Zscaler, Inc. (NASDAQ:ZS) Q2 2025 Earnings Call Transcript

Zscaler, Inc. (NASDAQ:ZS) Q2 2025 Earnings Call Transcript March 5, 2025

Zscaler, Inc. beats earnings expectations. Reported EPS is $0.78, expectations were $0.687.

Operator: Good day, and thank you for standing by. Welcome to the Zscaler Second Quarter 2025 Earnings Call. At this time all participants are in a listen-only mode. Please be advised that today’s conference is being recorded. [Operator Instructions] I would now like to hand the conference over to your speaker today, Ashwin Kesireddy, Vice President, Investor Relations and Strategic Finance.

Ashwin Kesireddy: Good afternoon, everyone, and welcome to the Zscaler second quarter fiscal year 2025 earnings conference call. On the call with me today are Jay Chaudhry, Chairman and CEO; and Remo Canessa, CFO. Please note we have posted our earnings release and a supplemental financial schedule to our Investor Relations website. Unless otherwise noted, all numbers we talk about today will be on an adjusted non-GAAP basis. You will find the reconciliation of GAAP to the non-GAAP financial measures in our earnings release. I’d like to remind you that today’s discussion will contain forward-looking statements, including, but not limited to, the company’s anticipated future revenue, annual recurring revenue, calculated billings, operating performance, gross margin, operating expenses, operating income, net income, free cash flow, dollar-based net retention rate, future hiring decisions, remaining performance obligations, income taxes, earnings per share, our objectives and outlook our customer responds to our products and our market share and market opportunity.

These statements and other comments are not guarantees of future performance, but rather are subject to risk and uncertainty, some of which are beyond our control. These forward-looking statements apply as of today, and you should not rely on them as representing our views in the future. We undertake no obligation to update these statements after this call. For a more complete discussion of the risks and uncertainties, please see our filings with the SEC, as well as in today’s earnings release. I also want to inform you that we’ll be attending the following conferences: Morgan Stanley TMT Conference on March 6, Susquehanna Travel Tech Plus Gambling Forum on March 7, Luke Capital Markets Investor Conference on March 10, Stifel Technology Conference on March 11, Cantor Global Technology Conference on March 12.

Now I’ll turn the call over to Jay.

Jay Chaudhry: Thank you, Ashwin. Our outstanding Q2 results demonstrate the improvements in our go-to-market execution against a backdrop of growing customer demand for our platform. Billings accelerated in Q2 and revenue grew by 23% year-over-year with both metrics coming in above the high end of our guidance. Our go-to-market investments are resulting in increased sales productivity, double-digit new and upsell business growth and lower sales attrition. I expect sales productivity to continue growth in the second half, driven by ongoing success of our go-to-market initiatives and growing number of ramped sales reps. Our annual recurring revenue, or ARR, grew 23% year-over-year in Q2 to over $2.7 billion, and our net retention rate or NRR improved to 115%.

With our growing pipeline and better sales productivity, I expect us to achieve $3 billion or more in ARR by the end of the fiscal year. Q2 was also a strong quarter for profitability with 36% growth in operating profit, driving 2 percentage points improvement in operating margin to nearly 22%. Free cash flow margin was also a Q2 record of 22%. Driven by strong revenue growth and free cash flow margin, we operated above the rule of 45, placing us in the rarified category of large publicly traded SaaS companies that are growing rapidly at scale. Zscaler pioneered Zero Trust architecture, which enables our customers’ workforces to securely access applications wherever they reside. Prior to Zscaler, enterprises relied on firewall and VPN-based security, which allowed attackers to exploit the vulnerabilities and move unchecked across corporate networks.

Many vendors are marketing SASE, built on SD WANs, which only worsens the growing issue of ransomware attacks. We have gone far beyond SASE by pioneering our Zero Trust Exchange built on true Zero Trust architecture, which eliminates lateral propagation of threats and dramatically reduces attack surface. Building upon our success in securing users, we expanded our platform to secure workloads. IoT, OT devices, B2B users, B2B systems and more. Today, we are elevating the concept of Zero Trust to a new standard that we call Zero Trust Everywhere. For a customer to be Zero Trust everywhere, they need Zero Trust users, where users are untrusted and never put on the corporate network. Zero Trust Cloud, where workloads are untrusted and can communicate only through our exchange and Zero Trust branch, we have branches, factories, warehouses or IoT, OT devices islands of their own.

Our mission is to create a Zero Trust Everywhere world. With the upcoming hardware refresh cycle, CXOs are increasingly looking for ways to eliminate the legacy security stack including firewalls, VPNs, SD-WANs and more. We are leaning into the opportunity presented by the refresh cycle with surgical field campaigns to educate our customers on how they can leapfrog to Zero Trust everywhere and free themselves from firewalls and other legacy appliances forever. I’m happy to share that we are seeing initial success from these campaigns. As of the end of Q2, we surpassed 130 enterprises that have become Zero Trust Everywhere. And my mandate to our teams is to triple that number in the next 18 months. One of the core solutions of Zero Trust Everywhere is Zero Trust branch, which is seeing tremendous customer interest.

