Everybody, we were just debating safe harbors. I will read one to kick off. For important disclosures, please see the Morgan Stanley Research Disclosure website at morganstanley.com/researchdisclosures. If you have any questions, please reach out to your Morgan Stanley sales representative. Cooper, also you have a safe harbor you'd like to read.
Yeah
We'll go into introductions.
Thank you. It's exciting stuff. Just to get our safe harbor on record, our discussion today may contain forward-looking statements which involve uncertainties and risk. Our actual results may differ materially from those expressed or implied by these statements. Please see our SEC filings for more information on these risk factors.
All right. Perfect. With that, I'm Meta Marshall. I cover networking here and cybersecurity here at Morgan Stanley. Delighted to have F5 here with us today. Cooper Werner , CFO, thanks so much for being here.
Yeah. Thank you.
You know, F5 has seen this resurgence in ADC use cases today. Just what are you seeing as or your customers seeing as kind of these growing number of use cases for F5, you know, maybe particularly in light of AI as everybody just got out of the Jensen presentation?
Yeah. I think that, you know, something we've really been seeing kind of take shape over the last couple of years, and it's something that we saw coming several years ago, was really just this expansion into hybrid multi-cloud architectures. I know that there had been a narrative for a number of years that everything was going from data center to public cloud. We believe that there was going to be significant growth in public cloud, and we made a lot of investments kind of modernizing our portfolio to address, you know, those architectures. Our belief was that over time, what you'd see is that customers are gonna continue to support many of their legacy, mission-critical applications in a data center and then expand into modern architectures across both public cloud and the edge.
Ultimately, they were going to be supporting these applications in all these environments, and they'd be using multiple clouds. With that, we were gonna see a level of complexity that would be difficult to navigate with multiple disparate solutions. We had made aggressive investments in both supporting traditional applications in the data center and then expanding across into these additional environments. What we're seeing now is that that complexity is really starting to come through in these use cases, with customers with their architectures, and then AI is really kind of adding an accelerant to that dynamic.
The market is really kind of coming back to F5 as really the only vendor in the space that can support these applications in any of these environments, that can allow common sets of, you know, security protocols across all these environments, common management tools. That's really kind of been driving a lot of the growth we've been seeing both across software and hardware. Then, as I said, AI has really extended that now to where, you know, API security is becoming more top of mind for a lot of our customers. We've made some investments in that space.
Data delivery is becoming a big challenge for customers because a lot of the storage arrays that are supporting these environments were not really meant to move data back and forth, and they're not well suited to that. Our hardware-based offerings are very well suited to delivering data, just like they're well suited at delivering application traffic. That's kind of opened up some new use cases for us in this hybrid multi-cloud architecture.
Got it. I think you guys refer to that sometimes as the Ball of Fire.
Yeah.
Being extinguishers of the Ball of Fire. You know, there's also been just opportunities for share gains for you, not in only kind of these expanding use cases, but just in terms of kind of what the competitive landscape has been. Just how are you capitalizing on some of those opportunities?
Yeah. I mean, so much of the work we've done has been about taking some of the friction out of managing these environments. That can come in various form factors. It can be managing different tools, needing different sets of expertise to manage these tools. A lot of it can be commercial friction, where just as you're looking to expand and move some of these supporting services to follow where the app workload is, that can be really cumbersome on some of these IT, you know, IT groups. We've put in place some commercial models that are very flexible that allow you to quickly spin up these services as needed across these environments. We've continued to add new features and capabilities, particularly around security.
You've got common security capabilities in any of these environments, and it's really driving a convergence to a single platform for customers. And that's really resolved some of that complexity. Then, you know, we continue to invest in something that we call XOps, which is analytic capabilities to help give customers more of a 360 view as to what's going on in their application environment, so they can rapidly respond to changes, whether it's a performance degradation or newly identified security risks in their environment, and they can take faster action to improve the performance and the security across that application landscape.
