Hello, and welcome for joining us on Needham's 21st annual Needham Tech Conference. I'm joined here today with the CFO of Radware, Guy Avidan. Thanks so much for joining, Guy.
Thanks, Jeff, and, thanks for having me.
How about we just start off, Radware recently reported first quarter earnings. Revenue came in above expectations in Cloud ARR is still growing 20% plus. Maybe just give us a recap of the highlights from the quarter and what's going on with Radware to catch some people up.
Yeah, sure. looking back on the first quarter of 2026, I think the first point is actually the what you already mentioned with the we start with two strong indicators, 11% year-over-year growth for top line and 23% increase year-over-year in Cloud security. This is our main growth engine, and obviously very important indication for our growth. We can also say that we talked a lot about accelerating the growth and be on a double-digit growth. four out of the five last quarter, we were on the double-digit top line growth, and we can say that the 23% Cloud ARR growth is shaping to be sustainable.
Obviously, we talked about even accelerating this number above the 23, but we're satisfied with the 23% we posted in the first quarter. Second indicators to highlight is the subscription revenue grew 17%, this is basically the results of two things. The first one already discussed, the cloud cyber subscription, the second one is also we're shifting product, the appliances business also to subscription. At the end, we're aiming for higher recurring revenue based on higher growth on the subscription side, this was a good indicator in the first quarter. Other point that are important to mention in the first quarter, we closed the acquisition of Pynt. PMI is done already, we're very happy with this acquisition. It completed a comprehensive API solution.
They added the testing portion, but we have all the four components that are critical for API, and we started to promote API security in Q1, and we're happy with the way the pipeline shapes and the reactions of the customer. I think the fourth highlight in the quarter would actually relate to geographical segment. Americas was doing very good, and this is not for the first quarter, and it shows that the journey that we're doing in the changes in the U.S. and in the Americas is working fine.
That's a really good segue, 'cause you've been putting a lot of work into your go-to-market strategy, specifically in the U.S. I think it grew over 40% last quarter, year-over-year. Maybe just talk shortly about the transition and then what you think is working well now that you've seen the past couple quarters.
The program is comprised from, let's say three element, but they all weave together. The first one was change the structure. We splitted the team to hunters, that their job is to bring new logos and farmers that manage existing accounts, and their goal is to reduce churn and increase cross-sell and upsell. This process was also done with some changes both on the field level as well as management. At the same time, we also changed the focus in terms of product line, moving more towards cloud cyber. Not saying that we neglected other product, most of the focus, especially when it comes to hunting, is on cloud cyber. The last point is, let's say, related more to the overall structure of Radware.
We were very much concentrated in Tel Aviv. Management was in Tel Aviv and now, the, let's say, the go-to-market portion of our management, and that include, CMO, CGO, CBO, all the global functions that touches sales and marketing are located in the U.S. Tel Aviv obviously take care of tech and operations. We manage it as a physically splitted management. In a way, it very much highlighted the focus of Radware in the U.S. That all these three things combined help us grow our business in Americas and in the U.S.
Well, that makes sense. You were saying earlier, Cloud ARR had great growth, 23% again. On the total ARR side, we saw a slight tick down, which I think you've noted there was some down sells, but it doesn't sound like, you know, major logo churn, and you're expecting that to go back to growth in the next quarter or so. Is that kind of how you think about that?
Normally seasonality-wise, we're seeing some churn and some downgrade in the first quarter. That's the season where we have most of our renewals, and then we expect it to bounce back in the second quarter.
Makes sense. Now as you're saying with the Pynt security acquisition, and AI security as a new offering, those still seem to be in their early stages, as you say you're starting to promote the API security. I guess, do you have any targets for 2026 for either of those new offerings to start contributing, or this is still very early for it to, for them to be meaningful?
We announced both of them more or less at the same time, but I can say that we expect ARR and revenues from API security faster than AI. Again, this is first because of where it is in the life cycle in Radware. Even more than that, it's a, it's a macro thing. I think in AI there's still a lot of education need to be done. Sales cycle for AI, not just for Radware. AI, as an example, we launched the Agentic Protect. In let's say, existing mature market, you're offering, let's say, API security or DDoS, everybody knows what you're talking about. They know how to test it, they know what to compare, price, performance, all this.
On the AI side, even if you have the greatest product ever, some of the customers, even if it's a very large enterprise, they don't even know how to compare it with other product. They don't really understand how to check whether it's a good product or not a good product. POCs takes more time. I'll try to quantify it. On the API security side, we will see revenue, we will see ARR in 2026. More on the fourth quarter. We are very happy with the solid pipeline and the success rate we're seeing in POCs. On the AI side, in 2026, I think it's more gonna be a name-dropping game. Like, yeah, we have an installation here, installation there.
