Q2 2025 JFrog Ltd Earnings Call
Welcome to the jfrog second quarter, 2025 Financial results earnings call.
After today's prepared remarks, we will host a question and answer session. If you would like to ask a question, please raise your hand. If you have dialed into today's call, please press star 9, to raise your hand and star, 6 to unmute
I will now hand the conference over to Jeffrey Shriner head of investor relations Jeffrey. Please go ahead.
Thank you Nicole, good afternoon and thank you for joining us as we review jfrog second quarter 2025 Financial results which were announced following market closed today. Via press release, leaving the call today will be jfrog CEO, and co-founder shomi benheim, and Ed graphite jfrog CFO.
During this call, we may make statements related to our business that are forward-looking under Federal Security laws and made pursuant to the safe harbor, provisions of the private Securities. Litigation Reform, Act of 1995, including statements related to our future financial performance, and including our outlook for Q3 and the full year of 2025.
The words "anticipate," "believe," "continue," "estimate," "expect," "intend," "will," and similar expressions are intended to identify forward-looking statements or similar indications of future expectations.
You are cautioned not to place undue Reliance on these forward-looking statements, which reflect our views only as of today and not as of any subsequent date.
Please keep in mind that we are not obligating ourselves to revise or publicly release the results of any revision to these forward-looking statements in light of new information or future events.
These statements are subject to a variety of risks and uncertainties that could cause actual results to differ materially from expectations for discussion of material risks. And other important factors that could affect our results. Please refer to our form 10K for the year. Ended December 31st 2024 which is available on the investor relations section of our website. And the earnings press release issued earlier today.
Additional information will be made available in our form 10q for the quarter ended, June 30th 2025 and other filings, and reports that we may file from time to time with the SEC.
Additionally, non-gaap Financial measures will be discussed on this conference, call these non-gaap Financial measures which are used as measures of jro's performance should be considered in addition to not as a substitute for or in isolation, from gaap measures.
Please refer to the tables in our earnings release for a Reconciliation of those measures to their most directly comparable. Gaap, Financial measures a replay of this. Call will be available on the jfrog investor relations website for a limited time with that. I'd like to turn the call over to jfrog CEO shlomi. Benheim shomi
Thank you, Jen. Good afternoon and thank you all for joining the code. At the jfrog platform becomes the system of record for all software packages and please do report. Another excellent quote of the company,
We continue to execute with discipline aiming to meet the growing market demand for a unified platform that enables trusted, scalable software delivery.
In Q2 jro's total revenue was 127.2 Million up 23% year-over-year. Our operating margin was 15.2% in the quarter demonstrating consistent execution while maintaining discipline strategic Investments.
Cloud revenue for Q2 equals 57.1 million representing, 45% year-over-year goals. We observed sustained, Cloud usage, while maintaining a strategic focus on converting customers with steady usage above minimum commitment, into annual contracts.
I will Enterprise Focus product and go to market both food. Again, this portal, I'm pleased to report that our greater than 1 million customers grew to 61 compared to 42 in the year ago, period equaling, 45% growth zero view customers. Spending more than 100,000 annually grew to 10076 compared to 928 in the ego period. Equaling 16% year-over-year goals
Our training for quarters. Net dollar retention increased, sequentially driven by continued adoption of our security products and solid growth across our customer base. Ed was discussed this in Greater detail later in the call.
Security Solutions and a clear value proposition in the rapidly evolving world of agentic, AI and mlops.
Now, I will take a moment to Spotlight what powered our Q2 success, highlighting the queue drivers behind our strong performance. First on cloud goals.
I want to address 2 items for Joe clouds, both our Core Business results. And then talk about emerging market dynamics.
Due to delivered strong Cloud results, fueled by expanded annual commitments, helping our customers gain budget Clarity and suspending visibility while growing. Our recurring Revenue base,
Now with AI adoption exploding cios are rethinking infrastructure at its core. The unpredictable cost of running AI at scale is forcing a shift from cloud first to fit for purpose.
This might mean hybrid balancing cost, predictability with agility, compliance security, and control.
As part of this emerging standard for Enterprise AI development, jpro was announced as the Cornerstone software, artifact, repository and secure model, registry for nvidia's initiatives.
Just in botano in video's, VP of Enterprise, AI products, noted, quote, Enterprises building. AI factories need to manage the complexity of AI adoption while ensuring performance governance and Trust.
jro's unified software supply chain platform paired, with the Nvidia Enterprise AI Factory validated design, enables rapid responsible, AI Innovation at scale,
End quote.
