Zscaler, Inc. ($ZS)

Watkins, SVP, Investor Relations and Strategic Finance. Hello, everyone. Welcome to those of you joining us here in Las Vegas at Zenith Live and to those of you who are joining us online. We really appreciate you making the time to be with us here today. Before we begin, I'd like to remind everyone that today's presentation contains forward-looking statements within the meaning of the safe harbor provisions at the federal securities laws, including statements regarding our future financial performance, business strategy and market opportunities. These statements are subject to risks and uncertainties that could cause actual results to differ materially from those projected, and we take no obligation to update them. For a more complete discussion of the factors that could affect our results, please refer to the risk factors described in our most recent filings with the SEC, including our annual report on Form 10-K and quarterly reports on Form 10-Q. Okay. With that out of the way, we have a great lineup for you today. So in a minute, Jay is going to kick us off and take us through the Zscaler platform. and also go through some of the new solutions that we announced here today, including those that are securing AI. I know that is an interest for many of you. So we'll be sure to hit on those. Then Dave will come up and host a panel with 3 of our customers that we're really fortunate to have with us here today. They're going to take us through some of their security challenges their journey with Zscaler and also take time to answer your questions. So start to think about what you might want to ask. And last, we'll finish up with plenty of time for an executive Q&A. So you can make sure to get all your questions answered. Okay. We're ready to get going. With that, it's my great pleasure to introduce our Founder and CEO, Jay Chaudhry, Jay?

