Q4 2025 Palo Alto Networks Inc Earnings Call
Hamza Fodderwala: A trust, there's a lot of information that folks share with us. We want to make sure that we protect it and it doesn't get out into the wrong hands. We're upwards of 100,000 people here at the stadium on a game day. Then we have other businesses here. We have a clinic here. We have a retail store. We have a restaurant. We have a Hall of Fame. We have the practice facility. We have a remote office down in Milwaukee. What Palo Alto Networks and XSIAM are helping us do was with automation because of it and our staff size. Unit 42 is our first stop. The couple incidents that we did have, it was just seamless. Just to have that retainer, just to be able to have that instantaneous line of communication at any time was very critical to us.
There's a lot of information that folks share with us. We want to make sure that we protect it and it doesn't get out into the wrong hands. We're upwards of a 100,000 people here at the stadium on a game day, and then we have other businesses here. We have a clinic here, we have a retail store, we have a restaurant, we have a Hall of Fame. We have the practice facility, we have a remote office down in Milwaukee.
What Palo Alto Networks and XIM are helping us with is automation because of it on our staff side.
Hamza Fodderwala: Having Palo Alto Networks overseeing the whole entire platform makes everything seamless. August 18th at 1:30 P.M. Pacific Time. With me on today's call to discuss fourth quarter results are Nikesh Arora, our Chairman and Chief Executive Officer, and Dipak Golechha, our Chief Financial Officer. Following my prepared remarks, Lee Klarich, our Chief Product Officer, will join us for the question and answer portion. You can find the press release and other information to supplement today's discussion on our website at investors.paloaltonetworks.com. While there, please click on the link for quarterly results to find the Q4 25 supplemental information and Q4 25 earnings presentation. During the course of today's call, we will be making forward-looking statements and projections regarding the company's business operations and financial performance, as well as the company's proposed acquisition of CyberArk.
In a 42 is our our first stop and the couple incidents that we did have. It was just seamless just to have that retainer just to be able to have that instantaneous line of communication at any time is very critical to us.
Having power out the networks, overseeing the whole entire platform makes everything seem.
August 18th at 1:30 p.m. Pacific Time with me on today's call to discuss fourth quarter results. Our Nice's Aurora.
Our chairman and chief executive officer, Nikesh Arora, and Dipak Golechha, our Chief Financial Officer, are following our prepared remarks. Lee Clarage, our Chief Product Officer, will join us for the question-and-answer portion.
You can find the press release and other information to supplement today's discussion on our website at investors.pershing.com.
While there, please click on the link for quarterly results to find the Q4 2025 supplemental information and Q4 2025 earnings presentation.
Hamza Fodderwala: These statements made today are subject to a number of risks and uncertainties that could cause our actual results to differ from these forward-looking statements. Please review our press release and recent SEC filings for a description of these risks and uncertainties. We assume no obligation to update any forward-looking statements made in the presentation today. This presentation contains non-GAAP financial measures and key metrics relating to the company's past and expected future performance. Non-GAAP financial measures should not be considered a substitute for financial measures prepared in accordance with GAAP. The most directly comparable GAAP financial measures and reconciliations are in the press release and the appendix of the investor presentation. Unless specifically noted otherwise, all results and comparisons are on a fiscal year-over-year basis. We also note that management is scheduled to participate in the Citi Global TMT Conference this quarter.
During the course of today's call, we will be making forward-looking statements and projections regarding the company's business operations and financial performance, as well as the company's proposed acquisition of CyberArk. These statements made today are subject to a number of risks and uncertainties that could cause our actual results to differ from these forward-looking statements.
Please review our press release and recent SEC filings for a description of these risks and uncertainties. We assume no obligation to update any forward-looking statements made in the presentation today.
This presentation contains non-GAAP financial measures and key metrics relating to the company's past and expected future performance. Non-GAAP financial measures should not be considered a substitute for financial measures prepared in accordance with GAAP.
The most directly comparable GAAP financial measures and reconciliations are in the press release and the appendix of the investor presentation. Unless specifically noted otherwise, all results and comparisons are on a fiscal year-over-year basis.
Hamza Fodderwala: I will now turn the call over to Nikesh.
Dipak Golechha: Thank you, Hamza. Good afternoon. Thank you, everyone, for joining us today for our earnings call. As you can all see, we had a strong finish to the fiscal year. We just closed a landmark quarter, capping a year of disciplined execution and strategic acceleration. Our results this quarter are a direct reflection of a strategy we have been architecting for years, anticipating where the market is going and building the future of cybersecurity before it arrives. This is a moment of conviction, both for us and for our customers. We are proud to be the first dedicated cybersecurity company to surpass a $10 billion revenue run rate. While this milestone is significant, it is not the ultimate goal. Our focus has already shifted to leveraging. Sorry, excuse me. Our focus has already shifted to leveraging the scale to define the next decade of cybersecurity.
We also note that management is scheduled to participate in the Citi Global TMT Conference this quarter. I will now turn the call over to Nash.
Thank you, Hamza. Good afternoon. Thank you, everyone, for joining us today for our earnings call.
As you can also see.
We had a strong finish to the fiscal year. You've just closed the landmark quarter.
Capping a year of disciplined execution and strategic acceleration.
Our results this quarter are a direct reflection of a strategy we have been architecting for years.
Anticipating where the market is going and building the future of cybersecurity before it arrives.
This is the moment of conviction both for us and for our customers.
We are proud to be the first dedicated cybersecurity company to surpass a $10 billion revenue run rate.
While this milestone is significant, it is not the ultimate goal.
Our Focus has already shifted.
To level.
Sorry, excuse me.
Dipak Golechha: The very fabric of technology is being rewoven by AI, creating a vast, new, and complex attack surface. In this new era, security is no longer a bolt-on; it is a foundational enabler of transformational success. The record-breaking number of platformization deals this quarter demonstrates that customers are not just buying products; they are buying into a strategic partnership. We believe that integrated, best-of-breed platforms deliver superior security outcomes, and our customers are validating this conviction by making larger, more strategic commitments with us than ever before. During Q4, many of the deals our teams had been working on during our fiscal year came to fruition. We saw robust activity across the board. In Q4, our bookings growth turned a corner and was the highest we have seen in two and a half years.
Yeah, our focus is already shifted to leveraging the scale to define the next decade of cybersecurity.
The very fabric of technology is being rewoven by AI, creating a vast new and complex attack surface. In this new era, security is no longer a bolt-on; it is a foundational enabler of transformational success.
The record-breaking number of platformization deals this quarter demonstrates that customers are not just buying products; they are buying into strategic partnerships. We believe that integrated best-of-breed platforms deliver superior security outcomes. Our customers are validating this conviction by making larger, more strategic commitments with us than ever before.
due to Q4,
Dipak Golechha: This growth is driven by deals across our platforms and also as a result of strong renewals and upsells across our existing portfolio. The robust booking growth was coupled with strong next-generation security ARR and revenue performance. This, coupled with prudent financial management, allowed us to exceed our full-year guidance metrics across the board. RPO grew 24% year-over-year in Q4, an acceleration versus the prior year. It was early days, but we see the quality of revenue, ARR, and retention is consistently higher across our platform customers. This bodes well for our long-term targets of Palo Alto Networks' platform business. Next-generation security ARR grew 32%, and net new ARR for the quarter was also up double digits year-over-year. We have strong contributions across our portfolio, particularly SASE, XSIAM, and software firewalls. Our investment in software firewalls and SASE are bearing fruit.
Many of the deals our teams have been working on during our fiscal year came to fruition. We saw robust activity across the board in Q4. Our bookings growth turned a corner and was the highest we've seen in 2.5 years.
This growth is driven by deals with our platforms and, also as a result of strong renewals and upsells across our existing portfolio.
Revenue performance, this couple recruited financial management allowed us to exceed our full year guidance metrics across the board.
RPO grew 24% year-over-year in Q4, showing acceleration versus the prior year.
His early days, but we see the quality of revenue ARR and retention is consistently higher across our platform customers.
This boards well for a long-term target, so policy networks platform business.
Next generation security is our Route 332, and net near for the quarter was also up double digits here. And here.
Dipak Golechha: As our customers end up in a hybrid compute environment across multiple clouds, we expect to continue to see strength in our software firewall business. These offerings, each with very large TAMs, continue to gain momentum and reinforce our conviction in achieving $15 billion in next-generation security ARR by FY30 on a standalone basis. This top-line growth, coupled with scale effects and our prudent financial management, has allowed us once again to expand our operating margin. Additionally, continued depth management of our deferred payments plan portfolio has allowed us to deliver 38% plus free cash flow margins for the third consecutive year. Not just that, we now believe that structurally we have visibility to go even higher on our free cash flow margins. More from Dipak Golechha on this later. Demand for cybersecurity remains strong.
It's strong contributions across our portfolio, particularly SASE, exam, and software. Firewalls, our investment in software, firewalls, and SASE are bearing fruit.
As our customers end up in a hybrid computer environment across multiple clouds, we expect to continue to see strength in our software and firewall business.
These offerings, each with very large stands, continue to gain momentum and reinforce our conviction in achieving $15 billion. In Next Generation, security is by F530 on a standalone basis.
This top line growth, coupled with scale effects and improvements in financial management, has allowed us once again to expand our operating margin. Additionally, our continued management of our deferred payments plan portfolio has enabled us to deliver 38%-plus free cash flow margins for the third consecutive year. Not just that, we now believe that structurally, we have visibility to go even higher on our free cash flow margins, with more from Deepak on this later.
Dipak Golechha: Our customers are looking to us to help them secure their cloud and AI transformation journeys. We continue to see generative AI conversations as it becomes imperative for our customers to deploy productivity tools, coding tools, or even their customer systems to enable natural language conversations. All these use cases for AI need to be protected. No pun intended. Our timely acquisition of Protect AI, which we completed this quarter, coupled with our native abilities around our AI Firewalls, are driving conversations across many platform customers and prospects around securing the AI infrastructure. Adoption of Gen AI is happening faster than any previous technology trend. A recent internal study amongst our customers showed Gen AI traffic is up over 890% in 2024. Following this, data security incidents related to Gen AI more than doubled since last year. With this rapid adoption of AI comes a new and complex attack surface.
Demand for cybersecurity remains strong. Our customers are looking to us to help them secure their cloud and AI transformation journeys. We continue to see growth.
Conversations have become imperative for our customers as they deploy productivity tools, coding tools, or revamped customer systems to enable natural language conversations.
All these use cases for AI need to be protected—no pun intended. Timely acquisition to protect the AI, which we completed this quarter.
Coupled with our native abilities, our AI firewalls are driving conversations with many platforms, customers, and prospects around securing the AI infrastructure.
Adoption of GENI is happening faster than any previous technology trend. A recent internal study among our customers showed GENI traffic is up over 890% in 2024. Following this, data security incidents related to GENI more than doubled since last year.
Dipak Golechha: That's why in early Q4, we introduced Prisma AI, the industry's most comprehensive AI security platform. Prisma AI is a unified platform that empowers organizations to deploy AI bravely by providing end-to-end security across every AI app, agent, model, and data set. It closes critical blind spots and secures AI deployments everywhere, ensuring confidence and compliance. But securing the AI you build is only half of the equation. The other equally critical side is securing how employees use third-party AI. Our AI Access solutions provide the deep visibility and granular control needed for the safe adoption of those services. We are unique in providing a strategy for both sides of the AI landscape, each with integrated DLP controls to protect our customers' most sensitive data. This complete vision is resonating, and we have a strong combined pipeline for AI security offerings.
With this rapid option, there is a new and complex attack surface. That's why in early Q4, we introduced Prisma, Palo Alto Networks' most comprehensive AI security platform.
AI is a unified platform that empowers organizations to deploy AI bravely by providing end-to-end security across every AI app, agent model, and data set.
It closes critical blind spots and secures AI deployments everywhere, ensuring confidence and compliance.
Securing the AI you build is only half of the equation. The other equally critical side is securing how employees use third-party AI.
