Qualys, Inc. (QLYS) Q2 FY2025 Earnings Call Transcript & Summary

Ladies and gentlemen, thank you for standing by. Welcome to Qualys Second Quarter 2025 Investors Call. At this time, all participants are in a listen-only mode. [Operator Instructions] Please be advised that today's conference is being recorded. I would now like to turn the conference over to Blair King, Investor Relations. Please go ahead, sir.

Thank you, Michelle. Good afternoon, and welcome to Qualys' Second Quarter 2025 Earnings Call. Joining me today to discuss our results are Sumedh Thakar , President and CEO; and Joo Mi Kim, our CFO. Before we get started, I would like to remind you that our remarks today will include forward-looking statements that generally relate to future events or our future financial or operating performance. Actual results may differ materially from these statements. Factors that could cause results to differ materially are set forth in today's press release and our filings with the SEC, including our latest Form 10-Q and 10-K. . Any forward-looking statements that we make on this call are based on assumptions as of today, and we undertake no obligation to update these statements as a result of new information or future events. During this call, we will present both GAAP and non-GAAP financial measures. A reconciliation of GAAP to non-GAAP measures is included in today's earnings press release. And as reminder, the press release, prepared remarks and investor presentation, were all available on the Investor Relations section of our website. So with that, I'd like now to turn the call over to Sumedh.

