Rapid7, Inc. (RPD) Q2 2025 Earnings Report, Transcript and Summary

Good day, everyone. My name is Leila, and I will be your conference operator today. At this time, I would like to welcome you to the Q2 2025 Rapid7 Earnings Call. [Operator Instructions] At this time, I would like to turn the call over to Elizabeth Chwalk, Vice President of Investor Relations.

Thank you, operator, and good afternoon, everyone. We appreciate you joining us today to discuss Rapid7's second quarter 2025 financial and operating results in addition to our financial outlook for the third quarter and full fiscal year 2025. With me on the call today are Corey Thomas, our CEO; and Tim Adams, our CFO. We have distributed our earnings press release over the wire, and it is now posted on our website at investors.rapid7.com, along with the updated company presentation and financial metrics file. This call is being broadcast live via webcast, and following the call, an audio replay will be available at investors.rapid7.com. During this call, we may make statements related to our business that are considered forward-looking under federal securities laws. These statements are made pursuant to the safe harbor provisions of the Private Securities Litigation Reform Act of 1995 and include statements related to the company's financial guidance for the third quarter and full year 2025 and the assumptions underlying such goals and guidance. These forward-looking statements are based on our current expectations and beliefs and on information currently available to us. Actual outcomes and results may differ materially from the future results expressed or implied in these statements due to a number of risks and uncertainties, including those contained in our most recent quarterly report on Form 10-Q filed on May 12, 2025, and in the subsequent reports that we file with the SEC. The information provided on this conference call should be considered in light of such risks. Actual results and the timing of certain events may differ materially from the results or timing predicted or implied by such forward-looking statements, and reported results should not be considered as an indication of future performance. Rapid7 does not assume any obligation to update the information presented on this conference call, except to the extent required by applicable law. Our commentary today will primarily be in non-GAAP terms and reconciliations between our historical GAAP and non-GAAP results can be found in today's earnings press release and on our website at investors.rapid7.com. At times in our prepared remarks or in responses to your questions, we may offer incremental metrics to provide greater insight into the dynamics of our business or our quarterly results. Please be advised that this additional detail may be onetime in nature, and we may or may not update these metrics in the future. With that, I'd like to turn the call over to our CEO, Corey Thomas. Corey?