Got it. You know, on your recent earnings call, you noted kind of this demand inflection in AI use cases. Can you talk about that inflection and just the NVIDIA partnership? You know, I think Jensen just talked about kind of partnering with people who could help deliver these ecosystems, and you guys being kind of a part of that?
Yeah. you know, we've said there's really kind of three areas where we're seeing potentially high opportunity. One is around the data delivery use case that I just mentioned.
Mm-hmm.
This is really delivering this data back and forth between the models and the storage we've seen a number of pretty sizable wins in that space. That comes both in the form of direct use cases, where it's specifically tied to a new AI use case where data delivery is an important component. There's a lot of what we call indirect demand that we're seeing come through oftentimes in a refresh motion on the systems refresh, where customers are expanding capacity, readying for their future needs around data delivery as they start to move from more kinda training use cases to inference use cases. That's, that's an area of the business that we've seen pick up, particularly in the last quarter. The second category is around AI security, specifically runtime security.
Mm-hmm.
Again, that's an area that we saw continued inflection last quarter. If you look back to last year, the majority of our AI-related sales were on the data delivery opportunity. Last quarter, the runtime security opportunity was at about the same level. We saw meaningful pickup in both, and with the early interest around our CalypsoAI acquisition from September has been really strong, so we think that opportunity is gonna continue to build. The third use case is around AI factory load balancing, and that's where the, you know, the NVIDIA partnership comes into play. This is putting these same data delivery capabilities that we would traditionally serve in a BIG-IP appliance, putting those capabilities on the DPU-
Maybe slightly more competitive landscape than you normally have.
You know, a couple of things. We're making, you know, additional investments in a specialist sales force, think of an overlay sales force that's, you know, has more background in selling into those environments and really, evangelizing our capabilities around web app and API security, where we're best of breed, and we feel like we really set ourselves apart, especially in large enterprises. Then, you know, expanding that conversation into, you know, discussing the overall platform because these workloads, again, they don't run in isolation.
Resolving some of that complexity that you referenced when we talked about the Ball of Fire and presenting customers an opportunity to run these security solutions on a converged platform so they get the benefit of the management capabilities and the insights that are coming from some of these capabilities that we've been introducing over the past, you know, several quarters.
Got it. Okay. You know, maybe let's just turn to the breach now. You know, in the midst of some of these, you know, very good kind of demand environment for you with a number of tailwinds, you've also been going through a breach and a product refresh, announced. Just starting with the breach incident, can you just give a sense of how that impacted your kind of opportunity set in fiscal Q1 and fiscal Q2?
Yeah, happy to. Just to kind of take a step back, as we guided going into the year, if you recall, we took a pretty conservative view on the revenue guidance for the year because we had, I think it was nine business days between the announcement of the security incident and when we were going alive with our guidance on the annual call. You know, that's kind of a challenging time to be giving an annual guide, but, you know, we had not seen any evidence of any disruption to our demand, you know, through those nine days, but we took, you know, small comfort just because it was early days.
What we did is we profiled the revenue base, and if we were to see disruption, it would be more tied to new projects, particularly new software projects, or in some cases, potentially expansion at the time of renewal. We tried to size and shape where we thought any potential impact had come from. Business had been moving forward in kind of an orderly fashion. What we saw through the course of the quarter is that the pipeline continued to build, in a very normalized fashion. Close rates remained very high and, you know, through the quarter, we didn't end up seeing any notable demand disruption.
I think we had one customer that canceled a project, reevaluated, you know, their alternatives, came back to F5 and decided to move forward with that project. That was the only signal that we had of any potential disruption. Having said that didn't just happen in a vacuum. I think a lot of that was based on the response we had with customers. You know, a lot of these customers had been through these kinds of incidents in the past, they had a, you know, experience dealing with security incidents.
