Great. Thank you, everybody, for joining. Tim Long here, IT Hardware Comm Equipment Analyst at Barclays. Very happy to have F5 with us today. Thanks, guys, for coming. Cooper Werner, CFO, and Tom Fountain, EVP, COO. You know, crazy time, so really appreciate you guys taking the time here, so maybe let me, you know, just start off with some of the, you know, the hotter topics.
Mm-hmm.
Then we'll kinda dig a little bit deeper. And you guys can chop them up how you. So, obviously, a lot about the breach that happened. So, you've talked a little bit about it, but if you could just maybe go over again kinda what, you know, the customer and, you know, feedback has been thus far, and any color on, you know, specific areas. I know it was a part of the guidance change a little bit last quarter. So, anyway, you could couch that for us. C urious if there's been any benchmarking around when this seems to be happening with a lot of companies these days? So, curious what you, you know, gleaned from other companies that have gone through similar dynamics?
Tim, thank you for having us. Before I answer, let me get our Safe Harbor.
Oh, yeah, there you go.
On the record. So before I respond, I need to walk through this. Our discussions today may contain forward-looking statements which involve uncertainties and risks. Our actual results may differ materially from those expressed or implied by these statements. Please see our SEC filings for more information on these risk factors. So, maybe I'll start and then hand it to Cooper. Just for context, we disclosed on October 15th that a highly sophisticated nation-state actor had gained unauthorized access to certain F5 systems. And this really affected principally our BIG-IP product. And so a lot of the focus really right at the time of disclosure was around helping customers be able to protect their environments, and specifically, apply patches to their BIG-IPs. And we saw customers respond in, you know, a variety of different ways.
There were certainly a number of customers that wanted to very quickly roll out updates to their system to make sure their environment was protected, and we also saw a number of customers who concluded that they had a lot of mitigating controls already in place in their environment, and would follow a more orderly sort of upgrade sequence. You know, prior to the disclosure, we did quite a lot of work to understand sort of how other companies had responded to this, really to extract as many best practices as we possibly could.
And I'd say, you know, the overwhelming feedback from customers was one of appreciation for the high level of transparency we provided, the details that we gave them around how they could protect their environment, and then the focus that we offered around the new versions of BIG-IP that we made available at the same time, and the resources that we applied to help them with that. And so, you know, I'd say the overwhelming response from customers was quite positive. In the work since then, you know, we've seen sort of a significant uptick initially around customers who were updating those environments. W e've seen that come back down.
We're now at a place where I describe it as a bit of business as usual that customers have, by and large, sort of completed the updates that they wanted to perform. Obviously, now the attention's turned more towards sort of what are the steps we're taking, both the actions that we took early on, and then we plan to take over time to continue to secure and harden our environment. Again, we've gotten, you know, very positive response from customers around the way we are approaching this. I think, you know, we believe pretty strongly that we're gonna come out of this with a much more secure environment, and customers will be much better protected than before.
Yeah, and then just in terms of how we kinda try to size the potential impact, I think one of the challenges that we had was just the timing of the announcement in relation to when we were, you know, providing our guidance. It was about nine business days, so we didn't have, you know, a lot of data in terms of pipeline generation, close rates. You know, we hadn't seen any impact in those nine days, but you know, because it was so early, we really spent more time kinda profiling our revenue base in you know, what areas of our revenue had more kinda customer discretion where they may choose to either defer or cancel projects.
It's a relatively small piece of our overall revenue base just because between our services business and our renewals business, where customers are already running F5 in their environment, those areas of our business are likely to be pretty resilient in the near term, and so the real if there was gonna be any risk, it would be more around kinda new projects, in some cases maybe around tech refresh if a customer chose to just kind of wait a little bit longer, and so the you know where we thought there could be impact was if customers one their operational focus was around remediation, and so that caused some kinda friction in terms of rolling out new projects.
Similarly, our sales resources that, you know, in the short term are gonna be very engaged with our customers, kinda walking them through the remediation, and then moving on to selling activity. And then kinda the third factor would be really around if there were projects longer term that were canceled as a result of perceived risk. We felt like that was a pretty low risk. W e talked about exiting the year. We would expect demand to be kinda returned to normalized levels. T hat's kinda what we're monitoring. But I think what we're encouraged by is just how these remediation activities have gone with customers. I t's been very orderly. They've very quickly kinda moved into execution mode. There wasn't a lot of kind of, you know, relationship impact that we saw early days.
