Hi Multis,

Anand here with the CrowdStrike (CRWD) earnings analysis. After my take, Kris will update the Quality Score and the valuation.

CrowdStrike reported the result earlier this week, on Tuesday June 3, and the stock was down more than 6% after the release.

CrowdStrike's stock price hit an all-time high on June 3, right before earnings.

This marks the fastest recovery following a major outage on July 19, achieved in under 11 months. If someone had told you on July 20, 2024, not to worry because the stock would be at an all-time high in one year, you might have laughed and dismissed it. But that scenario became a reality.

The Numbers

Revenue for Q1 came in at $1.10 billion, up 20% year-over-year, slightly ahead of expectations. More importantly, Annual Recurring Revenue ('ARR') grew 22% to $4.44 billion, with $194 million in net new ARR added during the quarter.

To put that in perspective, CrowdStrike’s ARR has skyrocketed from $700 million to $4.44 billion in just five years, representing a 46.5% compound annual growth rate. That level of sustained growth at scale is nothing short of remarkable.

Source: Finchat

Source: Finchat (did you know you get a 15% Finchat discount with this link?)

In Q1, CrowdStrike customers who adopted 6 or more modules grew to 48% from 44% a year ago, 7 or more modules grew to 32% from 28% a year ago, and 8 or more modules grew to 22%.

Source: Finchat

The total gross margin was 78%, and the subscription gross margin was best in class at 80% of revenue, the same as last year.

On a non-GAAP basis, CrowdStrike reported net income of $184 million, down from $196.8 million a year ago. Non-GAAP EPS came in at $0.73, compared to $0.79 in Q1 last year, though both figures came in ahead of internal estimates for the quarter.

GAAP results, however, were more heavily impacted. The company posted a GAAP net loss of $110.2 million, compared to net income of $42.8 million in the same quarter last year. GAAP net loss per share was $0.44, versus a profit of $0.17 per share in Q1 FY2024.

Management attributed the year-over-year decline in profitability, particularly on a GAAP basis, to incident-related expenses, which will be detailed later in the article.

Free cash flow was $279.4 million, compared to $322.5 million. It decreased by 15.42%, with a free cash flow margin of 27%. As I mentioned in the last quarter's article, the free cash flow margin is bottoming here. We can clearly see that in the graph pattern. The free cash flow margin is ticking up, and Management is guided 30% free cash flow margin for the second half.

Source: Finchat

CrowdStrike reported that cash and cash equivalents grew to a record $4.61 billion.

Source: Finchat

Guidance:

Q2 2025 Outlook

Management is known for providing conservative guidance. They guided for revenue between $1.14 to $1.15 billion, a 19% growth compared to a year ago, which was slightly lower than expected. Investors would like to see 20% or above for a premium company like CrowdStrike.

Non-GAAP net income is in the $226.9 to $233.1 million range, and non-GAAP net income per share will be in the $0.82 to $0.84 range, also in line with the consensus estimate.

Full-year 2025 outlook

Management guided for revenue between $4.74 billion and $4.80 billion. Non-GAAP net income is seen between $970.8 to $1010.8 million range, and non-GAAP net income per share will be in the $3.44 to $3.56 range, in line with the consensus estimate.

The revenue expectations for the year remain the same, while net income and net income per share full-year guidance increased from the previous quarter.

Due to CCP (Customer Commitment Package) related programs, the management team has given a heads-up to expect a temporary near-term separation between ARR and subscription revenue recognition. The management team expects the impact to be in the range of $10 million to $15 million for each of the remaining quarters of this fiscal year. It will go down to a lower or normal level in Q4 2025.

Implementing AI will enhance the company's internal execution and efficiency. Growth in cloud services, identity management, exposure management, AI, and Security Information and Event Management, or SIEM, is expected to improve the operating margin by 1% next year. Additionally, the free cash flow margin is projected to be 30% or more.

Additionally, the company has authorized a share repurchase program of up to $1 billion.

Highlights from the conference call

Before going into the details of the call, I wanted to share my observations. CEO Geroge Kurtz and CFO Burt Podbere both seemed excited and had confidence in their voice.

The prepared remarks felt like an LLM generated them, though. There were a few details repeating again and again. I'm not sure if there was a reason or if it was simply because AI generated it. Another observation in Q&A was that the answers were very short and not detailed; in a way, it's good, so they covered more questions from analysts, and they indeed cover more questions. This time, the answers lacked detail, though.

CrowdStrike received a request from the DOJ (Department of Justice)

CEO George Kurtz altogether avoided the question from Matthew Hedberg, which is not normal behavior for George Kurtz, but CFO Burt Podbere confirmed that they received a request for information from the DOJ and the SEC relating to revenue recognition and reporting of ARR for certain transactions, the July 19 outage and related matters.

That left me with some skepticism. I will wait for more details. It's not that late; while writing this article, I saw that Bloomberg posted an article about it. This is what it said:

US prosecutors and regulators have been investigating a $32 million deal between CrowdStrike and a technology distributor, Carahsoft Technology Corp., to provide cybersecurity tools to the Internal Revenue Service, Bloomberg News first reported in February. The IRS never purchased or received the products, Bloomberg News earlier reported.

The investigators are probing what senior CrowdStrike executives may have known about the $32 million deal and are examining other transactions made by the cybersecurity firm.

If (if!) this would be true, it's probably not a material matter. But let's wait and see.

CrowdStrike Platform Updates

CrowdStrike maintains its leadership as a cybersecurity platform. Cloud security had a very strong start to the year and is accelerating year-over-year.

