Palo Alto Networks, Inc. (PANW)

Item 1. Business

General

Palo Alto Networks, Inc. is a global cybersecurity provider and our vision is a world where each day is safer and more secure than the one before. We were incorporated in 2005 and are headquartered in Santa Clara, California.

Our mission is to be the cybersecurity partner of choice for enterprises, organizations, service providers, and government entities to protect our digital way of life. Our cybersecurity platforms and services help secure enterprise users, networks, clouds, and endpoints by delivering comprehensive cybersecurity backed by artificial intelligence (“AI”) and automation. A key element of our strategy is to help our customers simplify their security architectures through consolidating disparate point products. We execute on this strategy by developing our capabilities and packaging our offerings into platforms which are able to cover many of our customers’ needs in the markets in which we operate. Our platformization strategy combines various products and services into a tightly integrated architecture for more secure, faster, and cost-effective outcomes.

Network Security

Our network security platform is designed to deliver complete zero trust solutions to our customers. The platform includes:

•Secure Access Service Edge (“SASE”). Prisma® Access, when combined with Prisma SD-WAN, provides a comprehensive single-vendor SASE offering that is used to secure remote workforces and cloud-delivered branch offices. Prisma Access Browser further extends SASE security and data protection to the end user device, providing workers with freedom to access business applications securely using our secure browser from any device.

•Next-Generation Firewalls. Our hardware ML-Powered Next-Generation Firewalls (“NGFWs”) secure on-premises environments including campus locations and data centers. Our software NGFWs secure cloud networks.

•Cloud-Delivered Security Services (“CDSS”). Our network security platform integrates a suite of CDSS that complements our SASE and Firewall solutions. These include Advanced Threat Prevention, Advanced WildFire®, Advanced URL Filtering, Advanced DNS Security, IoT/OT Security, GlobalProtect®, Prisma Access Agent, Enterprise Data Loss Prevention (“Enterprise DLP”), AI for IT Operations (“AIOps”), Software as a Service (“SaaS”) Security, and AI Access Security. Through these add-on services, our customers are able to secure their content, applications, users, and devices across their entire organization.

•Prisma AIRS. Prisma AIRS is a comprehensive AI security platform that has been designed to protect customers’ entire AI ecosystem by providing AI model scanning, posture management, red teaming, run-time security, and AI agent security.

•Strata Cloud Manager (“SCM”). SCM, our network security management solution, centrally manages network security across all remote workers, branches, headquarters, campuses, and cloud. SCM leverages AI to simplify and strengthen network security by enabling customers to proactively pinpoint vulnerabilities, gain real-time remediation recommendations, and enhance overall digital experiences, thereby reducing operational burden. This comprehensive solution includes Strata Copilot, which offers a natural language interface for enhanced insights and guided remediation, and integrates Autonomous Digital Experience Monitoring (“ADEM”) to proactively maintain infrastructure health, facilitate AI-driven one-click troubleshooting, and ensure seamless end-user performance across the enterprise.

Security Operations

Our AI-powered Cortex platform transforms end-to-end security operations with unified data, AI, and automation for more secure, faster, and cost effective outcomes. We have consolidated our industry-leading Security Operations and Cloud Security capabilities on a single comprehensive platform to provide centralized visibility, proactive protection, real-time prevention, AI-driven insights, and automated remediation across enterprise and cloud.

•Security Operations. We deliver the next generation of security operations capabilities that unifies standalone Security Information and Event Management (“SIEM”) tools, endpoint security, security automation, cloud detection and response (“CDR”), as well as attack surface management (“ASM”) capabilities on our Cortex® platform. These include Cortex XSIAM®, for AI-powered security operations replacing traditional SIEM tools, Cortex XDR®, for the prevention, detection, and response to complex cybersecurity attacks, Cortex XSOAR®, for security orchestration, automation, and response (“SOAR”), and Cortex Xpanse®, for ASM.

•Cloud Security. We deliver comprehensive security across the cloud application development lifecycle through Cortex Cloud, delivered as a scalable SaaS offering. As a comprehensive Cloud Native Application Protection Platform (“CNAPP”) combined with CDR, Cortex Cloud secures multi- and hybrid-cloud environments for applications, data, generative AI (“GenAI”) ecosystem, and the cloud native technology stack across the full development lifecycle, from code to cloud to security operations. As part of the Cortex Cloud platform, customers can expand from Cortex Cloud to our security operations offerings available on a single user experience and unified agent. We also offer our VM-Series and CN-Series virtual firewalls for inline network security on multi- and hybrid-cloud environments.

- 4 -

Table of Contents

Threat Intelligence and Advisory Services

•Unit 42® brings together world-renowned expertise across threat research, incident response, and security consulting to deliver intelligence-driven, response-ready outcomes that help customers reduce cyber risk. Our elite consultants serve as trusted advisors to our customers by assessing and testing their security controls against sophisticated threats, transforming their security strategy with a threat-informed approach, and responding to security incidents on behalf of our clients. Additionally, Unit 42 offers managed detection and response (“MDR”) and managed threat hunting services.

