Palo Alto Networks, Inc. (PANW) Earnings Call Transcript & Summary

Excellent. Thank you, everyone, for joining us. My name is Keith Weiss. I run the U.S. equity research franchise here at Morgan Stanley. And very pleased to have with us from Palo Alto Networks, Nikesh Arora, CEO. Nikesh, thank you for joining us.

My pleasure. Thank you for having me.

So before we get started, for important disclosures, please see the Morgan Stanley research disclosure website at www.morganstanley.com/researchdisclosures. All right. So with that out of the way, happy birthday of Palo Alto Networks, 29th anniversary.

Thank you. Yes, 20 years. Most cybersecurity companies don't survive 20 years.

No. No, definitely. And Palo Alto, definitely.

It's also Workday's 20th anniversary. Did you know that?

I did not know that.

Carl sent me a note, I sent him a note, saying, "We turned 20," "So do we." I'm like, "Will you let me have my moment of glory?"

I should know that because we worked on both IPOs. Anyway, thank you so much for joining us. Palo Alto has obviously changed a lot over the past 20 years. The cyber market has changed a lot over the past 20 years. Maybe narrow the focus in a little bit, I thought maybe we could start out with just like a state of the union, what's going on right now in terms of the demand environment, the threat environment and how sort of Palo is adjusting to that environment?

I mean, the last few years, we've had a reasonably steady demand environment in cybersecurity. And cybersecurity demand is driven by the technology market. The more excitement there is to deploy more technology, you see more automation, more consumer deployment, you're going to see the need for security. Twofold: one, every new technology needs to be secured; and two, there's still a large amount of technological debt that has not been paid in terms of upgrading of infrastructure that has its sort course, which will take its course in the next 5 to 10 years. Now I'd say the last few months and perhaps a year or so, we've had a new technological wave that is ahead of us called AI. I can't have a meeting or a discussion without the conversation around AI. And from that perspective, whilst AI is taking its time getting deployed in enterprise, I think everybody is mostly in experimentation phase, there's experimentation phase on the consumer side with the Geminis, the Groks, the OpenAIs, the DeepSeeks of the world, there's enterprise use cases we're all experimenting with. But what is also fascinating is you're seeing the bad actors have figured out that they can also have AI-assisted cyber hacking capability, which is going to accelerate the pace. So every time the pace of cyber threats accelerates, the focus on cybersecurity continues to be there. So I think we're going to see a reasonably robust cybersecurity demand market for the next few years as we go through this next technological cycle.

Got it. I've always been of the mind, similarly, that security demand drives from expanding surface area and AI is going to expand that surface area, especially when you start to talk about agentic computing on a go-forward basis, rising threat environment and regulatory reviews. The one that I wanted to get your opinion on is the rising threat environment, because it's been so persistent over the past 10 years, 15 years, does that still work to drive demand? Or does it just keep the demand at a consistent level?

Well, look, there are new threats, right? I was having this conversation earlier in the investor group, and there was a discussion, we started banding the word agent around agentic AI in the future. Now I said the biggest example of what an agent can do is drive your car. Waymo is agentic AI, right? You've got an agent with autonomous control driving your car. Well, the next attack vector is I can hijack your agent. And that allows me to do all kinds of bad things that I want. So the question is what is the security solution for agents that are going to get hijacked or agents that are going to get tampered with. So there's a whole new threat vector that has now risen with the arrival of AI or potentially agentic AI. So I think the cyber threat environment continues to increase. And you said it right, as the attack surface increases, as the more scenarios opportunities we create for individuals to interact with technology or to technology to interact with technology itself, so from that perspective, I think it's going to be sort of, as I said, a robust demand for the next few years.

Got it. Pulling on the thread of AI and generative AI, there's both the sort of demand side of the equation of AI expands the surface area, AI is in the hands of the threat actors. The phishing attacks that I'm getting are a lot more sophisticated. It's harder to tell them apart. It also gives you guys more tools, right? It enables you guys to -- you've talked a lot about the lack of security analysts and sort of that being a critical need within security and something Palo can help pursue. AI seems like a good new tool in your arsenal to be able to help solve one of those core needs in the marketplace.

