Search Icon
Zscaler: Zero Trust, AI, and the Path to $5 Billion ARR (NASDAQ:ZS)
Published on June 22, 2025

Executive Summary / Key Takeaways

  • Zscaler is a pioneer in cloud-native Zero Trust security, leveraging its unique proxy-based architecture to displace legacy perimeter-based solutions and address the evolving threat landscape exacerbated by cloud adoption and AI.
  • The company is strategically expanding its platform beyond securing users to encompass "Zero Trust Everywhere," including branches, cloud workloads, and IoT/OT devices, driving significant growth in emerging product areas.
  • AI is deeply integrated into Zscaler's platform, powering enhanced threat detection, automated security operations, and enabling the secure adoption of AI applications, creating new avenues for growth and differentiation.
  • Recent financial performance demonstrates strong top-line growth (23% Q3 FY25 revenue, 25% Q3 FY25 billings) and improving profitability and free cash flow generation, supported by enhanced go-to-market execution and large customer momentum.
  • Management is guiding for continued solid growth in FY25, anticipating acceleration in the second half driven by pipeline strength, improving sales productivity, and scheduled billings, with a long-term goal of reaching $5 billion or more in Annual Recurring Revenue (ARR).

Setting the Scene: The Zero Trust Pioneer

Founded in 2007 with the prescient vision that the internet would become the new corporate network, Zscaler set out to fundamentally transform cybersecurity. Recognizing the inherent flaws in traditional perimeter-based security models – the "castle-and-moat" approach – which proved inadequate as applications moved to the cloud and workforces became mobile, Zscaler pioneered the Zero Trust Exchange. This cloud-native platform operates on the principle that no user, device, or application should be implicitly trusted, regardless of location. Delivered via a Software-as-a-Service (SaaS) model, Zscaler's solution is purpose-built, multi-tenant, and distributed across a global network of data centers, designed to securely connect the right user to the right application based on identity and policy, bypassing the need to ever place users directly on the corporate network. This foundational shift in architecture is the bedrock of Zscaler's investment thesis.

The Technological Moat: Cloud-Native Architecture and AI

At the heart of Zscaler's differentiation is its inline, proxy-based cloud architecture. Unlike legacy solutions that backhaul traffic through centralized data centers or attempt to virtualize appliance-based security in the cloud (often marketed as SASE), Zscaler's Zero Trust Exchange inspects traffic at the edge, close to the user or device. This provides tangible benefits: it eliminates the need for costly and complex legacy hardware like firewalls, VPNs, and Secure Web Gateways, prevents lateral threat movement once inside a network, significantly reduces the attack surface by making applications invisible to the internet, and offers superior scalability and performance for a distributed workforce.

The scale of the platform itself is a significant technological advantage. Zscaler secures over 50 million users and processes over 500 billion transactions daily, generating more than 20 petabytes of high-fidelity, proprietary data each day. This data is not merely stored; it's a critical asset leveraged to train AI models that power innovations across the platform.

AI is increasingly woven into the fabric of Zscaler's offerings, creating a powerful flywheel effect. The vast dataset enables AI-powered threat detection that is constantly learning and adapting, blocking over 60 billion threats and enforcing over 5 trillion policies last year. Beyond core security, AI is driving operational efficiency and new product capabilities:

  • AI-Powered Digital Experience: ZDX Copilot, embedded in the ZDX Advanced Plus package, leverages AI to automate IT operations, helping to lower the mean time to resolution for service tickets. Bookings for ZDX Advanced Plus have seen remarkable growth, increasing over 70% year-over-year to nearly $75 million since the Copilot launch. Future developments aim to use AI agents for automated root cause analysis and remediation recommendations.
  • AI-Powered Security Operations: Leveraging acquired data fabric technology (from Avalor), Zscaler is building AI analytics solutions like Risk 360 and Unified Vulnerability Management. These tools consolidate and correlate vast amounts of security data to deliver real-time, actionable insights for SecOps teams. SecOps ACV grew over 120% year-over-year in Q3 FY25, albeit from a smaller base. Future innovations include AI-powered breach prediction and threat hunting.
  • Securing the Age of AI: Recognizing the security risks introduced by AI adoption, Zscaler is developing solutions to secure both public (ChatGPT, Microsoft (MSFT) Copilot) and private AI applications. The GenAI data security module enables secure use of public AI apps by providing visibility, access control, and data loss prevention. An LLM proxy is being developed to analyze prompt queries and responses for malicious activity and data leakage in private AI apps.

