CrowdStrike Holdings, Inc. (CRWD) Q4 2026 Earnings Report, Transcript and Summary

Hello, and welcome to CrowdStrike's Fiscal Fourth Quarter 2026 Financial Results Conference Call. [Operator Instructions] Please be advised that today's conference is being recorded. I would now like to hand the call over to Andy Nowinski, Vice President of Investor Relations and Strategic Finance. Andy, please go ahead. Thank you.

Good afternoon, and thank you for your participation today. With me on the call are George Kurtz, Chief Executive Officer and Founder of CrowdStrike; and Burt Podbere, Chief Financial Officer. Before we get started, I would like to note that certain statements made during this conference call that are not historical facts, including those regarding our future plans, objectives, growth, including projections and expected performance, including our outlook for the first quarter and fiscal year 2027, and any assumptions for fiscal periods beyond that are forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995. These forward-looking statements represent our outlook only as of the date of this call. While we believe any forward-looking statements we make are reasonable, actual results could differ materially because the statements are based on current expectations and are subject to risks and uncertainties. We do not undertake and expressly disclaim any obligation to update or alter our forward-looking statements, whether as a result of new information, future events or otherwise. Further information on these and other factors that could affect the company's financial results is included in the filings we make with the SEC from time to time, including the section titled Risk Factors in the company's annual and quarterly reports. Additionally, unless otherwise stated, excluding revenue, all financial measures disclosed on this call will be non-GAAP. A discussion of why we use non-GAAP financial measures and a reconciliation schedule showing GAAP versus non-GAAP results is currently available in our earnings release, which may be found on our Investor Relations website at ir.crowdstrike.com or on our Form 8-K filed with the SEC today. With that, I will now turn the call over to George.