We also continue to gain traction with leading AI industry customers as referenced in q1. As they rapidly, adopt the j4 platform as an infrastructure solution. A system of record for binaries.
Just as we previously became the registry and single source of Truth for all software packages containers and artifacts or insured all type of binaries. We are on a mission to become the world's leading AI model registry offering our customers comprehensive 360 coverage across the entire model life cycle.
To achieve this. We are deepening Partnerships with AI industry leaders expanding our support for the AI, ecosystem and driving Community standards for responsible ML and AI adoption.
As AI continues to transform, the way we live and work developer tools Stacks are evolving rapidly, integrating code, assistance tools.
To meet growing demands for Speed and efficiency.
IC interaction, giving AI Technologies access to tools and the system that power modern application development.
Jpro is all in as an open platform building a solution that deeply integrates into the AI ecosystem. Our commitment was also marked by the launch of the jpro mCP server in mid. July during the AWS Summit in New York.
This is not all as responsible members of the AI community and as a vent on committed to building trust across our customers software supply chain, we recognize that as mCP adoption accelerates in the development world. So does interest from threat actors. Looking to exploit evolving, mCP, standards,
Our security research team recently uncovered and published significant exploitation risks tied to mCP usage and were proud to let the charge in securing the AI Community from this emerging threats.
Finally, I want to highlight our debt SEC Ops Solutions. In Q2 we saw multiple customers wins continue to be driven by security with companies focus on the consolidation of tools, a model security and software package curation for example. During the second quarter 1 of the world's largest telecommunication companies expanded its use of jbox through jpo curation.
In a 7 figure deal.
As part of their standardization and consolidation efforts across their devops and deficit Ops tool sets, they placed a Strategic investment in our solution, to enforce policies and act as a firewall for the software supply chain.
Jpro security solution are boldly transforming. The industry replacing Legacy Point solution tools with a unified software supply, chain, platform and blazing the trail with world-class research and Cutting Edge Innovations to deliver a trusted AI.
some of these Innovations will be announced at swamp up, I'm excited to remind you that jpeg will be holding our annual user conference on September 9th, and 10th in Napa Valley, California
Will be announcing new products and strategic Partnerships highlighting new Innovations and delivering new solutions to the market. We look forward to welcoming our community to swamp up where the world of every of standouts is crafted.
With that, I'll turn the call over to our CFO at graide with an in-depth recap of Q2 Financial results and our updated outlook for Q3 and the full fiscal year of 2025, Ed.
Thank you shomi and good afternoon everyone. During the second quarter of 2025 total revenues were 127.2 million up 23% year-over-year.
In the quarter was the result of continued operational. Execution, driven by strength in our Cloud revenues, accelerating adoption and security, core products, and ongoing demand for our Enterprise level subscriptions.
Second quarter, Cloud revenues, grew to 57.1 million up, 45% year-over-year, and represented 45% of total revenues versus 38% in the prior year.
At shlomi, noted our strategy remains focused on converting customers with usage about minimum commitments into higher annual contracts.
our growth in the cloud was driven by momentum in the jfrog security Corps and conversion of customers with usage above minimum commitments, into higher annual contracts,
During the second quarter, our self-managed or on-prem revenues for 70.1 million up 10% year-over-year.
With our cloud-first approach, we proactively engage our on-prem customers to migrate Dev SEC, Ops workloads to our cloud and enable them to capture even greater long-term value.
In Q2 55% of total revenues came from Enterprise Plus subscriptions.
From 50% in the prior year.
Driven by the ongoing execution of our Enterprise. Go to market strategy, and broader customer adoption at the jfrog platform Revenue. Contribution from Enterprise Plus subscriptions grew 36% year-over-year.
For the 4 was 118% of 2 point sequentially driven by the adoption of our security Corporation products and increased data consumption resulting, in higher customer commitments.
We continue to demonstrate that our customers view jfrog Solutions as Mission critical to their software supply chain with gross retention, that equaled 97%. As of the second quarter 2025
Now I'll review the income statement in more detail. Gross profits in the quarter were 105.7 million representing, a gross margin of 83.1%.
In line with our guidance range versus 84.4% in the year ago. Period.
The change in gross margin relative to the year ago. Period was primarily driven by The increased mix of our Cloud revenues.
We expect annual gross. Margins to remain between 82.5% and 83.5% in 2025 due to continued focus on cost optimization with the cloud service providers.
Operating expenses in the second quarter were 86.4 million equaling, 68% of revenues.
This compares to 73.3 million or 71% of revenues in the year ago. Period.