This deep integration of AI, fueled by the platform's unique data advantage, enhances Zscaler's competitive moat, drives customer value through improved security and operational efficiency, and positions the company to capitalize on the growing need for AI security.

Loading interactive chart...

Expanding the Horizon: Zero Trust Everywhere

Zscaler's strategic vision extends Zero Trust beyond users to encompass the entire enterprise footprint – "Zero Trust Everywhere." This involves securing branches, cloud workloads, and IoT/OT devices, areas traditionally protected by legacy hardware that allows lateral threat movement.

  • Zero Trust Branch: Zscaler is directly targeting the branch security market with solutions like Zero Trust SD-WAN and Zero Trust device segmentation (enhanced by the Airgap acquisition). A new unified appliance for branches simplifies infrastructure by combining connectivity and device segmentation, aiming to eliminate the need for SD-WAN, firewalls, NAC, and legacy segmentation. This initiative is gaining significant traction, with 59% of customers purchasing Zero Trust Branch in Q3 FY25 being new logos, often starting with a small number of branches but presenting substantial upsell opportunities.
  • Zero Trust Cloud: Zscaler's Zero Trust Cloud enables secure communication between workloads and from workloads to the internet without relying on East-West or North-South firewalls, VPNs, or direct connects. While customers initially adopt this for a small number of workloads, Zscaler is seeing larger deals and acceleration in Zero Trust cloud ARR as enterprises become comfortable with this innovative approach.
  • Zero Trust for IoT/OT: Leveraging the Airgap acquisition, Zscaler is extending Zero Trust segmentation to devices within branches, factories, and campuses, aiming to replace internal firewalls and NAC devices.

The "Zero Trust Everywhere" strategy is a key growth driver, contributing significantly to new and upsell business. The number of enterprises adopting Zero Trust Everywhere surpassed 210 in Q3 FY25, representing over 60% quarter-over-quarter growth, and management has a mandate to triple this number in the next 18 months.

The Data Security Imperative

Data security has become increasingly critical, particularly with the proliferation of SaaS applications and GenAI. Zscaler's data protection pillar is one of its fastest-growing areas, experiencing over 40% year-over-year growth in net new ACV in Q2 FY25. Zscaler offers a comprehensive platform to secure data across all types (structured, unstructured, in motion, at rest) and channels (web, email, endpoint, SaaS, cloud workloads, GenAI apps).

The value proposition is compelling: it allows customers to consolidate multiple point products (like legacy DLP) into a single platform with a common policy engine, dramatically simplifying management and reducing operational overhead. This resonates strongly with customers facing complexity from disparate security tools. The increasing adoption of GenAI is a significant tailwind, driving demand for Zscaler's data protection solutions to prevent sensitive data leakage to public AI apps.

Financial Performance: Growth and Profitability

Zscaler's recent financial results underscore its strong execution and market position. For the third quarter of fiscal year 2025, revenue grew 23% year-over-year to $678 million, and calculated billings increased 25% year-over-year to $785 million. Unscheduled billings (new, upsell, and renewal) showed particular strength, growing in the high 20s percentage year-over-year in Q3 FY25. Remaining Performance Obligations (RPO) stood at $4.978 billion as of April 30, 2025, up 30% year-over-year, providing strong visibility into future revenue. ARR exited Q3 FY25 at approximately $2.9 billion, maintaining a 23% year-over-year growth rate for the third consecutive quarter.

Loading interactive chart...

While still investing heavily for growth, Zscaler demonstrates improving profitability and strong cash flow generation. Gross margin was approximately 77% for the three and nine months ended April 30, 2025, slightly down year-over-year primarily due to increased employee costs and data center expansion. Operating expenses increased across sales and marketing (20% Q3, 15% 9M), research and development (36% Q3, 37% 9M), and general and administrative (25% Q3, 16% 9M), reflecting investments in headcount and platform development. Despite these investments, operating margin was approximately 4% in Q3 FY25 and 5% for the nine months, while non-GAAP operating margin remained robust at 22% in Q3 FY25 and 22% for the nine months.

Loading interactive chart...