Products and Services

NETWORK SECURITY

Secure Access Service Edge

•Prisma Access. Prisma Access is a cloud-delivered security offering that helps organizations deliver consistent AI-driven security to remote networks and mobile users. With more than 100 locations around the world, Prisma Access offers global coverage, consistently inspecting all traffic across all ports and providing bidirectional networking to enable branch-to-branch and branch-to-headquarter traffic. Prisma Access consolidates point products into a single cloud-delivered solution, transforming network security and allowing organizations to enable secure hybrid work. Prisma Access protects all application traffic with complete, best-in-class security while also delivering a seamless user experience with industry-leading service-level agreements (“SLA”s). With native SASE integration, Prisma Access Browser extends Zero Trust to any device—managed or unmanaged—in minutes. Prisma Access delivers seamless user experience with a combination of application acceleration—up to 5x faster than direct-to-internet—and Autonomous Digital Experience Management.

•Prisma SD-WAN. Our Prisma SD-WAN solution is a next-generation SD-WAN solution that makes the secure cloud-delivered branch possible. Prisma SD-WAN enables organizations to replace traditional wide area network (“WAN”) architectures with affordable broadband and internet transport types that promote improved bandwidth availability, redundancy and performance at a reduced cost. Prisma SD-WAN leverages real-time application performance SLAs and visibility to control and intelligently steer application traffic to deliver a powerful user experience. Prisma SD-WAN also provides the flexibility of deploying with an on-premises controller to help businesses meet their industry-specific security compliance requirements and manage deployments with application-defined policies. Our Prisma SD-WAN simplifies network and security operations using AI and automation.

Next-Generation Firewalls. Our hardware and software ML-Powered Next Generation Firewalls use AI—including machine learning and deep learning—to stop zero-day threats in real time, and detect and secure the entire enterprise including Internet of Things (“IoT”). All of our hardware and software firewalls incorporate the PAN-OS® operating system and include the same rich set of features, ensuring consistent operation across our entire product line. This includes SD-WAN capabilities to intelligently steer traffic to data centers, branches, and the cloud, natively integrated into our Next-Generation Firewalls. Enterprise data, applications, users, and devices become integral components of an organization’s security policy. Our hardware and software are designed for different performance requirements throughout an organization—with the ability to secure everything from small businesses and branch offices, to large-scale data centers and service providers. Our firewalls come in hardware form factors, containerized form factors, called CN-Series, as well as virtual form factors, called VM-Series, available on all major cloud hosting service providers. We also offer Cloud NGFW, a managed NGFW offering, to secure customers’ applications on Amazon Web Services (“AWS”) and Microsoft Azure (“Azure”).

Cloud-Delivered Security Services

•Advanced Threat Prevention. This cloud-delivered security service provides intrusion detection and prevention capabilities and blocks vulnerability exploits, viruses, spyware, buffer overflows, denial-of-service attacks, and port scans from compromising and damaging enterprise information resources. In addition, we offer inline deep learning to deliver real-time detection and prevention of unknown, evasive, and targeted command-and-control (“C2”) communications over HTTP, unknown-TCP, unknown-UDP, and encrypted over SSL. Advanced Threat Prevention is the industry’s only offering to protect the enterprise from unknown command and control in real-time with the power of Precision AITM.

•Advanced WildFire. This cloud-delivered security service provides protection against targeted malware and advanced persistent threats and provides a near real-time analysis engine for detecting previously unseen malware while resisting attacker evasion techniques. Advanced WildFire combines dynamic and static analysis, recursive analysis, and a custom-built analysis environment with network traffic profiling and fileless attack detection to discover even the most sophisticated and evasive threats. Preventions are delivered in seconds to our network security platform.

- 5 -

Table of Contents

•Advanced URL Filtering. This cloud-delivered security service offers the industry’s first Inline Deep Learning powered web protection engine. We deliver real-time detection and prevention of unknown, evasive, and targeted web-based threats, such as phishing. In addition, the service includes a cloud-based URL filtering database which consists of millions of URLs across many categories and is designed to analyze web traffic and prevent web-based threats, such as phishing, malware, and C2.

•Advanced DNS Security. This cloud-delivered security service uses machine learning to proactively block malicious domains and stop attacks in progress. The service allows our network security platform access to Domain Name System (“DNS”) signatures that are generated using advanced predictive analysis, machine learning, and malicious domain data from a growing threat intelligence sharing community of which we are a part of. We offer comprehensive DNS attack coverage and include industry-first protections against multiple emerging DNS-based network attacks, including real-time analysis of DNS response to prevent DNS hijacking.

•IoT/OT Security. This cloud-delivered security service uses machine learning to accurately identify and classify various IoT and operational technology (“OT”) devices, including never-been-seen-before devices, mission-critical OT devices, and unmanaged legacy systems. The service uses machine learning to baseline normal behavior, identify anomalous activity, assess risk, and provide policy recommendations.

