Executive Summary / Key Takeaways

• CrowdStrike is establishing itself as the AI-native platform of record in cybersecurity, leveraging its Falcon platform and differentiated technology to drive significant platform consolidation and displace legacy point products across multiple large security markets.
• The Falcon Flex subscription model is proving to be a game-changer, accelerating platform adoption, increasing deal sizes and durations, and driving faster consumption of modules, positioning CrowdStrike for future ARR uplift and deeper customer relationships.
• Despite near-term headwinds from the July 19, 2024 incident, including extended sales cycles and impacts from customer commitment packages, management anticipates net new ARR growth to accelerate in the back half of fiscal year 2026, setting the stage for further acceleration in FY2027.
• CrowdStrike demonstrated strong financial performance in Q1 FY26 with 20% revenue growth, robust subscription gross margins (80%), and record free cash flow ($279.4 million), while maintaining high gross retention rates (97%).
• The company is committed to significant margin expansion, targeting over 24% non-GAAP operating margin and over 30% free cash flow margin in FY2027, supported by strategic investments, operational efficiencies, and a recently approved $1 billion share repurchase program, as it progresses towards its $10 billion ARR goal by FY2031.

CrowdStrike Holdings, Inc., founded in 2011, set out to redefine cybersecurity for the cloud era. Recognizing the limitations of legacy, on-premise security solutions against increasingly sophisticated cyber threats, the company pioneered a fundamentally different approach: the AI-native CrowdStrike Falcon platform. This platform, built from the ground up as a true cloud-native unified solution, leverages artificial intelligence at its core, operating via a single, lightweight agent to provide comprehensive protection across endpoints, cloud workloads, identity, and data. This innovative architecture laid the foundation for what CrowdStrike terms the "Security Cloud," a concept management believes has reshaped the cybersecurity industry by enabling the ingestion and correlation of trillions of security events weekly to identify adversary tactics and prevent breaches in real-time.

The cybersecurity market remains intensely competitive and fragmented, characterized by rapid technological change and evolving threats. CrowdStrike faces a diverse set of rivals, ranging from legacy antivirus providers like those offering traditional signature-based protection, to alternative endpoint security vendors, network security giants expanding into endpoint and cloud (such as Check Point Software (CHKP) and Palo Alto Networks (PANW)), specialized cloud and identity security players, and legacy SIEM vendors. Larger technology conglomerates like Microsoft (MSFT) also represent significant competition, leveraging their vast ecosystems and integrated security offerings. While some competitors boast greater scale, longer operating histories, and deeper financial resources, CrowdStrike strategically positions itself as the innovation leader and the platform of choice for consolidation.

CrowdStrike's technological differentiation is central to its competitive strategy. The Falcon platform's single, lightweight agent is a key advantage, minimizing performance impact on protected systems and simplifying deployment compared to multi-agent or heavier legacy solutions. The AI-native architecture, powered by the CrowdStrike Threat Graph, enables rapid detection and prevention capabilities. For instance, in independent testing, Falcon has demonstrated significantly faster mean time to detection compared to competitors. The platform's modularity allows customers to easily adopt and integrate new capabilities across a growing portfolio of over 30 modules.

Beyond endpoint security, CrowdStrike has successfully expanded into high-growth adjacent markets. The combined strength of its Cloud Security, Identity Protection, and Next-Gen SIEM businesses is a testament to this, collectively surpassing $1.3 billion in ending ARR by Q4 FY25 and growing nearly 50% year-over-year. Falcon Cloud Security, recognized as a leader in its space, offers a unified suite covering workload protection, posture management, and application/data/SaaS security, with runtime protection at its core. This integrated approach directly challenges multi-platform cloud security vendors. Identity Protection, bolstered by the Adaptive Shield acquisition, secures identities across devices, cloud, and SaaS applications, addressing a rapidly growing attack surface and displacing less comprehensive incumbent solutions. Falcon Next-Gen SIEM is disrupting the legacy SIEM market by offering unmatched speed, scalability, and cost efficiency, leveraging native Falcon data and integrating third-party sources with AI-powered analytics and automation, directly competing with established players like Splunk (SPLK) and QRadar. The emerging Exposure Management business, with a line of sight to $300 million in ARR by Q4 FY25, is displacing legacy vulnerability management tools by providing unified vulnerability and attack surface management, including new AI-powered network scanning capabilities.

A pivotal strategic initiative has been the introduction and rapid scaling of the Falcon Flex subscription model. Launched to meet customer demand for simpler procurement and faster platform adoption, Falcon Flex allows customers to commit to a total deal value and flexibly consume any modules across their subscription term. This model has seen remarkable traction, with the total account deal value of customers adopting Flex growing from over $700 million in Q2 FY25 to over $3.2 billion by Q1 FY26. The average Flex customer deal size exceeds $1 million in ending ARR with an average subscription length of 31 months, and over 75% of contracts are deployed faster than anticipated, leading to early "reflexes" for additional capacity. Falcon Flex fundamentally changes the sales motion from module-by-module selling to strategic demand planning, enabling customers to consolidate multiple point products and realize significant cost savings and operational efficiencies by standardizing on the Falcon platform. This model is a key driver of increased module adoption, with Flex customers adopting more than nine modules on average.

