F5 Inc (FFIV) — Q4 2025 Earnings Call Transcript

Hello, and welcome. I'm Suzanne DuLong, F5's Vice President of Investor Relations. We're here with you today to discuss our fourth quarter and fiscal year 2025 financial results. François Locoh-Donou, F5's President and CEO; and Cooper Werner, F5's Executive Vice President and CFO, will be making prepared remarks on today's call. Other members of the F5 executive team are also here to answer questions during the Q&A session. Today's press release is available on our website at f5.com where an archived version of today's audio will be available through January 27, 2026. We will post the slide deck accompanying today's webcast to our IR site following this call. To access the replay of today's webcast by phone, dial (877) 660-6853 or (201) 612-7415 and use meeting ID 13756255. The telephonic replay will be available through midnight Pacific Time, October 28, 2025. For additional information or follow-up questions, please reach out to me directly at s.dulong@f5.com. Our discussion today will contain forward-looking statements which include words such as believe, anticipate, expect and target. These forward-looking statements involve uncertainties and risks that may cause our actual results to differ materially from those expressed or implied by these statements. We have summarized factors that may affect our results in the press release announcing our financial results and in detail in our SEC filings. In addition, we will reference non-GAAP metrics during today's discussion. Please see our full GAAP to non-GAAP reconciliation in today's press release and in the appendix of our earnings slide deck. Please note that F5 has no duty to update any information presented in this call. I'll now turn the call over to François.

Thank you, Suzanne, and hello, everyone. We delivered exceptional fiscal year 2025 results exceeding $3 billion in revenue and $1 billion in operating profit for the first time. Revenue grew 10% while earnings per share grew 18%. Our growth was driven by data center reinvestment, hybrid cloud adoption and enterprise AI infrastructure demand. Our product refresh cycle, competitive takeouts and the maturation of our software model and go-to-market motions also contributed to growth. In FY '25, we maintained our strong profitability, delivering gross margins of 83.6%, up 80 basis points over FY '24, an operating margin of 35.2%, up 160 basis points over FY '24. This performance resulted in record free cash flow of $906 million, up 19% compared to FY '24 underscoring the strength of our financial model and execution. Our FY '25 results demonstrate the power of our platform and our strategic role in the marketplace. They also strengthen our confidence in our vision and road map for the future. Our immediate focus, however, has been on our incident response and I will speak to our priorities and offer an update on where we are now. Upon identifying the threat on August 9, our team immediately activated our incident response process. Our priorities were clear. First, contain the threat actor, initiate a thorough investigation and take immediate and urgent action to strengthen F5's security posture. While the investigation will continue and the work of bolstering our security posture will expand, our initial steps have been successful. Second, we prioritized delivering reliable software releases to address all undisclosed high vulnerabilities in BIG-IP code as quickly as possible. Through the exceptional efforts of our engineering and support teams, we achieved this, enabling thousands of customers to promptly deploy critical updates upon disclosure. Our customers are moving quickly to update their BIG-IP environment, and a significant number of our largest customers have completed their updates with minimal disruption. As an example, a North American technology provider completed updates to 814 devices in a 6-hour window in the first weekend. Customers have expressed appreciation for our transparency, the thoroughness of the information we provided and the clarity in the steps they need to take to improve the security of their environment. Our third priority is raising the bar on security across all aspects of our business. We are acutely aware of the increasing sophistication of attackers and the fact that the threat surface is expanding rapidly. Each year, over the last several years, we have aggressively increased our investment in security, and we are making further significant investment this year and beyond. To further this work, Michael Montoya, a recognized cybersecurity expert and former member of our Board, has joined F5 as Chief Technology Operations Officer. Michael brings deep operational expertise and will drive the execution of a robust road map to further enhance security across our internal processes, environments and products. Our goal across all these actions is to better protect our customers, and we believe F5 will be a stronger partner to customers because of it. We know customers will judge us by how we respond to this incident. Throughout this process, we have been committed to transparent customer communication at every step, reflecting lessons learned from how others have navigated similar challenges. We acknowledge that we may see some near-term impact to our business. We are fully focused on mitigating that impact while doubling down on the value we deliver to our customers. Stepping back, it is evident that advanced nation-state threat actors are targeting technology companies and most recently perimeter security companies. We are committed to learning from this incident, sharing our insights with customers and peers, and driving collaborative innovation to collectively strengthen the protection of critical infrastructure across the industry. Now I will turn the call over to Cooper, who will walk you through our Q4 results and our outlook. Following his remarks, I will return to discuss the broader business trends and some key customer highlights.