Let me share a customer example. An existing Global 2000 manufacturing customer purchased our Zero Trust branch in a 7-figure deal, adding to the ZIA and ZPA commitments. This customer is leveraging Zscaler to secure all their critical manufacturing sites, eliminating the need for firewalls, NACs, expensive switches and routers at these sites. Next, we are working with this customer to upsell Zero Trust cloud to put them on the path to become Zero Trust Everywhere. In another example, a large communications equipment company purchased our Zero Trust branch to phase-out their existing SD-WAN. We are excited to work with this customer to help them realize better security and operational simplicity of our platform. Zero Trust branch is also helping us win new logo customers.

In Q2, 57% of customers who purchased Zero Trust Branch or new logo customers. Moving on to large cost per metrics. Our $1 million plus ARR customer count again grew 25% year-over-year. And one large customer win a new logo of Fortune-50 energy company adopted our Zero Trust platform to secure 25,000 users with ZIA and ZPA and made initial purchases of both Zero Trust Branch and Zero Trust Cloud in a 7-figure deal. This deal showcases how customers are adopting our broader platform, including workloads and branch in land deals. By embracing Zscaler as the platform of choice for the security transformation, the customer is eliminating firewalls, SD-WANs, legacy Secure Web Gateways, VPNs and more thus improving their security while lowering cost and complexity.

I am also pleased with the momentum in our data protection pillar, which experienced over 40% year-over-year growth in net new ACV. We see two key drivers of strength. One, consolidation of point products and operational simplicity of data protection. We have the most comprehensive data protection platform, which secures all types of data, whether structured or unstructured, data in motion or data at rest and data across all channels, including web, e-mail, endpoint, SaaS, cloud workloads and more. These capabilities are packaged as various modules to provide flexibility to customers to adopt at their own pace. To give you an example, a Global-2000 retail company that had three data protection modules in the last fiscal year, adopted three new additional modules in Q1 of this fiscal year and significantly expanded data protection to all users across all their 6 modules in Q2.

This 7-figure upsell deal nearly tripled the annual spend of this already $1 million-plus ARR customer. The customer chose Zscaler to drive what in the world is the most significant transformation project in the network and security history with too many data protection point products in their environments, customers are forced to manage multiple policies from multiple products. In contrast, Zscaler customers use a common set of policies that can be seamlessly implemented across all data protection modules, resulting in rapid deployment and lower operational overhead. For example, in a 7-figure upsell deal, an existing Global-2000 financial services customer significantly expanded the data protection purchases for 100,000 users. This upsell drove a 65% increase in the annual spend of this already $1 million-plus ARR customer.

As of the end of Q2, over 85% of our $1 million-plus ARR customers have two or more data protection modules and 65% have three or more modules. We expect this module adoption to continue to grow. The second key driver for data protection growth is the increasing adoption of GenAI. With the widespread use of GenAI, all enterprises in all industries are confronting the risk of data loss to public AI apps such as Microsoft 365 Copilot, DeepSeek, ChatGPT and more. This is elevating the importance of data and protection across all customers, and customers are purchasing our solution to gain visibility into public AI apps and prevent data loss. For example, in Q2, many customers purchased data protection to securely adopt public AI, including a Global-2000 hospitality company, a Global-2000 technology company, a Global-2000 manufacturing company and more.

In addition to securing the use of public AI apps, we are investing to deliver solutions to secure customers’ private AI apps such as LLM and SLM models, chatbots and inference engines. We are expanding the functionality of our Zero Trust Exchange with an LLM proxy to analyze prompt queries and results in real time to detect and prevent prompt injections and other malicious activities. We are also utilizing AI to make our products even better and deliver more value to customers. Less than a year ago, we introduced ZDX Copilot, which leverages popular AI models like Gemini to deliver operational efficiency and faster resolution of end-to-end user performance issues. We offer ZDX Copilot in our ZDX Advance Plus package. Following the launch of ZDX Copilot, bookings for ZDX Advance Plus grew by over 45% to nearly $50 million, demonstrating the growth potential of AI-powered products.

Building on the success, we are taking ZDX to the next level by leveraging ZDX’s Agentic AI technology to automate root cause analysis and expand IT workflow integrations for faster remediation and reduce resolution times. We are also leveraging AI in many other areas, including automated data classification, image classification, zero-day vulnerabilities detection and prevention, app segmentation, IoT, OT device discovery and more. Our newly introduced AI Analytics Solutions, including Risk 360, Unified Vulnerability Management, Business Insights and others continue to drive strong growth and ACV from AI analytics nearly doubled year-over-year. To further accelerate the development of our AI solutions, we recently hired Phil Tee, as our EVP of AI innovations.

Phil was the co-founder of an AI-driven enterprise software company that provided intelligent monitoring solutions for DevOps and IT ops. In his role, Phil will lead an incubation group focusing on AI innovations to drive cutting-edge advancements in Agentic AI to further transform our business and accelerate growth. AI is everywhere around us. The release of DeepSeek R1 highlights advancements in model training, which can make Gen AI capabilities more widely available. Someone called it Jevons Paradox, which I agree with. In fact, I think this is the internet moment of AI, which will drive rapid adoption of AI in every aspect of our lives and will create a greater need for better security. Zscaler is very well-positioned to protect our customers.