Thank you, Blair, and welcome to our second quarter earnings call. In Q2, we continue to execute well. resulting in another quarter of solid revenue growth and profitability. In this new era of cybersecurity driven by advanced data analytics automation and AI, Qualys's pioneering a new risk operation center category in cybersecurity and redefining our organizations managed by risk. While traditional security operations center saw focus on detecting breaches after they happen. The rock is built for prevention. Qualys' cloud-native ETM enterprise tourist management solution powers this transformation. With over 18 trillion data points processed in real time, we have unleashed the power of our platform to integrate and normalize signals from both Qualys and non-QualyS tools, excluding CrowdStrike securities work [indiscernible] tenable and with. Unlike other continuous threat exposure management solutions that simply highlight exposure and lack effective remediation or business context, Qualys ETM solution is a powerful orchestration layer aggregating both Qualys and noncore security findings applying Threat Intelligence and delivering a unified business contextual view of risk with holistic prioritization and automated remediation. This business aligned approach to pre-breach cyber risk management continues to resonate strongly with customers and boards and positions Qualys at the forefront of [indiscernible] in cybersecurity. One defined not just by the detection of the vulnerabilities, but by measurable proactive, automated risk reduction at scale. With active POCs already converting after announcing GA just a short while ago, we continue to see many parallels between this new market opportunity and the early days of our VMDR launch, including a significant greenfield opportunity and growing demand. With our latest announcement yesterday, we are very excited to introduce Qualys' later game-changing vision for the future of Cyber is management with the launch of a fully reimagined Agent AI platform built on a unified fiber to seamlessly manage cyber risk across multi-vendor environment. At its core, every cyber risk AI agent represents a specialized autonomous AI fabric equipped to automate complex business processes and autonomously adapt to customers' environment by accessing diverse internal and external data sources, applications and machines. These agents achieve complete end-to-end outcomes for sub-security teams. Available in a first-of-a-kind agent AI marketplace for risk management. CISOs can now quickly augment their team with highly specialized autonomous experts that can bring down the time to remediation, increase accuracy and reduce costs. Users can use out-of-the-box cyber risk agents available in the marketplace, interactively create their own specialist agents or leverage third-party agents for our -- from our partners that can be added to the marketplace in the future. Further advancing our remediation focus beyond patching, we are also introducing new capabilities to our TruRisk eliminate umbrella of remediation solutions. Now organizations can quickly determine trending risks to that environment. The estimated impact of a breach on a particular asset and the probability of successfully applying a patch. If applying Apache deem the significant operational risk of the business, security and IT teams can alternatively choose to automate array early of compensating controls to prevent an incident from occurring. Embedding Qualys' AI assistant directly into remediation workflows is a significant adoption level, a strong competitive differentiator opens new market opportunities well beyond patch management. Continuing this rapid pace of innovation, we are further broadening our ATM solution and bringing natively integrated identity security posture management, ISPM to market at a time when identities have become part of the new perimeter. Compromised credentials are central to nearly every major cyber attack today Qualys solution is aimed at helping organizations stay in front of adversaries by continuously analyzing identity systems for misconfigurations, excessive privileges and toxic combinations with assets. By unifying the identity risk surface, we eliminate silos and hub securities visualize amenity exposure and remediate risk before attaches escalate privileges or laterally. Spanning devices, cloud workloads and applications, Qualys now provides holistic protection using Qualys and normal data sources across key identity touch points max to asset criticality and backed by real-time remediation through a single native integrated platform. These innovative new approaches to cybersecurity risk management, along with several others we are showcasing at Black Hat this week, allow our customers to reduce complexity and cost achieve better outcome and create multidimensional path for durable long-term growth in our business. Moving on to the business update. Over the last several months, I have personally met with many customers, prospects and partners, and the message has remained resoundingly clear. Organizations are increasingly anchoring pre-breach cyber spend to solutions that articulate and demonstrate a measurable impact on cyber risk rather than consolidating around a single vendor CISOs are seeking platforms. There are a lot of flexibility across their secured stack while unifying this through a common framework. This requires a centralized risk habitat, which brings together diverse tools and enables teams to uniformly assess, prioritize and remediate risk. With a 25-year track record of converting operational challenges for customers into strong competitive advantages, we are well positioned to capitalize on the evolving market opportunities. In Q2, this success was demonstrated by the number of customers spending $500,000 or more growing 7% from a year ago to [ 212 ]. It was also evidenced by notable industry endorsements in the market we help pioneer. Qualys VMDR with TruRisk and total cloud were voted the best vulnerability and cloud security posture management solution, respectively, at the 2024 SC Awards in Europe. IDC named Qualys a major player in [ Snap and Koping Coal ] recognized Qualys as a leader in SNAP and a market leader in our tax service management. Let me share a couple of recent wins, which illustrate these accolades and reflect why companies ready to centralize their response to cyber risk are turning to Qualys to help unify their security tools quantify and immediate risk in their environments and achieve better security outcomes. First, a global fintech company determined that managing silo tools added complexity to their operations lack integration and misdetection, which hindered their ability to assess risk and centralized remediation. This customer chose Qualys to transform siloed risk signals spanning, core depositories, endpoint, identity, cloud container IT and network such into a cohesive real-time risk management solution by consolidating Qualys and non-Qualys. This included purchasing 7 Qualys modules, including ATM to bring -- to begin operationalizing their risk operation center with ingested data from strike it side and is resulting in a 7-figure annual bookings deal. By consolidating these data sources into the Qualys platform, we are now delivering this customer, a vendor-agnostic orchestration layer with full visibility of their attack surface centralized risk assessment, quantification, prioritization and remediation while enlishing the operational efficiencies of security stack consolidation aligned with acceptable risk parameters for the business. Another marquee win was a large federal government agency previously using multiple legacy and next-gen solutions to manage a variety of risk management use cases across their security and DevOps teams. In addition to the complexity of using multiple products, this government agency was frustrated with increasing costs associated with outdated on-prem deployments from last several years. Looking to migrate to a cloud native solution that meets the CISA binding operational directives, are now in the process of replacing 2 of their existing vendors in a high 6-figure annual booking deployment using 10 Qualys modules, including Cybersecurity Asset Management, VMDR, patch management and, [ total ] cloud. Through this highly strategic and competitive win, the customer is now able to leverage unified dashboards across nearly a dozen separate bureaus that provides them a greater insight and automation that can -- that any of the competitive products that they are evaluated while taking full advantage of the speed and scale of the integrated platform. with out-of-the-box support for CDM within the CISA framework, we are now working towards a Phase II agency-wide rollout of the cybersecurity asset management solution, presenting a significant upsell opportunity for us. Beyond this win, we are pleased to announce Qualys has recently received Agency Authorization for Fed Ramp High. With this authorization, Qualys is the only FedRAMP high platform offering inventory, vulnerability management, patch management, CSPM, container security and EDR in a single unified workflow across hybrid environments. As government agencies increasingly transition workloads from on-prem environments to the cloud, the achievement marks a significant milestone and establishes Qualys as the only modern alternative to legacy scanners for federal, state and local agencies. Our authorization consolidated platform and continued investment in public sector expansion underscores our commitment to this market and positions Qualys well to drive long-term incremental growth. That momentum was on full display at our Second Annual Public Sector Risk Conference, Cyber Risk Conference in May where we were especially encouraged by the strong turnout and positive feedback to the concept of a risk operation center to bring efficiency to government agencies instead of playing risk vacuole with multiple siloed legacy solutions. Investing in our partner ecosystem remains a key pillar of our growth agenda. Through our strategic technical alliances program, we are driving deep technology integrations, whole-selling opportunities and demand generation programs. We believe this expanding ecosystem bolsters our capacity, harnesses transformative solution sales and brings new business to Qualys. Additionally, we have advanced our global Rock ecosystem by certifying 3 new strategic partners who wanted to partner with Qualys to bring the rock to their customer base. With growing channel momentum and a growing pipeline of fresh new analog services being offered to customers, we look forward to sharing some exciting new wins in the upcoming quarters. With more and more customers and partners beginning to perceive Qualys as a leading pre-breach risk mitigation management platform, that consolidates and orchestrates multiple security solutions and workflows, I am pleased to announce [ May Mitchell ] as our newly appointed CMO pipeline creation, growing module adoption, winning new business and vagilizing the AI native rock are key priorities. With me at [indiscernible] and her long experience in cybersecurity, we are intensifying our marketing activities and increasing focus on ramping top-of-funnel initiatives and enhancing brand awareness to help drive adoption of the Qualys platform to new heights. To further accelerate awareness and unleash new Qualys capabilities for customers, I'm also pleased to announce the launch of our Qualys platform pricing model, where we enable customers to purchase Qualys units providing access to the entire platform and flexibly utilizing Qualys modules of their choice over the course of their subscription term. Instead of purchasing Qualys modules individually organizations now adopt the products they need today and in the future through a frictionless process design to flexibly replace existing technologies and seamlessly switch between Qualys modules. Customers are expressing strong enthusiasm for this new pricing model, and we believe it will further enhance long-term customer loyalty and drive larger lands, reduce cost and bolster cyber resilience over time with more customers adopting more Qualys solutions faster. In summary, Qualys is well armed with fresh new capabilities and new agency authorized FedRAMP high solution for government wide use, strong channel momentum and flexible platform pricing to help customers unify pre bridge risk management workloads, reduce costs and address today's stock security challenges with trusted innovation and early adoption we're strengthening our position as the partner of choice for customers ready to centralize the response to cyber risk and believe we have to outpace our competitors extend our thought leadership and build upon an already strong foundation to drive durable long-term growth in the business. With that, I will turn the call over to Joo Mi to further discuss our second quarter results and outlook for the third quarter and full year 2025.