Thank you, Elizabeth, and welcome to everyone joining us on the call today. Rapid7 ended the second quarter with $841 million in ARR, in line with our expectations and growing 3% year-over-year. Revenue and profitability were ahead of our outlook, and our business generated strong free cash flow of $42 million. While customer spending scrutiny persists, our detection and response business continues to be a core growth driver, which now represents over half of our ARR and continues to grow in the mid-teens year-over-year. We also saw encouraging pipeline growth in exposure management in response to product investments we have made in our command platform strategy. The key message I want to leave you with today is that we are uniquely positioned to capitalize on the escalating customer demand to bring AI tools and capabilities into the SOC. We have years of experience operating in security operations centers with our scaled software and services MDR business, and this gives us a tremendous head start with proprietary data and experience. We're taking focused action to enhance our go-to-market capabilities, including today's announcement of our new Chief Commercial Officer. As we will discuss, we today have the products and the capabilities to win, accelerating our organizational focus to capitalize on this and match our product capabilities with faster revenue growth is our top organizational priority. First, let's recap the most recent quarter. We experienced a solid second quarter that reflects strong performance globally, particularly in our larger deal segments. We won a number of meaningful consolidation opportunities at higher ASPs. This validates our strategic position in the market. Deal cycles remain extended, but we're seeing strong adoption among enterprises willing to make larger investments in comprehensive security solutions. And we have a number of signature 7-figure wins this quarter that are highly validating both of our product capabilities and the value of our integrated offerings. While these higher-value consolidation deals naturally have longer cycle times, the quality and scale of opportunities we're pursuing and in particular, the ones that we have won demonstrate clear market validation of our approach. We're optimistic about our strategy while maintaining realistic expectations around the extended deal cycles that naturally accompany these substantial commitments. I'm excited to share that ahead of Black Hat this week, we announced a significant milestone in our journey to deliver truly integrated security operations that give customers command of their end-to-end attack surface. We built the Command platform to unify all customer data, not just the data that we collect, so that organizations get the facts from the beginning and reduce their time to action. Our new next-gen SIEM Incident Command has the power to scale detection and response operations with expertise from our decades of SOC expertise and Agentic AI integrated directly within the workflows that customers use every day. We launched the first phase of the Command platform last year with Surface Command and Exposure Command. And now with Incident Command, we have delivered a fully integrated platform for security operations and management. This enables our partners and our MDR team to fully leverage a unified AI-driven platform that provides complete visibility into customers' environments with the ability to leverage data on demand to minimize the attack surface and respond to threats in real time. Rapid7 is the only cybersecurity vendor with years of learnings from operating a managed SOC offering, including the past year activating and developing our own proprietary AI agents and our unique capabilities and experience give us a huge advantage in this growing market. Incident Command now provides customers with the easy packaging and platform integration to activate this. Coming out of the second quarter, one theme is clear. Customers are increasingly focused on collecting more of their security data and leveraging AI in the SOC to drive measurable outcomes. Security teams need platforms that provide a more comprehensive view of their risk surface while delivering more efficient, transparent and accelerated decision-making and response. We see growing demand for unified attack surface visibility to simplify risk management and the mounting regulatory pressure is reinforcing the need for integrated compliance and reporting. These priorities align directly with our platform strategy, which continues to be focused on expert-guided AI, automation and providing strong ROI for customers. We benefit from the head start we have given the years of operating our own security operations center and all the learnings that accompany making us uniquely positioned in this market. Our long-term strategy continues to focus on scaling our leading AI-driven security operations platform. At the center of this strategy is the Command platform, which integrates native telemetry, open data ingestion, curated intelligence and automation into a single system of record for risk and response. It's built on 3 core differentiators. First, our open platform with over 500 integration, it solves a fundamental challenge for security teams, fragmented and conflicting views of the attack surface. The Command platform brings together diverse data sources into a single, deconflicted and contextualized view, giving customers a holistic understanding of the environment and the risk it represents. Second, our expert trained Agentic AI workflows are built on years of SOC expertise, trained on live playbooks and refined through real-world analyst feedback. These are not generic models. They are proprietary and purpose-built engines that improve outcomes in real time. And these Agentic AI workflows are fully embedded in our MDR offering. Third, customers are looking for automated measurable progress. And we don't just surface alerts. We drive outcomes, whether that's reducing noise through AI-informed active response, prioritizing toxic misconfigurations to maximize remediation or coordinating faster incident response. Our platform helps security teams reduce mean time to detect, respond and remediate. These innovations continue to drive our leadership position in the growing detection and response market, our largest product segment, led by our managed offerings. During the second quarter, we advanced our enterprise MDR rollout with the addition of co- managed detection, expanded support for operational cloud environments and new SOC capacity in India. These investments strengthen our ability to support larger enterprise use cases that demand hybrid visibility, AI-powered automation and human expertise. We're starting to see our enterprise MDR investments begin to pay off, and we think we're just getting started. For example, during the second quarter, we signed a multiyear, multimillion dollar agreement with a major U.K.-based retailer that consolidated its security operations stack on Rapid7's command platform. After years of managing fragmented tools across multiple vendors with limited visibility, this customer selected our MDR-led solution to unify detection response and exposure management. Our ability to deliver deep coverage, asset-level context and expert trained AI resonated throughout a highly competitive process. The decision to replace multiple incumbent vendors at a large enterprise with our Command platform underscores the growing demand for Rapid7's integrated AI-driven security operations. Shifting to our exposure management business. As we've discussed, a key pillar of our platform strategy is helping customers move from siloed stand-alone tools to an integrated outcome-driven security operations model. In exposure management, that means upgrading customers from traditional vulnerability management products to our unified risk and exposure management solution, Exposure Command. Built directly into the Command platform, Exposure Command provides a single contextualized view of risk across both on-premise and cloud environments, enabling faster, more precise prioritization and remediation. By eliminating fragmented tools and manual integration and giving customers a more complete AI-powered understanding of their risk surface, Rapid7 is firmly positioned as a strategic consolidation platform for modern security operations. Before I turn the call over to Tim, I want to briefly address our updated outlook. We're narrowing our full year ARR guidance range to $850 million to $865 million. As you know, budget dollars and new commitments are subject to normal seasonality and are typically Q4 concentrated. Given a number of macro factors impacting our customers and the back-end loaded nature of our new business cadence, we think it's prudent to provide this updated color. That said, we internally continue to target better pipeline conversion as we firmly believe our product offerings give us the right to win more business in the market. Accelerating our revenue growth rate to match the underlying strength of our product portfolio is a core focus. The remainder of our guidance items remains unchanged. In closing, I want to reiterate the confidence we have in our strategy and in our team's ability to execute against it. We have a clear path forward with AI-driven managed detection response as it continues to drive healthy growth and our differentiated command platform rooted in automation, integration and expert guided AI is more relevant than ever. We're seeing early proof points. We're doing the hard work, and we remain focused on delivering meaningful outcomes for our customers, our shareholders and our team. Thank you for joining us on the call today. I appreciate your support, and I will now turn the call over to Tim to walk through the results in more detail.