CrowdStrike's financial performance reflects its growth trajectory and strategic execution, albeit with recent impacts from a significant operational challenge. For the three months ended April 30, 2025 (Q1 FY26), total revenue reached $1.10 billion, a 20% increase year-over-year, driven by strong subscription revenue growth of 20%. Subscription revenue constituted 95% of the total, demonstrating the continued dominance of the core SaaS model. Subscription gross margin remained robust at 80%, highlighting the efficiency of the cloud platform at scale, though slightly down from the prior year due to increased stock-based compensation. Professional services revenue saw an 8% increase, contributing 5% to the total, but its gross margin decreased significantly due to higher consulting expenses.

Operating expenses increased across the board in Q1 FY26, with sales and marketing up 26%, R&D up 42%, and G&A up 59%. These increases were driven by higher employee-related costs (reflecting headcount growth), increased stock-based compensation, and strategic investments in marketing, R&D, and cloud hosting. Notably, G&A expenses included $38.7 million related to the July 19 Incident and $6.6 million in charges associated with the strategic realignment plan announced in May 2025. This incident, where a content configuration update caused system crashes, significantly impacted the latter part of Q2 FY25 and created near-term headwinds, including delayed pipeline generation and extended sales cycles, which have persisted.

The July 19 Incident also influenced customer interactions, leading to the proactive offering of customer commitment packages (CCPs). These packages, often delivered via the Falcon Flex model, included concessions like discounts, additional modules, flexible payment terms, and duration extensions. While these CCPs were instrumental in maintaining high gross retention rates (consistently around 97%) and accelerating platform adoption, they temporarily muted upsell dollar values and increased contraction, impacting net new ARR and revenue recognition in subsequent quarters. The CCP program concluded in Q4 FY25, with an estimated value of $80 million provided in FY25.

Despite the GAAP net loss of $110.2 million in Q1 FY26 (which included incident-related expenses), CrowdStrike continues to demonstrate strong non-GAAP profitability and cash flow generation. Non-GAAP operating income reached $201.1 million (18% margin) in Q1 FY26, exceeding guidance. Cash flow from operations was a record $384.1 million, and free cash flow was a record $279.4 million, representing 25% of revenue, even with approximately $61 million in incident-related expenses impacting the quarter's free cash flow. The company's liquidity position remains strong, with $4.61 billion in cash and cash equivalents as of April 30, 2025, providing ample resources for operations, investments, and a recently approved $1 billion share repurchase program.

Looking ahead, management acknowledges that the headwinds from the July 19 Incident, including elongated sales cycles and the temporary impact of CCPs on revenue recognition, are expected to persist in varying degrees for about a year, with a diminishing "half-life" effect. This dynamic is expected to cause a temporary separation between ARR and subscription revenue recognition in FY26. However, confidence in the underlying business strength and strategic initiatives remains high. Management guided for Q2 FY26 revenue in the range of $1,144.7 million to $1,151.6 million (19% YoY growth) and full-year FY26 revenue between $4,743.5 million and $4,805.5 million (20% to 22% YoY growth). Non-GAAP operating income is guided at $226.9 million to $233.1 million for Q2 FY26 and $970.8 million to $1,010.8 million for the full year. Non-GAAP diluted EPS is expected to be $0.82 to $0.84 for Q2 FY26 and $3.44 to $3.56 for the full year.

Management explicitly anticipates improving sequential net new ARR growth in Q2 FY26, with the growth rate expected to be at least double the Q1 to Q2 growth seen in the prior fiscal year. Crucially, they expect net new ARR growth to accelerate in the back half of FY26, driven by the momentum from Falcon Flex (including reflexes) and the increased platform adoption seeded by the CCPs as those benefits are consumed. This reacceleration is expected to set the stage for further acceleration in FY2027. The strategic realignment plan is projected to add at least 1% to the FY2027 non-GAAP operating margin, increasing the target to at least 24%. Furthermore, the company anticipates achieving over 30% free cash flow margin in FY2027, supported by the benefits of the Falcon Flex model and operational efficiencies, as it works towards its long-term target non-GAAP operating model by FY2029 (34%-38% free cash flow margin) and its $10 billion ending ARR goal by FY2031.

Conclusion

CrowdStrike's journey from a disruptive startup to a global cybersecurity leader is defined by its pioneering AI-native Falcon platform and its strategic evolution to meet the complex demands of the modern threat landscape. While the July 19 Incident presented a significant challenge, the company's transparent response, coupled with its strong underlying technology and innovative go-to-market strategies like Falcon Flex, appears to have reinforced customer trust and accelerated platform adoption. The financial results for Q1 FY26 demonstrate continued growth and profitability, providing a solid foundation despite the acknowledged near-term headwinds.

The investment thesis for CrowdStrike hinges on its ability to continue driving platform consolidation, leveraging its technological edge in AI and cloud-native security, and capitalizing on the massive market opportunity presented by the expanding digital attack surface and the need for simplification. The expected acceleration in net new ARR growth in the back half of FY26 and beyond, fueled by the success of Falcon Flex and increased module adoption, signals a return to stronger growth momentum. Coupled with clear targets for margin expansion and robust free cash flow generation, CrowdStrike is strategically positioned to execute on its long-term vision, making it a compelling consideration for investors focused on the future of cybersecurity.