Areas Solutions provides the deep visibility and granular control needed for the safer option of those services.
Dipak Golechha: The chart you see here tells a powerful story. It is not just a graph of numbers going up. It is a visual representation of our customers' growing conviction in our strategy. The question is, why is this happening? It is because we have made a promise to our customers that when they partner with us, they are investing in platforms that are constantly evolving, and we are going to stay ahead of the threat landscape. Time and again, we have seen the future first. We saw it with the tectonic shift to the next-generation firewall, which we pioneered 17 years ago. We saw it with the move to the cloud and with the rise of SASE, where we are now the clear leader.
We are unique in providing a strategy for both sides of the AI landscape, each with integrated DLP controls to protect our customers. Most sensitive data, the complete vision is resonating, and we have a strong combined pipeline for AI security offerings.
The chart you see here tells a powerful story; it's not just a graph of numbers going up. It's a visual representation of our customers' growing conviction in our strategy. The question is, why is this happening?
It's because we made a promise to our crypto customers that, when they partner with us, they're investing in platforms that are constantly evolving.
Dipak Golechha: We saw the inevitable shift from reactive SIEM to proactive AI-powered SOCs, as well as in XSIAM, a platform that is now our fastest growing offering ever. We saw the market's ultimate shift towards the word we define as platformization. Integrated platforms that deliver superior security outcomes, a framework our peers once again are now rushing to imitate. We continue to evolve our platforms, and this quarter was no exception. In our network security platform, we announced PAN-OS 12.1 Orion, which includes new appliances designed to provide an easy path to quantum readiness and multi-cloud security. We are anticipating threats of tomorrow so our customers do not have to. This commitment to future-proofing their investment is why we are seeing robust interest in integrated subscriptions like CASB and DLP.
And we are going to stay ahead of the threat landscape time and again. You've seen the future first. We saw it with the tectonic shift to the Next Generation firewall, which we pioneered 17 years ago. You saw it with the move to the cloud and with the rise of SASE, where we're now the clear leader.
We saw the inevitable shift from reactive SIM to proactive AI-powered socks, as well as in Exim, a platform that is now our fastest-growing offering ever.
And we saw the market's ultimate shift towards the world. We define platformization: integrated platforms that deliver superior security outcomes. Our peers, once again, are now rushing to imitate.
We continue to evolve our platforms, and this quarter was no exception in our network security platform. We announced PAN-OS 12.1, Orion.
which includes new appliances designed to provide an easy path to quantum readiness and multi-cloud security.
We are anticipating sets of tomorrow, so our customers don't have to.
Dipak Golechha: Building on the launch of Cortex Cloud in Q3, we delivered powerful new capabilities like AI Security Posture Management, or ASPM, helping to redefine application security and meet the demands of the AI era. Natively built into our Cortex Cloud platform, ASPM provides a single source of truth, correlating data from our native scanners and third-party tools to secure the entire AI development lifecycle. This allows our customers to break down the silos between their teams and focus on remediating the critical vulnerabilities that truly matter. Our XSIAM platform continues to expand beyond its core wartime mission with new peacetime modules like exposure management that proactively identify and fix security gaps before an attack can ever happen. That confidence is translating directly into platformization traction you see here. These platformizations are driving superior financial outcomes for us and better security outcomes for our customers.
This commitment to future-proofing is why we're seeing robust interest in integrated subscriptions like Caspian and DLP.
Building on the launch of Cortex Cloud, in Q3 we delivered powerful new capabilities like application security and posture management, or ESPM, helping to redefine application security and meet the demands of the AI era.
SPM provides a single source of truth, correlating data from our native scanners and third-party tools to secure the entire AI developer life cycle.
This allows our customers to break down the silos between their teams and focus on remediating the critical vulnerabilities that really matter.
And our XIM platform continues to expand beyond its core wartime mission, with new peacetime modules like exposure management that proactively identify and fix security gaps before an attack can ever happen.
That confidence translates directly into the platformization traction you see here.
Dipak Golechha: In Q4, our net retention rate amongst platform customers was an impressive 120%, with nearly zero churn. This is the ultimate proof of the value we deliver and the deep strategic partnerships we are building. As we aim to more than double the number of platformizations in the next five years, we believe our foundation for sustainable growth becomes stronger. This underpins our confidence in achieving $15 billion of NGS ARR on a standalone basis by FY30. The clearest validation of our strategy is in the landmark deals we are signing. These are not product sales. These are deep partnerships with the world's leading organizations to transform the security posture. We had one of our strongest large deals quarters ever. Customers with over $5 million and $10 million in ARR were up approximately 50% year-over-year, and $20 million plus ARR customers were up nearly 80% year-over-year.
These platforms are driving superior financial outcomes for us and better security outcomes for our customers in Q4. Our net retention rate amongst platform customers was an impressive 120%, leading to nearly zero churn. This is the ultimate proof.
Of the value we deliver and the deep strategic partnerships we are building.
As we aim to more than double the number of platformizations in the next five years, we believe our foundation for sustainable growth becomes stronger. This underpins our confidence in achieving $15 billion of NSJ on a standalone basis by PHI 30.
The clear validation of our strategy is in the landmark deals we're signing. These are not product sales; these are deep partnerships with the world's leading organizations to transform the security posture.
We had one of our strongest large deal scorers ever.
Customers were 5 million and 10 million in our Q4, up approximately 50% year-over-year.
Dipak Golechha: These types of large multi-platform deals hardly existed a few years ago and showcase our customers' growing commitment to us. Let us look at a few examples. A leading global consulting firm signed a deal for over $100 million in Q4 on cloud security and SASE, including the purchase of our new Prisma AI security product. The customer lacked identity entitlement controls over AI in cloud environments and also required a comprehensive secure access offering that could scale globally across its employees, contractors, and clients. Our deep relationship with the company's C-suite was also critical to landing a deal of this size. With this deal, this customer is now fully platformized and provides us an ARR of $50 million. Next, a leading European bank signed a $60-plus million deal.
And 20 million. Plus, our customers are up nearly 80% year-over-year.
From deals that hardly existed a few years ago, we showcase our customers' growing commitment to us.
Let's look at a few examples.
Leading global consulting firms signed a deal for $100 million in Q4 in cloud security and SASE, including a purchase of our new AI access security product.
The customer lacked identity and entitlement controls over AI and cloud environments and also required comprehensive secure access offerings that could scale globally across their employees, contractors, and clients. Our deep relationship with the company was also critical to landing a deal of this size. With this deal, this customer is now fully placed with an ARR of $10 million.
Dipak Golechha: This customer is going through a significant digital transformation and adopted XSIAM with multiple goals in mind: to address an expanding attack surface while simplifying their security stack and keeping costs under control. Platformization was a competitive edge as part of this deal, and we have become a true security partner as now they have three platforms with us. Finally, a leading U.S. insurance company purchased $33 million across NetSec SASE, SecOps, and cloud security. This customer needed to improve their security posture, level up their SOC analysts, and drive further automation to reach their goals of 15-minute mean time to contain. This involved using AI machine learning to assist their analyst teams while also reducing their false positives. In addition to their existing Palo Alto Networks spend, this customer is now platformized on network security, cloud, and security operations. There is a common theme developing across these platform deals.
Next, a leading European bank signed a deal worth over $60 million.
This customer is going through a significant digital transformation and adopted XI with multiple goals in mind.
To address an expanding attack surface while simplifying their security stack and keeping costs under control.
Platformization was a competitive edge as part of this deal, and we have become a true security partner, as now they have three platforms with us.
A leading U.S. insurance company purchased $33 million in NetSec, SASE, and cloud security. This customer needed to improve their security posture, level up their SOC analysts, and drive further automation to reach their goals of a 15-minute mean time to contain incidents. This involved using AI and machine learning to assist analyst teams while also reducing their false positives.
In addition to their existing pilot network and the customer on network security cloud and security operations.
Dipak Golechha: While customers are consolidating and simplifying their security stack in part to optimize costs, the larger benefit comes from their improved security outcomes. This includes faster incident response times, a better user experience, and removing the operational burden of stitching together point products. As our customers recognize the value of platformization, they are increasing their commitments to thus reaffirming our strategy and vision. Now shifting to network security, which had a strong Q4. Network security continues to account for over 75% of our bookings. Although over the last five years, we have transformed the nature of this business, and now over 60% of our network security bookings are driven by software form factors across SASE and virtual firewalls.
There's a common theme developing across these platforms. While customers are consolidating and simplifying their security stack in part to optimize costs, the larger benefit comes from their improved security outcomes. This includes faster incident response times, a better user experience, and removing the operational burden of stitching together point products.
As our customers recognize the value of platformization, they're increasing their commitment to reaffirming our strategy and vision.
Now, shifting to the network security, which had a strong Q4.
Dipak Golechha: In addition to having an integrated platform that allows for a consistent pane of glass policy and more than 10 software subscriptions, we also continue to lead the market and gain share across the capabilities as a singular best-of-breed solution if our customers so desire. As enterprises look to secure increasingly hybrid workforces and IT environments in AI, we believe our platform is well positioned to allow our customers of any of our products to consolidate in our platform. Our growing mix towards software form factors once again drove better than expected growth this quarter. Our software firewall business had another strong quarter in Q4, with ARR up nearly 20% year-over-year and almost double the total contract value.
Network security continues to account for over 75% of our bookings. Although, over the last 5 years, we have transformed the nature of this business. Now, over 60% of our network security bookings are driven by software form factors across SASE and virtual firewalls.
In addition to having an integrated platform that allows for a consistent pane of glass policy and more than 10 software subscriptions, we also continue to lead the market and share across the capabilities as a singular best-to-reach solution for our customers, if our customers so desire.
As enterprises look to secure increasingly hybrid workforces and IT environments, and AI, we believe our platforms are well positioned to allow our customers of any of our products to consolidate on our platform.
Dipak Golechha: As a result of the strong showing of our software firewalls and with our steady growth in hardware, slightly ahead of industry growth, we saw product revenue growth of 19% year-over-year, which is market-leading in its category at scale. Our software firewall market share is nearly 50%, and our product is native in all major public clouds. This quarter, we signed a $60 million deal, significantly expanded our partnership with a leading U.S.-based cloud provider. All in, we generated nine figures in deals across the major cloud service providers in Q4. As I shared earlier, we are also building momentum in AI runtime security with Prisma AI as customers look to secure the growing AI attack surface. In Q4, this included an eight-figure deal with a global professional services company.
Our growing mix towards software form. Factors once again, through better-than-expected growth. This quarter, our software follow business had another strong quarter in Q4, with revenues up nearly 20% year-on-year and almost double the total contract value.
As a result of the strong showing of our software firewalls and with our steady growth, hardware slightly ahead of industry growth, we saw product revenue growth of 19% year-over-year, which is market-leading in its category at scale.
Service providers in Q4.
Dipak Golechha: With a strong pipeline, we see an opportunity for Prisma AI to become a growing contributor in the next five years. We also continue to gain share in hardware firewalls. As mentioned earlier, this past week, we launched PAN-OS 12.1 Orion, a new appliance designed to provide an easy path to quantum safe and multi-cloud security. We saw modest improvements in hardware demand in Q4, but expect this will continue to be a mid-single-digit grower in FY26. All in, our next-generation network security business, which includes software form factors like SASE and software firewalls, reached $3.9 billion in ARR, up approximately 35% year-over-year. We believe this makes us the largest and fastest growing next-generation network security player at scale. Speaking of SASE, this continues to be our fastest growing product in network security.
As I shared earlier, we're also building momentum in AI runtime security with Prisma heirs as customers. Look to secure the growing AI attack surface. In Q4, this included an 8-figure deal with a global professional services company with a strong pipeline. We see an opportunity for heirs to become a growing contributor in the next 5 years.
We also continue to gain share in hardware. Firewalls, as mentioned earlier this past week, we launched PAN-OS 12.1 Orion and newer appliances designed to provide an easy path to Quantum-safe and multi-cloud security. You saw a lot of improvements in hardware demand in Q4, but expect this will continue to be a mid-single-digit grower in FY26.
