Hi Multi’s
Normally, you would expect Anand to write this article, but for now, that’s not the case. Anand is looking for a new job. If you can use his services, feel free to reach out to him.
Anand has experience in architecting, designing, and implementing cloud strategy. DevOps, cloud infrastructure, automation, CI/CD pipelines, and security are all areas where he has more than 10 years of experience. He is twice Google Cloud Certified.
Anand is seeking a role as a senior or lead DevOps engineer, Site Reliability Engineer, or Cloud Engineer.
You can find more details on his Linkedin Profile.
If you know someone looking for someone with Anand’s profile, please recommend him. I can testify from first-hand experience that he’s very hardworking, dutiful, and committed.
Let’s hope Anand can join the PM Team again soon.
In the meantime, Zack (aka Kappachino) wanted to jump in for Anand to analyze the CrowdStrike earnings.
Hi Multis
Zack here to cover CrowdStrike’s (CRWD) Q3 2026 FY earnings. I know it’s been a while since the earnings, and the stock is down roughly 12.5% as of now.
Overall, a 12.5% dip isn’t that bad considering how hard other SaaS names have been hit recently. Perhaps that speaks to the solid results from this report (spoiler!). So, now that I’ve given away the conclusion, I’m sure you want to know the details. Let’s jump right in.
One more thing before we jump in: the next earnings are still out about a month and a half. CrowdStrike is always one of the last to report.
The Numbers
Revenue: +22% year-over-year to $1.23 billion, beating estimates by 1.6%. Annual Recurring Revenue (’ARR’): +23% year-over-year to $4.92 billion.
For SaaS companies, ARR is often a better measure of performance than revenue because it provides insight into current and future obligations. Revenue, by contrast, is backward-looking and sometimes includes one-off items that may not repeat in future periods.
Net New ARR: Came in at $265.3 million, an impressive 73% year-over-year growth, which signals clear sales acceleration. Of course, that also has to do with the rebates CrowdStrike gave last year for the big outage.
The remaining metrics are steady and solid across the board.
Margins: GAAP subscription gross margin was 78% and held flat year-over-year. Non-GAAP subscription gross margin was 81%, compared to 80% in Q3 last year.
Operating Income: GAAP loss from operations was $69.4 million, compared to $55.7 million in Q3 last year. Non-GAAP income from operations was a record $264.6 million, compared to $200.7 million in Q3 last year.
Free Cash Flow: came in at $295.9 million, compared to $230.6 million in Q3 last year. Free cash flow margin was 24%.
The costs associated with the July 2024 outage incident are also nearly behind them. This quarter, those expenses impacted free cash flow negatively by $53M, with another $33M expected in Q4. After that, they will be concluded, and FY 2027 should have a nice year-over-year comp tailwind going forward.
Guidance remains on track. For Q4 FY2026 (fiscally, CrowdStrike is one year ahead of the calendar year), CrowdStrike expects $1,295M at the midpoint (22% growth year-over-year) and slightly raised full-year FY2026 guidance to $4,802M at the midpoint (21% growth year-over-year).
CEO George Kurtz expressed strong confidence in the pipeline through FY2027:
“Our revenue guidance includes the following assumptions: low to mid-teen sequential net new ARR growth Q3 to Q4, bringing ending ARR growth for FY26 to 23% year-over-year. At the midpoint of our net new ARR assumptions, we expect second-half net new ARR growth of at least 50% year-over-year, well above our previously provided assumptions of at least 40% year-over-year, driven by our strong Q3 outperformance and record pipeline. Additionally, we continue to expect FY 2027 year-over-year net new ARR growth of at least 20% from our now increased FY 2026 net new ARR assumptions.”
Product Updates
Module Adoption continues to move up and to the right:
When customers use more products, it increases “stickiness” (higher switching costs) and facilitates vendor consolidation, allowing CrowdStrike to capture more market share.
Increasing module adoption demonstrates that enterprises aren’t just viewing CrowdStrike as a one-time solution; they are ripping out other point products and consolidating into the Falcon platform, further solidifying CrowdStrike’s position as the operating system for security.