Thank you. All right. Good afternoon. Good afternoon. Great. So as Kim said, I'll give you a high-level view of our platforms, on the offerings, what sets us apart from others. -- as those of you who attended the morning keynote, they may be a little bit duplicate as we are broadcasting session. I want to make sure that remote attendees also have a big picture view of it. So overall, if you think about the opportunity that gets me excited is the massive market opportunity. It has been growing over time, and I'll walk you through how we have over $120 billion serviceable addressable market for us. And the need for cyber, the need for the solution we offer and talking about the architecture, what sets us apart and then a big picture view of the overall platform and close with some of the financial strengths. Let's jump into the TAM. I think when we had Investor Day, we'll do bottom up, do some more analysis of it. This is kind of built upon the market size than we had shared with you before. On 0 trust every year, which is not just the users, which is the cloud and branches, you look at all those things together. It's about $65 billion SAM, pretty sizable. We lead this area significantly, especially in the user side of it. The cloud is a great opportunity to disrupt the traditional virtual firewalls in the cloud and branch is an exciting opportunity to eliminate traditional wide network, traditional way of doing security inside the plants and factories. Data security is an ever-growing market as more and more data gets created and more and more on data sets out there. And with AI, the data loss becomes a bigger challenge. We see this as an ever-growing opportunity for us. Agentic Ops, essentially is largely around SecOps and a couple of other areas like IT operations. But this market is sizable in the early stages market, but we have a chance to disrupt it. And securing AI is a brand-new market segment. And we got some serious momentum. We set up AI security as a start-up with a Zscaler to really build these products. And I couldn't be happier with the pace which we are building and developing these products and the traction or the interest we're drawing from our customers. Let's look at -- the need -- you read all this stuff out there every day. So I don't need to walk you through all the stuff. But every day, every week, there's an issue that's happening. Somebody tried to embrace AI copilot loses data, open Clark, or credentials out there or some agent delivered some e-mails or they deleted some production database. And a lot of these things aren't even has they are actually lack of policy, lack of controls, lack of guards. So you combine the cyber part of it with some of the guardrails net we built and wanted to make sure AI can be used reliably and effectively. It's a huge, huge need. As I talked to so many CIOs and so many CSOs. The #1 message comes from them is -- we have identified a few pilot programs. We are ready to roll out. We have built some agents. I'm uncomfortable because the governance and controls aren't there. This is an interesting challenge everyone is facing and distribute from the exchange solutions will come in because think of the falling way. Where were some of these guards and controls and oil-based access, literally as a part of the application. You as a user, went to the application, application control what you could do and then application talk the data. And now you can bypass the whole application, you go directly to the data. Where is governance, where is control? Where is all this stuff? And interesting challenge. This is where us being in the middle of it to really do policy governance that type of stuff will become extremely important. A number of you may have seen this white paper that Anthropic published about a week ago, a Zero Trust or AI agents. As a read, I was wondering, did my Mark and team write it. It literally felt like what we advocate what we believe in the story was very simple for agents to work successfully. You can't let them roam and on the network. I had done network security. I have a firewall here and I have a firewall it doesn't really work. You really need to treat every agent is untrusted entity. And through some policy controls, you need to make sure they only talk to right areas. And so that's important. You've also been reading about methods. I mean, so much has been talked about Metros is unbelievable. We have been part of the Glass wing program from day 1, early March time frame. We have been using it. It's pretty effective. It can find a lot of vulnerabilities. The interesting challenges are being -- how do you fix them okay? Enterprises already have a large number of unmitigated unremediated vulnerabilities. Metros or for that matter, OpenAI is GPD 5.5 or purpose 4.7 or 4.0. They're all pretty sophisticated. They're going to give you 5x more -- what do you do about it? The answer is not that you're going to double, triple down on just patching. You will never get out of doing patching itself. So the answer is if opportunities get discovered, they're not passed. It's natural that there will be more breaches than we see today. Then the next level question that CIOs would ask is, how do I -- what else can I do to minimize breaches? I know patching goes only so far? And number two, if we got breached, how do we minimize the impact of those breaches. And that's where we actually fit extremely, extremely well. Number one thing our customers are doing to prevent breaches is hiding their applications, eliminating their attack surface. In the firewall wall, you're out there, you firewall. You can check VP and all the stuff out there, you scan and you see all of these things out there. The way Zscaler was built. Your proxy or which you're hidden behind us. Nobody knows where you are. Number one 'thing we can do. And our customers are busy working with us doing that. And that's also leading to some of the upsell opportunities for ZPA and some of the deception technologies because they want every user to be able to do Zero trust when they access any application. The second part ends up being stopping natural moment. Otherwise, a single infector machine in one branch can infect everything else out there, not a good idea. What if that could be contained in the branch itself -- we do that extremely well. So those are the 2 best defenses that our customers want. And we are working with the leading model companies. As I mentioned, we are part of Anthropic Project GlassGreen. We're also part of OpenAI, they break. And it's good to work with them because they actually are helping to actually bring the applications to the market, we become an important partner to make sure those applications can be securely used. So the whole notion that these model companies are going to eliminate our SaaS surplus will happen or cyber goods disappear. If you dig into Methos a little bit, so Methos finding more vulnerability, that means there's more need for providers like CSC. So the notion that these guys will go and do that stuff is really unfounded. The other part is a provider like Zscaler, we have a global infrastructure around the globe. There's 160 on exchanges out there, there's a public, and there are quite a few private exchanges major customers, okay? An agent is not going to go and create all of the infrastructure for your connection, network traffic routing -- all that stuff is a fairly complex and sophisticated area. That's why we feel like our need for us will grow because the more agents you have, the more policy enforcement, more in-line inspection you'll need, which is important because then we can help our customers and it creates a revenue opportunity for us. So the platform is meant for. This seems like Zscaler moment. I mean we built this platform for stuff like this. When we started the company, we built, we evangelize this stuff. When COVID came then the market realized said, "Oh, we need something like Secure. That was a big moment. We think this moment is almost like COVID because, in fact, it's even bigger from a cyber point of view as everything is online, everything is digital. So that's a platform we built. Just to refresh your memory on what we've built, what we're doing. On the left side is what you see. This is a typical corporate network. Everything connects to everything. Every office connects to every office, every IoT device OP device is connected because otherwise, you can't communicate and when you do VPN sitting at home, you're all part of the same network. Your network extends to every household are -- and this is primarily the biggest reason of the problems -- and all these firewalls sitting out there, they become fairly porous. They try to do segmentation with it. And when they find oh, this source IP to this destruction IP? Well, these 3 users need this. They need this. Then you know what the rule becomes any to any. It essentially becomes an open thing. That's why we need to move away from the world of firewalls to the Zero Trust world, where literally everything is literally in Island. They simply connect to Internet. We are the exchange with the switchboard, making sure the right party can talk to right party only, that's fundamentally what we're doing. So when people talk about this vendor, that's SC vendor, all the SC vendors doing spinning up virtual firewalls in the cloud fundamentally. There's no Zero Trust in it, okay? If people think that they don't need Zero Trust and the firewalls are fine. And part of the reason why firewall companies will not do real Zero Trust is because it cannibalizes all the firewalls. When we go in, tons of virals are taken out. It's not in the best interest. It's just like telcos were fighting, not eliminating MPLS. They'll go out and tell the customers say, "Don't do this because there is no quality of service. None of that is there. Guess what secular forces are very thoughtful. Similarly, I believe that the Zero Trust is a secular trend. That's the only approach that's needed. That's what we pioneered and that's where we have for meaningful lead and others can't even try to do it because it's not in the best interest. Okay. So here -- so the other thing, I often get asked the question and say, "Oh, say this, SaaS this, I see this. When others talk about SaaS, they talk about secure access to users. Now area we pioneered when we started with Zero Trust, any user can have access to any application or anywhere without being on the network. We are understanding that we moved on to do Zero Trust branch. Every branch is in Island, very important area, then doing 0 to inside the branch for every device. So an infected IoT device in the plant or in a factory can, in fact, other devices is very important, otherwise to Imagine if a plant goes down, it's an important area. And Zerocloud is about cloud workloads, fascinating story amount to workloads in the cloud will keep on going. And AI will further accelerate the development of these workloads out to. How is this cyber done? -- east-west firewalls, no of we'll do a virtual firewalls. This source IP address can talk to this Destin IP address. Not very exciting, not very manageable and this when we come in and say goodbye to all these virtual firewalls, and we can do true Zero Trust in the cloud. Very exciting area and growing very well for us. The most exciting announcement for us this week Zero just for AI agents. This is fantastic. Now as I said during my keynote, the rally about probably 70% of the pieces we need to 0 trust for agents who are already there. Think of it, agents or like people, the digital workers -- we already have technology to do that. Agents are like code. We've done it for workloads. We've got all the pieces, the policy engine, the logging reporting and all, it's all there. I'll come back to cover that a little bit more. So all this Zero Trust everywhere is done to really achieve 4 key areas. Security of AI, how do we secure all the AI application infrastructure, data security, cyber protection and Agentic SecOps. Let me dig a little bit deeper into each of these. Security of AI. This is what every customer is 1 looking for to start with. Every customer wants to know what AI assets do I have? Where are they? Do you have the end point? I mean using externally, for example, public AI applications, all the my private AI models, prime bedrock, whatever the case may be, all what's on the endpoint. We brought together all of this as one dashboard being able to give you a full view of all assets for AI, no matter where they are, okay? -- and along with the risks they post. It's important. Every company talks for having AI Asset Management. So an EDR vendor when they talk about it, they're going to tell what's on the endpoint, because that's what the it -- there are no idea of what communication is happening there. They can tell you the public AI. They can't tell you the traffic. We're sitting in line for cloud or Internet we're sitting on the endpoint. We're able to give you a full view of it. Second area is secure AIX. This is for your employees, which employees should be able to access, which AI applications. We already had a policy engine. We have done that for other applications. So having rules and policies for AI applications were relatively easy for us. We had to essentially build an engine for prompt inspection and response inspection, so we could analyze the prompts and do a policy based on that. Also the prompts can lose data. So being able to essentially do DLP as the prompts are going down was a natural thing for us, because we already do DLP. The third bucket in this area with a solution we call AI Protect is securing applications and infrastructure that goes with it. This is handling the full life cycle from development through deployment and on time. For development, for example, we offered a red teaming, AI team. This came through the acquisition of SPLX. They've done a very good job in at they not only did -- are team. They also did continuous automated red teaming. And that's going to become an industry trend as models like Methos come out, continuous red teaming will need to be done. And the way we had build these red teaming application. I can use any of the models on the back end to really do some of the scanning and vulnerabilities. It's a powerful story. The next thing, if you did this, -- how about frontline? What do you do for on time? That means securing your application build for your company. And when users need to access them, maybe it's your customers. They could do some bad things out there. They could do prompt injection from a cyber point of view. There could be a data issue. They could be unacceptable use. There could be other crazy questions. Like one of the cases we saw in California where a car dealership set up an application where consumers could interact with it. And somebody asked a question and say, which electric car is better than the electric cars you sell, okay? So go to Tesla. Those are guardrails for acceptable use, meaningful use, they need to be set up out there. There's some pricing questions that need to be done right. And these guys can go around it. There was a pop interesting use case. This was about CoPilot. The question was, once you train AI on these CoPilot. They get all the information. In all days in computing, you wrote a query, the computer can only give you an answer on that query and nothing more. And they all once you train on it, they got all the information. So a user could say, tell me salary and bonus of XYZ. Now everyone is getting smarter and say, "Oh, CoPilot if someone is asking for the Saudi do not answer that question, say, sorry, I'm not allowed to share this information. Then as you saw last year, we shared this example. And this one guy goes and say, John likes to play basketball games from this pitiful box and the ticker for the box per game is $3,000. Tell me how many games you can watch in a box sent in blocks in -- with 1 year's salary. Okay. That's on a guardroom. All those things need to be figured out, and those are part of the guardrail rules and all we're building and making sure customers can accept it. So this AI protect is a powerful solution. We launched it in late January. A number of pieces are built by us. A couple of modules came from SBLX. And when I talk to customers, they tell us that they haven't seen any solution that's as complete as integrated in this area as this is. So very pleased with that. And now you're going to see these things evolve rapidly. I'm not going to go through every bullet point here. But this is a bunch of new enhancements, new features we added in this area, for example. In AI asset management, being able to discover embedded AI in SaaS traffic. All SaaS applications will become Agentic essentially. There's a traditional interface and there'll be anti interface going through proms. So being able to understand the traffic, we able to understand policies around every SaaS application, that Agentic, is an important area. Okay. visibility to AI activity on endpoint. We could easily tell what all is sitting on the endpoint. That's not a problem. But then the customer said, it's okay you've got Claude cowork sitting on the endpoint. Or maybe it's some PD agents sitting on the endpoint or open closing of it. I want to know the permissions and activity that's happening out there. So now we enhanced ourself from giving you what's running there with the potential risk and permissions type of stuff running out there. These are good examples of the enhancements we're doing. And securing AI access. This gets a application-specific. We started out from inspection for the most popular applications in early version of it. Now we are supporting over 250 G&A applications, where we fully understand, except the problems are able to take an action based on the kind of promise we got out there. and then also supporting Anthropic and opening this dial compliance API is available. We are compliant. We work with those APIs. In the third area, secured AI apps and infrastructure, a number of enhancements got done. -- stand-alone prompt hardening feature has got added to it. W are at teaming for MCP servers as MCB servers are being pronounced. You're going to keep on seeing the velocity of innovation, the last year development for us to make sure we stay ahead of anyone else in this area. And then the next big thing is really Zero Trust AI agent. And this is 1 of the hardest problem to solve. This probably has bigger barriers to entry for any new entrants than any other area out there. Without going detail into it, it's essentially a version of essentially the Zero Trust exchange we built. -- but new things we needed was AI brokers, brokers for MCP, protocols, broker A2A had to be done. And then understanding the test has assigned, understand the intent, the risk being extract prompts, analyze it to intent and risk gets from their ability to do those things become important. And then essentially a lower policy. It is the only real way to be able to handle it. Our view is that as agents get deployed, I mean, there'll be so much stays. It's not even the agent level. It's an invocation level that needs to be figured out. That means scale, that means granularity needs to be handled. We already do about 750 billion in transactions day. We think in this new world that we'll have to add a couple of zeros to it in terms of how much volume needs to be handled. We feel pretty good about it, having the architecture, having the scale, have the experience to be able to handle in line is not a trivial thing. Anything you do in line, it better work, because otherwise, people can do the jaw. Anything you're reporting if it doesn't work, you don't get the right answer, people don't even know most of the time. So that's why being able to have great response time, great scale, is fundamentally important to us, and this is where we are very, very well positioned far better than anybody else out there. And then the next problem, this is a fascinating problem. This is An example of a solution. Our customers want clamoring for on day, okay? We like to do that. We like to think what will be needed in a year or 18 months. I want to work on it today. I want to cook it, I want to refine. I want to get better than anybody else. So what is this? This is Access Graph. Now Access Graph is not just needed for AI. It's needed for other entities, too. Smite Systems, a company we recently acquired solved this problem. It's a very hard problem. Many other things, if you ask me, asset management at all, is that a rocket science to do? Not really. You give a couple of quarters and 3 quarters, you're going to build it, solving the problem of taking all this metadata from all the application to understand in your enterprise, in your corporate network, which identity, which entity is reaching, which data source, which MCB server, which application, is a nightmare, because they just get on the network here. You literally have information sitting in each application about what access happen. So Smite pulled all that matter data. Hold it out, this is billions and billions of data points. And now that the magic of AI to figure out these entities are accessing this, the data source, the data lineage, they call the graph because this is important. Now why is it important? Number 1 reason the customers but looking at symmetry and the large customers are looking at symmetry systems is to understand the lineage and from there, they need to understand data governance. Even the issue of SOC compliance, how do you do SAW compliance? You have to prove that you've got all these controls in place. And those controls are actually through applications. when applications get moved aside, you go directly to data. How do you prove SAW compliance? They'll be impossible. This kind of solution can help you prove what's talking to, what's going on. That's how Symmetry was positioned to sell it. When we -- as we saw this technology, then we said, well, this is great. But in the Agentic world, the data will go 10x, 100x. It will be impossible to do something without something like this. So first, we understand that graph. And then we use this information to apply policies for 0 for exchange to be able to see -- with this group of agents and have this group of applications or this group of data sources, that's what's exciting about it. It just also shows the DNA of the scale is to be innovative, to do things far ahead of others and set the peso do. So this is our overall platform story. Then I won't go in detail out there, but the list of innovations in SAS is long. Every year, we do probably about 200-plus features, Hinda, ZIA, ZPA space out there. Browser extension, enterprise browser availability. It's a specific use case, we needed some of the extension area. We did a tuck-in acquisition of SquareX, it did very well. B2B exchange is an exciting area. Supply chain is a big risk. The only competition we have in that space is 30-year-old side-to-site VPN connection. That's a problem, right? -- power segmentation of application. This group of users can do this group of applications. We further made it simpler. We have been doing for some time. And Z agent framework. We created an overall framework. So where our agents can be for each product, each area, they're working from the same framework. I think we're going to cover some of that tomorrow and Adam session or agent for ZDX, for example, which can do all the stuff that people are trying to do, it's all automated. So you're going to see all products of Zscaler having the agent interface to be able to engage with our products across the board. Agentic SecOps new exciting area for us. We have been building the technology internally. We got Red Canary technology. And as a result of that, we are going to really announce we had 2 product areas threat management, this is traditional security operations and exposure management brings together all the exposure area, your attack surface, your asset risk management and so on and so forth. And this is built on some pretty solid technologies and where we can take data from all kind of sources, including Zscaler sources -- and we've got a bunch of techniques and behavior-based analysis and all the mapping are done, context graph we create here to identify real threats. And this is just an exciting area. This is also being launched this week, and you're going to see it grow every month as we move through the fast pace. Wrapping up the last couple of points. A number of questions have been asked for pricing user base versus nonuser-based pricing -- we started out very early on with seat-based pricing. But as we evolved, things have grown, for example, Zero Trust branch. It's based on a number of devices in the traffic as flows devices Zero Trust cloud workloads, a number of workloads and the traffic from those things. Data security at modules, only some of them are linked to a number of people. Others are based on the amount of data we are scanning, the data we are classifying -- and as you'll see, Agentic exchange, all of these will be based on agents, amount of traffic, which essentially leads to the token consumption essentially a consumption-based model. So we're seeing our new business ACV coming from nonseat, nicely growing over time. About a quarter ago, we disclosed about 25% of the new ACV came from non-seat and last quarter in Q3, that number moved up to 30%. So we don't think we have any meaningful exposure based on seats because our model is expanding. Our platform is growing pretty rapidly. And lastly, our scale, you know the numbers were to summarize, just to let you know, we crossed $3.5 billion in ARR. And we got plenty, on 20,000 enterprises we target about 4,500 are customers. That means remaining a prospect for us to pursue. This good opportunity for new logo. And also in the big areas AI protect that we just launched in January, right? We crossed $100 million over the last 12 months. There are a couple of modules that were there like GenAI security is part of it, but a lot of stuff new. Most of the stuff is picking up -- picking up very nicely. Data security is growing very well, is going to keep on growing very well. We have $0.5 billion crossed in ARR and over 30% year-over-year growth. And Zero Trust every year is what sets us apart from others. Will set us apart for a long, long time. We started sharing with you the number of customers in Zero Trust everywhere. About a quarter ago, that was 550, and now we crossed over 500 enterprises who do Zero Trust everywhere. That means they've got Zero Trust users, Zero branch and zero-trust cloud, okay? With that, we're going to start the next session. And this is our customer panel that the Dhawal Sharma is going to moderate.

