Rapid7, Inc. (RPD) Q3 2025 Earnings Report, Transcript and Summary

Good day, everyone. My name is Leila, and I will be your conference operator today. At this time, I would like to welcome you to the Q3 2025 Rapid7 Earnings Call. [Operator Instructions]. At this time, I would like to turn the call over to Ryan Gardella, Investor Relations.

Thank you, operator, and good afternoon, everyone. We appreciate you joining us today to discuss Rapid7's third quarter 2025 financial and operating results. In addition to our financial outlook for the fourth quarter and fiscal year 2025. With me on the call today are Corey Thomas, our CEO; and Tim Adams, our CFO. We have distributed our earnings press release over the wire, and it is now posted on our website at investors.rapid7.com, along with the updated company presentation and financial metrics file. This call is being broadcast live via webcast. And following the call, an audio replay will be available at investors.rapid7.com. During this call, we may make statements related to our business that are considered forward-looking under federal securities laws. These statements are made pursuant to the safe harbor provisions of the Private Securities Litigation Reform Act of 1995 and include statements related to the company's financial guidance for the fourth quarter and full year 2025 and the assumptions underlying such goals and guidance. These forward-looking statements are based on our current expectations and beliefs and on information currently available to us. Actual outcomes and results may differ materially from the future results expressed or implied in these statements due to the number of risks and uncertainties, including those contained in our most recent quarterly report on Form 10-Q filed on August 8, 2020, and in subsequent reports that we file with the SEC. The information provided on this conference call should be considered in light of such risks. Actual results and the timing of certain events may differ materially from the results or timing predicted or implied by such forward-looking statements. and reported results should not be considered as an indication of future performance. Rapid7 does not assume any obligation to update the information presented on this conference call, except to the extent required by applicable law. Our commentary today will primarily be in non-GAAP terms and reconciliations between our historical GAAP and non-GAAP results can be found in today's earnings press release and on our website at investors.rapid7.com. At times, in our prepared comments or in responses to your questions, we may offer incremental metrics to provide greater insights into the dynamics of our business or our quarterly results. Please be advised that this additional detail may be onetime in nature, and we may or may not update these metrics in the future. With that, I'd like to turn the call over to our CEO, Corey Thomas. Corey?

