Zscaler achieves 26% year-over-year ARR growth, surpassing expectations with accelerated AI security pillar driving future success and solid financial performance.

Good day and thank you for standing by. Welcome to the Zscaler first quarter 2026 earnings call. @ this time all participants are in a listen only mode. Please be advised that today's conference is being recorded. After the speaker's presentation, there will be a question and answer session. To ask a question, please press star 11 on your telephone and wait for your name to be announced. To withdraw your question, please press star 11 again. I would now like to hand the conference over to your speaker today, Ashwin Case, VP of IR and Strategic Finance.

Good afternoon everyone and welcome to the Zscaler first quarter fiscal year 2026 earnings conference call. Good afternoon everyone and welcome to the Zscaler first quarter fiscal year 2026 earnings conference call. On the call with me today are Jay Chaudhary, Chairman and CEO, and Kevin Rubin, cfo. Please note we have posted our earnings release and a supplemental Financial schedule to our investor relations website. Unless otherwise noted, all numbers we talk about today will be on an adjusted non GAAP basis. You will find the reconciliation of GAAP to the non GAAP financial measures in our earnings release. I'd like to remind you that today's discussion will contain forward looking statements including, but not limited to, the Company's anticipated future revenue, annual Recurring revenue, Calculated billings, Operating performance, Gross margin, Operating expenses, Operating income, Net income Free Cash flow, dollar based Net Retention rate, future Hiring decisions, Remaining performance obligations, Income taxes, Earnings per share, our object use and outlook, our customer response to our products and our market share and market opportunity. These statements and other comments are not guarantees of future performance, but rather are subject to risk and uncertainty, some of which are beyond our control. These forward looking statements apply as of today and you should not rely on them as representing our views in the future. We undertake no obligation to update these statements after this call. For a more complete discussion of the risks and uncertainties, please see our filings with the SEC as well as in today's earnings release. I also want to inform you that we will be attending the following conferences UBS Global Technology and AI Conference on December 3 Barclays Tech Conference on December 11 Nedham Growth Conference on January 14 before I turn the call over to Jay, I wanted to share that I recently transitioned to a new role as Product Manager of AI Security at zscaler, so this will be my last earnings call as the IR leader. It's been a pleasure engaging with all of our shareholders over the last few years. Kim Watkins, who some of you may know from her tenure at Intuit,, will be joining ZSCALER in early December to lead investor relations and strategic finance. Please join me in welcoming Kim to zscaler. Now I'll turn the call over to Jay.

