As a reminder, these numbers are all non-GAAP. For the second quarter, we expect revenue in the range of $797 million to $799 million, reflecting year-over-year growth of approximately 23%.

Gross margins to be approximately 80%, operating profit in the range of $172 million to $174 million, net other income of approximately $19 million, earnings per share in the range of $0.89 to $0.90, assuming a 21% tax rate and 170 million fully diluted shares. For the full year fiscal 2026, ARR in the range of $3.698 billion to $3.718 billion, reflecting year-over-year growth of 22.7% to 23.3%. We anticipate approximately 47.8% of net new ARR to be recognized in the first half.

Revenue in the range of $3.282 billion to $3.301 billion, reflecting year-over-year growth of 22.8% to 23.5%, operating profit in the range of $732 million to $740 million, earnings per share in the range of $3.78 to $3.82, assuming a 21% tax rate and approximately 170.5 million fully diluted shares, and free cash flow margin to be approximately 20% to 26.5%. With a large market opportunity and customers increasingly adopting the broader platform, we will invest aggressively to position us for long-term growth and profitability. Before moving to Q&A, I'd like to thank Ashwin for his significant contributions to IR and strategic finance and wish him well as he transitions to his product role.

I'm also excited to welcome Kim to Zscaler. With that, operator, you may now open the call for questions. Thank you.

Operator: To withdraw your question, please press 11 again. Please limit yourself to one question. One moment for questions. Our first question comes from Brad Zelnick with Deutsche Bank. You may proceed.

Brad Zelnick: On such a strong start to the year and hitting your Zero Trust Everywhere goal three quarters ahead is just amazing. Jay, I wanted to ask about Zero Trust Branch, which I continue to hear good things about. It's showing some nice early adoption. As we look ahead, how much more work needs to be done on the product and/or go-to-market fine-tuning to see real acceleration from here?

Jay Chaudhry: Thanks, Brad. We have done some amazing work on the technology side to build a Zero Trust Branch where each branch is merely an island with no lateral movement that's generally caused by traditional networking with SD-WAN and MPLS. The product is in great shape. Go-to-market, we put together a specialty team that can engage the right buyers to explain the solutions. The numbers are pretty impressive. I'll often joke internally that Zero Trust Branch needs no pipeline generation effort because there's so much demand in the cost. I think we shared some numbers on Zero Trust Branch customers. We have now exceeded over 450 customers.

A lot of customers start small, they do the smaller rollout, and then they move on to bigger deals. In my prepared remarks, I gave an example of a global 2,000 manufacturing customer whose ARR more than tripled. I think there are many, many such examples. We got about 4,400 enterprise-class customers. They have only gone to about 10% of them. So I see a big opportunity. I think it's an exciting area for us. And it's part of our Zero Trust Everywhere platform.

Brad Zelnick: Thank you so much, Jay.

Jay Chaudhry: Thank you.

Operator: Thank you. Our next question comes from Saket Kalia with Barclays. You may proceed.

Saket Kalia: Okay, great. Hey, guys. Congrats on the strong start to the year. Thanks for taking my questions and congrats, Ashwin. Maybe a little bit of a joint question for you, Jay, and Kevin. You know, the billion dollars in ARR that's coming from the three emerging areas is clearly outgrowing the rest of the business. In fact, I think you said it accelerated. And for good reason. But I was wondering if you could help us think about the other $2 billion in ARR. And maybe specifically, is it fair to think about that other tranche as more of a la carte Zero Trust tools like ZIA and ZPA?

And maybe relatedly, how do you think about the growth rate for that $2 billion versus an emerging bucket that's clearly growing faster than the rest of the business?