•SaaS Security API. SaaS Security API is a multi-mode, cloud access security broker (“CASB”) that helps govern sanctioned SaaS application usage across all users and helps prevent breaches and non-compliance. Specifically, the service enables the discovery and classification of data stored in supported SaaS applications, protects sensitive data from accidental exposure, identifies and protects against known and unknown malware, and performs user activity monitoring to identify potential misuse or data exfiltration. The solution can be combined with SaaS Security Inline for a complete integrated CASB.

•SaaS Security Inline.

Loading financial statements...

Financial statements

data from SEC XBRL filings. Values are as-reported; restatements supersede originals. Values reported in .

From 10-Q filed 2026-06-03 (period ending 2026-04-30).

Table of Contents

Item 2. Management’s Discussion and Analysis of Financial Condition and Results of Operations

The following discussion and analysis of our financial condition and results of operations should be read in conjunction with our condensed consolidated financial statements and related notes appearing elsewhere in this Quarterly Report on Form 10-Q. This Quarterly Report on Form 10-Q, including, without limitation, the following discussion and analysis, contains forward-looking statements within the meaning of Section 27A of the Securities Act of 1933 and Section 21E of the Securities Exchange Act of 1934. Forward-looking statements generally can be identified by words such as “anticipate,” “believe,” “continue,” “could,” “estimate,” “expect,” “intend,” “may,” “plan,” “potentially,” “projects,” “will,” “will be,” “will continue,” “will likely result,” “would” and similar expressions that convey uncertainty of future events or outcomes. These forward-looking statements include, but are not limited to, statements concerning the following: expectations regarding the cybersecurity landscape; expectations regarding our platformization strategy and related progress and opportunities; expectations regarding annual recurring revenue, remaining performance obligations, and product development strategy; expectations regarding artificial intelligence; expectations regarding our strategic partnerships; expectations regarding drivers of and factors affecting growth in our business; statements regarding expected profitability, trends in annual recurring revenue, trends in remaining performance obligations, our mix of product and subscription and support revenue, cost of revenue, gross margin, cash flows, operating expenses, including future share-based compensation expense, income taxes, investment plans, and liquidity; expected recurring revenues resulting from growth in our end-customers and increased adoption of our products and cloud-delivered security solutions; the performance advantages of our products and subscription and support offerings and the potential benefits to our customers; expectations regarding future investments in research and development and product development, customer support, in our employees and in our sales force, including expectations regarding growth in our sales headcount; expectations that we will continue to expand our global presence; expectations regarding our revenues, including the seasonality and cyclicality from quarter to quarter; expectations relating to our customer financing activities; the sufficiency of our cash flow from operations with existing cash, cash equivalents, and investments to meet our cash needs for the foreseeable future; our ability to successfully acquire and integrate companies and assets and expectations and intentions with respect to the assets, products and technologies that we acquire; expectations regarding the benefits and synergies from our acquisition and integration of companies, assets and technology, including with respect to our acquisition of CyberArk Software Ltd.; expectations regarding contingent consideration obligations; expectations regarding the change in the fair value of our convertible senior notes and capped call transactions and its impact on us and our financial results; statements regarding our competition, including the expanded scope of our competitors as a result of entering into new product and service categories; the timing and amount of capital expenditures and share repurchases; the effects of worldwide economic and geopolitical conditions, including but not limited to hostilities in Israel, Iran, and the surrounding regions, inflation, interest rate levels, public or administration policies, trade regulations, trade policy, growth rates and other conditions, on our operating and financial results and performance; the manufacture, delivery and cost of certain of our products; the effects of litigation or regulatory developments involving us or affecting our industry; our or our subsidiaries’ debt repayment obligations; and other statements regarding our future operations, financial condition and prospects, and business strategies. These forward-looking statements are based on current expectations and assumptions that are subject to risks and uncertainties, which could cause our actual results to differ materially from those anticipated or implied by any forward-looking statements. Factors that could cause or contribute to such differences include, but are not limited to, those discussed in this Quarterly Report on Form 10-Q and, in particular, the risks discussed under the caption “Risk Factors” in Part II, Item 1A of this report and those discussed in other documents we file with the Securities and Exchange Commission (“SEC”) from time to time. We undertake no obligation to revise or publicly release the results of any revision to these forward-looking statements, except as required by law. Given these risks and uncertainties, readers are cautioned not to place undue reliance on such forward-looking statements.

Our Management’s Discussion and Analysis of Financial Condition and Results of Operations (“MD&A”) is organized as follows:

•Overview. A discussion of our business and overall analysis of financial and other highlights in order to provide context for the remainder of MD&A.

•Key Financial Metrics. A summary of our U.S. GAAP and non-GAAP key financial metrics, which management monitors to evaluate our performance.

•Results of Operations. A discussion of the nature and trends in our financial results and an analysis of our financial results comparing the three and nine months ended April 30, 2026 to the three and nine months ended April 30, 2025.