Thank you. Ashwin we had a strong start to our fiscal year in Q1. Annual recurring revenue or ARR growth accelerated to 26% year over year and RPO growth accelerated to 35%. Combining our strong free cash flow margin of 52% and revenue growth of 26%, we operated at rule of 78, making us one of the rare companies consistently outperforming the coveted rule of 4D metric. We are one of the only five enterprise SaaS companies with over $3 billion in ARR growing at over 25%. The continued success offer three growth pillars AI security, zero trust everywhere and Data Security Everywhere is driving our strong top line performance. ARR from these three growth pillars accelerated in the quarter. I'm particularly pleased with our AI Security pillar which grew over 80% year over year and has already exceeded our FY26 target of $400 million ARR 3/4 earlier than expected. With the strong demand, I expect AI Security ARR to exceed half a billion dollars by the end of this fiscal year. Diving deeper into our AI Security Pillar While enterprises are leveraging AI to drive innovation and accelerate productivity, the proliferation of AI is also making them increasingly susceptible to attacks. One of the largest AI companies recently reported that a bad actor hijacked its AI coding assistant to autonomously perform a large scale cyber attack against multiple organizations. This incident highlights two important trends. First, threat actors are using AI to dramatically increase the speed, effectiveness and and blast radius of attacks. We have been predicting an increase in this type of automation by AI agents and we are now seeing it happen. Second, just like users and organizations, AI agents are also becoming the weakest link in their security. It is only a matter of time before millions of AI agents interact with each other across enterprises. Imagine a threat actor hijacking even one of an organization's trusted agents and thereby accessing critical corporate resources and sensitive information resulting in a serious breach. We have a long history of securing users with our Zero Trust Exchange which enabled our customers to safely adopt the latest technologies and such as Mobile, Cloud and SaaS. Over 45% of Fortune 500 companies and nearly 40% of Global 2000 companies have adopted our Zero Trust Exchange and Trust Zscaler to secure their businesses. With the rise of consumer gen AI applications including ChatGPT perplexity and more, security issues related to access control, data loss and content moderation made enterprises cautious about allowing employees access to these popular apps. We extended our Zero Trust exchange to provide visibility into thousands of Gen AI apps, enabling enterprises to inspect prompts and responses and enforce proper guardrails for safe and secure use of gen AI apps. Several large enterprises adopted our Genai solution in the quarter, including a G2K technology company, a Fortune 500 communications equipment company and a large healthcare software provider. As AI adoption moved beyond consumer gen AI apps into building and running enterprise AI applications, we introduced solutions in three key categories to secure them. First, AI Asset Discovery and posture management. AI applications and agents are being developed and deployed today without full visibility for IT teams to safeguard them. To provide organizations with visibility and control, last year we introduced an AI asset discovery solution called aispm. AISPM can detect unauthorized AI applications, prevent over permissions for AI agents, and strengthen governance for model deployments in Q1. Several customers, including a leading software solution provider, a Global 2000 manufacturer and a leading insurance company purchased AISBM from Zscaler. With our recent acquisition of SPLX, we are extending our AI SPM capabilities by unifying discovery of LLMs workflows and MCP servers. These capabilities enable customers to meet evolving regulatory requirements for AI to be transparent and explainable, among others. The second key area of innovation is AI Red teaming. As part of AI lifecycle, customers need to regularly test their applications for vulnerabilities. With splx, we now deliver AI Red teaming to enable automated and continuous testing of AI apps at scale. Our AI Red Teaming solution integrates with customers CI CD pipelines, making it easy to test for hallucination, bias, behavior drift and more. Several customers, including a Fortune 150 transportation company and a Fortune 100 service provider have already deployed AI Red Teaming. The third area of innovation is AI guardrails. Customers need AI guardrails for inline policy enforcement, for acceptable use of AI for cybersecurity and for data loss prevention. Inline policy enforcement is one of our key differentiators which we seamlessly deliver through our Zero Trust exchange at scale. As we process half a trillion transactions daily, our AI Guard solution leverages this core competency for runtime protection. Zscholar AI Guard sits between the application and LLMs inspecting prompts and responses in line to enforce customer defined policies. To share an example this quarter a leading consulting firm purchased our AI Guard to secure the use of public AI applications and their private in house applications such as AI chatbots and AI agents. With our platform capabilities, we are securing over 90 billion AI ML transactions per month. As AI and AI agents define the next era of transformation, we are further extending our platform to secure AI agents, agentic workflows and AI applications. In addition to securing the use of AI, we are leveraging AI to deliver agentic operations including Agentic secops and Agentic IT Ops. In our Agentic secops we are making great progress towards delivering an AI powered SOC that simplifies customers operations and automatically hunts for threats. In August we acquired Red Canary to combine the Agentic technology with our Data Fabric technology to deliver actionable SOC insights for our customers. This quarter a Fortune 500 financial services company, a Global 2000 healthcare equipment company and a Global 2000 energy company and more purchased our AgentIQ Secop solution. In our AgentIC IT Ops, we are introducing several Zscaler Digital Experience or ZDX Innovations to enable faster resolution to application and network performance issues. Other innovations like the ZDX Co Pilot continue to resonate with customers and have driven over 80% year over year growth in bookings of ZDX Advanced plus in the last 12 months. I am very pleased to see continued momentum for our AI Security solutions. As I mentioned, we are expecting AI Security ARR to surpass half a billion dollars by the end of fiscal 26. Turning to our second growth pillar, we continue to see strong momentum in Zero Trust Everywhere which includes Zero Trust users, Zero Trust Branch and Zero Trust Cloud. Three quarters ago we introduced Zero Trust Everywhere and set a goal to secure 390 enterprises with zero Trust Everywhere by the end of fiscal 26. I'm delighted to share that we now have over 4500 Trust Everywhere Enterprises achieving a goal 3/4 ahead of our target date. Our Zero Trust Everywhere customers benefit from reduced cost and complexity by eliminating legacy network and security products. This expanded relationships through Zero Trust Everywhere also creates follow on demand for data security and AI security. One of the key components of Zero Trust Everywhere is is Zero Trust Cloud which allows customers to eliminate VPNs, north, south and east west virtual firewalls, Express Route and Direct Connect networks resulting in far better cybersecurity to share a customer. Example in an eight figure TCB win an existing million dollar plus Fortune 500 healthier customer adopted our Zero Trust Cloud solution along with ZDX Advanced plus Data Security modules and more. Zero Trust Cloud secures workload communication across the VPC or virtual Private cloud and SAP RISE cloud based erp. Without Zero Trust Cloud, the customer would have had to deploy significant number of North, south, east and east west firewalls resulting in increased cost and many months of delay. This customer told me that in the last 15 years they have not been so excited about a solution that not only brought better security but also was easy to deploy and operate. Just like the migration of Microsoft exchange to Office365 was a big tailwind to our business a few years ago, I believe the migration of SAP on PREM to SAP RISE will have a similar impact on our business. We continue to see strong interest from customers for Zero Trust Branch, which is another key component of Zero Trust Everywhere. Zero Trust Branch eliminates a need for legacy point solutions at branches, factories and campuses. To give you an example, in a seven figure upsell, Win, a global 2000 manufacturing customer more than tripled their ARR and became a Zero Trust Everywhere customer by purchasing our Zero Trust Branch, ZPA, ZDX Advanced plus RISC360 and more. Moving to Data Security Everywhere, we offer a comprehensive data security portfolio with eight modules providing data discovery, Data Classification, Posture Management, Data Loss prevention and more. Customers are eliminating Data Security Point products in their environment by consolidating data security functionality on our unified platform. To share an example in a seven figure new logo ACB Win, a large healthcare provider purchased five out of our eight data security modules for their 23,000 users. This enterprise chose Zscaler over a leading CASB vendor due to our integrated platform which delivers data security across all channels for all types of data. I'm excited to share that our data security everywhere ARR accelerated to approximately $450 million. The growth across our three pillars is powered by our strong go to market engine. One of the key initiatives we recently introduced was our Z Flex program which enables customers to commit to a spend and provide flexibility to swap or activate additional modules without undergoing new procurement cycles. Z Flex is driving meaningful upsells and and reduced sales cycle and is consistently exceeding my expectations. Z Flex generated over $175 million in TCV, growing over 70% quarter over quarter. To share a couple of customer examples, an existing large aerospace customer made a multi year 8 figure TCV commitment under the Z Flex program, increasing their annual spend with us by over 40%. As part of the flex commitment, the customer added nine new modules including Asset Exposure Management, Identity Threat Detection, Unified vulnerability management, email, DLP and expanded commitment for data security. In a seven figure upsell, WIN, a Fortune 500 business services provider more than double the annual spend with us as the expanded adoption of nine modules under the Z Flex program. In conclusion, our business is benefiting from the strong tailwinds from the combination of Zero Trust and AI security. The best AI security is built on the foundation of Zero Trust Our clear leadership in Zero Trust Security combined with our comprehensive AI security offerings positions us well to capture the large and growing AI security market. And with our strong go to market engine, we are well positioned to exceed $10 billion in ARR. Now I'd like to turn over the call to Kevin for our financial results.