Thank you, Ryan. And welcome to everyone joining us on the call today. Rapid7 ended the third quarter with $838 million in ARR, growing 2% year-over-year as we innovate on our AI-powered SOC vision but continue to see timing variability within our large deal pipeline. Revenue for the quarter was $218 million and operating income was $37 million, both ahead of our outlook. We once again delivered strong free cash flow of $30 million generated in the quarter. The key message I want to leave you with today is Rapid7 has made and continues to make significant organizational changes to accelerate our go-to-market motion, capture the large opportunity in front of us in AI SOC and position the company for accelerating top line growth. We have a leading franchise with a competitively strong set of capabilities that we continue to invest behind. We have alignment to move as quickly as possible across all dimensions of our organization to improve and capitalize on the opportunities in front of us. This includes several recent senior leadership changes, including our new Chief Commercial Officer, Allan Peters, who joined us in early September and today's announcement of Rafe Brown as our next Chief Financial Officer beginning in December. It also includes operational changes Allan is beginning to implement in the fourth quarter to better align resources and incentives for growth in 2026 and beyond, particularly in our MDR business, which is more than half of our ARR and continues to grow double digits, but which is part of our business where we believe we can focus more resources to accelerate growth with attractive margins. I will discuss this in more detail in a bit. We are confident that we are making the right changes to reaccelerate Rapid7, but we also acknowledge that we have fallen short of the ARR guidance that we have provided to you in recent history and thus far this year. As we take action across the organization, we view it as imperative that we rebuild confidence in our guidance with the investment community. As such, with a new CCO and CFO and recognizing the operational changes we are enacting may create higher near-term forecasting variance, we are today reducing our 2025 ARR target to reflect a higher confidence outlook. The new target is based on what we have experienced year-to-date and now embeds a discount of the new business win benefits expected from Q4 seasonal budget opportunities for the potential impact of the changes that I discussed. Based on our competitive product position and growth across our markets, all of us at Rapid7 believe we're capable of executing better. Let me tell you why and where we are investing in our organization to drive us forward. It is clear that customers are significantly involved in how they operate their SecOps programs. Seeking to integrate AI as they look to consolidate core elements of exposure and direct response in the SOC. We built Rapid7's Command Platform, an AI-powered security operations platform that unifies exposure management and threat detection response to enable quicker execution and accelerate remediation outcomes through deeper and more integrated situational awareness of risk and threats across customers' attack surface. We're optimistic about our road map and strategy, yet we maintain a realistic view that these larger platform consolidation opportunities naturally lend themselves to longer, more competitive deal cycles. We have seen this affect quarterly deal timing and overall growth performance throughout the year. But the scale and quality of recent wins demonstrate strong market validation of our platform approach. And as we are seeing adoption from mainstream customers committing to an integrated solution. A great example of this was a competitive 6-figure win during the third quarter with a large Tier 1 public university. We were brought in to replace their disparate multi-vendor tech stack across exposure management, SIEM and Managed Detection and Response. The customer security team faced friction trying to leverage a fragmented tool set and legacy technologies. While their initial exploration was around MDR, our holistic security operations offering, including full visibility and access to our market-leading SIEM, coupled with unlimited IR and integrated vulnerability management and deliver it via a global 24/7 SOC was a value proposition that no competitor can match. These types of deals highlight our leadership position, strong platform value and right to win in our detection response business, which continues to serve as a core growth driver of our business. This is a great validation of why Rapid7 is well positioned to help customers integrate leading AI capabilities and experiences into their SOC while unifying their overall security operations tech stack through our integrated Command Platform experience. With years of experience operating in a scaled global 24/7 managed SOC, we have a significant advantage in proprietary data, expertise, and as a result, agentic AI capabilities. And we're taking deliberate steps to sharpen our go-to-market focus and execution as we look ahead to 2026 spearheaded by Allan as I referenced. Although Allan has only been in the seat for a few weeks, he is already sharpening the discipline and operational focus around the execution as we aim to accelerate our position and market capture in our AI-led D&R space looking ahead. As we'll discuss, we believe we have the products and capabilities to be one of the leading providers in this space. Accelerating our focus to enhance our operational alignment with faster revenue opportunities remains our top priority, and we're confident in our path forward. We're doing this through both focused product innovation as well as some deeper partnerships that enable us to more seamlessly extend the value of our customers' existing ecosystems. A great example of this was our recent announcement of our expanding partnership with Microsoft to advance modern detection and response by helping organizations simplify and strengthen their detection and response capabilities across their Microsoft environments. Rapid7's new MDR for Microsoft solution integrates a dedicated service with Microsoft Defender that provides comprehensive coverage across endpoints, cloud, identity and e-mail. This new collaboration brings together Rapid7 SOC expertise with the Microsoft security ecosystem to simplify operations, strengthen protection and unlock new value for joint customers. By combining the power of Microsoft's advanced telemetry and analytics with Rapid7 human-led threat expertise and AI-driven operations, organizations can gain faster, more precise detection and more contextually rich response playbooks to stop threats before they impact. Overall, our strategy is well aligned to what we're seeing in the market. Customers are increasingly prioritizing unified data collection and AI and the SOC to achieve better security outcomes than they can achieve with their existing fragmented tool sets. Security teams need platforms that deliver comprehensive attack surface visibility and threat context to enable efficient decision-making and faster, more automated response to threats that are happening in their environment. Demand for integrated exposure and detection programs is growing, amplified by regulatory pressures for compliance and reporting. These trends align directly with the broad SOC capabilities embedded in our Command Platform, focused on expert guided AI, both for exposure, remediation and threat response, alongside automation and a strong return on investment. Our head start from operating our own SOC for years positions us uniquely in this market. A great example of this ongoing convergence within customer environment was a 6-figure deal in the quarter with an existing exposure management customer. This customer was looking to address detection gaps that they were experiencing within their existing program. The combination of our broader telemetry coverage, demonstrated superior detections and a cost-effective platform value proposition, all of which was fully integrated with their existing exposure management platform, drove this retail customer to displace their existing MDR vendor with Rapid7's Managed Threat Complete offering. Our long-term strategy remains centered on scaling our AI-driven security operations command platform with increasing focus on accelerating our growth transition towards our scaled market-leading MDR position as we look ahead to 2026. The Command Platform integrates native telemetry, Open Data integration, curated intelligence and automation into a unified system for risk remediation and threat response that rests on 3 core differentiators. First, our open platform with over 500 integrations addressed fragmented attack surface use. These integrations unify diverse data into a deconflicted contextualized perspective, providing holistic environmental understanding. Second, our expert trained agentic AI workflows draw from years of SOC expertise, live playbooks and real-world feedback. These proprietary engines enhance outcomes in real time and are embedded in our MDR offering. Third, we drive automated measurable progress, not just alerts but actions. From AI-informed response to prioritizing misconfigurations and coordinated incidents, we reduce mean time to detect, respond and remediate. Our innovation across these areas fuels our unique position as a leading provider across both the exposure management and detection response market, demonstrated by the breadth of analyst recognition we received within just the last quarter, including our seventh consecutive recognition in Gartner's Magic Quadrant for SIEM, our position as a leader in Frost Radar for Managed Detection and Response, our recognition in Forrester's Unified Vulnerability Management Wave and our leadership position in IDC's MarketScape for exposure management. Overall, our AI-powered security operations platform that unifies exposure management and detection and response and a single customer experience is resonating with customers and industry analysts alike. And is a strong foundation to support improved execution as we look ahead to 2026. As we drive towards this unified AI-powered SOC vision, the integrated platform experience between our managed D&R and exposure management capability remains a key differentiator, delivering deeper visibility and contextual awareness around threats. We believe we're just scratching the surface here, and we continue to innovate demonstrated most recently by our announcements of AI-generated risk intelligence delivered through Rapid7's Remediation Hub. This new AI-driven risk and vulnerability intelligence will empower security teams to prioritize and remediate security threats faster, an outcome that is core to our vision around unified exposure management in the SOC. A key pillar of our growth this year has been around our exposure expansion engine, which is anchored on transitioning our traditional VM customer base through this integrated outcome-focused exposure management model through Exposure Command. We continue to see steady increase in the upgrades and expansions of our core base of Exposure Command in Q3. And looking ahead, Allan is keenly focused on improving our execution around this expansion engine. This is an area where we have fallen short of our goals this year. However, we view this as an execution shortcoming, and we remain confident that delivering a single contextualized risk view across cloud and on-prem environments with AI-powered insights and particularly in the context of Managed Detection and Response program will enable better risk prioritization and remediation and ultimately deliver improved security outcomes and customer environments. Shifting now to an important and exciting leadership update, which we announced today. I'm pleased to welcome our new Chief Financial Officer, Rafe Brown. Rafe is an outstanding leader with extensive executive leadership experience across multiple public companies, most recently at Mimecast, where he's initially served as Chief Financial Officer; and then later as President and COO. His track record of driving operational excellence, scaling growth in SaaS businesses and building high-performing teams makes him an exceptional addition to our leadership team. I'm thrilled to welcome Rafe to Rapid7 and look forward to his arrival later this year and to continue to work with him to drive our business forward. In closing, as we look ahead, we're confident that we have the right strategy, and we are moving as fast as possible, including our recent leadership additions to position Rapid7 to improve our midterm growth execution. We believe there is significant inherent value in our platform that is not fully reflected by the market at this time, and we're taking direct action to address this disconnect. Managed Detection and Response continues to fuel a strong growth opportunity for us and our differentiated Command Platform rooted in automation, integration and expert guided AI is more relevant than ever. We're focused on continuing to innovate execute efficiently and position ourselves to deliver outcomes for our customers, our shareholders and our team. Thank you for joining us today. I appreciate your support. And I will now turn the call over to Tim to walk us through our financial results in more detail.

