SailPoint Aktienkurs
Ist SailPoint eine Topscorer-Aktie nach der Dividenden-, High-Growth-Investing- oder Levermann-Strategie?
Als kostenloser aktien.guide Basis-Nutzer kannst Du die Scores zu allen 7.921 weltweiten Aktien einsehen.
aktien.guide Premium
aktien.guide Unlimited
Kennzahlen
📘 Marktkapitalisierung
📈 Was ist das?
Die Marktkapitalisierung zeigt, wie viel ein Unternehmen laut Börse aktuell wert ist.
🧮 Wie wird es berechnet?
🏛️ Wofür ist es wichtig?
Sie hilft Unternehmen in Größenklassen (Large, Mid, Small Cap) einzuordnen und gibt Hinweise auf Marktmacht und Stabilität.
🧮 Berechnung
🎯 Was bedeutet das für Anleger?
- Große Unternehmen gelten als stabiler, zahlen oft Dividenden, wachsen aber langsamer.
- Kleine Firmen können stärker wachsen, sind aber schwankungsanfälliger.
- Die Marktkapitalisierung ist ein guter Indikator für Unternehmensgröße, aber kein Maß für Unter- oder Überbewertung.
📘 Enterprise Value (Unternehmenswert)
📈 Was ist das?
Der Enterprise Value (EV) zeigt, was ein Unternehmen tatsächlich kostet, wenn man es komplett übernehmen würde – inklusive Schulden und abzüglich Cash.
🧮 Wie wird es berechnet?
(= Marktkapitalisierung + Nettoverschuldung)
🏛️ Wofür ist es wichtig?
Der EV ist eine realistischere Bewertungsbasis als die Marktkapitalisierung, da er die Kapitalstruktur berücksichtigt. Er ist Grundlage für Kennzahlen wie EV/FCF oder EV/Sales.
🧮 Berechnung
🎯 Was bedeutet das für Anleger?
- Der Enterprise Value zeigt, was ein Unternehmen tatsächlich wert ist – unabhängig davon, wie es finanziert ist.
- Er ist besonders wichtig für professionelle Investoren, da er eine objektivere Grundlage für Bewertungsvergleiche bietet als die Marktkapitalisierung allein.
- Ein Unternehmen mit hoher Verschuldung erscheint im EV teurer, eines mit viel Cash günstiger – auch wenn sie an der Börse gleich viel wert sind.
📘 Nettoverschuldung
📈 Was ist das?
Die Nettoverschuldung zeigt, wie viele Schulden nach Abzug des verfügbaren Cashs tatsächlich verbleiben.
🧮 Wie wird es berechnet?
🏛️ Wofür ist es wichtig?
Sie zeigt, wie stark ein Unternehmen von Fremdkapital abhängig ist – und wie gut es in der Lage ist, seine Schulden kurzfristig zu bedienen.
🧮 Berechnung
🎯 Was bedeutet das für Anleger?
- Eine niedrige oder negative Nettoverschuldung bedeutet hohe finanzielle Stabilität.
- Unternehmen mit viel Cash und geringer Verschuldung sind besser gerüstet für Krisen.
- Eine hohe Nettoverschuldung erhöht das Risiko – besonders bei steigenden Zinsen oder konjunkturellen Schwächen.
📘 Cash
📈 Was ist das?
Der Cashbestand zeigt, wie viele liquide Mittel einem Unternehmen sofort zur Verfügung stehen.
🧮 Wie wird es berechnet?
🏛️ Wofür ist es wichtig?
Er gibt Auskunft über die finanzielle Flexibilität: Ein hoher Cashbestand ermöglicht Investitionen, Rückkäufe oder Krisenresistenz.
🧮 Berechnung
🎯 Was bedeutet das für Anleger?
- Ein hoher Cashbestand zeigt finanzielle Stärke und Handlungsspielraum.
- Cash kann für Investitionen, Schuldentilgung oder Aktienrückkäufe genutzt werden.
- Allerdings: Zu viel ungenutztes Kapital kann auch auf mangelnde Investitionsideen hinweisen.
📘 Anzahl ausstehender Aktien
📈 Was ist das?
Die Anzahl ausstehender Aktien gibt an, wie viele Aktien eines Unternehmens aktuell im Umlauf sind und von Investoren gehalten werden.
🧮 Wie wird es berechnet?
🏛️ Wofür ist es wichtig?
Sie ist die Grundlage für viele Kennzahlen wie Gewinn je Aktie (EPS), Marktkapitalisierung oder KGV.
🧮 Berechnung
🎯 Was bedeutet das für Anleger?
- Je weniger Aktien im Umlauf sind, desto höher fällt z. B. der Gewinn je Aktie aus – wichtig für Bewertung und Dividendenrendite.
- Aktienrückkäufe verringern die Anzahl ausstehender Aktien – und steigern den Wert je Aktie.
- Kapitalerhöhungen haben den gegenteiligen Effekt: mehr Aktien → Verwässerung der bestehenden Anteile.
📘 Kurs-Gewinn-Verhältnis (KGV)
📈 Was ist das?
Das KGV zeigt, wie oft der Gewinn pro Aktie im aktuellen Aktienkurs enthalten ist – also wie „teuer“ eine Aktie im Verhältnis zum Gewinn ist.
🧮 Wie wird es berechnet?
🏛️ Wofür ist es wichtig?
Das KGV gehört zu den bekanntesten Bewertungskennzahlen. Es hilft Anlegern einzuschätzen, ob eine Aktie im Vergleich zu ihrem Gewinn eher günstig oder teuer erscheint.
🧮 Berechnung
📊 KGV (TTM) = bezogen auf den Gewinn der letzten 12 Monate (Trailing Twelve Months):🎯 Was bedeutet das für Anleger?
- Ein niedriges KGV kann auf eine günstige Bewertung hindeuten – oder auf Probleme im Geschäftsmodell.
- Ein hohes KGV kann Wachstumserwartungen widerspiegeln – oder eine überbewertete Aktie.
📘 Kurs-Umsatz-Verhältnis (KUV)
📈 Was ist das?
Das KUV zeigt, wie viel Anleger für 1 € Umsatz eines Unternehmens zahlen – unabhängig vom Gewinn.
🧮 Wie wird es berechnet?
🏛️ Wofür ist es wichtig?
Das KUV ist besonders bei wachstumsstarken oder noch nicht profitablen Unternehmen hilfreich. Es zeigt, wie hoch der Umsatz an der Börse bewertet wird.
🧮 Berechnung
Marktkapitalisierung = 8,66 Mrd. $ | Umsatz (TTM) = 1,12 Mrd. $
Marktkapitalisierung = 8,66 Mrd. $ | Umsatz erwartet = 1,29 Mrd. $
🎯 Was bedeutet das für Anleger?
- Ein niedriges KUV kann auf Unterbewertung hindeuten – oder auf schwache Margen.
- Ein hohes KUV kann hohe Erwartungen widerspiegeln – oder übermäßigen Optimismus.
- Besonders sinnvoll bei Wachstumsunternehmen, bei denen der Gewinn oder Free Cashflow (noch) keine Aussagekraft hat.
📘 Unternehmenswert zu Umsatz (EV/Sales)
📈 Was ist das?
EV/Sales zeigt, wie viel Anleger für 1 € Umsatz eines Unternehmens zahlen, wenn man auch Schulden und Cash berücksichtigt – es ist eine kapitalstrukturbereinigte Version des KUV.
🧮 Wie wird es berechnet?
🏛️ Wofür ist es wichtig?
Diese Kennzahl eignet sich besonders für den Vergleich von Unternehmen mit unterschiedlicher Verschuldung – sie zeigt, wie teuer ein Unternehmen tatsächlich im Verhältnis zum Umsatz ist.
🧮 Berechnung
Enterprise Value = 8,27 Mrd. $ | Umsatz (TTM) = 1,12 Mrd. $
Enterprise Value = 8,27 Mrd. $ | Umsatz erwartet = 1,29 Mrd. $
🎯 Was bedeutet das für Anleger?
- EV/Sales ist neutral gegenüber der Kapitalstruktur und eignet sich gut für Unternehmensvergleiche.
- Ein niedriges Verhältnis kann auf eine günstig bewertete Aktie hindeuten – ein hohes Verhältnis auf hohe Erwartungen oder Überbewertung.
- Besonders nützlich bei wachstumsstarken, noch nicht profitablen Firmen.
📘 Unternehmenswert zu Free Cashflow (EV/FCF)
📈 Was ist das?
EV/FCF zeigt, wie viele Jahre es dauern würde, bis ein Unternehmen seinen Unternehmenswert durch freien Cashflow „zurückverdient”.
🧮 Wie wird es berechnet?
🏛️ Wofür ist es wichtig?
Diese Kennzahl hilft, Unternehmen auf Basis ihrer tatsächlichen Cash-Erträge zu bewerten – unabhängig von Bilanzierungsregeln oder buchhalterischem Gewinn.
🧮 Berechnung
🎯 Was bedeutet das für Anleger?
- Ein niedriges EV/FCF deutet auf eine günstige Bewertung bei starker Cashgenerierung hin.
- Ein hohes EV/FCF kann entweder auf Optimismus oder auf temporär schwachen Cashflow hindeuten.
- Besonders hilfreich bei reifen, profitablen Unternehmen mit stabilen Cashflows.
📘 Kurs-Buchwert-Verhältnis (KBV)
📈 Was ist das?
Das KBV zeigt, wie hoch der Marktwert eines Unternehmens im Verhältnis zu seinem bilanziellen Eigenkapital ist.
🧮 Wie wird es berechnet?
🏛️ Wofür ist es wichtig?
Das KBV ist besonders bei Substanzwerten (z. B. Banken, Industrie) relevant. Es hilft Anlegern zu erkennen, ob ein Unternehmen unter oder über seinem buchhalterischen Vermögen bewertet ist.
🧮 Berechnung
🎯 Was bedeutet das für Anleger?
- Ein KBV unter 1 kann auf Unterbewertung oder schwache Rentabilität hindeuten.
- Ein KBV über 1 zeigt, dass der Markt dem Unternehmen Mehrwert über den Buchwert hinaus zuschreibt (z. B. Marken, Patente, Wachstum).
- Das KBV eignet sich besonders gut für Unternehmen mit stabilen, materiellen Vermögenswerten.
📘 Eigenkapitalquote
📈 Was ist das?
Die Eigenkapitalquote zeigt, wie hoch der Anteil des Eigenkapitals an der Bilanzsumme eines Unternehmens ist – also wie stark es sich aus eigenen Mitteln finanziert.
🧮 Wie wird es berechnet?
🏛️ Wofür ist es wichtig?
Eine hohe Eigenkapitalquote steht für finanzielle Stabilität, Krisenfestigkeit und gute Bonität. Sie ist besonders relevant bei der Beurteilung der Verschuldung.
🧮 Berechnung
🎯 Was bedeutet das für Anleger?
- Eine hohe Eigenkapitalquote signalisiert finanzielle Stabilität – besonders in Krisenzeiten.
- Ein niedriger Wert kann auf ein höheres Risiko oder eine aggressive Verschuldung hinweisen.
- Wichtig: Die Eigenkapitalquote sollte immer gemeinsam mit der Eigenkapitalrendite betrachtet werden. Nur so lässt sich beurteilen, ob ein Unternehmen nicht nur solide, sondern auch effizient wirtschaftet.
📘 Eigenkapitalrendite (ROE)
📈 Was ist das?
Die Eigenkapitalrendite zeigt, wie effizient ein Unternehmen mit dem Kapital seiner Aktionäre arbeitet – also wie viel Gewinn es pro Euro Eigenkapital erwirtschaftet.
🧮 Wie wird es berechnet?
🏛️ Wofür ist es wichtig?
Die Eigenkapitalrendite ist eine zentrale Rentabilitätskennzahl. Sie hilft Anlegern zu erkennen, ob das Unternehmen eine attraktive Verzinsung auf das eingesetzte Eigenkapital erwirtschaftet.
🧮 Berechnung
🎯 Was bedeutet das für Anleger?
- Eine hohe Eigenkapitalrendite spricht für ein starkes, effizientes Geschäftsmodell.
- Besonders interessant ist sie bei kapitalintensiven Firmen oder solchen mit hoher Eigenkapitalquote.
- Wichtig: Ein sehr hoher ROE kann auch auf hohe Schulden hinweisen – daher sollte sie immer im Kontext mit der Eigenkapitalquote betrachtet werden.
📘 Return on Capital Employed (ROCE)
📈 Was ist das?
ROCE misst die Gesamtrentabilität eines Unternehmens – also wie effizient es das eingesetzte Kapital (Eigen- und Fremdkapital) zur Gewinnerzielung nutzt.
🧮 Wie wird es berechnet?
Das eingesetzte Kapital ist das gesamte betriebsnotwendige Kapital, unabhängig von der Finanzierungsquelle.
🏛️ Wofür ist es wichtig?
ROCE eignet sich besonders gut für den Vergleich unterschiedlich finanzierter Unternehmen. Es zeigt, wie effektiv ein Unternehmen Kapital investiert – unabhängig von der Kapitalstruktur.
🧮 Berechnung
🎯 Was bedeutet das für Anleger?
- Ein hoher ROCE zeigt, dass ein Unternehmen sein Kapital effizient einsetzt – unabhängig davon, ob es durch Eigen- oder Fremdkapital finanziert ist.
- Je höher der ROCE im Vergleich zu ähnlichen Unternehmen, desto mehr Wert schafft das Unternehmen mit seinem investierten Kapital.
- Besonders wichtig ist der ROCE bei Firmen mit hohen Investitionen – z. B. in Industrie, Energie oder Infrastruktur.
📘 Return on Invested Capital (ROIC)
📈 Was ist das?
ROIC zeigt, wie effizient ein Unternehmen das Kapital investiert, das langfristig im operativen Geschäft gebunden ist – unabhängig davon, ob es aus Eigen- oder Fremdkapital stammt.
🧮 Wie wird es berechnet?
- NOPAT = „Net Operating Profit After Taxes“
- Investiertes Kapital = operatives Vermögen abzüglich nicht-verzinster Schulden
🏛️ Wofür ist es wichtig?
ROIC ist eine der präzisesten Kennzahlen zur Bewertung der Kapitalrendite – besonders im Vergleich zur Eigenkapitalrendite, weil es Verzerrungen durch Schulden vermeidet. Er zeigt, ob ein Unternehmen Mehrwert für alle Kapitalgeber schafft.
🧮 Berechnung
🎯 Was bedeutet das für Anleger?
- Ein hoher ROIC zeigt, wie gut ein Unternehmen mit dem tatsächlich investierten (betriebsnotwendigen) Kapital wirtschaftet.
- Im Unterschied zu ROCE wird nur Kapital betrachtet, das wirklich zur Finanzierung operativer Aktivitäten dient – und verzinst werden muss.
- Besonders hilfreich, um die Kapitalrendite von Unternehmen mit viel „überschüssigem“ Kapital oder zinsfreien Verbindlichkeiten realistisch zu vergleichen.
📘 Verschuldungsgrad (Leverage Ratio)
📈 Was ist das?
Der Verschuldungsgrad zeigt, wie stark ein Unternehmen durch verzinsliche Schulden (z. B. Kredite und Anleihen) im Verhältnis zum Eigenkapital finanziert ist.
🧮 Wie wird es berechnet?
🏛️ Wofür ist es wichtig?
Die Kennzahl hilft, das finanzielle Risiko und die Abhängigkeit von Fremdkapital zu beurteilen. Ein hoher Verschuldungsgrad kann die Eigenkapitalrendite steigern – birgt aber auch erhöhte Risiken bei Zinsanstiegen oder Liquiditätsengpässen.
🧮 Berechnung
🎯 Was bedeutet das für Anleger?
- Ein niedriger Verschuldungsgrad steht für finanzielle Stabilität und Unabhängigkeit.
- Ein hoher Wert kann auf erhöhte Risiken hinweisen – insbesondere bei schwankenden Zinsen oder konjunkturellen Schwächen.
- Wichtig: Immer im Kontext zur Branche und Kapitalintensität bewerten.
📘 Umsatz
📈 Was ist das?
Der Umsatz zeigt, wie viel ein Unternehmen insgesamt mit seinen Produkten und Dienstleistungen verdient – also den Bruttoerlös vor Abzug von Kosten.
🧮 Wie wird es berechnet?
🏛️ Wofür ist es wichtig?
Der Umsatz ist eine der zentralen Kennzahlen zur Einschätzung der Unternehmensgröße, Marktstellung und Wachstumskraft.
🧮 Berechnung
🎯 Was bedeutet das für Anleger?
- Ein wachsender Umsatz zeigt eine steigende Nachfrage und kann ein guter Frühindikator für Gewinnsteigerungen sein.
- Vergleiche von aktuellem und erwartetem Umsatz geben Hinweise auf das Marktumfeld und Analystenerwartungen.
- Wichtig: Starker Umsatz allein genügt nicht – auch Margen und Profitabilität zählen.
📘 EBITDA
📈 Was ist das?
EBITDA steht für „Earnings Before Interest, Taxes, Depreciation and Amortization“ – also Gewinn vor Zinsen, Steuern und Abschreibungen. Es zeigt das operative Ergebnis eines Unternehmens, bereinigt um bilanztechnische und finanzierungsbedingte Effekte.
🧮 Wie wird es berechnet?
🏛️ Wofür ist es wichtig?
EBITDA ist eine verbreitete Kennzahl zur Beurteilung der operativen Leistungsfähigkeit – insbesondere bei kapitalintensiven Unternehmen oder im internationalen Vergleich.
🧮 Berechnung
🎯 Was bedeutet das für Anleger?
- Ein hohes oder wachsendes EBITDA spricht für starke operative Erträge – unabhängig von Bilanzierung oder Steuerlast.
- EBITDA ist besonders nützlich, um Unternehmen branchenübergreifend zu vergleichen.
- Wichtig: EBITDA ist keine offizielle Gewinnkennzahl – Abschreibungen und Finanzierungskosten werden ausgeklammert.
📘 EBIT
📈 Was ist das?
EBIT steht für „Earnings Before Interest and Taxes“ – also Gewinn vor Zinsen und Steuern. Es zeigt das operative Ergebnis eines Unternehmens nach Abschreibungen, aber vor Finanzierungs- und Steueraufwand.
🧮 Wie wird es berechnet?
🏛️ Wofür ist es wichtig?
EBIT ist eine zentrale Kennzahl zur Beurteilung der Profitabilität aus dem Kerngeschäft – unabhängig von Kapitalstruktur oder Steuersystem.
🧮 Berechnung
🎯 Was bedeutet das für Anleger?
- Ein hohes EBIT deutet auf ein profitables Kerngeschäft hin – vor Zinslasten oder steuerlichen Effekten.
- Es erlaubt objektivere Vergleiche zwischen Unternehmen mit unterschiedlicher Finanzierung.
- Im Vergleich mit EBITDA zeigt EBIT bereits den Einfluss von Abschreibungen auf das operative Ergebnis.
📘 Nettogewinn
📈 Was ist das?
Der Nettogewinn ist der verbleibende Jahresüberschuss (oder -fehlbetrag) eines Unternehmens – nach Abzug aller Kosten, Steuern, Zinsen und Abschreibungen
🧮 Wie wird es berechnet?
🏛️ Wofür ist es wichtig?
Der Nettogewinn ist die zentrale Erfolgskennzahl – er zeigt, wie profitabel ein Unternehmen nach allen Kosten tatsächlich arbeitet.
🧮 Berechnung
🎯 Was bedeutet das für Anleger?
- Ein steigender Nettogewinn zeigt, dass das Unternehmen effizient wirtschaftet – trotz aller Kosten.
- Die Entwicklung des Gewinns beeinflusst z. B. direkt das KGV und weitere Kennzahlen.
- Im Zeitverlauf lässt sich ablesen, wie stabil und profitabel ein Geschäftsmodell wirklich ist.
📘 Free Cashflow (FCF)
📈 Was ist das?
Der Free Cashflow gibt Aufschluss über die echte finanzielle Stärke eines Unternehmens – unabhängig von Bilanzierungsregeln. Er zeigt, wie viel Spielraum für Dividenden, Aktienrückkäufe oder Schuldenabbau besteht.
🧮 Wie wird es berechnet?
🏛️ Wofür ist es wichtig?
FCF reflects a company’s real financial strength – regardless of accounting profits. It shows how much flexibility a company has for dividends, share buybacks, or debt reduction.
🧮 Berechnung
🎯 Was bedeutet das für Anleger?
- Ein hoher Free Cashflow bedeutet, dass ein Unternehmen echte Finanzkraft besitzt – unabhängig vom bilanzierten Gewinn.
- Er ist oft die solideste Grundlage für nachhaltige Dividenden und Aktienrückkäufe.
- Sinkender FCF kann ein Warnsignal sein – auch wenn der Gewinn stabil aussieht.
📘 Umsatzwachstum
📈 Was ist das?
Das Umsatzwachstum zeigt, wie stark sich die Erlöse eines Unternehmens im Vergleich zum Vorjahr verändert haben – tatsächlich (TTM) und auf Prognosebasis (erwartet).
🧮 Wie wird es berechnet?
Erwartet = (Umsatz erwartet ÷ Umsatz Vorjahr − 1) × 100
Erwartetes Wachstum basiert auf Analystenschätzungen für das laufende Geschäftsjahr.
🏛️ Wofür ist es wichtig?
Ein wachsender Umsatz ist ein zentrales Signal für steigende Nachfrage, Geschäftsausweitung und Marktanteilsgewinne – besonders bei Wachstumsunternehmen.
🧮 Berechnung
🎯 Was bedeutet das für Anleger?
- Wachstum ist der Motor langfristiger Wertsteigerung – besonders bei Technologie- und Wachstumsaktien.
- Wichtig ist nicht nur das aktuelle Wachstum, sondern auch dessen Nachhaltigkeit.
- Prognosen zeigen, ob Analysten weiteres Potenzial erwarten – oder eine Verlangsamung.
📘 EBITDA-Wachstum
📈 Was ist das?
Das EBITDA-Wachstum zeigt, wie stark das operative Ergebnis eines Unternehmens vor Zinsen, Steuern und Abschreibungen im Vergleich zum Vorjahr gestiegen oder gesunken ist.
🧮 Wie wird es berechnet?
Erwartet = (erwartetes EBITDA ÷ EBITDA Vorjahr − 1) × 100
Erwartetes Wachstum basiert auf Analystenschätzungen für das laufende Geschäftsjahr.
🏛️ Wofür ist es wichtig?
Ein steigendes EBITDA ist ein Zeichen für verbesserte operative Ertragskraft – unabhängig von Finanzierungsstruktur oder Abschreibungen.
🧮 Berechnung
🎯 Was bedeutet das für Anleger?
- Starkes EBITDA-Wachstum signalisiert operative Effizienz und Skalierung – besonders relevant in Wachstumsphasen.
- EBITDA-Wachstum ist ein Frühindikator für Margen- und Gewinnentwicklung – sollte aber stets im Zusammenhang mit Umsatz und EBIT betrachtet werden.
📘 EBIT Wachstum
📈 Was ist das?
Das EBIT-Wachstum zeigt, wie stark das operative Ergebnis eines Unternehmens (nach Abschreibungen, aber vor Zinsen und Steuern) im Vergleich zum Vorjahr gewachsen ist.
🧮 Wie wird es berechnet?
Erwartet = (erwartetes EBIT ÷ EBIT Vorjahr − 1) × 100
Erwartetes Wachstum basiert auf Analystenschätzungen für das laufende Geschäftsjahr.
🏛️ Wofür ist es wichtig?
Das EBIT-Wachstum ist ein direkter Indikator für die wirtschaftliche Entwicklung des operativen Geschäfts – unter Berücksichtigung der Kapitalintensität (Abschreibungen).
🧮 Berechnung
🎯 Was bedeutet das für Anleger?
- Steigendes EBIT signalisiert wachsende operative Rentabilität – auch unter Berücksichtigung von Abschreibungen.
- Das EBIT-Wachstum ist ein wichtiges Maß zur Beurteilung von Geschäftsmodellen mit hohen Investitionskosten.
- Im Zusammenspiel mit Umsatz- und EBITDA-Wachstum ergibt sich ein umfassendes Bild zur operativen Entwicklung.
📘 Nettogewinn-Wachstum
📈 Was ist das?
Das Nettogewinn-Wachstum zeigt, wie stark der Jahresüberschuss eines Unternehmens gegenüber dem Vorjahr gestiegen oder gesunken ist – sowohl tatsächlich (TTM) als auch auf Basis von Prognosen (erwartet).
🧮 Wie wird es berechnet?
Erwartet = (erwarteter Nettogewinn ÷ Nettogewinn Vorjahr − 1) × 100
Der erwartete Wert basiert auf Analystenschätzungen für das laufende Geschäftsjahr.
🏛️ Wofür ist es wichtig?
Der Gewinn ist die entscheidende Ergebnisgröße für ein Unternehmen. Ein wachsender Nettogewinn deutet auf steigende Effizienz, stabile Kostenkontrolle und nachhaltige Ertragskraft hin.
🧮 Berechnung
🎯 Was bedeutet das für Anleger?
- Wachsender Nettogewinn stärkt die Bewertung, Dividendenfähigkeit und Kursfantasie.
- Stagnierender oder rückläufiger Gewinn trotz Umsatzwachstum kann auf Margendruck hinweisen.
📘 Free Cashflow-Wachstum
📈 Was ist das?
Das Free-Cashflow-Wachstum zeigt, wie sich der freie Mittelzufluss eines Unternehmens im Vergleich zum Vorjahr verändert hat – also der Betrag, der nach allen operativen Ausgaben und Investitionen übrig bleibt.
🧮 Wie wird es berechnet?
🏛️ Wofür ist es wichtig?
Free Cashflow ist der echte, verfügbare Geldzufluss. Wachstum in diesem Bereich ist ein Zeichen für finanzielle Stärke und steigende Flexibilität bei Dividenden, Rückkäufen oder Investitionen.
🧮 Berechnung
🎯 Was bedeutet das für Anleger?
- Sinkender Free Cashflow kann auf steigende Investitionen, höhere Kosten oder stagnierende operative Erträge hindeuten.
- Besonders bei Dividendenwerten ist das FCF-Wachstum wichtig – denn Dividenden werden letztlich aus dem verfügbaren Cash gezahlt.
- Ein negativer Trend sollte genauer analysiert werden – er ist nicht zwangsläufig schlecht, aber potenziell ein Warnsignal.
📘 Bruttomarge
📈 Was ist das?
Die Bruttomarge zeigt, wie viel vom Umsatz nach Abzug der direkten Herstellungskosten (Material, Produktion) als Bruttogewinn übrig bleibt – also der „Rohgewinn“ eines Unternehmens.
🧮 Wie wird es berechnet?
Auch: Bruttomarge = Bruttogewinn ÷ Umsatz × 100
🏛️ Wofür ist es wichtig?
Die Bruttomarge gibt Aufschluss über die Profitabilität eines Produkts oder Geschäftsmodells vor Fixkosten, Steuern und Zinsen. Sie zeigt, wie effizient ein Unternehmen produzieren oder einkaufen kann.
🧮 Berechnung
🎯 Was bedeutet das für Anleger?
- Eine hohe Bruttomarge deutet auf starke Preissetzungsmacht und effiziente Herstellung hin.
- Sinkende Bruttomargen können auf Kostensteigerungen oder Preisdruck hindeuten.
- Besonders im Vergleich zu Wettbewerbern liefert die Bruttomarge wertvolle Einblicke in die Geschäftsqualität.
📘 EBITDA-Marge
📈 Was ist das?
Die EBITDA-Marge zeigt, wie viel vom Umsatz als operativer Gewinn vor Zinsen, Steuern und Abschreibungen (EBITDA) übrig bleibt. Sie misst die operative Effizienz – ohne Verzerrungen durch Finanzierung oder Buchwerte.
🧮 Wie wird es berechnet?
🏛️ Wofür ist es wichtig?
Die EBITDA-Marge hilft zu verstehen, wie viel operativer Gewinn ein Unternehmen aus jedem Euro Umsatz erzielt – unabhängig von Kapitalstruktur oder steuerlichem Umfeld.
🧮 Berechnung
🎯 Was bedeutet das für Anleger?
- Eine hohe EBITDA-Marge zeigt starke operative Ertragskraft – unabhängig von Bilanzierungseffekten.
- Die Marge ermöglicht gute Vergleiche zwischen Unternehmen und Branchen.
- Ein stabiler oder wachsender Wert kann auf effiziente Kostenkontrolle und Skalierbarkeit hindeuten.
📘 EBIT-Marge
📈 Was ist das?
Die EBIT-Marge zeigt, wie viel Prozent des Umsatzes als operativer Gewinn nach Abschreibungen, aber vor Zinsen und Steuern übrig bleiben.
🧮 Wie wird es berechnet?
🏛️ Wofür ist es wichtig?
Die EBIT-Marge misst die operative Ertragskraft eines Unternehmens unter Berücksichtigung der Kapitalintensität (z. B. Maschinen, Anlagen). Sie eignet sich gut zum Vergleich von Geschäftsmodellen mit unterschiedlich hohen Abschreibungen.
🧮 Berechnung
🎯 Was bedeutet das für Anleger?
- Eine hohe EBIT-Marge zeigt, dass ein Unternehmen auch nach Abschreibungen effizient arbeitet.
- Sie ist besonders relevant in kapitalintensiven Branchen.
- Langfristig stabile oder steigende Margen sind ein Zeichen wirtschaftlicher Stärke und Preissetzungsmacht.
📘 Nettomarge
📈 Was ist das?
Die Nettomarge zeigt, wie viel vom Umsatz am Ende als „Reingewinn“ übrig bleibt – also nach Abzug aller Kosten, Zinsen, Steuern und Abschreibungen.
🧮 Wie wird es berechnet?
🏛️ Wofür ist es wichtig?
Die Nettomarge gibt an, wie effizient ein Unternehmen über alle Stufen hinweg wirtschaftet. Sie zeigt, wie viel Gewinn tatsächlich je Euro Umsatz übrig bleibt.
🧮 Berechnung
🎯 Was bedeutet das für Anleger?
- Eine hohe Nettomarge zeigt, dass ein Unternehmen nicht nur operativ stark ist, sondern auch seine Finanzierung und Steuerbelastung im Griff hat.
- Vergleiche mit Wettbewerbern geben Einblicke in die wirtschaftliche Qualität.
- Sinkende Nettomargen trotz Umsatzwachstum können ein Warnsignal sein – etwa für steigende Kosten oder sinkende Effizienz.
📘 Free Cashflow Marge
📈 Was ist das?
Die Free-Cashflow-Marge zeigt, wie viel vom Umsatz nach Abzug aller operativen Ausgaben und Investitionen tatsächlich als freier Mittelzufluss übrig bleibt.
🧮 Wie wird es berechnet?
🏛️ Wofür ist es wichtig?
Diese Marge misst die echte Liquidität, die ein Unternehmen erwirtschaftet – unabhängig von Bilanzierungsregeln oder Abschreibungen. Sie ist besonders relevant für Dividenden, Rückkäufe und Investitionen.
🧮 Berechnung
🎯 Was bedeutet das für Anleger?
- Eine hohe Free-Cashflow-Marge zeigt, dass ein Unternehmen nachhaltig liquide Mittel erwirtschaftet.
- Sie ist ein starkes Signal für finanzielle Stabilität und Ausschüttungspotenzial.
- Wichtig ist der langfristige Trend – sinkende Werte können auf steigende Investitionen oder rückläufige operative Effizienz hindeuten.
📘 Ergebnis je Aktie (EPS)
📈 Was ist das?
Das Ergebnis je Aktie (EPS) zeigt, wie viel Gewinn auf eine einzelne Aktie entfällt – und ist eine der wichtigsten Kennzahlen zur Bewertung von Unternehmen.
🧮 Wie wird es berechnet?
Die verwässerte Aktienanzahl berücksichtigt auch potenzielle neue Aktien, etwa durch Optionen, Wandelanleihen oder andere Umtauschrechte.
🏛️ Wofür ist es wichtig?
EPS bildet die Basis für viele Bewertungskennzahlen wie KGV, PEG oder Payout Ratio. Es macht den Gewinn für Aktionäre vergleichbar – unabhängig von der Unternehmensgröße.
🧮 Berechnung
🎯 Was bedeutet das für Anleger?
- EPS hilft, die Profitabilität pro Aktie zu erfassen – und ist besonders wichtig im Zeitvergleich oder im Vergleich mit Analystenschätzungen.
- Steigendes EPS kann ein Zeichen für stabiles Wachstum oder Aktienrückkäufe sein.
- Wichtig: Verwende verwässertes EPS für realistische Bewertungen – besonders bei stark aktienbasierten Vergütungssystemen.
📘 Free Cashflow je Aktie (FCF je Aktie)
📈 Was ist das?
Der Free Cashflow je Aktie zeigt, wie viel freier Mittelzufluss einem Unternehmen pro Aktie zur Verfügung steht – nach Investitionen, aber vor Dividenden oder Schuldentilgung.
🧮 Wie wird es berechnet?
🏛️ Wofür ist es wichtig?
Der FCF je Aktie zeigt, wie viel liquide Mittel pro Aktie tatsächlich im Unternehmen verbleiben – wichtig für Dividenden, Aktienrückkäufe oder Schuldentilgung. Im Gegensatz zum Gewinn ist er schwerer manipulierbar und daher besonders aussagekräftig.
🧮 Berechnung
🎯 Was bedeutet das für Anleger?
- Ein hoher Free Cashflow je Aktie ist ein Zeichen für hohe finanzielle Flexibilität.
- Er zeigt, wie viel Kapital ein Unternehmen effektiv einsetzen oder ausschütten kann.
- Besonders relevant für dividendenstarke Unternehmen oder solche mit starker Kapitalrendite.
📘 Short Interest
📈 Was ist das?
Short Interest zeigt, wie viele Aktien eines Unternehmens aktuell leerverkauft wurden – also von Investoren geliehen und verkauft, in der Erwartung fallender Kurse.
🧮 Wie wird es berechnet?
Der Wert zeigt den Anteil der Aktien, der aktuell auf fallende Kurse spekuliert wird.
🏛️ Wofür ist es wichtig?
Short Interest dient als Stimmungsindikator: Ein hoher Wert deutet auf Skepsis oder negative Erwartungen gegenüber dem Unternehmen hin – kann aber auch zu einem „Short Squeeze“ führen, wenn der Kurs plötzlich steigt.
🧮 Berechnung
🎯 Was bedeutet das für Anleger?
- Ein niedriger Short Interest deutet auf Vertrauen in das Unternehmen hin.
- Ein hoher Wert kann ein Warnsignal sein – oder eine Chance, wenn sich die Stimmung dreht.
- Besonders spannend in volatilen Märkten oder vor wichtigen Quartalszahlen.
📘 Employees
📈 Was ist das?
Die Mitarbeiteranzahl zeigt, wie viele Personen ein Unternehmen weltweit beschäftigt – ein Indikator für Größe, Struktur und Geschäftsmodell.
🧮 Wie wird es berechnet?
🏛️ Wofür ist es wichtig?
Sie hilft bei der Einschätzung von Skaleneffekten, Effizienz und Personalkosten. Zusammen mit Umsatz und Gewinn lassen sich Kennzahlen wie Produktivität je Mitarbeiter ableiten.
🧮 Berechnung
🎯 Was bedeutet das für Anleger?
- Viele Mitarbeiter bedeuten große operative Komplexität – aber auch hohes Umsatzpotenzial.
- Produktivität je Mitarbeiter ist ein wichtiger Indikator für Effizienz.
- Besonders spannend bei stark wachsenden Tech- oder Industrieunternehmen.
📘 Umsatz je Mitarbeiter
📈 Was ist das?
Der Umsatz je Mitarbeiter zeigt, wie viel Erlös ein Unternehmen durchschnittlich pro Beschäftigtem erwirtschaftet – eine Kennzahl für Effizienz und Produktivität.
🧮 Wie wird es berechnet?
Die Mitarbeiterzahl stammt in der Regel aus dem letzten verfügbaren Jahresbericht.
🏛️ Wofür ist es wichtig?
Diese Kennzahl hilft, Geschäftsmodelle zu vergleichen – insbesondere zwischen arbeitsintensiven und technologiegetriebenen Unternehmen. Ein hoher Wert deutet auf Automatisierung, Effizienz oder hohen Wertschöpfungsanteil hin.
🧮 Berechnung
🎯 Was bedeutet das für Anleger?
- Ein hoher Umsatz je Mitarbeiter spricht für ein skalierbares und margenstarkes Geschäftsmodell.
- Ein niedriger Wert kann auf arbeitsintensive Prozesse oder geringere Wertschöpfung hinweisen.
- Besonders hilfreich beim Vergleich von Tech- vs. Industrieunternehmen.
SailPoint Aktie Analyse
Analystenmeinungen
30 Analysten haben eine SailPoint Prognose abgegeben:
Analystenmeinungen
30 Analysten haben eine SailPoint Prognose abgegeben:
Beta SailPoint Events
🇩🇪 Neu: Alle Transkripte jetzt auch auf Deutsch verfügbar!
Abonniere Premium, um Transkripte und KI-Zusammenfassungen auf Deutsch zu lesen.
Vergangene Events
|
JUN
16
Analyst/Investor Day - SailPoint, Inc.
vor 19 Tagen
|
|
JUN
9
Q1 2027 Earnings Call
vor 26 Tagen
|
|
MÄR
18
Q4 2026 Earnings Call
vor 4 Monaten
|
|
DEZ
9
Q3 2026 Earnings Call
vor 7 Monaten
|
|
SEP
10
Goldman Sachs Communacopia + Technology Conference 2025
vor 10 Monaten
|
|
SEP
10
Piper Sandler 4th Annual Growth Frontiers Conference
vor 10 Monaten
|
|
SEP
9
Q2 2026 Earnings Call
vor 10 Monaten
|
|
JUN
11
Q1 2026 Earnings Call
vor etwa einem Jahr
|
aktien.guide Basis
SailPoint — Analyst/Investor Day - SailPoint, Inc.
1. Management Discussion
All right. Welcome. Thank you all for coming. Really appreciate everyone's effort to get here today. Thank you for all those joining on the web. We have a great program for you today that we're really excited to tell you our story.
So -- but before that, a little bit of housekeeping. If we go to the next slide, it's our safe harbor statement. So this safe harbor will also be available in the presentation posted on the web. So now we're through that.
Let me help frame what we're going to do today. So I think there's really 3 key themes that you're going to hear throughout the day. And the first is innovation. You'll see this clearly in our advancements around AI and real-time governance, which are actively expanding our TAM. And I think you'll also notice it's not just what we're building, but it's the velocity at which we're bringing these things to market.
The second theme throughout today is going to be differentiation. So this starts with our depth and breadth of identity coverage, which gives us the required context to link human and nonhuman identities to their human owner. And this really helps accelerate AI identity security for our enterprise customers.
And then the third theme of the day is really our -- the multiple paths to our fiscal '29 targets. So whether it's acquiring new customers, expanding within our existing installed base or developing new routes to market, we have multiple catalysts that are designed to deliver durable top line growth as well as expanding operating and free cash flow margins. So it's -- I think you'll hear those themes prevalent throughout today. So I just wanted to kind of set the stage.
The agenda for today, I'm not going to drain the slide just in the interest of time so we can get into the program, but we have a comprehensive lineup of product experts, go-to-market leaders as well as partners and customers for you today. So with that, and we have plenty of time for Q&A as well. So save your questions. We'll do those at the end of the first section and at the end of the day.
So with that, it's my great pleasure to get started and introduce SailPoint's CEO and Founder, Mark McClain. Mark?
Well, good morning, and welcome, everyone. It's so good to be with you today. If you look at the daily headlines, there's a lot coming at us, rapid AI advancements, shifting markets, macro disruptions. We're operating in a period of unprecedented change, which I would prefer to refer to as the new normal. And this new normal of constant change leads to a sense that to survive, you must adapt all day, every day.
And for those of us who have navigated some pretty choppy waters before, things like COVID or the mortgage crisis or even 9/11, we know a fundamental truth. Disruptions always precede significant market redefinitions where new winners emerge and others get left behind. In these times of deep uncertainty, the instinct for many companies is to just play it safe to blend in, try to weather the storm. But at SailPoint, we fundamentally reject that approach. We're not in this game just to survive. We're in it to win.
And to understand how we win, let's look at the evolution of our space. Let's talk about what's been changing in identity governance and administration, or IGA, and where it's going to go from here. Just as the overall technology market is undergoing a massive structural redefinition in the age of AI, IGA is also undergoing a massive structural redefinition. And we believe there are 5 dimensions of IGA in which critical shifts are happening.
First, timing. We're moving from periodic policy time reviews to continuous real-time security posture. Second, structure. We're abandoning static rigid governance in favor of dynamic adaptive security. Third, coverage. The scope of identity has aggressively expanded from humans to humans and agents, not or and in all of the supporting nonhuman identity elements. And fourth, privilege. We are moving away from permanent privileged access for a few toward rightsized, democratized privilege for all. And fifth and surrounding all of it, defense. Security operations can no longer operate in various silos. Modern security operations must encompass everything from the cloud to the network to the device with identity at the absolute center. This isn't just an evolution of IGA I'm talking about. This is the evolution of enterprise security itself.
If you have proof of this evolution, let's just take a look at some math. Years ago, when we went public the first time in 2017, we defined the market opportunity is about $10 billion. By our Analyst and Investor Day, the first one we did in 2021, we'd expanded that to about a $20 billion TAM. When we reemerged as a public company in 2025, we believe that addressable market expanded to $55 billion. And today, we can credibly claim that the TAM has now expanded to $90 billion for this marketplace.
And this isn't about a growing TAM. It's about the validation of identity as the core of security. This $90 billion TAM reflects the aggressive expansion of traditional IGA to address challenges like agentic AI, next-gen privilege, data access and threat response. And today, you see these issues represented in distinct individual markets like ITDR, identity threat detection and response, ISPM, identity security posture management and IVIP, a newer one, identity visibility and intelligent platforms. But now we believe all of these will be converging into something we call adaptive identity.
Identity has become the critical element of enterprise security. And today, we're going to tell you why SailPoint is positioned to be the biggest winner in that game. And when a market gets attractive, it draws a lot of attention. More companies jump into the game, the noise gets louder, and it's really loud in identity today. In fact, we'd say that the identity security market has entered a phase of message convergence as announcements and claims are arriving at an unprecedented pace, all with a pretty similar set of messages. And with all that noise, it's tough to stand out. It's tough to separate the signal from all that noise.
As Seth Godin once argued in a great book in a crowded market, playing it safe is the riskiest strategy of all. A white cow is visible, but you stop noticing them after the first few, but a purple cow. Now that gets talked about. That gets remembered, that gets sought out. And right now, the identity security market feels like it's full of a lot of white cows. Lots of vendors reacting to this shift by making the exact same announcements.
But here's the reality for all of you behind all that noise. It is, as we say in Texas, all sizzle and no steak. Whereas we also like to say in Texas, a lot of these competitors are big hat, no cattle. Anybody can put out a press release, talk about identity and AI. But when it comes down to it, these vendors cannot handle the deep, messy complexity of the modern enterprise as it escalates into an agentic world. At SailPoint, we deliver the steak, not just the sizzle. We deliver the substance.
So fair question, how do we deliver that substance? It really comes down to 3 interrelated advantages: our breadth, our depth and our unparalleled ability to accelerate into agentic AI. Let's start with depth. No one in this industry has our history or our granularity of control. We have 20 years of managing fine-grained human identity data by working with many of the world's largest, most complex enterprises. Today, we manage over 5 billion entitlements across those enterprises. In fact, we possess what we call the steel thread. It's the ability to trace a human identity as it utilizes various nonhuman identity accounts and services, agents, et cetera, all the way down to the deepest, most granular data levels of the enterprise. And you cannot build that overnight, and you cannot fake it. Our heritage is not a liability. It actually gives us credibility as this new world emerges.
But not just depth, now there's also breadth. We are the trusted control plane for over 3,200 organizations, many of them in the Fortune 5000. And we are actively governing over 145 million identities by automating more than 35 billion SaaS account changes every year. We don't manage just some subset of those human identities. We manage all of them. We are the #1 cross-platform identity provider in the world today, whether it's Azure, AWS, Bedrock, Salesforce or even older legacy on-prem applications and our customers, our platform connects, covers them all with breadth and depth. But as they say, since a picture is worth a thousand words or at least a few hundred in today's economy, this 2x2 matrix should help.
So on the horizontal axis, you've got breadth. In other words, how much of the identity landscape do you cover? On the vertical axis, you've got depth. How granular is your visibility and control? Well, when you map out the core identity competitors and where they're coming from, the limitations are pretty obvious, right? If you look at the SSO and access management vendors, they absolutely cover breadth, right? They touch every employee identity or every human identity. But truthfully, they have very little depth. They're a mile wide and an inch deep. They have the ability to let you in the front door as we've used this analogy with some of you before. But once inside, they aren't aware of, they're blind where you're going in the building.
On the other axis, if you look at the heritage of the PAM and privilege market, they have lots of depth, but very little breadth. They govern a tiny fraction of all the identities in the enterprise and are virtually blind to the rest of the landscape. At SailPoint, 20 years of solving hard identity problems across the entire landscape means we have the pattern recognition that the others don't. And as always, in these 2x 2 charts, the place you want to be is the upper right hand, isn't it? The top right quadrant.
SailPoint sits here pretty much alone in this collection of vendors. We believe no other company can viably claim that combination of breadth and depth at scale, period. Having both breadth and depth is, in fact, a pretty massive structural moat. But here's the critical part. AI is now becoming a significant multiplier to that advantage. If you feed AI, shallow data from a tool that either lacks breadth or depth, you're going to get limited or maybe even questionable outcomes. But because we possess 20 years of the deepest, broadest identity data on earth, our AI is intelligent, very intelligent, extremely intelligent about what happens in all those complex interrelated entitlements. And we're using it to massively accelerate and extend our lead, extending it to this newest paradigm, the wild explosion of the agentic workforce.
And we're not just about defending our current market share, we're aggressively capturing this new explosive TAM. And that's by focusing on, again, the wild explosion of nonhuman identities or NHIs, as you've heard him refer to. And agentic AI. With that, we are establishing a powerful new growth engine, which we expect will drive over $100 million of AI-related ARR at the end of this fiscal year. depth, breadth and unparalleled AI acceleration. We believe SailPoint is uniquely positioned with the platform, the data and the proven enterprise experience to get our customers where they want to go.
As I said earlier, our vision to address this world is what we refer to as adaptive identity. And we believe it's the only way forward, dynamically adjusting access for all identities, human or nonhuman based on real-time risk, context and observed behavior. We're bringing this vision to life through 2 distinct accelerated paths. First, we're sitting at the cutting edge of securing this rapidly expanding agentic workforce, specifically in the context of the human workforce. It's not just about securing agents. It's about securing them in the context of humans, and that's why the end matters so much.
You cannot secure agents in a vacuum as some of these start-ups would have you believe. To govern nonhuman identities, they must be tethered to a human owner or a human context. To conquer this new frontier, last month, we introduced the SailPoint Agentic Fabric right here at NASDAQ. It places agents into the context of that human workforce, bringing them fully under control. Ultimately, it ensures that the entire human and agentic environment remains secure in real time, all the time.
But we're also focused on massively accelerating how customers can get to this future nirvana state. As you know, many enterprises today are bogged down by massive technical debt. They're paralyzed by trying to rip out rigid, broken legacy systems from other vendors or some of them even have challenges to manage and upgrade from our own on-prem solution, IdentityIQ. Well, today, we are radically simplifying this process to get our customers to Nirvana by introducing SailPoint Agentic Acceleration, which is a methodology, but it's powered by a brand-new technology we call the SailPoint Virtual Architect.
The SailPoint Virtual Architect maps all that legacy structure, wherever it's coming from, leverages AI not just to do a lift and shift, but to design the most efficient solution in the new realm and then accelerates migration to that with unprecedented speed. Put really simply, we're using AI to map the path to AI, defining the ultimate nirvana solution and accelerating our customers' ability to get there. And we're going to do that faster and better than anyone. We're doing all of this through relentless ongoing innovation, both organic and inorganic.
In just a few minutes, you'll hear from Chandra about the capabilities we've been busy building here at SailPoint, but we continue to strategically insert acquired technologies into our road map to accelerate our vision. Just yesterday, as you saw, we announced our intent to acquire Entro Security to deepen and widen, sound familiar, our controls for nonhuman identities. And we'll continue to scour the landscape for cutting-edge technologies that help us bring our road map to life even faster.
So as I wrap it up, we've been a leader in IGA space for many, many years. By pairing our 2-decade human identity advantage with our new Agentic Fabric, we believe we have the most complete adaptive identity solution in the market bar none. And now with Agentic Acceleration, we can move customers to that desired destination faster than anyone else.
To show you how exactly all of this is going to translate into undeniable financial execution, I'm going to steal just a little bit of Brian's thunder coming up. Today, we're going to clearly demonstrate why we expect ARR growth to accelerate as we deliver more than $2.1 billion of ARR in fiscal '29. And we expect about 40% of that revenue to be AI-generated, agentic related. We're also getting there responsibly, as Brian likes to say. When we hit that $2.1 billion milestone, we expect to generate at least $400 million of free cash flow. As I noted, Brian is going to go into this in a lot more detail just in a few hours this morning.
So let me say it again, we expect SailPoint's growth to accelerate. The demand for enterprise-grade multi-cloud identity governance is exploding as organizations rush to secure their AI investments and machine environments. With our specialized focus, commitment to innovation and the rapid scaling of these Agentic solutions toward our $100 million target this year, SailPoint is distinctly positioned to continue to lead in the next era of identity security.
So as I close, let me turn this over to Chandra. Let me tee up a little bit by highlighting again the 4 big challenges we are focused on for our enterprise customers around the globe. First, they're looking to us to help them secure this wild explosion of agentic workforce in the context of their human workforce. Secondly, they need us to help them move their enterprises to real-time adaptive identity security. Third, they need us to help them democratize privilege by ensuring dynamic, rightsized access for every identity, human or nonhuman. And fourth, we're going to help them bring identity and the security operations center together for truly effective, truly comprehensive threat response. So with that, thanks again for joining us today.
Let me now hand it over to my colleague, Chandra.
[Presentation]
Good morning, and welcome again. Mark really set the stage. What I'm going to do is really get into innovation, talk about customer outcomes and really talk about how we are using AI.
So if nothing, I would like you to walk away with 3 things today. One is there are 2 big rock, big mega growth innovations that we are going to be working on for the next 2 years. One is agentic. Second one is we are moving governance of human beings, which we have done for 20 years from static to real time. Number two, we fundamentally believe, just given the security world today, it's time to move all of our customers to a minimum of least privilege and zero standing privilege and ultimately to our vision of autonomous identity, which is really think of it as the Waymo of the identity world. It's a self-correcting, self-healing platform.
And third, we are quite excited about the way -- the 3 different ways in which we are using AI, and we are incredibly proud of the product velocity. We have really -- our product velocity has gone up by 2.5x in the last 18 months, and it's continuing to accelerate.
So before I dive into this, I want to set the stage for what we believe is a new normal in the world of threat and security. And the way to think about this is the time it takes to go from finding a vulnerability when you actually find a vulnerability to actually a bad actor being able to exploit it. About 3, 4 years ago, it used to about take a year, right? So when a large corporation found a vulnerability, they will actually issue a CVE, and it took the bad actors roughly about a year to get to it. As long as you patch it within that, you're good.
Today, that 1 year has come down to a day. And it's trending more towards an hour. And just think of that change where from the moment you find a vulnerability to when it could be exploited, it's trending towards 1 hour. And it's largely driven by advanced models like Mythos and GPT 5.5. It's organized cybercrime activity, dev environments being overly permissive. It's a combination of it. But it's a stratospheric change in the world of security. And it's really against this backdrop that we are shifting from just securing and governing humans to securing and governing human plus AI.
And when I say AI here, I mean broadly. Mark really referred to them as agents. It could be agents, nonhuman identity, credentials, right, bots, all of it, all of it includes. We at SailPoint think of all of it collectively. And this whole human, and it's not just human plus AI. it's actually the ratio. The ratio matters. We are beginning to -- well, we are at roughly about 1:100 across all of our customer base, and it's trending more towards 1:1,000. So for every human, we are going to find about 1,000 AI identities or nonhuman identities.
At that scale, architecturally, you have to really shift to more of a real-time architecture as well as what we call security in line, meaning when you have the ratio of 1:1,000, literally a Global 1000 will have millions, if not tens of millions of these nonhuman identities, right? That can do things autonomously. So the only way you can actually manage and be secure is the ability to respond to a threat in real time with deep identity context. That's really what we are building here.
Now this human plus AI has actually introduced 2 fundamentally new identity security problems today. So what I want to do is frame those problems conceptually before I go deep into it. So I'm going to just illustrate it with some very conceptual basic use cases, right? The first one is really about a human or an AI developer writing code and putting that code in a GitHub repo or an agent or a human accessing an API. That itself is not new. The fact that those -- the GitHub repo and the API, they have credentials, which are really machine reading -- machine-readable credentials, tokens and keys. That is also not new.
What is new is the fact that these were -- these have been largely unmanaged and ungoverned, right? A lot of them, by the way, they would not be rotated for like years and years. You can no longer afford it. If you leave a key now that is not rotated frequently, the chances are it's going to get hacked into and your code could be stolen. That is new.