Thank you Jay and good afternoon everyone. We exceeded our growth targets in Q1 and operated at rule of 78 for the quarter. We ended Q1 with over $3.2 billion in ARR, reflecting approximately 26% year over year growth. ARR from each of our three growth pillars accelerated in the quarter including on an organic basis. Q1 revenue was $788 million, growing 26% year over year, 10% sequentially and exceeding the high end of our guidance. Geographically, the Americas accounted for 58% of revenue, EMEA for 27% of revenue and APJ for 15% of revenue. Our remaining performance obligation or RPO grew approximately 35% year over year to $5.9 billion with approximately 47% classified as current RPO. We closed Q1 with 698 customers generating over $1 million in ARR and 3754 customers exceeding $100,000 in ARR, demonstrating the strategic role we play in customers digital transformation journeys. Turning to the rest of our Q1 financial performance, our gross margin was 79.9% as compared to 80.6% last fiscal year Q1. I'd like to remind investors that we are introducing new products that are experiencing strong growth and are optimized for faster go to market rather than margins. This will continue to influence our gross margins on a quarterly basis. We plan to optimize new products for margins over time as they scale. Operating expenses increased 11% sequentially and 23% year over year reaching $458 million. Operating margin was 21.8% towards the higher end of our long term range and growing by approximately 40 basis points year over year. Our free cash flow margin for Q1 was 52% including data center CapEx at 2% of revenue. We ended the quarter with $3.3 billion in cash, cash equivalents and short term investments. Next, let me provide our guidance for Q2 and full year fiscal 26. As a reminder, these numbers are all non GAAP for the second quarter, we expect revenue in the range of $797 million to $799 million, reflecting year over year growth of approximately 23%. Gross margins to be approximately 80% operating profit in the range of $172 million to $174 million net other income of approximately $19 million earnings per share in the range of 89 to $0.90 assuming a 21% tax rate and 170 million fully diluted shares for the full year. Fiscal 26 ARR in the range of $3.698 billion to $3.718 billion reflecting year over year growth of 22.7% to 23.3%. We anticipate approximately 47.8% of net new ARR to be recognized in the first half. Revenue in the range of $3.282 billion to $3.301 billion reflecting year over year growth of 2.8% to 23.5% operating profit in the range of$732 million to $740 million earnings per share in the range Of $3.78 to $3.82 assuming a 21% tax rate and approximately 170.5 million fully diluted shares and free cash flow margin to be approximately 26.0% to 26.5%. With a large market opportunity and customers increasingly adopting the broader platform, we will invest aggressively to position us for long term growth and profitability before moving to Q and A. I'd like to thank Ashwin for his significant contributions to IR and strategic finance and wish him well as he transitions to his product role. I'm also excited to welcome Kim to Zscaler with that operator. You may now open the call for questions.

