SentinelOne, Inc.
Loading chart...
ITEM 1. BUSINESS
Overview
Cybersecurity is indispensable to our digital way of life, with millions of cyberattacks resulting in trillions of dollars in damages. We are in the midst of a generational shift in cybersecurity, ushered in by the ongoing digital transformation of the enterprise and the rise of AI. Attacks can inflict damages that span operational disruption, leadership change, loss of customer trust, and intellectual property theft, among others. The persistence and speed of cyberattacks clearly shows that there is a long way to go from here. Enterprises must deploy solutions that enable them to stay one step ahead of attackers and address intrusion attempts in real-time at machine speed—empowering human operators with the speed, scale, visibility, and precision of technology.
We envisioned a revolutionary data and AI paradigm where technology alone could autonomously prevent, detect, and respond to cyberattacks. It is time to fight machine with machine. We pioneered the world’s first purpose-built AI-powered cybersecurity platform for autonomous defense. Our autonomous cybersecurity solutions are intelligent and data-driven systems that learn and evolve on their own—working to make the world more secure. By leveraging AI and our fully unified security data lake for analytics, our Singularity Platform instantly defends against cyberattacks—performing at a faster speed, greater scale, and higher accuracy than otherwise possible from any single human or even a crowd. Our generative AI technology, Purple AI, unifies the entire platform experience, supercharges the security operations, and delivers improved efficiency with threat-hunting capabilities across multiple attack vectors.
Our Singularity Platform ingests, correlates, and queries petabytes of structured and unstructured data from a myriad of ever-expanding disparate external and internal sources in real-time. We aim to build rich context and deliver greater visibility by constructing a dynamic representation of data across an organization. As a result, our AI models are able to be highly accurate, actionable, and autonomous. Our distributed AI models run both locally on every endpoint and every cloud workload, as well as on our cloud platform.
Furthermore, our Singularity Platform provides visibility across an organization’s digital assets through a fully-integrated console, making it easier and faster for security teams to search through petabytes of data to investigate incidents and hunt threats. Singularity is designed to offer multi-tenancy and can be deployed on a diverse range of environments that our customers choose, including public, private, or hybrid clouds.
For each endpoint, cloud workload, user identity and security data lake, we are able to run highly optimized AI models in a single lightweight software agent. Our Static AI model can predict file-based attacks of all types, even previously unknown threats, often referred to as “zero-day” attacks, with extreme precision in milliseconds. Our Behavioral AI can model, map, monitor, and link all behaviors to create rich, contextual narratives that we call Storylines. These high-fidelity Storylines are continuously evaluated by our Behavioral AI model, which contributes to our best-in-class detection capabilities. Our generative AI empowers security teams to unify, accelerate, and simplify security operations. When activity is deemed a threat, our software is designed to autonomously take action to stop the attack. Because Storylines contain a complete record of unauthorized changes made during an attack, users can remediate or roll back unauthorized changes with a single click.
The power to turn back time on a device is unique in the market. It is the ultimate safety net and exemplifies autonomous cybersecurity. Therefore, our software can eliminate manual, expensive, and time-consuming incident cleanup. In the cloud, our platform can aggregate Storylines. Our Streaming AI can detect anomalies that surface when multiple data feeds are correlated with additional external and internal data. By providing full visibility into the Storyline of every secured device across the organization through one console, our platform enables analysts to quickly and easily search through petabytes of data to investigate incidents and proactively hunt threats.
Singularity’s protection and visibility extend across critical enterprise surfaces, including traditional endpoints, cloud workloads, identity credentials, unmanaged devices, and Internet of Things (IoT) devices. This can empower security analysts of all skill levels to hunt, investigate, and remediate even the most sophisticated threats across the network leveraging automated context provided by our AI-powered security. Our proprietary data stack, Singularity
4
Data Lake, and cloud architecture enable us to retain this rich, contextual data on behalf of our customers for extended periods of time in a highly cost-efficient manner. All of this threat intelligence is fed back into our AI models and Purple AI, further strengthening our algorithms and creating a strong flywheel effect that deepens our competitive moat.
Singularity can be flexibly deployed on the environments that our customers choose, including public, private, or hybrid clouds. Our feature parity across Windows, macOS, Linux, and Kubernetes offers best-of-breed protection, visibility, and control across today’s heterogeneous information technology (IT) environments. Together, these capabilities make our platform the logical choice for organizations of all sizes, industry verticals, and compliance requirements. Our platform offers true multi-tenancy, which enables the world’s largest organizations, managed security providers and incident response partners with an excellent management experience. Our customers are able to realize improved cybersecurity outcomes with fewer people.
Singularity is used globally by organizations of all sizes across a broad range of industries. Our AI and automation driven approach to cybersecurity has been adopted by some of the world’s largest organizations. As a result, we have grown rapidly since our inception. Our revenue for fiscal 2026 and 2025 was $1,001.3 million and $821.5 million, respectively, representing year-over-year growth of 22%. During this period, we continued to invest in growing our business to capitalize on our market opportunity. As a result, our net loss for fiscal 2026 was $450.7 million compared with a net loss of $288.4 million in fiscal 2025.
Industry Background
Cybersecurity is fundamentally a data problem. Advances in AI, specifically machine learning (ML), where algorithms use data to make decisions with minimal human intervention, are already revolutionizing fields such as healthcare, advertising, and securities trading. We believe that AI is ripe for revolutionizing cybersecurity. First, organizations need to ingest, normalize, and correlate petabytes of structured and unstructured data from a myriad of external and internal data in a cost efficient manner. Second, organizations need to apply powerful AI models to this high-fidelity contextual data to automatically detect known and unknown threats, then autonomously remediate and neutralize such threats. It is critical that we harness the power of data and AI to protect our digital way of life.
