Rapid7 Inc. Aktienkurs
Insights zu Rapid7 Inc.
Insights
Mit KI besser investieren
aktien.guide Unlimited – alle Details der KI-Analysen
👉 Detailliertere Insights
👉 Exklusive Einblicke in Chancen & Risiken
👉 Klare Antworten auf deine Fragen
Mit KI besser investieren
aktien.guide Unlimited – alle Details der KI-Analysen
👉 Detailliertere Insights
👉 Exklusive Einblicke in Chancen & Risiken
👉 Klare Antworten auf deine Fragen
Mit KI besser investieren
aktien.guide Unlimited – alle Details der KI-Analysen
👉 Detailliertere Insights
👉 Exklusive Einblicke in Chancen & Risiken
👉 Klare Antworten auf deine Fragen
Mit KI besser investieren
aktien.guide Unlimited – alle Details der KI-Analysen
👉 Detailliertere Insights
👉 Exklusive Einblicke in Chancen & Risiken
👉 Klare Antworten auf deine Fragen
Ist Rapid7 Inc. eine Topscorer-Aktie nach der Dividenden-, High-Growth-Investing- oder Levermann-Strategie?
Als kostenloser aktien.guide Basis-Nutzer kannst Du die Scores zu allen 7.921 weltweiten Aktien einsehen.
aktien.guide Premium
aktien.guide Unlimited
Kennzahlen
📘 Marktkapitalisierung
📈 Was ist das?
Die Marktkapitalisierung zeigt, wie viel ein Unternehmen laut Börse aktuell wert ist.
🧮 Wie wird es berechnet?
🏛️ Wofür ist es wichtig?
Sie hilft Unternehmen in Größenklassen (Large, Mid, Small Cap) einzuordnen und gibt Hinweise auf Marktmacht und Stabilität.
🧮 Berechnung
🎯 Was bedeutet das für Anleger?
- Große Unternehmen gelten als stabiler, zahlen oft Dividenden, wachsen aber langsamer.
- Kleine Firmen können stärker wachsen, sind aber schwankungsanfälliger.
- Die Marktkapitalisierung ist ein guter Indikator für Unternehmensgröße, aber kein Maß für Unter- oder Überbewertung.
📘 Enterprise Value (Unternehmenswert)
📈 Was ist das?
Der Enterprise Value (EV) zeigt, was ein Unternehmen tatsächlich kostet, wenn man es komplett übernehmen würde – inklusive Schulden und abzüglich Cash.
🧮 Wie wird es berechnet?
(= Marktkapitalisierung + Nettoverschuldung)
🏛️ Wofür ist es wichtig?
Der EV ist eine realistischere Bewertungsbasis als die Marktkapitalisierung, da er die Kapitalstruktur berücksichtigt. Er ist Grundlage für Kennzahlen wie EV/FCF oder EV/Sales.
🧮 Berechnung
🎯 Was bedeutet das für Anleger?
- Der Enterprise Value zeigt, was ein Unternehmen tatsächlich wert ist – unabhängig davon, wie es finanziert ist.
- Er ist besonders wichtig für professionelle Investoren, da er eine objektivere Grundlage für Bewertungsvergleiche bietet als die Marktkapitalisierung allein.
- Ein Unternehmen mit hoher Verschuldung erscheint im EV teurer, eines mit viel Cash günstiger – auch wenn sie an der Börse gleich viel wert sind.
📘 Nettoverschuldung
📈 Was ist das?
Die Nettoverschuldung zeigt, wie viele Schulden nach Abzug des verfügbaren Cashs tatsächlich verbleiben.
🧮 Wie wird es berechnet?
🏛️ Wofür ist es wichtig?
Sie zeigt, wie stark ein Unternehmen von Fremdkapital abhängig ist – und wie gut es in der Lage ist, seine Schulden kurzfristig zu bedienen.
🧮 Berechnung
🎯 Was bedeutet das für Anleger?
- Eine niedrige oder negative Nettoverschuldung bedeutet hohe finanzielle Stabilität.
- Unternehmen mit viel Cash und geringer Verschuldung sind besser gerüstet für Krisen.
- Eine hohe Nettoverschuldung erhöht das Risiko – besonders bei steigenden Zinsen oder konjunkturellen Schwächen.
📘 Cash
📈 Was ist das?
Der Cashbestand zeigt, wie viele liquide Mittel einem Unternehmen sofort zur Verfügung stehen.
🧮 Wie wird es berechnet?
🏛️ Wofür ist es wichtig?
Er gibt Auskunft über die finanzielle Flexibilität: Ein hoher Cashbestand ermöglicht Investitionen, Rückkäufe oder Krisenresistenz.
🧮 Berechnung
🎯 Was bedeutet das für Anleger?
- Ein hoher Cashbestand zeigt finanzielle Stärke und Handlungsspielraum.
- Cash kann für Investitionen, Schuldentilgung oder Aktienrückkäufe genutzt werden.
- Allerdings: Zu viel ungenutztes Kapital kann auch auf mangelnde Investitionsideen hinweisen.
📘 Anzahl ausstehender Aktien
📈 Was ist das?
Die Anzahl ausstehender Aktien gibt an, wie viele Aktien eines Unternehmens aktuell im Umlauf sind und von Investoren gehalten werden.
🧮 Wie wird es berechnet?
🏛️ Wofür ist es wichtig?
Sie ist die Grundlage für viele Kennzahlen wie Gewinn je Aktie (EPS), Marktkapitalisierung oder KGV.
🧮 Berechnung
🎯 Was bedeutet das für Anleger?
- Je weniger Aktien im Umlauf sind, desto höher fällt z. B. der Gewinn je Aktie aus – wichtig für Bewertung und Dividendenrendite.
- Aktienrückkäufe verringern die Anzahl ausstehender Aktien – und steigern den Wert je Aktie.
- Kapitalerhöhungen haben den gegenteiligen Effekt: mehr Aktien → Verwässerung der bestehenden Anteile.
📘 Kurs-Gewinn-Verhältnis (KGV)
📈 Was ist das?
Das KGV zeigt, wie oft der Gewinn pro Aktie im aktuellen Aktienkurs enthalten ist – also wie „teuer“ eine Aktie im Verhältnis zum Gewinn ist.
🧮 Wie wird es berechnet?
🏛️ Wofür ist es wichtig?
Das KGV gehört zu den bekanntesten Bewertungskennzahlen. Es hilft Anlegern einzuschätzen, ob eine Aktie im Vergleich zu ihrem Gewinn eher günstig oder teuer erscheint.
🧮 Berechnung
📊 KGV (TTM) = bezogen auf den Gewinn der letzten 12 Monate (Trailing Twelve Months):🎯 Was bedeutet das für Anleger?
- Ein niedriges KGV kann auf eine günstige Bewertung hindeuten – oder auf Probleme im Geschäftsmodell.
- Ein hohes KGV kann Wachstumserwartungen widerspiegeln – oder eine überbewertete Aktie.
📘 Kurs-Umsatz-Verhältnis (KUV)
📈 Was ist das?
Das KUV zeigt, wie viel Anleger für 1 € Umsatz eines Unternehmens zahlen – unabhängig vom Gewinn.
🧮 Wie wird es berechnet?
🏛️ Wofür ist es wichtig?
Das KUV ist besonders bei wachstumsstarken oder noch nicht profitablen Unternehmen hilfreich. Es zeigt, wie hoch der Umsatz an der Börse bewertet wird.
🧮 Berechnung
Marktkapitalisierung = 620,86 Mio. $ | Umsatz (TTM) = 859,23 Mio. $
Marktkapitalisierung = 620,86 Mio. $ | Umsatz erwartet = 847,07 Mio. $
🎯 Was bedeutet das für Anleger?
- Ein niedriges KUV kann auf Unterbewertung hindeuten – oder auf schwache Margen.
- Ein hohes KUV kann hohe Erwartungen widerspiegeln – oder übermäßigen Optimismus.
- Besonders sinnvoll bei Wachstumsunternehmen, bei denen der Gewinn oder Free Cashflow (noch) keine Aussagekraft hat.
📘 Unternehmenswert zu Umsatz (EV/Sales)
📈 Was ist das?
EV/Sales zeigt, wie viel Anleger für 1 € Umsatz eines Unternehmens zahlen, wenn man auch Schulden und Cash berücksichtigt – es ist eine kapitalstrukturbereinigte Version des KUV.
🧮 Wie wird es berechnet?
🏛️ Wofür ist es wichtig?
Diese Kennzahl eignet sich besonders für den Vergleich von Unternehmen mit unterschiedlicher Verschuldung – sie zeigt, wie teuer ein Unternehmen tatsächlich im Verhältnis zum Umsatz ist.
🧮 Berechnung
Enterprise Value = 843,84 Mio. $ | Umsatz (TTM) = 859,23 Mio. $
Enterprise Value = 843,84 Mio. $ | Umsatz erwartet = 847,07 Mio. $
🎯 Was bedeutet das für Anleger?
- EV/Sales ist neutral gegenüber der Kapitalstruktur und eignet sich gut für Unternehmensvergleiche.
- Ein niedriges Verhältnis kann auf eine günstig bewertete Aktie hindeuten – ein hohes Verhältnis auf hohe Erwartungen oder Überbewertung.
- Besonders nützlich bei wachstumsstarken, noch nicht profitablen Firmen.
📘 Unternehmenswert zu Free Cashflow (EV/FCF)
📈 Was ist das?
EV/FCF zeigt, wie viele Jahre es dauern würde, bis ein Unternehmen seinen Unternehmenswert durch freien Cashflow „zurückverdient”.
🧮 Wie wird es berechnet?
🏛️ Wofür ist es wichtig?
Diese Kennzahl hilft, Unternehmen auf Basis ihrer tatsächlichen Cash-Erträge zu bewerten – unabhängig von Bilanzierungsregeln oder buchhalterischem Gewinn.
🧮 Berechnung
🎯 Was bedeutet das für Anleger?
- Ein niedriges EV/FCF deutet auf eine günstige Bewertung bei starker Cashgenerierung hin.
- Ein hohes EV/FCF kann entweder auf Optimismus oder auf temporär schwachen Cashflow hindeuten.
- Besonders hilfreich bei reifen, profitablen Unternehmen mit stabilen Cashflows.
📘 Kurs-Buchwert-Verhältnis (KBV)
📈 Was ist das?
Das KBV zeigt, wie hoch der Marktwert eines Unternehmens im Verhältnis zu seinem bilanziellen Eigenkapital ist.
🧮 Wie wird es berechnet?
🏛️ Wofür ist es wichtig?
Das KBV ist besonders bei Substanzwerten (z. B. Banken, Industrie) relevant. Es hilft Anlegern zu erkennen, ob ein Unternehmen unter oder über seinem buchhalterischen Vermögen bewertet ist.
🧮 Berechnung
🎯 Was bedeutet das für Anleger?
- Ein KBV unter 1 kann auf Unterbewertung oder schwache Rentabilität hindeuten.
- Ein KBV über 1 zeigt, dass der Markt dem Unternehmen Mehrwert über den Buchwert hinaus zuschreibt (z. B. Marken, Patente, Wachstum).
- Das KBV eignet sich besonders gut für Unternehmen mit stabilen, materiellen Vermögenswerten.
📘 Eigenkapitalquote
📈 Was ist das?
Die Eigenkapitalquote zeigt, wie hoch der Anteil des Eigenkapitals an der Bilanzsumme eines Unternehmens ist – also wie stark es sich aus eigenen Mitteln finanziert.
🧮 Wie wird es berechnet?
🏛️ Wofür ist es wichtig?
Eine hohe Eigenkapitalquote steht für finanzielle Stabilität, Krisenfestigkeit und gute Bonität. Sie ist besonders relevant bei der Beurteilung der Verschuldung.
🧮 Berechnung
🎯 Was bedeutet das für Anleger?
- Eine hohe Eigenkapitalquote signalisiert finanzielle Stabilität – besonders in Krisenzeiten.
- Ein niedriger Wert kann auf ein höheres Risiko oder eine aggressive Verschuldung hinweisen.
- Wichtig: Die Eigenkapitalquote sollte immer gemeinsam mit der Eigenkapitalrendite betrachtet werden. Nur so lässt sich beurteilen, ob ein Unternehmen nicht nur solide, sondern auch effizient wirtschaftet.
📘 Eigenkapitalrendite (ROE)
📈 Was ist das?
Die Eigenkapitalrendite zeigt, wie effizient ein Unternehmen mit dem Kapital seiner Aktionäre arbeitet – also wie viel Gewinn es pro Euro Eigenkapital erwirtschaftet.
🧮 Wie wird es berechnet?
🏛️ Wofür ist es wichtig?
Die Eigenkapitalrendite ist eine zentrale Rentabilitätskennzahl. Sie hilft Anlegern zu erkennen, ob das Unternehmen eine attraktive Verzinsung auf das eingesetzte Eigenkapital erwirtschaftet.
🧮 Berechnung
🎯 Was bedeutet das für Anleger?
- Eine hohe Eigenkapitalrendite spricht für ein starkes, effizientes Geschäftsmodell.
- Besonders interessant ist sie bei kapitalintensiven Firmen oder solchen mit hoher Eigenkapitalquote.
- Wichtig: Ein sehr hoher ROE kann auch auf hohe Schulden hinweisen – daher sollte sie immer im Kontext mit der Eigenkapitalquote betrachtet werden.
📘 Return on Capital Employed (ROCE)
📈 Was ist das?
ROCE misst die Gesamtrentabilität eines Unternehmens – also wie effizient es das eingesetzte Kapital (Eigen- und Fremdkapital) zur Gewinnerzielung nutzt.
🧮 Wie wird es berechnet?
Das eingesetzte Kapital ist das gesamte betriebsnotwendige Kapital, unabhängig von der Finanzierungsquelle.
🏛️ Wofür ist es wichtig?
ROCE eignet sich besonders gut für den Vergleich unterschiedlich finanzierter Unternehmen. Es zeigt, wie effektiv ein Unternehmen Kapital investiert – unabhängig von der Kapitalstruktur.
🧮 Berechnung
🎯 Was bedeutet das für Anleger?
- Ein hoher ROCE zeigt, dass ein Unternehmen sein Kapital effizient einsetzt – unabhängig davon, ob es durch Eigen- oder Fremdkapital finanziert ist.
- Je höher der ROCE im Vergleich zu ähnlichen Unternehmen, desto mehr Wert schafft das Unternehmen mit seinem investierten Kapital.
- Besonders wichtig ist der ROCE bei Firmen mit hohen Investitionen – z. B. in Industrie, Energie oder Infrastruktur.
📘 Return on Invested Capital (ROIC)
📈 Was ist das?
ROIC zeigt, wie effizient ein Unternehmen das Kapital investiert, das langfristig im operativen Geschäft gebunden ist – unabhängig davon, ob es aus Eigen- oder Fremdkapital stammt.
🧮 Wie wird es berechnet?
- NOPAT = „Net Operating Profit After Taxes“
- Investiertes Kapital = operatives Vermögen abzüglich nicht-verzinster Schulden
🏛️ Wofür ist es wichtig?
ROIC ist eine der präzisesten Kennzahlen zur Bewertung der Kapitalrendite – besonders im Vergleich zur Eigenkapitalrendite, weil es Verzerrungen durch Schulden vermeidet. Er zeigt, ob ein Unternehmen Mehrwert für alle Kapitalgeber schafft.
🧮 Berechnung
🎯 Was bedeutet das für Anleger?
- Ein hoher ROIC zeigt, wie gut ein Unternehmen mit dem tatsächlich investierten (betriebsnotwendigen) Kapital wirtschaftet.
- Im Unterschied zu ROCE wird nur Kapital betrachtet, das wirklich zur Finanzierung operativer Aktivitäten dient – und verzinst werden muss.
- Besonders hilfreich, um die Kapitalrendite von Unternehmen mit viel „überschüssigem“ Kapital oder zinsfreien Verbindlichkeiten realistisch zu vergleichen.
📘 Verschuldungsgrad (Leverage Ratio)
📈 Was ist das?
Der Verschuldungsgrad zeigt, wie stark ein Unternehmen durch verzinsliche Schulden (z. B. Kredite und Anleihen) im Verhältnis zum Eigenkapital finanziert ist.
🧮 Wie wird es berechnet?
🏛️ Wofür ist es wichtig?
Die Kennzahl hilft, das finanzielle Risiko und die Abhängigkeit von Fremdkapital zu beurteilen. Ein hoher Verschuldungsgrad kann die Eigenkapitalrendite steigern – birgt aber auch erhöhte Risiken bei Zinsanstiegen oder Liquiditätsengpässen.
🧮 Berechnung
🎯 Was bedeutet das für Anleger?
- Ein niedriger Verschuldungsgrad steht für finanzielle Stabilität und Unabhängigkeit.
- Ein hoher Wert kann auf erhöhte Risiken hinweisen – insbesondere bei schwankenden Zinsen oder konjunkturellen Schwächen.
- Wichtig: Immer im Kontext zur Branche und Kapitalintensität bewerten.
📘 Umsatz
📈 Was ist das?
Der Umsatz zeigt, wie viel ein Unternehmen insgesamt mit seinen Produkten und Dienstleistungen verdient – also den Bruttoerlös vor Abzug von Kosten.
🧮 Wie wird es berechnet?
🏛️ Wofür ist es wichtig?
Der Umsatz ist eine der zentralen Kennzahlen zur Einschätzung der Unternehmensgröße, Marktstellung und Wachstumskraft.
🧮 Berechnung
🎯 Was bedeutet das für Anleger?
- Ein wachsender Umsatz zeigt eine steigende Nachfrage und kann ein guter Frühindikator für Gewinnsteigerungen sein.
- Vergleiche von aktuellem und erwartetem Umsatz geben Hinweise auf das Marktumfeld und Analystenerwartungen.
- Wichtig: Starker Umsatz allein genügt nicht – auch Margen und Profitabilität zählen.
📘 EBITDA
📈 Was ist das?
EBITDA steht für „Earnings Before Interest, Taxes, Depreciation and Amortization“ – also Gewinn vor Zinsen, Steuern und Abschreibungen. Es zeigt das operative Ergebnis eines Unternehmens, bereinigt um bilanztechnische und finanzierungsbedingte Effekte.
🧮 Wie wird es berechnet?
🏛️ Wofür ist es wichtig?
EBITDA ist eine verbreitete Kennzahl zur Beurteilung der operativen Leistungsfähigkeit – insbesondere bei kapitalintensiven Unternehmen oder im internationalen Vergleich.
🧮 Berechnung
🎯 Was bedeutet das für Anleger?
- Ein hohes oder wachsendes EBITDA spricht für starke operative Erträge – unabhängig von Bilanzierung oder Steuerlast.
- EBITDA ist besonders nützlich, um Unternehmen branchenübergreifend zu vergleichen.
- Wichtig: EBITDA ist keine offizielle Gewinnkennzahl – Abschreibungen und Finanzierungskosten werden ausgeklammert.
📘 EBIT
📈 Was ist das?
EBIT steht für „Earnings Before Interest and Taxes“ – also Gewinn vor Zinsen und Steuern. Es zeigt das operative Ergebnis eines Unternehmens nach Abschreibungen, aber vor Finanzierungs- und Steueraufwand.
🧮 Wie wird es berechnet?
🏛️ Wofür ist es wichtig?
EBIT ist eine zentrale Kennzahl zur Beurteilung der Profitabilität aus dem Kerngeschäft – unabhängig von Kapitalstruktur oder Steuersystem.
🧮 Berechnung
🎯 Was bedeutet das für Anleger?
- Ein hohes EBIT deutet auf ein profitables Kerngeschäft hin – vor Zinslasten oder steuerlichen Effekten.
- Es erlaubt objektivere Vergleiche zwischen Unternehmen mit unterschiedlicher Finanzierung.
- Im Vergleich mit EBITDA zeigt EBIT bereits den Einfluss von Abschreibungen auf das operative Ergebnis.
📘 Nettogewinn
📈 Was ist das?
Der Nettogewinn ist der verbleibende Jahresüberschuss (oder -fehlbetrag) eines Unternehmens – nach Abzug aller Kosten, Steuern, Zinsen und Abschreibungen
🧮 Wie wird es berechnet?
🏛️ Wofür ist es wichtig?
Der Nettogewinn ist die zentrale Erfolgskennzahl – er zeigt, wie profitabel ein Unternehmen nach allen Kosten tatsächlich arbeitet.
🧮 Berechnung
🎯 Was bedeutet das für Anleger?
- Ein steigender Nettogewinn zeigt, dass das Unternehmen effizient wirtschaftet – trotz aller Kosten.
- Die Entwicklung des Gewinns beeinflusst z. B. direkt das KGV und weitere Kennzahlen.
- Im Zeitverlauf lässt sich ablesen, wie stabil und profitabel ein Geschäftsmodell wirklich ist.
📘 Free Cashflow (FCF)
📈 Was ist das?
Der Free Cashflow gibt Aufschluss über die echte finanzielle Stärke eines Unternehmens – unabhängig von Bilanzierungsregeln. Er zeigt, wie viel Spielraum für Dividenden, Aktienrückkäufe oder Schuldenabbau besteht.
🧮 Wie wird es berechnet?
🏛️ Wofür ist es wichtig?
FCF reflects a company’s real financial strength – regardless of accounting profits. It shows how much flexibility a company has for dividends, share buybacks, or debt reduction.
🧮 Berechnung
🎯 Was bedeutet das für Anleger?
- Ein hoher Free Cashflow bedeutet, dass ein Unternehmen echte Finanzkraft besitzt – unabhängig vom bilanzierten Gewinn.
- Er ist oft die solideste Grundlage für nachhaltige Dividenden und Aktienrückkäufe.
- Sinkender FCF kann ein Warnsignal sein – auch wenn der Gewinn stabil aussieht.
📘 Umsatzwachstum
📈 Was ist das?
Das Umsatzwachstum zeigt, wie stark sich die Erlöse eines Unternehmens im Vergleich zum Vorjahr verändert haben – tatsächlich (TTM) und auf Prognosebasis (erwartet).
🧮 Wie wird es berechnet?
Erwartet = (Umsatz erwartet ÷ Umsatz Vorjahr − 1) × 100
Erwartetes Wachstum basiert auf Analystenschätzungen für das laufende Geschäftsjahr.
🏛️ Wofür ist es wichtig?
Ein wachsender Umsatz ist ein zentrales Signal für steigende Nachfrage, Geschäftsausweitung und Marktanteilsgewinne – besonders bei Wachstumsunternehmen.
🧮 Berechnung
🎯 Was bedeutet das für Anleger?
- Wachstum ist der Motor langfristiger Wertsteigerung – besonders bei Technologie- und Wachstumsaktien.
- Wichtig ist nicht nur das aktuelle Wachstum, sondern auch dessen Nachhaltigkeit.
- Prognosen zeigen, ob Analysten weiteres Potenzial erwarten – oder eine Verlangsamung.
📘 EBITDA-Wachstum
📈 Was ist das?
Das EBITDA-Wachstum zeigt, wie stark das operative Ergebnis eines Unternehmens vor Zinsen, Steuern und Abschreibungen im Vergleich zum Vorjahr gestiegen oder gesunken ist.
🧮 Wie wird es berechnet?
Erwartet = (erwartetes EBITDA ÷ EBITDA Vorjahr − 1) × 100
Erwartetes Wachstum basiert auf Analystenschätzungen für das laufende Geschäftsjahr.
🏛️ Wofür ist es wichtig?
Ein steigendes EBITDA ist ein Zeichen für verbesserte operative Ertragskraft – unabhängig von Finanzierungsstruktur oder Abschreibungen.
🧮 Berechnung
🎯 Was bedeutet das für Anleger?
- Starkes EBITDA-Wachstum signalisiert operative Effizienz und Skalierung – besonders relevant in Wachstumsphasen.
- EBITDA-Wachstum ist ein Frühindikator für Margen- und Gewinnentwicklung – sollte aber stets im Zusammenhang mit Umsatz und EBIT betrachtet werden.
📘 EBIT Wachstum
📈 Was ist das?
Das EBIT-Wachstum zeigt, wie stark das operative Ergebnis eines Unternehmens (nach Abschreibungen, aber vor Zinsen und Steuern) im Vergleich zum Vorjahr gewachsen ist.
🧮 Wie wird es berechnet?
Erwartet = (erwartetes EBIT ÷ EBIT Vorjahr − 1) × 100
Erwartetes Wachstum basiert auf Analystenschätzungen für das laufende Geschäftsjahr.
🏛️ Wofür ist es wichtig?
Das EBIT-Wachstum ist ein direkter Indikator für die wirtschaftliche Entwicklung des operativen Geschäfts – unter Berücksichtigung der Kapitalintensität (Abschreibungen).
🧮 Berechnung
🎯 Was bedeutet das für Anleger?
- Steigendes EBIT signalisiert wachsende operative Rentabilität – auch unter Berücksichtigung von Abschreibungen.
- Das EBIT-Wachstum ist ein wichtiges Maß zur Beurteilung von Geschäftsmodellen mit hohen Investitionskosten.
- Im Zusammenspiel mit Umsatz- und EBITDA-Wachstum ergibt sich ein umfassendes Bild zur operativen Entwicklung.
📘 Nettogewinn-Wachstum
📈 Was ist das?
Das Nettogewinn-Wachstum zeigt, wie stark der Jahresüberschuss eines Unternehmens gegenüber dem Vorjahr gestiegen oder gesunken ist – sowohl tatsächlich (TTM) als auch auf Basis von Prognosen (erwartet).
🧮 Wie wird es berechnet?
Erwartet = (erwarteter Nettogewinn ÷ Nettogewinn Vorjahr − 1) × 100
Der erwartete Wert basiert auf Analystenschätzungen für das laufende Geschäftsjahr.
🏛️ Wofür ist es wichtig?
Der Gewinn ist die entscheidende Ergebnisgröße für ein Unternehmen. Ein wachsender Nettogewinn deutet auf steigende Effizienz, stabile Kostenkontrolle und nachhaltige Ertragskraft hin.
🧮 Berechnung
🎯 Was bedeutet das für Anleger?
- Wachsender Nettogewinn stärkt die Bewertung, Dividendenfähigkeit und Kursfantasie.
- Stagnierender oder rückläufiger Gewinn trotz Umsatzwachstum kann auf Margendruck hinweisen.
📘 Free Cashflow-Wachstum
📈 Was ist das?
Das Free-Cashflow-Wachstum zeigt, wie sich der freie Mittelzufluss eines Unternehmens im Vergleich zum Vorjahr verändert hat – also der Betrag, der nach allen operativen Ausgaben und Investitionen übrig bleibt.
🧮 Wie wird es berechnet?
🏛️ Wofür ist es wichtig?
Free Cashflow ist der echte, verfügbare Geldzufluss. Wachstum in diesem Bereich ist ein Zeichen für finanzielle Stärke und steigende Flexibilität bei Dividenden, Rückkäufen oder Investitionen.
🧮 Berechnung
🎯 Was bedeutet das für Anleger?
- Sinkender Free Cashflow kann auf steigende Investitionen, höhere Kosten oder stagnierende operative Erträge hindeuten.
- Besonders bei Dividendenwerten ist das FCF-Wachstum wichtig – denn Dividenden werden letztlich aus dem verfügbaren Cash gezahlt.
- Ein negativer Trend sollte genauer analysiert werden – er ist nicht zwangsläufig schlecht, aber potenziell ein Warnsignal.
📘 Bruttomarge
📈 Was ist das?
Die Bruttomarge zeigt, wie viel vom Umsatz nach Abzug der direkten Herstellungskosten (Material, Produktion) als Bruttogewinn übrig bleibt – also der „Rohgewinn“ eines Unternehmens.
🧮 Wie wird es berechnet?
Auch: Bruttomarge = Bruttogewinn ÷ Umsatz × 100
🏛️ Wofür ist es wichtig?
Die Bruttomarge gibt Aufschluss über die Profitabilität eines Produkts oder Geschäftsmodells vor Fixkosten, Steuern und Zinsen. Sie zeigt, wie effizient ein Unternehmen produzieren oder einkaufen kann.
🧮 Berechnung
🎯 Was bedeutet das für Anleger?
- Eine hohe Bruttomarge deutet auf starke Preissetzungsmacht und effiziente Herstellung hin.
- Sinkende Bruttomargen können auf Kostensteigerungen oder Preisdruck hindeuten.
- Besonders im Vergleich zu Wettbewerbern liefert die Bruttomarge wertvolle Einblicke in die Geschäftsqualität.
📘 EBITDA-Marge
📈 Was ist das?
Die EBITDA-Marge zeigt, wie viel vom Umsatz als operativer Gewinn vor Zinsen, Steuern und Abschreibungen (EBITDA) übrig bleibt. Sie misst die operative Effizienz – ohne Verzerrungen durch Finanzierung oder Buchwerte.
🧮 Wie wird es berechnet?
🏛️ Wofür ist es wichtig?
Die EBITDA-Marge hilft zu verstehen, wie viel operativer Gewinn ein Unternehmen aus jedem Euro Umsatz erzielt – unabhängig von Kapitalstruktur oder steuerlichem Umfeld.
🧮 Berechnung
🎯 Was bedeutet das für Anleger?
- Eine hohe EBITDA-Marge zeigt starke operative Ertragskraft – unabhängig von Bilanzierungseffekten.
- Die Marge ermöglicht gute Vergleiche zwischen Unternehmen und Branchen.
- Ein stabiler oder wachsender Wert kann auf effiziente Kostenkontrolle und Skalierbarkeit hindeuten.
📘 EBIT-Marge
📈 Was ist das?
Die EBIT-Marge zeigt, wie viel Prozent des Umsatzes als operativer Gewinn nach Abschreibungen, aber vor Zinsen und Steuern übrig bleiben.
🧮 Wie wird es berechnet?
🏛️ Wofür ist es wichtig?
Die EBIT-Marge misst die operative Ertragskraft eines Unternehmens unter Berücksichtigung der Kapitalintensität (z. B. Maschinen, Anlagen). Sie eignet sich gut zum Vergleich von Geschäftsmodellen mit unterschiedlich hohen Abschreibungen.
🧮 Berechnung
🎯 Was bedeutet das für Anleger?
- Eine hohe EBIT-Marge zeigt, dass ein Unternehmen auch nach Abschreibungen effizient arbeitet.
- Sie ist besonders relevant in kapitalintensiven Branchen.
- Langfristig stabile oder steigende Margen sind ein Zeichen wirtschaftlicher Stärke und Preissetzungsmacht.