Thank you, Corey, and good afternoon to everyone. We appreciate you taking the time to join us on today's call. Before I turn to the results, a quick reminder that except for revenue, all financial results we will discuss today are non-GAAP financial measures, unless otherwise stated. Additionally, reconciliations between our GAAP and non-GAAP results can be found in our earnings press release. Rapid7 ended the third quarter of 2025 with $838 million in ARR, representing a 2% increase year-over-year. Revenue and profitability were above our guided ranges and as in prior quarters, we continue to see promising signs for future growth in detection and response and progress in Exposure Command adoption. While in general, we've seen the customer spending environment challenged by additional scrutiny, particularly in large deals, we have been focused on enhancing our product capabilities to address a challenged threat environment driven by escalating AI-enhanced threats and cloud migration demand. Turning to our financial results for the third quarter. Year-over-year ARR growth in the third quarter was driven predominantly by 2% in ARR per customer. And we ended the third quarter with over 11,600 customers globally and average ARR per customer of over $72,000. Third quarter revenue of $218 million grew 2% year-over-year and exceeded our guided range. Product subscription revenue also grew 2% year-over-year to $210 million. Professional services continued to decline year-over-year consistent with our expectations and decision to deemphasize certain lower-margin services. International revenue represented 25% of total revenue and grew 8% over the prior year. On profitability measures, our product gross margin was 75% and total gross margin was 73%. Sales and marketing expenses were 33% of revenue, slightly above the prior year at 31%. R&D and G&A expenses were 17% and 6% of revenue, respectively, compared to 16% and 6% in the prior year. Operating income for the third quarter was $37 million and above our guidance range, driven by natural leverage in the business as well as timing of spend as we continue to focus on making targeted growth investments and scaling our India capability center during the second half. Adjusted EBITDA was $44 million in the quarter, and non-GAAP net income per share was $0.57. Shifting to our balance sheet and cash flow statement. We ended the third quarter with cash, cash equivalents and investments of $635 million compared to $600 million at the end of the second quarter. We generated free cash flow of $30 million in the third quarter, bringing our year-to-date free cash flow to $98 million, and we remain well on track to achieve our full year free cash flow targets. This brings us to our outlook for the remainder of the year. As Corey referenced, we believe we are well positioned to help customers and prospects integrate our leading AI capabilities and experiences into their SOC as we look ahead. At the same time, we are managing active change during the fourth quarter, both from a leadership perspective as well as we accelerate our focus and operational alignment toward our fastest growth opportunities as we look ahead to 2026. We have factored these dynamics into our fourth quarter ARR outlook, which now calls for ARR to end Q4 approximately flat quarter-over-quarter. Turning to our other guidance metrics. We are tightening our full year revenue guidance range to $856 million to $858 million, representing year-over-year revenue growth of 1% to 2%. Full year recurring product revenue growth will continue to outpace total revenue growth, partially offset by year-over-year declines in professional services. Moving to profitability. We are raising our full year operating income guidance to the upper half of our prior range and now expect to deliver $130 million to $135 million in operating income for the year, representing an operating margin of 15% to 16%. We continue to generate strong free cash flow and are reiterating our full year free cash flow target range of $125 million to $135 million. Finally, we now expect non-GAAP net income per share for the full year of $2.02 to $2.09 based on approximately 75.9 million diluted weighted average shares outstanding. Turning to fourth quarter guidance. We expect revenue in the range of $214 million to $216 million. We expect non-GAAP operating income of between $25 million and $30 million and non-GAAP net income per share of $0.37 to $0.44 based on approximately 76.6 million diluted weighted average shares outstanding. In closing, I'd like to thank everyone for their support during my time as Rapid7 CFO, including our Board, our investors and analysts, and most importantly, our team here at Rapid7. I would also like to welcome Rafe Brown to the team and wish him the best. Thanks for everything, and I look forward to continuing our relationships in the future. With that, I want to thank you for joining us on the call today, and I will now turn the call back to the operator to open the line for questions.