Jay Chaudhry: Yes, it's very true that our three buckets, a billion-dollar ARR, have been growing very well. The remaining $2 billion, yes, a big part of that is the ICPA. It has been going quite well. But the big opportunity for that business is also to emerge into Zero Trust Everywhere. Remember we said that Zero Trust journey started with users. We're taking it to branches. We're taking it to cloud and next to IoT OT. While other vendors who tried to claim Zero Trust tried to say we got SASE, they're merely sitting with Zero Trust trying to do for users. And we have expanded the platform to give a lot of opportunities.

The core business by itself will grow at a smaller rate than the rest of the overall business. But our goal is really to take every customer to Zero Trust Everywhere. And that's what we are successfully doing.

Saket Kalia: Very helpful. Thanks, guys.

Jay Chaudhry: Yeah. Thank you.

Operator: Our next question comes from Meta Marshall with Morgan Stanley. You may proceed.

Meta Marshall: Great. Maybe just wanted to ask a question about Red Canary and just how it's kind of performing towards expectations given that you guys have been looking at a fair amount of churn within your kind of assumption for that business. Just any context around that performance would be helpful. Thanks.

Jay Chaudhry: I'll start with broad comments. And Kevin can go deeper. The incubation of Red Canary at Zscaler is going very well. The GNA integration was done right away. Two other main areas were one, engineering and products. We're integrating Red Canary's agentic AI technology with Zscaler platform, doing well. Second is go-to-market. Red Canary's go-to-market team has become a security operations specialist team. It's working with our field sales organization, which is uncovering opportunities. So seeing a vast majority of Zscaler customers that kind of the pipeline is now coming from Zscaler customers.

Kevin Rubin: Yeah. Look. I would just add that Red Canary is trending slightly better than our previous guidance. But keep in mind that, you know, we don't believe that Red Canary's contribution is material to our overall business. So as we go forward, we don't intend to provide specific color on Red Canary.

Meta Marshall: Great. Thanks. Thank you.

Operator: Our next question comes from Tal Liani with Bank of America. You may proceed.

Tal Liani: Hi, guys. This quarter was stronger than actually you see because if I look at the year-over-year growth in dollars, last year, first of all, 26% almost on a very strong quarter. And second, last year, on a year-over-year basis, you added between $122 million to $130 million every quarter on a year-over-year basis. And this quarter, you're adding $160 million. So that means that the growth is strong. And I'm trying to understand if you can break down on revenue level, not on ARR level, what is driving the strength. I mean, the stock is down, but the trends beneath the surface seem very strong.

And I'm trying to understand what is driving it and if you can break it down, even not in numbers, if it's just qualitative to discuss what's happening in the core versus what are the key leading products that are driving this strength.

Jay Chaudhry: I'll start with a broad product area. Right? As you know, we built a platform, then we're expanding the platform. The three big pillars of our platform have been Zero Trust Everywhere, AI security, and data security. All three areas are growing very well. They're actually accelerating. And that's our part of the strategy. Our strategy is if every customer starts moving to Zero Trust Everywhere, we become very, very differentiated because no one in the market is even coming close to that. They're all trying to figure out how to solve the user side of it. And the data security, our customers are basically saying, we are tired of seeing point products, so many point products in data security.

We are the best platform. AI security is evolving. It's a new area for us. Agentic operations have done well for us. And security of AI products is growing pretty well. So I think we're very pleased with that. Growth we wanted from three key pillars. And it's exceeding our expectations. Kevin, you want to give him more color?

Kevin Rubin: Yeah. Thanks for the question, Tal. I mean, I think that's frankly, both the qualitative and the quantitative response, which is we are seeing accelerated growth in our three growth pillars, is contributing, you know, well to the business. I also mentioned in my prepared remarks that we saw organic growth come in at similar levels to what we saw last quarter. So we are seeing very strong performance. And the business did come in better than our internal expectations in the quarter.

Tal Liani: Uh-huh. And how is the core business? You have Cisco with the new product, Check Point with the new product, Palo talking about very strong growth. How is the competitive landscape when it comes to the core business?

