CrowdStrike's Q2 2026 Earnings Call: Contradictions on Partner Rebate Impact, ARR Growth, and AI Integration Reveal Strategic Shifts

Generated by AI AgentEarnings Decrypt
Thursday, Aug 28, 2025 3:50 am ET3min read
Aime RobotAime Summary

- CrowdStrike reported Q2 2026 revenue of $1.17B (+21% YoY) and $221M net new ARR, driven by AI demand for Falcon platform and strong customer consolidation.

- Next-Gen SIEM/Identity solutions reached $1.56B ARR (+40% YoY), while cloud security ARR exceeded $700M (+35% YoY) post-Onum acquisition.

- Partner rebate programs ($10-15M/qtr) will phase out by Q4, with FY26 guidance raised to $4.75B-$4.81B revenue and >$5B ending ARR by year-end.

- Charlotte AI integration and Flex licensing model enabled rapid adoption, with EDR leadership and agent security positioning CrowdStrike for AI-driven security growth.

The above is the analysis of the conflicting points in this earnings call

Date of Call: August 27, 2025

Financials Results

  • Revenue: $1.17B, up 21% YOY
  • EPS: $0.93 non-GAAP diluted EPS, exceeded guidance
  • Gross Margin: 78% total non-GAAP; subscription gross margin 80%
  • Operating Margin: 22% non-GAAP, exceeded guidance

Guidance:

  • Q3 revenue $1.208B–$1.218B (+20%–21% YOY); non-GAAP EPS $0.93–$0.95; operating income $256M–$262M; 21% tax; ~257M diluted shares.
  • FY26 revenue $4.750B–$4.806B (+20%–22% YOY); non-GAAP EPS $3.60–$3.72; operating income $1.00B–$1.04B.
  • H2 net new ARR to grow at least 40% YOY; Q2→Q3 net new ARR up high single-digit sequentially; FY26 ending ARR growth >22%.
  • CCP/partner programs create $10M–$15M per quarter ARR-to-revenue separation through Q4; wider professional services range assumed.
  • Q3 outage-related cash payments ≈$51M; FCF margin 27% in Q4 and >30% for FY27.

Business Commentary:

  • Reacceleration in Net New ARR and Revenue Growth:
  • CrowdStrike reported record Q2 net new ARR of $221 million, double-digit millions ahead of expectations, with revenue growth of 21% year-over-year.

  • The reacceleration was driven by AI-necessitated demand for the Falcon platform, stellar execution across the business, and strong customer consolidation onto the

    CrowdStrike
    platform.

  • Next-Gen SIEM and Platform Expansion:

  • CrowdStrike's cloud, Next-Gen Identity, and Next-Gen SIEM platform solutions have $1.56 billion in ending ARR, growing more than 40% year-over-year.

  • This growth was attributed to the increasing adoption of CrowdStrike's platform to solve complex security and IT problems, and the acquisition of Onum to enhance data pipeline capabilities.

  • Innovation in Identity and PAM Solutions:

  • CrowdStrike's Next-Gen Identity Protection exceeded $435 million in ending ARR, growing more than 21% year-over-year.

  • This growth was supported by the launch of new solutions like Next-Gen PAM and Next-Gen Identity Protection, addressing customer concerns about AI security and agentic identities.

  • Strategic Acquisitions and Cloud Security:

  • CrowdStrike's cloud ending ARR exceeded $700 million, growing 35% year-over-year.
  • The company's acquisition of Onum and strong adoption of its cloud security offerings, such as Falcon Cloud Security, contributed to this growth.

Sentiment Analysis:

  • Management reported record Q2 net new ARR of $221M, ending ARR of $4.66B (+20% YOY), revenue of $1.17B (+21% YOY), record operating income ($255M, 22% margin) and record free cash flow ($284M, 24% of revenue). They said, “we exceeded all guided metrics” and raised outlook assumptions, stating back-half net new ARR will grow “at least 40% vs last year,” with clear line of sight to well exceed $5B ending ARR by year-end.