Thanks, Samedh, and good afternoon. Before I start, I'd like to note that except for revenue, all financial figures are non-GAAP and growth rates are based on comparisons to the prior year period unless stated otherwise. . Turning to second quarter results. Revenues grew 10% to $164.1 million. The channel continued to increase its contribution, making up 49% of total revenue compared to 46% a year ago. Revenues from channel partners grew 17%, outpacing direct, which grew 4%. As a result of our strategic emphasis on leveraging our partner ecosystem to drive growth, we expect this trend to continue. [indiscernible] 15% growth outside the U.S. was ahead of our domestic business, which grew by 7%. U.S. and international revenue mix was 57% and 43%, respectively. In Q2, despite ongoing macroeconomic uncertainty, our growth retention rate and upsell execution improved with our net dollar expansion rate of 104%, up from 13% last quarter. In terms of product contribution to bookings, patch management and cybersecurity asset management combined made up 16% of total bookings and 26% of new bookings on an LTM basis. Our cloud security solutions, total cloud [ Sina ] made up 5% of LTM bookings. Turning to profitability. Adjusted EBITDA for the second quarter of 2025 was $73.4 million, representing a 45% margin compared to a 47% margin a year ago. Operating expenses in Q2 increased by 15% to $67.7 million. driven by investments in sales and marketing and R&D. Demonstrating our ability to innovate and invest in our long-term growth initiatives while remaining capital efficient. ETMs for the second quarter of 2025 grew 11% to 1.68. Our free cash flow was $32.4 million, representing a 20% margin compared to 33% in the prior year due to fluctuations in working capital. Normalizing for this, first half 2025 margin was 43% compared to 45% in the prior year. In Q2, we continue to invest the cash we generated from operations back into Qualys, including $1.3 million in capital expenditures and $49.2 million to repurchase $375,000 of our outstanding shares. Since commencing our share repurchase program in February 2018, we have repurchased 10 million shares and returned over $1.1 billion in cash to shareholders. As of the end of the quarter, we had $254.6 million remaining in our share repurchase program. With that, let me turn to guidance, starting with revenue. For the full year 2025, we expect revenue to be in the range of $656 million to $662 million, which represents a growth rate of 8% to 9%. This compares to prior guidance of $648 million to $657 million. For the third quarter of 2025, we expect revenue to be in the range of $164.5 million to $167.5 million, representing a growth rate of 7% to 9%. While we believe our platform approach to cyber risk management provides some insulation as macro volatility, this guidance assumes continued budget scrutiny in a challenging environment for new business growth in 2025. Shifting to profitability guidance for the full year 2025, we expect an EBITDA margin in the range of low to mid-40s, applying a 15% to 17% increase in operating expenses and a free cash flow margin in the mid-30s. We expect full year EPS to be in the range of 6.2% to 6.5%, up from the prior range of $6 to $6.3 million. For the third quarter of 2025, we expect EPS to be in the range of 1.5% to 1.6%. Our planned capital expenditures in 2025 are expected to be in the range of $7 million to $9 million for the third quarter of 2025 and the range of $1 million to $3 million. We continue to believe organizations will increasingly adopted both stack security and compliance coverage to meet the demands of today's threat landscape and reduce costs. As the impact of the macro economy unfolds, we are closely monitoring the business environment. We'll continue to adjust our priorities accordingly. That said, considering the long-term growth opportunities ahead of us, and our industry-leading margins implying further room for investment. We intend to continue to responsibly align our product and marketing investments to focus on high-impact initiatives aimed at driving more pipeline, accelerating our partner program and expanding our federal vertical. As a percentage of revenues, we expect to prioritize increased investments in sales and marketing and engineering with a more modest increase in G&A consistent with our commitment to Qualys's long-term growth and profitability. With that, Sumedh, I would be happy to answer any of your questions.

[Operator Instructions] And the first question comes from Jonathan Ho with William Blair.

Congratulations on the strong results I wanted to maybe start out with the macro environment and you get a sense from you of what some of the puts and takes are out there and especially relative to your ability to raise guidance, how we should think about sort of the conservatism that's baked in?

I think at a high level, as Joo Mi mentioned, right, the environment is kind of stable right now, but it continues to be challenging. So deal scrutinies there. I think customers are overall just a little bit more wait and watch to see how the impact of some of the current conditions is going to be on their spend through the rest of the year. And so we're just being factoring that in right now in the way that we are thinking, we're not assuming anything getting better from an environment perspective. So it's more assuming that it's going to continue kind of as is.