Great. Thank you. Great second. All right. We will take about 20 minutes a discussion between us, the speakers that are here with me, our customers, and we'll then open it up for you to ask questions as well. Since we have 3 various teamed customers who have joined us here. Why don't we start with you, Wan and go around and get an introduction about you, your roles and how long you've been using Zscaler and what problems we are solving for you.

Wonderful. Thank you. Good morning, everyone. Thank you for having me. So Wayne Fudersky with Edward Jones, have been there 25 years. Deputy so responsible for enabling the firm securely responsible for all the enterprise security architecture products and solutions. Then working with Zscaler now since 2010. So really grown up with Zscaler. We use a lot of their key core products, EIA, ZPA, ZDX, CASB, browser and even touching now into the AI products. .

Jason Coler, been with Eaton for 10 years. I am deputy Ciso there. I've been a Zscaler customer since 2019, 2020, where we utilize them to help secure our workforce in COVID was a great investment that we made there to be able to secure a workforce in a very short time frame. I am responsible for incident response, threat intelligence and security engineering. So really the services that help keep Eaton safe.

Thank you. I'm StafaKeve. I'm the Chief Security Officer over at UKG. I've been there about 4 years now. Zscaler has been 1 of the strategic partners that have always leveraged and I've used it not only this company, but the prior company, where I spent about 8 years at brings. So when a customer is scale for over a decade now. So I think 2015, is when we started using Zscaler. So it's been in good time.

I'll start with Vopra. So you heard some of the innovations we have been talking about. And -- you guys have been a great sounding board for us. We build all the products in deep partnership with you guys. So going around again, what are some of the most interesting innovations that you see that announced today and which shift favor?

Absolutely. And I think it's been -- I'm always -- it's been always interesting to see the innovation that Zscaler is looking at either through acquisition or just organic growth building internally. So the SPLX, I think, is a very important piece because I was also a customer at SPLX pie to acquisition. So seeing that blend in and why we actually win that route and making sure that we're able to test our products because Zscaler been consumer -- a customer that provides AI software and software to customers being able to test those and validator is really key for us in terms of how we really look at it. I'm super interested about the AI piece because I think it changes the game, combining data, the AI graph and the access. And I think that visibility is a gap in the market that I think it's huge. Jason? .

I think the AI piece is the big area with the way companies are pushing AI to use it to make it work in your environment, the expansion of how they have visibility into what not only your employees are doing with AI, like your third parties are doing with AI and even what you're developing. I think that's a potential game changer there to get visibility across all those environments. .

Yes. All beating a dead horse here, but AI is everything for us for now, right? And I think the AI observability -- what we're talking about managing risk, right? We talk about shadow IT, right? It's really shadow AI. I can't secure -- I can't put a control I cannot govern. I cannot enforce policy if I don't know what's going on. So super important to me. The I will just say the maturity is so fast, right? Like we talked about 18 months ago and some of the things that we were doing compared to with the solutions that are being offered today by Zscaler and -- as I said earlier, we stepped into this and are running through the implementations as we speak on some of these prompt things and things that are going on. It's a game changer. We have to have visibility to manage risk.

Talking about specific scenarios. Man, I'll start with you. As you said, you've been a long-term customer at these killer. I remember working with you 14 years ago. talking about the benefits of local breakout. This is nothing to do with Zero Trust Ranch, but MPLS backhaul from your thousands of retail stores you adopted ZIA with the primary benefit of not doing local backhaul of traffic and doing local breakout. So that architecture has been evolving now to the point where there are appliances that give you 0 trust within the branch as well. So how have you seen that evolution in 15 years? And how has Zscaler technology evolved for your expectation in that time? .

Yes. It's amazing. 2010 already in 2026. I feel like we've kind of grown up with Zscaler. You think about when we start with Zscaler in 2010, what problem are we solving backhaul traffic, right? How did we do that? We didn't want to spend more money, do all that. We have 16,000-plus branch offices across North America. So -- it's a lot of traffic being passed around. So we really sat down with Zscaler. And it started off as really you think about it, it's a point solution where Zscaler is not anywhere near it is today, right, the size and scale. And I feel like we've really taken that same journey in growth with Zscaler. And you talk about original Internet, the URL, the protection inspection to really what turned into cloud, right? And then when you jump into the cloud area and we talk about when we remember working early on with CASB, DLP, what's going on and how we've matured into that next generation of what I call technology into the cloud from a simple Internet world that we lived in. And I've seen that growth as we've gone with Zscaler. And what I think it's always important is what was a single solution is what I would call a strategic partner today for us at Edward Jones with Zscaler. And I think fundamentally, what you see is they're either 1 step ahead of us or we're pushing them to develop the next technology. And I think what you can see is to be a strategic partner, we needed to create that ecosystem with them and moved along quickly with them. I think the #1 thing I talk about all the time is, does our vendor understand what business I'm in. I'm on a financial service business. It's about availability. I got a trust, right? I need to understand I got to answer to regulators. All of those technologies and solutions as we partner with them and they deliver the solutions to us, Edward Jones. It was -- it's really transformational as you look at it. And it talks about reducing complexity. And I think that's 1 of the biggest things we get from Zscalers, really getting in the middle, providing that 0 trust and being able to get in the middle and be able to do what we need to do, govern, pull policies in place, enable the business, securely. And I think when you look at where we've come and now we're into what I think is the next generation, not last generation, maybe for me, we'll see. But what we really talk about is just last one is -- so you've seen how we've gone from Internet to SaaS world to now AI, and we're talking about what are the security controls are going in. We -- again, it was just natural for us. We could have looked at a third party and we did. We always do. Can you meet the requirements. Are we already implemented in that space? Can I reduce complexity? Do I really want to bring in another third party into the conversation with me? Do I really want to support another operational system? . The answer is no, I don't. But I do need to make sure that they meet our requirements. And if they meet the requirements and exceed and help us create a better performance financially, economically, and to meet the regulators -- it's been a great solution and a great partnership with Zscaler. So for 15 years, I believe we've built that journey and what today is truly a strategic partnership. .

Fascinating. I love working with you over the years. Just moving to you, as you said, you started your journey with us on -- during COVID securing your users. But as we started building our Zero Trust branch solution, right, 1 question that everyone asks us when they start their journey, how is it different from my SD-WAN, right? And with you, we started working on this concept of Zero Trust factories. You have multiple factories deployed with Zero Trust appliances now or segmentation inside and with Zero Trust everywhere. Now -- we are also replicating the same framework in Zero Trust bank branches, Zero Trust hospitals now, how did you internally build the justification for our ZeroTrust branch or factories compared to SD-WAN, which is easier to deploy sometimes are things that networking people understand well. So how did you build that internal mind share? .

I will tell you this, it was really based on making sure that the sites were secure. I mean as a manufacturing company, we can't have downtime similar to what Wayne was talking about, but even more our production and our plants need to keep running on the SD-WAN and to provide us with the security that we needed all the way down to the device. So we are really looking at as we deploy this and put it -- I think we're probably about 100 factories in to really make sure not only are we securing it at the network level, but at the device level and making sure that everybody has the right access in the environment. And I think we're on this 2-year journey now with Zscaler. They have been a really great strategic partner throughout this entire process. We've been learning together, and we've been able to really make great headway when it comes to securing our plants to where we feel very, very much comfortable with. If something does happen, we're able to isolate it and secure it moving forward.

All right? I have discussed similar ideas with you as you said you had a returning customer. Your previous company had the same side of assets, which we discussed about securing with this Zero Trust branch architecture. But Shifting gears into your current company, you actually have been using a couple of our acquisitions, as you mentioned, both SPLX, you are a customer, symmetry systems, you were a customer with them as well. And you have provided your input feedback as we were doing validation and diligence on these companies on why you like these companies. And one thing I remember you send an e-mail to Jay and I saying, you guys are on the right path with some of the acquisitions that you're making and connecting the dots. I would love for you to tell us how you articulated that story that you shared with us.

