All right. We will get things going here. Thank you all for being here on day three of the UBS Tech and AI Conference. I have the pleasure of starting the day off with George Kurtz, Co-founder and CEO of CrowdStrike. George, fresh off earnings. Appreciate you being here on short notice. But yeah, thanks for being here.
Great to be here.
Yeah. Cool. I think I want to talk a lot about the high-level strategy here. But given we're just off earnings last night, and before we get into the bigger picture, maybe just review some of the highlights from last night. It felt like a very strong quarter on all regards. But in your words, what stood out?
I think if you look at the quarter, it was broad-based performance. Obviously, our ARR stands out year- over- year: 73% growth. We had a lower comp, of course. But when you look across our product lines, including next-gen SIEM, including cloud, including identity, these all accelerated. So you look at that, you look at our free cash flow as a record. You look at our gross margin for subscription: 81%. We're getting big deals done. Falcon Flex, we doubled the Flexes. When you put it all together, what I would say is we delivered an incredible quarter: broad-based success across all the product lines and geographies. And I think it really shows the power of the single platform that we've built and the fact that companies are embracing what we're doing, particularly technologies like next-gen SIEM. And I'm sure we'll talk more about that.
Awesome. Maybe two quick questions in the quarter. This was, I think, the best quarter of net new ARR since, I think, calendar 4Q 2023. I know you got this question last night. I know I got this question. I'm sure you did, too.
Yeah.
You acquired two companies in the quarter. Can you talk a little bit about the contribution there? I think there was maybe some misinterpretation.
There was a lot of misinterpretation. We said de minimis, but de minimis means de minimis. It means $2.8 million of contribution. And there were some crazy numbers being thrown out there. So just to be crystal clear, it was $2.8 million of a net new contribution.
Yeah. Very clear. Cool.
For the acquisitions.
Yeah. And then the other question I got was just around the bottom line: operating margin, EBIT. In many regards, this is a record quarter for non-GAAP operating income, EPS. Despite the fact that you closed two acquisitions, you had a record Falcon Conference in September. Can you just talk about the operational execution? I know Burt's here somewhere. I'm sure he's pretty pleased with the quarter as well.
Yeah, we are very pleased with the quarter. And I think when you look at sort of bottom line, what do you have in the quarter? Well, you have Falcon, which is our biggest selling event in the entire year, which drives the record pipeline, which we called out. And we did two acquisitions with de minimis revenue. So we still have to absorb all the expenses of the folks that we brought over. And we still had a fantastic bottom line result. So I know when we look at this and we look at overall the performance, obviously the things that Burt and I focus on: ARR, we focus on cash, free cash flow. And these are the things that help drive the business. And these were records for us.
Cool. Maybe zooming out, I want to talk about platforms. And last night you talked about CrowdStrike as the operating system for security, operating system for the SOC. I think that idea demands a true single platform. And so I'd love to get kind of your expanded thoughts on why that's so important, especially as we enter an AI attack landscape.
Yeah. Again, what's the ethos of CrowdStrike? It is the single agent, single platform. And it's how I built the company. And I learned from what not to do. I was at a prior company before. We did 21 acquisitions. And it all looked good on the PowerPoint, but we could never get them integrated. So you have to look at those lessons learned in the past and go, "OK, I'm not going to repeat that." I see it being repeated in other parts of our industry, but we're not going to repeat that. That's why we've been so thoughtful about M&A. And I know that's another topic we'll cover. But in a single platform, it really focuses on the data and the data architecture. And for me, data, in my opinion, can solve most security challenges that are out there.
And I think most people would believe that data can solve that, whether that is an endpoint use case, whether that's a risk use case, whether that's an identity use case. If you have the data, you can not only identify things, but you can also prevent these breaches. And it really does then set up all of the AI training that allows the operating system to work at scale. You mentioned it yourself. The SOC is transforming. It isn't just kind of alert and triage and alert and triage. It needs to have much more autonomy built into the SOC. And one of the things that I talked about at Falcon is CrowdStrike really being the first to secure AGI. We've got a lot of efforts internally working on this. Now, the industry has to get to AGI.
But along with that, our goal is to map out and bring the industry to a level five autonomy. And if we think about the simple analogy of autonomous driving, you have an autonomous chauffeur. Well, you have an autonomous SOC agent, right? You have a level five model in cars. And we mapped out a level five model in security. So when you have that level of autonomous interactions, A, you've got to get it right. And B, it's just a different way to instrument and operate the SOC. And we're really pioneering that.
