Q4 2025 Qualys Inc Earnings Call

February 5, 2026

Operator: Welcome to Qualys' fourth quarter 2025 investor call. At this time, all participants are in a listen-only mode. After the speaker's presentation, there will be a question-and-answer session. To ask a question during the session, you would need to press star 11 on your telephone. You will then hear an automated message advising your hand is raised. To withdraw your question, please press star 11 again. Please be advised that today's conference is being recorded. I would now like to turn the conference over to Blair King, Investor Relations. Please go ahead.

Speaker #1: presentation, there will be a After the speakers' question-and-answer session. To ask a question during the session, you would need to press star 11 on your telephone; you will then hear an automated message advising your hand is raised.

Speaker #1: If you have a question, please press star 1-1 again. Please be advised that today's conference is being recorded. I would now like to turn the conference over to Investor Relations.

Speaker #1: Blair King, investor Please go ahead.

Blair King: Thank you, Michelle. Good afternoon and welcome to Qualys' fourth quarter 2025 earnings call. Joining me today to discuss our results are Sumedh Thakar, President and CEO, and Joo Kim, our CFO. Before we get started, I'd like to remind you that our remarks today will include forward-looking statements that generally relate to our future events or future financial or operating performance. Actual results may differ materially from these statements. Factors that could cause results to differ materially are set forth in today's press release and our filings with the SEC, including our latest Form 10-Q and 10-K. Any forward-looking statements that we make on this call are based on assumptions as of today, and we undertake no obligation to update these statements as a result of new information or future events. During this call, we will present both GAAP and non-GAAP financial measures.

Speaker #2: and welcome to QUALYS's fourth quarter 2025 earnings call. Thank you, Michelle. And good afternoon are Samedh Thakar, president and Joining me today to discuss our results CEO, and Joo Kim, our CFO.

Blair King: Before we get started, I'd like to remind you that our remarks today will include forward-looking statements that generally relate to our future events or future financial or operating performance. Actual results may differ materially from these statements. Factors that could cause results to differ materially are set forth in today's press release and our filings with the SEC, including our latest Form 10-Q and 10-K. Any forward-looking statements that we make on this call are based on assumptions as of today, and we undertake no obligation to update these statements as a result of new information or future events. During this call, we will present both GAAP and non-GAAP financial measures. A reconciliation of GAAP to non-GAAP measures is included in today's earnings press release. As a reminder, the press release, prepared remarks, and investor presentation are all available on the investor relations section of our website.

Q4 2025 Qualys Inc Earnings Call

Request a DemoDemo

QLYS

Qualys

Earnings

Q4 2025 Qualys Inc Earnings Call

QLYS

Thursday, February 5th, 2026 at 10:00 PM

Transcript

No Transcript Available

No transcript data is available for this event yet. Transcripts typically become available shortly after an earnings call ends.

Want AI-powered analysis? Try AllMind AI →

Speaker #2: remind you that our remarks today Before we get started, I'd like to will include forward-looking statements that generally relate to our future events or future financial or operating performance.

Speaker #2: Actual results may differ materially from these statements. Factors that could cause results to differ materially are set forth in today's press release, and our filings with the SEC, including our latest Form 10Q and 10K.

Speaker #2: Any forward-looking statements that we make on this today and we undertake no obligation to call are based on assumptions as of update these statements as a result of new events.

Speaker #2: both GAAP and non-GAAP financial During this call, we will present measures. A reconciliation of GAAP to non-GAAP measures is included in today's earnings press release, and as a reminder, the press release prepared remarks and investor presentation are all available on the investor relations section of our website.

Blair King: A reconciliation of GAAP to non-GAAP measures is included in today's earnings press release. As a reminder, the press release, prepared remarks, and investor presentation are all available on the investor relations section of our website. With that, I'd like to now turn the call over to Sumedh.

Blair King: With that, I'd like to now turn the call over to Sumedh. Thank you, Blair, and welcome to our Q4 earnings call. As threat actors continue to compress time to exploit, we believe the next phase of pre-breach risk management will be defined by an agentic AI-driven risk fabric with out-of-the-box business quantification and automated remediation to respond to the speed of these threats. Against that backdrop, we continue to execute well in Q4, demonstrated by another quarter of strong revenue growth and profitability. In my conversations with hundreds of CIOs and CISOs, as well as security leaders from many of the world's largest and most innovative organizations, one message has remained consistently clear: reducing cyber risk isn't about detecting more exposures. It's about operationalizing a cyber risk management program that aligns spend with risk tolerance.

Speaker #2: to now turn the call over to

Speaker #2: Samedh. So with that, I'd like

Sumedh Thakar: Thank you, Blair, and welcome to our Q4 earnings call. As threat actors continue to compress time to exploit, we believe the next phase of pre-breach risk management will be defined by an agentic AI-driven risk fabric with out-of-the-box business quantification and automated remediation to respond to the speed of these threats. Against that backdrop, we continue to execute well in Q4, demonstrated by another quarter of strong revenue growth and profitability. In my conversations with hundreds of CIOs and CISOs, as well as security leaders from many of the world's largest and most innovative organizations, one message has remained consistently clear: reducing cyber risk isn't about detecting more exposures. It's about operationalizing a cyber risk management program that aligns spend with risk tolerance.

Speaker #3: Thank you, Blair, and welcome to As third actors continue to compress time to our fourth quarter earnings call. exploit, we believe the next phase of pre-breach risk management will be defined by an agentic AI-driven risk fabric with remediation to respond to out-of-the-box business quantification automated the speed of these threats.

Speaker #3: Against that backdrop, we continue to execute well in Q4, demonstrated by another quarter of strong revenue growth and profitability. In my conversations with hundreds of CIOs and CISOs, as well as security leaders from many of the world's largest and most innovative organizations, one message has remained consistently clear: reducing cyber risk isn't about detecting more exposures.

Speaker #3: a cyber risk management program that It's about operationalizing aligns spend with risk tolerance. In doing so, CISOs are increasingly prioritizing the unification of fragmented security stack into a centralized risk fabric.

Blair King: In doing so, CISOs are increasingly prioritizing the unification of fragmented security stack into a centralized risk fabric, one that serves as a credible alternative to single vendor platforms by bringing diverse risk vectors into a prioritized, measurable view of risk that their teams can confidently communicate and remediate at machine speed. That message was further amplified at our recently concluded ROCON conference in Mumbai, with attendance up over 30% from last year's event as we again broadened the agenda to include a business track. And with the advent of AI, which is democratizing cybercrime and enabling adversaries to operate with unprecedented speed and sophistication, this need is only intensifying. As a result, we believe that the future of pre-breach risk management belongs to vendor-agnostic, agentic AI-powered solutions that continuously predict, assist, confirm, quantify, prioritize, and remediate risk across on-prem and multi-cloud environments.

Sumedh Thakar: In doing so, CISOs are increasingly prioritizing the unification of fragmented security stack into a centralized risk fabric, one that serves as a credible alternative to single vendor platforms by bringing diverse risk vectors into a prioritized, measurable view of risk that their teams can confidently communicate and remediate at machine speed. That message was further amplified at our recently concluded ROCON conference in Mumbai, with attendance up over 30% from last year's event as we again broadened the agenda to include a business track. And with the advent of AI, which is democratizing cybercrime and enabling adversaries to operate with unprecedented speed and sophistication, this need is only intensifying. As a result, we believe that the future of pre-breach risk management belongs to vendor-agnostic, agentic AI-powered solutions that continuously predict, assist, confirm, quantify, prioritize, and remediate risk across on-prem and multi-cloud environments.

Speaker #3: One single vendor platforms by that serves as a credible alternative to bringing diverse risk vectors into a prioritized measurable view of risk and remediate at machine that their teams can confidently communicate speed.