At the World Economic Forum in Davos, I met CEOs of several global system integrators or GSIs. We are seeing a sea change in GSI engagements compared to a year ago, as an increasing number of them are embedding Zscaler into the network and security transformation practices. Several GSIs and strategic national partners not consider Zscaler, as one of their top strategic partners just like Microsoft and Salesforce. In Q2, GSIs played a critical role in helping us close several deals. For example, we partner with Cognizant to close a 7-figure new logo deal with a Global-2000 insurance customer, who purchased Zscaler for users for 23,000 employees. In another example, a large GSI helped us close a 7-figure deal with an existing $1 million plus Fortune-500 health care customer.

This customer purchased our ZIA, ZPA and data protection solutions for more than 100,000 users, which increased their annual spend with us by over 350%. I am pleased to see that GSIs are leaning in, working closely with Zscaler and dedicating resources to drive growth. Next, let me highlight the progress in our federal vertical. All of you are aware of the highly publicized efficiency measures taking place under the new administration in the United States. Incumbent security vendors cannot save costs for our government but Zscaler can and does by eliminating multiple legacy security products, including firewalls, VPNs, NACs, DLP, VDI and more. Simply put, we offer better security at lower cost. Having landed in nearly all the cabinet level federal agencies and with significant upsell opportunities still remaining, we are well-positioned to benefit from the government’s efficiency measures.

Outside the U.S., we continue to make investments to grow our public sector practice, and we are seeing results. For example, in an 8-figure TCV deal, a national government purchased Zscaler for users to secure the entire government workforce. This is a monumental win for Zscaler and our APJ sales team, and I’m humbled by the trust this nation’s government has put in us. In conclusion, we are entering the second half of the fiscal year with three key drivers: First, our increasing sales productivity, sales productivity increased in Q2, driven by strong demand, and I expect productivity to continue to improve in the second half. Second, we are driving Zero Trust Everywhere in our customers. We have launched targeted campaigns to educate our customers on how they can become Zero Trust Everywhere and escape that a fresh cycle for appliances.

Third, the growing adoption of AI is driving demand across multiple dimensions, including data protection and our AI-powered security products. I fully expect to benefit from these tailwinds. As I mentioned earlier, with strong demand for our platform and growing innovations, I expect us to achieve $3 billion or more in ARR by the end of the fiscal year. I look forward to sharing more about our innovations and platform strategy at Zenith Live in June. Now I’d like to turn over the call to Remo for our financial results.

Remo Canessa: Thank you, Jay. Our Q2 results exceeded our guidance on growth and profitability, even with ongoing customer scrutiny of large deals, revenue was $648 million, up 23% year-over-year and up 3% sequentially. From a geographic perspective, Americas represented 54% of revenue, EMEA was 30% and APJ was 16%. Our annual recurring revenue or ARR exiting Q2 surpassed $2.7 billion. ARR growth was approximately 23% year-over-year remaining performance obligations or RPO, grew 28% from a year ago to $4.615 billion. Current RPO was approximately 49% of the total RPO. Total calculated billings grew 18% year-over-year to $743 million. Our unscheduled billings comprised of new upsell and renewal billings grew over 25% year-over-year.

Our calculated current billings grew 19% year-over-year. We ended Q2 with 620 customers with over $1 million in ARR and 3,291 customers with over $100,000 in ARR. This continued strong growth of large customers speaks to the strategic role we play in our customers digital transformation journeys. Our 12-month trailing dollar-based net retention rate was 115%, while good for our business, our increased success in selling bigger bundles, selling multiple pillars from the start and faster upsells within a year, can reduce our dollar-based net retention rate in the future. There could be variability in this metric on a quarterly basis due to the factors I just mentioned. Turning to the rest of our Q2 financial performance. Total gross margin of 80.4% compares to 80.8% in the year ago quarter.

Our total operating expenses increased 2% sequentially and 19% year-over-year to $380 million. We continue to generate significant leverage in our financial model with operating margin of approximately 22%, an increase of about 200 basis points year-over-year. Our free cash flow margin was 22%, including data center CapEx at 2% of revenue. We ended the quarter with approximately $2.9 billion in cash, cash equivalents and short-term investments. Next, let me provide our guidance for Q3 and full year fiscal 2025. As a reminder, these numbers are all non-GAAP. For the third quarter, we expect revenue in the range of $665 million to $667 million, reflecting year-over-year growth of 20% to 21%. Gross margins of approximately 80%. I would like to remind investors that we’re introducing new products that are experiencing strong growth and are optimized for faster go-to-market rather than margins.

This will continue to influence our gross margins. We plan to optimize new products for margins over time as they scale, operating profit in the range of $140 million to $142 million. Net other income of $18 million. Earnings per share in the range of $0.75 to $0.76, assuming a 23% tax rate and 163 million fully diluted shares. For the full year fiscal 2025, we expect billings in the range of $3.153 billion to $3.168 billion, reflecting a year-over-year growth of approximately 20% to 21%. For Q3, we expect billings growth to continue to improve and encourage modeling 200 to 260 basis points of sequential billings growth, revenue in the range of $2.64 billion to $2.654 billion, reflecting year-over-year growth of approximately 22%. Operating profit in the range of $562 million to $572 million.