Q&A:

  • Question from Andrew James Nowinski (Wells Fargo): Is the $10–$15M per quarter partner rebate impact included in Q3/FY26 revenue guidance, and how should we think about it?
    Response: Guidance embeds the impact; H2 net new ARR is guided to grow at least 40% YOY and FY26 ending ARR >22%, with CCP/partner impacts subsiding starting in Q4.
  • Question from Matthew George Hedberg (RBC Capital Markets): How are you approaching identity vs. pure plays, especially after the Palo Alto–CyberArk deal?
    Response: CrowdStrike integrated identity since 2020 (Preempt) and launched next-gen PAM; customers want modern, non-legacy solutions, and adoption is strong across Shield and broader identity.
  • Question from Saket Kalia (Barclays): How do CCP packages affect H2 renewals and how does
    Flex
    help?
    Response: Module renewal rates exceed 95%; CCP value should convert into renewals, and Flex seeded adoption, enabling re-Flexing as CCP burns off to support H2 growth.
  • Question from Brian Lee Essex (JPMorgan): How will the Onum acquisition compete with legacy tools and interact with LogScale/Next-Gen SIEM?
    Response: Onum adds real-time in-pipeline detection and efficient third-party data ingestion, reducing cost/latency and complementing (not cannibalizing) LogScale within Next-Gen SIEM.
  • Question from Gabriela Borges (Goldman Sachs): What is the EDR dynamic within Flex, and are you still landing EDR?
    Response: EDR is foundational to the modern SOC and fuels other modules; CrowdStrike leads in EDR and pairs it with SIEM and Charlotte to drive platform wins.
  • Question from Joseph Anthony Gallo (Jefferies): Update on cloud security competition and consolidation given $700M ARR (+35% YOY).
    Response: Market is early; runtime workload protection combined with ASPM and other capabilities is winning consolidations, with CrowdStrike among the largest cloud security providers.
  • Question from Tal Liani (BofA Securities): What drives and sustains the guided H2 40% net new ARR growth despite concerns about deceleration?
    Response: Growth confidence stems from consolidation demand, AI-driven need for the platform, and strong Flex adoption/burn rates, supported by field feedback and IR learnings.
  • Question from John Jeffrey Hopson (Needham): What Charlotte AI features are driving adoption, and any hurdles?
    Response: Charlotte is an orchestrated, agentic SOC analyst embedded across modules, cutting investigations from days to hours and acting autonomously as Tier 1—driving rapid adoption.
  • Question from Shaul Eyal (TD Cowen): How will you deploy ~$5B cash—tuck-ins vs. transformational M&A?
    Response: Focus remains on thoughtful, integrated tuck-ins with the right team/tech; won’t buy ARR for its own sake, but remain flexible if a larger fit emerges.
  • Question from Roger Foley Boyd (UBS): Contrast SIEM and identity growth and your conviction in reaccelerating identity.
    Response: Identity saw CCP mix effects but has ample whitespace with next-gen offerings; SIEM is disruptive on pricing/integration; management feels good about both businesses.
  • Question from Jonathan Frank Ho (William Blair): What are customers buying to secure agentic AI, and which categories excite you most?
    Response: Security spans model creation to deployment and agent protection; CrowdStrike’s agent security heritage positions it to safeguard AI agents across identities, data, and workloads.
  • Question from Adam Charles Borg (Stifel): Exposure Management traction—coexistence or displacement?
    Response: Strong traction with agent and network vulnerability management plus attack surface management; drives consolidation and has been recognized as an IDC MarketScape leader.
  • Question from Adam Tyler Tindle (Raymond James): Q3 public sector assumptions and FY27 net new ARR; scaling for >$1B NNARR run rate?
    Response: Fed is small but a growing opportunity; FY27 color to come post-Q4; go-to-market is being optimized around platform/Flex activation and partner scaling.
author avatar
Earnings Decrypt

Discover what executives don't want to reveal in conference calls

Comments



Add a public comment...
No comments

No comments yet