Thank you, Corey, and good afternoon to everyone. We appreciate you taking the time to join us on today's call. Before I turn to the results, a quick reminder that except for revenue, all financial results we will discuss today are non-GAAP financial measures, unless otherwise stated. Additionally, reconciliations between our GAAP and non-GAAP results can be found in our earnings press release. Rapid7 ended the second quarter of 2025 with $840 million in ARR, representing growth of 3% over the prior year. Revenue and profitability were above our guided ranges, and we continue to see healthy growth in detection and response and early progress in Exposure Command adoption. While the customer spending environment remains mixed, particularly in North American mid-market, the operating discipline and flexibility we built into our business model continues to serve us well, and we remain focused on executing against our long-term strategy to deliver durable growth and expand free cash flow over time. Turning to our financial results for the second quarter. Year-over-year ARR growth in the second quarter was split fairly evenly between new and existing customers, ending the second quarter with 11,643 customers globally and average ARR per customer of $72,000. Second quarter revenue of $214 million grew 3% year-over-year and exceeded our guided range. Product subscription revenue grew 4% year-over-year to $208 million, supported by favorable bookings linearity in the quarter. Professional services declined year-over- year, consistent with our decision to deemphasize certain lower-margin services. International revenue represented 25% of total revenue and grew 10% over the prior year. On profitability measures, our product gross margin was 76% and total gross margin was 74%. Sales and marketing expenses were 33% of revenue, in line with the prior year. R&D and G&A expenses were 17% and 6% of revenue, respectively, compared to 15% and 7% in the prior year. Operating income for the second quarter was $36 million and above our guidance range, driven by timing of spending as we continue to focus on making targeted growth investments as well as scaling our India innovation center during the second half. Adjusted EBITDA was $43 million in the quarter and non-GAAP net income per share was $0.58. Turning to our balance sheet and cash flow statement. We ended the second quarter with cash, cash equivalents and investments of $600 million compared to $592 million at the end of the first quarter. In May, we fully repaid the remaining $46 million balance of our 2025 convertible notes. We generated free cash flow of $42 million in the second quarter, bringing our year-to-date free cash flow to $67 million. Additionally, we entered into a new $200 million revolving credit facility. While we have no immediate plans to draw on it, the facility adds incremental flexibility and reinforces our already strong liquidity position. This brings us to our outlook for the remainder of the year. For the full year 2025, we are narrowing our full year ARR guidance range to $850 million to $865 million compared to our prior range of $850 million to $880 million. Additionally, we expect Q3 ending ARR of approximately $840 million, with net new ARR for the year weighted heavily to the fourth quarter. As Corey said, we will continue to target stronger pipeline conversion rates in the back half. We believe it's prudent to provide this additional context given ongoing macro uncertainty and the seasonal weighting of Q4. We are maintaining our full year revenue guidance range of $853 million to $863 million, representing revenue growth of 1% to 2%. Recurring product revenue growth will continue to outpace total revenue growth, partially offset by year-over-year declines in professional services. We are also reiterating our full year operating income range of $125 million to $135 million as well as our full year free cash flow range of $125 million to $135 million. We now expect non-GAAP net income per share of $1.90 to $2.03 based on approximately 75.8 million diluted weighted average shares outstanding. For the third quarter, we expect revenue in the range of $215 million to $217 million, up roughly 1% from the prior year. We expect non-GAAP operating income between $29 million to $31 million and non-GAAP net income per share of $0.44 to $0.47 based on approximately 75.8 million diluted weighted average shares outstanding. To close, we remain focused on disciplined execution as we manage through a dynamic environment. We continue to see a resilient detection and response business, growing customer interest in our platform strategy and a durable model that supports both innovation and strong free cash flow generation. We believe these fundamentals position us well for long-term value creation. With that, I will turn the call back over to Corey.