📘 Nettomarge
📈 Was ist das?
Die Nettomarge zeigt, wie viel vom Umsatz am Ende als „Reingewinn“ übrig bleibt – also nach Abzug aller Kosten, Zinsen, Steuern und Abschreibungen.
🧮 Wie wird es berechnet?
🏛️ Wofür ist es wichtig?
Die Nettomarge gibt an, wie effizient ein Unternehmen über alle Stufen hinweg wirtschaftet. Sie zeigt, wie viel Gewinn tatsächlich je Euro Umsatz übrig bleibt.
🧮 Berechnung
🎯 Was bedeutet das für Anleger?
- Eine hohe Nettomarge zeigt, dass ein Unternehmen nicht nur operativ stark ist, sondern auch seine Finanzierung und Steuerbelastung im Griff hat.
- Vergleiche mit Wettbewerbern geben Einblicke in die wirtschaftliche Qualität.
- Sinkende Nettomargen trotz Umsatzwachstum können ein Warnsignal sein – etwa für steigende Kosten oder sinkende Effizienz.
📘 Free Cashflow Marge
📈 Was ist das?
Die Free-Cashflow-Marge zeigt, wie viel vom Umsatz nach Abzug aller operativen Ausgaben und Investitionen tatsächlich als freier Mittelzufluss übrig bleibt.
🧮 Wie wird es berechnet?
🏛️ Wofür ist es wichtig?
Diese Marge misst die echte Liquidität, die ein Unternehmen erwirtschaftet – unabhängig von Bilanzierungsregeln oder Abschreibungen. Sie ist besonders relevant für Dividenden, Rückkäufe und Investitionen.
🧮 Berechnung
🎯 Was bedeutet das für Anleger?
- Eine hohe Free-Cashflow-Marge zeigt, dass ein Unternehmen nachhaltig liquide Mittel erwirtschaftet.
- Sie ist ein starkes Signal für finanzielle Stabilität und Ausschüttungspotenzial.
- Wichtig ist der langfristige Trend – sinkende Werte können auf steigende Investitionen oder rückläufige operative Effizienz hindeuten.
📘 Ergebnis je Aktie (EPS)
📈 Was ist das?
Das Ergebnis je Aktie (EPS) zeigt, wie viel Gewinn auf eine einzelne Aktie entfällt – und ist eine der wichtigsten Kennzahlen zur Bewertung von Unternehmen.
🧮 Wie wird es berechnet?
Die verwässerte Aktienanzahl berücksichtigt auch potenzielle neue Aktien, etwa durch Optionen, Wandelanleihen oder andere Umtauschrechte.
🏛️ Wofür ist es wichtig?
EPS bildet die Basis für viele Bewertungskennzahlen wie KGV, PEG oder Payout Ratio. Es macht den Gewinn für Aktionäre vergleichbar – unabhängig von der Unternehmensgröße.
🧮 Berechnung
🎯 Was bedeutet das für Anleger?
- EPS hilft, die Profitabilität pro Aktie zu erfassen – und ist besonders wichtig im Zeitvergleich oder im Vergleich mit Analystenschätzungen.
- Steigendes EPS kann ein Zeichen für stabiles Wachstum oder Aktienrückkäufe sein.
- Wichtig: Verwende verwässertes EPS für realistische Bewertungen – besonders bei stark aktienbasierten Vergütungssystemen.
📘 Free Cashflow je Aktie (FCF je Aktie)
📈 Was ist das?
Der Free Cashflow je Aktie zeigt, wie viel freier Mittelzufluss einem Unternehmen pro Aktie zur Verfügung steht – nach Investitionen, aber vor Dividenden oder Schuldentilgung.
🧮 Wie wird es berechnet?
🏛️ Wofür ist es wichtig?
Der FCF je Aktie zeigt, wie viel liquide Mittel pro Aktie tatsächlich im Unternehmen verbleiben – wichtig für Dividenden, Aktienrückkäufe oder Schuldentilgung. Im Gegensatz zum Gewinn ist er schwerer manipulierbar und daher besonders aussagekräftig.
🧮 Berechnung
🎯 Was bedeutet das für Anleger?
- Ein hoher Free Cashflow je Aktie ist ein Zeichen für hohe finanzielle Flexibilität.
- Er zeigt, wie viel Kapital ein Unternehmen effektiv einsetzen oder ausschütten kann.
- Besonders relevant für dividendenstarke Unternehmen oder solche mit starker Kapitalrendite.
📘 Short Interest
📈 Was ist das?
Short Interest zeigt, wie viele Aktien eines Unternehmens aktuell leerverkauft wurden – also von Investoren geliehen und verkauft, in der Erwartung fallender Kurse.
🧮 Wie wird es berechnet?
Der Wert zeigt den Anteil der Aktien, der aktuell auf fallende Kurse spekuliert wird.
🏛️ Wofür ist es wichtig?
Short Interest dient als Stimmungsindikator: Ein hoher Wert deutet auf Skepsis oder negative Erwartungen gegenüber dem Unternehmen hin – kann aber auch zu einem „Short Squeeze“ führen, wenn der Kurs plötzlich steigt.
🧮 Berechnung
🎯 Was bedeutet das für Anleger?
- Ein niedriger Short Interest deutet auf Vertrauen in das Unternehmen hin.
- Ein hoher Wert kann ein Warnsignal sein – oder eine Chance, wenn sich die Stimmung dreht.
- Besonders spannend in volatilen Märkten oder vor wichtigen Quartalszahlen.
📘 Employees
📈 Was ist das?
Die Mitarbeiteranzahl zeigt, wie viele Personen ein Unternehmen weltweit beschäftigt – ein Indikator für Größe, Struktur und Geschäftsmodell.
🧮 Wie wird es berechnet?
🏛️ Wofür ist es wichtig?
Sie hilft bei der Einschätzung von Skaleneffekten, Effizienz und Personalkosten. Zusammen mit Umsatz und Gewinn lassen sich Kennzahlen wie Produktivität je Mitarbeiter ableiten.
🧮 Berechnung
🎯 Was bedeutet das für Anleger?
- Viele Mitarbeiter bedeuten große operative Komplexität – aber auch hohes Umsatzpotenzial.
- Produktivität je Mitarbeiter ist ein wichtiger Indikator für Effizienz.
- Besonders spannend bei stark wachsenden Tech- oder Industrieunternehmen.
📘 Umsatz je Mitarbeiter
📈 Was ist das?
Der Umsatz je Mitarbeiter zeigt, wie viel Erlös ein Unternehmen durchschnittlich pro Beschäftigtem erwirtschaftet – eine Kennzahl für Effizienz und Produktivität.
🧮 Wie wird es berechnet?
Die Mitarbeiterzahl stammt in der Regel aus dem letzten verfügbaren Jahresbericht.
🏛️ Wofür ist es wichtig?
Diese Kennzahl hilft, Geschäftsmodelle zu vergleichen – insbesondere zwischen arbeitsintensiven und technologiegetriebenen Unternehmen. Ein hoher Wert deutet auf Automatisierung, Effizienz oder hohen Wertschöpfungsanteil hin.
🧮 Berechnung
🎯 Was bedeutet das für Anleger?
- Ein hoher Umsatz je Mitarbeiter spricht für ein skalierbares und margenstarkes Geschäftsmodell.
- Ein niedriger Wert kann auf arbeitsintensive Prozesse oder geringere Wertschöpfung hinweisen.
- Besonders hilfreich beim Vergleich von Tech- vs. Industrieunternehmen.
Rapid7 Inc. Aktie Analyse
Analystenmeinungen
32 Analysten haben eine Rapid7 Inc. Prognose abgegeben:
Analystenmeinungen
32 Analysten haben eine Rapid7 Inc. Prognose abgegeben:
Beta Rapid7 Inc. Events
🇩🇪 Neu: Alle Transkripte jetzt auch auf Deutsch verfügbar!
Abonniere Premium, um Transkripte und KI-Zusammenfassungen auf Deutsch zu lesen.
Vergangene Events
|
MAI
20
J.P. Morgan 54th Annual Global Technology
vor etwa 2 Monaten
|
|
MAI
5
Q1 2026 Earnings Call
vor 2 Monaten
|
|
FEB
10
Q4 2025 Earnings Call
vor 5 Monaten
|
|
NOV
4
Q3 2025 Earnings Call
vor 8 Monaten
|
|
AUG
7
Q2 2025 Earnings Call
vor 11 Monaten
|
aktien.guide Basis
Rapid7 Inc. — J.P. Morgan 54th Annual Global Technology
1. Question Answer
Good morning, everyone. Thank you for joining us. My name's Brian Essex. I cover mid-cap and large-cap software for JPMorgan, and I'm excited to have Rapid7 with me today. To my right, we have Corey Thomas, the CEO of the company; and then to his right, we have Rafe Brown, the company's new CFO. So Corey, Rafe, thank you so much for joining us. I appreciate it.
Thank you for having us.
Thank you for having us, Brian.
Yes, maybe to start, Corey, if you can help me maybe frame out your perspective on the shift in the environment, the threat environment that we've seen over the past 6 months or so and how that's impacted your business just overall?
Yes. I mean, look, I think that -- if you go back, attackers have been adopting AI technology. So you've seen attacks move from low and slow to much faster. And so that's having customers in the detection and response space do, frankly, fast cycle upgrades to their capabilities. The bottom line is that they're looking for how do they get more coverage, faster response, faster detection and better scale. Lots of them are starting to actually move beyond just traditional SIEM. It's been a bit of a tailwind for the MDR players, but it's also been a bit of a pressure point to actually cover more of the environment at lower cost.
One of the entrants has actually coming in is what we call the AI SOC players where they're really focused on using AI to actually detect and monitor the environment. We acquired an AI SOC player so player in the past couple of months to actually deliver the capability because it really does matter, the speed and scale matters. So that's a big change in the environment overall and that's also impacting the market. The other one that you can't miss is sort of like Mekhos and the impact on the exposure management market where it's essentially vulnerability discovery on steroids. And so the pace of vulnerability discovery is actually now happening at a -- maybe exponential is not the right way, but at a very accelerated rate.
It's probably exponential.
It's probably exponential. We don't know yet. They're holding -- the government is holding lots of the stuff back. So it's somewhere between hyperaccelerated to exponential overall. But it also has lots of noise. And so it's catalyzed a reinvigorated interest in exposure management and how you actually separate out vulnerability possibility from vulnerable -- vulnerabilities that are exploitable in the overall environment. How do you actually have active remediation in the environment? How do you have active containment in the environment? So -- which is nice because that's been a recategorization of customer interest for something that was trending down in priority on exposure management to actually really accelerate and impact towards the must-have critical focus areas. So those are the 2 bigger dynamics that are happening right now.
And I thought it was really interesting. One of my takeaways from this week as well as recent earnings in general is just maybe a vulnerability renaissance, if you will.
Yes, absolutely. Yes.
Cognizant calling it out, Check Point this morning calling out exposure management, in part vulnerability management. Tenable certainly flagging that and your commentary as well. And then maybe to add to that, it seems as though, based on industry conversations I've had over the past month or so, CIOs are freaking out a little bit about threat environment...
CIOs are definitely freaking out. So that's why I say like half of our -- so the inbound interest has been like amazing at the same time as people are trying to figure it out. Remember that the model -- well, OpenAI was a bit more liberal. We're part of the -- post closure, we tried their Trusted Access program. To be fair, Anthropic tends to be more open. They have some restrictions on how broadly they can actually make it available. And so lots of CISOs are trying to figure out like what's the extent, but CICOs are having their own freakout money about they're preparing for the tsunami. And we're spending lots of time talking about how they'll deal with and manage the significant influx as expected of vulnerability. So again, it's made the vulnerability discussion a much more strategic discussion than it was 2 months ago.
Yes. And how does that -- I mean, how does that convert to an impact on your business? I mean, you have -- recently, you've kind of split things up into core and noncore, I guess.
And exposure is in core. I mean it's a headwind to core, but it's still in -- it's in core. Look, the #1 thing that we can actually do to -- and core is a growing business overall. But the top thing -- and we know how to actually it to grow and accelerate and have great growth in the D&R space, like that's not a mystery. We know how to do it. The only mystery that we were solving was how to do it at the right profit margins that we actually wanted. And we think that our internal investments with our acquisition have actually tackled that profit margin challenge. So we're very excited about the growth potential there. But we had exposure, which was a headwind, which was -- it was 2 pieces to the headwind. As part of it, our historical mid-market customer base was not sort of like a growth-oriented customer base for that. But the other one was that exposure management was just had been dwindling in the priority stack. This escalates up the priority stack. It creates new demand drivers for people to actually look beyond what's good enough and now they're looking at things that frankly fall down and what we consider sweet spot is, understand exploitability, managing remediation at scale and some things we have to invest in, which our team is doing organically is how do we actually make it faster for people to respond.
And so those are the areas that we actually think are catalyst. As far as time frame is, I think people are still in the stage where they're trying to understand the significance and the impact. And so we're not looking at this as sort of like a next quarter time frame because right now, customers are just trying to come in and say like, "All right, how big is the impact? What can you do for me?" And they're planning for it, but this has flipped around to a potential upside to the exposure management business. And then we're just trying to figure out like, "All right, how sustainable is the catalyst?"
Any visibility in terms of like how they're shifting priorities within the budgets? I Know, it's always been -- I know I've done surveys in the past and others have as well. It's always been endpoint network identity have been the top 3, maybe you put data security up there...
Monitoring has been up there. I think the monitoring has been at the top because people have to monitor the environments. And so I think that exposure has not been top 3 and 4, 5.
But how is the most recent environment maybe shifted? How they're thinking about changing the prioritization within their budgets?
We'll see if it ends up being true or not. Look, in some perverse ways, CICOs love public things because it gives them an excuse to ask for extra money without having to make the trade-off thing. So like a number of them are planning to actually go out and harass people like Rafe and be like, you know what, this is a global crisis, I need to actually do it. So we'll see whether that actually works or not when it deprioritizes along the way. But a number of the CISOs are trying to scope it to actually figure out, like, okay, it's a big enough like it's framed as a -- when the White House is involved, other people [indiscernible] this whole crisis like I can get extra money for this. And so that's what we're seeing in a number of people. We'll see whether that lands or not.
Yes. That brings me to maybe an adjacent point. It seems like in the spending environment, you had IT budgets where security might be a subset of that. You've had AI budgets where your Chief Marketing Officer may be pursuing an agentic coding project for an application to help them penetrates these markets and you have to secure that. In some cases, I think CISOs are saying, "Well, I'll run it for you pay for you, [indiscernible]." And then you've got incident budget, which is a little bit extra.
What are you seeing in terms of access to each of those segments of spend within your customers? And is there maybe an acceleration point if you get incident budget spend across your platform?
Yes. Look, so it's clear that customers are looking to get incremental budget across. I mean, so I actually think that, that's where we are -- look, security budgets have been tightening. And this tightening is that it's not declining. It's that what we hear from our customers. They have to do more with less incremental spend. So it would be unfair to say that like the security budgets have been shrinking. They haven't been shrinking. They've not been expanding. And security teams were used to expanding budgets because a lot of their mandate is uncovered. And so they were trying to figure out how to tackle the uncovered mandate.
Now they're actually -- they've been asked to actually do more with less. And -- but in this environment, like the incident budget, I think people are hoping that it can be more incremental spend.
Great. Maybe to kind of pivot on that, too. I think, Corey, you explained 3 primary modes of the business: cost efficiency at scale, exploitability context, trusted autonomous response. But how do we think about -- maybe 2 things. One, how does Rapid7 win head-to-head against larger platform players? And then second is what -- how durable is the moat around your business? I think a lot of investors looking at vulnerability management, you see Mekhos not only identify vulnerabilities, but engineer exploits and patch vulnerabilities. And they're extrapolating the speed of innovation that we're seeing on those platforms to some kind of a terminal impact to particularly vulnerability management exposed vendors. So how would you explain; one, the moats you currently have around your business; and then two, the durability of those moats longer term?
Yes. So I'll invert the risk because I'll answer the question around me because it's important to understand like exactly what it is and this will go to like the durability and how we actually think about it. So one, it is vulnerability discovery at scale. It's incredibly powerful. It's incredibly cost-effective overall. Just to be clear about what it would mean to actually do vulnerability management at scale running Mekhos or some version of Claude across your whole environment, which is typically, when you run things generically across your environment, you want them to be self-contained and tightly controlled. So the idea of like having like AI -- general AI, when ramp after across your environment, is not actually practical for most organizations. It's not wise for almost any organization.
By the way, Anthropic would say -- I mean, if you go -- I mean, I don't know how many you have it, but like if you go log in to Claude Cowork right now, it is -- they say explicitly, you can auto run all the instructions, you should not do this. And that's not going to change any time soon. Like the even minor errors can cause catastrophic damage. So they don't recommend it either. They're not suggesting it. And so it's an extrapolation without mirror is what I would just say. It's just like it is something that will be both dangerous and something that neither OpenAI or Anthropic suggest that you should actually do. So that vector about like running it rapidly across the environment and having it do the operational things, you want things that are operational to be tightly controlled and well managed. So that's just -- just to be clear about that.
Now let's actually get to what the actual core modes are. First, let's just zoom out like the simple mode in the world is that customers want people that are just going to task off of security. So our goal is to actually be the #1 security outsourcer, like we want to actually use technology to actually run -- allow people to run and scale their security operations program. People are hungry for that. It requires both technology. It requires the use of AI and technology. And it also requires deep services expertise.
We are one of the few players who have, at scale, established service expertise leveraging technology, increasingly leveraging AI, and people want to actually get a great outcome of security management at lower cost.
Just to be clear, our whole mission and ambition is a moat in and of itself, it's that like most organizations are not actually marrying the best of services with the best of AI in a technology infrastructure that lowers people' cost over time. So that's one. Now when you actually get to -- and I think your question is in regards to the moat around the general Frontier models and what -- because I think there's a different moat in security versus the Frontier models. But on the Frontier models the reason that we think that it's a misunderstanding of it, there's a couple of things. So one is that we're designing to actually run and allow people to have an outsource-centric AI security program at scale cost effectively. The Frontier models aren't designed to actually do that cost effectively. In fact, we use a lot of the Frontier models. And half of what we're actually doing is adding deep knowledge and context and actually making things cheaper and more efficiently where it doesn't make sense to use a model for something because it's inefficient from a cost perspective.
The second thing is our technology runs ramping in customers' environment. So we have to actually do that safely and securely. And so the second piece of the equation that we're actually heavily focused on is like how do you actually use AI at scale across customers' environments safely and securely.
The third thing, which ties into it is that like increasingly, people have to respond in machine time to both exposures and to incidents. And we're building a framework that allows sort of like, yes, it leverages AI, but it's not just AI, safe response. And then the third thing, it's an incredibly complicated complex world is we -- there's not a world where we can just trust just technology for cybersecurity.
So we're building the people and expertise to actually -- and we already have it today. We're doing this at scale today to actually augment the technology. They're providing knowledge, insight and depth, but they're also like handholding customers through incidents. They're dealing with the politics in our customers' environments about where to prioritize their security, defense and spending. They're helping people with their remediation. They're actually talking to the management teams. And when people are outsourcing a business is you can't just -- because security has issues along the way, you can't just be like, oh, I'm the CISO, I outsourced it to a company that's just AI, and I have a crisis is I can go through a chatbot. People actually want to actually -- they actually do need to actually do it because it's complex. You have to engage with incident responders, you have to engage with lawyers, you have different compliance regimes across the world. People do matter there. Now we're scaling the people in an order of magnitude better than we've actually ever done before, but that matters.
Great. That's helpful. And then maybe to switch gears a little bit. So Rafe, we knew each other at Mimecast. You did a great job there. What brought you back to Rapid7? I mean, what was that process like? And what do you see as the opportunity with the company?
Yes. Thanks, Brian. Well, first, I'm coming up on my 6-month anniversary, right? So now I've gotten onboarded and cranking away. Look, I mean, to be honest, I try to look at these things not so differently than our investors that come to an organization. And I think it stems from, first, at the highest level, are we happy with the markets we're in? And I'm -- not just cyber, but the MDR market, the exposure management market, both are very large, both are growing, and both we have a right to win and compete and play in. But also, I felt like one of the things that was really important to me, there was obviously a lot of changes going on in the business and -- which have only accelerated over the last few months with everything Corey was just saying. But at that earliest day of evaluation, I really wanted to dig in and see is this a management team, a leadership team that's ready to dig in, make changes and not fight yesterday's battle, but to dig in and see what's coming next and how to get ahead of that, right?
And I feel very comfortable with that. Under Corey's leadership, we've got also a number of new leaders on the team or people in new positions. Allan leading the sales organization, Julian leading the customer success organizations. It's people who are passionate about the opportunity and frankly, in some cases, frustrated about what some of the things they needed to knock down and take out to accelerate our business. And so that's the environment I'm looking for. This is the team that -- I think it's a great company to work for, but it's also a team that's just determined to win and to grow. And if you're in a context with great products, great history, great market, you can figure that out. It may take a few quarters, right, and that's what we're living out.
So that's where I started. And I think it's only just played out -- the people often ask what surprise me. I mean, what surprise me is just how much things are changing, how quickly things are changing with the developments coming from the platform providers. But if anything, I think that could be an opportunity for us, right? So in areas where we might have ordinarily been playing catch-up, we can say, well, we're not even -- that's not the fight anymore. We're going to just try and accelerate what we're doing and get out there and serve our customers and make sure we're helping answer tomorrow's problems.
And all of that, I think, sets us up for, first of all, a lot of work and -- that we need to do to deliver on that, but there's tremendous opportunity for us.
Right. And how would you describe, I don't know, either both for Corey or for you, the magnitude of changes or the breadth of changes that you had across both sales and operations over the past year or so? It seems as though it's pretty significant. And I think investors here are starting to feel for -- kind of feeling for a floor. Where are we at the stage of change, and when can we expect kind of like a baseline where, all right, well, now that the organization is in place, we're seeing the productivity, we see the opportunity in front of us, and then we're just like executing on a bigger pipeline now.
I mean, we will tag team it. So one, I've been heavily focused on, for lack of a better term, I hate to use the term upgrading, but like is getting the right management team for the moment that we're actually in. So that's been a heavy focus over the course of last year. And by and large, I think we actually have done that, and I feel very good about where we are there. The second thing is we've got to do some work to actually just be clear about our target model, which the team is coming in, Rafe, Allan, Julian and others have coming in and be clear about like, all right, what's the target model, what does it take to get there? And then the execution velocity to actually move to that target model. And we've activated the company to actually the pace of change. Now -- and that's happening fairly quickly.
The nice thing that I feel good about and Rafe commented about in the earnings is that we're already seeing some yield and benefits of that overall. And so I would say, from an operational perspective, we know where we're going, we know what needs to be done. We're in the process of executing on that and driving the -- and driving the change on that. I actually think that's all going to be net positive for the business. I think the question is where is the floor on the growth dynamic? I think that part of why we actually broke out shows that we have positive growth in the core, a lot of visibility and we're very comfortable with that growth dynamic.
We're addressing how we actually manage the noncore, which, while smaller, it actually impacts total growth, and we just want to be transparent about that, and we'll talk more about that later.
Yes. And Brian, what I would add, there're some of the changes, especially for investors who would see it on the financial statements, right, that started before I joined the company, right? There was some prioritization of headcount additions that happened in 2025 and those costs obviously carry over to this year. But there're things like improving our coverage in the SOC. Corey was just talking about how we're going to automate a lot of that work to be able to maintain and improve margins over time. But we had to make some additions there just to deliver great customer experience. And likewise, we've built out a low-cost center for engineering and for some of the other functions, right? Some of those come with costs that came on board in 2025 and obviously, carry into '26. But we're now getting to the point where we can start seeing some efficiencies from that work paying off for us. So there is that part of the transition that I would say we're several innings into, but then there're some things that are much newer, like, for example, the Kenzo acquisition that's, frankly, accelerating our AI SOC development journey that we were already on, that's fairly new.
So there is a bit of a combination, but I think what we're really prioritizing around is making sure we're providing great value to our customers, that we're meeting today's challenges and that we've set ourselves up to have the balanced growth. And I think that's really key for us as we think about our financials over the years. We want to see our core products growing, period, right? And we're working to make that happen by good investments in products and good prioritization of resources across that. And then we want to see margins improve over time. And you can see it a little bit just in our guidance between our current quarter guidance on non-GAAP operating margins and the full year. And what we've talked about is we're just very relentless in all of our internal planning of looking, not just at '26 deliverables, but '27 margins and how do we manage margins as we go across a longer time frame managing that run rate, if you will.
Great. Great. And maybe, Corey, what have Allan and Julian done within their organizations in terms of the magnitude of change? And are all those changes complete at this point?
So I'll break it down in each case. So Allan has brought in a primarily new management team. And he did that fast. He did [ that in ] Q4. He had like the structure the team, the comp plans in place, the ICP clarified and the focus on alignment done as we enter Q1. So I would say that is -- I never want to say they complete a CEO. So I'm never going to say that because he might be listening. But I would say that is substantially done in lots of ways. And now it's about the execution and yielding the results on that.
Julian is a bit different because Julian had 2 mandates when he actually came in. One, he had -- well, 3 in a way. So one, he had to scale the service so that we can actually be a best-in-class partner, and he's still working through that. Like he -- our brand is going to be people are differentiated to technology as they actually rely on technology to do more and more of their workflows and they outsource more and more of their workflows. So best-in-class team, best-in-class customer experience, but to really make the customer experience thing. He's still in the process of that.
The second thing is he has to actually do more of that at lower cost. And so like it's a challenge, but like it's a -- we have to deliver extraordinary customer service and experience, and we have to do that while improving our margin profile over time. So he's still in the middle. And he does need some technology to do that so that people do the things that they can do uniquely, but technology actually provides some of the scale behind the people overall. And then the third thing that he'll do, which is not a this year thing, which is a go-forward thing is that we are going to be offering AI security services across more workloads over time. Primarily, it's detection and response today. But we will be sort of like taking that very successful MDR strategy and doing it on exposure vulnerability and risk management. We'll be doing on compliance. Those are the 2 next big workloads that we've got massive amounts of feedback that customers want to be able to outsource to our AI center services. So he's got that mission mandate, too.
Got it. And how much of the growth that you anticipate is from existing customers versus new logos?
That's a great question. And so, this year, we're looking at primarily, I think, centered on new logo growth, although it's always been a balance just to be clear. So it's a tilt, not a -- it's a tilt like this, not a tilt like this [indiscernible] say it like that, although I did it backwards for you all. The -- as we go forward, though, as we deliver more of the AI services workloads, we do think there's a big opportunity to sell more to existing clients. And we've got lots of interest in how people can -- especially in Mekhos [indiscernible]. Some of this is like, okay, I can't hire more people. And so like when are you got to -- some people are gambling like, hey, you're looking to actually allow us to outsource more of the exposure management services, when can I do that? And what's the readiness for that? Likewise with the compliance services. So again, it's early there, but like I think over the next year, in 2027, I think that starts to change a little bit.
Got it. And for both of you, I think you mentioned the Kenzo acquisition. And I think you're clear that it's more of a -- more an IP acquisition than a revenue acquisition...
Yes, and lots of revenue. Great technology, but they were just going -- like they had a couple of nice really marque customers that [indiscernible] scale, but it wasn't substantial revenue deal.
Yes. So how would you describe what it brings to the table? And then when can we expect the impact to financials from that effort?
Yes. So I will take it. What it is, it's actually -- it's an AI technology base that allows people to actually to monitor environments at scale using AI with incredible efficacy rates and accuracy rates. So that's what it does. And actually, monitors for attacks at scale, processing all the security alerts and telemetry and allow -- and it does that incredibly accurately. We were so impressed with the accuracy and efficacy of that. What are the benefits of it? The first is a ICP, TAM benefit, so ideal customer profile and TAM. One of our biggest drawbacks on growth in the MDR space was that customers wanted us to actually monitor more and more of their environment because they have to have full coverage of scale. And doing that with just technology and just people would pressure gross margins. So we actually contained ourselves to the parts of the environment that we could actually do that fit our gross margin profile.
So we essentially capped our TAM and MDR to things if the TAM that fit within our gross margin profile. This removes that cap. So it actually opens up the full TAM and it opened up sales force. And so not just you, but our sales force is just like when can I actually start being uncapped. So we're doing the integration work, but that's a big deal because that's actually a tailwind to growth. That's why we feel good about the growth potential there because it's not like I have to go something new. We just have to stop saying no to actually the types of deals that we can actually do. So that's a big one. So that's the tailwind to the company.
The reason we love this acquisition because like we look at it, it's like, all right, where do we want to spend money is it was a double whammy. The other side of it is it allows Julian and the team to run the SOC more efficiently and allows our people to do more strategic work for customers. So it actually improves our gross margin profile on the MDR business. And so like when you can address -- improve TAM and improve your gross margin profile over time, that's a big deal. So that's why we're doing rapid scale because it was early stage, we are like we're making sure it scales and meets all of our needs. We have proof points on it. We're integrating it right now, modifying it, merging it with some of our technology. But as we exit this year, those are the 2 big things that actually impact. And we love things that actually have that dual impact on both profitability and growth.
Got it. Super helpful. Maybe for Rafe, I think a lot of people focused on the dynamics of core versus noncore, so thank you for breaking that out. I think it's very helpful. I think we get the core business and what's happening there. With respect to the deterioration in noncore, how should investors think about that? What are the drivers? And at what point does that become maybe an immaterial fact to growth -- overall growth of the company?
Yes. No, this is again just for everybody's benefit. We talked about on the call that over 80% of our business is core, right, which is the D&R and the exposure management side of the house. And so this noncore, which by default is less than 20%, that's a piece of the business where there's actually several different products within that. And we wanted to separate that out because as some of these good things that Corey is talking about continue to play out, we want to make sure everybody has good clarity on that and what we're doing there.
But when we look at the noncore side, we do see it's driving, based on our guidance, the sequential decline in ARR is really centered in this noncore piece. So what we're actively doing right now is going through and looking at each one of those products. And I think once you fall into a noncore or other bucket, you have to have a stated strategy for each product. And we have to evaluate them and look at how that impacts our customers' experience overall, but also evaluate against what we need from an internal perspective, make sure they're contributing good cash to the bottom line, make sure if they're older products or whatnot that they're funding the new investments that are going on. And that's a piece of it that we're very much in the midst of right now. Actually, the -- what we've shared with investors is came out of how we've been thinking about our business about really having strong priorities.