Stakes are high for organizations and cybercriminals alike. The exponential growth of sensitive customer and business data has simultaneously made many organizations and governments the target of highly sophisticated cybercriminals. Powered by very large networks of individual attackers distributed worldwide, cybercrime is practically infinite in scale and transcends geographical boundaries. To gain access to an organization’s data, cybercriminals target endpoints, applications, and user credentials and deploy a variety of sophisticated methods in the form of attack frameworks, ML, weaponized exploits, fileless techniques, and social engineering. As a result, solutions that help strengthen and scale cyber defenses cost effectively are a top-level priority for organizations today.
Tectonic shifts in IT require a “Zero Trust” operating procedure. With millions of remote devices accessing thousands of applications running in public, private and hybrid clouds, traditional perimeter-based security controls are bypassed, and organizations have to operate in a “Zero Trust” IT environment. The attack surface continues to expand rapidly, and the notion of a corporate perimeter protected by firewalls is a relic of the past, making endpoints and cloud workloads the epicenter, and protection software the first, and last, line of defense. Several tectonic shifts in IT have increasingly left companies vulnerable including:
•Rapid adoption of cloud computing. Cloud computing has become a strategic imperative for organizations to accelerate their digital transformation. Security and compliance are a shared responsibility model between cloud infrastructure providers and their customers, and organizations are looking for technology solutions that protect their growing cloud workloads while enabling flexible deployment options across public, private and hybrid clouds.
•The operating system landscape is more complex than ever before. The diversification of IT, the trend towards hybrid work environments, and bring your-own-device policies have brought Macs and other devices into today’s organizations. Organizations are looking for cybersecurity solutions that deliver
5
comprehensive defense capabilities and feature parity across a large variety of operating systems, including Windows, macOS, and Linux, without burdening their IT teams.
•Proliferation of connected devices. Billions of connected devices are online today and the numbers are only expected to increase. Many of these devices have little to no built-in security capabilities. Cybercriminals are increasingly exploiting inherent vulnerabilities in these devices to breach organizations. Unmanaged devices are especially vulnerable. As a result, the attack surface has exploded and visibility across connected devices and continuous assessment of their risk profiles have become top priorities for organizations.
•Remote and hybrid work is here to stay. As companies continue to adopt and maintain remote and hybrid work practices, the risk of cyberattacks has increased. As a result of the accelerated structural shift towards a distributed workforce, organizations are increasingly looking for cybersecurity solutions that safeguard their remote workforce and employee credentials.
Sophisticated AI-based cyberattacks circumvent existing security controls. Cyberattacks have evolved from malware to highly sophisticated, organized and large-scale attacks by malicious insiders, criminal syndicates, and nation-states seeking to circumvent existing security controls and undermine critical societal functions through a variety of attacks. Modern attacks are fast acting and can breach organizations, exfiltrate data, demand ransoms, and disrupt operations within seconds. Alternatively, some attacks, such as advanced persistent attacks and targeted attacks, are designed to breach organizations and stealthily infiltrate across assets, steal data, facilitate future attacks, or cause other harm over a long period while operating undetected. In addition, threat actors are using generative AI to increase the sophistication, frequency, and speed of cyberattacks. The new challenges in the security landscape require autonomous security powered by AI and ML.
Cybersecurity teams are unable to scale. While the number of connected devices, applications and cyber threats have increased exponentially, organizations are facing an acute shortage of skilled cybersecurity talent. The large number of security solutions that companies have deployed over time generate large volumes of alerts that overwhelm security teams as they must sift through and analyze. Out of necessity, organizations are demanding solutions that do not require human intervention to prevent, detect, and remediate cyber threats.
Limitations of Legacy Solutions
Organizations must deploy solutions that enable them to stay one step ahead of attackers and address intrusion attempts in real-time. As attackers up the ante by developing new skills and deploying new tactics and techniques, legacy tools are often unable to prevent and respond effectively to breaches. The result is a rising number of successful high-profile attacks.
Key limitations of legacy tools are that they:
•Cover a limited spectrum of cyber threats. Legacy tools, such as signature-based approaches, human-powered monitoring, application whitelisting and sandboxing, are each effective under limited circumstances, but lack the ability to detect the full spectrum of threats that organizations face. For example, signature-based approaches can detect attacks that have been seen previously, but are incapable of preventing a wide range of attacks, such as unknown malware, ransomware, modified versions of previously known attacks and the exploitation of zero-day vulnerabilities. They also lack the ability to detect and prevent an increasing number of fileless attacks, that deposit no malware, but instead exploit operating system vulnerabilities and use trusted tools within IT environments. In general, we believe enterprises need to take a more holistic view of security protection across endpoints, cloud environments, and identity credentials. A unified AI-based platform approach is needed to deliver comprehensive protection, visibility, and user experience. As a result, despite deploying a myriad of point solutions, organizations have continued to suffer huge losses from cyberattacks.
•Utilize AI approaches that rely on humans to power protection mechanisms. First-generation AI tools cannot handle the volume, variety, and velocity of data that must be ingested and analyzed, in real-time, to effectively prevent breaches. These tools often rely on ineffective pattern-matching algorithms in the cloud
6
that generate so much “noise” that human intervention is required to extract useful “signals.” Without curated, contextual data, these tools generate more alerts that need to be analyzed by humans. They cannot take action at machine speed and are thus unable to detect and prevent or stop many fast-acting attacks. Additionally, due to communication latency with the cloud, these tools cannot generate actionable insights in real-time, which is required to stop many current threats.
•Lack long-term data visibility to proactively investigate advanced threats. Many existing detection and response tools lack the capability to store large sets of historical data cost efficiently, and consequently often only offer limited data retention capabilities. This results in only partial datasets being available for threat hunting and time bound retrospective forensic analysis. Limited historical data makes full incident investigation challenging for security personnel, as they are unable to go back in time and see how the attack breached the organization and progressed.