•Liquidity and Capital Resources. An analysis of changes on our balance sheets and cash flows, and a discussion of our financial condition and our ability to meet cash needs.

•Critical Accounting Estimates. A discussion of our accounting policies that require critical estimates, assumptions, and judgments.

•Recent Accounting Pronouncements. A discussion of expected impacts of impending accounting changes on financial information to be reported in the future.

- 26 -

Table of Contents

Overview

Our mission is to be the cybersecurity partner of choice for enterprises, organizations, service providers, and government entities to protect our digital way of life. Our cybersecurity platforms and services help secure enterprise users, networks, clouds, endpoints, and identities by delivering comprehensive cybersecurity backed by artificial intelligence (“AI”) and automation. A key element of our strategy is to help our customers simplify their security architectures through consolidating disparate point products. We execute on this strategy by developing our capabilities and packaging our offerings into platforms which are able to cover many of our customers’ needs in the markets in which we operate. Our platformization strategy combines various products and services into a tightly integrated architecture for more secure, faster and cost-effective outcomes.

Network Security

Our network security platform is designed to deliver complete zero trust solutions to our customers. The platform includes:

•Secure Access Service Edge (“SASE”). Prisma® Access, when combined with Prisma SD-WAN, provides a comprehensive SASE offering that secures users working from anywhere and on any device, and pioneers the modernization of branch offices. Prisma Browser further extends zero-trust security and data protection to the browser, where the majority of work is done today, providing users with the freedom to work securely using our secure browser from any device.

•Cloud-Delivered Security Services (“CDSS”). Our network security platform integrates a suite of CDSS that complements our SASE and Firewall solutions. These include Advanced Threat Prevention, Advanced WildFire®, Advanced URL Filtering, Advanced DNS Security, Device Security, GlobalProtect®, Prisma Access Agent, Enterprise Data Loss Prevention (“Enterprise DLP”), AI for IT Operations (“AIOps”), Software as a Service (“SaaS”) Security, and AI Access Security. Through these add-on services, our customers are able to secure their content, applications, users, and devices across their entire organization.

•Prisma AIRS. Prisma AIRS™ is a comprehensive AI security platform designed to protect customers’ entire AI ecosystem by providing AI Model Security, AI Posture Management, AI Red Teaming, AI Runtime Security, and AI Agent Security.

•Strata Cloud Manager (“SCM”). SCM, our network security management solution, centrally manages network security across all remote workers, branches, headquarters, campuses, and cloud. This comprehensive solution includes Strata Copilot, which offers a natural language interface for enhanced insights and guided remediation, and integrates Autonomous Digital Experience Monitoring (“ADEM”) to proactively maintain infrastructure health, facilitate AI-driven one-click troubleshooting, and ensure seamless end-user performance across the enterprise.

Security Operations

•Security Operations. We deliver the next generation of security operations capabilities that unifies standalone Security Information and Event Management (“SIEM”) tools, endpoint security, security automation, cloud detection and response (“CDR”), as well as attack surface management (“ASM”) capabilities on our Cortex® platform. These include Cortex XSIAM®, for AI-powered security operations replacing traditional SIEM tools; Cortex XDR®, for the prevention, detection, and response to complex cybersecurity attacks; Cortex XSOAR®, for security orchestration, automation, and response (“SOAR”); Cortex Xpanse®, for ASM; and our recent acquisition of Koi Security Ltd. (“Koi”) for agentic endpoint security. Additionally, Cortex XSIAM integrates with the Chronosphere Telemetry Pipeline to ingest and optimize massive data volumes, promoting cost-effective scaling of autonomous operations.

- 27 -

Table of Contents

Observability

Chronosphere, our next-generation observability platform, delivers real-time visibility and monitoring across cloud-native infrastructure, applications, and AI workloads. Purpose-built to handle the massive data volumes of the AI era, Chronosphere enables organizations to maintain system resilience and uptime with high cost-efficiency and reliability.

•Chronosphere Platform. Our observability platform provides comprehensive visibility into complex digital environments and automated troubleshooting of issues. It allows customers to transition from passive monitoring to proactive management of their entire digital estate.

•Chronosphere Telemetry Pipeline. Our telemetry pipeline acts as an intelligent control layer that filters, transforms, and routes data. This helps reduce data volumes, enabling customers to cost-effectively scale their security and observability posture.

Identity Security

Idira™, our next-generation identity security platform, is designed to secure human, agentic and machine identities across the enterprise with intelligent privilege controls and continuous threat prevention. By unifying identity access management, privilege access management and identity governance and administration, organizations can continuously discover and protect against identity risk throughout the end-to-end identity lifecycle. The platform includes:

•Workforce Identity Security. Our solutions apply identity assurance and modern access controls for the entire workforce, including through adaptive multi-factor authentication, single sign-on, secure browsing, web session protection, workforce password management, and automated identity lifecycle management. Our approach enforces least privilege by elevating access only when required.

