CrowdStrike Holdings Inc

NASDAQ:CRWD

Hello, and welcome to CrowdStrike's Fiscal First Quarter 2026 Financial Results Conference Call. [Operator Instructions]. Please be advised that today's conference is being recorded. I would now like to hand the call over to Maria Riley, Vice President of Investor Relations, Maria. Please go ahead.

Good afternoon, and thank you for your participation today. With me on the call are George Kurtz, Chief Executive Officer and Founder of CrowdStrike; and Burt Podbere, Chief Financial Officer.

Before we get started, I would like to note that certain statements made during this conference call that are not historical facts including those regarding our future plans, objectives, growth, including projections and expected performance, including our outlook for the second quarter and fiscal year 2026 and -- and any assumptions for fiscal periods beyond that are forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995.

And -- these forward-looking statements represent our outlook only as of the date of this call. While we believe any forward-looking statements we make are reasonable, actual results could differ materially because the statements are based on current expectations and are subject to risks and uncertainties. We do not undertake and expressly disclaim any obligation to update or alter our forward-looking statements, whether as a result of new information, future events or otherwise.

Further information on these and other factors that could affect the company's financial results is included in the filings we make with the SEC from time to time, including the section titled Risk Factors in the company's quarterly and annual reports.

Additionally, unless otherwise stated, excluding revenue, all financial measures disclosed on this call will be non-GAAP. A -- A discussion of why we use non-GAAP financial measures and a reconciliation schedule showing GAAP versus non-GAAP results is currently available in our earnings press release, which may be found on our Investor Relations website at ir.crowdstrike.com or on our Form 8-K filed with the SEC today.

With that, I will now turn the call over to George.

Thank you, Maria, and thank you all for joining our Q1 FY 2026 earnings call. Our fiscal year started from a position of strength.

While the market navigates evolving condition, CrowdStrike is capitalizing on accelerated demand through continuous innovation, increasing win rates and platform consolidation at scale. We consolidate point products without compromise and most importantly, CrowdStrike stops the breach.

In Q1, where we met or exceeded our key metrics, highlights include: one, Q1 net new ARR of $194 million, double-digit millions ahead of our expectations; two, Q1 ending ARR surpassing $4.4 billion, maintaining our leadership as the only pure-play cybersecurity software company of this size; three, subscription gross margin of 80%, demonstrating our AI platform efficiency; four, sustained 97% gross retention as customers remain firmly committed to Falcon; five, free cash flow of $279 million or 25% of revenue, demonstrating double-digit quarter-on-quarter growth; and six added $774 million of total Falcon Flex account value bringing the total deal value of accounts that have adopted Falcon Flex to $3.2 billion, growing 31% sequentially and more than 6x year-over-year.

Seeing our customers an ecosystem embrace Falcon Flex at this speed and scale gives me confidence, confidence in improving sequential net new ARR growth next quarter and accelerating back half net new ARR. Falcon Flex is significantly evolving our go-to-market and customer experience. The subscription model sparks Falcon platform adoption, delivers point product consolidation and fuels partner success.

I'd like to share where we are with Falcon Flex as well as a thematic customer win showcasing the power of the model. In less than 2 years since starting Falcon Flex, we've closed more than $3.2 billion of total account deal value across more than 820 accounts that have adopted the subscription model.

Here are the trends we're seeing. One, customers spend more, the average Flex customer deal size is greater than $1 million in ending ARR; two, customers commit to longer durations, the average Flex subscription length is 31 months; and three, Flex customers adopt Falcon faster, more than 75% of Flex contracts are already deployed.

The outcome of these points taken together as a phenomenon we're already seeing reflexes, 39 Flex customers have already deployed their initial contract demand plan and have returned to us for a reflex. These customers' initial Flex contracts were 35 months, nearly 3 years on average, and within just 5 months, they came back to CrowdStrike wanting more of the Falcon platform to achieve their cybersecurity consolidation goals.

The model we pioneered is a game changer. Flex accelerates what would have taken years of module sales cycles into rapid platform transformations unlocking adoption and spend while creating even more platform stickiness.

Now let's witness Flex in action at a Fortune 100 technology firm. We began our relationship with this account pre Falcon Flex when they selected CrowdStrike to displace and consolidate a point product EDR and legacy AV. Our initial EDR contract was for $12 million over a 3-year term. When we launched Falcon Flex, this customer took the opportunity to accelerate their cybersecurity modernization, executing a 5-year $100 million-plus contract. This is the power of Flex, evolving Falcon from what was a singular outcome sale into a multidimensional platform experience more than 8x the size of the initial deal.