Speaker #3: That message was further amplified at our recently concluded RockOn conference in Mumbai, with attendance up over 30% from last year's event, as we again broadened the agenda to include a business track.

Speaker #3: And with the advent of AI, which is democratizing cybercrime and enabling adversaries to operate with unprecedented speed and sophistication, this need is only intensifying.

Speaker #3: As a result, we believe that the future of pre-breach risk management belongs to vendor agnostic agentic AI-powered solutions that continuously predict, assist, confirm, quantify, prioritize, and remediate risk across on-prem and multi-cloud environments.

Blair King: Over the past years, we continue to execute relentlessly towards this vision, delivering meaningful platform innovation to help customers reduce risk faster, operate more efficiently, and stay ahead of an increasingly dynamic threat landscape. Accordingly, in 2025, we broadly expanded the Qualys ETM platform to third-party data and launched a powerful new orchestration layer that unifies Qualys and non-Qualys findings, applies our industry-leading threat intelligence, and delivers a business-contextual, quantified view of risk with built-in prioritization and automated remediation. Building on this foundation, we introduced an agentic AI risk fabric that assesses and normalizes diverse internal and external data sources, applications, and machines. We extended these capabilities with the first-of-a-kind agentic AI risk management marketplace, enabling security and IT teams to quickly augment their existing workforce with highly specialized, autonomous experts that significantly reduce time to remediation, increase accuracy, and reduce costs.

Sumedh Thakar: Over the past years, we continue to execute relentlessly towards this vision, delivering meaningful platform innovation to help customers reduce risk faster, operate more efficiently, and stay ahead of an increasingly dynamic threat landscape. Accordingly, in 2025, we broadly expanded the Qualys ETM platform to third-party data and launched a powerful new orchestration layer that unifies Qualys and non-Qualys findings, applies our industry-leading threat intelligence, and delivers a business-contextual, quantified view of risk with built-in prioritization and automated remediation. Building on this foundation, we introduced an agentic AI risk fabric that assesses and normalizes diverse internal and external data sources, applications, and machines. We extended these capabilities with the first-of-a-kind agentic AI risk management marketplace, enabling security and IT teams to quickly augment their existing workforce with highly specialized, autonomous experts that significantly reduce time to remediation, increase accuracy, and reduce costs.

Speaker #3: past years, we continue to execute a Over the relentlessly towards this vision. Delivering meaningful platform innovation to help customers reduce risk faster, operate more efficiently, and stay ahead of an increasingly dynamic threat landscape.

Speaker #3: Accordingly, in 2025, we broadly expanded the QUALYS ETM platform to third-party data layer that unifies QUALYS and and launched a powerful new orchestration non-QUALYS findings, applies our industry-leading threat intelligence, and delivers a business contextual quantified view of risk with built-in prioritization and automated remediation.

Speaker #3: Building on this foundation, we introduced an agentic AI risk fabric that assesses and normalizes diverse internal and external data sources, applications, and machines. We expanded these capabilities with the first-of-a-kind agentic AI risk management marketplace, enabling security and IT teams to quickly augment their existing workforce with highly specialized autonomous experts that significantly reduce time to remediation, increase accuracy, and reduce costs.

Speaker #3: To further close security gaps, we again organically enhance ETM with a natively integrated identity security posture management solution at a time when identities have become part of the new AI perimeter.

Blair King: To further close security gaps, we again organically enhanced ETM with a natively integrated identity security posture management solution at a time when identities have become part of the new AI perimeter. And further flexing the power of our platform, we are now confirming exploits before customers are compromised. While traditional continuous threat exposure management solutions rely on a theoretical risk score and ignore mitigating security controls, ETM takes a fundamentally different approach. On a single platform, it uniquely detects vulnerabilities, validates exploitability, applies remediation, and revalidates exploits using Agent Val, agentic AI workflow. The net result is that Qualys is redefining how organizations manage pre-breach risk management. While competitors continue to focus on detecting vulnerabilities or mapping theoretical exposures, Qualys has moved decisively beyond that model.

Sumedh Thakar: To further close security gaps, we again organically enhanced ETM with a natively integrated identity security posture management solution at a time when identities have become part of the new AI perimeter. And further flexing the power of our platform, we are now confirming exploits before customers are compromised. While traditional continuous threat exposure management solutions rely on a theoretical risk score and ignore mitigating security controls, ETM takes a fundamentally different approach. On a single platform, it uniquely detects vulnerabilities, validates exploitability, applies remediation, and revalidates exploits using Agent Val, agentic AI workflow. The net result is that Qualys is redefining how organizations manage pre-breach risk management. While competitors continue to focus on detecting vulnerabilities or mapping theoretical exposures, Qualys has moved decisively beyond that model.

Speaker #3: And further flexing the power of our platform, we are now confirming exploits before customers are compromised, while traditional continuous threat exposure management solutions rely on a theoretical risk score and ignore mitigating security controls ETM takes a fundamentally different approach.

Speaker #3: single platform, it uniquely detects On a vulnerabilities, validates exploitability, applies remediation, and revalidates exploit using agent val, agentic AI workflow. The net result is that QUALYS is redefining how organizations manage pre-breach risk management.

Speaker #3: While competitors continue to focus on detecting vulnerabilities or mapping theoretical exposures, QUALYS has moved decisively beyond that model. We are pioneering the first agentic AI native risk operation center, ROC, a new category in cybersecurity designed to centralize an organization's response to threats spanning exploit confirmation to autonomous remediation.

Blair King: We are pioneering the first agentic AI-native risk operations center, ROC, a new category in cybersecurity designed to centralize an organization's response to threats, spanning exploit confirmation to autonomous remediation. Powered by our ETM solution, the ROC presents a fundamental divergence from traditional CTEM tools. Competitors can point to exposures. They can't quantify cyber risk in dollar terms that matters most to the business, and they cannot adequately fix that. ETM fills that gap. This is what sets Qualys apart. We don't stop at detection and non-quantifiable prioritization. We natively integrate CTEM, exploit confirmation, risk quantification, and remediation operations into a single AI-powered workflow, leveraging both Qualys and non-Qualys data sources. In doing so, our architecture orchestrates and implements a perception, reasoning, action loop, enabling autonomous agents to collect real-time telemetry, reason through risk signals, plan response workflows, and execute actions.

Sumedh Thakar: We are pioneering the first agentic AI-native risk operations center, ROC, a new category in cybersecurity designed to centralize an organization's response to threats, spanning exploit confirmation to autonomous remediation. Powered by our ETM solution, the ROC presents a fundamental divergence from traditional CTEM tools. Competitors can point to exposures. They can't quantify cyber risk in dollar terms that matters most to the business, and they cannot adequately fix that. ETM fills that gap. This is what sets Qualys apart. We don't stop at detection and non-quantifiable prioritization. We natively integrate CTEM, exploit confirmation, risk quantification, and remediation operations into a single AI-powered workflow, leveraging both Qualys and non-Qualys data sources. In doing so, our architecture orchestrates and implements a perception, reasoning, action loop, enabling autonomous agents to collect real-time telemetry, reason through risk signals, plan response workflows, and execute actions.

Speaker #3: Powered by our ETM solution, the ROC represents a fundamental divergence from traditional CTEM tools, competitors can point to exposures they can't quantify cyber risk in dollar terms that matters most to the business, and they cannot adequately fix that.

Speaker #3: ETM fills that gap. This is what sets QUALYS apart. We don't stop at detection and non-quantifiable prioritization. We natively integrate CTEM, exploit confirmation, risk quantification, and remediation operations into a single AI-powered workflow, leveraging both QUALYS and non-QUALYS data sources.