The second one is really the autonomous AI use case, which is you have a big agent calling smaller agents, right? And the smaller agents are the subagents accessing application and data. This flow is very, very new. And this whole chain needs to be governed, right? They need to be discovered. You have to make sure they are authorized to only access the data they are supposed to on behalf of the human they are acting. These 2 conceptual use cases is what we refer to as the agentic security and governance problem.
Now on the human side, the question is what's changed because humans have always had access to application and data. What has changed is the fact that the bad actor now can use these advanced models, advanced tech to really hack into these application and data in no time. And this is why this timeframe -- the time to exploit a vulnerability going down to another is really -- it really matters. In that world, you can no longer rely on these applications and data being fully secure. You have to fundamentally reimagine how humans access this application and data. That's why static governance, static privilege is dead. You can't afford it. It's grossly insufficient. You have to move -- you have to really risk evaluate every access a human or an agent has to the application and data. That's what we mean by shifting human governance from static to real time.
These are the 2 problems we are fundamentally committed to solving. And our big growth innovations that I talked about, agentic, real-time human governance are about solving those 2 problems. And we launched our Agentic Fabric, which is our fabric to solve end-to-end agentic here at the NASDAQ last month. It will be GA in the next 2 months, in less than 2 months, real-time human governance. It's really -- all of you are familiar with our Identity Security Cloud, ISC. This is an upgrade to ISC. This is -- we are really delivering next-generation human governance or real-time human governance through next-generation ISC. And Atlas is the engine. It's a shared services layer. It's an engine that powers both of these innovations.
Now here is what we're excited about, right, which is solving the agentic problem. There is a new role in every large corporation today. It could be described as a Head of AI. In some places, it's actually committee and so on. But that's a new role. And the real-time human governance is no longer in the realm of just the identity department, it's the CISO and the entire CISO's office that's really responsible for it. So we are becoming strategically more relevant as well as the wallet size. The wallet size goes up when you go solve these 2 problems with those 2 executive buyers. This is why we are quite excited about where we are innovating.
Now the solution to this, the SailPoint solution to this for both agentic as well as real-time human governance has 3 pillars: discover, govern and protect. Now for the last 20 years, right, we have talked a lot about discover and govern, right? That's really what a great IGA platform does. We are now innovating on that for this new identity type call agents and machines, right? But Protect is new. This is new. This is why SailPoint is no longer your old legacy IGA. It's not even your grandmother's identity platform or your parents identity platform. This is a new SailPoint, and we are really innovating on protect.
I'll talk about what I mean by that. But this is -- and when Mark talked about how our TAM has really expanded even since we went IPO from $55 billion to $90 billion, a good chunk of it is driven by the fact that we are governing a net new identity type call agents. It's also because both for agents and for humans, we are now not just in the discover and govern -- sorry, in the governance game, we are also in the protect game. With that, let me just dive in, right, and talk about what we are doing in both agentic as well as real-time human governance. And I'm going to really focus on what's new and what makes us very, very unique in solving these problems.
So starting with discovery. Look, we are super thrilled about the acquisition of Entro, which I think is very, very complementary to what we do. So with that, we have the most robust. I can confidently say we have the most robust discovery mechanism of any agent, nonhuman identity type. Entro covers more than 1,200 nonhuman identity types. And so we have the most robust mechanisms to discover agents and machines and credentials from any platform in the world. But what makes us really special is the fact that we will be the registry right, which means you are -- the moment an agent or a nonhuman is discovered, it gets -- so think of us as the or the warehouse where all of it is stored, we automatically correlate it to the deep human context that Mark talked about, right?
And so if it's -- so let's take this persona, Bob. Bob has a coding agent, right? So it's not just correlating the fact that the coding agent, clot co coding agent belongs to Bob, it's also all of the fine-grained context that is associated with Bob, right? So we do that automatically in our registry.
The second one, we are getting into posture, okay? This -- we are going to be introducing the SailPoint risk score, which is a mechanism to really evaluate risk at an individual identity level, both for humans and agents. And it's a configurable mechanism because what risk means changes from one company to another. So we're going to -- we will give our customers the ability to configure how they calculate the risk score. But because in a world where you have millions, tens of millions of agents inside a corporation, you've got to have real-time visibility into what the risk is, right? And so that's really what the SailPoint risk score will provide. That's really on discover.
On govern, what's net new here or what's special is really we will be the first to market with our agent audit product in less than 2 months. So look, human access has been audited and has been regulated for a long time. The same thing is coming for agents. It's going to be a lot more complicated, a lot more complicated. Already, there are about a dozen frameworks. Every country seems to have its own framework for auditing agents. Lots of industries like health care and others, banking have their own frameworks for -- so -- but we are an audit company. We know this. This is in our wheelhouse. So what we have done is consolidate all that into 10 controls. We are going to be launching that very soon, right? And we are working with all the big 4 audit firms actually, quite frankly, to make sure when we really come to market, it's very, very pragmatic.
On the protect side, there are a few things I would love to highlight. One is just-in-time real-time authorization. Look, the hundreds of trillions of dollars that is getting spent in the world of AI and in the world of agent it all boils down to the fact that enterprises will have to use them to automate business processes to change the way they work. Doing so requires, which means a bank will automate loan origination and an insurance company will automate claims processing. Doing so requires these agents access application and data. That is where just-in-time and real-time authorization comes in.
And having the human context matters because when a multi-agent network is authorizing a loan, it's acting on behalf of an underwriter. And you don't want this agent to access anything that the underwriter does not have permission to. That's why mapping the agent context to the human context during authorization is the only way to do it. This is where we are highly differentiated.
Second thing is prompt security. Like every one of you here, I'm sure you are all prompting in some foundation model, 20, 30 times a day. One of the biggest threat vectors is that prompt being poison, the prompt being hijacked. It's a huge security issue. And our prompt security, because we have a browser architecture now, we have a plug- in the browser, we can intercept these prompts in real time. We are doing -- we're using machine learning to classify the prompts into high risk to low risk. And if we see something, let's say, an employee trying to upload some confidential data into ChatGPT to do some analysis, that's not safe and we'll block it. So we will be doing things like that.
And the third one is really response remediation. In a world when you have tens of millions of agents running around, you have to assume breach at all times. Anything else, you're really kidding yourself. There is some breach of some agent or some machine at any given moment in every corporation. And so in that world, the only thing you can and should do is have the ability to respond to it in real time. So what we are doing, we are launching this product in the next few weeks called response remediation, where any time there is a breach, we have receivers that are really listening to events. So we have built a whole event mechanism using the SSF protocol, which is an industry standard. And we are creating what we call a SOC package with deep identity context.
So if, let's say, one of you as an agent that gets hacked, we will create a package on what critical data that agent has access to and what the blast radius is and send it to the SOC so that the SOC analyst who is analyzing the breach can actually use that to be surgical in the response. Doing these things is a game changer. Now as you will see, we also believe from an outcome perspective, the minimum in the world of agents is actually 0 standing privilege, not even least privileged, certainly not static. And our fabric automatically delivers that. That's our promise.
Now before I get into real-time human governance, I want to just mention a word on Entro. So we are quite excited. Entro is a market leader in nonhuman identities. A simple way to think about this is the world of secrets and tokens and API keys and JWT tokens and certificates and so on, right? They're world-class in managing not just discovering, governing and protecting them, right? And so once we close, which should be soon, we are going to be very aggressive in integrating all of Entro into the SailPoint Agentic Fabric. And so you should hear more from us on it. We have publicly announced a Q3 close maybe earlier. But I think we're going to be super aggressive in terms of integration, more to come on that.
Now real-time human governance, right? Let me just demystify real-time human governance a bit because there is a lot said about static real time, what the hell does it mean, right? So governance has always been about who has access to what, right? Now what has changed is who has access to what, where, when and why. Answering the where, when and why is really what the security folks likes to call risk context. When you really hear the word, that's really what it is, right?
So I'm just going to bring it to life with this persona called Bob. Let's say, Bob is an analyst at a large corporation. It's really questions like should Bob have access to financial data 24/7 or should Bob only have access to the data a week before earnings, a week after earnings and no more. Should Bob have access to Salesforce data inside salesforce.com when Bob is on vacation on a public WiFi. Bob has access to an SEC folder inside the corporation. Should Bob have access to it at all times or only doing a confidential M&A project. In all of those situations, there is some condition based on which Bob has access. That's really the essence of real-time human governance. So you don't assume that Bob has access to everything all the time. You are gating Bob's access. That is simply the world of real-time human governance applied to both agents and for humans.
Now doing so requires a few things, which is what we have completely built here. Doing so requires the ability to classify the application and data that Bob is accessing, which is what we call privileged classification, you will see here, right? Now you've got to be able to apply that to not just Bob, every -- an average Fortune 500 corporation has 60,000 employees, 60,000. Everyone should be privileged, not just 3% or 4%, which is really today, right? Everyone should be privileged. Not -- it doesn't mean every access they have, everything will go through just in time, but at least you are risk evaluating their access. That's what we mean by democratizing privilege.
We are bringing privilege everywhere. Doing so requires classifying applications and data, which is what we are doing now. Once you do that, you've got to have the mechanism to do just-in-time authorization, right? Like I talked about, you only have access, Bob only has access a week before a week after earnings and so on. So that means you're doing just-in-time authorization. Bob doesn't -- it's not really static access. That is to the right, just-in-time and real-time authorization.
Now there should be policies, right? Every role based on context will have policies based on which their access should be governed. That's what in the middle we mean by governance being driven by policy and intent. not just roles. It's not just, well, Bob's role is that he can have access. No, there should be policy that will govern conditions based on which Bob will have access or not. That should be done for all roles. Hopefully, that sort of demystified real-time human governance. We are delivering -- so we have a big launch event in early August in Black Hat. That's when we are formally launching real-time governance or human governance. It's really an upgrade to ISCR.
President Matt Mills likes to talk about it as it's not a migration, it's an upgrade, just like how you would walk into Apple Store and upgrade your iPhone from one version to another. That's exactly what we are doing here. It's not a migration. So that's why we are confident as our customers move to our agentic suites, which will have real-time human governance, they will automatically go through the journey of moving to least privilege and 0 standing privilege. That's our promise.
Let me spend a minute on this notion of autonomous identity because I said that's our end state. Think of -- look, I think scale is important, right? The context is why do we need autonomous because of scale, right? When you have tens of millions of identity, today, corporations are used to, like I said, the average Fortune 500, 60,000 employees. So you have 60,000 identities. In the future -- or like -- sorry, not even in the future, today, the ratio is at least 1:10. So or 1:100. So you're talking about 6 million identities, 1:1,000, you're talking about 6 billion identities, right -- sorry, 600 million. So these are like massive numbers.
And the only way -- so you can't have a human in the loop all the time, looking at what's happening with 6 million, 60 million, 600 million nonhuman identities all the time. So what we are doing is building a fleet of agents. These are called guardian agents that are autonomously looking at everything that's happening with the identities inside a corporation and looking at whether they are acting inside the policy, outside the policy, anytime they see drift, it will automatically take some action based on policy, right, meaning if it's a small drift, it will actually stop it. If it's a major drift, it will alert the SOC or it will alert a human owner. This is our vision for autonomous identity. You should really expect us to be delivering some of the early capabilities in this early next year, but we are working on it, and it's quite exciting.
So I talked about Atlas being the engine that powers all of this. And we launched Atlas about, I think, 3, 4 years ago. And there has been a ton of innovation in it. The one I would like to highlight is all the things we are doing to really get into protect, right? Remember, I talked about discover, govern, protect and protect is new. So we are building a risk engine, a policy engine, intent engine. As we move to just-in-time and real-time authorization, we are moving a provisioning model from static provisioning to dynamic provisioning. All of this is getting built into Atlas. And so when we launch our -- the next-generation ISC with a new brand, the next version of -- the next generation of Atlas will go with that new brand as well. So please stay tuned on that.
We are also very, very excited about extending Atlas, right? So we have our ecosystem of partners that build on Atlas today. They use our APIs, workflows and so on. What we are doing is really building -- we will be giving them the ability to extend Atlas. So if you're an ecosystem partner, you can configure your UI, you can configure your workflows, you can potentially extend the data model we have and so on, right? This is quite exciting, which we believe and Matt will formally announce a new monetization model for how we are going to monetize the ecosystem and give them access to our platform. This is going to enable that.
Let me send -- Mark, at a very high level, talked about the breadth and the depth, right? And I want to link it to the next level of how our product is differentiated. And I think the best way to understand is using a building metaphor, right? Our -- because we are very bullish and confident that we are the most differentiated platform to govern and secure both agents and humans in real time. And it comes from the fact that we have a foundation, which is what Mark referred to as a red thread. The ability to connect a human to a nonhuman context, it's not just that. It's the full depth of that context, which is what application, what data, what accounts, right?
And now imagine the ability to do it across thousands of platforms. The agent here could be in AWS. The machine could be in Google. The application could be Salesforce. The data could be in Snowflake and so on and so forth. Imagine the ability to do that across all platforms, which is what we have. We have the most robust connectivity infrastructure in the whole world. And so this is really the foundation.
On that foundation, we have built an authorization layer. We are the authorization last mile. We are the authorization execution layer. We are an authorization company. We are just moving it to real time. We are moving it to the world of agents. And all of these capabilities here are required to do authorization really well. Look, authorization requires data. You can't authorize if you don't know who has -- who should have access to what and when, which is what the foundation provides. This is a sale point differentiation, right? This is -- so we have -- the strength we have built over the last 20 years, we are now adding to it with all the agent context. And this is the complex engineering we have done, already done, and this is what is getting released now.
Now on top of these 2 is the second floor, which is all of the customer innovation I talked about, discover, govern, protect, all of it is on the second floor. Now the start-ups of the world are starting on the second floor. They don't have the foundation. They don't have the floor one. And what happens to a building if you try building a second floor without the foundation, right? That's why it's shaky. And our big platform competitors, look, CrowdStrike and Palo Alto and ServiceNow, they're all cooperators because we partner with them as well. But even they have strands of identity context nowhere near the -- none of them are identity companies. They're all trying to get into the identity world, right? And so that's why we feel very, very bullish about the durable differentiation we have.
Now those were all the customer-facing innovations. There is a ton we are doing on the operational innovation side as well. So I'm just going to highlight a few. Architecture. There are 2 fundamental shifts that we are really rewiring for. One is moving to real time, two is building for agent scale. Like I talked about 1:1,000. It's a different game altogether. And so -- and it's -- and we're doing it through people. You might be wondering, wait, guys, you've been building static for 20 years. How did you just do it?
So my own leadership team, Fuad, Levent, Mitra, they have really come from places like Microsoft, Okta, Salesforce, SentinelOne. And the next level leadership is where we have also hired some fantastic leaders from CrowdStrike, Salesforce, Palo Alto Networks who have been there done that. And so they are being complemented with our existing talent, and SailPoint has always been distinctive in terms of domain expertise for identity. That combination is really the magic. That's how we are driving the architecture shift.
User experience, we hired Mahin, who is our Head of Design that is really leading our excellent design team, which we have had for a long time. And Mahin sort of believes in this notion of design should follow a user's emotion. And so you should really expect to see a lot more reimagination. We are fundamentally reimagining the SailPoint user experience. You will actually hear more from us on it. And it will start with our Agentic Fabric launch in less than 2 months. You will see -- and Levent will show it, by the way. He's going to do a demo. You will start seeing glimpses of the new SailPoint user experience.
Security, this is a big deal for us, right? I talked about the new normal, right? We are quite religious about it, quite frankly. So we are using all of the advanced tech. It's more than that. We are also rewiring how we build products, and it's a fundamental cultural change. Now the world is less global. It's gotten more complicated. There are lots of sovereign needs. That's why we will soon be announcing our support for 5 different sovereign needs, including FedRAMP High here in the U.S. as well as things like PCI for the payment industry, EU Sovereign Cloud, availability in South Korea locally and GXP for the life sciences industry. And there are a few more coming. Expect us to formally announce these things, but I want to give you a sense of where we are headed because without these, it's hard to do business on a global basis, but doing these will give us a real competitive differentiation.
Now I call this the AI triple play. We are using AI -- or sorry, we are protecting our customers' AI. That's a sale point for AI. AI for SailPoint, which is all about how we are using AI, and we are using it to build our products, which is really tripling our velocity. Now we're also an open ecosystem.
And so one of the things that I want to highlight is Chet Kapoor runs security at AWS, which is one of our deepest partners. And Chet apologizes for not being able to be here in person, but he wanted to represent his views on our partnership to me, which is we are a deep partner, right? And so we are one of the very few identity -- large identity players in their Security Hub+, which is a second-party marketplace they have as well as we participate early with them on a number of innovations, right? And so then there are other partners like Snowflake and CrowdStrike and so on. So we're really an open architecture.
Now I want to take it back to where I started, 2 Big rock innovations, 2 big customer outcomes and AI triple play. Thank you for listening. And with that, I would like to show you things now for which I'm going to invite my good friend and colleague, Levent Besik.
Good morning, everyone. Thank you. I should probably plug my laptop in. All right. Are we getting the -- perfect. All right. Good morning, everyone. I'm Levent Besik, the Chief Product Officer here at SailPoint. As Mark and Chandra mentioned earlier, we're on the frontiers of innovation to provide best-in-class identity security for humans and nonhuman workforce and enterprise. Today, I'd like to show you some key innovations that we've been working on and we've built for our customers. And all of these are either available today to our customers or will be very soon.
I'll first start with SailPoint Agentic Fabric, which is our end-to-end solution to discover, govern, audit and real-time protect AI and nonhuman identities. I will then showcase our AI-driven privilege classification and just-in-time authorization capabilities as part of our real-time human governance.
So let's start with our Agentic Fabric. Today, the fastest-growing, most highly privileged workforce inside any global company is nonhuman identities, which, of course, includes service accounts and machine secrets and now autonomous AI. Some of our customers see over 100x more nonhuman identities than humans. So visibility and the unified inventory, as Chandra said, with human and data context is the first step and super critical for our customers to secure this new nonhuman workforce. After all, if you cannot see them, you cannot govern them. If you cannot govern them, you cannot secure them. So let's bring down the lights and take a look.
All right. Welcome to the unified AI and nonhuman identity dashboard powered by SailPoint Agentic Fabric. So right from the single pane of glass, and identity admin gets an immediate comprehensive health check of their entire nonhuman and AI ecosystem. With our AI-enhanced connectors that can virtually connect to all enterprise platforms as well as our sensors now that are deployed actually on the browsers and on endpoint clients, we provide one of the most complete views of nonhuman identities and their human context in one place.
There are multiple dimensions of insights here that I want to go through that really reveal your security posture very quickly. So for instance, right here, you can see the total number of nonhuman identities. You can see the number of total active agents across your entire enterprise. Many of our customers for the first time ever see us realize how large their AI and nonhuman identities are. And you can see all their exposed secrets, you can click in each of these and go drill down. And we also show not just managed agents, but the shadow agents that obviously the administrators may not know about. And of course, the nonhuman high-risk agents and the abnormal behaviors that they might be utilizing, right, or they might be displaying. So this is a critical security insight that many of our customers, as I said, don't completely realize until they use our fabric for the first time.
But let's dig in to nonhuman identities in a little more detail. So here, you see all of our nonhuman identities, in this case, the tokens that you can -- an admin can look through slice and dice and look at the security, severity and different aspects of it. Let's just focus on the high-risk ones, for instance. But this is -- this shows you all of the critical factors that admin makes, right, to understand the security posture.
But let's dig in into one of these to see what we actually see. So here in this case, this is -- it's a token. You can see there's a critical issue here. So let's understand what's going on here very quickly. We see the owner. We see the last time it was rotated. Clearly, that's flagged as a risk factor. And it's in a production system of some sort. But here is a unique differentiator as Mark and Chandra told us, our Agentic Fabric has a depth and breadth of human and data context. So we can add this to this view. And because we have that context, we can do some amazing things. We can create a complete lineage ramp.
So let's go through what that looks like. So in this case, let's look at this token's life cycle, right? This was a token owned by Doron. It was created in a browser and used in a few places. But here's an interesting piece. This token has high administrative privileges. Okay. I mean that's suspicious, but is it used? Yes, and it was used. It was used in a privileged production system by an AI client that probably Doron used on his laptop. And it was -- furthermore, how was it used? It was used in an access management system to create a new user, right, attach a user posit to it. And worst of it, this was all done from an untrusted location.
So this is the context we talk about. It's the full lineage, not just what the token is or the metadata around it, but how it came to life, its life cycle where it was used and everything. And here's the thing. I've seen enough that this to judge -- to assess that this is dangerous. I'll just disable it. This is not an insight platform. It's an action platform. So with just one click, we just revoked that token, mitigated the risk. All right. So this is the power to SailPoint Agentic Fabric.
Let's see how this works in an agentic work. So let's head over to the agent dashboard inventory. And similar to the nonhuman inventory, this is the place to slice and dice and understand how many AI agents you have, where they are, who owns them. Again, you can see similar metadata across the board. You can click in each and every one of them. And this is a purpose-built dashboard. So you can see here, again, let's click on one of these to see what we see. Again, similar experience as the nonhuman identities. But of course, we see some interesting stuff here, right? So this was a cursor agent, again, with our suspicious actor, Doron. Sorry, Doron. Interesting stuff is happening here from your machines. And cursor agents active as interesting.
So let's go to the lineage map to see what Doron has been up to. So again, Doron has been using this agent on his MacBook Pro for cursor. All right. So this is where the interesting stuff comes in, right? This agent has multiple identities that was used, one in Figma, one in GitHub. And let's see what this agent has been doing, right? This agent was doing Figma, probably it sounds like -- it seems like a developer agent. It was accessing the design system and a few other things that I think. But suddenly -- and then it access to GitHub. And for a developer agent, we see some suspicious things like it's accessing, for instance, financial automation service, quarterly reports, customer data. Well, that's not right, right? That doesn't seem right.
So again, with a single click, I just disabled that agent on its platform that it came from. So it's great that I can take these remediation actions one by one, right? But as Chandra said, we expect hundreds of thousands of these. So how do we create automatic real-time access policies for agents and secrets and dictate what they can and cannot do before they're even created in the enterprise, right? Because that's what you want to do. We want to have that autonomous automatic policies, right? So this is where our security policies comes into play.
And as you can see, we have a selection of these policies you can create from behavior policy to identity owner. But here, what I want to create is a policy around -- in this case, since we just looked at a GitHub agent, let's configure an agentic access policy to deny cloud agent from accessing GitHub for product team. Now why? This is actually a very common risk vector that recently we hear quite a bit from our customer base. They see a lot of these benign coding agents drift from their original purpose. And they, in some cases, do distractive events like leading the code base. So -- and then they use it access a privilege.
So what we want to go do is we want to create a policy to block that. So we're going to give it a name. Let's give it a name, block GitHub access. Now again, I can choose a variety of platforms here. I'm going to use cloud. And again, I can do a variety of targets. In this case, I want to block GitHub access. I'm going to select that. You can deny and allow policies. There's a plethora of options here of customization. But I'm going to select a specific team here because I want my engineers to innovate with agents, and I can create a separate policy for them. But for product team, I'm just going to deny that. So I'm going to create a policy and then see how it -- sorry, and see what happens.
Okay, great. So let's check now. We create a policy. Let's see if this works. So we're going to try to read a file from GitHub. I'm member of the product team. So let's see, hopefully, it's going to work, going to think. I hope it works. There you go, request blocked by our policy. Now this right here is huge business value right here for our customers because this capability allows our customers to create guardrails and to adopt AI innovation securely across their organization.
All right. So let's pivot from agentic identities back to human element. As Chandra and Mark said, we also have a lot of innovation happening on real-time human governance. Specifically, let's see how we are using AI to radically modernize real-time human governance. So I'm going to go to entitlements here. Now to achieve true zero trust, an organization must understand exactly what access entitlements they are governing and then classify them accurately in order to apply appropriate security policies.
But across the enterprise landscape, we face a massive data quality problem. 64% of our application entitlements are missing descriptions or written encrypted jargon. So we're not also talking about a few hundred here. Some customers have millions of these entitlements that they need to manage. And with such sheer volume, if a manager or an auditor doesn't understand what an entitlement actually does, they often misclassify it. And that is a massive security gap, a massive compliance cost. So this is where we innovated with AI and created AI recommended descriptions, which makes this traditionally laborious and critical security task comp.
And let me show you how. So in this case, we have a ton of entitlements here. A lot of them don't have any descriptions. So let's see what happens with our AI-generated recommendations. So we click there. And instantly, you can see we have created some really detailed descriptions of what this is. In this case, for instance, it is a super user group for Workday, and we came up with like a very good description here. And -- but here's the best part, building on those descriptions, the AI then automatically classify the exact risk level for each of entitlements.
So we now flag which ones provide highly privileged access. And we can approve and deny a few of these, but it turns out our accuracy is also pretty good. 98% of the time, 95% of the time, our customers accept and approve all these classifications. So with that confidence, you can square and bulk approve, right, these things. And you can also obviously go and edit them if you wanted to. right? And you can adjust risk to this, but we can bulk approve these. And what used to now take teams of security analysts, months of manual work is fully automated, thanks to AI. We're slashing our customers total cost of ownership. We're accelerating their deployment. We're laying the robust foundation required to enforce real-time dynamic access policies.
Okay. So now that I discovered and classified what is privileged, I want to focus on the privileges that represent the greatest risk to the organization so that I can enable zero standing privilege. We do that with just-in-time policies. I'm going to go to just-in-time console here. And what happens here is that with just-in-time, a privilege is only provisioned when a user needs it and deprovisioned or disabled when it's they're done. And you can do this for all types of entitlements to achieve zero standing privileges, and that's what we recommend. But for the most sensitive ones, you can add additional verification at the time of activation to if you wanted to.
So let's walk through how an administrator would create an activation policy so that when a user wants to activate Workday super user privilege, for instance, he will be asked for additional set of authentication, right? So let's go to an activation policy here. I'm going to create a policy, and I'm going to create an activation work the super user. There's some information here I can add. It's going to be individual policy, ownership. And again, we give great flexibility here. You can create this policy to match attributes and do a whole bunch of other flexible things to fit your needs.
But here's the best part. So first, there is the -- why do you need this policy questionnaire that I can create. But even better, since this is such a privileged entitlement, a super user access to Workday, right? I want people to really make sure that they are authenticated or reauthenticated with multifactor, right? This is where our integration with identity partners comes to play. In this case, I will require authentication, and I will also create an identity policy for that multifactor authentication, right?
So I'm going to do that. I have the policy set, I'm going to finish. And now let me switch to the user mode, right? So this is now our administrator right, David, which is one of our administrators. So when he activates the Workday super user policy, let's see what happens. All right. So I'm going to go ahead and activate this. Again, it's time limited. I'm going to give you a reason. Okay, great. Great. And then let me get a service ticket as we -- because as set the policy. Let's enter something there. Okay, great.
And then here's the most important part, right? We're going to begin a reauthentication retool here. So we're going to go ahead and on the phone, simulate it, we're going to approve a multifactor authentication backed by biometrics. So we do that. We do biometrics request. It's approved and David got his entitlements. And that's how we create zero standing privilege for this entitlement. And hopefully, he can deactivate or if he forgets it's time bound, it will be disabled after he's done.
So please bring the lights back up. That's a quick overview of our SailPoint Agentic Fabric and our real-time policy. So a quick recap. We got a complete view of all of our nonhuman and agentic footprint in our enterprise with critical human data context. We were able to quickly assess and improve our security posture and create policies. We then saw a single control plane on a unified platform with automated governance and real-time protection. We then saw how our AI-driven capabilities deliver real business and security value by eliminating painful manual work.
And finally, we saw how our real-time authorization help our customers create a zero standing privilege posture and protect them from privilege, misuse and insider threats. We are incredibly excited to bring these capabilities to market and partner with our customers on their AI and real-time human journey. Thank you. Really appreciate it.
And now I'd love to have our Presidents Matt Mills to stage on go-to-market.
Our go-to-market session, we're going to take an opportunity and introduce you to really the broad, deep bench that we've built over the years. And so you'll hear shortly from our Chief Commercial Officer, Gary Nafus. You'll hear from our Chief Customer Officer, Meredith Blanchar; our Chief Marketing Officer, Wendy Wu. You're going to hear from our Head of Revenue Operations, Steve Caldwell, and the gentleman that manages and leads our global solution engineering and specialty sales, Jeff Hickman, right? So the depth of their collective experience is extraordinary, and you'll see that for yourselves, and you'll see the deep bench that we've been able to build here.
With that, let me just get started. The physicist, David Deutsch, once noted that humanity is always at the beginning of Infinity. With AI, that infinite future is driving faster than anything we've ever seen in technology history. We are seeing an unlimited growth of knowledge, but crucially for our business, we are seeing an infinite proliferation of AI agents and nonhuman identities.
Last September, if you'll recall, we launched agent Identity Security. At that time, it was arguably the first solution of its kind. We made a bold prediction that governing autonomous agents would quickly eclipse human identity management as the most critical governance and security challenge of the decade. We were right. We declared 2026 the year of the agent because we saw a fundamental truth that the entire AI wave from copilots to autonomous workflows requires one absolute foundation, robust, unified identity and access control.
The market urgently needs a vendor-agnostic control plane to govern the connection between humans, agents, machines and data spanning across all platforms. For instance, Salesforce, Amazon, Microsoft and Google. And because as the global regulators begin to draw strict lines around AI accountability, proving what an autonomous agent is doing with your data is no longer just an IT issue. It is a massive compliance mandate. And today, that explosion -- it's not a forecast any longer. This is the reality we're dealing with. Board mandates are clear, massive budgets are activated. The AI is undeniably the engine of the modern enterprise.
With this rapid AI adoption comes a rapidly growing security problem. We've been saying this now for some time that identity is the #1 breach vector, and most companies have experienced identity-related incidents up to now. Now take a minute, add autonomous agents. The attack service isn't just growing, it's multiplying exponentially. Agents are being created everywhere largely outside the purview of IT. They are spawning subagents, connecting to critical SaaS apps, massive data lakes and being granted broad sweeping privilege across the enterprise. Now as a result, the fastest-growing form of agent governance right now is no agent governance at all. With a control plane, the trend of rapid vibe coding quickly devolves into -- get this vulnerability as a service, all right?
So let me give you a real-world example. Imagine one of your analysts deploys a cloud agent to build a financial model, granting it broad access to your firm's data lakes. Does the agent know what it is allowed to access? Does it understand an ethical wall? Can it tell the difference between useful data and restricted data? Is it violating SOX controls or creating a toxic access combination, a threat actor could potentially hijack? In most enterprises today, the answer is unclear, and that's a big problem. You cannot govern what you cannot see, you cannot secure access that you cannot trace and you cannot manage risk when agents, machine and data are operating outside the identity control plane.
Now we are already seeing this in the headlines, an explosion of shadow AI-related breaches, all fundamentally rooted in identity failures. The broader market and more importantly, the regulatory landscape, it's waking up to this reality at a breakneck speed. Around the world, AI governance is moving from policy discussion to operating requirements. We're seeing this across the U.S. Treasury AI risk framework, the EU AI Act, DORA, NIS2. In Asia, you've got MAS and APRA. And the common theme is clear, enterprise must prove control, accountability and data lineage across all AI-driven activity. And none of that works without identity. Consider this.
60% of the 230 control objectives in the financial services AI risk management framework depend entirely on foundational identity security to be able to achieve that compliance. 60%. So simple math, that's 138 of those 230 control objects, right? That's a lot. It's something that cannot be ignored, and it's going to be a big problem. Here's another one, the Monetary Authority of Singapore. This was the MAS I mentioned. strict demands for data lineage, human accountability of governance and it states in the regulation, organizations must, right? Not should, must deploy robust identity and access management systems.
So this is a powerful signal. AI compliance is no longer just about the model governance, right? It's about knowing who or what has access, what they are doing and who is accountable, right? This is what Chandra went through. Furthermore, tech luminaries who once really just touted the limitless power of AI have kind of changed their tune, right? Leadership at NVIDIA, Google, Box and Anthropic. Now they're really urgently calling out for governance.
I don't know if you saw it a few days ago, Anthropic called for a pause in AI development because of this growing concern. Anthropic also recently announced -- published a Zero Trust framework for AI agents, reinforcing the autonomous agents require identity, task scope permissions, observability and controls designed for AI-driven activity, right? So all of this together really serves as a powerful third-party validation, I think, of what we're really driving here and what we're sharing with you all today, and that is the proliferation of autonomous AI cannot be secured by traditional network perimeters or firewalls. In short, agents must be secured at the identity layer.
So when you step back, there are really 3 market forces here that are coming together. The threat landscape, it's expanding. Nonhuman identities, AI agents are creating really this invisible attack surface. The regulatory requirements that I just went through, they're increasing and compliance has shifted from a basic check box to the alternative of severe revenue risk.
And finally, technology leadership is voicing the importance of identity, where identity has officially become the new enterprise control plane. And we are seeing additional signals of momentum building in the market. I don't know if you follow Cisco, right, Cisco's acquisition of Astrix, I mean it's a proof point that large security platforms are moving quickly into nonhuman identity security. New entrants into the market are shining a light on shadow AI and unmatched agents. And CISOs and CIOs, well, they're increasingly recognizing that their ungoverned AI, it's not a future problem, right? It is already emerging inside their organizations. And when you bring this together with market sentiment, the technology leadership, you throw in their auditors, what are they saying or all agree on that identity security is a critical infrastructure necessary to effectively govern AI.
So let me leave you with this noodle, right? Identity is the central control plane for enterprise security. It's not just about securing the agents, but it is about the platform to secure your enterprise. It is the common fabric that brings the endpoints, networks, applications and data all together so you can properly govern and secure your enterprise. All of these create a powerful tailwind for SailPoint and accelerate our go-to-market opportunity.
So with that, let me now invite our Chief Commercial Officer, Gary Nafus, to dive into more details on our go-to-market strategy.
Are we going to do. Let me just give it 1 minute. It seems like we're good. Just look okay. Good morning, everyone. SailPoint is attacking this $90 billion TAM that you've heard about this morning with a ton, a ton of momentum. We're attacking this with a maniacal focus on customer success and time to value. So as we scale, we are taking significant market share from the incumbents. Over just the past 2 years, we have expanded our leadership position by nearly 5 points to capture 23.2% of the market, while the rest of our competitive set has either stagnated or actively regressed.
According to Gartner, the IGA market grew 15% last year. SailPoint alone captured nearly 38% of that total market growth. And most importantly, our unit economics and our customer health metrics are stronger than they've ever been. But the best metrics that support the momentum in our sales are the leading indicators such as pipeline. Our pipeline for the -- these advanced capabilities of AI have doubled every quarter since we launched our product. To maintain this growth trajectory and capture our disproportionate share of that $90 billion TAM, we're aggressively executing on 3 strategic go-to-market priorities: capturing new logos, accelerating our multiproduct platform adoption. The third is modernizing our customer base.
And so here's what gets me really excited. We're innovating within our go-to-market strategy, leveraging AI internally to unlock significant acceleration in our sales cycles, our customer time to value and our product expansion. We're going to show you a demo here shortly of some of these capabilities.
Okay. Moving on to land and expand. So we have -- SailPoint has an unmatched opportunity to land and expand. We are looking at a vast largely untapped market that is reacting to a ton of market pressures. There is an urgent now board-driven mandate to modernize these fragile legacy identity stacks. This imperative is backed by agentic-first budgets, enforcing the need for access governance. These are budgets that SailPoint has typically not accessed. These are outside of identity, outside of the CIO office, all new budget pools that are now addressable by SailPoint.
And we're making it super easy for and seamless for our customers to modernize their solutions with limited risk. These are push button like upgrades that just didn't exist 6 months ago. We have brought new deal constructs like Flex Modernization to streamline our customers' upgrades. And this is fueling the fastest acquisition growth for SailPoint, which is to liberate the legacy IGA market. There sits out there $3.2 billion in legacy run rate just sitting in these legacy solutions. These foundational IGA programs can't meet the modern demands that enterprises need. And when we upgrade them to our agentic suite, we see a 3x plus expansion opportunity put in play.
By solving today's immediate identity pressures, while building on the realities of agent identities for the future, we are not only protecting their business, but we're accelerating ours. We effectively turned that $3 billion legacy target into a $10 billion expansion opportunity for SailPoint. And today, with SailPoint Agentic Fabric, we have these new selling paths to engage into this opportunity. We have 4x the number of ways that we can land new logos just in the past 6 months.
We can land human, we can land agentic, we can land both or we can have a web strategy. And we have 2x our selling motions via our agentic specialty sales teams, which now allows us to engage these new market buying personas and these new budgets. This market is quickly realizing that competitive architectures cannot survive in this AI era and competitive displacement has become our fastest-growing acquisition channel, which is part of the reason why we see that 2/3 of our new logos come from failed competitive deployments. This opportunity is massive, and we are primed to own this.
Let me hand it to Steve to take you through some of the platform growth opportunities that we have.
Thanks, Gary. As Gary had mentioned, we have more ways to land than ever before, whether that's landing agentic, landing human, landing with the platform advantage, that wedge strategy, landing up against the competitors. But just like we have new ways to land, we have more routes to market for the way we can land, whether that's through direct sales, our indirect sales team, our MSP channel, our marketplaces and more. And we have more ways once we do land in terms of how we can actually expand to create deep compounding platform stickiness.
And when a customer lands with us, they quickly realize that identity is that central nervous system of their enterprise. They don't just stay for core governance. You heard that from Chandra. They see the vision. They rapidly expand to manage other identity populations, whether that's nonemployee, maybe nonhuman identities and also agents. And then with the success of the SpaceX IPO, maybe nonhumans in space, too. But customers mature from this static governance to real time and then being able to eventually get to that end stake, which is autonomous governance, the agentic governance, utilizing more and more of the platform.
They govern all identities, obviously, under one unified platform. They secure more use cases, whether that's data access governance, GRC and just-in-time authorization. They'll leverage the extensibility of the platform to integrate with the SOC, create workflows via shared signals and allow for real-time remediation. And as a result, we're seeing a record number of customers standardize on 3 or more modules. And this platform expansion, which we're really excited about, massively will be accelerated by our recent announcement of Entro Security.
If you think about Entro today, their agentic capabilities give us deep into software life cycle management expertise, allowing us to secure not just the agents themselves, but the actual secrets, the tokens, the credentials, all those things that make up the workload of what an agent does. And by bringing agent governance with deep technical secrets protection, we are providing the customers -- our customers with the most robust unified security solution on the market while decisively widening our competitive moat against the agent security solutions, those point solutions out there.
We do feel like that market itself is actually commoditizing, in some cases, now consolidating as well. And our product adoption strategy is really simple. It's provide quick time to value, really drive that blueprint so our customers are successful over the long term and then more importantly, just be there all along the way. And just speaking about being there all along the way, here's a quick illustration of one of our customers in oil and gas and their expansion journey with us over time. When customers move from IdentityIQ like this customer to Identity Security Cloud, they're not just upgrading their technology. They're making this multiyear commitment to modernize their identity security program and effectively readying themselves for the future.
And in this age of AI agents, this customer knew early. They knew real early that you cannot just manage agents in isolation. You just can't manage human isolation. They have to come together to see the full context. That's why in this case, you saw the identity team come together with the AI team to make this decision and leverage budget actually from the AI group. And they understood that every AI agent, every automated process, every bot needs the identity and criticality of a unified control plane. And every security leader, especially at this example, you cannot -- they could not see a fragmented landscape with fragmented tools. They knew that they needed a unified control plane as the tool of choice, and it was the basic starting point for modern security.
They knew the connection between the human, the agent, the agent to the machine, the machine to the data and then a unified policy around that. And our platform delivered that for this customer end to end. And it led to a 20x increase in ARR and most recently, a 50% increase in ARR when they enable the agentic fabric to govern agents and nonhumans via that unified governance model.
So finally, we have significant opportunity to modernize our base. It's exciting. You'll hear from Brian later that we have about $350 million that still sits with our IdentityIQ customers, which represents about $1 billion or more opportunity for SailPoint. But much like the example that I just shared and the technology shifts that we're seeing in the market, the tailwinds that you heard from Matt, there's more reason than ever to extend beyond just human governance. And SailPoint has created glide path for these customers to the agentic suites that derisks the move to the cloud. And it starts with commercial constructs. Through our Flex Modernization program, we co-invest with our customers to remove any financial friction and allow them to adopt the platform as they mature.
And from a technology standpoint, we have moved from a migration to an upgrade. This is a technological paradigm shift. Transition to the cloud is no longer this high-risk heavy lift migration. It is a seamless platform upgrade. And we have eliminated the biggest barrier to modernization that drastically reducing the professional services burden by almost 80% to 90%. And we have moved to what we call internally a proof-based methodology, which leverages forward deployed engineers and virtual agent architects that is truly game changing. These architects are our IP, our institutional, our best of the best in terms of talent in the business, effectively becoming a digital twin to help migrate our customers to our cloud solution.
So with that, let's have Jeff Hickman, our SVP of Solution Engineering, join us on stage. Jeff?
All right. We get the demo set up here. All right. Before we jump into the demo, a couple of slides as they get that queued up. So good afternoon, good morning, everybody. We're very excited to showcase this innovation. It's been talked about a couple of times throughout the day. And if Flex Modernization was the license unlock, what we're talking about now is another unlock. And that's really the unlock of the cost and time of modernizing. And it's driven by the SailPoint Agentic Acceleration methodology, which is powered by the virtual architect or the set of agents that Steve mentioned.
And this is an AI-powered capability that automates and accelerates the transition today from an on-prem IIQ environment to the cloud or the ISC environment. And one of the hardest things about doing these modernizations is really untangling years of custom code, custom workflows. And if you think about it, dozens of people, if not hundreds of people and partners probably have touched these legacy systems. And it creates a complex environment and a complex code base with very little documentation of what's really under the hood. So unlocking that legacy stack is used to take months of, frankly, human analysis and consulting.
And so the solution now is a no-cost AI-powered virtual architect trained with over 20 years of SailPoint IP and the know-how that completes a production-ready ISC instance in a matter of hours and days, not months. And in many cases, modernization becomes just as easy, if not easier, than a standard version upgrade. The virtual architect has derisked this transition and creates value day 1. This is really the game changer when we talk about that $1 billion unlock of our greatest asset, which is our existing customer base.
So one key point as we move to the next slide, I want to emphasize here that this virtual architect, this is not a translation. We're not transposing code. We're not copying, pasting code from one environment to the other. This is truly a virtual architect that requires and is built on intelligent transformation. And this is the magic as we've ingested or input 20 years of knowledge into this architect and there's insights from all of our top human architects into this to create a skills database that trains this virtual architect. And this SAA methodology combines deterministic engineering with nondeterministic LLM-based models, all informed by these architect curated skills. And so the virtual architect transforms your legacy investment into a modern, scalable cloud environment ready for rapid innovation.
So let's quickly review how this works. So what you see on the slide is just the macro process. First, we ingest a customer's IIQ configures and the virtual architect gets to work. The virtual architect automates the analysis, the planning, the building and the deploy to create that functional ISC environment. The virtual architect performs the heavy lifting, which -- of parsing that IIQ environment, mapping the dependencies, and it does it within a matter of minutes, really. And from there, it moves to the plan build and actually deploy.
And crucially, as I want to highlight here, there's still a human in the loop here and a human along the journey the entire way because they validate the build, they validate that everything is working. If there's things that need to be adjusted or fixed, they jump in and they can do that. And what's interesting is that starts to create a self-learning, self-healing capability because everything that we find that we haven't seen before, we then build a new skill for that architect.
So this is the flow that we'll walk through. You'll kind of see this represented in our virtual agent here in a second. So let's just dive into that. If you want to switch to my screen here locally, we'll walk through what this starts to look like. So if we can switch to my laptop. So one of the things you're going to see as we get into this, unplug and replay the old tried and true.
Okay. Here we go. Now we're working. Cook with gas. All right. So what we're going to see here, I was going to say under the covers. We talked about this being our virtual architect. This is really a multi-agent architecture under the covers. So we have 6 orchestrator agents with 36 agents working under them. with 137 subagents working under there, all trained and working on these skills that we talked about translated from our humans. So this is -- while we talk about the virtual architect, this is a complex multi-agent system that we have built ourselves.
And so as we say, we ingested what you're looking at here, we've already ingested a customer's IIQ instance. This is actually a -- or this is a real customer. We've anonymized it. Normally, the customer's name would appear here. And we land on a report card. This is what you're looking at. And so this is our full blueprint of what we -- what the agent has discovered within that analysis of the IIQ environment. And I'm going to jump into or just highlight a few things.
First, I want to key in on 79%. The agent and the architect has said, in this environment, effectively round up to 80% of it can be automated through what the architect knows how to do. That only leaves 20% that the humans have to intervene. So if it was a 1,000-hour project, it becomes a 200-hour project.
Another thing that I want to highlight as we think about this environment, we talk about sources here, 748, 750 sources. These are applications that are connected. This is a complex environment. What you're seeing here for this customer is not just a vanilla easy layup, if you will. This is a very robust -- there's 2 authoritative sources in here, human capital management systems and then 746 connected applications through this environment. We've discovered or the agent -- the architect has discovered 19 core use cases across the system. And so now we've got a view of what do we see in that IIQ environment. And as we scroll down, you can see our -- effectively our pipeline that we saw on the slide previous. This is the analyze, plan, build, deploy. These are all the stats and activities that were underpinning at each of those steps. You can see that those steps are complete. We have run this through the entire process.
As we scroll down further, we have some more report card stats in this case, highlighting we have about 6,000 hours effectively remediated. That 80% in this case, translated to about 6,000 hours of human work that did not need to take place at this point.
Scrolling down further, I want to highlight a couple of things. And so life cycle events for folks that aren't steeped in identity like some of the folks in the room here from SailPoint. I want to highlight life cycle events here. And this is kind of a simple process. These are bread-and-butter use cases for identity, and we're going to jump into the new hire process. So think about this. Everybody -- when you guys got hired at your jobs, you walked in day 1, and there's an e-mail waiting there that says, welcome, Jeff. We're super excited to have you here. Here's how you access your systems. Here's all the things you can go do. Well, that e-mail is a complex orchestration under the covers of a lot of things going on, and that is very -- as nice as it is for you walking in day 1, knowing you can get ready and start to work, there was a ton of work and IIQ or ISC helps make that simple and automated.
So this is the new hire process we're into. And I want to highlight a couple of things here. One is right up here, which says, in IIQ, we had 9 artifacts. Think the artifacts as a workflow or a set of rules. We had 9 discrete artifacts that are now being translated into 5. I mentioned this is transformation, not transposing. We're not copying and pasting. It's not 9 to 9, it's 9 to 5.
And what's interesting in this, and I'll zoom this a little bit so we can kind of see what the agent is telling us is, hey, a lot of these things are going to collapse just into standard configuration items in ISC. We don't need them. We don't need to copy paste it over. But there is one thing it kind of called out, which is this send welcome e-mail. We need to have one custom cloud workflow that we're going to go build out of this. And so I'm highlighting this. Remember this SAA joiner, send welcome e-mail workflow because the agent had to go build that in ISC. That's what it's telling us here as it's going through its work. And so we'll close that off.
But you can start to see -- as I close that out, take a look at the numbers here, 30 to 4, 7 to 3, 7 to 3. You start to see the consolidation or the mapping of what used to be complex and in ISC, it's all code. You're coding all of these workflows, lines of code living in IIQ, sorry. And when it goes to ISC, it needs to map into a SaaS environment, which is largely configuration or declarative based. So the architect knows and knows how to do that and makes that intelligent decision.
If we highlight here, overall, if you think about all of those boxes of reductions, what we're saying is the virtual architect has figured out how to reduce complexity by 55% moving from IIQ to ISC. That's a 55% reduction in technical debt, things that people have to manage and maintain at a code level. It all becomes much more of a declarative instance. So this is the overview, a ton of great insights. That's at the macro view of what the virtual architect has discovered.
Let's go to the micro. In the micro side, this architect has actually already built all of the documentation for us automatically. We have our requirements in our solution design document. Think of this as what you would hand to of the 20% that I was talking about before that still needs to be created. We now handle those humans the blueprint for what they need to go create and it sits inside the design documentation. We've got a full upgrade plan. We've got a report card. So we can dive into these, we don't need to go through them. It's a lot of text, but it's a lot of insights.
And so for customers for -- as we go in and explain what's happening and what the process and what this blueprint looks like, we can just -- we can give them all this information. We can show them in detail what we're mapping from one environment to the next. And that's kind of static, right? Those are reports and things we've already created, but this is actually a live -- we can talk to our agent. And we have the ability through an inference window here to start asking questions.
So I wanted to -- I'll give it a softball question, just how many workflows are going to be in IS. And as it is chewing on this, it's actually using -- we're bringing a language model into the world of effectively IIQ. If you think about it, we're taking a look at that environment. And now the agent is coming back with insights. We have 87 workflows. And effectively, you can just have a conversation with this architect, and you can start to understand what's inside that tangled web of years and years in IIQ of the build.
I actually did something -- I was thinking about this on the plane last night. I asked it another question, which was -- and this took a little bit longer, so I had it queued up here. But I said, do you have any concerns -- are there any security concern, any vulnerability concerns with your current IIQ environment? I'm not saying anything about moving to the modern platform. But you can see here the #1 security concern for this customer came back that said, holy smokes, you've got hard-coded credentials and API keys inside your code.
So if you listened to the presentation before, that is the opposite of zero standing privilege, whatever -- it's the complete opposite of that. And so we can go and we actually had this conversation with the CISO of this customer, and we were able to come in and say, look what we discovered within your -- just your IIQ environment. There's a lot of items in here to be remediated. And it opened their eyes to not only how do I protect by moving forward. And oh by the way, there's a recommendation in here, if we can see this, which says, hey, by the way, if you -- if we do migrate to ISC, when you do that, there's standard configuration items that are capabilities within ISC that would remediate this automatically and prevent it from happening. It is a way of moving into a best practice posture when you move to ISC.
And so not only are we helping them with the vulnerability they've got today, but we're mapping to the future of how do you remediate that going forward in ISC. So pretty powerful to not only have a macro report card, a capability of full documentation, a way to interact with that agent in a real-time basis. But if you recall, the last step in our pipeline as we went through was build deploy. And so this agent has an architect has gone in and said, "You know what, let us just get going, and we'll build that ISC environment for you."
So what you're seeing is a live demo environment that was created by the virtual agent. You can see here on our homepage, the certification campaigns. These were configured in items that were within their IIQ. There are 6 certification campaigns that are in here. They came over. They're already working. We can demo those certification campaigns straight away out of the box. All of that data came with us and all of those workflows came over, transposed from the IIQ environment.
So I want to jump in. Remember that workflow we talked about as far as the new hire goes. Well, if I jump in, here's our SAA welcome e-mail. So again, this is the welcome e-mail. This is the description of what that e-mail is. But if I want to really go see what that looks like, remember what I said, this was code, right? This was a set of workflows and rules effectively that were coded into IIQ. And now all of a sudden, those -- the agent has built that and it's come to life in a declarative form within ISC. And now what's amazing about this is it doesn't require a developer like you used to have in the IIQ environment where you had to go manipulate code.
Now you're an administrator that can use declarative tool sets to make changes into this workflow. And you can see it's quite complex and quite robust. This customer did not want to change what this workflow was. It was -- they liked the workflow. They wanted it replicated and the agent and architect have built that over here in ISC, quite powerful.
And so what's this provides a platform, right? What else can we go do with this? And so what I've just shown you is how do we move IIQ to ISC in a kind of similar like-for-like feature function kind of way. You have to do the translation, but it is the like-for-like. But what happens if I want to start layering in all that innovation that Chandra was talking about, discovery of agents, the power of the platform getting in and using the power of the Atlas platform. Well, one of those capabilities that lives within our platform today is this -- is our identity graph, right?
And so this is a great way to visualize these identities. Dawn Oliver was an employee that lived in IIQ. Now she's living in ISC. We brought her to life here. You can see her access profiles, her roles. All of our entitlements came over. And I want to blow out her entitlements real quick. And so what you're seeing here is all of her entitlements, we can see those. There's one line in here, which is yellow, if you can actually see that right here. And this thing -- this entitlement is actually to an agent.
Well, we didn't have agents in IIQ. Now that we're running an ISC, we can start to layer in, in a demo fashion, all of the amazing innovation to bring to life for a customer when we're demoing this, hey, look, now you're on a platform that you can start to ingest all of this amazing stuff. And so if I go look at this agent that we had discovered, this is a payment history agent, has 4 entitlements itself. And I'm going to go into the details here. And I can see a lot about this agent.
But what's interesting is, right? The source says AWS SaaS. This was discovered. We connected this to a Bedrock environment. We pulled back and brought this agent, discovered the agents that were living in Bedrock, brought them back in. We've already discovered them, visualized. But what's amazing here is I've just -- we've assigned the owner. And so now what we're showing is we've moved from discover, visualize to govern and protect, right? We're able to start showing that path. And we can demonstrate that even though this was an IIQ environment and we walked in to do an IIQ demo, now all of our folks and our sales engineers can say, "Hey, here's what else you can start to go do. Here's why this is an acceleration path." And it unlocks all of the other capabilities of SailPoint for these customers, and we can visualize that walking in day 1.