We were, we're pretty encouraged about that. I think that the silver lining is that it has gotten us, you know, kinda deeper into the organization with decision makers and maybe created a little bit more of an awareness at higher levels within some of the larger enterprises as to how critical F5 is in these environments. And, you know, a lot of the work that we've done through this planning is giving us an opportunity to share insights with our customers as to what we've learned and some best practices they can be thinking about as they kind of assess their broader security posture.
Okay. Great. Great. That's a comprehensive answer there. I appreciate it, guys. Maybe going over to the software business, obviously, there's been a lot of software versus hardware, you know, with F5 for the last probably decade.
I know there's no current guidance before the breach. It was kinda mid-single-digit type of growth. Maybe talk to us about the moving parts around when you're thinking about software growth the next few years, and maybe, you know, I think the term timing of term has something to do with growth rates as well, so maybe walk us through the two or three, you know, kinda main elements that would move that, you know, software growth number around.
Yeah. So, I mean, at the highest level, you know, our growth is driven by expansion with our customers. And so we've talked a lot about the ADSP, our platform that allows customers to consolidate more services into a kind of a single management framework. T hat's been very attractive to customers. W e've been seeing really strong expansion as customers come up for renewals, as they're looking to do more with F5, you know, new use cases, new solutions. In addition, as they've grown, their kinda capacity and performance needs have also increased. And so, you know, our software business is largely a subscription business. And so, you know, we do a lot of new projects, and then we expand over time.
As that mix continues to increase in terms of subscription and a renewal base, that the growth is going to come from expansion. A s we look at revenue growth rates over time, we had a really strong year last year. We started the year with an upper single-digit growth guide, and we ended at 9% for the year. We talked fairly early in the year just to kinda give investors an understanding of how that flow of the renewals would come through, that this would be a mid-single-digit growth year. T hat was really, had to do with the cohort that comes up for renewal. You know, we largely sell in three-year cycles. So FY 2023, there were some macro events that made it a more challenging year for software.
And so the revenue growth from FY 2023 that was flattish, that's what makes up the cohort that comes up for renewal in FY 2026. Conversely, we'll have a much stronger, or larger size cohort coming up in 2027. So just from a math perspective, there's a little bit of a headwind in FY 2026 related to the renewal base that becomes a tailwind in 2027. But underneath that, what we're seeing is strong expansion rates, and that, in addition, we're seeing strong growth on our Distributed Cloud business. And so between those two, we expect software to be a double-digit grower beyond FY 2026.
Okay. Great. Where are we with, you know, cannibalization? The hardware business has been very strong the last few years, year and a half at least. Where are we with, you know, are we there still? I think you don't go into a sale saying you should buy software or hardware. What are you seeing on, like, customers' appetite for software versus hardware where it's a, you know, a comparable application?
Yeah. So I think you're exactly right. We really go into the customer engagement focused on what their challenge is and how to solve that challenge. And the choice between hardware or software really is a consequence of sort of the rest of their architecture and their environment. You know, having said that, you know, we are seeing a lot of demand around hardware. I think that's a reflection of a long-term secular shift that has occurred. You know, customers for a number of years were very focused on cloud as the answer. Today's customers we see quite distributed, that they have accepted and come to focus around this hybrid and multi-cloud world. With that, we're seeing a renewed energy around the data center buildouts and a lot of data center modernization activity. And that's in turn sort of driving hardware demand.
You know, I think that also maybe is accelerated with AI, either because they've got AI applications or in anticipation of AI applications that is driving a lot of that. On the software side of the business, you know, a lot of it we see growth opportunities longer term really around our SaaS business. We think that's a really important part of our ADSP, and increasingly for our customers, what we're seeing is that they're buying across multiple deployment models with multiple solutions, and we think that's really encouraging 'cause it reinforces sort of this strategy that we're pursuing around an integrated portfolio, our ADSP strategy, across all of these different domains.