This transformational Flex contract was for securing cloud workloads, expanding in other business units, Next-Gen SIEM to replace 2 legacy SIEMs and broad-based adoption of Falcon Complete to standardize detection and response. Within just 9 months of the initial Flex contract, this customer had already utilized 95% and of their initial subscription and still had more point products to consolidate and cybersecurity outcomes to deliver.

As a result, in Q1, this customer reflected to realize the following new outcomes: Expansion of Falcon endpoint protection across multiple additional business units, replacing and consolidating cloud protection with Falcon Cloud Security, which has since become the standard across a vast and growing cloud estate. Identity protection became an imperative across sensitive assets.

Next-Gen SIEM quickly became the central enterprise data store replacing multiple legacy SIEMs and expanding beyond security use cases into IT. Data protection is replacing legacy DLP from endpoint to cloud, Falcon for IT is replacing a legacy endpoint management tool and Charlotte AI will deliver agentic analyst capabilities and automation, accelerating security outcomes at scale.

This customer more than doubled their initial Flex subscription in their Q1 9-figure reflex over an unchanged subscription duration. Through Flex, this customer now spends nearly 20x their initial EDR purchase. Replacing more than 8 technologies and deploying more than 10 Falcon modules, this customer still has much more to achieve with the Falcon platform across millions of workloads, petabytes of data and hundreds of thousands of identities.

With Flex dramatically accelerating Falcon platform adoption, customers are already seeing our Agentic AI transforming their security outcomes. We're on the cusp of the fifth industrial revolution with artificial general intelligence on the horizon.

What excites me the most is the necessity Agentic AI is creating for CrowdStrike's AI-native security, growing our total addressable market each and every day. Here's why and how. In a recent market survey, 96% of respondents plan to expand their use of AI agents in the next 12 months with 2/3 already building agents and some targeting to reach over 1 billion in production agents. At their core, every AI agent represents a unique superhuman identity, necessitating visibility, control and protection for every single agent.

These autonomous AI agents increasingly have access to multiple internal and external data stores, applications and machines, automating business processes and workflows at scale. Simply put, AI agents dramatically increased the size, severity and speed of the enterprise attack surface. Size, more agents everywhere. Severity, everything is connected faster than it can be contained. Speed, autonomous agents move at machine speed.

This is the new attack surface, and it's an adversaries paradise. Just as enterprises need best-in-class protection for devices, data workloads and human identities, every AI agent has the same needs too. As an AI-first company, CrowdStrike is uniquely positioned to secure the identity, the workload, the infrastructure, the data and underlying AI models themselves.

We have the platform, we have the expertise, we have a track record. CrowdStrike will be the protector of autonomous AI agents. While we see a massive opportunity to protect AI agents, our use of Agentic AI is already transforming the SOC. Charlotte AI is our genic security analyst, completing tasks and making decisions to supercharge human stock personnel.

With the launch of Charlotte AI's expanded detection triage customers now have access to an agentic SOC analyst delivering autonomous expert-level triage, reasoning and response at machine speed, flattening the hiring curve, saving time and delivering even better security outcomes.

The power of Charlotte AI came to life in an 8-figure Falcon Flex expansion for a global health care provider. Charlotte AI was the tip of the spear in this customer's AI-native SOC transformation with Next-Gen SIEM, where we displaced a legacy SIEM. Charlotte AI and Next-Gen SIEM started a new chapter of cybersecurity for this customer.

Charlotte AI enables this customer's Level 1 threat analyst team delivering on the promise of Agentic security today. We deliver an AI-first automated approach, eliminating clicks, panes of glass and manual operations for a predictive, fast and cost-efficient SOC.

Next, I'll share updates on the momentum we're experiencing in our cloud, identity, exposure management and Next-Gen SIEM platform products.

First, turning to our cloud business. Cloud had a very strong start to the year with Q1 net new and total ARR growth accelerating year-over-year over the prior quarter. Our native unified offering combines cloud workload protection, posture management, application security and SaaS security on a single back end and with both agent and ageless form factors.

In Q1, we built on this approach with the launch of cloud data protection, all on our unified sensor, the very same sensor that also delivers our world-class workload protection which is what the market now wants and needs. Our innovation and commercial success was recognized in the 2025 Frost Radar, cloud and application runtime security report where we scored highest out of all vendors on the innovation index.