So this becomes an amazing platform to jump off. If you think about this from a go-to-market perspective, what we are able to do now is as we walk into a customer's environment, we can not only show them the blueprint, show them what we discovered or show them what we've analyzed within the IIQ environment, but we can show them what it looks like working, their workflows, their data with our new innovation working alongside that. And all of a sudden, the light bulbs start to go off as far as what the future looks like in a much faster way.
As we think about innovation here and thinking about that go-to-market posture, this engine effectively is a paradigm shifter for us because what our virtual architect knows how to do very well is speak ISC. It can build ISC from a set of artifacts. And the artifact in this case was an IIQ config. We are working on other artifacts. Imagine a world where we have RFIs or RFPs that come in with the outline basic use cases. Well, we know what those use cases kind of look like when a customer says, "Hey, I need to do a new higher workflow use case." Well, we know what that kind of looks like. Our agent can go stand that up for you.
And so instead of coming into a customer's environment and PowerPointing them, we can come in and say, here it is. Here is what it looks like working. And so that goes for new logos like Gary was talking about. It goes for the unlock of legacy platforms as we start to teach our architect how to speak other legacy platforms. This is a true unlock across not just our customer base, but a paradigm shift across our go-to-market here.
So with that, I want to come back to -- I got one more slide to present as we wrap up. So if we go to the next slide, come back to the power -- PowerPoint here. Okay. Perfect. So as we wrap this up, as we just saw, we're investing in no cost to our customers to use our virtual agent. And our goal is to accelerate our customers' journey to the cloud, preparing them to take advantage, as I said, of all this new innovation driven by this nonhuman explosion.
And if you think about this massive shift, like I said, in that very first meeting, we can sit down with the customer, show them the blueprint as well as their live data working within a live environment with their data, their workflows. We can eliminate hours of collection of information, analysis, demo creation, PowerPoint theory. And if you step back, we're -- it means we're moving to a world where we can sell and almost simultaneously deploy, and that is kind of the true north of where we want to go.
So perhaps most importantly, the virtual architect allows us to leverage our customers' investment that they've already made. That investment in IIQ is no longer a sunk cost. It is an accelerant into this way -- into this world. Their ISC environment has stood up much more intelligently because of that past investment they've made in IIQ. It brings the customers' identity IP is effectively if you think about it that way, into the cloud quickly and at a much lower cost, enabling the ability to rapidly adopt our latest innovations here that we saw this morning.
So it is a good segue. This all sets the stage for kind of this next bit of discussions. If we've won -- we're starting to unlock this blocking and tackling of IIQ to ISC and how do we use -- it starts to free up human time. And so how do we use that time and mind space freed up for -- from those lower-level tasks to do much more strategic things. And so I think that's a great segue to bring up my friend, Rex Thexton. He's our Senior Managing Director from Accenture to give his perspective of what he's seeing in the landscape.
So at Accenture, you have a front row seat, a catbird seat to boardrooms and C-suites. And I'm -- we've been telling investors today that this explosion of AI and agents is really creating a massive inflection point for customers and for us, frankly, about how you rethink security and strategies. So from your vantage point in this agentic shift, what are the frameworks? Why are the frameworks that are built for human-centric governance probably not sufficient in this new world?
Yes. No, I think it's a great question. So I'm just more back, I'm our Global CTO for our cybersecurity business as well. And I think over the last 30 -- how long it's been 3 or 4 weeks, we had this thing called the Mythos moment, right? Everybody was concerned about vulnerabilities and all these different aspects. And what it fundamentally taught people is nobody is prepared for what the Frontier models can unlock from a security perspective.
And then if you look at where identity sits in that big picture, but all these agents can do and drive that, identity is the control plane for people to be able to unlock agentic identity in their environments. If you don't know what the agent has access to, how it has access and what it can do, you are in big trouble. And I will give you an example because -- reason I brought up this Mythos Frontier model. When we started looking and running tests, you can -- one of the things was it can find vulnerabilities, right? That's step one.
Step 2 is it could find novel attack path. When we found these novel attack paths, you know what, the funny thing was 80% of the way to break the attack path was either -- was to do an intervention with an identity capability, being able to go in and limit or revoke an identity or a token or something. The -- a lot of them were that related versus just patching this CVE will break the chain. A lot of the minimum cut pass were identity related, which I found somewhat surprising from that perspective just initially, but that was just fact-based data as we went out and mine these attack paths with some of the latest frontier models.
And so that is super important from an unlock perspective. I think if you look at what clients struggle with, and this is what we see every day is, hey, I've got this human identity infrastructure. First, they try and adopt it and use that for nonhuman and they struggle pretty adamantly with their legacy tech solutions. So one of the things that we've been very focused on, and I think we talked about this last summer is about getting our clients to modernize at little to no cost.
And the funny story about that was one of my favorite consulting story is a few years ago, there was a multi- conglomerate that wanted to break away and had to take their identity system. And I remember one of our lead consultants in the time, the client -- he said, yes, we're going to go man, we're going to configure this infrastructure. We're going to do all this stuff. And the clients say, so what do I get? And he goes, nothing. That's it. And I thought that was funny because that's what we're getting rid of, right? We're able to get them so that they can start unlocking the value of agentic identity.
And I think there's this other aspect. If you watch some of the Sequoia talks, they talk about this concept of diffusion, clients can't unlock -- they can't keep up with the frontier models from being able to unlock the power of AI. And part of that is they all sit there. Every conversation we have is how do we do this securely? How do we do this securely and being able to leverage agentic AI. And so there's -- first answer is nonhuman identity and being able to make sure that you know what your agents have access to, what they can do and the context in which they have it. That's step 1.
If they don't do step 1, what they end up getting is -- and I was at a client the other day, and they ran a shadow AI discovery, they found 1,000 agents running on their network, tokens everywhere. And that is a big problem. And that's happening no matter what. So either cut it all off or they get identity under control and then they can adopt from that perspective. That makes sense.
Yes. Super helpful. All right. So let's talk about some execution of our massive installed base that we kind of walked through. And we introduced, obviously, the SailPoint Agentic Acceleration here today, which is heavily automating this transition. And a natural question from really the larger community might be or probably should be or will be, how will this agentic innovation reshape the services industry from the traditional implementation as those traditional implementation models evolve and as more of this modernization becomes automated, how should we think about the potential impact on partners for that?
So I think it's a different type of impact. So we've been shifting to an outcome-based model for quite some time. And where we see the value is being able to unlock. And if you look at what we're trying to do is provide the best outcomes for our clients. And a lot of times, in the early days of identity, we can only cover the SOX apps or the regulated apps. We can only cover a portion of the estate. That's no longer going to work.
So what we're able to do now is instead of spending money on that what I call the sign field phase, the nothing phase, we're able to go in and get that done and then go in and scale the estate and help our clients scale. I think there's no one better positioned than SIs in the world to be able to go in. We've been doing this for years. We've been making SAP work. We've been making the identity tools work. We've been making everything work. We have that institutional knowledge on how to best integrate and implement these capabilities from a Frontier perspective.
I think that's what's unique about us. And so we're shifting to what we do best versus spending time on what I would call the mundane, and we're able to go in and start unlocking that high value and helping our clients deliver those outcomes that they're looking to deliver, being able to leverage this new technology. I mean it's probably the most exciting time I've ever seen in my life. I think the biggest issue that I see out in the market is our clients aren't moving at AI speed from a procurement perspective. They're still trying to go through and evaluate.
And I think one of the things that we talked about early on in our partnership was how do we help our clients unlock because clients don't want to buy another tool. They've had these processes for regulatory capabilities. There's a huge data switching moat around just the human. And if you're going to go reimplement those in a new tool and different policies, it doesn't make a lot of sense. So they expect their vendors like SailPoint to be able to come in and be able to provide this nonhuman identity capability and being able to unlock and get there faster allows them to be able to unlock the agentic future in their enterprise with that new control point.
That is super important. And that's why we've been pushing you guys pretty hard to come up with something like this so we can get in there and start doing it faster because if the first inhibitor is cost and time, that doesn't work. And so if you take time, costs and uncertainty out of it because a lot of clients are afraid to migrate because they're stuck in this mode of, I don't understand what I have today or I do it this way. And there's this -- what I call this fear uncertainty and doubt. If you're able to unlock those 3 things, time, money and confidence, then they can move at pace and then unlock the future, which is this agentic world. And that's how they're able to provide outcomes to their clients and to their Board and to their bottom line.
You said this before when we've been talking, the work doesn't go away, the work is just different. And I think that was really more of it. Well, awesome. Thank you so much for joining us today. This is great.
I'm going to turn it back over to Mr. Steve Caldwell to take us home for the go-to-market here.
That was good stuff. Our operational rigor, we talk about this quite a bit, sets us apart, and we've been investing in AI across SailPoint. Since the inception of ChatGPT in November '22, we've been early adopters. But we do live in this world of what we call internally institutional deep fakes in enterprise software where you can vibe code and you can vibe code something that seems real. You can vibe code something that can be a great POC as well. But buyers, as you heard from Jeff and Rex just moments ago, need to really change the way they evaluate enterprise software.
I think profound trust and integrity becomes more essential than ever before. And you think about the market of IGA and you think about how IGA has evolved into identity security, IGA going to the edges and governing more identities is effectively identity security. But IGA in its acronym form is more important than ever in the age of AI. You think about the acronym. Identities, there's more identities than ever before. There's more governance that's required than ever before. There's more administration that's required as well. Thus, the financial and security risk of a failed deployment are just simply too high in this world where AI is just moving so fast. There's no time to ever catch up if you get that decision wrong.
So that's why we operate now internally as something we call the velocity of trust, which is a paradigm shift in the way we sell. You heard a lot about that from Jeff moments ago in terms of our capabilities in this area. It's moving from what we call a promise-based selling where you're making a bet and then you're hoping -- you're going through an implementation, you're hoping it pays off to moving to proof based where you know upfront that you're making an investment that's going to have a return. You know you're going to be successful.
And so by utilizing Agentic Acceleration, we absorb the risk for the clients. It's the buyer, it's risk on the vendor being SailPoint. And we have a complexity that sometimes gets associated with governance or legacy IGA or competitive IGA. What we didn't mention was our Agentic Acceleration can be applied to legacy IGA. It can be applied to competitive IGA to make those transitions to SailPoint that much more effective and timely. And this allows us to simultaneously sell and deploy all at the same time, which we believe is a financial and operational motion that the competitors, the market itself cannot match.
So with that, I'm going to turn it over to Wendy Wu, our Chief Marketing Officer to share the successes we're seeing with customers, the analysts and then also share with you our pricing and packaging model.
Thanks so much, Steve. Hi, everyone. So at SailPoint, the ultimate foundation of our business is the trust. We're not a point solution. We're the definitive system of record for identity security and serving the most complex organizations on the planet. Today, we protect over half of the Fortune 500 and nearly 30% of Global 2000 from Forbes. These are organizations. They operate in a highly complex and hybrid environment under massive regulatory pressure.
They chose SailPoint for one single reason. We scale and we deliver. And you can see that trust in our retention rate at 97%. And that speaks to the stability of the business and the critical role that we play for our customers. When SailPoint is deployed, we become very hard to be replaced, and we're deeply embedded in our customers' cybersecurity defense.
This level of trust is validated by major independent analyst firms as you see here. In the most recent IDC MarketScape and KuppingerCole Leadership Compass, SailPoint was positioned as the undisputed leader in identity governance, and we stood out for our market leadership and our vision. And most importantly, our customers have spoken. Their feedback earned us the Gartner Peer Insights Customs Choice Award for 2026. So for us, these recognitions really matter because they reinforce what we see in the market today.
Customers want a platform that they can trust for mission-critical identity security needs. And that trust gives us a very, very strong foundation to expand and evolve our solution. And that allow us to capture the next wave of demand as identity expands from humans to nonhumans and agents.
So I know you guys are wondering how do we monetize our product portfolio. Up until recently, our commercial baseline was built primarily around our identity security cloud suites, standard, business and business plus. And built on our foundational Atlas common services, these suites, they deliver the comprehensive out-of-box governance for human identities. Customers can easily expand with the advanced add-on capabilities such as nonemployee risk management and several others.
But the enterprise buying behavior is shifting. Customers, they want commercial investment that can perfectly align with their maturity without a rigid lock-in. That is why we created SailPoint Navigators. They are the flexible purchasing pathways that let customers buy and adopt exactly what they need. And it simplifies the procurement process, accelerate the sales cycles and create a frictionless pathway for future expansion.
Now while securing human identities really drives our baseline, the market is moving incredibly fast, and we are launching the industry's shift into the agentic era. Today, the most urgent operational risk is really the explosion of the unmanaged AI agents and machine identity that we've been talking all this morning. So to capture this market shift, we have evolved our market entry and packaging strategy.
For the very first time, customers do not have to start with the SailPoint human identity solution. If a net new logo or an IQ customer, they need to solve their agentic identity problems immediately, they can purchase the SailPoint Agentic Fabric that we just launched as a stand-alone solution to secure their nonhuman identities. What this means is it unlocks a massive new TAM for us. It allows us to really capture the enterprise who otherwise would have turned to our competitors.
But as we said, the ultimate security for enterprise can only be achieved through a unified control plane because you cannot secure agents in their own silos, and you cannot fully govern these agents without mapping its access and its accountability back to its human owners. So to solve this, we have introduced our agentic business and agentic business plus suites. They unify both humans and agents under one control plane.
For our existing customers, the upgrade path is completely seamless. Customers can step up directly from business to agentic business or all the way up to agentic business plus as their needs mature. And customers who are already on business plus, they can move directly into agentic business plus. And each upgrade represents a seamless journey with a corresponding price increase to cover the extra value we deliver. So this is the future of our business.
As our platform continuously discover more unmanaged nonhuman identities customer, naturally, they will see more risks in their environment that they want to keep under control. So that creates a very compelling reason for them to expand their footprint and turning the agentic fabric and agentic suites into a highly scalable growth engine for SailPoint.
Now having talked about the packaging strategy, how do we price for this shift? Let's keep it simple and predictable and really monetize the growth through a hybrid pricing model. As we know, legacy-based pricing alone today is just not adequate anymore. It does not fully capture the reality of the modern security. AI, eventually, they may optimize the number of human workers. But at the same time, it is also causing machines and agents to explode. If we only charge per human, we miss out the massive upside we have.
At the same time, the reality with our customers is they are very, very hesitant to commit to large upfront payment because they simply don't know how many agents are there in their environment that they need to secure. So our hybrid model solves this by balancing the budget predictability with value-based scaling. We land with seat and we grow with extra capacity.
To make this initial landing completely frictionless, our commercial anchor remains on the predictable human identity licenses. But to remove the upfront guesswork, we include a generous baseline of nonhuman identities with every single human identity that you purchase. This really allows our customers to safely discover and secure their agentic identities on day 1 without having to worry about immediate overages. Then as their environment grows, they're likely to exceed that baseline. Now they can scale seamlessly by purchasing our modular capacity packs. And this ensures that their ongoing financial investment scales in proportion with their actual platform usage, such as the increase in their agent volume, the API calls they're making, the workflow automation, data retention and data refresh.
So here is the bottom line. We eliminate the initial buying friction to accelerate immediate adoption. And as customers' AI and automated entities multiply, our revenue will scale in locksteps, and we're directly monetizing the explosion of agent-driven work.
So to bring it all together, we have the trust of the world's largest organizations. We have the leading platform to secure these new identities of human and AI agents. And now with our hybrid pricing model, we have the commercial engine to capture the financial upside of this digital explosion. As our customers' environment grow more automated and complex, our revenue will scale alongside with them. And we're not just securing the future of the enterprise, we're actually building a scalable and predictable growth engine to go along with it.
Thanks, everyone. I'll bring it back to Scott.
All right. Thank you, and thanks, Wendy. Thanks, team. That was a lot of information this morning. I hope we found it valuable. I'm going to call a little audible. We were supposed to do Q&A, but I think instead, we're going to add some time to the end, and we're going to go to break, let everyone stretch your legs, get a snack, use the restroom. So we'll be back in about 10, 15 minutes, and we'll start back up again. So thank you all.
[Break]
All right. Welcome back. There's a lot of things that go into an event like this. And I got to say there's a lot of people to thank to help us prepare for today. The one thing I didn't have on my list was a fire alarm. So I will add that to my checklist. I apologize for that. But anyway, look, we got a lot more content this afternoon, and then we'll get into the full Q&A. So with that, let me introduce Meredith Blanchar, our Chief Customer Officer.
All right. So I hope you can join me. I'll introduce you. So hopefully, no fire alarm. So this morning, we spent a lot of time talking about SailPoint's technology. But the reality is that major technological shifts like this are never just about the vendor. They really require this true forward-thinking partnership between the vendor, the customer and the partners like Accenture. And what our next guest and his organization have achieved in terms of modernizing and securing their identity perimeter really does deserve to be in the forefront. And honestly, we're just incredibly proud to play a supporting role in your story.
So what I want to do for this session is flip the script a little bit. And instead of talking mostly about SailPoint, talk about the incredible transformation that is happening at one of our customers, the Vanguard Group. Vanguard has been a customer of SailPoint, a great customer for 10 years, and it's been really fun to watch how they've matured. And talking about AI, they're not just starting to adopt AI, they're actually actively using it to design behavioral nudges to help over 50 million clients make better investment decisions. They rolled out tools like Expert Insights that gives their financial advisers things that like superpowers, they can personalize their portfolios at scale. And then they have -- it's called the Well on Your Way platform. And I actually saw a commercial about it the other night, and it was really interesting. It uses AI to analyze 35 million, 35 million data points to help employees improve their financial well-being and move closer to retirement.
So with that, I want to welcome our guests Srinath Chigullapalli, who is the Global Head of Identity at Vanguard. So Srinath, thank you so much for joining us. I appreciate you taking the time out of what I'm sure is a very, very busy schedule to share your insights with us today. It's fantastic.
Thank you, Meredith. Can you guys hear me? Okay. Perfect. It's great to be here today.
Okay. Well, thank you. We appreciate it. So I'll take the context. You manage identity for an organization that oversees trillions in assets. And I want to learn more about your role and Vanguard in particular, but -- and then understand with all these massive AI initiatives that are rolling out, what's the most exciting AI initiative in your world right now? And then more importantly, as Global Head of IAM, how do you help balance this need for massive innovation yet keep things secure?
Great question. So just for everybody's benefit, like I'm sure everybody has heard of Vanguard, but Vanguard is an organization whose mission is to make sure that our clients have the best chance for investment success, right? Like you know us as a low-cost fund provider, but our goal is to provide the best products at the best price and make sure our clients are successful.
So as Meredith touched on, it's 50 million clients across the world. And we have a workforce of about 30,000 to 40,000 that provides this service at scale, right? So -- and we're a digital-first company. So we leverage emerging technologies to provide these services at scale. Like we don't have physical offices where people can come in and interact with us, right? So whenever we talk about a technology and especially as an exciting technology as AI, we've kind of adopted and embraced AI in a very aggressive way, right? So what's fascinating is the definition of what a user has evolved over the last few years.
When we talk about AI-driven initiatives of Vanguard, whether you talked about the expert insights or benefiting our retirement clients, we're no longer talking about just human beings logging into systems, right? Like the processes behind are pretty complex and autonomous combination of humans, systems and AI agents that act, make decisions and execute workflows, complex workflows on behalf of our clients and advisers. So my role in IAM and broadly across security in our organization isn't just about being a gatekeeper, right?
So especially when you talk about gatekeeper, I think people think of like, hey, somebody is stopping people from doing things, right? And that's not what we want to be. It's about building a robust identity-first foundation of trust, so we keep our clients' assets secure, right? So we want our developers and their business units to innovate at lightning speed, but they need to do it within a secure framework. So if we can secure the identity of these AI agents and systems from Day 1, they give the best chance and the best confidence for our business units to innovate fast.
No, I appreciate the context. And I want to come back to that gatekeeper analogy here a little later in this session. I think that's really interesting. But we have a crucial distinction here. We're transitioning from gen AI as a passive copilot, if you will, to autonomous AI agents that are acting as, like you mentioned, a very large, in this case, digital workforce. I don't know if you're hearing kind of this discussion or debate, I certainly am, especially across CISOs and CIOs. But one of the biggest organizational hurdles they have right now is structure. How do we actually govern this? There's a passionate debate around do we need a Chief AI Officer, do we do this via committee? How do we keep control of it?
So Vanguard is interesting. You're in one of the most highly regulated spaces in the world. So I'm curious how you're thinking about this? Are you looking at a Chief AI Officer? Is it a committee? And then more importantly, your team, how do they integrate or coordinate with this structure to make sure that security is moving at pace with innovation and isn't an afterthought?
Yes, it's a great question again. And look, I'm sure every leader in this room and everybody out there is thinking about the same question, right? So we recognized as an organization very early on that AI adoption and governance cannot live in a silo. Like there's not one person who's going to sit and make a decision, right? So we do have an AI Officer. We actually merged the AI Officer with the Engineering or the Technology Officer roles now. But we have established dedicated AI leadership and cross-functional AI governance committees, right?
So there's executive sponsors and then there's governance committees and decision-makers, which includes business leads because they have a very large stake in it, risk officers or legal teams, privacy teams and technology champions, but the one I just held on to the last but not least is the security organization. So the CISO, myself and the security operations center, we're all part of that AI governance council right from Day 1, right? And I am in security organizations, we all have a permanent seat at the table, and we make it a nonnegotiable principle that AI agent is an identity that we have to do, right?
So when our AI governance leads design the guardrails for what an AI system is allowed to do, what my team translate -- does its translate those guardrails into actionable policies, governable policies, right? So if an AI counsel decides they're going to create an adviser-facing agent that can read portfolio data, we make sure that, hey, like if you rebalance the portfolio, you're not actually executing the trade because that's not the intent of it, right? So that constraint reinforces at the IMC layer, right? But not just in the code, but even in the IMC layer. So because of this tight partnership, we ensure that as AI leadership pushes the envelope on what's possible as a security team, we're right there from -- with the right architecture and the dynamic enforcement.
Yes. So a permanent seat at the table, I think that's phenomenal. So I want to transition now and talk about agentic sprawl or this agentic wave that is coming at us or rather on top of us right now. Enterprises are rapidly deploying autonomous AI agents, and this is creating this massive new risk vector for us. These agents adapt, they learn, they take unpredictable actions, which means that legacy static controls completely ineffective, completely ineffective. In fact, we were talking earlier, we have an internal group, and I was asking one of our data scientists interns. I said, what's the one thing I should know about AI? Just tell me one thing, pick it. And she said, AI agents like to please, and they will tunnel through walls. They will jump over buildings. They will wedge their way through even the slag of cracking the doors to get you an answer to the question it thinks you asked. So that's what we're dealing with here. We're dealing with this and at scale. And that's why dynamic, not legacy static, dynamic context to where governance is essential, absolutely essential to secure us in this day and age.
So again, Srinath with Vanguard operating under this kind of intense regulatory scrutiny. I'm curious, how is your team thinking about the unique risks that are associated with this agentic wave? And how does it differ or does it differ from previous shifts like moving to the cloud? And then secondly, how are you considering this part of your strategy?
Yes, absolutely. So I'll address the second part of the question first, which is how do I see this different from like the earlier transitions of like cloud and SaaS? So we moved about 90% of our workloads to the cloud, right? So we've kind of made a huge bet into moving to the cloud. But when I look at those transitions, they were mostly IT-driven initiatives. They were not necessarily like a business saying, I want to move to the cloud, right? But the AI transition has been very much like a joint partnership between the business teams and the IT teams, right?
So the willingness to adopt AI is coming from both sides. So when we started looking at this deeply, we realized that like the traditional security models of being reactive are not scalable. Like that's not something that can fit in this, right? So this is a new reality that we all had to adapt where this adoption of technology is much faster than you can actually prevent it, right?
The blast radius, as I like to say, was much smaller in when we did the cloud migration or the SaaS migration. In that world, if something went wrong, like hey, you can look at a firewall logs, you go to your SIEM logs and get information about what went wrong, right? But we heard this morning, too, on the speed at which AI can cause you to identify vulnerabilities and also exploit that quickly, right? So AI agents act at machine speed with human access, which is really scary, right?
So AI agents can query databases, aggregate data, take actions, talk to other agents, right? So it's very important that you constrain the blast radius of an agent. So especially because if an agent has a hallucination or it's given the wrong data, it can cause severe damage. So it's not just your threat is no longer an external actor coming in and causing damage, it's also a rogue agent internally, which has wrong information provided to it, right?
So that's where -- that's where the active monitoring is too late. We had to realize that identity is the only viable control play, right? So if we don't have absolute real-time visibility of who created an agent, what is the intent and what data does it have access to and what is actually happening in real time, that creates a massive blind spot for us.
Yes, it's a massive blind spot. And at the end of the day, you really can't secure what you can't see. And if you have an AI agent that is operating with a generic shared service account, which is honestly what we see in a lot of these legacy setups, you have 0 accountability. If that agent goes rogue, you have no idea which business unit owns it. You can't even figure out how to shut it down. And by the way, if you can, you have no idea what you're breaking from a business process standpoint down the line.
So I want to double-click and talk a little more about SailPoint in this portion of it, but I'll talk about how we solve this. So if you look across the landscape, there are a lot of vendors out there, a lot of point solutions, and they're touting, discovery and visibility is really their core value. That's great. But simply discovering and finding an agent, that is table stakes, absolutely table stakes, which is why, honestly, we give discovery, we give that capability away for free. The real power isn't finding the agent, it's once you find it, what do we do? What do we do next?
And that's where we do, as Chandra spoke, have a real competitive advantage here. We are the only organization that has that enterprise-wide identity context. We can link these nondeterministic agents to their human owners, and we can govern their intent. So Srinath, I want to understand from you how Vanguard looks at this. When you're deploying AI at scale, how important is context and intent as opposed to discovery? And then from an access governance standpoint, how is that driving your strategy?
I love the free price, by the way, discovery -- but I think you hit -- you kind of mentioned it, which is like when it comes to AI agents, context is everything, right? So if you want to govern an agent: one, you need to find it; and two, you need to understand, hey, what is the intent that it was, right? So we typically ask 3 questions is like who is a human sponsor behind the agent? I think I saw the earlier presentations talking about like how do you do human with agent governance. So human sponsor is very important, right? So every agent must have a human owner who's ultimately accountable for its action. That enforcement is important.
The second part is like what is the intent of the agent? What's the purpose of this agent, right? So like we need to kind of -- should be able to dynamically map the permissions to the specific business function and the need that the agent is created for, right? So you cannot generically give like the broad administrative access to every agent. That's just very over permissive like get close to as close to 0 standing process as possible, right?
And the last but not least is what data is it touching, right? We need to know if it's interacting with public data, proprietary data, client PII, investment information that's considered confidential in our world. So all of that matter quite a bit for us when we think of managing agents, right? The other piece of it is like, hey, you need like a single pane of glass view into your human and nonhuman entity. I think Chandra earlier talked about the scale of humans to machine or nonhuman entities being 1 to 100, 1 to 1,000. The scale of impact is huge in this world, right? So having a single system where you can see all of this in one place is very helpful.
And again, kind of coming back to the governance aspect of it, it's, hey, if the owner of the agent leaves the company, what's your process, right? Life cycle management becomes a major concern. So -- or if the agent's behavior deviates from what its original intent is or people change the access on it, like do you have a way of flagging it and governing it and reviewing it, right?
So I like the feature of like the certification of agents. Like we don't do that as well for service identities today. But getting into the agentic world, I think that's an area that we need to kind of really, really get better at.
Yes. No, that's great insight. And watching and flagging that behavior, that is that dynamic context that we're talking about that is so critical right now. So as I'm listening to your answers, it's clear that you've managed to find that perfect balance between security and innovation. I may have you talk to other customers about that as well, but we'll talk after this. But unfortunately, and back to the gatekeeper analogy, I still have conversations where I hear from leaders that they're leveraging security as a brake pedal and they're slamming on the brakes.
They're saying, okay, we got to stop and then we'll figure out this whole AI and then we'll start moving quickly. But to use a Formula 1 analogy, foundationally, if you have good brakes, you can go 200 miles an hour right out the gate. And that's how fast we need to move right now. So knowing Vanguard was a customer for 10 years, you've got a very, very strong foundation. So I'm curious, how has that and from a security standpoint, enabled your business to innovate faster yet still stay secure?
I love the brake pedal analogy because I've been in the security industry for about 4 years, 5 years, but before that, I used to call security the, [ no police ]. So -- but when we kind of think of security at Vanguard, right, we -- like, yes, our primary purpose is to protect client assets and Vanguard's assets. But the second goal or the second mission statement we have is how do we be the enabler for the developed organization, right? So securing identity is our ultimate business enabler, right? And because we have like a robust IAM and security frameworks, our development teams don't come to us with every little thing, like we give generic frameworks and then they can navigate if take risk-based approaches. But we don't spend months negotiating on -- with security and compliance and privacy and everybody else on, hey, if you want to launch a tool, right?
So we have out-of-the-box decision frameworks that we can leverage to kind of go and implement things, right? They know that if they're -- if they want to create an agent, they have to assign a human sponsor, they have to request the exact privileges through our SailPoint system, and they can deploy to production pretty rapidly, right? So that foundation of trust and control allows us to innovate safely while at the same time protecting our clients, right?
So -- and adopting latest AI breakthroughs, I mean, there's so much happening every single day, every single hour. I'm pretty sure by the time we finish this conversation, there's a new frontier model that we should be scared about. But there's so much happening that you need to kind of have a quick decision process and an ZPass lane for those of you on the East Coast that we think of.
I think that's so important. That decision framework, I haven't really thought about that, but having a way to react and respond quickly is going to further the trust between the -- that's great advice. I'm going to ask you for one other piece of advice just to close this out. What is the single biggest recommendation, words of wisdom that you would give to others that are navigating their way through this logistic space?
Yes, this is a tough question. But look, technologies like AI, quantum, blockchain, like you name it, like they are really pushing the pace of change. I've been in the industry for 20-plus years now and the pace of change just keeps increasing and increasing and increasing. And it is exciting to see what these advances can do, whether it's health care industry or financial services or client service, security professionals, we as security professionals cannot be the roadblock. You used that analogy of brake pedal, we cannot be their roadblock. We have to figure out how to fundamentally redesign security to be more of an enabler like what I talked about at the beginning of the adoption because if you tend to be the no police and people tend to go around you, which is a much bigger risk. So you want to make sure that you're staying ahead of the game or at least at the table at the beginning and designing your system, so it's easy for people to create and adopt security as a service, right?
So don't wait until you have a sprawl, agent sprawl to think about identity. And if you're waiting for developers to build dozens of autonomous agents before you come up with your agentic security strategy, it's too late. Like then you're running around to kind of grab your arms around the whole problem, right? So you'll end up with a legacy mess of unmanaged service accounts, shadow AI and massive security gaps. So it's something that you have to be worried about. And start treating AI agents as first-class citizens, right, in your identity directory. So establish your governance frameworks, partner closely with your AI leadership teams, whether wherever they are in the technology domain, business domain, privacy, legal and build an identity control plane that can scale at the speed of how the industry is moving. So start early and figure out a way to enable.
Great, great words of advice. And you mentioned don't wait for agent sprawl. I think the reality is it's out there. It's, we just assume it's there and you need to tackle it. So thank you. Thank you so much for joining us, sharing your insights and of course, for being such a great partner along the way. I really appreciate it.
Thank you.
And at this point, I'm going to transition to our Chief People Officer, Abby Payne; and our CIO, Sreeveni Kancharla.
Good morning or good afternoon, everybody. I'm happy to say that I am not the last presenter before lunch. Brian Carolan gets that distinction. So we'll get through some of our internal AI initiatives together with Sree. I'm really thrilled to be here. Thank you all so much for being here. I'm also excited to share how SailPoint is driving innovation through our own internal AI transformation, improving both our employee and customer experiences and while minimizing the risk that you've heard about all today. As I said, I'm joined by Sree Kancharla, our Chief Information Officer. She keeps me kind of on the rails on the technology. I appreciate her so much.
Because, look, a lot of you may look at me and go, gosh, your Chief People Officer is up here talking about AI infrastructure and kind of IT readiness. Why is the Head of HR talking about this? I'll tell on myself a little bit here. Last night, as I was practicing some of my remarks, I actually vibe coded a teleprompter like the one in the back that we've all used today. My vibe coding did not work in fact, and so it was a lot to do for nothing.
But I think when Mark asked me to do this, his vision was actually very clear that AI is not a traditional SaaS or software deployment. It's actually a fundamental shift in the way humans work together. And so that's why we decided to pair these functions together during what is an incredibly transformational time. So we've gotten really specific in order to avoid the AI sprawl that Meredith just talked about to anchor our strategy around 3 specific outcomes: revenue generation, customer experience and as I talked about, workforce transformation.
And then to put even more rigor to that, we've really structured our own execution internally on 4 core pillars or 4 things we really want to do well before we move to the next step. First, tooling. We have delivered a baseline productivity tool called Neptune, everything at SailPoint is Nautical, if you haven't heard that today, to our entire employee base. And really, our goal there is to better enable our crew, our employees, for both job efficiency, right, we've heard a lot about job efficiency, and effectiveness.
The second is integration. So we are connecting Gemini and other core LLMs directly to our big internal data systems and applications that allow our employees secure contextual answers and insights right at their fingers sort of immediately to both augment and accelerate their work. Third, agents. We are automating high-friction workflows. You've heard some of them described today by deploying highly specialized vended agents in partnership with some of our large application vendors that you can think of ServiceNow, Workday, Salesforce.
And then fourth, velocity. You heard a little bit of this from Chandra. We are really shifting IT from a centralized gatekeeper through this process to a decentralized enabler. Rather than forcing all that we do with AI through a single, sometimes time-constrained queue, we are building a secure, scalable infrastructure. I'll continue the car reference that Meredith just talked about. IT is paving this road and the business is really driving the execution.
And so to this point, our work has really brought us to 2 critical realizations. As I said, first, true AI transformation is about human behavior change. And second, as I said, this is not a traditional technology rollout. We really want to encourage exploration all across the business, create a pull to AI, not a push. And so we're pairing our safe technical infrastructure with a strategic sort of organizational model that seamlessly integrates both top-down guidance, right, hearing from the top about what we want to do and bottoms-up organic ideation.
So top-down, we have really called on our functional leaders to take ownership of those large-scale high-friction workflows in their own corners of the company, right? We have lots of use cases, lots of those high-friction workflows that we can go address. We can't address them all through IT. So that's why we're asking our other leaders to take ownership and responsibility.
We're also arming them with AI toolkits. We're helping them set expectations, and we're really setting a tone with our employees across the business around the importance of impactful, innovative and responsible use of AI in all the jobs that all of our people do. And then bottoms up, we've established a network of sort of grassroots AI, what we call AI champions and super champions across the company. Steve Caldwell, who you've heard a couple of times from today is one of our super champions across SailPoint. They help us ideate. They help us really importantly deliver business value and priority, right? We could think of 10,000 cases to go build, but we want to build ones that actually solve problems. They help us troubleshoot and then they really help set that tone and set best practice inside the business all across our organization.
And then finally, we are reinforcing this culturally across the company. This is where the people side of my job actually comes in. We're highlighting wins in AI Digest every week. We're talking about it at All Hands. We're integrating it into the fabric of how we operate inside the company. We're even doing awards. I did hear the rumors of awards being given for most tokens being used at other organizations and then huge consumption bills showing up at the end of the month. That's not the kind of awards I'm talking about. We really are just attempting to have our employees use AI as another one of their tools in their toolkit as they complete their work every day as they deliver on the value that they create for SailPoint.
We really consider AI to be a next-generation tool, an element that professional growth and development of our organization is really critical to bring those 2 things together.
So as we look to the horizon, the journey is pretty clear. I like that this slide has a curve, but it is not that smooth. It actually behaves a little bit more like a step function. And SailPoint currently sits very squarely between augmentation and making our human employees faster and more effective and true end-to-end automation. We actually believe we'll get there, and we'll achieve this by automating all those routine operational tasks, which frees our crew, our human beings to elevate the judgment and the human-centered approach in all that we do, particularly because we have such a strong differentiated relationship with our customers. We never want to lose that.
And that's really how we scale this business, not by adding more people to do the same tasks, but by improving the strategic impact of every person we have by removing those volume tasks that take up so much of their day.
Our goal is to seamlessly integrate AI into every facet of our business, how we build our solutions, you heard about that from Chandra, how we enhance credibility with our customer, you heard that from the revenue organization, and really how we evolve the entire operational model to include a digital workforce that is running right alongside our crew members.
So this is -- this next slide is a little bit of a hot topic, as I said, with the consumption bill catching some companies off guard. We really want to be really intentional about how we both measure value and manage expense related to our AI investment. And we've heard lots of different anecdotes in the market about this but to be transparent, it is still too early for us to commit to permanent bottom line cost savings or hard reductions in future hiring targets.
Instead, we are really focusing on leading indicators, building a framework of those to score use cases on 2 fronts: one, the value they create for our business; and two, the feasibility of addressing them, of building them. And so we're monitoring that AI spend on a weekly basis, particularly the consumption front.
And really, one of Mark's long-time core values of this organization is innovation, and that has served us at SailPoint for so long. We have not built technology and then gone and run to find a problem to go buy it, we have looked -- first looked for a problem, identified a problem and then built the technology. We want to apply that same rationale here. So our goal is prioritizing the use cases that we're building and investment where there's real demonstrable value, particularly to avoid the AI sprawl that you just heard from Meredith.
In fact, I do want to share a little early win we've had with Neptune with our enterprise-wide employee efficiency tool. Our engagement is already really high, like in the 80s percent where we have employees using Neptune every day in their work. And I'm happy to share that, that deployment has actually paid for itself because we've been able to cancel or consolidate various SaaS applications whose functionality is now fully covered by the tools. So not only are we helping our employees do their jobs more effectively and more efficiently, we're also reducing risk in our business by reducing the number of AI or number of SaaS tools that we have in our stack.
So let's take a quick look at the -- just go back one maybe. Let's take a quick look at all the use cases emerging across our business. I'm not going to read this slide. I just want to share the kind of breadth and depth of what we're pursuing at SailPoint. Many of these are in various states of development or maturity, but what this really demonstrates is there is not a corner of our business where we are not thinking about how we deploy AI to make whatever role in that part of the organization more efficient and more effective.
You just heard from Meredith, actually, we flip to the next one, I'll tell you a couple of ones where we've made some really nice progress. Obviously, Meredith owns our customer support and our customer success organizations. First, in customer support, we have realized meaningful reduction in incoming support tickets from our customers, while our average time to resolution has improved by 10%. The really interesting thing here is we've seen a more than 90% increase in our knowledge-based creation, meaning that our AI models are actually learning faster, which continuously improves our self-serve accuracy.
And then in customer success, this is actually a really interesting one. In customer success, we're leveraging AI, all the data we have in all of our applications about our customers. So think ServiceNow, Gainsight, Salesforce, even some of our professional services tools, we use all that information to leverage AI, auto-generating customer health summaries that our account managers used to manually bring together, building comprehensive 360 account views. And that's really helpful to our account managers. One, they go into our customers' arm with more insightful information; two, they can extract action items from our client interactions to take actions on this quicker; and then three, help score those companies. And what that does is allows us to identify and potentially remediate churn months earlier than we were previously able.
And this is not theoretical efficiency. We are not talking about something we think could impact our business that we are hopeful will impact. We're seeing it today. It is real. It's active operational leverage that's giving hours back to our crew members every single day.
With that, what we'd like to do is share the information we're learning in real time with our customers as they're on their own AI transformation journey, and Sree is going to talk a little bit about customer zero.
Thank you, Abby. With all the AI innovation and transformation we are driving to accelerate SailPoint business, a unique part of our strategy is being customer zero. At SailPoint, we are proud to be the very first and undeniably the most demanding user of our own platform and its advanced AI capabilities. Chandra couldn't agree more about this fact because we troubled that team a lot, a lot, a lot of the real-time feedback. This brings us to -- I want to focus on SailPoint Agentic Fabric.
Today, we have successfully deployed some of the already existing key features, which actively are protecting SailPoint as we roll out all the AI agents across our enterprise. Whether our teams are using Gemini, Cursor, Claude, our AWS Bedrock, our guardrails are very active. Through our discovery and unified registry capabilities, we can instantly discover agents across all SaaS platforms, endpoints and browser profiles. At the heart of this visibility is our unified identity graph, which connects the dots between human users, entitlements, machine identities and active agents.
To give a sense of our scale of customer zero, we are currently governing nearly 4,000-plus agents, almost 1,100 application machine accounts and a couple of hundred service accounts. These capabilities allow us to aggressively mitigate shadow AI risk, steering our global force into secure gen AI environments while completely shutting down any unauthorized access to the tools. Furthermore, our real-time governance and audit capabilities, we are establishing a new industry standard for life cycle management, data access governance and continuous compliance through human-in-the-loop certifications.
Looking ahead, I'm incredibly excited about our upcoming authorized protect and response road map, which will bring the real-time just-in-time security and the prompt level protection, which Chandra talked this morning and then Mark was also mentioning to the market. And we'll be the first one to test that, which is very exciting. And then we are actually working very closely with product and engineering teams around this. This internal expertise allowed us to precisely create the blueprint of our own customer zero journey and create the project Odyssey by sharing our value, real-world experience along with we are helping our customers eliminate any deployment bottlenecks, accelerate the time to value and drive faster adoption with our own ISC platform.
Our leadership in this space is why we feel that we are kind of design partners working on validating all the key features along with any incubating ideas too, we do that. And the other thing, I think, is we are partnering with Google to see how we can connect that to ISC platform and govern Gemini AI agents, too. So we are able to do that as design partner because of this. So thank you so much for your time today. I would like to pass it on to Abby now.
Anyway, thank you so much for, of course, spending some time with us today. I'm about to turn it over to Brian Carolan, our Chief Financial Officer, who's got lots of fun data and then obviously, before lunch. But thank you very much. Appreciate it.
Thanks, Abby, and thanks, Sree. This is what you've all been waiting for patiently. So good afternoon, good morning. Thanks, everyone, for being here. We really appreciate you giving up your time. Hopefully, you find this a very informative day. So it's a pleasure to be here to provide a detailed update on our financial strategy and the powerful momentum we're building in the business. Over the next few minutes, I'm going to walk you through our long-term vision, the clear and actionable paths we're taking to get there and the financial discipline that underpins our entire strategy.
We're incredibly excited about the future we are building, and my goal is to give you a clear view into why we are so confident.
So let's start with that future view. We've set out 4 ambitious but achievable targets for fiscal year 2029 that serve as our North Star. First, we expect ARR growth to accelerate to over $2.1 billion by FY '29. This acceleration is based off the FY '27 ARR guidance we provided last week, which we are reiterating today. Secondly, we are targeting over $800 million in ARR from our AI solutions, cementing our position as an innovation leader in identity security. I'll get deeper into the definition shortly, but as Matt mentioned, we'll be landing humans and AI together. So you cannot isolate the $800 million of AI-driven ARR to derive insights into the remaining human-centric part of the business.
Lastly, we are building this business for the long term with a focus on profitability and efficiency. That's why we're committed to achieving an adjusted operating margin of over 22% and generating over $400 million in free cash flow by FY '29. We are focused on both growth and cash flow generation to deliver shareholder value. So how do we get there? Our strategy is straightforward and consistent with the growth algorithm that we've been executing against for the past several years, with half of our growth coming from new customers and half coming from existing customers. With half of our growth coming from new customers and half coming from existing customers. Within each of these go-to-market motions, we have multiple durable paths to achieving greater than $2.1 billion of ARR.
With respect to new logo acquisition, there are 3 primary drivers. First, as Matt covered, we have a target account list of 15,000 enterprises, which includes many of the world's largest and most complex organizations. These are typically enterprises with more than 5,000 human identities and greater than $1 billion in revenue. In these accounts, we are actively displacing legacy homegrown or insufficient point solutions, and we would expect the nonhuman identities to far outpace human identities over time.
Our SailPoint Agentic Fabric, also known as SAF, represents a large incremental go-to-market opportunity for us. It is designed to work everywhere to secure a customer's entire agentic footprint even if they use a different platform for basic access management. We believe this provides an incremental avenue of growth to penetrate legacy environments without the upfront upgrade.
But landing the customer is just the beginning. Our expand motion is equally powerful. We expect to grow with our customers by upgrading them to our agentic suites, migrating them from on-premise to our modern SaaS platform and cross-selling additional capabilities and capacity to meet their evolving needs. This balanced approach gives us confidence in our ability to execute year in and year out. Looking ahead, our agentic solutions will be our primary go-to-market engine. By the time we exit fiscal '29, we expect this AI-driven motion to represent greater than $800 million of ARR.
So how do we define AI ARR? This category encompasses our Agentic Fabric, our Agentic Suites and our Agentic add-on modules. Whenever we land a new logo, win a competitive displacement or upgrade an existing customer to our new AI solutions, we will count that full annual contract value as AI ARR. Our agentic pipeline is strong, and we expect AI ARR to be greater than $100 million by the end of this fiscal year.
One important note for your models, because this AI metric captures both human and nonhuman identity revenue, any remaining non-AI ARR won't give you an accurate read-through on our human-centric offerings. We chose this specific methodology, because it reflects underlying customer demand and preferences. Based on this new commercial model that Wendy presented earlier, we are effectively doubling our accessible budget pool. We are moving beyond the traditional IT budgets and tapping directly into net new AI and cloud budgets, owned by Chief AI Officers.
As it relates to winning new customers, our SaaS platform is the engine driving our growth. As you can see, the green portion of these bars is growing significantly faster than the blue as customers leverage our latest innovations. While our total customer base is growing at a healthy mid- to high single-digit rate, our SaaS customer base is growing in the mid- to high teens year-over-year. And these are not small customers. The average ARR for a new SaaS logo is approximately $400,000, growing 20% year-over-year on a trailing 12-month basis. We believe this demonstrates the strategic importance and value of the problems we solve right from the start of the relationship.
Now I also want to spend a moment on the migration opportunity that is also accelerating. To date, we've migrated approximately 15% of our on-prem installed base. The remaining 85% represents approximately $350 million of ARR. We expect to migrate at least 10% of this base each year, accelerating off our recent trajectory. There are several factors fueling this acceleration, including our commitment to innovation and the rapidly growing demand for AI security.
As organizations adopt AI, they are recognizing a critical need for robust governance and security across all identities, human, machine and agentic. Our platform provides the framework to secure this new frontier, and that is driving a clear sense of urgency. And we're making this easier with things like you saw SailPoint Agentic Acceleration and our flex pricing offerings, which Matt discussed earlier.
Migrating customers to our platform has become significantly faster and easier, helping us unlock a $1 billion-plus opportunity. But this is not a onetime benefit. At the time of migration, we see an immediate 2 to 3x uplift in the customer's ARR. But what is really exciting is what happens next. Once on our SaaS platform, we have the opportunity to expand that relationship even further, leading to a 3 to 4x plus multiple on their original on-prem spend over time. In fact, we are seeing this expansion in our initial cohort of customers that have modernized with our SaaS platform.
Our growth model is built on a foundation of exceptional customer retention. For several years running, we've maintained a gross retention rate of 97% or higher. This speaks directly to the mission-critical value of our platform. But we just don't retain customers, we grow alongside them. Our expand strategy is fueled by our core net retention rate drivers, migrations, suite upgrades, cross-selling and capacity expansion.
Let's look specifically at the upgrade opportunity with our new Agentic Suites. Currently, our existing suites represent approximately $0.5 billion of ARR. As we transition our customer base to these new agentic offerings, we anticipate a powerful upgrade motion driving a 25% to 50% uplift. Ultimately, our growth is intrinsically linked to delivering compounding value to a highly successful customer base.
To understand our P&L dynamics, let's look at the ARR picture again, focusing on the SaaS contribution. It's clear that SaaS is our primary growth driver. In FY '26, our SaaS mix of net new ARR was 83%. And in fiscal '27, we expect this mix to increase to 90% to 95%. By FY '29, we expect that to be near 100%. The transition to SaaS is fueling incredible momentum with a projected SaaS ARR compound annual growth rate of over 30% between now and fiscal year '29. This will result in our SaaS ARR growing to greater than $1.7 billion by FY '29, forming the vast majority of our total business. This is the definition of a durable high-growth recurring revenue business.
Now it's important to discuss how this transition to a SaaS-first model impacts our revenue recognition. This is a critical point for understanding our financial trajectory. As our SaaS mix increases, it creates a temporary headwind on our recognized revenue and adjusted operating income growth. This is due to the difference between upfront or point-in-time revenue recognition for term licenses versus ratable recognition for SaaS.
For example, a typical 3-year deal -- term deal requires 60% of the revenue to be recognized upfront in the period of sale. Conversely, the ratable recognition of a SaaS deal would result in over 50% less revenue in the initial year, but 2.5x greater revenue in years 2 and 3. It is important to note that our underlying ARR growth and free cash flow generation are largely unaffected in either scenario. This is a planned transition. And as you can see, we expect revenue growth to reaccelerate as we move past this mix shift. We are consciously building a more durable and predictable business for the long term.
Despite those revenue recognition dynamics, we are committed to expanding both our adjusted operating income and free cash flow margins. In FY '27, we are modeling a working capital headwind from the fiscal year shift. As we fully normalize the quarterly booking shift, mostly from December to January, we expect working capital to turn into a positive contributor starting in FY '28. As we scale our business and our SaaS transition matures, we expect to drive significant operating leverage. This will be fueled by productivity increases across the company. As you can see, we would expect to achieve our target of 22% margin for both adjusted operating income and free cash flow by FY '29, demonstrating the efficiency and profitability of our model at scale.
As we move past the SaaS term impact, we expect our free cash flow margin to exceed our adjusted operating margin beyond FY '29. This all comes together in our long-term financial model. This table provides the blueprint for how we see our financial profile evolving. You can see the journey from our historical performance to our FY '29 targets and beyond. We expect to maintain a robust adjusted gross profit margin profile as we scale our cloud infrastructure. We will drive significant leverage in our sales and marketing and R&D functions, as we become more efficient and embrace new AI technologies, and we will maintain discipline in G&A. This all flows down to our FY '29 targets of at least 22% for both adjusted operating margin and free cash flow, driven by the combination of operating leverage and the SaaS/Term mix we've discussed.
We also expect to reduce our stock-based compensation from approximately 20% this year to the mid-teens, resulting in 2% to 3% share dilution. It's important to note that we expect to see an SBC reduction in FY '28 as we move past the 2-year grants associated with the IPO. With durable growth drivers that should sustain our 20% growth rate and expanding adjusted margin profile into the low 20s, we believe we are an attractive Rule of 40-plus company.
But we believe there is more. While we expect to maintain our balanced growth profile between new and existing customers for the next couple of years, over time, we expect more of our growth will come from our installed base, expanding our NRR profile. What we have laid out today, which supports a very compelling and accelerating growth story from new logos, existing customer expansion, migrations and new routes to market, all of this is still in the early innings. As such, we have multiple levers to pull to achieve and potentially exceed our long-term goals. As a result, we see many paths to expand beyond the Rule of 50.
So to bring it all together, I want to reiterate the 3 key themes that define our story. First, innovation. Our advancements in AI and real-time governance are not merely product features. They are foundational to our strategy and serve as the primary engine driving our future growth.
Second, differentiation. We stand apart through our sheer depth and breadth of our identity coverage, our ability to link nonhuman identities to human owners and our capacity to accelerate AI identity security for our enterprise customers. Ultimately, we believe we are uniquely positioned with the right platform, the right data and the proven expertise to continue to lead in the next era of identity security.
And third, our multiple paths to the FY '29 plan. As I stated earlier, there are multiple paths to achieve and potentially exceed our long-term goals. We have a clear vision, a proven strategy and a disciplined financial plan to get there. We are building the future of identity security. And in doing so, we are confident that we will deliver significant and sustained value to you, our shareholders.
Thank you. And with that, I'd like to invite the rest of the team up, and we'll take some questions. Thank you.
Thank you, Brian. Well, the team gets assembled here. The deck you just saw today will be posted online.
All right. Who's up first? Saket?
2. Question Answer
Saket Kalia from Barclays. Thanks so much for hosting today. Really, really informative. Mark and Brian, maybe for you, just to kind of get right into that great target for '29. Can we dig into the 2 to 3x uplift that you're seeing from on-prem customers? What have you seen from the 15% of the base that you've converted life to date, in terms of what you're actually seeing? And how are we thinking about that uplift in the path to $2 billion in fiscal '29? Does it make sense?
Thanks, Saket, for your question. Appreciate it. So we've actually been maintaining that 2 to 3x uplift fairly consistently for the past couple of years. So we've been migrating or modernizing our customer base from on-prem to SaaS. And we do see that typical consistent 2 to 3x uplift. And as I mentioned, as you extend that beyond into like years 3 and years 4, we start seeing a 3 to 4x plus uplift. So we think this is an exciting opportunity. We're expecting at least 10% of our on-prem base to migrate each year. It could go beyond that, especially as you see all of the innovations that we made to make it easier for customers to migrate, and we have more upsell opportunities. So I think we're being fairly reasonable with that 10% number, but it could go higher.
Peter Levine at Evercore. Mark, the comment this morning changed from, I guess, the IPO, which is now you're saying about 1,000 identities attached to one human. You have $5 billion, so call it, 5 trillion potential new monetization opportunities. Maybe to Saket's question is, if you think about the migration, are you seeing faster migrations? I know, Brian, you said 10%, but is it forcing customers now to kind of move to the cloud quicker? I mean is that part of this longer-term path towards the $2 billion plus?