Thank you. As a reminder to ask a question please press star 11 on your telephone and wait for your name to be announced. To withdraw your question please press star 11 again please limit yourself to one question. One moment for questions. Our first question comes from Brad Zelnick with Deutsche Bank. You may proceed.

Excellent. Thank you so much and congrats on such a strong start to the year and hitting your zero Trust Everywhere Goal 3/4 ahead is just amazing. Jay, I wanted to ask about zero trust branch which we continue to hear good things about. It's showing some nice early adoption but. As we look ahead how much more work needs to be done on the product and or go to market fine. Tuning to see real acceleration from here.

Thanks. Thanks Brad. We have done some amazing work on the technology side to build a zero trust branch where each branch is merely an island. No lateral movement that's generally caused by traditional networking with sd, WAN and mpls. Product is in a great shape go to market. We put together a specialty team that can actually engage with the right buyers to explain the solutions. The numbers are pretty impressive. I often Joe joke internally that Zero Trust branch needs no pipeline generation effort because there's so much demand and the customers. I think we shared some numbers. Our Zero Trust Branch customers have now exceeded over 450 customers. A lot of customers start small, they do the smaller rollout and then they move on to bigger deals. In my prepared remarks I gave an example of global 2000 manufacturing customer whose ARR more than tripled. I think there are many, many such examples. We got about 4400 enterprise class customers. We only gone to about 10% of them. So I see a big opportunity. I think it's an exciting area for us and it's part of our Zero Trust Everywhere platform.

Thank you so much, Jay.

Thank you. Thank you. Our next question comes from Saket Khalil with Barclays. You may proceed.

Okay, great. Hey guys, congrats on the strong start to the year. Thanks for taking my questions and congrats. Ashwin. Yes. Maybe a little bit of a joint question for you, Jay and Kevin. You know the billion dollars in arrangement that's coming from the three emerging areas is clearly outgrowing the rest of the business. In fact, I think you said it. Accelerated and for good reason. But I was wondering if you could help us think about the other 2 billion in ARR and maybe specifically is it fair to think about that other tranche as more of a la carte Zero Trust tools like Zia and zpa and maybe relatedly, how do you think about the growth rate for that 2 billion versus an emerging bucket that's clearly growing faster than the rest of the business.

So yes, it's very true that our three buckets of billion dollar ARR has been growing very well. The remaining $2 billion. Yes, a big part of that is the ICPA. It has been going quite well. But the big opportunity for that business is also to emerge into Zero Trust Everywhere. Remember we said that Zero Trust journey started with users. We're taking it to branches, we're taking it to cloud and next to IoT OT. While other vendors who tried to claim Zero Trust tried to say we got sase, they're merely sitting with Zero Trust trying to do for users. And we have expanded the platform to give a lot of opportunities. The core business by itself will grow at a smaller rate than the rest of the overall business. But our goal is really to take every customer to Zero Trust Everywhere and that's what we are successfully doing. Very helpful thanks, guys. Thank you.

Our next question comes from Meta Marshall with Morgan Stanley. You may proceed.

Great, thank you. Maybe just wanted to ask a question about Red Canary and just, you know, how it's kind of performing towards expectations given that, you know, you guys have been looking at a fair amount of churn within your kind of assumptions for that business. Just any context around that performance would be helpful. Thanks.

I'll start with broad comments and Kevin can go deeper in the integration of Red Canary. The Zscaler is going very well. The GNA integration is done right away. The two other main areas were one, engineering and products. We're integrating Red Canary's agentic AI technology with Zscaler platform doing well. Second is go to market. Red Canary's go-to-market team has become security operations specialist team. It's working with our field sales organization which is uncovering opportunity. So seeing a vast majority of Zscaler Red Canary pipeline is now coming from Zscaler customers. Kevin.

Yeah, look, I would just add that Red Canary is trending slightly better than our previous guidance. But keep in mind that we don't believe that Red Canary's contribution is material to our overall business. So as we go forward, we don't intend to provide specific color on Red Canary.

Great, thanks.

Thank you. Our next question comes from Taliani with Bank of America. You may proceed.

Hi guys. This quarter was stronger than actually we see. Because if I look at the year over year growth in dollars last year, first of all, first quarter last year was very strong. So you're growing 26% almost on a very strong quarter. And second, last year, on a year over year basis, you added between 122 to 130 million every quarter on a year over year basis. And this quarter you're adding 160. So that means that the growth is strong. And I'm trying to understand if you can break down on revenue level, not on ARR level, what is driving the strength. I mean, the stock is down, but the trends beneath the surface seem very strong. And I'm trying to understand what is driving it. And if you can break it down even not in numbers, even if it's just correct, qualitative to discuss what's happening in the core versus what are the key leading products that are driving this strength.