Yes. That's a great point. Look, security is complicated. Many of our security products are complicated by definition, which means not only do we need great security products, but we also need amazing practitioners and users on the customer side to be able to deploy our products and leverage them to the maximum. If you can imagine that AI can assist our customers in deploying our product, perhaps take over the task of automation or recommendation or remediation using some sort of agentic AI, on the positive side, it'd be a lot easier to deploy our products. So from that perspective, we feel we're in a better position than many because we have critical mass at scale as a cybersecurity company. It's a lot easier for a $120 billion cybersecurity company to go invest hundreds of million dollars in developing that future than for a start-up, which has to go make their core product work, to go deploy AI within their core product. So we feel we're in a good place, but there's a lot of work to be done. I think, generally speaking, across any industry, for any sophisticated application, we don't have the right data. Most companies don't have the right data because you haven't collected the right data, you don't have A/B testing, you don't know what good looks like. So I'm going to spend the next 2, 3 years as industries across the board saying, "Here's the right data, here's what a good outcome means, here's what a not-so-good outcome means," and how we train AI to understand how to generate good outcomes.

It's an interesting sort of point you bring up about data. When I think about your tenure thus far at Palo Alto Network, and I think it matches with what's been going on in the industry, is an increasing focus on the data, right, making Palo Alto less about we're just blocking different threat vectors, but we are sort of accumulating data about your threat environment, accumulating data about your positioning for that and making use of that data to help protect you on a go-forward basis. And it's part of the like platformization kind of strategy that you have talked about, and it's part of what's driving people to consolidate more of their solution. Is AI another kind of impetus towards that consolidation in that, because AI is going to accelerate sort of the value of that data, it just increases the value proposition of what you're presenting in terms of a consolidated platform or that platformization.

So look, if you step back and look at first principle of security, typically, security has been a scenario where you build a sensor, you put it at the edge, and say it acts like security. It only lets good things get inside. It blocks bad things at the door. It's like how security has traditionally worked, outside this door, outside the hotel door, right? That's how security, just from a perimeter perspective, we've talked about SASE perimeters and perimeter security is the thing. The problem is, irrespective of how good your perimeter security is, things sneak in. That's how hacks happen. People's identities get taken over. People get into your databases and exfiltrate them. So the question isn't how good is your perimeter security, but the question is, if somebody gets in, what do you do, how do you figure them out, how quickly can you find them and how quickly can you shut it down so they can't see your data. The only way we think that's going to be possible is, if you look at all the data flowing through the enterprise, find anomalous behavior, have high signal-to-noise ratio in terms of good signal and shut it down. Now if you believe that, from an engineering perspective, the only way to get it done is you have access to all the data, you have low-latency machine learning models running on a constant basis, looking for anomalous behavior shutting down. If you want that future, you have to have all the data accumulated in one place. So that's why we've always maintained that the future of real-time security is going to be an analytics-based, machine learning-based, AI-based sort of system, which requires you to consolidate all data, make sense of it in one place, which has not traditionally been the model of security. The model of security was collect all the data and we'll go look at it if we have a problem. It's no longer that. You have to look at it while it's happening, if you want to get real-time outcomes.

Right. And I go one step further, the model was get a best-of-breed solution for every different data type, if you will, or every different threat vector and try to tie together all those solutions, which created risk in and of itself because the bad guys could sort of weave between your different solutions. You guys present a concept last year of platformization, of kind of bringing together more of the solution onto one platform, bringing together more of the data. What's the traction been like with that initiative? What's the feedback you're getting from customers about platformization?