Now even at less than 20% of the business, it's still a meaningful amount of the ARR. And so we think there's ongoing opportunity there to make sure contribution margins are really solid, make sure we have really clear mandates about what salespeople can and can't sell or we do tend to incent our sales people to sell core more than these other things. But I think this is one of those developments over the last few months as I've come up to speed that first having this breakout, then diving into each one of those solutions and making sure we have a clear strategy. The reality is it's not a one size fits all solution within them. Some of them have much more crossover to customers between customers that are big platform owners also have some of these. So we -- it's going to take some work to pull this apart. We want to make sure we're really clear on how they're growing relative to each other, make sure that you can shine a light always and see how we're doing with our core because that's what's going to drive long-term value in the organization and then make sure we have a clear strategy for each one of these.
And we can add color on that over the over the coming quarters.
Got it. And then how are you thinking about balancing growth and profitability over the next few years? I think it's certainly great that you're showing us profitability. I think investors would prefer growth as long as you don't deteriorate the level of profitability that you have. But how do you throttle the 2? And how do you think about the trajectory over the next couple of years?
So I think what's really important for us is to have growth in core, right? That's the #1 priority. I'll take growth everywhere it wants to show up. But like how we're thinking about that business is we need core to be growing. It was growing 2% on -- when you take D&R and net it against exposure management, we'd love to see that accelerate. And we think there's great opportunity to accelerate that business. And so that's priority 1 plane and simple. But I think on the bottom line, we have to see margins improve over time, right? We want to make sure we've got good solid cash flow. We've got to make -- we've got to take care of our debt obligations. We've got to make sure we have the capacity to invest as opportunities come up. And so it is a balance, right?
So I think what we're going to be seeing is making darn sure core is growing and invest accordingly, making sure overall that we have margins improving over time.
How much of an improvement over time? I don't know that investors really want to see 100 basis points of improvement per year, but -- because they know that you have the leverage to do that. So as long as you can give them a little nugget...
Yes. I mean, investors can see like on our bottom line guidance, we expect margins to improve as the year goes on, right? I think the overall framework is we want to make sure, first and foremost, that we have the cash on hand to pay off our debts, that we have the cash on hand to run the company and make investments as we're going along and then make sure we get return from the investments we're making, right? And I think, like you said, if something really is taken off, the smart thing to do is invest in that growth trajectory. So it's, again, really getting in there and have that control over the dynamics of the business on a micro area, so you can have that situational awareness to make those decisions. I think that's what's going to play it out.
So in a context where you got margins improving over time, it's almost on the micro is more important than what we're doing.
Got it. And then how do you think about it? I mean you mentioned servicing your debt, so you've got a big convert coming up next year and plenty of cash to service that debt. You have an undrawn revolver and then you've got a tranche later on. How do you think about the level of flexibility that you have to service that debt versus what you have to invest in the business to grow?
Yes. So -- and just for everyone's benefit, we have a convertible bond that matures in March of 2027 of $600 million. We have -- this quarter, we finished the quarter with $670 million on the balance sheet. It's all in a current position. So we feel really good about this first maturity, and we have the line of credit and our ongoing cash flow, I think puts us in just a really solid position that we can pay that debt and have the cash to run the business, right, to make sure we're in a very comfortable space there.
When you stretch it out to the next convertible maturity, that's out in 2029 of $300 million, just our ongoing annual free cash flow build, we're comfortable with our plans that we'll be able to take that and again, maintain that position of pay off the debt, make sure you've got cash on hand to run the business. But like tuck-in acquisitions like the Kenzo acquisition that came up, you always have to be mindful of those and prepared to take advantage of opportunities. And so I think that's important and that's why it helps to have that $200 million undrawn line of credit on top of it.
But I think take -- managing cash is the first part of the job for the finance team. So I think we've got a great line of sight on taking care of the debt and then it's making sure we have the cash to run the business and make strategic investments, whether it's organic or a tuck-in acquisition or something like that.
Got it. Thank you for that. With that, we're out of time. So Corey, Rafe, thank you so much, really appreciate it.
Thank you so much, Brian.
Transkripte auf Deutsch freischalten
- Alle Event Transkripte auf Deutsch
- Sofortige Übersetzung
- KI-Zusammenfassungen für die wichtigsten Insights
Rapid7 Inc. — J.P. Morgan 54th Annual Global Technology
Rapid7 Inc. — J.P. Morgan 54th Annual Global Technology
Fireside-Chat: Rapid7 sieht AI-getriebene Beschleunigung von Angriffen als Wachstumschance für Managed Detection & Response und Exposure Management.
📊 Kernbotschaft
- Threat-Shift: Angreifer nutzen KI; Angriffe werden schneller, Kunden verlangen schnellere Erkennung, Reaktion und größere Abdeckung.
- Strategie: Kombination aus KI-Technologie und Managed Services (Personen + Prozesse) als Differenzierer gegenüber reinen Modellanbietern.
- Portfoliofokus: Core-Geschäft (Detection & Response sowie Exposure Management) macht >80% aus; Non‑core wird aktiv überprüft.
🎯 Strategische Highlights
- AI SOC (Kenzo): Übernahme einer AI‑SOC-Technologie soll Monitoring bei hoher Genauigkeit skalieren und wurde als IP-getriebener, kaum umsatzwirksamer Deal beschrieben.
- TAM- und Margenhebel: Kenzo soll das adressierbare MDR‑TAM öffnen (weniger Selbstbegrenzung) und gleichzeitig SOC‑Betrieb effizienter machen.
- Services‑Moat: Rapid7 setzt auf sichere, betriebssichere KI‑Einsätze kombiniert mit großem Service‑Know‑how als nachhaltigen Wettbewerbsvorteil.
🆕 Neue Informationen
- Kenzo-Impact: Integration läuft; Management erwartet spürbare Effekte auf TAM und Bruttomargen gegen Jahresende.
- Finanzposition: $670M Cash zum Quartalsende, $600M Wandelanleihe fällig März 2027, $200M ungenutzte Kreditlinie, weitere $300M Wandel-Anleihe 2029.
- Non‑core-Details: Rückgang der ARR‑Sequenz primär im Non‑core-Bereich; einzelne Produkte werden vor dem Verkauf/Neuausrichtung bewertet.
❓ Fragen der Analysten
- Moat vs. Frontier‑AI: Kritische Frage zur Bedrohung durch generische KI‑Modelle; Management argumentiert, dass großflächiger, autonomer Einsatz riskant, teuer und ohne Service‑Integration nicht praktikabel ist.
- Timing Kenzo: Wie schnell Umsatz/Margen profitieren? Antwort: Integration nötig, wirtschaftlicher Nutzen soll noch im laufenden Jahr sichtbar werden.
- Non‑core‑Risiko: Warum ARR fällt und wann ein Boden? Management prüft Produkt‑by‑Produkt, priorisiert Core und will klare Go/No‑Go‑Entscheidungen in kommenden Quartalen.
⚡ Bottom Line
- Für Aktionäre: Rapid7 setzt auf KI + Managed Services, Kenzo könnte sowohl Wachstumsspielraum als auch Margen verbessern; kurzfristig bleibt Non‑core ein Drag, Finanzposition aber solide—Werttreiber sind erfolgreiche Integration und sichtbare Core‑Wachstums‑ und Margenverbesserungen.
Rapid7 Inc. — Q1 2026 Earnings Call
1. Management Discussion
Good day, everyone. My name is [ Kaha Ilani ], and I will be your conference operator today. At this time, I would like to welcome you to the Q1 2026 Rapid7's Earnings Call. [Operator Instructions]
At this time, I'd like to turn the call over to Matt Wells, Vice President of Investor Relations.
Thank you, operator, and good afternoon, everyone. We appreciate you joining us. Today, we will be discussing Rapid7's first quarter fiscal 2026 financial results. We've distributed our earnings press release over the Wire, and it can be accessed on our Investor Relations website.
With me on the call today are Corey Thomas, our CEO; and Rafe Brown, our CFO. [Operator Instructions]
Before I hand the call over to Corey, I want to note that certain statements made during this conference call may be considered forward looking under federal securities laws. Such statements are made pursuant to the safe harbor provisions of the Private Securities Litigation Reform Act of 1995 and include our outlook for the second quarter and fiscal year 2026 and the assumptions for fiscal periods beyond that period and our positioning strategy, business plan, operational improvements and growth drivers. These forward-looking statements are based on our current expectations and beliefs and information currently available to us. While we believe any forward-looking statements we make are reasonable, actual results could differ materially due to a number of risks and uncertainties, including those contained in our filings with the SEC.
Reported results should not be considered as indicative of future performance. We do not undertake and expressly disclaim any obligation to update or alter our forward-looking statements, whether as a result of new information, future events or otherwise, except to the extent required by applicable law. Further information on these forward-looking statements and risk factors are included in the filings we make with the SEC, including the section titled Cautionary Language Concerning Forward-Looking Statements in our earnings press release.
Additionally, over the course of this call, we will reference non-GAAP measures to describe our performance. Please review our earnings press release and filings with the SEC for a rationale behind the use of non-GAAP measures and for a full reconciliation of these GAAP to non-GAAP metrics. These documents, in addition to a replay of this call will be available on the Rapid7 Investor Relations website.
And with that, I'd like to turn the call over to Corey.
Thank you, Matt, and welcome to everyone joining Rapid7's First Quarter 2026 Earnings Call.
Let me start by sharing insights from the influx of conversations we've been having with customers as they navigate the rapidly evolving cyber landscape. CIOs and CEOs are telling us the same thing in different ways. Advances from frontier models have fundamentally accelerated the threat environment and outpaced operating models built to defend against it. Vulnerabilities can now be discovered and exploited autonomously and attackers are moving at machine speed. This fundamentally rewrites the value equation and security. The premium is no longer on detecting threats faster after they emerge, it shifts to preemptive exposure management, autonomous detection and remediation at scale, closing the Windows attackers exploit before they can be exploited at all.
This is precisely the environment that plays to our strengths. And that's why our investment in the AI SOC and preemptive security operations are resonating so strongly with customers. This shift we're enabling from reactive to preemptive, from human scale to machine scale is not a marketing refrain. It's the only viable path forward for teams that need to anticipate where attackers will move next, prioritize the exposures that actually matter, and respond at the speed of modern attacks. Customers are looking for a partner who can unify their data, apply AI with the right context drive remediation at scale and translate all of it into measurable outcomes. That is exactly where we are focused.
The core platform we're building across Detection and Response and Exposure Management is becoming the foundation customers turn to as they modernize for this new threat reality. By unifying exposure and inspection on the Command Platform and combining AI-driven operations with the depth of exercises that we built over 25 years we're giving customers a single coherent way to reduce risk, disruptive tackers and build durable cyber resilience. The opportunity in front of us has never been clearer, and our conviction of this strategy has never been higher.
Turning to the first quarter. I am pleased to report that Rapid7 delivered outperformance against all guided metrics. ARR of $832 million and revenue of $210 million were driven by sustained growth in our Detection and Response business, offset by trends in other parts of our business, particularly our non-core stand-alone offerings. Non-GAAP operating income of $24 million exceeded our guidance and helped drive strong free cash flow of $33 million. Our quarterly results reflect a greater focus on balancing strategic investment in driving scale in the business.
In Detection and Response, ARR growth of approximately 7% was driven by strength in MDR business. Our approach to delivering AI-enabled SOC, combined with deep services expertise continues to receive strong market validation. And in this quarter, we added a new Fortune 500 customer and a 7-figure ARR deal.
In Exposure Management, we'll continue to simplify the migration process of upgrading our large vulnerability management base and to the exposure Command Platform. Our approach to a unified AI-driven exposure platform continues to resonate with new and existing customers. In this quarter, a large Fortune 500 customer consolidated on Rapid7 as their exposure platform of choice in a competitive deal cycle.
In the quarter, we acquired Kenzo Security, an agentic platform built to run security operations autonomously and at machine speed. This is a direct accelerant to our AI SOC vision. Kenzo's data mesh ships customers away from a per alert investigation model to a system-driven one. Coverage scales with the environment, not headcount. This unlocks two things: a meaningful tailwind for MDR growth; and a path to higher contribution margins through software-driven efficiency. Most importantly, Kenzo opens a door to the full MDR market. Rapid7 is evolving into a preemptive genic security platform that accelerates the entire SOC, delivered either as a managed service or a self-managed platform. By combining deep MDR expertise with exposure-driven visibility into vulnerabilities and attacker behavior, Rapid7 enables organizations to detect, investigate and stop threats earlier.
We also continue to innovate on our Exposure Command platform, delivering two major capabilities: onetime validation for cloud environments; and data security posture management to strengthen proactive exposure reduction across hybrid environments. In plain terms, we no longer just tell customers what their vulnerabilities are, we tell them which ones are actively being exploited in their environment. Onetime validation determines what attackers can actually reach in production, and DSPM maps where the high-value data lives and who has access to it. Together, they collapse the noise and surface to the small set of exposures that actually matter.
These steps accelerate the playbook we shared with you in February, strategically investing in our AI-enabled SOC to deliver preemptive security infrastructure while also deploying expert talent towards high-value customer engagements that AI cannot replicate.
Turning to customer wins in the quarter. Rapid7 continues to be the partner of choice for global organizations securing complex, on-prem, cloud and hybrid environments. The go-to-market changes, Alan, our Chief Commercial Officer, put in place at the start of the year are beginning to bear fruit. We are running a sharper, more focused organization and productivity has improved. While it's still early, the operating discipline we're committed to in February is beginning to take hold. And we believe that as an organization, we can continue to drive efficiencies over the middle term.
And this quarter alone, a Fortune 500 mining company with global operations selected Rapid7 as is an MDR provider of choice in a 7-figure deal. This was a long competitive sales cycle in which our SIM and detection response capabilities stood out to their security leaders. Rapid7's history managing cloud, hybrid and on-prem environments and strong technical knowledge helps submit this decision.
After years of only covering a portion of its environment, a global Fortune 500 aviation manufacturer expanded with Rapid7 as their preferred global exposure management provider in a large 6-figure deal. The capabilities of our Command Platform, combined with our in-house technical talent or resident points during the expansion process.
And lastly, a leading health services provider selected Rapid7 as their MDR provider of choice in a large 6-figure deal. Previously, subsidiaries of the organization use the spirit tools and lacked unified coverage, Rapid7's ability to address challenges at a regional and local level, in addition to a unified coverage across ecosystems stood out to security leaders at the organization.
Now before I pass the call to Rafe, I want to dive deeper into implications of the unprecedented shift to frontier models bring to the security landscape. And I want to be clear that this market shift is a long-term tailwind for us, not a threat. Vulnerability discovery has been accelerating and commoditizing for years, driven by advances in AI coding and reasoning and frontier models like Anthropic's Mythos and Google's Big Sleep have made that trajectory undeniable. Mythos those surface more than 2,000 previously unknown vulnerabilities in 7 weeks. That is a new baseline.
But here's the part of the stories that headlines miss, but Mythos commoditized vulnerability identification, finding bugs and codes. It has not commoditized the operational reality of managing those vulnerabilities across complex enterprise environments. It does not commoditize detection and response, it is not commoditized exposure management. If anything, it makes it all the more essential because the volume and velocity of findings every enterprise has to act on is about to increase dramatically.
The value is migrating in 3 directions, and Rapid7 is at the intersection of each trend. First, remediation of scale. The Command Platform provides a granular visibility and tracking required to manage thousands of [ filings ] across hybrid environments. Combined with our SOAR capabilities, and Kenzo's agentic AI, we are moving from traditional patch management towards AI remediation, identifying flows and deploying fixes autonomously.
Second, Detection and Response, a faster discovery cycle on the attacker side means a faster spot cycle on the defender side. Kenzo accelerates our MDR service from AI-assisted workflows to autonomous machine speed investigation. Detection is no longer the bottleneck. It becomes a precursor to near instantaneous response.
And third, preemptive exposure management. Our March releases of runtime validation and data security posture management, move exposure command from continuous assessment to continuous validation, telling customers, which exposures are actually exploitable in their environment against their sensitive data given their identity surface.
This is the shift the market is describing. It's a shift that Rapid7 has been building towards. More vulnerability sound means more demand for operational platform that turns findings in the outcomes.
To close, this is the moment of real change in our industry. We have the data foundation, we now have a step-change AI capability accelerated by Kenzo, and we have the expertise customers do not get from a model alone. The team is executing with urgency. The operating discipline is taking hold, and the work we're doing this year sets up share gains we expect to deliver over the medium term.
With that, I'd like to pass the call to Rafe to discuss Q1 results in more detail and our updated 2026 guidance. Rafe, over to you.
Thank you, Corey, and good afternoon, everyone. As a quick reminder, unless otherwise noted, all numbers, except revenue and balance sheet items mentioned during my remarks today are non-GAAP. Please refer to our earnings release and SEC filings for additional details regarding the presentation of our results and guidance metrics.
In the first quarter of 2026, I'm pleased to report that we exceeded guidance across all guided metrics. We finished the first quarter with total ARR of $832 million. But let me add a bit more color. I've now been at Rapid7 for 5 months, making this a good opportunity to step back and share some of my observations which I think will also help you better understand our underlying mix of businesses as well as the rationale for the strategy we are pursuing. A key takeaway is that while many people think of Rapid7 as a VM and D&R provider, that categorization of our business is incomplete. I believe that the business should be thought of in two distinct groupings.
First, our core platform solutions group, comprised of our Detection and Response solutions, which includes MDR, and our Exposure Management business, which includes VM and Exposure Command. These core platform solutions constitute more than 80% of our total ARR and have been the sustained growth driver in our business in recent years. As you know, we have different underlying trajectories within core platform solutions, led by our strong MDR business and work underway to return the exposure management business to growth. These core platform solutions are where our business is focused. As such, the performance of our core platform solutions is the clearest indicator of the ongoing transformation within Rapid7, and they are the solutions where we are concentrating product development and go-to-market resources.
The remainder of our business mix or second grouping consists of stand-alone non-platform offerings. As customers have shifted towards platform-based offerings over the past few years, these stand-alone non-platform products have declined on a year-over-year basis, while they remain profitable, and we continue to support our customer using these products, stand-alone non-platform offerings are not central to our strategy. As a result, they have experienced declines and have been the driver of the sequential net ARR declines we have witnessed in recent periods. With the benefit of that context and framing, let me unpack our Q1 ARR performance.
Our core platform solutions, which now total over 80% of our overall ARR, as I shared moments ago, grew approximately 2% on a year-over-year basis, led by our stronger software in the group our Detection and Response business, which had approximately 55% of total ARR, grew approximately 7% on a year-over-year basis. While D&R growth was partially offset by our Exposure Management business within these core platform solutions, we remain pleased to see ongoing momentum in our more holistic Exposure Command offerings, driven by both newcomers and customers migrating to this new platform. We are not where we want to be across all elements of our core platform solutions. But reaccelerating the growth of these core platform solutions is the focus of our strategy and where we are placing our bets, as you heard Corey describe in detail earlier.
In contrast, our non-platform products declined in the quarter, driving the sequential decline we saw in total ARR. As we plan for the remainder of 2026 and beyond, we see opportunities to optimize margins for these stand-alone non-platform solutions as we take steps to improve the alignment of our investment resources to our growing core platform solutions.
Returning now to other important metrics. Total revenue of $209.7 million declined 0.3% year-over-year. Within this, product revenue of $204 million was flat year-over-year and services revenue declined slightly. We finished the quarter with over 11,500 customers and an average ARR per customer of approximately $72,000.
Turning to first quarter profitability. Total non-GAAP gross margins of 72% were down approximately 280 basis points year-over-year, consistent with our expectations driven by improved staffing in our global security operations centers. We reported non-GAAP operating income of $24.4 million or a margin of 11.7% favorable to our guidance. This upside to profitability drove non-GAAP earnings of $0.36 per diluted share. Free cash flow totaled $33.4 million in the first quarter, driven by strong collections.
From a balance sheet perspective, we ended the first quarter with $670 million in cash, cash equivalents and short-term investments. In addition to these resources, we have a $200 million undrawn revolver in place. Our cash and investment balances, undrawn credit facility and continued free cash flow generation give us confidence in our ability to settle our March 2027 convertible debt upon maturity as well as fund ongoing operations.
This brings us to second quarter 2026 guidance. We expect in the second quarter with ARR of approximately $820 million. And on a sequential basis, we expect in the ARR for our core platform solutions, D&R and Exposure Management will be approximately flat quarter-on-quarter, with an expected sequential ARR decline in our non-core stand-alone non-platform offerings. For the second quarter, we expect total revenue in the range of $207 million to $209 million or down approximately 2.9% to the midpoint on a year-on-year basis. Non-GAAP operating income is expected to be in the range of $24 million to $26 million or a margin of 12% at the midpoint. Non-GAAP earnings per diluted share are expected in the range of $0.33 to $0.36 on approximately 78.3 million fully diluted shares.
Updating our full year fiscal 2026 guidance, we expect total revenue in the range of $836 million to $842 million, a year-on-year decline of approximately 2.4% at the midpoint. We are raising non-GAAP operating income guidance to a range of $112 million to $118 million or a full year non-GAAP operating margin of 13.7% at the midpoint. As previously highlighted, the business exited 2025 with a higher expense run rate, reflecting 2025 investments across people, technology and our India global capability center. By closely managing ongoing investments, we expect non-GAAP operating margins to improve to the mid-teens as 2026 progresses, and we remain focused on continuing to improve operating margins in 2027.
Non-GAAP earnings per share are expected to be in the range of $1.52 to $1.60 per share on approximately 79.4 million fully diluted shares. We expect 2026 as free cash flow in the range of $125 million to $135 million for the full year, flat with prior year performance at the midpoint and a free cash flow margin of approximately 15.5%.
In conclusion, there is a tremendous opportunity for cybersecurity companies who can help their customers respond at the incredible pace of new vulnerabilities and increasing attacks. Rapid7's core platform offerings of Detection and Response and Exposure Management are uniquely positioned to help companies navigate these threats, which we believe presents a long-term growth opportunity for our business.
And with that, I'd like to turn the call over to the operator for Q&A.
[Operator Instructions] Our first question comes from Michael Cikos with Needham.
2. Question Answer
Can you hear me okay?
Yes, we can hear you just fine.
Terrific. So I just wanted to start out with the guidance we have here for the ARR and thanks for splitting out the core versus the non-core. Could you help us think about that core ARR business? Where are we specifically with the exposure management and helping that business start to see growth versus some of the headwinds we've seen in recent quarters.
Yes. I mean, Rafe and I can tag team it. So our exposure management, we're happy that we're seeing the stabilization. I would not say that it is a growth driver, just to be clear. It's not -- but we're seeing a stabilization and improvements that we would expect, and we see good leading indicators of that business is sort of like set up to improve, but it's nothing that we can claim sort of success or improvement on. We're still working with the upgrade cycle and the noise environment. We are optimistic that the backdrop of what's happening in AI gets customers refocused back on the need to actually take Exposure Management, seriously as a priority because there was lots of noise before about all the things people can focus on. And we're certainly heartened by the early conversations, but that's not something that we will translate directly into a forecast or guidance at this stage.
Understood. And for the follow-up here, again, I know we're navigating the core versus non-core ARR components. If I'm just looking at the guide we have here on the ARR for Q2, and I know you guys are only guiding a quarter out at this point. it is less than what consensus had been thinking about here? And I'm just looking to see, can you give us a flavor for what the shape of the rest of the year looks like? Are any other things we should be mindful of as we navigate the next couple of quarters since we are only getting that ARR data point from a guidance standpoint on a quarterly basis.
Well, we're only guiding the current quarter right now. And as Rafe says, we're getting a firm, we want to make sure that we have the transparency as we go through it. The one thing I'll comment on is, clearly, in the first half of the year, we're seeing the non-core, which I talked about other before, decelerating off at a faster way. Our core is still a net positive contributor.
As that plays out, we'll see how that plays out and whether we see the acceleration in exposure the impact of D&R. But I would just say, just to give you revenue guidance, we feel very good about that. We have a lot of confidence in all the measures that we actually got on, but we'll keep you updated as we actually go along, but we're not going any further breakout right now.
Our next question comes from Matthew Hedberg with RBC.
This is Mike Richard on for Matt. It made a ton of sense when you were talking about the changes with Mythos and the other frontier models and how that can act as a tailwind for Rapid7. But I was wondering about how these changes are impacting customers. Is there a confusion in the market around frontier models and vulnerability discovery and what that means versus exposure management? Or do they sort of get it? Just any details you guys can provide on what the customers are thinking right now?
Mike, it's a great question. So one, I think there's probably more confusion with investors than there are with security experts, which we understand which is what I wanted to clarify in my prepared remarks. Most customers look there's two class of things that are going on is customers are having expertise on staff and they're expecting a lot more sort of like scale of vulnerabilities and confusion. And what we're hearing from them is the need to really focus on exploitability, understanding what's on the environment. Focus on understanding reachability, what's happening and then remediation organization management at scale which requires to understand the attack [ surface ]. These are all things that we're focused on.
And frankly, though, we are accelerating our own efforts to make sure that we make it easier for customers to understand what are the vulnerabilities that matters most, because what you're seeing is a lot of real bins, a lot of noise. And what we want to make sure is that like as things served for customers, they are remediating and addressing the most important things first as quickly as possible. And that's the stance we're taking there.
And what we've seen so far with customers is that those that are in the know, they understand that they're focused on it and they're asking us, how can you help me actually manage the complexity. I'm going to have a lot more to manage There'll be a lot more real stuff that I actually have to address, but there's going to be a lot more noise too.
Now there's -- I would say a lot of customers that are less mature in their cycle, and the word vulnerability is vulnerability. But again, I actually think that what you'll see often in security is that the knowledge does get out there, they will have to respond. They won't be able to remediate everything that's in place all at once. And so they, too, will actually have to understand it.
I think the tricky part for investors is vulnerability, whether you do discovery or scanning or vulnerabilities [ and codes ], it all sounds the same. But they're very different, like [ code ] level vulnerabilities are very different than the vulnerability management, which is very different than exposure management. exposure management is about addressing the things that are actually exploitable and the vulnerabilities that actually lead to compromise and doing [ it ] at scale across the environment. So there's differences, but use the word vulnerability, definitely can cause some nuancing infusion.
That's super helpful. Yes, that's super helpful. And just as a quick follow-up, maybe just taking a step back from a macro perspective. Are you seeing any change in customer behavior as it relates to maybe geopolitical uncertainty or even just AI budget crowding out as we've heard of more and more enterprises sort of running up on their AI budgets and not impacting other areas of enterprise software spend.
Yes. I mean look, I actually think everyone is trying to figure out what's the right way to budget and plan for it. That is an obvious thing that -- I don't know an organization all over the world is not trying to figure out like what's the right AI strategy? How do I budget for it? How do I plan for it? And how do I deal with the leapfrogging that happens from time to time? But I would just say [ universally ], to be clear, this is a year where more than ever we're seeing regardless of what the domain is, customers are looking for how do I actually start showing real benefits and little outcomes for the technology. It's moving from pilots to delivery.
And this is the thing that actually makes you excited about the investments that we've made organically and with Kenzo is that customers are in this [ show-me ] stage, and they're looking for how can you actually help me scale. And in our case, is how do we help them scale their secure operations because I hardly know any customers that are getting a lot more people allocated to the teams, and so they're looking for technology and services to scale their security operations, and that's where we're focused. Thanks again for your questions.
Our next question comes from Joe Gallo with Jefferies.
I just want to ask one high level one and one explicit about 2Q. So a high level, you guys are investing in areas of growth, MDR, go-to-market, integrating AI, how should we think about the trade-off between stabilizing ARR growth and maintaining gross margins going forward? Any guardrails that we can think through?
Rafe and I can tag team this. Our team has a very clear mandate is that we have to scale margins over time. And we feel that we have the right setup for that. If you think about our MDR business, which is our fastest on business that also historically has had, frankly, less contribution margins at scale than some of the other businesses, that also is a business that we expect the gross margins to expand. That was a big part of the Kenzo [ thesis ] is that we can deliver better service and better efficiency and better cost leverage. So we're quite excited by that, we can deliver our customers a better experience and do it more efficiently, which is good for our investors too.
And so just to be clear, as both myself and the management team have a mandate that we have to actually expand margins over time. But we are willing to make tactical investments to make sure we're going in the right way. It was absolutely the right thing to do this year as we saw the tsunami of cyber risk coming in to customers to make sure that we were properly staffed in our MDR environment to manage that and respond to that and make sure we're delivering a great quality of service. which leads to long-term retention and expansion. We know that we can actually do more AI and automation to actually do some of those SOC services over time. But we feel very, very good that we made the right decisions to make sure that customers are set up well, but we are managing the business to expand margins over time.
And I would just call out, as we mentioned in our remarks, we do continue to expect to see bottom line margins improving as we go across 2026. And we're very actively -- when we do planning, we roll it out and look at it at those carryforward numbers to make sure we're very conscious of run rates going into the next year. So I think we talked about -- in 2025, we saw some investment, and we knew that would impact year-over-year comparisons as we go through the first part of the year. But you'll start to see the benefits of that and see those improving margins even here in 2026 as we move to the back half of the year.
Okay. No, that's very clear and really helpful. Maybe just a follow-up on -- I just want to understand exactly what our takeaway should be with your 2Q ARR guide, right? So 1Q declined $8 million quarter-over-quarter, you're guiding to another decline of $12 million. So I'm just trying to understand like, is that 20% of the non-platform business? Is that churn getting worse? Is it lower expected new business for the 80% of the business that's growing. We're 1 month into 2Q. So I'm just kind of curious what you're seeing in 2Q that kind of indicates that new ARR might be a little bit worse than you saw in 1Q?
Yes, I would just say, look, in 1Q, even though we're not actively -- even though we expect other or the non-core to actually turn and it's not a quarter -- in focus, it's not quarter investment. When we see acceleration, we take a more cautious outlook about what that does. We definitely saw acceleration. We're not adding new. So it's really just churn, just to be clear, and that's of the stand-alone non-core businesses. We saw acceleration then in Q1, and we are taking an appropriately I think, thoughtful viewpoint of that as we actually go into Q2. And we also just want to predict that we're going to overcompensate for that by acceleration of core. And so that's the primary driver, and that's the primary takeaway that I have now. I think that's far I can give the comment here.