I'll start with a broad product area. As you know, we built the platform that we are expanding the platform. The three big pillars of our platform. Have been. Cedar Trust everywhere, AI Security and Data Security. All three areas are growing very well. They're actually accelerating and that's part of the strategy. Our strategy is if every customer starts moving to zero trust everywhere, we become very, very differentiated because no one in the market is even coming close to that. They're all trying to figure out how to solve the user side of it and the data security. Our customers are basically saying we are tired of seeing point products, so many point products in data security and we are the best platform. AI security is evolving. It's a new area for us. HNT corporations has done well for us and security of AI products is young, but it's growing pretty well. So I think we're very pleased with that growth we wanted from the three key pillars and it's beating or it's exceeding our expectations. Kevin, you want to give more color?

Yeah, thanks for the question, Tal. I mean I think that's frankly both the qualitative and the quantitative response, which is we are seeing accelerated growth in our three growth pillars, which is contributing well to the business. I also mentioned in my prepared remarks that we saw organic growth come in at similar levels to what we saw last quarter. So we are seeing very strong performance and the business did come in better. I was just going to add some color that, you know, we did see the business perform better than our internal expectations in the quarter. And how is the core business? You have Cisco with a new product, check point with a new product. Paolo, talking about very strong growth. How's the competitive landscape when it comes to the core business?

Comparative landscape hasn't changed a whole lot. If anything else, our brand has gotten bigger. Most of the large enterprises know us very well. We are very well engaged there a number of new entrants who have come in the mark in the past year or so, largely some of the firewall companies. We have hardly seen them out there. So compare landscape hasn't really changed much to mention.

Got it. Thank you.

Thank you. Our next question comes from Joseph Gaho with Jeffries. You may proceed.

Hey guys. Thanks for the question, Jay. I think when some look at the. Recent massive M and A in the. Space, they're fearful of the implications for underlying cyber growth. In your conversations with customers, how are they thinking about spend in calendar 2026 and what are the priority areas that they have as a part of that? Thanks.

So customers priorities for spending. Yes. Just, you know, what's the, how's the. Fundamental cyber growth been? How do you expect it next year and what the priorities are? Broadly speaking, there's no significant growth in macro environment. IT budgets remain tight. There is pressure on CIOs there is far less pressure on the cyber side of it. So cyber is under less pressure. We do see scrutiny for large deals similar to what we shared in the past. But two areas are still of high interest to customers. One is zero Trust security because all these breaches happening out there. And second is AI security, because everyone is trying to do some level deployments of AI applications because CIOs feel like if they aren't doing anything in this area, they'll be viewed as laggards. That is also mixed. Some of the customers are seeing better results than others in terms of AI, but as soon as they start thinking about doing AI applications and models, the security becomes a worry for them. So we are going in with two leading messages. Zero Trust everywhere being one and AI security being two. So with that, we're able to get the pipeline created. And the second part is to close deals, we must show strong cost takeout. And we can do that as we eliminate a lot of point products. So we are able to do both of those things. That's what's really leading us to deliver these strong results. And also if I mention that since our brand has become so much stronger and we become pretty strategic partners to customers, all these CIO CSOs meetings, I do, it's wonderful to see them to say, Jay, I mean, we moved from company A to company B and we called your team to help us here as well. So look, we are tracking well. We're excited about what lies ahead for us.

Thank you.

Thank you. Our next question comes from Mike Sikos with Needham. You may proceed.

Great. Thanks for taking the questions here, guys. I just wanted to come back to. The SASE market specifically. And Jay, I know you're probably already cringing at the at the word sassy, but just there was a large secure. Vendor out there last week discussing some success and competitive displacements in the SASE market. I just love to get your feedback. Specifically on what you're seeing as far. As trends from a competitive or pricing discipline standpoint. Appreciate it. Thank you.

Yeah, look, we remain very strong when it comes to. I will call the Zero Trust market because the sassy word has no meaning. Every vendor claims them to be calling sase. For example, if you do Zero Trust, you don't do SD wan. And most of these SD WAN vendors get viewed into the sase. Our expansion in our custom base is because of all the new functionality we are bringing to take Zero trust everywhere. Our expansion is happening as we have taken our data security platform and made it much bigger so we've done so many innovations in so many spaces. So we think in spite of new entrants in the market, I think the market has already kind of sorted out the winners and we are creating more distance among the number of other winners. Sorry. Among the number of other vendors who are entering the space. So I feel very strong. Our pipeline remains strong, our win rate remains strong, and you see our results very, very strong.

Terrific. Thank you. Thank you.

Our next question comes from Brian Essex with JP Morgan. You may proceed.

Hi, good afternoon. Thank you for taking a question, I guess, Kevin, for you. Just I understand that you don't want. To break out Red Canary, but can. You give us a sense for organic. Net new ARR in the quarter and then maybe one for Jay? With the acquisition of Red Canary and what you've done with Avalor and now. Splx, would love to get your sense. Of. Any sense of how you might. Align with the threat intelligence market and. Value you might be able to add. Given the data visibility, potential for incremental. Add in terms of the quality of. Data that you might be ingesting on. The platform and ability to provide better visibility for customers on the threat intelligence side. Thanks.