[Operator Instructions]. Our first question will come from Rob Owens with Piper Sandler.

Great. Hopefully, you can hear me. A couple for you, Corey, is the business seems to shift towards MDR. Can you talk about the economic model? And despite the success you're seeing here, it doesn't seem to be dragging on margins either from a gross margin or operating margin standpoint. So I would just love to understand that. And then I'll just ask the second one upfront. Can you maybe parse for us the success that you're seeing internationally versus what you're seeing domestically? And just looking at the dispersion between those 2 growth rates?

Thank you so much, Rob. We can hear you just fine. So I think part of what you're getting is MDR, we run at a higher both gross margin and overall profitability than your average MDR companies. And most of that is based on the fact that we've had to take our time and frankly, gate some of the growth historically to really -- and market addressability to make sure that we were building both first, the automation and now the AI capacity to actually map that in, which allows us to actually run it. We believe that we can actually run modern managed services at higher quality, better efficacy and higher gross margins than you could in the last 10 years. And we think AI is a big part of the story. We think AI SOC is a big part of that story. And so it's something we've been -- and as you recall, that's one of the big investments that we actually made this year, and we're well on the journey there, and we're delivering the economic output, which sets us up well to actually expand our addressability of how much we can actually grow that business because now we can actually over half of our business -- approaching half of our business. We can actually grow that profitably at scale with more and more addressability. So we do think we have an incredibly strong economic model that sets up a great platform as we actually go forward. But we did actually gate it along the way to make sure that we were building up the automation and the core baseline technology to support a high-quality, higher-margin business that was profitable over time, and that took time and deliberation. Your second question was...

Yes, Corey, I think his second question was the success we're seeing internationally. It's 25% of revenue growing faster than the business overall. So it's got a nice growth rate.

Yes. And -- I'll remind you, we've been putting more wood internationally from an investment perspective because we were historically a little bit lighter on the international percentage of the business. We've been investing more. That said is that one of the things that Allan is really focused on is aligning the sales processes across the business. So that we can actually be more consistent both across segments and regions around the country and really look at the investment profile. And so we do think that we have plenty of opportunity in North America. And we actually think the sales has opportunities to expand and accelerate there. And we still see a lot of growth that we have available for us as we actually go forward international. And thank you for the question, Rob.

Your next question will come from Fatima Boolani with Citi.