Yeah. Cool. I wanted to talk about Falcon Flex that you mentioned, and I think, in my view, it highlights what customers think of your platform. I've talked with some of those customers who appreciate the flexibility it gives them to try out new solutions while still making a broader commitment to CrowdStrike. I think you now have $135 billion of ARR going through Flex contracts, growing very rapidly. What's going right there, and where can that go from here?
Flex is something that we put together in combination with our customers. And it was really a demand from our customers saying, "Look, we want to do more with CrowdStrike." I mean, I started with one module. We went public with 10. We've got 30 plus modules today and growing. And customers basically want the ability to leverage the entire platform. So they came to us and said, "How can you make it easier? How can you maybe take a page out of the hyperscaler playbook and give us a commitment model?" It's not a consumption model. It's a commitment model. So customers commit. The more they commit, the better the deal is. They get a rate card for it. And then the entire product platform is opened up to them. And friction-free procurement, right? You just have to go through it once. They can add a new product.
And then it basically just burns down their commitment. This has been, as I said on the call, often imitated, never duplicated. Ours, I think, is still differentiated from the others that are out there that couldn't even kind of rename their Flex model. They just gave it something Flex, which is, I guess, imitation is the sincerest form of flattery. But in any case, it works. Customers like it. And the key is they're consuming more of it faster than sort of the contract term. So if you had a three-year contract term and you can, as an example, consume it in 18 months, you're up for a re-Flex or even sooner. So these are the dynamics that we're working with. And each customer is going to be a little bit different. But from a selling motion, it moves from, "Hey, here's another module.
"Here's another module" to "Let us look at the outcome that you want. Let us look at how you want to consolidate and get rid of these five other products that don't work well and are costly," and then move it all into Flex. And that's why we keep getting bigger and bigger Flex deals.
Yeah. I think it's really interesting, and that re-Flex activity remains super strong. You have 200 re-Flex customers that have shown up, and I know people have kind of equated this to an ELA. That doesn't sound like ELA buying motion.
It's not an ELA. The term ELA is banned from our company. This is not an ELA. It is a commitment model, again, very similar to what you would see in hyperscaler, and we kind of view ourselves as a hyperscaler of security. Having the model, having the platform, you have to have both together. You asked me about the platform earlier. A big piece of having a platform is actually having the model, the licensing model that can help customers consolidate and be part of the platform journey, and you have to have both pieces, and we put both together, and really, we're hitting on all cylinders with both areas.
Yeah. Yeah. OK. I want to talk a bit about next-gen SIEM, which continues to grow, I think, pretty close to 100%. It's almost $500 million in scale. You called a couple key wins on the call last night. It feels like the legacy replacement cycle there is maybe accelerating a little bit. Is that a fair thing to say?
It does. It feels a lot like the legacy replacement of AV. So when I came out with next-gen AV, we were against Symantec and McAfee, all the big guys. And nobody thought we had a chance. And we've seen how all that played out. It feels a lot like that. In that customers are frustrated. They're certainly frustrated with the cost. They're frustrated with the performance. They're frustrated with the complexity. And they're looking for a new model. This sort of alert, alert, alert, alert, and then this triage is just getting old. There's too much data. It's happening too quick. And humans just can't keep up with it.
So when you look at our next-gen SIEM, the beauty of it is, and before we even got into the business, our customers were saying, "We're taking all of your EDR data, and we're putting it and paying to put it in another SIEM. And it's costing us a lot of money." Like 80+% of the data that was going into a SIEM was from CrowdStrike. So they said, "Why don't you just take the 20% that you don't actually create and take it into your platform?" And that's what we've been able to do. So what is maybe underappreciated is they don't have to pay for the 80% they generated. There's a retention fee and those sort of things. But the transfer, they don't have to pay for. So this is a huge cost savings to them.
This is why we can be very disruptive in the pricing, because we already have the data, so it makes it a lot easier when you go do a rip and replace. The one I talked about was a large bank in Europe. Not only did we replace their SIEM, but we also added Onum to it, and this pipelining technology is very exciting, so I think the combination of what we've built, having it integrated and EDR data is really the highest resolution data that's out there, combined with things like Charlotte AI, making a winning combination.
Yeah. Beyond that brownfield replacement cycle, there's also a greenfield opportunity to sell to the customers who've maybe never bought a formal SIEM before. And I think that you're kind of reinventing that coming from a very strong EDR standpoint. How do you think about that opportunity, both directly and indirectly working with some of your managed security service provider partners?
Certainly the big folks out there, the big companies have SIEMs. I think what we've been able to do, and we've shown this over time, is we've been able to take something that's very complex. We've been able to take that model and bring it down all the way to the SMB. We did that with endpoint, next-gen AV, those sort of things. We have the ability to do that with SIEM. When you think about the companies, and there's so many smaller companies that are out there, it could be a $1 million company. It could be even a $1 billion company. There's still a lot of risk that they have. Having visibility into their security posture is important. Even combining that with the managed service provider motion.