Look, we've maintained -- and I've said this before, if you go back, I started working in technology 30-plus years ago, and we had 27 applications at a large investment firm, which made up the sum total of our CRM activity. That was 30 years ago. Today, at best, you have 1 system, maybe 2 that encompass the entire expanse of what you do from a CRM perspective because you figured out that this stuff needs to talk to each other and work together. It does makes no sense to sit in 27 different systems. Today, security has that attribute. It is 27 vendors to 50 vendors in each enterprise, which do security. Yet you see breaches every day, billions, $18 billion lost in sort of economic value when people get breached. So that model has to change. And the only way we change that model is you start consolidating security capabilities into singular platforms. You can see that trend is beginning to happen. I think the word platform is used by almost every security company, which may or may not be a platform. We did 75 last quarter. We've gotten to 1,150 or so in platform deals. We think, if we get to 3,000, 3,500, we double the business, triple the business in our ARR. And this is the best part of our business. It's sticky, has high net retention. It has great customer value from a security benefit. It actually reduces the total cost of ownership for our customers. So it's generally a great commercial outcome for our customers, great commercial outcome long term for us, a better security outcome for them. So enterprise is 99% perspiration. We got to keep our head down and we're aspiring to get there.

Got it. It sounds great. What's the friction? What's the pushback you hear from customers about sort of driving that consolidation?

The people who like it do it for all the reasons I described. The people who are skeptical are often skeptical about the idea of putting all their eggs in one basket. And I ask them, when they go to the grocery store, do they get 1 box of eggs or do they get 17 boxes to keep the eggs separate. Normally, it's one egg, one basket, but they just don't want them all in the same place. You'll get the argument that I have deferring duration of my economic contracts with 7 -- 27 vendors, how do I consolidate that? We provide a solution for that. So I think it's a matter of time. It's a matter of time as people start to see -- you have to show the benefit. And the benefit we have been able to demonstrate in our XSIAM platform is we are operating at a median time to detect security incidents to under a minute and remediate in under a minute, which is as close to real time the industry can get. If I can get my customers who are on average at 4 to 7 days to minutes or under an hour, that's a good start. So we're saying, forget about the conversational platformization. Imagine if I took your time to find a threat in an environment and remediate it down from 4 to 7 days to 1 minute, how would you feel?

Because the cost of the breach is going to be directly related to how long is it persistent.

The best time that people focus on cybersecurity is when they just had a breach, for that reason.

Right. Got it. So you mentioned the Cortex XSIAM, your next-generation SIEM solution. It's automating security operations center. It's what we think of as the next major product cycle within Palo Alto. What makes you feel that this market is ripe for disruption right now? And where are you winning share?

Look, when I started 7 years ago, actually, I was in a Morgan Stanley event 4 days after I started, and I had the pleasure of meeting some of the EDR vendors. And David Chen, who was here somewhere had me go for a walk with some of them. And I sort of was new in the industry. I didn't know how to spell cybersecurity. I thought it was 2 different words. Anyway, I went for a walk with these guys, and they told me how EDR was the next thing. And if you look back, one of those companies is probably worth $85 billion, $90 billion. They were $2 billion or $3 billion 7 years ago, but they were at the inflection point of where end points were migrating from McAfee and Symantec to them. I think we're at the same inflection point in the SIEM SOC business where we are going to go change the entire landscape in the next 5 to 7 years. So vendors, which technically started 17, 20 years ago in the SIEM business, when you couldn't consolidate the data, it's expensive, you couldn't run machine learning models because they didn't exist and you did not have a concept of real-time security. It was a concept of off-line query-based security. So I think that inflection point is here. It's a $40 billion market. I think the next 5 to 10 years, it transforms. And hopefully, we're in a great position to be able to take advantage of that.

Got it. I like that analogy a lot. It makes a ton of sense. In the EDR side of the equation, it was like the core technique being used for doing end point detection couldn't keep up with the threat environment. There was a necessity for a technological change. If we sort of draw that analogy down to the technology layer, what is it about the Cortex XSIAM that is solving that similar technology problem? And what exactly is that technology problem?