Thank you, Andy, and thank you all for joining CrowdStrike's Q4 FY '26 Earnings Call. I couldn't be more pleased with our results. AI is driving elevated demand for the Falcon platform and is a key accelerant for our business. At the same time, AI is weaponizing adversaries to attack with increased speed, sophistication and precision. We're seeing this play out in real time in the Middle East as emboldened adversaries fuel nation state activity. FY '26 was CrowdStrike's best year yet capped by a blockbuster Q4 where we set new records across the business. Summarizing our results: one, all-time record net new ARR of $331 million for the quarter, which grew 47% year-over-year, coming in well ahead of our expectations. For the year, we delivered $1.01 billion in net new ARR, up 25% year-over-year, our first year delivering over $1 billion of net new ARR. Two, ending ARR of $5.25 billion, crossing the $5 billion milestone, which accelerated to 24% growth year-over-year. CrowdStrike is the fastest and only pure-play cybersecurity software company to achieve this milestone. Three, record free cash flow of $376 million for the quarter or 29% of revenue. And for the year, we delivered record free cash flow of $1.24 billion or 26% of revenue. Four, all-time record operating income of $326 million for the quarter or 25% of revenue. This is the third consecutive quarter of record operating income. For the year, we delivered $1.05 billion of operating income, exceeding the $1 billion operating income milestone for the first time. Five, record net new ARR from cloud, Next-Gen Identity and Next-Gen SIEM collectively. Ending ARR for these solutions collectively grew more than 45% year-over-year. Amidst today's AI backdrop, our endpoint business accelerated for the second consecutive quarter. Six, dollar-based net retention of 115% and gross retention of 97%, showcasing best-in-class durability and stickiness, which leads to my final point. Seven, we delivered $1.69 billion in ending ARR from accounts that have adopted the Falcon Flex subscription model, growing more than 120% year-over-year, turbocharging our land-and-expand motion. Our Q4 and FY 2026 execution showcases CrowdStrike's leadership in every theater, every segment and every route to market. In our third consecutive quarter of net new ARR acceleration, the voice of the market is clear. CrowdStrike is durable, mission-critical infrastructure for both securing AI and accelerating global AI adoption. We find ourselves in one of the most defining times in the history of modern technology. AI has gone from dream works to reality, now increasingly in production across the enterprise. From CrowdStrike's founding, we've been building AI innovation for cybersecurity, yet the pace of AI innovation is broadly misunderstood. Novel discoveries are often interpreted as the death knells of existing categories. The market is questioning enterprise software's role in an agentic world. It's in moments like these where opportunity is created. In the same way that we anticipated the cloud revolution, we pioneered and built for the agentic revolution. Here's what I see unfolding in the market. We see the AI revolution creating 2 disparate groups of software companies: Group 1, those who are now existentially vulnerable. These are historically nice-to-have technologies that are productivity features and point products geared to legacy pricing models; Group 2, those who will thrive. These are mission-critical, trusted infrastructure technologies necessary for global continuity with deep IP. These technologies are net data creators producing novel, fresh and proprietary data that doesn't exist elsewhere, data that is fuel for the agentic business outcomes. In these companies, proprietary data is just one part of the advantage. The other is trusted enterprise architectural superiority, which drives stickiness, adoption and scale. Here's why CrowdStrike is winning and how AI is driving even more competitive success for us. One, our competitive moat is becoming an opportunity ocean. Falcon is a vertically integrated net data creator and third-party data aggregator. We generate real-time data that no one else has from customer environments and our world-class threat intelligence. What frontier AI labs cannot do, we've been doing for over a decade, cyber reinforced learning from human feedback or RLHF at scale. Our MDR analysts, threat hunters and incident responders produce expert label data as a byproduct of operations. These labels don't come from Internet text. They come from stopping real breaches in real time. Threat Graph correlates more than 1 trillion security events per day across approximately 2 trillion vertices, analyzing 15-plus petabytes of data, structured, queryable, security signals at scale no one can replicate. Frontier models can augment security, summarize alerts, draft queries, speed up triage. That's extremely valuable, but stopping breaches requires sensors, real-time telemetry, continuous expert validation and enforcement, a closed-loop system, not a text model. As our technology evolves, our data improves. As our data improves, our platform evolves. As our experts validate outcomes, our AI agents get better. This is a flywheel and network effect that no one else has in cybersecurity at our size and scale, and it's how we stand behind our brand promise of stopping breaches. This dynamic is not cyclical. It is structural. Two, we win because Falcon is purpose built for securing AI at every layer. The layers of the new AI stack are the attack surface of the future, and Falcon can secure all of them. AI must be secured at every level, including: one, GPU foundation, partnering with NVIDIA, AMD, Intel and others to secure AI at the source; two, hardware and infrastructure OEMs, securing AI factories such as Dell, HPE and Super Micro; and novel AI operating systems such as VAST Data; three, neoclouds and hyperscalers, securing where AI happens in the cloud across AWS, OCI, GCP, Azure and inference disruptors such as CoreWeave, Nebius