Absolutely. No, thank you. SP-9 And when I think -- when I see some of the things that were happening, and I think as a customer of 1 SPLX, and I'll give you an example of -- we're building software. We're testing the AI agents. We want to give it to 80,000 customers of UKG. And what we wanted to be able to do is have a fully automated testing capability that test some of our AI agents. And this is not just and testing. This is we want to do different types of tests. So we want to do sentiment test. We want to do validation test. We want to do the security test. That's a key component, right, is in terms of how do you support for that. But the second thing is what are we actually protecting and we're protecting data, and we want to make sure that we understand identity -- and this is where Symmetry came into play in terms of as when we bought symmetry in Us, how do we make sure we connect this together, right, having access to the data, who has access to the data. what are they doing and what actions are they taking? So combining those things give me that visibility. The third thing was if you tie that to what Zscaler does, in where it sits, the visibility and combining those 3 now you just have the full visibility of an end-to-end product stack. And that's why I said, you guys are on the right track by connecting these things together. Because not only you have an agent that sees traffic going from the endpoint to the Internet, you also have the visibility at the browser level. You have the DLP that talks about policies that changes, "Hey, who's -- who can do this and who could not do this." But then what can -- what data can they touch? Can it just my payroll information? Do they have the right to touch that information. So if you combine all those things together, you just create a whole different game. Now I'm super excited about the developer side because I think that's a whole different game. If somebody is writing code in Claude code or you're using GPT or whatever Codex, that policy, the single policy agent is just powerful. Now I don't have to go look for another product. And I think that's the key. I want simplicity but a platform, less platform, 1 or 2 that I can build my security around it.

Got it. No, this is very insightful. A couple of questions. I know we have 5 or 6 minutes left before we pass it on to the audience. in, you are in financial services. Frontier Labs came up with models that are finding vulnerabilities at piping speed. They are looking at how new attack chains are created, creating like finding a lot of things that were exposed out there, but not saying how badly they are exposed and how they can be exploited. We believe Zero Trust is the right way to start those exposures from being visible. So how is your security approach change in light of these front-end models doing what they're doing in recent time? .

Yes, it's crazy how fast things are moving out. I couldn't agree more. So it starts with trying to hide the attack surface, number one, right? So let's not look at that. But the reality is we're all trying to patch. We're all trying to do vulnerability management at crazy amounts of it. I think what you're finding out really quick from all of these new models that are coming out of exposing these vulnerabilities is 2 things where you used to be able to just focus on critical and highs. It's not only creating new it's taking what we would call medium and lows, and it's starting to patch these things together and move very, very fast. So I think the reality for us is we -- everybody in the words of patching is we're going to have to automate more, right? It's just inevitable, right? You're going to have to have machine learning versus machine learning AI versus AI. It can't be human versus AI anymore. We're not going to be able to keep up, right? It's just not possible. And then when we look at in the financial services industry, I can't express enough that with all the different regulators that are coming in, they're challenging us. They're already asking these questions. I look, any one of these Nissocks, take your pick from out there in the world, we're being challenged constantly is how are you handling this? And of course, they know about all this. So they're asking the tough questions, right? They've increased the number of questions in the compliance space around AI. How are you controlling and how is it exposed? But more specifically, the focus is changing from a regulated perspective. And without these type of models and things that we're getting and really trying to say, block the attack surface, understand what the visibility is we need to prioritize, right? We need to find out what that is. We need to be able to fix it, not all can be fixed, so then there's the mitigating control. So it's fast paced. We just we're going to have to do what we can do to protect and prioritize.

Mustafa, stuff from your side? When you think about the scale of remediation that's going to happen and even today with the existing things that are happening, you need to buy time. So -- and I call it, being able to have segmentations in using the Zero Trust model to really isolate most critical and then focus on the most important thing in giving you the time. And I think that's super key in every organization. Anyone can't fix all of the problems you're going to have, so you need to be able to prioritize -- but I think with Zscaler that gives you that capability to actually isolate your network, segment, the critical areas and segment areas that I just use is out there so that you can maintain and have a better understanding. We've been talking about this in UK like how do we think about the camera system? How do we think about the office, the conference room devices that are in our network, like this is huge and -- if you need to patch all of that in a day, what are you going to do? So these are the components of taking stock to really reduce the attack surface. All right. My last question, I'll start with you, Jason. Is on how you are thinking about the AI security spending? Is this coming from your existing budget or you're reallocating budget for securing AI as new use cases emerge. How are you building this justification and the security budgeting insight? .

Yes. I think it's a combination of the growth of AI in a company like ours, we have to put thing forward, you have to put budget and to secure it as well, but we're also getting the incremental spend in cyber as well because the company overall understands the importance of this and be able to deliver on a secure AI environment. .

In? I would agree. Right now, it's not cutting anything. It's an addition to the budget at this point in time. We know cybersecurity, AI is something new and that we're adding to the budget at this point. .

I think it's a combination of both, it's reallocation and then finding the right investment for additional security.

Now these are great insights. And actually, on lease color side, what we are seeing is while we work with the cyber practitioners like yourself, we're also engaging more and more with chief technology officers, organizations who are building apps and they are saying, for example, I want to embed rec teaming more in -- on the shape left where developers are building apps. And -- we are working with this new emerging role of GFI officer, which sometimes is in data world, sometime in AI-specific role where they are looking at the whole lens of how they are enabling AI and new budgets are treated. -- because as you create more budget for AI, you need to secure that AI as well?

For example, SBIX is inside our product from the enterprise. So yes, it's a mix of both. And sometimes you have to do that.

Great insights. Thanks for sharing your journey and your insights with us. We have about 16 minutes left. So I'll open it for the audience here to take questions. We'll start with you. I'll randomly pick. I'll go across the room.

Thank you. This was all really good -- I actually have like 3 questions. I'm going to ask the 1 on the last thing you just said. So I think all of -- well, actually, Jason and Mustafa said that AI security budget was going to be at least partially come from reallocation from other areas. I'm just curious, what are those other areas of the parts of traditional security that you can take from -- like what's most kind of like that risk? .

It's actually not coming from security. It's coming from the business. because they understand the value that security is going to provide to them to keep the AI that they're creating safe. So it's not -- we're not taking anything away from IT or security itself. It's just additional funding that's coming in from the business. .

Mustafa?

So just curious Yes. For us, I think it's the some reinvestment in terms of areas when we think about all of our security stock, what security stack do we have that's below in lack of controls or it's not actually giving us the control we want. So this is something we evaluate annually and say, if we have a better if we can increase or security controls on AI stack because it's the most imminent, so we need to move some of those. It could be -- we are doing pen testing, for example, in this case, can that be allocated for prevention control instead of just testing. So some of those things are the things that we're evaluating.

We have the question in the front here. I'll move here. I think on the front here. Can I ask you to please state your name and company name before you ask your question. .

Sure. No problem. Keith Bachman from Bank of Montreal. Very insightful. As we listen to customers and global SIs, a frequent conversation or identification of problem statement is understanding where the agents are, who owes what are the risk exposures. And a lot of companies come to talk about a value proposition associated with solving that problem statement, not just Zscaler but a number of companies. And so I'm interested from your perspective, when you think about that problem statement, which was identified here tonight -- or today, excuse me, -- is it one company you think you'll work with? Or is there more than 1 organization that will serve as that orchestration layer for lack of a better word? And more broadly, are there other -- this is a Zscaler events, so unfair question, but are there other vendors if there -- that you think might be able to contribute to helping with this problem? .

Is that you want to take that one? I can start. I have a lot of agents. So when you think about the environmental ecosystem in terms of agents, there's a agents that you're building for internal use or agents that you may be building for your customers. So there's 2 components of that. Where Zscaler provides context is where it's sitting because you have -- it's sitting on the endpoint, it has the visibility as the network traffic. So that visibility is going to be there that gives you that context. Even if you're using additional models, so you're using different or agents that are not specifically enterprise use, you tend to have that visibility. So the expansion they're doing allow us to see more and more. Now they are places where you may add additional context of additional products, and I think Zscaler is thinking about that as its scale. But from my visibility today and what I see, and I think the more some of these companies become platforms and give you more visibility you would use them to actually give you information you need. Another one. I think that's exactly right, right? I think the visibility in the single platform is really beneficial to us. I couldn't tell you that there isn't going to be a best of breed from another product or solution. The key there is when that happened is the integration level, right? It's really how a Zscaler or how is the product ex playing together and how do I integrate those together. It creates more opportunity. But the real question is, if you're willing to go outside of the ecosystem, how much value does it provide to us, right? And if it really is that much value, then it's about the integration for us.

All right. We have a question somewhere in the middle. We'll probably go there. .

Eric Heath with KeyBanc. Thanks for all of you being here. I'm sure we haven't really touched on it, but more the SecOps side of things. I'm sure you all have other vendors that are using various SecOps organization, your SIM, our EDR, et cetera. How do you think about Zscaler as a partner in the SecOps Arena side of things with Red Canary and some of their ambitions there? .

I don't think I would be the one to take that someone else can take this one.

I'll take it. using that. Yes. It's very interesting. And I think the industry need a different view on operations and SIM. That's a very challenging market right now. Most organizations, I think, are struggling with the data coming in and then the remediation or time to remediation. So I think from a product perspective, when I saw it, I think it's really interesting and he could solve a lot of problems that organizations have, especially the remediation piece. What was interesting to me is the data aggregation and how much they're bringing all of that data because that's -- today, it's very costly for most organization, ingesting that amount of data. Zscaler is able to do it effectively. And I think it could be a great product for many organizations in Houston.

Steve Koenig, Macquarie. Thanks for doing this. I appreciate it. So with you all cited AI as being the newest thing that's challenging year. With like the agents that Anthropic is offering, okay, being deployable on the desktop or on the endpoint or being deployable in the cloud. And potentially in the future, the big LLM providers like pinning certificates to that stuff and decrypting the traffic, so the Zscaler wouldn't be able to see it potentially. And maybe I'm simplifying this too much, but with all this stuff changing so rapidly, like how mature are the solutions being offered today for you all in terms of being able to empower your employees but protect the use of this Agentic technology in cloud and the desktop clot in the cloud. How do you think about doing that? And is it slowing down your rollout of like these these agents, say, co-work or cloud, et cetera. Are you worried about that? And where do you start to protect.

So it's a really good question, and I think it will go back to partnering with a company like Zscaler to work through that. You're sometimes always playing catch up and you only could do what you can, but you have to really work with your security partners and your strategic partners in the space to be able to do that. And you talked a lot about -- you might not be able to see all of the traffic or everything that's going on, but it's really being able to see some of it, understanding your environment, getting that somewhat of a visibility to be able to take corrective actions in your environment. So it's going to continually evolve making a strategic partner like Zscaler, providing them feedback, you working together It is really going to help the product grow to be able to get what you need to get done. .