Thank you, Tim. Before we open up the call for questions, I want to address 2 important organizational updates that position Rapid7 for continued success as we execute our strategy. First, I want to share that Tim Adams intends to retire from his role as Chief Financial Officer. Tim has been an exceptional partner over the past 3 years, got us through significant transformation while maintaining strong financial discipline and operational excellence. His leadership has been instrumental in navigating both growth investments and strategic realignments, including our previous restructuring efforts that helped position us for profitable growth. Tim has committed to remaining at Rapid7 until we identify and onboard his successor to ensure a seamless transition. We've engaged a leading executive search firm to conduct a comprehensive search process. I want to thank Tim for his continued dedication to Rapid7 and his commitment to seeing us through this important transition. His contributions have been invaluable, and we wish him all the best as he approaches his next chapter. Second, I'm thrilled to announce that we've appointed [indiscernible] as our new Chief Commercial Officer. This newly created role underscores our commitment to driving our go-to-market capabilities to accelerate revenue growth. We have spent the past year significantly investing in our product capabilities, particularly MDR and in Exposure Command. We believe that our product offerings today are industry-leading with highly differentiated capabilities. Alan joins us as we enter the next critical phase of delivering on this, driving the acceleration of our go-to-market efforts to capitalize on our unique product offerings. With detection response now representing over half of our business and demonstrating strong growth opportunities, we have both an expanding product portfolio and significant upgrade opportunity ahead of us. Our Command platform provides a straightforward upsell motion across our entire portfolio from VM to cloud to exposure management, SIEM and MDR. Recent customer validation, combined with the now complete integration of our technologies on our Command platform creates significant opportunities. Our focus is now on growth and market adoption and how we operationalize our go-to-market engine, which is what matters most at this time. Alan brings the exact expertise we need. He has deep expertise in our core markets and importantly, is an exceptional operator who knows how to scale commercial organizations through periods of transformation. With over 25 years of experience, Alan has a proven track record of scaling go-to-market motions, accelerating revenue growth in software and specifically in cybersecurity businesses. Throughout his career, Alan has consistently delivered revenue growth and operational excellence, successfully leading companies through periods of significant transformation. His expertise in building high- performing sales organizations and executing complex go-to-market strategies makes him the ideal leader to help us operationalize our platform strategy. Alan will oversee our global sales organization, partner ecosystem and revenue operations, ensuring we execute with precision as we capture the significant opportunities in front of us. His operational rigor and deep understanding of our markets make him an ideal leader to help us maximize our commercial potential. As we continue to drive innovation and capture market share, having world-class operational leadership will be critical to delivering value to our customers and driving sustainable profitable growth for our shareholders. We remain confident in our strategy, our team and our ability to be the platform of choice for the modern SOC. Thank you for joining us on the call today. And with that, we will now open up the call for questions. Operator?

[Operator Instructions] Our first question will come from Matt Hedberg with RBC.

I wanted to -- so D&R continues to do well. And I'm curious, I wanted to double-click on that and ask specifically about MDR in there. I know it's a pretty significant portion of that business and had been seeing some strong demand trends. Just curious if you could give us a bit more of an update on MDR.

Yes. We continue to see strong demand trends. I'll remind you that we started the MDR expansion a few years ago, and it's been a core growth engine of the business. D&R in total is over half of our overall business. But even with the success we've seen, we were only really addressing part of the overall customer market. Earlier this year, we launched our customization and expansion offering that we just call -- happen to call enterprise and D&R. But really, what it was about was accepting all data and all workloads from customers and being able to manage that at quality and at scale. We couldn't have done it without the investments that we have been doing behind the scenes on our own AI technology that we have been rolling out steadily, which we are continuing to invest in. And so we look at detection and response as a major growth area. If you just take a step back and look at the fundamentals is every organization is under increasing pressure to actually manage their entire data set and their entire security operations on a 24/7 basis. The regulatory pressure is increasing. The amount of their environment is becoming more complex, especially if you consider not just SaaS, but also the fact that you're now having lots of custom AI-driven applications. And so the ability to be able to monitor that complexity, people need people that are not just deploying technology, but they also actually have the active ability to actually manage and separate the signal from the noise. And that's what we've been focused on, but our whole goal is to actually make sure we can do that at quality. So that's a continued expansion area. We're investing both in the team and the services around that and the AI to support that, but that's a big investment area for us.

Got it. And then maybe you mentioned, Corey, net new ARR is weighted towards Q4, recognizing it was a good quarter relative to expectations and you did temper full year. Just can you just underscore the confidence that you see kind of specifically in 4Q which seemingly could set a good foundation for '26?

Yes. And by the way, if you look at what we had in Q2, we saw that higher concentration of larger, more strategic deals. And so frankly, what we're looking at is really, we have a great mix of strategic deals that we're winning and converting. The deal cycles are longer because we're seeing larger, more strategic concentration. And so we're always tentative like not actually trying to estimate timing too precisely. But when we look at over the course of the year, when you look across Q3 and Q4, we see many different paths to actually achieve the range, which is why we actually tightened up the range so -- we also, frankly, like if you look at Q3, we don't want to actually estimate timing too precisely. We got burned on that early in the year, even though many of those deals closed. And we had a healthy momentum actually in Q2, but we see more than that pipeline to actually be in the guided range. We always are a little bit more back-end loaded. If you look at every year. Last year, we had a very robust Q4 -- we probably are in great shape to actually have a healthy Q4 this year or home back in part of the year. But what we really look at is the fundamentals of like what's the pipeline, how we're doing on conversion and how we set ourselves up. But we want to make sure that we are in a range that we actually have confidence that we can achieve, and that's why we tightened the range and made it a bit more focused.

Matt, if you pencil out the numbers -- yes, if you look at the midpoint of the guide, Q4 of this year is expected to be very similar to what we saw a year ago in Q4. So we've done that before.

Got it. And then Tim best of luck in the next chapter of your life.