All in, our Next Generation network security business, which includes software form factors like SASE and software firewalls, reached $3.9 billion in our up. Approximately 35% are ARR, and we believe this makes us the largest and fastest-growing Next Generation network security player at scale.
Speaking of sassy.
Dipak Golechha: As customers transform their networks to keep pace with delivering first-class security capabilities for remote users and branch offices, we continue to see strong growth for SASE. Many SASE projects are large and transformational, which is well suited for our comprehensive enterprise-focused expertise. This quarter, we won our largest SASE deal ever, a $60 million contract with a global professional services firm covering nearly 200,000 seats. This was in addition to a record number of eight-figure SASE deals. We are gaining share. For the last year, we displaced incumbent SASE vendors in over 70 accounts, exceeding $200 million in TCV. Our SASE ARR grew 35% year-over-year, more than twice as fast as the overall market. We now have over 6,300 SASE customers and account for one-third of the Fortune 500. Meanwhile, the drivers of our SASE growth are broadening.
This continues to be our fastest-growing product in network security.
As customers transform, the networks must keep pace with delivering first-class security capabilities for remote users and branch offices. We continue to see strong growth for SASE. Many SASE projects are large and transformational, which is well suited for our comprehensive enterprise-focused expertise. This quarter, we won our largest SASE delivery, a $60 million contract with a global professional services firm covering nearly 200,000 seats. This was in addition to a record number of eight-figure SASE deals.
Regaining share from last year, we displaced incumbent sassy vendors in over 70 accounts, exceeding $1 million in TCV.
Dipak Golechha: This quarter, we once again saw particular strength in Prisma Access Browser. The browser is becoming the new operating system for the enterprise, the primary interface for AI and cloud applications. Securing it is not optional. We sold over 3 million licensed seats in Q4 alone, resulting in our cumulative seat count more than doubling on a sequential basis to over 6 million. Notable deals include an over $3 million transaction with a leading U.S. pharmaceutical company who purchased Prisma Access Browser for over 80,000 seats. We are beginning to see browser wars as we see the adoption of AI. Understandably, this is a requirement as we march towards agent. Interestingly, it will become impossible to allow employees access to non-secure browsers in the future. As more and more critical applications and data reside within the browser, it naturally becomes a target for cyber attacks.
Our Sassy are grew 35% year-over-year, more than twice as fast as the overall market. We now have over 6,300 Sassy customers and account for 1/3 of the 14,500. Meanwhile, the drivers of our Sassy growth are broadening this quarter. We once again saw a particular strength in Prisma access browser. The browser is becoming the new operating system for the enterprise, the primary interface for AI and cloud applications. Securing it is not optional. We sold over 3 million licenses in Q4 alone, resulting in our cumulative seat count more than doubling on a sequential basis to over 6 million. Notable deals include an overall transaction with the leading U.S. pharmaceutical company, which purchased BizMax browser for over 80,000 seats.
Dipak Golechha: Prisma Access Browser's built-in controls and real-time visibility are designed to help ensure that sensitive data remains safeguarded during browsing sessions, regardless of the user's location or the application they are accessing. We believe it is strategically positioned to be the future OS in enabling secure and productive work in an AI-driven world. We expect to see browsers become an integral part of the SASE stack for all of our customers. Moving on to Cortex and Cloud, we saw broad-based strength in Cortex and Cloud as well, with combined ARR up nearly 25% year-over-year in Q4. For years, the industry has been stuck in an old SIEM paradigm, collecting logs, writing rules, and overwhelming analysts with alerts. We saw the writing on the wall.
We are beginning to see browser wars as we see the adoption of AI, understandably. This is the requirement as we march towards agents. Interestingly, it will become impossible to allow employees access to non-secure browsers in the future. As more and more critical applications and data reside within the browser, it naturally becomes a target for cyber attacks.
Chris Max's browser's built-in controls and real-time visibility are designed to help ensure that sensitive data remains safeguarded during browsing sessions, regardless of the user's location or the application they are accessing. We believe it is strategically positioned to be the future OS in enabling secure and productive work in an AI-driven world. We expect to see browsers become an integral part of the Sassy stack for all of our customers.
Moving on to Cortex and Cloud. We saw broad-based strength in Cortex and Cloud as well. Combined, they are up nearly 25% year-over-year in Q4.
For years, the industry has been stuck in an old SIM paradigm, collecting logs, writing rules, and overwhelming analysts with alerts.
Dipak Golechha: This model is not sustainable in the age of AI-powered attacks. It is a battle that humans alone cannot win, and our customers are seeing it too. XSIAM, our autonomous SOC platform and our fastest growing product ever, is modernizing and disrupting the SOC market with AI, and we continue to see amazing milestones. This includes reducing customers' mean time to respond from weeks to minutes. Today, over 60% of our deployed customers cite mean time to respond in under 10 minutes. We ended Q4 with approximately 400 customers in XSIAM, and the average ARR per customer continues to be over $1 million. Nearly a quarter of XSIAM customers are represented in the Global 2000, creating a marquee list of referenceable customers across a number of major industries. Beyond XSIAM, Cortex XDR saw deals over $1 million grow 30% year-over-year.
We saw the writing on the wall. This model is not sustainable. In the age of AI-powered attacks, it's a battle that humans alone cannot win, and our customers are seeing it too. Xim, our autonomous sock platform and our fastest-growing product ever, is modernizing and disrupting. The stock market's AI, and we continue to see amazing milestones. This includes reducing customers' mean time to respond from weeks to minutes. Today, over 60% of our deployed customers cite mean time to respond in under 10 minutes.
We ended Q4 with approximately 400 customers on XIM, and the average ARR per customer continues to be over $1 million.
Nearly a quarter of a time, customers are represented in the Global 2000, creating a marquee list of referenceable customers across a number of major industries.
Dipak Golechha: As we continue to build on our industry recognition, we are seeing opportunities in larger accounts. I also want to highlight the growing significance of Cortex Cloud. As the market shifts from static posture management to the urgent needs for real-time runtime security, our thesis on the convergence of cloud security and security operations is proving correct once again. This is when we are fundamentally different from the competition. While others may offer a strong cloud posture tool or a separate SIEM, we are the only ones to natively unify a best-in-class CNAP with our AI-powered SOC platform. This allows our customers to move beyond simply reporting on misconfiguration and instead actively stopping cloud attacks in real time. Cortex Cloud allows our customers to not only shift left to secure applications during development, but also shield right to protect them in production. The platform is already gaining significant validation.
Bionic IM Cortex XDR saw deals over a million dollars grow by 30% year-on-year as we continue to build on our industry recognition. We are seeing opportunities with larger accounts.
I also want to highlight the growing significance of Cortex Cloud as the market shifts from static posture management to the urgent needs for real-time runtime security. Our thesis in the convergence of cloud, security, and security operations is proving correct. Once again, this is where we are fundamentally different from the competition. While others may offer a strong cloud posture tool or a separate SIM, we are the only ones to natively unify a best-in-class capability with our AI-powered software platform.
Take your applications during development, but also Shield, right? Protect them in production.
Dipak Golechha: It was recently praised for its ability to fully secure the entire lifecycle of cloud-native applications and has achieved federal amp high authorization, a critical credential for our public sector customers. This product set is resonating with the market, and early interest has driven a strong pipeline, spanning hundreds of customers who understand the need to stop cloud attacks in real time. Our platforms are a powerful data-centric engine for organic innovation. Our core thesis is that the integrated data we capture from across network, cloud, and security operations is the ground truth needed for a whole variety of security use cases. For AI to be effective, it needs this complete contextual data, a capability unique to our platform approach. This massive data stream is what makes our XSIAM platform so effective in its primary wartime mission of stopping active threats.
The platform is already gaining significant validation. It was recently praised for its ability to fully secure the entire life cycle of cloud-native applications and has achieved FedRAMP High authorization, the critical credential for our public sector customers. This product set, designating with the market and early interest, has driven a strong pipeline, spending hundreds of customers who understand they need to stop cloud attacks in real time.
Our platforms are powerful, data-centric, and designed for organic innovation. Our core thesis is that the integrated data we capture from across network, cloud, and security operations is the ground truth needed for a whole variety of security use cases. For AI to be effective, it needs this complete contextual data capability, which is unique to our platform approach.
Dipak Golechha: But as the slide illustrates, we are now leveraging the same powerful data to expand into new peacetime missions. By applying our AI to this rich data set, we are organically creating new modules and expanding into new TAMs like exposure management and email security. This represents an $18 billion opportunity for us in fiscal year 2026 and beyond. We see significant upsell opportunities from these modules as they attach to larger XSIAM deals. We are encouraged by the early customer feedback on these new capabilities. This is our data-to-market engine in action, allowing us to explore new frontiers in security and deliver continuous value to our platform customers. To close, we are exiting FY25 with strong organic momentum as we march along our path to that $15 billion target. Our bookings and RPO accelerated this quarter, driven by large deal traction and a sharp focus on excellence in execution.
This massive data stream is what makes our XXAN platform so effective, and its primary wartime mission of stopping active threats. But as the slide illustrates, we're now leveraging the same powerful data to expand into new peacetime missions by applying our AI to this rich data set. We are organically creating new modules and expanding into new terms like exposure management and email security. This represents an $18 billion opportunity for us in fiscal year 2026 and beyond.
You see significant upsell opportunities from these modules as they attach to larger exam deals?
We're encouraged by the early customer feedback on these new capabilities. This is our Data to Market engine in action, allowing us to explore new frontiers in security and deliver continuous value to our platform customers.
To close.
Dipak Golechha: The results of our customer-centric strategy are clear. We are seeing more customers platformize with us than ever before, not just to save money, but achieve a level of security that a fragmented approach simply cannot provide in an AI-driven world. This realization that platformization is the way forward is also the engine behind a strong Q4 result and our confident outlook. We see broad-based strength across our network security, cloud, and SecOps segment, and a strong pipeline as a majority of core sellers are now equipped to sell across multiple platforms. We have strong early traction with Prisma AI, and with our relentless focus on innovation, we believe Palo Alto Networks can be the ideal partner to help organizations achieve and secure their AI transformation goals. Before I hand over to Dipak Golechha, let me also talk about what we see for FY26.
We're exiting FY25 with strong organic momentum as we march along our path to that $15 billion target. Our bookings in RPU accelerated this quarter, driven by large deal traction and a sharp focus on excellence in execution. The results of our customer-centric strategy are clear; we're seeing more customers platformize with us than ever before, not just to save money, but to achieve a level of security that a fragmented approach simply cannot provide in an AI-driven world. This realization that platformization is the way forward is also the engine behind a strong Q4 result and our confident outlook. We see broad-based strength across our Network Security, Cloud, and SecOps segments, and a strong pipeline as a majority of our sellers are now equipped to sell across multiple platforms.
We have strong early traction with Prisma heirs, and we are running this focus on innovation. We believe pilot networks can be the ideal partner to help organizations achieve and secure their AI transformation goals.
Dipak Golechha: Looking ahead, we have multiple tailwinds driving our business in FY26 and beyond. In network security, we have growing demand for software firewalls and SASE, which continue to grow well above the market. The higher mix of software gives us confidence in sustainability of double-digit product revenue growth in FY26. We have multiple newer products contributing to our growth, including Prisma AI, secure browsers, each with large pipelines. In Cortex, XSIAM continues to deliver rapid growth at scale. AI is transforming the SOC, and we believe we are well positioned to capitalize and win. Our migration to Cortex Cloud continues to progress. We believe we are well positioned to capitalize as the market evolves from posture management to real-time security for AI. Of course, we have heard the market, and it is clear our customers are asking for comprehensive security platforms.
However, before I hand over to Deepak, let me also talk about what we see for Phi 26.