I think it's easier when you have a scale Anthropic and Zscaler and an open AI having that integration because there is the power of -- for us to be able to to deploy, right? So today, I don't have the visibility that I want by giving my employees GPT and Claude code in my infrastructure because I need additional security controls just lacking from this morning, looks like that's coming. So that's amazing. So those are the kind of things that I think we need to be able to perform some of those things. And I think that partnership will allow you to say, even if there's a certificate change in the middle, later on, that partnership allow us to actually close that gap.

I think I just want to add 1 point to it. Yes, 100%. Look, as these model providers are becoming more enterprise deployed. -- they know that security is top of mind for enterprises. So we have partnerships. We have API integrations and expansion of our footprint on the endpoint with products that we have launched and what we are doing in public cloud. we are bringing that coverage to make sure there are no gaps left anywhere. But it is evolving landscape, and we are very focused on that.

Next question I think in the front here .

Brad Zelnick with Deutsche Bank. Really appreciate you all making time and sharing your insights with us. As pricing models across cyber and IT in general, evolve to more closely align and cover token costs and align the value what you're paying with the value that you're realizing, how do you manage and kind of mitigate and have visibility to where your CFOs aren't kind of choking you out and -- and where does Zscaler fit within all that? .

Yes. Great question because we just went into the AI solution. And I mean those are the control right, the capacity, that's the economy side of it, and it's probes and number of tokens that we're working with. And then I think it was interesting. I read an article not too long ago that was talking about people and companies are driving AI and AIU, they were measuring who was doing the most, but they were just using AI. They weren't being productive with AI. So you have to change your measure as a business to what is the AI value providing, not just, hey, I used AI a whole bunch. But really, what was the productivity out of that AI and somebody was trying to win a contest to say, I hit so many things. So when you think about like us, it's -- right now, we do want to see people using it, right? You want that experimentation, you want that, and you're going to see some increased costs. But the question ultimately is going to come down to, you're going to have priorities it's not this unlimited bucket of money that we all have, right? So when I look at probes and applications, I'm going to start to have to start to look at prioritizing my applications and understanding what I want to scan, what I don't want to as we go through that mechanism. So I think from a business perspective, like anything else, the scale and the cost is going to go up, but how do you measure the value of the cost that's going up? And what are you actually running. You think about cloud cost when everybody just threw up things in the cloud and didn't manage any of it and somebody got a big bill at the end of the month, right? So you really have to sit down and start looking at from a business perspective and say, what are you allocating -- what are you permitting and put some controls and access around this, so that you can see the difference in what the money is being spent on?

We have 3, 1 in the middle and now. Let's start there.

Okay, Jason. This is for Jason, Mustafa. Ashish Bhandari from Through line Capital. Both of you spoke about using your Zscaler deployments to have better visibility into developer usage. That's an interesting use case and not something I explicitly thought about before. Maybe can you double-click into that? We've seen all the cogen tools go pretty nuts over the last 12 months. So I'd be curious how you're using Zscaler and other vendors to address that.

So there's the capability -- Zscaler because it sits on the endpoint, you start to look at the capabilities to talk about, which is IDs -- so the engines that the developers are using to write code. We have seen a lot of supply chain security happening lately. And this is the visibility. How do you use that to actually get better traction and make sure you know what the developers have. The second important piece is the API integration they have into the AI agent that allows you to see what's happened and what the developers are doing from a policy standpoint. And I think with some of the enhancement that it's coming, you can even have predefined policies and say, someone can do this all clear the parameters that you can actually do. So I think that's powerful, that's missing today. And if most organizations, you either have to build something or go find new provider that's doing that. So that's, I think, in my view, it's --

And just to add to that, like look, from our side, we have some very large customers who are big technology shops. We are big developer populations, right? So even with core products like ZIA, even if you don't think agents in AI security, we have been covering them for many years. So 100% a big focus area. I think there was a question you had in the middle.

Meta Marshall, Morgan Stanley. Maybe a couple of follow-up questions. Jason and Wayne, you guys kind of didn't talk as much about the Agentic SoC. And so just kind of wondering what solutions you are using to kind of manage a lot more data kind of coming in and a lot more signals that you guys are getting? And then on the second question, kind of on the final point around pricing, it sounded like kind of the response to Brad's question was, we'll get the AI costs under control, and that will kind of level set the rest of the cost. I guess, just is there a comfort right now with kind of token-based pricing within security that kind of mirrors that AI pricing.

I'll take the second.

I'll take the first one.

There I'll sit on the backside on the pricing. Are we comfortable? I think we're learning what Comfort looks like. I think you're right, it's pretty new to us. So where is that? I know there's going to be a ramp-up, Absolutely, right? We we're going to purchase so much, especially on the probe side and we're going to go out there and we're going to start to see the value of it. And naturally, the organizations are going to continue to grow. So I think there's always going to be a capacity increase with that budgeting. I think he'd be hard-pressed today. It's easy for us to go out there and say, evaluate what we have today and say, this is how much we need. I think what will be interesting is when we get 6 months or a year down the road and we start to see where this tiering level goes, does it ever level off? Or does it grow at a certain pace. Comfort, I don't know. I think there's a strong word. I think there's an expected cost -- but comfort is something I think we just have to get better at. I think like I always use the cloud, like we just like to throw everything out there, and we'll see what happens. And then everybody started to figure out how to manage it. I think that's what we're going to learn very quickly is how do you manage AI expenses and growth? I think comfort is probably a strong word.

Yes. I'm not going to talk to vendors and I can talk to strategy. Yes, as an organization, we are definitely looking at how we can use a Agentic SOC. So because as you've heard, you're not going to be able to keep up with human speed anymore. You need to use genetic AI to be able to help you. . And that's a big focus area for us. You will hear that tomorrow's keynote, which is going into what we are doing in the Agentic SOC. We have always integrated SOC source and are 1 of the highest fidelity security data provider. But our data is unique, and we can build a lot of findings on top of it and by integrating third parties and some of our investments and have a lot in, you will hear what we are doing in that space. We have 1 last question that we can take. We'll go in the back there, and then we'll wrap up.

Yes. Peter Levine, Evercore. We're at the Zscaler conference, but maybe if you take a step back, if you think about identity, network, endpoint, cloud security -- what's the first layer of defense that you're defending now against some of these AI attacks? I know you're investing a lot more in Zscaler and their AI products. But if you think about identity, your endpoint, like where are you spending most of your capital today to the founding business.

Identity still to me is extremely high. I mean you start with identity in the roles and segmentation as you talk about that. And -- but it all bleed right back into Zero Trust where it happens, right? So whether I have identity, and I have ZPA, right, and I can apply an individual to an application on our system and really put that enforcement policy. But I feel like it always starts with me in the identity in the credential space because once I know that, then I can control and enforce policy through whatever mechanism I feel that is, whether they're coming through an Agentic either not a real person or if they're a real person or not, then I apply that. So I think identity has to be a strong focus and then everything else builds from there.

I would say identity first, data second, identity, you use it to make sure you know who's coming in and what they need access to. In the event of zero-day or they just work in and get access to the data. It's copying that data and validating that. So if you connect those together, and I think you have a good chain of security, which I think Zscalar is trying to get up.

All right. I think with this, we'll wrap up the panel. Thanks for your questions, and thanks for sharing your insight gentlemen. And next session, we'll need a few minutes to set up the stage. So give us a couple of minutes and we'll get back.

Yes, please. Okay. We're going to get ready with -- we have plenty of time for Q&A with all these folks. So please raise your hand. We have some mic runners -- maybe start up here with Brad. .

Thank you again. Can you guys hear me? . Okay, Brad Zelnick, Deutsche Bank. Great to see you all. Another Zenith Live in the books. Great stuff. Mike, I wanted to direct my question to you. One of the surprises coming away from Q3 results was guidance that we heard, which was incrementally conservative -- and the context around a few key sales departures as a reason for that, which in the context of a company with 8,000 some-odd employees was just a little bit surprising. And not to dwell too much on that. But looking forward, can you just talk about the resilience of the go-to-market organization, why the pipelines and the relationships or institutional relationships and the risk that we bear going forward? Or is there going -- because we've all as investors seeing these movies is there risk of fallout that you've got dozens and dozens of others that are on their way out the door? Or just any help you can share with that would be great.

Yes. Good question. So I think the unique thing about that was just -- it was just 2 at the same time. That was it. right? Normally, I mean there's always going to be turnover, especially in the world that we live in today with AI. There's always this new hot company that people want to go to, and they've got formal. A lot of the people here, and I always get so energized, I come to this event, -- and I hear the executives talk about how much they love their account teams. That relationship is so important. We have so many talented people here that love it. They love what they're selling. They love our solution. They love the future at Zscaler. So I feel very confident that our strongest people are going to be successful and continue to thrive here. They also want do they have a career path. And so as we grow we put a lot of time and effort into career passing these folks to make sure we keep the right people on board. But it's healthy to have some level of turnover. And in both instances, the people that left. One was a mutual thing. The other one was a little bit more -- maybe a little bit more of a surprise. But we've got great people on the bench to backfill. So it also raises the game of other people. and helps on that career pathing side. Do you know what I mean? So they see a future other people when 1 person goes, somebody else gets promoted, maybe you bring in some new folks -- but a lot of times, you have a strong bench, and you can promote people. And that means there's another set of promotions. I got under that for worthy people. So it's an opportunity as well. .

Yes. Okay. How about John, over here. sit outside the side? .