Jay Chaudhry: The competitive landscape hasn't changed a whole lot, if anything else. Our brand has gotten bigger. Most of the large enterprises know us very well. We are very well engaged here. A number of new entrants who have come in the market in the past year or so. Largely some of the firewall companies, we have hardly seen them out there. So the competitive landscape hasn't really changed much to mention.

Tal Liani: Got it. Thank you.

Jay Chaudhry: Thank you.

Operator: Our next question comes from Joseph Gallo with Jefferies. You may proceed.

Joseph Gallo: Hey, guys. Thanks for the question. Jay, I think when some look at the recent massive M&A in the space, they're fearful of the implications for underlying cyber growth. In your conversations with customers, how are they thinking about spending in calendar 2026? And what are the priority areas that they have as a part of that?

Jay Chaudhry: So customers' priorities for spending? Yes. Just, you know, with the how is the fund cyber growth been? Yep. How do you expect it next year and what the priorities are? Broadly speaking, there's no significant growth in the back environment. IT budgets remain tight. There is pressure on CIOs. There is far less pressure on the cyber side of it. So cyber is under less pressure. We do see scrutiny from our deals, similar to what we shared in the past. But two areas are still of high interest to customers. One is zero trust security because all these breaches happening out there.

And second is AI security because everyone is trying to do some level of deployments of AI applications because CIOs feel like if they aren't doing anything in this area, they'll be viewed as laggards. That is also mixed. Some of the customers are seeing better results than others in terms of AI. But as soon as they start thinking about doing AI applications and models, the security becomes a worry for them. So we are going in with two leading messages: Zero Trust Everywhere being one, and AI security being two. So with that, we're able to get the pipeline created. And the second part is to close deals, we must show strong cost takeout.

And we can do that as we eliminate a lot of point products. So we are able to do both of those things. That's what's really leading us to deliver these strong results. And also, if I mentioned that, since our brand has become so much stronger, and we've become pretty strategic partners to customers, all these CIO, CSOs meetings I do, it's wonderful to see them. To say, hey. I mean, we moved from company A to company B. And we called your team to help us here as well. So look, we are tracking well. We're excited about what lies ahead for us.

Joseph Gallo: Thank you.

Operator: Thank you. Our next question comes from Mike Cikos with Needham. You may proceed.

Mike Cikos: Great. Thanks for taking the questions here, guys. I just wanted to come back to the SASE market specifically. And, Jay, I know you're probably already cringing at the word SASE, but just there was a lot of security vendor out there last week discussing some success and competitive displacements in the SASE market. Just wanted to get your feedback specifically on what you're seeing as far as trends from a competitive or pricing discipline standpoint. Appreciate it. Thank you.

Jay Chaudhry: Look. We demand very strong in when it comes to, I will call, the Zero Trust market. Because the SASE keyword has no meaning. Every vendor claims until to be calling SASE. For example, if you do Zero Trust, you don't do SD-WAN. And most of these SD-WAN vendors can be viewed into the SASE phase. Our expansion in our customer phase is because of all the new functionality we are bringing to take Zero Trust Everywhere. Our expansion is happening as we have taken our data security platform and made it much bigger. So we've done so many innovations in so many spaces.

So we think in spite of new entrants in the market, I think the market has already kind of sorted out the winners, and we are creating more distance among the number of the vendors. Well, sorry. Among the number of other vendors who are entering the space. So I feel very strong. Our pipeline remains strong. Our win rate remains strong. And you see our results, they're very, very strong.

Mike Cikos: Perfect. Thank you.

Operator: Our next question comes from Brian Essex with JPMorgan. You may proceed.

Brian Essex: Hi, good afternoon. Thank you for taking the question. I guess, Kevin, for you, you know, just I understand that you don't want to break out Red Canary, but can you give us a sense for organic net new ARR in the quarter? And then maybe one for Jay.

