CrowdStrike Technicals Headed Into Earnings

CrowdStrike (CRWD) shares are down about .5% after their conference call concluded tonight. We summarized each exchange from their earnings call tonight.

The important news is that nothing seemed especially important. That is to say, no answers caused signifcant movements in shares. Yet, you might find some of the themes (and responses) from management helpful. Once again, these are summaries of each question and answer.

Joe Gallo (Jefferies)

Question to George Kurtz (CEO)

• When does AI security become a meaningful ARR driver — is this a FY27 story?

• How much of the AI security opportunity will go to pure-play cybersecurity vendors vs hyperscalers?

George Kurtz

• AI security ARR is already ramping — still early innings but contributing today.

• AIDR (via Pangea) grew 5x QoQ since acquisition.

• AI security will also drive growth across cloud security, next-gen SIEM, and other platform areas.

• Hyperscalers won’t replace pure-play security vendors (similar to cloud evolution).

• CrowdStrike sees AI hyperscalers as partners, not threats — expects collaboration model similar to AWS relationship.

Rob Owens (Piper Sandler)

Question to George Kurtz

• Update on traction in agentic security and recent acquisitions.

• Is identity the main hurdle to scaling agent deployments?

George Kurtz

• Identity is now one of the biggest threat vectors (80% of breaches are non-malware).

• Identity stack (built since 2020) is now a major business.

• SGNL AI acquisition enables zero standing privileges for human & non-human identities — “game-changing.”

• Seraphic adds browser security at the “front door” of AI usage.

• AIDR could become as mandatory as EDR over time due to compliance needs.

Fatima Boolani (Citi)

Question to George Kurtz

• Concerns about next-gen SIEM moat vs Frontier Labs/LLMs.

• How durable is CrowdStrike’s advantage if LLMs commoditize security?

George Kurtz

• CrowdStrike is a net data creator — proprietary telemetry + Threat Graph.

• Real-time prevention differs fundamentally from LLM providers.

• Uses frontier models + proprietary models + curated data.

• Platform is sticky due to workflow integration & compliance trust.

• Open model strategy — customers can build their own agents on Falcon platform.

• Moat rests on real-time prevention + compliance + proprietary data.

Saket Kalia (Barclays)

Question to George Kurtz

• Competitive environment in cloud security?

• How durable is cloud growth?

George Kurtz

• Strong execution in cloud security, especially runtime protection (stopping breaches vs just reporting exposures).

• CSPM + Falcon Shield + runtime tech creates integrated, cost-efficient solution.

• Value prop: better outcomes + lower cost + platform consolidation.

• Growth driven by real breach prevention vs point exposure tools.

Brian Essex (JPMorgan)

Question to George Kurtz

• Identity acceleration: is growth driven by CCP/Flex renewals or net new identity adoption?

George Kurtz

• Identity was highly popular in CCP; renewals remain strong.

• Extremely high retention once adopted.

• Growth driven by both consolidation + mature identity stack.

• ITDR, SaaS identity protection (Falcon Shield), PAM all contributing.

• SGNL AI strengthens long-term identity opportunity.

Brad Zelnick (Deutsche Bank)

Question to Burt Podbere (CFO)

• ARR guidance implies strong net new growth.

• What are the building blocks (renewal + expansion drivers)?

Burt Podbere

• Broad-based Q4 demand across enterprise → MSP.

• Q1 pipeline up 49% YoY (record).

• AI tailwinds benefiting both internal operations + customer AI security needs.

• Platform consolidation momentum strong.

• Cloud + Identity + Next-gen SIEM posted record net new ARR.

• Endpoint accelerating for second straight quarter.

• Flex success:

  • 350+ new Flex customers in Q4.

  • Avg Flex ARR > $1M.

  • Nearly 10 modules per customer.

  • 380+ re-Flex customers.

  • Avg re-Flex ARR lift = 48%.

• Combined gives confidence in 22.5% net new ARR guide.

Matt Hedberg (RBC)

Question to George Kurtz

• How to think about agent pricing if AI reduces knowledge workers?

• Does Flex support AI agent growth mix shift?

George Kurtz

• Each knowledge worker may have ~90 AI agents → massive new protection opportunity.

• Even if headcount declines, AI agents/cloud workloads expand security TAM.

• Technology shifts create more security demand, not less.

• Flex enables rapid module adoption without procurement friction.

• Acquisitions become instantly monetizable via Flex.