•Information Technology (“IT”) and Developer Identity Security (Modern Privilege Access Management). Our solutions secure high-risk access for IT administrators, third-party vendors, developers, and cloud operations teams across hybrid and multi-cloud environments, delivering just-in-time privileged access, session isolation, credential protection, and zero standing privileges while providing native, secure access to cloud services, workloads, and development and operations pipelines. Organizations can eliminate excessive permissions, automate access to dynamic cloud resources, and maintain developer velocity while strengthening identity controls across infrastructure and application environments.

•Machine Identity Security. Our solutions secure the growing volume of non-human identities—such as workloads, applications, containers, service accounts, certificates, and keys, including through centralized discovery and management of secrets, certificate lifecycle automation, workload identity issuance, public key infrastructure-as-a-service, Kubernetes certificate management, and secure code signing.

•Identity Governance and Administration (“IGA”). IGA enables visibility into entitlements, automated joiner–mover–leaver processes, access certification, and ongoing identity compliance. AI-supported policy automation helps organizations govern access at scale and enforce a zero-trust model across all identities.

•AI Agents Security. Our solution discovers AI agents, assigns identity attributes, and restricts their access to task-specific resources. It helps monitor and record agent activity for audit purposes, allows organizations to suspend or revoke access if behavior deviates from expected norms, and governs the lifecycle of the agent and the actions taken to support compliance.

Threat Intelligence and Advisory Services

•Unit 42 brings together world-renowned expertise across threat research, incident response, and security consulting to deliver intelligence-driven, response-ready outcomes that help customers reduce cyber risk. Our elite consultants serve as trusted advisors to our customers by assessing and testing their security controls against sophisticated threats, transforming their security strategy with a threat-informed approach, and responding to security incidents on behalf of our clients. Additionally, Unit 42 offers managed detection and response (“MDR”) and managed threat hunting services. In April 2026, we launched a new suite of Unit 42 Frontier AI Defense services to help customers proactively discover and neutralize threats introduced by next-generation AI models.

For the third quarter of fiscal 2026 and 2025, total revenue was $3.0 billion and $2.3 billion, respectively, representing year-over-year growth of 31%. Our growth reflects the increased adoption of our portfolio, which consists of product, subscriptions, and support, and our recent acquisitions. We believe our portfolio will enable us to benefit from recurring revenues and new revenues as we continue to grow our end-customer base. As of April 30, 2026, we had end-customers in over 180 countries. Our end-customers represent a broad range of industries, including education, energy, financial services, government entities, healthcare, Internet and media, manufacturing, public sector, and telecommunications, and include almost all of the Fortune 100 companies and a majority of the Global 2000 companies. We maintain a field sales force that works closely with our channel partners in developing sales opportunities. We primarily use a two-tiered, indirect fulfillment model whereby we sell our products, subscriptions, and support to our distributors, which, in turn, sell to our resellers, which then sell to our end-customers.

- 28 -

Table of Contents

Our product revenue grew to $594 million, or 19.8% of total revenue, for the third quarter of fiscal 2026, representing year-over-year growth of 31%. Product revenue is derived from sales of hardware products, primarily our ML-Powered Next-Generation Firewall and software licenses, including SD-WAN, VM-Series, and Panorama®. In connection with the acquisition of CyberArk Software Ltd. (“CyberArk”) in February 2026, our product revenue also includes on-premise software licenses of certain identity security offerings. Our ML-Powered Next-Generation Firewall incorporates our PAN-OS operating system, which provides a consistent set of capabilities across our entire network security product line. Our hardware products and software licenses include a broad set of built-in networking and security features and functionalities. Our products are designed for different performance requirements throughout an organization, ranging from our PA-400, which is designed for small organizations and remote or branch offices, to our top-of-the-line PA-7500, which is designed for large-scale data centers and service provider use. The same firewall functionality that is delivered in our hardware products is also available in our VM-Series virtual firewalls, which secure virtualized and cloud-based computing environments, and in our CN-Series container firewalls, which secure container environments and traffic.

Our subscription and support revenue grew to $2.4 billion, or 80.2% of total revenue, for the third quarter of fiscal 2026, representing year-over-year growth of 31%. Our subscriptions provide our end-customers with near real-time access to the latest intrusion prevention, web security, modern malware prevention, data loss prevention, cloud security access broker and AI security capabilities across the network, endpoints, and the cloud. Our subscriptions also include security operations, which enable customers to leverage the AI-powered Cortex platform for advanced capabilities such as security information and event management, next-generation antivirus, endpoint detection and response, extended detection and response, identity threat detection and response, cloud detection and response, SOAR, ASM, and CNAPP for comprehensive cloud security. In connection with our acquisition of Chronosphere, Inc. (“Chronosphere”) in January 2026, our subscriptions also include a next-generation observability platform for cloud-native infrastructure and applications as well as telemetry pipeline management that is designed to handle vast cloud data volumes with cost-efficiency and reliability. With the acquisition of CyberArk, our subscriptions include a next-generation identity security platform designed to secure human, AI, and machine identity across the enterprise with intelligent privilege controls and continuous threat prevention. Additionally, we offer MDR for Cortex subscriptions, powered by Unit 42’s elite expertise. When customers purchase our physical, virtual, or container firewalls, or certain cloud offerings, they typically purchase support in order to receive ongoing security updates, upgrades, bug fixes, and repairs. In addition to the subscriptions purchased with these firewalls, customers may also purchase other subscriptions on a per-user, per-endpoint, or capacity-based basis. We also offer professional services, including incident response, risk management, digital forensic services, and technical account management.