Looking ahead, we have multiple tailwinds driving our business and FY26 and beyond in network security. There is growing demand for software, firewall, and SASE (Secure Access Service Edge) solutions, which continue to grow well above the market. The higher mix of software gives us confidence in the sustainability of double-digit product revenue growth in FY26.
We have multiple newer products contributing to our growth, including Prisma Air's secure browsers, each with large pipelines. In Cortex Xime, we continue to deliver rapid growth at scale. AI is performing well and, as we capitalize on our migration to Cortex Slide Cloud, we believe we are well positioned to capitalize as the market evolves from posture management to real-time security for AI.
Of course.
Dipak Golechha: Over the last seven years, I have been asked often, why are we not a player in identity? For the longest of time, I believed that identity was not at an inflection point. As we saw the emergence of agentic AI, as we saw AI getting mass adoption, we are beginning to reach conviction that the identity market will inflect in the next 12 to 24 months. If you believe that we have been able to identify inflections in a good way at Palo Alto Networks, it is important for you to believe that we have this one right as well. Similar to our roots and network, identity is a key enforcement point for enterprise security. Unlike most of the forms of security, like network firewalls, identity is also a real-time product.
We've heard the market, and it's clear. Our customers are asking for comprehensive security platforms. Over the last 7 years, I have been asked often, "Why are we not a player in identity?"
And for the longest time, I have believed that identity was not at an inflection point.
But as we saw the emergence of agentic AI and its mass adoption, we're beginning to reach conviction that the identity market will inflect in the next 12 to 24 months.
If you believe that we have been able to identify inflections in,
A good way about the networks. It is important for you to believe that we have this one right as well.
Similar to our roots, network identity is a key enforcement point for enterprise security.
Dipak Golechha: Because of this, we believe that the future for identity will actually be owned by somebody who is well prepared to take on the challenges of identity going forward, as opposed to a new player. Hence, we have diverged from our original approach of going and buying first-in-market best-of-breed products to go and own market or categories. Instead, we believe the future in this category is going to belong to somebody who has already established a strong reputation and is a leader in identity security. As the widespread deployment of AI agents makes privileged access more important, we believe security, not SSO-focused identity vendors, are best positioned to address emerging needs. That growth in PAM data and census will further solidify category leaders like CyberArk.
Unlike most forms of security, like network firewalls, identities also represent a real-time product.
And because of this, we believe that the future of our identity will actually be owned by somebody who is well prepared to take on the challenges of identity going forward, as opposed to a new player. Hence, we have diverged from our original approach of going and buying first-in-market, best-of-breed products to go and own markets or categories. Instead, we believe the future in this category is going to belong to somebody who has already established a strong reputation and is a leader in identity security.
so,
Dipak Golechha: Second, with 90% of our breaches involving stolen or mismanaged credentials, every user machine and AI agent should be considered a privileged user, rather than just a small set of IT administrators. CyberArk's reach extends to over 8 million privileged end users and over 50% of the Fortune 500. With the right product strategy and go-to-market acceleration from Palo Alto Networks, we believe CyberArk will be able to both deepen their penetration in PAM and target the significantly larger base of global IAM users and machine identities. Thirdly, the identity industry is lacking a broader platform. Today, over 100 vendors are vying to capture the customer's attention across multiple functional domains. These domains are converging as the complexity of stitching together disparate solutions and the rise in identity-related breaches push enterprises to favor better integration.
SSO and Focus ID vendors are best positioned to address emerging needs, and growth in PAM data and sensors will further solidify category leaders like CyberArk.
Second, with 90% of our breaches involving stolen or mismanaged credentials, every user machine and AI agent should be considered a privileged user.
Rather than just a small set of IT administrators.
CyberArk's reach extends to over 8 million privileged end users in over 50% of the Fortune 500. With the right product strategy and go-to-market acceleration from Palo Alto Networks, we believe CyberArk will be able to not only deepen their penetration but also aim at targeting the significantly larger base of global IAM users and machine identities.
Thirdly, the identity industry is lacking a broader platform today, with over 100 vendors competing to capture the customer's attention across multiple functional domains.
Dipak Golechha: We believe Palo Alto Networks can accelerate CyberArk's platform vision as they look to expand across multiple identity domains. By combining their leadership in identity security with our industry-leading AI-powered security platform and our platformization approach, coupled with our go-to-market, we will be able to offer the most complete integrated security solution on the market. We are building an evergreen security company that will define the industry for decades to come. After many detailed conversations, we have strategic alignment with the CyberArk team and a common culture of innovation. Following the close of the transaction, we will optimize our combined go-to-market resources and continue to lead innovation. To provide some context, we have nearly 10 times the number of core sellers, and we see an opportunity to expand CyberArk's presence into our much larger 75,000 customer base.
These domains are converging as the complexity of stitching together disparate solutions is on the rise, particularly with identity-related breaches. Enterprises are pushed to favor better integration, if you believe that all took an accelerated cyber ARS platform vision, as they look to expand across multiple identity domains. By combining their leadership in identity security with our industry-leading, AI-powered security platforms and our platformization approach, coupled with our go-to-market strategy, we will be able to offer the most complete integrated security solution on the market. We are building an evergreen security company that will define the industry for decades to come.
After many detailed conversations, we have strategic alignment with the Cyber Art team and a common culture of innovation.
Dipak Golechha: Overall, we believe this accelerates our mission to double the value of our joint businesses over the next five years. We are strategically entering this category now to define the next chapter of cybersecurity for the AI era. We look forward to providing more details on our strategy once we close the transaction. Before I hand over to Dipak, I want to take a moment to speak from the heart on the important leadership announcement we made today. Our founder, our first innovator, and a true titan of this industry, Nir Zuk, has decided to retire after more than 20 years. When you think of Palo Alto Networks, you think of Nir. It is impossible to overstate Nir's impact. He didn't just start a company; he started a revolution with the next-generation firewall, forever changing the security landscape.
Following the closer transaction, we will optimize our combined go-to-market resources and continue to lead innovation. To provide some context, we have nearly 10 times the number of core sellers, and they see an opportunity to expand Cyborg's presence into our much larger 75,000 customer base. Overall, we believe this accessorization is on a mission to double the value of our joint businesses over the next 5 years by strategically entering this category. Now, we have defined the next chapter of cybersecurity for the AI era. We look forward to providing more details on our strategy once we close the transaction.
Before I hand over to Deepak, I want to take a moment to speak from the heart on the important leadership announcement we made today.
Our founder, our first innovator, and a true titan of this industry, Nir Zuk, has decided to retire after more than 20 years.
When you think about all the networks, you think of near?
Dipak Golechha: Personally, it has been a privilege to call him a partner and a friend. The relentless competitive fire that defines our culture, that is his legacy. It is in our DNA. His legacy isn't just in our products; it is in our people. So, to Nir, on behalf of every single one of us, thank you. This marks a seamless and natural transition as we pass the torch to Lee Klarich, who will now serve as both Chief Product and Technology Officer and as a member of our board. For years, almost as many as Nir, Lee has been the chief architect of our product strategy, masterfully turning our vision into the industry-leading platforms we have today. Appointing him as both CPO and CTO and to our board of directors is a reflection of the profound trust we have in his leadership.
It is impossible to overstate Neha's impact. He didn't just start a company; he started a revolution with the Next Generation firewall, forever changing the security landscape.
Personally, it has been a privilege to call him a partner and a friend.
The relentless competitive fire that defines our culture is his legacy. It is in our DNA. His legacy isn't just in our products; it is in our people. So, a heartfelt thank you.
Marks a seamless and natural transition as we pass the torch to Le Clarage.
Dipak Golechha: This ensures the soul of our innovation not only continues but accelerates into the future. With that, let me pass on to Dipak. Thank you, Nikesh, and good afternoon, everyone. To maximize our time spent on Q&A, I will provide you with financial highlights of Q4. You can review the detailed results in our press release and in the supplemental financial information on our website. In Q4 2025, total revenue was $2.54 billion and grew 16%, above the high end of our guided range. Within total revenue, product revenue grew 19%, driven by growth in software form factors, while total services revenue grew 15%. Within total services, subscription revenue grew 17%, and support revenue rose 11%. In the fourth quarter, 56% of product revenue was from software form factors, a significant driver of product revenue growth year-over-year.
Who will now serve as both Chief Product and Technology Officer? As a member of our board for years, almost as many as Nikesh has been the Chief Architect of our product strategy, masterfully turning our vision into the industry-leading platforms we have today. Appointing him as both CPU and CTO, and to our board of directors, is a reflection of the profound trust we have in his leadership. This ensures that the soul of our innovation not only continues but accelerates into the future. With that, let me pass on to Deepak.
Thank you, Nikesh, and good afternoon, everyone.
To maximize our time spent on Q&A, I will provide you with financial highlights of Q4. You can review the detailed results in our press release and in the supplemental financial information on our website.
In Q4 2025, total revenue was $2.54 billion and grew 16% above the high end of our guided range.
Within total revenue, product revenue grew 19%, driven by growth in software form factors, while total services revenue grew 15%.
Within total services, subscription revenue grew 17%, and support revenue rose 11%.
Dipak Golechha: On a trailing 12-month basis, the proportion of our product revenue from software surpassed 40%, driven by growth in our software firewall form factors and PAN-OS SD-WAN. We continue to see firewall appliance growth in line with the ranges that we have described in past periods, namely 0% to 5%. Moving on to geographies, we saw double-digit growth across all theaters, with the Americas growing 15%, EMEA up 19%, and JPAK growing 13%. We saw strength across our major verticals and saw a year-over-year bookings growth improvement in our public sector business. Remaining performance obligation, or RPO, grew 24% to $15.8 billion. This was our highest RPO growth in seven quarters at a significantly larger scale. Our current RPO was $7.0 billion, growing 17% year-over-year.
In the fourth quarter, 56% of product revenue was from software form factors, a significant driver of product revenue growth year-over-year.
On a trailing 12-month basis, the proportion of our product revenue from software surpassed 40%, driven by growth in our software firewall, form factors, and PAN-OS SD-WAN.
We continue to see firewall appliance growth in line with the ranges that we have described in past periods, namely 0% to 5%.
Moving on to geography, we saw double-digit growth in all theaters, with the Americas growing 15%, EMEA up 19%, and JPACK growing 13%.
We saw strength across our major verticals and a year-over-year bookings growth improvement in our public sector business.
74 % to 15.8 billion.
This was our highest RPO growth in 7 quarters at a significantly larger scale.
Dipak Golechha: As Nikesh Arora noted, we saw customers making significant commitments to our platforms in Q4, as reflected by a large deal volume, net new platformizations, and RPO growth. Contract duration in the quarter increased slightly on both a year-over-year and a quarter-over-quarter basis, but remained within our historical range at approximately three years. Turning to next-generation security ARR, where we continued to see very healthy growth. We ended the quarter at $5.58 billion in NGS ARR, which grew 32%. Q4 NGS ARR included approximately $17.5 million in support, where customers also purchased Strata Copilot. For context, this AI-powered unified management platform, which utilizes rich telemetry to deliver deeper insights into threats, has significantly improved user experience and much faster mean time to resolve issues for our customers. We expect this to be a growing contributor going forward, but remain immaterial to total NGS ARR.
Our current RPO is $7.0 billion, growing 17% year-over-year.
As Nicest noted, we saw customers making significant commitments to our platforms in Q4, as reflected by a large deal. Volume net, new platformization, and RPO growth.
Contract duration in the quarter increased slightly on both a year-over-year and quarter-over-quarter basis, but remains within our historical range at approximately 3 years.
Turning to next-generation security ARR, where we continue to see very healthy growth.
We ended the quarter at $5.58 billion in NGS, which grew 32%.
Q4 NGS are included, approximately $17.5 million in support, where customers also purchased Strata Cloud Manager.
For context, this AI-powered unified management platform utilizes rich telemetry to deliver deeper insights into threats. A significantly improved user experience and not our mean time to resolve issues for our customers.