Yes. And from our perspective, in Q2, we did see slight improvement in net dollar expansion rate, moving up to 104%. We've been at 103% for several quarters in a row and are low was at 102% a year ago. And so we are optimistic that we were able to make an improvement from both the growth retention as well as upsell perspective this quarter, which kind of indicates that the market and the selling environment is actually not worsening. We see an opportunity to sell more of our newer products, have more conversations with their customers. And although the new business continues to be challenging, and we expect that to continue throughout 2025, do see some upside when it comes to expand with our existing customers. .

Excellent. And just in terms of a follow-up, can you help us understand how maybe the [indiscernible] messaging has been performing just given the challenges of selling sort of new platforms in the environment, we may be resonating the most with customers and causing them to choose to go in the [indiscernible] direction.

That's a great question. I think a lot of partners are providing sort of SOX/MDR services. It's a bit of a saturated market. And for them, this threat detection after the breach has happened is what they are focused on. And so what partners are excited about is being able to go back to those partners who have a SOC to those customers who have a SOC and being able to position a new solution and new services, which is proactively managing your risk and helping prevent a lot of them sort of provide some managed vulnerability service here or there, but there is no -- and then there is cloud and then there is identity. And so when you look at risk management, there is sort of no easy holistic service that a lot of them are offering. And so what [indiscernible] does is part of the managed risk operation center concept, they can go to the customers that have SOC and say, hey, we now have a new capability that you can upsell to, which allows you to implement a similarly operationalized risk operation center environment built on the Qualys platform and it does not require them to switch out solutions that they are potentially using for cloud security for entity that this is something that can be built on top of that. And so they're excited about that because this is -- this allows them to create services and services revenue is very interesting for them rather than just a few points here or there on the the price of the individual SKU. And so in some cases, can potentially add $5 of service to $1 of ATM that they could sell as a representative example, right? And so -- that is where we are seeing these partners are excited. Of course, they have to build out new services and they have to build new practices to be able to do that. but the excitement of being 1 of the few [indiscernible] partners that actually is able to offer this service is very interesting for them because that differentiates them from the other 200 players that are only offering MDR.

And our next question will come from Roger Boyd with UBS.

Joo Mi, I was wondering if you could just help us kind of bridge the gap between revenue and billings growth. I know that's not a metric you guide to, but you've previously given some directional color about the growth of those 2 numbers being in the same ballpark. Just trying to get a sense of the difference there, what you're seeing from a billings front, anything to be mindful of around deal timing given RPO bookings look, I think, pretty strong this quarter. Anything else to be mindful there of FX or anything else would be great.

Yes. The revenue is lagging. I would say that current billings on an LTM basis could be indicative of the bookings performance, which is more of a leading indicator. So I understand the focus on the current billings. At the beginning of the year, what I have kind of given an indication for current billings at around like 6% to 8%, in line with the revenue growth guidance, 6% to 8% at the beginning of the year. For current billings, I would say that still remains true probably the best indicator there or a guidance I can give at the time. Now on the revenue side, you could see that we've outperformed booking 10% growth rate for Q1 and Q2, guiding to 7% to 9% for Q3. And so what that implies is current billings going up from 7% to 8%, 7% in Q1 looks like. We closed it at 8%. But in the second half, because of the tougher comparison relative to second half of last year, we are anticipating it to kind of come down to land around 6% to 8% for the full year for current billings.

Got it. That's helpful. And then just as a follow-up, Sumedh, Nice to see FedRAMP high. Just any insight into kind of your expectations for the federal vertical in 3Q. My gut assumption is that it's probably difficult to think that can be super impactful in the next quarter, but would love to get kind of your view on the opportunity there. .

Yes, for sure, right. I think expecting any federal movement happening within a few weeks of us getting the FedRAMP high would be a little bit too much expectation. But I think -- so see, for us, this has been a long-term focus and investment that we have been making. And as anybody who goes for FedRAMP, FedRAMP High will tell you this is a significant investment to really get there. And so we're super excited to now have that FedRAMP High platform that does vulnerability management, patch management and cloud security. And so that really is going to open us up opportunities. Obviously, right now, you kind of have a mixed bag with some folks kind of waiting to see how things progress with the cost reduction, others are seeing this as an opportunity to change out their incumbent vendors to new solutions and FedRAMP High coming at this time. bodes well in my mind for opportunities that will get created over the next few quarters because now we could go in, we could basically showcase what we are the modern solution that is FedRAMP High. And so as they are looking for efficiency and moving out of legacy on-prem solutions, their options are non-FedRAMP High solution in the cloud or a FedRAMP High with Qualys. And so I think that is an advantage in my opinion for us, and we look forward to leveraging that. I'm also looking forward to a lot of other commercial companies that actually are FedRAMP high or looking to get FedRAMP High, need FedRAMP High solution, and you have a lot of big companies who are looking for that. And so that puts us in an interesting opportunity, again, where it's not just the government agencies themselves, but we can also see potential pipeline buildup from commercial entities that are currently in the process of trying to go FedRAMP High and want to switch to a solution that is also FedRAMP High because there currently is no other solution that can do like FedRAMP High management as an example, right? So I don't really expect anything immediately in this quarter. But I think with the momentum that we're seeing, our investment in the federal side of the conference that we did and now getting FedRAMP High. I think this is key for us, as I have mentioned in the last few quarters as well that federal over the next couple of years can be an important area of growth for us.