With the acquisition of Red Canary and what you've done with Avalor and now SPLX, love to get your sense of, do you have any sense of how you might align with the threat intelligence market and value you might be able to add given the data visibility, potential for incremental add in terms of the quality of data that you might be ingesting on the platform and ability to provide better visibility to customers on the threat intelligence side?

Kevin Rubin: Of course. Thanks for the question. I'll go ahead and start. As I had previously mentioned, organic growth in Q1 was consistent compared to Q4. And again, as I said, we're very pleased that the organic business came in better than our internal expectations.

Jay Chaudhry: So on the second part, we talked about two acquisitions we have had. Avalor has become our data fabric, which can ingest data from Zscaler platform and some of the third parties to really create what we call entity relationships. And, you know, AI is only as good as data, so we're able to do some very harmful threat detection intelligence that couldn't be done otherwise. So that's the foundation of the platform. The reason for us to get into AI-powered setups is the strength of our data. Avalor gave that stuff. We have the data. Red Canary gave us a gigantic AI technology on top of it. So using some of these smart agents, we can do security operation.

What security analysts need to do, so the amount of information we are getting, the meaningful intent we're getting is unbelievable. I was talking to the CSO of a Fortune 100 company recently. He said, I have a sizable security operation team, very sophisticated operations. But your solution, in this case, they're taking advantage of Red Canary working with us. It is finding things, a few things every month that we aren't able to find. That's amazing. Incremental value for them. We think this is only going to get better as our solution evolves. Your second point of the SPLX, that's accelerating our completion of solution for AI security.

The market has so many point product solutions in AI security out there. And customers tell me, one, I don't want to deal with 10 vendors, number one. Number two, I don't want to share my data with a startup that started ten months ago to share with them. So they're looking for a platform. We have built a number of AI security platforms internally. For example, GenAI Security, AI Guard, AI Discovery, and SPLX brought red teaming technology to us. So it had made our portfolio pretty complete. So Zero Trust Everywhere is in a very great shape. Agentic operations are evolving nicely, and AI security operations are growing very nicely. We feel very comfortable with the portfolio built.

Brian Essex: Got it. Helpful. Thank you.

Operator: Our next question comes from Shrenik Kothari with R. W. Baird. Yeah. Thanks for taking my question.

Shrenik Kothari: So, Jay, on the AI security tracking, $100 million, and you mentioned traction across all the modules, AI Guard, SVM, with teaming. Just can you help us unpack where there's more traction, what's currently driving in terms of use cases, are most deployments as at visibility governance via SVM, or are you seeing CSOs truly prioritizing all the runtime AI with AI Guard as well? And then I have a quick follow-up.

Jay Chaudhry: Yeah. This is a very good question. About two years ago, two-plus years ago, when ChatGPT came on the scene, the number one thing customers wanted to do was visibility into GenAI solutions or, sorry, applications that users are going to go to. Since we are sitting in the traffic path, very quickly we built our first product, GenAI Security. That's being used by quite a large number of these customers. Next, we launched AI asset discovery and posture management. Tons of interest because everything starts by understanding AI assets you have. Third, last summer, early summer, we launched AI Guardrails.

When customers are building their internal AI applications and models, they want to use guardrails to make sure that models are protected and only the right people with the right kind of prompts can easily access them. That's an early stage, but it's growing nicely. The pipeline is growing very well. And the fourth thing we brought to the market came through SPLX acquisition. That's core red teaming technology. And as applications are being built, customers want to make sure they don't have liabilities. And we aren't stopping there. The fifth is extending our platform to enchanting exchange so we can have the right agent-to-agent to agent-to-application communication. All that is proceeding well.

So I think we are very well positioned. We will keep on investing in these innovations. But we balance our investments with our operating margins.

Shrenik Kothari: Very helpful, Jay. Just Kevin, a quick follow-up on your comment around these modules ramping, as Jay was saying, how are you thinking about the investment horizon overall and as you're scaling these compute-rich products, AI Guard, and how to think about the margins here?