•Struggle to protect complex modern IT environments. Legacy tools were not designed to protect today’s multi-cloud, multi-device, and multi-operating system IT environments. Vendors have extended their existing solutions by bolting on functionalities, which has led to a wide disparity of capabilities across endpoints and operating systems. Legacy tools further lack the ability to identify unmanaged IoT devices which often have very limited, if any, built-in security capabilities and can be used by attackers to access the networks of target organizations. This lack of unified visibility and control over endpoints, cloud workloads, and IoT devices results in gaps in security coverage for organizations.
•Lack deployment flexibility for organizations. Organizations struggle with the limited deployment methods mandated by legacy tools. On-premise tools impose complexity and maintenance burdens on organizations. These tools typically lack the ability to quickly adapt to organizations’ rapidly evolving IT environments, which requires significant upfront investments and configuration and integration efforts. On the other hand, cloud-only cybersecurity vendors are unsuitable for many large and complex enterprises and governments that need private or hybrid cloud solutions to meet their security, regulatory, and compliance requirements.
•Inhibit technology workflow automation.
Loading financial statements...
Financial statements
data from SEC XBRL filings. Values are as-reported; restatements supersede originals. Values reported in .
| Line item |
|---|
| Period ending |
ITEM 7. MANAGEMENT’S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION AND RESULTS OF OPERATIONS
The following discussion and analysis of our financial condition and results of operations should be read in conjunction with our consolidated financial statements and related notes appearing elsewhere in this Annual Report on Form 10-K. Some of the information contained in this discussion and analysis or set forth elsewhere in this Annual Report on Form 10-K, particularly information with respect to our future results of operations or financial condition, business strategy and plans, and objectives of management for future operations, includes forward-looking statements that involve risks and uncertainties as described under the heading “Special Note About Forward-Looking Statements” in this Annual Report on Form 10-K. You should review the disclosure under the heading “Risk Factors” in this Annual Report on Form 10-K for a discussion of important factors that could cause our actual results to differ materially from those anticipated in these forward-looking statements. Our fiscal year ends on January 31, and our fiscal quarters end on April 30, July 31, October 31, and January 31. Our fiscal years ended January 31, 2026, 2025, and 2024 are referred to herein as fiscal 2026, fiscal 2025, and fiscal 2024, respectively.
Unless the context otherwise requires, all references in this report to “SentinelOne,” the “Company,” “we” “our” “us,” or similar terms refer to SentinelOne, Inc. and its subsidiaries.
A discussion regarding our financial condition and results of operations for fiscal 2026 compared to fiscal 2025 is presented below. A discussion regarding our financial condition and results of operations for fiscal 2025 compared to fiscal 2024 can be found in “Management’s Discussion and Analysis of Financial Condition and Results of Operations” in the Form 10-K for the fiscal year ended January 31, 2025 filed with the SEC on March 26, 2025.
65
Overview
We founded SentinelOne in 2013 with a dramatically new approach to cybersecurity.
We pioneered the world’s first purpose-built AI-powered security platform to make cyber defense truly autonomous, from the endpoint and beyond. Our Singularity Platform instantly defends against cyberattacks — performing at a faster speed, greater scale, and higher accuracy than otherwise possible from a human-powered approach.
Our Singularity Platform ingests, correlates, and queries petabytes of structured and unstructured data from a myriad of ever-expanding disparate external and internal sources in real-time. We aim to build rich context and deliver greater visibility by constructing a dynamic representation of data across an organization. As a result, our AI models are able to be highly accurate, actionable, and autonomous. Our distributed AI models run both locally on every endpoint and every cloud workload, as well as on our cloud platform. Our Static and vector-agnostic Behavioral AI models, which run on the endpoints themselves, provide our customers with protection even when their devices are not connected to the cloud. In the cloud, our Streaming AI can detect anomalies that surface when multiple data feeds are correlated. By providing full visibility into the Storyline of every secured device across the organization through one console, our platform can make it very fast for analysts to easily search through petabytes of data to investigate incidents and proactively hunt threats. We have extended our control and visibility planes beyond the traditional endpoint to unmanaged IoT devices.
Singularity can be flexibly deployed on the environments that our customers choose, including public, private, or hybrid clouds. Our feature parity across Windows, macOS, Linux, and Kubernetes offers best-of-breed protection, visibility, and control across today’s heterogeneous IT environments. Together, these capabilities make our platform the logical choice for organizations of all sizes, industry verticals, and compliance requirements. Our platform offers true multi-tenancy, which allows us to serve the world’s largest organizations, managed security providers and incident response partners. Our customers are able to realize improved cybersecurity outcomes with fewer people.
We generate most of our revenue by selling subscriptions to our Singularity Platform. We generally price our subscriptions and modules on a per agent basis, and each agent generally corresponds with an endpoint, server, virtual machine, or container.
Our subscription contracts typically range from one to three years. We recognize subscription revenue ratably over the term of a contract. Most of our contracts are for terms representing annual increments, therefore contracts generally come up for renewal in the same period in subsequent years. The timing of large multi-year enterprise contracts can create some variability in subscription order levels between periods, though the impact to our revenue in any particular period is limited as a result of ratable revenue recognition.
Our go-to-market strategy is focused on acquiring new customers and driving expanded usage of our platform by existing customers. Our sales organization is comprised of our enterprise sales, inside sales and customer solutions engineering teams. It leverages our global network of ISVs, alliance partners, and channel partners for prospect access. Additionally, our sales teams work closely with our customers, channel partners, and alliance partners to drive adoption of our platform, and our software solutions are fulfilled through our channel partners. Our channel partners include some of the world’s largest resellers and distributors, MSPs, MSSPs, MDRs, OEMs, and IR firms. Once customers experience the benefits of our platform, they often expand their subscriptions to benefit from the full range of our platform solutions. Additionally, many of our customers adopt Singularity Modules over time to extend the functionality of our platform and increase their coverage footprint. The combination of platform upgrades and extended modules drives our powerful land-and-expand motion.