Look, traditionally, security operations centers were designed to investigate a breach after you understood there was a breach. So we said, "We have a problem, we have a breach, go analyze what happened," and say, you'd go into your data logs, you run a bunch of analytics, you'd figure out, "Oh, this happened this way. I found the cause. Let's go trace it back. Here's how much data we lost." The average time to figure out a security breach and remediate was anywhere from 27 to 120 days. 27, 120 days, you can shut down a business. You take all its corporate jewels, its crown jewels and leave. Today, that time to go in and exfiltrate is 11 hours. Get in, steal data and leave in under 11 hours. You've got to have something that go solve the problem. So current technology is we take all the data. We ingest it. We run it through 5,000 machine learning models, that ingestion, to see there's any pattern recognition of 5,000 different ways that you can be hacked. We take that. We stitch events. And we actually have all the data analyzed. Our view is, if you don't analyze every alert, every piece of data, you're not going to block bad activities. I mean so it's kind of gone from an off-line, query-based, post-breach model to an in-line, real-time analytics model because latency is low, cost of data is a lot cheaper than those 17 years because you can actually deploy those techniques and you can save a lot of economic value in people not getting breached. So I think it's new tech, it's using machine learning, it's AI. I think that's where the future needs to be.

Taking the focus from reactive to proactive. You guys, last year, I believe, signed that IBM partnership where twofold, like one, you have over 1,000 IBM consultants that are helping you guys sell the SIEM solutions; two, it gave you access to the QRadar asset and you can start to bring those customers onboard to SIEM. How has that partnership been running for you guys?

It's amazing. It's one of the best partnerships I think we've done. It's one of the best partnerships from a model perspective in the industry. IBM got to now suddenly work with us and deploy multiple cybersecurity solutions, best-of-breed in the market from Palo Alto. Earlier, they had their own captive products. We got access to a large SIEM customer base, and we've got the support of IBM. There's instance where Arvind and I both called on the customer together, our head of sales and their head of sales called on customers together. So they've actually been very proactive in helping us migrate their customer base from QRadar to Palo Alto XSIAM, which is great because they can, over time, end of life that product. They can focus on their new acquisition, HashiCorp. And in the developer side, we can focus on security and their consultants now have the option of selling the best security products in the market.

Got it. How far through that customer base have you guys gotten so far?

It's a robust pipeline. I think, as I said, economically, it's going to end up being one a phenomenal deal for us. We are some part through their customer base. Some of them have renewed their QRadar subscriptions, which will over time be able to migrate to Palo Alto.

Got it. Let's switch gears and talk a little bit about SASE and kind of where we are in that transformation. We've seen a lot of transformation within network security. SASE definitely met a need in the marketplace. It aligned to sort of what we're seeing in terms of the explosion of cloud-based applications. Is there still that same type of appetite for a transformation? Is there still as much sort of opportunity for SASE on a go-forward basis as we've seen over the past couple of years?

I think we're only about 15% to 20% of the way there. I think 80% of the companies haven't transformed their SASE capabilities yet. Morgan Stanley hasn't, a whole bunch of banks haven't, so a whole bunch of people out there who are actually still analyzing that journey. I think AI is going to be a continued stimulant in terms of getting people who have been reluctant so far to move towards that future. The first big inflection point in SASE came from the pandemic. Most companies are set up to have 10% of employees be able to access everything remotely. And you had to still go to the office and do lots of things because you didn't have access from home. You don't want to touch portfolio attribution systems or trading systems from home because they were proprietary, they were stuck in a data center. The pandemic hit, you had to provide access, employees couldn't work. So we had a big inflection where people had to make every system accessible from anywhere at any point in time, not just cloud-based system. That caused the first inflection point that caused us to build our SASE product, where originally SASE was more of an Internet access product, which was typically provided by Zscaler. That has gone through one more cycle of evolution where people saying, "Wait, now I don't need to take my employees straight to my data center. I can take them to the cloud and decide where traffic goes, cloud or data center." And as we go more and more cloud, as we have private applications sitting in the cloud, the customers are being forced to deploy some sort of a SASE solution. I think the next leg of SASE, from our perspective, is over time, we think the browser becomes the operating system of the future. We think a lot of people who are in their iPads or their laptops right now, they have some version of a thin sort of OS in there, for the most part. I'm pretty sure the majority of you would have to shut down your laptops and start paying attention if the Internet was down, right? You're only able to use these things because the Internet exists. 90% of your work is being done on a browser. If that's true, the browser is a phenomenally better way to secure you than any other technology in the world. So we think the world goes towards the browser. We think 50% of enterprise access it through a browser. We were lucky enough to buy a browser company about a year ago, 1/3 of our users in SASE last quarter were browser-based, which is interesting.