Speaker #3: In doing so, our architecture orchestrates and implements a perception reasoning action loop, enabling autonomous agents to collect real-time telemetry, reason through risk signals, plan response workflows, and execute actions.

Speaker #3: This enables organizations to holistically predict emerging risks, across infrastructure, cloud, application security, IoT, and identities, safely confirm probable exploits, prioritize threats based on business impact, remediate through patching, or other compensating controls, and verify the effectiveness of the remediated tactic.

Blair King: This enables organizations to holistically predict emerging risks across infrastructure, cloud, application security, IoT, and identities, safely confirm probable exploits, prioritize threats based on business impact, remediate through patching or other compensating controls, and verify the effectiveness of the remediated tactic. This end-to-end vendor-neutral approach is catalyzing a paradigm shift in pre-breach cyber risk management where customers aren't just seeing their risk holistically across the risk stack. They're validating it, quantifying it, and reducing it continuously and autonomously at scale. By aligning security and IT decisions directly with business priorities, we are providing organizations with measurable proactive risk reduction that brings customer value. Armed with this fresh new set of capabilities and early momentum already validating this model, we are now laser-focused on accelerating ETM adoption through our VMDR customer base and positioning Qualys for larger upsell opportunities over time.

Sumedh Thakar: This enables organizations to holistically predict emerging risks across infrastructure, cloud, application security, IoT, and identities, safely confirm probable exploits, prioritize threats based on business impact, remediate through patching or other compensating controls, and verify the effectiveness of the remediated tactic. This end-to-end vendor-neutral approach is catalyzing a paradigm shift in pre-breach cyber risk management where customers aren't just seeing their risk holistically across the risk stack. They're validating it, quantifying it, and reducing it continuously and autonomously at scale. By aligning security and IT decisions directly with business priorities, we are providing organizations with measurable proactive risk reduction that brings customer value. Armed with this fresh new set of capabilities and early momentum already validating this model, we are now laser-focused on accelerating ETM adoption through our VMDR customer base and positioning Qualys for larger upsell opportunities over time.

Speaker #3: This end-to-end vendor-neutral approach is catalyzing a paradigm shift in pre-breach cyber risk management, where customers aren't just seeing their risk holistically across their risk stack; they're validating it, quantifying it, and reducing it continuously and autonomously at scale.

Speaker #3: By aligning security and IT decisions directly with business priorities, we are providing organizations with measurable, proactive risk reduction that brings customer value. Armed with this fresh new set of capabilities and early momentum already validating this model, we are now laser-focused on accelerating ETM adoption through our VMDR customer base and positioning QUALYS for larger upsell opportunities over time.

Blair King: Moving to our business update, with customers spending $500,000 or more with us growing 4% from a year ago to 215, let me now share a couple of recent wins which illustrate why organizations are ready to centralize their response to cyber risk or turning to Qualys to help unify their security stack, quantify, and remediate risk in their environment, and fortify their security operations. First, an existing Global 50 customer was struggling under the weight of multiple unintegrated security tools, millions of vulnerabilities, and limited visibility into the overall risk profile. Traditional prioritization methods were unable to adequately filter critical findings, leaving security and IT teams without the necessary business context to act decisively. Consequently, this customer selected Qualys and launched a strategic initiative to unify their security stack by transforming siloed risk signals, spanning on-prem and multi-cloud environments, into a cohesive Agentic AI-native risk management solution.

Sumedh Thakar: Moving to our business update, with customers spending $500,000 or more with us growing 4% from a year ago to 215, let me now share a couple of recent wins which illustrate why organizations are ready to centralize their response to cyber risk or turning to Qualys to help unify their security stack, quantify, and remediate risk in their environment, and fortify their security operations. First, an existing Global 50 customer was struggling under the weight of multiple unintegrated security tools, millions of vulnerabilities, and limited visibility into the overall risk profile. Traditional prioritization methods were unable to adequately filter critical findings, leaving security and IT teams without the necessary business context to act decisively. Consequently, this customer selected Qualys and launched a strategic initiative to unify their security stack by transforming siloed risk signals, spanning on-prem and multi-cloud environments, into a cohesive Agentic AI-native risk management solution.

Speaker #3: update with customers spending Moving to our business $500,000 or more with us growing 4% from a year ago to $215, let me now share a couple of recent wins which illustrate why organizations are ready to centralize their response to cyber risk are turning to QUALYS to help unify their security stack, quantify and remediate risk in their environment, and fortify their security operations.

Speaker #3: First, an existing global 50 customer was struggling under the weight of multiple unintegrated security tools. Millions of vulnerabilities and limited visibility into the overall risk profile.

Speaker #3: Traditional prioritization methods were unable to adequately filter critical findings, leaving security and IT teams without the necessary business context to act decisively. Consequently, this customer selected QUALYS and launched a strategic initiative to unify their security stack by transforming siloed risk signals, spanning on-prem and multi-cloud environment, into a cohesive agentic AI native risk management solution.

Speaker #3: This included expanding the ETM deployment to further operationalize their ROC with ingested third-party data from several sources, resulting in a mid-six-figure annual bookings upsell.

Blair King: This included expanding the ETM deployment to further operationalize the ROC with ingested third-party data from several sources, resulting in a mid-six-figure annual bookings upsell. By consolidating these data sources into the Qualys platform, we are now delivering this customer a unified orchestration layer and full visibility of their attack surface, centralized risk assessment, quantification, prioritization, and remediation workflows, while unleashing the operational efficiency of the stack consolidation. This expansion of the ROC underscores the power of our platform and reinforces Qualys' ability to unify siloed risk signals, operate as an autonomous defense layer, strengthen customer outcomes aligned to the business risk tolerance, and advance our leadership in the industry. Leveraging our MROC partner ecosystem, we are also pulling new business into Qualys.

Sumedh Thakar: This included expanding the ETM deployment to further operationalize the ROC with ingested third-party data from several sources, resulting in a mid-six-figure annual bookings upsell. By consolidating these data sources into the Qualys platform, we are now delivering this customer a unified orchestration layer and full visibility of their attack surface, centralized risk assessment, quantification, prioritization, and remediation workflows, while unleashing the operational efficiency of the stack consolidation. This expansion of the ROC underscores the power of our platform and reinforces Qualys' ability to unify siloed risk signals, operate as an autonomous defense layer, strengthen customer outcomes aligned to the business risk tolerance, and advance our leadership in the industry. Leveraging our MROC partner ecosystem, we are also pulling new business into Qualys.

Speaker #3: By consolidating these data sources into the QUALYS platform, we are now delivering this customer a unified orchestration layer and full visibility centralized risk assessment, quantification, of their attack surface, prioritization, and remediation workflows while unleashing the operational efficiency of the stack consolidation.

Speaker #3: of the ROC underscores the power of This expansion our platform and reinforces QUALYS' ability to unify siloed risk signals, operate at an autonomous defense layer, strengthen customer outcomes aligned to the business risk tolerance, and advance our leadership in the industry.

Speaker #3: Leveraging our MROC partner ecosystem, we are also pulling new business into QUALYS. During the planning stages of launching a new ETM POC with a global 200 company in Latin America, we secured a seven-figure annual bookings upsell, which included our total cloud CNAP and policy audit solutions.

Blair King: During the planning stages of launching a new ETM POC with a Global 200 company in Latin America, we secured a $ seven-figure annual bookings upsell, which included our TotalCloud CNAPP and Policy Audit solutions. This win demonstrates the leverage of our partner-led motion and our ability to convert early engagements into meaningful multi-solution growth. Turning to our federal business, we achieved a $ mid-six-figure expansion with one of the federal government's most visible shared security services utilized by several large government agencies nationwide. Faced with an overwhelming volume of security issues and limited resources to continuously assess risk across fragmented tools and manual workflows, this customer chose Qualys for its cloud-native FedRAMP high-authorized platform to enable a centralized government program that quantitatively prioritizes risk with automated assessment, standard outputs, and low operational overhead.

