Zscaler (ZS) Q2 2026 Earnings Call Transcript

Image source: The Motley Fool.

Date

Thursday, Feb. 26, 2026 at 4:30 p.m. ET

Call participants

• Chairman and Chief Executive Officer — Jay Chaudhry
• Chief Financial Officer — Kevin Rubin
• Senior Vice President, Investor Relations and Strategic Finance — Kim Watkins

Takeaways

• Annual recurring revenue (ARR) -- $3.4 billion, up 25% year over year, with net new ARR of $156 million, up 19%; excluding Red Canary, net new ARR was $139 million, up 7%.
• Revenue -- $816 million, representing 26% growth year over year and 4% sequentially, surpassing the upper end of company guidance.
• Red Canary ARR -- $114 million at the end of the quarter, with fiscal 2026 full-year guidance for Red Canary ARR raised to $130 million from prior $95 million.
• Non-GAAP gross margin -- 80.2%, compared to 80.4% last year, reflecting stable costs amid slightly increased infrastructure and capacity investments.
• Non-GAAP operating income -- $181 million, up $41 million (29%) year over year, with operating margin at 22.2%, up 50 basis points.
• Operating cash flow -- $204 million generated, up 14% year over year, with capital expenditures at $18 million or 2% of revenue.
• Free cash flow margin -- 20.7%, down from 22.1% year over year due to timing of cash collections.
• Remaining performance obligation (RPO) -- $6.1 billion, up 31%, with approximately 47% classified as current.
• Customer metrics -- 728 customers exceeded $1 million ARR (up 18%); 3,886 customers exceeded $100,000 in ARR (up 18%).
• Geographic revenue mix -- Americas comprised 57% of revenue (up approximately 31%), EMEA 28% (up 18%), APJ 15% (up approximately 23%).
• Product/segment growth -- ZIA and ZPA ARR both grew in the mid-teens, with non-seat-based metered usage solutions accounting for over 25% of new ACV and more than 100% ARR growth in that area.
• AI transaction volume -- Nearly 1 trillion AI transactions processed in calendar 2025, with millions of MCP (Machine-to-Cloud/Prompt) requests handled monthly.
• ZFlex program -- Generated over $290 million TCV in the quarter, up over 65% quarter over quarter, with average four-year terms since inception; drove meaningful upsell and pipeline visibility.
• Zero Trust Everywhere customers -- Surpassed 550 enterprises (up from 130 a year ago), indicating significant platform adoption acceleration.
• Guidance (Q3 and fiscal 2026) -- Q3 revenue expected at $834 million-$836 million (approximately 23% growth); full year ARR guided to $3.73 billion-$3.745 billion (approximately 24% growth); revenue at $3.309 billion-$3.322 billion (23.8%-24.3% growth); non-GAAP operating profit of $742 million-$748 million (up 28%-29%); free cash flow margin forecasted at 26.5%-27%.
• ZDX Advanced Plus -- Bookings topped $100 million in the last 12 months, up over 80% year over year, reflecting fast expansion of agentic IT operations solutions.
• AI application usage -- Over 3,400 unique AI apps detected within the customer base during 2025 (quadrupled in 12 months), with 18,000 TB+ of data transferred to AI apps.
• M&A updates -- Acquisition of Squarex (Feb. 5) enables Zero Trust into any browser for unmanaged devices; Red Canary integration completed next phase in the quarter, with comment on elevated churn levels for the MDR business segment.
• Cash and debt position -- $3.5 billion in cash, cash equivalents, and short-term investments; debt of $1.7 billion on the balance sheet.

Risks

• Kevin Rubin said, "Red Canary's churn has been elevated" post-acquisition, noting higher churn rates than Zscaler's core business for the MDR segment.
• Kevin Rubin said, "So far, we have not seen a meaningful impact" from increases in "memory, storage, and process prices and availability," but warned "it could become a factor in the future as we purchase equipment for our data centers and Zero Trust Branch appliances."
• Free cash flow margin declined to 20.7% from 22.1% year over year "driven by the timing of cash collections" as stated by Kevin Rubin.

Summary

Zscaler (NASDAQ:ZS) reported accelerated platform adoption across its three core growth pillars, with AI Security, Zero Trust Everywhere, and Data Security Everywhere each contributing to record deal activity and customer expansion. Management emphasized momentum in non-seat-based metered usage, with over a quarter of new annual contract value now tied to this model, and highlighted ZFlex's rapid traction as a multi-module, long-term commitment vehicle. The company processed nearly one trillion AI transactions and detected more than 3,400 unique enterprise AI apps, capturing new demand arising from AI-driven security vulnerabilities. Several eight- and seven-figure deals were disclosed, reflecting growing customer preference for Zscaler's integrated suite and architectural differentiation. Geographic growth remained weighted toward the Americas but was also strong in EMEA and APJ, and total RPO rose sharply, underpinning management's raised full-year outlook for both ARR and operating profit.

• Jay Chaudhry stated, "We have not seen much change in the competitive dynamics over the past few quarters," while noting record levels of both pipeline conversion and million-dollar deal wins.
• Demand for AI Security prompted new product adoption across Fortune 500 and Global 2000 customers, with token- and usage-based pricing models seeing faster, smaller initial sales cycles that are expected to increase as usage expands.
• 45% of Zero Trust Branch customers acquired this quarter were new logos, highlighting channel effectiveness in expanding the platform's footprint.
• ZFlex deals typically average eight figures in total contract value over roughly four-year terms, providing customers with module activation flexibility and driving shorter sales cycles along with larger initial commitments.
• Zero Trust Branch and Zero Trust Cloud combined produced significant ARR uplift; Jay Chaudhry said moving to Zero Trust Everywhere creates "2x to 3x move in the ARR when customers are moving to Zero Trust Everywhere."
• Kevin Rubin confirmed mid-teens ARR growth for core Zero Trust Internet Access (ZIA) and Zero Trust Private Access (ZPA), and described the business as fundamentally stable, with upsell and cross-sell opportunities remaining expansive within both the customer base and wider enterprise TAM.
• The company now holds over 45% penetration in the Fortune 500, but with only 4,400 customers out of 20,000 identified target enterprises, executive comments reinforced a large, unpenetrated addressable market.