It's John Difucci from Guggenheim. I have a couple of questions. I'm going to come to Mike, too, because I actually never met you and I have always wanted to. So we hear a lot about a changing go-to-market strategy when you came on board. -- become a much more strategic partner with your customers, and it all kind of makes sense. And I think your product people have really built up the platform so that it's gotten to be more of a platform rather than being used for a couple of products. And we do hear about a ton of large deals in the pipeline that continue to get pushed out. And I'm just curious like I'm probably not the only one, everybody checks here into the field talks to partners. I just wondered like what's going on with that? Is it -- are people sort of waiting to sign large deals, they are they fully committed to Zscaler as a platform? Like I heard your customers up here talking about Zscaler and solving the problem of AI, which I don't think any 1 vendor does that. But I don't know, maybe you guys think you do by yourself. But how would you kind of talk to that topic. And I know there's a question in there somewhere, so I apologize. But there's these big deals. You're a more strategic partner to your customers, but they don't seem to be closing as much, I guess. .

Yes. Maybe do some deals happen faster than expected, too. So it's kind of a balance. But the deals that take longer to get done, it's usually because there's a lot of testing that they have to do. And there's a lot of people -- it's kind of a political landscape, a lot of people you have to get on board. -- from different groups, right? So that takes time. They want to go through the testing. They want to see what we can deliver. Sometimes there's new requirements they want to see us deliver before they're ready to take that deal to the next level. And I think that's 1 of the strong suits of Zscalers how closely tied we are to customers, how we listen and actually, we deliver on those requirements faster than the competition. That's what I hear at least. I'm probably biased, but that's what they tell me. But sometimes it takes longer, right, to build in all those requirements. And then they're going to say, okay, now I'm ready to go because I've done the testing. Large companies have -- they spend a lot of time doing testing. -- a lot of time doing testing. Hopefully, AI can help solve some of that problem, right? And they can speed that up. But we can plenty of deals that happen ahead of schedule as well. So I'm not super concerned on the time it's taking to get these deals done. That doesn't keep me up at night. .

Maybe I can give a perspective of a CIO because I was a professional CIO before getting on to Zscaler payroll. What I think Dhawal mentioned this earlier as well, See, the large enterprises are also struggling with these AI Sunami coming in. The -- who is the owner inside large enterprise to drive -- some people are pointing chief officers and some people make the data person, be there, some people keep the infrastructure. So -- but what's happening is they're all realizing that the right to play and right to win to protecting AI is the network providers, right? And then among the network providers, so we are getting a lot of traction around how our network teams and the are bringing the application teams and the officers, and that's where some of these testing cycles will take longer. But we see the momentum. I see the recognition by some of the CIOs that Zero Trust providers have an advantage. And that's what Jay highlighted in the town hall today as well or in the keynote. Keith up here in the front .

Keith Bachman, Bank of Montreal. Thank you very much. Jay, I wanted to direct this to you as you -- I don't know if you were listening to the last panel, but identity was no pun intended to identified as 1 of the key areas of spend as we look at the next period of months and probably years. And if I think about some of your offerings -- it seems like you're encroaching on identity, right, in terms of your value proposition and Swami we were talking about this last night. But I'm trying to understand where does Zscaler's value proposition start and stop relative to the identity partners? And are you frenemies are directly competing, and this is particularly related to areas such as governance of agents is what I'm referring to. Thank you.

This kind of builds upon the question that got asked and ask listen to the answer as well. To me, the question is not that is identity more important or network more more important. EDR does what it's supposed to do on the endpoint. It's like watching what's inside your house. It's useful, but it's contained to that. Identity is the starting point of access to something. Identity can be used to do old school access to put you on the network. Then identity is useless. Because identity puts you own the network, you own the network, you're going, you can go all on them. Identity combined with Zero Trust together is the real solution that says only this entity can talk to that entry. So our view has always been. I don't see tight integration. And then we on the switchboard that makes the right connection on one-to-one. So encroaching on identity. Let's talk what that mean. The basic identity starts to bid John identity is this. We get that from Okta today or Microsoft. But then there are a number of things on top of that, which device is John coming from? We know that because traffic comes from, which location is it coming from? What's the behavior is the traffic growing less than us. So we're adding value on top of identity by looking at a bunch of attributes. We call it additional authentication services we build on top of what we get the basic identity that we do that today for users. Now this scope will become more important for agents because agents need to know a lot more than basic identity. The question is, should Zscaler provide the basic identity or what should it provide? Our view is that every provider that's going to allow you to create agents, Microsoft, AWS, Google of the world. Identity just gets created. The basic identity who is -- what this agent is comes from that agent. I don't need to compete to get that identity. I take that, I become the switchman, but now I can add a number of authorization services on top of that, skills, tools, access, all the other stuff. We do all of that. That's becoming extremely important along with that. So yes, we are not directly competing in the basics of identity, but we are competing to deliver solutions. Customers don't buy identity for the sake for identity, customers why identity or ask to access on application services. And now the question you're going to ask is Symmetry identity. Yes, no. It's the graph kind of say, who is tango. It gives us meaningful information -- so we may not do the basic identity to compete, but all the other value to make decisions about what to connect is very important for us, and that's really what our focus is.

Maybe I'll just add quickly. It's we will and will continue to use that as context. It's very important context as well as the authorization of what that identity is allowed to do. So that's part of the information we use in making our policy decisions being the 1 that grants that initially, that's a whole structure around who the business owner is of that. It gets very distributed in organizations. It has to cross lots of different parts. I don't know that there's a spot where we have -- like where it's critical that we own that piece. We need to know it, and we need to keep up to date because the other part 2, when you look at this intersection is being an in-line solution or being on the endpoint where the action is happening, which were in both of those. There's also a whole question of that initial authentication or authorization that's granted to the application what happens if the behavior or pattern changes while that session is open. We're in the best spot to actually take a real-time dynamic action, say, based on new information, I know, I'm actually going to end that session or that conversation. And that's a great spot to be able to enforce. And we do that in a couple of different areas and that whole discussion is coming up on agents as well, too, right, in the middle of sessions. Like what is it the risk changes or the posture changes already authorized the sessions there. Who knows what to do -- who's in the spot to take that action, we're actually in a very good spot to do that. .

So I may add 1 more comment to clarify I get asked by many CIOs. I said I thought identity provides policy of who access is what? How come Zscaler providing police okay? -- right? They get confused. My simple answer is, when I go to an international airport, they scan my driver's license or my passport. And Passport that computer makes a call to a database of passports. Is Jay's passport valid or not. That's identity. But I'm somebody to sit in line to allow me to go or not go. . We are in line in space have thing. Identity once you get checked out identity is out of the way. Identity may have groups to say who can do what, but then it's out of the way. Being in line, we're able to add additional value, authorization, behavior and all is what we can do. That's why we play a very important role. That's why having the best identity for us is not that critical.

Let's go ahead, Catharine.

Catharine Trebnick, Rosenblatt. Can you unpack why you said ZIA and ZPA are growing? Is that due to the acceleration of ethos in the landscape. But just you picked that up in your opening remarks. .

So when you talk about ZPA. So there's Zero trust part for CIDP users, then this for workloads as well, and we'll take the same ZPA for agents as well because at the end of the day, -- the goal is who can access what application we are having. I think. So on the ZIA side, largely, that stuff comes from new logo acquisition because most of the time, when they buy a DI, they do it for all users because they must protect all users. ZPA, many times, they only bought partial users because it started out by replacing VPN. Now under metals. They're basically saying every user must be untrusted. So we're seeing a lot of interest for people who have bought ZIA, but haven't bought ZPA so far or who have bought partial EPA want to go to full ZPA. Those areas are directly beneficial because that does 2 things with ZPA, you're hiding your private applications behind us. Also with ZPA, the lateral movement goes away. So we see Methos as tailwinds for it.

Second row. A couple of questions right there.

Roger Boyd with UBS. Jay, can you compare the level of urgency you're hearing from CISOs today to what you saw during COVID? And I think you laid out very clearly why Zero Trust architecture makes sense for this environment. But I think the other question is how quickly can customers get there. And in COVID, we saw sales cycles meaningfully compressed. I'd just love to get your perspective on what you're hearing today.

It's a very good question. The urgency for Methos is actually higher in many ways. I didn't see the board level discussion happening. -- as much with COVID. -- they wanted people to come back to work. But almost every CIO I have talked to us so they said, we've got a task force, we are reporting the Board every week or every 2 weeks on the progress we make. It's that level of stuff happens. The difference is the following. With COVID, you went home on Friday, you needed to access your work on Monday morning from a home. So the urgency was give me something to get started. With Methos tell us, they're struggling there figuring what do I need to do? The first thing they all wonder is, what is this Methos, what does it mean to me? And the way Anthropic has done it, it's kind of a mystery thing out there. You don't know, you wonder about it. But as we had talked to the customers and explain to them, they're looking for practical steps and saying, what can I do and report to the Board that I had done AB and C and I'm making progress. So all of our discussions have essentially led to essentially deliverables where you ask that they want to work on fixing volabilities. But -- our current customers are actually working on hiring their applications behind us. They're working on moving to Zero Trust everywhere. They are looking at the users not being on the network and branch projects are actually gaining more interest. But I think it will take some time. I expect the momentum for ZPA kind of stuff will happen faster in the customer base. The new logo takes a little bit more time and testing. But I clearly see the interest in moving more towards Zero Trust with Methos than it was before Methos.

This is Shrenik Kotari from Baird. So Jay, you have talked about how agenting exchange could be the largest transaction-based profit-based monetization opportunity. And today, sort of double down, talk about the Agentic transactions or order of magnitude potential Zero. We heard from the customer, it seems like from an AI security and a Agentic prioritization, they are adding to the budgets, there's appetite. In terms of just the core monetization meters, right, you announced AI broker. So I'd love to hear more about how that becomes a commercial manifestation. It seems Customers are anchoring towards agent identities orient first. You talked a lot about identities being sort of the centerpiece. So just curious how are you thinking about this monetization strategy.