Sumedh Thakar: During the planning stages of launching a new ETM POC with a Global 200 company in Latin America, we secured a $ seven-figure annual bookings upsell, which included our TotalCloud CNAPP and Policy Audit solutions. This win demonstrates the leverage of our partner-led motion and our ability to convert early engagements into meaningful multi-solution growth. Turning to our federal business, we achieved a $ mid-six-figure expansion with one of the federal government's most visible shared security services utilized by several large government agencies nationwide. Faced with an overwhelming volume of security issues and limited resources to continuously assess risk across fragmented tools and manual workflows, this customer chose Qualys for its cloud-native FedRAMP high-authorized platform to enable a centralized government program that quantitatively prioritizes risk with automated assessment, standard outputs, and low operational overhead.

Speaker #3: of our partner-led motion and This win demonstrates the leverage our ability to convert early engagements into meaningful multi-solution growth. Turning to our federal business, we achieved a mid-six-figure expansion with one of the federal government's most visible shared security services, utilized by several large government agencies nationwide.

Speaker #3: Faced with an overwhelming volume of security issues at limited resources to continuously assess risk across fragmented tools and manual workflows, this customer chose QUALYS for its cloud-native FedRAMP high-authorized platform to enable a centralized government program that quantitatively prioritizes risk with automated assessment, standard outputs, and low operational overhead.

Speaker #3: Given the success of this deployment, we are now working towards a multi-agency ETM rollout representing a significant upsell opportunity as this shared service team prepares to operationalize its risk operation center.

Blair King: Given the success of this deployment, we are now working towards a multi-agency ETM rollout, representing a significant upsell opportunity as this shared services team prepares to operationalize its risk operations center. These results, alongside another six-figure upsell with a separate large federal agency, reinforce our proven ability to align technical capabilities with operational outcomes that address modern security challenges and underscore the long-term growth opportunity in our federal business. Beyond these wins, we are also gaining more leverage from our partner ecosystem. As we continue to endorse a partner-first-sales motion, partner-led deal registration increased again in Q4, reflecting deeper alignment and execution across the channel. In addition, with well over a dozen certified MROC partners actively launching new services, momentum continues to build towards a global ROC alliance, fueling our capability, harnessing transformative solution sales, and bringing new business to Qualys.

Sumedh Thakar: Given the success of this deployment, we are now working towards a multi-agency ETM rollout, representing a significant upsell opportunity as this shared services team prepares to operationalize its risk operations center. These results, alongside another six-figure upsell with a separate large federal agency, reinforce our proven ability to align technical capabilities with operational outcomes that address modern security challenges and underscore the long-term growth opportunity in our federal business. Beyond these wins, we are also gaining more leverage from our partner ecosystem. As we continue to endorse a partner-first-sales motion, partner-led deal registration increased again in Q4, reflecting deeper alignment and execution across the channel. In addition, with well over a dozen certified MROC partners actively launching new services, momentum continues to build towards a global ROC alliance, fueling our capability, harnessing transformative solution sales, and bringing new business to Qualys.

Speaker #3: These results, alongside another six-figure upsell with a separate large federal agency, reinforce our proven ability to align technical capabilities with operational outcomes that address modern security challenges and underscore the long-term growth opportunity in our federal business.

Speaker #3: Beyond these wins, we are also gaining more leverage from our partner ecosystem. As we continue to endorse a partner-first sales motion, partner-led deal registration increased again in Q4.

Speaker #3: Reflecting deeper alignment and execution across the channel. In addition, with well over a dozen certified MROC partners actively launching new services, momentum continues to build towards a global ROC alliance, fueling our capability, harnessing transformative solution sales, and bringing new business to QUALYS.

Speaker #3: Further contributing to our growth profile, QFlex to help customers accelerate and maximize adoption of the QUALYS ETM platform. Given the strong customer response and early success of this model, we plan to continue to focus on proactively identifying opportunities to leverage QFlex to enable select customers and partners to accelerate their adoption of QUALYS solutions in 2026.

Blair King: Further contributing to our growth profile, in Q4, we continued beta testing QFlex to help customers accelerate and maximize adoption of the Qualys ETM platform. Given the strong customer response and early success of this model, we plan to continue to focus on proactively identifying opportunities to leverage QFlex to enable select customers and partners to accelerate their adoption of Qualys solutions in 2026. In summary, we are fundamentally changing how organizations manage pre-breach cyber risk by unifying CTEM with exploit confirmation, risk quantification, and automated remediation powered by an agentic AI risk fabric. Our rapid pace of innovation and strategic investments are driving strong competitive differentiation, deeper ROC adoption, broader engagements across large federal agencies, growing partner-led execution, and initial QFlex success.

Sumedh Thakar: Further contributing to our growth profile, in Q4, we continued beta testing QFlex to help customers accelerate and maximize adoption of the Qualys ETM platform. Given the strong customer response and early success of this model, we plan to continue to focus on proactively identifying opportunities to leverage QFlex to enable select customers and partners to accelerate their adoption of Qualys solutions in 2026. In summary, we are fundamentally changing how organizations manage pre-breach cyber risk by unifying CTEM with exploit confirmation, risk quantification, and automated remediation powered by an agentic AI risk fabric. Our rapid pace of innovation and strategic investments are driving strong competitive differentiation, deeper ROC adoption, broader engagements across large federal agencies, growing partner-led execution, and initial QFlex success.

Speaker #3: In summary, we are fundamentally changing how organizations manage pre-breach cyber risk by unifying CTEP with expert-confirmation risk quantification and automated remediation powered by an agentic AI risk fabric.

Speaker #3: Our rapid pace of innovation and strategic investments are driving strong competitive differentiation, deeper ROC adoption, broader engagements across large federal agencies, growing partner-led execution, and initial QFlex success.

Blair King: Looking ahead to 2026, we'll continue our disruptive innovation, further advance our go-to-market investments, and execute our ROC vision with a balanced approach to long-term growth and profitability. With that, I will turn the call over to Joo Mi Kim to further discuss our Q4 results and outlook for the Q1 and full year 2026. Thanks, Maddie, and good afternoon. Before I start, I'd like to note that except for revenues, all financial figures are non-GAAP, and growth rates are based on comparison to the prior year period unless stated otherwise. We're pleased to report a healthy finish to the year, highlighting our continued execution, financial discipline, and scalable business model. For the full year, we grew revenues by 10% to $669.1 million and achieved adjusted EBITDA margin of 47%, even with continued 14% growth in investments and sales and marketing.

Sumedh Thakar: Looking ahead to 2026, we'll continue our disruptive innovation, further advance our go-to-market investments, and execute our ROC vision with a balanced approach to long-term growth and profitability. With that, I will turn the call over to Joo Mi Kim to further discuss our Q4 results and outlook for the Q1 and full year 2026.

Speaker #3: In 2026, we'll continue our disruptive innovation. Looking ahead, we plan to further advance our go-to-market investments and execute our ROC vision with a balanced approach to long-term growth and profitability.

Speaker #3: With that, I will turn the call over to Jumi to further discuss our fourth-quarter results and outlook for the first quarter and full year 2026.

Joo Mi Kim: Thanks, Maddie, and good afternoon. Before I start, I'd like to note that except for revenues, all financial figures are non-GAAP, and growth rates are based on comparison to the prior year period unless stated otherwise. We're pleased to report a healthy finish to the year, highlighting our continued execution, financial discipline, and scalable business model. For the full year, we grew revenues by 10% to $669.1 million and achieved adjusted EBITDA margin of 47%, even with continued 14% growth in investments and sales and marketing.