Thank you, François, and hello, everyone. I will review our Q4 results and some selected full fiscal '25 results before I elaborate on our outlook for FY '26 and Q1. We delivered a strong Q4 growing revenue 8% to $810 million with a mix of 49% global services revenue and 51% product revenue. Global services revenue of $396 million grew 2% year-over-year while product revenue totaled $414 million, increasing 16% year-over-year. Systems revenue totaled $186 million, up 42% over Q4 of FY '24, driven by tech refresh and data center modernization, direct and indirect AI use cases as well as competitive takeouts. Our software revenue of $229 million was up slightly against an exceptionally strong Q4 of FY '24. Perpetual license software totaled $30 million, up 25% year-over-year. Subscription-based software declined 3% year-over-year to $198 million, reflecting the transition of our legacy SaaS and managed service revenue offerings and to a lesser extent customers' preference for hardware-based solutions for certain use cases, a trend which emerged over the course of FY '25. Revenue from recurring sources contributed 72% of our Q4 revenue. Our recurring revenue consists of our subscription-based revenue and the maintenance portion of our global services revenue. Shifting to revenue distribution by region. Our teams drove growth across all theaters. Revenue from the Americas grew 7% year-over-year, representing 57% of total revenue. EMEA delivered 7% growth, representing 26% of revenue and APAC grew 19%, representing 17% of revenue. Looking at our major verticals. Enterprise customers represented 73% of Q4's product bookings. Government customers represented 19% of product bookings including 6% from U.S. Federal. Finally, service providers represented 8% of Q4 product bookings. Our continued financial discipline contributed to our strong Q4 operating results. GAAP gross margin was 82.2%. Non-GAAP gross margin was 84.3%, an increase of 138 basis points from Q4 FY '24. Our GAAP operating expenses were $461 million. Our non-GAAP operating expenses were $384 million. Our GAAP operating margin was 25.4%. Our non-GAAP operating margin was 37.0%, an improvement of 255 basis points year-over-year. Our GAAP effective tax rate for the quarter was 11.4%. Our non-GAAP effective tax rate was 16.9%. Our GAAP net income for the quarter was $190 million or $3.26 per share. Our non-GAAP net income was $257 million or $4.39 per share, reflecting 20% EPS growth from the year-ago period. I will now turn to cash flow and balance sheet metrics, all of which were very strong. We generated $208 million in cash flow from operations in Q4. CapEx was $16 million. DSO for the quarter was 46 days. Cash and investments totaled approximately $1.36 billion at quarter end. Deferred revenue was $2.0 billion, up 11% from the year-ago period. We generated $906 million in free cash flow for all of FY '25, up 19% from FY '24, resulting in a free cash flow margin of 29%, highlighting the strength of our business fundamentals. In Q4, we repurchased $125 million worth of F5 shares at an average price of $297 per share. For the year, we repurchased shares equivalent to 55% of our annual free cash flow. We ended the quarter with approximately 6,580 employees. François recapped our high-level FY '25 results at the start of the call. I will elaborate on our annual software and security revenue results. Software grew 9% year-over-year totaling $803 million, with software subscriptions representing 85% of FY '25 software revenue. Our software revenue is comprised of perpetual software licenses, term-based subscriptions and SaaS and managed services. Perpetual software licenses contributed $120 million in software revenue, up 7% year-over-year. Term-based subscriptions contributed $508 million to our software revenue, up 18% year-over-year, driven