Hello, and welcome to CrowdStrike's Fiscal Fourth Quarter 2026 Financial Results Conference Call. [Operator Instructions] Please be advised that today's conference is being recorded. I would now like to hand the call over to Andy Nowinski, Vice President of Investor Relations and Strategic Finance. Andy, please go ahead. Thank you.

Good afternoon, and thank you for your participation today. With me on the call are George Kurtz, Chief Executive Officer and Founder of CrowdStrike; and Burt Podbere, Chief Financial Officer. Before we get started, I would like to note that certain statements made during this conference call that are not historical facts, including those regarding our future plans, objectives, growth, including projections and expected performance, including our outlook for the first quarter and fiscal year 2027, and any assumptions for fiscal periods beyond that are forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995. These forward-looking statements represent our outlook only as of the date of this call. While we believe any forward-looking statements we make are reasonable, actual results could differ materially because the statements are based on current expectations and are subject to risks and uncertainties. We do not undertake and expressly disclaim any obligation to update or alter our forward-looking statements, whether as a result of new information, future events or otherwise. Further information on these and other factors that could affect the company's financial results is included in the filings we make with the SEC from time to time, including the section titled Risk Factors in the company's annual and quarterly reports. Additionally, unless otherwise stated, excluding revenue, all financial measures disclosed on this call will be non-GAAP. A discussion of why we use non-GAAP financial measures and a reconciliation schedule showing GAAP versus non-GAAP results is currently available in our earnings release, which may be found on our Investor Relations website at ir.crowdstrike.com or on our Form 8-K filed with the SEC today. With that, I will now turn the call over to George.

Thank you, Andy, and thank you all for joining CrowdStrike's Q4 FY '26 Earnings Call. I couldn't be more pleased with our results. AI is driving elevated demand for the Falcon platform and is a key accelerant for our business. At the same time, AI is weaponizing adversaries to attack with increased speed, sophistication and precision. We're seeing this play out in real time in the Middle East as emboldened adversaries fuel nation state activity. FY '26 was CrowdStrike's best year yet capped by a blockbuster Q4 where we set new records across the business. Summarizing our results: one, all-time record net new ARR of $331 million for the quarter, which grew 47% year-over-year, coming in well ahead of our expectations. For the year, we delivered $1.01 billion in net new ARR, up 25% year-over-year, our first year delivering over $1 billion of net new ARR. Two, ending ARR of $5.25 billion, crossing the $5 billion milestone, which accelerated to 24% growth year-over-year. CrowdStrike is the fastest and only pure-play cybersecurity software company to achieve this milestone. Three, record free cash flow of $376 million for the quarter or 29% of revenue. And for the year, we delivered record free cash flow of $1.24 billion or 26% of revenue. Four, all-time record operating income of $326 million for the quarter or 25% of revenue. This is the third consecutive quarter of record operating income. For the year, we delivered $1.05 billion of operating income, exceeding the $1 billion operating income milestone for the first time. Five, record net new ARR from cloud, Next-Gen Identity and Next-Gen SIEM collectively. Ending ARR for these solutions collectively grew more than 45% year-over-year. Amidst today's AI backdrop, our endpoint business accelerated for the second consecutive quarter. Six, dollar-based net retention of 115% and gross…

Thank you, George, and good afternoon, everyone. As a quick reminder, unless otherwise noted, all numbers, except revenue mentioned during my remarks today are non-GAAP. We delivered exceptional fourth quarter results and a record finish to the year, exceeding expectations across all guided metrics driven by continued Flex and re-Flex momentum and strong organic growth across the platform. FY '26 was a milestone year for CrowdStrike. For the full fiscal year, ending ARR growth accelerated to 24% and net new ARR accelerated to 25% year-over-year. We delivered this record top line performance while exceeding our profitability and free cash flow targets. Operating income reached a record $1.05 billion or 22% of revenue, and we delivered record free cash flow of $1.24 billion or 26% of revenue. The combination of growth, scale, profitability and cash flow puts CrowdStrike in rare air. The strength of our platform and the significant market opportunity ahead further reinforce our conviction in the path to achieving our future growth milestones of $10 billion and $20 billion of ending ARR as well as our target profitability model. Our full year momentum was punctuated by an exceptional fourth quarter. We achieved record net new ARR of $330.7 million, up 47% year-over-year and well ahead of our stated expectations, driving ending ARR to $5.25 billion. Our fourth quarter results showcased the success of our Flex-led go-to-market strategy. Momentum was broad-based across customers of all sizes from enterprise to down-market and MSSPs, achieving another record quarter in our corporate business. Customers continue to leverage Falcon to consolidate their security needs and lower their total cost of ownership resulting in higher retention rates over the prior quarter and strong module adoption rates. As of Q4, 50% of subscription customers are now using 6 or more modules. 34% are using 7 or…