You know, the feedback we got was that our response was very strong in terms of the capabilities we had in hand for customers, the visibility we gave them as to where the potential risks could be, the depth of the support we had as they navigated that and did their remediation activities. Customers were able to get through those activities in fairly short order. I think that kind of the, you know, the takeaway that they had was that while nobody wants to go through these kinds of security incidents, the response that we had in supporting them through that was, you know, built a lot of trust. The momentum that we saw through the quarter never really saw an impact.
Got it. I mean, how does it change how you think about some of the product refresh that's going on? You know, do you think it accelerated any of the product refresh that you would have seen?
Yeah. We haven't seen any signs of it accelerating the product refresh. I think that that likely will come later as we get closer, you know, through those end of software support dates.
Mm-hmm.
What we did see was a significant acceleration in terms of customers upgrading to the most current version of our software.
Mm-hmm
... that was supported on their existing appliance. You think of a tech refresh, the tech refresh is really ensuring that you continue to get the most current software updates. As you move past end of software support dates on an appliance, you're no longer getting those software updates. I think it's a sign that customers have an appreciation for the need to be running on currently supported versions because they upgraded so quickly in many cases on their software. As they get closer to those end of software support dates, you would expect that some of these customers may move more quickly than they had in prior cycles.
Got it. just as we think about this product refresh, can you just refresh investors on the impact it had to fiscal 25 and just how you see it impacting fiscal 2026?
Yeah. fiscal 2025 was the first year that we really saw kind of an uptick in the refresh, and those are customers that are getting out a little bit in front of those end of software support dates. We saw a lot of the growth that came through on the hardware side was tied to that refresh. What's interesting was that the growth we were seeing from the refresh motion was much higher than what we typically had seen in prior refreshes, especially the last refresh cycle that we had. You know, we dug into it trying to understand, is this just customers moving more quickly than in the past?
You know, we can look at, you know, what the rate of fall off is on legacy appliances is just kind of a proxy for is this all just a faster rate of replace or is this a replace and expand motion? What we've seen is while the sales through that refresh motion were really inflecting at a higher rate than what we've typically seen, the retirement on the back end was kind of at a more of a normalized level. What that's telling us... It's still fairly early. There's always a lag factor. You know, when you buy a, you know, do a refresh and you buy a new product, there's gonna be a couple of quarters before you have replaced the legacy.
We've had enough quarters of growth now to where we're not seeing that, a change in that rate of retirement. What that's pointing to is more of the growth is tied to expansion at the time of refresh. There's a number of factors that could be driving that. We think the biggest driver is AI readiness, so getting in front of the future performance needs that are driven by AI. A natural time to add capacity is when you're already doing a refresh. There's a lot of the, you know, some of the things we've been seeing around resilience and data sovereignty are coming through in the refresh motion as well as customers are very often repatriating workloads from public cloud, and they're building out their capacity to support that.
It's kind of a long, answer-.
Yeah
... to the refresh question, but it's an important one because with the strength we've been seeing on hardware growth, there's a lot of dynamics that are behind that. I think that, you know, refresh cycles are gonna come and go. They're not a durable source for growth over time. If there's additional expansion and capacity needs that are, you know, kind of feathering in as part of that motion and you can identify that that points to a better growth outlook over time.
Got it. I mean, another thing that you noted on the breach and just the mitigation was that it really introduced you to, like, a new audience of customer, maybe getting more access to the CISO versus kind of the network operator in the past. Just how do you feel like that is giving you kind of additional inroads or ways to kind of sell other pieces of the security portfolio?
Yeah. I mean, it has been a silver lining is that we've been able to get into more conversations with CISOs. I think there's a renewed appreciation for just how vital F5 services are in their application environment. You know, very often we're cited as kind of the heartbeat of their operations. It's an opportunity for us to continue to earn that trust. It's also an opportunity for us to share insights as we've navigated the security incident and some of the best practices that we've identified in how to mitigate risk going forward. You know, it's giving us opportunity just to get better mind share with this audience. Then downstream that, you know, may potentially lead to more opportunity. You know, we talk about this crisis of complexity in these hybrid multi-cloud environments.