Kevin Rubin: Yes. Since the models and things they're using are really on them. On a fairly well-confined set of data, we haven't seen any massive change in gross margins. If these things change over time, I'm sure we'll let you guys know. And maybe just to continue on that thread. You know, look, for Q1, we're pleased with the margin profile. We're comfortable with the Q2 guide. And then as we look into the back half of the year, you will notice that there's margin expansion in the guide in the back half. We are orientated to growth, but you know that we're also very mindful of the financial model and operating margin.

Shrenik Kothari: Thank you.

Operator: Our next question comes from Roger Boyd with UBS. You may proceed.

Roger Boyd: Great. Thanks for taking the questions. Jay, I just wanted to go back to Zero Trust Gateway. And I wonder if you could talk a little bit more about the demand you're seeing there. Is that product getting pulled along with increasing AI infrastructure? Some of the firewall vendors have talked about growth in software firewalls in this capacity. And how are you thinking about customer buying around this approach over kind of that approach of deploying virtual firewalls? Thanks.

Jay Chaudhry: Sure. As you know, customers have traditionally used firewalls everywhere. We replaced a lot of them when it comes to user protection. And work on branch and cloud is pretty simple. When traditionally people would go to cloud and build cloud workload, they would do left-hand shift. They have left-hand shifted, not so far, also the problem has VMs. They're lift and shifted east-side firewalls to the cloud as VM as well. We go in and say, you don't really need a lot of these firewalls everywhere. Zero Trust Cloud is almost like Zero Trust for Internet access, zero trust workload to work on communication. All the firewalls go away.

Customers do not need to work with all these IP addresses and ACLs. The cloud gateway simply makes it even easier to deploy our solution. In the past, they had to deploy a piece of software we call Cloud Connector as a traffic cop. Now, we have a cloud gateway that's deployed and managed by Zscaler. With a simple config change that says, point traffic to Zscaler cloud gateway. And we enforce policies, and we do everything that needs to be done. Deployment that would have taken a few hours now can be done in under ten minutes.

That's the kind of innovation we're bringing to make it easier for customers to move away from legacy firewalls and embrace Zero Trust cloud workload communication.

Roger Boyd: Thank you.

Operator: Our next question comes from Eric Heath with KeyBanc. You may proceed.

Eric Heath: Hey, great. Thanks for taking the question. Maybe to come back to Zero Trust Everywhere just given how strong and successful it's been thus far. But I'm curious to hear how you're thinking about this going forward. I mean, is the outperformance relative to your expectations because the book of firewall business up for refresh maybe was bigger or earlier than you anticipated or do you look at the pipeline and see an even bigger opportunity of displacements looking into calendar '26? Thanks.

Jay Chaudhry: Overall, our customers are looking for saving money and making it easier for them to operate and deploy these solutions. And along with that, making sure they have better cyber protection. The number one reason for customers' interest in the Zero Trust Branch is to eliminate the lateral movement which leads to all kinds of ransomware attacks. Number one. Number two, when we go in and say, by the way, it's also costing a lot more because we can eliminate multiple products in a branch. Not just firewall, but SD-WAN. Often, they got these DHCP gateways. They often got east-west firewalls. They got NAT convenience kind of stuff. All of that goes away. So cost goes down.

Operational stuff goes down. That's a driver. That refresh may help, but most of the time, the deals are not waiting for Zscaler to say refresh is coming. As we present the story to our customers, they kind of say, wow. This makes sense. There's a lot of ROI to it. Get started. So tremendous interest, strong pipeline, and we've only done about 450 customers so far. There are millions of branches left out there for us to pursue.

Eric Heath: Thank you.

Operator: Our next question comes from Fatima Boolani with Citi. You may proceed.