[Operator Instructions] Our first question comes from Joe Gallo at Jefferies.

Really nice results and guide. George, securing AI is a huge market opportunity. Would love your thoughts on, one, when securing AI materializes to ARR meaningfully for you? Is that a fiscal '27 story? And then two, how much of the new market opportunity goes to pure-play cyber vendors? In cloud, people certainly use the hyperscalers for some of their security needs. So just curious how much of that new AI market goes to pure-play cyber vendors like yourselves.

Yes. Thanks, Joe. Obviously, we're still in the early innings, but we continue to ramp in protecting AI and it's happening today in terms of ARR growth. And we're obviously blown away of what we've seen with Pangea and AIDR. It was up 5x quarter-over-quarter from when we acquired the company. So we're really excited about that. The other piece to keep in mind is that not only is it going to drive AIDR growth, but we're going to see growth in protecting attack surfaces like cloud. We're going to see growth in next-gen SIEM. We're going to see growth in other areas that all touch AI. So from that standpoint, as I said, early innings but lots of opportunity for us. And I think with regards to hyperscalers, I'm glad you asked the question because when I started the company in 2011, we pioneered cloud-delivered security. And over the years, as cloud was maturing, I heard a lot about the hyperscalers actually providing all the security services. Well, that didn't happen. In fact, as you've seen with our results and our partnership with AWS, as an example, we transact billions through these platforms, and they're a great partner, and there's a lot more exposure in the cloud. So we see the same thing happening what I call AI hyperscalers, being able to actually partner with these hyperscalers leveraging AI and their LLMs, and also being able to leverage the technology to provide better outcomes within the platform of record for our customers, which is Falcon.

Our next question comes from Rob Owens at Piper Sandler.

George, you talked about the 10 other agents that you guys have besides Charlotte and some of the traction that CrowdStrike's seeing with security agents. But can you provide color on some of the recent acquisitions? When we look at agentic security more broadly, where are customers in their journey? And do you see identity as maybe one of the main hurdles for them getting agentic deployments at scale?

Yes, Rob, identity is one of the biggest threat vectors right now that we see. In fact, one of our latest threat reports, 80% of the breaches are non-malware-based, right? So a lot of it is around identity. And between the identity stack that we've built over the years, again, we got into identity security in 2020. We've built that out. It's a big business. And now really with the addition of SGNL.ai. This is, in my mind, game-changing technology to have 0 standing privileges to be able to protect nonhuman identities and human identities in a much more modern stack than anything else that's out there in the market. It's a perfect fit to CrowdStrike and our platform. You combine that then with something like Seraphic in browser security. So now you're able to protect the front door of really where these attacks happen, plus where AI takes place and you add the identity layer to that. And again, we're providing something that we think is going to be very unique in the industry. And of course, Pangea, which is our AIDR product, when you look at EDR, in today's market, EDR is a must. It's compliance mandate, and we believe that EDR will be a similar opportunity -- sorry, AIDR will be a similar opportunity to EDR in the coming years, driven by compliance and the need to accelerate protecting AI.

Our next question comes from Fatima Boolani at Citi.

George, I wanted to direct this to you. Had a question about the next-generation SIEM opportunity. There are very much percolating fears that the open-ended SOC modernization share capture opportunity that had thus far been pretty open ended has -- is perceived to maybe be at more risk from what the frontier labs may or may not be pursuing. So maybe in the context of the opportunity ocean commentary in your prepared remarks, can you help us with a deeper explanation and understanding of what your current nature of relationship, partnership and integration is with the frontier labs and the frontier models? And how should we very critically think about the durability of your moat from any potential commoditization from an architectural or technical or, frankly, any other relevant contextual standpoint?