Cloud Security consists of cloud workload protection, posture management, application security, and SaaS security. CrowdStrike's innovation and commercial success were recognized in the 2025 Frost Radar: Cloud and Application Runtime Security report, where CrowdStrike scored highest out of all vendors on the innovation index.

Source: CrowdStrike Investor presentation

There's also the Exposure Management business, which includes vulnerability management and attack surface management. CrowdStrike is rapidly evolving from an incumbent complement to a scaled disruptor. Historically, there was a missing piece due to a lack of network scanning. With the launch of AI-powered network vulnerability assessment, CrowdStrike now delivers unified exposure management for both managed and unmanaged devices.

CrowdStrike is disrupting outdated and buggy solutions with its Next-Gen SIEM, LogScale. LogScale delivered triple-digit ending ARR growth while displacing antiquated, expensive, and poor-performing point products. CEO George Kurtz mentioned that they are replacing Splunk and QRadar with LogScale in the SIEM space.

In April, CrowdStrike announced the general availability of Falcon Privileged Access Management or PAM. Previously, CrowdStrike's identity customers depended on third-party integrations for access management. Now, CrowdStrike customers benefit from just-in-time access and permissions for essential applications and services, all within its unified AI-native platform. Their identity solution provides immediate time to value in Gaining insights into stale accounts, exposed credentials, shared passwords, and agent-free unmanageable devices and securing identities.

CrowdStrike announced the general availability of both our AI model scanning and AI security dashboard technologies at RSA. CrowdStrike is ensuring that enterprises can safely adopt AI while managing potential risks such as model vulnerabilities, data leakage, unsanctioned use, and identity-based privilege.

Falcon Flex for the win

Falcon Flex is significantly evolving the go-to-market and customer experience. The subscription model sparks Falcon platform adoption, delivers point product consolidation, and fuels partner success.

In less than two years since Falcon Flex started, they have closed more than $3.2 billion in total account deal value across over 820 accounts that have adopted the subscription model. The average Flex customer deal size exceeds $1 million in ending Annual Recurring Revenue ('ARR'). Customers commit to longer durations. The average Flex subscription length is 31 months. Flex customers adopt Falcon faster; more than 75% of Flex contracts are already deployed.

Renewal of Flex customers is referred to as re-Flexes. The management team is seeing more and more re-Flexes faster than they thought. 39 Flex customers have already deployed their initial contract demand plan and have returned for a re-Flex. These customers' initial Flex contracts were 35 months, nearly 3 years on average, and within just 5 months, they came back to CrowdStrike wanting more of the Falcon platform to achieve their cybersecurity consolidation goals.

CEO George Kurtz on the call:

The model we pioneered is a game changer. Flex accelerates what would have taken years of module sales cycles into rapid platform transformations, unlocking adoption and spending while creating even more platform stickiness.

Key partnerships with Microsoft and Nvidia

CrowdStrike and Microsoft have partnered to harmonize cyber threat attribution, aiming for strategic collaboration for overlapping threat actor names and improving clarity for security teams. This initiative will enable more accurate threat analysis and improved response efforts for both companies and the entire industry.

CrowdStrike integration with NVIDIA Enterprise AI Factory, their reference AI architecture, integrates Falcon as the cybersecurity standard for securing NVIDIA's hardware and software.

This is huge, and we know there are 100 AI factories in the flight, and many more will be announced soon. The partnership with Nvidia is not about media attention, but CrowdStrike is included at the foundational level in AI factories. There is a reference point on the Nvidia Q1 conference call.

Nvidia CFO Colette Kress on the call:

With CrowdStrike realizing 2x faster security threat detection triage with 50% less compute cost.

Security for AI and AI agents:

Just like any application, mobile app, device, or API, the AI agents also connect and access multiple internal and external data stores, applications, and machines to automate business processes and workflows at scale. AI agents dramatically increase the size, severity, and speed of the enterprise security attack surface. Size, more agents everywhere, severity, everything is connected faster than it can be contained. Every AI agent has a unique identity, requires necessary visibility, and needs to have secure control.

In a recent market survey, 96% of respondents plan to expand their use of AI agents within the next 12 months, with two-thirds already building agents and some targeting a reach of over 1 billion in production agents.

Securing AI Agents is the next big opportunity for CrowdStrike. CrowdStrike will be the protector of autonomous AI agents. CrowdStrike is uniquely positioned to secure the identity, workload, infrastructure, data, and underlying AI models themselves using a single platform.

It will grow the company's total addressable market even higher. That's what excites the CEO, George Kurtz, and the management team. I don't have any doubt, and I stand with the CrowdStrike team by investing in them.

Please don't forget Charlotte AI is its agentic security analyst, completing tasks and making decisions to copilot human SOC personnel that help in the security operation side

Final thoughts

CrowdStrike reported better-than-expected numbers. The company faces a short-term headwind due to outage-related expenses until Q4 2025, but it has handled this situation extremely well. The Falcon platform is sticky and shows great strength combined with the Falcon Flex model.

Agentic AI is the next big growth driver for CrowdSTrike, along with a key partnership with Nvidia.

The stock price touching an all-time high brings a new level of excitement. I know many Multis want to add to CrowdStrike's position, but it's challenging to find the opportunity. I am one of them, and that's a good problem to have.

We may see fluctuations in the stock price based on the overall market performance, but the thesis remains intact.

Disclosure: I personally own the shares of CrowdStrike (CRWD) June 4, 2020

If you like the article, please share your feedback in a comment on the article and follow me on X@anandkhatri.

Quality Score