Corey, the question is for you. Just with respect to MDR now, almost the majority of the business. But when I map that back to the flat ARR per customer growth you've experienced sequentially, it is up 2% year-on-year. How can we not conclude that there are elements of pricing pressure and/or pricing competition inside the MDR business as well? And maybe what are you seeing that we aren't necessarily seeing or is not necessarily visible to the naked eye for us to give you that confidence because that space generally is fairly competitive. And the AI SOC vision, there are a lot of vendors competing before the hearts and minds of the SOC. So I would just love your perspective on some of the pricing dynamics and what insulates you and why it may not be visible to us? And I have a follow-up, please.

Yes, absolutely. So one, it's a very fair question. So MDR, just to be clear, we're still growing that business double digits, and we actually see plenty of capacity to continue to do that and grow that. So we do see that we are quite effective there. Now we have been gated historically about how much we want to grow and launch because we had the gross margin concerns. And as we actually automate more and more of that business, we feel more and more comfortable unlocking that business, which is why you also see us talking about a little bit more because we have -- on the competitive positioning, our competitive position is fairly straightforward is we are great for organizations that are actually looking to actually get leverage from outsourcing to an AI-driven SOC that combines to both the best of technology and people. And so if you look at what we're doing today and what we've set up is we have an incredibly driving practice around MDR that delivers high-quality, efficacy at scale, and results in relatively high retention rates. You add on to that. We've extended that and we're extending that to managed red teaming, managed risk. We have coming up, and our value proposition is that for customers that want to scale and outsource the SOC at quality, and they still want to actually have targeted sort of like access to people and talent, where you're getting both the best of AI, but you also have access to people. We can do that economically better than anyone else. And we have both the scale and the experience to actually demonstrate that. So that's our core value proposition, and it's one that we're leaning into and it's one that we're actually optimizing around it's one that shows continued good growth opportunity. You said you had a second question?

Fatima, go ahead if you had another question.

I appreciate that. As we think about calendar '26 with the backdrop of what has been a year of work in progress in calendar '25, you're layering on further operational changes and some new sales processes. So when we think about calendar '26 at a very high level, how should we internalize the growth versus profitability algorithm and specifically around efficient reinvestments. And I know one of the mandates this past year also was leveraging the channel more. So how should we, at a very high level, think about that algorithm seeing that you outperformed on operating margin and cost control this year?

Yes. I actually think we have a -- we've built a very fairly efficient business. I think we can actually build off of that and continue that trend. Part of the reason that we're making the investments right now is because it's the right opportunity window. Like if you look at what we're doing both in the MDR space, if you look at the position that we actually had in our recently announced partnership with Microsoft, where we have a big opportunity to actually help Microsoft customers really manage their security ecosystem in a more scalable way and meet the outsourcing needs that they actually have. This is the window that we could have actually either waited to next year and have the noise go in or we could actually execute that right now to tee up for momentum next year. And we decided to actually that we had enough clear opportunity in front of us to actually pull the trigger now and actually move forward with some of the obvious changes that are really about how do we actually scale and rationalize our efforts as we move forward.

Yes, Corey, I would just add. We said earlier in the year that this is an investment year for us as we're building out the innovation center over in India, and that continues to ramp up and you see it in the second half of the year with some of the expense load that we anticipate in Q4 as we continue to ramp that business, but giving us leverage in the business over time.

Yes. And the overall goal was always to actually make sure that we can actually scale profitability as we go forward in the next couple of years. Thank you very much for the questions.

Your next question will come from Matt Hedberg with RBC.

Can you hear me, okay?

Yes, Matt, you're just fine.

Okay. So I guess maybe one for both of you guys. You guys have noted some timing variability with large deals, and it seems like Allan is going to be working on some processes to improve that. I guess as you think about Q4, can you talk about the large deal pipeline? And Tim, how have you sort of contemplated that in your Q4 outlook?

Do you want to talk about Adam?

Yes. So Matt, it's a fair question. And I think Corey had it in his prepared comments that we really wanted to give you a high confidence outlook for Q4 as we come into the quarter. So we take a very hard look at the pipeline, and we're looking at that all the time, as you might imagine, because that is your leading indicator. And you're looking at conversion rates, you're looking at cycle times of deals when they're in the pipeline. And Corey mentioned this earlier that when you're looking at these platform conversions with customers, the great news is these are larger deals that we have the opportunity to win. They do take more time for these deals to work themselves into a closed state.