Yes, great question. So when you look at what we've built, and I talked about this in the prepared remarks, we're a net data creator, right? We have telemetry that we create from our agents and from other parts of our platform that is unique. We put it into various data stores, including next-gen SIEM and our Threat Graph. And we're able to understand the threats in real time with real-time prevention. That's vastly different than what the LLM providers and frontier models do. Now certainly, we leverage the frontier models. We have our own small language models. We have our own curated data. So I think we get the best of both worlds, but we're doing this in a platform that is driving consolidation that we've got millions and millions of workflows on already and becomes very, very sticky. So from the standpoint of our next-gen SIEM, you've got to look at the next-gen SOC opportunity and what we're doing with Charlotte and the agents that we've created, where we're driving meaningful change in a SOC or overall driving down costs and getting better outcomes, and we're doing it in a compliant way. To be a security vendor, you have to have trust. Customers are driven by compliance, and we are the epicenter of creating this data. So what we also are open to is having an open model. We have customers that create their own agents that leverage our technologies, that leverage our MCP services. And this is part of having an open platform, which is why our customers love CrowdStrike.

Our next question comes from Saket Kalia at Barclays.

Great finish to the year. George, maybe for you. The cloud security business, I think, is the biggest piece of kind of that 3 platform product group, if you will. And it's continued to add a consistent amount of net new ARR dollars over the last few years, which has been great to see. Maybe the question is how do you see the competitive environment in cloud security right now. And how do you think about the longevity of the growth in that market as you look out onto the future?

Well, when we look at the cloud market, I couldn't be prouder of our execution and the products that we brought to market. One of the areas that we focused on, as you know, for a long time, is runtime protection, and that's the technology that really is focused on stopping breaches. And I think customers have realized just by having the ability to understand sort of exposures doesn't mean you're going to stop the breach. So with our CSPM technology with -- a lot of the other technologies that we have acquired like Falcon Shield, it has become an extremely potent offering for our customers. And again, why is it resonating? One, the technology works. Two, it all works together, and we're able to drive down cost, complexity and get a better outcome, which is stopping the breach. It's not just about reporting on some exposures. It's about understanding the overall control plane in the cloud and being able to protect it. And we're giving the customers what they want, and that's the right outcome at a much lower cost than the competitors that are out there. So I think that's why, in a nutshell, you're seeing the results in our cloud business.

Our next question comes from Brian Essex at JPMorgan.

Congrats on some nice results. And Burt, congrats on the return to GAAP profitability. Really good to see. Maybe a quick question for you, George, on identity. Great to see the acceleration there. Could you unpack that business a little bit and help us understand? I mean, obviously, identity was one of the segments that was part of the CCP incentive plans that you guys were pursuing. How much of the resurgence in growth there on the identity side is, I guess, renewal of CCP or Flex deals versus net new kind of emerging identity product? It would be great to get a feel underneath the covers there.

Well, it's one of the modules everyone wanted, and certainly, it was a fan favorite in the days of CCP. So we're seeing success from that. And as I have mentioned many times, once a customer engages with the module, there's an extremely high percentage that they're going to continue to renew that. So we continue to see that. But I think overall, you have to look at the threat landscape and the fact that identity is really one of the -- compromised identity, it's really one of the #1 drivers of breaches, and customers are being -- are focused on being able to protect those identities, both in the cloud and on-premise, if you will, and there's a massive compliance need for something like ITDR. So we're getting the benefit from the platform consolidation piece, and we're also getting the benefit from having a very mature stack now. Not only can we prevent these sort of breaches with ITDR, but you include now Falcon Shield protecting SaaS identities. And then you kind of look at what we've done with our PAM offering. It's been very, very well received by our customers. So I think that's why you're seeing our opportunity to continue to grow there. And as I said earlier, we couldn't be more excited about the SGNL.ai acquisition that we just completed.

Our next question comes from Brad Zelnick at Deutsche Bank.

George, Burt, congrats on a really strong finish to the year, an impressive ARR guidance out of the gate for next year, implying 22.5% net new growth, which is above your prior commentary and now off of even a higher base. After such a strong fiscal '26, this obviously stands out in a very good way. Can you talk about the building blocks that get you there and especially how to think about the renewal opportunity that you have visibility to and the expansion opportunity given just how much you can address today versus when many of those customers might have last transacted?