Speaker #2: Thanks, Ned and good afternoon. Before I start, I'd like to note that except for revenue, all financial figures are non-gas and growth rates are based on comparison to the prior year period unless stated otherwise.

Speaker #2: We're pleased to report a healthy finish to the year. Highlighting our continued execution, financial discipline, and scalable business model. For the full year, we grew revenues by 10% to $669.1 million, and achieved adjusted EBITDA margin of 47%.

Speaker #2: Even with continued 14% growth and investments in sales and marketing, net income and EPS grew 13% and 15% to $257.8 million and $7.07 per diluted share, respectively.

Blair King: Net income and EPS grew 13% and 15% to $257.8 million and 7.07 per diluted share, respectively. Free cash flow reached $304.4 million with 45% of revenues, all of which exceeded our expectations for the year. Turning to fourth quarter results, revenues grew 10% to $175.3 million. The channel continued to increase its contribution, making up 51% of total revenues compared to 48% a year ago. Revenues from channel partners grew 17%, outpacing direct, which grew 4%. As a result of our strategic emphasis on leveraging our partner ecosystem to drive growth, we expect this trend to continue. By geo, 15% growth outside the US was ahead of our domestic business, which grew 6%. US and international revenue mix was 56% and 44%, respectively.

Joo Mi Kim: Net income and EPS grew 13% and 15% to $257.8 million and 7.07 per diluted share, respectively. Free cash flow reached $304.4 million with 45% of revenues, all of which exceeded our expectations for the year. Turning to fourth quarter results, revenues grew 10% to $175.3 million. The channel continued to increase its contribution, making up 51% of total revenues compared to 48% a year ago. Revenues from channel partners grew 17%, outpacing direct, which grew 4%. As a result of our strategic emphasis on leveraging our partner ecosystem to drive growth, we expect this trend to continue. By geo, 15% growth outside the US was ahead of our domestic business, which grew 6%. US and international revenue mix was 56% and 44%, respectively.

Speaker #2: And free cash flow reached $304.4 million, or 45% of revenues, all of which exceeded our expectations for the year. Turning to fourth-quarter results, revenues grew 10% to $175.3 million.

Speaker #2: The channel continued to increase its contribution, making a 51% of total revenues compared to 48% a year ago. Revenues from channel partners grew 17%, outpacing direct, which grew 4%.

Speaker #2: As a result of our strategic emphasis on leveraging our partner ecosystem to drive growth, we expect this trend to continue. By GEO, 15% growth outside the US was ahead of our domestic business, which grew 6%.

Speaker #2: US and international revenue mix was 56% and 44%, respectively. With customers confirming their prioritization of security within IT budgets, we anticipate the selling environment in 2026 to remain similar to last year, with a low to mid-single-digit growth in security spend persisting for the foreseeable future.

Blair King: With customers confirming their prioritization of security within IT budgets, we anticipate the selling environment in 2026 to remain similar to last year, with a low to mid-single-digit growth in security spend persisting for the foreseeable future. Reflecting this sentiment, our Gross Dollar Retention rate remained comfortably above 90%. We saw a modest sequential decline in Q4, with our Net Dollar Expansion rate at 103%, down from 104% last quarter. In terms of product mix, our differentiated new products continue to drive growth, with all three of the following increasing contribution to bookings in 2025. First, CyberSecurity Asset Management, combined with ETM, made up 10% of total bookings and 13% of new bookings in 2025, up from last year's 8% and 9%, respectively. Next, Patch Management made up 8% of total bookings and 16% of new bookings in 2025, up from last year's 7% and 16%, respectively.

Joo Mi Kim: With customers confirming their prioritization of security within IT budgets, we anticipate the selling environment in 2026 to remain similar to last year, with a low to mid-single-digit growth in security spend persisting for the foreseeable future. Reflecting this sentiment, our Gross Dollar Retention rate remained comfortably above 90%. We saw a modest sequential decline in Q4, with our Net Dollar Expansion rate at 103%, down from 104% last quarter. In terms of product mix, our differentiated new products continue to drive growth, with all three of the following increasing contribution to bookings in 2025. First, CyberSecurity Asset Management, combined with ETM, made up 10% of total bookings and 13% of new bookings in 2025, up from last year's 8% and 9%, respectively. Next, Patch Management made up 8% of total bookings and 16% of new bookings in 2025, up from last year's 7% and 16%, respectively.

Speaker #2: Reflecting this sentiment, our gross dollar retention rate remained comfortably above 90%, but saw a modest sequential decline in Q4, with our net dollar expansion rate at 103%, down from 104% last quarter.

Speaker #2: In terms of product mix, our differentiated new products continue to drive growth, with all three of the following increase in contribution to bookings in 2025.

Speaker #2: First, cybersecurity asset management, combined with ETM, made up 10% of total bookings and 13% of new bookings in 2025, up from last year's respectively.

Speaker #2: Patch management made up 8% of next total bookings and 16% of new bookings in 2025, up from last year's 7% and 16%, respectively. Lastly, total cloud made up 5% of total bookings in 2025, up from 4% a year ago.

Blair King: Lastly, TotalCloud made up 5% of total bookings in 2025, up from 4% a year ago. We believe that these differentiated products combined will continue to increase contribution to bookings in 2026, given our opportunity to increase market share and maximize share of wallet. Turning to profitability, Adjusted EBITDA for the fourth quarter of 2025 was $82.6 million, representing a 47% margin, same as last year's. Operating expenses in Q4 increased by 11% to $68.9 million, driven by investments in sales and marketing, which grew 18%. With this strong performance, EPS for the fourth quarter of 2025 was $1.87 per diluted share, and our Free Cash Flow was $74.9 million, representing a 43% margin compared to 26% in the prior year.

Joo Mi Kim: Lastly, TotalCloud made up 5% of total bookings in 2025, up from 4% a year ago. We believe that these differentiated products combined will continue to increase contribution to bookings in 2026, given our opportunity to increase market share and maximize share of wallet. Turning to profitability, Adjusted EBITDA for the fourth quarter of 2025 was $82.6 million, representing a 47% margin, same as last year's. Operating expenses in Q4 increased by 11% to $68.9 million, driven by investments in sales and marketing, which grew 18%. With this strong performance, EPS for the fourth quarter of 2025 was $1.87 per diluted share, and our Free Cash Flow was $74.9 million, representing a 43% margin compared to 26% in the prior year.

Speaker #2: We believe that these differentiated products combined will continue to increase contribution to bookings in 2026, given our opportunity to increase market share and maximize share of wallet.

Speaker #2: profitability, adjusted EBITDA for Turning to the fourth quarter of 2025 was $82.6 million, representing a 47% margin, same as last year's. Operating expenses in Q4 increased by 11% to $68.9 million, driven by investments in sales and marketing, which grew 18%.

Speaker #2: With a strong performance, EPS for the fourth quarter of 2025 was $1.87 per diluted share, and our free cash flow was $74.9 margin, compared to 26% in the million.

Speaker #2: Representing a 43% year. In Q4, we continued to invest a cash we generated from operations back into QUALYS, including $724,000 on capital expenditures, and $44.7 million to repurchase $328,000 of our outstanding shares.