Yeah, thanks for the question. I'll go ahead and start. As I had previously mentioned, organic growth in Q1 was consistent compared to Q4. And again, as I said, we're very pleased that the organic business came in better than our internal expectations.

So on the second part, we talked about two acquisitions we have had. AVVAR has become our data fabric, which can ingest data from Zscaler platform and some of the third parties to really create what we call entity relationships. And you know, AI is only as good as data, so we're able to do some very powerful threat detection intelligence that couldn't be done otherwise. So that's the foundation of the platform. The reason for us to get into AI powered setups is the strength of our data. Avalon gave that stuff. We have the data that Red Canary gave us, agent AI technology on top of it. So using some of these smart agents, we can do security operation, what security analysts need to do. So the amount of information we are getting, the meaningful intel we're getting is unbelievable. I was talking to the CISO of a Fortune 100 company recently. He said, I have a sizable security operation team, very sophisticated operations. But your solution in this case, they're taking advantage of Red Canary working with us. It is finding things, a few things every month that we aren't able to find that amazing incremental value for Them we think this is only going to get better as our solution evolves. Your second point, splx. That's accelerating our completion of our solution for AI security. The market has so many point product, solution and AI security out there and customers tell me one, I don't want to deal with 10 vendors number one. Number two, I don't want to share my data with a startup that started 10 months ago to share with them. So they're looking for a platform. We have built a number of AI security platforms internally. For example Genai Security, AI Guard, AI Discovery and then SPLX brought red teaming technology to us. So it made our portfolio pretty complete. So zero trust everywhere in a very great shape. Agentic operations evolving nicely and AI security operations growing very nicely. We feel very comfortable with the portfolio build.

Got it. Helpful. Thank you. Thank you.

Our next question comes from Srinik Kathari with R.W. baird. You may proceed.

Yeah, thanks for taking my question. So jay, on the AI security tracking 500 million and you mentioned traction across all the modules, AI card, SPM with teaming. Just can you help us unpack where there is more traction? What's currently driving in terms of use cases are most deployments at visibility governance via SPM or are you seeing CISOs truly prioritizing all the runtime AI with. AI God as well? And then a quick follow up.

Yeah, this is a very good question. About two years ago, two plus years ago, when ChatGPT came on the scene, the number one thing customers wanted to do was visibility into genius solutions or sorry applications that users are going to go to. Since we are sitting in the traffic VAT very quickly, we built our first product, gen AI Security that's being used by quite a large number of ZSCARA customers. Next we launched AI Asset Discovery and Posture management. Tons of interest because everything starts by understanding AI assets. You have third, last summer, early summer, we launched AI guardrails. When customers are building their internal AI applications and models, they want to use guardrails to make sure that models are protected and only right people with the right kind of prompts can really access them. That's an early stage, but it's growing nicely. The pipeline is growing very well. And the fourth thing we brought to the market came through SPLX acquisition. That's core red teaming technology and as applications are being built, customers want to make sure they don't have vulnerabilities and we aren't stopping there. The fifth, extending our platform to agentic exchange so we can have right agent to agent and agent to application communication, all that is proceeding well. So I think we are very well positioned. We will keep on investing in these innovations, but we balance our investments with our operating margins. Very helpful, Jay. So Kevin, a quick follow up on your comment around these modules. Ramping, as Jay was saying, how are you thinking about the investment horizon overall and as you're scaling these data rich products, AI card and how to think about the margins here? Yes. Since the models and things they're using are really on a on a fairly well confined set of data, we haven't seen any massive change in gross margins. If these things change over time, I'm sure we'll let you guys know.

Maybe just to continue on that thread, look for Q1. We're pleased with the margin profile. We're comfortable with the Q2 guide. And then as we look into the back half of the year, you will notice that there's margin expansion in the guide. In the back half. We are orientated to growth, but you know that we're also very mindful of the financial model and operating margin.

Thank you. Our next question comes from Roger Boyd with ubs. You may proceed.

Great. Thanks for taking the questions, Jay. I just wanted to go back to Zero Trust Gateway and I wonder if you could talk a bit little, a little bit more about the demand you're seeing there is that product getting pulled along with increasing AI infrastructure. Some of the firewall vendors have talked about growth in software firewalls in this capacity and how are you thinking about customer buy in around this approach over kind of that approach of deploying virtual firewalls. Thanks.