Our Singularity Platform is used globally by organizations of all sizes across a broad range of industries. We had 1,667 customers with ARR of $100,000 or more as of January 31, 2026, up from 1,411 customers with ARR of $100,000 or more as of January 31, 2025. We define ARR as the annualized revenue run rate of our subscription, consumption and usage-based agreements at the end of a reporting period, assuming contracts are renewed on their existing terms for customers that are under contracts with us. As of January 31, 2026 and 2025, no single end
66
customer accounted for more than 3% of our ARR. Our revenue outside of the U.S. represented 39% and 37% for fiscal 2026 and 2025, respectively, illustrating the global nature of our solutions.
We have grown rapidly since our inception. Our revenue was $1,001.3 million, $821.5 million, and $621.2 million for fiscal 2026, 2025, and 2024, respectively, representing year-over-year growth of 22% and 32%, respectively. During this period, we continued to invest in growing our business to capitalize on our market opportunity. As a result, our net loss for fiscal 2026, 2025, and 2024 was $450.7 million, $288.4 million, and $338.7 million, respectively.
Impact of Global Macroeconomic and Geopolitical Conditions
Our overall performance depends in part on worldwide economic and geopolitical conditions and their impact on customer behavior. Worsening economic conditions, including inflation, interest rate volatility, slower growth, potential recession, significant political or regulatory developments including changes in trade policy, fluctuations in foreign exchange rates, actual or perceived instability in the global banking industry, potential uncertainty with respect to the federal debt ceiling and budget, government shutdowns, and other changes in economic conditions, and the impact of natural or man-made global events, including wars and other regional geopolitical armed conflict, such as the conflicts in the Middle East (including, but not limited to, the conflict in Iran) and Ukraine, and tensions between China and Taiwan, may result in decreased sales productivity and growth and adversely affect our results of operations and financial performance. As a result of the current macroeconomic environment, we have recently experienced certain impacts on our business, including a decline in usage and consumption patterns from certain customers, especially larger enterprise customers, longer sales cycles, and deal downsizing by new customers and of renewals by existing customers, especially larger enterprises.
We intend to continue to monitor global macroeconomic conditions closely and may determine to take certain financial or operational actions in response to such conditions to the extent our business begins to be adversely impacted.
We are unable to predict the full impact that macroeconomic or other geopolitical factors will have on our future results of operations, liquidity and financial condition due to numerous uncertainties, including the actions that may be taken by government authorities across the U.S. or other countries, changes in central bank policies and interest rates, rates of inflation, potential uncertainty with respect to the federal debt ceiling and budget, regional geopolitical conflicts, the impact to our customers, partners, and suppliers, and other factors described in the section titled “Risk Factors” in Part I, Item 1A of this Annual Report on Form 10-K.
Key Business Metrics and Non-GAAP Financial Measures
We monitor the following key metrics and non-GAAP financial measures to help us evaluate our business, identify trends affecting our business, formulate business plans, and make strategic decisions.
Revenue
We discuss revenue below under “Components of Our Results of Operations.”
| Year Ended January 31, | |||||||||||||||||
| 2026 | 2025 | 2024 | |||||||||||||||
| (in thousands) | |||||||||||||||||
Revenue | $ | 1,001,278 | $ | 821,461 | $ | 621,154 | |||||||||||
Non-GAAP operating income (loss)
In addition to our results determined in accordance with GAAP, we use non-GAAP operating income (loss) as part of our overall assessment of our performance, including the preparation of our annual operating budget and quarterly forecasts, to evaluate the effectiveness of our business strategies, and to communicate with our board of directors concerning our financial performance. We believe that non-GAAP operating income (loss) provides our management and investors consistency and comparability with our past financial performance and facilitates period-
67
to-period comparisons of operations, as this measure excludes, among other expenses, expenses that we do not consider to be indicative of our overall operating performance. Non-GAAP operating income (loss) is calculated as GAAP operating loss adjusted to exclude amortization of acquired intangible assets, acquisition-related compensation, stock-based compensation expense, payroll tax on employee stock transactions, and restructuring charges.
Non-GAAP operating income (loss) has limitations as an analytical tool, and should not be considered in isolation or as a substitute for financial information presented in accordance with GAAP, including GAAP operating loss. Other companies, including companies in our industry, may calculate similarly titled non-GAAP measures, including non-GAAP operating income (loss), differently or may use other measures to evaluate their performance, all of which could reduce the usefulness of our non-GAAP financial measures as tools for comparison. As a result, our non-GAAP operating income (loss) is presented for supplemental informational purposes only.