Dipak Golechha: We added approximately $490 million in net new NGS ARR in Q4, up 12% from a year ago. Our momentum was broad-based this quarter. Notable growth drivers included software firewalls, SASE, and XSIAM. AI ARR is now approximately $545 million in Q4, up over two and a half times year-over-year. Moving down the income statement, total gross margin was 75.8%. Product gross margin was 76.8%. As we closed fiscal 25, we undertook a comprehensive review of our inventory, leading to Palo Alto Networks taking a reserve for excess and obsolete inventory and spares. This was a deliberate and prudent step, taking a disciplined and conservative view of our product lifecycle. This action solidifies our balance sheet and ensures we are well positioned into fiscal year 2026 and beyond.
We expect this to be a growing contributor going forward but remain immaterial to Total NGS AR.
We added approximately $490 million in net. New NGS are in Q4, up 12% from a year ago.
Our momentum was broad-based this quarter. Notable growth drivers included software, firewalls, SASE, and XAM.
AI ARR is now approximately $545 million in Q4, up over 2.5 times year over year.
Moving down the income statement, total gross margin was 75.8%.
Product, gross margin was 76.8%.
As we close fiscal 2025, we undertook a comprehensive review of our inventory related to Palo Alto Networks, leading to a reserve for excess and obsolete inventory and spares.
This was a deliberate and prudent step, taking a disciplined and conservative view of our product life cycle.
Dipak Golechha: That being said, we expect product gross margins in fiscal year 2026 to increase relative to 2025 and be in the high 70s or low 80s. As I have mentioned in prior quarters, we have been transitioning our primary manufacturing and fulfillment center to a contract manufacturing facility in Texas, to provide us with the benefit from scale and innovation, as well as to take advantage of a foreign trade zone that can help us mitigate the impact of any potential tariffs on products we ship to international customers and destinations. We continue to believe that we differentiate ourselves in the industry by being the only pure-play cybersecurity firm to assemble all of our hardware in the U.S.A. at scale. As a result, the impact of tariffs on our business has been immaterial. Total services gross margin was 75.5%, a slight sequential increase in Q3.
This action solidifies our balance sheet and ensures we're well positioned into fiscal 2026 and beyond.
That being said, we expect product growth margins for fiscal year 2026 to increase relative to 2025 and be in the high 70s or low 80s.
As I've mentioned in prior quarters, we've been transitioning our primary manufacturing and fulfillment center to a contract manufacturing facility in Texas. This move is intended to provide us with the benefits of scale and innovation, as well as to take advantage of a foreign trade zone that can help us mitigate the impact of any potential tariffs on products we ship to international customers and destinations.
We continue to believe that we differentiate ourselves in the industry by being the only pure-play cybersecurity firm to assemble all of our hardware in the USA at scale.
As a result, the impact of tariffs on our business has been immaterial.
Dipak Golechha: We are pleased by the sustained growth in our SaaS offerings and are executing on cloud cost efficiencies, including engaging with our cloud service providers to negotiate favorable procurement arrangements as the scale of our cloud-hosted products continues to grow. We continue to deliver profitable growth through the expansion of operating margins, which encompasses the growth margins that I just discussed. In Q4, we expanded operating margins by 340 basis points and delivered operating margins above 30% for the first time in the company's history. On an annual basis, operating margins of 28.8% came in above the high end of our guided range as we drove scale and efficiencies across sales and marketing, R&D, and G&A. Diluted non-GAAP EPS was $0.95 and also came in ahead of the high end of our guided range.
Total Services: Gross margin was 75.5%, a slight sequential increase in Q3. We are pleased by the sustained growth in our SaaS offerings, and we are executing on cloud cost efficiencies, including engaging with our cloud service providers to negotiate favorable procurement arrangements, as the scale of our cloud-hosted products continues to grow.
We continue to deliver profitable growth through the expansion of operating margins, which encompasses the growth margins that I just discussed.
In Q4, we expanded operating margins by 340 basis points and delivered operating margins above 30% for the first time in the company's history.
On an annual basis, operating margins of 28.8% came in above the high end of our guided range, as we drove scale and efficiencies across sales and marketing, R&D, and G&A.
Dipak Golechha: Turning to the balance sheet, you will see that our debt balance came down by $383 million as our 2025 convertible notes reached maturity in June of this year. These notes were settled in cash and equity in Q4. We did not repurchase any shares in Q4, and our buyback strategy remains opportunistic. We have $1 billion in authorization remaining through December 2025. As many of you have heard from me in the past, we are focused on delivering profitable growth, and every decision we make is made within the context of maximizing long-term total shareholder return. For that reason, I am extremely proud that Palo Alto Networks has delivered results that were above the rule of 50 for the last five years.
Diluted non-GAAP EPS was $0.95 and also came in ahead of the high end of our guided range.
Turning to the balance sheet, you will see that our debt balance came down by $383 million as our 2025 convertible notes reached maturity in June of this year.
These notes were settled in cash and equity in Q4.
We did not repurchase any shares in Q4, and our buyback strategy remains opportunistic. We have $1 billion in authorization remaining through December 2025.
As many of you have heard from me in the past, we are focused on delivering profitable growth. Every decision we make is made within the context of maximizing long-term total shareholder return.
Dipak Golechha: We are unique in our ability to deliver top-line growth with leading free cash flow margins at a level that is best in class among scaled enterprise software companies. As you will see shortly, we expect to once again be above the rule of 50 in fiscal year 2026. As Nikesh Arora discussed, our ability to deliver sustained growth can be attributed to both our continued focus on innovation and our platformization strategy, which is driving bigger deals for us and better outcomes for our customers. On the free cash flow side of the equation, we have been able to expand our operating margins, providing a higher floor for our free cash flow while improving our visibility to said cash flows. Critical to our ability to be a continued rule of 50 company has been the scalability of our business across every line item of the P&L.
Reason, I'm extremely proud that Palo Alto Networks has delivered results that were above the rule of 50 for the last 5 years.
We are unique in our ability to deliver topline growth with leading free cash flow margins at a level that is best in class among scaled enterprise software companies.
As you will see shortly, we expect to once again be above the rule of 50 in fiscal year 2026.
As Nikesh discussed, our ability to deliver sustained growth can be attributed to both our continued focus on innovation and our platformization strategy, which is driving bigger deals for us and better outcomes for our customers.
On the Free Cash Flow side of the equation, we've been able to expand our operating margins, providing a higher floor for our free cash flow while improving our visibility to fed cash flows.
Dipak Golechha: Since fiscal 2022, we have expanded our operating margins by almost 1,000 basis points, and we expect to continue to deliver expanded operating efficiencies in fiscal year 2026 and beyond. Our ability to expand operating margins has enabled us to deliver sustained high free cash flow margins while steadily managing an increase in demand for deferred payments. We have been moving through this transition since fiscal 2021, and as we lap deals with deferred payments from prior periods, we have an increased visibility into our future free cash flows. As I mentioned earlier, we delivered $3.5 billion of free cash flow at 38% margin in fiscal year 2025. We had visibility to approximately 40% of that free cash flow from deferred payments on deals signed prior to the fiscal year.
Critical to our ability to be a continued Rule of 50 company has been the scalability of our business across every line item of the P&L.
Since fiscal 22, we've expanded our operating margins by almost 1,000 basis points, and we expect to continue to deliver expanded operating efficiencies in fiscal year 26 and beyond.
Our ability to expand operating margins has enabled us to deliver sustained high free cash flow margins while steadily managing an increase in demand for deferred payments.
We've been moving through this transition since fiscal 2021, and as we lap deals with deferred payments from the prior period, we have increased visibility into our future free cash flows.
Dipak Golechha: We continued through this transition to deferred payments in fiscal 2025, and we expect about half of our fiscal 2026 free cash flow to come from deferred payments deals signed in fiscal 2025 or earlier. Looking forward, we continue to see future free cash flow supported by ongoing operating margin expansion and a continued smooth transition to deferred payments. Specific to that topic, we continue to see increasing demand for annual payments, particularly on larger deals. We are absorbing this transition whilst maintaining our best-in-class adjusted free cash flow margins and guiding 2026 adjusted free cash flow margin of 38% to 39%. With that, let me turn to guidance. The Q1 2026 and fiscal year 2026 guidance I will provide is for Palo Alto Networks on a standalone basis and does not include any anticipated impacts on the proposed acquisition of CyberArk, announced on July 30, 2025.
As I mentioned earlier, we delivered $3.5 billion of free cash flow at a 38% margin in fiscal year 2025. We had visibility to approximately 40% of that free cash flow from the third payments on deals signed prior to the fiscal year.
We continue through this transition to deferred payments in fiscal 2025, and we expect about half of our fiscal 2026 free cash flow to come from deferred payments—that deals signed in fiscal 2025 or earlier.
Looking forward, we continue to see future free cash flow supported by ongoing operating margin expansion and a continued smooth transition to deferred payments.
We continue to see increasing demand for annual payments, particularly on larger deals, where absorbing this transition while maintaining our best-in-class free cash flow margins is essential. We are guiding for fiscal year 2026 adjusted free cash flow margins of 38% to 39%.
With that, let me turn to guidance.
Dipak Golechha: For the fiscal year 2026, we expect NGS ARR to be in the range of $7.00 to $7.10 billion, an increase of 26% to 27%. Remaining performance obligation of $18.6 to $18.7 billion, an increase of 17% to 18%. Revenue to be in the range of $10.475 to $10.525 billion, an increase of 14%. Operating margins to be in the range of 29.2% to 29.7%. Diluted non-GAAP EPS to be in the range of $3.75 to $3.85, an increase of 12% to 15%, and adjusted free cash flow margin in the range of 38% to 39%. For the first fiscal quarter of 2026, we expect NGS to be in the range of $5.82 to $5.84 billion, an increase of 29%. Remaining performance obligation of $15.4 to $15.5 billion, an increase of 23%.
The Q1 2026 and Fisk year 2026 guidance are provided for Palo Alto Networks on a standalone basis and do not include any anticipated impacts from the proposed acquisition of CyberArk, announced on July 30, 2025.
For the fiscal year 2026, we expect NGS to be in the range of $7.000 to $7.1 billion. This represents an increase of 26% to 27%.
Remaining performance obligations of $18.6 to $18.7 billion, an increase of 17% to 18%.
Revenue is expected to be in the range of $10.475 to $10.525 billion, representing an increase of 14%.
Operating margins are expected to be in the range of 29.2% to 29.7%.
Diluted non-GAAP EPS is expected to be in the range of $3.75 to $3.85.
An increase of 12% to 15% and adjust. If we cash flow margin is in the range of 38% to 39%.
Dipak Golechha: Revenue to be in the range of $2.45 to $2.47 billion, an increase of 15%, and diluted non-GAAP EPS to be in the range of $0.88 to $0.90, an increase of 13% to 15%. We've included our modeling points in the presentation for your review, but I would like to highlight two areas. Firstly, we expect Q1 2026 product revenue growth to be approximately 20%, and we expect fiscal year 2026 product revenue growth to be in the low teens. This is largely driven by strength in our software form factors within product revenue. Furthermore, we expect our top-line seasonality to continue to be second half and Q4 weighted as we continue to platformize with our customers. Finally, I'd like to give an update around our financial expectations for the combined Palo Alto Networks and CyberArk.
For the first fiscal quarter of 2026, we expect NGS to be in the range of 5.82 to 5.84 billion and increase the 29% remaining performance obligation of 15.4 to 15.5 billion dollars and increase of 23%.
Revenue is expected to be in the range of $2.45 to $2.47 billion, representing an increase of 15%. Diluted non-GAAP EPS is projected to be in the range of $0.88 to $0.90, reflecting an increase of 13% to 15%.
We've included our modeling points in the presentation for your review, but I would like to highlight two areas.
Firstly, we expect Q1 2026 product revenue growth to be approximately 20%, and we expect fiscal year 2026 product revenue growth to be in the low teens. This is largely driven by strengths in our software form factors within product revenue.
Furthermore, we expect our topline seasonality to continue to be second half and Q4 weighted, as we continue to partner with our customers.