None of the customer will, let's say, generate six-digit POs in 2026. There's gonna be a lot of education, a lot of POCs, a lot of maturing everything. Product on our end and the understanding on the customer side. Let's say at the end of the year, we will be able to talk about pipeline strength and maybe compare our product versus competition, but that's where it is today. We do know, you know, we announced some product. The big announcement was early 2026, and that was the Agentic Protect. We will have more than one, let's say, major announcement in 2026, which can position us in a very good place when it comes to the AI side. I'm talking about the protection side.
Not just using AI to increase efficiency in accounting.
Makes sense. It's a good segue. I was thinking, what are your thoughts about the, you know, any increased investment, whether it's from R&D or from a sales perspective? AI may be a slightly different sale than maybe like API is a easier cross-sell. Just curious of your thoughts on how you think, you know, 2026 will play out in terms of what you need to support these offerings.
Yeah. You're right. API is pretty native when we talk about go-to-market. The low-hanging fruit for us is really going to our existing enterprise customers and cross-sell. With AI, we invest more money. There's obviously an overlay team that they get the opportunities from the people that goes to the large enterprise, but they're doing the pitch, they're doing the POC. There is some kind of duplication that increase the cost, and we believe it's gonna take more than a year to run dual track with the RSM in the field and overlay team that come after the opportunity. Again, this is following the previous question, this is one of the reason why sales cycle is gonna be longer on AI, although the hype is crazy.
That makes sense. In Radware, you don't, you don't explicitly break out, your cloud ARR, in my view, it seems like DDoS, cloud DDoS would be your largest contributor. Application security may be growing faster and may even overtake that, then you've got the newer, ones, starting to contribute. Is that a good way to think about the different segments of your products and kind of the underlying, growth drivers?
If we connect the two numbers, think about layers. Obviously, also historically, DDoS was the first one, then we added another layer for AppSec. The average, you know, the average is the 23% ARR growth. You're totally right, the AppSec is growing faster. Think of the math. Let's assume, we're not breaking down numbers, but just assume they're 50-50 today, and CAGR for each segment or each vertical will continue as is, the average will go above 23, and that as a result of AppSec. What we're doing is on these two layers, obviously we added DDoS layer seven more than a year back, which is in between DDoS and AppSec. We are market leader in DDoS, and we're planning to continue that.
We are adding more features into AppSec. We think just based on the DDoS and AppSec, 23% is where we should be. That said, we talked about API security and AI. These are additive two layers that start from zero. Net-net, even if it's not gonna be visible in 2026, they should accelerate the growth above 23. We're not ditching layer one, layer two, we're maintaining them, maybe even accelerating them a little bit, and adding two new layers that should accelerate the average growth. That's, that's the mechanic of our cloud services.
That's very helpful. you did host an investor day or analyst day back in February. you came out with some long-term guidance of $500 million in total ARR by 2030. could you just refresh the audience who may have missed it, you know, your thought process behind putting out that target and kind of the supporting pillars that you see for getting there?
Yeah. We talk a lot about cloud cyber, and that's, in a way, that's the main growth engine. We already talked about it. Based on the layer three and layer four, the API security and AI, we think we can even accelerate Cloud ARR. Two things happen. We can grow from 23%-25%. At the same time, if you do the math, the number is bigger. Let's say we have two businesses today. One is growing at a zero CAGR, the other one is growing on a 23%. The average, let's look at 2025, the average is 11% growth.
Even if we do nothing to this back of the envelope math, the weight of cloud cyber is gonna grow, and that's gonna accelerate the overall growth. What we said in the Investor Day, that we expect to see something around 16% annual growth in our ARR. The 16% is due to the fact that the product mix is gonna be more related to cyber, to cloud cyber. That's what will take us to $500. That's on the cloud cyber. In addition, we're shifting business model more and more towards subscription, and that should be a tailwind also on our appliance business.
Got it. Part of that presentation, you know, I took in was the MSPs and your OEM relationships have always been strong. You know, you've had the Cisco or the Check Point relationship. It seems like you're focusing a lot more on getting more MSPs now. Could you just talk a little bit about that relationship and kinda see or help us understand how important that is and where you see it going?
Yeah. A few words about the OEMs. This business is doing good for us, both Cisco and Check Point. We're in a unique position. We're not, let's say, threatening in terms of size of platform to Cisco and Check Point like Akamai and Cloudflare. Our claim to fame is technology, leader in technology. That definitely didn't meet the needs of both Cisco and Check Point. We are losing in terms of brand because at the end of the day, the customer sees Cisco, but that's the trade-off. On the MSSP side, we're also offering a unique solution. For one, we're not competing with the MSSPs. Most of them are actually carrier service providers telecom. It's a great fit in terms of add-ons. Just assume that their basic offering is bandwidth.