| Year Ended January 31, | |||||||||||||||||
| 2026 | 2025 | 2024 | |||||||||||||||
| (in thousands) | |||||||||||||||||
| Non-GAAP operating income (loss) | $ | 34,622 | $ | (25,421) | $ | (118,225) | |||||||||||
A reconciliation of non-GAAP operating income (loss) to GAAP operating loss, the most directly comparable financial measure calculated and presented in accordance with U.S. GAAP, is provided below:
| Year Ended January 31, | |||||||||||||||||||
| 2026 | 2025 | 2024 | |||||||||||||||||
| (in thousands) | |||||||||||||||||||
| GAAP operating loss | $ | (321,309) | $ | (329,359) | $ | (378,416) | |||||||||||||
| Stock-based compensation expense | 297,587 | 267,531 | 216,870 | ||||||||||||||||
| Employer payroll tax on employee stock transactions | 5,975 | 5,681 | 3,429 | ||||||||||||||||
| Amortization of acquired intangible assets | 32,301 | 27,020 | 28,363 | ||||||||||||||||
| Acquisition-related compensation | 7,225 | 3,706 | 3,043 | ||||||||||||||||
| Inventory write-offs due to restructuring | — | — | 720 | ||||||||||||||||
| Other restructuring charges | 12,843 | — | 7,766 | ||||||||||||||||
| Non-GAAP operating income (loss) | $ | 34,622 | $ | (25,421) | $ | (118,225) | |||||||||||||
Annualized Recurring Revenue
We believe that ARR is a key operating metric to measure our business because it is driven by our ability to acquire new subscription, consumption, and usage-based customers, and to maintain and expand our relationship with existing customers. ARR represents the annualized revenue run rate of our subscription, consumption, and usage-based agreements at the end of a reporting period, assuming contracts are renewed on their existing terms for customers that are under contracts with us. ARR is an operational metric and is not a non-GAAP metric. ARR is not a forecast of future revenue, which can be impacted by contract start and end dates, usage, renewal rates, and other contractual terms. For more information on how we recognize revenue, see Note 3, Revenue and Contract Balances to the consolidated financial statements included in Part II, Item 8, Financial Statements and Supplementary Data.
| As of January 31, | |||||||||||||||||
| 2026 | 2025 | 2024 | |||||||||||||||
| (in thousands) | |||||||||||||||||
| Annualized recurring revenue | $ | 1,119,095 | $ | 920,056 | $ | 724,404 | |||||||||||
68
ARR grew 22% year-over-year to $1,119.1 million for fiscal 2026, primarily driven by a combination of new customer additions and adoption of adjacent platform solutions by existing customers.
Customers with ARR of $100,000 or More
We believe that our ability to increase the number of customers with ARR of $100,000 or more is an indicator of our market penetration and strategic demand for our platform. We define a customer as an entity that has an active subscription for access to our platform. We count MSPs, MSSPs, MDRs, and OEMs, who may purchase our products on behalf of multiple companies, as a single customer. We do not count our reseller or distributor channel partners as customers.
| As of January 31, | |||||||||||||||||
| 2026 | 2025 | 2024 | |||||||||||||||
| (in thousands) | |||||||||||||||||
Customers with ARR of $100,000 or more | 1,667 | 1,411 | 1,133 | ||||||||||||||
Customers with ARR of $100,000 or more grew 18% year-over-year to 1,667 for fiscal 2026, primarily due to the growth in the ARR of existing customers from additional purchases and the growth in the average size of purchases by new customers.
Dollar-Based Net Retention Rate
We believe that our ability to retain and expand our revenue generated from our existing customers is an indicator of the long-term value of our customer relationships and our potential future business opportunities. NRR measures the percentage change in our ARR derived from our customer base at a point in time. Our NRR remained in expansionary territory as of January 31, 2026, driven by existing customers adoption of additional endpoint licenses and adjacent platform solutions. We see significant long-term expansion potential based on high customer retention rates, expanding product categories, and early-stage adoption from our installed base.
Components of Our Results of Operations
Revenue
We generate most of our revenue by selling subscriptions to our Singularity Platform. Customers can extend the functionality of their subscription to our platform by subscribing to additional Singularity Modules. Subscriptions provide access to hosted software. The nature of our promise to the customer under the subscription is to provide protection for the duration of the contractual term and as such is considered as a series of distinct services. Our arrangements may include fixed consideration, variable consideration, or a combination of the two. Fixed consideration is recognized over the term of the arrangement or longer if the fixed consideration relates to a material right. Variable consideration in these arrangements is typically a function of transaction volume or another usage-based measure. Depending upon the structure of a particular arrangement, we (i) allocate the variable amount to each distinct service period within the series and recognize revenue as each distinct service period is performed (i.e. direct allocation), (ii) estimate total variable consideration at contract inception (giving consideration to any constraints that may apply and updating the estimates as new information becomes available) and recognize the total transaction price over the period to which it relates, or (iii) apply the ‘‘right to invoice’’ practical expedient and recognize revenue based on the amount invoiced to the customer during the period. Premium support and maintenance and other Singularity Modules are distinct from subscriptions and are recognized ratably over the term as the performance obligations are satisfied.
We invoice our customers upfront upon signing for the entire term of the contract, periodically, or in arrears. Most of our subscription contracts have a term of one to three years.
Cost of Revenue
Cost of revenue consists primarily of third-party cloud infrastructure expenses incurred in connection with the hosting and maintenance of our platform. Cost of revenue also consists of personnel-related costs associated with
69
our customer support and services organization, including salaries, benefits, bonuses, and stock-based compensation, amortization of acquired intangible assets, amortization of capitalized internal-use software, software and subscription services used by our customer support and services team, inventory-related costs, and allocated facilities and IT overhead costs.
Our third-party cloud infrastructure costs are driven primarily by the number of customers, the number of endpoints per customer, the number of modules, and the incremental costs for storing additional data collected for such cloud modules. We plan to continue to invest in our platform infrastructure and additional resources in our customer support and services organization as we grow our business. The level and timing of investment in these areas could affect our cost of revenue from period to period.
Operating Expenses
Our operating expenses consist of research and development, sales and marketing, general and administrative and restructuring expenses. Personnel-related expenses are the most significant component of operating expenses and consist of salaries, benefits, bonuses, stock-based compensation, and sales commissions. Operating expenses also include allocated facilities and IT overhead costs.
Research and Development
Research and development expenses consist primarily of employee salaries, benefits, bonuses, and stock-based compensation. Research and development expenses also include third-party cloud infrastructure and general services expenses, such as consulting fees, software, and subscription services, incurred in developing our platform and modules.
We expect research and development expenses to increase in absolute dollars as we continue to increase investments in our existing products and services. However, we anticipate research and development expenses to decrease as a percentage of our total revenue over time, although our research and development expenses may fluctuate as a percentage of our total revenue from period to period depending on the timing of these expenses. In addition, research and development expenses that qualify as internal-use software are capitalized, the amount of which may fluctuate significantly from period to period.