Earnings per share in the range of $3.04 and to $3.09, assuming a 23% tax rate and approximately 163.5 million fully diluted shares. We expect our free cash flow margin to be approximately 24.5% to 25% with a large market opportunity and customers increasingly adopting the broader platform we will invest aggressively to position us for long-term growth and profitability. With that, operator, you may now open the call for questions.

Q&A Session

Operator: [Operator Instructions] Our first question comes from Saket Kalia with Barclays. You may proceed.

Saket Kalia : Okay, great. Hi guys thanks for taking my questions here. And good quarter. Jay, maybe for you. You dug into a couple of products in your prepared remarks that are clearly doing well, like data protection. But maybe the higher-level question is, how much of your business is kind of coming from ZIA and Secure Web Gateway replacements versus broader platform products in aggregate. Again, I know we’ve talked about certain products, and we’ve gotten data points on how they’re performing. But curious if you could talk about how the business is looking from that perspective of sort of ZIA and everything else that sort of forms the platform.

Jay Chaudhry : Sure. As you know, Saket, ZIA was a starting point. We start taking out Blue Coat and other web gateways. There’s still a lot of Blue Coat left out there. But when we start, we quite often start with a platform that includes ZIA, ZPA and CDx. So starting from maybe coming from VPN replacement or Blue Coat platform becomes the more common thing. In fact, recently, the Zero Trust Branch is becoming an important area as a starting point. The interesting number this quarter was that 57% of customers on our Zero Trust Branch, our new logo customers. So expanded platform is a wonderful thing. Blue Coat proxies as a starting point, VPN as a starting point. We are taking Zero Trust Everywhere, users, branches and the cloud.

Saket Kalia: Got it. Very helpful. Thank you.

Operator: Thank you. Our next question comes from Brad Zelnick with Deutsche Bank. You may proceed.

Brad Zelnick: Great. Thanks so much for taking my question. Jay, it’s good to see the go-to-market transformation coming to life. And I think we see it in the strength in 1 million plus customers and emerging product ARR growth. And Jay, I know you’re not someone who’s easily satisfied what do you see that proves out that the go-to-market changes are making a difference and that those changes are durable? Thank you.

Jay Chaudhry : So Brad, first of all, the strength of pipeline, which is a leading indicator that is growing, that good quality pipeline is growing. Number two, our new ACV is up double digits, that’s very important. And then other metrics across the board, data protection is growing over 40% and so on and so forth. It’s very good. And the quantity of engagements with C level in large enterprises is getting stronger because the newer sales team, the leadership is very good and account relationships and expanding those accounts.

Brad Zelnick: That’s helpful. Maybe a quick follow-up for you, Remo. I think your commentary around Q3 billings. It’s maybe a little bit lighter than some expected, even though the full year looks great. Just curious if there’s been any change to the assumptions around scheduled versus unscheduled billings timing in the back half?

Remo Canessa : Thank you, Brad. No, no changes. We called out before with scheduled billings we expected 7% in the first half and 23% in the second half, that is unchanged. And also on the unscheduled piece, virtually remains unchanged also. You can see that we basically raised our guidance. So I feel a little bit more bullish than we did before. It’s based on our pipeline and our visibility. As Jay mentioned, things are going well. We’re well positioned, and we feel good.

Brad Zelnick: Awesome. Thanks again.

Operator: Thank you. Our next question comes from Mike Cikos with Needham. You may proceed.

Mike Cikos: Hi, guys. Thanks for taking the questions here. If I could just build off of Brad’s question on the go-to-market. It’s great to see the number of million-dollar customers that you guys added this quarter. I wanted to get a sense, I know we’ve had [indiscernible] there for some time now. You’re talking about GSIs, but can you maybe color the $1 million cohort that you have in light of some of these go-to-market initiatives that you guys have been working on now?

Jay Chaudhry : Yes. So two biggest things with the sales transformation war. One was the account-centric sales process, and those are good results. We already talked about them. The second big thing was global system integrators playing an important role, and that’s happening. We see that you saw me highlighting a couple of deals in my earnings script where GSI played a very active role to help us drive that business. They are embedding us into more and more of their platform. They are getting more and more people trained as well. And what we’re seeing is, if you really think about the two G2K companies, all right? They are both big opportunities for us. And there are — there’s still a 6 times upsell opportunity for us in our installed base itself.

And even our installed base, when customers get it deployed, they want to remove all the legacy stuff firewalls, VP and all that kind of stuff. And these GSIs are playing an important role to help us. In fact, is a large Fortune, I would say, 50 company. We are ZIA, ZPA, ZDX was sold and then a GSI comes in to further simplify the stuff to help us upsell additional stuff. So very pleased with the performance, and that’s part of our plan.

Mike Cikos: Excellent. Thank you.

Operator: Our next question comes from Shrenik Kothari with Baird. You may proceed.

Shrenik Kothari: Congrats, everyone. Jay, Remo, thanks for taking the question. So Jay, you emphasized the Zero Trust Everywhere as a core strategic initiative. You guys have pretty ambitious targets, you said mandate to triple that figure in 18 months. Just curious, as you’re seeing this upsell hardware refresh cycle as an opportunity, can you talk about, is that going to be your anchor point in terms of CR conversations, looking to replace the [aging stack] (ph), can you talk about the traction we’ve seen with customers who are willing to opt out of the lengthy pack towards their whole stack you addressed [indiscernible].