and Crusoe; four, token factories, securing the use of frontier model creators like Anthropic, OpenAI and Google Gemini; and five, AI applications and in agents securing AI native software and the agentic workforce. Not only do we secure the use of each of these companies' products, but we also secure nearly all of the companies themselves. We secure the world's AI future by securing the world's AI leaders. And three, we win because efficacy and precision matter more than ever. In cybersecurity, you simply cannot have a hallucination. You can't prompt twice. It's first time final. It's the difference between thwarting an adversary or experiencing a breach. Cybersecurity is a unique paradigm. Success for us and our customer is did we stop a breach. We win because cybersecurity needs to be faster and more deterministic than ever before, and we uniquely deliver superior outcomes. Our agentic SOC and AI technologies are transforming security. CrowdStrike's AI innovation is setting new adoption standards on the journey to delivering security AGI. Charlotte is our flagship agent, and now we have 10 other agents representing specific security skills and roles within security teams. Between Charlotte and our other agents, we can already see the mobilization of security's agentic workforce working hand in hand with human security professionals. Coming back to Charlotte, our agentic SOC workforce built from multiple models allowing us to optimize from the latest and greatest LLMs. We couple industry innovation with our own AI expertise, training and models from security's richest data source, Falcon adversary, threat and security analyst training data. We saw Charlotte usage soar more than 6x year-over-year as ARR more than tripled. A thematic win was in a leading cloud software provider in an 8-figure re-Flex transaction. The re-Flex expanded the adoption of next-gen SIEM and Charlotte. Their 30-day use of Charlotte tells a compelling story, achieving a 3x faster mean time to respond, using the power of our domain-specific AI, Charlotte accelerates, streamlines and democratizes security outcomes. Technology innovation is just one part of our success. Our results are also driven by our go-to-market innovation, creating the revolutionary Falcon Flex subscription model, which we now see mimic across cybersecurity. The model transformed our discussions with customers to demand planning based on risk, data, attack surface and overall platform capabilities. Let me share our Q4 Falcon Flex performance within the now $1.69 billion ending ARR cohort of Flex account value, growing greater than 120% year-over-year. We now have more than 1,600 customers who have adopted Falcon Flex and added more than 350 Flex customers in Q4. That amounts to nearly 4 new Falcon Flex customers each day of the quarter. The average Flex customer's ending ARR is greater than $1 million. The proof of Falcon adoption success is in the re-Flex. Customers are using what they buy and expanding their Flex commitments. More than 380 Flex accounts have already re-Flexed, representing more than 23% of the Flex customer base, up from 5% in Q1. The average ARR lift after a re-Flex is 26%, happening on average within 7 months. And the platform adoption grows even further from there. We're now tracking the number of customers who are repeat re-Flexers. Nearly 100 customers have re-Flexed multiple times. The multiple-time re-Flex cohort now represents approximately 6% of total Flex customers and over 1/4 of all re-Flex customers. Our multiple-time re-Flexers, on average, have an ARR lift of an additional 48% from their initial Flex subscription. In summary, Falcon Flex unlocks never-seen-before adoption for customers. Flex is now how we go to market. A key win includes a major enterprise software player that started with using 1 module, threat intelligence, and spending low 6 figures. Through Falcon Flex, this customer is now using 25 modules and spending $86 million in total Flex contract value with us. Flex is creating its own flywheel. Demand drives use. Use drives more demand. Flex is the stage on which our platform solutions shine. Collectively, our Next-Gen Identity, cloud and Next-Gen SIEM businesses grew more than 45% year-over-year reaching more than $1.9 billion in ending ARR. Our Next-Gen Identity business ended FY '26 with more than $520 million of ending ARR, growing more than 34% year-on-year, a double-digit acceleration versus 2 quarters ago. Key drivers include our privileged account security solution, which grew more than 170% sequentially. Falcon Shield ending ARR grew more than 300% year-over-year, more than 5x since our acquisition of Adaptive Shield, as customers protect the rapidly growing agentic SaaS attack surface. Our ability to secure both human and agentic identities wherever they exist is rapidly turning CrowdStrike into our customers' identity secure control play. A key identity win, an iconic department store selecting CrowdStrike over an SMB point product in a 7-figure deal driven by the ease of use of our ITDR and PAM solutions in a Flex consolidation. While our Next-Gen Identity business had an excellent quarter, we're most excited for what's ahead. We recently closed the acquisition of SGNL.ai. This is S-G-N-L, bringing the power of 0 standing privilege for all identities to the Falcon platform. With SGNL.ai, CrowdStrike is delivering high fidelity, content-driven, real-time authorization to the market, enabling our customers to rapidly reduce their identity attack surface even as they rapidly expand the number of identities within their organization. We're moving access from static point in time to real time and redefining Zero Trust. Access should be always on, granular and dynamic. But we're not stopping there. Our recent acquisition of Seraphic turns any browser into a secure enterprise browser without impacting user behavior. The browser has become the front door for AI applications, and Seraphic meets human and nonhuman users where they are and where they're going, agentic