Right? So you saw a genetic exchange and the traffic that's coming through exchange for agents, essentially based on traffic or call it, number of requests, which translates to tokens becomes the commercial mechanism for us to monetize for it. And -- we just launched it. I think -- so we are seeing a lot of interest building our customers who work with us early stage, POCs and all that kind of stuff. I can tell you, I'm not seeing so much interest in any product than exchange for agents and being a critical product like this. For example, on contrast to the area. Asset Management, do they care about it they do. They don't like it. The right time in the do. But they know that Agentic is a hard and important problem to solve. They're working with us very closely. The exact pricing and all, we are still figuring out the way we do pricing I work with a first dozen, 2 dozen customers, figure out the traffic flow pricing that needs to be done. So pricing will probably get firmed up in the next couple of months as we see traffic, how much needs to be done, but I see lots of interest. And I'm looking forward to see the growth, and we'll share with you as we make progress in this area. But it's an exciting, challenging problem -- the #1 reason I hear from CIOs is why we're not able to roll out these Agentic projects in production at mass scale is lack of governance and data security issues.

Let's go over here to the left side my left. .

Thank you. Gray Powell with BTIG. So thanks for hosting the event today and a good presentation. So I understand that there's a lot of urgency and discussions created by Mythos. And I'm just trying to figure out how that materializes into demand. And specifically, do you see it driving more interest in the existing, like the proven products such as ZPA? And I'm asking because just the marketing on a lot of the AI security products, I just have to -- it sounds the same. It's confusing to me. I think it's confusing to buyers. So I'm really interested if you could just talk about what you're seeing from the perspective of core product demand versus new AI security products and just how you see that playing out in discussions? .

I can start and Swamy, you can add to it since you're very heavily involved. .

When we -- I'll give you a detailed answer. When we do our meetings with customers about what can I do to protect against metals. We have very specific 6 recommendations, and they have become as a result of lots of discussions. -- one, higher attack surface. That's where ZPA plays a very important role because you're hiding attack surface of your private applications, okay? Number two, if you get breached, how do you make sure the breach doesn't spread around? It needs Zero Trust at the user level, fast because use the weakest link. That drives demand for ZIA, ZPA bolt. And then we say, make each branch like an island that make sure that the infection doesn't spectrum branches. So it really builds demands are bold. -- users, branches and even workloads. Number three, if you already got ZIA/ZPA deployed, which are foundation for your users, you need to make sure they're properly configured. We are doing validation of the configurations to make sure it's the best practice of forward configuration. Number four, while I assets are now directly linked to metros. They're just showing up in every enterprise, and those AI assets are creating risk. So understanding what you have with the risk is #4. Number five, you should discover and fix will it prioritizes and fix vulnerabilities. That's everyone is expected to do that. Six, you change from doing right teaming a couple of times a year to continuous automated that teaming that's driving demand for our red-teaming products. So this is the list of recommendations that go through and customers prioritize it, but they realize that Zero Trust becomes a foundation to do more and more of Agentic stuff. And that's obviously the demand being driven for AI as well as Zero Trust users and other things as well.

Yes. I would say that if you look at the discovery that we announced, right, that is something that CIS want right now. I always tell my team that you get to build the products that customers want yesterday. So that is the demand on that and the POCs are going very well. And those conversations quickly switch into how can I now manage it. And many of you have seen this NVIDIA 5 layer AI stack. So if you look at the top layer, the application, so we can protect it with secure and then the next 2 layers models and LM they would want to make sure that you govern that as well. So what's happening is when users were using Internet, you would type www. something. In the era of agents, the equivalent of WWW is MCP. So the AI broker that we launched was effectively how to really govern the activity that's happening. And within MCP, you could renew skills, tools and other problems that we can put in, all of them have to be governed. And that's why people are excited beginning with the discovery.

Maybe just 1 other comment to add on that. I think the -- when you think about protecting your organization, the core capabilities that Zscaler has and as Jay mentioned, and specifically the ZPA having that application, that attack surface of your applications, that's that's the most obvious thing that everyone should be doing and pets driving a tremendous amount of conversations. But it's also when you have that discussion, it's clear and it's understood. Now people need to do it, and there's the -- getting the mindset to make changes, but it's not a hard discussion with people on that. And I think what I've seen with Methos is that recognition of I know I need to do more. Now if I haven't done this already now, it's time to do that. That second part about MCP servers and all the assets that are part of using AI for productivity it's not a chicken and egg, but you're not going to spend all your money on securing something that you haven't even figured out how to use yet, right? So all of those pieces are popping up in organizations. And so I get why you say it sounds confusing because each of those terminologies, those pieces of things that are part of using AI for productivity. It's it's cloud co-work, it's MCP servers, it's A2A, and it's all these different pieces -- it's at the endpoint, it's what am I using a foundational model in the cloud. Everyone is trying to figure out -- how do I use it? How do I get productivity. And I think in the earlier discussion, people talked about, am I seeing the actual outcomes versus just usage. But the fast follow on that is, so if I'm really going to use this at scale in production, how to do I heck I secure it? And so everyone is looking for those attach points. And I think what you saw from double this morning and in the discussions today, we do think we have these right 3 pillars for how to look at that. But that is all new for folks, right, in terms of where they go in to spend. So it does sound like a lot of people, like it's that gold rush type mentality, where every big company on start-up is going to say, "Well, I'm going to help you with that specific piece of it, right? And that's why you see a lot of common storylines in there and everyone saying, I'm going to be the one who's going to do that and we believe we can, too. Dave I'll grab him over here on my right, your left.

Steve Koenig, Macquarie. This 1 is for Mike and if Jay wants to follow up, maybe he'll want to as well. So just maybe extending the last question when it comes to these conversations that become about securing genetic AI in the enterprise, which is complicated and difficult for for the enterprises to, number one, figure out what they want to do with the Agentic AI and then they got to secure it. So Zscaler has has an ability to enter into those conversations and you have solutions that help with that. But I'm wondering, how does that affect your sales motions in the sense that what used to maybe be an easy conversation about ZIA or ZPA or even Zero Trust everywhere, now becomes a conversation that is potentially much more complex because the whole is year protecting AI enters into that. And then maybe does that change the nature of your sales cycles that would have been much easier. So how do we deal with that? I guess that's the question.

Well, it's still early, right? And we're learning. There's new personas that we're going to have to build relationships with. So kind of the way we've got the sales org set up -- we have Doble's team that has some core folks that are very, very knowledgeable, go very deep with those personas today. And then we're training people by region, by area where kind of the major buying centers are to make sure we have enough people that are able to have those Level 3, whatever, Level 2, Level 3 conversations. But yes, it's going -- we're learning as we go. But there's 1 thing that's very clear. Everybody wants to have that conversation with us and they all do feel like, especially if they are a customer today, they feel like they would prefer if we had the right solution for them because we're already there in line, and we see all their traffic. So we have this advantage, and we feel like we have the right to go win they feel the same thing.

So if I may add, many times, the notion of who is the buyer matters Zscaler has traditionally sold to 2 most important buyers. CIO is #1. CISOs #2. And why it's a CIO #1. 6 years ago, I used to think that CISO was number one. Because the transformation is driven by the CIO, CIO, CISO and Head of Infrastructure Network and these folks play a role. A lot of the discussion gotten stuff, go to CIO. Some companies do have Chief AI Officer or Chief Data Officer, then actually into gets made by the CIO. If we didn't have access to the CIO or CISO. We would be wondering about which solutions take all the security solution we have. They all lead up to the CISO. Now AI solution lead up to CISO and CIO both. I think from access point of view, fairly well covered. The key for us is how do we streamline our teams to be more effective. There are some similar things to what we have been selling there some different things. Take what's similar? The notion of exchange for agents user branches is pretty similar. Yes, there's some nuance things underneath. But explaining that philosophy of we did it for users. Now we do for agents. Is fairly easy to explain and get the stage going via it count exact, then we can pull in SCs and subject matter experts as they are at. But also, we have evolved some of these specialty teams, too. I mean Mike did specialty teams in his previous company, where they actually have different buying centers, at HR in 1 case, IT in second case, some in other case. So we have a specialty sales team, for example, for data security, which can get pretty complicated. Now data security is still sold to the CISO someone under the CISO. But the technology functionality can be complicated. So we had experts who actually talk about that area. Similarly, we had a few others. We also evolve when a new product comes in under product management, we learn, we understand and we figure out how to go forward with it. But for AI overall, everyone wants AI. So rather than having a small specialty team of AI, we actually want everyone to sell AI, that they'll be backed up by some experts, domain experts, nonspecialty salespeople, but domain experts who could be pulled in for deeper discussions. We are learning the process that the part of selling AI Protect, which is asset management, secure access and the guardrail and red teaming is fairly straightforward. We learned quite a bit in the past few months. The learning will probably happen about our exchange for agents in the next couple of months, but there's a high degree of interest.

Todd, right in the middle?

Todd Weller with Stephens. A question for Adam. Adam, you come from the SecOps world. It's a new space for Zscaler not as known crowded space. What's the strategy for breaking into that market? And what is it about the solution that you think is differentiated and will resonate with the customers?