Jay Chaudhry : So our customers have been telling us for quite some time that your Zero Trust change is wonderful, but your branch still needs some help. I got some firewalls from routers from SD-WANs sitting the branch, creating complexity. So our Zero Trust Branch initiative is to simplify it, so one simple appliance removes everything. The branch goes dark from the Internet, it can be discovered. It cannot be attacked and the cost and complexity goes low. There was a CXO Exchange Summit we had recently, and we asked a survey question to 100 attendees. And the question was, are you ready to embrace Zero Trust Branch, which becomes like a cafe without any firewall and any other stuff. 96% of all CXOs, said they are ready to embrace it. It actually exceeded all of my expectations. So the combination of Zero Trust Branch with Zero Trust user Everywhere, with Zero Trust Cloud becomes a very good story. Our customers love it.

Shrenik Kothari: Thanks Jay. Just quickly on the NRR improving to 115%. Just can you provide more insight? You mentioned the increased number of rep sales. Reps is improving. They’re talking about the improving deal landing versus deal expansion of velocity and – are you guys maximizing upfront deal sizes versus more longer-term expansion? And how does it play into the NRR. Thanks.

Remo Canessa : Yes. We don’t guide on NRR a bit. All the things you mentioned, all come into play. Deals are getting bigger. Our upsell as we talked about before, we expected over 65% upsell this year, and that’s what basically came in at during the quarter. We are landing bigger deals. You can see with the large customer emphasis with the companies greater than $1 million. So all those factors and also the emerging products and new products, expanding the platform, they all come into play. The [115%] (ph) is an outstanding metric. But again, it’s something that we’ve talked about before. We really don’t look at other than on this call. We try to drive our top-line basically on new ACV, whether it’s upsell or new.

Operator: Thank you. [Operator Instructions] Our next question comes from Roger Boyd with UBS. You may proceed.

Roger Boyd: Awesome. Thanks for taking the questions. Jay, I wanted to go back to the 8-figure APAC government deal. I think you talked about kind of them going wall to wall with the Zscaler for users. I’d love to hear any specifics you can give on the ROI with this customer, kind of the scale of the upsell there, and what you’re replacing. And then — as you think about the pipeline for global government deals, this feels like kind of a landmark deal for you guys. Just would love any color on how you are thinking about the opportunity with other governments. Thanks.

Jay Chaudhry : Yes, you said it right. It was a landmark deal for us. Zero Trust is very important for governments. And by the way, this deal wasn’t driven by ROI. This was driven by cybersecurity having better protection. And what are we placing — this deal includes Zero Trust access for users, whether they’re at home or in the office, whether they’re accessing Internet SaaS applications or their internal applications. So essentially a critical part of our platform. Starting with its entire government workforce, which is very proud of. We are engaged with several other U.S. friendly countries to pursue this thing, but some of these government deals can take longer, but it is good to see that we’re getting traction, and we’ve done a lot of work in the U.S. Government as well, which I shouldn’t forget about.

So we see it as a good opportunities, but government deals can be a little bit what you call it bulk — lumpy and can take time, but it’s pretty unique for us. We are very, very proud of it.

Roger Boyd: Thank you.

Operator: Thank you. Our next question comes from Brian Essex with JPMorgan. You may proceed.

Brian Essex: Hi, good afternoon. Thank you for taking the question. Jay, I was wondering if I could dig into maybe the comments that you had on ZDX. And would love to know how you’re seeing customers approach agentic protection. And on the data protection side, is your platform obviating the need for data discovery and classification or are you coming in on top of that? How are enterprises viewing getting their data estate in order before they pursue agentic utilization? Thank you.

Jay Chaudhry : Sure. It’s a very good question. Often, we like to give customers flexibility and choice where they can, data classification is a hard problem. AI actually is helping a lot in doing data classification. So we do use GenAI technology for classification quite a bit. In fact, for quite some time, as your traffic goes out to the internet, on the fly at our ZIA, we have been doing classification with our customers for policy enforcement. But also we can scan data sitting in one drive share point or wherever else may be and can do classification with our AI technology. Having said that, we also work along with data classification that may be done by other providers. So we can take that classification and tax and applied a policy enforcement because we are sitting in the traffic path.

The only way that data can leak out is if it goes through us and via the natural policy enforcement point. Our data protection solution has been growing very nicely. Our ACV, for example, has grown 40% year-over-year. So it’s a good opportunity, and it’s not only data in-line. We’re doing data at [rest] (ph) and SaaS application. We’re doing DSPM for data in the cloud. We’re doing data security and endpoint data scale for e-mail using single policy engine, which is what customers like us because they were rather not buy five different point products.

Brian Essex: Got it. Super helpful. And great to see the better sales productivity. Appreciate it.

Operator: Our next question comes from Gregg Moskowitz with Mizuho. You may proceed.

Gregg Moskowitz: Thank you very much for taking the question. The Zero Trust Everywhere campaign appears to be off to a very good start. I realize it’s early, but I was curious if you’re seeing more adoption thus far from small, midsized or larger enterprises, and then also from what you — so far, how does the size of Zero Trust Everywhere lands, how does that compare to Zscaler’s typical net new logo?