So we think we can tap into the SIEM market at a lower stratification than it's done before. Because for the most part, if you were setting up an enterprise SIEM, it's a ton of complexity. You need lots of people. And because of the way that the product works and the platform, it's very easy. It's natively built in. This is the other piece. Every customer we have has next-gen SIEM. Now, what do I mean by that? I want to be very specific. They have access to next-gen SIEM, and we give them 10 GB of next-gen SIEM for free. So then it's on us to be able to upsell them. So even the smaller customers, we have plenty of small customers that are using the 10 GB. And we have the ability to grow that.
Yeah. Very cool. Last question on SIEM. Earlier this week at re:Invent, AWS announced that Falcon Next-Gen SIEM is going to be the default SIEM for their customers' security hub. Can you talk about how important that is? and when you look at competition in the SIEM market, some of the other hyperscalers are in some ways your competition.
Yeah.
Well, I know AWS has been a big partner for you. But what does this mean, this next step?
Well, we're really excited about this. This announcement came at re:Invent. And if you look at two of the, I guess, four hyperscalers now sort of have their own, right? And this is a great, great addition to AWS so their customers can actually consume AWS data into a SIEM that is now part of their stack. So you can go into your console, you can consume data, flow it in, and then pay as you go. And that is going to dramatically open up new customers for us. It is pay as you go. So part of our selling motion will be to move them over to a full subscription. And it's a win for AWS because it gives them native capability within the platform, which they didn't necessarily have before. So obviously, we just got going on it. We just announced it at re:Invent, which was this week.
There's obviously a big runway ahead of us. But in terms of the opportunity, we're already hearing from people who are using it and liking the technology. The other piece that I want to mention is what we did with F5. It's a very similar motion. So F5 worked with us. They said, "Hey, we want to put CrowdStrike on our F5 appliances," which are, if you look at the appliance landscape, these are one of the most attacked sort of surfaces. But nobody runs anything on them. So working in collaboration with F5, we were able to certify our sensor to run on F5, which was a great collaboration. And now we have new customers coming to us saying, "Hey, we weren't a CrowdStrike customer. We used your technology with F5. It's way better than anything we have. We had no idea.
And we want to get to an EBC." And we're doing that already. And we just announced that a couple of weeks ago. So if you look at what we did with F5, and then you kind of look at AWS, we're going to hit a whole bunch of customers that we've never hit before in a whole bunch of different regions where we want to continue to build out our momentum.
Yeah. Cool. I want to talk a little about the Onum acquisition. You've talked about it being a game changer for the next-gen SIEM product. And I think broadly, your exposure to the observability market. What does that do for you in terms of emerging trends in that space around federated, distributed data structures? And what led you to the Onum acquisition in the first place?
Interestingly, the Onum acquisition, I was talking to a customer. And I was traveling. And they said, "Hey, you got to meet this company. It's really cool." And I knew a little bit about them. And I was in town and basically set up a meeting, one hour, met some folks. And I'm like, "OK, this really is good stuff." And if you look at the background of the founders, again, we buy teams and tech. You have to have the right team. You have to have the right cultural fit. They came out of Devo. So they knew the whole SIEM space. And they knew some of the problems associated with moving data, getting it in, and duplicate data, and cost, and those sort of things. So they really built a next-gen pipelining technology that can, it's much more efficient in how it operates.
It's not just designed to sort of reduce data and save costs. Yes, it can do that. But there's so much logic that's built into the pipeline. Now, what that means is that as data is created and sent somewhere, they can actually apply logic to it in the pipeline. So it has to move from point A to point B. And that logic can be security logic. So you can do detection in the pipeline even before it hits our SIEM. Makes it really efficient. Or it can be IT sort of logic, like where you're looking for performance or you're looking for sort of anomalies in sort of IT infrastructure data, if you will. So that's why, to your point of observability, we do have capabilities within Onum. And then you combine that with LogScale, which, by the way, LogScale started as Humio, which is what we bought.
50% of the customers were observability customers. So we actually have the tech for observability. And we have more and more customers using it with their own sort of custom workflows. There's more work we need to do around the workflows and some of the data that we take in. But it's all doable. So from that standpoint, if you own and control the data fabric, I think it's a huge competitive advantage versus some of the other competitors that are out there.