Got it. So can we expand upon that in terms of a lot of opportunity left. You're talking about 80%, 85% of the opportunity ahead of us. There's new technological changes that can help to accelerate sort of that transition towards SASE. The competitive market in SASE has definitely expanded as well. Every vendor that I've talked to this week has a SASE solution or expanding their SASE solution.

Nobody else thought it was a great idea.

True. How do you guys look to differentiate the Palo Alto Network solution from all the other vendors out there?

Our underpinning is security. When SASE originally was Internet access market, you access cloud applications, and you believe that Salesforce is secure, ServiceNow is secure, others are secure. You don't have to worry about it. But the moment you started having to access your private application in your data center using a SASE front end, you wanted better security. So we come from a security background and underpinning of strong security, from a firewall perspective, which translated well in us being able to do that. Our differentiation is we are the only vendor in the market that has a hardware, software and SASE form factor, which runs on a single platform. To replicate us, you'd have to at least have 3 to 5 vendors to replicate a network security platform. So that's the differentiation. Our browser is the cherry on the pudding because nobody else has an integrated browser with a SASE solution, which allows us to go differentiate ourselves in the market. 7 years ago, we were not a SASE player in the market. Today, our SASE business is almost as big as our hardware business.

And in terms of being able to leverage that firewall installed base, having that hybrid solution between hardware and software, how do we think about the ASP uplift when a customer goes from being just a more traditional next-generation firewall customers to a SASE customer for Palo Alto?

Well, we've done the math before and shown that our customer value goes up 2.5x as they go from being a hardware customer to a SASE customer because of the more expanded sort of QR BOM that SASE provides and sort of you don't need to deploy hardware. You don't need to recycle hardware. You don't need to go send people to go replace the boxes. You can run this as a SaaS service in the cloud. So it's a phenomenal economic outcome for us. But more importantly, it's a great outcome from a customer total cost of ownership because it's expensive to replace hardware. It's expensive to configure hardware. It's expensive to service hardware. If you're running on a SaaS platform, remember, everybody is on the same version the day we decide to upgrade the version. In hardware, it takes 2 years to get everybody the same version.

Right. Got it. You mentioned the Talon acquisition, getting that secure enterprise browser. Relatively early days in terms of this concept and pushing this out within SASE, what's the initial customer response been? Have you guys started to get traction with this solution yet?

Yes. Look, if you think about it, the few use cases, which are horrible technology use cases, in our industry is, one, most companies don't have a solution for contractors. If you have a third-party contractor, they don't want to put your software on their devices. So how do you protect your enterprise if 30%, 20% of your workforce doesn't want to put a security solution delivered by Morgan Stanley or delivered by Home Depot or delivered by whoever you are? So from that perspective, a secure browser allows a third-party contractor to access your capabilities, shut off the browser, go do what they need to do and they're comfortable with that. There's a use case called VDI, which is clunky, high latency, hard to use, that can be replaced with the browser solution. Your mobile devices can be replaced with browser. The most interesting impetus we're seeing right now is companies want their employees to access AI applications. But their biggest fear is, "My employee is going to take proprietary information and upload that into ChatGPT or Gemini and ask it a question. And oops, my corporate data, my drug formulation, my CAD design for my chip is now being used to train a public model, and I didn't know that was going to happen." The only way you can see what people are doing in your company in an encrypted way is through a browser. So we have customers who are deploying AI application in their companies, saying, "Every employee who are AI leaning organizations use the browser from Palo Alto." As a result, we can see and block you from entering proprietary information. So literally, we have a customer who's bought 240,000 instances of a browser because they want to be an AI-first company and say, "You can all use AI, just use it with the Palo Alto Browser." So I think that's going to be the inflection point because organizations, enterprises, rightfully so, want visibility into the traffic between AI models or AI applications and their employees to make sure proprietary data doesn't go back and forth. From that perspective, that's the only way to inspect it and to protect it.