Our operating profit in Q2 increased to 19.4 million or an operating margin of 15.2%, compared to 13.6 million and 13.2 operating margin in the second quarter of 2024.
The continued balance between strategic Investments and operational efficiency, demonstrates our commitment to profitable growth.
Cash flow from operations, equal 36.1 million in the second quarter.
After taking into consideration, capex requirements, our free cash flow, reached 35.5 million, or 28% margin compared to 16 million, or 15% margin in the year ago period.
Now, turning to the balance sheet, we ended the second quarter of 2025 at 611.7 million in cash and short-term Investments compared to 522 million. At the end of 2024,
As of June 30th, 2025 our RPO totaled, 476.7 million, a 75% increase year-over-year benefiting from customers, multi-year commitments, to j-rod's, devops and security offerings.
and now, let me turn to our Outlook and guidance for Q3 and the full year 2025
While we are pleased with our strong performance, in the first half of the year and see pipeline opportunities, continuing to build given the current macro uncertainties, we believe it is prudent to continue to exercise caution and our forward Outlook.
Are updated guidance range? Suggests growing contributions from the jfrog security Corps?
Increases in Cloud commitments, and continue to adoption of the full jfrog platform.
We continue to de-risk, our Outlook by excluding our largest opportunities given the uncertainty regarding the timing of customer deployments.
we estimate full year 2025 Baseline Cloud growth to now be in the range of 34% to 36%
Cloud Revenue. Guidance continues to exclude any contribution from usage of our annual customers minimum commitments.
we continue to expect our net dollar retention rate to remain in the mid- teens during 2025
For Q3, we expect Revenue to be in the range of 127 million and 129 million with non-gaap operating profit anticipated to be between 16.5 million and 18.5 million.
And non-gaap earnings per diluted share of 15 cents to 17 cents. Assuming a share count of approximately 122 million shares.
For the full year. 2025 we anticipate a revenue range of 507 million to 510 million representing approximately 18.7% year-over-year growth at the midpoint
Non-gaap operating income is expected to be between 75 million and 78 million and non-gaap diluted earnings per share of 68 cents to 70 cents. Assuming a share count of approximately 121 million shares.
Now, I'll turn the call back to shlomi for some closing remarks. Before we take your questions.
Thank you, Ed. This quarter demonstrated, yet another powerful example of jfrog, strong execution and even more remarkable. Giving the adversity we face
In Israel supported by the global J Fork team walked under unimaginable threat, literally Under Fire during the recent conflict with Iran.
This resilience and Brotherhood are woven into our DNA and I'm truly grateful and honored to stand alongside such a courageous and dedicated team together. We continue to live stronger no matter the challenge.
Hope and pray for peace in the world and for the fast release of the 50 hostages held captive by the brutal Terror organization Hamas, we deeply wish for their safe return home well before reaching 2 years in captivity in gaza's underground tunnels.
Jro's business remains strong, our technology continues to lead an innovation is growing. We're making meaningful progress toward becoming the system of record for all software, H1 of 2025 was solid. And we'll focus on building even more. Success ahead with that. Thank you for joining our call, and may the Frog be with you.
Operator. We are now open to take questions.
We will now begin the question and answer session. Please limit yourself to 1 question and 1 follow-up. If you would like to ask a question, please raise your hand. Now, if you have dialed into today's call, please press star, 9, to raise your hand and star 6 to unmute please stand by while we compile the Q&A roster.
Your first question comes from the line of sanjit Singh with Morgan Stanley, your line is open, please go ahead.
Hi. Thank you for taking the questions. Can you hear me?
Yes, we can. I send it?
Awesome. Uh, congrats on a, on a, on a strong Q2, show me, I wanted to talk a little bit about um The Evolution. You know, Cloud first sit for purpose. Um if I rewind it back a couple years ago, there was this sort of uh, customer hesitation on self-managed data center offering um and then sort of looking to secure budget for their Cloud initiatives.
Could you just talk a little bit more about the um, Evolution that you're seeing? Now, I just want to sort of unpack your comments in terms of how it would translate into continued, Cloud growth versus potential, self-manage growth going forward, given the uh, the evolution that you were speaking to in your in your uh earnings script.
