Why AI Is Not A Threat To CrowdStrike
Deep Insight on this premium cybersecurity company
Hi Multis
I promised you that there would be a second article from Zack this week and here it is. As always, I will update the Selling Rules, the Quality Score and then evaluate the current valuation.
Hi Multis, Zack here, with CrowdStrike’s earnings analysis.
To kick off the Q4 FY2026 earnings call, CEO George Kurtz highlighted seven points that perfectly encapsulated the quarter. I thought to myself, why reinvent the wheel? So to start, I’ll let Mr. Kurtz take it away with those seven highlights, with my own commentary interspersed:
One, all-time record net new ARR of $331 million for the quarter, which grew 47% year-over-year, coming in well ahead of our expectations. For the year, we delivered $1.01 billion in net new ARR, up 25% year-over-year. Our first year delivering over $1 billion of net new ARR.
Two, ending ARR of $5.25 billion, crossing the $5 billion milestone, which accelerated to 24% growth year-over-year.
Both ARR and Net New ARR continue to signal sales acceleration and market share gains.
For SaaS companies, annual recurring revenue (’ARR’) is often a better indicator of performance than revenue because it provides a clearer view into current and future obligations.
That said, Revenue came in at $1.31B, an increase of 23% year-over-year, beating estimates by 1%.
Gross margins continued to stay steady: GAAP subscription gross margin at 79% (up from 77% in Q4 last year), and Non-GAAP subscription gross margin was 81% (up from 80% last year).
Back to George Kurtz:
Three, record free cash flow of $376 million for the quarter, or 29% of revenue. For the year, we delivered record free cash flow of $1.24 billion or 26% of revenue.
CrowdStrike continues to impress with growing free cash flow and margin. This led to cash and cash equivalents growing to $5.23B ending FY2026:
If you want Fiscal AI at a 15% discount, you can do that here.
CrowdStrike has not taken any debt since 2021 and the rock-solid balance sheet provides stability and optionality for future acquisitions or buybacks.
On the topic of share buybacks, CrowdStrike recently repurchased $50.6M in shares, its first move since announcing its $1B program last year.
Moving on to Kurtz’s comments on operating income:
Four, all-time record operating income of $326 million for the quarter, or 25% of revenue.This is the third consecutive quarter of record operating income. For the year, we delivered $1.05 billion of operating income, exceeding the billion-dollar operating income milestone for the first time.
It’s worth noting that this refers to non-GAAP operating income. On a GAAP basis, there was a slight loss from operations of $6.9M.
While CrowdStrike is still technically at a GAAP operating loss, the gap (pun not intended) is primarily driven by Stock-Based Compensation (’SBC’).
Even when accounting for SBC, CrowdStrike is on the verge of being GAAP operating profitable again.
In fact, after adding in other income and tax provisions, the company achieved GAAP net income of $39M or $0.15 in EPS. This marks CrowdStrike’s first positive quarterly net income since the July 2024 outage.
Speaking of the 2024 outage, this was also the final quarter impacted by the Customer Care Program (’CCP’) credits. It turns out the CCP had a major silver lining despite the short-term revenue headwinds as Kurtz noted:
As we lapse the one-year mark from the end of our highly successful CCP program, we have seen that accounts that took CCP deals have gross and net retention rates higher than the company average, have shown a strong trend of early renewal, and have already expanded more than twice the total $80 million of ARR value we provided.
Talk about turning lemons into lemonade!
Onto Kurtz’s fifth point:
Five, record net new ARR from cloud, next-gen identity, and next-gen SIEM collectively. Ending ARR for these solutions collectively grew more than 45% year-over-year. Amidst today’s AI backdrop, our endpoint business accelerated for the second consecutive quarter.
New products are the bread and butter of CrowdStrike’s land-and-expand model. 45% year-over-year growth signals a massive appetite for the broader platform.
Here’s the performance breakdown followed by a quick summary of each module:
Source: CrowdStrike
Cloud Security: Protects cloud infrastructure and AI workloads. As AI usage increases, CrowdStrike’s revenue will grow along with it.
Next-Gen SIEM: Collects and analyzes event data to respond to threats in real-time. Growth in this newer module continues, indicating increased usage and market-share gains at the expense of legacy providers.
Next-Gen Identity: Protects credentials for both human and AI “employees.” Since 80% of breaches now involve compromised identities rather than traditional viruses, this layer is mission-critical.
While it isn’t illustrated in the graphic above, there have been two consecutive quarters of acceleration for the more established endpoint product. This is despite a false narrative that endpoint security is becoming commoditized.
The reason for the reacceleration? AI adoption.
With the rise of Model Context Protocol (’MCP’) servers, localized LLMs, and AI coding tools, the endpoint is becoming a massive attack surface as evidenced by George Kurtz:
As of Q4, our sensors detected more than 1,800 distinct AI applications running on enterprise devices, representing nearly 160 million unique application instances across our customer base.