And our next question will come from Kingsley Crane with Canaccord. .

And echo congrats on a really strong quarter. Nice to hear about Qualys flex pricing. I think this has been something you've been considering for a while. I want to hear more about what kinds of impacts we could expect as a result, like perhaps larger commitments. And just want to clarify any of the large deals in the quarter were flex pricing. .

Look, it's early days right now, but the feedback that we have gotten has been very positive, right? So we want to get this out and we want to get some of these deals close. But overall, today, a customer buys VMDR, then they are interested in trying patch management, like that's a whole process that they have to go through to buy that additional SKU win. So as we move into this pricing, it essentially, if they buy any number of pricing, it gives them access to all Qualys modules, right? They have access to it. Of course, if they want to use it, they have to buy additional units to be able to leverage those. And so for somebody who is maybe focusing on vulnerability management, they want to try a patch management, they can just do that now with the flex pricing without really having to go and get a whole new SKU purchase, et cetera. So that is where it's exciting for them is that they can look at the utilization, they can try and new capabilities. And then as they like those capabilities that they can actually buy more units to be able to use those capabilities at scale. And that's really where we see the opportunity. And so we are looking forward to seeing the kind of uplift that we can get because that can get a customer interested in buying fewer additional units so that they can leverage broader platform capabilities right as they do the purchase. So that's the hypothesis and the way we are seeing the early conversations with customers, but we still need to get a few of those deals closed and then we'll give updates as we see the progress happening, but it is definitely something that we see as a key aspect over the next year or 2 for us to push forward so that we can create upsells. And also for net new customers is we're seeing customer net must also coming in buying multiple modules upfront, as you can see, cybersecurity asset management, patch management already 26% of bookings for net new customers, like that will give them opportunity to leverage newer capabilities and more capabilities, which then allows them to potentially buy more units as they roll that out.

Great. Yes. I mean the model -- it's great for customers good for you. And so for Joo Mi, so you just brought on May Mitchell and we're talking about investing in more key marketing initiatives. Of course, we've had some pretty significant earnings upticks over the past 2 quarters on the guide. So I mean should we expect that some of these are really going to be more of a focus in fiscal '26?

I would say that we're ready to get started because we've kind of built the momentum because if you take a look at our sales and marketing for the first half of this year. It's grown by 15% year-over-year and then even in the R&D front, we grew by 8% in Q1. We ramped that up to 15% because R&D also included product management. And the entire GTM team has been working very closely together to make sure that we work on the value proposition, how we're positioning our product to not just our sales reps, but more importantly, a partner-first approach. So we are really working with the entire team, including the engineers to make sure that are we working on the right product enhancements? Are we messaging it correctly and then really focus on partner marketing front and so we do anticipate the increase in sales and marketing investments up from the 15% level that we saw in Q2 and then same thing on the R&D side. .

And the next question will come from Rudy Kessinger with D.A. Davidson. .

The revenue -- Joo Mi, the revenue outperformance historically has been pretty minimal in your quarters last 4 quarters now, you've beaten on revenue by about 2%. Is there any more color you can add to that? Just what's driving that relative to your guidance? Have you guys just adopted a more conservative guidance framework in general is because of the macro conservatism or any professional services revenue potentially driving that upside?

Yes. It's not professional services, but I definitely had to do with the fact that when we first guided to revenue at the beginning of the year, there was a good amount of uncertainty in the business with respect to macro as well as if you're taking a look at our current billings kind of the trajectory of historical performance and with our revenue coming down, we wanted to make sure that, look, if I'm looking at a potential range of outcomes, for the business, given that we are pivoting significantly into ATM, a new platform play introducing new products and the difficulty that we've had with expanding the spend with our existing cost centers that we were looking at a more conservative scenario. And it could have gone that way, but thankfully, as you see by our performance, we've done really well the first half. I think the team has worked really hard to make sure that we're making up or kind of all the underperformance, if you will, like that we saw at the end of last year with our CMO in place, and we're continuing to look for our new CRO, we are hoping that we will continue to make good progress on this going forward through the end of 2025 and hopefully, we'll be able to make some meaningful improvements in 2026.

Okay. That's helpful. And then on current calculated billings, TTM current calculated billings, it sounds like you are still expecting 6% to 8% year. What would be the drivers of upside to that figure and irrespective of where it lands, should we still look at TTM billings as the go-forward indicator of next 12 months revenue growth as we exit this year and go into '26?

Yes. I think that would be the best proxy at this point, if you're thinking about 2026 revenue. But on current billings, I would say that higher probability of us outperforming with our existing customers, given our newer products, like, for example, our net dollar expansion rate did increase to 104%, up from 103%. If you were to call out 2 areas where it could -- the additional growth could come from new land versus existing customers, I would say the latter. .

And the next question comes from Trevor Walsh with Citizens.