Industry glossary

• ZIA (Zero Trust Internet Access): Zscaler's cloud-based secure internet and web gateway, forming a core pillar of its Zero Trust architecture.
• ZPA (Zero Trust Private Access): Zscaler's solution for secure, identity-aware remote access to internal applications based on Zero Trust principles.
• ZFlex: Zscaler's multi-year, multi-module enterprise purchasing program allowing customers flexibility in activation or swapping of modules and containing larger, long-term commitments.
• MDR (Managed Detection and Response): Security services focusing on threat detection, investigation, and response, commonly with higher inherent churn rates.
• SD-WAN (Software-Defined Wide Area Network): Network delivery method for branch and remote access, increasingly displaced by Zero Trust architectures.
• TAM (Total Addressable Market): The full market demand or revenue opportunity for a product or service, as referenced by management.
• Agentic traffic / agents: Autonomous software entities or AI agents that interact over networks, with related transaction volume and security risk addressed by Zscaler's platform.

Full Conference Call Transcript

Operator: Good day, and thank you for standing by. Welcome to Zscaler, Inc. second quarter 2026 earnings call. At this time, all participants are in a listen-only mode. After the speakers' presentation, there will be a question-and-answer session. You will then hear an automated message advising that your hand is raised. To withdraw your question, please press 11 again. Please be advised that today's conference is being recorded. I would now like to hand the conference over to your first speaker today, Kim Watkins, SVP of Investor Relations and Strategic Finance. Please go ahead.

Kim Watkins: Good afternoon, and thank you for joining us today. Welcome to Zscaler, Inc.'s second quarter fiscal 2026 earnings conference call. On the call with me today are Jay Chaudhry, Chairman and CEO, and Kevin Rubin, CFO. Please note that we posted our earnings release, shareholder letter, and a supplemental financial schedule to our investor relations website. Unless otherwise noted, all numbers we talk about today will be on an adjusted non-GAAP basis. You will find a reconciliation of GAAP to non-GAAP financial measures in our earnings release.

Before we get started, I would like to remind you that today's discussion will contain forward-looking statements, including, not limited to, the company's anticipated future revenue, annual recurring revenue, net new annual recurring revenue, gross margin, operating profit, net other income, earnings per share, and free cash flow margin, our customer response to our products, our expectations regarding AI and its impact on our business and customers, and our market share and market opportunity and our objectives and outlook. These statements and other comments are not guarantees of future performance, but rather are subject to risks and uncertainty, some of which are beyond our control.

These forward-looking statements apply as of today, and you should not rely on them as representing our views in the future. We undertake no obligation to update these statements after this call. For a more complete discussion of these risks and uncertainties, please see our filings with the SEC as well as in today's earnings release. I also want to inform you that we will be attending the following conferences: Morgan Stanley Technology, Media and Telecom Conference on March 2, Loop Capital Markets Investor Conference on March 10, Stifel Technology Conference on March 10, Cantor Global Technology and Industrial Growth Conference on March 11, and Wells Fargo Software Symposium on April 8.

I will now turn the call over to Jay.

Jay Chaudhry: Thanks, Kim. And thanks to everyone for joining us today. We delivered strong Q2 results, and I could not be more proud of the team's execution. ARR grew 25%, reflecting continued strong demand for our platform. We are confident in our outlook for 2026, and as a result, we are increasing our guidance across the board. I would like to zoom out for a moment and talk about what is on everyone's mind: AI. AI is the single most transformative technology of our time, and its mass adoption is only just beginning. We believe Zscaler, Inc. is the security platform for the AI era because we already protect users, data, and applications across clouds and the Internet at scale.

Just as we enabled customers to securely accelerate digital transformation and cloud adoption, we believe we are uniquely positioned to secure the AI transformation, driving continued demand for our platform. Organizations are rapidly adopting AI to drive productivity and innovation, but doing so is creating new vulnerabilities, significantly expanding the attack surface and increasing cyber threats in scale, sophistication, and speed, recasting AI from a productivity engine into a dangerous security threat. During my conversations with more than 100 CEOs and CIOs, including many at the World Economic Forum in Davos last month, the urgency of securing AI is one of the top concerns on their minds.

This is the opportunity for Zscaler, Inc.'s industry-leading Zero Trust Exchange, which enables our customers to securely scale AI for the agentic era and beyond. Zscaler, Inc. minimizes the attack surface and limits lateral movement with our unique Zero Trust architecture that enables direct one-to-one communication among users, applications, and AI agents. I started Zscaler, Inc. with an initial focus on securing users—Zero Trust—then we extended our platform to deliver Zero Trust for workloads, branches, and devices, which has increased our TAM significantly and extended our technology lead from other vendors who are still trying to build a SASE solution for user security.

Now we are extending our global Zero Trust Exchange platform to secure AI applications, AI agent communication, and agentic workflow at scale. As AI agents are unleashed within the enterprise, it will not be long before billions of AI agents interacting with each other will have access to mission-critical applications and sensitive data. Just like users, an organization's AI agents are also becoming the weakest link in cybersecurity. Imagine a threat actor hijacking even one of an organization's AI agents, resulting in a serious breach. AI agents shift the threat landscape and operate autonomously at speeds far exceeding humans, exponentially increasing agentic traffic while compressing the time to prevent, detect, and respond to threats.

This is becoming even more acute as AI agents or apps exposed to the Internet can be scanned and targeted in seconds. Securing this new reality requires inline policy enforcement at massive scale. This is what Zscaler, Inc. is built to deliver. Zscaler, Inc. stands for the zenith of scalability. Effective AI security requires a proven global Zero Trust Exchange infrastructure, and we believe Zscaler, Inc. is the only cybersecurity platform for the AI age able to secure at this unprecedented speed and scale, creating a durable advantage. We have 15-plus years of experience operating our own cloud across 160-plus data centers worldwide, offering real-time security services with 99.999% reliability. This global infrastructure is critical to secure AI agent communication.

