Tenable Holdings, Inc. (TENB) Q1 2026 Earnings Report, Transcript and Summary

Greetings, and welcome to the Tenable First Quarter 2026 Earnings Conference Call. [Operator Instructions] As a reminder, this conference is being recorded. It is now my pleasure to introduce your host, Erin Karney, Vice President, Investor Relations. Thank you. You may begin.

Thank you, operator, and thank you all for joining us on today's conference call to discuss Tenable's First Quarter and Full Year 2026 Financial Results. With me on the call today are Co-Chief Executive Officer, Steve Vintz and Mark Thurmond, and Chief Financial Officer, Matt Brown. Prior to this call, we issued a press release announcing our financial results for the quarter. You can find the press release on our IR website at tenable.com. We will make forward-looking statements during the course of this call, including statements relating to our guidance and expectations for the second quarter and full year 2026, growth and drivers in our business, changes in the threat landscape in the security industry, particularly regarding AI security, the expected impact of frontier AI models like Anthropic Mythos on accelerated vulnerability discovery and the shift to preemptive security, our competitive position in the market, growth in customer demand for and adoption of our solutions, including Tenable One, our exposure management platform, the expansion of Tenable One, including agentic AI security and orchestration through Hexa AI and OT discovery, research and development investments in Tenable One and our future results of operations and financial position. These forward-looking statements involve risks and uncertainties, some of which are beyond our control, which could cause actual results to differ materially from those anticipated by these statements. You should not rely upon forward-looking statements as a prediction of future events. Forward-looking statements represent our beliefs and assumptions only as of today and should not be considered representative of our views as of any subsequent date and we disclaim any obligation to update any forward-looking statements or outlook. For a further discussion of the material risks and other important factors that could affect our actual results, please refer to those contained in our most recent annual report on Form 10-K and subsequent reports that we file with the SEC. In addition, all of the financial results we will discuss today are non-GAAP financial measures with the exception of revenue. These non-GAAP financial measures are in addition to and not a substitute for or superior to, measures of financial performance prepared in accordance with GAAP. There are a number of limitations related to the use of these non-GAAP financial measures versus their closest GAAP equivalents. Our press release includes GAAP to non-GAAP reconciliations for these measures. I'll now turn the call over to Steve.

Thanks, Erin. In Q1, we exceeded all of our guided metrics with 10% year-over-year revenue growth and 24% operating margin. Tenable One, our AI-powered exposure management platform was 41% of new business this quarter, an 8-point increase from Q1 last year. In addition, we added 406 new enterprise platform customers and 43 net new 6-figure customers. New customer adds and large deals with Tenable One continue to underscore our strong financial performance and balanced growth approach. The rapid advancement of frontier AI models is having a profound impact on cybersecurity, and there is understandably a lot of noise in the market. Recent announcements, including Anthropic Mythos, have demonstrated that AI can now autonomously discover software vulnerabilities at scale and speed we have not seen before. As a result, the #1 question we are getting from investors is, what does this mean for the future of cybersecurity and what does it mean for Tenable in particular? To start, as part of our ongoing research and development efforts, we are actively engaging with leading frontier AI model providers, including Anthropic to better understand these investments and help customers prepare for what's next in the cybersecurity industry. This is top of mind for customers as we've seen a significant increase in inbound inquiry from our customers over the past couple of weeks, which Mark will cover later on the call. Our view is this. AI models are incredibly proficient at discovering previously unknown vulnerabilities. Number two, AI is also changing low-risk evolve in software quickly and at scale. And third, -- and finally, these 2 things will lead to a proliferation of new vulnerabilities and attack paths in customers' environments, overloading operational workloads for defenders. On that note, let me be precise about where these models operate and where we operate because the distinction matters here, frontier models like Mythos, read and reason about source code. They find vulnerabilities such as logic flaws, injection weaknesses and authentication bypasses by tracing data flows through a codebase. That is application security research at the source code layer. It is genuinely impressive, and it is 1 stage of a much longer life cycle for managing risk. Tenable operates on the other stages of that life cycle. The ones that determine whether a vulnerability actually creates risk in a real customer environment. Specifically, customers need to understand their entire digital footprint and then assess for critical exposures. Exposures are much broader than vulnerabilities. They include overprivileged access, misconfigurations, shadow AI and the real-world impact of vulnerabilities as they exist in our customers' environment. From there, Tenable works across all of these signals to prioritize and identify the likely and most critical path of exploit by threat actors. So let me put this in pragmatic terms. There will be a window where adversaries hold a clear advantage in the AI era because we will see more exploits due to a Tsunami of new vulnerabilities. That's exactly why the urgency for exposure management has never been higher. Organizations need to understand what exposures exist and which ones create real, immediate risk in their environment, and then ensure those risks are remediated and verified. That is exactly what Tenable One is designed to deliver. For over 2 decades, we have built one of the industry's most comprehensive and proprietary data sets across IT, cloud, OT, which we have also expanded to AI infrastructure and apps and third-party data to solve the hardest problems in cybersecurity. Tenable One leverages this expansive data set of exposure intelligence to unify visibility across assets, vulnerabilities, identities and misconfigurations, then applies business context and drives prioritized remediation across the environment. And that brings me to Tenable Hexa AI, our new Agentic engine, which we announced in Q1. Hexa is designed to take the prioritized exposures we identified, primarily in onetime infrastructure and turn them into a coordinated action. It operates as an orchestration layer across the security ecosystem, automating triage and executing multistack remediation workflows across a wide range of domains. Where Tenable One serves as the system of record for risk management, at its core Hexa serves as a system of action for proactive risk reduction, coordinating work across humans and agents autonomously. It determines what matters most in the broader security context and drives the steps required to reduce exposure. This is a critical shift. Security teams today are not just dealing with more vulnerabilities. They are managing fragmented workloads across tools, teams and systems. Hexa brings all of that together, transforming exposure intelligence into coordinated execution at scale. Hexa is built to execute automating complex tasks and orchestrate the right fixes across the enterprise before exposures are exploited. The result is a move from reactive response where you wait for vulnerabilities to come to consistent machine speed risk reduction, enabling defenders to operate with the speed and precision required in an AI-driven threat landscape. Now with that said, we are also continuing to broaden our capabilities across asset types. We recently announced OT discovery to secure cyberphysical systems. These systems have historically required time-consuming deployments of specialized hardware, new agents and bolt-on software to gain visibility. We've eliminated this friction by integrating OT discovery directly into our core solution inside the Tenable One platform. This is particularly important as the number of OT devices explodes with AI data centers and build-outs. And finally, before I turn the call over to Mark, I want to remind everyone, we will be hosting an Investor Day as part of our EXPOSURE 2026 Industry Conference. Investor Day will take place the afternoon of May 21 in Boston. We hope to see you there. With that, I'll turn the call over to Mark to walk through what we are seeing with our customers.