Yeah. And I wanted to go high level here and talk about AI in a few different ways. But maybe to start, last month, we saw state actors leverage an LLM to help propagate attacks on, I think, 30 different enterprises. And I think we'd always been talking about as an industry this potential risk. But now that we're seeing it, what is that doing to your customer conversations? Are you hearing more concern? Is that elevating budgets? What's the general level of panic over what we saw with Charlotte ?
There's a lot of concern about it, and I sort of try to distill problems into time and money. I mean, just make it easy, and there is a time element to this AI attack vector. There's also a money element in that it's much cheaper for adversaries to do it, but what it has done is it has massively compressed the window that a defender has to be able to protect themselves. It used to be months. Then it was weeks, days, hours, sometimes seconds. We've actually, and we call this out in one of our threat reports, seen an attacker pivot from one system to another in 51 seconds, so incredibly quick, so AI is driving a lot of the tooling around this, and in this particular case, they were using a public LLM model.
They were basically just driving new attacks and creating sort of what I'll call AI-type malware that isn't really malware. It's more prompts. It can hit a system. Then it can basically say, "What system am I in? What's interesting? What files are here? Look at the files." There's no malware. It's just prompting. Then it's creating scripts that will actually do that for the adversary on their behalf. It's unique. Every time it hits a new system, it's unique, which again becomes a problem in the world. This is why you need AI to fight AI.
Makes sense. The second AI theme question is how enterprises are thinking about securing AI, whether it's in first-party applications or API calls or through SaaS. And I've heard a lot of customers of yours cite interest in Falcon Shield. You talked about, I think, 50% sequential growth last night. You acquired Pangea to add functionality there. How are you helping customers grapple with challenges around securing AI applications?
Yeah. So let me step back a little bit, and when we talk about the AI applications, there's the AI creation, and we help secure that, and then there's the applications, the use of AI, AI agents, et cetera, and I think where we see a huge opportunity, and I'll get to some of the acquisitions, is in the ability to secure these AI agents. I talked about this in September at our event. There's a stat. On average, an enterprise sort of person will control about 90 different agents in the future, so all those agents are going to need to be protected, very similar to the way we protect endpoints. They have access to data. They have access to compute. They have access to other agents. They have access to workflow.
So if you think about our opportunity that we have in front of us, everybody has a laptop or device here. We've built a huge business in protecting these technologies, cloud, et cetera. But we have a massive opportunity to protect all these AI agents. And now they're going to be at a different price point. If you have 90 of them and you're one person, it's going to be at a different price point. But it opens up a much broader opportunity for us. So when you look at what we did with Pangea, Pangea not only provides technology around sort of prompt injection, guardrailing, identity, those sort of things, but it actually has a whole building block layer. So if you're building AI applications, you can actually use the Pangea building blocks. And it's not something, because we really are releasing it in Q4 because we're integrating it.
We haven't talked a lot about it. But it's really exciting. So it could be part of the whole sort of building of AI applications where you can build the security into it. That's why we're excited about that acquisition. And then Shield is amazing because you have a lot of SaaS applications with identity, certainly a lot of them driven by AI, shadow AI. And Falcon Shield is immediate time to value. It's one of those technologies that when you run it, there's always an aha moment. And it's a very quick sales cycle. And we're getting a lot of net new business where customers just try it out. And they're like, "Wow, OK." Once they're in the platform, then we have the ability to cross-sell them.
And the last point on AI is the use of AI to improve security operations and the idea of the agentic SOC, where we're headed. I've been pretty encouraged by some of the feedback I've heard about Charlotte. I think the one example that stands out is a customer told me that they're regularly seeing three-hour investigations being done in a minute. And that trust level is increasing. At some point, this is going to become a bigger deal. Do you feel like we're getting there? Is 2026 the year where we're going to see more adoption of some of this agentic AI technology in the SOC?
I think so. There's a cycle of AI adoption. I think everyone here would probably remember their first ChatGPT sort of moment. It's like, "Wow, OK, that's really interesting," right? Then you started to use it. And then the first power users were bringing it into the enterprise. And then the enterprise security folks and IT folks were like, "Wait a minute. We got to control this thing," right? And then they kind of went through their motions. And now we're in deployment of AI agents. So we're in the early phase. So as more and more organizations get comfortable with AI, they're going to drive more AI across their entire architecture, including security. There aren't too many companies that go into it that tell me, "Hey, I've got unlimited budget and unlimited people." Conversely, it's like, "Hey, budgets are tight. And people are tight.