Sumedh, maybe to start with you, great to see the product development that you're working on as far as AI agents in the marketplace and kind of all the ways in which that can I guess, boost the platform. There's been a lot of activity in that space, I guess, AI security just generally kind of M&A-wise this week given Black Hat and others. Just curious kind of what your overall take is on that space given some of that -- those announcements and just as a product person yourself, how you feel about building versus buying there and if this is somehow different in the space the pace at which some of these tools are kind of moving and growing that, that might get you off the fence to do something around the same lines or if it were thinking you can do it kind of organically internally?

Yes. Thank you for that question. I was like with 4 questions saying and nobody's asked about AI, so excited about it, but it's super exciting, right? If you get a chance to really go through that. I think the way we have positioned and created this capability is really bridging that gap between like the agent AI being some piece of core somewhere versus sort of having a marketplace or you feel like you're actually able to hire a patch choose expert who knows absolutely end-to-end hard to coordinate scans how to coordinate assessment, how to coordinate prioritization, how to coordinate reputation and gets all of that thing done all in one, and they have a name, they have a persona, you can rate them. . And so that's been super exciting for us. And we have been really able to get that. We've been working on it for a few months. But 1 of the things that are happening in AI, in general, is the advancement of technology is happening at a rapid base, right? And not to get too much into the depth of it. But if you look at like RAG came out a year or so ago and now what we are leveraging is in big ways MCP protocol, right? Like the -- then the model context protocol. MCP allows customers to much more rapidly take their existing solutions and use them with overall AI agents because they add a layer of context on top of their existing APIs and existing databases and existing data stores, right? And so that allows us to do this much, much quicker than what we have. And so I think AI security is following that same that as AI concepts and AI protocols are evolving so fast. People are also trying to figure out what does that mean, right? If we were looking at RAC security where you are bringing all of your data into 1 single vector database, maybe a few months ago, certainly, you have MCP, which is sort of bringing a new layer. Now bringing the new layer of MCP doesn't mean that your existing data store and all of that does not have to have the traditional security, it still needs to have the security that you need to. And so what our team is doing is really rapidly tracking sort of these enhancements and new capabilities that are coming out in AI and responding accordingly. And that's where we came up with Total AI few months ago when people were running LLM in their own environment. And now we're seeing LMs being run at least the foundational LLMs being leveraged by from backlog as a service. And so -- we're pivoting quickly to provide capabilities around MCP protocol, MCP discovery and MCP mapping as well as MCP authentication authorization capabilities. So I think there's always opportunities for us to look at players that are upcoming, but it's just so dynamic right now that we also want to wait and watch as we develop our own solutions to see which direction is going to be the stable direction for some of these AI capabilities to go. .

That makes total sense. Maybe a quick follow-up for you, Joo Mi, just more of a clarification. So now that you have the FedRAMP high in place, I know that some of the investments in the past around sales and marketing were to build out the public sector team. So do you feel like those investments now are just kind of waiting to deliver on the ROI of those? Or will there still be as part of that increased spend you noted going forward, kind of public sector pieces or elements to that? .

There are definitely pieces just because we are making sure that all investments that we made to achieve FedRAMP High already been made. But with that said, there is maintenance, and there's also GTM efforts. Marketing effort to make sure that we just opened up the DC offer to make sure they -- our customers know that we have a presence in DC. And so we'll be working very closely with our marketing team to make sure that we have all the opportunities out there. I think that from a meaningful booking perspective, it won't happen until next year. But we've been ready. I think it's just about execution at this point.

And the next question comes from Patrick Colville with Scotia Bank. .

This is Joe Vandrick on for Patrick Colville. Sumedh, that global fintech win you highlighted is a great example of consolidation on the platform. So how often are your conversations turning it into multiproduct platform deals versus customers just buying a module to solve the specific pain point?

The way the space is evolving is very interesting, right? There are opportunities for consolidation with -- in certain areas with the vendor, and you see that happening with CNAPP, where -- in the past, it used to be multiple cloud security solutions are not going under 1 umbrella. But we also see that customers are not necessarily looking to have every single capability from the same vendors. So there are areas and vendors that they trust for certain use cases, and they want to stick with those vendors. And so what we see when we are talking to customers is a combination of in areas where they are like, hey, look, I want to consolidate vulnerability and patching and some of those cloud things with you. But for IDBS, want to continue to Okta and for EDR I'm still using CrowdStrike and want security score for third-party management. And so that's kind of where -- and that deal that I highlighted was great because we saw a bunch of modules they took from Qualys, but then they also took the ETA module, which allows them to bring third-party data from their existing solutions to consolidate into a single fabric to get a single view of their risk. And so that's what we are excited about is like while it's early days, if the customer wants to consolidate certain capabilities, we have a bunch of those modules and in the cases where they don't necessarily want to consolidate right now. We don't have to walk away. We still have an APM solution that they can purchase to take the data from the existing modules and actually provide better value of the investment in some of these third parties and in 1 of the conferences in BC, I showcased this sort of a funnel view where we took 65 million findings across CrowdStrike, Qualys Security Scorecard and after we applied the risk operation center, paradigms, threat detection and business context, it went from $65 million overall finding to $2 million that actually mattered and then after we applied the business context, this went down to $300,000 that actually were adding business risk to the customer. And that kind of an outcome from a risk operation center really was exciting for them so they could get the value without having to do a vendor replacement and going through that process, they could combine Qualys modules with third-party data and get real meaningful outcome and value for the Board.