browsers for real-time visibility and protection. Turning to our cloud business, where net new ARR growth accelerated for the second consecutive quarter and ending ARR grew more than 35% year-over-year. For the first time, our cloud business exceeded $800 million in ending ARR as our customers look to us to secure the infrastructure powering their AI future. Our unique ability to operate in runtime at scale continues to set us apart from the rest of the market. A key win in our cloud business was with a major enterprise data platform company who deployed Falcon Cloud Security in an 8-figure total deal value Flex. After extensive testing, this account ripped out their existing provider for our runtime protection-first approach, realizing the integrated benefits of CSPM, CIEM, CDR, and OverWatch threat hunting, which resulted in a 90% reduction in mean time to detect and respond for their cloud environment. Turning to our Next-Gen SIEM business, where we delivered a record quarter. Our Next-Gen SIEM business grew over 75% year-over-year, delivering ending ARR of more than $585 million. Next-Gen SIEM has proven itself a scaled market disruptor where our performance and cost advantages set us apart from legacy competitors. At the same time, our launch of agentic security workflows is powering the cybersecurity operating system of the future. With Falcon Onum, we're enabling our customers to connect data sources quickly and efficiently, resonating with both security and IT teams. A key win in the quarter was with a Fortune 500 retailer highlighting our strength and momentum in the next-gen SIEM space. In a 7-figure deal, we replaced a legacy SIEM and its attached point product data pipeline. Falcon's fully native data pipeline and an expected 80% faster query performance was a game changer in helping this customer build out their agentic SOC. Rounding out our product portfolio, I want to touch on our endpoint and other AI-specific businesses. Amidst the backdrop of accelerating AI proliferation, our endpoint business accelerated for the second consecutive quarter. The endpoint is rapidly becoming the epicenter of AI usage driven by the growth of technologies ranging from MCP servers to coding tools to localized LLMs. AI is the fastest growing attack surface on the endpoint. As of Q4, our sensors detected more than 1,800 distinct AI applications running on enterprise devices, representing nearly 160 million unique application instances across our customer base. And with the acquisition of Seraphic, we now give our customers even more control over their knowledge workers' usage of AI tools. Lastly, I want to touch on our recently launched AIDR offering. In just a short time, AIDR has become one of our most in-demand products, growing more than 5x versus last quarter despite having only been available for a few weeks. AI adoption is moving faster than can be controlled, and our AIDR offering gives customers immediate visibility into their employees' usage of AI tools, including the specific models being used as well as detections into potentially malicious or noncompliant usage. Bringing model scanning, visibility, guardrails and detections to AI usage positions CrowdStrike as a catalyst for enterprise AI adoption. Concluding the discussion on our platform solutions. Seeing is believing. Please reference our investor deck, which now includes a link to product demo videos, showcasing AI innovation across the Falcon platform. Our partner go-to-market delivered beyond expectations this past year. We saw growing practices across EY, Accenture, Deloitte, HCL, Wipro, KPMG and Infosys taking shape focused on next-gen SIEM migrations. Our MSSP business also continues to grow at a rapid pace. In just over 3 years, we've gone from a sub-$100 million MSSP business to more than $1.3 billion spanning market-leading partners like Kroll, Pax8, and NinjaOne. Finally, our hyperscaler leadership continues to differentiate CrowdStrike from every other cybersecurity player. This past year alone, we did nearly $1.5 billion of total contract value on the AWS marketplace, growing nearly 50% year-over-year. Then a few weeks ago, Satya Nadella and I spoke to CrowdStrike's go-to-market team together. We are now open for business on the Microsoft marketplace and customers can use their Microsoft Azure consumption commitment dollars on Falcon. This is a watershed moment reflecting a clear evolution of how our companies see each other and how Microsoft and CrowdStrike are working together to make the world a safer place. In summary, we didn't just have a great partner year. We built an ecosystem to win the next decade. Closing my remarks today, I'm proud of the team and our partners for executing a terrific FY '26. Here are my key takeaways as I look at the business today and into the future. First, CrowdStrike is an AI adoption accelerator. Our customers are safely and securely using more than 1,800 distinct AI applications on their endpoints, which would not be possible without CrowdStrike. Second, AI use necessitates AI security. Every enterprise deploying AI needs an independent protection layer for visibility, compliance and enforcement. As AI adoption grows, CrowdStrike becomes even more of a necessity to these organizations. And third, our data moat creates a structural advantage. Delivering cybersecurity at scale requires more than a prompt. It requires expert label telemetry from our global sensors, MDR analysts and elite incident responders. It is a structural advantage no LLM provider can replicate. In addition, agentic cybersecurity requires in-line prevention as well as real-time remediation. Since the founding of CrowdStrike, we created an AI-native platform. Enterprises have trusted us to help them safely navigate market transitions like digital transformation and cloud migration. The AI revolution is now upon us, and just like prior market transitions, adoption of AI will be secured by CrowdStrike. Thank you for your trust. I'll now turn the call over to Burt Podbere, CrowdStrike's CFO.