Our software is present on millions of end-user devices, servers, as well as in the cloud and branch offices, and it enables us to get agentic traffic to our Zero Trust Exchange, giving us a unique advantage. With our AI platform capabilities, we processed nearly 1 trillion AI transactions in calendar 2025. We are also processing millions of MCP requests through our Exchange on a monthly basis, up from literally nothing a couple of quarters ago. As an example, a large Fortune 100 financial services customer is using our Zero Trust Exchange to enforce policy for their software development agents.

In another example, a CSO of a Fortune 500 entertainment company, a Zscaler, Inc. customer, shared with me that with little deployment effort, he was able to turn on Zscaler, Inc. Exchange to enforce policy for AI traffic and is securing over 4 million prompts per week. Our Zero Trust Exchange is fundamentally different from competitive firewall-based security architecture that connects users or AI agents to a network and then allows them to roam free, dramatically increasing the risk of cyber breaches. We expect these advantages, including significant architectural differentiation and our large customer base, to drive short-term and long-term demand for our platform.

Turning back to the quarter, our results reflect robust demand across all three of our growth pillars: AI Security, Zero Trust Everywhere, and Data Security Everywhere. I will start with AI Security, which includes two product areas: AI Protect, our recently introduced solution to secure the use of AI and agentic operations. I will begin with AI Protect, which secures the full spectrum of enterprise AI adoption and solves a range of cyber and data loss challenges. Zscaler, Inc. ThreatLabs research found that in calendar 2025, AI application use within our customer base expanded to over 3,400, a quadrupling in the last 12 months alone, with data transfers to AI apps exceeding 18,000 terabytes.

Many of these apps have serious vulnerabilities. Zscaler, Inc. AI Protect gives customers a single integrated way to secure AI at scale by discovering and managing all AI assets, including shadow AI uses, enforcing safe access to approved apps, and inspecting every prompt and response in real time to stop data leaks and attacks like prompt injection. For customers building their AI models and applications, our AI red teaming solution performs continuous security assessment. This quarter, we integrated our AI red teaming and our guardrail products to provide true closed-loop security. While our Zscaler, Inc. AI Protect solution is new, we see demand rapidly accelerating, including landing new logos, representing a massive future growth opportunity.

This quarter, several large enterprises adopted our solution. In an eight-figure new logo win, we landed a Fortune 500 semiconductor manufacturer. This customer expanded its use of our platform to include AI Protect and data security solutions to block access to unsanctioned applications, prevent public LLM data leakage, and provide visibility into prompts. Zscaler, Inc.'s integrated AI Protect solutions spanning the entire AI lifecycle was a key differentiator for this new logo win. In another example, in a seven-figure upsell deal, a Global 2000 construction company, which is securing users with Zscaler, Inc., added our AI Protect solution to prevent data leakage and enforce acceptable use controls for access to GenAI applications.

The second product area of our AI Security is agentic operations, which includes agentic SecOps and agentic IT Ops solutions. We are significantly advancing our agentic SecOps capabilities by integrating Red Canary's agent framework with the deep security insights we generate from the Zscaler, Inc. Zero Trust Exchange, which processes more than 500 billion transactions every day—more than 20 times the number of daily Google searches. This fusion of capabilities simplifies customer operations, automates threat hunting, and provides more accurate, actionable threat prioritization. Some of our wins were a Global 2000 utilities energy company and a Global 2000 oil and gas company. In agentic IT operations, our innovations include Zscaler, Inc.

Digital Experience, or ZDX CoPilot, which combines agentic technology with a conversational interface to troubleshoot and resolve performance issues of applications and network and endpoint devices. Bookings for ZDX Advanced Plus, which includes our ZDX CoPilot product, crossed $100 million over the last 12 months, growing more than 80% year over year. We are soon launching an AI agent for ZDX that will automate multiple troubleshooting tasks, resulting in faster diagnosis and resolution of performance issues. Overall, I am very pleased to see growing demand and continued momentum for our AI Security solutions.

Our next growth pillar is Zero Trust Everywhere, which includes revenue from customers who are more broadly adopting our Zero Trust architecture by purchasing all of the following: Zero Trust Users, Zero Trust Branch, and Zero Trust Cloud. We pioneered the Zero Trust Users market by disrupting the traditional proxy and VPN markets, and we are a clear market leader. With our Zero Trust Branch, we are disrupting branch firewalls, software-defined networks, or SD-WAN, and MPLS networks. With Zero Trust Cloud, we are disrupting virtual firewalls in the cloud. We are seeing ARR from Zero Trust Branch and Zero Trust Cloud growing significantly as we dramatically reduce cost and complexity.

The number of Zero Trust Everywhere enterprises has grown at a rapid pace and now sits at over 550, up from over 130 a year ago. The pricing of Zero Trust Branch and Zero Trust Cloud are based upon the number of devices, the number of workloads, and the amount of traffic, which keeps growing. This expansion also creates a flywheel effect generating follow-on demand for our data security and AI security offerings. Let me give an example of a Zero Trust Branch win at a subsidiary of a Fortune 500 retailer who significantly expanded its deployment of Zero Trust Branch to over 1,000 sites in a seven-figure upsell, making it one of our largest ever Zero Trust Branch deals.

The use cases for this customer were frictionless M&A integration and rapidly bringing both newly acquired and greenfield sites online. This order also included our AI Protect solution to secure sensitive data from GenAI apps. In Q2, 45% of the total customers who bought our Zero Trust Branch solution were new logos, demonstrating that Zero Trust Branch is helping us grow our new logos. This is also clear proof that for better cyber protection, customers want each branch to be like an Internet cafe, and it displaces SD-WAN, which is often sold by SASE vendors.

Another important part of a Zero Trust Everywhere solution is Zero Trust Cloud, which reduces cost and operational complexity by eliminating virtual firewalls in data center and cloud environments and can be deployed in 10 minutes. We are seeing tremendous momentum for Zero Trust Cloud. To share a customer example, in one of our largest ever Zero Trust Cloud wins, a Global 2000 financial services customer signed a seven-figure deal, increasing their ARR to more than $5 million, up over 40%. Zero Trust Cloud is priced based on traffic, creating a natural path for ARR to grow as customer traffic grows.