Blair King: In Q4, we continue to invest the cash we generated from operations back into Qualys, including $724,000 on capital expenditures and $44.7 million to repurchase 328,000 of our outstanding shares. Since commencing our share repurchase program in February of 2018, we've repurchased 10.7 million shares and returned over $1.2 billion in cash to shareholders. As of the end of the quarter, we had $160.5 million remaining in our share repurchase program. We're pleased to announce that our board has authorized another increase of $200 million to the share repurchase program, bringing the total available amount for share repurchases to $360.5 million. With that, let us turn to guidance, starting with revenues. For the full year 2026, we expect revenues to be in the range of $717 to 725 million, which represents a growth rate of 7% to 8%.

Joo Mi Kim: In Q4, we continue to invest the cash we generated from operations back into Qualys, including $724,000 on capital expenditures and $44.7 million to repurchase 328,000 of our outstanding shares. Since commencing our share repurchase program in February of 2018, we've repurchased 10.7 million shares and returned over $1.2 billion in cash to shareholders. As of the end of the quarter, we had $160.5 million remaining in our share repurchase program. We're pleased to announce that our board has authorized another increase of $200 million to the share repurchase program, bringing the total available amount for share repurchases to $360.5 million. With that, let us turn to guidance, starting with revenues. For the full year 2026, we expect revenues to be in the range of $717 to 725 million, which represents a growth rate of 7% to 8%.

Speaker #2: Since commencing our share repurchase program in February of 2018, we've repurchased $10.7 million shares and returned over $1.2 billion in cash to shareholders. As of the end of the quarter, we had $160.5 million remaining in our share repurchase program.

Speaker #2: guidance, starting with revenues. For the full year 2026, we expect revenues to be in the range of $717 to $725 million, which represents a growth rate of 7 to 8%.

Speaker #2: For the first quarter of 2026, we expect revenues to be in the range of $172.5 to $174.5 million. Representing a growth rate of 8 to 9%.

Blair King: For Q1 2026, we expect revenues to be in the range of $172.5 to 174.5 million, representing a growth rate of 8% to 9%. This guidance assumes no material change in our Net Dollar Expansion rate, with moderate growth contribution from new business in 2026. Shifting to profitability guidance, for the full year 2026, we expect EBITDA margin to be in the mid-40s, implying mid-teens increase in operating expenses, and free cash flow margin in the low 40s. We expect full-year EPS to be in the range of 7.17 to 7.45. For Q1 2026, we expect EPS to be in the range of 1.76 to 1.83. Our planned capital expenditures in 2026 are expected to be in the range of $8 to 12 million, and for Q1 2026, in the range of $1.2 to 2.6 million.

Joo Mi Kim: For Q1 2026, we expect revenues to be in the range of $172.5 to 174.5 million, representing a growth rate of 8% to 9%. This guidance assumes no material change in our Net Dollar Expansion rate, with moderate growth contribution from new business in 2026. Shifting to profitability guidance, for the full year 2026, we expect EBITDA margin to be in the mid-40s, implying mid-teens increase in operating expenses, and free cash flow margin in the low 40s. We expect full-year EPS to be in the range of 7.17 to 7.45. For Q1 2026, we expect EPS to be in the range of 1.76 to 1.83. Our planned capital expenditures in 2026 are expected to be in the range of $8 to 12 million, and for Q1 2026, in the range of $1.2 to 2.6 million.

Speaker #2: This guidance assumes no material change in our net dollar expansion rate, with moderate growth contribution from new business in 2026. Shifting to profitability guidance, for the full year 2026, we expect EBITDA margin to be in the mid-40s, implying mid-teens increase in operating expenses, and free cash flow margin in the low-40s.

Speaker #2: We expect full-year EPS to be in the range of $7.17 to $7.45. For the first quarter of 2026, we expect EPS to be in the range of $1.76 to $1.83.

Speaker #2: Our planned capital expenditures in 2026 are expected to be in the range of $8 to $12 million. And for the first quarter of 2026, in the range of $1.2 to $2.6 million.

Speaker #2: In 2026, with respect to operating expenses, we plan to align our product and marketing investments to focus on specific initiatives aimed at driving more pipeline, accelerating our partner program, and expanding our federal vertical.

Blair King: In 2026, with respect to operating expenses, we plan to align our product and marketing investments to focus on specific initiatives aimed at driving more pipeline, accelerating our partner program, and expanding our federal vertical. As a percentage of revenues, we expect to prioritize an increase in investments in sales and marketing, with more modest increases in engineering and G&A. With that, Sumedh and I would be happy to answer any of your questions.

Joo Mi Kim: In 2026, with respect to operating expenses, we plan to align our product and marketing investments to focus on specific initiatives aimed at driving more pipeline, accelerating our partner program, and expanding our federal vertical. As a percentage of revenues, we expect to prioritize an increase in investments in sales and marketing, with more modest increases in engineering and G&A. With that, Sumedh and I would be happy to answer any of your questions.

Speaker #2: As a percentage of revenues, we expect to prioritize an increase in investments in sales and marketing, with more modest increases in engineering and G&A.

Speaker #2: With that, Sumed and I would be happy to answer any of your questions.

Speaker #1: Thank you. As a reminder to ask a question, please press star 11 on your telephone. And wait for your name to be announced. To withdraw your question, please press star 11 again.

Operator: Thank you. As a reminder to ask a question, please press star 11 on your telephone and wait for your name to be announced. To withdraw your question, please press star 11 again. The first question comes from Jonathan Ho with William Blair. Your line is open.

Speaker #1: And the first question comes from Jonathan Ho with William Blair. You're lying is open.

Speaker #2: Hi, good afternoon, and congratulations on the strong quarter. Can you talk a little bit more about some of your QFLEX offerings and how it potentially helps remove friction and perhaps encourages broader adoption of your platform?

Jonathan Ho: Hi, good afternoon, and congratulations on the strong quarter. Can you talk a little bit more about some of your QFlex offerings and how it potentially helps remove friction and perhaps encourages broader adoption of your platform?

Speaker #3: Yeah, thank you very much. And that's a great question. We've talked about this last quarter as well. I think if you have to, if you take that in relation to what we are doing with the risk operations center and ETM, and how we're differentiating ourselves from the exposure management solutions, is that the ability to detect all your assets, find your vulnerabilities, ability to use agentic AI to actually not only prioritize those, which is what a lot of these exposure management solutions do, which is just giving you a score, we're leveraging the ability to use agentic AI to confirm those exploits within the environment, which is very differentiated from what everybody does.

Sumedh Thakar: Yeah, thank you very much. That's a great question. We've talked about this last quarter as well. I think if you take that in relation to what we are doing with the Risk Operations Center and ETM, and how we're differentiating ourselves from the exposure management solutions is that the ability to detect all your assets, find your vulnerabilities, ability to use Agentic AI to actually not only prioritize those, which is what a lot of these exposure management solutions do, which is just giving you a score. We're leveraging the ability to use Agentic AI to confirm those exploits within the environment, which is very differentiated from what everybody does. But then after that, actually, the ability to also remediate those.

Speaker #3: But then after that, actually, the ability to also remediate those—and so being able to get this end-to-end very quickly, very fast before attackers are leveraging AI to do the same for your environment—the QFLEX proposal allows the customer, at their pace, to then be able to platform with Qualys and do that over a period of time during their subscription with us. That allows them to maybe initially start with more of that prioritization and confirmation, but then as the year goes by, it allows them to leverage our eliminate capabilities more and more to be able to focus on getting the outcome of getting these things fixed.

Sumedh Thakar: And so being able to get this end-to-end very quickly, very fast, before attackers are leveraging AI to do the same for your environment, the QFlex proposal allows the customer at their pace to then be able to consolidate a lot of these capabilities on a single platform with Qualys and do that over a period of time during their subscription with us, which allows them to maybe initially start with more of that prioritization and confirmation. But then as the year goes by, it allows them then to leverage our eliminate capabilities more and more to be able to focus on getting the outcome of getting these things fixed. And so what we're excited about is our conversations initially with the customers that have adopted this have been very positive in the fact that the security environment is not a static environment at the beginning of the year.