The company achieved a Rule of 52 performance (revenue growth + free cash flow margin) year-to-date fiscal 2025, consistently exceeding the Rule of 40 benchmark. Net cash provided by operating activities was $721.8 million for the nine months ended April 30, 2025, and free cash flow margin was 18% in Q3 FY25 and 28% year-to-date. The company maintains a strong liquidity position with over $3 billion in cash, cash equivalents, and short-term investments as of April 30, 2025.

Loading interactive chart...

Go-to-Market Evolution and Customer Momentum

Zscaler's go-to-market strategy has evolved to an account-centric selling motion, focusing on deepening relationships and expanding within its large enterprise customer base. This shift, coupled with investments in sales capacity and productivity, is yielding results. The company continues to grow its base of large customers, ending Q3 FY25 with 642 customers spending over $1 million in ARR and 3,363 customers spending over $100,000 in ARR. New logo ACV grew over 40% year-over-year in Q3 FY25, demonstrating continued success in landing new enterprise accounts.

The land-and-expand model is a core strength, with upsell contributing significantly to growth. ZPA, initially a small part of the business, now accounts for over 40% of the new and upsell mix generated by ZIA and ZPA combined. The increasing adoption of data protection modules and emerging products further drives upsell. Strategic partnerships, particularly with Global System Integrators (GSIs), are playing an increasingly critical role in driving large transformation deals and embedding Zscaler's platform into broader customer initiatives. The introduction of the Z Flex purchasing program in Q3 FY25, which contributed over $65 million in TCV bookings, offers customers flexibility to scale and adopt modules seamlessly at pre-agreed pricing, simplifying procurement and encouraging broader platform adoption.

Competitive Landscape: Displacing the Legacy

Zscaler operates in a highly competitive market, facing both established network and security vendors and emerging cloud-focused players. Its primary competition comes from companies offering traditional perimeter security (firewalls, VPNs) or attempting to adapt these architectures to the cloud (some SASE offerings). Competitors include large players like Palo Alto Networks (PANW), Cisco (CSCO), Check Point (CHKP), and Fortinet (FTNT), as well as more specialized vendors like CrowdStrike (CRWD) in endpoint security.

Zscaler's core competitive advantage lies in its differentiated cloud-native Zero Trust architecture. While competitors often rely on hybrid models or virtualized legacy appliances, Zscaler's purpose-built platform offers superior performance, scalability, and security efficacy in a cloud-first, mobile-first world. This architectural difference allows Zscaler to directly displace multiple legacy point products, offering customers not only better security but also significant cost savings and operational simplicity – a compelling value proposition in the current macro environment characterized by customer scrutiny on large expenditures.

Management notes that the competitive landscape hasn't seen meaningful changes recently, and they feel well-positioned, particularly at the high end of the market, where the need for robust, scalable, and resilient cloud security is paramount. Recent cloud outages experienced by other vendors have further highlighted the importance of Zscaler's focus on resilience and its pioneering business continuity service. While competitors may have broader portfolios or established relationships, Zscaler's focus on Zero Trust and AI, its increasing pace of innovation, and its ability to demonstrate tangible ROI by eliminating legacy infrastructure are key differentiators driving market share gains, as evidenced by its billings growth significantly outpacing that of legacy network security vendors.

Outlook and Guidance: Path to $5 Billion ARR

Looking ahead, Zscaler is guiding for continued solid growth in fiscal year 2025. For the fourth quarter of fiscal 2025, the company expects revenue in the range of $705 million to $707 million, reflecting approximately 19% year-over-year growth. Operating profit is guided between $152 million and $154 million, with earnings per share in the range of $0.79 to $0.80 (assuming a 23% tax rate).

For the full fiscal year 2025, Zscaler raised its guidance, now expecting revenue between $2.659 billion and $2.661 billion (approximately 23% year-over-year growth) and billings between $3.184 billion and $3.189 billion (approximately 21% to 22% year-over-year growth). Operating profit is projected between $573 million and $575 million, leading to expected earnings per share of $3.18 to $3.19 (assuming a 23% tax rate). Free cash flow margin is anticipated to be approximately 25.5% to 26% for the full year, even with higher capital expenditures (approximately 3 points higher as a percentage of revenue) to invest in cloud and AI infrastructure upgrades.