So I'll start, and I'll let Mark chime in. So we've been doing this trying to meet the customer where they are, right? We feel like it's important to not force them to modernize. We want them to want to modernize and improve their overall posture. And so we're seeing a lot more customer interest and they're coming to us with wanting to modernize. We view that as a really big positive for us. It's all the innovations that we've come out with. So it's that carrot and stick approach, that carrots out there. It's the innovation carrot that I think is driving it.
I think 2 things coming to mind, Peter. One is the catalyst for this is certainly the Agentic Acceleration that the customers are feeling to your point. We wouldn't characterize them as 1,000:1 yet, but they seem to be on that trajectory. They're over 100:1 is sort of our current estimation, including all machine types, not agents, just to be really clear, right?
But on the other hand, I would say 2 things are changing in what you heard today. One is the move from should we consider or is our organization thinking about agentic seems to have flipped this year too. We're doing this. It's the rate and pace. And as you heard even Sri talk about our organization, every organization you know when they put in some of these discovery capabilities, they have a lot more than they knew. That is 100% consistent. There's more already happening than IT is typically aware of.
And then secondly, don't miss the importance of the Agentic Acceleration we've talked about today. We have now demonstrated that we can take months to days in that process. And when we approach customers with those 3 things, you've got to get to agentic. We can do it way faster than you thought and therefore, way cheaper than you thought in terms of spending SI money. Those are the stick and carrot combos that we think are going to unlock. So as Brian said, we're committing to a 10% plus in that migration category. Lots of reasons to think it could be higher than 10%, but that's where we are today in the middle of the second quarter. But things are changing quarter-by-quarter in the world we're living in.
Great. Maybe, Gray? Kelly, could you hand him the mic.
Gray Powell, BTIG. So yes, I just wanted to follow up on that question and perfect timing. My notes just like fizzled out on me here.
But you've got it all right.
Yes, I got it right anyway. I think it was one of the customer examples where they reduced the amount of human work in a migration by 80%. Is that what you're seeing on average? And I'm just trying to like sort of...
Yes, I'll let Matt comment, but it's new, Gray, right, to be fair.
And is it like a migration is going from 8 or 9 months to like a couple of months? Or I'm just trying to like frame that up.
Yes. Look, that's absolutely it. I mean we haven't -- we probably, I don't know, we've done a dozen of these, 15 of them, right? But it's something that we're using every chance we get. And look, you're always going to have these corner cases where they've done some extreme things, maybe they're using some of the old IBM connectors and that will take a little bit more elbow grease. But I think our expectation is that 80% to 90% is going to become common in terms of the migration.
And Gray, the thing you should think about is that we're accelerating the piece. You heard Rex talk about the good stuff, which is the business transformation, right, the change management, where they really excel. The slowness in these migrations was the foundational piece, right, doing the conversion of all the connectors, having to do the research. I don't -- I mean, Jeff talked a lot about it, but the fact that we could actually go run and come up with the research discovery really, just like we're discovering everything else. You sit here and think about some of these systems that have been around 8, 9, 10 years, probably through as fast as the CISO goes, maybe 5 or 6 CISOs, right? And so you double this layered change that's sitting and nobody ever finds out about it.
Now we've got a tool that comes in and says you have this many modifications, you have this many workflows, you have this many entitlements, you have this many identities. I mean -- and it delivers it in minutes. And so it takes a big chunk of that manual discovery work that had to take place. So yes, I think you're going to see -- I think customers are going to be thrilled. I think it's going to change the way, as Steve Caldwell said, we engage customers, and it's going to compress this process of selling and deploying, right? And I think it's going to be pretty exciting, and it's going to be -- it's going to change a lot.
Great. Maybe, Shaul?
It's interesting that CyberArk and Varonis -- Varonis is probably towards the end of the migration process. CyberArk, Mark, your good old friend has done it quite successfully. If history is any guidance, and I know that past performance is not indicative. I think that 10% is going to be a little faster. But again, that's my humble opinion. My question is, some of your on-premise customers, have they shown a little resistance? And I know Brian talked about this carrot and stick. I'm actually interested in hearing your views about if a stick is to be used, what's that stick looks like?
Sometimes it's a long thin carrot. Yes. No, I think we see -- it's a couple of things, and Meredith sure or Matt can speak to this too very well. Within that IIQ base, there is a diversion -- dispersion of types of customers. There are some small customers, I'd like to say it this way, that bought IIQ because that's all we had at the time. I think 12 years ago, they would have been a SaaS customer first that we had it, it wasn't the right time to market, et cetera.
And some of them may or may not move with us. And if they're really small and not willing to be aggressive, we may just -- our customer count, we don't get tied up on our customer count growth. We think about the right kinds of customers growing. The mid-to-larger customers in that IIQ base are feeling that pressure to move to agentic. And I think the resistance that they had, just kind of sounds like I'm beating the horse here or the financial hump to get over, which was both the cost doubling while you had to do the migration with both products and the SI cost could make that migration happen. We're dramatically changing those with the flex pricing and with the Agentic Acceleration.
Then there's the carrot -- the true carrot, which is I got to get this agentic thing solved. One of the reasons that the team decided to separate Agentic Fabric at its own kind of unique module, if somebody is feeling so much pressure to get to that, they can actually procure SAF, before they make the migration to cloud. We think most of our customers will kind of do that altogether, go from IIQ to ISC plus Agentic Fabric. But now they have multiple paths forward depending on the pressure they're feeling in the organization. I don't know if you had anything else to that.
I would just say, look, when you look at that IIQ installed base, probably 40% of them represent about 85% of the value, right? And those are the larger companies. Those are ones that really have a SaaS-first mindset. They're going to go. It was always about timing. I think one of the challenges they get into now is in their head, right, they still have this migration thing, which is -- it's like voodoo for customers, right? They're like migration, it's bad. And now we're taking some of that away. We're taking some of the economic issues away. And with what we just announced here today, that will take a lot more. And so I think you'll see a lot of these start to accelerate maybe a little bit faster.
We've really spent -- Gary and his team, they've done a wonderful job of understanding what the barriers are to move forward and they just plow their way through and just kind of remove those barriers. And there's not many left, to be honest with you, with all the stuff that Chandra is building and delivering, it kind of becomes a no-brainer, like I got to go.
Meta, we go to you.
Meta Marshall, Morgan Stanley. I guess just in terms of how to think about -- understanding you have on the slide kind of 6 items that you were taking into consideration on pricing, API calls and number of agents. Understanding Flex gives you a lot of flexibility in early days around pricing. But just what are you seeing in terms of that conversation of just kind of ratio of costs that we can think of in terms of humans to agents? And just as we think about that $90 billion TAM that you guys laid out, like how much should we consider that expansion to be from number of agents or identities that you're managing versus kind of expansion of the platform?
Do you want to...
Yes. I mean what we've really tried to do, as I was saying earlier, with the migrations is create this buying habit where it's easy to buy. And there's inhibitors that have been pretty consistent since we started talking about these nonhumans. And one of them is nobody has any idea about how many they have. And everybody is really concerned about these runaway costs. And so with our pricing model, the teams done a pretty good job of removing that, right? So we still get our traditional uplift from -- that we've put in historically to jump from IIQ to Business Suite or to Business Plus, right? And so you'll get that jump.
But your initial buy will give you an allocation of nonhumans with the product. And so now you can start deploying and using and then there will be a series of expansion packs where you'll buy as you go forward. So it lets you -- and I'll call this, these are consumption -- these are expansion packs, right, meaning there's all these tiering systems historically. This is when you get to one tier, you got to buy, you get -- it's not like that. This is basically expansion packs and you control how much you buy. And so it's really given the customer complete visibility and control of their environment, which is, I think, removing a big obstacle in getting people comfortable with moving forward.
Just on the TAM question, too, things have changed so much over the last couple of years, we were on the IPO roadshow, I mean, we're at $55 billion of the TAM. I mean most of that was human identity. This is exploding at this point in time and evolving. So I mean we feel like $90 billion is a good estimate right now, but I think that's -- it's really driven by the nonhuman aspect.
All right. I know we'll get to everybody. So about Shrenik, and then we'll go to Josh and Junaid.
Shrenik Kothari from Baird. So Brian, you did lay out a path from AI-related ARR pretty much at $100 million this year, actuating pretty meaningfully to $800 million plus by fiscal '29. I know you said it's hard to unpack completely. You gave a sense of language to expand. But just curious, across the core pillars, right, you, of course, mentioned about the discovery and governance and then added the Protect pillar. Just curious how are you thinking about relative contribution to this AI ARR acceleration from these pillars?
I don't think we break it down that way, because they're buying that complete value proposition. And certainly, the pricing just assumes you're getting all 3 of those core pillars. So I don't know that we would be able to say they are ascribing more value to this that or the other. I think probably the main thing to take away from that, and we'll be a little more direct maybe than we were in the presentation. There's a lot of noise from some hot start-ups that are doing agentic management, and they are primarily doing discovery, classification, visibility. That's it. And what we've been asked in some settings is, well, when that kind of company, I won't name them, you all probably know, but I won't. That kind of company shows up around you guys, what happens? And the answer is they show up, they start doing discovery in that enterprise account. And then the customer said, this is great. Now how do I take action? Oh, I need to connect to SailPoint for that.
Right. But if we could provide that discovery and visibility and take action, why would you need that independent agent tool that only gives you visibility, but doesn't allow you to respond and remediate. So I think we're going to see, hopefully, a little bit of wind come out of the sales of the hot new, hey, I've got this agentic answer for you, and now customers are figuring out, that's great that you can help me find these things. Now I need to do something. And that's where they frankly hit a ball.
Josh?
My question is more along the lines of -- I felt like at the earnings call, the message was something along the lines of AI is really early, so we still want to be conservative. And I feel like today, the message coming out of here is kind of AI is awesome, so we're guiding to accelerating ARR. And I'm just trying to kind of reconcile those 2 messages. Does that mean we should expect all this excitement to be a next year and beyond thing through the '29 target? Just how do I kind of -- how do I assess those what feel like 2 competing excitement points?
Well, that was last week, Josh. I'm kidding. Brian can explain that.
We do feel it building. We tried to lay out just some data points. For example, last fiscal quarter, 40% of the identity growth came from nonhuman identities, right? 20% of our net new ARR was from emerging products inclusive of AI. We still feel like it's still early innings, but we see the budget building. As Gary mentioned, budgets have been doubling quarter-over-quarter. So it's there. I think what we're trying to just be a little bit prudent on as to when it exactly hits into what quarter. So -- but we feel the tailwinds coming. It's a matter of when, not if.
Yes. The simple answer, Josh, is last year, we were talking about the rest of this year. Today, we're talking about the next 2 years beyond that. And that's what we said qualitatively on the call last week was we see this momentum coming and everybody like, well, why is it showing up in this year's guidance? And we said, because we're not comfortable calling that yet. So as Brian said, we are reiterating this year's guidance, and we are giving you that confidence with a 2-year out model that says we're comfortable lifting the model 2 years out. That's the confidence we see in the momentum building. I hope that helps.
Great. Junaid?
Great. Mark, you've positioned the Agentic Fabric as this work anywhere control plane that you can sell stand-alone even to enterprises running legacy IGA stacks. If a customer adopts the Agentic Fabric over a fragmented or, let's say, messy legacy human identity foundation, how do you enforce or ensure accountable ownership without inheriting the poor data quality that's underlying that identity system?
I'll probably let Chandra handle that one because we've talked about how this SAF is going to work in the context of other tools. There is going to be somewhat less delivered value, we think, which will ideally create magnetic pull for those customers to get on to our cloud IGA product. But I'll let you talk about how it work with an IBM or an Oracle or something else.
Yes. So we have really invested in a ton of tooling to do -- so when we actually bring the identity context, the human context, not just from IIQ, but from almost any legacy. We do all of the cleanup in the process of bringing it in. And so when we really get it, it's actually clean data. So you can actually think of like an ATL type layer built-in to our connectivity, so that we sort of extract, load, transform, bring clean data in. That's sort of the simple way to think about it.
It will likely be limited to be fair, Chandra. In other words, we see so many of those old IGA platforms. They only got the 10% coverage of that customer's identity landscape. So we'll clean up the 10% we can bring in. I think it will create pull for them to go, oh, now I see what I'm lacking on the human side as I've leaned in on the agentic side, and we think that will pull them forward.
The biggest thing we are doing, like Mark said, the coverage today of the application base is like less than 10%. We have agentic tools, which will allow you to build connectors to both modern as well as legacy applications in like minutes. And so we have the ability to bring 100% of applications in coverage to our platform.
I think the only thing I would add is that the greatest tools in the world will not alleviate the customer from having clean data, right, and making sure their house is in order. We'll take all of that and we'll extract it and we'll consume it into our platform, but they've still got to do the lift of making sure their data is good.
Yes. For those of you who know the long SailPoint story, we started with a compliance product before we had a Lifecycle management product, and we would come alongside legacy Lifecycle products like IBM and Oracle and everybody else. And what would happen quite typically is we'd come in with the compliance product next to their old LCM product. And pretty quickly, the customers go, wow, I should get all of this onto your platform. And that was a very common motion for us in the late 2000s, early 2010s. So I think I see that same picture emerging.
We'll come in with this agentic when they're not quite ready supposedly to move forward off their old IGA platform, and they'll very quickly see, oh, I've got to get off this old platform very quickly if I want to get the full value, like Matt said, of clean data for my human.
And again, Chandra hit it pretty hard, but that real-time human control, part of what's going to happen in this agentic acceleration is people are going to look back to their human controls and realize this static once-a-year certification check of humans is ludicrous in today's world, right? It's like once a year, you validated your access rights in your company. And the other 364 days, what exactly was happening, right? I think we're going to quickly see this demand for real-time human governance. That will get pulled along by the agentic world, because they're going to see the delta.
Let's go here.
Rich Poland from Wells Fargo. I think just in terms of -- as we think about like the agentic side layering on, I feel like it's created a lot more visibility into the broader environment of just machines, API keys, all these things that weren't previously kind of under at least the purview of an identity contract prior. Does that kind of serve as maybe some of the initial pushing point and then the agentic layers on top of that? I guess what are you seeing now today? Is it machines first and more just true agentic or both?
Both, I think.
Yes. So there isn't really one progression, but here is a bit of a blueprint that's really emerging. It really starts with all these nonhuman identities, which are these credentials and tokens, because humans have been using them for a long time. They have been unmanaged. That's sort of step one.
Step 2 is we are seeing endpoint agents. The fastest growth we are seeing are all these endpoint. Think of all these coding agents, OpenClaw, NemoClaw those kind of tools, right?
That's -- then the third category are all these enterprise agents, which are being used to automate business processes. And that's really where it's Microsoft, AWS, Google, right? I would say then comes all of these application agents, right? It could be Salesforce and Sales, right? That's the way I would think about it.
That make sense. Both will pull that NHI world. I think to answer your question, right, I think both the movement of agentic, it will pull along with all the NHI infrastructure that enables that agent to do its job. And it's also exposing the lack of controls over those NHI tools in the human context pre-agent to your point. We just were not governing and securing those things well before. It's a little bit the same point. As we shine a light on this whole area, people go, oh, wow, I have huge exposure here. I didn't really understand. That's partly what's happening.
Go back.
Imtiaz Koujalgi from ROTH Capital. I had a question about the competitive landscape in the last -- there have been a lot of changes in the last few years. Okta launched an IGA product, CyberArk bought Zilla, Palo Alto acquired CyberArk in the last few quarters. And one of the questions that I get is, how has that impacted you guys because you're a pure IGA player. Everyone is a pure player, IAM and IGA were separately lanes, now looks like there's a lot of overlap between every vendor offering the whole platform. How has it impacted your business?
And then one of the question that I get a lot is, with Palo Alto buying CyberArk, they have a big installed base, almost 50,000 customers. I'm sure there's a healthy overlap between their installed base and your installed base. Are you seeing any impact? Are you seeing -- do you expect any impact? Because I think the genesis of the question was the net new logo adds last quarter, I think it was a little bit light. So are there early concerns from that acquisition?
I'll start and let the guys jump in. When people say, are you worried about Palo Alto, because they just entered the game with CyberArk, which bought Zilla, just so basically is clear on the heritage there. And Zilla was a very tiny IGA company, less than $10 million in ARR, never lost a deal to them ever. That's the state of the union at the time Palo bought -- CyberArk bought Zilla, okay? So we didn't see CyberArk as an IGA threat. So in that sense, we don't see Palo Alto as an IGA threat. And I'll just use IGA as a name for the moment that's -- I should say an adaptive identity threat to be more clear. They're a big player. They show up in a ton of accounts.
You know who's an even bigger player, Microsoft, who's been coming at us in this game for 4 years. And as we said to you over and over, Microsoft is effectively making no dent. I won't say no, I'll say minimal. Microsoft is making minimal dent today after being at it for years with a product far advanced over Zilla. So with all due respect, I don't think the team fully understands what they didn't get, when they bought CyberArk. They've got a great historical PAM tool. They did not get a tool that competes with SailPoint for our core.
And if you listen carefully to some of their dialogue, the head of the company will repeatedly say our tradition that with CyberArk, we are managing 3% to 5% of the identities in the digital enterprise. Now we just have to explain to the other 100. Simple. Simple to expand to the other 95% to 97% you weren't doing before. You can judge for yourself how simple you think that is. So we're respectful of large competitors. This company's whole existence has been competing with IBM, Oracle, Microsoft, we're good. We can take people on this turf and do just fine. And that's the state of the union. Same would be said about the oh company, who also talks about a rapidly expanding IGA business, as we say, still has not made a dent in our business of enterprise customers.
Mark can I just build on that one? To the contrary, I think what we are doing is really democratizing privilege. And so what we believe we have is really next-generation PAM, quite frankly. Because we think PAM -- look, PAM will have its role, which is if you're a database admin, sys admin, cloud admin, just doing session management, vaulting and all those things, what about the remaining 97% of roles? Like Mark isn't managed as a privileged identity inside our company.
Which hurts my feeling.
That's like -- none of us are, that's crazy, right? We have access to critical data. That's really what we mean, right? So we believe all these PAMs, historical traditional PAM RFPs will increasingly become addressable to us, because we are expanding what it means to be privileged. So we are going to go after that is what I'm saying.
Maybe -- I don't know, Brian, do you want to address the 15 customers this quarter?
Just to close off on that question. Don't really read too much into that customer count. That's a net number. And just some data points on that. Any customer that we "lost or churn" their average ARR was less than $100,000. So that's to Mark's earlier point. We do might have a long tail that simple, price-sensitive customers, they may not need a higher-level solution. So the average new SaaS customer that we gained was 3.5x size that number of less than $100,000. So we're good. We're playing right into our sweet spot.
I would just add, when you look at that IIQ install, right, you get into that long tail, and they're fairly small sub-100, like Brian said, they're probably -- I wish it was a better churn than laggards, right? But they're kind of -- they're slow to move, right? And so they're targeted by the Oktas and the smaller outfits. And when somebody can say, I can get all 3 pillars for less than what I'm paying and I'm not deployed. It just becomes an easier target. And that's what you saw when you got the net number here this last quarter. That was a result of that, some number of small sub-$100,000 deals that fell out. And when you look at conversely to the ones we brought in, what do we say 350?
350.
3.5x. So we're getting much bigger lands, and those are just the long tail.
We'll never fight the customer count war against some of these players. That's not the game we're playing.
This is Ethan from Piper. Can you just talk a little more about what Entro brings to like your nonhuman identity offering? And does this kind of fully round out the planned build? Or should we kind of expect to see maybe more inorganic or organic kind of functionality enhancements from here?
Yes. So they complement us quite well, right? So they are really -- what they do really well is on all these nonhuman -- like particularly credentials, right? And so imagine there are secrets and tokens and certificates and there are like 1,000 versions of it. That's why they cover more than 1,200 of these types. It complements what we have, right? So we have historically been world-class in discovering all of the machine agents and all that.
What we were not great at was really discovering the attached credentials within. So that is what we have acquired. And so now when we go discover an identity, we can actually codiscover all of the credentials that go with that identity seamlessly. That's what we're bringing together, right? So it's really the identity governance and the credential governance worlds are really -- or that's what we are doing. We are really bringing those to -- so that's why it's a very, very complementary asset to what we have.
And I think the other part of your question you asked was Ethan? Sorry, what you say? Ethan. I was trying to get Evan or Ethan out of my mouth, and I let me get it to work. Sorry. At the end of the day, you should continue -- boys, it's been a long day, isn't it? It's only halfway through. You should continue to look for Chandra and the team to -- as we're laying out this road map, continue to look for opportunities to accelerate our vision with these kinds of great technology businesses that just don't have a lot of market traction yet. We've done that with Savvy last year, others in the past. We see a lot of opportunities in today's landscape to accelerate our vision with some very specialized and very capable technologies, that will fold into our platform rapidly. And yes, you should continue to think we are looking around the landscape for those kinds of moves. You just want to pick the other part if I could see.
All right. I don't see any more hands. Any last questions? One more, two.
Two questions for you, Brian. One, can you maybe talk to us about your ownership structure, maybe some of the conversations you guys are having and what that looks like near term, longer term? And then just a follow-up question on onshore. What does that bring in terms of how much did you pay for it? Can you just share with us any metrics in terms of revenue contribution?
Sure. So the first question, obviously, we've had a long-standing relationship with Thoma Bravo. They own closely 85%, 86% of the company at this point. I think they don't have intentions of being long-term public company shareholders. I don't want to speak on their behalf, but that's not really their playbook. I think they're going to be thoughtful about kind of exit strategy. We can't get into specifics in terms of where that is and what price points that are. But it's an ongoing very professional dialogue we have with them. And then you said something about the revenue. I want to make sure I understood your question.
[indiscernible]
The TB relationship? No. I'm sorry. Oh, Entro. I didn't hear you. How much revenue from [indiscernible]. I didn't hear you. Sorry I didn't hear it.
Can you help us with that?
So we are not -- that would be a new one. We're not getting into that today. We'll lay more that out in the future. This was primarily a technology acquisition and also a talent acquisition for us.
Just had a follow-up question on the new logo success. I believe I remember from the presentation you mentioned 2/3 of the new logo were from failed competitive deployments, right? So I know historically, it's been more about -- I mean, you have like broader access centric and not have enough of depth and entitlements, which is your strength. Just curious across that versus legacy IGA versus narrow PAM, like are these new logo sort of competitive makeup change in terms of like that 2/3 is a very, very kind of strong figure. So just curious in terms of the makeup of that.
I guess it's a combination of either -- I call it more recently failed deployments as in people that we've talked about today that are more active in the market today, Microsoft, Okta, Savvy. And then some of them would be "failed deployments of the older legacy players, Oracle, IBM, et cetera, failed in the sense that, again, the different game that we were playing a decade plus ago when they were more active was, let's go get the Sarbanes-Oxley apps under control, 5%, maybe 10% of the application landscape.
The game today, as you've heard Chandra talk about all day is we've got to cover every application environment, every identity. Customers are figuring out there's no chance, they're going to get battle legacy tool to that goal. And so that would be a "failed deployment story as well." I can't get where I need to get to with Oracle, IBM and quite a few of those are failed deployments of far more recent losses, I'll say that, deals we will lose. And within a year or 2 or 3, we'll be back in because that didn't go as planned. And so we're actually capturing both in that failed deployment stack. Because I'm pretty sure that's how we characterize that.
Yes. I mean I would just tell you, where we play, right, the larger enterprise, we're replacing somebody every time. And it could be an Oracle or it could be a CA or something like that where maybe they just got long in the tooth. And then to Mark's point, it could be that somebody mistakenly bought, I'm not going to call them, but one of those and somebody lost their job, and so then we got to come back in and redeploy it. There's some of that. But virtually everybody we talk to, we're moving off of something.
Very rarely an internal deployment in one of those really odd jobs.
Brian, I don't mean to get into modeling minutia, but I want to make sure the question is asked, right? So round numbers, we're going to be at $1.4 billion in ARR this year. Again, it's round numbers, right? $1.4 billion to $2.1 billion in '29, it's another $700 million from there, right? When this is all said and done, when we're sitting here in FY '29 and talking about the path, how do you think it would have looked, right? I mean, is this -- because right now, it's -- again, round numbers, $250 million of net new here, and then it's going to go to $350 million to $400 million in '28 and '29. So there's this hockey stick. Is that going to be very back-end loaded? Are we just going to beat '27 by so much that it's going to be linear between now and '29? Like do you get the spirit of the question?
So we reiterated our FY '27 guidance today, and we feel good about it. And we are laying out that $2.1 billion. That's an acceleration of growth between now and then. we're not going to get into the stair step of that linearity of the curve, but we feel really good about where we're going. I have a lot of multiple paths to get there for FY '29, and we feel really good about FY '27.
All right. You have to try.
All right. Well, I think that's probably a good place to end, full circle on the Q&A. So thank you, Saket. Thank you all really for being here today. Thanks for your interest. I think it's really obvious that we're excited about the future. We're excited about what's ahead. I hope you found today informative, and I look forward to staying updated with you along the journey. So thanks so much.
Thank you.
Thank you, everyone.
Transkripte auf Deutsch freischalten
- Alle Event Transkripte auf Deutsch
- Sofortige Übersetzung
- KI-Zusammenfassungen für die wichtigsten Insights
SailPoint — Analyst/Investor Day - SailPoint, Inc.
SailPoint — Analyst/Investor Day - SailPoint, Inc.
SailPoint hat auf einem Investor Day die Agentic-Strategie (KI-/Nonhuman-Identitäten), neue Produkte/Akquisitionen und klare FY'29-Ziele (ARR $2,1 Mrd.) vorgestellt.
🎯 Kernbotschaft
- Strategie: SailPoint positioniert sich als „Adaptive Identity“‑Plattform, die Menschen und nicht‑menschliche Identitäten (Agents) in Echtzeit verbindet und dadurch das adressierbare Marktvolumen (TAM) auf ~$90 Mrd. erhöht.
- Wachstum: Ziel ist ein Annual Recurring Revenue (ARR) von $2,1 Mrd. bis FY'29; AI/agent‑getriebene Umsätze sollen >$800 Mio. davon ausmachen.
🚀 Strategische Highlights
- Agentic Fabric: End‑to‑end Lösung zur Entdeckung, Governance, Audit und Echtzeit‑Schutz für Agents und nonhuman identities; als Stand‑alone kaufbar.
- Agentic Acceleration: „Virtual Architect“ (Multi‑Agent‑Tool) automatisiert Migration von on‑prem zu SaaS massiv (Report‑Cards, 80% Automatisierungstendenzen angegeben).
- Plattform & Daten: 20 Jahre Tiefe, >5 Mrd. Entitlements, 145 Mio. Identitäten, 3.200 Kunden – kombiniert mit AI als Hebel für schnellere, intelligentere Autorisierung.
🆕 Neue Informationen
- Akquisition: Absicht, Entro Security zu übernehmen (Q3‑Close angekündigt) zur Stärkung von Secret/token‑Discovery und Schutz.
- Roadmap: Agentic Fabric GA in ~2 Monaten; Real‑time human governance (Upgrade der Identity Security Cloud) formelle Launch‑Phase auf Black Hat; Virtual Architect sofort einsetzbar.
- Kommerz: Hybrid‑Pricing (Human‑Seats + Baseline Nonhuman + Capacity‑Packs) und „SailPoint Navigators“ zur flexiblen Einführung.
❓ Fragen der Analysten
- Migrationstempo: Ziel ist ≥10% jährliche Migration von On‑Prem‑Base; Management sieht typ. 2–3x ARR‑Uplift beim Wechsel auf SaaS; Virtual Architect soll Aufwand stark reduzieren.
- TAM & Wettbewerb: TAM auf $90 Mrd. erweitert; Management sieht sich mit Tiefe/Breadth + AI‑Datenmoat differenziert gegenüber Microsoft, PAM‑Anbietern oder neuen Startups.
- Monetisierung: Fragen zur Preisgestaltung für Nonhuman‑Volumes beantwortet mit Baseline‑Inklusion + modularen Packs, um Kosten‑Unsicherheit zu reduzieren.
⚡ Bottom Line
- Für Aktionäre: Deutliche Wachstumsstory mit mehreren Hebeln (neue Logos, Upgrades, Migrationen, Agentic‑Demand) und klaren Profitabilitätszielen (Adjusted Op‑Margin >22%, FCF ≥$400 Mio. FY'29); kurzfristig Risiken: Migrationsgeschwindigkeit, Umsatzerkennungs‑Mix (SaaS vs. Term) und erfolgreiche Integration/Close von Entro.
SailPoint — Q1 2027 Earnings Call
1. Management Discussion
Good day, and thank you for standing by. Welcome to the SailPoint's First Quarter 2027 Earnings Conference Call. [Operator Instructions] Please be advised that today's conference is being recorded.
I would now like to hand the conference over to your speaker today, Scott Schmitz, SVP of Investor Relations. Please go ahead.
Good morning, and thank you for joining us today to discuss SailPoint's Fiscal First Quarter 2027 Financial Results. Joining me today are SailPoint's Founder and CEO, Mark McClain; and our Chief Financial Officer, Brian Carolan. For the Q&A portion of today's call, we will also be joined by our President, Matt Mills.
Please note that today's call will include forward-looking statements, and because these statements are based on the company's current intent, expectations and projections, they are not guarantees of future performance and a variety of factors could cause actual results to differ materially.
This call will also include references to non-GAAP results, which exclude certain items that do not reflect our underlying business performance. Please reference this morning's press release and our supplemental earnings presentation posted on investors.sailpoint.com for further information regarding our forward-looking statements and non-GAAP financial measures, including reconciliations to the nearest comparable GAAP financial measures.
Additionally, please note that the development, release and timing of any features or functionality described for our products that are not currently available remain at our sole discretion on a when and if available basis. and may not be delivered at all or should not be relied in making purchasing or investing decisions.
And with that, I'd like to turn the call over to Mark.
Thank you, Scott. Good morning, everyone, and thank you for joining us. We are off to a strong start in fiscal 2027, delivering another quarter of robust top and bottom line growth. We believe our results demonstrate that in the new era of agentic AI identity security is the most critical layer of the enterprise security stack and that SailPoint is the indispensable platform. This momentum validates our strategy and our leadership position. we've been building for this moment long before the market recognized it.
We are setting the standard with an intelligent end-to-end identity security platform designed to tackle today's hardest challenges including nonhuman identities and real-time governance. Traction across our new products, combined with our core platform is evidence our unified approach is with the modern enterprise demands. Brian will provide more details on the numbers shortly.
Our performance also underscores a fundamental truth about the modern enterprise. Identity security is no longer just a compliance check box, we believe it is a mission-critical mandate that has quickly become the central pillar of any credible AI strategy. AI and autonomous agents are becoming an invisible workforce optimizing supply chains, closing financial books and engaging customers. They are driving incredible productivity, but they are also creating an identity challenge of massive proportions.
Today, nonhuman identities and AI agents vastly outnumber human identities. For every human identity and enterprise meticulously governs, there can be 100 nonhuman identities or even more. We are beginning to see this shift clearly on our own platform. In Q1, nonhuman identities accounted for 40% of our identity growth and now represent 14% of all identities we manage in our cloud offering.
This rapid growth has created a critical new risk profile. These autonomous agents can make independent decisions, execute code and access highly sensitive data at machine speeds because they are often spun up outside of traditional IT purview, they can operate with excessive unmanaged privileges. Consequently, the blast radius of a compromised agent can be extensive. It is no surprise that unmanaged APIs are a key attack vector.
Legacy security models and siloed bot management tools are largely blind to this autonomous workforce. They were built for humans typing on keyboards, not for machine-to-machine decision-making. The central question for every enterprise leader is no longer if they will use AI, but how will they control it. You cannot control what you cannot govern.
To address this new identity crisis, enterprises cannot rely on the tools of the past. That's why last month, we introduced a true game changer the SailPoint Agentic Fabric. It's a paradigm shift and will be delivered directly through our core platform. We've designed it to provide the visibility and governance the Agenetic enterprise demands. This reflects our shift from static to real-time governance.
We're also delivering a dynamic universal privilege for rightsized access and uniting identity with the Security Operations Center or SOC for immediate threat management. Today's enterprises cannot manage AI agents in a vacuum to properly govern nonhuman identities, they must be tethered to a human owner. Our Agentic Fabric is designed to not only discover AI agents, but also place them into the exact context of your human workforce. Every AI agent will be assigned to an accountable human owner and that agent will not be able to alter its own ownership.
Identity without human accountability is merely visibility. By ensuring that the principle of least privilege is applied to agents just as rigorously as it is to human employees, SailPoint is setting a new standard. Furthermore, because a compromised agent operates at machine speed, manual intervention is obsolete.
Defense must be proactive and instant. We expect that Agentic Fabric will transform identity security from a static check into a real-time control plane, offering behavioral monitoring, prompt security and real-time authorization. Ultimately, we believe it will deliver on the core outcomes of our Adaptive Identity Strategy, achieving 0 trust by ensuring no identity is trusted by default and verifying everything in real time.
Agentic Fabric also represents a large incremental go-to-market opportunity for us. It was designed to work everywhere to secure a customer's entire Agentic footprint whether they are a cloud customer and on-premise IdentityIQ customer or even if they use a different platform for basic access management. Sitting above all the complexity across different clouds and infrastructure it is designed to provide a single unified layer of governance.
We believe this "work anywhere" architecture will be a powerful engine for growth. and will submit SailPoint as the identity control plane for the modern enterprise. And we are already capitalizing on this market shift, driven by accelerating demand across our AI and machine identity portfolio, our Agentic pipeline doubled in Q1.
Let me expand further on our differentiation and approach. As an identity security leader for more than 20 years, we believe we have an unparalleled understanding of what it takes to provide comprehensive identity solutions. We have architected a foundational end-to-end identity security platform to govern all identities, SailPoint Identity Security Cloud anchors our protection of human identities while our new Agentic Fabric extends that same rigor to Agentic governance. Together, they are designed to create a unified approach to managing every identity across an enterprise.
For many of our competitors, identity is a new business unit. For us, at SailPoint, identity is our identity. That is why we are winning. At our core, our differentiation is defined by uncompromising breadth and unyielding death. Breadth means we secure every identity from full-time employees and contractors to RPA bots, cloud resources and the new wave of autonomous AI agents. A core strength of our platform is the ability to extend this governance across the enterprise, securing not just modern cloud applications but the highly complex, disconnected and custom legacy systems that most other vendors simply cannot reach.
But breadth without depth only provides visibility, not security. Our key advantage is our depth, the ability to apply deep contextual governance to every identity. In our experience, most identity security tools stop at discovery. But discovery without ownership is just a list its visibility without accountability. SailPoint provides that critical link mapping every nonhuman identity to a human owner. We believe this profound depth of context makes us an indispensable identity platform for the enterprise. And this comprehensive value proposition is resonating in the market.
In Q1, we saw a greater than 50% ARR increase in customers that adopted our advanced nonhuman identity capabilities. This is a clear signal of customer demand. They are not just buying features they are buying control over their AI strategy. Let me give you 2 examples from this past quarter.
First, a highlight of the quarter was a significant competitive displacement at a major North American retailer. Following a disruptive cyber breach that cost the business tens of millions of dollars and amidst complex ERP integrations. The company realized a siloed approach to identity was a critical vulnerability, especially given their lack of visibility into machine and agent identities. Partnering with Deloitte, we proved our value, resulting in a 5-year commitment to centralized management of both their human and nonhuman identities on the SailPoint platform.
The second example is a platform modernization at a large insurance company, executing a cloud-first mandate to shut down their data centers and reduce tech debt they leveraged our modernization Flex program to migrate to our Identity Security Cloud. This added high-value security automation and an immediate ROI. This modernization also fundamentally strengthens their risk posture, which is increasingly essential to meet today's strict compliance and regulatory drivers.
We expect our competitive advantage to only amplify as these regulatory pressures intensify. Recent AI risk frameworks from the treasury and Mist combined with the legal mandates of the EU AI Act mark a critical turning point. They are forcing a shift away from theoretical discussions and toward a mandate for strict, auditable controls over nonhuman identities and their relationship to a human owner. The market is validating our leadership and the ecosystem is increasingly choosing SailPoint as a definitive governance platform.
We recently announced an integration that brings Anthoropic's Claude enterprise directly into SailPoint's governance framework. By managing both human users and Claude AI agents under one control plane we are working to eliminate the blind spot of shadow AI. Beyond Anthropic, SailPoint Agentic Fabric is architected to integrate natively with all 3 major hyperscalers with AWS, it is designed to govern both Amazon Bedrock and AWS IAM roles directly.
As we bring this to market, it will leverage SailPoint's extensive library of out-of-the-box connectors to govern agents across any environment from the latest cloud services to complex legacy applications. This reach allows us to automatically discover agent privileges within major SaaS platforms like Salesforce, while strictly dictating the data sets agents can query in platforms like Snowflake. Finally, to ensure immediate defense, our CrowdStrike integration is built to close the loop, triggering automated access remediation during live security events.
We are building this new era of Agentic security directly upon the strong foundation of our core platform, the same proven foundation that already unifies identity security and data intelligence for many of the world's largest organizations. By delivering a single, consistent identity security framework that spans human employees, cloud resources and autonomous AI agents, SailPoint empowers the enterprise to harness the power of AI with absolute confidence.
Our customers don't just secure AI, they secure their future. I look forward to unpacking more of this vision along with our financial framework at our Investor Day next week.
But with that, I'll turn the call over to Brian to discuss our financial results and outlook in more detail. Brian?
Thank you, Mark. Good morning, everyone, and thank you for joining us today. We are very pleased with our strong start to the year, delivering a first quarter with ARR, revenue and adjusted operating margin above the high end of guidance. We ended fiscal Q1 '27 with ARR of $1.163 billion an increase of 26% year-over-year, with SaaS ARR of $781 million, growing 36% year-over-year. Net new SaaS ARR was $35 million, up 5% as reported and over 30% on a constant currency basis. Overall, our first quarter results highlight the durability and consistency of our business model.
We saw continued strength across our core growth drivers, key metrics and margin profile. Let me provide a few examples. First, we continue to see balanced growth. Our top line is fueled by a healthy mix of new logos and strong expansion from our existing customers as they increasingly standardize on our platform. Second, deal sizes are expanding. We see customers making larger commitments driving our average ARR per customer up 18% year-over-year to over $350,000.
Third, our enterprise momentum remains strong. We ended Q1 with 225 customers generating over $1 million in ARR, representing a 32% increase year-over-year. And finally, we drove strong operating leverage, leading to approximately 330 basis points of adjusted operating margin expansion year-over-year. Platform modernizations also remain a key catalyst. ARR from migration activity more than doubled year-over-year as enterprises continue to modernize with our Identity Security Cloud platform. This contributed to an increase in our SaaS mix, which accounted for 92% of net new ARR in the quarter compared to 69% in Q1 of last year.
A large part of what's fueling this migration success is the growing adoption of our Navigators flex pricing model. In Q1, approximately 1/3 of our migrations leveraged our modernization flex offering. This flexible structure is also proving highly effective in accelerating the attach rate of our new offerings. As a result, the ARR contribution from our emerging products more than doubled year-over-year, representing 20% of the net new ARR in Q1.
This growth is being driven by strong demand for our nonhuman identity solutions our nonemployee risk management offering and recent product introductions. We expect the launch of our new Agentic suites will continue to drive a growing mix of AI-related revenue. We look forward to sharing more details on our expectations at our Investor Day next week.
Looking at our overall financial performance for the fiscal first quarter. We delivered revenue of $280 million, an increase of 22% year-over-year, with SaaS revenue growing 35%. Dollar-based net revenue retention remained robust at 113%. Our adjusted operating margin in Q1 was 13.5%. We also continue to generate strong cash flow with $38 million of cash from operating activities and $33 million of free cash flow which represents an 11.6% free cash flow margin. We ended the quarter with $391 million of cash and cash equivalents.
Turning now to guidance. For simplicity, I will refer to the midpoint of our guidance ranges where applicable. Full details can be found in this morning's press release and supplemental earnings deck where you can also find additional modeling notes. For the fiscal second quarter of 2027, we expect ARR to be $1.22 billion up 24% year-over-year. We expect revenue to be $310 million, an increase of 17% year-over-year with adjusted operating margin of 18.4%. We expect our diluted share count to be approximately 571 million shares and adjusted EPS to be $0.07 to $0.08.
For fiscal year 2027, we are flowing through the Q1 upside in ARR, revenue and adjusted operating margin to our full year guidance. For ARR, this translates to an increase of $8 million to $1.369 billion, up 22% year-over-year. For revenue, we are raising our revenue guidance by $5 million to approximately $1.27 billion, an increase of 19% year-over-year. And we are raising our adjusted operating margin guidance by 50 basis points to 19%. We expect our diluted share count to be approximately 580 million shares and adjusted EPS to be $0.32. We expect to generate approximately $200 million of free cash flow in fiscal year 2027.
Consistent with last quarter, our fiscal Q2 and full year 2027 guidance assumes 90% to 95% of net new ARR will come from SaaS as customers leverage the continuous innovation we are building into our cloud platform. As a reminder, as our SaaS mix increases, it may cause short-term fluctuations in our P&L. We firmly believe this shift towards SaaS is a long-term value driver for the business.
In summary, we believe our strong results, consistent growth at scale an innovative product road map position us extremely well for continued success in the AI-powered future. We remain committed to driving durable, profitable growth and we are optimistic about our ability to deliver long-term value to our shareholders. We look forward to updating you further at our Investor Day next week.
With that, let's invite Matt Mills, our President, to join us and open the call for questions. Operator?
[Operator Instructions] Our first question will be coming from the line of Rob Owens of Piper Sandler.
2. Question Answer
Mark, I want to drill down a little bit into your prepared remarks this morning and all the momentum we're seeing in Agentik.And it hasn't shown up in a lot of vendors results at this point. So first part of the question, 1 question, but obviously 2 parts. What are end customers doing right now? And to the extent that you're seeing all this momentum around your Agentic pipeline, I think you mentioned that it doubled in the first quarter and the new Agentic Fabric capability out, how should we think about how that plays out within this year? Because as Brian mentioned, you just flowed through the upside here. So when does this begin to impact results.
Sure. And thanks, Rob. Good to talk to you. Yes, look, I think in general, I'll flip the deeper answer to Matt in a second because he's much closer to what we're seeing out in the field and engagement. But I think in general, we punched up the messaging around AI at our Navigate Conference. We obviously launched the gentex fabric just last month. And we've been seeing a nice steady pipeline build that I would say has increased pretty notably as we said in our prepared remarks.
So it's not surprising to us that we haven't seen that show up heavily in results yet, but we do see a fairly significant momentum building. And so that's sort of why we guided where we did, landed where we did and are comfortable that we see additional benefit coming as customers are beginning to wrestle with it.
Let me flip that part of your question, Rob, to Matt about what customers seem to be engaging with us on the kind of questions they're asking the issues they're wrestling with.
Thanks, Mark. Rob, look, a couple of things I'll just share with you. If you look at our customer base, about 10% of our customers now have adopted AI. So we're kind of chipping away at that. If you look at our most recent quarter, about 40% of our new identities were nonhuman, right? So again, we're kind of making progress to that. And if you look at our total identities under management now, it's about 14% are nonhuman. So we're starting to make a lot of traction. I think our recent announcement here on May 11, really excited a lot of folks. And I'll share with you some of the things that the guys in our field are doing.
We've created these workshops and -- where we're actually going in and meeting with customers and prospects, to be fair, mainly customers. But what's interesting is these workshops, there are a couple of hours. And our field teams that bring a little bit of technical progress around AII sit down. And we actually get together the identity management folks, which is a no-brainer, but also we bring the AI team and the security team. And oftentimes, especially in some of these larger enterprises, we're actually doing an introduction for them, right? They haven't really met. And now we're really starting to get into solving some of these problems, bridging the AI and identity gap, forcing architecture clarity uncovering really critical vulnerabilities.
I mean some of the stories that we get are repeated, right, from company to company, but they were also eye-opening. And look, we're actually starting to see -- I don't want to say a dramatic acceleration of the sales cycle, but an acceleration. When companies start to understand this and understand some of the challenges, we're starting to get a lot of top of funnel traction. As Mark said, our pipeline is doubling every quarter since inception. And look, I think our perspective is that there's a ton of interest and I think you're going to start to see it move, but the question ultimately is when.
And our next question will be coming from the line of Brian Essex of JPMorgan.
Nice strong start to the year. Maybe, Matt, for you, I just wanted to see if you could give us an update on the SaaS conversions, particularly if you reflect back on when SailPoint was public before, and we heard a lot about identity being a bottleneck for transformation initiatives. Are you seeing the same thing with regard to AI? And how does that impact the pace of conversions and the backlog that you might have on that side?
Yes. Thanks, Brian. Look, I think there's a couple of things that are top of mind for a lot of the customers we talk with from an AI perspective. And one of them is just the year unknown of agents and the numbers, the nonhuman, I'll say, I think that continues to be how many do we need? I do think over the last couple of months, we kind of passed this inflection point of do I need it? I mean, are we going to use agents. I don't think we're getting that response from our customers or prospects anymore. I think everybody has kind of crossed over and said, "This is here, we're going to have to deal with it." And I think to that end, that's helped a bit.
But I do think that the cost issue and how am I going to deploy this is a big issue. And I think we try to solve some of that with our new pricing, right, to try to take away some of the inhibitions and blockers that may cause CFOs and operating executives a little bit of consternation.
Our next question will be coming from the line of Meta Marshall of Morgan Stanley.
[indiscernible] of just kind of the price discovery that's happening just as you guys are kind of having customers have more agents within the mix. Is this where Flex is going to be most helpful? Or just kind of how adaptive do you feel like pricing around agency is going to get.
Yes. This is Matt. I'll jump in here and then Brian can jump in here and Mark. Look, we've released this new hybrid consumption pricing model. I was kind of referring to it here a few minutes ago. And it's all about flexibility and scalability. What we have found is, as I said, a big inhibitor in companies, it's leaning into this agentic adoption is the unknown NHI, nonhumans and the sheer cost of these agents.
And so I mean, really, here's the essence. We've started our new pricing around human identity licenses, right? And each 1 of these includes a baseline of nonhuman identities like agents or box at no extra charge up to a certain ratio. So as your usage grows, you can add capacity packs for whatever you truly need, whether that's more nonhuman identities, additional API calls, expanded workflows or longer data retention. So the cost of scale really is precisely with your actual use and gives you a predictable start and flexible growth.
As it relates to our flex pricing, I think the ones that you'll continue to see a ton of is really around our flex modernization. I think that helps really solve some of the economics of these migrations or modernizations as we like to call them, and it gets folks started. And really, it's really around this first year, right? So those are the kind of things that our modernization Flex solves. And our digital Flex, which really was prior to what we announced with SAF, right, the digital Flex probably transitions into SAF. So that you probably won't see as much of that.
And our next question will be coming from the line of Joseph Gallo of Jefferies.
Brian, it was great to see SaaS or net new aero was up 5% reported but 30% constant currency. Can you just remind us of the FX dynamics, what was the constant currency total ARR growth in the quarter? And how you're thinking about that within the guide? Like what's the headwind to the full year guide that you've kind of laid out?
Sure. Joe, thanks for your question. Yes, I think we're pleased with the results. I think it's playing out as we expected. We did see 26% ARR growth. If you look at that on a comparison to even Q4, there was about a 1 point of an FX headwind in that number. So that was playing into it. But -- and also, we are coming off of net new ARR a challenging comp from last fiscal Q1. But if you normalize that for currency, we're up mid-single digits overall, but more importantly, for SaaS, where we saw 36% SaaS ARR growth the net new ARR for SaaS was up 5%, but for constant currency, it was up over 30%. In fact, it was 36%.
So I mean we're really leaning in towards the SaaS line of products for us. Our customer count grew 16% year-over-year. I mentioned 92% of our net new ARR with SaaS. We doubled our migration from SaaS ARR more than doubled year-over-year. As Matt said, the flex pricing models are also adding to that. So we're really pleased. And I think that in terms of the guide, it is what it is in terms of our expectations. We're still modeling that 90% to 95% net new ARR will come from SaaS, and we feel good about that.
Our next question will be coming from the line of Saket Kalia of Barclays.
Mark, maybe for you. I thought the use of Flex in migrations was -- or modernizations was really interesting, particularly how it's pulling through more of your emerging product. So maybe the question here is, what emerging products are getting pulled through the most in those types of modernizations? And Brian, as part of that, how do you kind of think about that emerging ARR mix sort of trending this year or long term? How ever you want to think about it?
I guess I'll pick up the first part. Thanks, Saket. Yes, I think as we've done this announcement of the agent framework. What we're focused on there is making it easier to kind of consume anything and everything related to this agentic move that customers would want. That was kind of, as Matt said, what we initially tried to focus on with our digital flex pricing model. But increasingly, we're like people just sort of want a consolidated answer for their agent move, and that gives them one. And so some of the things that we were calling emerging products are, in fact, rolled into that for sure.
We've pointed out in the past that the bulk of the emerging product growth, the scale of it was coming and the speed of it was coming from those digital flex related products, what we were calling MIS and AIS, et cetera. And then I think as we look forward to the emerging products mix going forward, we do see tremendous pull for this Agentic framework. Now that's the pipeline build we've been talking about. So I think Brian can give you a sense of how that emerging product part of our overall ARR growth, we'll be looking as we go into the rest of the year.
Yes. I think what we really look at is in terms of our NRR growth, it's really quite balanced. A strong component of that is migrations and emerging products and we're still early stages when you look at the migration opportunity, right? We have about $350 million of on-prem ARR sitting there. And as we've talked about, we typically see a 2 to 3x multiplier upon time that we migrate them from on-prem to SaaS.
And then also contributing to that is the emerging products, and we're still early days, especially with things like Agentic. We're seeing that on a relative basis, one of the fastest contributors. But again, early stages and a lot of upsell opportunity and cross-sell opportunity to come.
But to your point, I think about 1/3 socket of those migrations this year did include some of those emerging products. So we're seeing that become a natural motion as people move from to the security cloud, they're coming along with some of these emerging products, typically, again, those related to Agentic.
And our next question will be coming from the line of Keith Bachman of BMO.
I wanted to ask about the state of readiness on the AI side. What I mean by that is a part of what customers are looking for in the identity platform is real-time dynamics in that there's been some behavioral issues when AI agents are deployed. And so has that been an inhibitor in terms of the total platform as 1 example. You've announced that your governance capability for agents is now real time do you think that helps unleash incremental interest?
And the second part of the question is, are there other things that need to be addressed as we look out over the balance of FY '27, that would help generate incremental interest in the AI platform? Or do you feel like you have what you need to generate sufficient demand because really what investors are kind of looking for going to Rob Owen's question is, it doesn't seem to be showing up in the numbers.
Yes, I'll start with that, Keith, and I'm sure the other guys may jump in. Like we said, I think we are seeing customers much more active in dialogue and evaluations, which is why we're talking about pipeline build. I did I think if you go back to our commentary late last year or even earlier this year, we were saying -- we were seeing this momentum building, but we did it would start to necessarily affect the numbers in the first half, and we'll see how next quarter -- this next coming up quarter shows up. But more likely, we see some of that momentum, we think, continue to build.
The strategic -- SailPoint Agentic framework SAF, that has generated, as Matt said, a kind of an inflection in activity in our field, like these workshops and these engagements we're having where bringing together the identity and security and AI team is kind of a new thing in many of these very big shops. And when you get them in the room together, they start to realize, again, all those sides of the elephant that old metaphor. And so I think as we see that building, we see that what we announced in the Agentic framework with some of that real-time capability being very critical.
But I'd say the other move you'll continue to hear us focus on is how important it is to increasingly have a real-time view of the human environment because in our minds, what we're seeing from customers is the great majority of the Agentic things they're doing are going to be very tied into the human world. And so we believe that the big moat we are going to have is we understand that human governance world and the security posture of access privileges better than anybody across that human environment.
And since most of the Agentic work that's coming is tied to that. We think that's going to be a pretty significant driver for people seeing us as a critical part of this solution because I think they're trying to realize you can't manage agents in some sort of isolation from the rest environment when those agents are generally acting on behalf of humans. You have to understand the human security posture to know how to apply that to the agents that are working on their behalf.
So when you ask me, we got all the pieces, we launched a lot of new tech in the context of the Agentic framework. We've got an Analyst Day coming up, and you can continue to assume that we will be bringing more things out that round out that strong Agentic story in the context of the human. That's a theme you're going to hear from SailPoint very strong this year. And I think it's going to be challenging for others who don't have our legacy "historical" let me not say legacy historical context of the human environment in terms of how well they can manage agents. That's probably the main things I'd say on that. Does that help, I hope.
And our next question will be coming from the line of Peter Levine of Evercore.
Maybe just to follow up with some of the prior questions. You call out 14% of the agents are now nonhuman, 40% growth in nonhuman identities year-over-year. Is there a way for you to quantify what that equates to in ARR or ACV. And then second, are you seeing customers willing to pay separately for discovery versus governance versus real-time enforcement. Maybe just kind of pinpoint a little bit more on what your customers are willing to pay for in terms of nonhuman identity monetization.
So just as a data point, 20% of our net new ARR came from our emerging products, of which a significant portion was AI generated. And again, this is still early days for us. I mean we're just on the launch of our SailPoint Agenetic Fabric. We've got new pricing models coming out. So really excited about the potential, and we're also seeing, as we mentioned, the pipeline doubling for AI quarter-over-quarter.