Speaker #3: And so we're excited about is our conversations initially with the customers that have adopted this, have been very positive in the fact that the security environment is not a static environment at the beginning of the year.

Speaker #3: It is continuously changing throughout the year. And the flexibility that that pricing model offers them to actually be able to leverage different QUALYS capabilities throughout the year as the threats change, is a very big positive for them.

Sumedh Thakar: It is continuously changing throughout the year. The flexibility that that pricing model offers them to actually be able to leverage different Qualys capabilities throughout the year as the threats change is a very big positive for them. So really happy with the feedback we have gotten in the beta phase. And at this year, 2026, we look forward to doing more of that and moving more towards a GA model for that.

Speaker #3: So really happy with the feedback we have gotten in the beta phase. And at this year, 2026, we look forward to doing more of that and moving more towards the GA model for that.

Speaker #1: Got it. Got it. And then just in terms of some of your comments around AI, I mean, clearly you're seeing a lot of customer interest here.

Jonathan Ho: Got it. Got it. And then just in terms of some of your comments around AI, I mean, clearly you're seeing a lot of customer interest here. Can you maybe help us understand where the customer is in terms of their AI journey and also help us understand what that uplift opportunity looks like for Qualys? So if you start selling more of these agentic products, AI sort of native products, how do we think about how that can impact sort of net retention going forward? Thank you.

Speaker #1: Can you maybe help us understand where the customer is in terms of their AI journey and also help us understand what that uplift opportunity looks like for QUALYS?

Speaker #1: So, if you start selling more of these agentic products, AI sort of native products, how do we think about how that can impact sort of net retention going forward?

Speaker #1: Thank you.

Speaker #3: Sure. I think a lot of people talk about AI is embedded in their platform. I think where we differentiate ourselves is the what we have done is introduce the concept of an AI agent marketplace within the platform, which allows the customers to actually augment their workforce, their security team, which we have talked about this for years, that there's never been enough talent in the security space.

Sumedh Thakar: Sure. I think a lot of people talk about AI is embedded in their platform. I think where we differentiate ourselves is what we have done is introduce the concept of an AI agent marketplace within the platform, which allows the customers to actually augment their workforce, their security team, which we have talked about this for years, that there's never been enough talent in the security space. So the ability to get Agent Sarah, who's an expert in patches data, the ability to get Agent Val, who's an expert agent with skill sets that can autonomously make calculations and decisions on exploitation, remediation.

Speaker #3: So, the ability to get agent Sarah, who's an expert in patches data, and the ability to get agent Val, who's an expert agent with skill sets that can autonomously make calculations and decisions on exploitation remediation.

Speaker #3: So the ability to say, "Look, I want to employ this particular agent on the platform to achieve a task which otherwise would take me weeks and months to hire a consultant to get that outcome." What we've done with our agentic AI capabilities is not only have those built-in throughout the platform, but with agentic AI, we can now actually have these agents that feel like they're really part of that team, and they can help you get those outcomes.

Sumedh Thakar: So the ability to say, "Look, I want to employ this particular agent on the platform to achieve a task, which otherwise would take me weeks and months to hire a consultant to get that outcome." What we've done with our Agentic AI capabilities is not only have those built-in throughout the platform, but with Agentic AI, we can now actually have these agents that feel like they're really part of that team, and they can help you get those outcomes. And the way we have really positioned this is that customers who are leveraging VMDR, they get a really high-quality list of findings. But then as they cross-sell into ETM, they get the ability to not only do the prioritization of these vulnerabilities, but they get the Agentic AI capabilities, which then allow them to achieve different tasks.

Speaker #3: And the way we have really positioned this is that customers who are leveraging VMDR, they get a really high-quality list of findings. But then, as they cross-sell into ETM, they get the ability to not only do the prioritization of these vulnerabilities, but they get the agentic AI capabilities, which then allow them to achieve different tasks.

Speaker #3: And as you look at how customers are thinking of headcount, etc., in the agentic AI world, these really help them get to those outcomes pretty quickly.

Sumedh Thakar: And as you look at how customers are thinking of headcount, etc., in the agentic AI world, these really help them get to those outcomes pretty quickly. And then, of course, in addition to that, with TotalAI offering, we're also helping customers detect, find, and address vulnerabilities and misconfigurations that are coming up in the AI workload that they have. And so with that, we look forward to customers bringing more data around their own agentic, around their own AI solutions into Qualys ETM. And we believe that the agentic AI capabilities are a differentiator for customers to upgrade from or to cross-sell from VMDR into ETM, as well as looking at some of the other exposure management solutions where they just give you a score. This will allow them to actually use an agentic AI to get patching done pretty fast and pretty quickly.

Speaker #3: our total AI offering, we're also helping And then, of course, in addition to that, with customers detect, find, and address vulnerabilities and misconfigurations that are coming up in the AI workload that they have.

Speaker #3: And so with that, we look forward to customers bringing more data around their own agentic around their own AI solutions into QUALYS ETM and we believe that the agentic AI capabilities are differentiator for customers to upgrade from or to cross-sell from VMDR into ETM as well as looking at some of the other exposure management solutions where they just give you a score, this will allow them to actually use an agentic AI to get patching done pretty fast and pretty quickly.

Speaker #3: And so we see that that differentiation can be the catalyst for us, for customers to pick ETM over some of those other exposure management solutions that are out.

Sumedh Thakar: We see that that differentiation can be the catalyst for us, for customers, to pick ETM over some of those other exposure management solutions that are out there.

Speaker #3: there.

Speaker #1: Thank

Jonathan Ho: Thank you.

Operator: Thank you. The next question will come from Kingsley Crane with Canaccord. Your line is open.

Speaker #4: Thank you. you. And the next question will come from Kingsley Crane with Canaccord. Your line is open.

Speaker #5: Hi. Congrats on the quarter. You answered some of this in the prior response, but we'd just love to hear more about how Agent Val is elevating ETM from an efficacy perspective and just how Agent Val is reducing total man-hours at the customer level, and how that's resonating with customers.

Kingsley Crane: Hi. Congrats on the quarter. You answered some of this in the prior response, but we'd just love to hear more about how Agent Val is elevating ETM from an efficacy perspective and just how Agent Val is reducing total man-hours at the customer level and how that's resonating with customers. Thanks.

Speaker #5: Thanks.

Speaker #3: Thanks, Kingsley. I wish—unfortunately the call is only an hour, but I could talk about this forever. But look, I think we've seen the history of this evolution, back when Canaccord worked with this—it's like everybody's giving you theoretical scores, right, based on the vulnerability findings, NVD, assessed information that is out there.

Sumedh Thakar: Thanks, Kingsley. I wish, unfortunately, the call is only an hour, but I could talk about this forever. But look, I think we have seen the history of this evolution back when Canada came out with this is everybody's giving you theoretical scores, right, based on the vulnerability findings and CVSS information that is out there. Unfortunately, a theoretical score does not actually mean that a high score does not mean that the customer may not have other controls in place that mitigate that actual exploit from working in their environment. They might have a firewall. They might have something else, memory protection that is enabled that a typical scanner or a typical exposure management solution will not pick up.

Speaker #3: Unfortunately, a theoretical score does not actually mean that a high score does not mean that the customer may not have other controls in place that mitigate that actual exploit from working in their environment.

Speaker #3: They might have a firewall, they might have something else, memory protection that is enabled that a typical scanner or a typical exposure management solution will not pick up.

