CrowdStrike's Q2 2026 Earnings Call: Contradictions on Partner Rebate Impact, ARR Growth, and AI Integration Reveal Strategic Shifts

The above is the analysis of the conflicting points in this earnings call

Date of Call: August 27, 2025

Financials Results

• Revenue: $1.17B, up 21% YOY
• EPS: $0.93 non-GAAP diluted EPS, exceeded guidance
• Gross Margin: 78% total non-GAAP; subscription gross margin 80%
• Operating Margin: 22% non-GAAP, exceeded guidance

Guidance:

• Q3 revenue $1.208B–$1.218B (+20%–21% YOY); non-GAAP EPS $0.93–$0.95; operating income $256M–$262M; 21% tax; ~257M diluted shares.
• FY26 revenue $4.750B–$4.806B (+20%–22% YOY); non-GAAP EPS $3.60–$3.72; operating income $1.00B–$1.04B.
• H2 net new ARR to grow at least 40% YOY; Q2→Q3 net new ARR up high single-digit sequentially; FY26 ending ARR growth >22%.
• CCP/partner programs create $10M–$15M per quarter ARR-to-revenue separation through Q4; wider professional services range assumed.
• Q3 outage-related cash payments ≈$51M; FCF margin 27% in Q4 and >30% for FY27.

Business Commentary:

• Reacceleration in Net New ARR and Revenue Growth:
• CrowdStrike reported record Q2 net new ARR of $221 million, double-digit millions ahead of expectations, with revenue growth of 21% year-over-year.

• The reacceleration was driven by AI-necessitated demand for the Falcon platform, stellar execution across the business, and strong customer consolidation onto the CrowdStrikeCRWD-- platform.

• Next-Gen SIEM and Platform Expansion:

• CrowdStrike's cloud, Next-Gen Identity, and Next-Gen SIEM platform solutions have $1.56 billion in ending ARR, growing more than 40% year-over-year.

• This growth was attributed to the increasing adoption of CrowdStrike's platform to solve complex security and IT problems, and the acquisition of Onum to enhance data pipeline capabilities.

• Innovation in Identity and PAM Solutions:

• CrowdStrike's Next-Gen Identity Protection exceeded $435 million in ending ARR, growing more than 21% year-over-year.

• This growth was supported by the launch of new solutions like Next-Gen PAM and Next-Gen Identity Protection, addressing customer concerns about AI security and agentic identities.

• Strategic Acquisitions and Cloud Security:

• CrowdStrike's cloud ending ARR exceeded $700 million, growing 35% year-over-year.
• The company's acquisition of Onum and strong adoption of its cloud security offerings, such as Falcon Cloud Security, contributed to this growth.

Sentiment Analysis:

• Management reported record Q2 net new ARR of $221M, ending ARR of $4.66B (+20% YOY), revenue of $1.17B (+21% YOY), record operating income ($255M, 22% margin) and record free cash flow ($284M, 24% of revenue). They said, “we exceeded all guided metrics” and raised outlook assumptions, stating back-half net new ARR will grow “at least 40% vs last year,” with clear line of sight to well exceed $5B ending ARR by year-end.

Q&A:

• Question from Andrew James Nowinski (Wells Fargo): Is the $10–$15M per quarter partner rebate impact included in Q3/FY26 revenue guidance, and how should we think about it?
  Response: Guidance embeds the impact; H2 net new ARR is guided to grow at least 40% YOY and FY26 ending ARR >22%, with CCP/partner impacts subsiding starting in Q4.

• Question from Matthew George Hedberg (RBC Capital Markets): How are you approaching identity vs. pure plays, especially after the Palo Alto–CyberArk deal?
  Response: CrowdStrike integrated identity since 2020 (Preempt) and launched next-gen PAM; customers want modern, non-legacy solutions, and adoption is strong across Shield and broader identity.

• Question from Saket Kalia (Barclays): How do CCP packages affect H2 renewals and how does FlexFLEX-- help?
  Response: Module renewal rates exceed 95%; CCP value should convert into renewals, and Flex seeded adoption, enabling re-Flexing as CCP burns off to support H2 growth.

• Question from Brian Lee Essex (JPMorgan): How will the Onum acquisition compete with legacy tools and interact with LogScale/Next-Gen SIEM?
  Response: Onum adds real-time in-pipeline detection and efficient third-party data ingestion, reducing cost/latency and complementing (not cannibalizing) LogScale within Next-Gen SIEM.

• Question from Gabriela Borges (Goldman Sachs): What is the EDR dynamic within Flex, and are you still landing EDR?
  Response: EDR is foundational to the modern SOC and fuels other modules; CrowdStrike leads in EDR and pairs it with SIEM and Charlotte to drive platform wins.

• Question from Joseph Anthony Gallo (Jefferies): Update on cloud security competition and consolidation given $700M ARR (+35% YOY).
  Response: Market is early; runtime workload protection combined with ASPM and other capabilities is winning consolidations, with CrowdStrike among the largest cloud security providers.

• Question from Tal Liani (BofA Securities): What drives and sustains the guided H2 40% net new ARR growth despite concerns about deceleration?
  Response: Growth confidence stems from consolidation demand, AI-driven need for the platform, and strong Flex adoption/burn rates, supported by field feedback and IR learnings.

• Question from John Jeffrey Hopson (Needham): What Charlotte AI features are driving adoption, and any hurdles?
  Response: Charlotte is an orchestrated, agentic SOC analyst embedded across modules, cutting investigations from days to hours and acting autonomously as Tier 1—driving rapid adoption.

• Question from Shaul Eyal (TD Cowen): How will you deploy ~$5B cash—tuck-ins vs. transformational M&A?
  Response: Focus remains on thoughtful, integrated tuck-ins with the right team/tech; won’t buy ARR for its own sake, but remain flexible if a larger fit emerges.

• Question from Roger Foley Boyd (UBS): Contrast SIEM and identity growth and your conviction in reaccelerating identity.
  Response: Identity saw CCP mix effects but has ample whitespace with next-gen offerings; SIEM is disruptive on pricing/integration; management feels good about both businesses.

• Question from Jonathan Frank Ho (William Blair): What are customers buying to secure agentic AI, and which categories excite you most?
  Response: Security spans model creation to deployment and agent protection; CrowdStrike’s agent security heritage positions it to safeguard AI agents across identities, data, and workloads.

• Question from Adam Charles Borg (Stifel): Exposure Management traction—coexistence or displacement?
  Response: Strong traction with agent and network vulnerability management plus attack surface management; drives consolidation and has been recognized as an IDC MarketScape leader.

• Question from Adam Tyler Tindle (Raymond James): Q3 public sector assumptions and FY27 net new ARR; scaling for >$1B NNARR run rate?
  Response: Fed is small but a growing opportunity; FY27 color to come post-Q4; go-to-market is being optimized around platform/Flex activation and partner scaling.