Dipak Golechha: As you can see, we are pursuing this acquisition from a position of strength and are excited about our integration efforts post-close. Based on our continued operating margin expansion and visibility to free cash flow, and our continued smooth transition to deferred payments, we're targeting adjusted free cash flow of 40% plus for the combined company in fiscal 2028, the first full year post-integration. This target assumes the impact of M&A-related synergies. We intend to provide more details on the full scope of synergies post the closing of the transaction, which we continue to expect will happen in the second half of fiscal year 2026. We are excited about the outcomes that the combined Palo Alto Networks and CyberArk businesses will deliver from a security perspective, as well as from a TSR perspective for the shareholders of both companies. With that, I will turn over to Hamza for Q&A.
Works, and Cyborg.
As you can see, we are pursuing this acquisition from a position of strength and are excited about our integration efforts post-close.
Based on our continued operating margin expansion and visibility of free cash flow, and our continued smooth transitions of our payments, we're targeting adjusted free cash flow of 40% plus for the combined company in fiscal 2028, the first full year post integration.
This target assumes the impact of M&A-related synergies. We intend to provide more details on the full scope of synergies post-closing of the transaction, which we continue to expect will happen in the second half of fiscal year '26.
We are excited about the outcomes that the combined power of Art Networks and CyberArk will deliver from a security perspective, as well as from the TFR perspective for the shareholders of both companies.
With that, I will turn it over to Hamza for Q&A.
Hamza Fodderwala: Sorry about that, slight technical difficulty. To allow for broader participation, I would ask that each analyst ask only one question. The first question will be from Rob Owens from Piper Sandler, followed by Brad Zelnick from Deutsche Bank.
Sorry about that. So I type your difficulty to allow for
Our participation. I would ask that each analyst ask only one question. The first question will be from Rob Owens from Piper Sandler, followed by Brad Zelnik from Deutsche Bank.
Rob Owens: Thank you, Hamza, and good afternoon. Thanks for taking my question. I was hoping to get a more strategic view on security consolidation, both from your perspective, where we are at now, as well as any anecdotes you can share from customers. As you well know, security is one of the most fragmented IT markets of scale, with Palo Alto Networks as the independent leader, but still only kind of a mid-single-digit share relative to spend right now. While platformization in your SecOps strategy was clearly aimed at playing to this convergence, can you speak to the rise of AI-driven security right now and how it is catalyzing this market need?
Thank you, Hamza, and good afternoon. Thanks for taking my question. I was hoping to get a more strategic view on...
Nikesh Arora: Thanks. Rob, thanks for your question. I guess we should be more strategic in our answers. The consolidation is 99% perspiration, and you see that. That is why we have set ourselves on this plan of platformization. I think the reason we highlighted a $50 million ARR deal, that is a big number in technology, whether it is cybersecurity or anything else. That tells you the art of the possible. If one was able to consolidate the entire security spend of a large customer, you can get up to $50 million in ARR. I think if you look around our landscape, many companies are still reporting million-dollar customers. The art of the possible is $10, $20, $50 million in ARR. That shows you that is where consolidation is headed.
Security consolidation, both from your perspective where we're at now as well as any anecdotes you can share from customers. As you all know, security is one of the most fragmented IT markets of scale, with Palo Alto as the independent leader but still only kind of aiding in single-digit share relative to spend, right? Now, while platformization and your SEC Ops strategy were clearly aimed at playing to this convergence, can you speak to the rise of agentic right now? And how it's catalyzing this market need? Thanks.
Hey Rob, thanks for your question. I guess we should be more strategic in our answers. Uh,
so,
Like I said, the consolidation is 99% perspiration, and you see that that's why we've set ourselves on this plan of platformization. I think the reason we highlighted a $50 million ARR deal is that it's a big number in technology, whether it's cybersecurity or anything else. That tells you the art of the possible. If one wall is able to consolidate the entire security span of a large customer, you can get up to $50 million in ARR. I think if you look around our landscape, many companies are still reporting million-dollar customers, right? The art of the possible is $10 million to $25 million in ARR—that shows you.
Nikesh Arora: Historically, whether it is CRM, whether it is ERP, whether it is HR workflow, it is ITSM, all these markets have started as fragmented markets. They have just been around 25 years longer than we have. If you play this movie 10, 15 years out, there is no reason why our install base of platform customers should not continue to rise at the pace we are trying to predict it is going to rise. Can I see ours going from 6% to 8% market share to 15%, 20%? Yes, I can. Is it going to happen in one quarter? Unfortunately not. It is going to take us this sort of deft art of convincing our customers to platformize with us, giving them good experiences on one platform, evolving them to the next one. I will tell you, the benefit of AI is we are down to a 25-minute attack.
That's where consolidation is a headache. Now, historically, whether it's CRM, whether it's CRP, whether it's HR workflow, or ITSM, all these markets have started as fragmented markets. They just have been around 25 years longer than we have.
Nikesh Arora: It is no longer how much money are you spending to protect yourself. The question is, how quickly are you going to find it and how quickly are you going to stop it? If the answer is more than 25 minutes, I got news for you. These wonderful agents are going to come and make sure they are able to exfiltrate data and breach your enterprise. It does not matter how much you are spending in under 25 minutes. To get there, the only way to get near real-time is to have some consistency in your platform where data talks to each other and you are able to run agents on top of it. We cannot run agents on top of disparate infrastructure. There is no agent out there that understands three different firewall vendors in your infrastructure, two SASE vendors, a browser vendor, and seven other vendors on top.
So if you play this movie 1,015 years out, there's no reason why our install base of platform customers should not continue to rise at the pace we're trying to produce going to rise. So yeah, can I see ours going from 6 to 8 percent market share to 15 to 20? Yes, I can. Is it going to happen in 1 quarter? Unfortunately, or not, it's going to take us this sort of, you know, deaf art of convincing our customers to platform with us, giving them good experiences on 1 platform, evolving them to the next 1. And I'll tell you the benefit of AI is we're down to a 25-minute attack.
Right? So it's no longer about how much money you're spending to protect yourself. The question is how quickly you're going to find it and how quickly you're going to stop it. And the answer is more than 25 minutes. I got news for you: these wonderful agents are going to come and make sure they're able to exfiltrate data and breach an enterprise. It doesn't matter how much you're spending in under 25 minutes.
Nikesh Arora: If there is one, we would love to hire it. I think agentic is only going to make this worse because there are agents that bad actors can deploy to try and breach you. I think from our perspective, AI is going to act as an accelerant towards the desire to consolidate. Customers are beginning to feel the value of consolidated data, not just in security, in other areas as you can see. I think it is all good, but it is going to have to be heads-down execution. In that light, and I am sorry for taking so long to answer your question, that is what is driving us to say, look, we need to get identities part of the fold because identity is, I sort of have a word in my script which I did not sell. Maybe it is time for an identity firewall.
To get there. The only way to get near real time is to have some consistency in your platform where data talks to each other and you're able to run agents on top of it. Well, you can't run agents on top of disparate infrastructure. You know, there's no agent out there that understands 3 different, firewall vendors and infrastructure are too sassy vendors the browser vendor and you know, 7 other other vendors on top. Well, there's 1. We'd love to hire.
All right, so I think a Chente is only going to make this worse because there are agents that bad actors can deploy to try and reach you.
Nikesh Arora: Why is there no real-time clearing of identities in an enterprise? It is disparate and spread across seven or ten different identity providers. Thanks, Rob.
And, uh, and, and, and that light, and I just thought if it takes so long to answer a question, like, you know, that's what's driving us to say, look, we need to get identity as part of the fold because identity is, you know, I I I sort of have a word in my script, which I didn't say, maybe it's time for an identity identity firewall.
Why is there no real-time clearing of identities in enterprise, which is disputed and spread across 7 or 10 different identity providers?
Rob Owens: Thank you.
Hamza Fodderwala: Thank you, Rob. Next question will be Brad Zelnick from Deutsche Bank, followed by Saket Kalia from Barclays.
Lee Klarich: Great. Thank you very much for taking the questions, and congrats on a monster near $5 billion bookings quarter. Nikesh, if you reflect back on the underlying drivers, how much of this is strong execution versus maybe improved macro since April versus seeing the fruits of platformization play out? Or is the platformization benefit still very much ahead of us?
Thanks, Rob. Thank you. Thank you, Rob. Uh, next question will be from Brad Dlang from Deutsche Bank, followed by Sokka Kia from Barclays.
Nikesh Arora: Thank you. First of all, thank you, Brad, for your positive note on our stock most recently. You found a low point to reestablish your credibility with us, so thank you. That notwithstanding, look, I want to say it's the platformization story. I think it takes a while to take our thousands of sellers out there, get them to understand that the value is in platformization and being able to multiply and deploy all of our products in a consistent fashion. I do not think the macro is bad. I think the macro is fine. I think the challenge that you have been seeing is something that Rob has talked about. We still have fragmented players in the industry. You get trapped in a hardware-only business.
Great. Thank you very much for taking the questions, and congrats on a monster near $5 billion booking supporter. Nikesh, if you reflect back on the underlying drivers, how much of this is strong execution versus maybe improved macro since April, versus seeing the fruits of platformization play out? Or is the platformization benefits still very much ahead of us? Thank you.
Well, first of all, thank you, Brad, for your positive note on our stock most recently. Uh, you found a low point to reestablish your credibility with us. So, thank you. Uh, that number standing, look, uh,
I want to say it's the platformization story.
I think it takes a while to take our thousands of sellers out there and get them to understand that the value is in platformization and being able to multiply and deploy all of our products in a consistent fashion.
Nikesh Arora: If you only have a hardware business, you do not have a software firewall where you have 50% market share, you are not going to have double-digit product growth on a consistent basis. If you are not taking share in SASE and you only have SASE to deal with, then you are stuck in a situation where you are losing share in SASE and you are still fighting three vendors at every SASE sort of, you know, POC or SASE deal. If you are not innovating, you are not out on the browser game, then you have got to watch out because the world is moving towards browsers. I think it is a combination of the innovation roadmap, the conviction of the customer that we have now demonstrated over the last five years that we will rush to deploy and embrace a technology that is out on the market.
Nikesh Arora: Two years ago, we did not have a browser. A year ago, we did not have an AI Firewall. Our customers see that. They say, look, I know that if I commit to your platform, I will see a path to the next technology out there. So, I think it is partly us building conviction with our customers that we will provide them an evergreen path. I think it is partly the fact that people feel that there is a need to consolidate to get a better security outcome. I think macro is still what it is. I think the Fed is finally coming out of its machinations of a new administration trying to figure out how to keep business as usual going and how to make sure that we continue to protect the nation. So, I think from all those perspectives, macro is fine.
I don't think the macro is bad. I think macro is fine. I think the challenge that you've been seeing is something that Rob just talked about. We still have fragmented players in the industry. You get trapped in a hardware only business. If you only have a hardware business, you don't have a software firewall where you have 50s market share, you're not going to have double digit product growth on a consistent basis. If you're not taking share in sassy, you only have to do with then you're stuck in a senior situation where you're losing, share and sassy and you're still fighting 3 vendors at every sassy uh, sort of, you know, BC or sassy deal. If you're not innovating, you're not out in the browser game. Then you got to watch out because the world is moving towards browsers. So I think it's a combination of the Innovation roadmap, the conviction of the customer that we have now demonstrated over the last 5 years that we will rush to deploy and embrace a technology that's out on the market 2 years ago. We didn't have a browser and a year ago we didn't have an AI firewall our customers. See that say look I know that if I commit to your platform, I will see a path to the next technology out there. So I think it's partly as building conviction with our customers that
Nikesh Arora: I think there is no big step up or step down in macro. Now, we will see what happens going forward, but I do not see anything different in the market going forward. I think we can continue to see the benefits of consolidation. As always, look, there is always the Q4 magic, as you all know. There is no magic to July 31st, but there is magic to Q4. So, I think part of what you are seeing is our team saw that they were executing really well and they put their foot in the accelerator.