Brad, thanks for your comments, and I'll give you an insight into how we thought about the guide. I mean first and foremost, it starts with the strong momentum that we're seeing in the business. We saw in Q4 broad-based demand from all sizes of businesses -- from all business sizes, whether it's enterprise all the way down to MSSPs. And then that rolled over into Q1 when we talked about the record Q1 pipeline, which grew 49% year-over-year. Then as George mentioned, CrowdStrike is thriving in this AI revolution. We are not only leveraging AI within the entire platform, but our platform also helps organizations use AI security, and that's the key. And then I think we're still benefiting from the consolidation tailwinds. Customers continue to seek the best outcomes at the lower TCO, which we [ help ] to provide. And the consolidation really comes from the strength of our platform. You look at cloud, Next-Gen Identity and Next-Gen SIEM collectively, we posted a record net new ARR, resulting in $1.9 billion in ending ARR, up 45% year-over-year. Now look at endpoint. That accelerated for the second straight quarter on the heels of AI-driven demand. And then you tag onto that the success that we saw in Flex. We added over 350 Flex customers in Q4. The average Flex customer ending ARR that was over $1 million, those guys have adopted nearly 10 modules well over our company average. And then re-Flex, we have greater than 380 re-Flex customers. The average time for our re-Flex is 7 months. 100 customers re-Flexed multiple times with the average ARR lift post re-flex for this cohort was 48%. These are really, really great numbers for us. And so you combine all those things and other things gave us the confidence to be able to come out with the guide that we came out with for that new ARR for next year.

Our next question comes from Matt Hedberg at RBC.

Congrats from me as well. George, I wanted to ask about pricing. Obviously, Flex and re-Flex is doing extremely well, but there's obviously a lot of concerns that I think we're all seeing out there about potentially fewer knowledge worker seats in the future due to AI. The flip side to that is way more agents. So I guess two-part question. First, how do you think about agent pricing? And second, how well does Flex position customers for this potential mix shift? And could consumption become a bigger element to the growth algorithm?

Well, when we look at the overall threat landscape and how we go to market, obviously, we protect endpoints and cloud workloads. You have to look at those in totality, but now we have the opportunity to protect AI agents, and industry stats is that each knowledge worker will have 90 AI agents. So even if the mix moves around, we have a massive opportunity to protect AI agents. We have a massive opportunity to protect all of these AI cloud workloads. And from what I've seen in different technology shifts, we tend to create more opportunity as technology advances, not less opportunity. So that's the way we would view that piece of it. In terms of Flex, look, it's been a smashing success. There's a reason why some so many other companies sort of copied our model or tried to copy it. Customers like it. You can see the success in the numbers, and it just makes it so much easier to help customers very quickly. You look at the acquisitions we did. They were available immediately to customers as soon as the deal closed and/or we went to a GA, but we didn't have to go through another procurement cycle. So that's really the model that we're leading with going to market this year, and we couldn't be more excited about it. And I think the Flex results speak for themselves.

Our next question comes from Roger Boyd at UBS.

Great. Can you hear me okay?

Yes, go ahead.

Okay. Great. George, I want to go back to your comments on why you're best positioned to benefit from AI SOC. And I appreciate your comments around your approach of tech plus human expertise and the flywheel that creates, giving you an advantage in terms of operationalizing this technology. I think it's also maybe the lowest friction way for some enterprises to benefit from some of this emerging tech. And I guess with that in mind, what sort of growth are you seeing with some of the managed service offerings like completing Overwatch relative to the acceleration you're seeing in the overall endpoint business right now?

Yes. Those businesses continue to grow extremely well. And when you look at why, it's because we're getting the right outcome that customers need. One of the things that we track is mean time to detection, mean time to remediation. We are absolutely best in class for customers. Very difficult for them to replicate what we do. Why? Because it's the network effect, right? It's the full view that we see in over 176 countries where we actually have our software operating. So when you're at the tip of the spear in seeing the activity through our technology, the tip of the spear in responding to some of the biggest breaches in the world combined with our threat intelligence, you've got the right understanding and the right DNA to create the right technology and outcome for customers. So that's what we continue to see. Obviously, they're leveraging our technology, and we're providing the automation. But there are many, many customers who don't have the skills or expertise to get the outcomes that we provide, which is stopping the breach, identifying these sort of threats, remediating much faster than they ever could and ultimately giving them the best outcome for a cost that it's very hard to replicate. And that's why it's been a fantastic success for us.