Sales and Marketing
Sales and marketing expenses consist primarily of employee salaries, commissions, benefits, bonuses, stock-based compensation, travel and entertainment related expenses, advertising, branding and marketing events, promotions, amortization of acquired customer relationships, and software and subscription services. Sales and marketing expenses also include sales commissions paid to our sales force and referral fees paid to independent third parties that are incremental to obtain a subscription contract. Such costs are capitalized and amortized over an estimated period of benefit of four years, and any such expenses paid for the renewal of a subscription are capitalized and amortized over the average contractual term of the renewal.
We expect sales and marketing expenses to increase in absolute dollars as we continue making significant investments in our sales and marketing organization to drive additional revenue, further penetrate the market, and expand our global customer base, but to decrease as a percentage of our revenue over time.
General and Administrative
General and administrative expenses consist primarily of salaries, benefits, bonuses, stock-based compensation, and other expenses for our executive, finance, legal, people team, IT, and facilities organizations. General and administrative expenses also include external legal, accounting, other consulting, and professional services fees, software and subscription services, and other corporate expenses.
We expect to continue to incur additional expenses as a result of operating as a public company, including costs to comply with the rules and regulations applicable to companies listed on a national securities exchange, costs related to compliance and reporting obligations, and increased expenses for insurance, investor relations, and
70
professional services. We expect that our general and administrative expenses will increase in absolute dollars as our business grows, but to decrease as a percentage of our revenue over time.
Restructuring
Restructuring charges related to the restructuring plans executed in June 2023 (June 2023 Plan), March 2025 (March 2025 Plan), and July 2025 (July 2025 Plan) consist primarily of charges related to contract terminations, severance payments, employee benefits, stock-based compensation, and asset impairment charges related to facilities. The June 2023 Plan, March 2025 Plan, and July 2025 Plan were completed or substantially completed as of January 31, 2025, July 31, 2025, and January 31, 2026, respectively.
Interest Income, Net, and Other Income (Expense), Net
Interest income, net consists primarily of interest earned on our cash equivalents and investments, offset by interest expense, which consists primarily of the amortization of the discount related to acquisition-related liabilities.
Other income (expense), net consists primarily of foreign currency transaction gains and losses, and gains and losses on strategic investments.
Provision for Income Taxes
Provision for income taxes consists primarily of income taxes in foreign jurisdictions in which we conduct business, the tax effects of the Agreement with the ITA, and deferred tax effects relating to the acquisitions of Prompt Security Inc. (Prompt) and Observo, Inc. (Observo). The Agreement resulted in $180.9 million of tax expense, inclusive of interest, during fiscal 2026, payable over time to the ITA. This expense was partially offset by a $7.1 million discrete tax benefit from the release of a valuation allowance attributable to the recognition of our Israel deferred tax assets, as well as a $5.0 million tax benefit related to the reversal of a deferred tax liability in connection with the sale of our acquired Prompt intangibles to the U.S., all related to the ITA matter. Additionally, a $5.4 million discrete tax benefit from the release of our U.S. valuation allowance associated with the Observo acquisition was recorded. In connection with our global consolidated losses, we maintain a full valuation allowance against our U.S. deferred tax assets, as we have concluded that it is more likely than not that the deferred tax assets will not be realized.
We expect our provision for income taxes to increase in fiscal 2027 and beyond based upon increased foreign earnings, interest expense under the Agreement, and certain minimum taxes.
Additionally, as discussed in more detail in Part I, Item 1A, “Risk Factors” in this Annual Report and Note 10, Income Taxes, to the consolidated financial statements included in Part II, Item 8, Financial Statements and Supplementary Data, on January 8, 2026, we entered into the Agreement with the ITA covering various transfer pricing matters for intercompany transactions relating to the intergroup ownership and utilization of our intellectual property. This Agreement fully and finally resolves all related Israeli disputed income tax matters between us and the ITA for fiscal years 2021 through 2025. Pursuant to the Agreement, we are required to make installment payments through 2030, which are subject to 7.0% interest per annum and certain acceleration clauses. The Agreement also resolved the tax impact of aligning the intellectual property of Prompt into our structure.