Further driving our success is recent M&A in the space, increasing our relevance and competitiveness as a hyperscaler agnostic, independent solution. We also announced the general availability of both our AI model scanning and AI security dashboard technologies at RSA.

With the rapid growth of AI tools across the enterprise, CrowdStrike is ensuring that enterprises can safely adopt AI while managing potential risk such as model vulnerabilities, data leakage, unsanctioned use an identity-based privilege. A prime example of a customer adopting Falcon Cloud Security was a 7-figure technology customer doubling their spend with us.

This customer had CrowdStrike on the endpoint and was using a competitor's point product, CSPM for cloud protection. The incident response call came into CrowdStrike when the competitor's CSPM didn't stop the breach. Our rapid platform expansion, including Falcon Cloud Security quickly illustrated the difference between just alerting on a breach and actually stopping one. This customer was able to consolidate on Falcon, save money and most importantly, see the benefits of Falcon Cloud securities protection.

Moving on to our Exposure Management business, which includes vulnerability management and attack surface management. CrowdStrike is rapidly evolving from an incumbent complement to a scaled disruptor. Historically, our biggest displacement gap was the lack of network scanning, something near and dear to me as someone who pioneered the vulnerability management space.

With the launch of AI-powered network vulnerability assessment, CrowdStrike now delivers unified exposure management for both managed and unmanaged devices. With this innovation, CrowdStrike customers no longer need to rely on legacy third-party VM point products. Our winning offering in this space is yielding exciting share gains.

A large financial services customer purchased Falcon Exposure Management across 120,000 devices through their Flex subscription. Utilizing Charlotte AI and Falcon Exposure Management together allows for AI to finally automate vulnerability detection.

Now with network vulnerability scanning, this customer is moving away from their long-standing legacy VM vendor and their existing attack surface management vendor as well.

Moving on to our Next-Gen SIEM business, where we're disrupting the proverbial horse and buggy with the combustion engine. Our Next-Gen SIEM delivered triple-digit ending ARR growth while displacing antiquated, expensive and poor performing point products. With LogScale as a foundational component of the Falcon platform, we're creating even deeper tie-ins across the rest of the CrowdStrike and third-party ecosystem.

This quarter, we announced Falcon Adversary Overwatch for Next-Gen SIEM, which brings together our world-class threat hunting and our hyperperformance cost-efficient data platform. This makes the AI-powered SOC turnkey hunting across native and third-party data with real-time intelligence and automation to deliver full visibility, high fidelity alerts and accelerated response.

This is exactly why a leading payments company displace the legacy SIEM in a large 7-figure win. Next-Gen SIEM was our entry point to the account where they were frustrated with ballooning costs, latency and complexity, substantially faster query times accelerated and customizable dashboarding and significant cost savings resulted in this new logo win.

Within our Identity business, we continued rapid expansion in both coverage and functionality. In April, we announced the general availability of Falcon Privileged Access. Before CrowdStrike's identity customers relied on third-party integrations for enforcement. Today, CrowdStrike customers experience just-in-time access and permissions for critical applications and services all within our single AI native platform.

The need is real, a foreign government expanded their 7-figure existing Falcon platform subscription with identity protection, gaining insights into stale accounts, exposed credentials, shared passwords and agent free unmanageable devices went beyond the incumbents limited approach Falcon was the clear winner of providing immediate time to value in securing identities.

Our ecosystem partners continue accelerating CrowdStrike's growth with 60% of our Q1 annual deal value sourced by partners. Several highlights include: first, GuidePoint joins our $1 billion partner ranks as our fifth partner to achieve this noteworthy milestone joining AWS, Optiv, CDW and SHI and further cementing CrowdStrike as cybersecurity's benchmark for partner success.

Second, our MSSP business continues growing at a rapid pace, now representing more than 15% of our Q1 deal value. We won our largest Latin American deal of all time through our MSSP channel last quarter. And third, NVIDIA's recently announced Enterprise AI factory, their reference AI architecture integrates Falcon as the cybersecurity standard for securing NVIDIA's hardware and software.

A marquee partnership with Microsoft, which we announced yesterday, highlights our bold ecosystem leadership. Since last summer, we've worked to find common ground where together, we can make the world a safer, more resilient place. I was pleased to have Satya joined me at Fal.Con last fall. And yesterday, we announced a joint threat actor strategic collaboration where we map each other's adversaries naming conventions.

Through this Rosetta Stone collaboration, we unite defenders in knowing the adversary, both in our nomenclature and Microsoft, so they can better defend. Together, we take the guesswork out of adversary attribution for the benefit of our joint customers and the entire market. In closing, I'm very pleased with where we are and even more excited about where we're going.