Yes. And I think that's exactly right. We want to share that color on what's exactly going on there because it's really important for everyone to see that are where our core business is, how it's been growing and have that clarity because that's really going to be the long-term future for the organization. And those products will be the ones that we're taking to customers on a regular basis. So we hope by breaking that out, that again illuminates exactly what's going on.
Next question is from Adam Tindle with Raymond James.
Okay. I just wanted to continue on the topic of core versus non-core. And if I was to rewind back, Corey, I know the strategy was to really create a lot of synergy between the platform historically. So I guess as we fast forward to today and having one piece of the business that's understandably kind of non-regrettable churn or in decline, how are you managing the impact on core while non-core churns, meaning, I imagine there's some customer overlap. Why would churn in the non-core piece, potentially not impact core? What are you doing to mitigate that potential risk?
No, it's exactly the right question. Look, when you -- wherever you have dynamics and just to remind you, like non-core is things that are on the lower on the priority list, but it's also stand-alone business, some of the legacy stuff there. You hit the nail. You hit the core point, is that, as you manage these things, you know what we have to do well. We have to nail how we help customers gather security operations and the core of that is the preemptive platform with Exposure Management and Detection and Response and how we weave that together.
Now as you said, there is a subset -- not all the customers are overlapping, just to be clear. We have a healthy amount of stand-alone customers. But for customers that are overlapping, their experience matters deeply. And so our teams are actively working to make sure that we deliver those customers the right experience. But also in the world of rapid innovation at the pace of AI, we're rapidly rolling out new services that are adjusted their need and we're expanding their scoping their experience with them. If you look at some of the announcements that we've been making, we've been picking up our pace of innovation and our pace of things that were actually communicated to the market.
And frankly, our pace of what we're actually providing customers as part of their existing subscriptions. And our view is if we do that well and we keep delivering on that, we're actually adding more strategic value in areas that matter more and therefore, we can actually really continue to focus in on those areas. But as you know, these type of transitions have to be managed well and it's something that we're focused on to right now.
Yes. Rafe, maybe just a quick follow-up. You talked about, obviously, silver lining here has been profitability. And I think you mentioned mid-teens operating margin in fiscal '26 and through in that you expect to continue to improve in fiscal '27? Understandable that obviously not providing official guidance on '27, but that's helpful to give us a sense of trajectory of the business.
I guess as you think about that, it's uncommon that we see platforms that are undergoing growth pressure that are still able to scale and not experience that lack of leverage on the downside. What are the drivers in terms of your confidence in margins in mid-teens and continue to improve in fiscal '27? And any parameters that you'd like to set just so we can understand what continued to improve in fiscal '27 might mean?
Sure. I think what's given us confidence as we go through '26, is like, first of all, you'll recall that there was a great deal of investments across people and technology last year, opening up the India center. All of those things happened in 2025. So especially in the early parts of the year, the year-over-year comparisons, [indiscernible] burnt of that cost uptick. But a lot of that work was in place to help build efficiencies in our organization, giving us locations where we can give great productivity at an affordable rate. It's extremely helpful. Having SOCs that are around the world on a global basis, extremely important to our customers, but also important to our efficient operation. So as we get people ramped up and get that part of the business locked in, that's what really is offering some efficiencies for us.
And we're also being very careful in 2026 about cost management and just across the board, we're making we want to deliver on that commitment we've made about our margins. And so we're being quite cautious about where we spend. And some of this plays out really is when we start talking about core versus non-core, being really clear about where we should invest because we think that will drive long-term growth versus where we need to be more moderate in how we manage those costs. So all of that coming together is giving us what we're planning for 2026 and giving us confidence is we really look -- need to be looking at those run rates as we leave this year into next.
Next question comes from Jonathan Ho with William Blair.
I just wanted to maybe dig a little bit into sort of this emergence to the Mythos models, like how do we think about the broader opportunity set around MDR and CTEM evolving with that AI landscape. And just your product specifically maybe you need to change to address sort of the emerging landscape.
Yes. So let's just -- and if you could mute your phone, please. Great question, Jonathan. So I think that you have to first understand what's changing for customers in order to understand frankly, what the work that we're doing that's valuable and the work that we need to do different, I think that's a very good question, Jonathan.
So the first thing was changing for customers. Customer [indiscernible] of 0 days. They want to see a much larger volume of vulnerabilities. They're going to see more exploitable vulnerabilities, but the amount of vulnerabilities that they want to see are not all going to be exploitable. So the ability to actually figure out what really manage is going to [indiscernible]. The ability to actually manage remediation at scale entire conference. If you could do remediation, in months before they figure out which stuff matters and manage the remediation in days as appropriate matters and the things that should be weeks and [indiscernible], we have a massive remediation backlog overall.
The pace of what you're looking at is being able to exploit vulnerabilities at speed and pace, dwell time is actually shrinking. So what you're going to see is people are going to have to go from detection quickly to actually active response. That's another significant change overall. And so when you put the picture together, customers are going to be dealing with both, the speed, the scale and the need to respond quickly without breaking things.
So what does that actually go? So let's just break down a couple of things. So one, Rapid7 has had a long history of focusing on exploitability, and our security researchers are accelerating and moving our models and upgrading those to actually deal with the increasing insertion that we expect and the speed to actually really discern what's explorable from what's not exploitable.
The second thing is we actually -- as we built out our overall Exposure Management framework, we believe that vulnerabilities are not the core thing that matter in themselves. It's the intersection of vulnerabilities, how devices and networks and technology is configured, as well as the controls at environment. After all, that's what exploitability is. It's the reachability, combined what controls are in place, what's configuration, combined with what's vulnerable. We understand that better than most organizations in the world.
And then the last piece that we just invested in is Kenzo, which is actually [indiscernible]. So the things that we're changing from there is we're upping the visibility and the understanding and the ability to quickly process what's exported in the environment. We're accelerating the investments in our remediation management to help customers track and manage remediation across the environment we were already bringing forth the Kenzo for actually instantaneous detection, but we're also investing heavily in leveraging our understanding of both the configuration surface and the control surface to actually help customers understand what the best interdiction or immediate intervention options they have to contain attacks, because they will have to respond in the moment and sometimes the 4 mediation is not available.
I know there was a lot out of it. Those are the things that are changing for the customer, the things that we're investing in, and frankly, the things that we're accelerating and changing in our environment, in our technology segment.
Our next question is from Eric Heath with KeyBanc.
All right. Maybe one Corey, one for Rafe, if I may. So, Corey, I mean lasting as been out for about a month and it feels like there's a lot of urgency out there. So just curious what impact you've seen thus far in 2Q in the pipeline. And then for Rafe, I very much appreciate the color on the platform growth and the guidance. But any specificity you can give on how net new ARR 1Q was for core platform? And then just how we should think about maybe the exit rate for the non-core platform products as we exit 2026. .
Yes. I mean, I'll hit it before Rafe actually hit on part before. With last in, I think there's two things. There's a small cohort of our customers who have actually seen it in access and they want insights into how we help them deal with the true exploitable ones and also the volume and the noise. And that's very straightforward. And that feedback and that engagement with customers is driving some of the strategies that I talked about earlier.
And then there's those that are on the outside and trying to figure it out. And frankly, they're looking for a perspective about how much does this change their technology strategy? Do they have to put all new projects on hold and just do remediation for the next 6 months. And if so, what type of remediation. So I think they're a assessing mindset, just to be clear, and that's why we're still in the early days because lots of organizations don't know what the magnitude of the impact is specifically for them.
Yes. And then just to add a bit more color on the first quarter. I would say, first of all, we were really pleased with the sales organization and their hard work in Q1. You'll recall that -- we had a new leader, Alan joined late last year. He made a few changes on the team even in -- even as we started this quarter, and yet the team really executed well, very much hustled, and we saw an uptick in productivity across the quarter. We saw just good execution on a lot of operational details that are just really important to running a sales organization. So I think hats off to the sales team on delivering good results there.
And that translates into our core platform solutions where you saw, first of all, within core, the Detection and Response business, which is now 55% of total ARR, and I think that's a little bit more color than we've shared in some of the past quarters on that. Growing at 7% on a year-over-year basis. So that's new net of any churn we had in the quarter. So that's a really strong leader. And that, combined with Exposure Management solutions, which rounds out the core solution, that total group was growing at 2%. So good execution on the top line, good work from the product team, helping our customers and just execution all around make sure that, that core numbers were growing in the first quarter.
The next question is from Shrenik Kothari with Baird.
So just a follow-up to Jonathan's question and Corey, thanks a lot for the color the [indiscernible], the value or shifting or reshift towards remediation and scale and the exposure validation. That makes total sense. Just in terms of monetization opportunity and timing wise, just wanted to get your thoughts in practice. Like how do you think that, that shows up in this post frontier model world? And terms of MDR in terms of the urgency for exposure command upgrades in terms of run time validation and just a broader platform. And then I have a quick follow-up.
Yes. Look, our current plans, it is a -- it's not even a single, probably a double user base [indiscernible]. Just to actually get a catalyst to actually help move the priority of exposure management back to the forefront, which actually helps significantly with the VM upgrade initiatives and focus. So that's our focus. We're not looking to actually charge incrementally for it. We think we actually have a modernization plan that's already attached to it. And so seeing the VM to Exposure Command acceleration in the Upgrade program is where we plan to primarily see the monetization. And again, we're accelerating some things in line with our strategy. We'll refocus and tightening, but we were on this path about how you actually manage remediation at scale, how do you actually really assess exposures from both a control and a configuration standpoint. And then the last thing you had to do active [indiscernible] overall. So I would to say the focus hasn't changed. But from that perspective, we should see the monetization there.
On the MDR side, it's going to be interesting because I think the thing that I'm talking to most customers about is how do they -- if customers are getting comfortable, they know now that they will have to enable active response and do more automation and more AI-driven response across their portfolio, and they're getting comfortable with that. Our goal is to actually lead that discussion with Trust. That is an expansion area, that's an investment area. It's a potential monetization area, which is a little bit too early there. That's one of the biggest incremental areas out sales focus, that we're recalibrating resources for is how do we actually shift the active response to machine speed while ensuring that we can actually do that safety based on our knowledge of the overall tech surface and control surface and the continuation surface.
Very helpful. And just a follow-up, Rafe, you talked about, of course, prudence in the non-core guide and more confidence in the core platform growing. Just in terms of the go-to-market changes, there have been put in place [indiscernible] Corey mentioned productivity improving. Just can you unpack a little bit like what's happening in the plumbing. Like are you seeing -- just again, in your words, Corey, I mean, is there a healthier mix of more singles and doubles now? Is the child source pipeline become more efficient? Is there more better upgrade motion to like which funds are showing up?
Yes. I mean the big one is the rate [indiscernible]. Alan has really tightened in the focus on making sure that we're actually selling the core, which is, again, the D&R and exposure and the MDR platform integrated capability. So one thing is that when you actually have a strategy, you're not actually selling all over the place. So we actually have a tighter focus there. We're seeing tighter pipeline builds in those areas, and more focused, consistent execution.
Yes, and the biggest thing is that like as we set targets, we actually hit the targets. Now we all want to actually see acceleration and we want to see the growth go faster. But I will say that we actually have the confidence in the trends of how we're seeing the business performance starting to actually shift. We want everything to go faster, but we're seeing the confidence in the -- both the management and the visibility. That gives us a lot of confidence about like how we actually see the year standing now.
Next question is from Meta Marshall with Morgan Stanley.
This is Abhishek Murli on for Meta Marshall. Congrats on the quarter. I wanted to touch on Kenzo Security and kind of where that product sits in the road map in the context of AI-driven investigation. So can you kind of clarify what capabilities have already been incorporated into customer workflows versus like what kind of remains in development? And then should we think of it as more of an improving of productivity or a customer-facing remediation? And kind of just any further details on that.
What Kenzo is excellent is that -- both the data mentioned in their model was extraordinarily at doing investigations of scale. So it was an alert processing engine that allowed you to come in and process alerts from all over the environment. We're active to integrate [indiscernible] right now, just to be clear. So it's not like a derm integration. It's probably the biggest thing, and we all like, a, that has to happen fast and it has to go fast. So the team has come in. We're in the process of integrating in. We'll be rolling it out to customers starting in the next couple of months, we will roll it out to the rest of -- this year rolling out to the rest of this year. But that's the biggest thing. So if you say like what's the core of what Kenzo does. It is an AI platform for actually processing alerts and doing high-quality investigations at scale.
To add some context, specifically for investors and for people the call is that typically, what a SOC analyst who typically does this is they get an alert in and one, they have to make sure it's not deduplicated. I would to say over time, SIM's not doing a good job with this. D&R systems like Rapid7 did a good job with a deduplication. So we've already been making advances here. But then you have to go out and actually do all of the knowledge collection and contextualization to actually say, what's all the data I need to get at [indiscernible] actability out, whether this is real or false. And then what you actually have a sense of whether it was real, then you actually had to actually do another level of investigation to figure out like how bad it was in the environment and what you actually need to contain and remediate there.
That took days, just to be clear, hours and days. Kenzo is excellent at doing that a massive volume massive scale in machine speed. And so it's much faster, and it has better efficacy rates overall. So we're both taking it in, we're applying the model, and we're extending the model out. to actually hit not just alerts but a much wider range of data sources as we go forward. And then the other part that we're actually at in to Rapid7 is that because we have so much deep knowledge of the environment, is we have a much wider range of response options that are available.
Now again, that is new development effort that's happening to -- I don't want to get too far down the path. But customers do need to know how they can actually respond at speed and scale. Some of that is going to be used in our technology, some of that's going to be using third party technology. But we have the brains to know which type of controls and systems to leverage and scale, where that has existing controls, where they had some new start-ups that are actually in the space that actually make changes in the environment. We have that knowledge and that expertise to actually know what's the most efficient to apply at scale based on our knowledge of the environment.
Our next question is from Adam Borg with Stifel.
Awesome. I'll just stick to one. Maybe, Corey, you talked really, I think, at length in a good way about out of the frontier models are driving increased vulnerability identification, but that's really where the tailwinds begin for you. And I think you talked about customers understanding how these frontier models fit in and investors may be a little bit more confused on their role over time. And maybe just to that latter point, if you could help us understand like what's preventing these frontier models for moving just from identification of vulnerabilities more towards the exploitability, the reachability, the prioritization and the remediation that you talked about because they seem to be talking that they're moving in that direction. And any way you could talk about the moats that vendor like yourself has to prevent that from occurring would be really helpful.
Yes. So there's three different moats that matter. And I think -- just to be clear, I don't want to say versus the frontier model because we actually leverage frontier models inside of Rapid7. So anyone who's not leverage in frontier models is like just not going to be relevant.
So I want to be clear. This is about where they actually use cases and don't -- so that's more -- I want to frame that up and we -- there's a couple of things that are actually significant clear moats that actions do. One, it's just like if anyone's actually use frontier model to any environment at any scale, you actually know you have to actually discern what's the cost of the activity you're actually doing. So someone can actually go scan and do exploitability analysis in the environment and do all of that. But just to be clear, they're paying a lot more than what you actually get for the same information in the core vulnerability management system. They're not designed to do that.
Now could they build specialized thing and specialized software to actually do that? Potentially, yes. But again, you are -- then you're just building the product and you can actually say you're actually building the product and you have not. So but that's one, it's like cost does matter, and actually do it efficiently at scale and at cost as someone who's tested out some of these systems in the environment trust me, you can run a fair amount of money in what you think is a very straightforward scan. And by the way, that's proven out in their own data that they actually go. So I would just say we actually can't miss it.
The second thing that you have to say is that like it's not whether it's vulnerable, it's actually exploitable in the environment. And exploitability means you have to understand not just the vulnerability. You have to understand the configuration of the complete environment, and you have to understand the controls and the overall environment and how they intercept. Now you could make a technology to do anything, but that is actually specialized it's both knowledge and data that we've optimized around to understand the question about what's actually both exploitable, what's reachable and how is that configurable in the overall environment.
The last thing when you actually get to the core one about how do you actually want to actually take action and respond in the environment. And look, I have a high trust, but I don't think anyone wants a foot tier model in their environment, running rampant in the environment that can actually make configuration changes, do active defense, active response in the environment. For models that updated all the time without [ serious ] visibility and understand what can change and by many of the authors on admission is just like that's just not the way that most people are going to have the trust to actually deal with security.
So to get to the core names is that we have deep expertise to understand another domain. Yes, AI does a lot. By the way, it's an accelerant for us. The cost of doing these things at scale does matter to customers, and it will matter to the customers over time. And then when you think about the autonomous response, you both need the knowledge base, but you also need to trust. And this is why I say, like, we're building active response, but it's built on a system of trust and knowledge. And that's a big deal because you do not want your active response being too smart and being too clever, because if you get the keys, where these systems can take over and actually have access to make any type of change in the environment overall. You can have very minor errors that actually calls [indiscernible] for organizations.
And again, most CEOs and frankly, most IT people know that. And so they're looking for things that actually do the mission and do it well and do it cost effectively. I know that was long-winded, again, we're adopters of the technology, but it's important to understand that we like to be constrained there too.
Our last question comes from Gray Powell with BTIG.
Okay. Great. I just want to make sure, can you hear me?
Yes.
Yes.
All right. Excellent. I think you hit on this before. But I just want to circle back on sort of the non-core products and how we should think about that trend line stabilizing over the next 12 months? So just if I'm doing math correctly, ballpark terms, I would assume that non-core is maybe a little over $150 million in ARR. Q2 guidance implies that it's down about $10 million. Is there a level where that -- where we should think about that number stabilizing? And then they are existing customers. So like why is there not an opportunity to upsell them on the platform? Is there like a conversion opportunity there?
Yes. No, thank you for the question. I think the best way to think about what we're trying to do is build out robust platforms that are attractive to our customers. And I think a couple of things. First of all, some people -- some of our customers have platform offerings, but may have also bought something stand-alone that's out there, right? That is part of the equation.
And as Corey mentioned, like it's very important that we take care of these customers and that their whole experience with Rapid7 is very important. We do think there is also an opportunity for those who may not have a platform solution that the best thing for them is to migrate on to 1 of our platforms, right? And we're looking for technologies that we can integrate in and make that platform more rich. So that's really our #1 focus around those customers.
I wanted to break that out because this trend has actually been going on behind the scenes for some period of time for the last few quarters. of where you'll see those stand-alone non-core offerings, that's actually where we've had more of the challenges on the renewal front. But what we're really calling out here is we're focused -- we're building attractive platforms with robust technology, and that creates that upgrade path for many of our customers, but it also allows us to focus on meeting the demands of the market at present.
Thank you, everyone, for joining. This concludes today's call. You may now disconnect.
Transkripte auf Deutsch freischalten
- Alle Event Transkripte auf Deutsch
- Sofortige Übersetzung
- KI-Zusammenfassungen für die wichtigsten Insights
Rapid7 Inc. — Q1 2026 Earnings Call
Rapid7 Inc. — Q1 2026 Earnings Call
Q1 2026: Rapid7 baut Plattform-Fokus mit AI‑SOC/Kenzo aus, ARR stabil bei $832M, Non‑Core‑ARR drückt Wachstum, Profitabilität verbessert.
📊 Quartal auf einen Blick
- ARR: $832 Mio.; Kernplattformen (>80% des ARR) treiben Business.
- Umsatz: $209,7 Mio. (−0,3% YoY).
- Bruttomarge: 72% (−280 Basispunkte YoY, belastet durch SOC-Personalaufbau).
- Operativ: Non‑GAAP Betriebsergebnis $24,4 Mio., bessere Performance als Guidance.
- Cash: Free Cash Flow $33,4 Mio.; Kasse + Kurzfr. Anlagen $670 Mio. und $200 Mio. ungenutzte Kreditlinie.
🎯 Was das Management sagt
- Strategie: Fokus auf vereinte Plattform (Detection & Response plus Exposure Management) mit AI‑gestütztem SOC zur Übergabe von reaktiv zu präemptivem Betrieb.
- Akquisition: Kenzo Security gekauft; soll autonome Untersuchungen und Skaleneffekte für Managed Detection and Response (MDR) bringen.
- GTM & Effizienz: Go‑to‑Market‑Restrukturierung läuft; Produkt‑ und Vertriebsfokus auf Kernlösungen, Stand‑alone‑Produkte werden de‑priorisiert.
🔭 Ausblick & Guidance
- Q2‑Guide: ARR ≈ $820 Mio.; Umsatz $207–209 Mio. (−≈2,9% YoY midpoint); Non‑GAAP EBIT $24–26 Mio.; EPS $0,33–0,36.
- FY‑Update: Umsatz $836–842 Mio. (−≈2,4% YoY midpoint); Non‑GAAP EBIT $112–118 Mio. (13,7% Margin midpoint); FCF $125–135 Mio.
- Risiko/Timing: Management erwartet Margenverbesserung in Richtung mittlere Teens, sieht aber kurzfristiges ARR‑Druck von nicht‑plattformigen Produkten.
❓ Fragen der Analysten
- Exposure Management: Analysten fragten nach Wachstum; Management nennt Stabilisierung, vermeidet aber konkrete Beschleunigungsprognose.
- Frontier‑Modelle: Diskussion über Mythos/LLMs: Chance für erhöhte Nachfrage nach Exploit‑/Reachability‑Analysen, aber Kundenunterschiede bei Reifegrad bleiben.
- Non‑Core‑Churn: Rückgang bei Stand‑alone‑Produkten trieb ARR‑Rückgang; Management erklärt Churn als Haupttreiber und betont Upgrade‑Pfad auf Plattformen.
⚡ Bottom Line
- Fazit: Rapid7 verschiebt sich klar zu einer AI‑gestützten Plattform (MDR + Exposure Command). Kurzfristig dämpft Abverkauf/Churn bei Non‑Core das ARR; mittelfristig können Kenzo‑Integration, Plattformmigrationen und Effizienzsteigerungen Margen und Wachstum wieder beschleunigen, vorausgesetzt die Migrationen und autonome SOC‑Integration laufen planmäßig.
Rapid7 Inc. — Q4 2025 Earnings Call
1. Management Discussion
Good day, everyone. My name is [ Kehlani ], and I will be your conference operator today. At this time, I would like to welcome you to the Q4 2025 Rapid7 Earnings Call. [Operator Instructions] At this time, I would like to turn the call over to Matt Wells, Vice President of Investor Relations.
Thank you, operator, and good afternoon, everyone. We appreciate you joining us. Today, we will be discussing Rapid7's Fourth Quarter and Full Year Fiscal 2025 financial results. We've distributed our earnings press release over the wire, and it can be accessed on our Investor Relations website. With me on the call today are Corey Thomas, our CEO; and Rafe Brown, our CFO.
[Operator Instructions] Before I hand the call over to Corey, I want to note that certain statements made during this conference call may be considered forward-looking under federal securities laws. Such statements are made pursuant to the safe harbor provisions of the Private Securities Litigation Reform Act of 1995 and include our outlook for the first quarter and fiscal year 2026, any assumptions for fiscal periods beyond that period and our positioning, strategy, business plan, operational [Technical Difficulty] and growth drivers.
These forward-looking statements are based on our current expectations and beliefs and information currently available to us. While we believe any forward-looking statements we make are reasonable, actual results could differ materially due to a number of risks and uncertainties, including those contained in our filings with the SEC. Reported results should not be considered indicative of future performance.
We do not undertake and expressly disclaim any obligation to update or alter our forward-looking statements, whether as a result of new information, future events or otherwise, except to the extent required by applicable law. Further information on these forward-looking statements and risk factors are included in the filings we make with the SEC, including the section titled Cautionary Language concerning Forward-Looking Statements in our earnings press release.
Additionally, over the course of this call, we'll reference non-GAAP measures to describe our performance. Please review our earnings press release and filings we make with the SEC for a rationale behind the use of non-GAAP measures and for a full reconciliation of these GAAP to non-GAAP metrics. These documents, in addition to a replay of this call will be available on Rapid7's Investor Relations website. And with that, I'd like to turn the call over to Corey.
Thank you, Matt, and welcome to everyone joining us on the call today. I'm excited to be joined by Rafe Brown, our new CFO, who joined Rapid7 in early December. Rafe will offer some initial impressions on Rapid7 and the opportunities he sees in his prepared remarks. Rapid7 exited fiscal 2025, delivering outperformance against our Q4 ARR, revenue and profitability guidance. We ended 2025 with ARR of $840 million and total revenue of $860 million, both ahead of guidance.
In the Q4, we saw sustained new deal activity for our industry-leading MDR offering and encouraging growth within our Exposure Command platform. Throughout 2025 and more specifically during the second half of the year, we made strategic investments across key product growth initiatives to strengthen our position as a leader in AI-enabled security operations. We did all of this while continuing to generate significant cash flow, exiting 2025 with $136 million of operating income and $130 million of free cash flow.
These investments enhance our security offerings with AI and machine learning capabilities, consolidate customer environments on a unified platform with our managed AISOC and enable our team to scale operations globally. Additionally, we just concluded our sales kickoff with the broader go-to-market team. It was our most impactful SKO years and a great opportunity for Chief Commercial Officer, Allan Peters, and his team to outline their priorities to reenergize the Rapid7 growth engine.
We expect to see tangible benefits of this organizational change throughout 2026 as we develop muscle memory with these new processes. Before I turn to business updates, I want to take a moment to address the broader landscape because I think context matters for how investors evaluate our business. We are operating in a period of significant disruption across the software sector, driven by a fundamental reevaluation of what AI means for software businesses. I understand why investors are asking hard questions.
The rapid advancement of agentic AI capabilities has created real uncertainty about the durability of many software business models, particularly those built around per-seat pricing, thin workflow layers or point solutions that can be replicated or disintermediated. I want to be direct. Not all software businesses are positioned equally in this environment. And cybersecurity is fundamentally different. Let me explain why we believe Rapid7 is on the right side of this divide.
The security operations market is defined by 3 characteristics that make it structurally resilient and, in many ways, a direct beneficiary of the AI transformation happening across the enterprise. First, the threat environment is accelerating, not simplifying. AI is enabling attackers to move faster at greater scale and with more sophistication than ever before. This is not a theoretical risk. It's happening right now, and it's driving an urgent reevaluation of security postures across the enterprise.
The regulatory environment is simultaneously becoming more complex and more fragmented around the world. This combination means that the need for comprehensive expert-led security operations is growing, not shrinking. Second, security operations cannot be reduced to software alone.
Unlike categories where an AI agent can trigger an API call or bypass the user interface, effective security operations require the integration of broad telemetry, proprietary intelligence, real-world expertise and yes, human judgment, particularly during incidents where the stakes are the highest. This is a market where outcomes depend on the combination of technology and deep domain expertise, not one or the other. And third, our business model is anchored on outcomes and value delivered, not seats.
Our pricing is tied to the scope of environments that we protect and the outcomes that we deliver, which positions us well as the industry evolves towards outcome-based and usage-based models. This is the lens through which I ask you to evaluate Rapid7. We're not a wrapper of a generic model. We're not a point solution. We're a platform built on the broadest proprietary security data foundation in our market, continuously enhanced AI-driven productivity and innovation and delivered through deep services and technical expertise that customers depend on to navigate an increasingly complex world.
Now turning to the evolution of our business. The cybersecurity market is changing, and that presents us with phenomenal opportunity. AI-driven attacks are escalating in both pace and sophistication, stretching security teams thinner than ever. At the same time, regulatory requirements continue to expand and fragment globally from the EU's evolving framework to new compliance mandates across Asia Pacific and the growing patchwork of U.S. state-level requirements.
This is driving a reevaluation wave across enterprise security. And the winners in this market will be the vendors that can deliver on 3 things simultaneously. First, a broad proprietary data foundation that provides complete situational awareness across the attack surface, not just what you connect natively, but the ability to integrate, normalize and contextualize data from across a customer's entire environment.
With over 500 integrations, our Command platform provides the broadest data foundation in our market, and this data advantage compounds over time as we train our AI capabilities on real-world security operations data that no competitor can replicate. Second, AI-powered productivity and innovation that continuously improves the speed and accuracy of detection, prioritization and response.
Our expert-trained Agentic AI workflows are built on years of SOC expertise, trained in live playbooks and redefined through real-world analyst feedback. These are not generic models. They are purpose-built engines that improve outcomes in real time. And critically, we view AI innovation as a continuous engine, not a one-time product release. We're accelerating our pace of AI development and expect this to be a sustained differentiator.
And last, deep services and human expertise that help customers navigate complexity that software alone cannot address. With a decade of experience managing our own 24/7 global SOC and that of our customers, we have built an expertise layer that is essential, not optional for effective security operations. As attacks grow more sophisticated and regulations grow more complex, this expertise becomes even more valuable, not less. Our managed services don't just monitor.
The investigate, respond and remediate with the context and judgment that only experienced security professionals can provide. The convergence of these 3 elements: data, AI and expertise is what defines the durable security operations platform of the future, and this is precisely what we're building. The framework guiding our investment and innovation is underpinned by a shift from reactive to proactive security postures, combined with outcome-driven service offerings.
We are working to introduce more AI capabilities into our MDR and exposure offerings and evolving our platform to help customers get ahead of threats rather than simply respond. And throughout 2025 and particularly during the second half of the year, we made strategic investments across key product growth initiatives to accelerate our transformation into a leader in AI-enabled security operations, one that enables customers and organizations to take a preemptive posture towards security operations.
These investments augment our existing security offerings with AI and machine learning enhancements, consolidate customer security environments under a common UI and our leading managed AISOC and position our team to drive scale across our global footprint. In detection and response, we have a significant opportunity to continue leading with our MDR offering.
We made strategic investments to evolve, enhance and scale our solutions while building on our expertise as one of the only providers in the market with a decade of experience managing our own SOC. In 2025, we expanded our MDR coverage to enable management of third-party alerts in a vendor-agnostic fashion. We streamlined analyst workflows with our AISOC for MDR and Incident Command, and we started to expand our addressable market to larger enterprises by leveraging our AI-powered services.
We're also continuing to build on our partnership with Microsoft. Just last month, we launched closer integrations such as MDR for Microsoft that provides 24/7 expert monitoring and native response across the entire Microsoft Defender suite. This collaboration also extends to exposure management by unifying Microsoft telemetry with Rapid7's Command platform to proactively identify and close security gaps before they can be exploited.
In exposure management, our evolution is anchored around up leveling our Exposure Command platform with AI tools, native telemetry and open data integration, curated intelligence and automation to deliver a unified system for risk remediation. Differentiating features such as AI-generated vulnerability scoring and active risk scoring combine technical severity with real-world threat intelligence, enabling security teams to begin patching zero-day threats before competitors who typically wait for official industry scores.