Got it. One more area of the next-gen portfolio I want to touch on, cloud security. Palo was an early mover and an early market leader in cloud security. Where are we in terms of kind of market penetration? How is that opportunity evolving for you guys over the past couple of years?

So the cloud market, I think, is in a sort of third iteration, which is where it's going to live. The early days of cloud security was, "I'm going to Google. I'm going to Microsoft. I'm going to AWS. What do I need to worry about?" So you're going to have to configure AWS, Microsoft and Google for yourself. When you configure, you can make mistakes. When you make mistakes, people can hack you. That was called cloud security posture management. You had APIs coming from all these places. You looked at the configuration mistakes, oops, you got a problem, fix it. It is fine because, if you get, "Oh, s***, but I'm writing my own software. What if my software that I'd written has flaws?" Then you had this notion of code security, how do you protect your software code and sneak in the world, other people like that showed up. It's certainly great. Then you sat there and security goes, "Holy s***, I'm getting a lot of alerts. I'm getting 100,000 alerts, and none of the stuff is in production." It's all sitting in some developer's laptop or sitting in some configuration. So the whole world started moving towards only protect what's running in real time in production. Pay attention there. All the other stuff is sort of before all the production issues, which is where agents come into play sitting in the public cloud from a real-time perspective. So the first wave was the version of CNAPP. The next wave was code security. The third wave is how do you marry real time and the other two. So we spent the last 9 months moving our entire stack into our Cortex stack, which is where we do real-time security. We relaunched the product called Cortex Cloud, which does all that connected tissue. So our view is that you go forward 7 to 10 years from now and look back, you realize security is a data problem. All the data has to sit in one place. If you look in our industry, there's either analytics products or perimeter products. Perimeter products, we have a reasonably good market share, and we have a lot of products that play in that space. We think over time, the entire analytics industry collapses into some sort of platform like XSIAM. So we'll see slowly, as we collect all the data, we will be able to build analytics product because otherwise, every analytics product tries to ingest the same data we already have. So we can provide a lot lower cost of operating, a lot more integrated solution as long as you can run the analytics on one large data lake.

Got it. Old habits die hard, so I got to ask you about the firewall refresh. And it does feel like we're in an up cycle or early innings of...

You've been listening to our competitors. I'm just guessing.

Yes, listening to Hamza. Could this be a positive for the platformization trend, right? Like as these customers come up for refresh, does that give you a good opportunity to go in there and sell to the broader base?

There's this fallacy about a refresh, which is perpetually in the industry, since I don't come from the industry traditionally -- we don't sell iPhones, like, oh, there's a new one in pink. I really want it. Forget the fact that I bought one last year. Let me just go throw it away and get a new one. Our industry works pretty much in a cycle. I bought it 7 years ago. It's getting old. I need a new one. If I don't get a new one, I have a security breach. So our refreshes are very well documented, cataloged with our customers. They know, after 6 to 7 years, they have to change the firewall. If they wait for 8 years, it doesn't get serviced and which defeat the purpose from a security perspective. So I know every firewall I sold 7 years ago is up for a refresh all the way from between 5.5 to 7 years. So it's a very well-understood cycle. If I sold $800 million of firewalls 6 years ago, $800 million or so are going to come up for renewal. Some people stop using them, some people want to get a bigger one, et cetera, et cetera. So it's a very defined cycle. I don't think there are spikes in this refresh business. I will tell you, if you step back, what does the firewall do? It inspects traffic. Any traffic that goes between you, your company, that goes between one company and the other company, that goes between a machine to a machine, every bit of traffic has to be inspected. Like everybody who goes through an airport has to go through a security check, every bit of traffic has to be inspected. If you step back and say, the global network traffic doubles every 3 years, which means you have to inspect more traffic. There's only two ways to inspect traffic. You have a big hardware box and all the traffic goes through it or you send it all to the cloud, and you inspect it there. So I think generally, the market for traffic inspection needs to double every 3 years. The cost per inspection goes down every year. As a result, there is an 8% to 10% increase in the market value every 2 to 3 years. That's the combination of hardware firewalls, software firewalls and SASE, right? We've been growing that business about 20% every quarter for the last many years. So which means we're taking share in the inspection business. That's how I look at it. The hardware refresh is just an artifact part of our business. But if I can do more software inspection, it lowers TCO for my customer. If I can do more SASE, it lowers TCO for my customers. But in some cases, hardware inspection is the cheapest cost of inspection.