Okay. Yeah. You mentioned Distributed Cloud. It's, you know, you had some transition a year or two ago. Where are we now with that as a full offering? It sounds like it's performing pretty well. Where are we in the growth curve and scaling that business?
Yeah. So it's, you know, we're seeing good growth on Distributed Cloud. We've been undertaking a little bit of a transition on some legacy offerings. So if you look at kind of the headline growth from our overall SaaS and managed service business, the revenue declined last year, but that was solely to do with the transition off of some legacy offerings that we had retired. And so we expect to see the ARR grow this year, and that'll translate to revenue growth in the following year. I think it's really speaking to the breadth of the functionality with our and the maturity of the Distributed Cloud offering. And then, you know, we have the unique trait of having our offerings available across any environment, whether that's data center, public cloud, or SaaS-based environments.
That brings a lot of opportunity our way because customers are operating their applications in hybrid multi-cloud environments. Our ability to give customers choice and flexibility to support these applications and these workloads as they move around is very attractive across all of those environments. That's really bringing us a lot of opportunity on the SaaS side of the business.
Okay. Great. We may come back to software, but I did wanna touch on AI. Tom, you mentioned it. I think on some of your calls, you announced some of the kinda key use cases where F5 is participating. So maybe if you could just walk us through how important, you know, AI is to the F5 story right now and what are the top two or three use cases that you're really seeing traction in.
Yeah, so I think a lot of the industry excitement around AI starts with the applications or lately a lot on the semiconductor side, but we're seeing it really start to change the way enterprises think about their infrastructure, as well. I think that's a reflection of the fact that the way AI applications get built really demands, you know, really high speed, low latency, large bandwidth data transfers to feed these AI models, so there are really kinda three use cases that shake out of that for us. The first is around AI Data Delivery. This is a very classic sort of high performance use case around getting large volumes of data from one place to another with very low latency. That's, in some ways, tailor-made for F5.
I mean, we're that. That is sort of our expertise is around being able to do high performance data delivery, and so we're seeing good demand around our BIG-IP products for that use case. The second one is around AI Runtime Security, and here this is a whole new emerging class of capabilities to be able to provide security in front of AI models, and so the kind of simplest way to think about it is a firewall, but for your AI models, and we've had a number of organic capabilities that we've built in this space. We also recently announced the acquisition of a company called Calypso AI, and so together we have a really strong leadership position in this new emerging category around AI security, and then the third use case is really around AI Factory Load Balancing.
Here, this is within an AI factory being able to optimize your GPU usage and driving performance. Benefits there. This is really from our partnership with NVIDIA. We're quite excited that we recently announced that we are now part of the NVIDIA reference architecture. So a key step there. This one is a much earlier business for us, in that you know, we've just now completed the reference architecture and are engaging with customers around those opportunities. So a little bit earlier, but you know, a big opportunity potentially over time. All of these are on what I'll describe as kinda the direct use cases. We also see quite a bit of activity that we would attribute to. I'll call it Indirect AI use cases or Shadow AI use cases.
This is where, you know, customers are either building out AI applications and then maybe the infrastructure team doesn't fully understand or know all of that, or where they're anticipating that they're going to be doing it. And that links in a lot of cases back to sort of this data center modernization where they're adding incremental capacity knowing that they're going to have a lot more volume of AI and data movement, and they're trying to get their data centers ready for that sort of activity. T hat brings with it a lot of demand for BIG-IP products in particular.
Okay, and do you see the move to more inferencing or edge as a, you know, incremental driver for these solutions?
Yeah, so I think inferencing in general, you know, where the inferencing takes place, certainly a lot of inferencing will take place in the data centers. There is opportunity to do inferencing at the edge as well. Our Distributed Cloud Platform has a very robust set of application capabilities there, and so, you know, there are opportunities in that, but today we're seeing a lot of it really manifesting itself around data center modernization.
Cooper, quick one for you. I think you guys have shared some customer accounts for AI, you know, use cases. Do you envision over the next year or two, you would have visibility to give more clarity on, like, scaling that business for investors, or will it always be difficult? I know you've had that problem with security where it's standalone security or it's a blade. It's hard to count it. So curious how you would think about AI?