Attack path analysis visualizes primary attack vectors and allows security teams to focus on patching critical vectors rather than low-risk issues. And our remediation hub provides a single destination for remediation across both exposure management and detection response, reducing mean time to detect, respond and remediate. When we combine our leading detection response and exposure management solutions with outcome-driven AI-enhanced service offerings, we address the core issues customers are facing in the market today.
And when we do this, we're playing offense. In this quarter alone, a leading offshore drilling company reselected Rapid7 as their SIEM provider of choice. After being unable to achieve business outcomes promised by a competitor, this return customer saw real benefits from the investments that we've made in our products over the last few years. Our ability to effectively deploy, coupled with the service level capabilities such as MTC and Vector Command made this 6-figure competitive win back stand out.
One of the largest sovereign tribal governments in the country became a Rapid7 customer after a competitive deal cycle and displacement in which we showcased the benefits of consolidation and the integration into our MTC offering. This high-6-figure deal underscores the unique value proposition we can offer, delivering service outcomes on top of leading technologies. A strategic MSSP provider selected Rapid7 as they continue to expand within the state, local and education vertical.
Our detection response solution provided the features and confidence they needed to deliver outcomes for their clients. We are consolidating a mix of competitive solutions and in-house monitoring onto the Rapid7 platform. These wins share a common thread. Customers are choosing Rapid7, not just for the technology, but for the combination of technology, data breadth and expert-led services that deliver measurable security outcomes. This is our differentiation and it's durable.
Turning to our go-to-market priorities. We're focused on operationalizing our strengths to accelerate growth. We just concluded our sales kickoff with the broader go-to-market leadership team, and it was our most impactful in years. Allan, having completed his leadership team build-out has crystallized his vision of a unified market approach across global sales, marketing, partners, customer success, and sales operations.
With new leaders and plans in place, the team is executing a more focused sales motion with tighter alignment between marketing and sales to improve demand quality and conversion and a refined customer success strategy designed to improve retention. Refreshed incentive structures are better aligned to drive net-new growth, renewals and cross-sell. These initiatives are still early-stage, and our growth flywheel will take time to build momentum.
However, the groundwork is in place to improve execution and drive sustained performance across product, marketing and go-to-market and become a share taker over the medium term. In detection and response, ARR growth of 7% was driven by MDR ARR growth in the high-single digits. As we drive product transformation to deliver increased value through our AI-enhanced SOC, we are positioning to take share as the MDR market evolves.
We believe this market has significant runway and the combination of AI-driven efficiency with deep human expertise creates a compelling and defensible offering that is difficult to replicate. In exposure management, we're focused on simplifying the migration of our core vulnerability management base to our Exposure Command platform.
By removing friction from the upgrade engine, we are helping our core VM customers migrate to a unified AI-powered view of the attack surface, a move that replaces fragmented tools with integrated contextualized risk visibility. I want to spend a moment on how we're thinking about growth because this is where the AI transformation of our industry creates real opportunity for Rapid7, and I want to be transparent about the work underway.
We're actively pursuing 3 parallel initiatives that we believe will drive both near-term efficiency and medium-term growth acceleration. First, we're shifting significant portions of our operational services work to our AI layer and redeploying our expert talents towards higher-value customer engagement. Today, many of the repetitive pattern-based tasks within our SOC operations, alert triage, initial investigations and enrichment are being systematically transitioned to our agentic AI workflows.
This is not about reducing our commitment to service. It's about freeing our experienced security professionals to focus on what they do best, helping customers navigate an increasingly complex threat and regulatory environment, providing strategic guidance during incidents and delivering the kind of expert judgment that no AI model can replace. The result is better outcomes for customers, improved unit economics for Rapid7 and a services model that scales more efficiently as we grow.
Second, we're strategically redefining our portfolio of solutions. By proactively integrating advanced AI models into our core offerings, we're ensuring our solutions remain at the cutting edge of efficiency and performance. Rather than maintaining the status quo, we're choosing to prioritize innovation over legacy, making the deliberate decision to shift resources towards high-growth, future-ready product areas.
We believe this is the right trade-off, accepting near-term headwinds in parts of the portfolio that face structural pressure while concentrating our investment and energy on the areas where we have a clear differentiation and durable growth potential. Third and most importantly, our core growth engine is the extension of our AI-enhanced services layer. This is where we see the most durable opportunity.
Customers need a partner who can bridge the gap between the rapid pace of technology change and the operational reality of securing complex distributed environments under growing regulatory pressure. Our ability to deliver AI-driven efficiency alongside expert-led services integrated on a single platform with the broadest proprietary data foundation in the market is what sets us apart and what we believe will drive share gains over the medium term.
At the core, our growth will come from extending this AI services layer, delivering AI to help our customers keep pace with technology changes, paired with the expertise to navigate a complex and rapidly evolving security landscape. Our anticipation is that the investments we made last year will begin to yield dividends in our AI orientation this year.
But just as importantly, we're fundamentally transforming and upgrading our engagement models this year to ensure that both our business and our customers are resilient in the face of regulatory and the threat environment we face today. In closing, I want to leave you with this perspective.
The increasing pace and sophistication of attacks is driving a meaningful shift in how security budgets are allocated. Customers are looking for vendors who can deliver measurable business outcomes, not just technology, but a combination of data, AI innovation and expert services that actually make their organizations more secure. We believe this plays directly into Rapid7's strengths.
Our business is built on proprietary data that becomes more valuable as we scale AI capabilities that continuously improve through real-world operations and a services layer that builds lasting trust and partnerships with security teams. This combination, data, AI and expertise is the foundation of a durable cybersecurity business and is what differentiates us in a market that is increasingly skeptical of software-only approaches.
Rapid7 is investing across our platform to deliver security operations that give customers the ability to stay ahead of attackers. Our long-term strategy of integrating exposure management with detection and response is proven to be where the market is heading. Our Command platform data mesh integrates more complete security data, including third-party sources into our AI engine for true scale and efficacy.
And our services layer allows us to build lasting trust and partnerships with security teams, supporting them where they need us most. We are confident in this strategy. We're moving with urgency, evidenced by our recent leadership additions and organizational changes to improve our execution and capitalize on the significant opportunity in front of us. I look forward to sharing incremental progress throughout the year. I'd now like to pass the call to Rafe to discuss our financial results and guidance in more detail.
Thank you, Corey, and good afternoon, everyone. As a quick reminder, unless otherwise noted, all numbers, except revenue and balance sheet items mentioned during my remarks today are non-GAAP. I want to begin by sharing how happy I am to have joined Rapid7. This is a great company, doing incredible work to protect its customers around the world. And moreover, I believe there is tremendous opportunity to build shareholder value in the coming years.
In this fourth quarter earnings call, I'm pleased to report that we exceeded our guidance across revenue, annual recurring revenue, ARR, and operating income. For the quarter, we generated total revenue of $217.4 million, growing 0.5% year-over-year. This brings us to a total of $859.8 million of revenue for the full year 2025, growing 1.9% year-over-year. For the quarter, we recorded product revenue of $209.1 million, growing at 1.4% on a year-over-year basis.
Professional services revenue for the quarter totaled $8.2 million compared to $9.9 million in the fourth quarter of 2024. Our year-over-year results reflect an intended shift in our operating model toward greater utilization of our partners for professional service delivery, allowing Rapid7 to remain focused on its core offerings. Our ending ARR of $839.9 million was approximately flat year-over-year as the business digests a mix shift towards our faster-growing detection and response business, which currently constitutes just over 50% of our ending ARR.
On a year-on-year ARR basis, our D&R business grew at approximately 7% in total with the MD&R portion of the business growing in the high-single digits. We continue to believe that the managed detection and response market is a significant opportunity for us, and we are focused on unlocking the value in this market with our AI-enabled approach to preemptive security.
Within our exposure management business, there are encouraging signs that our investments in modernizing and upgrading our offerings are taking hold. For example, our Exposure Command offering saw rapid adoption in Q4 by both new and existing customers. Turning now to profitability. Our Q4 non-GAAP operating income of $30.1 million or a margin of 13.9% was incrementally ahead of expectations.
The sequential downtick in margin reflects the continued ramp of 2025 investments discussed in prior earnings calls across our global capacity center in India, our go-to-market teams, product teams and new organizational leadership. It is worth noting that we will carry this higher Q4 expense base into 2026. However, as the investments take hold and the efficiencies they bring materialize, we expect operating margins to expand as 2026 progresses.
I will provide more context in the moment when we discuss our 2026 guidance. For the fourth quarter, we posted non-GAAP earnings of $0.44 per diluted share at the high end of our guidance range. For the full year, we delivered non-GAAP operating income of $135.7 million or an operating margin of 15.8% and drove non-GAAP earnings of $2.08 per diluted share. Our fourth quarter free cash flow was $32.3 million, bringing us to a total of $130 million of free cash flow for the full year 2025.
We finished the year with over 11,500 customers with an average ARR per customer of approximately $72,000. From a balance sheet perspective, we ended 2025 with over $659 million in cash, cash equivalents and government securities. In addition to these resources, we have a $200 million undrawn revolver in place.
Thus, our balance sheet position, strong free cash flow from operations and available undrawn credit capacity gives us confidence in our ability to settle our March of 2027 convertible debt upon maturity. Before we turn to our 2026 guidance, I would like to share some initial observations. It has been an energizing first 2 months with Rapid7. The security market is in the midst of a dramatic change.
Likewise, Corey and the leadership team are focused on taking Rapid7 to new levels, ensuring we meet our customers' increasing demands for excellence as we protect their businesses from an ever more dangerous threat environment. As such, Rapid7 is well positioned to take advantage of a growing market opportunity. Within the company, there are a number of areas where we must continue to improve, both in terms of focus and execution.
In addition to the go-to-market efforts Allan is spearheading and which Corey discussed, we have the opportunity to improve our focus across our portfolio of offerings and in particular, to prioritize investments in the products and revenue streams that are core to our future.
In my role as CFO, I'm focused on the following key objectives: improving financial forecasting, driving measurement and accountability across the organization, focusing and shifting our resources to align with our core products and growth strategy, expanding non-GAAP operating margins as we move across 2026 and into 2027 and focusing on free cash flow as a core operating metric across the organization.
As we turn to guidance, I would like to begin by sharing that we have been refining our financial projection models over my first few weeks with the company. Our philosophy for providing guidance works to ensure transparency with investors while setting realistic meetable expectations for company performance. I would like to note that while we continue to provide full year revenue guidance for 2026, we have decided at this time to not give full year ARR guidance.
While we have a clear view of current trends across our business, we have several new leaders in place, and we are implementing key improvement initiatives across sales, marketing and our customer success and support organizations. As such, we believe visibility into ARR is best reflected on a quarterly basis at this time. This brings us to our first quarter 2026 guidance. In the first quarter, we expect ARR of approximately $830 million or down 1% on a year-over-year basis.
While we are optimistic about the leadership changes and strategy that have been implemented in our go-to-market organization, we do not anticipate the benefits of these changes will impact Q1. The total first quarter revenue is expected in the range of $207 million to $209 million or down 1% year-over-year at the midpoint. We expect non-GAAP first quarter operating income in the range of $19 million to $21 million or non-GAAP operating margin of 9.6% at the midpoint.
As previously mentioned, margins in Q1 will be pressured by higher expense envelope entering the year in addition to seasonal expenses such as our global sales kickoff. Non-GAAP earnings per share is expected in the range of $0.29 to $0.32 per share on approximately 77 million fully diluted shares. Turning to full year 2026 guidance. In fiscal '26, we expect total revenue in the range of $835 million to $843 million or a decline of 2% year-on-year at the midpoint.
Non-GAAP operating income is expected to be in the range of $108 million to $116 million or a non-GAAP operating income margin of 13.3% at the midpoint. As stated earlier, we made a number of investments during the second half of 2025. As we move into the second half of '26, we expect these investments will yield improvements in the efficiency and operation of our business, moving our non-GAAP operating margins into the mid-teens.
Non-GAAP earnings per share is expected in the range of $1.50 to $1.60 per share on approximately 78 million fully diluted shares. Free cash flow for the year is expected in the range of $125 million to $135 million, flat with prior-year performance at the midpoint and a margin of approximately 15.5%.
As a reminder, the company is focused on free cash flow as a core KPI in 2026. Please refer to our earnings release and SEC filings for any additional details regarding the presentation of our results and guidance metrics. And with that, I'd like to turn it over to the operator for Q&A.
[Operator Instructions] Your first question comes from the line of Meta Marshall with Morgan Stanley.
2. Question Answer
Great. I appreciate the question. I guess just in terms of some of the changes that you were mentioning in terms of tighter marketing and sales, refined customer success, refreshed incentives. Just how would you measure or kind of expect where some of those changes should be seen first? And kind of what milestones are you holding yourselves to see evidence of those changes?
Yes, great question. Look, I think there's a number of different areas. But I think one of them, we're looking at sort of increased sales and marketing productivity and efficacy. We think we can actually grow faster while doing it more efficiently. That's a clear-cut one that actually stands out, and we think that's pretty opportunity. And that aligns across, frankly, product and marketing and the go-to-market teams and the overall engagement.
Specifically, when you think about the customer side of the house, look, one of the bigger opportunities we have is customers are frankly looking for more services, more customization, more depth, not less. And so scaling that leveraging both technology but also people and the expertise is a big focus area for us so that we're actually able to do more work at greater levels for our customers while still, frankly, maintaining or improving our gross margin profile.
That's one of our bigger pieces of investment and focus we've had over the last year. Customers have not been looking for less services, less engagement. They've been looking for partners who can do more with less, and that requires both technology and some of the people, talent and expertise.
Your next question comes from the line of Jonathan Ho with William Blair.
Okay. Perfect. So I just wanted to understand in terms of the segments of the market that you're prioritizing, can you talk a little bit about what you see as sort of the core growth businesses going forward? And what are some of the changes or areas of focus that you can implement to sort of drive that acceleration?
Yes. Look, I think our biggest growth area is still going to be detection response, which is still growing. We think it has capacity to grow faster. That said, as you think about like our core addressable market is that midsize or mainstream enterprise. Think about like employees from -- organizations have employees from 1,000 to 20,000 employees. For there, we're focused heavily on making sure we can provide the depth and quality of the service experience.
We think we're only addressing part of the total addressable market there. So our big focus right now is unlocking the full addressable market. Now that said, lots of the competitors we have are especially a private are actually doing at lower total gross margins, and we're very focused on delivering quality service and quality experience at the right gross margin profile. So that's the first one is that detection and response market, which does include AI services.
But exposure management is an important part of the puzzle there. And so I would just say that's another core focus area. We do think about that being an integrated part of the stack, not a stand-alone focus. And so if you think about where our focus is, it's about how do we actually bring together security operations that bring together exposure management and detection response.
So we think about that flowing into a single integrated offering. Some of the things that we're less focused on are some of the legacy on-prem, which -- much of which has been upgraded to our Command platform, but we're still working through the upgrade of those technologies and capabilities to the Command platform.
When you look at the core market that we're focusing on, it's that mainstream enterprise that is, frankly, our historical base. We have, I would just say, moved slightly out of that over time. And I think one of the things that Allan and the team are bringing back in is a tight focus on our core customer and our core customer profile, which we think is a good thing for both acceleration and win rates.
Got it. And then just -- yes. Just as a quick follow-up. So when we take a look at your decision to not offer the full year ARR guidance, can you maybe walk through the rationale for that? And what maybe has to happen for that visibility for you to be comfortable to bring that back?
Yes, thanks, Jonathan. As my prepared remarks mentioned, first and foremost, we thought it's really important to put out guidance that is meetable and clear to align everyone. And so that's why we have confidence in the near-term ARR guidance. For the longer term, we felt that revenue was the best metric for the current time. And this is largely because of all of these changes that are underway in our business across whether it's the sales organization, marketing, customer success and support.
And so the total of all of those factors coming together that led us to this decision. There's a number of us that are new, including myself in the organization. As we see the trends establishing themselves as we see these investments begin to bear fruit, we will reconsider given full year ARR at that time.
Yes. I would just say we -- look, this is not a moment where we can be slow. And so we decided that we had to actually move fast, but what we didn't want to do was attempt to be overly precise when we actually have a new team that's actually coming in driving execution fast. We're holding ourselves accountable for driving improvement, both in growth and in cost structure as we go across the year.
The cost structure is a little bit easier to focus on, especially when you look at free cash flow. I would just say the growth piece of it that because of the last couple of years, we were just really focused on actually just starting out with where we have clarity. And then as we actually show the improvements, we'll update you, of course. And then as the new folks that are on board get situated in place, my expectation is we'll be able to continue to provide commentary and visibility.
Next question comes from Rob Owens with Piper Sandler.
I guess I'll pick on the guide a little bit, too, and I can appreciate that there's a tremendous amount of uncertainty, both with the changes that are going on within Rapid7 that you talked about, Corey, but also just where the market is. But the Q1 ARR guide does lend to significantly more churn, I think, than you've probably been seeing. And so I would just love a time frame.
And I realize it's hard to commit to an ARR number given all the moving parts right now. But when would you hope that some of these investments that you've put in place will start to bear fruit and you can see some stabilization in that number? And I know that historically, you do see some seasonal weakness here in the first quarter, but obviously, you're giving us accelerated churn in the numbers here. So I appreciate the thoughts.
No, it's a very fair question. Look, I think part of what you see, I think you're referring to both the net ARR, which sort of indicates that churn is growing faster than the new. What you see there is that, look, we clearly -- if you look at D&R, it is a positive contributor in the environment. We need that to grow faster, frankly. There are some aspects of the business that we've broken down before in the other category that are negative. We've had pressure on parts of the traditional VM business.
We need the D&R business to grow faster. The biggest thing that we're actually doing on that is we're actually focused on the growth being in line with our gross margin expectations, and we're taking a fairly disciplined approach to that, which means that we have to be gated somewhat still, even though we're starting to take in and increase our addressable part of our TAM. We are unlocking that now.
So we started unlocking that late last year. And we expect that to improve over the course of the year and for that to actually flatten out. The exposure management piece, we are in the middle of upgrade cycle. What I would just say is we saw good unit trends existing in Q4. We were very slow last year overall, but we did not want to straight-line some improvement that we saw in Q4 throughout the whole year.
But I would just say we have positive indicators there. So to answer your question, Rob, is D&R, we actually have pretty strong confidence that you'll see that continue to improve over the course of the year. So we'll have a good midyear check-in on the D&R side, where we'll provide commentary and discussion about what's happening overall there. The exposure piece was definitely slower last year.
It did improve in Q4. Just to be clear, I think that was in some of the early comments, but it's not where we want it to be. And so again, there, we don't want to actually straight line some of the early improvements that we saw in Q4. I hope that helps with a little bit of how we're thinking about how we're looking at. It is very fair question.
No, that does. I appreciate the color. And obviously, given the software Armageddon or whatever we want to call it that we've seen recently, I appreciate your comments earlier around the defensibility of cyber and the domain expertise and couldn't agree more. But that being said, I'm curious, where are conversations with customers right now relative to AI, the potential threat of AI? And what are they asking of Rapid7, if anything?
Yes. I mean look, that's the one that's actually clears, and this is where this is also the time where on one hand, you never love as you're seeing some of the growth things that we have for last year for us to make an investment. That said, in retrospect, I feel great about the investment because we are moving on the AI. The #1 thing that customers are asking for us is they want us to do more to help them do more with less. Like we think about AI crowding out budgets, but it's also crowding out staff.
And as customers are dealing with increasingly complex environments, they're absolutely demanding that their providers be able to tackle more and to do more with less. So that's why I say that they're looking for us to actually leverage AI. Now there's a lot of customers that want to actually -- they want transparency in the AI. So part of the -- what we're working with our team on is not just solving the problem, but it's showing you work on how you solve the problem because security folks are skeptical.
And so we're not mission complete until we actually both deliver the AI velocity that customers want, but that we actually do it in a way that's trusted. So that's one thing that customers want. But then they actually want you to actually do more. So we have lots of customers that are looking for us to actually take on more of their operational workloads. And frankly, we can't quite address all of that right now.
That's why we are upgrading and investing in sort of like getting richer, deeper expertise even as we sort of like deliver more AI solutions to take on part of the work that actually some of our people used to do. Customers want to scale their security operations. And it's not just their technology buckets that they're trying to figure out how to get the most out of. They also for their teams are being asked to do more with less.
The next question comes from the line of Brian Essex with JPMorgan. The next question comes from Joseph Gallo with Jefferies.
This is Grant Darling on for Joe Gallo. I wanted to ask first just about outside of AI customer consolidation trends, how are those impacting your win rates and deal sizes? And then in conversations with customers, what is most important for you to be a beneficiary of this trend?
Yes. It's a great question. It's interesting. So we are benefiting from it. I would just say we do have to actually improve the delivery of how we actually simplify that for customers. And so we see this as an area -- it's our biggest area of winning. It's also one that we actually have some improvement to go. I think one of Allan's big focus areas is to simplify the proposition, the storytelling and the packaging about how we actually deliver the consolidation story.
Rapid7 has traditionally been -- because we're a security company, we tend to believe in not overpromising. And so we tend to underpromise, overdeliver, which isn't always the greatest thing in a hypercompetitive sales cycle. And so part of that is how we actually tell the story. The thing that we're focused on the more substantive level, though, when it comes to consolidation is how do we actually be the best at actually integrating into the rest of people's technology and security stacks.
Look, if you look today, we're able to essentially integrate the 4 biggest parts of security operations in, which is a big deal. People are asking us also to actually take on even more of that work. And we're doing that increasingly through partnerships. So we announced not just a partnership with Microsoft, we announced a partnership with another company that extended some of our capabilities.
And you'll see several more of these key partnerships coming up a little bit later this year as a key part of our strategy. That allows us to stay tight on our R&D-focused budget, which is -- and sometimes in the past, we would have just actually spun up teams to do that. So it allows us to stay focused, but it also allows us to apply best-of-breed technology, deeply integrated within our security stack to get more of that share of wallet for the consolidation budget, and that's a big focus that we have as we move through the year.
That said is that we are not assuming in our initial guidance that Rafe gave, any material improvement there. I would say we are managing to that with the strategy of both expanding our addressable market in exposure and D&R and managed services that go along with it. And we're quite aggressively investing in embedded partnerships that deliver the consolidation experience and budget that folks are looking for.
Got it. That's very helpful. And then maybe going back to MDR, like when does that get big enough to drive growth acceleration? And maybe how do we think about that dynamic there?
So I think it's pretty close. It's actually -- it is actually big enough. We need to be ungated in our ability to actually go sell it and drive it. I do think we crossed that threshold this year. To be clear, we run one of the most profitable, highest quality MDR businesses. But that does mean that we are pretty clear about what we do and don't do. And we are actually increasingly unlocking that business. That does require technology that does require AI and requires us to shift where the services go.
But I think that we're on track this year to be able to unlock that, and then that really compensates for the growth. I think this is part of why Rafe was commenting earlier is that, look, we don't want to be over precise in predicting timing of all right, we're unlocking it this year, then how fast can -- as we unlock that, can we actually take that to market, tell the story in a noisy market. That's where we are actually just being very direct and open with you. But we do see us unlocking that this year, which we think the profile improves over the course of the year.
The next question comes from the line of Adam Tindle with Raymond James.
Okay. I just wanted to kind of circle back to Rob's line of questioning and just double-click on what's driving the ARR decline in Q1 based on guidance. It's just a little bit more meaningful in the past, down $10 million or so on net new ARR. And I wouldn't think Q1 is necessarily a big renewal quarter, so I was confused at the churn comments. Just maybe double-click on why that is happening in Q1.
And then if you could tie in the color on investments and strategy to potentially reverse this decline in net new ARR. For example, if it's a churn issue that you're seeing, are you creating -- or investing in a retention team? Just a little bit more, Corey, some qualitative comments on the strategy as well.
Yes. No, so one, Rob, wants one that framed it as a churn thing. But to be clear, I do think that the -- if you look at the biggest driver, D&R is growing, but it's not enough to compensate for the negative -- for the rest, for the other parts of the business that are growing. But I will answer your churn questions, too, about what we see around churn is we see -- if you think about D&R and you think about exposure, exposure was stable last year, so it was in line with expectations. We think it can be better.
We have a number of major releases coming out that make it easier to do the VM, the vulnerability management to exposure upgrade. And so we think we have upside there. But again, it was slower last year. And so we're not baking that into the core assumptions and outlook. And it's not -- that's not a Q1 thing either. And so that is something that we're actually looking at in the middle of the year, but we actually have good visibility there.
And the D&R one, we're actually doing great in D&R. I would just say that for customers to say, we love what you're doing, we need you to do more, and we want more services, or we want more customizations. We're not set up right now to fully unlock that right now. And so that does cause more complex customers to come out in the near term. That one, we have a lot more confidence and clarity and visibility in because we've been specifically retooling around that.
And that we actually think improves both on the addressable market TAM side, but our ability to say yes to customers as we go forward. So again, the biggest driver is D&R growth isn't enough to compensate for the other. But I also want to make sure I explicitly address your questions on churn dynamics. Does that get to your core questions?
Yes, that's helpful. Maybe just a follow-up for Rafe. I was curious in looking at the guidance here. You do have that improving EBIT margin. I know you talked about, but in dollars, it's also improving $20 million or so in Q1 and EBIT dollars has to go to 30-ish to hit the annual guide on EBIT.
And I'm noticing that revenue growth is not accelerating. So it's not necessarily an operating leverage dynamic going on here. Maybe just what's driving the improvement in EBIT? I know you talked about investments. I wonder if maybe there's also some cost-cutting restructuring or something that drives that trend of EBIT dollar improvement on revenue declines.
Yes. Thank you. As we move across the year, part of where we're at is we have been investing throughout 2025. Of course, that run rate comes into the early parts of the year. But those investments start to bear fruit, right? Some of the things that I called out in my prepared remarks, our investments that help us build efficiency, whether it's investments into the product, investments into the India team, it gives us greater capacity as we move through the year, and that bears some fruit for us that will help us build those margins as the year goes on.
Your next question comes from the line of Shrenik Kothari with R.W. Baird.
This is Zach Schneider on for Shrenik. So I just wanted to follow up to some previous questions. If you could just help us understand, where are we really in the monetization curve for Exposure Command and Incident Command and maybe which upsell, levers offer the highest probability of lifting net retention meaningfully maybe without relying on broad pricing increases over the next 12 months?
Yes, I'll hit both of them in. So one, Incident Command is relatively easy. We haven't -- we launched initially Incident Command last year. I will say the primary focus initially was on the AI managed services around it and to support some of the customer demand again because we have not addressed the full addressable market there. So I would just say, listen, we're in the first inning of Incident Command. And frankly, it's not even a big priority right now for our sales team.
It will be a later priority as we actually go through the year. But we actually think there's plenty of upside there, especially with what's happening in the SIEM market. So it's something we're prepping for and looking at. There's a couple of things that we want to do to make it branded, easy and simple for folks to do. And so we expect to actually do that. But I think we're in a good position, but that's not a core focus. I would just say first inning, but it's something that we're looking at.
And I think that upgrade does not require a lot of complexity in terms of pricing there. On Exposure Command, I would just say, listen, that was a big disappointment last year because we did not really sort of like get that going to Q4. That said, in Q4, we actually saw a unit uptick of starting to get the upgrade motions. And if that continues and even in Q1, we're starting to see a little bit of a continuation of that, then we feel quite good about what that means for both growth of expansion and what that means for retention over the course of the year as that goes along.
But this is a classic one where we missed the timing last year. And so that's why we're not baking that into the -- it's not in the core Q1 assumption. It's not there. But I do think that, that is one that I feel like we're in the -- I would just say, fourth or fifth inning, I had to keep using baseball analogies. But we're further along. We see it. We know it. We've gotten good feedback there. We just want to see the uptick. I do think more of this is operational, and so I feel more confident that we'll continue to see it, and we've already seen some of the initial progress there.
Your next question comes from the line of Kingsley Crane with Canaccord Genuity.
Entering last year, I think we felt like we had a stronger pipeline at the beginning of the year than fiscal '24. Of course, this has been somewhat of a challenging year. In retrospect, I mean, was the quality of the pipeline lower than original valuations? Just how do you feel about that evaluation methodology and just the quality of the pipeline heading into '26?
Yes. I mean, look, I think, clearly, if you look last year, our assumptions on deal cycles, especially in the pipeline, were off significantly, which is why we've actually revised how we look at things, how we think about things as we actually come into this year. I meant to use the word conservative, but I would just say we have a much more thoughtful approach around the learnings from last year and how they apply coming into this year.
The way that I would frame last year's pipeline is that on the D&R side, we actually built a backlog of larger deals faster than we could actually consume them and deliver them and execute them in the market. And I think that's fine, but it represents customer demand. And so we have a lot of urgency on responding to that sort of like customer demand that we actually see there. And I do think that this year will match up the demand and supply of capabilities to actually do the more customized accounts.
I think it's the right thing to be gated on that. But to be clear is I do think that will be more matched and in line this year. Look, we also just need lots more transactions than singles and doubles with the other corollary. So one of the big things that Allan is focused on is not just doing the big deals, but also getting -- again, I hate to keep using baseball analogy, singles and doubles. But that matters hugely. Now again, this is one of the things that kind of worked well coming out of last year.
We did start to see that mentalities of the singles and doubles starting to hit. We need to see that systematized across a few quarters. But if you look at the recipe for growth acceleration, which is what we all want, is it is the singles and doubles. Think about that as the mid-market AI MDR, it's Incident Command, it's the Exposure Command, which includes the upgrades of those, which we have plenty of capacity and room for.
It is continuing to deliver the pipeline, but then actually being able to convert and service I would just say the larger deals, when I say larger deals, those are the customers that are with somewhere between 5,000 and 20,000 employees, which is sort of in our core sweet spot and unlocking that. And I think that, that is a big focus area. Those are the things that actually unlock growth as we come in.
When we look at how we're actually looking at the pipeline and the planning assumptions this year is, one, look, we're factoring in that we need a multiple of the coverage ratios that we actually did last year. So we actually are taking the learnings from last year and applying them into this year as we actually think about the pipeline overall.
And certainly, as we actually think about sort of how does that relate to guidance. But again, there's a couple of tailwinds that I would just say in our team's ability to go get the singles and doubles, which should improve things over the course of the year. But we want to see that evidence done, and then we'll actually communicate that, and we'll give you updated guidance.