by continued strong renewals and expansions. SaaS and managed services contributed $176 million in revenue, down 9% year-over-year, reflecting growth from F5 Distributed Cloud Services offset by the transition of our legacy offerings. Total annualized recurring revenue for our SaaS and managed services offerings ended the year at $185 million, up slightly from FY '24, including 21% growth in ARR for our core SaaS and managed services solutions. ARR from legacy offerings declined to $15 million as we wound down legacy SaaS and managed service offerings and transitioned customers to F5 Distributed Cloud Services. We expect to complete any remaining transitions in the first half of FY '26. Several years ago, we began breaking out our security-related revenue annually. This year, our total security revenue, which includes standalone security, attached security and maintenance revenue related to security, grew 6% to approximately $1.2 billion, or 39% of total revenue. Standalone security revenue totaled $463 million, representing 31% of product revenue. Let me now address our outlook beginning with FY '26. Unless otherwise noted, our guidance references non-GAAP metrics. We delivered an exceptional FY '25 exceeding expectations with stronger-than-expected systems demand and continued healthy expansion in our software subscription business. As we enter FY '26, we see several persistent demand drivers, including hybrid multicloud adoption driving expansion across our platform, the continuing strong systems refresh opportunity with more than half of our installed base on legacy systems nearing end of software support, growing systems demand beyond tech refresh for data sovereignty and AI readiness use cases and a return to growth in revenue from our SaaS and managed services with the transition of legacy offerings largely completed in FY '25. These drivers in our current pipeline support mid-single-digit revenue growth in FY '26 against our exceptional 10% growth in FY '25. However, we also anticipate some near-term disruption to sales cycles as customers focus on assessing and remediating their environments. Taking this into account, we are guiding FY '26 revenue growth in the range of 0% to 4% with any demand impacts expected to be more pronounced in the first half, before normalizing in the second half. Moving to our operating model. We recognize the revenue guide may lead to a modest impact to our operating margin near term. We are committed to driving continued operating margin leverage and believe any demand impact is likely to be short term and therefore any effect on our operating model would also be temporary. With that context, we estimate FY '26 gross margin in a range of 83% to 83.5%. We estimate FY '26 non-GAAP operating margin to be in the range of 33.5% to 34.5% with operating margins lowest in our fiscal Q2 due to payroll tax resets in January and costs associated with our large customer event in March. We expect our FY '26 non-GAAP effective tax rate will be in a range of 21% to 22%. And we expect FY '26 EPS in a range of $14.50 to $15.50. Finally, we intend to continue to use at least 50% of our free cash flow towards share repurchases in FY '26. Turning to our Q1 outlook. We expect Q1 revenue in a range of $730 million to $780 million. This is the wider range than we would typically guide, reflecting the potential for some near-term disruption to sales cycles. While we are not guiding revenue mix, we expect Q1 software to be down year-over-year given the strong growth in the year-ago period. We expect non-GAAP gross margin in a range of 82.5% to 83.5%. We estimate Q1 non-GAAP operating expenses of $360 million to $376 million. We expect Q1 share-based compensation expense of approximately $61 million to $63 million. We anticipate Q1 non-GAAP EPS in a range of $3.35 to $3.85 per share.