Roger Boyd (UBS)

Question to George Kurtz

• Growth in managed services (e.g., OverWatch) relative to endpoint acceleration?

George Kurtz

• Managed services continue growing strongly.

• Key metrics: best-in-class MTTR & detection times.

• Network effect across 176+ countries strengthens threat response.

• Customers can’t easily replicate SOC + intelligence scale.

• Automation + human expertise delivers superior cost-to-outcome ratio.

Gabriela Borges (Goldman Sachs)

Question to George Kurtz

• What role should LLM providers (e.g., Anthropic) play in cybersecurity?

George Kurtz

• LLMs helpful for analyzing large datasets.

• CrowdStrike leverages frontier models + proprietary models.

• Real-time breach prevention requires inline, millisecond decisions — LLMs alone can’t do that.

• “Better together” model: open to customer models + NVIDIA NeMo/Neumotron + partners.

• CrowdStrike remains system of record + data creator → core control point.

Todd Weller (Stephens)

Question to George Kurtz

• What’s driving endpoint acceleration?

• Is browser security a new category or extension of endpoint?

George Kurtz

• Endpoint acceleration driven by AI adoption.

• Customers deploying AI immediately seek compliance + controls.

• AI consumption happens at endpoint.

• Browser security = new front door for AI interaction.

• Seraphic protects any browser (no forced standardization).

• Integrates with identity stack → additive platform expansion.

Dan Ives (Wedbush)

Question to George Kurtz

• Could LLM expansion (Anthropic, Claude, etc.) actually benefit CrowdStrike?

George Kurtz

• AI is a tailwind.

• More AI deployment → more need for AIDR, identity, browser security, compliance.

• CrowdStrike leverages external models + proprietary IP.

• General LLMs can’t replace security-specific workflows & curated threat data.

• Focus remains “better together” with ecosystem.

CrowdStrike’s call is starting now. Once again, we will post highlights from it. All you have to do to receive them is leave this blog open and updates will appear automatically. 

Shares are largely flat after hours. As we’ve noted in prior updates, that’s largely a win in the current environment where many software stocks have sold off on reasonable earnings reports.

CrowdStrike shares are now fading some, down 1.3%. The next major event is the company’s conference call.

We will create an update with the major news items from the call. The best way to make sure you don’t miss it is to leave this blog open. New updates should post automatically or you can refresh to make sure you get the most important updates from the company’s call. 

The Final Scorecard: CrowdStrike Q4 FY26

With numbers in and shares recovering from an initial dip, here is how CrowdStrike’s quarter grades out.

Overall Grade: A- A clean beat on revenue and EPS, record ARR growth, the company’s first GAAP-profitable quarter, and strong cash flow. Guidance came in largely in line, keeping the grade from a full A.

The key number heading into FY27 is net new ARR. Q4’s $330.7M, up 47% YoY, signals the July 2024 incident’s drag on customer acquisition is firmly behind the company.

Looking beyond the headline figures, let’s dive into more of CrowdStrike’s earnings.

• ARR grew 24% and hit $5.25 billion.
• Net new ARR grew 47% and hit another record with $331 million in Q4 (this was a figure we said to watch in our initial article below)
• Free cash flow hit $376.4 million. According to CapIQ, Wall Street was expecting $339.4 million, so that number looks strong.

Definitely some broad strength in these earnings. CrowdStrike had to defend a very rich multiple as investors broadly turn away from software tonight, and at a minimum, shares are holding steady.

In this environment, that’s a positive.

CrowdStrike shares are now slightly up. It’s a much better performance than GitLab, which we’re also watching.

That stock forecast EPS for next year more than 20% below what Wall Street expected and is down 6% after-hours.

Here’s a look at FY 2027 guidance:

• Revenue (2027): $5.868 to $5.928B (Wall Street expected $5.865B)
• Adjusted EPS: $4.78 to $4.90 (Wall Street expected $4.84)

Shares are now down 2.2% as forward guidance looks largely inline.

Crowdstrike earnings are out, here are the big numbers:

• EPS: $1.12
• Revenue: $1.305 billion

As a reminder, here’s what Wall Street expected:

Shares are initially down 3%. 

Many software stocks have bounced back today amidst a broad sell-off of AI infrastructure stocks. Crowdstrike is up 2% today. The broader picture is that shares are still down a significant amount from their 52-week high, so we’ll see if tonight’s earnings continue to change sentiment.