And then, Matt, I'll just say, if you're looking at how we actually factored it in, is that we didn't actually try to get overcomplicated. Look, I think that, one, we saw plenty of opportunities we actually go forward next year. So the question is always, do you hold any sales or organization or any changes in Q4 in -- for January, which listen, we actually think it's straightforward enough. That we want to make sure that we're addressing the process, enabling other stuff now. The second thing that I would just emphasize when you think about it, is we acknowledge that there's a range of outcomes. I think this part you get to -- probably the point that you actually making. There's an absolute range of outcomes, but also, we have not been extraordinarily precise on exactly where we land in those range of outcomes. And so as Allan has come on board and has Rafe come on board, we just decided to rebaseline and keep it relatively simple and say we have confidence that we can actually be here. We absolutely know that there's a range of outcomes around it. But we did not want to attempt to be overly precise as Allan was actually working through the model.

Your next question will come from Mike Cikos with Needham.

Corey, just picking up on that last remark as it pertains to the Chief Commercial Officer, Allan Peters, could you just provide additional detail on what exactly he is doing with respect to that resource alignment behind the MDR opportunity and execution and transitioning the VM to Exposure Command? I would just love to get some more color there.

Yes. So one of them is we have a wide range of practice across. So one is just there's a focus, as you would expect on just standardizing the operating procedures. We have a lot of talent, but we do have -- we have variability across both the reps and teams. And so we just went online that to set up everyone for success. And so a lot of it is just the foundation of how we set our people for success. The second thing that's the big thing is I talked about this earlier in the years that this is our first big upgrade wave that we had in a long time and operationalizing that, maturing that and making that effective is a big deal. We have that both on the VM to exposure management side. We also have on the detection and response side. We have probably the biggest setup for upgrade opportunities. And Allan is partnering with the sales teams and the marketing teams about how you actually make sure that we have a well-organized process to unlock it. And then the last aspect of is we do think that we can be unconstrained in our ability to actually deliver the full AI managed SOC platform where we're delivering sort of like the AI-centric managed both detection and response, risk and compliance workloads on that over time and how we actually tee that up and leverage that up and focus the sales team around the highest [indiscernible] opportunities is the last piece. So if you just think about the 3 is sort of like standardization, really building and accelerating the engine around expansion, which we have the biggest upgrade opportunity. We didn't fully tap it this year, I'll just say that. And then the third one is really focusing on the biggest opportunity around MDR and making sure our sales force is aligned around that. Thanks for the question.

Your next question will come from Brian Essex with JPMorgan.

This is John on behalf of Brian. Yes. So I guess I'm just curious to hear maybe what were the key criteria in selecting Rafe? And what are the top priorities or changes the team is most excited for him to drive when he joins in December?

Yes. And we'll talk more about like he has some big shoes to fill with Tim. We'll talk a little bit about more in the future. I mean, later on the call. One of the things that we were actually looking for is someone who could actually meet where we are is as we actually go forward, we are an AI services engine. And so we were looking for someone who could actually come in and bring not just the financial acumen, but we wanted someone that can bring the operational acumen as we actually to partner with our go-to customers teams to actually really scale our processes around how do we actually do land, expand, how do we scale our pricing and packaging, how do we actually really drive the economic engine predictably for growth? We've been investing and we're still investing efficiently on [indiscernible] But we're in a good place. We're in the right markets for growth, which is important. More and more customers are looking to outsource more and more of their security workloads. We've set it up well, whereas people are thinking about how they scale their security operations, we can do that across detection and response. We can actually do that across risk. We can do that across compliance, and so we're set up well today. We're tuning the product engine, of course, around that. But now it's really about how do we actually take that the market, how do we have the right pricing and packaging, the operations engine behind that. And we're looking for someone who was an operationally minded CFO who could really tie the sales and the business model together with the product strategy to actually drive that sustained growth. And that's what we're looking for, and that's what we got in a great candidate with Rafe.

Your next question will come from Eric Heath with KeyBanc.

Can you hear me?

Yes, Eric.

Corey, I wanted to ask on the SIEM, MDR side of the business, which does seem to be going strong and even validating the latest Gartner Magic Quadrant last month. But my question is to maybe understand the business a little bit more holistically and how valuable the traditional VM piece is to the SIEM, MDR side of the business? And maybe the second part to that question is, we did see another vendor announced the end of life of its on-prem business. That was a reasonable portion of its overall business. And maybe how you're thinking about similarly bold options or less strategic parts of the business in order to focus on the growth side of the business that is doing well, whether that's MDR Exposure Command.