We continue to invest in innovation as we evolve and further extend the capabilities of our portfolio, as we believe that innovation and timely development of and investment in new features and products are essential to meeting the needs of our end-customers and improving our competitive position. For example, we launched Next-Generation Trust Security that unifies certificate lifecycle management and Prisma AIRS 3.0 that discovers, assesses, and protects agentic AI. On February 11, 2026, we completed the acquisition of CyberArk, forming our next-generation identity security platform. Additionally, on April 14, 2026, we completed the acquisition of Koi, to add agentic endpoint security capabilities to our security operations platform and enhance Prisma AIRS. On May 29, 2026, we completed the acquisition of Portkey, Inc., a privately-held AI Gateway company, to enhance our Prisma AIRS capabilities.

We believe that the growth of our business and our short-term and long-term success are dependent upon many factors, including our ability to extend our technology leadership, grow our base of end-customers, expand deployment of our portfolio and support offerings within existing end-customers, focus on end-customer satisfaction, and address any product vulnerabilities. To manage any future growth effectively, we must continue to improve and expand our information technology and financial infrastructure, our operating and administrative systems and controls, and our ability to manage headcount, capital, and processes in an efficient manner. While these areas present significant opportunities for us, they also pose challenges and risks that we must successfully address in order to sustain the growth of our business and improve our operating results. For additional information regarding the challenges and risks we face, see the “Risk Factors” section in Part II, Item 1A of this Quarterly Report on Form 10-Q.

IMPACT OF MACROECONOMIC DEVELOPMENTS AND OTHER FACTORS ON OUR BUSINESS

Our overall performance depends in part on worldwide economic and geopolitical conditions and their impact on customer behavior. Changes in legislation or regulations and actions by regulators, including changes in enforcement and administration policies, may have an impact on our results of operations and financial condition. Significant changes in U.S. or global trade policy, including further expansion of U.S. export/imports controls and tariffs, as well as retaliatory actions by other countries, may materially and adversely affect our business. Further, economic conditions, including inflation, high interest rates, slow growth, fluctuations in foreign exchange rates, supply chain disruptions, including increased memory, storage or other component shortages, impacts of trade regulations or international trade disputes, and other conditions, may adversely affect our results of operations and financial performance.

The hostilities in Israel, Iran and the surrounding region have continued to result in economic and political uncertainty. While we have business operations in Israel, and intend to continue growing our presence in Israel, we currently do not expect significant business disruption. We are actively monitoring, evaluating, and responding to the situation.

We are also monitoring the impact of inflationary pressures and the tensions between China and Taiwan, and between the U.S. and China, which could have an adverse impact on our business or results of operations in future periods.

- 29 -

Table of Contents

Key Financial Metrics

We monitor the key financial metrics set forth in the tables below to help us evaluate growth trends, establish budgets, measure the effectiveness of our sales and marketing efforts, and assess operational efficiencies. We discuss revenue, gross margin, and the components of operating income (loss) and margin below under “Results of Operations.”

	April 30, 2026		July 31, 2025
	(in billions)
Next-Generation Security Annualized Recurring Revenue	$	8.1	$	5.6
Remaining performance obligations	$	18.4	$	15.8

	Three Months Ended April 30,						Nine Months Ended April 30,
	2026			2025			2026			2025
	(dollars in millions)
Total revenue	$	3,002		$	2,289		$	8,070		$	6,685
Total revenue year-over-year percentage increase	31		%	15		%	21		%	15		%
Gross margin	67.6		%	72.9		%	71.5		%	73.5		%
Operating income (loss)	$	(183)		$	219		$	523		$	746
Operating margin	(6.1)		%	9.6		%	6.5		%	11.2		%
Cash flow provided by operating activities							$	3,196		$	2,695
Free cash flow (non-GAAP)							$	2,859		$	2,535

•Next-Generation Security Annualized Recurring Revenue (“NGS ARR”). Our NGS ARR represents the annualized allocated revenue of all active contracts as of the final day of the reporting period related to all product, subscription and support offerings, excluding revenue from hardware products, and legacy attached subscriptions, support offerings and professional services. NGS ARR is an operating metric that we use to assess the strength and trajectory of our business. NGS ARR should be viewed independently of revenue, deferred revenue and remaining performance obligations and does not represent our revenue under U.S. GAAP on an annualized basis, as it is an operating metric that can be impacted by contract start and end dates and renewal rates. NGS ARR is not intended to be a replacement for forecasts of revenue. The scope of products, subscriptions, and support offerings that contribute to NGS ARR will generally increase over time as we introduce or acquire new next-generation products, subscriptions, and support offerings.