Thank you, George, and good afternoon, everyone. As a quick reminder, unless otherwise noted, all numbers, except revenue mentioned during my remarks today are non-GAAP. We delivered exceptional fourth quarter results and a record finish to the year, exceeding expectations across all guided metrics driven by continued Flex and re-Flex momentum and strong organic growth across the platform. FY '26 was a milestone year for CrowdStrike. For the full fiscal year, ending ARR growth accelerated to 24% and net new ARR accelerated to 25% year-over-year. We delivered this record top line performance while exceeding our profitability and free cash flow targets. Operating income reached a record $1.05 billion or 22% of revenue, and we delivered record free cash flow of $1.24 billion or 26% of revenue. The combination of growth, scale, profitability and cash flow puts CrowdStrike in rare air. The strength of our platform and the significant market opportunity ahead further reinforce our conviction in the path to achieving our future growth milestones of $10 billion and $20 billion of ending ARR as well as our target profitability model. Our full year momentum was punctuated by an exceptional fourth quarter. We achieved record net new ARR of $330.7 million, up 47% year-over-year and well ahead of our stated expectations, driving ending ARR to $5.25 billion. Our fourth quarter results showcased the success of our Flex-led go-to-market strategy. Momentum was broad-based across customers of all sizes from enterprise to down-market and MSSPs, achieving another record quarter in our corporate business. Customers continue to leverage Falcon to consolidate their security needs and lower their total cost of ownership resulting in higher retention rates over the prior quarter and strong module adoption rates. As of Q4, 50% of subscription customers are now using 6 or more modules. 34% are using 7 or more, and 24% are using 8 or more modules. Our gross retention rate remained high at 97%, and our dollar-based net retention rate increased to 115% in the quarter. At our more than $5 billion ending ARR scale, these retention rates highlight the durability of our customer relationships and our ability to both retain and expand our customer base. Our strong business momentum and Q1 record pipeline entering FY '27, which grew 49% year-over-year, gives us conviction in our ability to deliver profitable growth throughout FY '27 and beyond. As we lapse the 1-year mark from the end of our highly successful CCP program, we have seen that accounts that took CCP deals have gross and net retention rates higher than the company average, have shown a strong trend of early renewal and have already expanded more than twice the total $80 million of ARR value we provided. Moving to the P&L. Total revenue exceeded our guidance range and grew 23% over Q4 of last year to reach $1.31 billion. Subscription revenue grew 23% over Q4 of last year to reach $1.24 billion, and professional services revenue remained strong at $63.1 million, up 26% year-over-year, driven by the elevated threat environment. The geographic mix of fourth quarter revenue consisted of approximately 66% from the U.S. and 34% from international geographies with both EMEA and APAC year-over-year revenue growth accelerating compared to Q3. We saw broad strength across all our major geographic markets with the U.S., Japan, Europe, the Middle East and Africa all exceeding expectations. Total Q4 non-GAAP gross margin was a record 79%, and Q4 non-GAAP subscription gross margin was a record 81% of revenue, primarily as a result of continued cloud optimization. Fourth quarter non-GAAP operating income was a record $325.8 million, and non-GAAP operating margin was 25%, exceeding our guidance. The outperformance was driven by our strong top line performance, gross margin improvement and sales execution, underscoring our commitment to durable, profitable growth as we continue to balance strong net new ARR growth and operational excellence. In Q4, we delivered positive GAAP net income attributable to CrowdStrike of $38.7 million. Non-GAAP net income attributable to CrowdStrike was a record $289.1 million or $1.12 on a diluted per share basis, exceeding our guidance. Moving to cash. Our cash and cash equivalents increased to $5.23 billion. We generated record cash flow from operations of $497.9 million and record free cash flow of $376.4 million or 29% of revenue. Our FY '27 outlook reflects our confidence in the durability of CrowdStrike's growth trajectory, profitability expansion and cash flow generation. The fundamental tailwinds, platform consolidation, AI proliferation and Flex adoption are continuing to gain momentum. As George mentioned earlier, we see the AI revolution creating 2 disparate groups of software companies: one, those who are now existentially vulnerable; and two, those who will thrive. CrowdStrike is thriving amid the AI revolution as we not only leverage AI within our entire platform, but our platform helps organizations adopt AI safely and securely. The AI revolution represents a new and generational growth opportunity for CrowdStrike as accelerating AI adoption necessitates security built for this next era of technology. As AI adoption accelerates, combined with our record Q1 pipeline and continued platform consolidation momentum, we have strong conviction to once again raise our FY '27 ARR outlook. The outlook we are providing today includes the acquisitions of SGNL and Seraphic, both of which closed in February and are expected to contribute a combined $5 million to $8 million of acquired net new ARR in Q1. We are assuming minimal organic contribution from these acquisitions in the remaining quarters of FY '27 as we remain committed to natively integrating their capabilities into the Falcon platform before fully scaling go to market, consistent with our proven M&A strategy and brand promise. We expect FY '27 net new ARR seasonality to remain unchanged relative to FY '26 with approximately 41% in the first half and 59% in the second half. Beginning in Q1, we are changing the sales commission amortization expense period from 4 to 5 years to reflect our longer customer relationship periods. We expect this change to benefit non-GAAP operating income by $85 million to $95 million in FY '27, partially offset by additional operating expenses resulting from the integration of our recent acquisition of SGNL, Seraphic, Onum and Pangea of $74 million to $80 million. For a detailed breakout of the acquisition impacts to our guidance, please refer to the guidance slides of our Q4 FY '26 earnings presentation available at ir.crowdstrike.com following our prepared remarks today. Additionally, we remain confident in our previously provided assumptions for FY '27 partner rebates to represent approximately 0.8% of total revenue. Moving to interest income. Based on expected market rates and cash outlay from our recent acquisitions, we are assuming interest income of $160 million to $170 million for FY '27. Moving to cash. At the midpoint of our guidance, we expect free cash flow margin to be approximately 33% in Q1 and at least 30% for the full fiscal year. In FY '27, we expect the seasonal mix of free cash flow dollars between the first and second half of the fiscal year to be 43% in the first half and 57% in the second half, with Q2 remaining our seasonally lowest quarter. We anticipate capital expenditures as a percentage of revenue to be 7% to 8% in FY '27 with these investments more weighted to the first half of the year. Finally, as of March 2, we repurchased approximately 144,000 shares following our fiscal year-end and had approximately $950 million remaining under our current share repurchase authorization. We will remain opportunistic in returning capital to shareholders as we remain focused on capturing the significant growth opportunities ahead of us. For the first quarter of FY '27, we expect annual recurring revenue to be in the range of $5.502 billion to $5.504 billion, inclusive of the estimated acquired ARR and reflecting a year-over-year growth rate of 24%, translating to net new ARR of $249 million to $251 million, reflecting a year-over-year growth rate of 29% to 30%. We expect total revenue to be in the range of $1.360 billion to $1.364 billion, reflecting a year-over-year growth rate of 23% to 24%. We expect non-GAAP income from operations to be in the range of $308 million to $310 million and non-GAAP net income attributable to CrowdStrike to be in the range of $275 million to $277 million. We expect diluted non-GAAP net income per share attributable to CrowdStrike to be approximately $1.06 to $1.07, utilizing a 21.0% tax rate and weighted average share count of approximately 259 million shares on a diluted basis. For the full fiscal year 2027, we expect annual recurring revenue to be in the range of $6.466 billion to $6.516 billion, reflecting a year-over-year growth rate of 23% to 24% and translating to net new ARR of $1.213 billion to $1.264 billion, reflecting a year-over-year growth rate of 20% to 25%. We expect total revenue to be in the range of $5.868 billion to $5.928 billion, reflecting a growth rate of 22% to 23% over the prior fiscal year. Non-GAAP income from operations is expected to be between $1.422 billion and $1.462 billion. We expect fiscal 2027 non-GAAP net income attributable to CrowdStrike to be between $1.241 billion and $1.271 billion. Utilizing a 21.0% tax rate and approximately 260 million weighted average shares on a diluted basis, we expect non-GAAP net income per share attributable to CrowdStrike to be in the range of $4.78 to $4.90. George and I will now take your questions.