Absolutely. Thank you for the questions and you what we are hearing from our customers especially those that were in the process of migrating workloads to the cloud to the public cloud is that there is a new type of uncertainty coming from. Uh, the predictability of the ability to predict the cost in the world of ai. Ai is being adopted rapidly and therefore
You need to think or we think where your models will be, where the data will be, how you will train it, and then therefore um, just going uh, blindly to the cloud is not a responsible move for them so they take a bit more time to consider that. Obviously, this is more relevant to the high scale companies um a small developer shop that are practicing AI will not start, its own data center, but big organizations that are betting heavy on AI will think and rethink uh, where their data centers will be, whether it would be in the cloud on Prem or hybrid, as most of them are now talking about
Understood my follow-up question. That goes to a little bit about how some of the product portfolio decisions. The team is making is translating to your both your growth and your Partnerships with the ecosystem and specifically. What I'm referring to is like the sun setting of The J fog pipelines product. I was wondering to what extent has that improved. Your go to market collaboration and initiatives with some of the cicd players, including Microsoft GitHub, and and and is there any way where that's actually helping put more focus on the security part of the portfolio? Which seems like it's also seeing some rising and dash. I'm trying to connect the dots there but tell me if I'm over extrapolating. Yeah. So um as you know,
Was not 1 of them. Therefore, we will focus on the execution and the goals that we established with the new call mainly security and mainly the migration to the cloud. And I think it was a very smart decision. Because now, as you can see, by the Numbers, we are even more focus on the execution. The other thing around it is that it opened all to better integration and better partnership with companies like GitHub with companies that are doing CI, CD on top of those source code. And and I think it's also accelerated the partnership and the go together to the market without confusing our customers.
Thank you so much. Let me for the thoughts. Congrats on K2.
Thank you very much.
Your next question comes from the line of Andrew Sherman. With TD Cowen, your line is open, please go ahead.
Oh, great. Thanks. Uh, congrats. Um,
uh, Swami would be great to hear more about the pipeline of large Enterprise deals. Sounds like you had some in the quarter, it would be great to hear more about those. Maybe about this curation Telco, big deal with. What did they find so compelling and can that be a good indicator of of of uh deals to see in the second half?
Yeah. Well, thank you, Andrew. Um, our pipeline is, uh, is obviously, um, being focused on executing big deals that are combining, uh, 3 factors Factor. Number 1, migrating to the cloud, some workloads, uh, and making sure that we are working with our C customers in full partnership to have the right commitment. As you know, our guidance are based on commitments and not usage. Second thing, uh, the addition of security holistic software solution, uh, for all the software supply chain, uh, in terms of security, uh, 1 of the things that we noted is this big telecommunication company that added on top of jpeg Advanced security added jpo curation as the firewall for binaries between the public Hub and their internal software supply chain. And this new emerged solution coming from jfrog and, uh, based on the same practices of
Of every Ops, MLOps is managing your models, 360 all the way to deployment as part of one unified platform. This all goes to the differentiator, a super strong differentiator that we bring, which is Artifactory as a centerpiece. The model registry is the system of record for the platform. On top of that, we built the capabilities. So, in terms of the pipeline moving forward in the second half of the year, we are very positive.
Uh, we are keeping a conservative way of looking at the pipeline and de-risking. The big deals that might, uh, move a week or a month here or there. And, uh, we are very positive and base our guidance on what we've seen.
That's great Swami. Um, the security sounds like it had a big impact in the corner. That's great to see. Um, was there some, uh, was that expected? Or I thought there were a lot of the renewals coming up in the second half, uh, did any of those pull into this quarter and, um,
And how are those renewals going so far? Especially for those that were kind of, on trial, intro pricing. And now you're trying to convert to to bigger paying customers.
Yeah, so we are very excited about what we see in the security landscape. Not only that our technology is uh addressing the real pain and the real threat of today's software supply chain, but also The Narrative of consolidating security around the platform and not Point solution is catching up, really, really fast in terms of renewal, I think that, you know, if if you, if you look at our retention rate, it's still very, very high. So it says something about all the renewals that happen, um, in this year and also, in terms of the adoption of more and more security tools with more partners that are are reaching out to jpro and
Has to partner with our security tools. Um, we are very positive about 2025 as we were in 2024.
Great. Thank you.
Your next question comes from the line of Miller jump with truist. Your line is open, please go ahead.
In there.
Absolutely, Milo. Listen, uh, you guys remember that the JFrog Platform started as a software package and artifacts repository company. Then, from 2014 to 2016, Docker changed every developer's lives by bringing containers in, and JFrog became the biggest container registry in the world—the biggest Docker registry in the world. What we are now facing is an amazing opportunity because AI models are yet another binary.
So part of our strategy is to become the model, registry of the world. And by that, you are not only supporting software packages containers and all type of artifacts, but also models as the infrastructure of the primary asset of AI.