Now they can offer secure bandwidth with pretty much doing almost nothing except billing and a dashboard. At the end of the day, the onboarding is very easy. It's almost automatic. They don't have to buy the equipment 'cause virtually, we take the bad traffic to our cloud and clean it. For them, it's a very comprehensive upsell. This is unique because pretty much we're one of the not the only one, but not a lot of vendors can offer such a solution. We're seeing good traction. We're seeing the, let's say, carriers that started to offer, let's say these kind of services are growing very fast. Very fast, this is compared to what they used to offer before.
What they used to offer was based on equipment they bought on-prem and build a multi-tenant and start selling services based on equipment. They don't need to do it, I mean. We know based on their numbers that their growth is tremendously higher than what they used to see. That's a very good sign for us that other carriers will start this MSSP business.
Sense. Thank you for that. A lot of questions that we get from investors also touch on just the competitive landscape, with security being just competitive in nature in a lot of products out there. A lot of your large competitors have been shifting to cloud computing or trying to bundle with CDN services. Just given that kind of dynamic and just the general landscape, how do you think Radware, you know, can continue to win and continue to be competitive in such a dynamic market today?
Yeah. We're not gonna go to edge compute nor CDN. That being said, we do think a bigger platform is important. For us, the platform is still around real-time security solution. We're not gonna go for a supermarket kind of a platform. The platform is gonna be very much concentrated around real-time cyber. This is why we're adding API, why we're adding AI. We think the addressable market for AI is gonna be 10 x bigger than what we see today for DDoS and AppSec. The market is big enough. The philosophy is that, you know, in cyber, good enough is not good enough, and we have to be focused on bringing the best solution.
If we start spreading our resources on competing in edge compute versus AWS and CDN in red ocean, we will lose focus on cyber, and this is not what we wanna do. We're gonna stick to a cyber platform.
I think that's a good strategy. We've seen it can be definitely distracting once you start to veer off from the core competencies and, like you say, security, especially AI security, is going to be so front and center for the long term, whereas some of these other things may have their bursts and drawdowns. I think that makes the most sense. With AI being the focus of every conversation today, we've talked about it a little, do you see AI in general impacting buyers' decisions today when it comes to security? Either AI could take budget in theory or it could add budget because people are kind of worried about, you know, their own AI security stance.
I think net AI will add budget. It's not just shifting from firewall to agentic protection. Part of the AI budget is not gonna be part of the CIO or CISO budget. It's gonna be an add-on because it's gonna be an efficiency tool or all kind of other tools, so it's gonna be essential. If you want to implement AI in your organization, you have to get it in a secure fashion. It can take budget from IT, but it can also take budget from any other item in your OpEx. The race already started, all organization already started to implement and use AI in all kind of shape and forms, from generative to agent, et cetera.
The security is actually running after the occasion, after the effect. It cannot be stopped because the value of AI is so high. There's gonna be an additive budget as well as some budget reallocation. It's still too early to say what's gonna be the problems of AI. You know, everybody talks about prompt injections and is guardrails good enough or, you know, everything has to be changed. Like we're pitching for behavioral algorithm because we don't believe guardrails can really do the job. It's yet tip of the iceberg in terms of understanding the risks. Most people understand the benefit, they don't really understand the risk yet. They'll start to understand the risk by learning and by seeing companies losing data and hurt.
As a result, I think even more budget will move to security related to the use of AI. That's the exciting thing in this business. What we also see is like there's always the question on the cyber side, winners and losers. Radware's position in a way, in a place that I'm not saying AI cannot touch us, it cannot really change our business, but it's more secure. If you look on one end, there's all kind of scanning business, shift left, threat intel. I would say LLMs, AI can replace some of these tasks, and companies that that's their core business might suffer.
Radware and other companies that deal with real-time protection are more immune because, one, latency, you don't have enough time to start, you know, asking the AI what to do, and we're talking about matter of seconds. Seconds is not good enough, and this is why we and other company build global network to have the good and right proximity to reduce latency. The second point is actually efficiency. We as a real-time cyber company, we are actually checking every transaction. If you start checking every transaction with AI, you're gonna lose money. It's not efficient enough for real-time. In a way, we are immune. It will take, you know, the market some time to understand it. That's, let's say we're in a better place compared to other companies in cyber.
You definitely bring up a good point in that today it seems like everyone's trying to use AI to solve every problem or just layer it on top when AI may not be the best solution for that. Like you're saying, AI doesn't have the latency, and it doesn't make sense to ask AI a question about who's coming in when you already blocked it or you already looked at that transaction. I think there's a lot of confusion when it comes to that and, you know, other companies out there can say they have an AI capability when the use case may not even be realistic. I'm happy you brought that out.