[Operator Instructions] Our first question comes from Joe Gallo at Jefferies.

Really nice results and guide. George, securing AI is a huge market opportunity. Would love your thoughts on, one, when securing AI materializes to ARR meaningfully for you? Is that a fiscal '27 story? And then two, how much of the new market opportunity goes to pure-play cyber vendors? In cloud, people certainly use the hyperscalers for some of their security needs. So just curious how much of that new AI market goes to pure-play cyber vendors like yourselves.

Yes. Thanks, Joe. Obviously, we're still in the early innings, but we continue to ramp in protecting AI and it's happening today in terms of ARR growth. And we're obviously blown away of what we've seen with Pangea and AIDR. It was up 5x quarter-over-quarter from when we acquired the company. So we're really excited about that. The other piece to keep in mind is that not only is it going to drive AIDR growth, but we're going to see growth in protecting attack surfaces like cloud. We're going to see growth in next-gen SIEM. We're going to see growth in other areas that all touch AI. So from that standpoint, as I said, early innings but lots of opportunity for us. And I think with regards to hyperscalers, I'm glad you asked the question because when I started the company in 2011, we pioneered cloud-delivered security. And over the years, as cloud was maturing, I heard a lot about the hyperscalers actually providing all the security services. Well, that didn't happen. In fact, as you've seen with our results and our partnership with AWS, as an example, we transact billions through these platforms, and they're a great partner, and there's a lot more exposure in the cloud. So we see the same thing happening what I call AI hyperscalers, being able to actually partner with these hyperscalers leveraging AI and their LLMs, and also being able to leverage the technology to provide better outcomes within the platform of record for our customers, which is Falcon.

Our next question comes from Rob Owens at Piper Sandler.

George, you talked about the 10 other agents that you guys have besides Charlotte and some of the traction that CrowdStrike's seeing with security agents. But can you provide color on some of the recent acquisitions? When we look at agentic security more broadly, where are customers in their journey? And do you see identity as maybe one of the main hurdles for them getting agentic deployments at scale?

Yes, Rob, identity is one of the biggest threat vectors right now that we see. In fact, one of our latest threat reports, 80% of the breaches are non-malware-based, right? So a lot of it is around identity. And between the identity stack that we've built over the years, again, we got into identity security in 2020. We've built that out. It's a big business. And now really with the addition of SGNL.ai. This is, in my mind, game-changing technology to have 0 standing privileges to be able to protect nonhuman identities and human identities in a much more modern stack than anything else that's out there in the market. It's a perfect fit to CrowdStrike and our platform. You combine that then with something like Seraphic in browser security. So now you're able to protect the front door of really where these attacks happen, plus where AI takes place and you add the identity layer to that. And again, we're providing something that we think is going to be very unique in the industry. And of course, Pangea, which is our AIDR product, when you look at EDR, in today's market, EDR is a must. It's compliance mandate, and we believe that EDR will be a similar opportunity -- sorry, AIDR will be a similar opportunity to EDR in the coming years, driven by compliance and the need to accelerate protecting AI.

Our next question comes from Fatima Boolani at Citi.

George, I wanted to direct this to you. Had a question about the next-generation SIEM opportunity. There are very much percolating fears that the open-ended SOC modernization share capture opportunity that had thus far been pretty open ended has -- is perceived to maybe be at more risk from what the frontier labs may or may not be pursuing. So maybe in the context of the opportunity ocean commentary in your prepared remarks, can you help us with a deeper explanation and understanding of what your current nature of relationship, partnership and integration is with the frontier labs and the frontier models? And how should we very critically think about the durability of your moat from any potential commoditization from an architectural or technical or, frankly, any other relevant contextual standpoint?

Yes, great question. So when you look at what we've built, and I talked about this in the prepared remarks, we're a net data creator, right? We have telemetry that we create from our agents and from other parts of our platform that is unique. We put it into various data stores, including next-gen SIEM and our Threat Graph. And we're able to understand the threats in real time with real-time prevention. That's vastly different than what the LLM providers and frontier models do. Now certainly, we leverage the frontier models. We have our own small language models. We have our own curated data. So I think we get the best of both worlds, but we're doing this in a platform that is driving consolidation that we've got millions and millions of workflows on already and becomes very, very sticky. So from the standpoint of our next-gen SIEM, you've got to look at the next-gen SOC opportunity and what we're doing with Charlotte and the agents that we've created, where we're driving meaningful change in a SOC or overall driving down costs and getting better outcomes, and we're doing it in a compliant way. To be a security vendor, you have to have trust. Customers are driven by compliance, and we are the epicenter of creating this data. So what we also are open to is having an open model. We have customers that create their own agents that leverage our technologies, that leverage our MCP services. And this is part of having an open platform, which is why our customers love CrowdStrike.

Our next question comes from Saket Kalia at Barclays.

Great finish to the year. George, maybe for you. The cloud security business, I think, is the biggest piece of kind of that 3 platform product group, if you will. And it's continued to add a consistent amount of net new ARR dollars over the last few years, which has been great to see. Maybe the question is how do you see the competitive environment in cloud security right now. And how do you think about the longevity of the growth in that market as you look out onto the future?

Well, when we look at the cloud market, I couldn't be prouder of our execution and the products that we brought to market. One of the areas that we focused on, as you know, for a long time, is runtime protection, and that's the technology that really is focused on stopping breaches. And I think customers have realized just by having the ability to understand sort of exposures doesn't mean you're going to stop the breach. So with our CSPM technology with -- a lot of the other technologies that we have acquired like Falcon Shield, it has become an extremely potent offering for our customers. And again, why is it resonating? One, the technology works. Two, it all works together, and we're able to drive down cost, complexity and get a better outcome, which is stopping the breach. It's not just about reporting on some exposures. It's about understanding the overall control plane in the cloud and being able to protect it. And we're giving the customers what they want, and that's the right outcome at a much lower cost than the competitors that are out there. So I think that's why, in a nutshell, you're seeing the results in our cloud business.

Our next question comes from Brian Essex at JPMorgan.

