CrowdStrike Holdings Inc Earnings - Q1 2026 Analysis & Highlights

CrowdStrike Holdings reported strong Q1 FY2027 results driven by record net new ARR growth and accelerating momentum across its platform, with management highlighting the "Mythos moment" as a critical inflection point where cybersecurity has become foundational AI infrastructure, prompting the company to raise full-year guidance by over 500 basis points and announce a four-for-one stock split.

Key Financial Results

  • Total revenue of $1.39 billion, up 26% year-over-year, beating guidance and accelerating for the fourth consecutive quarter
  • Record Q1 net new ARR of $256 million, up 32% year-over-year, exceeding the high-end of guidance
  • Ending ARR of $5.51 billion, accelerating over Q4 with more than 24% growth
  • Record free cash flow of $468 million, representing 34% of revenue, with a Rule of 40 score of 59
  • Record Q1 operating income of $326 million, or 24% of revenue, up 62% year-over-year, exceeding guidance
  • Non-GAAP net income of $283.4 million or $1.10 per diluted share, exceeding guidance
  • Record non-GAAP gross margin of 79%, with subscription gross margin at 81% of revenue, up 90 basis points year-over-year
  • Subscription revenue grew 26% year-over-year to reach $1.32 billion
  • Professional services revenue of $64.8 million, up 23% year-over-year
  • Geographic revenue mix of approximately 66% from the US and 34% from international, with EMEA and international growth accelerating compared to Q4

    • Business Segment Results

  • Endpoint business accelerated for the third consecutive quarter, becoming the epicenter of where AI happens, with Gartner naming CrowdStrike a leader for the seventh consecutive year and scoring highest on both Magic Quadrant axes for the fourth year in a row
  • AIDR (AI Detection and Response) ending ARR grew more than 250% sequentially with Q2 pipeline already exceeding $50 million, growing from zero to this level in under two quarters
  • Next-Gen SIEM business exceeded $600 million in ending ARR, transforming CrowdStrike into the operating system of the AI SOC
  • Combined Next-Gen SIEM, cloud, and identity businesses exceeded $2 billion in ending ARR with record Q1 net new ARR from this combination
  • Falcon Flex accounts reached more than $1.9 billion in ending ARR, growing 99% year-over-year, with over 300 new Falcon Flex accounts added in the quarter
  • Re-Flex customers reached 480, representing nearly 25% of all Flex customers, with average re-Flex uplift of 26% happening in seven months
  • Over 130 customers re-Flexed multiple times, with average ARR uplift over original Flex of 51%
  • Falcon Shield ending ARR grew nearly 4x year-over-year as organizations secure their SaaS agentic attack surface
  • Continuous Exposure Management Solution and Falcon for IT adoption nearly doubled year-over-year

    • Capital Allocation

  • Share repurchases of $176 million at an average price of $365.63 in Q1
  • Approximately $1.3 billion remaining under share repurchase authorization
  • Four-for-one forward stock split announced, with stockholders of record after June 25, 2026 receiving an additional three shares for every one share held, with trading on split-adjusted basis commencing July 2, 2026
  • Acquisitions of SGNL and Seraphic closed in Q1, contributing combined $7.8 million of acquired net new ARR, within stated expectations of $5 million to $8 million

    • Industry Trends and Dynamics

  • Cybersecurity has dramatically risen in organizational visibility and funding priority at the start of the fiscal year
  • CrowdStrike selected by both Anthropic and OpenAI from the very start to secure new frontier AI models, their adoption, and the new risks they create
  • AI adoption has become an existential imperative across every geography and vertical, with the more AI an organization adopts, the more cybersecurity it requires
  • "Mythos moment" in April marked an inflection point where more happened in cybersecurity in a matter of weeks than in the whole year prior
  • Project Glasswing and OpenAI's Trusted Access for Cyber program positioned CrowdStrike as the only cybersecurity company to secure both Anthropic and OpenAI's introduction programs from the start
  • AI has directly entered cybersecurity across two dimensions: organizations need cybersecurity to secure AI itself, and there is an explosion in greenfield attack surfaces
  • Unprecedented demand for frontier AI models with eye-watering token spend from Anthropic and OpenAI
  • Every player in the AI value chain (hardware, data centers, neo clouds, token factories, agentic applications) is experiencing hyper growth and needs cybersecurity
  • Market's view of cybersecurity shifted from being viewed primarily through risk management and compliance to being recognized as a strategic accelerator and critical enabler of AI adoption
  • Post-Mythos threat landscape readiness reached a fever pitch with primary focus on uncovering and remediating vulnerabilities susceptible to weaponization by new models
  • Project QuiltWorks coalition expanded to include major consulting firms, cloud providers, and insurers to prepare the market for cybersecurity's Y2K moment
  • Worldwide spending on AI forecasted to total over $2.5 trillion, with only low-single digit percent of organizations having an advanced AI security strategy
  • Gap between AI adoption and AI protection is the widest asymmetry in security since the cloud transition, and it's moving faster
  • AI adoption front runs the security piece, with developers rapidly adopting AI tools like Claude Code and Codex
  • Non-human identities and agents require their own underlying hosts, creating greenfield demand for sensors