Well, absolutely. And by the way, we've been on that journey already to rationalize the business as part of the growth dynamic that you see. And so while it wasn't a big lights on, lights off thing, we have been actually steadily moving the shift in the business. As we think about it going forward, I would just say it's pretty straightforward. We think about how do customers who are actually looking to scale their operations want to align their security outsourcing needs. So we think about how do you actually build on top of the Managed Detection and Response offering to actually not just deliver Managed Detection and Response, how does that extend to manage risk, manage compliance and managed red teaming. So what we've been steadily doing over time is moving from the traditional on-premise workloads to what we consider much more strategic value-added workloads that serves a large part of both the mid-market and the -- I would just say, the resource-constrained upper enterprise market, that are focused on the service layer, not just the technology layer and not the on-prem layer. So our primary focus is extending the MDR focus, and we've been at that shift for a steady while, it's one of the things that we've been talking to you all about. We do feel like we're in the last sort of like stages of that shift where we're continuing to accelerate. That's why we're retooling some of our sales focus to really align around -- everything is aligned around that AI managed experience. that operates at the service layer because more and more customers we see do want to actually take workload off of their teams and staff, and they're not able to actually add more and more people.

Your next question will come from Joseph Gallo with Jefferies.

I know you have the large deal dynamics. But fundamentally, where does exposure management and MDR rank in terms of CISO budget priorities right now?

MDR is actually one of the top 2 or 3 in every survey that we see. Now there's ranges of MDR and -- but a smaller and smaller number of customers are looking to actually manage a 24/7 global SOC themselves. And so more and more looking to actually outsource and get leverage, which is why we see plenty of opportunity there. As I said before, the traditional on-premise VM for the last call is less and less of a priority. But if you look at the modern exposure management, it is a priority. And we've been rebuilding the -- I would just say, updating the capability around exposure management to tie that to MDR, and we see plenty of opportunities there. But that is the transition that we're making. I think the whole industry is making that from the legacy here. We've been heavily focused on the MDR aspects and then leveraging and extending the exposure management to the workloads there. But I would just say MDR is one of the top 3 budget spend priorities from most CISOs.

Your next question will come from Gregg Moskowitz with Mizuho.

Interesting announcement with Microsoft. And I'm wondering, Corey, if you could elaborate a bit on your expectations from this going forward? And is this purely a technology integration? Or could there be a go-to-market aspect at some point as well?

Yes. We're at the early stage of -- I believe it's starting with a technology, a deeper technology integration. But we've also been working heavily with the go-to customer, with their go-to-market teams. They're -- look, the issue is straightforward. Microsoft has a great technology stack. We've actually been building out our technology stack aligned with theirs. They have a large installed customer base. There's not a clear preferred sort of like top-tier partner that's actually delivering high-quality, efficient managed services on top of their stack. They're looking to build their partner portfolio. We're investing heavily behind that. But there's a lot of customers that have the defender ecosystem that we've now tuned and we're announcing more and more technology integrations to own it. That we can actually manage their technology infrastructure integration, leveraging our technology stack, do it at scale and do it at great cost economics for our mutual customers. And so we see it as an incredibly strong growth opportunity as we go forward. We're in the very early stages, but we have been working with both their technology teams on a frequent basis and their go-to-customer teams is picking up.

Your next question will come from Junaid Siddiqui with Truist.

Corey, you have mentioned extended deal cycles for some time now as your platform becomes more strategic. How comfortable are you getting with the visibility around the pipeline and close rates so to give you a better ability to forecast.

Yes, I think this is -- and this is why I said, listen, we do have a range of outcomes this quarter as we go forward. One of Allan's top things is really to rationalize the process about how we manage the larger deal cycle. He's used to looking at these, and we have to really standardize the process. Look, we were somewhat -- we moved faster to competing in more of the strategic deals at larger ASPs. We were traditionally a mid-market focus lower. I would just say mid like $40,000, $50,000 ASP company. And that's changed relatively quickly over the last 18 months, and we're getting our handle around that. That's impacted both the accuracy of what we communicated from guidance. But we also have to upgrade our processes and our systems for how we actually manage that, and that's a clear mandate and a focus that Allan is working.

Yes. And he has the experience doing that years of it. He's just a seasoned leader.

So I actually think that, that will be not a problem as we go into next year. But that's also why we didn't want to actually sort of like have Q4 be a distraction around it because he's only been in a little over a month, and we did not want to have more precision that was warranted.

Your next question will come from Joshua Tilton with Wolfe Research.

Can you hear me?

Yes, hearing just fine, Josh.

Great. Totally understand the decision to put some incremental conservatism in the guidance for ARR for this year. I guess I'm trying to understand outside of that conservatism, what is the underlying momentum of the business. So my question is, assuming you don't see any disruptions, right, from these one-off dynamics, are you still on track to hit the ARR guidance that we had coming into this quarter? Are you running below that prior ARR guidance that you gave? How do I understand what you're guiding to from an underlying momentum of the business, if that makes sense?