AI is also a bit of an existential crisis to some companies today, and they may not be thinking about the risks that it even brings. They may be making trade-offs that you wouldn't usually see. Do you think there has to be a catalyst sometimes for security where, you know, we've seen hacks or something happens with AI that could make people like finally wake up and be like, "All right, we have to take this seriously." Is that something you think is a possibility?
Totally. You know, sometimes when there is a risk and you don't see it, you're not afraid, 'cause it's an invisible risk. Usually, people wake up after the first big catastrophe. Unfortunately, that's how it works. You have to fall before you learn. Obviously, everybody hopes that somebody else will fall and that will teach them, but that's how it works. I mean, until something really happens, it's a theoretical risk.
That makes sense. I guess just sticking a little bit on AI, there's a bit of confusion of like where AI is truly going to, you know, show up first. Are you seeing AI traffic itself start to move the needle, whether it just be from flows? Do you think API security is, you know, protecting from maybe AI traffic that way is kind of what makes the most sense? Just trying to get a frame of, you know, how we could think about AI really starting to impact things.
Oh, it's actually all the above. You see a lot of increase in traffic, you see a lot of things changes. Let's say in the, obviously on the first circle, you see companies such as NVIDIA that makes money on GPU. You see the first derivative, the second circle, companies that deal with the growth in bandwidth, companies that deals with optics, with WDM, with traffic. Companies that deal with data center, what's going inside the data center, outside the data center, from the data center itself to energy sources to the data center. You have a lot, I wouldn't call it the second derivative, but it's also a circle that goes around it. It's everything that goes and related to how you're gonna do it on a protected fashion.
Be it inside the organization, you're gonna have a lot of agent inside. They're gonna connect users with application. That could be via API, that could be via MCP, that could be in many ways, but they'll all be triggered by the use of generative AI, agentic AI, et cetera. That will drive, that will stimulate a lot of things inside and outside the organization. Outside, the result is gonna be also on traffic. Inside, there are gonna be other problems, but you're gonna need security wherever you go here, on the API side, on the MCP side, on the user side, all.
Got it.
Over. Protecting the agent, protecting the user. It's a new game.
Yep. Well, that's good. I well understood. I'd be remiss if I know it impacts Radware less because you've been growing to such a subscription business. A topic every investor is talking about is the memory situation and the inflation of costs going on there. I know Radware noted you put in a small price increase, I think expected to go in or have impact in 2Q. Just walk me through the decision-making there, how do you feel about that impacting the model and just supply on that part of your business?
Yeah. We announced on April a price increase for some of the product, was definitely it's on the memory side, but we started to see it also on CPUs and other silicon component. Although they were growing more than 100% on prices, we increased 5%-8% and not on all product. For 2Q, the impact is gonna be very minor because of sales cycle, we're gonna ship product that customer gave quotes prior to April, and this is actually based on the old list price. We don't gonna see a lot of impact. We do believe, you know, there's I would say something I'm old enough to remember the memory cycle.
Every few years there is a cycle because of some problem, some disruption in the economy, everybody's surprised, demand and supplies are not meeting equilibrium, as a result, price jump. Then a year later, price goes back to normality because it's not a real problem. Now, now we have the AI, which is a double whammy here because it requires by far more memory 'cause there's more demand. There's also some problem on the supply side because at the end of the day, the resource to manufacture a component, you know, there's also focus on GPU, not just on memory. Supply, best case, didn't change, demand grow very fast. It will take time. Maybe in 2027 prices will go back to normality.
We didn't touch prices, by the way, on cloud services, although we are building our own cloud based on servers and broader equipment, which also use memory and server prices are going up as well. There is a question that we don't know the answer yet, will it push customers to shift from on-prem to cloud? On-prem, and not just for us, I mean, all appliance vendor will increase or already increased prices. That might push customers to shift to the cloud. Prices are more stable on the cloud now.
Got it. No, it's definitely a dynamic and moving situation, and AI only makes it worse. Thank you so much, Guy Avidan. I wanna give you just maybe a minute just to maybe recap and leave investors with, you know, what you think they should take home about Radware here.
You know, we talked a lot about numbers in the first quarter, then the conversation drifted. We didn't plan it, drifted to talk about AI, like probably all your conversation today. The way we see AI for Radware, just in terms of, risk versus opportunities, we believe that today we're not 100% immune, but the risk is not big. There's tremendous opportunity for Radware to, accelerate growth due to AI.
Well, thank you so much, and thank you, Radware, and thank you for all our audience here today.
Thank you, Jeff.