Thanks, Steve. As Steve outlined, the cyber landscape is shifting at an unprecedented pace and the conversations we are having with customers and partners reflect that shift. We are seeing a level of urgency that is different from even a month ago not just at the practitioner level but across the C-suite and the Board. Initiatives like OpenAI's TAC program and Anthropic Mythos have triggered a surge of inbound strategic customer conversations as organizations work to understand how to prepare for a world where vulnerabilities are discovered and exploited at machine speed. And the concerns we are hearing are consistent. First, customers are preparing for a massive increase in the volume of discovered vulnerabilities. They're concerned about the real possibility that AI models like Mythos, can potentially change multiple flaws into full system compromise. Second, they are realizing that their current remediation process will not scale to meet this new reality. A recurring theme from the hundreds of customer conversations we've had since these announcements is that our customers now see an increased urgency to prioritize and remediate exposures. Importantly, this is not just our perspective. Industry leaders and cybersecurity experts have been aggressively validating these points. For example, JPMorgan Chase published a blog that highlighted that AI is compressing the time from vulnerability discovery to exploitation, while patch cycles are often exceeding organization's capacity. They also recommended that organizations need to focus efforts where risk is highest rather than chasing volume indiscriminately. Additionally, a highly respected cybersecurity consulting firm recently noted that in an AI-driven world, sustainable advantage will belong to companies that own differentiated data and are embedded in mission-critical workflows. They also highlighted a shift from software that helps users do work to platforms that automate and execute that work directly. As Steve discussed earlier, this is where we believe Tenable is uniquely positioned. Our differentiation is rooted in 4 main pillars. First, our unmatched breadth of telemetry combining native and third-party signals across the modern attack surface. Second, our proprietary exposure data fabric, which transforms fragmented signals into authoritative context. Third, our market-leading research and exposure intelligence, which continuously enriches and prioritizes the exposures that matter most. And fourth, Tenable Hexa AI within our platform, which is designed to help automate prioritization and remediation workflows to drive action at scale. Taken together, these advantages help position Tenable to lead as the market shifts towards exposure management. We believe this creates a meaningful tailwind for Tenable. As organizations adapt to this new environment, we see evidence that many organizations are recognizing that traditional silo tools are no longer sufficient and that consolidating onto a platform that provides unified visibility, contextual prioritization and increasingly automated remediation is even more essential. We saw that play out in the quarter in several ways. First, our largest new logo of the quarter for Tenable One was a 7-figure transaction with a major financial institution in the Middle East. In this case, the customer displaced an incumbent competitor and chose Tenable One because they needed a more unified approach to understanding and prioritizing exposures across a large and complex environment. Second, we secured a new 6-figure Tenable One deal driven by the need to secure the company's use of AI. This organization is proactively investing to prepare for the wave of AI-driven threats and vulnerabilities that we've been discussing and to ensure they can identify and remediate AI risk faster. And third, we closed a significant 6-figure OT deal with a large public sector organization responsible for critical infrastructure. As AI accelerates vulnerability discovery and exploitation, we are seeing more organizations focused on securing operational environments where the consequences of disruption extend well beyond IT. These wins reinforce what we see as a broader market shift. Customers are moving away from tools that create more noise and toward exposure management platforms that provide context, prioritization and automated action. This is a key area of differentiation for Tenable One. Our current momentum reinforces our conviction that our strategy is aligned to where the market is going with Tenable One and Hexa AI at the forefront of this shift towards exposure management and automated action. And finally, this week, we announced an important step forward in how customers buy and adopt Tenable One with new flexible pricing and packaging. As AI drives an explosion in vulnerability discovery and increases the urgency to prioritize and remediate exposures at scale, customers are looking for platforms that can deliver value quickly without adding complexity to procurement or budgeting. Our new Flex model continues to price per asset. However, pricing will be consistent across all asset types, which creates predictable spend and removes frictions as customers scale their exposure management program across their entire attack surface. Ultimately, we believe this new flex pricing will help us reach more customers, accelerate adoptions and create a clear path to broader platform deployments over time. With that, I'll turn the call over to Matt to discuss our financial results.