Q2 will be a quarter of improving sequential net new ARR growth followed by back half net new ARR acceleration. Here's why the platform wins across 30 Falcon modules. We have the products and innovation engine that stops breaches. In addition, we're seeing momentum build across the entire business.

I began today's comments talking about uncertainties facing the world. What's certain is that the world increasingly needs cybersecurity and increasingly needs CrowdStrike. CrowdStrike is best positioned to protect the workloads, identities, data and infrastructure for the AI age and the superhuman AI agents themselves.

Our Falcon Flex subscription model is accelerating platform adoption at a faster pace than we've ever seen before, and our execution is delivering speed and efficiency across the business.

It's all of these elements together that gives me confidence and excitement in our future, and that's why the company has authorized up to $1 billion in share repurchases. We -- I'm more certain than I have ever been of CrowdStrike's place as the world's leading cybersecurity platform for the AI era with the unequivocal mission of stopping breaches. Thank you to our team, partners and customers who tell me that they cannot live without CrowdStrike.

And I'll now turn the call over to Burt Podbere, CrowdStrike's CFO.

Thank you, George, and good afternoon, everyone. As a quick reminder, unless otherwise noted, all numbers except revenue mentioned during my remarks today are non-GAAP.

CrowdStrike delivered a strong first quarter to kick off the new fiscal year. Our robust Q1 performance, focused execution and growing Falcon Flex momentum, including reflexes further reinforce our conviction in improved sequential net new ARR growth in Q2 as well as net new ARR reacceleration and margin expansion in the second half of FY '26.

And -- Additionally, the share repurchase authorization of up to $1 billion that we announced today reflects our confidence in CrowdStrike's long-term strategy, including M&A, growth prospects and robust cash flow generation capabilities as we scale on the path to $10 billion in ending ARR.

We will continue to prioritize investing in our growth and innovation while retaining the flexibility to opportunistically repurchase shares to maximize returns and deliver increased value to our shareholders.

In Q1, we achieved net new ARR of $194 million, growing ending ARR to $4.44 billion, up 22% over last year. Highlights in the quarter included significant big deal activity driven by Falcon Flex Momentum and Reflexes, record MSSP channel results, strength in multiple geographies, including the U.S., Europe, Canada, Japan and Latin America, deep platform adoption with subscription customers with 6, 7 and 8 or more modules, representing 48%, 32% and 22%, respectively, strong and increasing competitive win rates and sustained 97% gross retention and consistently strong net retention in line with our expectations, demonstrating our success in both customer retention and expansion.

Moving to the P&L. Total revenue was within our guidance range and grew 20% over Q1 of last year to reach $1.10 billion, subscription revenue grew 20% over Q1 of last year to reach $1.05 billion and professional service revenue was a record $52.7 million. The geographic mix of first quarter revenue consisted of approximately 67% from the U.S. and 33% from international geographies.

Total gross margin was 78% and subscription gross margin was best-in-class at 80% of revenue. Total non-GAAP operating expenses in the first quarter were $656.0 million or 59% of revenue. In the first quarter, non-GAAP operating income was $201.1 million and operating margin was 18%, exceeding our guidance.

We achieved strong non-GAAP operating income performance alongside strategic upfront investments in internal automation, go-to-market and AI innovation. We expect these investments to fuel our growth in the back half of FY '26 and beyond as we progress towards our long-term targets.

GAAP net loss attributable to CrowdStrike was $110.2 million and included $39.7 million of expenses for outage and related matters. Non-GAAP net income attributable to CrowdStrike was $184.7 million or $0.73 on a diluted per share basis, exceeding our guidance.

Cash and cash equivalents grew to a record $4.61 billion. Cash flow from operations was a record $384.1 million and free cash flow was $279.4 million or 25% of revenue. Expenses for outage and related matters impacted Q1 free cash flow by approximately $61 million.

Moving to our outlook and modeling notes. We believe cybersecurity remains mission-critical in today's AI-accelerated threat environment. We continue to see strong demand for the Falcon platform, growing momentum with Falcon Flex, including reflexes and a robust and growing pipeline building for the second half of FY '26.

We -- while we do not guide to net new ARR, our Q2 assumptions include the sequential net new ARR growth rate to be at least double over what we saw from Q1 to Q2 in the prior fiscal year. I'd like to take a minute to discuss the near-term relationship between ARR and subscription revenue in FY '26.