Two quotes from George Kurtz highlight this shift:
“In addition, EY brought us into a Fortune 500 healthcare account where in just a few months we were able to modernize the endpoint, cloud, and SIM environments in an eight-figure end-to-end Flex expansion deal where we displaced two SIMs, Defender for Endpoint, and a point cloud security product.”
“Deloitte announced Next-Gen SIEM in their MXDR practice, replacing their legacy SIEM provider, and Wipro, too, has standardized security delivery and incident response on Falcon.”
Falcon Flex also showcased strong numbers this quarter. It’s CrowdStrike’s way of offering a more flexible licensing model, where customers commit to purchasing a set of credits that can be applied to any module. This has been more effective than traditional, rigid models that require a new procurement cycle every time a customer wants to add a feature.
Source: CrowdStrike
ARR attributed from Flex more than tripled (!) year-over-year and Re-Flex customers (renewals) are spending significantly more than they did previously.
George Kurtz reiterating the benefits of Falcon Flex:
And I think that’s the biggest piece that everybody on the call should just remember is that that’s exactly what Flex was designed to do. Make it easier for customers to buy, make it very easy for us to be able to deploy, and be able to give value and lower TCO. That’s how we think about it. And the benefit is that we’re seeing bigger deals and longer deals. And that’s all good for us, and it’s great for the customers.
Moving on to product highlights, CrowdStrike’s next-gen products continue to lead innovation for the cloud and agentic era.
SIEM (Security Information and Event Management), had a record new ARR this quarter, and was highlighted multiple times on the call.
“Next-Gen SIEM has become a scale disruptor in a market that has historically been slow to evolve as customers embrace the speed and efficiency advantages versus legacy competitors.”
Source: CrowdStrike
SIEM is the analytical heartbeat of modern security operations. With the sheer amount of data in this new generation of cloud, IoT, and remote work, legacy providers (e.g., IBM, on-premise Splunk) are drowning in data and unable to process it efficiently.
CrowdStrike is positioned to disrupt the legacy SIEM market similarly to how it disrupted traditional Antivirus. Because the platform already gathers data in its cloud, switching to its next-gen solution is as simple as flipping a switch.
SIEM has been out for only a year but has already been getting recognition. Gartner recently named CrowdStrike a “Visionary” in the latest 2025 Magic Quadrant for Security Information and Event Management.
Source: CrowdStrike
While they are slightly lower on the “Ability to Execute” axis than some incumbents, to be expected for a newer offering, their “Completeness of Vision” exceeds that of half of their competitors. Given more time, I expect SIEM to work its way up the quadrant.
For comparison, their more mature Endpoint Protection platform remains firmly in the “Leader” quadrant.
Source: CrowdStrike
On the topic of endpoint protection, Kurtz also highlighted how AI has served as an accelerant for businesses to adopt CrowdStrike solutions, with a very long runway ahead given that 50% of the market is still using legacy Antivirus (’AV’) solutions.
And that’s, I believe, is going to be a massive market opportunity for us. So that’s where we see that. And overall, as I always say, 50% of the market is still legacy AV, and there’s still a long runway in the endpoint business to be able to take that legacy market share.
Beyond SIEM, there were also a couple of other product performance milestones.
Net New ARR quarter for Falcon Shield was up 50% QoQ (yes, quarter-over-quarter, not year-over-year!) Falcon Shield secures the SaaS stack, including Microsoft 365, Salesforce, and Slack, by running continuous vulnerability checks across both human and non-human (’AI’) identities.
Falcon Cloud Security had a record Q3 Net New ARR. As the cloud security market has matured, merely having “posture” (checking and alerting if security settings are correct) is no longer sufficient. Companies need “active” defense delivered at runtime, so that if a hacker attempts to execute a malicious command, it can be stopped immediately. Citing the Frost and Sullivan CWP Report, CrowdStrike was named the leader for Cloud Workload Protection.
Source: CrowdStrike
From the report:
Deep integration with XDR, MDR, and world-class threat hunting delivers unmatched end-to-end visibility and protection across cloud, endpoint, and identity.
It is very clear that CrowdStrike products are seeing increasing success and adoption. With a single-platform infrastructure paired with flexible terms via Falcon Flex, clients can seamlessly enable and test new features with minimal friction.