Sure. As you know customers in traditionally used firewalls and everywhere we replaced a lot of them. When it comes to user protection and working on branch and cloud is pretty simple. When traditionally people will go to cloud and build cloud workload they would do lift and shift. They have lift and shifted north side firewalls to the cloud as VMs. They lift and shifted east of firewalls to the cloud as VMS as well. We go in and say you don't really need a lot of these firewalls everywhere. Zero Trust cloud is almost like Zero trust for Internet access. Zero trust workload to workload communication. All the firewalls go away. Customers do not need to work with all these IP addresses and ACL lists. The cloud gateway simply makes it even more easier to deploy our solution. In the past they had to deploy a piece of software we called code Cloud connector as a traffic cop. Now we have a cloud gateway that's deployed and managed by ZSCALER with a simple config change. They say point traffic to Zscaler Cloud gateway and we enforce policies and we do everything that needs to be done. Deployment that were taken a few hours now can be done in under 10 minutes. That's the kind of innovation we're bringing to make it easier for customers to move away on legacy firewalls and embrace Zero trust cloud workload communication.

Thank you. Our next question comes from Eric Keith with KeyBank. You may proceed.

Hey, great. Thanks for taking the question, Jay. Maybe to come back to Zero Trust everywhere just given how strong and successful. It'S been thus far. But I'm curious to hear how you're thinking about this going forward. I mean, is the outperformance relative to your expectations because the book of firewall business upper Refresh maybe was bigger or. Earlier than you anticipated?

Or do you look at the pipeline and see an even bigger opportunity of displacements? Looking into calendar 26, thanks. Yeah, overall our customers are looking for saving money and making it easier for them to operate and deploy these solutions along with that making sure they have better cyber protection. Number one reason for customers interest in the branch Zero Trust branch is to eliminate the lateral movement which leads to all kind of ransomware attacks, number one. Number two, when we go in and say by the way, it's also costing a lot more because we can eliminate multiple products in a branch, not just firewall but SD wan often they got these DHCP gateways, they often got east west firewalls, they got NAC and VLANS kind of stuff. All that goes away. So cost goes down, operational stuff goes down. That's a driver. Now refresh may help, but most of the time the deal are not waiting for Zsciller to say refresh is coming. As we present the story to our customers, they kind of say, wow, this makes sense. There's a lot of ROI to do it. Let's get started. So tremendous interest, strong pipeline and we only done about 450 customers so far. There are millions of branches left out there for us to pursue.

Thank you. Our next question comes from Fatima Bulani with City. You may proceed.

Oh, good afternoon. Thank you so much for taking my questions. Jay, I wanted to go back to a very specific remark in your script earlier in the call just with respect to the migration of SAP from on Prem to SAP Rise being an opportunity that would be tantamount to the success and the tailwind that you saw from Microsoft Exchange going to Microsoft Office 365. And so I wanted to take the opportunity to have you unpack some of that in terms of how will that manifest in your business across the product lines today, and then specifically with a portfolio that is significantly larger today than you had when the initial Microsoft platform migration was happening, where do you expect to see sort of I'll frame it as option value in some of your newer products that frankly didn't exist. In. The last sort of precedent Example.

Sure, you know, the customers moved to Office 365 several years ago because Office moved to the cloud or Exchange moved to the cloud. But SAP has taken a long time. It's a far more complex application. But now SAP is pushing for deployment of what they call sapis in the cloud and telling customers that you got to move and they're giving some incentives as well. So if you do it the old way, using the legacy firewall technology and network, you move SAP Rise to the cloud and you really then deploy all these express routes and direct connects for connectivity. And then you got firewalls and all the stuff you deploy to access those applications. The VPS type approach, we go in and say none of that stuff is needed, no special access routes and direct connects needed. You can access SAP Rise applications with Zscaler directly over the Internet as you access Office365 applications. It's a clean, simple, elegant architecture. So it gives us two opportunities for us. Number one, some that cloud zero trust cloud technology to make sure we got protection and communication for SAP application, SAP Rise itself. Second, for users to access SAP with better and faster experience. Those are the two areas of growth for us. And it helps the customer deploy and get the application running faster and reduces cost and gets great user experience.

Thank you. Our next question comes from Gray Powell with btig. You may proceed.

Great. Thanks for. Thanks for taking the question. Yeah, it's really interesting this quarter. I mean I look at the numbers and overall everything looks good. I do think there's some confusion on just organic. ARR. So here's my question. You highlighted 175 million in Flex bookings this quarter compares to RPO bookings at about 940. So basically Flex is now 20% of the mix had almost doubled versus last quarter. Where do you see that going longer term? And then as Flex becomes a bigger component of bookings, does that give you higher visibility on future period? ARR. Because there's just inherently an installed ramp in those contracts as customers. As customers grow out.