And -- as we previously discussed, our successful CCP program that concluded in Q4 of FY '25 provided customers the onetime ability to choose more product, more time or both, which results in an impact to subscription revenue. In addition, a limited special partner program related to CCP success also has an amortization impact on subscription revenue.

As a result of these CCP-related programs, we expect to see a temporary near-term separation between ARR and subscription revenue recognition, which was reflected in our revenue guidance. This amounted to approximately $11 million in Q1. We expect the impact to be in the range of $10 million to $15 million in each remaining quarter of this fiscal year, subsiding in Q4.

We -- moving to the strategic realignment plan we announced in early May, we continuously look for optimizations and efficiencies across the business. We identified opportunities to reallocate and focus investment in one platform growth areas of Cloud, Identity, Exposure Management, AI and Next-Gen SIEM as well as platform resilience; two, AI to accelerate our internal execution and efficiency; and three, go-to-market and customer success as we scale.

The timing of executing the realignment in early May was focused on minimizing in-quarter business disruption while maximizing in-quarter financial benefit. We expect the full benefit of the realignment to add at least 1% to next year's non-GAAP operating margin from our previously discussed target, increasing our target in FY '27 to at least 24%. And -- Additionally, we now anticipate an FY '27 improved free cash flow margin of more than 30%.

Moving to cash. We expect to incur Q2 cash charges of approximately $26 million in connection with the aforementioned strategic plan. Additionally, we expect Q2 free cash flow to be impacted by approximately $29 million for outage and related expenses. As I just mentioned, we now anticipate an FY '27 free cash flow margin of more than 30%.

Moving to our outlook. For the second quarter of FY '26, we expect total revenue to be in the range of 1,144.7 million to $1,151.6 million, reflecting a year-over-year growth rate of 19%. And -- we expect non-GAAP income from operations to be in the range of $226.9 million to $233.1 million, and non-GAAP net income attributable to CrowdStrike to be in the range of $209.1 million to $213.8 million.

We expect diluted non-GAAP net income per share attributable to CrowdStrike to be approximately $0.82 to $0.84, and -- utilizing a 22.5% tax rate and weighted average share count of approximately 255 million shares on a diluted basis.

For the full fiscal year 2026, we currently expect total revenue to be in the range of $4,743.5 million to $4,805.5 million, reflecting a growth rate of 20% to 22% over the prior fiscal year. Non-GAAP income from operations is expected to be between $970.8 million to $1,010.8 million. We expect fiscal 2026 non-GAAP net income attributable to CrowdStrike to be between $878.7 million and $909.7 million.

Utilizing a 22.5% tax rate and approximately 256 million weighted average shares on a diluted basis, we expect non-GAAP net income per share attributable to CrowdStrike to be in the range of $3.44 to $3.56.

Please refer to our earnings presentation with additional modeling notes that we just posted on the website. George and I will now take your questions.

[Operator Instructions]. Our first question comes from Saket Kalia with Barclays.

Okay. Great. Solid start to the year here, guys. Sure thing. George, maybe for you. I'd love to dig a little bit more into Falcon Flex. You had a couple of interesting customer examples in your prepared remarks.

Maybe the question is, as you look broadly at that growing Falcon Flex install base, what products do you feel like are benefiting most in terms of usage as customers adopt Falcon Flex? And maybe relatedly, how is the sales motion changing as Falcon Flex gets more broadly adopted?

Sure. Well, I think that the net of it is Falcon Flex has been a real home run for us, Saket. And as I said in my prepared remarks, a real game changer for adoption, customers are asking for it, they're talking to each other, they're hearing more about it. Our partners are now able to talk about it and so through it, and a big part of this has been around Next-Gen SIEM, Cloud and Identity.

I think if you look at Next-Gen SIEM with some of our larger GSIs, Falcon Flex is the perfect complement to running out existing legacy licenses and then being able to bring up Next-Gen SIEM. So I think for sure, Next-Gen SIEM is one of the areas that's benefiting.

And when you look across the metrics, $3.2 billion total account value for Falcon Flex customers, 820 customers, 31 months on average. It's been just unbelievable and more successful than we thought. And one of the things that I pointed out here in the earnings script is the reflex. We're seeing more and more reflexes faster than we thought -- and the key to Flex is it does change our selling motion, where we're not selling module-by-module, but we're selling outcomes and we're doing demand planning with our customers and ultimately, they're using more of our licenses faster, which ultimately results in net new increase in ARR.

Our next question comes from Tal Liani with Bank of America.