This deployment will eliminate a large number of virtual firewalls in their multiple cloud environments, which reduces the operational burden of managing firewalls in multiple clouds and improves cyber posture by preventing lateral threat movement. With significant wins, we are proving that for better cyber protection, customers want each cloud workload to become like an island and communicate only through our Zero Trust Exchange, and displace virtual firewalls. Our opportunity is to secure millions of workloads. Our third growth pillar is Data Security Everywhere, which has eight modules, including data discovery, data classification, posture management, and data loss prevention. We are seeing significant traction driven by enterprises consolidating the data security point products onto our integrated platform and simplifying deployments.

The growing use of AI apps is making data protection essential, generating strong demand for our solution. Let me share an example. In an eight-figure upsell win, a Global 2000 financial services customer expanded its adoption of our platform by purchasing additional data security modules, strengthening protection for sensitive data across its organization. This customer selected us over well-known competitors to replace multiple legacy point products due to our unified policy for various data sources and channels. With this purchase, the ARR for this customer increased nearly 5x. We believe Zscaler, Inc. is incredibly well positioned to secure the AI era.

As the number of agents expands, the unique Zero Trust architecture becomes even more crucial, minimizing attack surfaces and limiting lateral movement by enabling direct one-to-one communication. In summary, our growth opportunity is straightforward. Traffic flowing through our Zero Trust Exchange for secure communication expands our revenue opportunity. In the agentic era, the traffic from Zscaler, Inc.'s more than 50 million users, servers, cloud workloads, branch locations, and AI agents will grow exponentially, driven by billions of autonomous agents. We believe that Zero Trust communication will be the only way to provide the real-time protection customers need to adopt AI safely and securely.

We run the largest inline, globally distributed security cloud platform in the world, processing more than 500 billion transactions every day—more than 20 times the number of daily Google searches. This proprietary anonymized data is used to train our AI engine, a powerful differentiator to stop ever-changing threats at speed and scale. We provide the global infrastructure which enables our customers to secure communication and apply policies in real time at wire speed. Today, we are trusted by more than 45% of Fortune 500 companies, and we expect to continue expanding our partnership over time. In addition, with just 4,400 of more than 20,000 largest enterprises in the world as Zscaler, Inc. customers today, we have a significant opportunity ahead.

This gives us a durable runway for long-term growth from both upsell and new logo opportunities. Protecting AI is not just a job or task for Zscaler, Inc. It is our mission. We believe Zscaler, Inc. is the cybersecurity platform for the AI age. I will now hand it over to Kevin to walk through the financials.

Kevin Rubin: Thanks, Jay. We delivered strong Q2 2026 results, exceeding our targets while investing with discipline. With 26% revenue growth and a 36% free cash flow margin, we achieved Rule of 62 performance in the first half of the year, placing us among the elite companies that consistently outperform the Rule of 40. Our Q2 2026 net new ARR was $156 million, up 19%, bringing total ARR to $3.4 billion, up 25% year over year. Net new ARR benefited from strength in large deals and volume of deals. In particular, the Americas closed twice the number of $1 million-plus deals this year as compared to last year.

Excluding the contribution from our acquisition of Red Canary, net new ARR was $139 million, up 7% year over year, and total ARR was up 21%. These results compare to an exceptionally strong 24% net new ARR growth last year. Red Canary exited Q2 with $114 million of ARR. For the first half of the year, net new ARR excluding Red Canary grew 10% year over year, accelerating from 1% last year. This quarter, our Zero Trust Internet Access, or ZIA, and Zero Trust Private Access, or ZPA, ARR remained healthy and grew in the mid-teens. We have steadily expanded our Zero Trust platform beyond users to protect branches, workloads, AI applications, and now AI agents.

We believe AI agents will drive a meaningful increase in machine-to-machine and agent-to-agent interactions over time. In Q2, our non-seat-based metered usage solutions delivered just over a quarter of new ACV, and the ARR tied to those offerings grew more than 100% year over year. Revenue of $816 million grew 26% year over year and 4% sequentially, exceeding the high end of our guidance. We closed Q2 with 728 customers generating over $1 million of ARR and 3,886 customers exceeding $100,000 in ARR, both growing 18% year over year. We also set a record for $1 million-plus new ACV deals for a Q2.

On a geographic basis, we saw strong growth from the Americas, which accounted for 57% of revenue, up approximately 31% year over year. EMEA accounted for 28% of revenue, up 18%, and APJ for 15%, up approximately 23%. Remaining performance obligation, or RPO, of $6.1 billion grew approximately 31%, including approximately 47% classified as current RPO. We are pleased with the strong execution in our account-centric sales motion, which is strengthening our position as a long-term strategic partner and driving deeper customer adoption over time. In Q2, we again delivered double-digit sales productivity growth, reflecting continued improvement in our go-to-market execution, with meaningful headroom ahead.

We also achieved record pipeline conversion for a Q2, signaling stronger pipeline quality and improved visibility. We continued to build strong momentum this quarter with our recently launched ZFlex program. ZFlex gives customers with multiyear commitments the flexibility to activate or swap modules without starting a new procurement cycle, along with premium deployment assistance and support. This program is driving meaningful upsell, shorter sales cycles, and greater forward visibility. In Q2, ZFlex generated more than $290 million in TCV, up over 65% quarter over quarter. Since launching a year ago, we have delivered approximately $150 million in TCV at an average four-year term, underscoring customers' long-term commitment to Zscaler, Inc.

To share a couple of customer examples, in a five-year, eight-figure ZFlex deal, a large U.S.-based finance and insurance customer nearly tripled its annual spend by expanding its module adoption across 11 existing modules and adopting five new modules, including our AI Security solution. In a new logo ZFlex win, a Fortune 500 retail customer purchased 11 modules in a five-year, eight-figure deal. This customer adopted all of our Zero Trust solutions, including Zero Trust Users, Cloud, and Branch, landing as a Zero Trust Everywhere customer. Turning to M&A, I would like to start with some color on our recent acquisitions.