Congrats on some nice results. And Burt, congrats on the return to GAAP profitability. Really good to see. Maybe a quick question for you, George, on identity. Great to see the acceleration there. Could you unpack that business a little bit and help us understand? I mean, obviously, identity was one of the segments that was part of the CCP incentive plans that you guys were pursuing. How much of the resurgence in growth there on the identity side is, I guess, renewal of CCP or Flex deals versus net new kind of emerging identity product? It would be great to get a feel underneath the covers there.

Well, it's one of the modules everyone wanted, and certainly, it was a fan favorite in the days of CCP. So we're seeing success from that. And as I have mentioned many times, once a customer engages with the module, there's an extremely high percentage that they're going to continue to renew that. So we continue to see that. But I think overall, you have to look at the threat landscape and the fact that identity is really one of the -- compromised identity, it's really one of the #1 drivers of breaches, and customers are being -- are focused on being able to protect those identities, both in the cloud and on-premise, if you will, and there's a massive compliance need for something like ITDR. So we're getting the benefit from the platform consolidation piece, and we're also getting the benefit from having a very mature stack now. Not only can we prevent these sort of breaches with ITDR, but you include now Falcon Shield protecting SaaS identities. And then you kind of look at what we've done with our PAM offering. It's been very, very well received by our customers. So I think that's why you're seeing our opportunity to continue to grow there. And as I said earlier, we couldn't be more excited about the SGNL.ai acquisition that we just completed.

Our next question comes from Brad Zelnick at Deutsche Bank.

George, Burt, congrats on a really strong finish to the year, an impressive ARR guidance out of the gate for next year, implying 22.5% net new growth, which is above your prior commentary and now off of even a higher base. After such a strong fiscal '26, this obviously stands out in a very good way. Can you talk about the building blocks that get you there and especially how to think about the renewal opportunity that you have visibility to and the expansion opportunity given just how much you can address today versus when many of those customers might have last transacted?

Brad, thanks for your comments, and I'll give you an insight into how we thought about the guide. I mean first and foremost, it starts with the strong momentum that we're seeing in the business. We saw in Q4 broad-based demand from all sizes of businesses -- from all business sizes, whether it's enterprise all the way down to MSSPs. And then that rolled over into Q1 when we talked about the record Q1 pipeline, which grew 49% year-over-year. Then as George mentioned, CrowdStrike is thriving in this AI revolution. We are not only leveraging AI within the entire platform, but our platform also helps organizations use AI security, and that's the key. And then I think we're still benefiting from the consolidation tailwinds. Customers continue to seek the best outcomes at the lower TCO, which we [ help ] to provide. And the consolidation really comes from the strength of our platform. You look at cloud, Next-Gen Identity and Next-Gen SIEM collectively, we posted a record net new ARR, resulting in $1.9 billion in ending ARR, up 45% year-over-year. Now look at endpoint. That accelerated for the second straight quarter on the heels of AI-driven demand. And then you tag onto that the success that we saw in Flex. We added over 350 Flex customers in Q4. The average Flex customer ending ARR that was over $1 million, those guys have adopted nearly 10 modules well over our company average. And then re-Flex, we have greater than 380 re-Flex customers. The average time for our re-Flex is 7 months. 100 customers re-Flexed multiple times with the average ARR lift post re-flex for this cohort was 48%. These are really, really great numbers for us. And so you combine all those things and other things gave us the confidence to be able to come out with the guide that we came out with for that new ARR for next year.

Our next question comes from Matt Hedberg at RBC.

Congrats from me as well. George, I wanted to ask about pricing. Obviously, Flex and re-Flex is doing extremely well, but there's obviously a lot of concerns that I think we're all seeing out there about potentially fewer knowledge worker seats in the future due to AI. The flip side to that is way more agents. So I guess two-part question. First, how do you think about agent pricing? And second, how well does Flex position customers for this potential mix shift? And could consumption become a bigger element to the growth algorithm?

Well, when we look at the overall threat landscape and how we go to market, obviously, we protect endpoints and cloud workloads. You have to look at those in totality, but now we have the opportunity to protect AI agents, and industry stats is that each knowledge worker will have 90 AI agents. So even if the mix moves around, we have a massive opportunity to protect AI agents. We have a massive opportunity to protect all of these AI cloud workloads. And from what I've seen in different technology shifts, we tend to create more opportunity as technology advances, not less opportunity. So that's the way we would view that piece of it. In terms of Flex, look, it's been a smashing success. There's a reason why some so many other companies sort of copied our model or tried to copy it. Customers like it. You can see the success in the numbers, and it just makes it so much easier to help customers very quickly. You look at the acquisitions we did. They were available immediately to customers as soon as the deal closed and/or we went to a GA, but we didn't have to go through another procurement cycle. So that's really the model that we're leading with going to market this year, and we couldn't be more excited about it. And I think the Flex results speak for themselves.

Our next question comes from Roger Boyd at UBS.

Great. Can you hear me okay?

Yes, go ahead.