Matt, thank you. I appreciate it.

Your next question will come from Junaid Siddiqui with Truist.

Corey, could you comment on the progress of some of the various sales and channel enablement initiatives you've undertaken to drive adoption of your Exposure Command platform and how they're tracking?

Yes, absolutely. I think what you're alluding to is the fact that we actually shifted last year to take more investment in our partner channel ecosystem. And we watch that's going well. We're getting good feedback from our partners. We're starting to scale that business. As I talked about earlier in the year is that, that was going to be a ramp overall. One thing that we're finding that is, I would say, good in the midterm, but was somewhat different than what we expected originally is when we originally launched Exposure Command, we expected it to be a smaller dollar, 10% to 20% uplift upgrade cycle. And we've continued to develop a robust pipeline around that. What we're actually finding is that it is actually a more strategic choice, and we're finding that we're willing larger deals, but the deal cycles are longer, but also the ASPs are significantly higher than we estimated, which is, I think, positive in the midterm, but we're not necessarily getting the 10% to 20% upgrades that we originally expected between us and our partners. But our partners are excited by the ability to actually win larger workloads for customers. So we have readjusted in our guidance our expectation. Again, having customers consolidate, I gave one case study, but we have several different case studies where customers with the full attack surface management view have larger assets under management than they have with vulnerability management. It has been a great entree and starting to upgrade the cloud workloads. But again, those are much, much larger deals, much larger ASPs.

Your next question will come from Eric Heath with KeyBank.

Corey, great to hear the focus on accelerating growth. I guess what are some of the near-term and medium-term priorities to execute on that? And maybe some of the internal metrics you're measuring to understand how you're tracking towards those goals?

No, it's a great question. Look, I think our team has -- and we're continuing to invest in the product and the service. Look, at the end of the day, having robust investments in product and services is key, and that's been a big focus of the time. And our sellers and our customers really focus on both serving the customers and starting to get the story out about what we're doing because there's been lots of changes and investments in our technology stack over the last few years. As we think about operationalizing the platform, it's a big deal now to have our full technology stack on the platform to have some of the proof points and the evidence in MDR and the DNR space and to continue to expand our exposure offering. Part -- a big part of what we're doing is moving to really operationalize our expansion motion. If you think about sort of like the 2 big things that we actually have not nailed and we actually have to have improvement on that we're working with both our customer teams and our new CCO on is, one, we have to educate the market that the traction and the momentum that we have in the detection and response space. We are one of the larger and more successful companies. We have outstanding marks from our customers. We just had an exciting new release with Incident Command, but we have to actually do a good job of educating the market that we've successfully expanded beyond the traditional vulnerability management routes and that we're actually taking data and workloads of all sizes in. So that's one is making sure we actually educate the market. So that's a clear focus and doing that cost effectively, by the way. The second thing that we're sort of like are really focused on is we have to really build the operational engine for our expansion. We do it today, but we have a bunch of hard-working people that are actually going in and frankly, doing it much more manually. And so really building the rigor and the process around that expansion engine is a big focus that I actually have going forward. But it is a big deal that we can actually do it off of a fully integrated platform that's all upgraded, ingesting data across the environment on the Command platform, which was a big milestone for me and a big focus on both myself and the company over the last year.

Yes. That's great. I just want to -- if I could, just help me understand a little bit better what's incremental with the Incident Command platform versus the prior iteration. Is this just more holistic data capture onto a single unified interface? And is there any sort of customer migration activity that's needed to get on to that platform?

The upgrade is going to be very straightforward and easy, and it's a lot that's actually incremental. So like if you look at the core fundamentals is we've actually made it easy to actually consume both more raw data and more alert data and telemetry into the platform. So it's just like the rest of the Command platform, it's about both the data that we collect, but it's also is actually rationalizing the master system record data. The second thing that it actually has its core is it has a fully built-in threat intelligence platform that actually takes a lot of the noise that you get in and helps make sense, but also helps correlate your data about real-world threats and attacks that we're seeing in the environment. And probably the biggest single piece of the upgrade is we've been training and working with Incident Command as part of our MDR offering and training and optimizing it. And so customers out of the box get a full authentic experience. where it actually dispenses alerts, organizes it, puts it directly into the [indiscernible] framework and allows customers to actually not have to actually go through and do their own research. It provides a clear point of view about what's deduplicated, what's not, what's likely a threat, what's not a threat. And it actually starts to do the work for all of our customers in the SOC. Again, this was trained on the data that's actually helped our own MDR team scale and our customers and our partners' MDR team scale in their environment. Keep in mind, our managed detection response is both us, but we have a lot of partners that do that, and we've been making these technologies available steady to those partners.

Your next question will come from Michael Cikos with Needham.