On February 5, we closed the acquisition of Squarex, which extends Zero Trust capabilities into any browser, enabling organizations to leverage standard browsers like Chrome and Edge to secure access on unmanaged devices without requiring a separate third-party enterprise browser or using outdated and costly virtual desktop infrastructure. Next, Red Canary. On February 1, we executed the next phase of integrating the Red Canary teams with the respective Zscaler, Inc. teams. Red Canary was primarily a technology and talent acquisition. As we shared when we closed this acquisition, churn for MDR businesses is higher than we experienced in our Zscaler, Inc. business. Post acquisition, Red Canary's churn has been elevated.

We will be providing Red Canary ARR in Q3 and Q4. Turning to operating performance, non-GAAP gross margin was 80.2% compared to 80.4% a year ago. Non-GAAP operating income of $181 million grew $41 million, or 29%, as compared to $140 million last year. Non-GAAP operating margin of 22.2% increased 50 basis points year over year, reflecting the sales productivity improvements I mentioned earlier, demonstrating leverage on sales and marketing. Turning to the balance sheet, we ended the quarter with $3.5 billion in cash, cash equivalents, and short-term investments, and $1.7 billion of debt. In Q2, we generated $204 million in operating cash flow, up 14% year over year, and CapEx was $18 million, or 2% of revenue.

Finally, free cash flow margin was 20.7% this quarter, down from 22.1% last year, driven by the timing of cash collections. Looking ahead, I would like to spend a minute addressing the recent increases in memory, storage, and process prices and availability. So far, we have not seen a meaningful impact to our operations. However, it could become a factor in the future as we purchase equipment for our data centers and Zero Trust Branch appliances. We will continue to monitor our costs and adjust customer pricing if needed. Turning to guidance, let me provide our outlook for Q3 and full-year fiscal 2026. As a reminder, these numbers are all on a non-GAAP basis.

For the third quarter, we expect revenue of $834 million to $836 million, reflecting approximately 23% year-over-year growth; gross margin of approximately 80%; operating profit of $187 million to $189 million, equating to an operating margin of 22.4% to 22.6%; net other income of approximately $25 million; and earnings per share of $1.00 to $1.01, assuming a 21% tax rate and 167 million fully diluted shares. For the full year fiscal 2026, ARR of $3.73 billion to $3.745 billion, or year-over-year growth of approximately 24%. This guidance implies net new ARR growth, excluding Red Canary, of approximately 9.5%.

For Red Canary, we expect ARR of approximately $130 million in fiscal 2026, up from our prior guidance of $95 million, with net new ARR of approximately $6 million in Q3 and $10 million in Q4. This includes all the business expected in each period, including fiscal 2026 renewals, upsells, and new logos. For 2026, we expect approximately 40% of total net new ARR to be recognized in Q3. Revenue of $3.309 billion to $3.322 billion, reflecting year-over-year growth of 23.8% to 24.3%. We expect Red Canary revenue of approximately $125 million in fiscal 2026, up from our prior guidance of $90 million.

Operating profit of $742 million to $748 million, up approximately 28% to 29% year over year, up from our prior guidance of $732 million to $740 million; earnings per share of $3.99 to $4.02, assuming a 21% tax rate and approximately 169 million fully diluted shares; and free cash flow margin of approximately 26.5% to 27%, reflecting CapEx in the mid-single digits as a percentage of revenue. We are very pleased with the results we delivered in Q2 and record operating income. We achieved 25% year-over-year ARR growth. Excluding Red Canary, our net new ARR growth accelerated to 10% from 1% in the same period last year.

We also saw continued momentum with ZFlex and closed a record number of $1 million-plus ARR deals for a Q2. Looking ahead to the second half of the year, we believe we are well positioned to build on this momentum. We will do this by scaling our rapidly expanding AI Security portfolio, expanding Zero Trust Everywhere adoption, and growing our Data Security Everywhere revenue. Ultimately, we remain focused on driving durable, profitable growth with strong cash generation. I want to thank our employees, customers, and partners for their continued support. With that, operator, you may now open the call for questions. Thank you.

Operator: Certainly. As a reminder, to ask a question, please star 11 on your telephone and wait for your name to be announced. Please limit yourself to one question. Our first question will come from the line of Saket Kalia of Barclays. Your line is open.

Saket Kalia: Okay, great. Hey, guys. Thanks for taking my question here. And thank you, team, for the increased disclosure on Red Canary. Very, very, very helpful. Jay, maybe for you, I would love if we could talk about just the backdrop a little bit and anything you can touch on in terms of competitive win rate and what you saw this quarter. I mean, clearly, this is a rising tide market, but there are other players as well. Maybe the question is, where are you winning, and what impact, if any, are they having?

Jay Chaudhry: Thank you, Saket. We have not seen much change in the competitive dynamics over the past few quarters, which is wonderful. What we saw was a record pipeline conversion for Q2. And we also had a record Q2 in terms of large deal wins, and in Q2, a large deal wins, I mean, over a million dollars. I mean, there is a fair amount of noise the market creates out there—SASE this, SASE that. SASE is a collection of all kinds of products. In many of these SASE numbers, legacy firewalls, VPNs get thrown in.

But what we are seeing in the market is our customers care about Zero Trust, and as we engage and explain Zero Trust, we almost always win. And by the way, SASE is not equal to Zero Trust, and Zero Trust is what eliminates lateral movement. So very pleased with the performance. Brand has grown. Most of the large enterprises like us, they know us, and I think the future is great for us.

Saket Kalia: Very helpful. I will hop back in queue. Thank you.

Operator: Our next question will be coming from the line of Brad Zelnick of Deutsche Bank. Your line is open.

Brad Zelnick: Oh, great. Thank you so much. Congrats again on another great quarter, guys, and also appreciate the additional disclosure. Kevin, it seems you are raising your full-year ARR expectation by more than your overachievement in Q2. How much might be from newer acquisitions, and are there any seasonal anomalies we should consider, perhaps slipped deals out of Q2 or anything like that? Thank you.