Jay Chaudhry : Right. So first of all, our focus remains larger enterprises. There is a natural growth happening on the lower end of the business which keeps on going, but primary focus has not changed. I was very happy to see that over 130 enterprises. We’ve gone in with Zero Trust Everywhere. And for that case, we essentially like to say users are Zero Trust, no matter where they’re sitting, at home or a coffee shop or at your headquarters, your branch is Zero Trust, your cloud is Zero Trust. That’s really the absence of Zero Trust Everywhere. Now what we also — we are bullish. We think we can triple this number in the next 18 months. And that’s based on the customer feedback at reception we’re getting. So we think we have a new make, a big difference in the branch area, I’m excited with the fresh opportunity. Our CIO, I was talking to said, I’m glad you’re moving forward because I do not want to go through the refresh cycle of firewall one more time.

Gregg Moskowitz: Very helpful. Thanks Jay.

Operator: Thank you. Our next question comes from Fatima Boolani with Citi. You may proceed.

Fatima Boolani: Hi, good afternoon. Thank you for taking my questions. Remo, you made a specific reference to the fact that there is ongoing scrutiny on large deals. So wanted to ask you both actually a very stratospheric question. The entire business and the business model and the pipeline is becoming more tethered and indexed to larger deals. You’re talking about scrutiny and then you layer on the fact that there are segments of the economy and maybe the global economy that have been a little bit in flux by virtue of trade wars and tariffs and things like that. I wanted to get your perspective on how that’s maybe helping accelerate the conversation for you, if at all, just kind of given that could have implications for how sectors of the economy think about transforming their networks and their security architecture and any kind of anecdotal feedback or color you got actually from your CXO Summit that you referenced earlier, I would love to kind of get some real-time feedback from how customers are internalizing some of this with their budgetary aspirations and expectations.

Thank you.

Jay Chaudhry : So Fatima, let me start. From what we know so far, we expect limited direct impact from tariffs to our business. Now as we said in our remarks, macro is still tight. Yes, there’s large deal scrutiny, budgets for ITR, tight in general, but not for cyber. Now if I can go to a CIO or CISO and talk about Zero Trust Cybersecurity, they get interested. But then if I can say, we’ll do this and reduce cost for you. The interest becomes double. So these two things together are actually driving our pipeline. If we didn’t have these two factors, the pipeline will struggle. But then it takes not more to close the pipeline. If you close the pipeline, they actually want to see cost savings and we have been refining and refining our business value assessment to create business ready cases for CFO approval.

And that stuff is helping us. So when we go in and say, we are going to help you with Zero Trust Everywhere, that really means a bigger part of the platform. The fascinating thing is the more savings they want, the bigger part of the platform they need to buy, okay? It becomes an interesting combination. But if you can see the — show the saving and can tell them in one quarter, this goes out in two quarters, this goes out three quarter, this goes out. CXOs become essentially a champion and they push to get deals done. That’s really what we are seeing. It is helping us. And GSIs are also helping us because they come along as partners to really drive that transformation. Someone has to do that work and they’re good partners for us. Remo?

Remo Canessa : Yes. I mean just to follow on some of Jay’s comments. If you take a look at our guide for the second half, good pipeline, strong pipeline, Jay called out stronger sales productivity, which we’re seeing demand for the product. We’re not baking in a strong or banking and a strong federal in the second half with the uncertainties that are currently going. Having said that, we’re very well positioned. We’re in 14 of the 15 cabinet agencies. And we feel that our product platform related to the efficiencies and costs and security, but I believe we’re well positioned. But again, as Jay mentioned, those types of deals are lumpy. The negatives, as we called out the macro, the roll macro and deal scrutiny. Jay call that also tariffs.

We’re a service company. So we don’t believe tariffs will have an impact on us or significant impact at this point, unless things change. So we’re well positioned. But those are kind of the pluses and minuses related to our guide for the second half going forward.

Fatima Boolani: Thank you.

Operator: Our next question comes from Joseph Gallo with Jefferies. You may proceed.

Joseph Gallo: Hi guys. Thanks for that question. Remo, as a follow-up to your earlier scheduled billings comments, does that acceleration peak in 4Q, or how should we think about that piece of the business as we move into fiscal ’26? Thank you.

Remo Canessa : Yes. So we’re not making a comment for fiscal ’26, but it does increase [in report] (ph).

Joseph Gallo: Okay, thanks.

Operator: Thank you. Our next question comes from Matt Hedberg with RBC. You may proceed.

Matt Hedberg : Hi, thanks for taking my question guys. Congrats on the results. Jay, I wanted to go back to your comments about Agentic and ZDX. And I guess, I’m curious, like a natural fit there. But I guess I’m wondering like as customers roll-out agents, right? I think a lot of people think identity, they might think aspects of cloud security what Zscaler’s role in protecting customers’ agents because it seems like that’s obviously a massive trend that’s very early.

Jay Chaudhry : That’s correct. So the question often gets asked is, if agents are used, the headcount comes down, what’s the impact on fee-based model, if that’s what your question is. We haven’t seen any big changes, but I do believe some of those changes are coming. No matter what happens to users, there will be more communication among users, machines, workloads and in the future, more with AI agents. Agent — AI agents is just another entity for us. We are on the Zero Trust Exchange to enforce policy for all communications. More communication means more traffic. That means more value delivered to our customers. We expect our pricing to evolve as agents traffic grows as well. In the past, we have seen customer headcount reduction from time-to-time.