•Cash Flow Provided by Operating Activities. We monitor cash flow provided by operating activities as a measure of our overall business performance. Our cash flow provided by operating activities is driven in large part by sales of our products and from up-front payments for subscription and support offerings. Monitoring cash flow provided by operating activities enables us to analyze our financial performance without the non-cash effects of certain items such as share-based compensation costs, depreciation, and amortization, thereby allowing us to better understand and manage the cash needs of our business.

- 30 -

Table of Contents

•Free Cash Flow (non-GAAP). We define free cash flow, a non-GAAP financial measure, as cash provided by operating activities less purchases of property, equipment, and other assets. We consider free cash flow to be an operating metric as well as a profitability and liquidity measure that provides useful information to management and investors about the amount of cash generated by the business after necessary capital expenditures. A limitation of the utility of free cash flow as a measure of our financial performance and liquidity is that it does not represent the total increase or decrease in our cash balance for the period. In addition, it is important to note that other companies, including companies in our industry, may not use free cash flow, may calculate free cash flow in a different manner than we do, or may use other financial measures to evaluate their performance, all of which could reduce the usefulness of free cash flow as a comparative measure. A reconciliation of free cash flow to cash flow provided by operating activities, the most directly comparable financial measure calculated and presented in accordance with U.S. GAAP, is provided below:

	Nine Months Ended April 30,
	2026		2025
	(in millions)
Free cash flow (non-GAAP):
Net cash provided by operating activities	$	3,196	$	2,695
Less: purchases of property, equipment, and other assets	337		160
Free cash flow (non-GAAP)	$	2,859	$	2,535
Net cash used in investing activities	$	(2,098)	$	(1,442)
Net cash used in financing activities	$	(1,005)	$	(405)

- 31 -

Table of Contents

Results of Operations

The following table summarizes our results of operations for the periods presented and as a percentage of our total revenue for those periods based on our condensed consolidated statements of operations data. The period-to-period comparison of results is not necessarily indicative of results for future periods.

	Three Months Ended April 30,								Nine Months Ended April 30,
	2026				2025				2026				2025
	Amount		% of Revenue		Amount		% of Revenue		Amount		% of Revenue		Amount		% of Revenue
	(dollars in millions)
Revenue:
Product	$	594	19.8	%	$	453	19.8	%	$	1,542	19.1	%	$	1,228	18.4	%
Subscription and support	2,408		80.2	%	1,836		80.2	%	6,528		80.9	%	5,457		81.6	%
Total revenue	3,002		100.0	%	2,289		100.0	%	8,070		100.0	%	6,685		100.0	%
Cost of revenue:
Product	167		5.6	%	101		4.4	%	371		4.6	%	277		4.1	%
Subscription and support	807		26.8	%	518		22.7	%	1,926		23.9	%	1,495		22.4	%
Total cost of revenue(1)	974		32.4	%	619		27.1	%	2,297		28.5	%	1,772		26.5	%
Total gross profit	2,028		67.6	%	1,670		72.9	%	5,773		71.5	%	4,913		73.5	%
Operating expenses:
Research and development	734		24.5	%	494		21.6	%	1,773		22.0	%	1,480		22.1	%
Sales and marketing	1,161		38.7	%	793		34.5	%	2,804		34.7	%	2,271		34.0	%
General and administrative	316		10.5	%	164		7.2	%	673		8.3	%	416		6.2	%
Total operating expenses(1)	2,211		73.7	%	1,451		63.3	%	5,250		65.0	%	4,167		62.3	%
Operating income (loss)	(183)		(6.1)	%	219		9.6	%	523		6.5	%	746		11.2	%
Interest expense	—		—	%	(1)		—	%	—		—	%	(3)		—	%
Other income, net	27		0.9	%	93		4.0	%	282		3.5	%	261		3.8	%
Income (loss) before income taxes	(156)		(5.2)	%	311		13.6	%	805		10.0	%	1,004		15.0	%
Provision for income taxes	21		0.7	%	49		2.1	%	216		2.7	%	124		1.8	%
Net income (loss)	$	(177)	(5.9)	%	$	262	11.5	%	$	589	7.3	%	$	880	13.2	%

(1) Includes share-based compensation as follows:

	Three Months Ended April 30,				Nine Months Ended April 30,
	2026		2025		2026		2025
	(in millions)
Cost of product revenue	$	2	$	1	$	4	$	4
Cost of subscription and support revenue	50		32		114		95
Research and development	206		134		477		411
Sales and marketing	188		92		388		258
General and administrative	238		67		372		173
Total share-based compensation	$	684	$	326	$	1,355	$	941

- 32 -

Table of Contents

IMPACT OF ACQUISITIONS

On February 11, 2026, we completed our acquisition of CyberArk for a total purchase consideration of $21.1 billion. In connection with completing the acquisition, we paid approximately $2.3 billion in cash and issued 112 million shares of our common stock with a fair value of $18.5 billion. In addition, we issued $945 million of replacement equity awards, of which $265 million attributable to services performed prior to the acquisition date was allocated to purchase consideration.