Kevin Rubin: Thanks, Brad. Appreciate the comments and question. You know, first of all, just remember, our seasonality tends to favor H2, so we are going into the second half of the year feeling confident. We do see a strong pipeline of deals going into the back half, which does give us confidence in the raise, with the exception excluding Red Canary. So I would point to strength in the overall business as well as just general seasonality that we see in the back half of the year.

Brad Zelnick: Okay. Thanks a lot.

Kevin Rubin: Thanks, Brad.

Operator: Our next question will be coming from the line of Gregg Moskowitz of Mizuho. Your line is open, Gregg.

Gregg Moskowitz: Great. Thank you very much for taking the question. Also welcome the additional disclosures. Thank you for that. Very interesting that your non-seat-based metered usage solutions are now over 25% of new ACV. That is higher than a lot of people had thought. And with the related ARR more than doubling year over year, this has the potential to put some upward pressure on the growth algorithm for Zscaler, Inc. in the future. But, Jay, when you look deeper at these non-seat-based solutions—you gave some good color in your prepared remarks—can you help us better understand what is really most resonating with customers today as well as what you are most excited about going forward? Thanks.

Jay Chaudhry: Yes. We started early on with Zscaler, Inc. for users, for Zero Trust—that has largely been seat-based. But now we have Zero Trust for workloads, branches, devices, and now we are extending it to AI agents as well. Even for users, we did have a number of use cases that are non-seat-based. This is ZIA, ZPA, where we were doing third-party contractors, guest Wi-Fi, or B2B data exchange with suppliers and customers. And yet our growth on Zero Trust Branch and Cloud has been very strong, and that is all non-user, non-seated pricing. Our AI Security solutions, which are starting small but growing pretty rapidly, are all non-user-based; rather, they are token-based.

And yes, we are pleased to say that a quarter of new business came from metered usage, and we expect it to grow over time, especially with AI agents, because we believe that there will be billions of AI agents. The only way to secure communication of AI agents is to go through the Zero Trust Exchange that scales, that is highly reliable and globally distributed. And that is what we have.

Gregg Moskowitz: Very helpful. Thank you.

Operator: Our next question will be coming from the line of Brian Essex of JPMorgan. Your line is open, Brian.

Brian Essex: Great. Thank you. Good afternoon. Thank you for taking the question, and another set of kudos to Kevin for the organic versus inorganic disclosure. Maybe a question for you, Jay. We saw this quite a lot, you know, like a decade ago when digital transformation was the buzzword, and a lot of different IT projects were classified as digital transformation projects. Similarly, we are starting to hear a lot of projects where executives are throwing AI on top of their projects to get more budget. From that perspective, are you beginning to see any attach to budgets outside of security? How are CIOs thinking about funding some of these projects, and is Zscaler, Inc. a beneficiary of that?

Jay Chaudhry: Yes. We are seeing CIOs trying to really move as fast as they can to implement AI security projects, and the feeling is if I am not doing something, I will be left behind. That is a clear thing I see as I talk to lots and lots of them. But they do all worry about cybersecurity, especially when you see all these agents showing up every other week. I mean, last night was it called for Flex 3 computer and Pod before that, and all these guys keep on coming. They are definitely creating security issues. So our customers are asking us, what can you provide me for visibility into AI assets and risk associated with that?

And then, as they start rolling out the project, how do we control agents? How do we have policy that can say certain agents can access certain applications? Agents are somewhat like users. They are just more dangerous, and they are growing at a rapid pace. There is a high degree of interest in proper security, especially Zero Trust for agents that we provide. The budget opens up. The budget either comes from the security side of it or the CIOs are allocating some number of budget out of the AI project. If you are spending $100 on an AI project, you spend $4, $5, $6 on security; it is viewed as very nominal.

So we are not seeing budgets as an issue to do AI security projects. It does require that you need to engage at the C-level, and we have very good C-level relationships, and we have pretty good clout and credibility with Fortune 500 companies.

Brian Essex: Thank you. Super helpful. Thanks.

Operator: Our next question will be coming from the line of Meta Marshall of Morgan Stanley. Your line is open.

Meta Marshall: Great. Thanks. Maybe a question for me, kind of following up on Brian's question of what you are seeing in terms of sales cycles once a deal is encompassing more AI. I guess, how does it change the dynamic of either needing to take a more holistic view or needing to include more modules? Just what are you seeing there? Thanks.

Jay Chaudhry: Thank you. So sales cycle depends on the scope of the project. The first thing our customers are trying to do is put their hands around what they have in the environment—what public AI applications are being used, and what private AI are being used. For that, we offer AI asset management, and they want to do vulnerability assessment, red teaming kind of stuff. As they roll out the project, guardrails become important. Last month, we launched our very integrated AI Security portfolio. The sales cycle, based on what modules they are doing, is generally faster because they are not really trying to go after everything. They want to start somewhere, but they want an integrated solution.

And a number of customers have told me, hey, we bought this solution from a startup, but for one year, till I figure out what integrated solution can I get from a trusted vendor like Zscaler, Inc. who will be around for the long term. So deals and sales cycles are faster. They are smaller deals to start with, and I think they will grow over time, especially as most of those deals are based on consumption or tokens. And as usage grows, usage goes along.

Meta Marshall: Great. Thank you.

Operator: Our next question will be coming from the line of Fatima Boolani of Citi.

Fatima Boolani: Good afternoon. Thank you for taking my question. Kevin, this one is for you. I was hoping to take a step back to have you reconcile the comments around Red Canary seeing elevated churn but also the close to 30% revision on your financial contribution expectation from Red Canary, both to ARR and top line on revenue. I know you flagged that the Red Canary business generally had much higher levels of churn relative to Zscaler, Inc. proper, so I wanted to better understand the dichotomy between those statements and if you can opine on that. Thank you.

Kevin Rubin: I appreciate the question. Look, there is an element here that, as we talked about when we did the acquisition, as we do secure the renewals, there is a positive impact to ARR, and so you are seeing some of that come in. My commentary just around the elevated levels of renewals is to give color around what we are seeing. As a reminder, Red Canary was a technology and talent acquisition, and it is a core feature of the agentic SOC that we are putting together and combining. I mentioned that we moved into the next phase of our integration earlier this month, and now consolidating those teams, which we are really excited about.