That's helpful. And then maybe 1 for Jim. And you guys mentioned an improvement in gross retention and net retention. So I'm wondering if you attribute that mostly to the macro environment? Or is that driven by improved execution or maybe a little bit of those?

I would say it's hard to parse in it, but it's probably a little bit of both because if you're talking about our our net dollar expansion increasing this quarter relative to last quarter, it's a of customers that were up for renewal in this quarter. And from the discussions that we were having, it's not just that we start today. We typically start discussions like throughout the entire year, like definitely at least a quarter before the intended renewal date. And what we've seen is, I think that there's less of a macro headwind today than we saw definitely at the beginning of the year. So with our continued execution, continue having multiple discussions of our new products and the value, how we're evolving as a company and how our product, we said it makes sense for them, especially with what's upcoming with the new pricing model, it's really resonating with our existing customers.

And our next question will come from Joshua Tilton with Wolfe Research .

Two for me. The first 1 is, Sumedh, unless I misheard you, I think you spoke to some channel initiatives that you to drive some large deals in the second half -- is there anything you can elaborate on those large deals? Is it new customers? Is it existing customers expanding? And more importantly, are these deals baked into your revenue outlook and your 6% to 8% billings growth expectation for the full year? And then again, I have a follow-up.

Yes. No specific deals when I talked about strategically is the risk operation center concept is resonating well with the CISOs of the partners' customers. And they are working with us to get the mROC certification and then mROC services deployed in our catalog and for them to be able to sell those. And what we are seeing is the conversations are driving their customers to look at consolidation of certain areas as well as purchasing Qualys licenses on top of existing solutions as well. And so we are -- we are looking forward to working with them for new business deals and taking some of our existing direct customers as we work with them to see if they have the right contacts that we can upsell to additional capabilities, but nothing specific at this point that we are talking about or baking in anything additional as part of that. This is a more of long term initiative and we are looking forward for our partners to start to help us build that pipeline, which obviously is going to take some time and closing their pipeline will take some more time.

Super helpful. And then maybe my second one, just more of a clarification, just a follow-up to question. New CMO, lots of exciting product announcements. It sounds like you guys are going to invest behind this to drive some additional growth. Are the investments that you plan to execute? Are they fully baked into the second half? Or is this should we start to see these investments ramping next year.

Right now, we are starting the 2026 budget and planning cycle, but what we're planning to execute to is what we had planned at the beginning of this year it's fully baked into the guidance. And the way we're seeing kind of the traction and the increase in investments quarter-over-quarter, it -- we saw some nice improvement with respect to investments in product management as well as the sales and marketing. We do see more room and for us to take advantage of the current opportunities ahead with the newer employees in seed. And so we plan to continue to invest and hence, we were guiding to the 15% to 17% increase in OpEx growth.

And the next question comes from Shrenik Kothari with Bard. .

Congrats on the great results. Some, you mentioned, of course, identity become the leading vector and the new periphery and now with the formal introduction of ISPM which because potentially seems like it can be an anchor for broader Zero Trust side rock, mROC. So just curious what advantages do you think Qualys brings to identity risk that allows you to compete here natively against other players? And what monetization potential you see in identity risk management controls. Then I had a quick follow-up. .

Still a lot of value that we add is our understanding in how our tax work and how vulnerabilities and escalation or privileges are tied to identities. And so for a while, we are focused on hosts and assets and servers and containers. And the second part of that is the partial view of the identity and how that creates a combination that can add additional risks, right? So particular asset with a particular vulnerability. It also has an identity that has certain issues. Now the risk is compounded as an example. And so the main differentiator that we bring is not necessarily that we are going to be identity service provider or like that. But pulling in the identity posture view into the risk operation center, tying that identity with the risk that we see coming from the infrastructure, the risk that we see coming from third-party integrations and the risk that we see coming from any of the other sources like misconfigurations, cloud, et cetera, how do you bring a holistic view of that identity and as it ties to the assets themselves? And is it tied to the vendors? And how does that create a compound risk is really our main focus. And so it's not necessarily for that we are going to replace some of the provider that they might have identity, there's more how we integrate with the provider that they have for identities and then provide them a better view of the risk which is not siloed only for identity, but it's actually a combined view of the identity and the asset together with the context of the threat actors for utilizing that. That's really the focus.

And quick follow-up for Joo Mi. So net dollar retention ticked up. Just looking out and looking forward, I know, Joo Mi, you had talked about potential sort of floor around 103%. How much headroom do you see just looking at -- I know it's backward looking, but the pipeline trends convergence, for the NDR and just from the rock adoption from the pricing model shift, just deeper sort of multi-model attaches with the platform model here? Just curious how you're thinking about going forward.

I do see an upside there because if you take a look at our low, it was at 102% a year ago. And when we were hoping that would be the trough. And since then, we've been kind of holding on study at 103%. We did increase to 104%. Now if you -- if you're looking at our historical net dollar expansion rate in the most recent year, the highest we've seen was at 111% a few years back. And so given the ROC, given the flex pricing, given newer products that we've just launched, I do anticipate that to continue to tick up, not consistently to I'm not calling that. I think that for this year, I'm just assuming that new meaningful improvement in net dollar expansion rate in the current guy, but with that said, that is something that we will be taking a look at very closely for next year's guidance. .