I would like to go back to something you said about the divergence between revenue growth and ARR growth. I understand why CCP is pressuring revenue growth just near term. But why is it causing a divergence? Why don't -- why isn't it impacting the same way ARR? And just a follow-up on this is why you said that you expect ARR growth to accelerate in the second half? Why is it what drives it? .

Thanks, Tal. So one, in terms of the divergence, we talked about it in the modeling notes where we went through our overall CCP programs, and then we highlighted specifically our CCP program had with respect to a limited partner program. And we talked about how the amortization impacts revenue.

So when you look at the 2 of them and you say, "Hey, how does this work with respect to our revenue?" When you look at when partners have a program with us, we then are able to recognize the amortization within revenue. So this would be part of ASC 606. And so this is how we account for it, and that's why you see the divergence in terms of how we think about reacceleration in the back half.

So reacceleration in the back half is due to many things. One, we think about -- we think about not only our what we expect from our products that we have -- really, we have momentum with respect to what George talked about Next-Gen SIEM, Identity, Cloud. So we feel great about where we have the momentum with respect to the products. We feel like we have momentum with respect to Flex.

We talked about Flex, we talked about the numbers that we had with respect to Flex, $774 million with respect to account value in the quarter. This is over double what we did year-over-year. So we're really excited about how we think about Flex.

And then when we talk about reacceleration in ARR, we're also talking about how we think about the momentum just in our overall platform. We are the consolidator, we're the one that people are looking to not only get the best outcome, but to save money. So when you wrap that all together, we have confidence with respect to our conviction in back half reacceleration.

Our next question comes from Gabriela Borges with Goldman Sachs. .

George and Burt, some of these reflex deals are really interesting. Talk to us a little bit about the budget conversation that happens. If I was budgeting for 35 months, and I burned through my usage in 5 months, where does the incremental budget come from? And how does the ROI conversation change? Clearly, customers are getting value out of the they using the product? Just curious how that math works out.

Yes. Great question. So a lot of what we're doing with customers is going through the demand plan and our business value assessment, and that's really where we can talk about how we can replace other point products.

So typically, the conversation will look at customer road map, they'll look at certainly our road map and the products we have in the 30 modules and then we'll begin to plan the phased rollout of our products to replace what they have. And in general, what we're focused on is how can we save them money by replacing those point products and ultimately getting a better outcome.

So Flex is going to give them the best discounted rates. The more they commit, the bigger the discounts and then also, it takes all the friction out of procurement. So they can roll us out and within 5 months, as we talked about, they can consume that Flex license. But we're now on a path to adding more modules faster. And once they see the value of it and they are using all of the products or the products that they're licensed for within the Flex suite, it just incentives to use more and more of those.

So that's the way we see it. It's instead of module by module sale, it's more of a demand planning exercise with real tangible ROI and financial benefits, which has been a huge success for us and our partners.

Our next question comes from Brian Essex with JPMorgan.

George, I was wondering if you could talk about the sales go-to-market effort and how that's changed. Obviously, you're coming off a pretty meaningful period of disruption in the second half of the year and you had to adjust compensation structures and focus to focus on CCP and penetration of Flex. How have things changed in 1Q? Have plans materially changed the way that you're compensating quota-bearing reps in the channel? And how less response been from the sales force?

Well, I think the response has been great from a sales force perspective and customer perspective. The customers have put it in the rearview mirror, we've moved forward with our customers and partners and the focus really has been on innovation that we're delivering on how we can consolidate the point products they have, the power of the Falcon platform, Charlotte AI.

We're back to business in areas that we've always focused on, which is really exciting for us. And the big takeaway is customers want to do more and more with us. And we're seeing that with the adoption rates, and we're seeing that with the burn down of the Falcon Flex licensing much faster than we originally anticipated.

So there's still more work to do in terms of educating partners and -- and our own sales force in this go-to-market motion around demand planning, but that's an exercise that always be ongoing, but we're seeing tremendous success, both internally and with our partners.

Our next question comes from Andy Nowinski with Wells Fargo.

I wanted to follow up on Falcon Flex and the -- really the impact it has on both revenue and ARR, because it seems like it has a very different impact. So I guess when a customer burns through their contracted credits faster than they expected and they reflex, does that overage flow into your subscription revenue? Or do they have to reflex to a new contract right away? And where do we see that showing up? I mean does that show up in your net new ARR when they reflex or is that RPO? Just any help you can give us on how we -- how we can measure the success of that reflex and where we see it showing up .