Lee Klarich: Very helpful. Thank you.
We will provide them an evergreen path. I think it's partly the fact that people feel that there is a need to consolidate to get a better security outcome. I think macro is still what it is. I think the Fed is finally coming out of its machinations of a new administration, trying to figure out how to keep business as usual going and how to make sure that we continue to protect the nation. So, I think from all those perspectives, macro's fine. I think there's no big step up or step down in macro now. We'll see what happens going forward, but I don't see anything different in the market going forward. I think we can continue to see the benefits of consolidation, and as always, look, there's always the Q4 magic, as you all know. And there's no magic to July 31st, but there is magic to Q4. So I think part of what you're seeing is our team saw that they were executing really well and they put their foot on the accelerator.
Hamza Fodderwala: Thank you, Brad. Our next question is from Saket Kalia from Barclays, followed by Gabriela Borges from Goldman Sachs.
Very helpful. Thank you.
Saket Kalia: Okay, great. Hey guys, thanks for taking my question here. Nice finish to the year and congrats to Lee Klarich and Nir Zuk on their respective next steps. Nikesh Arora, maybe for you, I would love to dig into the network security ARR a little bit more, particularly the form factor shift in firewall. You know, you have talked about sort of more of a move to software there driven by cloud transformation. Maybe the question is, why do you think Palo Alto Networks is taking share in the software part of the firewall market? How do you think about lifetime value there versus appliances, if that makes sense?
Thank you, Brad. Our next question is from Sokka from Barclays, followed by Gabriela Borges from Gloom and Sax.
Okay, great. Hey guys, thanks for taking my question here. Nice finish to the year, and congrats to Nikesh Arora and Dipak Golechha on their respective next steps.
Nikesh Arora: Let me have our new board member first answer the form factor shift from a technological perspective. You have to deliver visionary stuff as Chief Technology Officer. Then I will talk to you about the numbers. Go ahead.
Um, the cash, maybe, maybe for you. I'd love to dig into the network security area a little bit more, particularly the form factor shift in firewall. You know, you've talked about sort of more of a move to software that is driven by cloud transformation. Maybe the question is, why do you think Palo Alto is taking share in the software part of the firewall market? And how do you think about lifetime value there versus appliances? If that makes sense?
Lee Klarich: Thank you, Saket.
Saket Kalia: Hey, Lee.
Lee Klarich: Thank you very much. Look, if you think about the hardware space, it started in 1994, 1995, just to give you a sense of how long that space has been around, whereas the software network security market is much more recent. As customers made their shift toward the cloud, a lot of the incumbent vendors treated it as a secondary market, possibly defeatured something that was hardware-based, put a little spit and shine on it. The reality, though, is the cloud environments require a lot more focus than that. It is not just someone else's network, and you put a software firewall into it. There is a lot of unique innovation that has to be driven. You saw this over the last few years from us. We launched Cloud NGFWs, which are designed to be cloud-native firewalls.
Well, let me have our new board member first. Answer, the form factor shift, from a technological perspective. You have to deliver a visionary stuff as Chief Technology Officer; then I'll talk to you about the numbers. Go ahead. Thank you. Second, thank you very much. Uh, look the.
If you think about the hardware space, it's it's a it started in 1994. 1995, just to give you a sense of like, how long that space has been around. Whereas, the software network security Market is much more recent, and
uh, the as the as customers made their shift toward the cloud, a lot of the sort of incumbent vendors, sort of treated as a secondary Market, um, possibly deep feature something that was harder based,
Lee Klarich: They are not just a virtual appliance. They are actually designed to fit seamlessly in the cloud. With the PAN-OS 12.1 Orion launch from last week, we talked about cloud networking and building out a whole cloud networking fabric that connects into that, not only for our Cloud NGFWs, but also for our AI Firewalls that run the cloud as well. I believe our traction and success in software firewalls is the amount of dedicated attention we put on them to drive unique innovation that is specific to their deployment needs. We see it in the numbers, and we see it in the customer traction we get.
Put a software firewall into it. There's a lot of unique innovation that has to be driven, and you saw this over the last few years from us. We launched Cloud NGFW, which is designed to be sort of native, cloud-native firewalls. So they're not just a virtual appliance; they're actually designed to fit seamlessly in the cloud. With the PAN-OS Orion launch from last week, we talked about cloud networking and building out a whole cloud networking fabric that connects into that. Not only for Cloud NGFW, but also for our AI firewalls that run in the cloud as well. And so,
Nikesh Arora: Look, I think part of what you are seeing from a why now is originally the view was that people will go with one cloud service provider, make that the mainstay of their cloud migration, and that is where you are going to get some of the network security capability. Today, I would say if you look at a Fortune 500, I would say it is 80%, 90% of the customers are multi-cloud. It is hard to find a single cloud customer out in the market unless you are the cloud provider yourself. Even they have sometimes too, because they make an acquisition with somebody else who is using a different cloud provider. The moment you start having multiple cloud providers, then if you want a single pane of glass, you need to go off one of them and come to something like Palo Alto Networks.
I, I believe our, uh, traction and success in software firewalls is the amount of dedicated attention we put on them to drive unique Innovation. That's specific to their deployment needs. Um, and we see it, we see it in the numbers and we see it in the customer uh traction. We get we got
Look. And I think part of what you're seeing from a "why now" perspective is that originally, the view was that people would go with one cloud service provider, making that the mainstay of their cloud migration. That's where you're going to get some of the network security capability for today. I'd say if you’ll get a fortune.
Nikesh Arora: We are the only player in the market which has native embedded software firewalls in all of the cloud providers. You want one pane of glass, and as a native firewall in all cloud providers, you come to us. That is one reason. Two is what you have noticed now, more and more production applications are in the public cloud. When they get there, there is no excuse not to have a firewall protecting that instance. I think from both those vantage points, it is that software firewall time has come now. The good news is, as you would appreciate, hardware, we ship a firewall, customers sandbox it, test it, deploy it, takes six months. Software firewalls can get turned on overnight. You can provision them in under 24 hours. You can scale them as soon as you want. There is no lag.
500, uh, I'd say it's 80 to 90% of the customers are multi-cloud. It's hard to find a single-cloud customer out of the market, unless you have a cloud provider yourself. Even they have, sometimes too, because they make an acquisition with somebody else who is using a different cloud provider. So, the moment you start having multiple cloud providers, if you want a single pane of glass, you need to go off one of them and come to something like that. And we're the only player in the market which has native.
Nikesh Arora: You can upgrade them from a software perspective instantaneously, as in when we deploy an upgrade, it gets deployed to all of our customers. I think from all those reasons, it is a much more efficient security appliance, in a way, software appliance, than you could ever get with hardware. You are seeing that. I think from a lifetime value perspective, it is kind of interesting. We announced a $60 million deal with one company for software firewalls, TCV, this quarter. It has been a long time since we did a $60 million hardware firewall deal from a TCV perspective, because that would require you to buy, I do not know, at least 3,000 firewalls. Nobody buys 3,000 firewalls.
Even better software firewalls in all of the cloud providers. So you want one pane of glass, and as a native firewall, all cloud providers you come to us; that's one reason too. Is what you've noticed now, more and more production applications are in the public cloud. And when they get there, there's no excuse not to have a firewall protecting that instance. I think from both those vantage points, it's that software firewall time has come now. And the good news is, as you'd appreciate, hardware—we ship a firewall customer sandbox that is tested and deployed; it takes six months. So, if I was going to get turned down overnight, you can provision them in under 24 hours, you can scale them as soon as you want, there's no lag. You can upgrade them from a software perspective instantaneously, as when we deploy an upgrade, it gets deployed to all of our customers. I think from all those reasons, it's a much more efficient security appliance, in a way, a software appliance than you could ever get with hardware. So you're seeing that, I think one of the lifetime value perspectives is, you know, it's kind of interesting, we announced a $60 million.
Deal with one company for software firewalls DCV this quarter.
It's been a long time since we did a $60 million hardware deal for our world from a TCV perspective because that would require you to buy, I don't know, at least 3,000 firewalls.
Saket Kalia: Very helpful. Thank you.
Dipak Golechha: Just to build on that, Saket, we had said multiple quarters ago that the transition from a hardware firewall to software firewall is roughly the same in terms of revenue. Nikesh Arora talked about how it is much easier to deploy. On SASE, actually, the lifetime value ends up being about 2.5 times larger than it typically is on a hardware firewall.
And nobody's buying 200 Marvels. It's very helpful. Thank you.
Saket Kalia: Appreciate it. Thanks, guys.
Just just to build on that. Uh, suck it. Like we, we said multiple quarters ago that the transition from a hardware, firewall to software. Firewalls roughly the same. Uh, in terms of Revenue and the cash talks about how it's much much easier to deploy. Um, on sassy, it's actually the lifetime value ends up being about 2 and a half times, uh, larger than than a typically is on Hardware firewall.
Hamza Fodderwala: Thank you. Up next is Gabriela Borges from Goldman Sachs, followed by Matt Hedberg from RBC.
Appreciate it. Thanks guys.
Gabriela Borges: Hey, good afternoon. Thanks for taking the question. Dipak Golechha, I wanted to follow up on some of the mixed commentary within NGS ARR from last quarter. Give us a little bit of a sense as we look through this year on how you're thinking about the advanced attached subscription versus the emerging portfolio mix in NGS ARR. To Saket Kalia's question on virtual firewalls, do you think we can see similar step-ups in growth in virtual firewalls such that they contribute similar amounts to the growth algorithm for NGS ARR? How durable is that as a growth driver? Thanks.
Thank you. Up next is Gabriel Gorgeous from Gorman Sachs, followed by Matt Hedberg from RBC.
Dipak Golechha: Yeah, so I think, Gabriela, maybe just the meta point is we are pretty much over a lot of the transitions of our advanced subscriptions at this stage. We alter the definition really based on feedback from you to make sure that it is easier what is excluded at this stage, which is really just the hardware firewalls and legacy subscriptions and support. We will continue to see step-up from those things that are legacy that we can transition over. But the reality is we are now more and more as the growth is coming from fast, durable next-generation products, whether it be software firewall, whether it be SASE, whether it be XSIAM, and some of the newer products that we are launching, like Prisma AI, that will also be significant contributors to growth.
Hey, good afternoon. Thanks for taking the question, Deepak. I wanted to follow up on some of the mixed commentary within NGS from last quarter. Give us a little bit of a sense, as we look through this year, on how you're thinking about the advanced attached subscription versus the emerging portfolio. Mix in NGS and talk about this question on virtual flywheels. Do you think we can see similar step-ups in growth in virtual flywheels such that they can contribute similar amounts to the growth algorithm for NGS? How durable is that as a growth driver? Thanks.
Gabriela Borges: Thank you.
Yeah, so I I I think uh, Gabriel maybe just the The Meta point is, what what pretty much over a lot of the transitions of our Advanced subscriptions, uh, at this stage. Like we we we alter the definition really based on feedback from you to make sure that it's easier what's excluded at this stage which is really just the hardware firewalls and Legacy subscriptions and support. Um, you know, we we will continue to see Step Up um from those things that a legacy that we can transition over. Uh, but the reality is, we're now more and more of the growth is coming from Fast, durable Next Generation products, whether it be software firewall, whether it be sassy whether it be X. I am, uh, you know, and, and some of the newer products that we're launching like Prisma as that will also be significant contributors to growth
Hamza Fodderwala: Thank you, Gabriela. Next question is from Shaul Eyal at Cowen, followed by Joe Gallo from Jeffries.
Thank you.
Thank you, Gabriel. Next question is from Shaoli, all at Cowen, followed by Joe Gallo from Jefferies.
Lee Klarich: I think you had Matt ahead of me.
Hamza Fodderwala: Oh, I'm sorry. Matt, please go ahead. Then Shaul Eyal from Cowen.
Sounds like you had met ahead of me.
Oh, I'm sorry, Matt. Please go ahead.