That means that uh most of our customers when they are. Now looking at the the need for modern registry because everybody is implementing AI. When they are looking at a need for a model registry they actually have 2 choices a to Consolidated around 1 system of record. 1 single source of tools, which is artifactory with all other 30 packages or to have a standalone model registry which will break the system of record rule to keep your company safe. Secured and efficient when you build software and release software that
We estimate, you know, AI is a big big, uh, world today. But we estimate that, that will not only contribute to the stickiness of the platform and the extension of the platform with all the add-ons that we added on top of artifactory, it will also position jfrog as a centerpiece of your software supply chain because there is no primary asset, no other primary acid but models in the world of AI and it doesn't matter if software is being created by human beings or by agents.
It will still require a system of echo. So to your question we assume that the need for artifactory and the fact that is playing a centerpiece will only grow.
Makes sense. I I want to stay with AI last quarter. You talked about a key AI technology leader that you landed as a customer. I'm just curious if there's any update on the work that you're doing with them and then how that ramp versus your expectations in the quarter.
We are extremely, extremely excited about the partnership with them. Uh, it was not included in the call, but I can tell you that, they, uh, upgraded their subscription and doubled, the, uh, bet on the annual basis with jpeg in just 1 quarter. So, uh, we are not just operating in the world of AI but also security and devops but AI is going fast.
Very exciting. Thank you.
Your next question comes from the line of Kingsley crane with canaccord. Your line is open. Please go ahead.
Hey, congrats on the quarter. Uh, first question, so with AI enabling smaller teams to ship code faster. Do you see a world jfrog becomes even more critical to smaller orgs and teams and are you already starting to see that with some new customer interest?
What? What a great question. Uh, Kingsley and I and I think that uh,
What we see today is that something fundamental has been changed. First of all, if you were a developer yesterday, you had your ID, you had, you had your cicd source code, and and jpro fine. Now, there is a new piece. It's called called the assistance. So it's not only you. There is a code assistance next, to you. And the second piece is the architecture that was changed as well, with mCP. This is how you build platform today, in both cases,
And with the every environment that you will have Cloud, on-prem this AI, or another this code Assistance or another you would still need a model registry. It's fundamental and you would still need, uh, to manage uh, your security around uh, 1 flow 1 pipeline. Therefore, we see jfrog stepping in, in a very, um, kind of strong infrastructure role and we are betting on that and with the expertise that we built through,
Through our deals.
Great. That's uh, yeah, really encouraging to hear and add. Uh, really impressive cash flow in the front half of the year. Uh, is there any reason why this year would be more front and loaded than than last year. Thanks.
Assuming that those deals come through. I don't see a change in our free cash flow from what we would anticipate, um, going forward. But it's all contingent of of course on the multi-year deals as well as these large deals. But we remain very focused on profitability. WE remain very focused on our free cash flow. And we've delivered, strong cash flow uh, in the past and uh, we continue to focus on that going forward.
Really helpful. Thanks.
Your next question comes from the line of Mark cash with Raymond James, your line is open. Please go ahead.
Great. Thank you. Uh, so me, if I could start with you, I want to ask on the over consumption happening in the cloud. I think last quarter, you talked about how didn't really see the budgets, but may have been developers experimenting here and there, and you have another really strong performance this quarter and seeing success with converting to larger commits. So, has there been a change in budgets? And are you seeing experiment? Experimentation moved to actual programs. Now,
yeah, I'll
So you remember very well first of all we see more usage mainly around, uh, when when you use jpeg Intel's factor for your model, so there will be more data consumption. There will be more storage consumption. Same thing for containers, and everything that has to do with AI. If you refer to this specifically, uh, you have to remember that our strategy is at every time that we see an overused on top of the commitment of the customer.
Our team is being sent.
To offer a better deal for the customer and to get an annual commitment. This is how we guide you. This is how we preserve our conservatism and and keep ourself in line with the, with the plans. But, uh, overall we see a healthy consumption, not yet in the days of 2022, but we see a healthy growing consumption.
Okay, thank you. Um, and if Ed if I could ask you 1 just an absolutely, you know, another massive RPO quarter that's actually accelerating going to be lasting 3, very large deals, this quarter and 3Q, is there anything we should be we should be considering from an RPO or CPR crpo Dynamic. We're looking at quarter of a quarter of your your your your comparison to make sure we're not getting too far ahead of ourselves and like a booking perspective for 3 Q or the second half. Thank you.