That is really helpful, Corey, and I do appreciate the baseball analogies. Maybe one for Rafe. How are you thinking about the net debt balance moving forward? And then just a general philosophy around cash balance uses of cash as you wrap your hands around the business?
Yes. Thank you. Well, first, we've been very, very focused, as I touched on in my prepared remarks, about making sure we're in a strong position for that maturity that comes in March of 2027. On our balance sheet, a lot of our investments are still classified as long term, but all of those treasuries, government securities mature before the bond does.
So what we anticipate as next quarter, the bond maturity moves from noncurrent to current, so too will the investments and really just lay out for everybody. First and foremost, we're in a very strong position to be able to take care of that debt maturity with the cash and the investments we have on hand. I think beyond that, we're looking to make certain we have the liquidity to obviously fund the business, make sure we've got good headroom there.
But also, we need to be liquid enough to take advantage of any opportunities that come up through the course of the year. So very much evaluating that now and continuing to have discussions around that. But first and foremost, we want to share with everybody our strong position to take care of the debt maturity, take that off the table for everyone, and then we'll go forward from there.
Your next question comes from the line of Mike Cikos with Needham. And it looks like we're not getting a response from Mike. So we'll go next to Rudy Kessinger.
Kind of back to Adam's question and some other questions on just the ramp in op income. I guess on gross margin, it was down sequentially in Q4. Should that tick lower for the full year here? And again, just if I'm modeling it right, you assume a gradual ramp in that op income, I've got to take OpEx down by like $10 million a quarter by Q4. So do we have that right? And you're saying it's driven by efficiencies, but are you guys planning to cut hedge or anything? Or how do you get to that level of improvement on the operating income side?
So I think, first and foremost, remember that we did touch on Q1 is inherently has some extra expenses that just hit Q1, right? Not only do you have the usual stuff like all the tax rates resetting and that always hit Q1, but also sales kickoff falls in Q1. And we -- as Corey called out, we got the whole team together. We really had a great chance to get together with the new leadership and really set that strategy for the year. So that is one unique aspect that obviously shows up in our Q1 guidance.
Across the board, these investments that we're making, the gradual shift in MD&R does come with little bit lower margins. We still think they're very good margins. We've talked about in the past, maintaining those margins in the low 70s. We feel good about that. But as that mix shift continues, it does pressure cost of goods sold a little bit. But again, these investments around AI, investments in across the business and all the different changes we've called out, I think that will bring efficiency as we move through the year.
Yes. I mean, keep in mind, I think -- I do want to reflect on one thing, I think it's a core part of it is that, one, Rafe is completely right about the managed -- the MDR that customers are looking for. Just to be clear, it's a big demand driver. Also, you can see why because of the gross margin profile, why we have to do it in a technology-oriented way. And so that's the first thing.
The second thing I'd remind you is that this was planned for last year. What we committed to you all last year was that we were going to make an investment, but we were planning out the investment such that the benefits of it would sort of like peak at the end of the year but then come down. I would say we're completely aligned with the plan.
So yes, I think that you're right on the profile of how it flows, but this profile and this investment structure was planned out last year, and we are on the plan. And so it's not a major derivation of the plan. Now again, Q1 is probably not the right baseline to think about the Q1 expenses. But the efficiency gains that we have were planned out as we actually went through the increased investment last year.
The next question comes from the line of Trevor Rambo with BTIG.
This is Trevor on for Gray Powell. Just one quick one for me. You touched on it a bit earlier, but can you just talk more to the mix of enterprise versus mid-market deals you saw in the quarter and how that compared to Q3? And then where are you seeing the most traction between these deals heading into 2026 and then the mix there? Any color there would be helpful as well.
In pipeline, I don't have the specific numbers off hand right now. But in pipeline over the course of the year, we saw, I would just say, a pretty significant shift towards larger ASP deals in pipeline, which is, frankly, again, a little bit ahead of our capacity to deliver on all of those. And so that ended up being a pressure, which is why I say, listen, we have to have the singles and doubles of mix in there. I do think it will be more balanced this year. Now I can't comment about where the current pipeline sits.
I just look about have the enterprise. And it's not really enterprise versus mid-market. It's more the deal size and complexity and customization that really that drives it more than anything else. I am expecting, based on conversations with Allan and the go-to-customer team and the go-to-market team, that we'll see a more balanced mix this year coming in. We'll still get a reasonable share of the larger deals, but we are planning for it to be a more balanced mix. We think that was one of the things that we just did not quite nail the execution on last year.
And so we do want to be more balanced even as we actually continue to now convert some of those larger deals. Just to be clear, that is the goal, that is the focus on both our customer orgs for our existing customers that are asking for more and for new business. Lots of customers are looking to upgrade their capabilities and get partners on how they actually scale their security operations. But we can say yes to more of those, but we do want more of the singles and doubles, so to speak. And so I do think the mix is going to shift to be more balanced this year.
There are no more questions at this time. I would now like to turn the call over to Corey Thomas for closing remarks.
All right. Well, thank you so much for joining us on the call today. And I really do appreciate the folks that are actually on the journey with us. Rafe and I look forward to updating you all on the next call. Thanks.
Transkripte auf Deutsch freischalten
- Alle Event Transkripte auf Deutsch
- Sofortige Übersetzung
- KI-Zusammenfassungen für die wichtigsten Insights
Rapid7 Inc. — Q4 2025 Earnings Call
Rapid7 Inc. — Q4 2025 Earnings Call
📊 Quartal auf einen Blick
- Umsatz Q4: $217,4M (±0,5% YoY); Umsatz FY 2025 $859,8M (+1,9% YoY).
- Annual Recurring Revenue (ARR): $839,9M (weitgehend stabil YoY; Management: $840M).
- Non‑GAAP Operating Income: Q4 $30,1M (Marge 13,9%); FY $135,7M (Marge 15,8%).
- Free Cash Flow: Q4 $32,3M; FY $130M.
- Kundenbasis: >11.500 Kunden; durchschnittliches ARR/Kunde ≈ $72.000.
🎯 Was das Management sagt
- KI‑Fokus: Starke Investitionen in AI‑gestützte Security Operations (Agentic AI‑Workflows) zur Effizienzsteigerung und Outcome‑Orientierung.
- MDR‑Priorität: Managed Detection and Response (MDR) als Kernwachstum; D&R‑Segment wuchs ~7% YoY, MDR im hohen einstelligen Bereich.
- GTM‑Reorganisation: Vertrieb, Marketing, Customer Success und Incentives neu ausgerichtet; Sales Kickoff abgeschlossen – Wirkung soll 2026 sichtbar werden.
🔭 Ausblick & Guidance
- Q1 2026: ARR ≈ $830M (‑1% YoY); Umsatz $207–209M (‑1% YoY Midpoint); Non‑GAAP Op. Income $19–21M (Marge ~9,6% Midpoint); EPS $0,29–0,32.
- FY 2026: Umsatz $835–843M (‑2% YoY Midpoint); Non‑GAAP Op. Income $108–116M (Marge ~13,3% Midpoint); EPS $1,50–1,60; Free Cash Flow $125–135M.
- Hinweis: Keine Full‑Year ARR‑Guidance; Management nennt begrenzte Visibility wegen neuer Führung und Initiativen.
❓ Fragen der Analysten
- GTM‑Timing: Analysten forderten konkrete Meilensteine für Produkt‑ und Vertriebsmaßnahmen; Management nannte Verbesserungen, blieb aber vage beim Zeitplan.
- ARR‑/Churn‑Risiko: Sorge, dass D&R‑Wachstum nicht schnell genug negative Trends in Legacy‑VM kompensiert; Q1‑Guide impliziert kurzfristigen Rückgang.
- Produktmonetarisierung: Nachfrage nach Klarheit zu Adoption und Upsell‑Pfad von Exposure Command und Incident Command; Management sieht Potenzial, nennt aber noch keine quantifizierten Hebel.
⚡ Bottom Line
- Investment‑Trade‑off: Rapid7 investiert aggressiv in AI, MDR und Go‑to‑Market‑Reform; das drückt kurzfristig Wachstum und Margen, zielt mittelfristig auf höhere Effizienz, Marktanteilsgewinn und Margenausweitung. Solide Liquidität und Free‑Cash‑Flow‑Profile mindern Refinanzierungsrisiken; Hauptrisiko bleibt Execution‑Timing und Upgrade‑/Retention‑Dynamik.
Rapid7 Inc. — Q3 2025 Earnings Call
1. Management Discussion
Good day, everyone. My name is Leila, and I will be your conference operator today. At this time, I would like to welcome you to the Q3 2025 Rapid7 Earnings Call. [Operator Instructions].
At this time, I would like to turn the call over to Ryan Gardella, Investor Relations.
Thank you, operator, and good afternoon, everyone. We appreciate you joining us today to discuss Rapid7's third quarter 2025 financial and operating results in addition to our financial outlook for the fourth quarter and fiscal year 2020 pass -- with me on the call today are Corey Thomas, our CEO; and Tim Adams, our CFO. We have distributed our earnings press release over the wire, and it is now posted on our website at investors.rapid7.com, along with the updated company presentation and financial metrics file.
This call is being broadcast live via webcast. And following the call, an audio replay will be available at investors.rapid7.com. During this call, we may make statements related to our business that are considered forward-looking under federal securities laws. These statements are made pursuant to the safe harbor provisions of the Private Securities Litigation Reform Act of 1995 and include statements related to the company's financial guidance for the fourth quarter and full year 2025 and the assumptions underlying such goals and guidance.
These forward-looking statements are based on our current expectations and beliefs and on information currently available to us. Actual outcomes and results may differ materially from the future results expressed or implied in these statements due to the number of risks and uncertainties, including those contained in our most recent quarterly report on Form 10-Q filed on August 8, 2020, and and in subsequent reports that we file with the SEC.
The information provided on this conference call should be considered in light of such risks. Actual results and the timing of certain events may differ materially from the results or timing predicted or implied by such forward-looking statements. and reported results should not be considered as an indication of future performance. Rapid7 does not assume any obligation to update the information presented on this conference call, except to the extent required by applicable law.
Our commentary today will primarily be in non-GAAP terms and reconciliations between our historical GAAP and non-GAAP results can be found in today's earnings press release and on our website at investors.rapid.com. At times, in our prepared comments or in responses to your questions, we may offer incremental metrics to provide greater insights into the dynamics of our business or our quarterly results. Please be advised that this additional detail may be onetime in nature and we may or may not update these metrics in the future.
With that, I'd like to turn the call over to our CEO, Corey Thomas. Corey?
Thank you, Ryan. And welcome to everyone joining us on the call today. Rapid7 ended the third quarter with $838 million in ARR, growing 2% year-over-year as we innovate on our AI-powered stock vision but continue to see timing variability within our large steel pipeline. Revenue for the quarter was $218 million and operating income was $37 million, both ahead of our outlook.
We once again delivered strong free cash flow of $30 million generated in the quarter. The key message I want to leave you with today is Rapid7 has made and continues to make significant organizational changes to accelerate our go-to-market motion, capture the large opportunity in front of us in AI SoC and position the company for accelerating top line growth.
We have a leading franchise with a competitively strong set of capabilities that we continue to invest behind. We have alignment to move as quickly as possible across all dimensions of our organization to improve and capitalize on the opportunities in front of us. This includes several recent senior leadership changes, including our new Chief Commercial Officer, Alan Peters, who joined us in early September and today's announcement of Rafe Brown as our next Chief Financial Officer beginning in December.
It also includes operational changes Alan is beginning to implement in the fourth quarter to better align resources and incentives for growth in 2026 and beyond, particularly in our MDR business. which is more than half of our ARR and continues to grow double digits, but which is part of our business where we believe we can focus more resources to accelerate growth with attractive margins. I will discuss this in more detail in a bit.
We are confident that we are making the right changes to reaccelerate Rapid7, but we also acknowledge that we have fallen short of the ARR guidance that we have provided to you in recent history and thus far this year. As we take action across the organization, we view it as imperative that we rebuild confidence in our guidance with the investment community.
As such, with a new CCO and CFO and recognizing the operational changes we are enacting may create higher near-term forecasting variance, we are today reducing our 2025 ARR target to reflect a higher confidence outlook. The new target is based on what we have experienced year-to-date and now embeds a discount of the new business win benefit expected from Q4 seasonal budget opportunities for the potential impact of the changes that I discussed.
Based on our competitive product position and growth across our markets, all of us at Rapid7 believe we're capable of executing better. Let me tell you why and where we are investing in our organization to drive us forward. It is clear that customers are significantly involved in how they operate their SecOps programs. Seeking to integrate AI as they look to consolidate core elements of exposure and direct response in the SOC. We built Rapid7 Companion platform, an AI-powered security operations platform that unifies exposure management and threat detection response to enable quicker execution and accelerate remediation outcomes through deeper and more integrated situational awareness of risk and threats across customers' attack surface.
We're optimistic about our road map and strategy. Yet, we maintain a realistic view that these larger platform consolidation opportunities naturally lend themselves to longer, more competitive deal cycles. We have seen this affect quarterly deal timing and overall growth performance throughout the year. But the scale and quality of recent wins demonstrate strong market validation of our platform approach. And as we are seeing adoption from mainstream customers committing to an integrated solution.
A great example of this was a competitive [indiscernible] win during the third quarter with a large Tier 1 public university. We were brought in to replace their disparate multi-vendor tech stack across exposure management, SIM and managed detection response. The customer security team faced friction trying to leverage a fragmented tool set and legacy technologies. While their initial exploration was around MDR our holistic security operations offering, including full visibility and access to our market-leading SIM, coupled with unlimited IR and integrated vulnerability management and deliver it via a global 24/7 SOC was a value proposition that no competitor can match.
These types of deals highlight our leadership position, strong platform value and right to win in our detection response business, which continues to serve as a core growth driver of our business. This is a great validation of why Rapid7 is well positioned to help customers integrate leading AI capabilities and experiences into their SOC while unifying their overall security operations tech stack through our integrated command platform experience.
With years of experience operating in a scaled global 247 million SOC, we have a significant advantage in proprietary data, expertise, and as a result, agenetic AI capabilities. And we're taking deliberate steps to sharpen our go-to-market focus and execution as we look ahead to 2026 spearheaded by Alan as I referenced. Although Alan has only been in the seat for a few weeks, he is already sharpening the discipline and operational focus around the execution as we aim to accelerate our position and market capture in our AI-led DNR space looking ahead.
As we'll discuss, we believe we have the products and capabilities to be one of the leading providers in this space. accelerating our focus to enhance our operational alignment with faster revenue opportunities remains our top priority, and we're confident in our path forward. We're doing this through both focused product innovation as well as some deeper partnerships that enable us to more seamlessly extend the value of our customers' existing ecosystems. A great example of this was our recent announcement of our expanding partnership with Microsoft to advance modern detection response by helping organizations simplify and strengthen their detection and response capabilities across their Microsoft environments.
Rapid7's new MDR for Microsoft solution integrates a dedicated service with Microsoft Defender that provides comprehensive coverage across endpoints, cloud, identity and e-mail. This new collaboration brings together Rapid7 SOC expertise with the Microsoft security ecosystem to simplify operations, strengthen protection and unlock new value for joint customers.
By combining the power of Microsoft's advanced telemetry and analytics with Rapid7 human-led threat expertise and AI-driven operations organizations can gain faster, more precise detection and more contextually rich response playbooks to stop threats before they impact.
Overall, our strategy is well aligned to what we're seeing in the market. Customers are increasingly prioritizing unified data collection and AI and the SOC to achieve better security outcomes that they can achieve with their existing fragmented tool sets. Security teams need platforms that deliver comprehensive attack service visibility and threat context to enable efficient decision-making and faster, more automated response to threats that are happening in their environment. demand for integrated exposure and detection programs is growing, amplify by regulatory pressures for compliance and reporting.
These trends align directly with the broad slot capabilities embedded in our Command platform, focus on expergate AI, both for exposure, remediation and threat response, alongside automation and a strong return on investment. Our head start from operating our own SOC for years positions us uniquely in this market.
A great example of this ongoing convergence within customer environment was a 6-figure deal in the quarter with an existing exposure management customer. This customer was looking to address detection gaps that they were experiencing within their existing program. The combination of our broader telemetry coverage, demonstrated superior detection and a cost-effective platform value proposition, all of which was fully integrated with their existing exposure management platform, drove this retail customer to displace their existing MDR vendor with rapid severance managed through a complete offering.
Our long-term strategy remains centered on scaling our AI-driven security operations command platform with increasing focus on accelerating our growth transition towards our scaled, market-leading MDR position as we look ahead to 2026. The Command platform integrates native telemetry, Open Data integration, curated intelligence and automation into a unified system for risk remediation and threat response that rest on 3 core differentiators.
First, our open platform with over 500 integrations address fragmented attack surface use. These integrations unify diverse data into a deconflict contextualize perspective, providing holistic environmental understanding. p
Second, our expert trained and Agentic AI workflows draw from years of sock expertise, live playbooks and real-world feedback. These proprietary engines enhance outcomes in real time and are embedded in our MDR offering.
Third, we drive automated measure progress, not just alerts but actions. From AI informed response to prioritizing misconfigurations and coordinated incidents, we reduce mean time to detect, respond and remediate. Our innovation across these areas fuels our unique position as a leading provider across both the exposure management and detection response market.
Demonstrated by the breadth of analyst recognition we received within just the last quarter, including our seventh consecutive recognition in Gartner's Magic Quadrant for SIM, our position as a leader in frost radar for managed detection response, our recognition in forces unified vulnerability management wave and our leadership position in IDC's market scape for exposure management.
Overall, our AI-powered security operations platform that unifies exposure management and detection and response and a single customer experience is resonating with customers and industry analysts alike. And is a strong foundation to support improved execution as we look ahead to 2026.
As we drive towards this unified AI power SOC vision, the integrated platform experience between our managed DNR and exposure management capability remains a key differentiator, delivering deeper visibility and contextual awareness around threats. We believe we're just scratching the surface here, and we continue to innovate demonstrated most recently by our announcements of AI-generated risk intelligence delivered through Rapid7 remediation Hub.
This new AI-driven risk and vulnerability intelligence will empower security teams to prioritize and remediate security threats faster an outcome that is core to our vision around unified exposure management in SOC. A key pillar of our growth this year has been around our exposure expansion engine, which is anchored on our transition in our traditional VM customer base through this integrated outcome-focused exposure management model through exposure command.
We continue to see steady increase in upgrades and expansions of our core base of exposure coming in Q3. And looking ahead, Alan is keenly focused on improving our execution around this expansion engine. This is an area where we have fallen short of our goals this year. However, we view this as an execution shortcoming, and we remain confident that delivering a single contextualized risk view across cloud and on-prem environments with AI-powered insights and particularly in the context of managed detection response program will enable better risk prioritization and remediation and ultimately deliver improved security outcomes and customer environments.
Shifting now to an important and exciting leadership update, which we announced today. I'm pleased to welcome our new Chief Financial Officer, Rafe Brown. Rafe is an outstanding leader with extensive executive leadership experience across multiple public companies, most recently at Modcast, where he's initially served as Chief Financial Officer; and then later is President and COO. His track record of driving operational excellence, scaling growth in SaaS businesses and building high-performing teams makes him an exceptional addition to our leadership team.
I'm thrilled to welcome Rafe to Rapid7 and look forward to his arrival later this year. and to continue to work with him to drive our business forward.
In closing, as we look ahead, we're confident that we have the right strategy, and we are moving as fast as possible, including our recent leadership additions to position Rapid7 to improve our near-term growth execution. We believe there are significant inherent value in our platform that is not fully reflected by the market at this time, and we're taking direct action to address this disconnect.
Managed Detection & Response continues to fuel a strong growth opportunity for us. and our differentiated command platform rooted in automation, integration and expedite AI is more relevant than ever. We're focused on continuing to innovate execute efficiently and position ourselves to deliver outcomes for our customers, our shareholders and our team.
Thank you for joining us today. I appreciate your support. And I will now turn the call over to Tim to walk us through our financial results in more detail.
Thank you, Corey, and good afternoon to everyone. We appreciate you taking the time to join us on today's call. Before I turn to the results, a quick reminder that except for revenue, all financial results we will discuss today are non-GAAP financial measures, unless otherwise stated. Additionally, reconciliations between our GAAP and non-GAAP results can be found in our earnings press release. Rapid7 ended the third quarter of 2025 with $838 million in ARR, representing a 2% increase year-over-year.
Revenue and profitability were above our guided ranges and as in prior quarters, we continue to see promising signs for future growth in detection and response and progress in exposure command adoption. While in general, we've seen the customer spending environment challenged by additional scrutiny, particularly in large deals, we have been focused on enhancing our product capabilities to address a challenged threat environment driven by escalating AI-enhanced threats and cloud migration demand.
Turning to our financial results for the third quarter. Year-over-year ARR growth in the third quarter was driven predominantly by 2% in ARR per customer. And we ended the third quarter with over 11,600 customers globally and average ARR per customer of over 72,000. Third quarter revenue of $218 million grew 2% year-over-year and exceeded our guided range. Product subscription revenue also grew 2% year-over-year to $210 million.
Professional services continued to decline year-over-year consistent with our expectations and decision to deemphasize certain lower-margin services. International revenue represented 25% of total revenue and grew 8% over the prior year.
On profitability measures, our product gross margin was 75% and total gross margin was 73%. Sales and marketing expenses were 33% of revenue, slightly above the prior year at 31%. R&D and G&A expenses were 17% and 6% of revenue, respectively, compared to 16% and 6% in the prior year. Operating income for the third quarter was $37 million and above our guidance range, driven by natural leverage in the business as well as timing of spend as we continue to focus on making targeted growth investments and scaling our India capability center during the second half.
Adjusted EBITDA was $44 million in the quarter, and non-GAAP net income per share was $0.57. Shifting to our balance sheet and cash flow statement. We ended the third quarter with cash, cash equivalents and investments of $635 million compared to $600 million at the end of the second quarter. We generated free cash flow of $30 million in the third quarter, bringing our year-to-date free cash flow to $98 million, and we remain well on track to achieve our full year free cash flow targets. This brings us to our outlook for the remainder of the year.
As Corey referenced, we believe we are well positioned to help customers and prospects integrate our leading AI capabilities and experiences into their SOC as we look ahead. At the same time, we are managing active change during the fourth quarter, both from a leadership perspective as well as we accelerate our focus and operational alignment toward our fastest growth opportunities as we look ahead to 2026.
We have factored these dynamics into our fourth quarter ARR outlook, which now calls for ARR to end Q4 approximately flat quarter-over-quarter.
Turning to our other guidance metrics. We are tightening our full year revenue guidance range to $856 million to $858 million, representing year-over-year revenue growth of 1% to 2%. Full year recurring product revenue growth will continue to outpace total revenue growth, partially offset by year-over-year declines in professional services.
Moving to profitability. We are raising our full year operating income guidance to the upper half of our prior range and now expect to deliver $130 million to $135 million in operating income for the year, representing an operating margin of 15% to 16%. We continue to generate strong free cash flow and are reiterating our full year free cash flow target range of $125 million to $135 million.
Finally, we now expect non-GAAP net income per share for the full year of $2.02 to $2.09 based on approximately 75.9 million diluted weighted average shares outstanding.
Turning to fourth quarter guidance. We expect revenue in the range of $214 million to $216 million. We expect non-GAAP operating income of between $25 million and $30 million and non-GAAP net income per share of $0.37 to $0.44 based on approximately 76.6 million diluted weighted average shares outstanding.
In closing, I'd like to thank everyone for their support during my time as Rapid7 CFO, including our Board, our investors and analysts, and most importantly, our team here at Rapid7.
I would also like to welcome Rafe Brown to the team and wish him the best. Thanks for everything, and I look forward to continuing our relationships in the future.
With that, I want to thank you for joining us on the call today, and I will now turn the call back to the operator to open the line for questions.
[Operator Instructions]. Our first question will come from Rob Owens with Piper Sandler.
2. Question Answer
A couple for you, Corey, is the business seems to shift towards MDR. Can you talk about the economic model? And despite the success you're seeing here, it doesn't seem to be dragging on margins either from a gross margin or operating margin standpoint. So I would just love to understand that.
And then let us ask the second one upfront. Can you maybe parse for us the success that you're seeing internationally versus what you're seeing domestically? And just looking at the dispersion between those 2 growth rates.
Thank you so much, Rob. We can hear you just fine. So I think part of what you're getting is MDR, we run at a higher both gross margin and overall profitability than your average in companies. And most of that is based on the fact that we've had to take our time and frankly, get some of the growth historically to really -- and market adjustability to make sure that we were building both first the automation and now the AI capacity to actually map that in, which allows us to actually run it.
We believe that we can actually run modern managed services at higher quality, better efficacy and higher gross margins than you could in the last 10 years. And we think AI is a big part of the story when the AI SOCs a big part of that story. And so it's something we've been -- and as you recall, that's 1 of the big investments that we actually made this year, and we're well on the journey there, and we're delivering the economic output, which sets us up well to actually expand our addressability of how much we can actually grow that business because now we can actually over half our business -- approaching half of our business.
We can actually grow that profitably at scale with more and more addressability. So we do think we have an incredibly strong economic model that sets up a great platform as we actually go forward. But we did actually gate it along the way to make sure that we were building up the automation and the core baseline technology to support a high-quality, higher-margin business that was profitable over time, and that takes time and deliberation. Your second question was...
Yes, Corey, I think his second question was the success we're seeing internationally. It's 25% of revenue growing faster the business overall. So it's got a nice growth rate.
Yes. I'll remind you, we've been putting more wood internationally from an investment perspective because we were historically a little bit lighter on the international percentage of business. We've been investing more. That said, is that one of the things that Alan has really focused on is aligning the sales processes across the business. So that we can actually be more consistent both across segments and regions around the country and really look at the investment profile.
And so we do think that we have plenty of opportunity in North America. And we actually think the sales has opportunities to expand and accelerate there. And we still see a lot of growth that we have available for us as we actually go forward international. And thank you for the question, Rob.
Your next question will come from Fatima Boolani with Citi.
Corey, the question is for you. Just with respect to MDR now, almost the majority of the business. But when I map that back to the at ARR per customer growth you've experienced sequentially. It is up 2% year-on-year. How can we not conclude that there are elements of pricing pressure and/or pricing competition inside the MDR business as well?
And maybe what are you seeing that we aren't necessarily seeing or is not necessarily visible to the naked eye for us? to give you that confidence because that space generally is fairly competitive. And the AI SOC vision, there are a lot of vendors competing before the hearts and minds of the SOC. So I would just love your perspective on some of the pricing dynamics and what insulates you and why it may not be visible to us? And I have a follow-up, please.
Yes, absolutely. So one, it's a very fair question. So MDR, just to be clear, we're still following that business double digits. And we actually see plenty of capacity to continue to do that and grow that. So we do see that we are quite effective there. Now we have been gated historically about how much we want because we had the gross margin concerns.
And as we actually automate more and more of that business we feel more and more comfortable unlocking that business, which is why you also see us talking about a little bit more because we on the competitive positioning, our competitive position is fairly straightforward, is we are great for organizations that are actually looking to actually get leverage from outsourcing to an AI-driven SOC that combines to both the best of technology and people. And so if you look at what we're doing today and what we've set up is we have an incredibly driving practice around MDR that delivers high-quality efficacy at scale, and results in relatively high retention rates.
You add on to that. We've extended that and we're extending that to manage rate, managed risk. We have coming up, and our value proposition is that for customers that want to scale and outsource the stock at quality, and they still want to actually have targeted sort of like access to people and talent, where you're getting both the best of AI, but you also have access to people. We can do that economically better than anyone else. And we have hope to scale and the experience to actually demonstrate that. So that's our core value proposition, and it's one that we're leaning into and it's one that we're actually optimizing around is what it shows continued good growth opportunity. You said you had a second question?
Fatima, go ahead if you had another question.
I appreciate that. As we think about calendar '26 with the backdrop of what has been a year of work in progress in calendar '25, you're layering on further operational changes and some new sales processes. So when we think about calendar '26 at a very high level, how should we internalize the growth versus profitability algorithm and specifically around efficient investment and I know one of the mandates this past year also was leveraging the channel more. So how should we get a very high level, think about that algorithm seeing that you outperformed on operating margin and cost control this year?
Yes. I actually think we have a -- we've built a fairly efficient business. I think we can actually build off of that and continue that trend. Part of the reason that we're making the investments right now is because it's the right opportunity when do it. Like if you look at what we're doing both in the MDR space, if you look at the position that we actually had in our recently announced partnership with Microsoft, where we have a big opportunity to actually help Microsoft customers really manage their security ecosystem in a more scalable way and meet the outsourcing needs that they actually pay at.
This is the window that we could have actually either wait until next year and have the noise going in or we can actually execute that right now. to tee up for momentum next year. And we decided to actually that we had enough clear opportunity in front of us to actually pull the trigger now and actually move forward with some of the obvious changes that are really about how do we actually scale and rationalize our efforts as we move forward.
Yes, Corey, I would just add. We said earlier in the year that this is an investment year for us as we're building out the innovation center over in India, and that continues to ramp up and you see it in the second half of the year with some of the expense load that we anticipate in Q4 as we continue to ramp that business, but giving us leverage in the business over time.
Yes. And the overall goal was always to actually make sure that we can actually scale profitability as we go forward in the next couple of years. Thank you very much for the questions.
Your next question will come from Matt Hedberg with RBC.
Okay. So I guess maybe one for both of you guys. You guys have noted some timing variability with large deals, and it seems like Alan is going to be working on some processes to improve that. I guess as you think about Q4, can you talk about the large deal pipeline? And Tim, how have you sort of contemplated that in your Q4 outlook?
You want to talk Adam?
Yes. So Matt, it's a fair question. And I think Corey had it in his prepared comments that we really wanted to give you a high confidence outlook for Q4 as we come into the quarter. So we take a very hard look at the pipeline, and we're looking at that all the time, as you might imagine, because that is your leading indicator.
And you're looking at conversion rates, you're looking at cycle times of deals when they're in the pipeline. And Corey mentioned this earlier that when you're looking at these platform conversions with customers, the great news is these are larger deals that we have the opportunity to win. They do take more time for these deals to work themselves into a closed state.
And I would just say, if you're looking at how we actually factored it in, is that we didn't actually try to get overcomplicated. Look, I think that one, we saw plenty of opportunities we actually go forward next year. So the question is always, do you hold any sales or organization or any changes in Q4 in -- for January. And we said, listen, we actually think it's straightforward enough. That we want to make sure that we're addressing the process, enabling other stuff now.