Saket Kalia: Cool. Thanks, Hamza. The top-line results are super impressive. I have a question for Dipak Golechha. The 40% free cash flow margins by 2028 is also equally impressive. Maybe a question for you or even Lee Klarich from a product integration perspective. Can you talk about some of the underlying components of how you get there and sort of your confidence level on that? Because that is obviously, I think, well above what a lot of us thought post-integration.
And then shall we all from?
Cool. Uh, thanks, Hamza. Um, the, uh, the top line results are super impressive. I have a question for DAC. The 40% free cash flow margins by '28 are also equally impressive. Maybe a question for you or even for Lie from a product integration perspective.
Dipak Golechha: Well, let me start. We wouldn't be guiding to it if we didn't have confidence in it, Matt. I think, look, it's really underpinned by the operating margins. You've seen a lot of operating margin expansion occur over the last three years. We feel very confident that we have a business model that scales at every single line item of the P&L. I've talked through that before. We're a low capital business model, which always helps from a free cash flow point of view. So, I'd say pretty high degree of confidence. I think the meta point is when the strategy is to platformize and customers are buying into it and we're cross-correlating the data, that really helps us scale well as a company. That helps scale very well from a cash point of view as well. That's effectively what we're seeing as we guide into the future.
Can you talk about some of the underlying components, um, of how you get there and sort of your confidence level on that? Because that is obviously, I think, well above what a lot of us thought post-integration.
Nikesh Arora: would add to what Dipak Golechha just said. I think he also, he showed you a bit of a slide about how we feel like some of our free cash flow has been sat upon because of the transition from, you know, effectively, yeah, and towards annual billing. Now given that a majority of our business has shifted towards annual billings, we know that the rest is still going to be upfront cash. Given that, we get a sense that we will get some relief on the free cash flow margin in the next 24 months. I think putting all those together in a box and mixing it, we believe that we definitely can achieve more than 40% margin. Of course, it will require some degree of work with our CyberArk colleagues and partners when we get this deal done.
Uh, well let let let me start, I mean, like we wouldn't be guiding to it. It's, uh, if we didn't have confidence, uh, and it might, but I think look, it really underpinned by the operating margins. You've seen a lot of operating mods and expansion. Uh, occur over the last 3 years, we feel very confident that we have a business model that scales at every single line item of the p&l. I've talked to that before, uh, you know where a low Capital, um, you know, like business model, which always helps from a free cash flow point of view, so I'd say pretty pretty high degree of confidence. I think the The Meta point is when when the strategy is the platform eyes, um, and customers are buying into it and we're cross Carly in the data that really helps us scale well as a company and then that helps scale very well from the cash point of view as well. So that's effectively what we're seeing you know like as we as we guide into the future
I do add to what you just said. I think he also showed you a bit of a slide about how we feel like some of our free cash flow has been sat upon because of the transition from, you know, effectively, yeah, and towards our new buildings. So now, given that a majority of our business has shifted towards annual buildings, we know that the rest is still going to be upfront cash. So given that, we get the sense that we'll get some relief on the free cash flow margin in the next 24 months. Mixing it, we believe we definitely can achieve more than a 40% margin. Of course, it'll require some degree of work with.
Nikesh Arora: But we feel confident that they are equally aligned in terms of what we want to achieve.
Saket Kalia: Thanks, guys.
Our cyber colleagues and partners, uh, when we get this deal done, we feel confident that they're equally aligned in terms of what we want to achieve.
Hamza Fodderwala: Okay, great. Up next is Shaul Eyal and we'll wrap it up with Joe Gallo from Jeffries.
I guess.
Lee Klarich: Thank you. Good afternoon, everybody. Congrats to everybody. Nikesh, Prisma Access Browser momentum and also browser wars. These wars, are these with privates? Are these with some other players out there? What is the thinking along these lines?
Okay, great. Up next is Shall We All, and we'll wrap it up with Joe Gallo from Jefferies.
Nikesh Arora: Look, if you look at what is going on, it is kind of sometimes it is better to be lucky than good. We bought the browser because we felt there were certain use cases like VDI or third-party contractors or mobile devices which are not covered by SASE. We literally bought the browser business thinking we were going to cover these edge use cases and life will go on as normal for regular employees of VPNs or SASE clients. We built that strategy and we see a lot of adoption from a third-party contractor as well as VDI perspective and we continue to make progress there. Now, what happened about six to eight months ago, you started hearing that the only way to deploy agents successfully for many consumer use cases is a browser.
Thank you. Uh, good afternoon, everybody. Congrats to everybody. Um, Nikesh, um, Enterprise Browser momentum. And also, um, Browser Wars. Um, these wars, are these with privates? Are these with some other players out there? Um, what's the thinking along these lines? Look, if you look at what's going on, it's kind of sometimes it's better to be lucky than good. Right? So we bought the browser because we felt there were certain use cases like VDI, or third-party contractors, or mobile devices.
Nikesh Arora: If you want to make a reservation on Booking.com and book an OpenTable reservation or you want to, suddenly, to run agentic tasks, you need to control the browser. That is what Anthropic is figuring out. That is what OpenAI is figuring out. That is what Perplexity is figuring out. That is what Google is figuring out. Suddenly, you are beginning to see these, let us call it consumer browser wars that are beginning to start. Microsoft is going to come back with more agentic features of browsers. Effectively, you deploy a browser in your device, which is going to start doing agentic tasks for you. Now, what is great for the consumer is dangerous for the enterprise. No enterprise is going to love a do-as-you-please browser which can run agents without control. How do you control agents in a browser for an enterprise employee?
To not covered by sassy. So we literally bought the browser business thinking. We were going to cover these Edge use cases, and Life Will Go On as normal for regular employees of vpns or sassy clients. And we built that strategy and we see a lot of adoption from a third-party contractor, as well as PDI perspective and we continue to make progress. And now what happened about 6, to 8 months ago, you started hearing that the only way to deploy agents successfully for many consumer. Use cases is the browser if you want to make a reservation on booking.com and bicker Open Table reservation or you want, so Sly, you know, to to run agentic tasks, you need to control the browser. That's what anthropic is figuring out. That's what open AI is figuring out. That's what perplexity is figuring out. That's what Google is figuring out. Now, suddenly you're beginning to see these, let's call it consumer browser Wars that are beginning to start. You know, Microsoft's going to come back with more agentic features of browsers. Effectively your deployer browser and your device which is going to start doing agentic tasks for you. Now, what's great for the consumer is dangerous for the Enterprise
Nikesh Arora: All you need is a secure browser. You literally will come to a point where companies will say, you cannot use a consumer version of this product. Think about it. It happens in enterprise all the time. You are not allowed to use a consumer version of DocuSign. You are not allowed to use a consumer version of Dropbox. You are not allowed to use a consumer version of a SaaS app in enterprise because it is missing the enterprise control. So, if you believe that agentic true future is coming through browsers in the future for the desktop, then you have to believe that that case for a secure browser just became a mainstream case in the enterprise use case. So, that is what I meant by the browser wars in consumer are going to drive the acknowledgment that we need to solve the browser problem in enterprise.
Right? No enterprise is going to love a do-as-you-please browser, which can run agents without control. How do you control agents in a browser for enterprise employees, or can you do a secure browser?
You literally will come to a point where companies will say you cannot use a consumer version of this product. Think about it: this happens in Enterprise all the time. You're not allowed to use a consumer version of DocuSign, not allowed to use a consumer version of Dropbox. You're not allowed to use a consumer version of a self-app in Enterprise because it's missing the Enterprise controls.
So, if you believe that the agentic true feature is coming through browsers in the future for the desktop, then you have to believe that the case for secure browser just became a mainstream case in the enterprise use case.
Nikesh Arora: Then it is going to become a critical part of your SASE stack.
Lee Klarich: Understood. Thank you so much. Appreciate it.
Sassy stack.
Hamza Fodderwala: Thanks, Shaul. Our last question will come from Joe Gallo from Jeffries.
Saket Kalia: Hey guys, thanks for the question. I saw the blend at Cortex and Cloud numbers, but can you just talk more about Cloud Security specifically in detail? How is that doing? Are customers gravitating towards that runtime agent architecture, and then any changes in the competitive landscape post the Wiz acquisition?
I'm just a thank you so much. Appreciate it. Thanks. Showing our last question will come from Joe Gallo from Jefferies.
Hey guys, thanks for the question. Um, I saw the blended Cortex and cloud numbers. Can you just talk more about cloud security specifically in detail? How is that doing? Are our customers gravitating towards that runtime agent architecture? And then, any changes in the competitive landscape post the Wiz acquisition?
Nikesh Arora: Look, I think the thesis we had with Cloud Security when we decided to make the change and launch Cortex Cloud was that the different elements of Cloud Security are all interconnected, from application security to Cloud Posture Security and to runtime security and Cloud SOC. I would say, six months since the Cortex Cloud launch, our belief and conviction in that thesis is even stronger. It is very clear that attacks are happening faster. We know that as more and more enterprises move into enterprise-critical applications of Cloud, that means Cloud runtime protection becomes even more important than ever before. From that, Nikesh made the comment of sort of both shift left and shift right. There is the shift left aspect, which is how do we shift left all the way to the beginnings of code writing and application security?
um,
look, I think the
The thesis we had with cloud security, when we decided to make the change in launching Cortex Cloud and...
Was that the different elements of cloud security are all interconnected from application security to Cloud posture security and, and to runtime Security in Cloud sock and I would say, you know, 6 months since the cortex Cloud launched our, our beliefs and conviction that thesis is even stronger. It is, it is very clear that attacks are happening faster. We know that as more and more Enterprises move Enterprise critical applications to the cloud. That means, Cloud runtime, protection becomes even more important than ever before.
And, and from that, and, and Nikesh made the comment of sort of both shift left and shift right?
Nikesh Arora: You saw us a couple of weeks ago launch application security posture management, which is our approach to making sure that everything developed for the Cloud is done in a secure way, such that what is deployed in production is as secure as it can be. With exposure management, we can then tie that across not only Cloud but enterprise, tie into the runtime, et cetera. So, our conviction in that is still very, very strong. We are seeing the response from our customers of being aligned with that strategy. Now it is just a question of a lot of execution to take our customers through that transformation, that journey over to Cortex Cloud.
There's the shift left aspect, which is, how do we shift left all the way to the the, you know, beginnings of codewriting and and application security. You saw us a couple weeks ago, launch application security posture management which is our approach to making sure that everything developed for the cloud is done in a secure way. Such that, what is deployed in production is as secure as it can be, um, with exposure management. We can then tie um that across not only Cloud but Enterprise tie into runtime Etc. And so, the, our conviction that is still very strong. We're seeing that the um,
The response from our customers has been positive regarding alignment with that strategy. And now it's just a question of a lot of execution to take our customers through that transformation journey over to Cortex Cloud.
Saket Kalia: Thank you.
Hamza Fodderwala: Okay. With that, we will conclude the Q&A portion of the call, and I will turn it back to Nikesh for his closing remarks.
Nikesh Arora: Well, I will add to that. Thank you again, everyone, for joining us today. I also want to once again say thank you to Nir Zuk for all his visionary leadership at Palo Alto Networks, and congratulations to Lee Klarich, our newest board member, who will continue our technological vision going forward. I look forward to seeing many of you at future conferences. I also once again want to thank our customers, employees, and partners for helping us deliver a wonderful quarter and at the end of the year, and we look forward to FY26. Have a great day.
Thank you. Okay. With that, we'll conclude the Q&A portion of the call, and I'll turn it back to the Cash Force for closing remarks.
Well, I'll have to say thank you again, everyone, for joining us today. I also want to once again say thank you to Nikesh Arora for all his visionary leadership at Palo Alto Networks, and congratulations to Leak Light, our newest board member, who will continue our technological vision going forward. I look forward to seeing many of you at future conferences. I also once again want to thank our customers, employees, and partners for helping us deliver a wonderful quarter. At the end of the video, we look forward to Q4 2025. Have a great day.