Fatima Boolani: Good afternoon. Thank you so much for taking my questions. Jay, I wanted to go back to a very specific remark in your script earlier in the call. Just with respect to the migration of SAP from on-prem to SAP RISE being an opportunity that would be tantamount to the success and the tailwinds that you saw from Microsoft Exchange going to Microsoft March. And so I wanted to take the opportunity to have you unpack some of that in terms of how will that manifest in your business across the product lines today? And then specifically, you know, with the portfolio that is significantly larger today than you had when this the initial Microsoft platform migration was happening.

Where do you expect to see sort of the I'll frame it as option value in some of your newer products that frankly didn't exist in the last sort of precedent example?

Jay Chaudhry: Sure. You know, the customers moved to Office March several years ago because Office moved to the cloud or Exchange moved to the cloud. But SAP has taken a long time. It's a far more complex application. But now SAP is pushing for deployment of what they call SAP RISE in the cloud and telling customers that you got to move, and they're giving some incentives as well. So if you do the old way using the legacy firewall technology and network, you move SAP RISE to the cloud, then you really then deploy all these express routes and direct connects for connectivity.

And then you've got firewalls and all the stuff you deploy to access those applications, the VPN type approach. We go in and say none of that stuff is needed. No special access routes and direct connects needed. You can access SAP RISE applications with Zscaler directly over the Internet as you access Office 365 applications. It's a clean, simple, elegant architecture. So it gives us two opportunities for us. Number one, some of the cloud zero to cloud technology to make sure we got protection and communication for SAP application, SAP RISE itself. Second, for users to access SAP, with better and faster experience. Those are the two areas of growth for us.

And it helps a customer deploy and get the application running faster. And it reduces cost and gets great user experience.

Fatima Boolani: Thank you.

Operator: Our next question comes from Gray Powell with BTIG. You may proceed.

Gray Powell: Great. Thanks for taking the question. Yes, it's really interesting this quarter. I mean, I look at the numbers, and overall, everything looks good. I do think there's some confusion on just organic ARR. So I guess here's my question. You highlighted $175 million in Flex bookings this quarter. Compares to RPO bookings at about $940 million. So basically, Flex is now 20% of the mix. It almost doubled versus last quarter. Where do you see that going longer term? And then as Flex becomes a bigger component of bookings, does that give you higher visibility on future period ARR because there's just inherently an installed ramp in those contracts as customers grow out?

Kevin Rubin: Yeah. Great. So I'll start and Jay can add anything that he may want to share. Look. I appreciate you raising Z Flex. It is a program that has gotten a lot of interest and traction from our customer base. To your point, we did see bookings grow over 70% sequentially. And it effectively allows customers to commit to spend. We typically see that as a more commitment than they would have made on an a la carte basis. It allows them to easily deploy additional modules without having to go through the friction of a negotiation procurement process.

And then it provides them with the flexibility to swap in and out of modules as business dynamics for those customers change. And so it gives them confidence that they can make more meaningful commitments to us and generally over longer periods of time. It doesn't have, necessarily a different impact to ARR than any other type of transaction. But to your point, it does give us greater visibility over the long term. Because they are longer contracts. We do understand the nature of those commitments and how they play out in the future. And I would say, it's frankly a win-win for both the customer, and the flexibility it offers, and us in terms of the visibility going forward.

So it is a very powerful tool that has gotten pretty significant interest from customers.

Jay Chaudhry: Yeah. I would say our business has performed very well on all metrics. They are on cash flow, all areas. So we're very pleased with it.

Operator: Thank you. Our next question comes from Joshua Tilton with Wolfe Research. You may proceed.

Joshua Tilton: Hey, guys. Thanks for sneaking me in, and congrats to Ashwin. Just one for me, and apologize if this was addressed already bouncing back forth between a few calls. But, did your assumption for what Red Canary contribute to the full year ARR change at all? And if not, is it fair to assume you raised ARR by for the full year is how much you outperformed organically in the first quarter?