Got it. I want to shift gears a little bit and talk about M&A strategy. And this is something that's been super impressive in the Palo Alto story. I remember early days, when you took over as CEO, while the industry view, while the investor view on M&A had been very sour, there's a lot of consolidating acquisitions, a lot of acquisitions that didn't work, you came out with a point of view saying, "Listen, there's nothing inherently bad about M&A. You just have to target the right M&A. We have to be buying in the areas where the customers are going, not where the customers have been." And it's been remarkably successful. I think Talon falls into that category. Is that the same philosophy you take on a go-forward basis? And any areas that we should be kind of focusing on of where the puck is going on a go-forward basis?

You know, cybersecurity is one of the most innovative industries in the world. We always have to stay one step ahead of the bad actors. So we are not sort of vain enough to believe that all innovation will come from Palo Alto. There's a bunch of smart people out there innovating on a constant basis. So we're constantly scanning the market. We look at about 200 to 300 companies a year, the idea being that if they've got something that is cool that needs to be deployed in our market, we can bring them onboard and use our go-to-market engine and integration engine to go make it useful. Talon, we sold 30% of our SASE business to Talon in the last quarter from an end point perspective, where 1 year ago, we didn't have them. So we are able to buy, integrate and deploy, but it's getting harder because we are now in 25 categories where we sort of win, from a Magic Quadrant perspective, but we're always on the lookout. Like now the new kid on the block is AI. You've got to watch and see where AI lands. It's the same philosophy. It's hard to do go-to-market acquisitions because we don't see it like paying multiples of revenue. But it's good to be able to buy products, which you can then put into our go-to-market engine and go amplify that in the market.

Got it. I want to sneak in one last one, on the profitability side of the equation. Palo has seen pretty significant improvements in EBIT margins over the last year. Can you talk to, a little bit on backwards perspective, what's driven that sort of improvement in profitability? And is there a significant upside on a go-forward basis? Is there still further room for leverage?

Look, when I joined 7 years ago, our margin was in the 20-plus range. I had to take it down to go invest because we hadn't invested enough in innovation. We had to go buy some companies. We had to go do a whole bunch of go-to-market changes. We've now gotten it to the high 20s, which I think is a good place to live. We're trying to grow the business in the 15% range. I think the AI sort of opportunity from an efficiency perspective, all this agentic stuff, all the stuff that allows you to run a much better business, is going to be positive. I think we're going to be able to eke out 50 to 100 basis points a year of improved margins over time, both from scale benefits in AI. I do think there's a bigger prize on AI, which is 3 to 5 years out, if you can get it right. And we're leaning in heavily, from our perspective, because if we believe we can get a 400 to 500 basis point improvement in operating margins with AI in the next 3 to 5 years, that allows us to be a very different cybersecurity company, then we can start looking at other companies which are not operating at our level of efficiency and justify acquisitions, which can allow us to selectively grow in the right way.

So just to be clear, that 3- to 5-year opportunity is just compounding the improvement from utilizing AI internally and becoming that kind of next-generation company in terms of how you're operating.

Yes.

Outstanding. Well, unfortunately, that takes us to the end of our time. But Nikesh, thank you so much for joining us and sharing the Palo Alto story.

Thank you, Keith. Thank you very much. Thank you, everyone.