Thanks, Mark. Q1 was another quarter of very strong and steady execution. Revenue increased year-over-year by nearly 10% and even more impressive, we converted more than half of that increase into operating income, once again demonstrating our ability to balance growth and profitability. We were pleased to have exceeded the high end of the range on every metric we guided to for the quarter and are raising our full year outlook. Let's dive into the details. Revenue for the quarter was $262.1 million, representing growth of 9.6% year-over-year. The year-over-year growth in revenue for the quarter as well as outperformance relative to guidance was underpinned by a solid foundation of renewal business and an increase in new business growth. Professional services also drove upside to expectations. Our percentage of recurring revenue remained high at 96% for the quarter. We're continuing to see growing momentum in Tenable One with 41% of new business coming from the platform, an increase from Q1 in the prior year. Customers are increasingly turning to our platform as their solution of choice to manage risk across their attack surface, including AI. We added 406 new enterprise customers in the quarter, an increase of 12.5% compared to Q1 in the prior year, many of which came directly into Tenable One. We added 43 net new 6-figure deals and our net dollar expansion rate landed at 105%. Non-GAAP gross margin was 82.2% for the quarter, an increase from 81.9% in Q1 2025. Once again, we've demonstrated our ability to slowly but steadily increase non-GAAP gross margin year-over-year, while sales within the Tenable One platform continue to represent a larger share of the total. Non-GAAP income from operations for the quarter was $61.9 million, or 23.6% of revenue compared to $48.7 million in Q1 2025, an increase of 27.1%. We are beginning to see the first signs of AI-driven operational efficiencies. As our internal use of AI capabilities expands, we're able to minimize headcount growth due to the increased productivity the technology is offering, which is a trend we expect to continue throughout the year. Non-GAAP earnings per share for the quarter was $0.47 compared to $0.36 in Q1 2025, an increase of 30.6%. The increase year-over-year reflects the increase in profitability combined with the decrease in diluted shares outstanding. Turning to the balance sheet. Cash and short-term investments totaled $360.3 million. We generated $88.6 million of unlevered free cash flow during the quarter, which is an all-time record and represents 33.8% of revenue. During the first quarter, we repurchased 6.1 million shares for $130 million and have $207.6 million remaining on our current share repurchase authorization as of the end of the quarter. We continue to believe that our current share price trades at a discount relative to our true value and that utilizing our strong balance sheet and cash flow generation to more aggressively repurchase shares is an effective use of capital. We are realizing the benefit of these share repurchases as our weighted average diluted shares outstanding in Q1 decreased 5% year-over-year and is now the lowest it has been in more than 3 years. Turning to the financial outlook for Q2 and full year 2026. For Q2, we expect revenue to be in the range of $263 million to $266 million, representing a year-over-year increase of 7.0% at the midpoint. For full year 2026, we are raising our guidance range to $1.068 billion to $1.078 billion, representing a year-over-year increase of 7.4% at the midpoint. We expect non-GAAP income from operations for Q2 to be in the range of $61 million to $64 million or 23.6% of revenue at the midpoint. For full year 2026, we are raising our guidance range for non-GAAP operating income to $252 million to $262 million or 24.0% of revenue at the midpoint representing a year-over-year increase of 210 basis points. We expect non-GAAP net income for Q2 to be in the range of $53 million to $56 million representing a year-over-year increase of 31.5% at the midpoint. For full year 2026, we are raising our guidance range for non-GAAP net income to $222 million to $232 million, representing a year-over-year increase of 16.8% at the midpoint. We expect non-GAAP earnings per share for Q2 to be in the range of $0.46 to $0.48 per share, representing a year-over-year increase of 38.2% at the midpoint. For full year 2026, we are raising our guidance range for non-GAAP earnings per share to $1.90 to $1.98 per share representing a year-over-year increase of 22.0% at the midpoint. We are pleased to have been able to carry forward the momentum we saw in the second half of 2025 into the first quarter and are excited about the growing opportunity we are seeing as customers lean into exposure management to reduce risk. Demand continues to be driven by Tenable One where we see tremendous benefits both for our customers and as a foundation to continue to drive balanced growth. We hope to see you all at Investor Day on May 21 in Boston, where we will provide even more context around the impact of AI, our road map and midterm financial expectations. Finally, thank you to the entire Tenable team for their contribution to our strong results. With that, we are happy to open the call up for questions. Operator?

[Operator Instructions] Our first question comes from Saket Kalia with Barclays.