Sure. I think you heard a touch of it from the folks on the panel before. But yes, it is new. So they're also learning how we're approaching this. I think the biggest piece from a SecOps standpoint, right, is that organizations are and do have centers of gravity of data. And so if you're a Zscaler customer, we are a center of gravity of data with what we do with ZIA, ZPA, DLP, what we have from our client perspective. And -- our approach to this is how do we bring that together in a meaningful way for the purpose of security detection, investigation and response, right? Because that -- we have detections, we have signals. We have contacts -- and historically, we haven't brought that together in any fashion to help a customer through that investigation process. We said you can stream it somewhere else to do it, but we haven't offered that place. Yet we also had capabilities like our threat hunting services, where we were uniquely positioned to use our data to find incidents that otherwise would not be found by streaming it off to some other SAM or SecOps product. You wouldn't see it on the end point. And we had people who like that service from us, but it was a small, I'll call it, like pilot service. But at the core of that is they were writing detections that could be found across that Zscaler ecosystem of data. That's part of what we've been bringing together foundationally, the data fabric that we acquired several years ago is what creates those entity relationships between all the information we have third-party data like identity, contention like vulnerability and exposures and asset information -- and so we wound up having this foundation, we did the Red Canary acquisition, which brought in meaningful detection libraries and skills around how do I run detections against not specifically Zscaler data, but any third party that you want to bring in. And this past year, we've been bringing all of that together. What we're bringing to market though is the software platform. Because Red Canary was an MDR. So if you wanted that service you got a service. If you wanted a software platform, you got to service because that was the only thing that they had to sell. And had we not acquired Red Canary part of their road map path was how do I deliver this in a more cost-effective software platform way, but that wasn't what they had built, and that's not where their 10 years of experience came from. Zscaler, you know that's what we build, right? And so we had this path that we were going down -- we had the Red canary acquisition in this year has been about bringing that together where that Agentic SOC core platform becomes that foundation where I should be able to go at a minimum to any Zscaler customer and say, -- we already have this data. I can make better use of this for you in detection, investigation and response whether you send me anything else or not, happy to take more, and I can take more. But even if you don't, I will show you how I'm using Agentic framework to go through each of those steps and help you investigate incidents in a way you could not do before -- and then if you want to send that off to your SAM or whatever other product, you can do that, too. And know, by the way, if you want a service on top of that, we have expert skills for both threat hunting and full MDR that we can now offer on top of that. So that's what you'll hear tomorrow in some of the keynote and then in a more formal launch. And I think that's a valid entry into this space. it also balances long answer, but I'll just wrap this up. It also balances, I think, the long-term question about what will happen in the Sakani world where there's this continuous, I can do the job that could give me all the data. I don't need any of the data. I'll just send agents to go get all the data when I need it. right? And everyone I speak to in the SecOps world, you need a foundation of that data. Like we're not at the spot where this is just real time. Agents are just going to go grab data from their source at the moment they need it, you need that initial core foundation. And I think organizations will have several, right? We won't be the only player that's there, but I think we can also live and it's important, we can live with those other players that are in place, which I think is a requirement for entering into this market when there are already other big players and crowded in there. So I have to be able to show a customer that it's okay that you're working with CrowdStrike who's a partner of ours, we can be in here not just, oh, the only way this works is if you only use us. .

Okay. The right side here in the middle on Tazz and then we'll go to Eric.

This is Tazz from ROTH Capital. I had a question. I had a clarification on the Zero Trust for agents. Is there dependency on customers having ZIA and ZPA users before they can use Zero Trust for agents or can customers who are completely need Zscaler also use the transfer agents.

They can go on, you don't have to buy the user before you do agents. If you have users, it becomes easier because you understand this. But this is not a dependency. .

Got it. And the second part of -- second part of the question is, you gave us the bookings number for AI protect $100 million over the last, I guess, 1 year. And my question was, again, how much of that is coming from net new customers to Zscaler versus upselling. And when customers buy AI protect existing customers, what is the typical uplift that you see in the deal value?

It's a mix is the answer. The uplift is a harder 1 we have. I haven't looked at that personally. I don't know if anyone here knows the answer. . Yes, we'll have to stay tuned for that one. We'll come back to you on that. . Can you pass it to Eric, please? So you're right. Awesome .

Eric Heath from KeyBanc. Jay, I guess this 1 is for you. I mean, tracking all the breaches we see, I think a very, very common shortcoming point of exposure is the hardware that sits on the perimeter, right, the firewalls, the SD-WAN to VPN, et cetera. And you always talk about how this is a weak point. And maybe I'm over extrapolating and maybe I'm reaching, but it seems like Mythos can only accelerate that short coming from the hardware vendors. . And we know there's several hardware vendors that are constantly patching and being exploited and et cetera, and Methos those only accelerates that. And then the ability for these hardware vendors to support these large fleets of hardware devices that need to be patched and fixed and whatever just we're always talking -- now the conversation is the compressing time line of between vulnerability and breaching and exploitation. And I know your answer is going to be yes to this, but do you think that this accelerates the transformation from hardware to the Zero Trust Exchange. And like I said, I think your answer going to be yes. But like in practicality, do you think this is going to be a real accelerant for customers to think .

So having had probably well over 100 conversations CI and CSOs in the past couple of months. light bull for better understanding Zero Trust is going up. For example, we talked about users being untrusted should never be on the corporate network. Some of our very progressive customers have already done it. many have known they're saying, "Oh, I should be doing that. So the understanding and learning for Zero Trust is going up, understanding and learning that 300 branch offices, the firewall face in the Internet is exposed to the entrant. And that is not a good thing, is going up. So I do believe that Methos is becoming an excellent or adoption of Zero Trust. And it's going to start differentiating the firewall guys who always talk about we go Zero Trust say because they see the difference. Now they ask a question. No, -- do I have a lateral moment or not, what's going on. So this is happening. And also the point you said, patching. The bigger boxes you got everywhere, the more software functionality, you sit in a box that's scattered around. The bigger that is because bigger the issues out here. The less you got sitting on the device is less likely you have issues out there and more likely take the branch office. We do have a branch, -- we're trying not to get there, but we are there because the customer needs. We run them, we manage them, we operate and we upgrade, okay? -- essentially. So we are taking that risk away. And also in the traditional world, there are firewalls sitting inside the campus deep inside that only under customers' control. Those are the kind of things sitting out there. And I do believe that it is accelerating this stuff. And hopefully, we'll show you results in coming quarters.

Okay. We're going to go over to George. .

George wane with Oppenheimer. Kevin, bringing you into this since you haven't had a chance to talk yet maybe giving us some perspective on -- there's a lot of opportunities here, how you're prioritizing your investment with respect to your product and sales and marketing. .

Yes. No, I appreciate the opportunity to answer the question. Some of it has been answered as we've kind of gone through this conversation, right? So as we think about when we bring new innovations to market, the way we're thinking about AI is different than we've thought about some of the other products. So we have a dedicated team with Dave and Swamy who are acting in effect like a startup within the organization to really move with speed. But then they're working directly with Mike's organization to enable as many of the sellers and the people within his word to be able to sell it broadly. Obviously, AI is just a very important element, both in terms of what we're providing our customers, but also internally. So that is a priority internally if we think about in that regard. And then the other products, we have specialty teams where we specifically identify resources that can help Mike's team go and sell. And actually, those live within Mike's team. So they're part of them. But that's how we think about the trade-off in different investments. And we, like every other business, go through an annual process of setting our operating plan, and we identify priorities. And AI will continue to be very top on those priority lists. .

If I may add, while our portfolio has grown, has become pretty large. We actually say no too many projects and many initiatives. EDR has been asked for many times. We said no. Identity has been asked many times. We have said no. So we're fairly disciplined. When we do projects that are very synergistic to Zscaler. They don't require as big of an investment as it would be if we were to do the old way. 5 years ago, I told you when we did sandboxing. Literally the amount of effort that was needed to do sandbox on Zscaler ZIA platform. 20, 25% of the total effort if as compared to if we're done or an independent company because rest stuff is already in place. They're taking traffic, they're opening files, all the stuff has been done. I talked this morning, Agentic Xchange, building on top of zero-tu exchange. -- only 70% of the pieces that are there. 30% is what we're adding. Take, for example, you heard about Zscaler cellular. It's a very cool and exciting area of opportunity. What are we doing in amount of after needed -- it's a fair, very small team that's leveraging all the back end, but a new use case to take traffic, take telemetry from these IoT devices. So being doing the smart thing being around our core competency is what makes us more productive in delivering more products with great returns. .

I think we have time for one more. Let's make that Rich in the back. .

Rich Poland, Wells Fargo. I think we talked a lot about just the investments in a lot of things, AI on the product side that can really I think, drive a lot of expansion with the existing base. But when we think about 1 of the things that was said last quarter, the new logo side, it seems like that's more of an emphasis now targeting that 200 to 100 employee range. I guess both Jay and Mike, can you talk a little bit about just what's needed there? What's needed to enable that? What did you see that prompted you to want to focus there more? And just kind of any color around what you're doing there. .

Mike, and then you get out to the next level of detail. I think what we shared with you before is that we have focused on larger customers and we come down market from there. The question wasn't that we are now, for the first time, adding new logos, the new logo for more apps. As we are adding more and more people, the higher end of the market is fairly well covered. You have to add more account execs, they actually naturally going to the next level of the stuff. And the next layer, 2k to 10k accounts, they actually have fairly limited coverage. It's fairly limited installed base. So by default, they end up getting more new logos and very few current customers, it's naturally going to take us in that direction. As 1 thing we told you. The second thing we said is, we are looking at more focused incentives for new logos here. In the past, we have done some here looking at doing more because it's a good opportunity for us, Mike.

Well, I mean, first off, that's just a space where there's most new logos exist. So it's a lot of fertile hunting ground. But every enterprise company goes through this where you sell you add customers and then it's a lot easier to do upsells, especially when you have a platform like we have. So everybody wants to work on existing customers because it's just easier to get deals done. It's just -- it's easier, right? And so I think historically, we've been too lenient on how we set up the territories, and that space between the 2,000 and 10,000 has just gotten ignored. And then we kind of realized we brought some outside help to help us analyze the numbers. And we said, wow, this is a big opportunity. We've got to go back to this and actually focus the territories. Because when you do territory planning, if you set up the territory so that there's no way you can make your number unless you sell these new logos, you get that energy and everybody starts rowing the boat and not order to go get that. And then the alignment with marketing and how you spend money based on existing customers, I mean our previous regime was really focused on upsells. Now we're just balancing that out.

One point of just clarification. You've heard us talk about the 20,000 plus or minus, largest companies in the world. this population is included in that 20,000. So it's not like we're all of a sudden going to a completely different ideal customer profile, right? We're really talking about the same population of companies that we have been for many times, just making sure we have appropriate coverage and focus. .

Great. Do you want to close this out Jay? .

Yes. So I hope you heard that we see a massive opportunity. The market is getting hotter and hotter I mean there's nothing harder than cyber in today's world, right? And having a platform that's expanding and growing at a faster pace and the go-to-market engine focus on a consent pretty well positioned, pretty excited to really serve our customers and keep on innovating. So thank you for joining us, and look forward to working with you in coming sessions. Thank you.