This is Jeff Hopson on for Mike. We've seen companies that had deals slipped from Q1 to Q2 from Liberation Day and then now Q2 to Q3 in some cases. Is this something you guys are seeing that could end up pushing even more to Q4 even more than last year?

Yes, it's a great question. So one is, we definitely saw it in Q2 -- I mean, Q1. And in Q2, we were more prepared for it. So we actually felt like things ended up quite healthy in Q2. But I mean, to be clear, there are some things that came in, there are some things that actually were delayed to slip, but we overall felt quite healthy. We are not -- just to be clear, our baseline assumption right now is that deals will move around. This is why we gave you what we consider a prudent outlook that Tim gave in the outlook. And look, deals with one, we have more larger deals. They're more strategic. They're more concentrated. They actually have more scrutiny. And so there's a range of a couple of million dollars that actually happens. We don't think that's a big deal, which is why we really focused on the outlook for the overall year. But I would say Q2, we felt good about the mix. Q3, we assume that it's stable. A few deals may slip that can actually add some incremental pressure, but that's why we're managing to the full year outlook, not really focused on sort of like the Q2, Q4 timing because we found that, that wasn't as big a deal once we actually got through April.

Got it. And could you just give an update on the time line of the investments in the India SOC -- the stock has come up a lot in discussions. And just curious of how that's been going.

Yes, it's a good question. It's a ramping. What I would say is that we're ramping capacity, but just as importantly, we're adding capacity and frankly, accelerating, and we're going to continue to accelerate the capacity of what our AI engine can do. We have a global 24/7 stock around the world that actually operates in the U.S., operates in Europe, operates in the Asia Pacific region. And so adding India is another region because we do believe that AI gives us scale, but we think people matter. We think security is an ever-evolving thing. And so this is an ideal area where you actually take AI and you actually push it. The fact of matter is we love the fact that our security operations team pushes our engineering team aggressively and has actually helped push the bar, not just on the success we have but it's also pushed us aggressively to actually do even more from where we are today. And we think that's a very healthy dynamic. And I think the customers are incident command and then able to see that value directly in the product.

Jeff, when you see it hit in the P&L, it's definitely ramping up in the second half of the year. If you look at the OI guide for Q3, it's a pinch below where we landed in Q2. That's really the investment really starting to tick up in Q3 and Q4 of this year.

Your next question will come from Joshua Tilton with Wolfe Research.

Can you guys hear me?

Yes, Josh.

Yes.

Awesome. Congrats on the results. I have 2. The first one, you guys kind of sort of addressed it, but I guess I'm still a little unsure as to why you guys are lowering the high end of the ARR guide. I think you said that the ARR this quarter was in line with your expectations. There was better bookings linearity. It sounds like there's still deal scrutiny, but it hasn't gotten worse than last quarter. So I'm just trying to understand why exactly is the high end of the guide coming down? That's my first one.

Yes. It's a great question. So the core of it is if you look at what's happened on a fundamentals basis, we're continuing to build total pipe. We are seeing a larger concentration of more strategic deals that are FX. And you know our history, but that's actually a new thing that we're actually going through. And we actually think it's prudent not to be out over our skis. So we have high confidence in the guidance range. Could we do better than that? Yes. But our focus has actually given investors a high-quality range that we actually feel good on, especially when you actually have a back-end loaded year and you actually are seeing a higher concentration of larger and more strategic deals. We actually feel okay about the economy in general. We are seeing a deal mix shift up. But we also don't want to -- in a world that is volatile, let's just put it that way. We don't want to put all of our eggs in the basket of everything is going to actually be fine across the rest of the year. So we gave you what we actually thought is a range that we actually feel good about, especially as you look at sort of like the remainder of the year, and we can actually land the time and how it lands. But we have a good pipe and it's more robust there, but that's the focus. We want to make sure investors have a clear sense of where we are, where we actually have confidence and what we're seeing.

Okay. Makes sense. And maybe just my follow-up. You announced a new Chief Commercial Officer. I believe that's the title of the role. Corey, I think the words you used were drive go-to-market capabilities and accelerate revenue growth. Clearly, half the business is still doing pretty well. The other half of the business is obviously kind of lagging. Day 1, new Chief Commercial Officer, like what are his expectations? Like when would Core like to see him start to really make an improvement to the half of the business that's been kind of overshadowing the strong growth in D&R?