Management anticipates an acceleration in billings growth in the second half of FY25, driven by a strong pipeline, expected continued improvement in sales productivity, and the timing of contracted non-cancelable billings. The company remains on track to achieve its near-term goal of $3 billion or more in ARR by the end of fiscal 2025 and is focused on its long-term ambition of reaching $5 billion or more in ARR. The recently announced acquisition of Red Canary, expected to close in Q1 FY26, aims to accelerate Zscaler's expansion into AI-powered security operations (MDR and threat intel) and is expected to be largely neutral to FY26 operating margin. The company also announced the appointment of Kevin Rubin as the new CFO, succeeding Remo Canessa, who will remain in an advisory role through the fiscal year end.

Risks and Challenges

Despite its strong position and growth trajectory, Zscaler faces notable risks. The macroeconomic and geopolitical environment remains uncertain, leading to continued customer scrutiny and potentially elongated sales cycles for large deals. While cybersecurity is a priority, overall IT budget constraints could still impact spending. Competition is intense, and while Zscaler believes its architecture is superior, competitors with broader portfolios, established relationships, or aggressive pricing strategies could pose challenges.

Execution risk is also present, particularly related to managing rapid growth, successfully integrating acquired technologies (like Avalor, Airgap, and Red Canary), and ensuring the continued improvement of sales productivity after recent organizational changes. The ability to attract, train, and retain skilled personnel, especially in sales and R&D, is critical. Technological risks include the need to maintain a rapid pace of innovation in a fast-evolving threat landscape and the potential challenges associated with the development and regulatory environment of AI/ML technologies. Operational risks include reliance on third-party data centers and suppliers, as well as the potential for service interruptions, although the company emphasizes its resilience and business continuity offerings. Legal and compliance risks, including data protection regulations and potential IP litigation, are inherent in the industry. Finally, stock price volatility and risks related to the company's convertible senior notes and shareholder concentration are factors for investors to consider.

Conclusion

Zscaler stands as a leader in the critical and growing field of cloud security, fundamentally reshaping enterprise network security with its Zero Trust Exchange platform. The company's differentiated cloud-native architecture, coupled with strategic expansion into Zero Trust Everywhere and deep integration of AI, provides a compelling value proposition centered on enhanced security, operational simplicity, and cost reduction. Despite navigating a cautious macro environment and intense competition, Zscaler demonstrates strong financial performance, driven by increasing customer adoption, successful upsell, and improving go-to-market execution. With a clear strategic roadmap, a focus on innovation, and a large addressable market fueled by the secular trends of cloud migration and AI adoption, Zscaler appears well-positioned to continue its growth trajectory towards its ambitious ARR targets. While risks related to execution, competition, and the macro backdrop warrant careful monitoring, the core investment thesis in Zscaler's disruptive technology and expanding platform remains robust.

Other articles you may be interested in
Qualys, Inc. (NASDAQ:QLYS): A Cybersecurity Leader Transforming Risk Management
Qualys, Inc. (NASDAQ:QLYS) has been at the forefront of the cybersecurity industry since its inception in 1999, pioneering cloud-based solutions that help organizations identify, measure, and remediate IT security risks. With a strong track record of innovation and customer success, Qualys has solidified its position as a trusted provider of disruptive cloud-based IT, security, and compliance solutions.
Read More
CrowdStrike Holdings, Inc. (CRWD): Pioneering the Future of AI-Powered Cybersecurity
Business OverviewCrowdStrike Holdings, Inc. (CRWD) is a leading provider of cloud-native, AI-powered cybersecurity solutions that are redefining the industry. Founded in 2011, the company has emerged as a trailblazer, delivering innovative products and services that have transformed the way organizations approach security in the digital age.
Read More
SentinelOne: AI Leadership Fuels Growth Amidst Macro Headwinds (NYSE: S)
SentinelOne was founded in 2013 with a vision to redefine cybersecurity through artificial intelligence and automation. Recognizing the limitations of traditional, human-dependent security tools against increasingly sophisticated threats, the company set out to build a truly autonomous defense platform. This foundational focus on AI has shaped its evolution from a disruptive endpoint security provider to a comprehensive platform player.
Read More
Grid Dynamics Holdings Inc. (GDYN): Delivering AI-Powered Digital Transformation at Scale
Grid Dynamics Holdings Inc. (GDYN) is a leading provider of enterprise-level digital transformation services and solutions, leveraging cutting-edge technologies such as artificial intelligence (AI), cloud computing, and advanced analytics to help Fortune 1000 companies undergo successful digital modernization. With over 15 years of experience in the industry, Grid Dynamics has emerged as a trusted partner for some of the world's largest organizations, driving impactful business outcomes through its innovative service offerings.
Read More