So I think that we are really well positioned heading into the rest of the year. We expect it to show up towards the latter half of the year. We're building very minimal into our guidance for the time being. So we would expect this to be of a net positive.
And our next question will be coming from the line of Gray Powell of BTIG, LLC.
Yes, I guess maybe a follow-up on some of the AI security offerings. So I'd really be interested, like how often is the buyer of your core identity product, the same persona that you're selling as an identity security into? Like is this a CSO motion? Is it a completely separate AI buying center? And then when you get into these discussions in more detail, who do you find yourself most frequently competing against for agent identity security?
Greg, this is Matt. A couple of things. Look, yes, the personas are changing. I think we've shared this in the past, we've kind of created an overlay sales group or that's -- I think of them as hybrids, right? They bring a much greater depth of knowledge, much like an SE but they do it in a way maybe you want from a sales rep, right? And if you look at these guys, they really get out of the traditional silo of selling up through the Identity Group into the CISO and CIO.
There's 2 other groups that we find that are pretty common now in these companies. One is AI and the other is the security groups. And the 3 of them together kind of drive this. Now what's interesting is, if you were to just go up the traditional silo up to do identity management, you're going to be missing out on a lot of opportunities. It appears that in a lot of these companies now, the budget in of itself is actually on the AI side of the house. So we've made a huge effort to work our way up there.
These workshops that I inserted you earlier, they all kind of start with that AI team. And through that, we pull in the traditional identity management and then security teams because I do believe it takes all 3 of them ultimately to be able to get through this. I think the contract still gets signed and come up through your traditional CIO rank and vial. But a lot of the budget money and a lot of the process will go through the AI team. So that's becoming a pretty common place.
As it relates to the competitive landscape, look, I don't know there's a lot of conversation around Palo Alto and Cyber Okta. To be fair, we still don't see them every day. We're running to a mono occasion, especially in the areas that we get into. I think probably more of the common conversations around some of the emerging players in the Agentic space. And I think the thing that's really interesting is everybody wants to know what they don't know. So discovery is a big thing and then the ability to actually see what you discover. And that's what a lot of these smaller emerging companies do, and they're pretty good at that.
The problem is, once they discover the problem and they tell you about the problem. They don't have any wherewithal to be able to help you solve the problem. And that's kind of where we come in. We'll discover it, we'll give you visibility to it, and then we'll give you the ability to take action on government, remediate it, if you need be, right? And so yes, we see those folks often, but we don't really lose too much when we start talking about all of the whole package relative to being able to discover and then actually do something about the problem.
And our next question will be coming from Shaul Eyal of TD Cowen.
So it appears as if the focus today seems to be driving more adoption. But over the next few years, what is the monetization framework. Should we expect revenue growth to be driven primarily by increasing numbers of nonhuman identities or broader platform adoption or just a shift towards more consumption-based pricing or maybe all of the above? Just trying to frame it.
Yes. No, look, I think we would tell you that you're going to see the vast majority of growth coming around the nonhuman. And then I think if you look at our pricing, we've identified what we call performance metrics, and there's about a half dozen of them that really have to do with what you're doing with these nonhumans. So like API calls, how many workflows you're using storage, how long -- if you're using our graph, not only the mandate you're putting there, but how long are you keeping it for? I think we call aggregations where it really talks about the complexity of your environment all of those things will be part of the consumption-based pricing going forward.
And our next question will be coming from the line of Todd Weller of Stephens.
Just, Brian, maybe a question for you. Could you talk about the outlook for the term piece of the business for the rest of the year? And if there's anything we should be thinking about on that front?
Yes. I think we're still seeing this play out as expected with the ongoing acceleration of SaaS over term. We would expect 90% to 95% of the net new ARR to be driven by SaaS. And again, that's a reflection of all the innovation that's going into the SaaS platform and the strong migrations that we're seeing showing up in the pipeline. So I would model it -- continue to model it that way. Again, as a reminder, as we go through that transition, does present a little bit of a headwind to revenue growth and also operating margins that we called out last quarter.
Our next question will be coming from the line of Joshua Tilton of Wolfe Research.
Maybe just a follow-up to the last question. Is there any way you could help us understand what SaaS net new ARR is growing when you back out the benefit from this conversion story? And just maybe remind us what you guys are expecting as a contribution to SaaS ARR growth from conversions this year?
So we can talk about this in total ARR growth we typically say out of the net revenue retention of 113%, we're like low single digits when it comes to the impact of migration activity and that's been fairly consistent. It's one of the bigger contributors to the net revenue retention. And then with respect to your second question on the growth of migrations for the year and the contributor.
We're modeling internally. About 10% of our on-prem base would migrate towards SaaS. It could go up from here in terms of the ongoing opportunity that AI represents for us. But for now, we would expect it to be about 10%. And that's on top of the 15% we've migrated life to date.
Are you guys tracking ahead of that 10% today? Like how should we think about that in the quarter?
Pretty much right in line with that through Q1.
And our next question will be coming from the line of Matt [ Matt ] of RBC Capital Markets.
I guess for Mark or Matt, you talked about a strong demand environment. Obviously, AI is driving a lot of interest in SailPoint. I guess I'm wondering a lot of the other saver calls that we're having that focus is on [ methos ] and a lot of, I guess, concern questions about what that means for cyber spending. I guess you didn't bring it up in your script. So I imagine there's probably not much of an impact on your sales. But I'm curious, is there an element of that slowing down customer buying decision because they're just so concerned about the threat of methos.
Matt, it's Mark. I'll take that one. I was wondering if this might come up in some fashion, I had a really interesting conversation with 1 of the lead players in one of our key partners yesterday I think what we may see is an interesting kind of 2-part story there, right? What the initial release of ethos and the other products from open AI that are similar with the security tools that can find vulnerabilities has shifted a lot of focus to patch, right? We got to close all these gaps and close all these exposures in our code.
But I think we're going to see very shortly behind that. How those same kind of tools are going to get used to try to work identity-based compromise, not patch discovery, like how can a tool like a ethos be used by a bad actor to compromise identity and find their way into systems using some sort of credential compromise, let me just call it that, Matt.
And I think when we see that, and I think we will see that. I think it's going to draw even more attention to how much risk is associated with identity, not just bad code. There's clearly risk with bad code. We're seeing some of those stories come out where the tools are just -- the AI tools are discovering not great code that needs to be fixed or the bad actors can exploit it. We know that bad actors without AI have already gotten pretty good at exploiting identity of vulnerabilities. When you point these tools at those issues, I think we're going to see an escalation of that.
So I think the short answer, Matt, is we're not seeing it yet in our pipeline, I would say, directly. I think we'll see some identity compromises from these tools, and that I think we'll put more spotlight on that. In the short run, there is, I think, an increase in security budget focus, and it is, I think, largely focused on these vulnerabilities and patches. But I think right behind that, you're going to see how those same tools are used to exploit identity vulnerabilities, and that's, I think, going to continue to put some tailwind into our story.
Our next question will be coming from the line of Richard Poland of Wells Fargo.
I think we talked a lot about, I guess, the direct monetization opportunity around AI as well as some of the migration stuff. Is there any, I guess, conversations you're having with customers now that they're kind of like, hey, we really do need to modernize our overall identity stack. Maybe they didn't have IgA prior and now they need it. Anything like that, that you're kind of seeing as like some of the initial lift as these budgets open, just to kind of follow up on Matt's question.
I'll jump in and probably Matt will add to this one, Richard. I think what we find is part of the reason when we launched the Agentic fabric that we allowed that to be sold independently, not only into our IQ base, but even to some of our competitive legacy players like the IBMs and the Oracles of the world is. in a great world, in our minds, customers would get all their human identity all showed up and fixed and then they would move forward to Agentic.
There is so much concern about the Agentic world. We wanted to say, if you want to get an initial foothold going there, we'll help you do that with the Agentic framework. But again, we're going to stand by our point of view that your ability to manage Agentic really well will be hampered unless you also have great controls over the human side. So what we may find is people leading from either competitive products or even our own IQ products into the Agentic Fabric first. But in most cases, we would like to see people get down the path with a very strong, robust human management that then extends into these agents, which, again, in our minds, are primarily tied to humans in their activity this year and into the future.
So that's the path we'd like to see them take. That's the path we think is most beneficial. But because of this market pull for this concern around genetic, we needed to make sure that offering was available to anybody no matter what their legacy IGA position.
And Richard, I would just add, look, I think you're spot on most customers and prospects we talk to, they have this mindset that they got to solve a Agentic and they have a of problems, and then they go directly to. But look, I've got other problems, right? I mean you look at our surveys, there's a ton of customers, most of them like 60% are in the early stages of their IgA deployment, if you can believe that. And so when you look at what we have built in our next generation, our Agentic business an Agentic business plus.
We're extending our single enterprise platform to govern every human and every nonhuman identity under one consistent policy framework eliminates all these identity silos. Organizations can apply uniform compliance, auditing and risk management across their entire workforce. So you're getting a hybrid solution that handles your traditional governance right, and gives you a pathway to be able to move into the Agentic world. So that's certainly top of mind for us.
Yes, we think folks are going to adopt -- as Matt said, one of these new kind of start-up Agenetic tools and try to say, marry that with an old IBM deployment, they're going to run into all kinds of issues very quickly and trying to get a single comprehensive view of their identity risk across that landscape. So we'll see some of that activity. I think still in the market where people are buzzing about Agenetic and they need to go grab some tool and there's some "sexy tools" coming out of the startup of Silicon Valley world, but I think it's going to become very part very quickly.
You can't manage that in isolation. And if you don't have a strong human identity framework to tie it to, you're going to have issues. So we're watching some of that unfold and we'll keep folks in mind who have made that earlier choice of a start-up tool and see how that's going in the 6-month period.
And our next question will be coming from the line of Jonathan Ruykhaver of Cantor Fitzgerald.
I'd just like to dig a bit more into digital identity Flex. And just what are you learning about customer adoption patterns. Are customers consuming more machine identity capacity or agent identity capacity today? Or is it a mix?
Yes. Look, I do believe there's this -- in virtually every customer and prospect we talk to this process of figuring it out or discovery, right, understanding what we have. We've got a number of tools now that you actually go out and they'll tell you from a take Shadow AI for instance, what everybody in your company is using, what data they're using, and that in of itself kind of becomes a big opportunity builder because most don't have that kind of data. And we've said, I think, as others have, you can't govern and manage what you can't see. So that's a big part of the process in building out this comfort level, if you will, for people who are interested in solving the problem.
Yes. And Jonathan the only thing I'd add to Matt's point there is the all non-genetic part of nonhuman that's clear, right? In other words, there's all these machines and service accounts and bots and all that so there's already risk associated with that, that people, I think, are attuned to. What we believe is as Agentic starts to really take off, there's a huge tie to those kinds of capabilities in the Agenetic world, meaning agents are going to be leveraging service accounts and other technologies to do their work to access data.
And so not only is there a big unsolved problem today in pure nonhuman pre agent, if you will, but that problem with all the other types of nonhuman is going to get much more difficult in the context of an exploding agent usage because all those agents are leveraging all those other nonhuman types of technologies to do their work. So it's both an existing unsolved problem, pre agent, if you will. And now it's going to get escalated as agents leverage all those other nonhuman identities to do their work.
And our next question will come from the line of Gabriela Borges of Goldman Sachs.
I think the [indiscernible] to Matt, there is some really interesting commentary about [indiscernible] steel teams to customers, a combination of AI experts, security experts, architecture experts. My question for you is, how much are you noticing heterogeneity versus margin and how customers are approaching the end take problem, meaning are you finding that customers are looking at -- because they're looking at all kinds of different ways to solve the Agentic problem, they end up having to maybe customize some of the SailPoint offerings and you need to probably solve with them more because every customer is sort of a unique animal. Maybe just talk a little bit about whether you're seeing consensus on different types of Agentic strategies and whether it still feels like the wallet there.
I'll jump in and let Matt add to that, Gabriel. Look, I think what we're seeing is in the type of large complex enterprises we have traditionally excelled at serving. They are going to have a plethora of different types of agents. They're going to have the vended agents from all of the big names you'd expect the service now the sales forces, the workdays, et cetera. And they're going to have a lot of bespoke agents that they're developing internally uniquely for their environments and therefore -- and they're going to develop some in their AWS environments. And they probably already have other hyperscaler environments like Azure in their environment.
These big shops are almost never homogenous in any way, shape or form about technology. And that complexity, that heterogeneity is why a platform like our Agentic Fabric is so attractive to them because it says we can give you a single comprehensive view of all of that agent world, no matter where it's come from, whether it's come from vendors or your own development across various different environments, that's what they're attracted to, what they're actually focused on varies customer to customer, frankly.
And you're right, it is the classic enterprise challenge of every customer is kind of a snowflake, not to confuse it with the company's not like. It's just a unique configuration of technologies in every one of these shops, and that's why a kind of cross-platform we'll handle whatever you've got. And as we -- Matt and I've been saying in the context of your human identities is such a unique value prop to these customer thinks, why they're pretty excited about engaging in these workshops and trying to understand how to solve the problem comprehensively.
I would just add, if you listen to [indiscernible] tell you that our platform really is that aggregation point of all things context-wise from an identity perspective. So we talk about bring your own end points, bring your own discovery we'll take all that in, as Mark said, because there is a huge amount of diversity in each of these -- you get into some of these larger enterprises, right? So I mean that's our objective to become that gathering point for all of this type of context and bringing it together in the form of identity.
And we do have time for one more question. Our last question will be coming from the line of Junaid Siddiqui of Truist.
Great. As the number of agents proliferate in an enterprise, there's this concern that's going to potentially reduce the number of human seats. So are you seeing any pressure on seat expansion or consolidation within your installed base or seeing any increase in seat-based pricing scrutiny and optimization efforts across the enterprises?
Yes. This is Matt. look, I think there's always talk, right? And there's -- just based on all the headlines and all the media, there's always talk about seat compression. I don't know that we've seen much. I think the thing you have to remember is that -- when you think about all the different contracts that are out here in these companies, they're all seat-based, right? And a little procurement people -- everybody, that's their point of where they recognize how this thing all work.
So I think the seat-based pricing is going to continue to be around. I don't necessarily think it's going to fall off the chart here anytime soon. It's kind of what we've used as an anchor. I think a lot of others are kind of going down that path. But to your point, I don't -- we haven't really seen a big reduction in seats or humans at this point.
And the opportunity coming from the nonhuman is far outweigh the kind of deceleration we would see in the human identities.
And I would now like to turn the call back to Mark for closing comments.
Well, thank you, everyone. Appreciate you joining the call today. I think if we'd leave you with a closing thought. It's that we are still in the very early innings of this Agentic revolution, particularly how companies think about the security aspect of it. And we've got a good, healthy growing business, especially with a little bit of that FX effect almost kind of down the fairway of where we've been really in many respects.
But we're signaling as clearly as we can, that we see significant momentum building. And to the question many of you have asked, we do think that will start showing up in the numbers. We are excited for that potential. And we'll try to reflect that as appropriate in future guidance as it makes sense.
But for now, we feel very good about our position competitively and how customers are reacting to the story. So we'll keep you posted as things continue to evolve. But thanks again.
And this concludes today's conference call. Thank you for participating. You may now disconnect.
Transkripte auf Deutsch freischalten
- Alle Event Transkripte auf Deutsch
- Sofortige Übersetzung
- KI-Zusammenfassungen für die wichtigsten Insights
SailPoint — Q1 2027 Earnings Call
SailPoint — Q4 2026 Earnings Call
1. Management Discussion
Thank you for standing by, and welcome to SailPoint's Fourth Quarter Fiscal and Full Year 2026 Earnings Conference Call. [Operator Instructions]
I would now like to hand the call over to Scott Schmitz, VP of Investor Relations. Please go ahead.
Good morning, and thank you for joining us today to discuss SailPoint's fiscal fourth quarter and full year 2026 financial results. Joining me today are SailPoint's Founder and CEO, Mark McClain; and our Chief Financial Officer, Brian Carolan. For the Q&A portion of today's call, we will also be joined by our President, Matt Mills.
Please note that today's call will include forward-looking statements, and because these statements are based on the company's current intent, expectations, objections, they are not guarantees of future performance and a variety of factors could cause actual results to differ materially. This call will also include references to non-GAAP results, which excludes certain items that do not reflect our underlying business performance.
Please reference this morning's press release and our supplemental earnings presentation posted on investors.sailpoint.com for further information regarding our forward-looking statements and non-GAAP financial measures, including reconciliations of such financial measures to the nearest comparable GAAP financial measures.
And with that, I'd like to turn the call over to Mark.
Thank you, Scott. Good morning, everyone, and thank you for joining us today. We just completed fiscal year 2026 with outstanding results that underscore our ability to deliver growth at scale. This has been a remarkable year for SailPoint as we continue to perform at an exceptionally high level. Our performance puts us at a level that we believe few companies in software and cybersecurity can claim.
To back that up, let's look at the key metrics for fiscal year 2026. We crossed the $1 billion ARR threshold. We delivered 28% overall ARR growth and a consistently strong 38% SaaS ARR growth. These are incredible results. To put this in perspective, our ARR growth of 28% year-over-year, plus our adjusted operating margin of 18% gives us a rule of 46. This places us in a rare stratum of high-performing companies at greater than $1 billion in scale.
Our journey to this point is the result of relentless innovation and unwavering execution. These efforts have enabled us to effectively meet the increasing demand for modern, adaptive identity solutions. The combination of visionary product development and operational excellence has positioned SailPoint as a leader in the market, driving our continued success and instilling confidence in our ability to deliver value to our customers well into the future.
This past year was also defined by a rapid pace of product advancement. We believe we pushed our industry forward, making identity security more adaptive, more real time and more integrated within security operations. At a time when organizations are being pressure tested due to the extraordinary rise of agentic AI, we believe we are delivering the modern security foundation they need.
Our 38% year-over-year SaaS ARR growth is a powerful indicator of both new and existing customers actively choosing to modernize with SailPoint. Our SaaS customer count grew by 16% year-over-year and our ARR per SaaS customer accelerated to 19% year-over-year growth in fiscal '26. Our recently introduced flexible pricing model and new AI-fueled innovations are turning customer interest into tangible growth and reinforcing the clear momentum in our SaaS business.
The second piece of context for our performance is the topic at the top of everyone's mind: AI. Now there is a very active debate happening in the market right now about what AI means for the future of software. I want to address this head on because from our perspective, the answer is clear. The more autonomous and agentic software becomes, the more essential enterprise identity security becomes.
This isn't just about human users anymore. We are experiencing an era defined by an expansive nonhuman workforce. Armies of AI agents are being built by business users operating at machine speed and creating an explosion of identities and access points that legacy static security models simply cannot handle. But while the scale of this agenetic workforce is new, the core challenge of securing nonhuman identities is not new to us. We have been governing service accounts, bots and other machine identities for years.
For us, securing this new army of AI agents isn't a reactive pivot but a natural evolution for a platform architected for this very complexity. In this new world, you cannot secure what you cannot see and you cannot govern what you cannot define. The fundamental question of who or, now, what has access to what doesn't go away. It becomes exponentially more critical and complex. For SailPoint, this isn't a disruption to be managed. We believe it is the single greatest market expansion driver we have ever seen, and that solidifies our position as a foundational security control plane for the modern AI-powered enterprise because now enterprise security is identity secured.
And we believe no one is better positioned than SailPoint to help customers navigate into this new world. That is why we believe SailPoint is a significant beneficiary of the AI revolution. Our confidence rests on four deep compounding advantages that we believe are unique to us. First, experience. We have spent 2 decades exclusively focused on solving the most complex identity challenges for many of the world's largest organizations. It's a deeply vertical and horizontal challenge that cannot be solved by general purpose AI alone.
Second, data and context. Our experience has allowed us to build a strategic moat through our use of data and context to deliver unparalleled precision and intelligence. Third, ecosystem. We are the control plane for enterprise security, deeply woven into our customers' operations with thousands of entitlement level integrations. New AI agents don't replace this. They must plug into it, making our platform the essential foundation.
And finally, all of this culminates in our most valuable asset, trust. Many of the world's most complex organizations choose us because we are proven and battle tested. This trust is our currency in a market that cannot afford to risk its enterprise on unproven technology. We believe AI, coupled with our extensive domain knowledge built over decades, will prove itself a true game changer in the coming years.
Today, our solution for solving the AI identity challenge integrates AIS, MIS and DAS solutions with more capabilities coming. We package these for easier adoption as part of our Digital Identity Flex pricing package. This approach is rooted in our long-standing philosophy of securing every identity, not just counting seats. It aligns our business model directly with the explosion of both human and nonhuman identities, helping to ensure we grow and benefit as our customers' agentic workforce expands.
Therefore, when you think about our role and AI beneficiary, it's critical that you look beyond a single product line. The right mental picture is to see how the vast majority of our portfolio is built with AI to secure the AI movement. From our extensive connectivity framework to our entire AI-enabled platform, we believe that all that we've developed has prepared us to be the guardrails for the agentic future. We believe we are built for this new world.
And our customers are validating this strategy with their investments. In total, we closed more than 500 transactions directly tied to our new innovations. In Q4 alone, our AI solutions have seen remarkably fast uptake with numerous Fortune 1000 companies among the early customers. In fact, nonhuman identities accounted for approximately 25% of our SaaS identity growth in Q4 and now represents 11% of our SaaS identities under governance. In parallel, our Navigator select pricing model also continues to gain traction, helping to accelerate adoption of our new offerings.
And finally, let me share two examples from the quarter around how our customers are adopting our latest innovations to tackle these emerging identity challenges. First, take the example of a global semiconductor leader. As they undertake a massive modernization initiative to reduce technical debt, they face a critical challenge: securing their highly automated environments.
They chose SailPoint to govern their explosion of AI agents, service accounts and machine identities at scale. In addition to modernization as a main driver, their decision hinged on a desire to innovate at full speed, knowing that every identity, human and nonhuman, is secure and under control.
And second, a major technology infrastructure provider chose SailPoint's Agent and Machine Identity Security solutions to meet a mandate centered around preventing over permitted access between human users and AI agents while enhancing compliance with regulatory requirements, such as SOX and GDPR. These proof points support our belief that our strategic advantage is real.
So now let's pivot to how we plan to capitalize on this momentum and convert our unique position into even greater scale. Looking ahead, we expect FY '27 will be the year of AI adoption. This is a reality being shaped by a market that is rapidly evolving and a platform built for this exact moment. For us, this isn't a single motion but a two-pronged engine for durable growth.
First, we plan to deepen our footprint within our existing customer base. As customers accelerate their shift to SaaS and confront the explosion of AI identities, we believe we are the right partner to help them navigate this shift. Our adoption of a flex pricing model and our AI-powered platform are designed to help our customers expand their programs and modernize with us.
Second, we believe our platform's power and clarity of vision make us more attractive to new customers than ever before. We are seeing increasing demand from organizations that want to build their security program on the right foundation from day one. The same advantages that make us essential to many of the world's largest companies are creating a clear opportunity for SailPoint in the era of AI.
Our ability to drive both of these motions is enabled by our platform's true moat: our governance foundation. In a world of AI agents operating at machine speed, static periodic governance is no longer sufficient. We are defining the new standard of adaptive identity, a standard that ultimately drives towards real-time governance. For us, that means enabling two critical states: least privilege access and, wherever possible, zero standing privilege. This is made possible by our differentiated ability to link users, machines, agents, applications and pieces of data in a single correlated data model.
And the power of that foundation creates what we call identity context. This comes to life in two critical dimensions: visibility and intelligence. We provide the visibility to extend the governance across the entire universe of identities, confronting application sprawl and securing every entitlement. We've recently extended this visibility to help customers explore the depth of AI usage across their enterprise with our just announced SailPoint Shadow AI Remediation solution.
But visibility is just noise without context. That's why we also deliver the deep intelligence to understand the meaning behind that access, moving beyond who has access to answer what they can do, when and at what risk level. This identity context combination of visibility and deep intelligence is our most significant advantage. It's what enables our customers to move from simply asking who has access to confidently being able to answer whether that access is appropriate, safe and being used correctly right now.
Competitors may offer a fraction of one or the other. We deliver both with the granularity and depth that have always been the hallmark of SailPoint. This is such an exciting moment for the company. We believe we have the right strategy, the platform and the team to continue defining the market through our leadership for years to come.
Now to walk you through the financial details of this outstanding year, I'll hand it over to Brian, our CFO.
Thanks, Mark. Good morning, everyone, and thank you for joining us today. We finished the year with a great fourth quarter, bringing our annual recurring revenue to $1.125 billion. This represents 28% year-over-year growth, a rate we have consistently maintained for the past 3 quarters, underscoring the strong and sustained demand for our identity secure platform at scale. This growth rate is more than 500 basis points better than our initial FY '26 ARR guidance.
Our SaaS ARR continues to be a powerful growth engine, delivering ARR of $746 million, an increase of 38% year-over-year and accounting for 90% of our net new ARR for fiscal Q4. This strong performance is a testament to our SaaS-first strategy and growth in our emerging products. In fact, net new ARR from our emerging products more than doubled quarter-over-quarter, accounting for approximately 17% of our net new ARR in fiscal Q4.
And what's even more impressive is that the total ARR from existing customers who adopted for our AI identity solutions, which includes AIS, MIS and DIS or DAS, expanded by more than 50% year-over-year. We believe this is an excellent leading indicator of our future growth, demonstrating that as customers prioritize a comprehensive identity security strategy, they are turning to SailPoint for innovation.
As a result, we're seeing customers commit to larger deals to secure their environment. This past fiscal year, our average ARR per SaaS customer grew to over $380,000. That's an increase of 19% from last year and more than double what it was 4 years ago. We closed the fiscal year with 215 customers exceeding $1 million in ARR. That's a 34% increase from the previous year and a clear indicator of our success in both landing large new enterprise customers and expanding our relationships with existing ones.
Our customers are increasingly choosing to modernize by migrating from our on-premise IdentityIQ solution to our Identity Security Cloud, or ISC. They are making the strategic move to leverage the continuous innovation we are building into our cloud platform. This trend is not only growing but also broadening. Initially, it was primarily our perpetual license customers moving to SaaS. Now we are engaging in more of these strategic conversations with our term license customers as well.
This expanded migration trend represents a significant opportunity for growth. Our existing perpetual and term license customers combined represent approximately $350 million in ARR. With a typical 2 to 3x uplift upon migration, this translates into an opportunity approaching $1 billion. We view this as a dormant growth tailwind and confirmation that the market is moving toward our strategic vision. It reinforces the incredible momentum we see in our SaaS business and a significant interest from customers ready to modernize their identity programs.
Importantly, our gross retention has remained strong and steady at 97% this year. We believe this speaks volumes about the value our platform provides and the trust we've earned from our customers in addition to representing an exciting path to ARR expansion. In the fourth quarter, our net revenue retention remained strong at 113%.
Looking at our overall financial performance for the fiscal fourth quarter. We delivered revenue of $295 million, an increase of 23% year-over-year, with SaaS revenue growing 37%. Our adjusted operating margin in Q4 was 20.6%, an expansion of 160 basis points year-over-year. We also continued to generate strong cash flow with $64 million of cash from operating activities and $57 million of free cash flow, which represents a 19.5% free cash flow margin.
For our fiscal year 2026, we delivered revenue of $1.071 billion, an increase of 24% year-over-year with SaaS revenue growing 35%. Our adjusted operating margin for the year was 18.1%, an increase of 270 basis points.
Turning now to guidance. For simplicity, I will refer to the midpoint of our guidance ranges where applicable. Full details can be found in this morning's press release and supplemental earnings deck, where you can also find additional modeling notes.
For the fiscal first quarter of 2027, we expect ARR to be $1.155 billion, up 25% year-over-year. We expect revenue to be $275 million, an increase of 19% year-over-year with adjusted operating margin of 11.1%. We expect our diluted share count to be approximately 568 million shares and adjusted EPS to be $0.04 to $0.05.
For our fiscal year 2027, we expect ARR to be $1.361 billion, up 21% year-over-year. We expect revenue to be approximately $1.265 billion, an increase of 18% year-over-year with adjusted operating margin of 18.5%. We expect our diluted share count to be approximately 580 million shares and adjusted EPS to be $0.32. We expect to generate approximately $200 million of free cash flow in fiscal year 2027.
Our guidance assumes a continued shift towards our cloud platform with 90% to 95% of net new ARR coming from SaaS in FY '27. If we assumed no change in SaaS mix relative to FY '26, our guidance for revenue growth would be approximately 300 basis points higher and our adjusted operating margin would be approximately 200 basis points higher. We believe making a more conservative assumption with our term forecast is the right approach given the increased interest in our SaaS solutions.
In summary, we believe our strong results, consistent growth at scale and innovative product road map position us well for continued success in the AI-powered future. We remain committed to driving durable, profitable growth, and we are optimistic about our ability to deliver long-term value to our shareholders.
With that, let's invite Matt Mills, our President, to join us and open the call for questions. Operator?
[Operator Instructions] Our first question comes from the line of Saket Kalia of Barclays.
2. Question Answer
Brian, maybe for you. I'd love to jump right into the ARR guide here for fiscal '27. I think the moving parts in the revenue guide make a ton of sense just given the strength you're seeing in SaaS and what that means for rev rec on term. But from an ARR perspective, can you just talk about how you're thinking about the on-prem component next year in terms of churn versus conversion? And zooming out, whether the guided philosophy on ARR is different going into fiscal '27 versus fiscal '26.
Okay. Saket, thanks for your question. First of all, we feel like this is the appropriate place to start the year for our initial guidance, start the year out. We obviously have strong momentum heading into the year. We've demonstrated 28% ARR growth for the past 3 quarters in a row. We're doing this at scale, well above $1 billion at this point, with 38% SaaS ARR growth. So I think we're demonstrating healthy demand. We have a strong pipeline. We've demonstrated strong and steady gross retention at 97%, which is a great place to be.
And I think the innovation is really driving customers towards SaaS, both new customers and existing customers. We do have a very strong migration pipeline. As I mentioned on the script or call, we have a $350 million opportunity. That's broken down between about $210 million of term with the remainder of $140 million coming from perpetual maintenance. I think we said in the past, we typically see a 2 to 3x multiplier on that at the time of migration, and then it grows with emerging products and other add-on and cross-sell opportunities.
There's really no fundamental change in our business. There's no change in the competition or win rates. We feel like we're simply taking a prudent approach to start the year. We feel good about this. We feel it's the right place to start, and we'll take it from there.
Our next question comes from the line Matt Hedberg of RBC.
You guys launched Navigators recently, and it really does feel like that's going to help customers think through even the longer-term usage of SailPoint, whether it's humans or nonhuman identities. And so I guess I'm curious, kind of initial reaction to that. And when we think about AIS' impact to fiscal '27, how have you thought about the impact of that, I guess, Brian, from kind of that initial guide?
You take the pricing. Matt, look, I think like any of these new pricing model, it takes a bit to get them going. It showed up big in our fourth quarter. I think we'll talk about this later, but the migration, it was a strong migration quarter. And our flex modernization was pretty significant in driving a lot of that. And just to remind you what that is, it's kind of taking the economics of having two sets of IP via SaaS and the perpetual, right, and running it into a single economic stream. So it makes it much, much easier for these customers to get going.
And quite frankly, it's always year 1, right, year 1, maybe year 1.5 that they try to get through from an economic perspective. And this flex premier modernization has been instrumental in helping us really get through that in accelerating our migrations.
And Matt, I'll take the other one just in terms of the AI identity solutions. So I think I mentioned on the call, about 17% of our net new ARR came from what we call emerging products. And a good portion of that, significant portion comes from the AI identity solution that includes AIS, MIS and also DIS or DAS, data access security. We're actually -- to start the year, we're factoring in [ workflow ] into our [ initiative ]. We expect that to ramp throughout the year as we go along.
Our next question comes from the line of Rob Owens of Piper Sandler.
I want to build on Saket's question a little bit. And Mark, I appreciate your commentary around this being the single greatest market expansion driver you've ever seen. But if we look at fiscal '26, we saw moderating ARR beats throughout the year. And then if we look at the initial guide for ARR, it's not really showing durable growth. So maybe help us understand just how this year played out relative to your expectations. And then as you look forward in the coming fiscal year, just what's in the guide for AI and agentic in that potential inflection? Or have you discounted all of that out of the guide?
Rob, it's Brian here. I'll start, and I think Mark might add some color commentary on this. So I think we've been able to demonstrate very consistent growth throughout the year. So we feel good about doing this in a very balanced manner. So it's a balanced growth in terms of half of that came from new customers and half came from existing. So we view that as durability going out to the future. And certainly, there's going to be an inflection point with a lot of the emerging identity types on the nonhuman identity side. When that inflection point happens, we can't pinpoint precision with that. But we do know it's going to happen. We're factoring very little into the initial guide, but we do think it's going to build over time.
So we feel like this is the right place to start the year. I think we've been able to demonstrate an outperformance as the year went along in FY '26. Hopefully, we can continue that in FY '27. But we simply want to be prudent with the starting point and then build from there.
Rob, thanks again for the question. Yes, look, you've got a strong time. We're not kind of prone to overhyping things. And I think when we talk about this being a significant TAM expansion, it's because of the momentum we see building with these large strategic customers where we spend a great majority of our time. And obviously, as Brian says, we see some ramp coming from the customers as they get into "the year of deployment". We talked a lot about how last year was a lot of, I don't know if I'd call it experimentation, but a lot of flying out various parts of the agentic and AI world in the mid- to large customers. And now people seem to be ready to move into more production.
So they are talking to us very actively about how they need to secure this agentic environment, and so that's the kind of demand curve we see building. But again, it's just prudent in our minds is not to kind of build that into an initial commitment to The Street here. But we see it coming. And we don't think anybody actually in the market doubts that, honestly, Rob, I think what everybody is questioning is who's going to be the winners. And our contention continues to be to manage this well, you have to have the things that are kind of unique to our traditional value, which is a breadth of understanding of all the identities in the landscape and the depth of the detailed entitlements and data those identities can access. And that just gets more complex and much more real time in this emerging world of agentic.
And we just feel like we are very well positioned to capture that opportunity and our customers and prospects, and Matt will probably pick this up later in the conversation, maybe, but that's what we're hearing from them. And we're seeing that interest and they're talking to lots of vendors, obviously. They seem to be very pleased with what we're describing as where we're headed here and what we are delivering. We've been out in the market for a few months, in many cases, where people are now just making announcements with future delivery dates. So I would kind of highlight that.
Our next question comes from the line of Brian Essex of JPMorgan.
Maybe, Brian, I know we're going to get a lot of questions on this today, so I just wanted to put a finer point on the ARR guidance and maybe from the perspective of what you saw this year versus what you're contemplating for next year. I think if I look at what you delivered this year, $248 million of net new ARR growing 27%, which was phenomenal, gross retention rates are best in class. So we don't really -- it seems as though you don't have to worry about filling a leaky bucket. But the top end of your guide implies maybe $241 million net new ARR. So I just want to understand from what you were able to deliver this year, from a sales productivity perspective, how should we think about the levers that you have in place and the assumptions with the guidance next year just so you can get a sense of the level of conservatism and how much effort from sales productivity and investment in sales and marketing is required to kind of like exceed that expectation?
Sure. Thanks, Brian. So I think we've demonstrated that durability and the growth profile and I think that's what gives us a lot of confidence going into this year. Again, we feel like this is the right starting point. We hope to build from there as the year goes along. But we still see a lot of opportunity both in new logo acquisition. We still see a lot of opportunity in what we call our target account list. We're about 15% penetrated. That's a 15,000 named account list that we continue to go after, lots of white space there. We are landing larger deals. We're up about 20% on average for ARR per customer for the past 2 years. Once we land them, we keep them. We have a 97% gross retention rate and then we expand with them consistently in that 113% to 115% range throughout the year.
And we still feel like it's early in terms of the emerging products and cross-sell opportunities that we're seeing, not only the explosion of identity growth, especially nonhuman identities. And again, we started seeing contributions right away from the emerging modules, which contributed 17% of our net new ARR growth. And then let's not forget about the migration opportunity. So we have about a $350 million opportunity. That means only about 15% of our on-prem ARR have been penetrated. We still have $350 million to go.
You start doing a 2x to 3x multiple on that at the time of migration, and then it grows from there over the next several years, I think we look out into FY '27 and beyond and we have a lot of tailwinds in our favor, a lot of opportunity, again, from new logos and also expansion within our existing customer base.
Our next question comes from the line of Meta Marshall of Morgan Stanley.
Great. Wanted to ask a question. The 50% uplift in ARR from those adding the new modules, that was particularly interesting. I guess I just wanted to get a sense, is that kind of what we would expect as the normal uplift? Or they might have just adopted 1 of the 3 products, and so that's not kind of a fair necessarily kind of total uplift potential calculation, if that makes sense.
Meta, it's Brian here. I would say it's still early days. We're very pleased with the early traction and early success that we're seeing. And hopefully, that's a leading indicator of what's to come in FY '27 and beyond. But I think it's resonating with customers. I mean, these emerging products, many of which were just unveiled over the last 6 months, are starting to take hold. And more importantly, I think they're showing up in customer conversations and funnel and pipeline opportunities.
Our next question comes from the line of Keith Bachman of BMO.
Sorry to go back to the guide for a second, but I wanted to -- what is compressing? If I think about the formula, you've been growing ARR, as you mentioned, 28%. And you're getting about half, 114 net retention rate. So if you think about the guide, 21%, and all the attributes that go with it, is the assumption that the net retention rate will continue to compress and/or new logos will slow? Because all the characterization that you've given about the on-premise migration, potential new products, I'm just a little bit surprised about the implied rate of deceleration even if we assume some conservatism. So is it a slowing of the retention rate or new logos or both? Any color you could give there would be appreciated.
Keith, it's Brian, and I'll take that. Again, we feel this is the right place to start. There is no fundamental change in the business. There's no change in competition or win rates. We're simply taking a conservative approach to start the year. We feel good about this. I would say that we are leaning more towards SaaS and term migrations.
We probably would see a little less new term business in FY '27, if we had to call one thing out, because I think customers are going right to SaaS. One example is in Europe, they doubled their SaaS business year-over-year in FY '26. They have really leaned into it in terms of the customer base and our selling motion. And so that's going to be very strong and we're counting on that to be very strong.
So again, no fundamental change in the business. We understand that the starting point is probably a little bit lower. But we feel it's the right place to start. We feel good about it. And we hope to build from here.
And just to be clear, should we expect the net retention state, though, to slow a little bit from the 113 level?
I would not, I would not.
Our next question comes from the line of Jonathan Ruykhaver of Cantor Fitzgerald.
So I want to ask about some announcements from last week about expanding visibility across privileged access in nonhuman identities. So I think, Mark, you did touch on this to some extent. But I'm curious specifically what the gaps are that these upgrades address. And then just looking at the strategy related to privilege, can you just elaborate on how you're thinking of that? Is it a situation where you see the opportunity to compete directly against the PAM vendors? Or is that rather opportunity just based on privilege controls across human and nonhuman identity to not necessarily a direct competitive situation against legacy PAM? How are you thinking of that?
Yes. Thank you, Jonathan. You're right on it there at the end of your comment or question there, I'd say, in that we are not focused at this point on the traditional PAM market, which is kind of a static privilege assignment. The acronym unpacked to privileged account management, right, like an account is sort of permanently privileged in that model. And it's obviously, as we all know, kind of the history of that was permanently privileged users like database administrators and systems administrators. And what we're all talking about, and I'd say this is coming from even the folks like at Palo who bought Cyber and others in the market, that the world is shifting to a much more universal sense of managing privilege across all identities and a much more dynamic sense of privilege, not static.
And so when we look at that evolution -- and by the way, it doesn't that particularly now apply on that dynamic factor to agents, which will probably be so dynamic as to potentially be almost at several. There might be agents that literally exist for a second and do a job and go away again. Well, in that environment, obviously, we think it is going to be that breadth and depth capability that we possess, we think, as strong as anyone in the market, if not stronger. And that is to see that range of identities, and we're doing tons of investment in technology to see, to have visibility to all of that range of identities and then to have the depth to go deeply into the detailed entitlements or data access rights that allow a particular identity to get through particular data.
And again, we've differentiated this since our IPO about a year ago that the other two parts of the traditional identity market, the access part, which is very wide, covers a lot of identities. They're certainly talking to those vendors about covering the new agenetic identity world, but they would struggle, I would argue, to go into the depth that required to really control these things at a granular level. And on the other side, those coming from the privileged heritage, obviously, very deep in their coverage of human identities, and I think they're going to certainly claim to be able to provide that to nonhuman. Their challenge is breadth. They just have typically covered, I think, to quote from the leader at Palo Alto was that typical CyberArk shop can cover 3% to 5% of the identities in that enterprise. And we've covered 100% of those identities in those enterprises.
So it's just a very different starting point to go after this market. And we do believe that fundamental characteristics and then the ways in which we're leaning into this dynamic need is going to put us in a very good position as these markets unfold and as customers go to volume, right? And we do think that's kind of a unique position we're starting from. And others are saying a lot of words and not necessarily were sure how they're going to deliver on those words. So I think that this game is going to be a proof game in our fiscal '27 and calendar '26. It's going to be a proof of who can deliver what the customers actually need and the technology they need to solve these problems.
And we do kind of encourage you to keep watching how that unfolds this year. As Brian said, for a lot of reasons, we think we're starting from the right place with our financial guide. We're making sure you hear us clearly on our confidence in our technical abilities and where we're going. And so that's where I would say that's true. Hopefully, that's helpful.
Our next question comes from the line of Gabriela Borges of Goldman Sachs.
Mark, I want to take your thoughts on what Anthropic has announced on being able to accelerate [ cloud ] migration through the lens of we knew that IGA migrations are sort of painful for your enterprise customers to switch on to SailPoint and then to SailPoint to the implementation as well. So my question for you is, how does AI make those types of migrations easier? The potential opportunity seems to be around your classic market share gains in IGA. The risk would potentially be the pushing cost goes down. So yes, we'd love to huge at about that a little bit.
Yes. I think if I understood it, Gabriela, part of that line was a little choppy, but I think I got most of that question, and I apologize if I didn't. Please clarify. But no, I think what we're seeing is, yes, the AI tools being released rapidly and evolving rapidly in the market certainly do a lot of things to be more efficient and effective at moving customers forward. We're leveraging those tools, right? We always talk about AI for us has three or four characteristics, right? It is potentially enabling bad actors and threat actors to be more effective. We have to protect against that. It's enabling us to be far more effective in what we do. And it's creating this demand curve that we talked about with Rob earlier about our customers are deploying it, and we think we can be there to help them manage it.
So it's got a lot of characteristics. In the sense that what does it do to help us do what we do more effectively, which I believe was your question, and how do we, therefore, maybe potentially fend off kind of newer competitors who are coming, say, from a pure AI agenetic world, I think in terms, we're all going to be talking about a lot this year, Gabriela, and not just in our space, but in a lot of spaces is domain knowledge, right? You can't interest space with zero domain knowledge and be that threatening to a partner who's already in that space and also leveraging AI, right? I think our secret sauce and many vendors' secret sauce is the whole software AI debate will be as we leverage these amazing technologies and filter them through our very deep and rich understanding of what it takes to be successful in these enterprise environments, we think that puts us in a very good position.
So yes, we're actively looking at ways to use AI to discover agents and technologies, how to quickly leverage policies and put them into our product, how to quickly help customers that's buying security policies. There are some new guidelines from -- this out recently, very recently that started to define what's going to be needed to audit agents, something we've been telling people, get ready, this is coming. You're not going to see this explosion of agents without auditors wanting to ensure you can defend what agent was giving what power and why. So I think there's just going to be a ton of aspects of this market that are unfolding. And we're going to leverage all kinds of technology in our products to go after that, but also make sure we are helping customers protect themselves as they deploy AI. So it's really at both ends here. But I hope -- does that Gabriela, to make sure, did I get the question you were really asking?
Yes.
Our next question comes from the line of Patrick Colville of Scotiabank.
Mark and Brian, I mean, lots of drivers that you guys have called out, SailPoint's cloud transition, the SKU upgrade motion, more identities, agentic. I think there will be a lot of questions on the fiscal year '27 guide. So actually, I would want to ask my question about 4Q specifically 4Q ARR, the beat was a little bit skinnier than we might have hoped. So was there anything unusual in 4Q of like push or pull in ARR into different quarters? And then actually, similarly, when I look at operating margin, the outperformance there versus the guide provided 3 months ago was perhaps a little bit less than we've seen throughout fiscal '26. So again, like with cost, was there anything that kind of pushed or pulled in the quarter?
Patrick, I'll go first. This is Brian here. So I think we look at this and we think the business is very healthy, and we're pleased with the results. We're in line to slightly above all of our guided metrics. We grew net new ARR 34% year-over-year. That was the best quarter ever by at least $20 million. And that was driven by SaaS, which that net new ARR was up 41% and year-over-year. So I think we've demonstrated growth at scale. We had a steady gross retention rate and net revenue retention rate. New products are ramping. We're seeing momentum there, as I mentioned, 17% of our net new AR. That new ARR came from emerging customers. Margins improved 270 basis points over the course of the year.
So we're doing this at growth in a very responsible matter. And we also demonstrated significant free cash flow movement. As I mentioned, a lot of customers now are starting with SaaS. So that's in accordance with our strategy. This is playing out as we expected with an intentional shift to SaaS, with 90% of our net new ARR in Q4 coming from SaaS. I think I mentioned that more new customers are starting with SaaS especially in geographies like Europe. EMEA SaaS net new ARR doubled in FY '26. We possibly saw like a little bit of less on-prem expansion bookings through term business, but we're not reading into that. Actually, I think we're viewing this as a positive in terms of now customers embracing SaaS, going right to it. And also migration opportunities are going to be a tailwind for us, as I mentioned, moving forward.
Patrick, this is Matt. I would just add, I mean, I think since Navigate, when we announced a ton of new innovations, it's really kind of accelerated this migration process. And I think that was probably some of the curtailing of -- or maybe some of the slowness as you saw in perpetual licenses add-on. But I think our business is strong. I'd also call out new logos. I know that's always a concern, but it continues to grow. The largest companies in the world are selecting almost every day SailPoint to help them with this challenging agentic security landscape. And our ASP, our new logo ASP for this last quarter was 22% growth. So we had a really, really good fourth quarter as it relates to new logos and with all those ASP.
Our next question comes from the line of Joseph Gallo of Jefferies.
It's Annick Baumann on for Joe Gallo. Nonhuman identities seem to be making deals larger and more complex. Any changes to the sales cycles? And then can you talk about pricing? Previously, I think you talked about a 40% pricing for nonhuman identity relative to human.
Yes, this is Matt. I'll give it a shot and then to other guys can add in if they want. Look, I do think sales cycles have been long a little bit over the last 6 quarters, but I don't think there's anything that we've seen as a late that's changed that narrative. I think when you look at our approach to strategic pricing these agents, we kind of start with the fundamental basis of the principle that agents need to be deployed securely and their life cycle will be intrinsically tied to the human identities, right? I think there's a lot of companies that are looking at it very similar to us. You cannot secure one without governing the other.
And our aim really is to meet our customers and prospects where they are. This is still relatively new to a lot of these folks and they're looking for some approaches to be able to get into this that helps them mitigate in their mind a potential risk of moving forward with agentic AI. So our model and our approach to this is start with humans and then we apply some level of a ratio to it. And if you remember the agentic long theory, right, that this company is going to have 2,000 agents to every 1 employee, where that's a little bit of an extreme example, but it gives you quite a reference on how we're thinking about that.
And then the last part of this thing is how do you charge for this. And it's a bit of a consumption model because you want these customers to be able to deploy it without limits over the period of time of the contract. And the contracts we've done like this, basically, it will start with a price point and then it's what's the renewal look like. And so this gives us a pretty solid foundation to be able to say, here's the cost point, here's the ability to access and to deploy over the period and then here's how the bottom-up of the renewal will come. And those are the long poles in the tent.
The last piece I'll add because it's very important, is a fair use policy. All of these proposals have a fair new policy for sustainability to make sure that if a customer is using it outside of our expectations, right, and the way to think of it is anything over 95% of the broader customer base, right, there's some components in there that actually protect us from runaway costs. And I don't know if that's helpful or not, I hope it is, but it gives you a little bit of a view in terms of how we're looking at pricing this nonhuman world.
Our next question comes from the line of Peter Levine of Evercore.
Great. Maybe to Matt, the last question, maybe to a final point, and maybe for you as well, Brian, is how should we think about monetization in a more consumption flex driven model, right? Are there directional metrics you can share with us, if it's revenue per identity or per AI workflow, just to kind of help frame the opportunity or for us to kind of just see what the revenue build looks like? Again, I guess it's more so just quantify for us, as you're securing more AI agents, just how that translates into revenue, higher attach rates, increased assumption or, again, just metrics like revenue for identity, how should we best think about that?
Yes. So this is all about flexibility and adoption for us. We want to get customers going on whatever their nonhuman identity footprint is, being able to secure that right away. And so those flex models that we've introduced, and yes, we do view this as more akin to consumption based but that's not how we're going to recognize it. We're going to actually just have a fixed fee for a period of time. We let them deploy as they need to and then monitor them and then come back to them with any kind of overusage.
Yes. It's not a metered model, Peter. We recognize it financially just like we would any other kind of deal.
And certainly, this is going to be incremental. I mean, it's hard to put an exact 10-point precision on that. But we know that the ratio of nonhuman to human is going to be significant. And this will play itself out over time in terms of price and volume, but we do know it's going to be incremental.
Yes. And our point of view on this is we're trying to make this really, really easy for companies to do business with us and mitigate the risk, as I mentioned before. But this is all about adoption. And the customers that we've seen thus far, once they get in, they start to understand what they can do, what they can't do, it becomes far easier to make greater investments on the move. These kind of flexible pricing models that we're talking about kind of take that away and says, let's get on with the business of the agentic AI.
Our next question comes from the line of Gray Powell of BTIG.
Okay. Great. So yes, just what are you seeing in terms of the appetite for customers to replace legacy IGA solutions this year from folks like Oracle and IBM? And are you seeing AI playing a bigger role in those conversations? Is it potentially driving any acceleration of legacy product migration?
Yes. Gray, this is Matt. I'll give you a perspective. I mean, we've really seen -- I'll just use our own migrations as a point of reference, right? Once we announced all the innovations here at Navigate last year, significant difference in these customers that are large customers, and it probably made a lot of customizations even within our own tools, building this overall in regard that they got to move -- I think these agents and agentic AI, I think they all realized this is not going to be a, we want to do it or not. It is coming at you 100 miles an hour. And so I think it's caused not only legacy ones that you're talking about, the Oracles and maybe the CAs of the world, but anybody who's not on a platform that can actually handle or tolerate agentic AI, they're coming at them.
Our next question comes from the line of Shrenik Kothari of Baird.
So you closed 500-plus deals tied to new innovations and emerging products contributing 7% net new ARR. It's clearly a very strong start and encouraging early signal. But just given your own commentary and many of these are still in early innings, on the go-to-market side, right, how do you view the current transition from selling a more core governance sales motion towards this more complex multiproduct expansion playbook? Do you feel from training, enablement, field structure, how are you viewing you are already in place to sell this broader platform from day one?
Yes. I'll take a shot at that, and Matt may jump on, too. I think a couple of things, right? We just had, as you all know, our Navigate Conference in the fall and then we just had our sales kickoff just a few weeks ago. And big focus on a couple of different things. One is making sure people feel confident that as any customer wants to move forward with, we'll call it, traditional IGA, they're very confident in what we're doing vis-a-vis our kind of current competitors and the legacy players we've seen. But I think particularly on that, kind of continuing to add fuel to the fire, that 70% our ARR coming from these emerging products, a large portion of the enablement at our scope this year was around making sure people are ready and they flip to go have those conversations.
And then I'll point to one particular thing Matt and the team have done, and maybe Matt will give a little more color here. For the first time, we put kind of a focused targeted sales team around the agentic topic area. We've been bringing in new reps and SEs who come from that kind of a heritage, and that's really opening up a different sales motion to the Chief AI Officer or whatever the company calls their lead AI person, right? We're still obviously engaged with CISOs and identity leaders about that. But we're finding that some of these -- some of the folks, the demand we've been talking about is actually coming from that AI part of the organization. And shockingly -- maybe not shockingly, sometimes they aren't as connected to the identity team as they probably should be. And sometimes we're the ones helping that bridge get built.
But Matt and Gary leads our whole field team to have kind of put a focused effort on that. Matt, maybe expand a little bit on what we're doing there and what we hope to accomplish there.
Yes. Think of them as product-oriented sellers, right? So they walk in the door with a set of skills to be able to talk about agentic and not only the value prop, but also the challenges these companies have in deploying it. I think the other thing that's really important is that, as Mark said, it feels to us that a lot of the budget now is locked up in this Head of AI or Chief AI Officer, whatever they call it. And that going through that route, we're unlocking a lot more budget and a lot more opportunity than maybe just simply going up the traditional type of identity up to the CISO. So that's become very interesting.
Thank you. I would now like to turn the conference back over to Mark McClain for closing remarks. Sir?
Well, thanks, everyone, again, for the time. We really appreciate it. Again, we'll kind of end where we started. We feel very good about the results for all of last year. We feel very good about the starting position for this year and the tenets we see coming from these technological shift to our customers. And we invite you to kind of go on the journey with us this year. We feel very good about where we're at and where we're headed, and look forward to continuing to meet with a lot of you individually. Thanks for the time this morning.