Okay. Great. I'll keep it to one. Steve and Mark, it's clear that the newly discovered vulnerabilities through Mythos are driving more interest in exposure management. I think that shows in a lot of your commentary. But I want to zoom out from some of your prepared remarks. I guess, I'm curious how you think about frontier models longer term in the exposure management space? And maybe specifically, do you think customers are going to look to these models as alternatives to VM tools? Or do they actually heighten awareness on exposure management tools and therefore, this is maybe more of a complement to the industry long term. Sorry, I know there's a lot there, but does that make sense?

Yes, Saket. This is Steve. I'll take a stab at this. First and foremost, AI is a massive opportunity for Tenable. I want to be very clear about that. Mark and I cannot be more excited, more energized about the opportunity that's in front of us. We are and will partner with the frontier model companies to help our customers reduce risk at machine speed. It is not AI versus security or AI versus Tenable. It is AI enables Tenable. In the AI era, it's going to be more infrastructure, more identities, more applications, more agents and therefore, more speed and more exposures. And that's why exposure management is more important now than ever. And so the frontier model companies make us better. It starts with our data. It's something I talked about earlier in the call, the breadth and depth of the data we've collected over 2-plus decades is unparallel. We're deeply embedded behind the garden wall and runtime infrastructure. The data we collect is unique. It's based on domain expertise, years of trust, Continuous scanning and exposure analysis. This is something that general models can't replicate. And at its core, the frontier model companies are raising engines. They're not in the business of deploying agents and sensors in your network, and they're not in the business of deploying those in your OT and industrial control systems environment are [ RD ] configs and scanning images in your public cloud environment, but we are. And that's something that we want to make clear. And the last comment I'll say here is that we're applying AI. AI makes us better, allows us to reimagine the value that we can deliver to customers and the bigger problem that we can solve. The data we have delivers valuable insights to customers so they can take action deterministically to reduce risk. And for that, AI is at the center of what we do to not only augment human operators, but also gives us the critical context to develop a deeper understanding of exposure. So we can help our customers provide and orchestrate the fixes and move at machine speed and move at the speed of trust.

Yes. And listen, I'll just add from the field perspective, literally, having hundreds of calls here over the last few weeks. This is a force multiplier for us. The amount of feedback we're getting from our customers, this is a massive opportunity. This is like a game-changing opportunity for us in the exposure management space. And as Steve discussed, it needs to be very clear. We are partnering with Anthropic. And we are partnering with OpenAI. We are building Claude into Hexa, right? So when you look at this partnership, it is just going to strengthen Tenable and Tenable One, and it will drive more demand, right? There is no question about that, and we're kind of seeing that in these initial conversations. And then when you take what the frontier labs are doing and then building out and continuing to drive our innovation with Tenable One focused on the entire attack surface, focused on world-class pinpoint prioritization. So now when you're dealing with thousands or hundreds of thousands of vulnerabilities, you need to be damn accurate where you need to apply your resources and prioritization has never ever been more important in one of the massive gold standards we have here at Tenable. You take a lot of reporting, the governance, the compliance needs you need when you get this massive tsunami of vulns coming in. The agent workflows we're now doing with Hexa, the remediation capability going into OT environments. So it's a bit long winded, but we've been dealing with this for the last few weeks with customers and I'm telling you, we feel unbelievably optimistic that this is going to be a force multiplier for the exposure management category moving forward.

That's super helpful, guys. And look forward to the Analyst Day.

Our next question comes from Brian Essex with JPMorgan.

Steve, a question for you. We're hearing a lot about security software getting access to budgets outside of traditional IT security budgets, particularly as business unit leaders slap AI on top of their budgets and get more allocation. And I think you guys alluded to it a bit last quarter. We heard it from Varonis last night, but I was wondering if you could update us to your conversations and what you're seeing, maybe the puts and takes involved? Are you getting meaningful incremental budget in -- is this a tailwind to close rates? Or are the additional stakeholders extending sales cycles. We just love just a little bit more color on that.

Sure. I think a couple of things here. Certainly, with Mythos and other frontier model companies. We have to acknowledge the [indiscernible] just got an upgrade. And I think we all know that, but our customers know that. I think Boards and CEOs also realize that outside of the security community. And so consequently, it needs more vulnerabilities, more threats, more exploits. And so there's a window here where adversaries hold an early advantage, and that's exactly why the urgency around exposure management has never been higher. I will tell you this, the threat of and the impending tsunami of new vulnerabilities. We're talking about order of magnitude of 10 or 20x more than what we currently have today. There's roughly 300,000 CVEs. We're likely to 3 million, maybe 6 million over the course of time, an increase in the known CVEs. I think people realize that the threat is real. This is a security challenge. The Boards and CEOs are getting involved, number one. Number two, we will likely see -- this is not tied to guidance or anything like that, that we're providing today, but we will likely see sizable increases in security budgets. We'll likely see a healthy spending environment. We will likely see the acceleration of security projects, not only in the private sector but also in the public sector, we're having regular and ongoing conversations with the ONCD, the Office of the National Cyber Security Director. They arguably have the best intel on Anthropic and some of the other frontier model companies. I think they realize what's potentially coming our way and they're moving quickly. So I think all of this creates incredible opportunity for us in exposure management. And yes, I think it's fair to say, Mark can provide more perspective here. factoring into every sales conversation.