That appreciation for how that complexity can manifest into a broader footprint of risk, ultimately gives, you know, better visibility as to why some of these security capabilities are so important. It potentially could lead to, you know, renewed opportunity for us.
Got it. You know, Europe was very strong for you in fiscal Q1, and you've made comments about data sovereignty being a big reason for that upside. You know, how are you seeing kind of this desire for increased data sovereignty kind of leading to could Europe become a stronger market in the coming years, and are you seeing this dynamic in other markets?
Yeah. It's, you know, a dynamic that we've seen starting to take shape over the last few quarters. It really inflected in the September quarter and then even stronger, you know, in the last quarter. You know, we expected that trend to start to play out. I think it was more pronounced than honestly we would have expected, especially going into last quarter. I think that a lot of these, you know, a lot of customers are, you know, getting much closer to these compliance dates, and there's also kind of a better understanding of the environment with regulators and how, you know, how closely that's being governed.
Mm-hmm.
There is a little bit of a catch-up that some of our customers are facing in terms of making sure that they are in compliance. Resilience is becoming more and more important as well. That's where, you know, customers wanna be able to fail over from cloud-based environments to data center-based environments. We think that that probably is a fairly sustainable trend. I think there's a little bit of a surge of just getting kinda current with some customers, but long term, those sovereignty and resilience needs, they're still pretty early stage. You know, it could drive a pretty good opportunity, especially in the systems business with data centers in Europe. You know, we're gonna see that in other geographies as well.
I think Europe is kind of at the leading edge. We'll see it across Middle East and, you know, Asia Pacific in particular as well.
Got it. You know, clearly memory pricing has been the discussion as Jensen tells us, memory is never gonna get cheaper. Just how is F5 preparing for this and just kind of what risk has been embedded into estimates?
Yeah. It is top of mind for everybody. We have spent a lot of time on this. I think there were a lot of lessons learned from the supply chain crunch of 2022 that are kind of part of our playbook. you know, we were getting in front of this as of last summer, early last summer, when we first started to get indications that memory was both becoming scarce and the costs were going to continue to go up. we took a number of actions. you know, we extended our build forecast to a longer-term horizon. That's step one, is just making sure your contract manufacturers have a longer-term horizon of visibility as to what your needs may be.
We increased our forecast, build forecast, both to account for the upside we were starting to see come through in the data center business, but also just to have a bias more towards a high-end scenario. Accounting not just for the upside, but weighting it more towards upside scenarios.
Okay.
You know, obviously, you take on a little bit of risk that you know, over-procure, and there's an obsolescence risk on the back end. You know, if you're gonna be balancing revenue risk versus downstream obsolescent risk in this environment, you wanna be more weighted to covering any potential revenue risk on the supply side. We also took advanced positions on some of the components that we had line of sight were becoming more scarce. You know, buying on broker markets or just securing availability with existing suppliers, just in raw materials, just to cover any potential bottlenecks. We started qualifying additional suppliers in as well. We haven't seen any decommits. Decommits were a thing in the last supply chain crisis in 2022, we wanna make sure that we've got...
You know, we're leveraging every tool we can to provide some resilience to any potential risk in the supply chain. We think that we've taken all the right steps. We feel like we've got pretty good visibility into our supply in the near term. Eventually, you know, it's, you know, you get into, you know, year down the road plus, I mean, that could change, but it's something we continue to watch very closely.
Any price increases you guys have had to do yet or contemplated?
That's something that we are actively planning around. We just introduced a price increase in February that was kind of more of our natural annual motion where we adjust prices tied to innovation that we're bringing to our customers. We had delayed that a month just coming out of the security incident. That was more to do with new features and capabilities we're introducing to market. Related to memory, we'll continue to look closely at that, and we likely would explore price adjustments to offset the costs. I don't think that we would go to gross margin neutral on a percentage basis. We're not likely to put a big markup on top of these price increases.