Our next question comes from Gabriela Borges at Goldman Sachs.

George, I really appreciated your description on what LLMs are not and as it pertains to the RLHF commentary. I want to ask you the opposite question. What do you think the role is of Anthropic in cybersecurity use cases, whether it's on the coding side or the pen testing side or even the data aggregation side? What role do you think they should have?

I mean, I guess, I'll talk just in general terms for LLM providers. And they're certainly good at a lot of things. You can help sort through lots of data very quickly. And it's something that the security industry and most security players are leveraging. In our particular case, we certainly leverage technology like that, but we've built our own bespoke models depending on the module and trained in a certain way, with the vertical expertise to get the right outcome. Here's what you have to remember, is that what customers want is real-time prevention. You have to be in line. You have to be able to get the data in milliseconds, and you have to make a decision. That's not the case with an LLM. There's many great things it can do, and it's certainly a fantastic technology, but it's not stopping any breaches in real time. And that's one of the areas, I think, again, where we shine. So from my perspective, we continue to work with them. We continue to partner with them and amazing technologies. And I think it really is going to be the better together approach as the industry goes forward. Customers want to leverage their own models. We leverage Nemotron with NVIDIA. It's an unbelievable time to be in tech, and you're going to have agents talk to agents and our agents talking to customer agents that are inside their network. But at the end of the day, as the platform system of record for security, this is where you want to be. It is a very sticky place. We create the data. We curate the data. And again, we want to be open and work with any of the models that are out there, and we want to meet our customers where they have AI and leverage their technologies as well as ours.

Our next question comes from Todd Weller at Stephens.

Yes. Appreciate the question. George, this is the second quarter of endpoint acceleration. Can you talk about what's driving that, how you think about the durability of the growth acceleration? And then related to this, there's been a lot of action in the market recently around browser security. Do you see that as a new category or as an extension of endpoint?

Well, when you think about endpoint acceleration, it's a simple answer, AI. We've talked about it, and we're showing it in the results. And I mean one of the biggest things you look at -- OpenClaw comes out. Our customers immediately are looking at all of our technologies to be able to identify it, put controls around it and make sure that they can leverage these technologies in an efficient and compliant way. So that's where AI meets -- the rubber meets the road, is at the endpoint, and that's how people consume it. So that's where we're seeing it. And then you combine that with browser security. That's really the front door now for how people are interacting with AI models and LLMs and the various technologies that are out there as well as how threats get into the environment. So you combine that with our agent and the ability to have protection across any browser, not just ask an organization to switch their browser. We can protect any browser that's out there. We tie it into our identity stack. And I can tell you, the feedback from our customers, as soon as we made the announcement, they were looking at how fast can we get this technology because they know on our platform, it's going to be additive for them. And we're excited about the category and the great company in Seraphic that we acquired.

Our next question comes from Dan Ives at Wedbush.

Yes. It's a great, great quarter as always. I -- So George, I was going to say what -- when it comes to Anthropic and Claude and obviously all the worries out there and you hear in the Q&A., to some extent, can't this also be a huge benefit to you as it just further spreads the word and customers realize essentially what they don't have and you do have, especially with the Microsoft partnership at the same time?

Yes, Dan, as I said in my prepared remarks, AI is a tailwind for us. And I mean I take a simple approach, is will we have more AI in the next year or 2 or 5 years. And for me, the answer is absolutely yes. And if that AI is being deployed with AI agents, you're going to need protection. You're going to need something like AIDR. You're going to need identity security. You're going to need browser security. You're going to need compliance around this. And that's the way we look at it. And again, we leverage the technologies that are out there. Why wouldn't we? And we have our own unique IP and our own model. So we get the best of both worlds, and there's many things that customers are looking for in these workflows and sort of data curation and knowledge in the security industry that you can't just get from a general LLM model. So I've talked about this before, and it's a great opportunity to work together. And that's really what we're focused on.

This concludes today's question-and-answer session.

All right. So thanks, everyone, for their time today. We appreciate your continued support and look forward to seeing you at our upcoming events. Thanks so much.