The next question will come from Mike Cikos with Needham .

I just wanted to cycle back to the improved commentary we're hearing today on upsell activity. Is there a way for you guys to parse out -- I know if I go back Q1 to towards the end of the quarter, we saw customers look to delay or weaker upsell activity than what was initially expected. How many of those customers came back to the table, did all of them come back in during this June quarter? And was there a catch-up, so to speak, when we think about the results we have here today?

No. It doesn't quite work like that for us. Typically, what happens is there's a core of customers that are up for renewal because majority of our deals are 1-year renewal. So if you think about the customers that were up for renewal in Q1, what we would talk -- what would we be talking to them about is a renewal set of products in a dollar amount and then plus the upsell side. Like let's say you were spending $100,000 with us, and you had a 10% increase in budget. How would you like to allocate that? Would you like to purchase more of existing products, let's say, VMDR? Would you like to try a newer product that you haven't had before for patch management, as an example, so we will be having those discussions with those core of customers up for renewal in that quarter. And typically, we would follow up with them, but -- it's not a meaningful percentage of customers who come back the quarter after to say all of a sudden, they have increase in budget and they like to do a second upsell. So what you're seeing for Q2 is really the score of customers that are up for renewal in Q2.

Okay. And then improved 2Q upsell activity, then was that in any way a reflection of the macro? Or what did you guys do from an internal process standpoint to drive that behavior, whether it was from partners or direct?

Majority of our discussions currently are focus on partners. I would say that it applies still more to new land with existing cars that working very closely with partners as our existing GTM team to make sure that we're having the right conversations with the right set of customers. I think that it's not necessarily due to 1 versus another. I think the macro from our perspective definitely hasn't worsened. I think there weren't any surprises in the quarter in the quarter when you're looking at external factors. We are getting better in terms of making sure that how we're communicating with our existing customers, how they should be thinking about public products and adopting newer products as well as utilizing their existing subscription, we've been getting better at it. And so I think all of it kind of contributed to the slight uptick in the net dollar expansion rate. .

And our next question will come from Brian Essex with JPMorgan.

Two for me. I guess, one, Sumedh, I think you alluded to maybe making some progress on the Chief Revenue Officer front. It's great to see the addition of many of the team. Just wondering what your time line would be around that and how that might impact some of the go-to-market initiatives you might have. .

Yes, as soon as I find the perfect one. I think my focus was the last few months to really make sure we get the marketing team in shape because I think for us, all the messaging around risk operation center is key for us to grow in the future. Like I said, we have a pretty good team under that -- from a sales perspective, that's been working well as you're seeing improving our performance. And we look forward to -- as we continue to talk and interview people. I think we -- I don't have a time line right now. I'm honestly just looking to find the right fit for us as we move more of partner-led approach, so we need a CRO that's going to be focusing more on partners rather than building a direct sales force, et cetera. And I think from that perspective, it's not that necessarily we're holding back too much on the -- like we are continuing to invest in the business. And of course, when we have we will work through and figure out kind of what the strategy change, if anything, is needed, whether that falls and then any investment changes we'll follow according to that.

Got it. Super helpful. And maybe a quick housekeeping question for Joo Mi. FX really moving around a lot this quarter. Just wondering what the impact was, I guess, both on the revenue side. And then on the cost side of the business as you see it and what we should expect, should we see the same, I guess, devaluation of the dollar towards the back half of the year? .

Yes. For us on both fronts, whether you're looking at the top line or the expense line, it wasn't material for us is because we do hedge both. And so what we'll do is we are monitoring it. And when it becomes meaningful, we will call it out. .

And the next question will come from Rob Owens with Piper Sandler. .

Aidan on for for Rob. You touched on this a bit earlier, but can you speak to how channel and customer education efforts with the newer products and partners that track relative to expectations? And what are some of the hurdles that may still exist there with newer solutions and AI advancements? .

No, I think the response has been great as 1 of the key strategic changes we made up from getting this information out to customer perspective last year, we hired Rich Sison as the Chief Risk Technology Officer. He's authored to measure anything in cybersecurity. And that has led to a lot of CES workshops around board risk reporting, and this has really been very helpful for us for top of the funnel activities, we're getting a lot of direct CISO conversations, and they are hearing about the conversation of the risk operation center. We're doing these workshops along with partners in many countries where the partner will bring their customers and which will go on top. And so I think those are all positive indicators. Again, that the concept of a ROC is new and they may not have budgeted for it. And so Typically, once they come, they like the idea, they want to talk to the Board. We work them then that goes into a demo that goes into a POC and then that helps them sort of figure out, okay, I had budgeted for this this year, how can I work on getting a budget that then I can get done purchase the following year. So that's sort of where we're at in the journey. Super excited about the engagement we're seeing at the top and happy with the conversions we're seeing right now as well. And we have good things in the hopper. And so now it's about how do we get those closed. So I think getting this out to the right people is something I think we're doing well. I think now it's about how do we scale that and how do we get more people to close those deals.

There are no further questions at this time. This will conclude today's conference call. Thank you for your participation, and you may now disconnect.