This concludes today's conference call. Thank you for participating. You may now disconnect.
Transkripte auf Deutsch freischalten
- Alle Event Transkripte auf Deutsch
- Sofortige Übersetzung
- KI-Zusammenfassungen für die wichtigsten Insights
SailPoint — Q4 2026 Earnings Call
SailPoint — Q3 2026 Earnings Call
1. Management Discussion
Thank you for standing by, and welcome to SailPoint's Third Quarter Fiscal Year 2026 Earnings Conference Call. [Operator Instructions]
I would now like to hand the call over to Scott Schmitz, VP of Investor Relations. Please go ahead.
Good morning, and thank you for joining us today to discuss SailPoint's fiscal third quarter 2026 financial results. Joining me today are SailPoint's Founder and CEO, Mark McClain; and our Chief Financial Officer, Brian Carolan. For the Q&A portion of today's call, we will also be joined by our President, Matt Mills.
Please note that today's call will include forward-looking statements. And because these statements are based on the company's current intent, expectations and projections, they are not guarantees of future performance, and a variety of factors could cause actual results to differ materially. This call will also include references to non-GAAP results, which excludes certain items that do not reflect our underlying business performance. Please reference this morning's press release and our supplemental earnings presentation posted on investors.sailpoint.com for further information regarding our forward-looking statements and non-GAAP financial measures, including reconciliations to the nearest comparable GAAP financial measures.
And with that, I'd like to turn the call over to Mark.
Thank you, Scott. Good morning, everyone, and thank you for joining us today. We are thrilled to share our most recent quarterly results that include a significant milestone for the company. In fiscal Q3 '26, we surpassed $1 billion in annual recurring revenue or ARR. With this exciting milestone, I wanted to use today's call to emphasize three key themes: First, our reimagination of identity security; second, our accelerated pace of innovation; and third, our confidence as we look ahead to Q4 and beyond.
Let me start with the broader transformation happening in identity security. The market is moving beyond static, compliance-first approaches toward real-time, adaptive identity, an approach we were one of the first to champion. By unifying identity, data and security intelligence with the SailPoint platform, we are helping organizations gain the visibility, control and scale needed to defend against an ever-expanding threat landscape in real time. We believe our Q3 results validate that strategy, reflecting our disciplined execution, the impact of sustained innovation and the accelerating demand for identity security as the control point for enterprise security.
This leads to my second theme, innovation. Our newer product introductions continue to drive strong interest, fueling our robust cross-sell growth. Customers see clear value in how these capabilities extend the reach and intelligence of identity across their enterprises. This is especially true of our SailPoint Machine Identity solution, which remains our fastest-growing launch to date. We also just completed our largest-ever global user conference series called Navigate, where we unveiled a family of innovations that together represent what we believe to be the most significant product launch in our company's history.
These innovations center on four key themes: real-time identity governance, expanded protection for digital identities like agents and machines, a universal and dynamic approach to privilege, and deeper integration of identity intelligence into the security operations center or SOC. All of this uses our Atlas platform as the foundation.
The response has been immediate and extremely positive. Customers have confirmed that these innovations bring our real-time adaptive identity vision to life in a way they have been waiting for. The early momentum we're seeing across products signals that organizations are adopting this vision quickly and with conviction.
A few areas in which we're seeing particularly strong interest include: SailPoint Agent Identity Security for deeply managing the exploding landscape of agent identities; SailPoint Accelerated Application Management, for helping enterprises quickly onboard the hundreds or thousands of applications they use and to put strong governance controls around them; and SailPoint Observability & Insights, for delivering real-time identity intelligence, stitching together signals from across the IT ecosystem to reveal hidden risks, while strengthening security for all identity types.
Importantly, this wave of customer interest and adoption is reinforcing the strategic path we've been driving for years. Gartner's 2025 Market Guide for IGA validated what we've long believed, that identity is no longer a compliance check box. It's a critical control for securing the modern enterprise. The industry is only beginning to recognize this shift, but our customers are already benefiting from innovations we've built on this very premise.
As we continue expanding our family of identity security solutions, we're also evolving how customers can acquire and adopt that innovation. We recently introduced our new flex licensing model that is designed to meet customers where they are, not only in their identity journey, but in how they prefer to buy and deploy our solutions. With digital identity surging, customers need the ability to take advantage of new capabilities quickly and efficiently. Our flex licensing model is built for exactly that, giving organizations more choice, more flexibility and a clear path to adopt the innovations we're bringing to market at the pace that makes sense for them.
Another growth driver this quarter is the ongoing opportunity to help our IdentityIQ customers migrate to SailPoint Identity Security Cloud. These migrations are not only modernizing their environments, but also strengthening their long-term alignment with our platform.
For example, one of the largest U.S.-based logistics and shipping providers is migrating to SailPoint Identity Security Cloud. As part of this migration effort, they also added SailPoint Machine Identity Security, choosing SailPoint for our scalable, automated and intelligent approach to identity security. With Identity Security Cloud, they will be able to support a large and growing number of digital identities and applications, giving them a clear path to expand into agent identity security and other areas, like identity threat detection.
Organizations are making these modernization moves because they know we can scale with them as their journey evolves. At the same time, customers are strengthening their investment with us as their identity and digital landscapes continue to expand, in the number and variety of identities they manage and in the volume of applications, systems and data those identities need to access. Our Q3 results reflect this trend. We believe this is a clear sign of the trust customers place in SailPoint to secure their rapidly growing identity surface.
As just one example of this expansion trend, a large energy and utility company experienced such a successful migration to Identity Security Cloud that they significantly extended their investment with us, adding SailPoint Machine Identity Security, Agent Identity Security, Observability & Insights, Accelerated Application Management and Atlas Enterprise, all through our flex licensing model. This combination of new product offerings attracting new customers and our existing customers expanding with us shows the strength and balance in our business model. It also underscores our clear differentiation, the breadth of identities we protect and the depth of context we provide.
The SailPoint platform delivers adaptive identity by unifying identity, data and security intelligence in real time. The platform also enables organizations to continuously adjust access and security decisions based on risk and business dynamics. We believe this combination is unmatched in the market today, and it's why customers continue to choose SailPoint and to grow with us over time.
And finally, it's never been easier to deploy with SailPoint. We understand that innovation only matters if customers can quickly realize its benefits, which is why we're focused on simplifying deployment and accelerating time to value across our new solutions. The recent introduction of SailPoint Accelerated Application Management allows customers to intelligently discover and onboard all, not some, but all of their applications for immediate governance.
Our digital agent, Harbor Pilot, further simplifies the administration of identity programs through natural language prompts. And our partner ecosystem is leveraging AI to streamline and accelerate application onboarding, expediting time to value for our joint customers.
Taken together, our results speak to a company executing with focus, delivering value for customers today while positioning ourselves for the next stage of growth.
This brings me to my third theme, confidence. Just as important as what we achieved in Q3 is what it signals about the path ahead. Our pipeline remains strong and diversified, and we continue to see strong engagement across both new and existing customers. As the attack surface expands and agent-based threats accelerate, organizations are turning to SailPoint faster than ever.
Our most recent Horizons of Identity report underscores why. The majority of enterprises are still early in their identity maturity in Horizons 1 or 2 and, moving forward, requires stronger agent management and a unified identity data model. We believe we are uniquely positioned to help them advance.
While we're focused on finishing the year strong, we're equally committed to building for the long term. Our strategy is grounded in what we believe has always set SailPoint apart, the depth of identity context we deliver and the breadth of identities we protect. With governance at our core, our platform provides a level of precision and granularity that we believe others cannot replicate. It's also what enables us to expand the definition of identity security and support an adaptive identity model that protects enterprises efficiently and effectively in an increasingly dynamic environment.
As an independent player in a market more recently defined by consolidation and bundled point solutions, SailPoint is emerging as a strategic identity layer in the security landscape, with a common cross-vendor fabric that delivers clarity and context across all security signals. To that end, we're continually investing in innovation that continues to push the boundaries of modern identity security, more intelligence, more automation and deeper connectivity that embeds identity context across the security ecosystem. As identity becomes the control center of enterprise security, SailPoint is defining and leading a new era for the industry.
I want to thank our customers for their trust, our partners for their collaboration and our employees for their incredible commitment and execution as we continue driving this mission forward.
And with that, I'll hand it over to our CFO, Brian Carolan, to walk through the financials in more detail. Brian?
Thank you, Mark, and good morning, everyone. Thank you for joining us today.
As Mark noted, this quarter, we surpassed $1 billion in ARR, closing fiscal Q3 at $1.04 billion, representing a 28% year-over-year increase. SaaS ARR grew 38% year-over-year and now stands at $669 million, representing 64% of total ARR. The consistency of our growth at scale is something we believe few in the cybersecurity market have been able to accomplish.
This quarter, the durability of our growth was once again due to many drivers across both new and existing customers. The strength was also broad-based across geographies and industry verticals. We were especially encouraged by the strong initial interest in the new products we introduced at our Navigate conference. In fact, we booked orders for each newly available product despite only being generally available for 1 month. The demand behind these new offerings is contributing to the healthy expansion of our pipeline.
Overall, we experienced strong growth in our cross-sell motion driven by our Non-Employee Risk Management, Machine Identity Security and Data Access Security solutions, which collectively more than doubled in ARR year-over-year.
As Mark noted, we also had a strong migration quarter, which we refer to as platform modernizations. The strength of our platform and ability to govern and secure all identities from human to machine, to AI agents has led enterprises to conclude that now is the time to modernize their environment.
It's also worth noting that more than half of our platform modernizations included at least one of our emerging cross-sell products. And with our new flex licensing model, we are making it simpler for customers to adopt and deploy our platform and future innovations.
Additionally, we continue to see a shift towards our most fully featured Business Plus suite, which accounts for more than half of our suite-based ARR. The combination of strong suite-based adoption, cross-sell expansion, identity upsell and platform modernizations demonstrates customer alignment with our strategic vision of adaptive identity security. These expansion motions contributed to our net revenue retention, or NRR, of 114% this quarter.
Moving on to the P&L. In fiscal Q3 '26, we delivered revenue of $282 million, an increase of 20% year-over-year, with subscription revenue growing 22% on top of strong growth in the year-ago period. We remain committed to driving top line growth through investments in our partner ecosystem and product innovations to extend our position as a market leader, all while delivering results in a responsible manner.
In the third quarter, we delivered adjusted operating income of $56 million or 19.8% margin, well above our guidance, driven by higher term subscription revenue and disciplined expense management. We generated cash flow from operating activities of $54 million and free cash flow of $49 million or 17.4% free cash flow margin, which reflects our robust growth profile.
Turning now to guidance. For simplicity, I will refer to the midpoint of our guidance ranges where applicable. Full details can be found in this morning's press release and supplemental earnings deck.
For the fiscal fourth quarter and full year 2026, we are increasing our ARR guidance by $12 million to $1.122 billion, up 28% year-over-year. From a net new ARR perspective, this implies $82 million or 30% growth for the fiscal fourth quarter and $245 million or 26% growth for the fiscal year 2026.
As it relates to our revenue guidance, we expect to deliver $292 million in fiscal Q4 '26, an increase of 22% year-over-year, with adjusted operating margin of 20.2% and adjusted EPS of $0.09. For fiscal year 2026, this translates to revenue of $1.069 billion, an increase of 24% year-over-year, with adjusted operating margin of 18% and adjusted EPS of $0.23. We expect our diluted share count to be approximately 565 million shares.
In summary, we are confident in our strategic direction and our team's demonstrated ability to execute. Our strong quarterly results, underscored by our increased guidance, reflect the inherent strength of our market position and continued product innovation. We remain committed to driving durable profitable growth, and we are optimistic about our ability to deliver significant long-term value to our shareholders. With a well-defined road map, an exceptionally talented team and an expanding market opportunity with multiple growth drivers, we believe we are well positioned for continued success.
With that, let's invite Matt Mills, our President, to join us, and open the call for questions. Operator?
[Operator Instructions] Our first question comes from the line of Joseph Gallo of Jefferies.
2. Question Answer
Congrats on the $1 billion ARR milestone. That's a huge achievement. Obviously, agentic security will benefit your existing customers first. But can you just talk about the top of funnel pipeline with new logos? I mean IGA has been around for a while, but there's a huge opportunity there. Is agentic forcing people to reexamine their human identities as well?
Thanks, Joe. This is Mark. And I just -- as we got into the question-and-answer, I did want to thank everybody for joining us today and also look forward to seeing many of you tomorrow at the Barclays Conference out in San Francisco. But with that, I'll probably pass that one straight to Matt because in terms of what we're seeing out in the demand landscape out in the customer, both new customers that are in the process of looking at our broader IGA offering as well as existing customers who are pretty excited about what's happening with agentic. So Matt, if you could that one.
Thanks, Mark. Joe, look, I think you're thinking about it the right way, that installed base and then the greenfield. And I think there's a consistent thread in all of that as folks are starting to move into this, and that is, how much? How much do I need to get started? There's a certain amount of still people really don't know. And so that's one of the reasons, I don't know if you saw it yesterday, we announced our flex pricing, the Navigator flex pricing models. And one of them is actually called the Digital Identity Flex, and it allows companies to get into this at a really nominal rate, right, and then start growing into it from there. I think that's going to help accelerate a ton of interest, because that's been one of the long poles in the tent, if you will.
When you look at our greenfield proposals and things that are going out, look, I don't know that one is going out that doesn't have AI in it. And so again, I think this is going to accelerate all of that because, with these flex models now, no longer do we have to spend a ton of time trying to figure out exactly how many people need to be able to get started.
So we remain hugely upbeat. I think the field is hugely excited about this announcement we made yesterday with these flex Navigators.
Awesome. And then just as a follow-up, Brian, you've done a tremendous job with ARR beat and raises. I just wanted to double-click on 4Q. I mean you beat the first 2 quarters of the year by 2% approximately, 1% this past quarter. 4Q appears to be a modest acceleration in new business for ARR. I know there's moving parts, but just anything that we should think about, whether it was slip deals, FX or anything else just to gain comfort in the ramp into 4Q?
Yes. Thanks, Joe. Yes, I think you're right. I mean I think we feel really good about the overall health of the business. We've been public for 3 quarters now. We have met or exceeded all guided metrics. Heading into Q4, we have a lot of confidence. I wouldn't read anything into slip deals whatsoever. I think this is a typical fourth quarter for us. We feel really good about where we stand right now with the pipeline.
If you step back and look at the linearity of the fiscal year, Q4 will represent about 1/3 of our total year net new ARR, so very consistent with the prior 2 fiscal years. And I would say that, again, we feel really good heading into it.
[Operator Instructions] Our next question comes from the line of Rob Owens of Piper.
Mark, you talked a little bit in your prepared remarks about this is a market defined by consolidation of point solutions. And I'd just like to hit on the consolidation theme, especially as we've seen a lot of adjacent vendors now starting to look at the IGA market. So I realize this has been relatively recent, but any market confusion from your sense, number one?
And number two, maybe remind us why SailPoint has such a differentiated and defensible solution over the long run. As some of these other larger tech bellwethers start to play in IGA.
Yes. Thanks, Rob. A couple of comments. Fortunately for us, this is a consistent message. If you even go back to our IPO roadshow messaging, we talked quite a bit at that time about what we thought was a pretty defensible moat around the breadth and depth. And just to define those terms a little bit, right, breadth being the range and scale of identity types. Obviously, we've evolved through the years from employees to non-employees, to now two big flavors of non-human kind of machines, bots and service accounts, et cetera, and now agents. And that breadth is certainly something that we've proven that we can handle at scale. But probably what gets lost sometimes is the importance of the depth of what we can do for that breadth of identity, and that gets into these detailed entitlements.
And what we're finding is as others are jumping into this game, as you say, Rob, there's a lot of movement, either building and/or buying into the IGA space from folks that have been near us and even folks that have been a little further away in the security landscape. What they're all, I think, going to struggle with is handling those two things together. There are people coming from the access landscape that have tons of breadth of volume. But typically, solutions built on that base have very little depth. They're basically log-in focused and very rarely can get into the detailed entitlement structure, particularly of older bespoke applications, which are very prevalent in large enterprises today.
And on the other side of people coming from, say, the privileged landscape that certainly have demonstrated an ability to go deep, their challenge is going broad, because typically they are managing a very limited number of identities in any given part of an enterprise, those kind of permanently privileged static privileges like database admins and sys admins.
So taken together, it's that ability to start from a very rich base of breadth and depth and then rapidly expand on both vectors, expanding into this rapidly exploding landscape of machines and non-humans and agents while continuing to invest and, we think, a fairly defensible moat. We know of start-ups that are out in the market with sub-100 deep complex integrations into applications, and we are in the tens of thousands now. So that is a fairly significant gap from some of those companies' current offerings to our offering.
So I think we feel quite good that while people are making a lot of noise and it's easy to make a lot of claims about entering this marketplace, doing the hard work of really digging into these landscapes of these complex enterprises is very challenging. And I think we're starting to see some acknowledgment of that from some of the folks around us.
[Operator Instructions] Our next question comes from the line of Gray Powell with BTIG.
Yes. So can you talk about the Savvy acquisition that you announced back in August, and I think that underpins the Accelerated Application Management products. So just like how does that impact a customer's time to get up and running on SailPoint? Are there any like finer points you can give there? And then to the extent that it's easing friction, is that something that can help you move down market?
Gray, it's Mark. I'll take the beginning of that and I'll probably pass it for a little more depth to Matt because you dug in now with some of the customers that are looking closer at that. But yes, we are really pleased to find Savvy out there. We've known of them in the market. And what they had is some pretty slick, I think that's not a technical term, but a pretty slick technology for discovering applications as they're coming through the front end to the browsers. And as a result, we've had confidence now to stand up and say to customers, Chandra made this point at our Navigate conference, that we believe confidently we can discover effectively all of their applications in a relatively short time frame. That's what we call Tier 1. In other words, understanding those applications are out there and exist. And when others have been claiming, "Oh, we're faster and better than SailPoint," it's like, well, they're just claiming they can get visibility.
We then define Tier 2 as the ability to do kind of rich compliance and understanding how to authenticate who has access and then make sure that's audited and compliant. And the most deep and challenging level we call Tier 3 applications where we can get into automated provisioning, life cycle management, where changes are made automatically by SailPoint based on changes in the environment. But when you get into those Tier 2 and Tier 3 applications, it's much -- again, much bigger moat technically for what it means to get into that realm.
But where Savvy and now our SAAM, Accelerated Application Management -- SailPoint Accelerated Application Management Solution comes in is to help us get that broad coverage very rapidly. And then go from there into the depth as customers required in their environment.
Matt, what are you seeing kind of in the demand out there in the customers?
Well, look, I think this has been something that our competitors have effectively used against us for some time. And so now we have this Savvy tool, which, as Mark said, we marketed as SAAM, is now available. And I think there's a couple of things. When you look at these Tier 1s, right, these -- typically, it's like, I just want to be aware. And you can get a little bit of detail around it like users and maybe a basic level of entitlement.
But with our Savvy, SAAM solution, you can also categorize. So now these companies will be able to say how many of these applications are actually using agents. And I think that's a really, really big thing. Because all of a sudden now, when you realize that of your 1,000 applications, 900 of them are actually using these agents that maybe you're getting from a ServiceNow or Salesforce.com, right? Now you're going to have to do something other than just be aware. You're probably going to want to go up to this Tier 2 level that Mark was talking about. And all of a sudden, the stakes just got really significantly bigger for everybody, who is trying to get there.
So we think our tool here is going to continue to allow us to get to the security around -- and governance around these applications much quicker than anybody else. So I think you're going to see this basically on every deal we do, to be fair, Gray. We priced it very reasonably so that everybody can actually use it, because we think it's a big differentiator.
One last comment I'd add there, Gray, that is that this is part of this fundamental evolution of this space from kind of a compliance audit focus, what came out of Sarbanes-Oxley, and where big companies would really only govern deeply a small handful of applications because those are the ones they had to audit. As we move toward truly securing these applications, that's why we have to get visibility and control over basically the majority, if not effectively, all apps, and then go deep into deep governance and deep compliance on the ones where the customer says, "That's really important to me. I want to maintain much more strict controls over those."
And it's that flexibility to understand the breadth of the landscape and then go deep into various apps. Again, I think others are going to have a lot of struggles to kind of catch up to where we are today after a couple of decades of going deep in many, many of these complex applications.
Got it. That was really helpful. Congratulations on the strong results.
Our next question comes from the line of Shaul Eyal of TD Cowen.
Congrats on the set of results. My question is about operating expenses. You guys are doing a great job. Talk to us about the internal usage of AI to also take advantage of some of these opportunities and curb costs.
Shaul, it's Brian here. Thanks for the question. So we are embracing AI internally. We use this as an existential competitive advantage as well in terms of the tools that we're exploring across all aspects of the business, from product development to go-to-market, to internal G&A functions. Really exciting stuff. I think that we're still, as with many companies, in the early stages of it. But we are really excited about the use case possibilities, and we're starting to see some payback on that.
Our next question comes from the line of Peter Levine of Evercore.
Congrats on the quarter. Maybe one, Mark or Matt, is you look at traditional PAM vendors, they emphasized bolting, session recording. How do you articulate SailPoint's competitive moat as you kind of move towards this like new-gen PAM? Like how do customers still view privileging through that kind of legacy lens? And then what's kind of what's your pitch to them?
And then one for Brian. Brian, on the new kind of, call it, not the pricing model, but if you think about the flexing model, maybe walk us through like the margin impact, the pricing model. How does that work? And should we expect any kind of variations or seasonality in the model going forward as this starts to ramp up?
I guess I'll start with the privilege, and Matt may make a comment or two, then we'll flip to Brian for the flex pricing. Peter, I guess on the first point, yes, one of the things we like to say is, look, it's not that, that use case, that traditional PAM use case is going away. It's not. It's just going to represent an increasingly smaller part of the challenge that customers are wrestling with. Because even the folks at Palo, who obviously did the cyber acquisition, are making pretty public comments now about the challenge of now taking what they've done traditionally across that limited set of permanently static privileged users and making privilege. I think they've used the word dynamic or something like that. We've used the word democratizing privilege. The concepts are the same. The idea that over time, every identity, human or non-human, may have reasons to be treated as a privileged account, and that can basically be flexed up and flexed down. Not flex pricing, sorry, I don't want to confuse you with that term. But the level of privilege might flex up or flex down.
And as a result, it's that challenge again of having that broad understanding of that deep entitlement landscape so you can make choices based on context is going to start to become a big word here, not just the who/what is accessing what information, but from where, at what time, through -- with what intent. That's going to be another concept we'll be talking more about is particularly with agents. What is the intent this agent has in accessing information? And does that seem typical or expected? And if so, great. If not, I'm going to escalate the privilege required to get to that in very real time, in a dynamic, just-in-time kind of notion there.
So this idea that privilege will become ubiquitous and flexible is quite different from the technology that was required to build static privilege with a kind of a permanent safe vault of these credentials that were kind of checked out and checked in, for very important use cases like database administrators and such. So it's not that, that isn't an important part of securing the environment, it still is, right? But we believe that the next wave is going to be far more about this broad-based ubiquitous dynamic privilege. And with all due respect, the folks that have come from PAM don't have any particular advantage of solving that problem versus folks like SailPoint who come from a broad and deep understanding of the entitlement landscape. So that's why we think we're well positioned to handle that.
And then I'll just comment on just the new flex licensing model, flex Navigators is what we call it. Again, we're really excited about this. We think it's going to help customers buy and consume the way they want to, and really optimize their investment, deploying what they need, when they need it.
This will be SaaS. It will be recognized ratably over time. The flex licensing pool is tied to our rate cards, list prices. So I wouldn't read into anything in terms of an overall margin degradation. So I think we're going to be really excited to see how customers utilize this in the best way for their environment.
It's also going to help accelerate migrations or what we call platform modernizations. So helping our on-prem customers adopt and grow into an ISC, Identity Security Cloud platform, faster and easier in a much more economical way.
Our next question comes from the line of Meta Marshall of Morgan Stanley.
This is Ryan Lountzis on for Meta Marshall. I guess just from a go-to-market standpoint, you've announced multiple new product offerings and a new flex pricing model. And so I'm just curious if you could provide some additional color around how ramping sales personnel in these new products and initiatives more broadly has trended thus far, and maybe just kind of how you're thinking about sale firing going forward?
Ryan, this is Matt. Look, I think this is something we certainly pay attention to. I think if you look at our go-to-market model, we have a lot of specialization that's built up historically in our solution engineering organization, and that's where a lot of that comes from. I think one of the things you'll see from us, we started this last year, adding a bit of these specialty sellers that are specific to an area, right, so take in consideration data. We think that's a little bit of a different selling motion and it warrants at least initially, some expertise to come in and work alongside the field team. So I think you can see us looking at things like that as we go forward. And that's one example of where we've moved.
Our next question comes from the line of Jonathan Ruykhaver of Cantor.
I'm wondering if you could touch a little bit more on the success you called out with data security. I would assume that the attach rate could be quite high on agent identity, but I realize it's still early in that journey. So maybe just touch on the use cases driving that success. And just from a big picture viewpoint, we hear a lot of identity companies talk about the importance to data as it relates to identity security. Can you just touch on that strategy at SailPoint as well?
Jonathan, it's Brian here. I'll start, and I'm going to hand it over to Matt for a little bit more color. So I mean, we're really excited about just kind of the, I'll say, the market basket of all of our cross-sell motions that contribute to our NRR number of 114%. They have more than doubled year-over-year. And that's a composition of things like Non-Employee Risk Management, Machine Identity Security, Data Access Security. And then more recently, we're starting to see some green shoots from Agentic Identity Security and many of the other products that we launched at Navigate.
So there's a lot of interest that's showing up in the pipeline. I would say, it's still early on some of the Navigate launches, but very exciting from our perspective, and we're starting to see a strong attach rate of the new cross-selling motion. In fact, out of our new SaaS customers this past quarter, we had a little bit more than a 40% attach rate of some of these new cross-sell motions. So again, we are landing with some of them right out of the gate, and that's only going to allow for some more expansion as we have more and more product out there that we just launched.
The only other point we can make, I'll jump in and then probably pass to Matt again on this, Jonathan. We've had a product out in that data landscape for quite some time because we were pretty early on in identifying the fact that while the history of this space has largely been about application protection, who or what are these identities and what apps can they access and within the app what entitlements, quite a while ago, we said, well, at some point, this space is going to need to incorporate direct access of those identities to data, both structured and unstructured. And things like the family of Microsoft apps, PowerPoint, Word, et cetera, but now as well as deep data access into the things like Snowflake and Databricks right?
Well, there's going to be, we think, a continued need for that human direct access to data, which is, again, we'll be building on the heritage we've got, with what we called our Data Access Security product. But importantly, in this new realm of agentic, it's that full connection thread from the human or business function that has authorized an agent to take access directly to data, whether that data is in, again, Snowflake, Databricks, out in an LLM somewhere, and understanding that full thread, that's going to be extremely challenging for folks who don't have that breadth and depth already defined.
And our data offering will actually be a part of our advanced agentic offering coming in the future. We kind of pointed toward that at Navigate, but it's not yet available. I think, Matt, we can talk about kind of a little where that's headed, but...
Yes. No, Jonathan, intuitively, you're right on, right? We believe the same thing that it's going to be awful hard to secure the work of an agent without data. So I think we talked a little bit about that at Navigate. I think if you look at us historically, our Data Access Security product has been unstructured. It's now moving over to structured data, as well. And so I think you're going to see, as we roll out that product, DAS will -- it will drag DAS with it. So it's -- we're pretty excited about it.
Our next question comes from the line of Shrenik Kothari of Baird.
Congrats. So you did address the newly launched product traction, which is very impressive. I would like to talk double-click into the Observability & Insights. You described as fabric, of course, that stitches the telemetry across systems. Can you just walk us through how customers are using or looking to use that in practice? What's the monetization model there? And structurally, does this give you leverage to embed into broader SOC workflows and capture that wallet share as well?
Well, I'll start. We'll do a lot of these. Where I'll probably start and hand off to Matt, Shrenik. I think on this one, yes, you've got it exactly right, there's going to be a number of different things we think will be pretty powerful coming out of that O&I product. One is just the visualization of this connectivity, again, of that threat I talked about. When I can look at the identity and understand the path all the way through, say, an application or not through an application directly to the data and understand whether that's appropriate and being used as expected, and tying that, as you observed, into the SOC, whether that means kind of from our product line to other product lines from folks like Zscaler or CrowdStrike or Palo or possibly embedding that into some other people's workflows in their SOC directly. And so we're having both kinds of conversations today, kind of, I'd call it, higher level integration and perhaps even deeper kind of OEM level integration that we think could be interesting over time.
But it's that visualization and understanding of that full value chain, if you will, that, that product is going to be focused on. And then the insights part of it, obviously, is to expose to the security teams and the identity teams, whether there's current risk or potentially latent risk that needs to be identified and dealt with before something negative happens.
So it's this idea of visibility into the true risk profile of a lot of these things is very, very difficult today. You will hear if you talk to, I'll call them, honest, people that work in the SOC, that one of their biggest challenges is when they see a vulnerability or a threat emerging coming through any one of those landscapes out in the cloud, through a device on the network, all the places we look for threats, the great majority of those things, those tools are identity blind. They don't understand the identity that's either creating that access or could be negatively impacted.
And so it's bringing together this rich identity context that we believe SailPoint is uniquely positioned to provide, tied into that deep security and threat landscape from the SOC and all those kinds of tools we mentioned, that's going to be a new era, we think, of much better defense against the bad actors and the threats emerging.
So that's -- you're right on in terms of where we're headed with that product and what we think will be kind of a breakthrough in the landscape of really giving true security tools to the SOC relative to identity.
Our next question comes from the line of Matt Hedberg of RBC.
Congrats on the results from me as well. Brian, I realize you're not giving any sort of perspective on fiscal '27 yet. You guys are still close on 4Q. But any sort of like high-level thoughts or guide rails on kind of how you're kind of approaching the new year, whether it be growth or margins or anything like that, that would help us?
Yes, sure, Matt. I would say that we're really pleased with our margin performance this past year. I think we've demonstrated our ability to expand margins on a nice healthy basis while driving high top line growth. I would say that this year we benefited to a certain extent by strong term-based revenue through strong Fed renewals, some slightly longer durations. Not so sure I'd expect that to continue into FY '27. So that was a little bit of a tailwind for us this past year.
We're still going to invest for growth. I think we're going to favor a point of growth over profitability, because we know we can deliver profitability. But we're in a rare universe here in terms of companies that can deliver into the high 20s, almost touching 30% of ARR growth while delivering significant margin expansion. So we feel like we're really uniquely positioned, and we're going to continue to take advantage of our competitive opportunity.
Our next question comes from the line of Junaid Siddiqui of Truist Securities.
You've talked about significant customer interest in your Agent Identity Security solution. My question is, what hurdles do you potentially anticipate in customer adoption of agentic AI for identity security? And how are you preparing organizations to trust AI-driven identity decisions at scale?
Well, Junaid, I'll unpack that, if I can. I think I heard two different questions in there. And one is what are we going to do to help customers manage their agentic environment. And as we've often said, there's basically two large flavors of that, right? There's going to be all the agents that are proliferating from the big vendors, Salesforce, ServiceNow, Workday, et cetera, et cetera, et cetera. And mid- to large organizations are clearly going to build a set of bespoke agents with kind of agentic frameworks that they think are unique to their environment. So both flavors of agents, we think, are absolutely coming and coming at volume and scale. There's a little bit of noise out there about bubbles and all that.
And our view is, look, what companies are doing is trying a lot of things and experimenting and trying to figure out what works. But our belief is, certainly, as we get into the next year, there's going to be pretty widespread adoption. So there's the agentic adoption of our customers and what they need help in, in managing those identities just like they manage all other flavors of identities.
A different but also important question is, are they going to trust that we in the security landscape are using AI effectively to provide the value we provide? And I think on that front, again, we're doing a lot of work internally for everything from how we see patterns that might indicate there is a risk out there, how quickly we address concerns when they arise from customers by using LLM ourselves to rip through lots of information and find out kind of root cause analysis of what might be going on.
So both are really important threads. They're just kind of different. One is all the technology we're building to help customers manage this agentic explosion in their environment. The other is all the ways we're leveraging AI and various technologies inside our product line, including our own bespoke agentic technology for customers, Harbor Pilot that's called. It's going to be a growing family of agentic capabilities within SailPoint to address these problems.
So I just wanted to tease apart, I think there's both in there. I don't know if you wanted to probe any more on one or the other, but they're both very important to us.
[Operator Instructions] Our next question comes from the line of Todd Weller of Stephens.
I'll echo the congratulations. Look, a robust set of new capabilities were launched at Navigate. Could you also talk about the potential for those to be a catalyst to drive more SaaS migrations?
And then the second question would be last quarter, you talked about seeing an acceleration in legacy displacements. Just wanted to see if there was an update on what you're seeing there.
Todd, it's Brian here. I'll start and then maybe hand it over to Matt for any additional color. So we actually had a very strong platform modernization quarter. When I say platform modernizations, these are customers that are migrating from our on-prem solution to ISC or Identity Security Cloud. All of our new offerings, they are SaaS, so they will be on the Identity Security Cloud platform. So I think that's really kind of the innovation carrot that we say in terms of customers see our vision and they see where we're going to help them with their needs, not only today, but also into the future.
And we've actually seen, when we migrate, more than half of these migrations include emerging cross-sell modules. And that's what drives really kind of a 2 to 3x uplift that we often talk about of the ARR that our on-prem customers are spending with us today in the form of typical annual maintenance. We see a 2 to 3x multiplier on that when they do migrate to Identity Security Cloud.
The good news is that there's a strong amount of interest and it's still early. So we've only migrated about 15% of our historical maintenance base and there's still 85% to go. So we view that as actually a nice tailwind for the next 2, 3 years, at least. And I think that's only going to compound with all these new product offerings and when customers need to meet the challenges of agentic and deploy Observability & Insights that we talked about earlier that Mark alluded to. So again, we're really excited about the possibility.
Next question comes from the line of Ben Bollin of Cleveland Research.
You touched a little bit on some pieces. But when you look at Non-Employee Risk Management, Data Access and Machine Identity, you mentioned that doubled year-over-year. Can you talk about the contribution to ARR? Where does that stand today? And how do you think about that progression looking forward? And then a follow-up on flex, what the duration of those contracts look like versus traditional deals? And how do the unit economics differ for the customer?
Ben, it's Brian here. So while we won't talk specifically about the ARR number, it is doubling year-over-year. And we also talked about how it contributes to our net revenue retention rate. It's probably in the low single digits if you combine the full market basket of all those modules combined, which again it's a high growing, fast-growing basket of modules that's getting strong adoption and attach rate.
With respect to the flex model, the Navigator model, this is going to be no different from any other SaaS arrangement for us. It's typically an average of 3 years in length. And I think I mentioned earlier, this will be SaaS and it will be ratably recognized.
Our next question comes from the line of Joshua Tilton of Wolfe Research.
I kind of want to go back to the first question that was asked. And my question is I'm trying to reconcile what is an incredibly positive earnings call and a customer base that is increasingly embracing like your new vision of identity with the lighter beat in the quarter. So my question really is like, was there anything around Fed, or you keep emphasizing that it was a huge quarter for these platform migrations, is there anything we need to understand about how term ARR become SaaS ARR as these migrations happen? Or was there anything around Fed or any other verticals that you can kind of help us bridge what is an incredibly positively toned call with kind of the lighter performance in the quarter, that would be very helpful.
Josh, it's Brian here. I think you need to step back and look at we're guiding to an annual number. This number is greater than $1 billion, and we're beating on that. I think when you look at beating on an annual number, that's like 4x of quarterly guide. So 1% beat on an annual ARR number is like a 4% beat on a quarterly.
That aside, I think you have to look at also the net new ARR performance. It was $58 million, that's up 24% year-over-year. And the quality, which, by the way, that's 20% above the guidance. I think you need to also look at the underlying quality of the beat, which SaaS net new ARR grew 52% year-over-year.
So we feel really good about the overall health of the business, surpassing $1 billion, plus or minus 30% growth over the last 8 quarters, while expanding margins nicely. And we're flowing through the full beat on ARR. So I would not interpret anything. We had a very strong quarter on a variety of fronts across all verticals. Fed was strong. We did have some strong term revenue out of Fed, some slightly longer durations.
That aside, SaaS also performed extremely well. Again, I mentioned the net new ARR being up 52%, with a very strong attach rate. So I think we sit here today in Q4 and we feel really good about the business.
Our next question comes from the line of Gregg Moskowitz of Mizuho.
Mark, I wanted to ask about your just-in-time capabilities and how additive you think they will be going forward to your customers and to SailPoint's business more broadly. Also how valuable will JIT be when it comes to agentic protection?
Yes. Thanks, Gregg. I think it's certainly too early for us to kind of give you any sense of what it looks like in a financial impact. As Brian commented, even some of these other market basket of newer things we've introduced are -- because we're on such a large overall base now, even if they're going quite well, they're going to be -- take a little while to have a financial impact.
But that said, I think this trend is critical, and I'm really happy with a lot of the questions you all are asking today because I think everybody is tuning into it more and more, that the world of kind of a static, what we sometimes call admin time approach to identity governance is shifting to a real-time, just-in-time identity security posture. And that is no more important than in the realm of agentic, because at machine speed, as it's sometimes said, an agent that either goes rogue or has the potential to go rogue can do an awful lot of damage far faster than a human ever could.
So we're going to have to get very fine-tuned into understanding both the setup these things have, right? That configuration, administration setup and what is this agent, where did it come from? Even it's being created relatively transiently, where did it come from? What's it designed to do? What's its intent? Again, that's a word I think we're going to be talking more and more about. And then, is anything going awry as that thing is working? And so our ability to sense changes to detect potential anomalies to look for patterns is going to have to be increasingly real time. And as we said on the earlier question, richly tied into the SOC. We aren't going to have all those signals and patterns coming from the SOC, just like they don't have all the patterns and signals about the identity landscape. But when we bring those together in real time, I think that's where we're going to really start to change the game for these customers that are trying to deploy this incredible new technology of LLMs and AI and agents, but are still quite concerned about the risks that come along with that without good control.
So we think it is a kind of almost an inflection point shift in our landscape for the next few years. And you've heard it, but I'll say it one last time, we don't think there's anybody better positioned than SailPoint to help customers navigate that journey and take advantage of these new technologies.
I would now like to turn the conference back to Mark McClain for closing remarks. Sir?
My closing remarks will be brief. Thank you all for joining us. We really appreciate all the interest and the questions. And as Brian said, we are very pleased with these results. And you're getting a strong sense of our confidence heading into the end of the year. And look forward to, again, going deeper on some of these in follow-on calls with some of you and/or at the conference tomorrow in San Francisco.
So thanks for joining us. Appreciate everybody's questions. Have a great rest of your day.
And this concludes today's conference call. Thank you for participating. You may now disconnect.
Transkripte auf Deutsch freischalten
- Alle Event Transkripte auf Deutsch
- Sofortige Übersetzung
- KI-Zusammenfassungen für die wichtigsten Insights
SailPoint — Q3 2026 Earnings Call
SailPoint — Goldman Sachs Communacopia + Technology Conference 2025
1. Question Answer
Well, Mark, great to have you.
Hi, Kelly.
No. It's a quick trip to San Francisco, so appreciate you coming out. Want to just...
Hi, there. Hi, Gabriela. Nice to see you.
All right. Great to see you [indiscernible]. Mark, it's a real pleasure to have you with us at Communacopia again.
My colleague, [ Kelly Blenty ], is to my right. Thank you for joining us. Thanks [indiscernible], Goldman Sachs Communacopia and Technology.
So Mark, we're in the middle of this incredibly high pace of innovation in identity. And so my question for you is, as a founder of the company, what would you articulate as SailPoint's core competency? And how does that now inform the way you're thinking strategically about where you have a right to win in this pace -- this heightened pace of identity innovation?
Yes. It's a great question. I think our kind of unique core competency is this ability to go, as I call it, kind of deep and wide. Most of you are familiar with the identity landscape, oversimplifying a pretty complex area but there's kind of access, right, which is log in, single sign-on, MFA and there's privilege. But if you think about those for a second, the nature of SSO and sign-in is very wide. You want to try ideally to sign people into everything but it's a very shallow level of security, meaning you just have that log in. You authenticate them with some sort of strong authentication, log them in.
By the way, a metaphor there is there's a check-in at the bottom of the building. You check in with the security guard, show your license, you get into the building. But from that point on, the security guard has no idea where you are or what you're doing. So it was a strong authentication and an entry but that's what that technology has always focused on. So they have a very wide coverage in the enterprise technology landscape but very, very shallow, if you will. Conversely, privilege is the opposite, right? Its history is a very deep set of controls over a very limited number of users, over a very limited number of things. So I want to understand every keystroke being executed by a database administrator or a systems administrator because those powerful users with access to systems can do very damaging things either accidentally or intentionally. So we want to tightly control.
But again, think of it as very deep but quite narrow. So you've got wide and shallow, you've got deep and narrow. The nature of what we've always done is wide and deep because you have to map ideally every identity across every part of the infrastructure, application environments and data. That's really difficult to do in enterprises with highly complex IT environments. And the scale is nontrivial. I think it's interesting that in commenting on the Cyber, Palo deal, there was a note that the CEO of Palo said that hey, Cyber comes with about 8 million identities and the management was like, we're at [ 125 ] and growing very rapidly. And now let's get to some of the innovation.
So that deep and wide, I think, is our core differentiated competency because to understand back to my silly building analogy, not just what it takes to walk into the floor of the building but to map that building and every building in New York City and understand exactly how they're configured and what it takes to get into each floor, in each room is pretty hard in a typical enterprise. So there's a lot of depth and complexity that we've had to grapple with for many decades now, couple of decades, I should say. But across like a lot of the world's biggest, most complex shops. The innovation, I think, that's going to come now is on 2 or 3 key dimensions, Gaby. One is -- Gabriela, sorry. One of them is you're going to have to extend that landscape as deep and rich as ours is to every identity and that is now, as we all know, as much about nonhuman as human identities.
And real quick on that dimension, we've had employees and nonemployees for a while now, right? Some sort of a human logging in, whether they work for you or not, they're authorized to get into your systems. There's 2 different things happening in machine and agent and I think it's worth calling out for a second. The machine identity landscape is not brand new. We've had service accounts, software bots, RPA, intelligent devices for, I don't know, depending on which one you're looking at there, a decade to maybe a couple of decades. What's new is they're part of the attack vector. Now everybody is cognizant of the fact that the bad actors are trying to attack those nonhuman identities, just like they're trying to attack all of our humans to break in. As the new thing is, these days attackers don't break in, they log in, right? They're not trying to break through the firewall so much as compromise identity and get into the system.
So there's that issue of, oh, gosh, the machines are now in attack vector. We better figure out how to protect them, which, by the way, for most shops, starts with figure out how many you've got, where they are and who's responsible for them. That is also nontrivial for most enterprises. Agents are a very different set of characteristics. They're not something we've had for a long time. They're brand new but we all anticipate they're about to explode. And there's going to be tons of them everywhere. And unlike most of those machine type identities, which are kind of static/deterministic and programmed, these things are going to learn and adapt and grow, which sounds a lot more like a person. So we think what makes Agentic so challenging is it's got machine-like characteristics and human-like characteristics. And for the security teams to get their arms around this at the scale we think it's coming and the complexity that it presents is going to be very challenging. But it starts with you have to map that entire identity landscape and all the data landscape.
And that's not something we've been great at in our space. We've helped people log into systems. We haven't necessarily understood all the data that they can access in the environment. And we've not tied that nicely into the security landscape. And to be fair to the deal that just got announced, it was a good validation point that the security ecosystem and the identity ecosystem probably need to come together. We would argue that wasn't the best choice for doing that but that's what they did. So we agree that, that's where the world is going. You need that identity context and the security context to really secure your enterprise from all these attacks that are identity-centric. But in our minds, you're going to have to have that breadth and depth to do that well and to do it comprehensively.
Well, let's stay on this idea of mapping because I think you're touching on something really important here. When you talk to your largest, most sophisticated customers, maybe share with us some of your observations on those conversations. Are they saying to you, we are so excited to deploy agents. We're so excited to deploy our internal built GS AI agents. Help us figure it out. What do those conversations look like? What is the step 1, step 2, step 3 of getting the identity [indiscernible] to be able to then go big with agents?
Yes, it's a great question. I think there is some difference between those 2. We're, again, taking broad things and simplifying them as we all have to, to get our brains in the right place. There's 2 big buckets of agents. You nailed it. I think there's the kinds that are going to come through the software vendor world. And they're going to be made available to customers. I think customers are going to have to decide which of these things they take advantage of or not but they're going to come from the Salesforces, the ServiceNows, the Workdays, et cetera, right? And I think the general sense I get is most customers are exploring those things, looking at those things. They have some excitement about some of those things but I wouldn't say there's a fever pitch to go adopt that technology.
On the other side is where I think most customers, certainly mid- to large enterprises with some level of sophistication in their shop, they're the most excited about the bespoke things they can go build and do. They're very unique to their business and they're the most nervous about those because they recognize we might accidentally create an exposure we don't understand. Some of you have been around various flavors of security, there's an old saying in our space, which is why do race cars have brakes? Answer, so they can go fast. right? Like if you're going to adopt technology, especially technology that's rapidly changing, you need to have confidence that you can brake when needed. And I think what you're seeing in this kind of slowdown in Agentic adoption that we're all reading about is some of that concern being expressed by hesitation. The customers are saying, look, I'm excited about this stuff. We've run some pilots. It looks like it could be very powerful.
And then the next story comes out that did you hear about that story, where some agent went rogue and exposed all the companies' W-2s to the junior analysts. I mean there's crazy stories out there of where agents ran off and grabbed data that wasn't well protected and exposed it to either someone or something they weren't supposed to. And so if you're a security person, even a business person, you're like, before we step on the gas pedal and really run fast at this, can we be sure we have brakes that we trust, that we sure we can stop or slow down or turn when needed.
So I think that's the tension we're feeling. But I -- our belief is, we're going to move through that in the next few quarters and we will be back to talking about how fast and aggressively people want to adopt this technology because the business benefits are pretty clear, whether it's "replacing people", which there's clearly going to be some of that. I think a lot more of it is making people more effective, the whole augmented intelligence unpacking of the AI acronym. There's going to be plenty of opportunity, I think, for people to go, wow, we can do a lot with this. We just have to make sure we have the controls that if something appears to be going awry, we can deal with it very rapidly.
And so what that means for our kind of space, again, you have to have that comprehensive picture of where is -- let me give you something that people aren't talking about much. One of the problems with all these machine and/or agents is, you have to make sure some human is responsible. There's a whole bunch of what we call orphan accounts today, meaning there's a service account, there's a RPA process. There's a -- some device, who's responsible for that thing? Some human in the organization has to go, that's mine. I've got that. I authorized it. I still think it's important. We still need it. That really is pretty nonnormal, abnormal for that to be true today. We've done it for the people, right? We're really good now at saying, I understand all these people, yes, they have valid access, that's correct, right? We're just starting to figure out what that looks like for all these nonhumans. It's going to be a very big deal for agents, we think, because -- what about this concept that a super agent spins up a subagent? Who knows that happened? Who decided that was okay? Who authorized that to stay?
Terrifying. If you're a security person, right, I'd like to say, this is like your employees birthing a bunch of children every day and you have to keep track of where they're going in the enterprise, Terrifying. So how do you do that if you're a security professional. That's one challenge. And then the other is, we're going to talk about this at our conference with some of the big players in the space. The biggest challenge today is, we've got these controls that we've learned how to put in place back to my building metaphor, all the badge access on every room and every floor. We don't have any ability today to pass that from the human to the agent for the data. There's just no construct for that today.
So if you authorize an agent to go do work on your behalf, you don't know for sure that what work it's trying to go do is, in fact, got the controls you have. So it -- that's where we get these situations where the agent pulls back data that you weren't actually supposed to be able to see but the agent could, oops, that's not good. So I mean these are the stories we're hearing from real customers all the time. That's their -- the excitement about AI and agents are really high and the fear is also quite high. And that's the place we think we've got to step into and say, here's what we're going to do to try to help you address that.
So you acknowledged implicitly at the beginning here that there are competing narratives where PAM providers will say the value will accrue to us, IAM providers will say the value will accrue to us, a whole bunch of different value arguments. If this thesis is right and SailPoint is indeed uniquely positioned to [indiscernible], what should investors expect to see or hear from you 12 months, 2 years from now? What are the metrics we should be looking at? How do you think about which product segments will get the most traction as you address this problem?
Yes. No, I think if we're right, and we -- of course, we believe we are, why wouldn't we, doesn't everybody think they're right. At the end of the day, it should accrue and we're launching this agentic identity security product next few weeks here. If we're right, that's going to be a very widely, broadly adopted product in the not-too-distant future because we hear from customers, they don't have confidence that they're going to be able to manage these things. Now to your point, they're going to get offered other ways supposedly of managing or dealing with that. Our contention is, without that breadth and depth context, how can you do that? It's just -- we try not to overburden the point but I think you shouldn't miss it. It is so nontrivial for people that are coming from a login only or the understanding of only a handful of users and systems to say, now I'm going to manage hundreds of millions, if not billions of identities and maybe over time, multibillions of entitlements for those identities. That's hard.
And to do it in relatively real time because that's the other challenge, we're moving from what we call admin time, what SailPoint has traditionally done to be fair, you call admin time, right? You started with the company, Oh, Gaby, you need these things to do your job. I'll get you that by next week. Read some books, read some books until then. And in the other end of it, right, we're pretty good at turning off access today. We've gotten better at it because we know that's bad when we don't, when somebody leaves. But it's still kind of -- and certification is the ultimate admin time, right?
Once a year is enough to check that the people have the right access. What about the other 364 days? Things like you'd want to know. So there's some real breakages in where we've evolved as an industry as to how that's addressing the current identity threat landscape, is we are kind of lagging, to be harsh here. We're lagging in the technology from the identity community of addressing what's actually become the real problem. We're kind of -- to be harsh, sometimes doing kind of fake security, hey, look, I checked your log-in, yes but what if you got past the security guards. Now what? So I think we're going to have to step up the game and we're investing pretty heavily to get big into that game.
And I'm curious, are there features that have historically been considered privileged access that you don't need a vault per se. But are there features of that product set that perhaps actually make more sense in an IGA type platform? That is an existential question on [indiscernible]
Yes. No, it is. And it is -- you're right. No one is really debating whether the access heritage is the most critical heritage to manage the agentic world with all due respect to my friends at Okta and others. Like that's fundamentally a log-in technology. Well, these aren't logging in, what are we talking about when it comes to machines and agents, right? But when you get to privilege, that's where there's noise. You said it, so I'll go there. The core technologies of PAM are 2 big things, vaulting and session recording. When we had the problem of bad actors, either intentional or unintentional doing things with databases and servers and operating systems, the things that privileged access was designed to prevent happening. Those are the core things we decided we needed. You shouldn't have what we now call standing privilege. You come get in a credential, you log in with that credential. I time stamp it and I know it's you. And now I watch every keystone because you might do something wrong or might do something stupid, either can happen.
And either way, I need to know exactly what you did. We contend those 2 core technologies have nothing to do with what's about to hit us. It's not about vaulting. It's not about session recording. So this idea that PAM that set of technologies give you some up -- head start on solving these problems -- there is a set of privileged challenge. That's where I think the confusion exists. There's all kinds of privileged challenges about to emerge here. This idea -- and [ Nikesh ] said it, again, we'll give credit where to do. He said, look, we believe over time, every identity will be privileged at some point in time, right, so do we.
The trouble is, you just bought a technology that only handles a sliver of the identities and the things you do for those are not relevant to what we're about to deal with. So that's a problem. So we think what's needed is comprehensive understanding of all those identities and that detailed understanding of the data and entitlements they can access. That's what we do. And so it's not clear that a history or a heritage in vaulting and privilege is going to be particularly helpful to that. I'm sorry, vaulting and session recording. I just -- I personally, I'm trying to get educated as we say but like help me understand how that helps you win in this new world. I don't get it. When you say the word privilege, oh, you're right, there's going to be privilege. There's going to be escalation, de-escalation, dynamic privilege, very big deal coming with all of these technologies. But it's not clear that, that heritage gives you any head start there.
Yes. Really interesting comments, Kelly.
So you brought up earlier this idea of the convergence between security and identity. Curious, what does that mean for SailPoint?
It means we got more stuff to do. Yes, we got a lot to do. What we think that means is there's this kind of, again, unspoken reality that's a little bit true that we need to talk about more, which is, we've got 20, 30, 40 years of heritage in some of the core disciplines of security. We've been doing device security with -- back in the day, Symantec and McAfee before CrowdStrike took that game over, right? We've been doing network security when it was mostly about Cisco before Palo became the big guys to play there. And you've got newer things like cloud security where Zscaler dominates it. What isn't talked about much is none of those constructs have an identity context.
When we're nice, we say they're identity and aware. When we're less nice, we say they're identity blind. Like they just don't understand identity. I see something happening on the device, I have a Mac address. I see something happening in the network, I have an IP address. I see something happening in the cloud, I have a cloud instance. Still don't know who or what is accessing this or doing something here. So that lack of identity context is partly why I think [ Nikesh ] did what he just did. I think it's why people like us are going to have to have a very robust API set and open communication framework between ourselves as kind of a center of gravity for identity, all kinds of identity, all kinds of data and that entire ecosystem. The danger and this is the classic problem of aggregation of vendors versus best-of-breed, what Palo has now done is, say, if you want to solve this, you do it with me, all my tech and cyber tech.