    • Competitive Landscape

  • CrowdStrike pioneered EDR and has the endpoint real estate, providing structural advantage to own AIDR (AI Detection and Response)
  • Only CrowdStrike can detect, block, and respond where AI actually runs, while competitors may provide AI visibility
  • Structural advantage in AIDR market because agents run on the endpoint and make tool calls, access files, invoke APIs, and move data at the process level
  • Eight-figure new logo land in major US government agency where CrowdStrike replaced legacy AV, operating system EDR, and legacy vulnerability management across more than 200,000 hosts
  • Eight-figure new logo land in major fuel retailer where CrowdStrike was selected to replace legacy SIEM, Next-Gen EDR, and stitched together software from network security hardware vendor
  • Eight-figure win in high-performance AI chip company allowing customer to secure rapidly expanding Kubernetes managed data center and cloud environments
  • Seven-figure expansion in major American healthcare company selecting Falcon Next-Gen Identity and SGNL to govern what AI agents can and cannot do
  • Kroll replaced incumbent next-gen endpoint vendor with CrowdStrike and brought company into clothing manufacturer as new logo account on back of QuiltWorks assessment
  • EY engaged with Fortune 100 account and uncovered more than 45 million vulnerabilities leveraging Falcon Exposure Management and frontier models

    • Macroeconomic Environment

  • Elevated risk from new frontier models has pushed customers to harden their cloud environments
  • US government announced Executive Order to upgrade systems for advanced AI, creating tailwind for businesses like CrowdStrike
  • Cybersecurity is national security and incredibly important for the future of the federal business and security of the country

    • Growth Opportunities and Strategies

  • AIDR positioned as larger opportunity than EDR, securing seven attack surfaces (data, models, prompts, agents, identities, infrastructure, and interaction layer) versus EDR securing one (the host)
  • AgentWorks ecosystem of purpose-built AI agents built on Falcon platform with partners including Accenture, AWS, Anthropic, Deloitte, NVIDIA, OpenAI, and Salesforce building specialized security agents
  • Charlotte AI expanded as reasoning engine across Falcon, triaging alerts, correlating cross-domain telemetry, and automating investigation at machine speed
  • Project QuiltWorks phased process of vulnerability discovery, prioritization, remediation, and executive communication to prepare market for Mythos readiness
  • Falcon Flex as commercial harness to drive secure AI adoption with ability to use tokens and credits
  • Dr. Bartley Richardson joined as Chief AI and Autonomous Systems Officer from NVIDIA, deepening NVIDIA collaboration and furthering verticalization of AI into cybersecurity
  • Continued organic innovation and inorganic acquisitions to round out portfolio in rapidly emerging AI areas including data protection and Falcon for IT
  • SGNL solution delivering granular, policy-based authorization over agentic workloads in real-time as identity opportunity in AI era
  • Privileged access offering seeing strong early demand as enterprises lock down what agents can do and access

    • Financial Guidance and Outlook

  • Full year FY 2027 net new ARR guidance raised by more than $50 million to $1.291 billion at midpoint, reflecting 27.7% year-over-year growth, a 520-basis point increase from prior guidance
  • Full year net new ARR growth expected to accelerate over FY 2026
  • Q2 FY 2027 annual recurring revenue expected in range of $5.793 billion to $5.795 billion, reflecting 24% year-over-year growth
  • Q2 net new ARR expected at $284 million to $286 million, reflecting 28% to 29% year-over-year growth
  • Q2 total revenue expected in range of $1.436 billion to $1.442 billion, reflecting 23% year-over-year growth
  • Q2 non-GAAP income from operations expected in range of $346 million to $349 million
  • Q2 non-GAAP net income per share expected at approximately $1.16 to $1.17 (or $0.29 adjusted for stock split)
  • Full fiscal year 2027 annual recurring revenue expected in range of $6.532 billion to $6.556 billion, reflecting 24% to 25% year-over-year growth
  • Full year net new ARR expected at $1.279 billion to $1.303 billion, reflecting 27% to 29% year-over-year growth
  • Full year total revenue expected in range of $5.915 billion to $5.959 billion, reflecting 23% to 24% growth over prior fiscal year
  • Full year non-GAAP income from operations expected between $1.452 billion and $1.480 billion
  • Full year non-GAAP net income expected between $1.263 billion and $1.285 billion
  • Full year non-GAAP net income per share expected in range of $4.88 to $4.96 (or $1.22 to $1.24 adjusted for stock split)
  • Free cash flow margin expected at 24.5% in Q2 (seasonally lowest quarter) and at least 30% for full fiscal year
  • Seasonal mix of free cash flow expected at 46% in first half and 54% in second half
  • FY 2027 net new ARR seasonality expected at approximately 42% in first half and 58% in second half
  • Record Q2 pipeline provides conviction in durability of CrowdStrike's growth trajectory, profitability expansion, and cash flow generation

    • AI as Critical Infrastructure

  • Cybersecurity is now foundational AI infrastructure and critical AI infrastructure for AI adoption
  • CrowdStrike positioned as picks and shovels for world's largest technology gold rush of AI adoption
  • CrowdStrike positioned to be world's AI security layer with nearly 100,000 businesses, including hundreds of Fortune 500, already trusting the company
  • Ecosystem of thousands of partners looking to CrowdStrike for answers on how to secure AI at global scale
  • Market's best AI talent seeking out CrowdStrike to join the mission
  • Cybersecurity is not a nice to have in world of AI, it's a need to have
  • CrowdStrike is innovator of choice, partner of choice, and protector of choice for accelerated AI world

    • Related Companies

    DocuSign Inc Logo
    DocuSign IncDOCU
    HubSpot Inc Logo
    HubSpot IncHUBS
    Microsoft Corp Logo
    Microsoft CorpMSFT
    Oracle Corp Logo
    Oracle CorpORCL
    Palantir Technologies Inc Logo
    Palantir Technologies IncPLTR
    SAP SE Logo
    SAP SESAP
    SentinelOne Inc Logo
    SentinelOne IncS
    Zoom Communications Inc Logo
    Zoom Communications IncZM