Yes. So one, I think that steady wins the race. So we have a high sense of urgency, but we want to focus on fundamentals. I expect to actually see continued success in D&R, and we don't want to sacrifice that because that's a robust market that's healthy, that has healthy trends overall. The biggest thing that we actually are going to focus on when it comes to the other parts of the business is really operationalizing the customer go-to-market and expansion engine. I think we have some efficiency gains to do. I think there are some things that actually make it easier for our sellers to actually get momentum. There are some market things that we have to do to actually make sure people actually are aware of where we are and that we're actually selling in a platform motion. And so I'm really expecting the leader to actually work with our teams on making things easier for our sellers to actually go not just tell the story, but be able to cross-sell and upsell more efficiently and effectively. If we do that, everything will actually follow and actually growth will follow. My expectation is to see improvements as we actually move into next year. And we'll continue to actually talk about that and educate you about where we are along the way. But I think we're doing off of a stronger base of a more integrated platform, but we don't want to lose the momentum that we actually have in D&R. What we really want to do is make the selling motion easier for our sellers.

Awesome. We are excited to see it.

Your next question will come from Aidan Perry with Piper Sandler.

Can you hear me?

Yes.

This is Aidan on for Rob Owens. It was great to see the recent FedRAMP achievement. And I understand it might still be early, but how are you thinking about the federal opportunity in longer term and your right to win in this area versus other competitive solutions?

Yes. We're very excited about it. If you look, we actually have some early customers that we've had for a while that they think is more about exception basis. We see a robust opportunity there because we have not had these certifications, and this is a catch-up area. And we see lots of healthy demand where we can help make those workloads more efficient, more effective, introduce some competition into the market. So this is a huge upside for us. That's it, it's the federal government. Deal cycles are actually longer. It's an impact that we expect to start seeing in '26. We got the certification. Our teams are out in the market now. We're frankly scaling the teams that are actually addressing the federal government workloads, but it's a benefit that we start -- expect to start seeing in '26. The federal government is one of the largest and most stable spenders on security, and we haven't been participating in the market. And I'm thrilled that we're actually doing it now, but we have to build up our capacity to actually do that well and not just in the narrow way that we've been doing it, but in a more expansive way. And so it provides a good opportunity in front of us.

Your next question will come from Gray Powell with BTIG.

Okay. Great. Can you guys hear me okay?

We can hear you.

All right. Awesome. I was a little slow on the trigger there. Great. So yes, look, I know that the MDR space is pretty fragmented. But I guess I'd be curious, like how does Zscaler's acquisition of Red Canary change the competitive landscape there, if at all? Do you see any potential discussions resulting from that acquisition or any potential tailwinds?

There could be some tailwinds. Look, Zscaler is an incredibly talented company. I have a lot of respect for Jay and the team there. I don't think it changed anything mostly because the MDR market is a highly fragmented market. So our focus is doing what we think we actually do best, which is offering a high-value solution to manage all of customer security data with a high-quality level of service. And I think we made great strides there. But frankly, we're ambitious. We plan to make even greater strides there, having a high bar for some -- our goal, and we have this history of Rapid7 around security and security focus. We want to be the best home in the world for security practitioners, but that also marries that with some of the latest advances in artificial intelligence to actually give customers a trusted provider of security solutions. I think if we do that, we'll be wildly successful. And I also think the market will be a highly fragmented market. And so I think because of that, it doesn't really change the dynamics overall, it's a noisy market. Frankly, I think we have not been the most effective that we could be telling our story and making sure people know how impactful and successful they are. Every time we meet customers and they actually look at it or they get references from other customers, they're constantly surprised about how impactful and how successful we are and the quality of service that we actually have. So we have to actually do a better job of telling our story, and that's frankly going to matter more than anything that's happening in the competitive environment. It's a big market. If you just zoom out, my estimate is that over 90% of the world will not have the capacity to do what's required from a security operations perspective, which is to manage and monitor all their data, all their telemetry on a 24/7 worldwide basis in an incredibly technology fragmented and highly regulatory environment. That's a massive opportunity, not just for us, not just for Zscaler, but for the world, and we have to compete effectively. But we're doing that from a scale position, from an innovative position and frankly, from a position where we actually are able to attract great cybersecurity talent.

Your next question will come from Adam Borg with Stifel.

Awesome. Can you hear me okay?

Just go ahead, Adam.

Maybe just for Corey. So as we think about the Command platform and the various pieces coming into place now with Incident Command, how do we think about just overall pricing and packaging? You just spent -- a few minutes ago, you talked a little bit about trying to make the selling motion easier for sellers. And just thinking when Alan joins, what's the opportunity around pricing and packaging given what you just mentioned?

Yes. Look, there's work that we have to do. We've done some -- we've gone through multiple iterations over the years with doing consolidation packages, which has helped on the initial sale. We have not actually nailed the pricing and packaging on the expansion motion. And even if you think about the success that we're having in Exposure Command, it's strategic success that's either really, really massive upgrades or significant new lands. And so we have to actually make it easier for our customers to actually adopt on the journey and actually take out bite-size increments and for our sellers to be able to actually sell the bite-size increments on the journey. So there's work to do there, just to be clear. I mean if you look at like where our growth is versus where our platform, it's actually very clear that we're actually taking in large complicated chunks. And the biggest drag on growth is we actually don't have the continuous expansion engine. And we own doing that, and we actually own doing that well. So that's a relatively large area of focus that gives us steady, frankly, better predictability over time because I love having some of the success that we're seeing in larger deals, I don't love not having the volume of transactions there. So it give us both more predictability, but it also materially actually assist in the revenue growth piece because we have 11,000 customers. We have a good story. We have to tell them that story, but we have to provide the right bite size chunks for people to buy it off. And so that will actually both help the growth, but it also help the overall customer experience.