Yes, it does make sense. It does make -- look, we're not going to give you 2 guidances, just to be clear. But what I would say is I'll get to your core thing is that we still have the same, I would just say, pipeline that we expected to have in -- within a couple of points. I won't be overly precise there. But we still have the same pipeline. What's really changing is that we're not actually attempted to be overly precise about how much of that pipeline lands in a specific time frame. So what we wanted to give you was just an ARR guy, when Tim said about that Rafe, he was just like, hey, we know we can hit that we'll go forward. We'll tell you what it is and where it lands sort of like in Q1. I know that's not great. I just want to be clear about. I know that's not great. But it's also the right thing to do, especially as we have a new CFO and a new CCO to actually let us get a clean baseline and then we'll reestablish the cadence that we actually want to have next year.

Your next question will come from Zach Schneider with Baird.

This is Zack on for Shrenik. So Exposure Command really feels like a big flagship bet for you guys. And I'd love to just hear more about what does the data really show today. Maybe our net new customers landing faster or larger with it. And then maybe what's the ASP uplift versus just legacy VM only? And what's the true ramp time line?

Yes, there's 2 dynamics. One, we're actually focusing on, again, tying the Exposure Command into our overall services strategy with MDR, which is sort of like the early stages. The second is that, yes, we're actually very focused on the upgrade because it aligns it around the overall MDR strategy, the upgrade of VM to Exposure Command. What we've seen so far is much, much larger deals in terms of ASPs. And lastly, like larger -- it's like over double the ASPs that we're actually expecting and so we've seen much, much larger deals at longer deal cycles than the smaller at bat upgrades and that has not been -- and we were really focused on the upgrades. Again, we have not focused a lot on landing new for Exposure Command. So we're focused just on the upgrades. As the primary focus for this year, something that we talked about at the start of the year. And so we've not had the volume that we wanted to actually have on the conversions because the pipeline is of larger deals, even though we like the dollars of the pipeline, the size of the pipeline is larger and they're coming in slower.

Your next question will come from Kingsley Crane with Canaccord Genuity.

Just wanted to double-click again on the Microsoft integration. As that scales, just could you speak more to any near-term investment required to support that at the engineering or sales level? And then do you have a sense of what portion of your customer base are already customers of both Rapid7 and Microsoft?

Yes. It's a little bit under half, but it's still a substantial portion of our customer base that is Microsoft. And frankly, we see a big opportunity to grow it. Like we look at this as primarily a growth opportunity as we go forward. We've been working on the engineering for a while now. And so it's one of the investments that we talked about, and we wanted to invest in earlier this year. We're not done. By the way, just to be clear, we're not done, but we actually can do it within the resource outlook that we actually have available. So it's not incremental resources. It is the resources that we have on board. This is part of why we're taking the opportunity to refocus and retune and realign the sales engine, though. Because it's not more salespeople, it is sort of like focusing and training and enabling our sales teams on the partnerships and the opportunities that we have in front of us, of which this is a substantial new one that provides net new opportunities. Our sales leadership team has been asking for this. It's been one of the priority areas. And so taking the time next year to make sure that we actually start next year with velocity and momentum is a big deal. So it's not more sales resources, but it is time and focus to align that engine. And we decided that we wanted to do that as soon as possible, not wait to Q1 where if you wait to Q1, you don't see the benefits in the back half of next year.

Your next question will come from Rudy Kessinger with D.A. Davidson.

Could you just talk to us about gross churn and how that's trended throughout the year and your expectations for gross retention and gross churn going forward into '26?

Yes, it's a great question. Gross churn has actually been exactly where we expected it to be based on our last calls. And so that's not been -- we've had a -- frankly, if you look at where the issue in the business is much more in the landing of new customer ARR and the deal cycles around that than the churn. So what I would just say is we're expecting to see the continuing trends that we saw this year, which we're very comfortable with as we go -- now MDR are larger, more strategic. They tend to be longer deal cycles and deal terms. So as a business shift mix towards that, you do see a slightly upward tip on the gross churn dynamics in terms of improving, meaning you see higher retention rates. But that's more based on mix shift than anything else on the type of business that MDR is. But the -- that's not been the big issue this year. Thus far, the primary thing is just that we're under the new customer add ARR and expansion ARR that we expected. So it's a great question. I do want to clarify that. That's good to clarify.

There are no more questions at this time. I'd now like to turn the call over to Corey Thomas for closing remarks.

So thank you all for joining on the call today. I want to take this time to thank Tim Adams, our CFO, for his outstanding service for his time, for his partnership to both myself, the Board and the leadership team. Tim, I want to thank you. I want to acknowledge it since this will be your last call but thank you so much for your time today. And I want to thank all of you for taking the time to join us on our earnings call today. Thank you.