71
Results of Operations
The following table sets forth our results of operations for the periods presented:
| Year Ended January 31, | |||||||||||||||||||||||||||
| 2026 | 2025 | 2024 | |||||||||||||||||||||||||
| (in thousands) | |||||||||||||||||||||||||||
| Revenue | $ | 1,001,278 | $ | 821,461 | $ | 621,154 | |||||||||||||||||||||
Cost of revenue(1) | 259,177 | 211,106 | 179,281 | ||||||||||||||||||||||||
| Gross profit | 742,101 | 610,355 | 441,873 | ||||||||||||||||||||||||
| Operating expenses: | |||||||||||||||||||||||||||
Research and development(1) | 323,853 | 267,002 | 218,176 | ||||||||||||||||||||||||
Sales and marketing(1) | 525,151 | 487,225 | 397,160 | ||||||||||||||||||||||||
General and administrative(1) | 202,141 | 185,487 | 198,247 | ||||||||||||||||||||||||
Restructuring(1) | 12,265 | — | 6,706 | ||||||||||||||||||||||||
| Total operating expenses | 1,063,410 | 939,714 | 820,289 | ||||||||||||||||||||||||
| Loss from operations | (321,309) | (329,359) | (378,416) | ||||||||||||||||||||||||
| Interest income, net | 42,698 | 49,929 | 44,664 | ||||||||||||||||||||||||
Other income (expense), net | (1,100) | (2,177) | 918 | ||||||||||||||||||||||||
| Loss before income taxes | (279,711) | (281,607) | (332,834) | ||||||||||||||||||||||||
| Provision for income taxes | 171,024 | 6,834 | 5,859 | ||||||||||||||||||||||||
| Net loss | $ | (450,735) | $ | (288,441) | $ | (338,693) | |||||||||||||||||||||
__________________
(1)Includes stock-based compensation expense as follows:
| Year Ended January 31, | |||||||||||||||||||||||||||
| 2026 | 2025 | 2024 | |||||||||||||||||||||||||
| (in thousands) | |||||||||||||||||||||||||||
| Cost of revenue | $ | 21,584 | $ | 22,105 | $ | 17,187 | |||||||||||||||||||||
| Research and development | 94,542 | 83,957 | 61,055 | ||||||||||||||||||||||||
| Sales and marketing | 93,640 | 80,496 | 55,798 | ||||||||||||||||||||||||
| General and administrative | 88,399 | 80,973 | 83,890 | ||||||||||||||||||||||||
Restructuring | (578) | — | (1,060) | ||||||||||||||||||||||||
| Total stock-based compensation expense | $ | 297,587 | $ | 267,531 | $ | 216,870 | |||||||||||||||||||||
72
The following table sets forth the components of our consolidated statements of operations as a percentage of revenue for each of the periods presented:
| Year Ended January 31, | |||||||||||||||||||||||||||
| 2026 | 2025 | 2024 | |||||||||||||||||||||||||
| (as a percentage of total revenue) | |||||||||||||||||||||||||||
| Revenue | 100% | 100% | 100% | ||||||||||||||||||||||||
| Cost of revenue | 26 | 26 | 29 | ||||||||||||||||||||||||
| Gross profit | 74 | 74 | 71 | ||||||||||||||||||||||||
| Operating expenses: | |||||||||||||||||||||||||||
Research and development | 32 | 33 | 35 | ||||||||||||||||||||||||
Sales and marketing | 52 | 59 | 64 | ||||||||||||||||||||||||
General and administrative | 20 | 23 | 32 | ||||||||||||||||||||||||
Restructuring | 1 | — | 1 | ||||||||||||||||||||||||
| Total operating expenses | 106 | 114 | 132 | ||||||||||||||||||||||||
| Loss from operations | (32) | (40) | (61) | ||||||||||||||||||||||||
| Interest income, net | 4 | 6 | 7 | ||||||||||||||||||||||||
Other income (expense), net | — | — | — | ||||||||||||||||||||||||
| Loss before income taxes | (28) | (34) | (54) | ||||||||||||||||||||||||
| Provision for income taxes | 17 | 1 | 1 | ||||||||||||||||||||||||
| Net loss | (45) | % | (35) | % | (55) | % | |||||||||||||||||||||
Note: Certain figures may not sum due to rounding.
Comparison of the Years Ended January 31, 2026 and 2025
Revenue
| Year Ended January 31, | Change | ||||||||||||||||||||||
| 2026 | 2025 | $ | % | ||||||||||||||||||||
| (dollars in thousands) | |||||||||||||||||||||||
| Revenue | $ | 1,001,278 | $ | 821,461 | $ | 179,817 | 22 | % | |||||||||||||||
Revenue increased by $179.8 million, or 22%, from $821.5 million for fiscal 2025 to $1,001.3 million for fiscal 2026, primarily due to a combination of sales to new customers and sales of additional licenses and platform solutions to existing customers.
Cost of Revenue, Gross Profit, and Gross Margin
| Year Ended January 31, | Change | ||||||||||||||||||||||
| 2026 | 2025 | $ | % | ||||||||||||||||||||
| (dollars in thousands) | |||||||||||||||||||||||
| Cost of revenue | $ | 259,177 | $ | 211,106 | $ | 48,071 | 23 | % | |||||||||||||||
| Gross profit | $ | 742,101 | $ | 610,355 | $ | 131,746 | 22 | % | |||||||||||||||
| Gross margin | 74 | % | 74 | % | |||||||||||||||||||
73
Cost of revenue increased by $48.1 million from $211.1 million for fiscal 2025 to $259.2 million for fiscal 2026, primarily due to an increase of $23.5 million increase in cloud hosting usage charges to support our expanding business, a $11.7 million increase in customer support costs which were mostly personnel-related expenses, a $6.9 million increase in amortization of capitalized internal-use software due to the continued investment in our platform, and a $6.2 million increase in amortization of acquired intangible assets in connection with fiscal 2026 acquisitions. Gross margin was 74% for fiscal 2025 flat compared to fiscal 2026.
Research and Development
| Year Ended January 31, | Change | ||||||||||||||||||||||
| 2026 | 2025 | $ | % | ||||||||||||||||||||
| (dollars in thousands) | |||||||||||||||||||||||
| Research and development expenses | $ | 323,853 | $ | 267,002 | $ | 56,851 | 21 | % | |||||||||||||||
Research and development expenses increased from $267.0 million in fiscal 2025 to $323.9 million in fiscal 2026, primarily due to an increase in personnel-related expenses of $37.7 million, including an increase of $10.6 million related to stock-based compensation expense as a result of increased headcount, an increase of $7.8 million in cloud hosting expenses driven by expanded research and development activities, a $5.4 million increase in general services expenses, and a $5.1 million increase in allocated overhead costs.
Sales and Marketing
| Year Ended January 31, | Change | ||||||||||||||||||||||
| 2026 | 2025 | $ | % | ||||||||||||||||||||
| (dollars in thousands) | |||||||||||||||||||||||
| Sales and marketing expenses | $ | 525,151 | $ | 487,225 | $ | 37,926 | 8 | % | |||||||||||||||
Sales and marketing expenses increased from $487.2 million in fiscal 2025 to $525.2 million in fiscal 2026, primarily due to an increase in personnel-related expenses of $42.3 million, including an increase of $13.1 million in stock-based compensation expense, primarily due to restricted shares awards granted in connection with acquisitions, as well as an increase in sales-related expenses of $2.0 million, primarily attributable to external commissions. The increase was partially offset by a decrease in $7.0 million in marketing-related expenses, largely due to lower branding and marketing costs.