That's great. And maybe just as a quick follow-up, number of customers modestly fell for 2 quarters [indiscernible]. When should we begin to see that stabilizing?

Yes. So I think what you're seeing is that we're doing quite well at adding strategic customers. Look, we have some -- what I would consider legacy customers and trade-off -- we owe you a measure to actually think about quality overall. It's not something I'm focused on at all is the customer count. I really want to shift it to be how many customers do we actually have, how far in the journey of customers fully leveraging the platform, how many coverage is our AI managed SOC managing, how many workloads are we managing and leveraging through AI, and that will represent significant growth. We'll grow customers. But like losing transactional customers while adding strategic customers, that's going to be noise for a little while. I won't even call it a headwind. It's just noise for a little while. We do owe you some better measures about how to actually see that equality. So I hope the team will work together on that. But it's not a big factor right now because it's a little bit noisy.

Yes, but still a lot of room to grow that ARR per customer.

It will be quality platform customer, too. But we have significant room on ARR per customer, and that's the focus, but we are also adding new customers in a quality way. But we are having like, again, sets of smaller dollar customers fall that are more transactional as we have larger, more strategic customers.

Your final question will come from Rudy Kessinger with D.A. Davidson.

Can you guys hear me okay?

Yes.

Yes, Rudy.

Okay. Great. So I want to kind of go back to Josh's question about lowering the ARR guide by $15 million on the top end. I think last quarter, you guys said the outlook kind of relied on some stabilization declines you're seeing in your VM business. I'm curious how that trended in the quarter. And because when I look at your ARR, if D&R has continued to grow in the mid-teens and make up an increase in mix, while your overall ARR growth has slowed, obviously, that math suggests that the declines in the rest of the business are actually worsening. So I'm curious if you could just give any color on that dynamic.

Yes. No, it's a great question. So the first thing is we are seeing very healthy both pipeline and conversion. It is much chunkier this year. So it's larger, more strategic deals. And frankly, we are getting better and better at forecasting those. but we don't want to be out over our skis. We saw exactly what we hope to see in Q2, and so we feel good about the overall Q2 dynamic. But we want to have a range that we actually had high confidence. To answer your core question is I'll answer it 2 ways. One, we have a massive D&R opportunity, and we expect both the work that we've done on the product side, but frankly, the work that we're investing on the sales side, we think that we actually have more growth capacity in the overall D&R business. And it's a larger, more strategic market. So we have laser sight and focus on that overall. The second thing that I would say is we are investing in the technology around both vulnerability management and exposure at the core level. But we think about that as an upgrade motion in the installed base and business. And we're frankly happy with what we're -- it's not what we expect to see because I don't want to. We expected to see a bunch of smaller dollar transactions. That would have given us higher predictability and concentration on growth. And what we're seeing is a robust pipeline build, but customers making strategic platform decisions. And again, frequently, they're choosing us, but instead of a smaller dollar 3- to 6-month sales cycle, we're definitely seeing a larger dollar 9- to 12-month sales cycle. And so part of what we're bringing it down is that like the smaller dollar high volume is much more predictable, and that was our base coming in. We like what we're seeing in the larger strategic consolidation dollars. We like what we're seeing in the upgrade motions. I gave you a couple of examples in the case studies early on. But those are a little bit trickier to actually forecast the timing of. And so based on where we are and the concentration of larger deals in pipeline, we actually adjusted our guidance to where we want to be. And that's really the dynamic that you're talking about, it sounds like Q2 was fine, and you saw what you need to see. Absolutely, it was actually fine. What's not what we want to see is the volume of smaller dollar upgrades. Some of that we have to actually tune the engine on. But frankly, if you zoom out, we're fine with that because we're seeing the consolidation and the wins on the larger dollar, and we actually have a path to that. And we don't want to distract ourselves too much from the really large D&R opportunity that's in front of us. So I know that was a lot, but I really want to get to the core of that question. All right. Thank you all very, very much. Look, as we close out today, I just want to thank Tim again for his work, commitment and service to the company. I'm deeply appreciative of his commitment and what he's helped us achieve here as we've gone through, frankly, radically reforming the company to be something that's equipped to actually invest in and actually tackle the future opportunities that we see in the world around us today. So thank you so much, Tim, and thank you all for joining us on the call today.