Yeah.
We're more, you know, looking at gross profit neutral scenarios. You know, More to come on that.
Okay. Got it. just can you walk through some of the go-to-market investments that you guys are making, you know, either expanding out between security and network, which we kind of talked a little bit about earlier, or just the changing breadth of when you're getting to the network buyer, you know, or getting to them earlier in the application development?
Yeah. I mean, the biggest one we've made over this year is we've been expanding our sales force, just adding additional capacity to support the demand that we see. And we think that You know, I talked about that on the call in January about some of the investments we're making that are more oriented towards accelerating our growth opportunity in FY 2027 and beyond. There could be some impact this year as we ramp those additions up. We think that's just kind of a broader investment to that can help us accelerate execution on some of this demand that we're seeing. We're also making targeted investments in specialized sales teams around AI use cases, security use cases, and we think that there's additional opportunity we can drive.
Then we've invested in our partner ecosystem as well. We've made a number of partnership announcements around AI use cases, security use cases in, you know, on the talked about the storage vendors, where we've been integrating our capabilities to operate well in those environments. That helps us get, you know, to, you know, you talk about getting in upstream on some of the demand, that gives us visibility as to where some of that opportunity is earlier in the cycle.
Got it. I mean, obviously you guys generate a lot of cash, always have. Clearly, you know, maybe some investments being made in inventory at this point on the memory side. Just how are you thinking about capital allocation? You know, as new use cases emerge, how do you think about strategic activity?
It's, we know we've committed to delivering at least 50% of our free cash flow into share repurchases, and we've exceeded that commitment over the last couple of years. We're a little bit more aggressive last quarter, that continues to be our approach. We feel like that still gives us the flexibility to do strategic actions, whether it's M&A. We've done a number of smaller acquisitions that have accelerated our roadmap in AI and security use cases, and we'll continue to look at where there's opportunity that can help us accelerate, you know, our positioning. We, you know, we'll look at some investments we're making on Distributed Cloud. You know, you could see CapEx increase a bit as we build out the infrastructure to support that SaaS-based opportunity.
broadly, I'd say there's not a material change into how we're thinking about use of cash from the posture that we've had over the last couple of years.
Just kind of a question, you know, we've been asking everybody is just kind of how are you using AI internally, and how is it changing kind of the breadth of Suppliers?
Yeah
... software that you've been looking at in the past.
Yeah, I mean, we're spending a lot of energy on that. We've had really good success in some of our bigger organizations. Our support organization has been extensively leveraging AI to help customers self-solve issues that they're seeing or find the right solutions, and so that's what we call case deflection and embedding AI capabilities into that organization has helped deflect a lot of cases. It's also helped our support teams identify the right solutions in more complex environments so that, you know, you're not out there hunting and trying to find solutions that have worked in the past, but you've got an AI engine that can surface that solution very quickly and help resolve cases much more quickly. It's driving a lot of efficiency in how we support customers.
On the engineering side, over 60% of our engineers are leveraging AI coding capabilities, and that's really manifesting more in velocity in terms of innovation. We've got our large marketing event next week called AppWorld, where we'll be introducing a lot of, you know, new innovation to our customers, and that innovation has been really accelerated with some of these coding capabilities and leveraging AI. Across the, you know, some of the support organizations, we're looking at agentic AI to, you know, accelerate some of the support functions around G&A, marketing, things like content creation, sales enablement. In my organization, you know, our procure-to-pay function, we're leveraging AI to more efficiently, you know, do things like just invoicing.
Yeah
... and, you know, some of the procure-to-pay functions.
Got it. Thank you so much for being here today. You know, clearly a lot of AI and just kind of resurgence of the ADC, that is driving some enthusiasm in the business.
Great. Thank you. Thanks for having me.
All right. Bye-bye.