Yeah, so there's kinda the two components. For the direct use cases, like, we do have that visibility, and we can provide further context as that business continues to grow. And we think, you know, we're still at kinda the early stages. We think there is an inflection that's coming, you know, soon. I think, especially on the runtime security, that's an emerging area, but you know, we're very well situated for that opportunity. On the Shadow AI piece, that is frankly the biggest driver that we're seeing right now or the biggest growth area we're seeing. Right now, we can track that in terms of the systems business that's not associated with refresh is about a third of our overall systems business. And we saw very strong growth last year.
We had not seen that as an area of growth in prior years. That's kind of a new secular trend that we're seeing, and we attribute that most closely to that Shadow AI piece. Now, there, it is harder to track. There are things that over time, we think that we'll get a little bit better understanding of our integrations into, you know, S3s, storage environments, and that gives us a little bit better proxy as to where some of this growth is being driven by AI, and so, you know, we think that we'll be able to give a little bit more context as to what that looks like over time.
Okay. Great. Hopefully, this is working a little better. Maybe touching on the hardware part of the business, you know, it's been pretty strong. There's a lot going on. You have some end-of-life older products. You got a new platform. You got some competitors that are, you know, taking different strategies, so maybe, you know, kinda scale that for us in the context of, you know, how sustainable of a positive move can this be? It's already been like a year, year and a half, but how much more runway is there on the hardware side?
Yeah, so I think, you know, if you go back several years ago, whereas customers were kind of shifting some of their workloads to cloud and edge-based environments, we saw kind of a rebalancing as to how customers are supporting their applications, and in our view, that aligned with industry analysts was that that market was gonna be kind of a low single-digit decliner, but we had the opportunity to continue to take share in it, you know, might be closer to flat for F5. What we've been seeing more recently is kind of a little bit of a shift back towards data center, and it's a lot of the buildouts that Tom references, customers are kinda modernizing and readying for AI.
We think that it's a little bit early to make a call on it, but there's signs that that business may be a little bit more healthy or that market may be a little bit more healthy and see some growth opportunities going forward. And so, you know, we look at it with kinda across two dimensions. You've got the refresh business, which is kinda more of a cyclical business. We're seeing tremendous growth right now. That tends to be kinda the peak of those cycles tends to be about a two and a half to three-year duration, and we're still kind of in the first third of that with the base of our installed base that's coming up on those end-of-software support dates.
Now what's interesting is to see, you know, the long tail of that refresh motion 'cause some customers will do their refresh beyond those dates historically. A lot of that may be macro-driven or budget-driven. You know, we might see some customers pull those dates in, especially, you know, in light of the security incident we recently had. There's kind of a new, you know, renewed visibility that customers have as to the importance of running on currently supported software, and so we'll see how that plays out. On the third of the systems business that's not associated with refresh, again, we saw good growth last year. We think that may be the beginning of a longer-term secular trend, and we'll just have to see how that plays out.
Okay. Great. Maybe just shifting, you know, a popular topic has been federal. You guys have a decent amount of exposure. Maybe talk about kind of what you've seen there given, you know, the shutdown and DOGE before that and no DOGE now. But there's obviously a lot of focus on the federal side building data centers and, you know, adding, you know, U.S. technology. So how do you see that vertical shaping up the next year or two and bouncing back from what was a choppy time for most?
Yeah. I mean, in general, our federal business is a relatively low mix of our overall revenue. You know, the government shutdown did create some short-term disruption. Typically, what we've seen in past cycles where there have been kinda these shutdowns is that as budgets are restored, we pick that business back up. It just might be a little bit later in the year. Having said that, for F5, Q1 is our lowest mix quarter with the federal government as it is. So I don't think there's a ton of concern in terms of the overall impact to demand. Related to DOGE, you know, the solutions that we sell under the federal government are typically around security or high availability for their kinda mission-critical applications in their data centers.
They're not the areas that cuts that the government would typically be identifying as an area of waste where you can kinda reduce overconsumption. So I think that we are pretty resilient to those, some of those initiatives.