Yeah, thank you. That's a very smart question mark. And we don't always see a correlation between our crpo or RPO to revenue. So we think revenue is a good indicator and the guidance that I've given you in the revenue is what I would use to to forecast going forward, but you have to remember our RPO takes into consideration. Uh, factors of multi-year takes into consideration. The timing of when those bookings happened, we had 3 of the largest deals during the second half of 2024. So, RPO may be impacted if larger deals, do not transpire, but by the way, de-risked out of our guidance going forward. So RPO is a is a great indicator but it's not the indicator.
That we would lead you to continue to look at the guidance that we provide on our revenues.
Your next question comes from the line of shrenik kotari, with beard. Your line is open. Please go ahead.
Hey great. This is actioned on for Stronach, thanks for taking our questions and congrats on this strong results. So, following up on a previous question with Cloud, adoption, continuing and desc Ops need shifting earlier in the life cycle. How are you leveraging? Your hyperscaler Partnerships for Coastal? Marketplace attached. Maybe what percent of new security wins in the quarter were sourced. Via these marketplaces are just driven by uh, this channel influence.
Yes, ranic, this is somia. I'll take the call and add feel free to chime in. Uh, the the collaboration with the, with the cloud providers is very important, uh, because of 2 Reasons a, um, it helps us to accelerate uh deals, especially uh, Mega deals that are coming in that mainly through the marketplace and with a lot of collaboration from AWS gcp and Microsoft Azure, um, we have strong relationship with them. Some of the deals we are accelerating together. This is not just coal and partnership. This is also kind of, uh, a co services even when when we are going with the customer scaling.
With the customer, the second side of it is obviously optimizing the cost. Um, as Ed mentioned on the call, uh, we are optimizing the contracts with this, uh, hyperscalers. Uh, we are looking at the Go margin being very responsible to how we go in the cloud. So, not just pushing the pedal all the way down but also to do it in a responsible Smart Way.
Makes total sense and then, I guess, Switching gears. A little, obviously sounds like strong sequential growth in AI ml, package usage across the platform. Are there any new usage tiers ingestion thresholds? Should we expect any pricing model changes in 2026 to really capitalize on this trend?
Yeah. So what we saw actually in terms of the usage for AI packages and I think you're probably calling out the hugging face and P Pi that we called out in the first quarter. It was more of a stabilization or sustained usage on a quarter of a quarter basis. It's still very early and we're evaluating the monetization of AI is still in the infancy stage. Um, but once that starts to mature, we'll certainly capture value.
Great. Thanks a lot.
Your next question comes from the line of Jason. Ader with William, Blair your line is open. Please go ahead.
Yeah, thank you. Can you hear me? Okay.
We hear you with JSON, okay?
Good to talk to you guys. Um,
Show me, I just wanted to take a step back. Can you talk about the impact of all the AI coding tools? I mean, there's just so much happening there every week. It seems like there's a new, uh, announcement. Um, and it's pretty powerful stuff. Obviously, what what impact has that had on the devops tool chain in general and on your business and specific. Um and if it hasn't had an impact yet, can you just talk about how you think it might play out over time?
Yes. Uh, as I mentioned before Jason, um, there is, there is a new creature in the tool stack of every developer. Now it's called code assistance. If you are a junior developer or experienced developer, it doesn't really matter no matter what language you use, and no matter what code you are writing. Uh this is part of your tool chain and this uh, item in your tool chain is now helping you to build faster and create more what you create more, is more binaries and therefore, we are happy about this change as long as this binaries are hosted in in jpeg. So we are happy about that. Um, it's also means that there are all kind of new threats that are coming. We mentioned the mCP server, mCP is the number 1 change in every company today. If you refresh your browser, you will see 5, more companies that added mCP to their tool stack. The the fact that is being adopted so fast
Is also the biggest risk that come with it, the, the threat and the hackers are there. They know how fast this is happening. And every new company that adopt, mCP, architecture, and, and, and the new code assistance tools. They are all subject to uh maybe uh a threat of uh a security solution. Therefore a security threat. Sorry, therefore um we see
How jpog become more and more relevant, not only with the technology but also with the holistic approach of building the, uh, these layers of security and automation um, in, uh, on top of artifactory. Now, remember, this is not just a, a 1 kind of partnership with 1 tool in the market. Jfrog tools are agnostic to all integration, so whether it's cursor or wind surf or whether it's mCP from this company or another company,
Jpog is still uh, the system of record for you.
Okay, great. Um, so I mean just to
To to round out the question. Do you feel like it's
It's, it's benefiting you guys, yet all this uh kind of front end.
AI coding or is still not moving the needle yet.