And in most cases, they are able to keep up, while grow our ARR by upselling additional modules. We think that we have an active role to play to secure agent communication, but also using AI agent technology in ZDX and data protection to help our customers. And for that, we can charge additional dollars as well. And we have been charging, for example, ZDX where we started selling core pilot, now we’re moving to agent. They’re able to charge higher prices for those products that Zscaler has.

Matt Hedberg: Thanks Jay.

Operator: Our next question comes from Joshua Tilton with Wolfe Research. You may proceed.

Joshua Tilton: Hi guys. Thanks for sneaking me in here, and I’ll echo my congrats on a solid quarter as well. I have a two-parter, but it’s along the lines of the sales productivity comments. Good to see the improvements this quarter. I guess what I’m trying to understand is, is the sales productivity that you saw in the quarter kind of ahead of what you were expecting as we entered this year. And then if I look to the balance of the year, like where does sales productivity has to go from here in order to hit the updated billings guidance that you gave us for the year today?

Remo Canessa : Yes. I mean it is expected. Basically, what we called out on our call before is that we expected sales productivity to increase throughout the year, and we did see that in Q2. What I can say about the sales productivity, I would expect it to continue to go up. I don’t want to give any more color than that — than the sales productivity supports our guidance, and we feel our guidance is prudent.

Operator: Our next question comes from Gray Powell with BTIG. You may proceed.

Gray Powell: All right. Great. Thanks for taking the question. Yes, I just want to say congrats some of the good results. But yes, so I wanted to follow-up, I think it was Greg’s earlier question about the firewall refresh. Can you talk about some of the targeted marketing you’re doing with existing customers to get in front of the firewall refresh. And then just how should we think about sizing the opportunity? And I know it is early days, but when should we actually start to see it materialize in the results in a more meaningful way? I’m guessing it’s really sometime next year, but just wanted to get some general thoughts around that.

Jay Chaudhry : Right. So first of all, the Branch solution we launched Zero Trust Branch is the underpinning of a driver to replace firewalls. So we aren’t really focused on the data center, inside the data center, but we have large, large enterprises. They’ve got hundreds of thousands of branches out there. Most of them are asking for, how do I make my branch like a cafe. Your branch should be no more complicated than you sitting at home and being able to access applications. That’s really the disruptive and simply a technology of bringing the table. So our customers’ existing customers today have some kind of firewalls, some kind of routers or some kind of SD-WAN with firewalls sitting out there. And they’re looking for us to replace it.

So we become a single point to collect data and get it to our exchange and take care of it. That’s really what’s driving. So the firewalls that are sitting in the branch office are our primary target. Campus become the next natural thing for us. What are we doing to reach our customers? We don’t have 200,000 SMB customers of this. We’re dealing with 8,000 to 9,000 customers, and the top essentially 30% to 40% of them are good, large enterprise size. And we have these account-based teams. These teams are in touch with the customer. They give the marketing material, collateral benefits and some marketing campaigns to reach out to our customers, webinars, some of the CXO Summits we’re doing. There’s a number of ways to engage with them, get the feedback and get them moving on new solutions.

So it’s working well. We talked about a 57% off. Customers who bought Zero Trust Branch are new customers. That’s exciting for us. What’s telling me is that – our Zero Trust Branch is helping us grow our new customer logo base.

Gray Powell : Okay, that’s very helpful.

Operator: Our next question comes from Tal Liani with Bank of America. You may proceed. Tal, your line is now open.

Tal Liani: Here we go. Sorry. I was on mute, I was talking to myself. Can you hear me now?

Jay Chaudhry : Yes.

Tal Liani: Okay. Thank you guys. I want to understand the concept of Zero Trust, what it means for you, meaning Zero Trust is a concept I’m trying to break it down to products. So when you talk about Zero Trust Branch, when you talk about Zero Trust Cloud, practically, what does it mean? What are you selling to the customers? And second, how does it change the competitive landscape, meaning if we — someone is in the branch and someone is in the cloud, and there are competitive solutions. If I rewind back two years, you competed on SaaS, how does it change the competitive landscape when you focus on Zero Trust?

Jay Chaudhry : To start with, by the way, SASE is not Zero Trust. SASE is secure access based on SD-WAN, anyone falls under SASE, every firewall VPN, any network is essentially SASE. In our meaning Zero Trust starts with, no, not being on the network, not having lateral movement left and right, till our Zero Trust Branch a customer had a branch. They had an SD-WAN or MPLS connection and inside the Branch, they had either VLANs for segmentation or they had East West firewalls. We eliminate all of that using the air gap technology, we go through acquisition. We are doing segmentation inside the branch and Zero Trust way without firewalls without relance. Phone the branch to the wide area network or internet, our Zero Trust appliance makes the Zero Trust connection means no lateral movement, no SD-WAN.

Given part in the branch gets connected to an application through our Zero Trust Exchange of switchboard, no lateral movement. That’s a beauty of Zero Trust Branch, Zero Trust Cloud means entity sitting in the cloud can talk to each other without moving laterally on the network. So our switchboard, our exchange is sitting in the cloud. You can say workloads in VPC A can only talk to workloads in VPC B. Not only the north south or east firewalls needed in the cloud as well. That’s the exciting part of it. Did that make sense?