I think we're going to find that there's plenty of customers that go, I've got lots of Palo. I've also got CrowdStrike. I've got Zscaler. I've got Fortinet. I've got -- I got a bunch of stuff here. It's all sending me security signals. I'd like all of it to be identity aware. So the trick will be how do you convince the customer that Palo with its technology is great at tying in all the rest of that security ecosystem. That will be interesting. So when people say, what do you think that's going to mean for us? I think we're going to be challenging them in the same way, by the way, we challenge Microsoft or others today who say, I've got this comprehensive set of stuff, well, go, great. But the things you do in our realm aren't actually competitive. You can't actually do what we do at the level and scale and complexity that customers require, which is why we don't lose to Microsoft.
Yes. So I want to ask a bit of a more near-term question. You guys reported earnings yesterday.
It was this week?
This week. So given you guys focus on large enterprises, you can see a little bit of a shift between quarters in business and you also have the term versus SaaS dynamic. The broader question there is, just how should software investors think about looking past some of the what you see in the quarterly volatility in results, particularly when software investors are almost used to seeing that sometimes.
Yes. No, thanks for that question. We're doing our best. And I guess we are partly here, Scott, my Head of IR, is here with me and Mitra, our CAO. We're listing because we were honestly a little frustrated. We thought, wow, we put up good numbers and told you we're going to continue to do well and people like, yes, that wasn't what we were looking for. We're like, what, what happened there? So that said, look, we do think that when you're in a weird term, SaaS mix world that we live in and we said, look, it's 90-ish-plus percent SaaS now but we still get term deals and when we get them, they're big. And so they move the needle on revenue and therefore, profit. And our friends in 606 accounting, thanks for that. But anyways, we are where we are in that. And so we said and when we came back to the public markets this year, look, try to keep your focus on ARR because that takes out the noise of whether the deal showed up as term or whether it showed up as SaaS.
And that -- what we pointed to is say, look, we've seen nice healthy ARR growth, particularly strong SaaS ARR growth, which now represents like 60%, 70% of our revenue, 2/3 of our customers and that number is growing quite aggressively, right, high 30s, not low 30s. And so we're like, we've got a very healthy growth business here and it's probably best to measure it in ARR. It sounds like what we didn't get clarity around was what you should expect us to do as we guide you to where it's going. And there was a little sense of, oh, I was looking for a little more, like, oh, see, we felt like we kind of did the same thing this quarter as last quarter but there was FX help last quarter. We tried to call that out, too. So it's on us. We're going to try to make sure we're more clear. But I think if you look through the data there and you look at the cadence we established for a few quarters now of kind of a 2-ish beat and a 1-ish raise, plus or minus, you extrapolate that for 2 more quarters, we end the year at like a 30-odd percent ARR growth.
There's not a lot of folks at $1 billion doing 30% ARR growth. So I think we've got a pretty healthy business. And it's coming at a time when we haven't yet capitalized on most of what we've just been talking about. None of those numbers include a dime for agentic yet. None of those numbers include much for machine yet. That just got launched and it's getting a really nice uptick but it's still low single digits part of our overall revenue mix. So we've got so much headroom in some of these emerging challenges and the companies we think are going to spend money with us to address them and yet without that, we're still seeing a pretty healthy growth of the business. So we're pretty bullish. And it's on us for not conveying that maybe with enough clarity to all of you. So we'll keep getting better every quarter.
And something you have seen a benefit from recently is the shift to more of a bundling and suite-based pricing model. As you kind of talk about all these new things that you can add over the next couple of years with agents and just other functionality outside of PAM maybe, how do you think about what makes sense to include in those bundles versus what's going to be more of an add-on? And just how that kind of builds into I know what you think of as this identity platform longer term?
Yes. So it's a really good question. Yes, because first platform, like so many software players, I think platform has potentially multiple meanings. One is kind of a technology platform thought where you have a whole bunch of shared services. ServiceNow did this way back in the day, a company that actively did this. SailPoint has been doing it for a long time. A bunch of shared services, common data model, common policy engine, common identity store in our case. And then I'll call them blades to use an old term or slivers of application where you leverage all that underlying technology in your platform, which makes it faster and easier to deliver new value, right? Well, one of the things we'll always look at is, is each sliver we've got something that should just be considered core or additive.
Today, the core that we offer in our business suite is the 2 biggies in our space historically, which are compliance and life cycle, right? How do you run those audit checks and how do you just manage the ongoing churn of your people and what they're accessing, your identities, whether they're people or not. And now we're finding that, okay, some of these things are going to become so common should we just drop them into the core offering and raise the price of the core offering or should we continue to make them optional. The school of thought we're still in for the most part is, there is such a heavy lift for most large complex enterprises to get their basics in place. We don't want to overburden them at that first contracting cycle with a whole bunch of stuff you probably won't get to for 2 or 3 years. So let's get you what you need to get going.
What we are finding is, most of you are aware of this, we run a 3-year contract cycle. We are in an annual about a 3-year cycle typically. We're finding more and more customers who come back to us in the middle of that 3-year term to say, I'm ready for more. So we're doing more and more upgrades in the cycle, if you will, additional sales. And we pointed to this in the financials. We're every quarter now in a pretty nice mix of about half our new ARR is coming from new customers, new logos, half is coming from existing. We put up, again, a nice healthy 114% NRR again. We still talk about a GRR in the very high 90s. We don't lose much.
And so at the end of the day, we feel like we got a great base to work from and we are innovating faster now. We will deliver a few new offerings here at this conference in a couple of weeks. And so we're going to try to keep saying to the customer, there's a base here and we want you to start with what you need to get going. And the speed at which you add some of these capabilities may be dependent on how fast you can go. So instead of overburdening them with here, here's everything you want all at once, the proverbial ELA of the last era of enterprise license, sometimes companies want that. Usually, they'd rather kind of pay for what they're using. So that's kind of our approach.
So as your conference comes up and as we think about some of the new product announcements you're going to have, how do you think in general about investing in your product stack right now given the fact that there's a lot of debate in the software ecosystem about what employee interaction with SaaS applications is going to look like. So I would love your view on that.
Yes. Well, I'd say, always you got to consider the source, right? I think it's Mr. McDermott who runs ServiceNow that says, the whole world is going to be workflows. I'm, you might have a biased position on that. So I think we have to be careful with what's being talked about, about what's going to happen to the application environment. One of the things I've been saying to people and I always get a little [ cock-to-head ] response is, so there's some school of thought, so there's just going to be a bunch of ChatGPT or whatever AI tools sitting on top of data. Quick question, where all that data come from? What data? Like today, all that data comes through all the applications you run, do things like customer contracts and customer management and the software you're -- like there's a huge amount of data in most software companies, most businesses, I should say, sorry, that data came from all those business applications.
Now we run all kinds of interesting analytics and try to understand that data and what's happening in our business. That data has got to come from somewhere. Do I think some of the things that we do today that got kind of statically embedded in applications, which might have been better left to very flexible workflows, I think some of that will be coming out, I do. But there's a whole lot of business processes that are pretty standard and repeatable. It's not clear why you wouldn't just build that into a classic application. Try not to sound like the old guy. This is the way we do it. But I think it's the way we do it. So I think there's a sense of some of that's going to migrate and some of it's not. And the whole hype cycle, our friends at Gartner, sometimes they do things that are interesting, sometimes less so. But that hype cycle curve is a good one, right? We've kind of been in this hype cycle. AI is going to disrupt everything tomorrow, half your employees should get a new job. I mean we were saying that about 2 quarters ago.
Now we're in the trough of dissolution. I don't know if this is going to do anything. Oh, yes, it is. It's coming. So I think we're going to come back up that curve to lots of things are going to be changing. They're going to change probably at a faster rate than we've seen in much else. But is it going to take out half the jobs in America in a few [ deer ] years? No, I don't think it is. Is it going to change how people do their work? Increasingly so. Will it make them more productive and therefore, will you need a few less people? Probably in some areas. But I'd say, walk into an auto manufacturing shop. We used to have those -- there used to be hundreds of people making a car. Now there's a few people running a bunch of robots. But all those people found other things to do over time.
So I think we'll find places where there's new roles, new needs, new activities but it's clearly going to be significantly disruptive, this technology. And I think we're trying to stay at the forefront of who's developing the tech, meaning the AIs and the LLMs, who's developing the apps and how are those evolving? What are our big important strategic customers thinking and make sure we're sitting in the center of all that with, okay, so to help secure and manage all this infrastructure of identity and data, we should do this. And that's where we're just -- we're market-driven as a mindset.
Yes. So you're not actually the first person to bring up that Gartner report. It seems to pop up frequently.
Hype cycle, good old Gartner. They get the 2x2 quadrant, they and BCG and everybody else and they get the hype cycle. They get 2. That's right.
So I'll ask one last question. The focus you have on large enterprises begs the question, TAM, like that's new logo adds that kind of comes up...
Love this question.
Yes, it comes up with investors all the time. So how do you think -- I'll ask in a bit of a different way, maybe how do you think about going down market to kind of increase that TAM over time outside of some of the other growth things you talked about?
So we've started to say this and maybe it will be helpful. If you look at where ServiceNow was when it was around $1 billion in revenue, which is where we are, they had 3,000 customers. Nobody was yelling at ServiceNow. Why aren't you going into SMB? So I think you should just think about the number of large enterprises in the world for whom we are kind of the only good answer. There's a complexity level. We've identified by name, 14,000 organizations around the world that we think represent good target customers for us. We are 14% penetrated into that list today. So before we worry a lot about SMB and go take on Microsoft arguably and Okta and some others on "their turf", we're going to try to go win the other 86% of those. And we won't get all of them. Of course, we won't. But I think ServiceNow has just now got to like 8,000 or 10,000 customers. CyberArk has like 12,000, like and ServiceNow is about 12x bigger, 8x -- I don't know, sorry, my data is not good there.
But you can grow a pretty big healthy business, getting a lot of revenue from large complex organizations. Since we are particularly adept at that area, we think that's the smartest thing for us to do. We've gone to the, I call it, the low end of the enterprise and made sure we're kind of defending that part of the landscape. So think a few thousand users is a not bad metaphor. Most people draw the SMB line at like 1,000 and under, like, that is not interesting to us. No offense. We will occasionally show up in a customer in that scale usually because they're maybe a subsidiary that's super complex IT, something. But in general, we're just not worried about that part of the landscape and people say, "Oh, but how will you build a big enough business?" I'm like, reference ServiceNow. Like they built a $8 billion or $9 billion or $10 billion business with less than 10,000 customers. We think we're fine to grow a lot more of our business without worrying too much about the true SMB. We're going to be in the mid- to low end enterprise but in the shops where complexity is a very large concern and we have a uniquely good answer.
Thank you.
Mark, thank you. So many interesting ideas and we really appreciate you taking the time.
As always fun to do this. Thank you all for coming.
Transkripte auf Deutsch freischalten
- Alle Event Transkripte auf Deutsch
- Sofortige Übersetzung
- KI-Zusammenfassungen für die wichtigsten Insights
SailPoint — Goldman Sachs Communacopia + Technology Conference 2025
SailPoint — Piper Sandler 4th Annual Growth Frontiers Conference
1. Question Answer
All right. Well, good morning. I'm Rob Owens with Piper Sandler. I co-head our tech research, and I manage our security and infrastructure software practice. Really pleased to be speaking with SailPoint this morning, both Brian and Matt, who are in a finance and sales roles, leadership roles at the company. So as we were just discussing before we walked on stage, a nice early morning yesterday with earnings and early by Nashville standard. So maybe just, Brian, a quick recap of highlights of what came out in Q2.
Sure. I mean we were really pleased with the quarter in general, 28% year-over-year ARR growth. We had strong margins, 20% margins, 33% revenue growth. We actually had record free cash flow as a company for the quarter, really durable growth drivers, best new SaaS logo ARR quarter ever as a company. So really pleased with that with a net revenue retention rate of 114%. So a nice balance between new logo acquisition and expansion within our existing customer base.
We're also landing larger. We saw a 30% year-over-year increase in the size of the net new SaaS ARR that we landed as a company. So we're really pleased with the quarter on a multitude of fronts, beat on all guided metrics.
And to that end, I've got the question from investors just around guidance because you beat by a lot. You didn't raise the back half by as much as you beat. So kind of your guidance philosophy, if there's something different that investors should interpret here?
I wouldn't read too much into it other than it's prudency, and we want to be consistent and deliver on what we can deliver upon and what we say. And I think we feel really good heading into the second half of the year.
And you did note that there's about $7 million in federal business that renewed in quarter that you were more conservative as you were forecasting. So not only did that revenue pull out of Q3 into Q2, but then margins came along with it.
That's right. Exactly. So heading into our fiscal Q2 and Q3, we have to make a judgment call in terms of federal government renewals. And as you know, federal government year-end is September 30. That falls within our Q3. We didn't want to make the assumption in terms of our guidance that we're going to close all 100% of our federal renewals, but the positive thing is we did. So we closed 100% of our federal renewal business that's term-based renewals, did not impact ARR. It was already sitting in ARR. But it did have the revenue impact in Q2 of about $7 million that we were estimating was going to close in fiscal Q3. So we adjusted that in terms of our guidance in terms of revenue and also adjusted operating income for Q3.
Given all the noise that we've seen around the federal vertical over the last 6 months, were you surprised to renew them kind of at the contract value?
I think we're pleased with the efforts of our renewals team, most importantly. You really have to get ahead of these things. You can't just wait until the last week. This is a -- it's a process that goes along kind of several months in advance, and we are pleased that we were able to close them on time.
And federal from a overall percentage and just is...
So our pub sector business.
And then pub sectors, yes.
Is about 12% to 14% of our total company revenue. Our U.S. federal is less than half of that number.
Right. And as we think about the federal opportunity going forward, obviously, there's a lot of opportunity, but there's still change going on within the federal government. So maybe you could articulate just where you think that vertical is, Matt.
Yes. Look, to be fair, we've been relatively conservative, right? And we haven't seen anything in our business that would indicate that there's softening or anything is being delayed. So we're encouraged. I think the other thing is, now we are FedRAMP certified. Pretty much all of our customers over there in the federal government and public sector are using our software product. And so now we're going through the process of starting the process of migrating them to our SaaS solution. So from our perspective, a lot of interesting upside.
And then we're kind of -- I don't know if I can say we're [ postdodge ], right? But I mean, a lot of the big cuts have taken place. And from our vantage point, now there's an opportunity to -- for consolidation and reenergizing some of these projects that might yield some new opportunities. So we continue to remain positive about the Fed space.
And I think one of the interesting characteristics of the quarter was landing larger, right? And there's a lot of different things at play. You've gone through the model transition having gone private and back to public at this point. And going in, I think SailPoint was always seen as a very lumpy big deal company. Now your deals are getting bigger, but it feels like some of that lumpiness has gone away. So maybe you can just speak overall to the environment, what you're seeing? 28% ARR growth makes you the fastest-growing security company in Q2. So congratulations for that. So maybe talk about the environment overall and what you're seeing, and then we can maybe delve into this agentic topic that I'm sure you guys are getting a few questions on.
Yes. Look, Rob, I don't know that the big deal landscape has changed, right? You're doing big deals, you're probably doing them with bigger companies. And the bigger companies are pretty sophisticated buyers, and they're going to always take you down to the 11th hour, right? They just are. I think one of the things that's complicated that closing process now, and it's not -- and I might have talked about this the other day. It's not necessarily the last 30 days, although that's where it shows up. And you've got all the complexities of the environment we're in, right? Virtually every one of these contracts now has an AI addendum to it. You've got the DPA, which is a security component questionnaire. And then you've got people with the red team that bring in their own specific set of requirements. Then you've got all the potential things if you're doing a deal outside of the United States, especially regulatory, privacy. And so all of these things in and of themselves kind of make that last closing piece a little bit more complicated, a little bit more elongated.
I would tell you that it's built into -- it's not a 1-quarter deal, it's built into the process thus far. So I don't -- we're not seeing anything accretive that's causing lumpiness, right? I think the other thing for us is we're getting bigger, right? And when you're bigger, now you've got broader scale. We're probably creeping a little bit further down market, right? And so those deals are a little bit less complex, a little bit easier to get through, giving us a little bit better balance relative to the overall quarterly posture.
Sure. And Brian, from your perspective, what about forecastability in the model? It was an issue historically under the prior CFOs. And since I took you public, the first time around, I lived through that with you guys. So where do you think the company is at now versus where it was? And just what's your crystal ball...
Sure. Well, I wish I had a crystal ball, but I'll do my best. Now in all seriousness, over the last several quarters, even during the IPO roadshow and before that and during, we've been seeing this really nice balance between new customer acquisition and expansion within our existing customer base. So we talked about the 28% year-over-year growth. A little bit more than half of that came from new customer acquisition and new logo growth and the other half roughly came from expansion within our existing installed base. And what's nice is that we see a nice dispersion among many different growth vectors within the expansion story. So we see anything from more upsell opportunities, more identities, cross-sell opportunities with new modules that we've introduced over the last year, especially around the nonemployee risk management, machine identity security, data access security.
We also see suite upgrades. These are basically customers that are on our SaaS platform, upgrading from one level of suite to the other. Typically, that carries a 25% price uplift to that. We also are in still relatively early stages of migration and platform modernization within our existing installed base, those customers that are with our on-prem solution called IIQ, wanting to upgrade to our Identity Security Cloud platform. So that's our SaaS-based solution.
And with that, we typically see a 2 to 3x uplift on the annual ARR spend that they're spending with us today. So they'll trade in basically their annual support contracts, get into a brand net new SaaS arrangement with us, multiyear arrangement, we'll see a 2 to 3x uplift on their ARR spend. So all of that factors into the 114% net revenue retention, and therefore, what we really like in terms of, back to your crystal ball question, if we can keep this kind of combination of new customer acquisition, a lot of greenfield opportunities, but then expansion within our existing installed base and what we're really excited about and which we can touch on a little bit more is the depth of -- and breadth of our product offerings, especially that are coming out at Navigate, which is our customer conference in another couple of weeks.
Two weeks. Yes. See you there.
Yes.
So Matt, you were brought in before to disrupt that installed base, right, having come out of Oracle, who was sunsetting a lot of the technologies. But in the go-private period, you replatformed common code base, common data architecture. And now you have these tiers in SaaS that have effectively allowed you to sell differently. So maybe you can talk about how many different arrows you have in your quiver as a result because you truly have become a platform with the tiering capability and add-on modules, some of these emerging solutions. And just how has that changed go-to-market and customer receptivity?
Yes. I mean, look, I think one of the things that's happened over the last few years that shows up within NRR is it's a selling motion, right? Selling into that installed base is a muscle that you got to learn. And it goes along with -- we like to say SaaS is a team sport, right? So you get all the new logos you want, but if you can't keep them, right, and you can't drive GRR, right, you're not going to get NRR. And so I think one of the things we benefit from is we have a customer base that likes us and wants to buy more from us. And I think it's just being honest.
If you look back, we've not had a ton of new stuff, right, to go sell. And I think that's changing. And I think the environment has given us a really good platform to bring these new things to market. So I think that's pretty significant. I think the other thing I would tell you, Rob, is, look, I think probably the most difficult buck to bring into a company is a direct sales dollar. That's a hard dollar. And I think as companies start to grow and they're trying to drive sustained growth, you got to get to these other avenues of new money, right? So you saw us roll out this MSP platform last year. I think today, we've got about 14 new MSPs we've added.
And the thing that's interesting about it is, it's outside of our target account list, and it's outside of our field sales, right? So we're selling independent of them. It's really our first foray into resale, right? So it's early, right? But now that we've got 14 of them out there, I think we're hopeful of having 15 to 20 by the end of the year. But this is a new avenue for us to be able to gather incremental extension of our reach, right? So those kind of things, I think, are helpful.
And then as Brian said, in a couple of weeks at Navigate, I think we're going to probably have -- for those of you who don't know, Navigate is usually where we launch new things, new products. I think we're going to have the biggest Navigate in the history of our company here in a couple of weeks. And we'll be announcing things like Agentic AI, which I think everybody is interested in, observability, threat intelligence, just a lot of new things that I think are going to for our installed base, but also our potentially prospective new customers.
Excellent. Before we pivot to Agentic and Navigate, one final question just in terms of before and after implementation, how has it changed? I mean the world seems to be getting more complex, not less. But are you able to reduce implementation times? Because one of the big knocks, of course, your competitors can say is, shelfware never gets implemented. That's why we don't look at SailPoint into the future as a competitor, which we vehemently disagree with relative to Agentic. But just relative to that implementation, I know you have customer care teams and you guys have done a great job from that perspective, but...
Yes. Look, I think this. I think IGA in general carries a legacy much like the old ERP, overpromised, underdelivered. And I think when we go in and sit down, myself in particular, I sit down with executives, that's the first thing they hit on, like the cost and the complexity of getting these things delivered. I think one of the things that we try to drive home now is that this is not a project any longer. This is a program. This is really not going to end with the acceleration of the threat landscape, just the normal keeping up with joiner, mover, leaver, it's not going to end. So I think that's a big part of it.
I think we've also taken on some of this ourselves, understanding we think we're innovating quite a bit, and you're going to see it. But also we're innovating in terms of putting instrumentation so that people can deploy this much more accelerated and much more affordable. So a case in point, you saw us announce what we call SailPoint Accelerated Application Management. And we were kind of going down this path already, had a lot of it developed, but we had an opportunity to focus this little company called Savvy. I think you should look at it as a tech, I'll say, tuck-in, but they've got some really, really neat technology that is going to make our Accelerated Application Management program even that much better.
I think that right there is going to -- I hear some of our competitors talk about 30 days, we can have it up and running from an application perspective. We think it's hours, not days, not 30 days, not a month. And we're super excited to be able to get that to market and show the community or the market what we're doing with that. That in and of itself is going to take a lot of time, if you will, out of the implementation. So now in a matter of hours, you can see your entire application landscape. We'll classify it, and we'll actually prioritize it for you. We'll be able to say, look, here's your top risk areas. You need to do something with these applications sooner than later. Here's the ones that need to be SOC compliant. And that's hugely new for us, and we think it's going to really accelerate some of the concern with us from an implementation perspective.
Machines, service accounts, Agentic. Maybe you hit on the new paradigms for growth within identity. And as I look across those categories, one and the same, but all completely different. So they get lumped together a little too much. Why does SailPoint have a right to win there?
Yes. So I mean, again, I'll just kind of start off with machines have been around for a long time. Service accounts has been around for a long time.
Agentic...
But all of a sudden, we are paying attention to them.
Yes, that's right. That's right. Because all of a sudden, they've shown up on the threat landscape. And so it's front and center. And now with the posture management tools like the Delta Discovery and the classification stuff, right, now companies are able to identify what machine identities are out there. Now I will tell you, after being selling our machine solution for the last 3 quarters, I think one of the biggest thing you understand is that most companies don't know how many machine identities they have. Probably the exemption of that is service accounts. But they're not managed, right? If I told you some of the stories that CIOs and CISOs have told me about how they manage...
Can you explain a service account for some of the generalists real quick?
Yes. I mean a service account is basically, you might have multiple of them, administrative accounts for things like Salesforce.com, Workday, right, the administrative component of it. And they've been around a long time. And at the end of the day, it's probably not that big a deal if you got 2 or 3 apps. But all of a sudden, if you have hundreds of apps, service accounts are -- there's a lot of them. I mean we got a customer or 2 that's got 500,000 service accounts, right? And then you get into password rotation and trying to keep up with that, it's a nightmare. So that kind of falls into this machine identity.
But if you just took service accounts and you said that's one type of machine identity and you looked at RPAs, you look at bots, you look at digital IoT, you got a ton of stuff to manage. And the problem across the whole board is, I got to be able to govern them. I got to be able to treat them like any other identity. And that's the piece that's missing, right? And so with our Machine Identity Solution, you're going to be able to discover, you'll be able to classify, you'll be able to assign ownership and you'll be able to actually certify, right? So you'll be able to manage the full life cycle management. And I think that's a big, big -- it's a big problem solved, right, from a security perspective.
And everybody is looking to how do you size this thing. And I think we get asked all the time about durability and you're going to run out of identities. And there's -- everybody's got their view of this. I like to recite one of them that I heard that I actually -- makes me smile because it talks about the size, and it starts off with something ridiculous like there's 8.2 billion people in the world, 4 billion of us are working, right? And when you start -- and those are humans. And when you start looking at things like the digital or nonhuman, and you start playing with multiples, if you say, look, let's just use a 5x multiple, we're going to [ plop ] roughly 20 billion new identity types on corporate America. And they're woefully unprepared to be able to handle it from a system perspective, not to mention from a policy perspective.
So for us -- and even if that's a magnitude off, there's a ton of new identities being brought into the marketplace. I don't think our success is going to be determined by the lack of opportunity. I think it's going to be determined by our ability to execute it and for anybody else that jumps into the arena. And I'll just -- I'll touch -- I'll go quick on Agentic.
Please, we still got time.
So for those of you that might venture into Austin here at the end of September to our Navigate Conference, that's our annual customer conference. It's typically where we make big announcements on product every year. We have a number of things we're bringing to market this year, but nothing with any more interest than Agentic AI. And I'll try to do this in a manner that gives you a little bit of a perspective here. We look at agents in what we're going to call base agents, right? And they'll look very similar to a machine, right? And in accordance with that, it will be priced very similar to a machine. When you look at how we price machines today, it's about 1/3 of a workforce human, right? That's -- and we've kind of -- we've been talking that, I think we've been pressed as we've gone through the roadshow and everything else going public about how do you quantify this opportunity, and that's where we started.
When you look at what we're going to announce and deliver in at the end of this month, it starts with base Agentic or base agent. And what you get with that is the ability to discover an agent, the ability to classify that agent, like in terms of agent type. And this is where you start getting into the really important stuff, be able to assign ownership. We believe every nonhuman has got to have a human agent -- a human being assigned to it. So you'll be able to assign that owner or owners, right? And then the last piece is you'll actually be able to certify. So now you're actually getting these agents into the governance process.
I mean, we don't think there's a ton of people that can do that today, right? I don't want to go so far saying nobody because then -- but there's a short list of being able to discover, categorize, assign ownership and then start to certify. And that's what we'll deliver in the end of this month. The next step in this is advanced, right? And this -- you should think of -- the simplest way to explain is the autonomous agents, right? And now you're getting into the data and the real hard security problem. We'll deliver that at the end of our fourth quarter, maybe the first -- our first quarter, right, in that range. But now you're going to be able to pull data in, right? And think of data, not necessarily just from our Data Access Security solution, but things like Sierra, security AI, big idea, who will pull that data in, you'll be able to add an identity context to it, right, and now start to have this fine-grade entitlement to understand permissions, who has access to what.
Now look, I think the other thing I would tell you is, I don't think this is solved by any means, right? I think we're going to be Step 1, and I think there'll be a Step 2 and a Step 3 when you start talking about these agents nesting, Rob, and then agents reporting to multiple humans with multiple sets of permissions. I think this is complex. But we'll have our first delivery on that in the first -- or at the end of this year, in the first quarter of next year. So we're pretty excited about it. And from a pricing perspective, we think that agent, that autonomous agent is, we'll call him a super human or [indiscernible] super human. We're going to price it in accordance with our workforce price, Workforce Identity, right? So it will be very similar to that. And I think at the end of the day, as these things start to proliferate, I think the market is ultimately going to get to where it's going to get to as it values, and we'll be there for that.
Great. Any questions at this point? Go ahead, Ethan.
[indiscernible]
Yes. Look, we're actually seeing an uptick in the legacy market, legacy replacement. I'll say this. If you understand how we market and how we go to market, we're relatively focused in terms of who we market to. And so virtually, every new logo we chase, we're replacing something, right? And a lot of times, it's a combination of things, but we're replacing something. But what we're looking at now is, if you take the Gartner data, it says there's probably $2 billion to $2.5 billion of legacy, we call it maintenance that's out there really available. We believe a lot of that's our business, and that's kind of how it's proven out. And then when you think about the opportunity for us, think of it like any other migration. It's based on what they're paying, it's a [ 2 to 3 ] uptick for us. So it's a pretty nice chunk of new opportunity. And we think what's going on here in the market around machines and around Agentic is actually causing these companies to have to move quicker than maybe they have historically.
And with respect to our installed base, it's still relatively early days. We've migrated and upgraded probably a little more than 10%. We're modeling internally about 10% per year to migrate towards Identity Security Cloud. So it's much more ahead of us than behind us in terms of that opportunity, and we still see that 2 to 3x uplift on the annual spend.
We have time for one more question. Maybe hit possibly on the data opportunity relative to what your customers are looking to do. Because if I look at Agentic, there is that governance of access to apps and there's that governance of access to data. And you've had a loose data play for years, but probably not as successful as you wanted. So a, where at SailPoint, in the next 30 seconds; and b, what are customers requiring from you at this point?
Yes. Look, I think this, I think data -- if you're going to secure agents, then you're going to have to secure the data. And clearly, we've got a data play, but I think part of it is going to be what we can ingest and then what we can assign permissions to. The other piece of this I will tell you is you're going to see us talk about observability, right? And to that end, we'll have a graph, an identity graph, and we'll have the ability to pull in data. These are customer requests. Customers that are like, for instance, customers of CrowdStrike and us, they want that threat graph commingled, if you will, with our identity graph, and they want our identity data commingled in their graph, right? And these are the kind of things that are going to allow them to get much closer to being able to have remediation, right, other than if you're a CrowdStrike cutting the wire. And so now they're going to be able to actually get a little bit further ahead and get where we can actually pinpoint in session, if you will, remediation.
All right. Well, that's all we have time for. Gentlemen, thank you.
Thank you, sir. Appreciate the opportunity.
Thank you.
Transkripte auf Deutsch freischalten
- Alle Event Transkripte auf Deutsch
- Sofortige Übersetzung
- KI-Zusammenfassungen für die wichtigsten Insights
SailPoint — Piper Sandler 4th Annual Growth Frontiers Conference
SailPoint — Q2 2026 Earnings Call
1. Management Discussion
Good day, and thank you for standing by. Welcome to the SailPoint's Second Quarter 2026 Earnings Conference Call. [Operator Instructions] Please be advised that today's conference is being recorded.
I would now like to hand the conference over to your speaker today, Scott Schmitz, SVP of Investor Relations. Please go ahead.
Good morning, and thank you for joining us today to discuss SailPoint's Fiscal Second Quarter 2026 Financial Results. Joining me today are SailPoint's Founder and CEO, Mark McClain; and our Chief Financial Officer, Brian Carolan. For the Q&A portion of today's call, we will also be joined by our President, Matt Mills.
Please note that today's call will include forward-looking statements, and because these statements are based on the company's current intent, expectations and projections, they are not guarantees of future performance and a variety of factors could cause actual results to differ materially. This call will also include references to non-GAAP results, which exclude certain items that do not reflect our underlying business performance. Please reference this morning's press release and our supplemental earnings presentation posted on investors.sailpoint.com for further information regarding our forward-looking statements and non-GAAP financial measures, including reconciliations to the nearest comparable GAAP financial measures.
And with that, I'd like to turn the call over to Mark.
Thank you, Scott, and good morning, everyone, and thank you for joining us today. We are thrilled to share our fiscal Q2 2026 results. This was another exceptionally strong quarter for SailPoint, where we executed well against the opportunity in front of us. We closed the quarter with $982 million in annual recurring revenue, or ARR, a 28% year-over-year increase with SaaS ARR growing 37% year-over-year.
Our ARR growth reflects the strong demand for the breadth and depth of identity security controls that SailPoint provides to more than 3,100 enterprises worldwide. This quarter, we saw a 48% year-over-year increase in customers with ARR greater than $1 million. This highlights our unique ability to support the tremendous scale and complexity prevalent among enterprises today. This momentum reflects a market transformation.
Let me explain the key themes that are driving this demand and why we believe our approach positions us to lead this evolution. First, enterprises now expect identity to solve full-fledged security challenges by anchoring them in deep governance constructs. We believe SailPoint's heritage and leadership in governance means we're the only provider that can elevate identity to this broader security role with confidence.
Second, static admin time controls are giving way to real-time and dynamic enforcement as enterprises face new classes of risk, especially from AI and machine identities. With SailPoint, customers will soon be able to adapt to these risks quickly, applying identity intelligence to stop threats before they spread.
Third, security leaders are realizing that identity alone is not enough and that they need security and data context as well, which was highlighted in our recently released horizons of identity security report. Our ability to create a trifecta across these vectors of identity, security and data context is highly differentiated and enables customers to make rapid precise decisions that reduce risk without slowing the business.
And finally, the market and SailPoint is operating well beyond traditional IGA. We deliver an extensible platform that governs and secures all identities, human and nonhuman and their access to data so that context can be leveraged to strengthen every layer of the entire security stack.
Let me walk you through how these shifts are reshaping the market and why we believe we're built to lead in this new era. CIOs and CISOs are prioritizing their investment in identity security because they recognize it has become the backbone of securing their enterprise. As identity becomes the primary threat vector, enterprises are realizing they need real-time controls across all identities, human and machine to properly secure their environment. Security companies may excel at threat detection but without identity context layered in, today's threats are nearly impossible to understand against the backdrop of business risk. That's where we believe SailPoint is uniquely positioned.
We've built a platform that is bringing together identity, data and security in real time, and that advantage becomes even more critical as AI agents enter the enterprise. These autonomous actors are making access decisions independently, often spinning up subagents or executing workflows at machine speed, static admin time policies simply weren't built for this speed or scale. We believe real-time authorization, especially for this new class of AI agents is no longer optional, securing them requires more than static authentication controls or basic policy. It demands deep governance with identity context and controls applied at the most granular level and for the duration of the workflow.
Every enterprise will soon face 2 critical questions. First, can you guarantee that an agent isn't accessing data that human owners shouldn't see. And secondly, can a human use that agent to circumvent security controls. To properly answer these questions, agent governance must be built on a foundation of deep identity context and intelligent automation. With SailPoint agent identity security, launching at this year's Navigate, we're delivering what we believe is the only solution that is designed to govern AI agents and the subagents they create across the full life cycle. It's powered by the same policy engine and entitlement level precision that we believe has always set SailPoint apart.
The rise of AI agents in the workforce is driving a fundamental shift from static admin time governance to dynamic real-time identity security. With the innovations we're delivering today, we are helping enterprises address an entirely new class of identity challenges. We believe SailPoint provides the critical platform to enable broad enterprise adoption of AI purely and at scale.
The game has changed, and so have we. With our heritage and traditional IGA, we are able to bring together the context of identity, data and security in ways that are difficult for others to replicate. While others are rolling up swim lanes like access PAM and IGA, we've chosen to bring together the capabilities that truly work to solve the next generation of identity security challenges. Aggregation may simplify procurement, but it doesn't solve the security problem, especially at enterprise scale. Instead of stitching tools together, we've built a unified platform that brings identity context, data context and security context into 1 extensible control play.
Importantly, we believe our 20-year foundation and identity gives us something others don't have, deep contextual understanding of how identity works across the enterprise. Today, we manage over 125 million identities and their deep fine grain entitlements across 3,100 customers, spanning legacy systems, SaaS applications, cloud platforms and hybrid environments. That's the kind of complexity most vendors just can't touch. We believe that depth of identity and entitlement data isn't just foundational to securing the modern enterprise, it's essential to governing the rise of AI agents, which interact with every layer of this ecosystem.
In this regard, the recent flurry of M&A activity in our space validates what we've said for years. Identity is now central to enterprise security, but it also highlights a key difference. While others focus on connecting identity and threat, we're addressing the deeper challenge bringing identity and data together tightly integrated across the security ecosystem to provide risk aware authorization and context into breaches across all identities. Solving identity security at scale requires more than consolidation. It requires deep expertise. SailPoint is purpose built for this with 2 decades of industry expertise, broad identity coverage and an open partner ecosystem.
In a market increasingly defined by consolidation, roll-ups and bundled point solutions, SailPoint remains one of the only independent enterprise-scale identity security platforms, offering the objectivity, extensibility, depth and scale large complex enterprises demand. Just as enterprises embrace multi-cloud strategies for choice and resilience, they rely on SailPoint for the same flexibility and identity. And at our annual Navigate event, we'll show exactly how this will come to life through things such as real-time authorization across all identities, human, machine and AI, advanced security solutions for orchestration, risk-based intelligence and automated remediation.
Privileged security posture management, our dynamic approach to help achieve zero standing privilege. We recognize that all identities can be privileged at some point. We secure the full identity landscape, privileged or not, by applying identity context at the entitlement level. Whereas traditional PAM uses a static model focused mainly on privileged identities, which represent at most 10% of all identities in any large enterprise. It's one more example of how SailPoint is redefining the control plane for identity security, unifying policy, intelligence and enforcement across every corner of the enterprise.
We believe this is a market transformation, not incremental innovation. Our goal is to build the foundation for the next generation of enterprise security where identity operates at the heart of the security operations center, delivering real-time protection at the speed and scale of modern enterprise demand.
Now let me spend a few minutes on our execution this quarter before I hand over to Brian, who will dive deeper into our financial results. We continue to execute with discipline, translating our strategy into strong results. Enterprises around the world are embracing our comprehensive intelligent approach to identity security and we're arming them for what's next via new innovations that address both existing as well as new emerging challenges.
For example, we recently introduced SailPoint Accelerated Application Management to directly address an ongoing enterprise challenge, the frustration that comes from limiting how many applications customers connect to identity security solutions due to complexity and lack of time or resources. This is a breakthrough offering from SailPoint that transforms how enterprises discover, govern and secure applications at scale.
By uniting visibility, intelligence speed and automation, we enable organizations to quickly onboard and deeply govern hundreds of applications, something previously out of reach for most. We've shattered the old notion that it takes years to make hundreds of apps visible in an identity solution. Our customers can now do this in hours or days and then move to a deeper level of governance.
Our acquisition of key assets from Savvy, which is expected to close later this year subject to customary closing conditions, stands to further enhance this offering with what we believe is best-in-class SaaS application visibility and identity risk detection. This will strengthen our ability to reduce application sprawl and deliver faster time to value, lower cost and reduced risk.
Likewise, we're tackling emerging challenges through key product innovations like SailPoint, non-employee risk management, SailPoint data access security and SailPoint machine identity security each is seeing strong sustained demand with ARR across these offerings more than doubling in the first half of this year compared to the same period last year. SailPoint machine identity security, in particular, is delivering record-breaking momentum, our fastest-growing new product in SailPoint's recent history, demonstrating the market's appetite for advanced enterprise-grade identity solutions.
To highlight a couple of key wins in Q2, a leading technology company turned to SailPoint to govern their identity landscape, which spans employees, cloud infrastructure and machine identities. In fact, their machines now outnumber human identities, 20:1, underscoring the scale and complexity, we believe SailPoint is uniquely built to handle. In another example, a Forbes Global 2000 auto manufacturer modernized on SailPoint's platform to address an evolving identity landscape that spans, employees, contractors, cloud workloads and machines. This was one of our largest deals of the quarter and reflects the growing demand for a future-ready platform that can unify governance across all identities.
While much of our growth is outside of traditional IGA today, we continue to capitalize on competitive displacements. Increasingly, enterprises recognize that legacy solutions can't take them into the future, and they're turning to SailPoint's modern platform to get them there. They buy from us not only to solve today's identity challenges but to prepare for tomorrow. From governing machine identities to securing AI agents and addressing the entitlement explosion that legacy approaches weren't built to handle.
Our recent win was one of Europe's largest retailers replacing a solid deployment from another vendor that lingered for more than 3 years underscores the strength of our future-ready approach and the value of SailPoint as a proven modernization partner.
On the partner front, inbound interest from global systems integrators and leading technology firms continues to accelerate. Our newly announced partnership with HCL Technologies will bring enterprise scale, modern identity security to more markets and geographies especially in the age of AI. The market is validating our strategy. Our execution is solid, and we believe our position has never been stronger. We're building the identity security platform that enterprises trust to govern every identity contextualize every access decision and secure every interaction, human or machine in real time.
While there is a lot of convergence in the industry, we are converging what we believe matters most to customers: identity, data and security. That's what modern security demands, and that's what we believe positions SailPoint to lead in a world defined by agent scale, data sensitivity and escalating complexity.
With that, I'll turn it over to Brian, who will share more details on our financial results from the quarter. Brian?
Thank you, Mark, and good morning, everyone. Thank you for joining us today. Fiscal Q2 '26 was another strong quarter with robust demand for our leading identity security platform. We believe the depth and breadth of our platform sets us apart and makes us uniquely positioned to govern and secure complex enterprise environments, which is evident in our results. We ended fiscal Q2 with ARR of $982 million, an increase of 28% year-over-year with SaaS ARR of $623 million, growing 37% year-over-year.
Total Q2 revenue increased 33% year-over-year, and adjusted operating margins expanded 980 basis points to 20.4%. We also generated a record $50 million of cash flow from operating activities. Let's dive in.
We continue to see many durable growth drivers across the business and across industry verticals, while our ARR growth remained largely balanced between new logos and existing customer expansion, Q2 was our largest new logo ARR quarter ever, primarily driven by SaaS. Notably, we saw a 30% increase in average ARR per new SaaS customer. More and more often, new customers are landing with our most fully featured business plus suite, which includes advanced AI and automation features as well as cloud infrastructure entitlement management, which helps customers understand the identity context of their cloud workloads.
Many of these new logos are also buying our emerging add-on modules, which include nonemployee risk management, machine identity security and data access security. In fact, new SaaS customers had a 40% attach rate of add-on modules compared to 25% in the same quarter last year. Our add-on modules are also driving expansion within our existing customer base. Once again, the ARR from our emerging add-on modules more than doubled year-over-year, contributing nicely to our NRR of 114%. Overall, we continue to see good balance across all 4 of our primary NRR drivers, including cross-sell, up-sell, suite upgrades and platform modernizations inclusive of migrations.
Turning to revenue. In Q2, we delivered revenue of $264 million, an increase of 33% year-over-year, with subscription revenue growing 36% year-over-year. This better-than-expected result was due to strong bookings and SaaS/Term mix. We also benefited from the timing of term contract renewals, most materially in the Fed sector. This resulted in $7 million more upfront revenue recognition in Q2 versus what was originally expected in Q3. Please note, there was no material impact to ARR because these were renewals.
In Q2, we delivered strong incremental operating leverage, which resulted in adjusted operating income of $54 million or 20.4% margin which increased 980 basis points year-over-year. Our strong top line growth with the increasing size of new customer wins is leading to economies of scale and strong margin expansion. In Q2, we generated cash flow from operating activities of $50 million and free cash flow of $46 million or 17.4% margin. This is a reflection of our robust growth profile, disciplined expense management and strong collection efforts.
Turning now to guidance. For simplicity, I will refer to the midpoint of our guidance ranges. Full details can be found in this morning's press release and supplemental earnings deck. For the fiscal third quarter of 2026, we expect ARR to cross the $1 billion mark at $1.029 billion, up 26.5% year-over-year. For our fiscal year 2026, we are increasing our ARR outlook by $10 million to $1.11 billion, up 26.6% year-over-year, compared to our prior guidance of 25.5% growth.
On a trailing 12-month basis, our guidance also assumes revenue will cross the $1 billion mark in the third quarter of fiscal 2026 with Q3 revenue of $270 million, an increase of 15% year-over-year, making our year-to-date revenue growth rate 23%. We expect adjusted subscription gross profit margin to be approximately 82% due to a higher mix of SaaS revenue versus last Q3, with adjusted operating margin of 16%. We expect our diluted share count to be approximately 562 million shares and adjusted EPS to be approximately $0.06.
As I mentioned earlier, our Q2 results benefited from the timing of term renewals, which flowed through our P&L at a high margin rate. Our Q3 revenue and adjusted operating margin guidance reflects the $7 million quarterly timing dynamic as well as future investments. As Mark mentioned, we'll be sharing much more about our exciting innovations and product initiatives at our Navigate conference in 3 weeks.
For fiscal year 2026, we are increasing our revenue outlook by $16 million to $1.055 billion, up 22.4% year-over-year compared to our prior guidance of 20.6% growth. We are also increasing our adjusted operating income by $16 million to $179 million or 17% margin compared to our prior guidance of 15.7% margin. We expect our diluted share count to be approximately 565 million shares and adjusted EPS to be $0.21. Additionally, we remain comfortable with the second half consensus estimates for free cash flow of approximately $85 million, with roughly 1/3 generated in Q3 and 2/3 in Q4. Please note, we included additional modeling notes in our supplemental earnings deck.
In summary, we believe we are well positioned to win the next generation of identity security because of the depth and breadth of our platform, our continued product innovation and our relentless focus on execution. With over 125 million identities with deep and fine-grade entitlements created over our 20-year history, we believe we have a strong competitive position and the right to win as we combine identity, security and data into a modern platform. We look forward to providing a deep dive into our new innovations and customer testimonials at our Navigate conference at the end of September.
With that, let's invite Matt Mills, our President, to join us and open the call for questions. Operator?
[Operator Instructions] And our first question today will come from Brian Essex of JPMorgan.
2. Question Answer
Congratulations on a strong quarter, guys. Maybe, Brian, for you, could you peel back a layer on the guidance a little bit? I caught the commentary about the upfront revenue recognition from the renewals on the federal side. But we'd love to dig into that and understand the impact on ARR from the non-SaaS ARR? And how you think -- like did anything change with regard to the methodology of your guidance? It seems like ARR guidance was increased a bit more last quarter than it was this quarter. Just would love a little additional color there.
And then maybe adjacent to that Fed comment, like confidence in the -- going into next quarter, which is obviously a seasonally heavy Fed quarter.
Sure. Good morning, Brian. So first of all, we're really pleased with our first half of the year. We're ahead of expectations on all guided metrics. We feel really good about us heading into the second half of the year now. We raised on all key metrics. We raised ARR by 100 basis points up from the prior guide, up to 27% year-over-year growth. We're raising revenue by 200 basis points versus the prior guide, up 22.4% for the full year, and we're also raising adjusted operating income. So we feel really good heading into it.
As you noted, this was merely a dynamic of term renewals, especially in the federal space. So when you go into a quarter, such as Q2, you have to make a judgment call and you want to use some prudency around whether that's going to land in Q2 or Q3. Well, we actually had 100% renewal rate of our term-based Fed renewals in fiscal Q2. And with the dynamics of term-based revenue recognition, as you may know, you recognize all that revenue upfront in the period of renewal. So basically, that shifted $7 million. Again, it was a timing shift, had nothing to do with anything of a pull forward of revenue, which just was merely a timing shift from Q3 that we originally expected into Q2.
So we're going to be very consistent with our approach to guidance. I think we've been able to demonstrate kind of a beat-and-raise cadence. We feel like this is a prudent approach heading into the second half of the year. We feel like we're well positioned. We're coming off a very strong quarter for us. We had record free cash flow. We had record net new logo ARR. It's our best quarter ever, and we feel really strong going into the second half of the year.
And then just lastly, just your question on ARR impact. There was no ARR impact driven by these term-based renewals because they were renewals. They're sitting in our ARR, and we successfully renewed that of 100% renewal rate.
One moment for our next question, which will be coming from Meta Marshall of Morgan Stanley.
Great. Appreciate the question. I guess just diving a little bit further into that. Just the net new ARR decel in Q3 from Q2? And then just kind of what gives you confidence in the pickup in Q4? Just a little bit more diving into the Q3, Q4 dynamics would be helpful.
Sure. Good morning, Meta. Yes. So if you look at Q2, we achieved a $57 million. That was consistent with last year. But bear in mind, that was a very tough comparable going back to last year. So if you look at this on a kind of a 2-year CAGR basis, we were over 40%. So we feel good about heading into Q3 now. We feel like it's a prudent place to start. And hopefully, we can demonstrate again our beat-and-raise cadence as we head into the second half of the year.
One moment for next question, which will be coming from Todd Weller of Stephens.
Let me echo my congratulations, and thanks for the question. Mark, can you talk about machine identity, it's a complex market, all sorts of types of identities that are out there on search to secrets and cloud ops to emerging role of Agentic. And I know Agentic is coming soon, but maybe today, where are you seeing the most opportunity? What are the use cases driving your machine identity solution? And competitively, what are you seeing in those instances?
Thanks, Todd. Thanks for the question. Yes, I think we tried to make sure we're trying to clarify and even delineate a little bit what we're doing from others. In our case, the machine identity approach we're taking is pretty consistent with how we've handled the governance of human identities. And as you noted for now, that does not include Agentic. We're going to cover in our Navigate launch here shortly and new products focused on agents.
Our machine products would be covering things, as you said, like service accounts and software bots and RPA, maybe even some intelligent devices. I'd say in general, we're finding a situation where customers have sort of woken up, so to speak to the fact that while some of these agents -- excuse me, identity categories and machine are not new, they're a new part of the attack vector. So it's not that there's been a brand-new introduction of machine identities. They've been there in many cases for some time. Now they're being recognized as part of the attack vector.
And so what we've highlighted for folks in our offering is there's 2 things that are kind of unique about what we're doing for machines versus humans historically. One is you have to find them. You have to discover them. In many cases, customers really don't have a good grasp of the inventory of all these nonhuman identities that are already in their environment. And once you find them, then you need to kind of assign ownership. The other challenge is often where there's some service account out there, there's some device out there, but it's not clear what human is responsible. So this idea of discovery and then assignment is kind of unique and new in the case of machine identity.
Once we get through that step though, in some cases, the ongoing governance and security of these identities looks pretty familiar. It's the life cycle, it's the certification, is this still a valid identity? Who's responsible for it? Has anything changed? Is there any evidence of compromise, the kind of questions we answer for human identity. So we are finding that customers are very interested in this topic. And they are looking at our offering is pretty different from some of the offerings, say, that are focused more on like certification of servers, which is another offering for machine identity out there today.
And that offering is more akin to authentication for a human. They want to validate that the machine is actually the machine they think it is, but there's not a governance life cycle approach. We're bringing our traditional life cycle approach to these machine identities.
And our next question will be coming from Jonathan Ruykhaver of Cantor Fitzgerald.
Yes. So I'd be curious to hear your thoughts on the AI-driven connector integration. I mean, just from my perspective, it seems it turns what has been more of a passive kind of pipeline for access data into, let's call it, an enabler of more intelligent and automated actions. It seems to open up your use cases around risk detection potentially better context around access control. So I'd love to hear your thoughts on this opportunity. Is it going to be a part of the upcoming agent identity security solution? Is it separate? And what are the incremental monetization opportunities?
Okay. Jon, I'll do my best. That's a complex question there. I'm going to tackle it. I think where I hear you there is saying, look, there is some unique characteristics of an emerging agent world. And as we've all read, there's been a lot of interest and a lot of experimentation, maybe a little less full-scale deployment than maybe folks thought we might be at this stage. I guess I'd also remind people that the 2 classes of agents really oversimplifying for a moment, are those that are coming through the software vendors. Workday and Salesforce and others saying, "Here, I'm going to introduce Agentic capabilities into my offering", but then mid-to-large customers are going to clearly be spending time developing their own bespoke agents that makes sense in their business that they think they need to develop, right?
Well, in both cases, these agents, as you said, are going to perform in some ways like a human, they're going to be trying to access the data they need to do their job. And one of the things -- the themes you're going to hear from us at Navigate very strongly, we hit it somewhat on the call today is that what's been kind of lacking in the realm of identity historically is a very tight alignment with deep entitlement data, right? Like how do you really understand all the data elements and identity can access.
Well, in the world of Agentic, we're going to have to get very crisp and very clear on that because these agents are going to go out trying to quote solve the problem and they're going to go looking for data wherever they can find it. If they allowed access to data, they weren't actually supposed to see. They're going to return results that maybe weren't supposed to be visible to that person or that entity. So this idea of tying together very tightly the identity landscape, which is our historical focus and all the deep understanding of the data so that we can have a complete picture of identity and data access, then tie that into the security landscape, that's going to be critical in this emerging world of agents.
We're going to really understand the agents and their access and their potential for risk. We have to fully understand all their characteristics and all the data they can access and then map that into the security ecosystem. There's a lot of new things coming to support that. But at a macro level, that's why we think this problem is going to be pretty challenging for enterprises. They haven't mapped those entitlements and data terribly well to the human identities today, they've got to get that right if they're really going to secure these agents in this rapidly evolving world.
Our next question will be coming from Rob Owens of Piper.
Mark, in your prepared remarks, you talked a lot about modernization and just would love you to double-click a little bit on where a lot of customers are at this point? How much legacy still remains within that installed base? And with a record new logo ARR quarter, do you think we're starting to see a tipping point just in terms of a transformation of identity within that legacy base?
Thanks, Rob. And if you -- I'm going to flip this to Matt. We invite Matt to join us on the Q&A and he's very close to a lot of our customers with legacy environments that are contemplating moving. I think we have seen a bit of acceleration in interest there. I'll let Matt kind of talk about what we're seeing out there.
Yes Thanks, Mark. Thanks, Rob. Look, I do think we're seeing an acceleration of migrations from our installed base. I would even tell you that we're seeing an acceleration of movement in the legacy business as well. And I think when we sit here and look at it, there's a number of things that we've talked about here today, I think that are really starting to accelerate that. I don't think agents are an if, right? It's a win. And I think a lot of these companies that are -- that have these very -- I'll just say customized solutions that are out there are woefully inadequate to be able to support this. And I think it's creating a little sense of urgency, if you will. And so we're seeing increasing opportunities in both the legacy of the legacy world and then our IQ installed base.