With the proliferation of AI agents and processes running on local devices, basic antivirus protection is no longer good enough and more advanced endpoint protection is critical for modern companies.
Other Product Updates
CrowdStrike officially moved to acquire SGNL (zero trust solution for AI agents) and Seraphic Security (enhanced web browser security), two additional tuck-in acquisitions to expand its AI-focused modules.
They also announced the general availability of AI Detection and Response (AI-DR), which has been quite a success so far, growing 5x from last quarter.
Source: CrowdStrike
AI-DR acts as a modern “firewall” for AI. Just as a traditional firewall stops malicious files from entering your system, AI-DR prevents sensitive or “bad” information from being sent to AI models using prompt filtering and governance guardrails to ensure agents stay within their authorized boundaries.
With new module growth, it’s no surprise adoption rates have remained strong:
And continued product adoption goes hand-in-hand with Kurtz’s next point:
Six, dollar-based net retention of 115% and gross retention of 97%, showcasing best-in-class durability and stickiness.
Customers aren’t leaving, they are staying, and spending more.
DBNRR (dollar-based net retention rate) is 115%, which means the total revenue from the specific group of customers who were with the company a year ago grew by 15% over the last 12 months, including all customers who left or reduced their spending.
After a downtick in DBNRR for FY2025, we see re-acceleration heading into FY2027:
And to cap it off with the last achievement:
Seven, we delivered $1.69 billion in ending ARR from accounts that have adopted the Falcon Flex subscription model, growing more than 120% year-over-year, turbocharging our land and expand motion.
Falcon Flex subscriptions continue to be a huge success in growing customer product adoption and revenue and it’s becoming a bigger piece of the ARR pie.
Falcon Flex allows customers to toggle between modules within a single commitment without renegotiating contracts, leading to more seamless procurement and spending.
Critics worried this might artificially inflate adoption metrics with temporary usage, but “reflex” (renewal) data from George Kurtz debunks that:
The proof of Falcon adoption success is in the reflex. Customers are using what they buy and expanding their Flex commitments. More than 380 Flex accounts have already reflexed, representing more than 23% of the Flex customer base, up from 5% in Q1. The average ARR lift after a reflex is 26%, happening on average within seven months.
Our multiple time reflexes on average have an ARR lift of an additional 48% from their initial Flex subscription.
In summary, Falcon Flex unlocks never-seen-before adoption for customers. Flex is now how we go to market.
It’s clear that Falcon Flex isn’t just providing a short-term bump in revenue; customers are continually increasing their spend commitments over time.
For FY2027 guidance, management shared the following:
ARR guide of $5.5B for Q1 FY2027, $6.5B for the full-year FY2027 (24% growth year-over-year)
Revenue guide of $1.36B for Q1 FY2027, $5.91B for the full-year FY2027 (23% growth year-over-year)
Non-GAAP income from operations guide of $309M for Q1 FY2027, $1.4B for the full year FY2027 (33% growth year-over-year)
Free Cash Flow Margin of 33% in Q1 FY2027 and at least 30% for the full FY2027.
Overall, guidance is solidly on track. Historically, CrowdStrike “beats and raises,” which suggests we could see even higher margins and top-line acceleration as the year progresses.
Other News
Microsoft Partnership
CrowdStrike announced a significant partnership with Microsoft, allowing organizations to purchase the Falcon platform with Microsoft Azure consumption credits. This is significant because Microsoft’s E5 solution is one of CrowdStrike’s biggest competitors.
For Microsoft to offer their biggest cybersecurity competitor a space in their marketplace is further validation that some customers prefer CrowdStrike as a “best-of-breed” vendor over Microsoft, which is often chosen simply because of convenience or cost consolidation to a single vendor.
Amazon Web Services Growth
In related news, CrowdStrike announced it has generated nearly $1.5 billion in total contract value on the AWS Marketplace, up 50% year-over-year. Success on AWS could potentially foreshadow significant contributions from the latest Microsoft partnership as well.
These cloud market partnerships are an efficient way to generate sales for CrowdStrike, as they allow the company to leverage Microsoft and Amazon’s sales to cross-sell their products at a lower commission fee than the larger overhead of managing a direct salesforce.
Memorandum of Understanding (’MOU’) with Saudi ARAMCO
CrowdStrike signed an MOU with the Saudi-owned ARAMCO. While it’s just an initial proposal, it elevates CrowdStrike from just a software vendor for enterprises to a trusted national security partner for mission-critical assets.This could set the stage for future multi-million dollar deals in sovereign markets leading to long-term contracts driven by sticky infrastructure-level integration.