Andy, great question. So were it shows up is basically on the reflex. So when a customer burns through all of their flex then they're going to come back to us and say, look, we want to reflex with you. We enjoy what you have. You want to do more what you have, and that's where you're going to start seeing the net new ARR come into play.

Our next question comes from Keith Weiss with Morgan Stanley.

And congratulations on a solid start to the fiscal year. George, I wanted to touch on something you said in your prepared remarks about the generative AI demand on the horizon and definitely agree with you in terms of the expansive sort of demand potential there is behind generative AI.

But there's also a lot of different types of demand that you could see. You were talking a lot about surface area, but you also have it in your products. There's also the threat environment. Can you give us a little bit of visibility on what's hitting today? What's actually driving demand today for you guys? Is it what you guys are doing in your SIEM product? And what's up more on the horizon? What should we be looking forward to going forward in terms of what could be future demand drivers?

Sure. Well, when we think about AI, when I started CrowdStrike, it was AI-first company. Years ago, it was machine learning now AI, but at the end of the day, what we're able to do is to deliver the right outcomes to customers.

We'll take Charlotte AI as an example. We're just seen tremendous growth in the product itself. and the adoption within the customer base and what we're able to really solve for them in saving hours and hours of work coming up with the right results which really helps to automate Level 1 triage and really free up those resources internally. So that's, again, how we use AI to drive workflow automation as well as get better security outcomes.

When we think about the protection piece, we have model -- scanning model protection today. We're doing that for customers. But really, what I highlighted in the call is something I'm really excited about and that is, if you think about CrowdStrike and you think about what we do and how we've evolved, we protect workloads, computers, users, identities, right? Those are today's speed.

When we think about generative AI and really what I'd call autonomous agents, they have the same needs, but they're super human. They have access to data, they have identities, they have access to systems outside of their own environment, they have workflows, they take action. So it's building those guardrails and then instrumenting the visibility and protection across the entire AI workflow and every agent and there could be billions of agents are going to need protection, and that's where we see a fantastic future opportunity, and we're going to be at the tip of the spear of being able to protect those in the future.

Our next question comes from Matt Hedberg with RBC.

Congrats on the results, not an easy environment for sure. George, I wanted to ask about U.S. Fed. I guess, how has it been trending sort of what's baked into the guide? And if there's any comment that you could make on -- there's a Bloomberg article earlier in May, that would certainly be helpful.

So I'll take the second part of your question, any comments with respect to Bloomberg. So for us, the company and the -- and how Bloomberg reported what they reported. The company received a request for information from the DOJ and the SEC relating to revenue recognition and reporting of ARR for certain transaction -- for certain transactions, the July 19 outage and related matters. .

Our next question comes from Joe Gallo with Jefferies. .

Bert, can you provide some guardrails on how to think about free cash flow margin this year? I think previously you talked through an exit rate. And then maybe just talk a little bit more about what underpins your confidence in 30% plus margin next year.

Yes, sure. So yes, we did talk about the 27% exit rate on Q4 for free cash flow margin. We're excited about that. And then the 30%, we get most of our conviction from what we've already been talking about, we get it from Flex. We had it from larger, longer, bigger deals, and we get a lot of momentum with respect to how customers burn through Flex. We gave you those examples faster than we anticipated. And all that's going to turn into dollars for us. And that's where we get excited about next year's free cash flow numbers that we provided. .

Our next question comes from Mike Cikos with Needham

I just wanted to get a quick update on what you're seeing more from a macro standpoint as far as April and May. We received some differing data points depending on which of the fiscal quarter end cyber companies you're speaking to? .

And just wanted to sanity check if you guys are seeing any movement at the margin when we think about how things are playing out in the month of April versus the linearity in the quarter and then how things have trended with May in the rearview mirror at this point.

Yes. I think we did a great job on execution. And with the right platform and solving the problems that we're solving, we powered through it. Like you look at the results with net new ARR, it was fantastic. Again, customers want to buy more and more from us. Next-Gen SIEM has been a total home run.

So I can only focus on what we can control. And I think the team did a fantastic job in -- in an environment that had a lot of noise to power through it and deliver the results that we delivered.

Our next question comes from Shaul Eyal with TD Cowen

George, my question is on Next-Gen SIEM. Success is absolutely unquestionable. I listened to your tone looking at the presentation, it's unequivocal. If we think about 1 or 2 legacy same incumbents that you are most frequently displacing, who would those be? .