Tal Liani: Yes. And when you focus on it, that the second part of my question was, what’s your competition, who do you meet that provides the same kind of value and you have to compete with them.

Jay Chaudhry : Our competition is legacy, lots of firewall vendors, in some cases, in a branch, NAC vendors, free land vendors, none of that is needed, legacy versus the new Zero Trust we are of doing stuff.

Operator: Thank you. Our next question comes from Peter Weed with Bernstein. You may proceed.

Peter Weed: Thank you and glad to hear the continued progress, particularly with upsells. Obviously, NRR expanding is pretty exciting and probably a good signal around the sales performance. The one thing, though, that it also does seem to indicate is the contribution from net new customers has been declining. How should we think about that looking forward? Is that a short-term deceleration and would pick back up? And so when you put those two things together, we could get even stronger growth? Or should we be expecting lower kind of contribution from net new customers looking forward?

Jay Chaudhry : Right. So if you think about it, when you are a young company, you have very few customers, you have to have new logo only as you grow when we got 45-plus percent of Fortune-500 companies and have a very big platform. There’s a ton of upsell opportunity. In internally, [VMO] (ph) and our CRO we debate, do we get special push to new versus upsell. We really want new ACV coming from upsell or new logos. So today, with a large customer base, upsell is sitting about two-third, Remo, right? The new logo is smaller. And over the years, I would expect upsell to keep on going, up from there onwards because we’ll have a larger installed base of customers. I think it is a good thing. Having said that, we do have a sizable customer base customers to go after.

There are about 55% of Fortune-500 companies, who aren’t customers yet. They are an opportunity for us, whether you go to the next level of customers. You go to G2K. They’re about two-third of them. That are good for us. So we see opportunities, both new logos and as well upsell and the platform keeps on growing and growing.

Remo Canessa : The only thing that I want to add what Jay is mentioning is that we have a 6 times opportunity in our existing base on the user side only, not including the new customers. Our focus, if you take a look at it, for the Global 2000, our penetration is over 35% currently. And for the Fortune 500, it’s over 45%. The hard part is landing these customers. But once you’re in and you build their trust, you have the ability to upsell. So Jay is 100% correct. As you go forward — as we go forward as a company, and currently, we said we have 65% upsell in this fiscal year. I would expect that percentage to increase our penetration in the G2K and Fortune 500 is very, very important and continued product introduction and selling across our platform really bodes well for Zscaler. But I think we’re just in a great position and you take a look at our penetration into the G2K and Fortune 500, it’s quite impressive.

Operator: Thank you. And our last question comes from Keith Bachman with BMO. You may proceed.

Keith Bachman: Hi, thank you very much. Jay, I wanted to direct this to you. And at a high level, I wanted to dig a bit deeper on how you think AI changes your competitive positioning versus some of the landscape out there. And if I change the question around a little bit, you have in your slide deck, a AI and analytics solution is a $2 billion TAM relative to $96 million. So it’s a relatively small part. Now data protection, we could argue, is part of that as well, which is much more meaningful. But if I break the question down again into two parts, is I just want to understand, from a technology perspective, how do you change your solutions to capture the benefits of AI? And is that embedding into existing products? Or is it offering new products downstream or both? Thank you.

Jay Chaudhry : It’s a very, very good question. Yes, point you made AI analytics. It’s a small piece about a couple of products that are already out there, they are growing nicely. That was a starting point. But if you think about AI, AI is only as good as the data that powers with Zero Trust Everywhere or Zero Trust Exchange platform as we are getting over 5 billion transaction logs a day. That’s the largest security cloud anywhere out there. So that’s a one North Star. Now taking that data and building products around it becomes a next big North Star for us, we acquired Avalor, which has become the data fabric technology for us to take all that data and harmonize it, synthesize it, dedupe it, and build value around it. What is the value that can be built around it.

We have already launched things like unified vulnerability management. We just launched asset risk management. There are more and more products that are going to come around breach prediction, around security, operations alike. So you see a number of products unfolding, that are powered by AI engine to do that part. That’s 1 part. The second part ends up being taking digital experience and using more AI and AI Agentic technology to make it more powerful. CDX is already a pretty sizable business, but it will get accelerated because of AI. Third area is data protection. We have been doing some very good data classification already. But in addition to that, the #1 question CIOs ask us is, my company is using AI, public AI such as ChatGPT, Gemini or others, how do we make sure that my data doesn’t leak.

We are sitting in the traffic past the internet. We’re using our DLP to make sure they can use it safely. Then customers are using private AI application of building their own LLM models. We are building an LLM proxy to be able to inspect and enforce policy. So several opportunities for us. What we believe is the combination of Zero Trust exchange to secure customers and generate all the loans and then use AI to power it becomes probably the most compelling combination.

Keith Bachman: Perfect. Thank you.

Operator: Thank you. I would now like to turn the call back over to Jay Chaudhry for any closing remarks.

Jay Chaudhry : Well, thank you all for joining us for this call. I look forward to seeing you in one of the many investor conferences we plan to attend. Thank you again.

Remo Canessa : Thank you. Goodbye.

Operator: Thank you. This concludes the conference. Thank you for your participation. You may now disconnect.