The second thing that I would just emphasize when you think about it, is we acknowledge that there's a range of outcomes. I think this part you get to -- it's probably the point that you you're making. There's an absolute range of outcomes, but also, we have not been extraordinarily precise on exactly where we land in those range of outcomes.
And so as Alan has come on board and has Rafe come on board, we just decided to baseline and keep it relatively simple. -- and say we have confidence that we can actually be here. We absolutely know that there's a range of outcomes around it. But we did not want to attempt to be overly precise as Alan was actually working through the model.
Your next question will come from Mike Cikos with Needham.
Corey, just picking up on that last remark as it pertains to the Chief Commercial Officer, Allan Peters, -- could you just provide additional detail on what exactly he is doing with respect to that resource alignment behind the MDR opportunity and execution and transitioning the VM to exposure comment. I would just love to get some more color there.
Yes. So one of them is we have a wide range of practice across. So 1 is just there's a focus as you would expect on just standardizing the operating procedures. We have a lot of talent -- but we do have -- we have variability across both the reps and teams. And so we just went online that to set up everyone for success. And so a lot of it is just the foundation of how we set our people for success.
The second thing that's the big thing is I talked about this in years that this is our first big upgrade wave that we had in a long time. and operationalizing that maturing that and making that effective is a big deal. We have that both on the VM to exposure management side. We also have a detection and response. We have probably the biggest setup for upgrade opportunities. and Allan's partnered with the sales teams and the marketing teams about how you actually make sure that we have a well-organized process market.
And then the last aspect of is we do think that we can be unconstrained in our ability to actually deliver the full AI manned SOC platform, where we're delivering sort of like the -- as that you've managed, both detection response, risk and compliance workloads on that over time and how we actually tee that up and leverage it up and focus the sales team around the highest number opportunities is the last piece. So if you just think about the 3, it's sort of like standardization, really building and accelerating the engine around expansion, which we have the biggest upgrade opportunity. We didn't fully tap it this year, I'll just say that.
And then the third one is really focusing on the biggest opportunity around MDR and making sure our sales force is aligned around that. Thanks for the question.
Your next question will come from Brian Essex with JPMorgan.
This is John on behalf of Brian. Yes. So I guess I'm just curious to hear maybe what were the key criteria in selecting rates? And what are the top priorities or changes the team has moved excited for it to drive when he joined in December.
Yes. And we'll talk more about it, you have some big shoes to fill with Tim will talk a little bit about more in the future. I mean, later on the call, 1 of the things that we were actually looking for is someone who could actually meet where we are is as we actually go forward, we are an AI services engine. And so we will look for someone who could actually come in and bring not just the financial acumen, but we want someone that can bring the operational acumen as we actually to partner with our go-to customers, teams to actually really scale our processes around how we actually do land, expand, how do we scale our price and packaging, how do we actually really drive the economic engine predictivity for growth? -- we've been investing and we're still investing efficiently on Hatten. But we're in a good place.
We're in the right markets for growth, which is important. More and more customers are looking to outsource more and more of their security workloads. We've set it up well where as people are thinking about how they scale their security operations, we can do that across the text response. We can actually do that across risk. We do that across compliance, -- and so we're set up well today. We're tuning the product engine, of course, around that.
But now it's really about how do we actually take that the market, how do we have the right pricing and packaging the operations data behind that. And we're looking for someone who was an operationally minded CFO, who could really tie the sales and the business model together with the product strategy to actually drive that sustained growth. And that's what we're looking for, and that's what we got in a great candidate with Rafe.
Your next question will come from Eric Heath with KeyBanc.
Corey, I wanted to ask on the MMDR side of the business. which does seem to be going strong and even validated the latest Gartner Magic last month. My question is to maybe understand the business a little bit more holistically and how valuable the traditional VM piece is to the SIM MDR side of the business?
And maybe the second part to that question is, we did see another vendor announce at the end of life its on-prem business. That was a reasonable portion of its overall business. And maybe how you're thinking about similarly bold options or less strategic parts of the business in order to focus on the growth side of the business that is doing well, whether that's MBR exposure command.
Well, absolutely. And by the way, we've been on that journey are ready to rationalize the business as part of the growth dynamic that you see. And so while it wasn't a big light to own light all thing, we have been actually steadily moving the shift in the business. As we think about it going forward, I would just say it's pretty straightforward. We think about how do customers who actually looking to scale their operations on aligned their security outsourcing needs. So we think about how do you actually build on top of the Managed Detection and Response offering to actually not just liver manufacture and spots, how does that extend to manage risk? -- manage compliance and managed rare teaming.
So what we've been steadily doing over time is moving from the traditional on-premise workloads to what we consider much more strategic value-added workloads that serves a large part of both the mid-market and the -- I would just say the resource-constrained upper enterprise market, that are focused on the service layer, not just the technology layer and not the on-prem layer. So our primary focus is extending the MDR focus, and we've been at that shift for a study while one of the things that we've been talking to you all about.
We do feel like we're in the last sort of like stages of that shift where we're continuing to accelerate. That's why we're retooling some of our sales focus to really align around -- everything is aligned around that AI managed experience. that operates at the service layer because more and more customers we see do want to actually take workload offer their teams and staff, and they're not able to actually add more and more people.
Your next question will come from Joseph Gallo with Jefferies.
I know you have the large deal dynamics. But fundamentally, where does exposure management and MDR rank in terms of CISO budget priorities right now?
MDR is actually one of the top 2 or 3 in every survey that we see. Now there's ranges of MBR. And a smaller and smaller number of customers are looking to actually manage a 24/7 global SOC themselves. And so more and more looking to actually outsource and get leverage, which is why we see plenty of opportunity there.
As I said before, the traditional on-premise VM or the last call is less and less of a priority. But if you look at the modern exposure management, it is a priority. And we've been rebuilding the -- I would just say, updating the capability around exposure management to tie that to MDR, and we see plenty of opportunities there. But that is the transition that we're making. I think the whole industry is making it out from the legacy here.
We've been heavily focused on the MDR aspects and then leveraging and extending the exposure management to the workloads there. But I would just say MDR is 1 of the top 3 budget spend priorities from also.
Your next question will come from Gregg Moskowitz with Mizuho.
Interesting announcement with Microsoft. And I'm wondering, Corey, if you could elaborate a bit on your expectations from this going forward? And is this purely a technology integration? Or could there be a go-to-market aspect at some point as well?
Yes. We're at the early stage of -- I believe it's starting with a technology, a deeper technology integration. But we've also been working heavily with the go to customer, their go-to-market teams. They're -- look, the issue is Microsoft is a great technology stack. We've actually been building out our technology stack aligned with theirs. They have a large installed customer base.
There's not a clear preferred sort of like top-tier partner that's actually delivering high-quality, efficient managed services on top of their stack. They're looking to build their partner portfolio. We're investing heavily behind that. But there's a lot of customers that have the defender ecosystem that we've now tuned and we're announcing more and more technology integrations to own it. That we can actually manage their technology infrastructure integration, leveraging our technology stack, do it at scale and do it at great cost economics for our mutual customers. And so we see it as an incredibly strong growth opportunity as we go forward. We're in the very early stages, but we have been working with both their technology teams on a frequent basis and their go-to-customer teams is picking up.
Your next question will come from Junaid Siddiqui with Truist.
Corey, you have mentioned extended deal cycles for some time now as your platform becomes more strategic. How comfortable are you getting with the visibility around the pipeline and close rates so to give you a better ability to forecast.
Yes, I think this is -- and this is why I said, listen, we do have a range of outcomes quarter as you go forward, one of Alan's top things is really to rationalize the process about how we manage the larger deal cycle. He's used to looking at these, and we have to really standardize the process. Look, we were somewhat -- we moved faster to competing in more of the strategic deals at larger ASPs. We were traditionally a mid-market focus lower.
I would just say like 40,000, 50,000 ASP company. And that's changed relatively quickly over the last 18 months, and we're getting our handle around that. That's impacted both the accuracy of what we communicated from guidance. But we also have to upgrade our processes and our systems for how we actually manage that, and that's a clear mandate and the focus that Alan's working.
Yes. And he has the experience doing that years of it. He's just a season the leader there.
So I actually think that, that will be not a problem as we go into next year. But that's also why we didn't want to actually sort of like have Q4 be a distraction around it because he's only been in a little over a month, and we did not want to have more precision that was warranted.
Your next question will come from Joshua Tilton with Wolfe Research.
Great. Totally understand the decision to put some incremental conservatism in the guidance for ARR for this year. I guess I'm trying to understand outside of that conservatism, what is the underlying momentum of the business. So my question is, assuming you don't see any disruptions, right, from these one-off dynamics -- are you still on track to hit the ARR guidance that we had coming into this quarter? Are you running below that prior ARR guidance that you gave? How do I understand what you're guiding to from an underlying momentum of the business, if that makes sense?
Yes, it does make sense. Look, we're not going to give you 2 guidances, just to be clear. But what I would say is I'll get to your core thing is that -- we still have the same, I would just say, pipeline that we expected to have in -- put in a couple of points. I won't be overly precise there. But we still have the same pipeline. What's really changing is that we're not actually attempted to be overly precise about how much of that pipeline lands in a specific time frame.
So what we wanted to give you was just an AR guy, when Tim said roughly sight, it was just like, hey, we know we can hit that we'll go forward. We'll tell you what it is and where it lands sort of like in Q1. I know that's not great. I just want to be clear about. I know that's not great. But it's also the right thing to do, especially as we have a new CFO and a new CCO to actually let us get a clean baseline and then we'll reestablish the cadence that we actually all want to have next year.
Your next question will come from Zach Schneider with Baird.
This is Zack on for Shrenik. So exposure command really feels like a big flagship bet for you guys. And I'd love to just hear more about what does the data really show today? Maybe our net new customers landing faster or larger with it. And then maybe what's the ASP uplift versus just legacy VM only? And what's the true ramp time line?
Yes, there's 2 dynamics. One, we're actually focusing on, again, tying the closure command into our overall services strategy with MDR, which is sort of like the early stages.
The second is that, yes, we're actually very focused on the upgrade because it aligns it around the overall NDR strategy, the upgrade of VM to exposure command. What we've seen so far is much, much larger deals in terms of ASPs. And lastly, like larger -- it's like over double the ASPs that we're actually expecting and so we've seen much, much larger deals at longer deal cycles than the smaller upgrades and that has not been -- and we were really focused on the upgrades. Again, we have not focused a lot on landing new for exposure command.
So we're focused just on the upgrades as the primary focus for this year, something that we talked about at the start of the year. And so we've not had the volume that we wanted to actually have on the conversions because the pipeline is of larger deals, even though we like the dollars of the pipeline, the size of the pipeline is larger and they're coming in store.
Your next question will come from Kingsley Crane with Canaccord Genuity.
Just wanted to double-click again on the Microsoft integration. -- as that scales, just could you speak more to any near-term investment required to support that at the engineering or sales level? And then do you have a sense of what portion of your customer base are already customers of both Rapid7 and Microsoft?
Yes. It's a little bit under half, but it's still a substantial portion of our customer base that is Microsoft. And frankly, we see a big opportunity to grow it. Like we look at this as primarily a growth opportunity. as we go forward. We've been working on the engineering for a while now. And so it's one of the investments that we talked about and we wanted to invest in earlier this year. We're not done.
By the way, just to be clear, we're not done, but we actually can do it within the resource outlook that we actually have available. So it's not incremental resources. It is the resources that we have on a -- this is part of why we're taking the opportunity to refocus and retune and realign the sales engine, though. Because it's not more salespeople, it is sort of like focusing and training and enabling our sales teams on the partnerships and the opportunities that we have in front of us, of which this is a substantial new one that provides net new opportunities.
Our sales leadership team has been asking for this. It's been one of the priority areas. And so taking the time next year to make sure that we actually start next year with velocity and momentum is a big deal. So it's not more sales resources, but it is time and focus to align that engine. And we decided that we wanted to do that as soon as possible, not wait to Q1 where if you wait to Q1, you don't see the benefit to the back half of next year.
Your next question will come from Rudy Kessinger with D.A. Davidson.
Could you just talk to us about gross churn and how that's trended throughout the year and your expectations for gross retention gross churn going forward.
Yes, it's a great question. Gross churn has actually been exactly where we expected it to be based on our last calls, and so that's not been -- we've had -- frankly, if you look at where the issue in the business is much more in the landing of new customer in the ARR and the deal cycles around debt than the churn. So what I would just say is we're expecting to see the continuing trends that we saw this year, which we're very comfortable with. As we go now MDR are larger and more strategic. They tend to be longer deal cycles and deal terms.
So as a business shift mix towards that. you do see a slightly upward tip on the gross churn dynamics in terms of improving, meaning you see higher retention rates. But that's more based on mix shift than anything else. -- on the type of business that MDR is. But the -- that's not been the big issue this year. Thus far, the primary thing is just that we're under the new customer ad ARR and expansion ARR that we expected. So it's a great question. I do want to clarify that. That's good to clarify.
There are no more questions at this time. I'd now like to turn the call over to Corey Thomas for closing remarks.
So thank you all for joining on the call today. I want to take this time to thank Tim Adams, our CFO, for his outstanding service for his time, for his partnership to both myself, the Board and the leadership team. Tim, I want to thank you. I want to acknowledge it since this will be your last call, but thank you so much for your time today. And I want to thank all of you for taking the time to join us on our earnings call today. Thank you.
Transkripte auf Deutsch freischalten
- Alle Event Transkripte auf Deutsch
- Sofortige Übersetzung
- KI-Zusammenfassungen für die wichtigsten Insights
Rapid7 Inc. — Q3 2025 Earnings Call
Rapid7 Inc. — Q3 2025 Earnings Call
📊 Quartal auf einen Blick
- ARR: $838 Mio. (+2% YoY), wobei mehr als die Hälfte aus Managed Detection & Response (MDR) stammt
- Umsatz: $218 Mio. (+2% YoY), Produkt‑Abo $210 Mio.; Ergebnis lag über der Guidance
- Oper. Ergebnis: $37 Mio., Adjusted EBITDA $44 Mio., Non‑GAAP EPS $0,57
- Cash/FCF: Cash & Äquivalente $635 Mio.; Free Cash Flow $30 Mio. im Quartal, YTD $98 Mio.
🎯 Was das Management sagt
- Organisations‑Update: Neue Vertriebsspitze (Alan Peters) und angekündigter CFO (Rafe Brown) sollen Go‑to‑Market und Forecast‑Disziplin stärken
- Strategie: Fokus auf ein AI‑getriebenes Command‑Platform‑Angebot, das Exposure Management und Detection/Response vereint
- Partnerschaften: Ausbau der Microsoft‑Integration; Ziel: schnellerer Wert für Defender‑Kunden und skalierbares MDR‑Wachstum
🔭 Ausblick & Guidance
- ARR‑Ausblick: Q4 soll ARR in etwa flach zum Q3 enden; Unternehmen hat 2025er ARR‑Ziel nach unten angepasst (keine neue Zahl im Call)
- FY Umsatz: $856–858 Mio. (≈ +1–2% YoY)
- Oper. Guidance: FY Oper. Ergebnis $130–135 Mio. (Oper. Marge 15–16%); Q4 Oper. Ergebnis $25–30 Mio.
- Cash & EPS: Free Cash Flow FY Ziel bestätigt $125–135 Mio.; FY Non‑GAAP EPS $2,02–2,09; Q4 EPS $0,37–0,44
❓ Fragen der Analysten
- MDR‑Ökonomie: Management behauptet bessere Margen dank Automatisierung/AI; sagt, MDR wachse weiterhin zweistellig und sei profitabel skalierbar
- Large‑Deal‑Timing: Analysten haken zu Pipeline‑Visibility und längeren Deal‑Zyklen nach; Management gab konservative, nicht überpräzise Guidance und verweist auf Prozess‑Reformen
- International & Partners: Internationales Wachstum (+8% YoY) wird als Chance genannt; Microsoft‑Deal als frühe, vorteilhafte Integration ohne großen zusätzlichen Ressourcenbedarf
⚡ Bottom Line
- Implikation: Rapid7 liefert stabiles, aber langsames Top‑Line‑Wachstum (+2%), starke Margen und Cash‑Generierung; das Management fährt einen konservativeren Guidance‑Kurs und setzt auf organisatorische Änderungen plus AI‑MDR‑Fokus. Kurzfristig bleibt Risiko in der Timing‑Variabilität großer Deals; mittelfristig bleibt Upside durch Plattform‑ und Microsoft‑Opportunitäten.
Rapid7 Inc. — Q2 2025 Earnings Call
1. Management Discussion
Good day, everyone. My name is Leila, and I will be your conference operator today. At this time, I would like to welcome you to the Q2 2025 Rapid7 Earnings Call.
[Operator Instructions]
At this time, I would like to turn the call over to Elizabeth Chwalk, Vice President of Investor Relations.
Thank you, operator, and good afternoon, everyone. We appreciate you joining us today to discuss Rapid7's second quarter 2025 financial and operating results in addition to our financial outlook for the third quarter and full fiscal year 2025.
With me on the call today are Corey Thomas, our CEO; and Tim Adams, our CFO. We have distributed our earnings press release over the wire, and it is now posted on our website at investors.rapid7.com, along with the updated company presentation and financial metrics file. This call is being broadcast live via webcast, and following the call, an audio replay will be available at investors.rapid7.com.
During this call, we may make statements related to our business that are considered forward-looking under federal securities laws. These statements are made pursuant to the safe harbor provisions of the Private Securities Litigation Reform Act of 1995 and include statements related to the company's financial guidance for the third quarter and full year 2025 and the assumptions underlying such goals and guidance.
These forward-looking statements are based on our current expectations and beliefs and on information currently available to us. Actual outcomes and results may differ materially from the future results expressed or implied in these statements due to a number of risks and uncertainties, including those contained in our most recent quarterly report on Form 10-Q filed on May 12, 2025, and in the subsequent reports that we file with the SEC.
The information provided on this conference call should be considered in light of such risks. Actual results and the timing of certain events may differ materially from the results or timing predicted or implied by such forward-looking statements, and reported results should not be considered as an indication of future performance.
Rapid7 does not assume any obligation to update the information presented on this conference call, except to the extent required by applicable law. Our commentary today will primarily be in non-GAAP terms and reconciliations between our historical GAAP and non-GAAP results can be found in today's earnings press release and on our website at investors.rapid7.com.
At times in our prepared remarks or in responses to your questions, we may offer incremental metrics to provide greater insight into the dynamics of our business or our quarterly results. Please be advised that this additional detail may be onetime in nature, and we may or may not update these metrics in the future. With that, I'd like to turn the call over to our CEO, Corey Thomas. Corey?
Thank you, Elizabeth, and welcome to everyone joining us on the call today. Rapid7 ended the second quarter with $841 million in ARR, in line with our expectations and growing 3% year-over-year. Revenue and profitability were ahead of our outlook, and our business generated strong free cash flow of $42 million. While customer spending scrutiny persists, our detection and response business continues to be a core growth driver, which now represents over half of our ARR and continues to grow in the mid-teens year-over-year.
We also saw encouraging pipeline growth in exposure management in response to product investments we have made in our command platform strategy. The key message I want to leave you with today is that we are uniquely positioned to capitalize on the escalating customer demand to bring AI tools and capabilities into the SOC.
We have years of experience operating in security operations centers with our scaled software and services MDR business, and this gives us a tremendous head start with proprietary data and experience. We're taking focused action to enhance our go-to-market capabilities, including today's announcement of our new Chief Commercial Officer.
As we will discuss, we today have the products and the capabilities to win, accelerating our organizational focus to capitalize on this and match our product capabilities with faster revenue growth is our top organizational priority.
First, let's recap the most recent quarter. We experienced a solid second quarter that reflects strong performance globally, particularly in our larger deal segments. We won a number of meaningful consolidation opportunities at higher ASPs. This validates our strategic position in the market. Deal cycles remain extended, but we're seeing strong adoption among enterprises willing to make larger investments in comprehensive security solutions.
And we have a number of signature 7-figure wins this quarter that are highly validating both of our product capabilities and the value of our integrated offerings. While these higher-value consolidation deals naturally have longer cycle times, the quality and scale of opportunities we're pursuing and in particular, the ones that we have won demonstrate clear market validation of our approach.
We're optimistic about our strategy while maintaining realistic expectations around the extended deal cycles that naturally accompany these substantial commitments. I'm excited to share that ahead of Black Hat this week, we announced a significant milestone in our journey to deliver truly integrated security operations that give customers command of their end-to-end attack surface.
We built the Command platform to unify all customer data, not just the data that we collect, so that organizations get the facts from the beginning and reduce their time to action.
Our new next-gen SIEM Incident Command has the power to scale detection and response operations with expertise from our decades of SOC expertise and Agentic AI integrated directly within the workflows that customers use every day.
We launched the first phase of the Command platform last year with Surface Command and Exposure Command. And now with Incident Command, we have delivered a fully integrated platform for security operations and management. This enables our partners and our MDR team to fully leverage a unified AI-driven platform that provides complete visibility into customers' environments with the ability to leverage data on demand to minimize the attack surface and respond to threats in real time.
Rapid7 is the only cybersecurity vendor with years of learnings from operating a managed SOC offering, including the past year activating and developing our own proprietary AI agents and our unique capabilities and experience give us a huge advantage in this growing market. Incident Command now provides customers with the easy packaging and platform integration to activate this.
Coming out of the second quarter, one theme is clear. Customers are increasingly focused on collecting more of their security data and leveraging AI in the SOC to drive measurable outcomes. Security teams need platforms that provide a more comprehensive view of their risk surface while delivering more efficient, transparent and accelerated decision-making and response.
We see growing demand for unified attack surface visibility to simplify risk management and the mounting regulatory pressure is reinforcing the need for integrated compliance and reporting. These priorities align directly with our platform strategy, which continues to be focused on expert-guided AI, automation and providing strong ROI for customers. We benefit from the head start we have given the years of operating our own security operations center and all the learnings that accompany making us uniquely positioned in this market.
Our long-term strategy continues to focus on scaling our leading AI-driven security operations platform. At the center of this strategy is the Command platform, which integrates native telemetry, open data ingestion, curated intelligence and automation into a single system of record for risk and response. It's built on 3 core differentiators.
First, our open platform with over 500 integration, it solves a fundamental challenge for security teams, fragmented and conflicting views of the attack surface. The Command platform brings together diverse data sources into a single, deconflicted and contextualized view, giving customers a holistic understanding of the environment and the risk it represents.
Second, our expert trained Agentic AI workflows are built on years of SOC expertise, trained on live playbooks and refined through real-world analyst feedback. These are not generic models. They are proprietary and purpose-built engines that improve outcomes in real time. And these Agentic AI workflows are fully embedded in our MDR offering.
Third, customers are looking for automated measurable progress. And we don't just surface alerts. We drive outcomes, whether that's reducing noise through AI-informed active response, prioritizing toxic misconfigurations to maximize remediation or coordinating faster incident response. Our platform helps security teams reduce mean time to detect, respond and remediate.
These innovations continue to drive our leadership position in the growing detection and response market, our largest product segment, led by our managed offerings. During the second quarter, we advanced our enterprise MDR rollout with the addition of co-managed detection, expanded support for operational cloud environments and new SOC capacity in India.
These investments strengthen our ability to support larger enterprise use cases that demand hybrid visibility, AI-powered automation and human expertise. We're starting to see our enterprise MDR investments begin to pay off, and we think we're just getting started.
For example, during the second quarter, we signed a multiyear, multimillion dollar agreement with a major U.K.-based retailer that consolidated its security operations stack on Rapid7's command platform. After years of managing fragmented tools across multiple vendors with limited visibility, this customer selected our MDR-led solution to unify detection response and exposure management.
Our ability to deliver deep coverage, asset-level context and expert trained AI resonated throughout a highly competitive process. The decision to replace multiple incumbent vendors at a large enterprise with our Command platform underscores the growing demand for Rapid7's integrated AI-driven security operations.
Shifting to our exposure management business. As we've discussed, a key pillar of our platform strategy is helping customers move from siloed stand-alone tools to an integrated outcome-driven security operations model. In exposure management, that means upgrading customers from traditional vulnerability management products to our unified risk and exposure management solution, Exposure Command.
Built directly into the Command platform, Exposure Command provides a single contextualized view of risk across both on-premise and cloud environments, enabling faster, more precise prioritization and remediation. By eliminating fragmented tools and manual integration and giving customers a more complete AI-powered understanding of their risk surface, Rapid7 is firmly positioned as a strategic consolidation platform for modern security operations.
Before I turn the call over to Tim, I want to briefly address our updated outlook. We're narrowing our full year ARR guidance range to $850 million to $865 million. As you know, budget dollars and new commitments are subject to normal seasonality and are typically Q4 concentrated. Given a number of macro factors impacting our customers and the back-end loaded nature of our new business cadence, we think it's prudent to provide this updated color.
That said, we internally continue to target better pipeline conversion as we firmly believe our product offerings give us the right to win more business in the market. Accelerating our revenue growth rate to match the underlying strength of our product portfolio is a core focus. The remainder of our guidance items remains unchanged.
In closing, I want to reiterate the confidence we have in our strategy and in our team's ability to execute against it. We have a clear path forward with AI-driven managed detection response as it continues to drive healthy growth and our differentiated command platform rooted in automation, integration and expert guided AI is more relevant than ever.
We're seeing early proof points. We're doing the hard work, and we remain focused on delivering meaningful outcomes for our customers, our shareholders and our team. Thank you for joining us on the call today. I appreciate your support, and I will now turn the call over to Tim to walk through the results in more detail.
Thank you, Corey, and good afternoon to everyone. We appreciate you taking the time to join us on today's call. Before I turn to the results, a quick reminder that except for revenue, all financial results we will discuss today are non-GAAP financial measures, unless otherwise stated. Additionally, reconciliations between our GAAP and non-GAAP results can be found in our earnings press release.
Rapid7 ended the second quarter of 2025 with $840 million in ARR, representing growth of 3% over the prior year. Revenue and profitability were above our guided ranges, and we continue to see healthy growth in detection and response and early progress in Exposure Command adoption.
While the customer spending environment remains mixed, particularly in North American mid-market, the operating discipline and flexibility we built into our business model continues to serve us well, and we remain focused on executing against our long-term strategy to deliver durable growth and expand free cash flow over time.
Turning to our financial results for the second quarter. Year-over-year ARR growth in the second quarter was split fairly evenly between new and existing customers, ending the second quarter with 11,643 customers globally and average ARR per customer of $72,000.
Second quarter revenue of $214 million grew 3% year-over-year and exceeded our guided range. Product subscription revenue grew 4% year-over-year to $208 million, supported by favorable bookings linearity in the quarter. Professional services declined year-over-year, consistent with our decision to deemphasize certain lower-margin services.
International revenue represented 25% of total revenue and grew 10% over the prior year. On profitability measures, our product gross margin was 76% and total gross margin was 74%. Sales and marketing expenses were 33% of revenue, in line with the prior year.
R&D and G&A expenses were 17% and 6% of revenue, respectively, compared to 15% and 7% in the prior year. Operating income for the second quarter was $36 million and above our guidance range, driven by timing of spending as we continue to focus on making targeted growth investments as well as scaling our India innovation center during the second half. Adjusted EBITDA was $43 million in the quarter and non-GAAP net income per share was $0.58.
Turning to our balance sheet and cash flow statement. We ended the second quarter with cash, cash equivalents and investments of $600 million compared to $592 million at the end of the first quarter. In May, we fully repaid the remaining $46 million balance of our 2025 convertible notes. We generated free cash flow of $42 million in the second quarter, bringing our year-to-date free cash flow to $67 million.
Additionally, we entered into a new $200 million revolving credit facility. While we have no immediate plans to draw on it, the facility adds incremental flexibility and reinforces our already strong liquidity position. This brings us to our outlook for the remainder of the year.
For the full year 2025, we are narrowing our full year ARR guidance range to $850 million to $865 million compared to our prior range of $850 million to $880 million. Additionally, we expect Q3 ending ARR of approximately $840 million, with net new ARR for the year weighted heavily to the fourth quarter.
As Corey said, we will continue to target stronger pipeline conversion rates in the back half. We believe it's prudent to provide this additional context given ongoing macro uncertainty and the seasonal weighting of Q4. We are maintaining our full year revenue guidance range of $853 million to $863 million, representing revenue growth of 1% to 2%.
Recurring product revenue growth will continue to outpace total revenue growth, partially offset by year-over-year declines in professional services. We are also reiterating our full year operating income range of $125 million to $135 million as well as our full year free cash flow range of $125 million to $135 million. We now expect non-GAAP net income per share of $1.90 to $2.03 based on approximately 75.8 million diluted weighted average shares outstanding.
For the third quarter, we expect revenue in the range of $215 million to $217 million, up roughly 1% from the prior year. We expect non-GAAP operating income between $29 million to $31 million and non-GAAP net income per share of $0.44 to $0.47 based on approximately 75.8 million diluted weighted average shares outstanding.
To close, we remain focused on disciplined execution as we manage through a dynamic environment. We continue to see a resilient detection and response business, growing customer interest in our platform strategy and a durable model that supports both innovation and strong free cash flow generation. We believe these fundamentals position us well for long-term value creation. With that, I will turn the call back over to Corey.
Thank you, Tim. Before we open up the call for questions, I want to address 2 important organizational updates that position Rapid7 for continued success as we execute our strategy.
First, I want to share that Tim Adams intends to retire from his role as Chief Financial Officer. Tim has been an exceptional partner over the past 3 years, got us through significant transformation while maintaining strong financial discipline and operational excellence. His leadership has been instrumental in navigating both growth investments and strategic realignments, including our previous restructuring efforts that helped position us for profitable growth.
Tim has committed to remaining at Rapid7 until we identify and onboard his successor to ensure a seamless transition. We've engaged a leading executive search firm to conduct a comprehensive search process. I want to thank Tim for his continued dedication to Rapid7 and his commitment to seeing us through this important transition. His contributions have been invaluable, and we wish him all the best as he approaches his next chapter.
Second, I'm thrilled to announce that we've appointed [indiscernible] as our new Chief Commercial Officer. This newly created role underscores our commitment to driving our go-to-market capabilities to accelerate revenue growth. We have spent the past year significantly investing in our product capabilities, particularly MDR and in Exposure Command. We believe that our product offerings today are industry-leading with highly differentiated capabilities.