Acquisitions and Partnership News
There was a lot happening on the acquisition front. It’s been stated in previous articles, but to reiterate again, CrowdStrike often expands its product offering through smaller “tuck-in” acquisitions. So instead of buying established companies, they acquire small, high-tech, innovative startups that they can rebuild and integrate to run on CrowdStrike’s single cloud database.
This contrasts with Palo Alto Networks (PANW), which takes a more aggressive “serial acquirer” approach, buying best-of-breed companies and stitching them together into a full-stack solution, but this often can lead to more complexity.
CrowdStrike’s latest acquisitions are fitting in its approach again. It’s worth noting that only Pangea was mentioned in Q3 earnings, the other two happened in the timesince then. A quick summary of the three:
Pangea (acquired in Sept 2025) provides AI detection and response (’AIDR’) serving a security layer between a user prompt and AI response. It serves to prevent an AI model from revealing proprietary data (via hacker prompt injection) or redacting sensitive information in the case that an employee accidentally pastes it into an AI prompt.
SGNL (acquired in Jan 2026) is a zero-trust solution for AI agents. Typically, once identity tools authorize access, the agents are free to perform actions unhindered, SGNL constantly checks authorization even after initial acceptance, and if the agent acts suspiciously, access could be revoked immediately.
Seraphic (acquired in Jan 2026) provides web browser security. Nowadays, more work occurs in the browser than in installed applications, creating another vulnerable endpoint to secure. Seraphic enables CrowdStrike to treat the browser as a secure enterprise browser, preventing data leaks and malicious extensions.
Viewing these three solutions together, we see that CrowdStrike is expanding its product portfolio to protect the modern AI-driven enterprise.
There were also a few major partnerships updates to highlight:
AWS selected CrowdStrike as the first cybersecurity partner to deliver an integrated SIEM through AWS Marketplace.
Earlier, we mentioned the accelerating adoption of the new SIEM solution, and AWS’s integration of it into its marketplace further reduces friction in the buying process. Being offered through the AWS marketplace is great for product visibility, given that AWS is the #1 cloud provider in the world. Additionally, it’s much less cost-intensive, requiring fewer S&M resources.
On a related note, AWS awarded CrowdStrike Security Partner of the Year (beating Splunk and SentinelOne) and won the Marketplace Partner of the Year (beating Splunk and Salesforce), which lends further to CrowdStrike’s excellence in this space.
EY US has selected Falcon Next-Gen SIEM as the foundational platform powering its global cybersecurity managed services. This makes CrowdStrike the standard for SIEM managed service clients, replacing competitor solutions. Every client who needs managed SIEM services will be funneled into the Falcon ecosystem and with the current single platform structure, additional modules will be upsold in the future. So like AWS, this turns one of the largest consulting firms into a massive sales engine for CrowdStrike.
Conclusion
Quarter after quarter, CrowdStrike continues to execute. With accelerating ARR, continuous module adoption, and product innovation tailored to the AI revolution, they’ve proven again why they are the cream of the crop and show no signs of slowing down.
That said, it’s no surprise that it trades at a premium, personally I have not added in over a year.
However, I’ll be curious if Kris has a different take once he updates his quality score and valuation.
Hi Multis
Kris here. Let’s start with the Quality Score before we go to the valuation and the final conclusion: Is CrowdStrike a buy now?
Do you want to see whether CrowdStrike is a buy?
Do you want to know what I bought for my real-money portfolio yesterday?
Become a paying member of Potential Multibaggers!
(If you already are, just scroll past this)
What do you get as a member?
✍️ Multiple high-quality articles per week
📚 Full access to our entire library of deep-insight articles
🔎 Full investment cases
📊 Access to the Private Community
🎥 Regular Webinars
📈 The Best Buys Now every month
✍️ The Overview Of The Week each Sunday
🔎 Deep earnings analysis
📊 The 10 Best Stocks for 2026 (the selection for 2025 beats the S&P by more than 40%!)
Many Multis say that the community alone is already worth the price, but you get so much more.
Go to this page.
Subscribe to the annual plan.