Okay. Great. George, I want to go back to your comments on why you're best positioned to benefit from AI SOC. And I appreciate your comments around your approach of tech plus human expertise and the flywheel that creates, giving you an advantage in terms of operationalizing this technology. I think it's also maybe the lowest friction way for some enterprises to benefit from some of this emerging tech. And I guess with that in mind, what sort of growth are you seeing with some of the managed service offerings like completing Overwatch relative to the acceleration you're seeing in the overall endpoint business right now?

Yes. Those businesses continue to grow extremely well. And when you look at why, it's because we're getting the right outcome that customers need. One of the things that we track is mean time to detection, mean time to remediation. We are absolutely best in class for customers. Very difficult for them to replicate what we do. Why? Because it's the network effect, right? It's the full view that we see in over 176 countries where we actually have our software operating. So when you're at the tip of the spear in seeing the activity through our technology, the tip of the spear in responding to some of the biggest breaches in the world combined with our threat intelligence, you've got the right understanding and the right DNA to create the right technology and outcome for customers. So that's what we continue to see. Obviously, they're leveraging our technology, and we're providing the automation. But there are many, many customers who don't have the skills or expertise to get the outcomes that we provide, which is stopping the breach, identifying these sort of threats, remediating much faster than they ever could and ultimately giving them the best outcome for a cost that it's very hard to replicate. And that's why it's been a fantastic success for us.

Our next question comes from Gabriela Borges at Goldman Sachs.

George, I really appreciated your description on what LLMs are not and as it pertains to the RLHF commentary. I want to ask you the opposite question. What do you think the role is of Anthropic in cybersecurity use cases, whether it's on the coding side or the pen testing side or even the data aggregation side? What role do you think they should have?

I mean, I guess, I'll talk just in general terms for LLM providers. And they're certainly good at a lot of things. You can help sort through lots of data very quickly. And it's something that the security industry and most security players are leveraging. In our particular case, we certainly leverage technology like that, but we've built our own bespoke models depending on the module and trained in a certain way, with the vertical expertise to get the right outcome. Here's what you have to remember, is that what customers want is real-time prevention. You have to be in line. You have to be able to get the data in milliseconds, and you have to make a decision. That's not the case with an LLM. There's many great things it can do, and it's certainly a fantastic technology, but it's not stopping any breaches in real time. And that's one of the areas, I think, again, where we shine. So from my perspective, we continue to work with them. We continue to partner with them and amazing technologies. And I think it really is going to be the better together approach as the industry goes forward. Customers want to leverage their own models. We leverage Nemotron with NVIDIA. It's an unbelievable time to be in tech, and you're going to have agents talk to agents and our agents talking to customer agents that are inside their network. But at the end of the day, as the platform system of record for security, this is where you want to be. It is a very sticky place. We create the data. We curate the data. And again, we want to be open and work with any of the models that are out there, and we want to meet our customers where they have AI and leverage their technologies as well as ours.

Our next question comes from Todd Weller at Stephens.

Yes. Appreciate the question. George, this is the second quarter of endpoint acceleration. Can you talk about what's driving that, how you think about the durability of the growth acceleration? And then related to this, there's been a lot of action in the market recently around browser security. Do you see that as a new category or as an extension of endpoint?

Well, when you think about endpoint acceleration, it's a simple answer, AI. We've talked about it, and we're showing it in the results. And I mean one of the biggest things you look at -- OpenClaw comes out. Our customers immediately are looking at all of our technologies to be able to identify it, put controls around it and make sure that they can leverage these technologies in an efficient and compliant way. So that's where AI meets -- the rubber meets the road, is at the endpoint, and that's how people consume it. So that's where we're seeing it. And then you combine that with browser security. That's really the front door now for how people are interacting with AI models and LLMs and the various technologies that are out there as well as how threats get into the environment. So you combine that with our agent and the ability to have protection across any browser, not just ask an organization to switch their browser. We can protect any browser that's out there. We tie it into our identity stack. And I can tell you, the feedback from our customers, as soon as we made the announcement, they were looking at how fast can we get this technology because they know on our platform, it's going to be additive for them. And we're excited about the category and the great company in Seraphic that we acquired.

Our next question comes from Dan Ives at Wedbush.

Yes. It's a great, great quarter as always. I -- So George, I was going to say what -- when it comes to Anthropic and Claude and obviously all the worries out there and you hear in the Q&A., to some extent, can't this also be a huge benefit to you as it just further spreads the word and customers realize essentially what they don't have and you do have, especially with the Microsoft partnership at the same time?

Yes, Dan, as I said in my prepared remarks, AI is a tailwind for us. And I mean I take a simple approach, is will we have more AI in the next year or 2 or 5 years. And for me, the answer is absolutely yes. And if that AI is being deployed with AI agents, you're going to need protection. You're going to need something like AIDR. You're going to need identity security. You're going to need browser security. You're going to need compliance around this. And that's the way we look at it. And again, we leverage the technologies that are out there. Why wouldn't we? And we have our own unique IP and our own model. So we get the best of both worlds, and there's many things that customers are looking for in these workflows and sort of data curation and knowledge in the security industry that you can't just get from a general LLM model. So I've talked about this before, and it's a great opportunity to work together. And that's really what we're focused on.

This concludes today's question-and-answer session.

All right. So thanks, everyone, for their time today. We appreciate your continued support and look forward to seeing you at our upcoming events. Thanks so much.