Great. So I'll start and Jay can add anything that he may want to share. Look, I appreciate you Raising Z Flex. It is a program that has gotten a lot of interest and traction from our customer base. To your point, we did see bookings gross over 70% sequentially, and it effectively allows customers to commit to spend. We typically see that as a more significant commitment than they would have made on an a la carte basis. It allows them to easily deploy additional modules without having to go through the friction of a negotiation procurement process. And then it provides them with the flexibility to swap in and out of modules as business dynamics for those customers change, and so it gives them confidence that they can make more meaningful commitments to us. And generally over longer periods of time. It doesn't have necessarily a different impact to ARR than any other type of transaction, but to your point, it does give us greater visibility over the long term because they are longer contracts. We do understand the nature of those commitments and how they play out in the future. And I would say it's frankly a win win for both the customer and the flexibility it offers and us in terms of the visibility going forward. So. So it is a very powerful tool that has gotten pretty significant interest from customers.

Yeah, I would say our business has performed very well on all metrics, cash flow, all areas. So we're very pleased with it.

Thank you. Our next question comes from Joshua Tilton with Wolf Research. He may proceed.

Hey guys, thanks for sneaking me in and congrats to Ashwin. Just one from me and apologize if this was addressed. Already bouncing back forth between a few calls. But did your assumption for what Red. Canary would contribute to the full year ARR change at all? And if not, is it fair to. Assume that what you raised ARR by. For the full year is how much you outperformed organically in the first quarter.

Thanks. Yeah, thank you for the call. I did make a comment earlier. We are seeing Red Canary trend slightly better than our previous guidance. But as a reminder, we don't believe that Red Canary's contributions to our overall business are material. So we're not going to be making color commentary with respect to Red Canary going forward. With respect to the outperformance. I mean, we did pass that through. The full year guide, I think. To further clarify, we said that before. Organic growth in Q1 for us was consistent as compared to Q4. Very pleased with it. It beat our internal expectations.

Thank.

You.

Our next question comes from Jonathan Ruthaver with Kantor. You may proceed. Yeah. Hi, good afternoon, Jay. I'm curious to hear your thoughts on the synergies you see between Greg Canary and the data security portfolio. It would seem that you have opportunities around remediation, a possible governance layer for dsp. Can you just provide an update on that integration strategy and maybe just a little bit of color on how you see that driving differentiation relative to all the other vendors that are touting data security capabilities related to AI?

Yes, very, very good question. I would mention three points there that set us apart from many others. Number one, we have built a full portfolio of data security. There's no such thing as data security for AI only because data is lost in many ways. So number one, the strongest portfolio is helping us. Number two, AI is helping us doing better data classification, which is important because better classification means better detection. Number three, the other point you made was the red Canary synergy that is the following. We are able to get all the signals from Zero Trust Exchange to our data fabric platform where we are able to potentially look for any potential threats or breaches or any of the stuff that's happened. And if you're able to do that very quickly, we can do a closed loop feedback sent to a Zero Trust Exchange. If we need to block some kind of data loss that's happening out there today, data loss happens, signals are found days or weeks later. This closed loop system between our agentic operations and inline function is a clear, clear differentiator for us that just set us apart from many other vendors, whether they're SASE vendors or they are AI security vendors.

Thank you. And our last question comes from Matt Hedberg with rbc. You may proceed.

Great. Thanks for taking my questions guys and. Congrats on the results, really. You know, I wanted to follow up on. I think it was Gray's question on Z Flex. It really does show up in checks. And I think, Kevin, you mentioned reducing friction, additional configuration consolidation opportunities. I realize it's difficult, but is there. A way to think about what that. Average Z Flex upsell looks like and then maybe just a little bit more color on how do you think about the pipeline of Z Flex deals for the rest of fiscal year?

Thanks, guys. So first of all, Z Flex was done to give our customers flexibility. It evolved from the traditional ramp deals we had done in the past. When we go after large customers, they can't deploy it overnight. And if they bought lots of modules, they wanted some ability to say give me some ramp because I won't be working on it. We have been doing ramp deals for quite some time, but this creates a formal program around it. The second thing has created for us is the ability to swap modules so they don't have to keep on testing various modules for a long time and delaying the deal. So we believe that the deal ability to closed deal has gotten better and 3 ability to do larger deals has gotten better because now they know that they can swap deal modules so they can go for a bigger deal. All these things are happening. I'm not sure we have quantified exactly how much impact it's happening, but we are seeing good results of it. So we are, we are pleased with the performance. Kevin, you want to add anything?

The only thing I would again I guess express. As you see growth in customers moving into zero trust everywhere. When you see adoption of data security everywhere and AI security, a lot of that momentum and the facilitation will come from programs like Z Flex that will make it easier for customers to adopt these technologies. And so for us, we think it's just a stimulus to allow customers to more easily and friction freely adopt more of our technology.

Thank you. I would now like to turn the call back over to Jay Chowdhury for any closing remarks.

Well, thank you for your time. We look forward to seeing you at one of the or some of the investor conferences.

Thank you. This concludes the conference. Thank you for your participation. You may now disconnect.