I would say it's across the board, but certainly a big player out there is Splunk and QRadar. So -- and others are out there, but you have to look at the legacy comments and customers are looking for better, faster and better value. So that's what we're delivering, and it's all in an integrated package.

And a big part of our success has been it's already built in. All of our customers actually have Next-Gen SIEM, and they get pigabytes of it basically built in. So it makes it easy for them to try it out. And then when they see the results of it, they don't have to move data out of our platform. It's already there. and then we're converting them internally and as well as working with our GSI partners.

So I think this is one of the most exciting areas that we have. And for us, it feels a lot like the legacy AV market when I started the company. And I think we've got a tremendous amount of runway in front of us. And I just hear time and time again from customers, we cannot believe how fast it is, how well it works and the value we're getting from it. So I think overall, we'll continue to see great success with it.

Our next question comes from Roger Boyd with UBS.

Great. George, I wanted to hit on MSSP. I think you said 15% of bookings coming from that channel this quarter. If I look at kind of 2 years ago, it was maybe kind of in the mid-single digits. So a much more significant piece today. Can you just expanding the momentum there, what's going well, your competitive positioning with those partners and where you see the channel going, particularly as you look to engage partner first on a managed SIEM and managed SOC basis?

Yes. Well, we've spent a lot of time and effort over the last couple of years of working with those channel partners working with the managed service providers adding the capabilities that they need to be able to deploy and manage CrowdStrike very easily.

There's always been a demand for us in the SMB and through managed service providers. And we had to meet that demand in a way that makes sense for the managed service providers. We've made those changes. It's very easy to use and deploy within those environments.

And the big thing is customers have been and continue to ask for it and we're winning against our competitors. I mean we are now in a market that we weren't necessarily in and we're having an impact in the competitive environment. And that, for me, is, I think, a bright spot and really highlights the partner-first mentality we have.

Our next question comes from Peter Levine with Evercore ISI.

Maybe for you, George, at RSA, I think you announced a privileged access management product for identity. You have identity Falcon Flex Identity. So maybe if you could just share with us like what are -- what's your vision within getting deeper into the Identity management space.

Well, when you look at what we have with our identity protection, we are there with our agent. We're built in. We've run on very critical domain controllers and customers for years have asked us, can you do more in that space. They love our identity product.

And now we have the ability to help them with privilege access. And we continue to add more and more capabilities. It's a big TAM. It's an area that we've got expertise. We've got the real estate of having these agents and customers are looking for the consolidation play and they're also looking to save money. Some of the other solutions are very expensive, and by consolidating on CrowdStrike in that area, it's a win for them and it's a win for us. So we'll continue to add more and more capabilities and it does unlock a new TAM for us. today in the future.

Our last question comes from Keith Bachman with BMO.

Hopefully, you can hear me okay. Bert, I wanted to direct this to you, if I could. On the CCP, I'm just trying to get a little bit of help how to think about it in the second half of the year. So last year, in the October and January quarter, you identified $80 million of CCP. And so presumably, as you anniversary that, how does that layer into the back half of the year opportunities in terms of ARR. Would we just add it to kind of normal back half of the year growth? Or any comments on exactly how that layer takes into the second half of the year?

And if you don't mind, could you just repeat what you said about the July quarter in terms of sequential growth in terms of net new ARR?

Yes. So Keith, thanks for the question. So first, let me just start with saying that, as I said earlier, about Flex. When the Flex licenses start burning out, that's the opportunity for customers to buy more and all the new purchases that they make that all goes into net new ARR. And the momentum we're seeing gets us for that confidence level with respect to back half acceleration that we keep talking about and have more and more conviction to.

When we think about the $80 million, so the $80 million was with respect to deal value that we gave out, and we talked about that number. And then when you heard the -- my prepared remarks today, I'm talking about impact from CCP on revenue specifically. And then I go into specifically about the partner programs that we have. And we talked about basically for Q2 and beyond around $10 million to $15 million per quarter.

The other thing I want to mention is that when we think about our module and module retention rates, we're over -- we're around approximately 95% with respect to module retention rate, that gives us that confidence with respect to for customers who are going to come back to Flex and re-up with Flex, which is a big piece of how we're thinking about the back half of this year.

Not only by the way, do we think about net new ARR, but I talked about, Keith, margin expansion in the back half of next year. I don't want to do -- i don't want you to lose sight of that as well.

Operator?

[ This concludes today's question and answer session ]. I would now like to turn the call back over to George Kurtz for closing remarks.

I want to thank everyone for joining us today, and we look forward to seeing you on our next earnings call. Stay well.