Yes, no question, I lead the one of the -- we highlighted it on one of the deals that we discussed, right? There is definitely spend, and I'll call it, there is security AI spend that is becoming clean, and you can see it when you're talking to CISOs, but there's also discretionary spend, right? We saw a bunch of deals, right, where we're working with the security contacts that we have, where they would then -- when we start talking about especially AI exposure, looking at discovering shadow AI, looking at protecting and configuration best practices for AI-related deployments in the cloud, look at governing, there was budget that they pulled in to add on to these Tenable One deals. So I think that will become more mainstream over time. It won't be so much discretionary. It will be built in and moved into the cybersecurity budget. But there's no question, as Steve said, it's -- every single call starts off with the AI security discussion. It's that omnipresent.

Great. That's helpful color. And Mark, I'm sure our CISO appreciates you flagging his blog, so I am thanking on behalf of him.

Very, very, very well done blog by the way. A lot of people download phenomenal information there.

Okay. Our next question comes from Rob Owens with Piper Sandler.

I apologize. I had the mute on. I think I've learned after all this time. Mark, Steve, very bullish comments from both of you. And clearly, this could be a watershed moment for the industry overall. But I want to pivot a little bit towards sales capacity. And noting sales and marketing growing less than 5% year-over-year this quarter. Maybe help us understand where you guys are from a capacity standpoint as this opportunity is in front of you right now? And what are your intentions with the new CRO in place to maybe lean in a little bit in terms of that sales and marketing line as we move forward? Because I think investors would prefer points of growth over points of margin at this point in your life cycle?

Yes. No. Awesome question. And yes, no question. And as we discussed numerous times, we are laser-focused on growth, right? The number one factor here at Tenable is getting growth accelerated. Yes, super excited to have a new CRO, Dino DiMarino, who joined Tenable; our COO, Dave Feringa had retired who did an incredible job here at Tenable, but Dino is phenomenal and has been here for a short time period, but already making an impact. And when we look at sales capacity, it's something literally we look at on a weekly basis. We made some decisions coming into 2026 to add some incremental capacity, and we're actually seeing that pay off, which is great. We are evaluating some of the faster-growing regions and countries to look at adding additional sales capacity, especially when we start seeing some of the pipeline growth and we see some of the Tenable One activity in some of these faster-growing regions. So it is something we are absolutely evaluating. We also, though, are spending a huge amount of time on productivity per seller. So we're using a bunch of AI technology to get more efficiency out of our sellers. So our sellers can produce more at a lower cost, taking away a massive amount of manual processes and tasks that slowed them down that took away from customer-facing time. We're removing those obstacles, and we're literally returning a significant amount of time back where our sellers are in front of more customers and partners on a daily basis. So we are all over it. We're evaluating it. We made that move to add some capacity, and we're going to continue to tweak that as we see kind of the productivity improve, and we see pipeline build continue to grow.

Yes. And Rob, this is Matt. I'll just add on what Mark was saying there. You heard in some of my prepared remarks, I called out our use of AI and beginning to see the impact on the efficiency gain in there. That's exactly what Mark is talking about there, where we're able to actually increase sales capacity and quota capacity while reducing costs overall because we're rotating those dollars out of other non-quota carrying areas and that's helping. We're able to do that through the use of some AI technology.

Our next question comes from Adam Borg with Stifel.

Great. Maybe just building off the last question around some of the operational efficiencies, Matt. Maybe a follow-up is, as you continue to introduce Hexa and introduce more AI into the offering? And maybe we'll hear a lot more about this at the Analyst Day in a month. But how do we think about the flip side to the efficiencies with higher spend and the impact that could have on gross margin?

Sure. Yes. As you know, cloud costs are one of our largest expenditures and it's something that we focus quite a bit on optimizing. But the truth is today, we get a better trade in leaning into AI spend and compute power. There's a bigger payoff there on the extra efficiency and capacity that we're able to gain. As you look in total at our P&L, that model that I laid out in terms of adding incremental margin, I think I've said this over the past couple of quarters and it holds true today. Where that's going to show up is mostly in G&A, a little bit in sales and marketing, tiny bit in gross margin. And then R&D is probably going to be roughly consistent as a percentage of revenue. And we're doing that through make sure that we're optimizing our cloud costs for sure, and that gross margin remains strong, but also just optimizing some of the tools that we have at our disposal now, which is really powerful.

Our next question comes from Mike Cikos with Needham & Co.

Congrats on a strong start to the year. I just wanted to come back to the -- I know CCB is a weaker indicator here, but we've been looking, obviously, at the CCB versus the CRPO and that delta that's widened in recent quarters. It seemed to converge this quarter. And I just wanted to get a better sense of how CCB/CRPO played out in Q1? Should we expect this convergence to play out? Or no, we should expect a widening now over the rest of the year? Any color there would be beneficial.