General and Administrative
| Year Ended January 31, | Change | ||||||||||||||||||||||
| 2026 | 2025 | $ | % | ||||||||||||||||||||
| (dollars in thousands) | |||||||||||||||||||||||
| General and administrative expenses | $ | 202,141 | $ | 185,487 | $ | 16,654 | 9 | % | |||||||||||||||
General and administrative expenses increased from $185.5 million in fiscal 2025 to $202.1 million in fiscal 2026, primarily due to an increase in personnel-related expenses of $13.3 million, including an increase of $7.6 million in stock-based compensation expense as a result of increased headcount, and an increase of $5.0 million in consulting and professional services expense.
Restructuring
| Year Ended January 31, | Change | ||||||||||||||||||||||
| 2026 | 2025 | $ | % | ||||||||||||||||||||
| (dollars in thousands) | |||||||||||||||||||||||
Restructuring | $ | 12,265 | $ | — | $ | 12,265 | 100 | % | |||||||||||||||
74
Restructuring charges increased by $12.3 million due to activities undertaken pursuant to the March 2025 Plan and July 2025 Plan for fiscal 2026. This primarily included severance and employee benefit charges of $6.7 million, $3.9 million in contract termination charges, and asset impairment charges related to facilities of $2.2 million.
Interest Income, Net, and Other Income (Expense), Net
| Year Ended January 31, | Change | ||||||||||||||||||||||
| 2026 | 2025 | $ | % | ||||||||||||||||||||
| (dollars in thousands) | |||||||||||||||||||||||
| Interest income, net | $ | 42,698 | $ | 49,929 | $ | (7,231) | (14) | % | |||||||||||||||
| Other income (expense), net | $ | (1,100) | $ | ||||||||||||||||||||
Recent insider activity
| Date | Insider | Role | Action | Shares | Price | Value |
|---|---|---|---|---|---|---|
| 2026-05-06 | Weingarten Tomer | President, CEO | Sell | -21,960 | $15.65 | -$343,608 |
| 2026-05-06 | TOMASELLO ROBIN | Chief Accounting Officer | Sell | -2,459 | $15.65 | -$38,477 |
| 2026-05-06 | Conder Keenan Michael | Chief Legal Officer & Sec'y | Sell | -4,550 | $15.65 | -$71,194 |
| 2026-05-04 | Weingarten Tomer | President, CEO | Sell | -231,664 | $15.32 | -$3,548,652 |
| 2026-05-01 | Weingarten Tomer | President, CEO | Sell | -100 | $15.00 | -$1,500 |
| 2026-04-06 | Pinczuk Ana G. | President Product & Technology | Sell | -16,042 | $13.41 | -$215,123 |
| 2026-04-06 | PADGETT BARRY L. | President and COO | Sell | -15,460 | $13.41 | -$207,319 |
| 2026-03-25 | TOMASELLO ROBIN | Chief Accounting Officer | Sell | -1,496 | $13.37 | -$20,002 |
| 2026-03-25 | Weingarten Tomer | President, CEO | Sell | -72,523 | $13.37 | -$969,633 |
| 2026-03-25 | Conder Keenan Michael | Chief Legal Officer & Sec'y | Sell | -5,578 | $13.37 | -$74,578 |
| 2026-03-25 | PADGETT BARRY L. | Interim CFO | Sell | -32,221 | $13.37 | -$430,795 |
| 2026-03-25 | Pinczuk Ana G. | President Product & Technology | Sell | -32,396 | $13.37 | -$433,135 |
| 2026-03-17 | Weingarten Tomer | President, CEO | Sell | -38,864 | $14.47 | -$562,350 |
| 2026-03-06 | Conder Keenan Michael | Chief Legal Officer & Sec'y | Sell | -5,178 | $13.81 | -$71,516 |
| 2026-03-06 | TOMASELLO ROBIN | Chief Accounting Officer | Sell | -10,163 | $13.81 | -$140,365 |
| 2026-03-06 | Weingarten Tomer | President, CEO | Sell | -36,932 | $13.81 | -$510,068 |
Source: SEC Form 4 filings.
Next expected filings
- ~2026-05-28 10-Q expected by 2026-06-06 (in 3 days)
- ~2026-08-28 10-Q expected by 2026-09-06 (in 95 days)
- ~2026-12-04 10-Q expected by 2026-12-13 (in 193 days)
- ~2027-03-15 10-K expected by 2027-03-19 (in 294 days)
Predicted from historical filing cadence; not an SEC commitment.
Recent SEC filings
- 2026-05-13 DEF 14A Proxy Statement
- 2026-03-25 8-K Officer/Director Change
- 2026-03-19 10-K Annual Report
- 2026-03-12 8-K Earnings Release; Regulation FD Disclosure; Financial Statements and Exhibits
- 2026-03-05 8-K Officer/Director Change
- 2026-01-21 8-K/A Officer/Director Change
- 2026-01-14 8-K Other Events
- 2025-12-11 8-K/A Officer/Director Change
- 2025-12-04 10-Q Quarterly Report
- 2025-12-04 8-K Earnings Release; Officer/Director Change; Regulation FD Disclosure; Financial Statements and Exhibits
- 2025-09-25 8-K Officer/Director Change; Other Events
- 2025-09-08 8-K Unregistered Equity Sale
- 2025-08-28 10-Q Quarterly Report
- 2025-08-28 8-K Earnings Release; Regulation FD Disclosure; Financial Statements and Exhibits
- 2025-05-28 10-Q Quarterly Report