We don't want to add more people. So how do we leverage AI?" So Charlotte is the perfect force multiplier. And the beauty of Charlotte is that we've taken a lot of what we do as one of the largest MDR providers. And we've built that into Charlotte. So think about the training data. We've got over 10 years of MDR data that we've annotated. And sometimes it's better to be lucky than good. You didn't know GenAI was coming 10 years ago. But the training data was laid out in a way that made it really easy for us to do that. So that creates a moat in what I call the Reddit of security data, where we have all that. We're able to train Charlotte. So Charlotte has now become really a workflow orchestration layer. And it's gone well beyond our competitor sort of chatbots.
And that's why you're seeing customers go, "Wow, OK, this is really evolving." And every week or two, there's new capabilities. And it gets better and better and better. And again, we're driving towards that autonomous SOC. That is our vision. That's down the road. But you're going to see more and more adoption, obviously, of Charlotte. We'll get more training. And then people get more comfortable with allowing it to do more things autonomously.
So I would say a year ago, this felt like an AI agent for the SOC felt like a roadmap item that everybody had to have. It seems to me like it's showing up more in wins. You continue to highlight Charlotte and Flex deals. How do you think about driving adoption there versus customers coming in to try and pull it and try to monetize it? And is it conceivable at some point that, like cloud security and SIEM identity, we could potentially have a Charlotte segment disclosure?
Yeah, that's a Burt question. But it's possible on the disclosure side. When we think about the adoption of it, though, and what we're seeing, is customers, they want something more than a chatbot. And I think, to your point, one of your earlier questions, we've been able to build it within the platform. We just didn't slap together a chatbot and go, "Here it is." So we wired it into each of the modules. And we actually built our own smaller LLMs, if you will, not small Ms. And basically, because it's built into the platform, it allows us to actually do work on behalf of the customer in our workflow. And that's vastly different than others. But the platform really sets up Charlotte and, again, gets back to how things are built. Not all things are built equally. And it will continue to grow.
At some point, maybe there will be a disclosure around that. We'll take that up with Burt.
Very good. Maybe two last questions or three, just on the M&A strategy and coming maybe full circle on the idea of a platform. You've always had a very disciplined approach to M&A. At Falcon, you did note that you're not ruling out larger scale acquisitions. Can you just talk about kind of the framework and the high bar you set for whenever you're looking at going external for R&D?
Sure. When we think about M&A and what we've done, and I think what we've been incredibly successful with is tech and teams, right? And I always say teams first, really, because if you don't have the right team, tech doesn't matter. So tech and teams matter. And we started there. And I think we have a great track record of these acquisitions. If you go down the list from Preempt to Humio, I mean, these are all stars for us, Falcon Shield, et cetera. So that has worked well. We're not ruling out doing something big. But it has to have a high bar. And my general philosophy on an M&A deal is I say no to everything until I run out of no's. And then when I run out of no's, it's a default yes. And that's how we get a deal done.
That's how all of our deals got done. So is there a larger acquisition that could potentially hit the yes? For sure. But again, we're not chasing ARR. If it comes with it, great. We want the best tech and the best team for the best outcome of our customers. And we don't want to dilute the value of the platform or what we built. And we're going to see many others out there struggle with trying to put piece parts together. And again, I got a lot of scars on my back from prior companies. I don't want to be in that situation. So I won't rule it out. But it's going to have to have a high bar.
At Falcon, you laid out a target for fiscal 2027 for 20% net new ARR growth. Last night, you reiterated that on a higher fiscal 2026 base. Could you just parse out your confidence in that number? Maybe more of a Burt question. I'm pretty sure the answer is everything we've talked about thus far. What's your confidence in that? I know you talked about record pipeline and 4Q.
Yeah. Well, I think it does start with record pipeline. You have to have some visibility looking out, right? You have to look at where we are today, the acquisitions, what we've done, the integrations we've done, Falcon coming out of it, Falcon Europe as well. And customers just coming around. There's a lot of new customers that are coming that might have been with another vendor through a life cycle. They might have had a three or five-year deal that are now coming up, going, "OK, they're disillusioned. They're disillusioned with the outcome and the cost." And they're talking to their peers. And we're solving really hard problems. And if you talk to, and I encourage you. And I know you do. But if you talk to most customers, we're the number one security control they have, number one, right? And what do they do?
They talk to their friends in the industry and go, "What are you doing different?" Like CrowdStrike. So that continues to build. And I think when you look at our roadmap, you look at the pipeline, you look at the market opportunity, particularly with AI in the areas that we're leading in, that gives us confidence. And at our scale, there's not many 20% growers. I mean, we're in rare air, right? So from my perspective, I think it's all coming together. And you've got this tectonic shift in technology with AI that's going to help really drive that into the future years.
Awesome. Well, I think that's a great place to end things. But this has been a great conversation, George. Thank you for being here. And thank you all for listening in.
Fantastic. Thank you so much.