Okay. Great. Maybe Tom, one of the few on the services side. Obviously, F5 compared to a lot of certainly networking companies, much higher intensity of services, maintenance in the revenues. What are the moving parts there? It's been a pretty stable, you know, low-growth business, but, you know, pretty profitable. So what, what are the moving parts? I know when you are selling more SaaS, that might impact it, but how should we think about that kinda services stream looking forward?
Yeah. No, I think you're exactly right. The services business is an incredibly durable business for us. It is also one that has contributed nicely to the top line, and then has been a very profitable business for us. I think a lot of it is really a product of the customer segment we serve and how vital our technologies are to our customers. You know, we really sit in front of the most mission-critical applications generally in a customer's environment, and rightfully they have a very high set of expectations that are associated with that. That in turn means that we have to have a very capable services function that is able to rise to the occasion and meet customer demand.
So, you know, I continue to believe that services is a key part to our value proposition. I hear pretty regularly from customers it's a source of differentiation for us, because we are able to meet sort of those expectations. That in turn sort of gives us the ability to command a premium on the top line. I expect that we'll continue to use some of the pricing actions and things like that that we've done, to be able to help us grow that business. Of course, you know, a lot of that business is attached to either our perpetual or subscription deployable products.
So, you know, it's a function of the last several years of product growth, which I think, you know, explains a little bit of sort of the current growth rate. But it, you know, over time sort of really tracks to sort of the product deployable product sales. And then, you know, we're continuing to look at ways to drive profitability. You know, we've been early adopters on a number of things, AI being a great example to be able to improve the quality of service we deliver and to do that in a very profitable way. And so, you know, I expect that the services business will remain a really durable part of the F5 financial model.
Okay. Great. I did wanna touch on security itself as a, you know, it's been a growing mix and a good chunk of the overall in the 30s or something like that % of revenues. Talk to me about some of the dynamics there. You're big in WAF and some other areas, application security becoming more important. So what are the key drivers for that piece of the business?
Yeah, so I, you know, we talked about, again, going back to our platform as being an opportunity to consolidate a lot of these point solutions, but it's not just about consolidating and driving efficiencies with customers, but it's some of the insights that you can give to customers across their entire application estate, so when you hear us talk about the platform, you'll hear us reference what we call XOps capabilities. These are really the analytics capabilities we put in the hands of customers to monitor the health and the, you know, security of their applications across all environments, and it gives them the ability to take faster action and respond to changes in their environment, which is very attractive to customers to be able to get in front of changes with their applications and ensure that they remain in a very secure posture.
We've done a number of smaller acquisitions in the last few years that have further given customers the ability to profile their applications and get some of those early insights. We, you know, added the runtime security capabilities with the Calypso AI acquisition, and I think that's really gonna give us the opportunity to get more and more relevant in their environments just as they're able to leverage our insights and security capabilities, you know, across any of these environments.
Okay. Maybe we'll just end with the financial one, for you, Cooper. Talk a little bit about, you know, margin structure of the company. Obviously, you have the benefit of a very high gross margin business. There was, you know, a nice bump up in operating margin a year or two ago. What are the levers on that, you know, getting more OpEx, operating margin leverage for the business?
Yeah. I mean, a long-term, I think there are a couple of things. You know, we've talked a little bit about Tom referenced some of the work we're doing with AI on the services part of our business, but we're extending that through the rest of the operating model as well. So, you know, we have the opportunity to drive efficiencies in our engineering organization, leveraging AI coding capabilities. Similarly, we're able to leverage AI and automation around some of our content generation for our sellers and create kind of a more efficient go-to-market model in terms of how they're engaging. I think the business model in general is designed to drive leverage over time as we increase the mix of subscription in terms of our overall revenue model.
The cost of revenue on a renewal motion is much lower than the cost of new customer acquisition. And, you know, we've really been seeing that over the last couple of years is that sales and marketing expense has gone down as a percentage of revenue. And I think that's the beauty of the model is that that's something that's very sustainable. So over time, you know, we think that we've got the opportunity to continue to drive leverage in the business and then recapture some of that leverage in terms of investing into new capabilities and our product roadmap.
Okay. Yeah, I think we're out of time, so thank you both for joining. Really appreciate it, and thanks everyone for joining.
Great. Thank you so much.
Thank you, Tim.