Well, for sure the, the new, uh,
Coming. And when you speak with the customer about security, and what you need to protect model security are coming on every discussion. So the answer is yes.
Uh, it's still very early in the process. People are trying to still trying to understand uh, how this new environment looks like, but all of them are aware of the threat and therefore open to have discussion with modern, uh, solution and not yesterday solution. The second thing. Um, as I mentioned before, if you have
Have your Docker registry and artifactory your python registry and artifactory. Your Java repository in artifactory. Then why you you would go with the model registry uh uh as a standalone. So my answer is yes and still I, I will stay humble and say it's still too early to say it will completely change everything we guided for uh, in the next uh, in the next years.
Material part of the business in 2025. Um, he just update us on that, and uh, is is, will you be able at some point to give us some some more, um, granularity around? Um, the contribution of security to the jfrog business?
Yeah, what we've committed to Jason, and we did this at the end of 2024, was we gave the metrics around our attached rates with security, and we plan to do the same thing during 2025. We see nice momentum, and we're excited about what security can bring. But we'll give you an update at the end of the year.
All right. Thank you. Good luck.
Thank you.
Your next question comes from the line of Jonathan Reaver with Cantor. Your line is open, please go ahead.
Jonathan, just a reminder to unmute yourself.
Can you hear me?
Oh, we can hear you now, Jonathan. Okay. Yeah. So the, the MC, um, the mCP opportunity. I I, I just like you to talk a little bit more about that. I think it was 2 weeks ago. The GitHub, um, announced a critical flaw in its mCP server and I think some attackers were actually able to manipulate AI agents into leaking sensitive data.
Um, so, so, how do you see that solution? Um, not only today, but when you look at securing AI agent Behavior relative to repositories. Um, what what what is that opportunity for you and and will you see additional capabilities? It seems like, um, from what I understand. Um, it's it's a basic kind of entry-level offering, but there are a lot of other threats around protocols around access um, for these mcps servers that still need to be addressed. So just talk about that position and what it looks like 12 months from now.
Yeah John um mCP is the new way in the world of software products to interact with your product to build the integration jpo Philosophy from day. 1 was the philosophy of 2 integrated to fail. Basically, there is no tool on the planet on on our planet, which is up to supply chain. That doesn't integrate with jfrog cicd security databases storage because we became the the system of record for all binaries. So it was based on API and it was based on rest, uh, uh, technology. And now in the world of AI when it's not, only a human being that need to integrate with your tool. But also agents and machines, mCP is the protocol that will allow them to come in and integrate with J for platform or with any other platform. So, therefore,
MCP became a very, very important for every product providers if you want the world of AI to interact with your tool, or with your platform, you have to enable mCP at the font. Um, in terms of the other note was, uh, everybody is using mCP and everybody is installing mCP. And everybody is having an mCP user. And that's by itself is a threat that uh, is addressed by hackers. So jpeg research team also unveiled a threat and a vulnerability in the world of mCP and we shared it, obviously, immediately with the public, that's obviously will give us points when we come to AI security and trustable AI in your software supply chain.
Yeah, and and slowly is a quick follow on. Do you, where do you see this opportunity? Will it be in more at the foundational model providers like um open AI in in anthropic or or large Enterprise or both.
No, it's not at all. 1 company or another every agent. You can assume that in the future or not in the future, it's already in the present but it will exceed in the future. Not only developers will write code but also agents. So if I want this new persona to see J-Rock as a system of record, I have to open the door for it. So every type of agentic AI that will interact with jog will come through an mCP integration.
I got it.
Thank you.
Your next question comes from the line of Ramo lenow with Barclays. Your line is open, please go ahead.
Hey guys, this is Damon Kogan on Paramo. Thanks for taking the question, and it would be a great quarter.
Of the customer usage from q1. And did you see a continuation of these Trends in July?
So first, let me just start by saying I will not comment on anything in the third quarter. I'll go back to the second quarter and give you an update on what happened. There were 3 dynamics with our Cloud. First was security wins; we're starting to see customers.
uptake in their security and big security wins. Those tend to land in the cloud. So that was Dynamic. Number 1, the second piece was the usage. Uh, we had customers that saw benefit of taking a larger, uh, agreement annual agreement with jfrog, these were users that were using over minimum commitments. And we secured those, the confidence that gave me is reflected in my guidance that I gave to you and the 34 to 36% on the cloud, the third piece is the sustained usage. So for those customers that were using over minimum commitments, that has been sustained on a quarter of a quarter basis.