Yes. I -- yes, you're going to continue to see some fluctuation there and the delta between CCB and CRPO will likely bounce around a bit because number one, seasonality plays a role. And number two, we're continuing to work through and anniversary some of the noise that we saw in both billings duration and contract duration. So it was -- it narrowed this quarter. It will likely widen again next quarter. There's not much to read into there, actually. Having said all of that, we're happy with where our billings came in and our commitment in this quarter, which gave us the confidence to not only beat revenue for the quarter, but then to take up the guidance for the full year. So we're happy with where things are coming in.

Our next question comes from Meta Marshall with Morgan Stanley.

Maybe just coming back to the influx of business that you guys are seeing for Tenable One at exposure management, just driven by the AI risk headlines customers are seeing. Do you think that they have enough knowledge of what -- the customers have enough knowledge of what they need or what the potential weaknesses are to speed up decision-making processes? Or are they still -- are some of these sales cycles potentially longer just as they try to evaluate kind of what the changes to the environment are? Just any reflection on sales cycle.

Yes. No, no, probably very, very good question. A couple of points there. We are still doing a lot of education. As we hit on in the beginning of this call, we've taken hundreds of calls over the last few weeks with customers literally asking for our advice, giving them guidance, getting on the phone and Zoom sessions with our CISO and getting guidance and leadership from that perspective. Just to put a small example, we're actually doing a webinar in 24 hours in regards to doing some education around the frontier AI models, and we have over 1,000 people registered. It's one of the fastest 1,000-person webinars we've generated since the last 12 to 13 months. So incredible amount of evangelizing and education. We are sensing now that people are getting it, like these conversations are going from less of an enablement and education to saying, okay, let's come in here. Let's talk about exposure management. Let's talk about Tenable One, what would be the deployment strategy, how do we get full visibility across the entire attack surface. And then digging in on some of the relationships and partnerships that we've got with Anthropic and OpenAI and building some of that capability in the product. So there's still some evangelizing education, but customers are definitely getting smarter. And as I said before, right, we see it as a tailwind here in 2026.

Our next question comes from Jonathan Ruykhaver with Cantor Fitzgerald.

Yes. Nice execution. So I'm just curious if you could comment on the platform expansion opportunity relative to new adds. You did see a nice uptick in 6-figure customers sequentially. So how should we be thinking of that platform of customer growth versus expansion? It does seem like there's a nice opportunity as well to drive NRR incrementally higher as we move through the year. So how are you looking to balance those 2 growth drivers?

This is Steve, Jonathan. I would say, look, in any given quarter, there's always some variability between expansion opportunities and pipeline opportunities for new customers. This quarter, the number of new customers was extraordinarily strong. It's 400-plus, it's one of our strong quarters specifically here in Q1, we're off to a great start. So we're really pleased with the ability to continue to take and win customers that we've never had a relationship with customers who recognize and appreciate the importance of exposure management in the Agentic era. The expansion rate, Matt can provide more color about it, but played out as expected. But expansion remains certainly a big opportunity for us. We have one of the largest customer bases in all of security. We have certainly demonstrated an ability to move customers into the exposure management platform into Tenable One to drive higher selling prices and remains certainly a focus for us going forward.

Yes. I would just add there, we were pleased with the new business, which includes new and expansion business into Tenable One in Q1. We saw 41% of that new business coming into the platform, which is an increase year-over-year of about 8 percentage points. So it was a nice uptick there, and we expect to continue to carry that momentum forward.

Our next question comes from Shaul Eyal with TD Cowen.

Congrats on the performance and a little beaten and raised. Steve, on that 7-digit EMEA win, can I ask how many vendors did you displace or consolidate?

Yes. Mark here. Yes, so we consolidated 1 major player that was in there. That was an incumbent. That was in this account for multiple years. This was a strategic decision that they were working on out of the Middle East, and you guys -- everyone knows all of the distractions in the geopolitical situation over there. So for them to make a move of an incumbent player, an incumbent VM player and move to Tenable One, I think shows you the power that we are able to show and be able to give this customer around not just Tenable One the platform but being able to evaluate and look at all of those incremental assets that they're struggling to get visibility on, which is one of the biggest drivers. And so it was a 1 vendor situation that we replaced an incumbent that was in there for multiple years. Great Tenable One Victory.

Our next question comes from Rudy Kessinger with D.A. Davidson.

Matt, I want to ask about CRPOs. I know the CRPO growth has actually been trending ahead of revenue growth basically for the same reason despite CCP has been below. But we saw that decel 3 points from 13% last quarter to 10% this quarter. So any commentary you can -- or color you can provide on just what drove that decel and how that line should trend throughout the year?

Yes. Thanks for the question. There is seasonality at play. So if you look at kind of growth rate quarter-on-quarter from Q4 to Q1 in any year, typically, there is a downward tick on CRPO. And so that's at play. And then there's also the normalization of some of the contract duration noise that was in that number. That starts to work its way through as we anniversary some of the policy changes that we had. And so that creates some noise in there as well. I do expect that, that number is going to continue to fluctuate quarter-to-quarter throughout the year. And as I mentioned a few moments ago, the delta between CCB, let's say, and CRPO is likely to continue to fluctuate as well.