Alan joins us as we enter the next critical phase of delivering on this, driving the acceleration of our go-to-market efforts to capitalize on our unique product offerings. With detection response now representing over half of our business and demonstrating strong growth opportunities, we have both an expanding product portfolio and significant upgrade opportunity ahead of us.
Our Command platform provides a straightforward upsell motion across our entire portfolio from VM to cloud to exposure management, SIEM and MDR. Recent customer validation, combined with the now complete integration of our technologies on our Command platform creates significant opportunities.
Our focus is now on growth and market adoption and how we operationalize our go-to-market engine, which is what matters most at this time. Alan brings the exact expertise we need. He has deep expertise in our core markets and importantly, is an exceptional operator who knows how to scale commercial organizations through periods of transformation.
With over 25 years of experience, Alan has a proven track record of scaling go-to-market motions, accelerating revenue growth in software and specifically in cybersecurity businesses. Throughout his career, Alan has consistently delivered revenue growth and operational excellence, successfully leading companies through periods of significant transformation. His expertise in building high-performing sales organizations and executing complex go-to-market strategies makes him the ideal leader to help us operationalize our platform strategy.
Alan will oversee our global sales organization, partner ecosystem and revenue operations, ensuring we execute with precision as we capture the significant opportunities in front of us. His operational rigor and deep understanding of our markets make him an ideal leader to help us maximize our commercial potential.
As we continue to drive innovation and capture market share, having world-class operational leadership will be critical to delivering value to our customers and driving sustainable profitable growth for our shareholders. We remain confident in our strategy, our team and our ability to be the platform of choice for the modern SOC. Thank you for joining us on the call today. And with that, we will now open up the call for questions. Operator?
[Operator Instructions] Our first question will come from Matt Hedberg with RBC.
2. Question Answer
I wanted to -- so D&R continues to do well. And I'm curious, I wanted to double-click on that and ask specifically about MDR in there. I know it's a pretty significant portion of that business and had been seeing some strong demand trends. Just curious if you could give us a bit more of an update on MDR.
Yes. We continue to see strong demand trends. I'll remind you that we started the MDR expansion a few years ago, and it's been a core growth engine of the business. D&R in total is over half of our overall business. But even with the success we've seen, we were only really addressing part of the overall customer market. Earlier this year, we launched our customization and expansion offering that we just call -- happen to call enterprise and D&R. But really, what it was about was accepting all data and all workloads from customers and being able to manage that at quality and at scale.
We couldn't have done it without the investments that we have been doing behind the scenes on our own AI technology that we have been rolling out steadily, which we are continuing to invest in. And so we look at detection and response as a major growth area.
If you just take a step back and look at the fundamentals is every organization is under increasing pressure to actually manage their entire data set and their entire security operations on a 24/7 basis. The regulatory pressure is increasing. The amount of their environment is becoming more complex, especially if you consider not just SaaS, but also the fact that you're now having lots of custom AI-driven applications.
And so the ability to be able to monitor that complexity, people need people that are not just deploying technology, but they also actually have the active ability to actually manage and separate the signal from the noise. And that's what we've been focused on, but our whole goal is to actually make sure we can do that at quality. So that's a continued expansion area. We're investing both in the team and the services around that and the AI to support that, but that's a big investment area for us.
Got it. And then maybe you mentioned, Corey, net new ARR is weighted towards Q4, recognizing it was a good quarter relative to expectations and you did temper full year. Just can you just underscore the confidence that you see kind of specifically in 4Q which seemingly could set a good foundation for '26?
Yes. And by the way, if you look at what we had in Q2, we saw that higher concentration of larger, more strategic deals. And so frankly, what we're looking at is really, we have a great mix of strategic deals that we're winning and converting. The deal cycles are longer because we're seeing larger, more strategic concentration.
And so we're always tentative like not actually trying to estimate timing too precisely. But when we look at over the course of the year, when you look across Q3 and Q4, we see many different paths to actually achieve the range, which is why we actually tightened up the range so -- we also, frankly, like if you look at Q3, we don't want to actually estimate timing too precisely. We got burned on that early in the year, even though many of those deals closed. And we had a healthy momentum actually in Q2, but we see more than that pipeline to actually be in the guided range.
We always are a little bit more back-end loaded. If you look at every year. Last year, we had a very robust Q4 -- we probably are in great shape to actually have a healthy Q4 this year or home back in part of the year.
But what we really look at is the fundamentals of like what's the pipeline, how we're doing on conversion and how we set ourselves up. But we want to make sure that we are in a range that we actually have confidence that we can achieve, and that's why we tightened the range and made it a bit more focused.
Matt, if you pencil out the numbers -- yes, if you look at the midpoint of the guide, Q4 of this year is expected to be very similar to what we saw a year ago in Q4. So we've done that before.
Got it. And then Tim best of luck in the next chapter of your life.
Matt, thank you. I appreciate it.
Your next question will come from Junaid Siddiqui with Truist.
Corey, could you comment on the progress of some of the various sales and channel enablement initiatives you've undertaken to drive adoption of your Exposure Command platform and how they're tracking?
Yes, absolutely. I think what you're alluding to is the fact that we actually shifted last year to take more investment in our partner channel ecosystem. And we watch that's going well. We're getting good feedback from our partners. We're starting to scale that business. As I talked about earlier in the year is that, that was going to be a ramp overall.
One thing that we're finding that is, I would say, good in the midterm, but was somewhat different than what we expected originally is when we originally launched Exposure Command, we expected it to be a smaller dollar, 10% to 20% uplift upgrade cycle.
And we've continued to develop a robust pipeline around that. What we're actually finding is that it is actually a more strategic choice, and we're finding that we're willing larger deals, but the deal cycles are longer, but also the ASPs are significantly higher than we estimated, which is, I think, positive in the midterm, but we're not necessarily getting the 10% to 20% upgrades that we originally expected between us and our partners.
But our partners are excited by the ability to actually win larger workloads for customers. So we have readjusted in our guidance our expectation. Again, having customers consolidate, I gave one case study, but we have several different case studies where customers with the full attack surface management view have larger assets under management than they have with vulnerability management. It has been a great entree and starting to upgrade the cloud workloads. But again, those are much, much larger deals, much larger ASPs.
Your next question will come from Eric Heath with KeyBank.
Corey, great to hear the focus on accelerating growth. I guess what are some of the near-term and medium-term priorities to execute on that? And maybe some of the internal metrics you're measuring to understand how you're tracking towards those goals?
No, it's a great question. Look, I think our team has -- and we're continuing to invest in the product and the service. Look, at the end of the day, having robust investments in product and services is key, and that's been a big focus of the time. And our sellers and our customers really focus on both serving the customers and starting to get the story out about what we're doing because there's been lots of changes and investments in our technology stack over the last few years.
As we think about operationalizing the platform, it's a big deal now to have our full technology stack on the platform to have some of the proof points and the evidence in MDR and the DNR space and to continue to expand our exposure offering.
Part -- a big part of what we're doing is moving to really operationalize our expansion motion. If you think about sort of like the 2 big things that we actually have not nailed and we actually have to have improvement on that we're working with both our customer teams and our new CCO on is, one, we have to educate the market that the traction and the momentum that we have in the detection and response space.
We are one of the larger and more successful companies. We have outstanding marks from our customers. We just had an exciting new release with Incident Command, but we have to actually do a good job of educating the market that we've successfully expanded beyond the traditional vulnerability management routes and that we're actually taking data and workloads of all sizes in. So that's one is making sure we actually educate the market. So that's a clear focus and doing that cost effectively, by the way.
The second thing that we're sort of like are really focused on is we have to really build the operational engine for our expansion. We do it today, but we have a bunch of hard-working people that are actually going in and frankly, doing it much more manually. And so really building the rigor and the process around that expansion engine is a big focus that I actually have going forward.
But it is a big deal that we can actually do it off of a fully integrated platform that's all upgraded, ingesting data across the environment on the Command platform, which was a big milestone for me and a big focus on both myself and the company over the last year.
Yes. That's great. I just want to -- if I could, just help me understand a little bit better what's incremental with the Incident Command platform versus the prior iteration. Is this just more holistic data capture onto a single unified interface? And is there any sort of customer migration activity that's needed to get on to that platform?
The upgrade is going to be very straightforward and easy, and it's a lot that's actually incremental. So like if you look at the core fundamentals is we've actually made it easy to actually consume both more raw data and more alert data and telemetry into the platform. So it's just like the rest of the Command platform, it's about both the data that we collect, but it's also is actually rationalizing the master system record data.
The second thing that it actually has its core is it has a fully built-in threat intelligence platform that actually takes a lot of the noise that you get in and helps make sense, but also helps correlate your data about real-world threats and attacks that we're seeing in the environment. And probably the biggest single piece of the upgrade is we've been training and working with Incident Command as part of our MDR offering and training and optimizing it.
And so customers out of the box get a full authentic experience. where it actually dispenses alerts, organizes it, puts it directly into the [indiscernible] framework and allows customers to actually not have to actually go through and do their own research. It provides a clear point of view about what's deduplicated, what's not, what's likely a threat, what's not a threat.
And it actually starts to do the work for all of our customers in the SOC. Again, this was trained on the data that's actually helped our own MDR team scale and our customers and our partners' MDR team scale in their environment. Keep in mind, our managed detection response is both us, but we have a lot of partners that do that, and we've been making these technologies available steady to those partners.
Your next question will come from Michael Cikos with Needham.
This is Jeff Hopson on for Mike. We've seen companies that had deals slipped from Q1 to Q2 from Liberation Day and then now Q2 to Q3 in some cases. Is this something you guys are seeing that could end up pushing even more to Q4 even more than last year?
Yes, it's a great question. So one is, we definitely saw it in Q2 -- I mean, Q1. And in Q2, we were more prepared for it. So we actually felt like things ended up quite healthy in Q2. But I mean, to be clear, there are some things that came in, there are some things that actually were delayed to slip, but we overall felt quite healthy. We are not -- just to be clear, our baseline assumption right now is that deals will move around.
This is why we gave you what we consider a prudent outlook that Tim gave in the outlook. And look, deals with one, we have more larger deals. They're more strategic. They're more concentrated. They actually have more scrutiny. And so there's a range of a couple of million dollars that actually happens. We don't think that's a big deal, which is why we really focused on the outlook for the overall year.
But I would say Q2, we felt good about the mix. Q3, we assume that it's stable. A few deals may slip that can actually add some incremental pressure, but that's why we're managing to the full year outlook, not really focused on sort of like the Q2, Q4 timing because we found that, that wasn't as big a deal once we actually got through April.
Got it. And could you just give an update on the time line of the investments in the India SOC -- the stock has come up a lot in discussions. And just curious of how that's been going.
Yes, it's a good question. It's a ramping. What I would say is that we're ramping capacity, but just as importantly, we're adding capacity and frankly, accelerating, and we're going to continue to accelerate the capacity of what our AI engine can do.
We have a global 24/7 stock around the world that actually operates in the U.S., operates in Europe, operates in the Asia Pacific region. And so adding India is another region because we do believe that AI gives us scale, but we think people matter. We think security is an ever-evolving thing.
And so this is an ideal area where you actually take AI and you actually push it. The fact of matter is we love the fact that our security operations team pushes our engineering team aggressively and has actually helped push the bar, not just on the success we have but it's also pushed us aggressively to actually do even more from where we are today. And we think that's a very healthy dynamic. And I think the customers are incident command and then able to see that value directly in the product.
Jeff, when you see it hit in the P&L, it's definitely ramping up in the second half of the year. If you look at the OI guide for Q3, it's a pinch below where we landed in Q2. That's really the investment really starting to tick up in Q3 and Q4 of this year.
Your next question will come from Joshua Tilton with Wolfe Research.
Can you guys hear me?
Yes, Josh.
Yes.
Awesome. Congrats on the results. I have 2. The first one, you guys kind of sort of addressed it, but I guess I'm still a little unsure as to why you guys are lowering the high end of the ARR guide. I think you said that the ARR this quarter was in line with your expectations. There was better bookings linearity. It sounds like there's still deal scrutiny, but it hasn't gotten worse than last quarter. So I'm just trying to understand why exactly is the high end of the guide coming down? That's my first one.
Yes. It's a great question. So the core of it is if you look at what's happened on a fundamentals basis, we're continuing to build total pipe. We are seeing a larger concentration of more strategic deals that are FX. And you know our history, but that's actually a new thing that we're actually going through. And we actually think it's prudent not to be out over our skis. So we have high confidence in the guidance range. Could we do better than that? Yes.
But our focus has actually given investors a high-quality range that we actually feel good on, especially when you actually have a back-end loaded year and you actually are seeing a higher concentration of larger and more strategic deals. We actually feel okay about the economy in general. We are seeing a deal mix shift up. But we also don't want to -- in a world that is volatile, let's just put it that way.
We don't want to put all of our eggs in the basket of everything is going to actually be fine across the rest of the year. So we gave you what we actually thought is a range that we actually feel good about, especially as you look at sort of like the remainder of the year, and we can actually land the time and how it lands. But we have a good pipe and it's more robust there, but that's the focus. We want to make sure investors have a clear sense of where we are, where we actually have confidence and what we're seeing.
Okay. Makes sense. And maybe just my follow-up. You announced a new Chief Commercial Officer. I believe that's the title of the role. Corey, I think the words you used were drive go-to-market capabilities and accelerate revenue growth.
Clearly, half the business is still doing pretty well. The other half of the business is obviously kind of lagging. Day 1, new Chief Commercial Officer, like what are his expectations? Like when would Core like to see him start to really make an improvement to the half of the business that's been kind of overshadowing the strong growth in D&R?
Yes. So one, I think that steady wins the race. So we have a high sense of urgency, but we want to focus on fundamentals. I expect to actually see continued success in D&R, and we don't want to sacrifice that because that's a robust market that's healthy, that has healthy trends overall. The biggest thing that we actually are going to focus on when it comes to the other parts of the business is really operationalizing the customer go-to-market and expansion engine.
I think we have some efficiency gains to do. I think there are some things that actually make it easier for our sellers to actually get momentum. There are some market things that we have to do to actually make sure people actually are aware of where we are and that we're actually selling in a platform motion. And so I'm really expecting the leader to actually work with our teams on making things easier for our sellers to actually go not just tell the story, but be able to cross-sell and upsell more efficiently and effectively.
If we do that, everything will actually follow and actually growth will follow. My expectation is to see improvements as we actually move into next year. And we'll continue to actually talk about that and educate you about where we are along the way. But I think we're doing off of a stronger base of a more integrated platform, but we don't want to lose the momentum that we actually have in D&R. What we really want to do is make the selling motion easier for our sellers.
Awesome. We are excited to see it.
Your next question will come from Aidan Perry with Piper Sandler.
Can you hear me?
Yes.
This is Aidan on for Rob Owens. It was great to see the recent FedRAMP achievement. And I understand it might still be early, but how are you thinking about the federal opportunity in longer term and your right to win in this area versus other competitive solutions?
Yes. We're very excited about it. If you look, we actually have some early customers that we've had for a while that they think is more about exception basis. We see a robust opportunity there because we have not had these certifications, and this is a catch-up area. And we see lots of healthy demand where we can help make those workloads more efficient, more effective, introduce some competition into the market.
So this is a huge upside for us. That's it, it's the federal government. Deal cycles are actually longer. It's an impact that we expect to start seeing in '26. We got the certification. Our teams are out in the market now. We're frankly scaling the teams that are actually addressing the federal government workloads, but it's a benefit that we start -- expect to start seeing in '26.
The federal government is one of the largest and most stable spenders on security, and we haven't been participating in the market. And I'm thrilled that we're actually doing it now, but we have to build up our capacity to actually do that well and not just in the narrow way that we've been doing it, but in a more expansive way. And so it provides a good opportunity in front of us.
Your next question will come from Gray Powell with BTIG.
Okay. Great. Can you guys hear me okay?
We can hear you.
All right. Awesome. I was a little slow on the trigger there. Great. So yes, look, I know that the MDR space is pretty fragmented. But I guess I'd be curious, like how does Zscaler's acquisition of Red Canary change the competitive landscape there, if at all? Do you see any potential discussions resulting from that acquisition or any potential tailwinds?
There could be some tailwinds. Look, Zscaler is an incredibly talented company. I have a lot of respect for Jay and the team there. I don't think it changed anything mostly because the MDR market is a highly fragmented market. So our focus is doing what we think we actually do best, which is offering a high-value solution to manage all of customer security data with a high-quality level of service. And I think we made great strides there.
But frankly, we're ambitious. We plan to make even greater strides there, having a high bar for some -- our goal, and we have this history of Rapid7 around security and security focus. We want to be the best home in the world for security practitioners, but that also marries that with some of the latest advances in artificial intelligence to actually give customers a trusted provider of security solutions. I think if we do that, we'll be wildly successful.
And I also think the market will be a highly fragmented market. And so I think because of that, it doesn't really change the dynamics overall, it's a noisy market. Frankly, I think we have not been the most effective that we could be telling our story and making sure people know how impactful and successful they are.
Every time we meet customers and they actually look at it or they get references from other customers, they're constantly surprised about how impactful and how successful we are and the quality of service that we actually have. So we have to actually do a better job of telling our story, and that's frankly going to matter more than anything that's happening in the competitive environment. It's a big market.
If you just zoom out, my estimate is that over 90% of the world will not have the capacity to do what's required from a security operations perspective, which is to manage and monitor all their data, all their telemetry on a 24/7 worldwide basis in an incredibly technology fragmented and highly regulatory environment.
That's a massive opportunity, not just for us, not just for Zscaler, but for the world, and we have to compete effectively. But we're doing that from a scale position, from an innovative position and frankly, from a position where we actually are able to attract great cybersecurity talent.
Your next question will come from Adam Borg with Stifel.
Awesome. Can you hear me okay?
Just go ahead, Adam.
Maybe just for Corey. So as we think about the Command platform and the various pieces coming into place now with Incident Command, how do we think about just overall pricing and packaging? You just spent -- a few minutes ago, you talked a little bit about trying to make the selling motion easier for sellers. And just thinking when Alan joins, what's the opportunity around pricing and packaging given what you just mentioned?
Yes. Look, there's work that we have to do. We've done some -- we've gone through multiple iterations over the years with doing consolidation packages, which has helped on the initial sale. We have not actually nailed the pricing and packaging on the expansion motion.
And even if you think about the success that we're having in Exposure Command, it's strategic success that's either really, really massive upgrades or significant new lands. And so we have to actually make it easier for our customers to actually adopt on the journey and actually take out bite-size increments and for our sellers to be able to actually sell the bite-size increments on the journey.
So there's work to do there, just to be clear. I mean if you look at like where our growth is versus where our platform, it's actually very clear that we're actually taking in large complicated chunks. And the biggest drag on growth is we actually don't have the continuous expansion engine. And we own doing that, and we actually own doing that well. So that's a relatively large area of focus that gives us steady, frankly, better predictability over time because I love having some of the success that we're seeing in larger deals, I don't love not having the volume of transactions there.
So it give us both more predictability, but it also materially actually assist in the revenue growth piece because we have 11,000 customers. We have a good story. We have to tell them that story, but we have to provide the right bite size chunks for people to buy it off. And so that will actually both help the growth, but it also help the overall customer experience.
That's great. And maybe just as a quick follow-up, number of customers modestly fell for 2 quarters [indiscernible]. When should we begin to see that stabilizing?
Yes. So I think what you're seeing is that we're doing quite well at adding strategic customers. Look, we have some -- what I would consider legacy customers and trade-off -- we owe you a measure to actually think about quality overall. It's not something I'm focused on at all is the customer count. I really want to shift it to be how many customers do we actually have, how far in the journey of customers fully leveraging the platform, how many coverage is our AI managed SOC managing, how many workloads are we managing and leveraging through AI, and that will represent significant growth. We'll grow customers. But like losing transactional customers while adding strategic customers, that's going to be noise for a little while.
I won't even call it a headwind. It's just noise for a little while. We do owe you some better measures about how to actually see that equality. So I hope the team will work together on that. But it's not a big factor right now because it's a little bit noisy.
Yes, but still a lot of room to grow that ARR per customer.
It will be quality platform customer, too. But we have significant room on ARR per customer, and that's the focus, but we are also adding new customers in a quality way. But we are having like, again, sets of smaller dollar customers fall that are more transactional as we have larger, more strategic customers.
Your final question will come from Rudy Kessinger with D.A. Davidson.
Can you guys hear me okay?
Yes.
Yes, Rudy.
Okay. Great. So I want to kind of go back to Josh's question about lowering the ARR guide by $15 million on the top end. I think last quarter, you guys said the outlook kind of relied on some stabilization declines you're seeing in your VM business. I'm curious how that trended in the quarter.
And because when I look at your ARR, if D&R has continued to grow in the mid-teens and make up an increase in mix, while your overall ARR growth has slowed, obviously, that math suggests that the declines in the rest of the business are actually worsening. So I'm curious if you could just give any color on that dynamic.
Yes. No, it's a great question. So the first thing is we are seeing very healthy both pipeline and conversion. It is much chunkier this year. So it's larger, more strategic deals. And frankly, we are getting better and better at forecasting those. but we don't want to be out over our skis. We saw exactly what we hope to see in Q2, and so we feel good about the overall Q2 dynamic.
But we want to have a range that we actually had high confidence. To answer your core question is I'll answer it 2 ways. One, we have a massive D&R opportunity, and we expect both the work that we've done on the product side, but frankly, the work that we're investing on the sales side, we think that we actually have more growth capacity in the overall D&R business.
And it's a larger, more strategic market. So we have laser sight and focus on that overall. The second thing that I would say is we are investing in the technology around both vulnerability management and exposure at the core level. But we think about that as an upgrade motion in the installed base and business. And we're frankly happy with what we're -- it's not what we expect to see because I don't want to. We expected to see a bunch of smaller dollar transactions. That would have given us higher predictability and concentration on growth.
And what we're seeing is a robust pipeline build, but customers making strategic platform decisions. And again, frequently, they're choosing us, but instead of a smaller dollar 3- to 6-month sales cycle, we're definitely seeing a larger dollar 9- to 12-month sales cycle.
And so part of what we're bringing it down is that like the smaller dollar high volume is much more predictable, and that was our base coming in. We like what we're seeing in the larger strategic consolidation dollars. We like what we're seeing in the upgrade motions. I gave you a couple of examples in the case studies early on. But those are a little bit trickier to actually forecast the timing of.
And so based on where we are and the concentration of larger deals in pipeline, we actually adjusted our guidance to where we want to be. And that's really the dynamic that you're talking about, it sounds like Q2 was fine, and you saw what you need to see. Absolutely, it was actually fine. What's not what we want to see is the volume of smaller dollar upgrades. Some of that we have to actually tune the engine on.
But frankly, if you zoom out, we're fine with that because we're seeing the consolidation and the wins on the larger dollar, and we actually have a path to that. And we don't want to distract ourselves too much from the really large D&R opportunity that's in front of us. So I know that was a lot, but I really want to get to the core of that question.
All right. Thank you all very, very much. Look, as we close out today, I just want to thank Tim again for his work, commitment and service to the company. I'm deeply appreciative of his commitment and what he's helped us achieve here as we've gone through, frankly, radically reforming the company to be something that's equipped to actually invest in and actually tackle the future opportunities that we see in the world around us today. So thank you so much, Tim, and thank you all for joining us on the call today.
Transkripte auf Deutsch freischalten
- Alle Event Transkripte auf Deutsch
- Sofortige Übersetzung
- KI-Zusammenfassungen für die wichtigsten Insights
Rapid7 Inc. — Q2 2025 Earnings Call
Rapid7 Inc. — Q2 2025 Earnings Call
📊 Quartal auf einen Blick
- ARR: $840 Mio (+3% YoY)
- Umsatz: $214 Mio (+3% YoY)
- Produktabo: $208 Mio (+4% YoY)
- Free Cash Flow: $42 Mio im Quartal, $67 Mio YTD
- Produktmarge: 76% (Gesamtmarge 74%)
🧾 Was das Management sagt
- Plattformstrategie: Command-Plattform (Surface/Exposure/Incident Command) als Kern; Incident Command mit Agentic AI für SOC-Workflows wird als Differenzierer hervorgehoben.
- GTM-Fokus: Neuer Chief Commercial Officer, Ziel ist Beschleunigung der Vertriebseffizienz und Cross‑/Upsell aus der installierten Basis.
- MDR-Invest: Detection & Response (D&R) wächst mid‑teens und macht >50% des ARR; Ausbau von Enterprise‑MDR und SOC‑Kapazität (u.a. Indien) läuft.
🔭 Ausblick & Guidance
- ARR‑Guidance: Bereich verengt auf $850–865 Mio (vorher $850–880 Mio) wegen timing‑ und saisonaler Unsicherheiten.
- Umsatz FY: $853–863 Mio (+1–2% YoY); Q3 Umsatz $215–217 Mio; Q3‑Ende ARR ~ $840 Mio.
- Profitabilität: Operatives Ergebnis FY $125–135 Mio, FCF FY $125–135 Mio, non‑GAAP EPS $1.90–2.03; Q3 EPS $0.44–0.47.
❓ Fragen der Analysten
- MDR‑Nachfrage: Analytiker wollten Details zur Skalierbarkeit und Incrementalität der MDR‑Expansion; Management betont AI‑Unterstützung und höhere ASPs.
- Timing‑Risiko: Mehrere Fragen zu verschobenen Deals und der Zurücknahme des oberen ARR‑Endes; Antwort: Pipeline ist chunkier/back‑loaded, daher vorsichtige Guidance.
- GTM & Packaging: Erwartungen an neuen CCO: operationalisieren der Expansions‑Engine, besseres Pricing/Packaging für schrittweises Upsell.
⚡ Bottom Line
Rapid7 zeigt Produkt‑ und Cash‑Stärke: D&R/Command‑Plattform mit AI ist Wettbewerbsargument, jedoch sind Upsells stärker in großen, längeren Deals konzentriert. Guidance wurde aus Timing‑Gründen gestrafft; Liquidität bleibt hoch (≈$600 Mio Cash, $200 Mio Revolver). Für Aktionäre: positives Produktmomentum trifft auf Auslieferungs‑/Timingrisiko.
Finanzdaten von Rapid7 Inc.
Umsatz
Der Umsatz stellt die Summe aller Einnahmen eines Unternehmens z. B. für dessen Produkte oder Dienstleistungen dar.
Umsatz (TTM) einfach erklärtDirekte Kosten
Direkte Kosten sind die Kosten, die direkt im Zusammenhang mit der Herstellung des Produkts oder der Dienstleistung entstehen.
Bruttoertrag
Der Bruttoertrag gibt an, wie viel vom Umsatz nach Abzug der direkten Herstellkosten im Unternehmen verbleibt. Berechnet man den prozentualen Anteil vom Umsatz, spricht man von der Bruttomarge (engl. Gross Margin).
Brutto Marge einfach erklärtVertriebs- und Verwaltungskosten
Die Vertriebs- & Verwaltungskosten (engl. Selling, General & Administrative expenses, kurz SG&A) beinhalten alle Aufwände für Marketing und den Verkauf sowie die allgemeine Verwaltung des Unternehmens.
Forschungs- und Entwicklungskosten
Die Forschungs- und Entwicklungskosten (engl. research & development costs, kurz R&D) geben Auskunft darüber, wie viel das Unternehmen in die Forschung und die Entwicklung seiner Produkte investiert. Vor allem prozentual vom Umsatz und im Vergleich zu direkten Wettbewerbern sind die Kosten interessant.
EBITDA
Das EBITDA (Earnings Before Interest, Taxes, Depreciation and Amortization) ist der Gewinn des Unternehmens vor Zinsen, Steuern und Abschreibungen. Berechnet man den prozentualen Anteil vom Umsatz, spricht man von der EBITDA-Marge.
Abschreibungen
Abschreibungen stellen Wertminderungen von Vermögensgegenständen des Unternehmens dar (z.B. durch Abnutzung von Maschinen).
EBIT (Operatives Ergebnis)
Das EBIT (engl. Earnings Before Interest and Taxes) ist der Gewinn des Unternehmens vor Zinsen und Steuern, das auch als operatives Ergebnis bezeichnet wird. Berechnet man den prozentualen Anteil vom Umsatz, spricht man von
der EBIT-Marge.
Nettogewinn
Der Nettogewinn stellt den Gewinn oder Verlust nach Abzug aller Kosten dar.
Nettogewinn einfach erklärtaktien.guide Premium
| Mär '26 |
+/-
%
|
||
| Umsatz | 859 859 |
1 %
1 %
100 %
|
|
| - Direkte Kosten | 260 260 |
4 %
4 %
30 %
|
|
| Bruttoertrag | 599 599 |
0 %
0 %
70 %
|
|
| - Vertriebs- und Verwaltungskosten | 390 390 |
1 %
1 %
45 %
|
|
| - Forschungs- und Entwicklungskosten | 189 189 |
7 %
7 %
22 %
|
|
| EBITDA | 20 20 |
45 %
45 %
2 %
|
|
| - Abschreibungen | 8,30 8,30 |
29 %
29 %
1 %
|
|
| EBIT (Operatives Ergebnis) EBIT | 12 12 |
52 %
52 %
1 %
|
|
| Nettogewinn | 22 22 |
12 %
12 %
3 %
|
|
Angaben in Millionen USD.
Nichts mehr verpassen! Wir senden Dir alle News zur Rapid7 Inc.-Aktie direkt und kostenlos in Deine Mailbox.
Auf Wunsch erhältst Du jeden Morgen pünktlich zum Frühstück eine E-Mail, die alle für Dich relevanten Aktien-News enthält.
Rapid7 Inc. Aktie News
Firmenprofil
Rapid7, Inc. beschäftigt sich mit der Bereitstellung von Cyber-Sicherheitsanalysen und Automatisierungsdiensten. Zu seinen Produkten gehören Metasploit, Nexpose, AppSpider, tCell von Rapid7 sowie Insight-Plattformen wie InsightDR, InsightIVM, InsightAppSec, InsightConnect und InsightOps. Außerdem bietet es Sicherheits- und Produktberatungsdienste an. Das Unternehmen wurde im Juli 2000 von Alan P. Matthews, Tas Giakouminakis und Chad Loder gegründet und hat seinen Hauptsitz in Boston, MA.
aktien.guide Premium
| Hauptsitz | USA |
| CEO | Mr. Thomas |
| Mitarbeiter | 2.613 |
| Gegründet | 2000 |
| Webseite | www.rapid7.com |