So the reconciliation is really to give you a sense for what we are seeing in the business and how you should think about the second half of the year.

Fatima Boolani: Thank you.

Operator: Our next question will be coming from the line of Roger Boyd of UBS. Your line is open, Roger.

Roger Boyd: Great. Thanks for taking the question. Jay, I wanted to touch on sales productivity. You have made a number of changes to the go-to-market strategy over the past year in order to really help guide customers towards more transformational projects, and I know you mentioned another improvement this quarter, but can you talk about the future ramp you are expecting in terms of sales force productivity? Do you see further room to upside given the push towards more of these transformational deals that are bigger but maybe more complex? Thanks.

Jay Chaudhry: I will give you a broader view, and Kevin can get into more specific stuff. With the changes we have gone through, we are driving more transformational deals, better engaging with our customers. With that, you are seeing bigger deals, ZFlex-type deals, that are happening often. That is leading to improved productivity. In fact, we had double-digit sales productivity growth. Very pleased with the way sales transformation has happened. As we said last quarter, the transformation is done. Now we keep on executing further. Kevin?

Kevin Rubin: Thanks, Jay. I want to double click on that last point. As we engage with our customers, the account-centric model is a much different level of engagement. We are seeing a lot of interest in ZFlex and what that looks like from a strategic point of view. So the nature of the conversation, the way in which we are engaging, and the larger deals that we are seeing all will lend themselves to continued productivity opportunity going ahead. As I look forward, I would expect that we will continue to see improvements in productivity as a result. We are seeing the benefits; I expect that we will continue to see an improvement over time.

Jay Chaudhry: And I may add the record pipeline conversion in Q2 as a good indication that what we want to do is working. Record million-dollar deals in a Q2 is another indication of the results we are getting.

Operator: Our next question will be coming from Ittai Kidron of Oppenheimer and Company. Your line is open.

Ittai Kidron: Thanks. Kevin, I wanted to dig in into your comment on the core ZIA growth. I think you mentioned mid-teens in ARR. Can you give us a little bit more color? What was the growth rate over the last two to three quarters perhaps? And how do we think about expectations for your core ZIA/ZPA business for the next two to three quarters?

Kevin Rubin: Thanks, Ittai. I appreciate the question. We have seen a pretty consistent performance in ZIA and ZPA. We did get some feedback that it would be helpful for you to get a little bit more color in that regard, which is why I added that into the script. Keep in mind that ZIA and ZPA, as it relates to Zero Trust Everywhere, is the foundation and, to a large degree, the base and the opportunity.

If you look at the number of customers that we have today—roughly 4,400 out of more than 20,000 potential companies that we think can be customers—you look at it in terms of the Fortune 500 where we still have over half of those to prospect against, there is a massive opportunity left with ZIA/ZPA as we think about it. And even within the companies that we do have on ZIA/ZPA, we have an opportunity to upsell those to Zero Trust Everywhere and then adjacently through the other pillars—Data Security and AI. From our point of view, it reiterates the stability in the underlying business and really gives a sense for what is driving the core of the business.

But we have these other three growth pillars that have been doing exceptionally well, and hopefully that additional color is helpful for you.

Jay Chaudhry: One interesting stat that is really remarkable is that customers on average are tripling their initial purchase in four years. That is pretty remarkable.

Ittai Kidron: Thank you.

Operator: Our next question will be coming from Gray Powell of BTIG. Your line is open, Gray.

Gray Powell: Oh, great. Thanks for taking the question. Can you hear me okay? I cut out there for a second. Excellent. Okay. So I want to follow up on some of the earlier questions, and I think you have hit on this somewhat, but you are seeing a lot of momentum in ZFlex deals. If I am doing the math correctly, I am calculating that ZFlex was over 30% of RPO bookings. I am not sure if that is how you look at it, but I guess the question is, how does the ARR ramp on a ZFlex deal compare to customers under historical contracts?

And then any directional commentary you can give on how big a typical ZFlex customer is at maturity versus traditional or what they spend, and what is giving you the most upside from a product perspective?

Kevin Rubin: Thanks for the question. Let me maybe just orientate. The way that we look at ZFlex is it is another opportunity for us to offer a package to a customer that we think is mutually compelling. It gives them flexibility so they have less concern about being locked into a particular product or product decision in the future. It gives them an opportunity to focus more on the long-term partnership versus more transactional selling in nature. And then it does give an opportunity for them to try, in a much easier, less-friction way, new modules and expand into those modules. So from an offering perspective, it is a much better and more strategic way to engage.

We do think over time that more and more of our customers will adopt ZFlex. It is not something that we mandate or push, but where we feel that it really is well positioned, the field is enabled to be able to offer ZFlex going forward. Your question around differences in ramps, etc., fundamentally, two deals—if it is a ZFlex or if it is a non-ZFlex—so long as they are similar structure, there is no difference in how that shows up in ARR.

ZFlex deals, by their nature, because they are longer term and have more products, may have a ramp that is built in so that the customer can deploy along their deployment plan, which can take anywhere from six months to a year. I would not think about ZFlex as creating a different dynamic with respect to ARR other than it is just another level of indication that we are very strategic in that environment. The average ZFlex deal is typically an eight-figure TCV commitment, and for those deals that we have done thus far, it has been over about a four-year period.

As we have talked about, they tend to be three- to five-year deals, and right now, the average is about four. Hopefully, that is helpful color.

Gray Powell: That is really helpful. Thank you.

Operator: Our next question will be coming from the line of Jonathan Rukaver of Canaccord. Your line is open, Jonathan.

Jonathan Rukaver: Yes. Thank you. Jay, this is for you. Just curious, when you look at Squarex, from my understanding, you are embedding browser security via an extension rather than having a dedicated secure browser. Can you talk about that? It seems like the flexibility could be a plus, but is there a trade-off between control and functionality between extension and full browser? And then just curious also on your view of how critical the browser layer is to winning broader Zero Trust deals over the next couple of years.