Speaker #3: What agent Val does is leverages that decision-making autonomous decision-making process to basically look at the findings, look at the scoring, but then actually the ability to run a very safe exploit against the asset to confirm whether that vulnerability is actually exploitable in their environment on their machine or it is not, not just a theoretical score.

Speaker #3: What agent Val does is leverages that autonomous decision-making process to basically look at the findings, look at the scoring, but then actually gives you the ability to run a very safe exploit against the asset to confirm whether that vulnerability is actually exploitable in their environment, on their machine, or it is not—not just a theoretical score. Typically, what happens is when the security team gives these scores to the IT team, they spend a lot of time trying to chase down these findings only to feel like, 'Oh, this was a false positive because, look, we already have a control in place,' and a lot of time is wasted in arguing back and forth. What the customers really want to be able to do is not waste their IT team's time on fixing things that actually are not exploitable in their environment.

Sumedh Thakar: What Agent Val does is leverages that decision-making, autonomous decision-making process to basically look at the findings, look at the scoring, but then actually the ability to run a very safe exploit against the asset to confirm whether that vulnerability is actually exploitable in their environment on their machine or it is not, not just a theoretical score. And what typically happens is when the security team gives these scores to the IT team, they spend a lot of time trying to chase down these findings only to feel like, "Oh, this was a false positive because, look, we already have a control in place," and a lot of time is wasted in arguing back and forth. What the customers really want to be able to do is not waste their IT team's time on fixing things that actually are not exploitable in their environment.

Speaker #3: And the ability to, for sure, confirm by running an actual exploit in a safe manner that this is or is not exploitable means that the IT teams will be saving a significant amount of time—not chasing down ghost scores—and will actually have an absolute confirmation that, yes, it is a very highly exploitable vulnerability. But I don't need to worry about it because I have other controls that are mitigating this, or if it is highly—if I don't have a protection in my environment.

Sumedh Thakar: The ability to for sure confirm by running an actual exploit in a safe manner that this is or is not exploitable means that the IT teams will be saving a significant amount of time not chasing down ghost scores and will actually have an absolute confirmation that, "Yes, it is a very highly exploitable vulnerability, but I don't need to worry about it because I have other controls that are mitigating this," or, "It is highly exploitable. Attackers are using it, and I don't have a protection in my environment. So instead of just chasing scores, I can actually go and focus on fixing these, and that's going to make me a lot safer." So it's a significant time saving for the customer because of this Agentic AI workflow. They can actually then significantly reduce the number of findings that they have.

Speaker #3: So instead of just chasing scores, I can actually go and focus on fixing these and that's going to make me a lot safer. So it's a significant time-saving for the customer because of this agentic AI workflow.

Speaker #3: They can actually then significantly reduce the number of findings that they have. And the other thing is that once the exploit is confirmed on your environment, you don't have the time to create Jira tickets and ServiceNow tickets to then have people go and manually make the remediation.

Sumedh Thakar: The other thing is that once the exploit is confirmed on your environment, you don't have the time to create Jira tickets and ServiceNow tickets to then have people go and manually make the remediation. As soon as you know that this is exploitable in your environment confirmed, you want to be able to use another agent to immediately kick off remediation and get it fixed. You feel a lot more comfortable because now you have confirmed that this is exploitable. It's not theoretical. People are going to want to also save time and not leave the exposure open for a long time by being able to run that exploit and then also automatically run that remediation. You cannot show up for the AI fight today with your Jira tickets and your ServiceNow tickets.

Speaker #3: As soon as you know that this is exploitable in your environment, confirm, you want to be able to use another agent to immediately kick off remediation and get it fixed.

Speaker #3: And you feel a lot more comfortable because now you have confirmed that this is exploitable. It's not theoretical. So people are going to want to also save time and not leave the exposure open for a long time by being able to run that exploit and then also automatically run that remediation.

Speaker #3: And you cannot show up for the AI fight today with your Jira tickets and your ServiceNow tickets. You got to be able to do automation and autonomous decision-making to get things fixed.

Sumedh Thakar: You got to be able to do automation and autonomous decision-making to get things fixed. That's the differentiator.

Speaker #3: And that's the

Speaker #3: differentiator. Yeah.

Kingsley Crane: Yeah. It's really exciting times, and it's good that you're leading the way here. For Joo Mi, it's been a remarkable year for Qualys. You guided to 7% at the midpoint, entering last year, and you put up 10%, and now you're guiding closer to 8% this year. How can we think about the levers for upside to growth this year? Thanks.

Speaker #5: It's really exciting times and it's good that you're leading the way here. For Jumi, it's been remarkable year for QUALYS. You guided a 7% at the midpoint, entering last year and you put up 10, and now you're guiding closer to 8 this year.

Speaker #5: How can we think about the levers for upside to growth this year? Thanks.

Speaker #6: Yeah, 2025 was a solid year from an execution standpoint. It was a very exciting year for us, with ETM having gone live at the end of 2024.

Joo Mi Kim: Yeah. 2025 was a solid year from an execution standpoint. It was a very exciting year for us with ETM having gone live at the end of 2024. We've had a significant number of discussions with our existing customers in terms of how we can increase value without them having to double their spend initially with us. And so, in doing that and working through our partners, what we were able to do is finalize our pricing and packaging for ETM and identify our key products that are going to be levers for growth in the short term and then long term going forward as well. So, 2025, solid year with closing the year with another 10% growth for revenue, which we're really pleased about. Now, when it comes to current billings, it came in line as expectations from last quarter with 2025 current billings growth of 8%.

Speaker #6: We've had significant number of discussions with our existing customers in terms of how we can increase value without them having to double their spend initially with us.

Speaker #6: And so in doing that and working through our partners, we were able to do is finalize our pricing and packaging for ETM and identify our key products that are going to be levers for growth.

Speaker #6: In the short term, in the long term going forward as well. So 2025, solid year with closing the year with another 10% growth revenue, which we're really pleased about.

Speaker #6: Now, when it comes to current billings, it came in line with expectations from last quarter, with 2025 current billings growth of 8%. That's slightly lower than the 9% that we posted back in 2024 for current billings.

Joo Mi Kim: That's slightly lower than the 9% that we posted back in 2024 for current billings. So looking ahead to 2026, I think that's kind of more or less in line with what the baseline case is for us. Looking out, our guidance is really informed by what we see in the business today, the discussions that we're having, what we expect from the macro, and then the spending environment. With that said, we do anticipate significant upside. Given what Sumedh just covered, we have very exciting product discussions with existing customers as well as prospects. I think that we've gone ahead and really leveraged our innovation and our power to really deliver what the customers are looking for and what the market is looking for. So we're excited about the outlook. But with that said, the baseline still remains to be around 7% to 8%.

Speaker #6: So, looking ahead to 2026, I think that's kind of more or less in line with what the baseline cases are for us. Looking out, our guidance is really informed by what we see in the business today, the discussions that we're having, what we expect from the macro, and then the spending environment.

Speaker #6: With that said, we do anticipate significant upside given what Sumed just covered. We have very exciting product discussions with existing customers as well as prospects.

Speaker #6: I think that we've gone ahead and really leveraged our innovation and our power to really deliver what the customers are looking for and what the market is looking for.

Speaker #6: So we're excited about the outlook, but with that said, the baseline still remains to be around a 7 to 8

Speaker #7: Thank you. And our next question will come from Rahul Chopra with Berenberg. Your line is open.

Operator: Thank you. Our next question will come from Rahul Chopra with Berenberg. Your line is open.

AllMind AI

AllMind AI

Q4 2025 Qualys Inc Earnings Call

Event Details

Qualys

Q4 2025 Qualys Inc Earnings Call

Open Event Documents

Search Transcript

Qualys

Q4 2025 Qualys Inc Earnings Call

Transcript

No Transcript Available