Our next question comes from Gray Powell with BTIG.

Okay. Great. Thank you very much for taking the question. So as I listen to this call, I mean, I got to say that the commentary around customer conversations and everything that you're seeing about the elevated demand for exposure management just in the last month, it sounds really good. At the same time, the second half revenue guide is at about 6.5% versus a little over 9.5% in Q1. And I get that you're normally conservative. I understand that a lot of these developments are very recent. So you probably don't want to bake it in. But I guess I'm just trying to think like how should we think of the conservatism within guidance? And then like, are there any underlying metrics we should be focused on going forward to prove out the bull case thesis.

Sure. Sure. I think the way to think of it is that we came in over the top of guidance for revenue in Q1, and then we're raising for the full year, which should hopefully communicate a level of conviction that we have on the rest of the year. At the midpoint, we took it up -- well, actually, across the entire range, we took up the full year revenue guide. And the reason we're able to do that is because of a lot of the commentary that you've heard here gives us that confidence. Now of course, when you have the midpoint of the guide for revenue at 7.4%, and you have a quarter like we just did in Q1 which is 9.6%, obviously, the averages are going to work out such that there's something less than 7.4% to get to that number. But the takeaway is, as we sit here a quarter later, net-net, we're in a better position now than we were a quarter ago. We're feeling more bullish. We're feeling more convicted on the year. And that is what has allowed us to raise the guide for the full year.

Our next question comes from Junaid Siddiqui with Truist Securities.

You've talked about remediation as the next major chapter in exposure management and a large greenfield opportunity. With the launch of Hexa AI, how do you position Tenable One as a system of action, not just insight? And where do you believe Tenable can establish a durable leadership position in driving measurable remediation outcomes versus other exposure management platforms?

Yes. Look, over the years, we -- this is Steve. We've evolved from helping customers understand risk to helping customers reduce it. And now the Agentic era to do that in a very deterministic way, moving at machine speed. We're not in the business of building the bigger -- to build the bigger telescope to watch the meteor hit, we're in the business of helping our customers reduce risk. And it all starts with the data, which we talked about earlier. But a little more color really on Hexa. It will generally be available here in the second quarter. Hexa automates complex multistep workflows and leverages our exposure data and turns it into action. I mean there's a couple of types of action here and pain points that we're solving for our customers. Number one, reducing the manual toil and the drudgery as we would say, for security practitioners, but a line rate on a wide range of manual tasks such as grouping and tagging, things that just take an extraordinary amount of time. But may take weeks here, days, we can do in short order even in minutes. And more importantly, and this is really the bigger mandate for us, which is we can take action via prebuilt agents or custom agents that practitioners can build either to patch or change configs or apply compensating control to reduce risk. It's the action here that really matters and really depending on the maturity and the sophistication of the customer, we can do that autonomously with guardrails. We can do that with a human in loop to ensure that the action is taken in the right manner. But in the Agentic era, it's really the fewest actions with the biggest impact that really matters, and that's our mandate. That's been our mandate since day 1. This is -- exposure management is a category that we've created. It's one we're continuing to refine and evolve and we are the unequivocal leader here. So excited about the opportunity and what AI means for us and the ability to solve the bigger problem for our customer.

Our next question comes from Todd Weller with Stephens.

Steve, to piggyback on that question. Could you talk about how Hexa AI is packaged and priced? Just trying to get a sense of kind of the monetization strategy for it?

Yes. As I mentioned earlier, we have customers that have been using it with great success, and we're getting some tremendous feedback on it. It will be generally available here in the quarter. We have launched new pricing and packaging here. We have a foundational package. We have an advanced package and Hexa will be available either in full form in the advanced model. We want customers to be able to use it, perhaps with greater tokenized access with Hexa in the advanced model. But Hexa will play an important role here in helping us drive our ASPs higher and developing better engagement and creating better outcomes for our customers. and certainly solving the exposure management problem. So more to come on that, something we'll talk about really probably over the ensuing weeks, but we're excited about bringing Hexa to the market.

Our next question comes from Jonathan Ho with William Blair.

Congrats on the strong results. One thing I wanted to understand a little bit better is how are you partnering with Anthropic and OpenAI today? And can you maybe help us understand how that partnership might differ from Project Glasswing or some of the other broader platform players? .

Yes. I mean, listen, I'll kind of kick it off, and Steve might have 1 or 2 comments. But listen, what we can say is we have a very good close relationship with both Anthropic and with OpenAI. So we're working with these folks on a bunch of different fronts. We're obviously using their technology to actually build Tenable One and build Hexa. We're taking actually their product. We're building Claude into Hexa. So there's a great partnership opportunity there. And so this is something that we've been working on for a while. We'll continue to work and continue to expand that relationship as they continue to expand their partner program and they're partnering with different cybersecurity vendors. So this is something that we're extremely optimistic about and the attitude that they're coming to us with where it is truly partnering, right? It isn't this combative situation that I think a lot of people have in their minds that they're coming after and trying to take over all of software. I mean they are working with us, partnering with us. They've got embedded engineers that we're going to be working with, with our engineering teams. There's just a massive amount of partnering that is going to be a huge benefit to the cybersecurity industry, not just Tenable but the entire industry. So we're going to continue to drive it, and we're off to a great start with both OpenAI and Anthropic.