Our next question will be coming from Gabriela Borges of Goldman Sachs.
Mark and Brian, I think you've been pretty consistent in saying that the mix of your business between SaaS and Term will ebb and flow. My question for you is, how do we think about what that ebb and flow might look like over the next 12 months? What I mean is, is it possible that you seen sort of an adoption conversion to some of your most tech savvy customers in the first phase of cloud adoption or the first phase of cloud migrations and now perhaps in a little bit more of an ebb, where it might take longer for the next phase of cloud migrations. Just curious what you're seeing in the pipeline and some of your larger customer conversations as well.
Let me start, Gabriel, and then maybe pass it over to Mark or Matt. In terms of the mix, the Q2 mix was largely in line with our ongoing targets where we target about 90% SaaS of our net new bookings. In fact, it was about 86% in Q2. You can expect this coming quarter in Q3 with the Fed year-end to be a little bit heavier for term, not materially ever, but a little bit heavier. This is going to ebb and flow a little bit, but we still see the ongoing trend for mostly SaaS and the vast majority being SaaS. A lot of our new offerings are going to be SaaS enabled. You'll learn that in Navigate, and I think that's really the wave of the future.
Having said that, we've got a lot of happy customers that are on-prem and IIQ, we're happy to meet them where they are. We happen to see some upsell opportunities, some new term deals, especially in EMEA this past quarter. So they will come along from time-to-time. It may not be a high number of customers that choose that, but sometimes they're larger dollar size. So any other commentary just on SaaS direction?
Yes. I mean I think in general, Gabriel, the trend is still strong, and there's probably 2 things, as [ Matt ] just commented, that probably in our minds, could put the potential for a little more acceleration of our installed base moving and some of that legacy. One is this pull toward Agentic, I think, is going to maybe be the straw that breaks the back of camel here on people thinking they can continue to live with their old solution and quotes get buy. I think they're starting to recognize those old legacy solutions are not going to get them there in any case.
I think the other -- we are fortunate to continue to put up some strong results. But I think we all acknowledge there's not a wonderfully great macro backdrop here, right? So I think in some ways, there are times when customers might lean towards a modernization program but deferred a little in kind of tougher economic situations. We have people talking to us about having stalled that a little in the first half and bringing it back on to the plate in the second half. So we'll see how this progresses. But no, I certainly wouldn't -- I think if the sense of your question was, have we seen kind of the flow and are we about to see an ebb that's going to slow down? I don't think we are seeing that. If anything, you would maintain or perhaps even increase a little bit the rate of movement to the SaaS.
Gabby, this is Matt. I would just add, when you look at the total percent of transactions, it's very small every quarter. And the thing is they're typically chunky deals, right? When you look at the Fed business or some of the -- typically, our Fed business is outside of the U.S. largely, but there are not many of them. They're just chunky.
The term can look -- looks like it's having a bigger impact than it is, but the accounts are pretty low. And then again, of that installed base, the movement to SaaS, I'd say, is either consistent as it's been or perhaps even looking like it might pick up a little. I hope that helps.
One moment for our next question, which comes from Saket Kalia of Barclays.
Okay. Great. Mark, maybe for you, can you just talk a little bit about the relative difference in pricing for identity in machines versus humans? I mean to your point, it feels like customers are finally seeing that as an attack surface, how are they sort of -- how are they willing to pay for that governance versus what they're paying for human identities. Brian, if I can squeeze in a clarification because I think it's important, can you just remind us also what drove that tough comp last year on net new ARR and how you think about that sort of on a more normalized year-over-year basis?
Yes. This is Matt, real quick. As it relates to last year and then on the pricing, I'll touch on both, and then I'll pass it back to Mark and Brian. When you look at our pricing, our baseline really starts with the workforce. And everything, if you've heard us talk about machine identities in prior conversations, we always talk about it's been about 1/3 or 35% -- 30%, 35% accretive to our workforce.
And when you sit here and you start thinking about agents, right, it's very similar. I mean Mark talked about 2 different types of agents. I think the first type of agent looks very similar to what the machine would look like and is priced accordingly. When you start talking about some of these autonomous agents that operate and look much more like a human being, right? They'll be priced very similar to what we price our workforce at today. And that's really how you should think about that.
Do you want to talk about the compare?
Sure. Yes. So Saket, just looking back to last Q2, again, this -- we were up 86% year-over-year, last Q2 in terms of net new ARR. This was driven by strong migration quarter. Also, it just happened to be a good customer expansion cohort. These come along in terms of renewals and depending on the cohort, you can see some really nice expansion opportunities. So really looking at this over a 2-year period, again, our compound annual growth rate is over 40%. But more importantly, we were really pleased. We had a really strong SaaS quarter in terms of net new ARR. We achieved $49 million. I mean that was $9 million ahead of our total net new ARR guidance of $40 million. So we're pleased with that. Again, I mentioned it was the best SaaS new logo ARR quarter ever.
And then I also mentioned in the call, we saw a 30% year-over-year increase in average ARR per new SaaS customers. So that's really a testament to the fact that we are landing larger and larger with our customers. And they're also attaching more add-on modules to their initial purchase. That was at 40%, which was up from 25% last year.
And our next question will be coming from Patrick Colville of Scotiabank.
Thank you for having me on, and it's great to be part of the SailPoint story. Mark and Brian, I guess I just want to double-click on the competitive environment. We've got other public competitors talking much more about governance, which is a nice validation of the government space. But can you just talk about changes in enterprise governance bake-offs that you're seeing? Are you seeing those guys in the play? Or are those firms are seeing bakeoffs very similar now to a year ago?
Thanks, Patrick. Yes, good question. Yes, this is something I think, may become thematic for us almost every quarter, which is while there is a lot of noise, I guess, is the right term out there from some of the folks that have more recently entered the governance space from other parts of the landscape, for the great majority of our deals, the competitive landscape in our deals hasn't changed for the great majority of those deals.
As you get to -- as we set off in the lower end of our enterprise market, we talked about strategics being kind of accounts with rounded off 10,000 employees and up, and then enterprise kind of from there down to a few thousand, in that lower end of that enterprise market we will see a little more attempt at encroachment from some of these newer offerings with very limited success. But for the most typical kinds of deals we're fighting, it hasn't changed that dramatically in the mid-to-large enterprise and certainly in the strategic.
It's still kind of the IGA players that have been out there with pretty rich offerings and our win rates against those competitors continue to be very strong. We continue to watch closely for kind of the progression of these other offerings and see how much they're having an impact. I think that whole converged story is more appealing down market and has a little more success. I don't know, Matt, would you add anything to that, but that's kind of what we're seeing.
Yes. No, Patrick, I would just say in that enterprise space, as Mark said, it's a little bit more challenging, right, because typically, they're unsophisticated or less sophisticated, I'll say, buyers. And I would just offer -- it's terribly confusing if you're a new buyer right now in terms of all the way -- everybody is in the identity security business, for instance. So I think it becomes a bit of a challenge down there. And then you've got the convergence play, which to those smaller, less sophisticated buyers is somewhat appealing.
And our next question will be coming from Tal Liani of Bank of America.
Most of the questions about the quarter were answered. I want to ask you more about the market. So I want to -- we spoke with one of your competitors who made the big acquisition in identity recently. And what they're saying, and I want to hear your comment on this is, number one, as the price of privileged access is coming down and the ease of the deployment is becoming easier, more customers will do privileged versus regular employee identity because it is just more rigorous, better solution. And that will take away from the traditional players like yourself.
And the second thing that they said is identity was sold so far stand-alone, it's going to be part of a platform. You'll sell it with cloud security with other things. And so far, this market was very stand-alone kind of market. So just wanted to hear your views on these topics just because it relates to kind of future growth and future opportunity, et cetera.
Okay. Thanks, Tal. Those are great questions, and we'll all continue to not name who we know we're talking about. But yes, the large vendor that bought an identity vendor, I think, has made some interesting claims about how this world is going to go. Look, I think the idea that more companies will want the ability to kind of -- we call it escalate or deescalate or have dynamic privileged controls over their entire identity landscape, that's accurate. The problem is for that vendor the ways that those folks in that industry have approached privileged identities, privileged users was a very deep, very static set of controls for folks who lived in a permanent identity landscape, meaning a database administrator [ or his ] admin.
So you gave those people a vault to check out credentials, you recorded every key stroke. That's not what companies are talking about doing for their broad landscape. They're saying, when Brian, the CFO, is logging in from a foreign country on a laptop in the middle of the night, I may want to have a tighter level of control over that than when Brian is logging in from his desktop in the office.
So the idea of escalation or de-escalation or dynamic privilege controls, tighter assurances that, that identity is who or what I think it is. That's coming, this idea of dynamic privilege. Just our contention is it's not the traditional technologies to define the PAM market that are going to be the successful ways to do that at scale in a highly dynamic environment. So the idea that privilege will become more prevalent is accurate, we disagree that the right way to do that is to take traditional PAM technologies and try to apply them across the enterprise. That's not going to work. That's not going to scale.
On the other side, on your general point about stand-alone identity, before I leave it on the PAM point, I would point you to a couple of numbers. We highlighted in our earnings today, that we have 125 million identities under management. By the way, it's a little conservative. We just felt like we could absolutely defend that number. The comment from that vendor about what they just inherited was about 8 million identities with 500 to 2,000 per account. That is order of magnitude or 2 lower than what we offer -- often are managing in accounts.
So I think it's nontrivial to go a couple of orders of magnitude of scale. And for people to act like that's a simple thing to do is not really logical to us.
Secondly, on the stand-alone point, again, we would agree that companies are looking for a tighter integration of the identity ecosystem with the traditional security ecosystem but we would also kind of challenge whether they're going to want that all bundled into one offering because there isn't actually a single dominant player that owns the entire security landscape, right? I guess to name now a couple of folks, Palo Alto, Zscaler, CrowdStrike, all very significant players in the security landscape.
We think as we do a good job of bringing the identity and data together that I talked about earlier into a single control plane that we can manage and deliver value to the customer. We're going to need to tie that into multiple parts of the security ecosystem. So we want to be able to make sure that a customer who's leaning on any one of those other key players in the security world can tie that into their identity picture, that's our job. We want to have a complete robust picture of the identity data landscape and then expose that bidirectionally with the security vendors to make sure we can feed them information, they can feed us so customers can manage these threats that are usually targeted at identities in very real time.
Our next question will be coming from Gregg Moskowitz of Mizuho.
Accelerated application management, very interesting technology. Mark, can you elaborate on how you will enhance this with the assets from Savvy later this year? Also, what is the competitive landscape like in this area today?
Thanks, Gregg. Good to talk to you. Yes, I guess on the first part, the application -- advanced app management module from -- not module, excuse me, service from us, is going to be kind of multifaceted. We've been working on multiple types of technology that we think can accelerate how rapidly we can onboard applications. And by the way, let me define onboard for a second. One of the confusions out there in the market today is people talking about how fast they can connect to an application.
Well, what we believe is there's actually multiple layers or types of connection, right? It's one thing to get visibility to an app. Do I know that app is out there? Am I aware of the identities that are connected to that app? That is one of the things that we will accelerate with this offering from Savvy. The easy and rapid discovery and connection to that application just to bring it under the domain of SailPoint. I mean I'm aware that, that app is out there.
But there's another level of sophistication required in your connection technology to do governance over that to do certifications and management. And then a third, even deeper level of connectivity required to do automated life cycle provisioning to do real-time remediation, spin up, spin down access based on changes in the security landscape. So what the confusion is out there, Matt commented earlier how confusing it is for customers, when people are running around saying, "I've got connectivity that's simple and comprehensive." We're like what kind of connectivity are you talking about, right?
We need to make sure we're delineating for customers to have visibility across everything as rapidly as possible is a great goal. Then you need the ability to also deepen that into governance compliance or into life cycle deep automated provisioning. And that's the depth of technology we've been doing for many years that most folks who are claiming to have rapid easy connectivity aren't capable of. They can get you visibility, they can't actually do those other things at depth. And I'll bridge from there to your competitive landscape.
Yes, there are some newer vendors, particularly that are making some good noise and getting people excited about how easy it is to connect. We're aware of many of those. And as we dig into that, some of them have shown up kind of next to us in a couple of accounts, we find that there is a bit of exaggeration of what they could do, like, yes, they can connect the things easily. Can they deeply govern and manage those? Not always.
And so I think -- we highlighted this in our roadshow even 6 to 7 months ago that the challenge in this environment is to be both deep and wide. And that is our heritage. You have to be able to cover the breadth of the landscape that customers care about, but you have to go deep into the [ entitlement ] layers within that landscape. That's very difficult to do for folks that haven't got that kind of technology. So I think that's really where we're differentiated and will continue to be differentiated.
Next question will be coming from Shaul Eyal of TD Cowen.
Congrats. Brian, Matt or Mark. So operating margin performance was absolutely stellar. Aside from the top line beat is it just a prudently disciplined approach you've been taking? And maybe in that context, how do you think about second half hiring plan?
Yes. Shaul, it's Brian here. I'll take that one. So yes, to your point, I mean growth really drives the margin, the top line growth. We continue to be disciplined. We had revenue growth. We raised 200 basis points by our prior guide up to 22.4% for the full year. We're now projecting 17% adjusted operating margins, it's up 160 basis points. So clearly, we have proven that we can expand margins responsibly.
But looking out to Q3, we want to be cognizant here. We've got some investments that we need to make on a couple of different fronts. One is, we're launching a series of new products and modules at Navigate. We want to be able to have a successful start to that. So we want to continue to invest in that significant opportunity in front of us. And we also want to scale our go-to-market engine heading into FY '27. So margins do reflect that heading into the second half of the year. But again, I think we've demonstrated that we tend to improve margins pretty handily if we need to.
And our next question will be coming from Keith Bachman of BMO.
My -- I wanted to ask 2 questions. One, to follow on Mosko's question is, if you think about the application segment, what are customers -- are you displacing existing solutions? And part B, the question is really when could this be in a position -- this aggregate segment be in a position whereby it could contribute to net new ARR growth? Is it next year?
And then my second question is hoping you could just talk a little bit about your customer growth or what to expect in terms of new logo growth over the next number of quarters? And part of it is, all the things you're doing on Agentic, how might that pull customers, the breadth of solution you have, your 250,000 ARR customer count has gone up by 27%. I understand that, but that also includes customers that upsell into that category. So just trying to get a little more granularity beyond how your customer count may help contribute to total growth over the next number of quarters? That's it for me.
So Keith, there's a couple of parts there. It's Brian here. So I think what you're referring to is our SailPoint accelerated application management and its contribution to NRR. I think this will happen over time. We are trying to get off the blocks very quickly with this offering and service. So hopefully, we see a nice uptick of that, and I think what happens is there's a faster time to value with the customers, right? So we're going to become stickier on a whole tier of applications, Tier 1, 2 and 3 from visibility and intelligence to compliance, to very deep governance with the more complex applications.
And I think the faster we get there, we're going to have a more entrenched time to value, and that will show up in the form of NRR. With respect to customer count, I think we need to be careful here just because adding volumes and volumes of customers has not really been our approach. It's really the quality and the size of the land. So we are focused on the right customers. These are more larger, more complex environments. These tend to be programs, not projects. I think you saw that we had a 48% year-over-year increase in customers with greater than $1 million of ARR, you noted that there was a 27% increase in customers with greater than $250,000 of ARR.
So -- but more importantly, out of our net new ARR this quarter, it wasn't necessarily the volume of the customers. It's the size of the lands that we're doing. Our ASP, our ARR per those new logos is up 30% year-over-year, and it's also the attach rate of other modules. So again, it's not the number of customers, it's the quality and size of the customers that we land.
And our next question will come from Gary Powell of BTIG.
Okay. Great. And yes, I hear that Gary Powell guy is a pretty good analyst. He's been following me down for a while.
That's Gray. His brother Gray, I heard.
Yes. Okay. So a lot of good questions have been asked. Maybe just sort of a high-level macro one. There's a lot of uncertainty in the macro environment around tariffs back in April and May. Just how much have things changed in the last 3 or 4 months, if at all, just how does your visibility on demand in your pipeline field today versus a few months ago?
So, thanks Gray, I'll get that correct. So I think we're fortunately in a very resilient market. These tend to be mission-critical, not nice to have, but must have decisions for enterprise-level customers to make. So I think we're fortunate to be in that. In terms of our ability to navigate through the macro environment, and the tariff situation, we have not seen a material impact to our funnels. We're cognizant of it, but it hasn't been something that we're overly concerned about. And what's nice is that we sell into all verticals. So we've got a very, very balanced growth strategy among many different verticals. So we're not relying upon any single one vertical. So again, I think we're feeling very good heading into the second half of the year.
And I would now like to turn the call back to Mark for closing remarks.
Thank you, Latanya, no worries on Gray and Gary. It's happened to him so much. That's why we joked about it. Thanks, everyone. Really appreciate these great questions. Obviously, it's a -- we believe, a very strong story, but some complexities, and I really appreciate the opportunity to clarify where we are and kind of the dynamics of the landscape and the financial performance. So we look forward to continued dialogue. Thanks, everyone, for joining the call. We'll have a great day.
This concludes today's conference call. Thank you for participating. You may now disconnect.
Transkripte auf Deutsch freischalten
- Alle Event Transkripte auf Deutsch
- Sofortige Übersetzung
- KI-Zusammenfassungen für die wichtigsten Insights
SailPoint — Q2 2026 Earnings Call
SailPoint — Q1 2026 Earnings Call
1. Management Discussion
Welcome to SailPoint's First Quarter 2026 Earnings Conference Call. [Operator Instructions] Please be advised today's conference is being recorded.
I would now like to hand the conference over to your speaker today, Scott Schmitz. Please go ahead.
Good morning, and thank you for joining us today to discuss SailPoint's Fiscal First Quarter 2026 financial results. joining me today are SailPoint's Founder and CEO, Mark McClain; and our Chief Financial Officer, Brian Carolan. For the Q&A portion of today's call, we will also be joined by our President, Matt Mills.
Please note that today's call will include forward-looking statements, and because these statements are based on the company's current intent, expectations and projections, they are not guarantees of future performance, and a variety of factors could cause actual results to differ materially. This call will also include references to non-GAAP results, which excludes certain items that do not reflect our underlying business performance. Please reference this morning's press release in the Investors section of sailpoint.com for further information regarding forward-looking statements and reconciliations of GAAP to non-GAAP financial measures.
And with that, I'd like to turn the call over to Mark.
Thank you, Scott. Good morning, everyone, and thank you for joining us today. We're thrilled to share our fiscal Q1 2026 results. We closed the quarter with $925 million in annual recurring revenue, or ARR, a 30% year-over-year increase, with SaaS ARR growing 39% year-over-year. Our ARR growth reflects continued high demand as we believe identity security continues to be a top cybersecurity investment priority for enterprise leaders. We also saw a 62% year-over-year increase in customers with ARR greater than $1 million. This highlights our continued ability to support the significant scale and complexity prevalent among enterprises today.
Today's digital enterprises demand a trusted partner who can secure the full spectrum of identities from the human workforce, which includes employees, contractors and third-party suppliers to the digital workforce, which spans machines and autonomous AI agents across a hybrid environment. Organizations with this level of scale and complexity need identity controls that are both broad and deep. This is where SailPoint stands apart and the market is taking notice.
Our expertise in enterprise-class governance continues to drive share gains over both legacy and niche players the Gartner's latest IGA market sizing report, placing us at nearly 21% market share, which represents about 5x the gain of our nearest direct competitor. We believe this leadership reflects our commitment to meet the evolving identity security needs of our customers as well as their belief that SailPoint is more than just an IGA vendor.
Our innovation strategy is central to our long-term durable growth and our differentiation in the market. Let me highlight the key tenets behind that strategy. First, our foundational principle is simple, least privilege for all enterprise identities. Every identity, human or digital carry some level of privilege what matters is context, the role it plays, where it operates and what it needs access to. A contractor with temporary access to intellectual property, a payroll bot executing critical transactions or a remote agent handling regulated data, all are privileged, but each in a different way.
Legacy PAM tools were built for a narrow world, admin accounts on static infrastructure. SailPoint breaks that mold, delivering fine-grained contextual governance for all identities, systems and access levels at enterprise scale. Our policy-driven model defines who or what gives access to information and what actions they can take, a modern unified approach that we believe is fundamentally different from how others manage identities today.
Second, we're leading in the governance of emerging identity types, particularly machine identities and AI agents. Machine identities have proliferated with some hidden deep within directories like Active Directory and Entra, making them difficult to track or secure. SailPoint machine identity security delivers deep visibility, control and entitlement level governance for these often overlooked assets such as service accounts, software bots and intelligent devices. When it comes to machines, other vendors primarily manage keys and certificates not the actual access rights, our approach goes far deeper providing the full identity governance life cycle for the actual machines, those keys and certificates belong to.
AI agents represent the next frontier. These autonomous systems are now underwriting loans, onboarding customers and executing critical operations across both cloud-native apps and legacy systems. They make decisions independently, often operating with a level of self-governance that redefines what it means to be an identity. With our new offering, Agent Identity Security planned for release this fall, we believe SailPoint is uniquely positioned to govern this new class of digital identities alongside all human and machine identities across the full spectrum of access from the cloud to the mainframe.
Third, we're embracing AI not just as a disruptor, but as a catalyst for cyber resilience. Just last quarter, we introduced Harbor Pilot, our AI-powered assistant and is already gaining strong traction. Harbor pilot embeds AI to the fabric of identity programs. servicing recommendations, guiding configurations and driving faster, smarter decisions. Users can issue prompts such as, share all roles with no entitlements or make me a workflow that creates a certification when a user's department changes to surface actionable insights in real time.
It's also fueling a new wave of low-code, no-code workflow automation enabling intuitive intelligent management of identity processes. These innovations make our platform even more powerful and easier to use, helping security teams achieve more with less. In many ways, Harbor Pilot functions like a digital employee with deep expertise in both SailPoint and identity security.
Fourth, threat prevention must evolve. And with Atlas, we are transforming how it's done. Atlas is our unified intelligence platform built on a consolidated data model and shared services architecture designed to deliver deep identity context at scale. As the authoritative source of identity entitlements for many of the world's most complex organizations, we enable advanced entitlement level risk modeling that surfaces granular signals in real time. This allows for proactive detection and response identifying threats before they can be exploited.
By continuously mapping identities, entitlements, behaviors and risks, Atlas becomes an intelligent foundation of modern identity security powering decisions with context, and fortifying the entire enterprise security stack. Innovation alone isn't enough. We know identity security must operate in lockstep with the broader ecosystem. That's why we're forging deep partnerships with cloud providers, systems integrators and technology leaders as we work together with forward-thinking customers to ensure our Atlas platform integrates seamlessly into all customer environments.
Our shared data model and flexible architecture enable partners to build on SailPoint enhancing coverage and accelerating outcomes across a wide range of identity security needs. We're continuously focused on expanding connectivity across the portfolio, making it easier for customers to govern access to more business-critical applications. This ecosystem strategy is helping us scale across the market. For large enterprises, our expanded strategic alliance with Deloitte is a prime example. Together, we're enabling organizations to navigate the rise of AI agents, harnessing them as a force for efficiency while helping improve governance and security.
At the same time, we're extending our reach into the mid-market through our managed service provider, or MSP program, which gives midsized enterprises access to SailPoint's industry-leading solution through trusted partners. Across the board, our ecosystem is a growth engine, bringing SailPoint to more customers with more efficiency and greater impact.
Our ecosystem is a force multiplier, and our consistent NRR is the proof. Half of our new bookings this quarter came from existing customers, a strong indicator of the trust and value we continue to deliver. And these customers aren't just renewing, they're expanding. For us, it's not just about the number of individual solutions the customer buys. It's about the outcomes we deliver, the breadth and depths of identity coverage we provide and the unique high stakes problems we help solve. That value is reflected in the numbers.
Our average ARR per customer is nearly 3x higher than that of other identity security vendors, a clear signal of the comprehensive enterprise-wide role SailPoint plays across our customers' environments. As an example, a leading mortgage lender significantly deepened their investment with us as part of their broader digital transformation and modernization efforts. They upgraded to our Identity Security Cloud Business Plus suite adding Machine Identity Security and data access security, plus training and services support. Their decision was driven by the proven ROI they had already seen and the value of our unified solution both on a scalable integrated architecture in the Atlas platform.
Today, we continue to see strong customer adoption across our platform. Our workflow usage hit an all-time high during fiscal Q1 2026 with a record number of identity workflows being built. They are evidence that our customers are scaling their use of SailPoint to govern more apps, new use cases and diverse identity types. This includes machine identities where we've seen robust demand and a strong and growing pipeline since the initial launch of SailPoint Machine Identity Security last fall.
This quarter, interest in Machine Identity Security continued to grow among both existing and new customers. A Fortune 500 manufacturer expanded their SailPoint investment to better manage service accounts with greater precision. Meanwhile, a Fortune 25 retailer became a new SailPoint customer adopting our most comprehensive Identity Security Cloud Business Plus suite, along with Machine Identity Security non-employee risk management, a suite of connectors and advisory and success services. They went all in on SailPoint confident in our proven ability to deliver identity security at the scale and sophistication required to support their massive identity landscape.
As we look ahead, we remain confident in the depth of our pipeline, the velocity of our sales motion and the resilience of identity and cybersecurity budgets. As identity-centric threats continue to be a top challenge for global enterprises today, we believe it's clear that identity has become the hub of modern security strategy, serving as the common link across all aspects of enterprise security, from networks and cloud infrastructure to end points, data and applications.
And while some competitors tout momentum with the collection of products, we are not seeing that approach resonate in our core enterprise market. Our win rate remains strong among large complex organizations that demands the depth, breadth and sophistication that we believe only SailPoint can deliver. This represents clear validation that our focused platform-driven strategy is winning where it matters most.
In closing, I'm grateful to everyone at SailPoint and our partners for ensuring we continue to stay in front. We're executing with focus, innovating with purpose and delivering real value where it matters most. As the industry increasingly recognizes identity security as the backbone of enterprise resilience, SailPoint will continue to be the identity security innovator and trusted partner leading the way.
And now let me hand it off to Brian, who will share more details on our financial results for the quarter.
Thank you, Mark, and good morning, everyone. Thank you for joining us today. Our fiscal year 2026 is off to a strong start with ARR, revenue and adjusted operating margin each exceeding the high end of our first quarter guidance as we continue to deliver durable growth at scale. We ended fiscal Q1 '26 with ARR of $925 million, an increase of 30% year-over-year, with SaaS ARR of $574 million, growing 39% year-over-year. Currency was less than a 1 point benefit to our total ARR growth.
Our strong results showcase our leadership position, strong competitive advantage and durable growth profile. Importantly, we have not seen a fundamental change in demand due to the macro environment. Today, more than ever, enterprises are focused on what they believe to be most critical, and we continue to see evidence that identity security is business essential and often at the top of the spending priority list.
As such, we plan to continue to execute on the large opportunity in front of us delivering value to our customers. More specifically, our pipelines remain robust with deal velocity and close rates consistent with prior quarters.
Our customer retention rates continue to be very strong, and our growth drivers are consistent with approximately half of our Q1 ARR growth coming from new customers and half from existing customer expansion. We continue to see significant growth potential through a universe of new customers that are primed for a more modern solution. In fact, many of our new customer wins are displacements of other solutions that cannot keep up with the scale and complexity of enterprise environments.
We also see a large opportunity to expand within our installed base. Our NRR of 115% remained steady this quarter with many drivers, including suite upgrades, migrations, upsell and cross-sell initiatives. We were encouraged by the growing ARR contribution from our nonemployee risk management, machine identity security and data access security modules, which more than doubled from the same period a year ago.
Let me now cover our strong Q1 results. In Q1 '26, we delivered total revenue of $230 million, up 23% year-over-year, with subscription revenue of $215 million, up 27% year-over-year. Adjusted gross profit margin was 76.3%, and adjusted operating margin remained healthy and well ahead of our expectations at 10.2%.
Our adjusted operating margin upside versus guidance was the result of higher term revenue mix, cost discipline and the timing of investments.
Moving to the balance sheet. We ended the quarter with $228 million of cash and equivalents and no debt after paying off our outstanding balance in March. Cash used in operating activities was $97 million and includes $37 million of cash paid for interest expense and $88 million of cash paid for items that ended with our IPO, such as equity award payouts and monitoring fees.
Turning now to guidance. For simplicity, I will refer to the midpoint of our guidance ranges. Full details can be found in this morning's press release and supplemental earnings deck. For the fiscal second quarter of 2026, we expect ARR to be $965 million, up approximately 26% year-over-year compared to current consensus of 23.5% growth. For our fiscal year 2026 and we are increasing our ARR outlook by $20 million to $1.1 billion, up 25.5% year-over-year compared to our prior guidance of 23.2% growth.
The increase in our ARR guidance primarily reflects organic growth of the business and assumes no material change in FX rates. For revenue, we expect the fiscal second quarter 2026 to be $243 million, an increase of 22% year-over-year with an adjusted operating margin of 12.1%. We expect our diluted share count to be approximately 557 million shares and adjusted EPS to be $0.045.
For fiscal year 2026, we expect revenue to be approximately $1.039 billion, an increase of 21% year-over-year with an adjusted operating margin of 15.7%. We expect our diluted share count to be approximately 565 million shares and adjusted EPS to be $0.18. Please note, we included additional modeling notes in our supplemental earnings deck.
In summary, we believe we are well positioned to win the next generation of identity security because of the depth and breadth of our platform, our enterprise scale and our willingness to listen and respond to market needs. We continue to see several durable growth drivers that position us for sustained long-term growth, and we are relentlessly focused on executing on that opportunity.
With that, let's invite Matt Mills, our President, to join us and open the call for questions. Operator?
[Operator Instructions] Our first question comes from Joel Fishbein with Truist.
2. Question Answer
Thanks for taking the question and congrats on excellent execution. I guess I have so many questions. But the first one, for you, Matt, in terms of machine identity, it seems like it's starting to inflect I know you have deployed, the new products coming out, Agent Identity Security in the fall. Can you just tell us what the -- what you think the pricing looks like in that market? And can you share some of the competitive dynamics that you're seeing in that market?
Yes. Thanks for the question, Joel. Look, at the end of the day, when we look at the market and we look at our customers and our prospects alike, machine identity is top of the list for all of them. It's important to them. Many of our customers, as you know, I mean, the idea of machine identity is not necessarily new, right? We've been dealing with a lot of things around service accounts and bots for some time now. But here, certainly in the last 12 months, it's kind of moved its way to the threat vector and therefore, it's become a hugely important topic of concern for all of our customers and prospect alike.
I think when you start talking about the pricing of it, Look, this is -- I followed a lot of the things that you -- guys like yourself have put out and others. And I think it's a huge moving target. And I think it's going to be value based. And so I think -- at this point in time, it's all going to play out. But I think it becomes quite difficult to kind of say it's this or it's that. We just know it's a significant opportunity for us.
The only thing I'd add, Joe, on the competitive side, it's Mark, is the clarity we're trying to help establish in the market and where we're focused on the machine identity problem versus, say, others around us. I think we continue to see a lot of the focus from others is on what we would call the authentication of those machines, the server certificates, the identity of the machine. We're focused as we have been for human identities on the authorization capabilities, what can those accounts or systems do, bots, RPAs, et cetera.
So again, we find that it may be tenable that we may coexist with other machine identity security solutions where just like, say, we coexist with an SSO vendor because they're solving a different part of the identity problem. I think where we're focused in machine identity is differentiated, and we're hearing that back from the customers we're engaging with.
Our next question comes from Matt Hedberg with RBC.
I'll offer my congrats as well, really strong results. One area I wanted to ask about, it sound like you guys didn't call out any macro pressure, but I know you guys have some U.S. Fed exposure and other cyber vendors have been calling out maybe some pressure there. Just curious on what you're seeing in that particular vertical.
Yes. Matt, this is Matt. Yes. Look, we -- for us thus far, I'd say it's been business as usual, right? We haven't seen any extensive result or material result from anything DOGE related. I think we continue to keep our head on a swivel and look, but our business remains resolute. And like I said, thus far, we've not seen anything that would indicate we've got challenges as a result of DOGE.
Our next question comes from Rob Owens with Piper Sandler.
I wanted to unpack the ARR strength, which accelerated in the quarter when we look at the growth rate. And I guess the 2 components, as you look at new customers, which I think you said were half of it, just -- can you give us a sense of where those conversations are? Is there a sense of urgency, especially in this very uneven environment?
And second, with regard to the existing customers, which I think came through in a better NRR quarter-over-quarter, is this a function of more identities? Is this a function of modules being added on or tier upgrades?
Rob, it's Brian here. I hope you're well. So with respect to the new customer acquisition, I think that what we're seeing is just great success from this being a very resilient market for us. These are business essential programs. Companies are not looking to cut back on identity security. They often rise to the top of the stack for CIOs and CISOs. And really, we're seeing pipeline from failed deployments of other competitive solutions that we're able to go back in and save and restart them for them. So we're pleased with our new customer acquisition. We continue to make great progress there.
With respect to existing customers, we're continuing to see, again, about half of this comes from new logos, but half from expansion opportunities within our installed base. And there's been this nice kind of even disposition of several growth vectors. This includes migrations of on-prem customers into net new SaaS solutions where we typically see a 2 to 3x uplift on their ARR spend. We do see quantity upsell, so more identities being sold. I called out there's other cross-sell initiatives.
So some of those new products like nonemployee risk management, machine identity security, data access security, that's all contributing to low single digits of our expansion, then also our SaaS suite upgrades. So these are customers that are moving from point level SaaS solutions into our suite. So again, we're really pleased to see that nice cross-sell and upsell disposition.
Our next question comes from Peter Levine with Evercore.
Maybe one, Mark, you talked about the success we're seeing in AI kind of a bit of an inflection point, but maybe share with us why is IGA better positioned to kind of capitalize on the rise of AI over some of the PAM vendors or even the identity access management providers. Just curious to know why you think governance is better positioned.
And then maybe, Brian, I know you said not much of a macro, but perhaps did you bake in anything into the full year guide. You raised the guide. But just curious, were there any guardrails that you kind of factored in into the full year guide just to kind of assume maybe things get worse, but just curious to know what your philosophy was that.
Thanks, Peter. Yes, on the first one there on AI. I think sometimes it helps to go back to the basics. When we first came to market, the first time in '17, we were trying to help make sure we position where we thought what was not even called IGA at that time was. And then we said, look, at the end of the day, we answered 3 simple questions for humans, and that was who has access to what, how does that compare to who should have access, kind of policy versus actual.
And then what are they doing with it? And the truth is, I think those are the same 3 core questions that are going to get asked about Agentic AI, right? It's like what is this agent, what does it have access to? And is it performing according to my expectations, and an authorization tool like ours, governance tool is well designed and suited for that question. Access and authentication tools are not, right? We often go back to a very simple metaphor, what we experience it every time we're up here in New York for investor meetings of the security guard at the front door knows that you've gotten into the building, that's access, that's letting you into the application of the building, they really lose track of where you go once you leave that front desk.
And that's sort of the SSO problem. They aren't designed to understand all the entitlements capabilities that an identity has inside those complex applications. And that's going to be true for agents.
What does the agent have access to, what is it allowed to do? What data can it see? Can it change data? Those are hard questions to answer without a governance framework, and that's really where we're coming from. So we think the access and privilege vendors that don't have that heritage are just going to be very challenged in trying to answer those very difficult questions.
Now I'll turn it over to Brian for the other part.
Yes. Thank you. So we're not expecting currently any major change in the macro environment. So we're not building in any sort of headwind. But having said that, we are mindful of it. And we're doing a great deal of deal scrutiny with rigorous pipeline management, but we continue to see good demand for the identity security space. So we're aware of it. We're not immune to it. We're watching deal timing, in particular because a lot of times, these are programs that it may change from one quarter to the next. But again, the underlying fundamental demand is still there and is strong.
[Operator Instructions] Our next question comes from Gray Powell with BTIG.
Yes, I just would love to hear what you're seeing in terms of customer willingness to migrate from legacy IGA solutions like Oracle and IBM. And then does macro uncertainty impact any of those projects? Or is it really just more a function of like pending end of life and customers need to modernize?
Yes. Thanks, Gray. This is Matt. Look, I think what we're seeing now is actually a little bit of an acceleration there. I think the security landscape today is such that it's really bringing out the flows, if you will, on these legacy systems. And in many cases, as you probably know, they're heavily customized and it becomes a handful just to keep up with in of itself, not to mention the accelerating threat landscape. So I would tell you, we continue to see really good opportunities, and we continue to win at a high rate.
And Gray, just one point to add. You may have seen the recent Gartner report. And in terms of our overall market share gains that we made in recent history, we're more than 5x or about 5x our nearest competitor. So we feel like we're displacing legacy competition and also winning against some new competitors.
Got it. Thanks for correcting my name there. I get a lot of Gary's and Gregs in my life.
Our next question comes from Shaul Eyal with TD Cowen.
Congrats gents on strong results and guidance. Question to Mark or Matt. Given that Accenture is one of your leading partners, what are you hearing internally as it relates to their overall activities with SailPoint. Will they be one of your prime go-to-market partners as we think about further Gen AI adoption?
Thank you, Shaul. This is Matt. Look, I -- we're very fortunate, we have a strong ecosystem of partners, of which Accenture is a big part of. They continue to be one of our largest partners, and I don't see anything that would cause that to change. So we continue to work with them. We invest in them. They're one of our large MSP partners, right? And so I would tell you, from an expectation perspective, we continue to invest with them and do good things for our customers and prospects.
I think just to add, Shaul, we made a little note of what we're doing with Deloitte on the call today around agents, but with all of our leading partners, PwC, Accenture and many others, Optiv, strong partnerships we are expecting to move in the direction of supporting customers' needs around agentic with all of those leading partners, just pleased to be able to kind of reference multiple good things there. But yes, Accenture continues to be one of our top partners around the globe, and we can expect that to just continue to expand as we go.
Our next question comes from Joseph Gallo with Jefferies.
Brian, it was great to see some of the margin strength even with most of the upside coming from SaaS. Can you just update us on where you are on sales capacity, where you're investing? And then where some of this leverage is actually coming from?
Sure. So we were pleased with our margin performance this year exceeding the Q1 guidance that we put out there. Some of that was driven by timing of investments, too, which we'll catch up on some of that as the year goes along. I'd say we're in a good spot with capacity adds, more to come on that. We're investing in things like customer success early on in the year, just to make sure we're still driving a strong gross retention rate and net revenue retention rate.
So we feel like this is going to be a balanced strategy. We're really pleased with the 30% ARR growth. We want to make sure we're continuing to invest in that, while still contributing and delivering some level of margin expansion which gave us confidence to increase it for the year.
Our next question comes from Brian Essex with JPMorgan.
Congrats on some solid results. Maybe, Mark, for you, in your prepared remarks, you called out a retailer that went "all in on sale". Could you provide a little detail there? What was the catalyst to move? What did you displace? Maybe how long was that sales cycle? And how indicative is that deal with regard to what you typically see with new customer lands?
Yes, I'll probably flip that, Brian, over to Matt, who's got more detail. I will tell you that, that kind of a strategic large-scale win is not atypical. We certainly called that one out. But in general, I think we're finding that almost inevitably in those large shops, they've got some level of deployment of something. Generally, it's one of the legacy vendors that we're displacing. But we always try to reemphasize that quite often, it's fairly minimally deployed.
And so it's not uncommon for us to say within the first 6 to 9 months of deployment to run past any the level of deployment they had because that's really the frustration they have with those legacy tools if they aren't covering the landscape and as they try to think about securing their whole landscape, they're just very frustrated with those legacy tools, and that's often the driver. But this is -- it's a great story because they're sort of picking up on all the core aspects of the story.
Yes. Thanks. I'll just add, Brian. Look, I think when you look at these large opportunities, they start with a fair amount of relationship and education that happens before you actually start prosecuting an opportunity. And I think that was the case here. We built a very strong relationship with this company. And as Mark said, they're running a legacy solution, and they feel the pain of the legacy solution in terms of what it can do and the problems it's causing for them.
And so once we started the opportunity, I think it went in fairly short order, but a great win for our team. And then it kind of validates the whole idea that we continue to win at a very high rate in replacing these legacy solutions.
Our next question comes from Gabriela Borges with Goldman Sachs.
For Mark and for Matt, we've talked on IGA for some time now about how one of the limiting factors for adoption is how long or how annoying it can be to switch from one vendor to another. So my question for you is, what are you doing with AI internally to perhaps speed up some of that implementation? And how do you think about on the flip side, the risk that this lowers the barriers to entry for some new enabled IGA vendor to come down the pipeline and potentially disrupt you?
Thanks, Gabriela. I'll start and see Matt has some thoughts to add. I think a couple of points. One is when we show -- especially in these mid- to large enterprises with fairly complex IT environment, our 2 decades of building connections deep, we were probably going to have to come up with some terminology delineation here because a connector is not a connector in this world, right? It's one thing for an access tool to say, I connect an application, which means they can log you in. For us, that means we can do deep governance typically around the entitlements and who can access data, et cetera, within these applications.
But it's our rich heritage of connection with all of the commercial apps these enterprises care about and many bespoke apps that gives them confidence. That is a big area of focus, though, is to leverage AI to both increase the rate of speed where we can get to those new bespoke applications that we haven't already connected with in a typical enterprise environment and also to make it simpler for nontechnical people to do that work quite often that some of the areas of slowdown in these implementations is having to do deep technical work to kind of connect into these business applications. We're trying to use AI to speed up and leverage what we know from all the tens of thousands of connections we've built to make that simpler and easier.
And so to your point about kind of others out there, we are certainly well aware of some of the earlier-stage vendors and identity are starting to make some strong claims about connectivity. We've done pretty deeply into all of that. Those that are making claims about very rapid expansion of connectivity are typically doing those very shallow connectors, where they can connect to a resource, but they can't really do entitlement level governance.
And so we're helping make sure customers are clear on kind of the actual capabilities that we have and how that compares to some of the claims being made by some of the newer vendors. But again, what Matt would tell you is when we get into these large complex environments, our win rate continues to be incredibly high once customers are really clear on the differentiation of what we're offering.
Our next question comes from Tal Liani with Bank of America.
ARR was very strong this quarter, $27 million above expectations. For the next quarter, you're also guiding up $20 million above. But when I look at the full year, I have to reduce my estimates for net new ARR in order to hit because the increase in the full year is lower than what we're seeing this quarter and next quarter. So is there anything that is happening with timing of orders that is pulling things forward? Or is it just kind of the way the numbers are and we shouldn't pay attention to it.
Tal, it's Brian here. So yes, there was nothing unique about pull forward of any deals or revenue. This is basically -- I'd really encourage you to look at ARR on an annual basis for our FY '26 guide, we're actually raising that by more than 200 basis points. But also the Q2 guide is 200 basis points above current consensus. And just keep in mind, that 3% beat that we had in Q1 or the $27 million, that's an annual metric as compared to what other companies would do in terms of quarterly revenue numbers.
And when it came to the quarterly revenue and operating income beats, we passed all of that through and raised Q2 as well. So it's just part of our philosophy. We feel good about it, and it's a good place to start for Q2.
Our next question comes from Keith Weiss with Morgan Stanley.
Congratulations on a great start to the fiscal year. A lot of big numbers in this Q1 print. I guess one that we haven't really dug into yet was the large customer numbers, really good growth on both the $250,000 customers and the $1 million plus customers. So 2 questions within that. Like one, anything in particular driving that? Or is it just the summation of the expanding solution portfolio traction in identity management market?
And then maybe somewhat related, any change in sales strategy or go-to-market strategy as we enter into the new fiscal year? Anything that is worth noting in terms of how you guys are approaching that market opportunity from a go-to-market perspective?
I'll start just with respect to the increasing deal size. I mean we're really pleased with it. I mean, greater than $250,000 ARR customer count that's up about 28% year-over-year. The greater than $1 million, as we mentioned, is up 62% year-over-year. We're also not just the number of customers that we're landing, it's just a more sizable number. Our average ARR per customer is now above $300,000. It's really driven by expansion opportunities across the board in terms of just overall identity growth, suite upgrades, upsell and cross-sell of new modules. And then I'll defer to Matt just on some additional color.
Yes. Thanks, Keith. Look, there's been really no big change relative to our go-to-market strategy, our selling strategy. As you know, we're fairly pragmatic in terms of who we market to, we work off a target account list. And so none of that has changed, and we'll continue to execute that for the remainder of the year.
Our next question comes from Michael Romanelli with Mizuho.
This is Mike on for Gregg Moskowitz. Congrats on the strong results. So I guess -- so I was wondering if, firstly, is Harbor Pilot is included in any of your suites? And will there be an additional charge for this technology? And then just quickly on the migration impact to net retention rate. Was that about 3 to 4 points again this quarter?
I got the first part, Mike, on the Harbor Pilot.
Yes. Just real quick on the migrations. It did contribute low single digits in terms of the NRR contribution.
Yes. Within the NRR, what was from migration, yes, in that sort of those 4 contributors, all roughly 1/4 of that 15%. And on the first part, Mike, yes, Harbor Pilot is included with our platform today. So the first 2 offerings, the AI offerings within Harbor Pilot, we -- at this point, it just included that in our offering. I think as we continue to add new capabilities. We'll look at where whether and when we might price that out separately at some point based on the value delivery.
We, at this point, are kind of anxious for customers to adopt some of the AI capabilities to help them be more efficient and effective in ramping up their implementations and deployments. And a lot of these initial Harbor Pilot capabilities are doing is just letting them more rapidly get the answers they need to address their issues. So we'll continue to watch how that evolves. But for now, it's just buried into the cost of our platform.
Our next question comes from Andrew Nowinski with Wells Fargo.
Okay. I'm just wondering what drove the 18% growth in your non-SaaS ARR in Q1? And I know you're assuming 90% of net new comes from SaaS going forward, but that still implies growth in your non-SaaS ARR. So just wondering if you could give any more color on what's driving that?
Andy, it's Brian. So we actually saw a fairly strong term business for Q1, both on renewals and also a couple of new sizable customers chose to go with an on-prem solution just given their environment. So moving forward, we still are targeting that 90-10 mix, meaning 90% SaaS and 10% term. So we do believe that SaaS is going to continue to be the first and foremost sales play for us, but we did see some nice uptick in some term business for the quarter.
Our next question comes from Saket Kalia with Barclays.
Echo the nice speed on ARR. Brian, maybe for you. I was wondering if you could just talk to the shape of net new ARR this year, maybe comparing it to prior years. And then -- anecdotally, of course, and then separately, I was wondering if you could go 1 level deeper just into the components of the 115% NRR, particularly whether you saw more contribution than expected for migrations?
So I wouldn't think there's anything materially different about our ARR and our new customer acquisition. We're actually really pleased with the consistency of it, to be honest with you, and the nice disposition between new and existing customers. And as I mentioned, what's great about the expansion with the existing installed base is the almost even distribution among things like migrations and quantity upsell, and then the cross-sell initiatives that I called out in terms of nonemployee risk management, machine identity security, data access security, that bucket alone was more than double it was a year ago.
And then we're also experiencing our SaaS suite upgrades as well. So again, just think about this as half and half, and we're really pleased with that disposition.
And then anything just on the shape of net new ARR for the year. I know that last year, I think Q2 was particularly healthy. I can't remember if it was Fed or another vertical, but anything you want to say just in the shape of the year?
We had a fairly strong Q2 last year. We typically are kind of a second half company when it comes to net new ARR growth. So I'd continue to think of it that way, but nothing super unusual year-over-year.
And I'm not showing any further questions at this time. I'd like to turn the call back over to Mark for any closing remarks.
Thank you. I appreciate everyone's questions today and for all the great notes that have been written up over the course of our first few months here being public. So we look forward to continuing the dialogue, and thanks for everyone's interest on the call today. We'll talk to you soon. Thanks. Have a great day.
Thank you. Ladies and gentlemen, this does conclude today's presentation. We thank you for your participation. You may now disconnect, and have a wonderful day.
Transkripte auf Deutsch freischalten
- Alle Event Transkripte auf Deutsch
- Sofortige Übersetzung
- KI-Zusammenfassungen für die wichtigsten Insights
SailPoint — Q1 2026 Earnings Call
Finanzdaten von SailPoint
Umsatz
Der Umsatz stellt die Summe aller Einnahmen eines Unternehmens z. B. für dessen Produkte oder Dienstleistungen dar.
Umsatz (TTM) einfach erklärtDirekte Kosten
Direkte Kosten sind die Kosten, die direkt im Zusammenhang mit der Herstellung des Produkts oder der Dienstleistung entstehen.
Bruttoertrag
Der Bruttoertrag gibt an, wie viel vom Umsatz nach Abzug der direkten Herstellkosten im Unternehmen verbleibt. Berechnet man den prozentualen Anteil vom Umsatz, spricht man von der Bruttomarge (engl. Gross Margin).
Brutto Marge einfach erklärtVertriebs- und Verwaltungskosten
Die Vertriebs- & Verwaltungskosten (engl. Selling, General & Administrative expenses, kurz SG&A) beinhalten alle Aufwände für Marketing und den Verkauf sowie die allgemeine Verwaltung des Unternehmens.
Forschungs- und Entwicklungskosten
Die Forschungs- und Entwicklungskosten (engl. research & development costs, kurz R&D) geben Auskunft darüber, wie viel das Unternehmen in die Forschung und die Entwicklung seiner Produkte investiert. Vor allem prozentual vom Umsatz und im Vergleich zu direkten Wettbewerbern sind die Kosten interessant.
EBITDA
Das EBITDA (Earnings Before Interest, Taxes, Depreciation and Amortization) ist der Gewinn des Unternehmens vor Zinsen, Steuern und Abschreibungen. Berechnet man den prozentualen Anteil vom Umsatz, spricht man von der EBITDA-Marge.
Abschreibungen
Abschreibungen stellen Wertminderungen von Vermögensgegenständen des Unternehmens dar (z.B. durch Abnutzung von Maschinen).
EBIT (Operatives Ergebnis)
Das EBIT (engl. Earnings Before Interest and Taxes) ist der Gewinn des Unternehmens vor Zinsen und Steuern, das auch als operatives Ergebnis bezeichnet wird. Berechnet man den prozentualen Anteil vom Umsatz, spricht man von
der EBIT-Marge.
Nettogewinn
Der Nettogewinn stellt den Gewinn oder Verlust nach Abzug aller Kosten dar.
Nettogewinn einfach erklärtaktien.guide Premium
| Apr '26 |
+/-
%
|
||
| Umsatz | 1.121 1.121 |
24 %
24 %
100 %
|
|
| - Direkte Kosten | 377 377 |
12 %
12 %
34 %
|
|
| Bruttoertrag | 744 744 |
31 %
31 %
66 %
|
|
| - Vertriebs- und Verwaltungskosten | 634 634 |
3 %
3 %
57 %
|
|
| - Forschungs- und Entwicklungskosten | 217 217 |
11 %
11 %
19 %
|
|
| EBITDA | -107 -107 |
62 %
62 %
-10 %
|
|
| - Abschreibungen | 96 96 |
301 %
301 %
9 %
|
|
| EBIT (Operatives Ergebnis) EBIT | -202 -202 |
34 %
34 %
-18 %
|
|
| Nettogewinn | -157 -157 |
64 %
64 %
-14 %
|
|
Angaben in Millionen USD.
Nichts mehr verpassen! Wir senden Dir alle News zur SailPoint-Aktie direkt und kostenlos in Deine Mailbox.
Auf Wunsch erhältst Du jeden Morgen pünktlich zum Frühstück eine E-Mail, die alle für Dich relevanten Aktien-News enthält.
SailPoint Aktie News
Firmenprofil
SailPoint, Inc. bietet eine umfassende Identitäts-Sicherheitsplattform für Unternehmen. Das Unternehmen hat seinen Hauptsitz in Austin, Texas, und beschäftigt derzeit 2.738 Vollzeitmitarbeiter. Das Unternehmen ging am 13.02.2025 an die Börse. Das Unternehmen erreicht dies durch die Vereinheitlichung von Identitätsdaten über Systeme und Identitätstypen hinweg, darunter Mitarbeiteridentitäten, Nicht-Mitarbeiteridentitäten (einschließlich Auftragnehmer, Berater und Partner), Maschinenidentitäten (autonome nicht-menschliche Benutzer wie Konten auf Anwendungsebene, Infrastrukturkonten, IoT-Geräte (Internet of Things), API-Konten (Application Programming Interface) und Bots) sowie KI-Agenten (künstliche Intelligenz). Das Unternehmen bietet eine Reihe von Lösungen für die unterschiedlichen Anforderungen seiner Kunden mit einer Vielzahl von Bereitstellungsoptionen, darunter Identity Security Cloud, seine SaaS-basierte Cloud-Lösung, die auf seiner einheitlichen Plattform Atlas basiert, und IdentityIQ, seine vom Kunden gehostete Identitätssicherheitslösung. Zu den Identitätssicherheitsfunktionen gehören Zugriffsmodellierung, Lebenszyklusmanagement, Compliance-Management, Analyse, Passwortverwaltung und andere.
aktien.guide Premium
| Hauptsitz | USA |
| CEO | Mr. Mcclain |
| Mitarbeiter | 3.229 |
| Webseite | www.sailpoint.com |