The comparability of our operating results for the three and nine months ended April 30, 2026 compared to the same periods in 2025 was impacted by our recent acquisitions, including CyberArk. In discussions of our results of operations, we may qualitatively or quantitatively disclose the impact of our acquisitions on revenue, costs, and expenses for the one year period subsequent to the acquisition date where such discussions would be meaningful.

REVENUE

Our revenue consists of product revenue and subscription and support revenue. Revenue is recognized upon transfer of control of the corresponding promised products and subscriptions and support to our customers in an amount that reflects the consideration we expect to be entitled to in exchange for those products and subscriptions and support. We expect our revenue to vary from quarter to quarter based on seasonal and cyclical factors and business acquisitions.

PRODUCT REVENUE

Product revenue is derived from sales of hardware products, primarily our ML-Powered Next-Generation Firewall, and software licenses, including SD-WAN, VM-Series, Panorama, and certain identity security offerings. Our hardware products and software licenses include a broad set of built-in networking and security features and functionalities. We recognize product revenue at the time of hardware shipment or delivery of software license. As a percentage of product revenue, we expect our revenue from software licenses to vary from quarter to quarter and increase over the long term as we improve features and capabilities of our on-premise software, renew our software license contracts, and expand our installed end-customer base.

Three Months Ended April 30,				Nine Months Ended April 30,
2026	2025	Change		2026	2025	Change
Amount	Amount	Amount	%

Loading holders...

Held by

holders ( registered funds via N-PORT, institutional investors via 13F). Showing top by dollar value.

Holder	Type	ETF	MF	Position ($)	% of holder	Δ % of holder	Holder AUM

Recent insider activity

Last 90 days. Open-market trades (purchases & sales) by directors, officers, and 10%+ owners. 11 transactions across 6 insiders. Net: -12,959 shares, -$10,424,954.

Date	Insider	Role	Action	Shares	Price	Value
2026-06-12	Key John P.	Director	Sell	-7,500	$279.24	-$2,094,300
2026-06-12	Bawa Aparna indirect	Director	Sell	-536	$280.00	-$150,080
2026-06-11	Bawa Aparna indirect	Director	Sell	-555	$270.00	-$149,850
2026-06-10	Bawa Aparna indirect	Director	Sell	-377	$265.00	-$99,905
2026-06-01	Paul Josh D.	Chief Accounting Officer	Sell	-1,100	$285.08	-$313,588
2026-05-22	Klarich Lee	EVP Chief Product & Tech Ofcr	Sell	-62,904 ×12	$258.65	-$16,270,352
2026-05-20	Paul Josh D.	Chief Accounting Officer	Sell	-400	$236.95	-$94,780
2026-04-08	Key John P.	Director	Sell	-1,572	$173.32	-$272,459
2026-04-01	Golechha Dipak	EVP, Chief Financial Officer	Sell	-5,000 ×3	$160.42	-$802,077
2026-04-01	Paul Josh D.	Chief Accounting Officer	Sell	-1,100	$161.40	-$177,540
2026-03-27	Arora Nikesh	Chief Executive Officer	Buy	+68,085 ×2	$146.87	$9,999,977

Source: SEC Form 4 filings.

Next expected filings

~2026-08-28 10-K expected by 2026-09-27 (in 74 days)
~2026-11-19 10-Q expected by 2026-12-08 (in 157 days)
~2027-02-17 10-Q expected by 2027-03-08 (in 247 days)
~2027-06-02 10-Q expected by 2027-06-21 (in 352 days)

Predicted from historical filing cadence; not an SEC commitment.

Recent SEC filings

2026-06-03 10-Q Quarterly Report
2026-06-02 8-K Earnings Release; Financial Statements and Exhibits
2026-04-13 8-K Material Agreement Entered; Material Financial Obligation; Financial Statements and Exhibits
2026-03-23 8-K Other Events
2026-03-11 8-K Other Events; Financial Statements and Exhibits
2026-02-18 10-Q Quarterly Report
2026-02-17 8-K Earnings Release; Financial Statements and Exhibits
2026-02-11 8-K Material Agreement Entered; Material Financial Obligation; Other Events; Financial Statements and Exhibits
2025-12-11 8-K Officer/Director Change; Shareholder Vote Results; Financial Statements and Exhibits
2025-11-21 8-K Other Events
2025-11-20 10-Q Quarterly Report
2025-11-19 8-K Officer/Director Change; Financial Statements and Exhibits
2025-11-19 8-K Earnings Release; Regulation FD Disclosure; Other Events; Financial Statements and Exhibits
2025-09-26 S-4/A S-4/A
2025-09-25 8-K Other Events

Line item
Period ending