Kevin Rubin: Yes. Thank you for the call. I did make a comment earlier. We are seeing Red Canary trend slightly better than our previous guidance. But, as a reminder, we don't believe that Red Canary's contributions to our overall business are material. So we're not going to be making color commentary with respect to Red Canary going forward. With respect to the outperformance, I mean, we did pass that through the full year guide. But I think to further clarify, you said that before. Organic growth in Q1 for us was consistent as compared to Q4. Very pleased with it. It beat our internal expectations.

Joshua Tilton: Thank you.

Operator: Our next question comes from Jonathan Rukaver with Cantor. You may proceed.

Jonathan Rukaver: Yes. Hi. Good afternoon. Jay, I'm curious to hear your thoughts on the synergies you see between Red Canary and the, you know, the data security portfolio. It would seem that you know, you have opportunities around remediation, a possible governance layer, for DSP and DLP. Can you just provide an update on that integration strategy? And maybe just a little bit of color on how you see that driving differentiation relative to you know, all the other vendors that are targeting data security capabilities related to AI.

Jay Chaudhry: Yes. Very, very good question. I would mention three points there that set us apart from many others. Number one, we have built a full portfolio of data security. There's no such thing as data security, but AI only. Data is lost in many ways. So number one, the strongest portfolio is helping us. Number two, AI is helping us doing better data classification. Which is important because better classification means better detection. Number three, the other point you made, it was a Red Canary synergy. That is the following.

We are able to get all the signals from Zero Trust Exchange to our data fabric platform where we are able to potentially look for any potential threats or breaches or any of the stuff that's happened. And if they're able to do that very quickly, we can do a closed-loop feedback sent to a Zero Trust Exchange if you need to walk some kind of data loss that's happening out there. Today, data loss happens. Signals are found. Days or weeks later. This closed-loop system between our agentic operations and inline function is a clear, clear differentiator for us that should set us apart from many other vendors whether they're SASE vendors, or they are AI security vendors.

Operator: Thank you. And our last question comes from Matt Hedberg with RBC. You may proceed.

Matt Hedberg: Great. Thanks for taking my questions, guys. Congrats on the results, really. I wanted to follow-up on, I think it was Gray's question on Z Flex. It really does show up in checks. And I think, Kevin, you mentioned reducing friction. Additional consolidation opportunities. I realize it's difficult, but is there a way to think about what that average Z Flex upsell looks like? And then maybe just a little bit more color on how do you think about the pipeline of Z Flex deals for the rest of fiscal year? Thanks, guys.

Jay Chaudhry: So first of all, Z Flex was done to give our customers flex. It evolved from the traditional ramp deals we had done in the past when we go after a lot of customers. They can deploy it overnight. And if they bought lots of modules, they wanted some ability to say, give me some RAM because I won't be working on it. We have been doing RAM deals for quite some time, but this creates a formal program around it. The second thing it's created for us is the ability to swap modules so they don't have to keep on testing various modules for a long time and delaying the deal.

So we believe that the deal ability to close deals has gotten better. And three, the ability to do larger deals has gotten better because now they know that they can swap deals, modules, so they can go for a bigger deal. All these things are happening. I'm not sure we have quantified exactly how much impact it is having. But we are seeing good results of it. So we are pleased with the performance. Kevin, you want to add anything?

Kevin Rubin: The only thing I would, again, I guess, express is you see growth in customers moving into Zero Trust Everywhere, which you see adoption of Data Security Everywhere and AI Security, a lot of that momentum and the facilitation will come from programs like Z Flex that will make it easier for customers to adopt these technologies. And so, for us, we think it's just a stimulus to allow customers to more easily and friction-free adopt more of our technology.

Operator: Thank you. I would now like to turn the call back over to Jay Chaudhry for any closing remarks.

Jay Chaudhry: Well, thank you for your time. We look forward to seeing you at one of us or some of the investor conferences.

Operator: Thank you. This concludes the conference. Thank you for your participation. You may now disconnect.