Jay Chaudhry: Thank you. Very good question. We have been offering Zero Trust isolation solutions using any standard browser for managed and unmanaged devices. On managed devices, no problem. Unmanaged devices mean they were using the standard browser. Some customers wanted something like a device posture check on an unmanaged device. For that, one option was you buy a full-blown enterprise browser from a third party. We looked at some of those acquisitions a couple of years ago. We did not like it. A full-blown browser with its own vulnerabilities, and customers might not like one more agent—or in this case, one more mega agent—on their endpoint.

What we found with the Squarex acquisition is we could add the security functionality, such as device posture check, using browser extensions from unmanaged devices. It is a wonderful use case, generally for third-party-type access for us. It is a clean, better solution rather than trying to have a full-blown third-party browser. It really takes care of the gap that we have in this environment. We think it expands our TAM. We have lots of customers who are using browser isolation. This will help us expand it to handle some of the third parties who will come from unmanaged devices. Very pleased with the acquisition, the fit, and the early market reaction.

Jonathan Rukaver: Thank you.

Operator: Our next question will be coming from the line of Eric Heath of KeyBanc. Your line is open, Eric.

Eric Heath: Hey. Thanks for taking the question. Maybe I wanted to come back, as an extension to Gregg's earlier question. I am thinking about AI agents. AI agents will drive a lot of network traffic. So, Jay, Kevin, just how should we think about how you can monetize that increased traffic, and, Kevin, how we should think about it impacting the model over a longer time period? Thanks.

Jay Chaudhry: Thank you. We think these agents that are growing at a pretty rapid pace will generate a fair amount of traffic. That traffic means they are going to access application A or B, or one agent is going to talk to a second agent. In order to do that, we believe the best security is that they should be going through a Zero Trust Exchange so that a given agent can only talk to given agents or applications. Otherwise, imagine one infected or hijacked agent could infect the whole enterprise. That is the biggest value we bring to the table. The more agents, the more agentic traffic, the more value we deliver, and the better revenue opportunity for us.

We look at it as probably the biggest upside for growth of this kind of business.

Operator: Our next question will be coming from the line of Matt Hedberg of RBC. Your line is open, Matt.

Matt Hedberg: Great. Thanks for taking my questions, guys. Strong results. You are raising, Kevin—you said by more than the beat—but I just had a clarification on ARR, and I want to make sure that I am not missing anything. It looks like you raised the ARR midpoint by $30 million, but it looks like in the disclosure, and maybe this is where I am mistaken, but it looks like you took your Red Canary expectations up from $95 million to $135 million. So to me, that looks like a $35 million raise. Am I interpreting that right? I am just not fully certain about what the organic raise here is for the year.

Kevin Rubin: I appreciate the clarification. If you look at this on an organic basis, we are raising the organic net new from 6.7% as our initial raise at the beginning of the year to 9.5% growth for 2026. Yes, there is some element of Red Canary that is mechanically inherent in the raise, but the underlying growth and strength in the organic business giving us confidence to raise to 9.5% net new growth this year is what you are seeing fundamentally in the raised guidance. Keep in mind, just in the first half of this year, net new without Red Canary grew 10% against the backdrop of last year where it grew 1%.

We are seeing very healthy acceleration in net new ARR growth in the first half and signaling for the back half.

Matt Hedberg: Thank you.

Operator: Our next question will be coming from the line of Keith Bachman of BMO. Your line is open, Keith.

Keith Bachman: Okay. Thank you. I broke up a little bit there, but I want to go ahead and ask the question about Zero Trust Everywhere. Jay, the question for you is how significant could this be? You are at 550 customers now. You were at 130 a year ago. Two dimensions of the question are: what is the average ARR uplift that you experience when a customer goes to Zero Trust Everywhere? Is there some kind of lift that you could help guide us on? And then how deep do you think this could get with your installed base? What is the potential reach here?

Jay Chaudhry: Yes. First of all, we are very pleased with the number of customers becoming Zero Trust Everywhere customers. The number—550—is very good, and these are enterprise customers. They are large customers, often. In terms of lift on ARR, I think we even shared last quarter that we are seeing 2x to 3x move in the ARR when customers are moving to Zero Trust Everywhere, which is very good. In terms of potential out there, I can tell you a year ago when I was talking to customers about Zero Trust Branch, which essentially replaces MPLS or SD-WAN, I was wondering how many customers will be saying, I love my SD-WAN.

I can tell you, I do not find any Zscaler, Inc. customer—now, these are our customers—they all want to replace SD-WAN for cost reasons and for security reasons, from where SD-WAN enables lateral movement. So interest is very high in the branch. On the cloud side of it too, it is a fascinating new disruptive play. We literally know of no real competition other than old-school firewalls trying to do firewalling in the cloud with IP addresses and ACLs—it is a nightmare—so we are seeing the traction growing. Very bullish on both Zero Trust Branch and Zero Trust Cloud.

I would love to see that every Zscaler, Inc. customer, in a matter of time, will be a Zero Trust Everywhere customer.

Operator: That concludes our Q&A session. I would now like to turn the conference back to Jay Chaudhry, CEO, Chairman and Founder, for closing remarks.

Jay Chaudhry: Thank you for joining us. We look forward to seeing you at one of our investor conferences we will be attending. Thanks again.

Operator: And this concludes today's program. Thank you for participating. You may now disconnect.

This article is a transcript of this conference call produced for The Motley Fool. While we strive for our Foolish Best, there may be errors, omissions, or inaccuracies in this transcript. Parts of this article were created using Large Language Models (LLMs) based on The Motley Fool's insights and investing approach. It has been reviewed by our AI quality control systems. Since LLMs cannot (currently) own stocks, it has no positions in any of the stocks mentioned. As with all our articles, The Motley Fool does not assume any responsibility for your use of this content, and we strongly encourage you to do your own research, including listening to the call yourself and reading the company's SEC filings. Please see our Terms and Conditions for additional details, including our Obligatory Capitalized Disclaimers of Liability.

The Motley Fool has positions in and recommends Zscaler. The Motley Fool has a disclosure policy.