Yes. And the one thing I would add there, just to play off what Mark said, which is we can't comment on all the specifics. What we can say, as Mark mentioned, that we're in active and ongoing conversations with Anthropic and open AI on a wide range of initiatives that gives us access to nonpublic models. We can say we're partners of OpenAI's TAC program, which is the trusted access for cyber program. So that will empower our researchers to be able to do greater -- higher levels of innovation and do that more efficiently. So the takeaway here is we're doing joint research with the frontier model companies, to help defenders leverage the most sophisticated models to fight AI with AI. And we're bringing that technology to market and our technology stack by embedding it in every layer of our platform. So certainly excited about with the opportunity to continue to work with them.

Our next question comes from Joshua Tilton with Wolfe Research.

Maybe just one on my end. I totally appreciate and understand all the commentary around the urgency you're hearing from your customers as everybody, I guess, sort of freaks out ahead of this Mythos launch. I guess , what we're trying to reconcile and the question that we're getting from investors just help us bridge that sense of urgency and everything that you're hearing from your customers with short-term bookings growth this quarter of 0%. I think you addressed some of that around timing in an earlier question, but any incremental color that you can help us with there would be very helpful.

Sure. Yes, Josh, I'll take that. This is Matt. The short-term bookings growth, if you're referring to CCB, that was up 9.2% this quarter year-over-year. But I think to the broader comment, around when is this going to show up in the numbers? This is still early, right? So it does take time for some of this to play out. I think the takeaway and what we're trying to communicate here is though it's early, we're seeing all the signs that point to it being a massive opportunity for us. And the takeaway is that as more vulnerabilities are exposed, exposure management becomes that much more important for our customers to be able to put those vulnerabilities in the context of their own environment, and how that impacts them and then prioritize what to fix. That's really critical. So for us, the takeaway is, look, exposure management has never been more important. It will continue to be increasingly important as some of these models continue to discover more vulnerabilities. And of course, that ultimately the idea that ultimately -- the idea that ultimately that makes its way to the numbers, of course.

Any incremental color on the CRPO bookings growth?

No, nothing more than what I've said. I guess, I can say, it came in line with expectations. It was not a surprise to us. It will continue to, like I said, fluctuate in the delta between CCB and CRPO. But no, it came in line with expectations. And again, it's what gave us confidence to be able to raise the full year revenue guide. So we feel good about it.

Our next question comes from Shrenik Kothari with Robert Baird.

Yes. So really great to see the hundreds of early customer conversations around frontier model discovery. You did announce the flex style pricing and how it can be central in removing procurement and budgeting friction. So just curious, how do you think about the unlock opportunity here? And do you see like a clear shift in confidence from customers that they are now excited to kind of scale spending and utilization, especially in light of this AI-driven tsunami as you described without having to sort of rebuy that budget conversation. Just any comments on that? And timing-wise, how do you see that unlock play out?

Sure. Yes. No. I mean we've been extremely, extremely well received. We put a press release announcing the pricing change. We've obviously have been working with our channel partners. We're a 100% channel-driven company, and so we gave early access to a bunch of our partners, got tremendous feedback. And yes, we absolutely view this as something that is going to allow customers to expand with us very, very easily. The way we now have taken out some of the complexity around our older pricing model and really having just one price per asset in a single license model we view is going to be able to drive expansion of asset types. So kind of think about it if you were just a VM customer using OT, you now have a 1 license pricing model where you can easily be able to expand with not a lot of pain from procurement to add cloud, to add AI, to add web application scanning to add a tax surface management and be able to spin that up and down based on where you see demand. So this was a big initiative within Tenable and this was very much a collaborative effort with our partner community and our customer base to make sure we dial this in correctly. And so yes, we are very optimistic this will move a lot of friction and will drive expansion within the base.

Our next question comes from Roger Boyd with UBS.

I wanted to touch on the buyback, a pretty substantial step-up there. Free cash flow generation remains strong. Matt, I appreciate your commentary here, but would love for you to kind of expand on how the buyback factors in the capital allocation in the current environment and how you're thinking about that relative to M&A and other organic investment? I know Steve talked about investing in the sales force earlier as well, too. So, yes, any thoughts there would be great.

Sure. Yes. Yes, we were pleased to be able to lean into the share buyback this quarter. As we announced last quarter, we had an increase to the share repurchase authorization and we've been accelerating the pace of repurchases. So in Q1, we repurchased 6.1 million shares for $130 million. And that's because we believe that the stock is trading at a price that doesn't represent true value. We continue to believe that share buybacks are a good use of capital. And so we're going to continue to repurchase shares. We maintain though the capacity for opportunistic M&A as well. We've got a very strong balance sheet. The cash position is strong. We got access to debt. And so should the right thing come along, of course, we can be opportunistic there. So this in no way limits that, but we do believe that this is the best use of capital right now just simply because of where our share price is trading.

We have reached the end of our question-and-answer session, which concludes today's teleconference. You may disconnect your lines at this time. Thank you for your participation.