Yeah, I think that's super helpful, and then, uh, great to see it continued. Cloud growth acceleration in the quarter, but can you help us understand the key drivers of your subscription self-management portfolio?
Yeah. Uh, why don't they answer here? Um, Seth managed, uh, we we addressed that on the call as well, there is a new trend now that AI might need a hybrid solution now what can be better than an identical product hybrid uh means that it's identical.
In the cloud and on-prem, so that's a new trend, mainly driven by AI adoption and the search for cost predictability and stability.
The second thing that we see in uh the on-prem is just like what Ed mentioned in the cloud. Our on-prem customers are also looking for security, so the fact that we have our security available for you in the cloud but also as a self-hosted or or private cloud is also a benefits. And and we see that this goes uh generated by these Trends as well.
Thanks guys.
Your next question comes from the line of code.
In America, your line is open, please go ahead.
Guys, uh, this is George mcgreen on for COI. Uh, thank you for taking my question here. Uh, I just wanted to ask
with the strong momentum, we're seeing in security deals. Um, and and how that's contributing to, um, you know, forward-looking metrics like the acceleration in RPO.
Um, you know, what would you say is? Is there any change in that competitive landscape for security, um, and any notable changes in win rates? And um, how really are the tone of conversations with customers, um, now when you're talking about security deals, um, versus maybe in the past year?
Year, 2 years ago.
Yeah, thank you George for this question. Um, it it comes in in 2 different ways. A, uh, as as I mentioned and as, you know, on the jfrog go to market strategy, with Security, First of all, our customers, whether it's the ciso, or the CIO or both, they are asking to look for consolidation.
And they will push very hard on it, not only because of the cost um, uh benefit from it. But also from the enormous, number of scanners that they used to have just 2 years ago, 3 years ago, every developer bought another tool. Every every compliance, uh, group called another tool, it became a zoo of scanners and they are looking for consolidation. And obviously also benefiting from, uh, the efficiency and the cost perspective. This is more business side and management side. Uh, what happened on the technology side is that there are a lot of new threats that, uh, that cannot be identified by the previous, uh, software that covered software supply chain security. If you, if you remember what we spoke about in the previous quarter, the fact that we scanned the entire hugging space 1.5 model and provided. Uh, not only V.
It and better visibility to this asset and I would welcome you to swamp up when we will speak about it even more and even share some great Innovations with you to address this pain. There is no siso in today's world. That is not waking up at night several times because of modern security. And I think that, uh, this is another driver that pushes jpro uh, to be relevant relevant player. Not only in the world of deficits, but in the world of ml SEC Ops as well.
Your next question comes from the line of William Mandell with keybanc capital markets. Your line is open. Please go ahead.
Hey guys, this is, uh, Billy on for Jason Selino. Thanks for taking the question. Um, Shlomi, it sounds like there's strong demand for the security core, but I'm curious what customers' reception has been around runtime security, and how that is contributing to the strength you're seeing in your security business.
Yeah, hi Billy. Uh, I I think that uh, cyber is important. Runtime is important and that's the cops and software supply chain is important, this is a complimentary solution. We were all very excited to see the acquisition of Apollo Alto, which emphasized their advantage in the world of cyber and runtime. And uh, if you look at the growing demand for software,
So supply chain security, it's coming from a different threat and a different need and I think that they will coexist together.
Your final question comes from the line of Rob Owens with Piper Sandler. Your line is open. Please go ahead. Yeah. Good afternoon and thanks for for squeezing me in. Um, obviously very exciting about uh, the security success that you guys are seeing here. Curious, if you look at at those deals and I know I know you're going to give us more information around attach rates at years. And but any sense that you can give us in terms of what this is doing to pricing, especially as you're seeing certain customers, maybe take that end to end portfolio. Thanks.
you mentioned, we
provide the
In 2024, um, pricing and uh, subscription models are something that we are looking at, uh, especially now when there are some innovations and new offerings that we will, uh, announce at SwampUp. There might be new packages for security and new packages for advanced adopters of our security solution. We also have to think about the fact that, you know, JFrog started to bring software supply chain security not too long ago to the market. So, we have to be focused on the adoption. We have to be focused on growing.
Within our portfolio with the number of logos. So the entry point is also important, but stay tuned. There are, uh, some announcement that will change some of the subscription package on the security layer as well.
Appreciate the color have a good evening.
There are no further questions at this time. I will now turn the call back to shlomi for closing remarks.
Thank you, everyone, for joining the call. We are very, very excited about the momentum. We also appreciate all of your questions, and may the Frog be with you.
This concludes today's call. Thank you for attending. You may now disconnect.