Perplexity Comet
CrowdStrike and Perplexity also announced a partnership. This is what Mark wrote about it in the Overview Of The Week:
Earlier this week, CrowdStrike issued a press release announcing a strategic partnership to integrate the CrowdStrike Falcon platform with Perplexity’s Comet Enterprise.
If you’re not familiar with Comet Enterprise, it is Perplexity’s enterprise-focused AI browser that allows employees to research, analyze information, and interact with AI directly within a browser interface while giving organizations administrative controls over security, data usage, and governance.
As companies increasingly incorporate AI tools into everyday workflows, CrowdStrike is positioning Falcon to secure these emerging environments through partnerships like this one. The collaboration also highlights the value of CrowdStrike’s recent acquisition of Seraphic, a browser security company, which provided the browser-layer runtime protection needed to integrate Falcon directly into AI-driven browsing platforms such as Comet Enterprise.
The AI “Threat”
A modern-day analysis would not be complete without addressing the AI “threat” that hangs over each SaaS company.
Last month, Claude announced the release of Claude Code Security:
Source: X
Like clockwork, CrowdStrike sold off 7% by the end of the day.
A couple of days later, George Kurtz fired back his own rebuttal:
Source: X
Pretty ironic, right? Even Claude agrees it cannot create CrowdStrike.
To press further, Anthropic (Claude) is a customer of CrowdStrike:
Source: Stockscurrent
If the capability were there, Anthropic would have built it in-house but clearly, that isn’t the case. Let’s take a deeper look at why:
Claude Code analyzes the code that it created itself to find vulnerabilities, functioning much like an automated application security testing (’AST’) tool. It flags issues and suggests fixes. This is helpful, and it will likely become an efficient, low-cost alternative for developers looking to ship cleaner, more secure code.
One market fear is that if code ships with zero vulnerabilities, the need for an expensive platform like CrowdStrike vanishes. But remember: 80% of all breaches are not malware-based. So even if Claude fixes every code vulnerability, a stolen identity or a human error (like clicking a phishing link) can bypass secure code instantly.
In contrast, CrowdStrike monitors in real-time, living deep within the operating system to block malware execution and track hackers moving through the network. While Claude proactively analyzes and asks for approval, CrowdStrike reacts in milliseconds to stop active threats.
George Kurtz highlights this distinction perfectly:
Here’s what you have to remember, is that what customers want is real-time prevention. You have to be in line, you have to be able to get the data in milliseconds, and you have to make a decision. That’s not the case with an LLM.
In short: Claude may allow developers to build more securely, but CrowdStrike is still needed to operate securely.
The Long-Term AI Moat
But let’s take it a step further. What if AI eventually builds a competing security platform?
CrowdStrike maintains a few distinct advantages over an alternate AI-built platform or other competitors for that matter:
CrowdStrike is a Net Data Creator. The platform generates real-time proprietary telemetry from approximately 2 trillion objects and over 1 trillion security events daily. These create unique patterns and security rules that don’t exist anywhere else on the internet. So any new security platform that may be spun up, no matter how advanced, will be behind the ball due to its lack of learned real-time customer data insights.
This usage data enables a technique called “Cyber-Reinforced Learning from Human Feedback” (’RLHF’). Breaches in real time produce expert-labeled data as a by-product of operations. This closed-loop system creates a flywheel: more events occur, which are validated by their experts, lead to platform improvements that no other competitor has, lead to more product adoption and additional events.
Lastly, reliable Cybersecurity hinges on deterministic outcomes. You can’t simply be right 90% of the time or suffer from occasional hallucinations. Stopping adversaries requires both efficacy and precision; you don’t get a second chance if it fails. Would an organization risk its infrastructure security to save money on less-tested alternative solutions? Cybersecurity is non-negotiable.
AI as a Tailwind
To flip the script, rather than a threat, AI and the “agentic workforce” represent a massive new market for CrowdStrike.
AI adoption means a new attack surface that must be secured. As it grows, CrowdStrike becomes an even more necessary layer of protection for the AI stack. We are already seeing this reflected in the growth of the modules (Identity, Endpoint, AI-DR, etc.) mentioned earlier in this article. CrowdStrike is set to benefit from this AI revolution, not be replaced by it.
Conclusion
With that, we conclude with another record-breaking quarter for CrowdStrike.
The company has successfully navigated the 2024 outage, turned its recovery program into a growth engine, and is now crossing the threshold into meaningful GAAP profitability. Module adoption and growth prove that AI is a tailwind for the business, not a threat, and with the $5 billion ARR milestone in the rearview mirror, the path toward its $10B ARR goal by 2030 looks to be on track. Remember that the goal was initially for $10B in revenue in 2032.
Thank you for reading! If you enjoyed this article, please give me a follow @ZackStacksKap. I often provide additional commentary on this and other Potential Multibagger stocks and would love to hear from you on X.
With that, I pass it over to Kris for the Selling Rules, the Quality Score and valuation.