Thank you, Cooper. Our immediate priority remains supporting customers as they evaluate and safeguard their environments. As we help our customers navigate this period, market dynamics are moving in a direction where F5 solutions are more essential than ever. The accelerated adoption of hybrid multicloud architectures and AI-driven infrastructure is driving demand for advanced application delivery and security solutions, areas where F5 is uniquely positioned to address our customers' most complex challenges. The industry has platforms for endpoints, network access and for cloud workloads, but the F5 application delivery and security platform is the first to unify high-performance traffic management with advanced application and API security across hybrid and multicloud environments at scale. Unlike fragmented point solutions, the ADSP is purpose-built to simplify hybrid multicloud complexity. It integrates security, scalability and operational efficiency while enabling valuable XOps capabilities like policy management, analytics and automation. By the end of Q4, nearly 900 customers were leveraging F5 XOps capabilities, up from just 20 in 2024. Innovations like our AI Assistant and Application Study Tool have been instrumental in driving this growth, which underscores the power and potential of the ADSP. Over the last several years, we also have been evolving our go-to-market strategy focusing on landing, adoption, expansion and renewals within our solutions portfolio. This approach has delivered results. 26% of our top 1,000 customers are now using F5 Distributed Cloud Services, up from 17% in 2024. By delivering integrated solutions and accelerating customer outcomes, F5 is uniquely positioned to lead in a rapidly growing and dynamic market. I will speak to a few customer highlights from Q4 that demonstrate the power and the benefit of our holistic platform approach. An APAC-based bank is driving secure and scalable digital transformation with F5's comprehensive application delivery and security solutions. Leveraging F5 BIG-IP, NGINX and Distributed Cloud Services, the bank is modernizing its critical infrastructure to enable 24/7 internet banking and mobile application access while meeting strict regulatory requirements for service resilience and disaster recovery. F5 ensures business continuity and robust security, protecting against DDoS attacks and API vulnerabilities. By enabling seamless migration to containerized applications, F5 is positioning the bank for hybrid multicloud success. The leading North American investment manager partnered with F5 to modernize its infrastructure, enhance resilience and ensure uninterrupted operations. By migrating from legacy iSeries platforms to BIG-IP rSeries ahead of end of software support dates, the customer avoided compliance risks and ensured seamless operational continuity. The customer also deployed F5 for secondary DNS services to reduce reliance on a single provider and deliver critical redundancy to prevent outages. F5's lightweight platforms and cloud solutions help the customer optimize performance within existing budgets. Finally, a major energy and gas company partnered with F5 to modernize its critical infrastructure and drive its cloud migration while ensuring seamless security across hybrid and multicloud environments. F5's BIG-IP and Distributed Cloud Services extend application delivery, security and identity management into hybrid multicloud environments, ensuring seamless operations and operational continuity. The customer is also leveraging F5's Advanced WAF to strengthen the protection of revenue-generating B2B applications and business critical platforms. With F5, the customer simplified operations, achieved cost savings and accelerated the modernization efforts. These examples highlight the strong impact F5's ADSP approach is having for our customers. While we continue to work toward realizing the platform's full potential, we are confident that our commitment to innovation will drive even more value and outcomes for our customers. Before closing, I will highlight the traction we are building in AI use cases. We are seeing clear evidence that AI-related demand is contributing to our growth. AI is prompting a wave of data center refreshes as enterprises prepare for increased network capacity and services to support AI workloads, agentic AI and inference demands. Beyond benefiting from broader AI-driven trends, F5 is directly powering key AI use cases. In FY '25, we secured AI use case wins with more than 30 customers who are leveraging F5 to enable seamless, scalable and secure AI workflows. These wins represent net new insertion points and growth opportunities built on decades of expertise. Today, we are actively supporting 3 critical AI use cases. Number one, AI data delivery. F5 secures and accelerates high-throughput data ingestion for AI training and inference, enforcing policies and protecting sensitive data while eliminating bottlenecks. Number two, AI runtime security. F5 safeguards AI applications, APIs and models from abuse, data leakage and attacks like prompt injection, ensuring visibility and control. And number three, AI factory load balancing. F5 optimizes traffic and GPU utilization in AI factories to increase token throughput, reduce time to first token and lower cost per token. In Q4, we secured several new AI wins across these use cases. In an AI data delivery use case, an asset manager in EMEA partnered with F5 to overcome challenges in managing their AI workloads and ensuring reliable data performance. Their existing server could not handle high levels of demand causing outages that disrupted operations. F5 provided a customized solution with advanced technology to improve systems reliability, efficiently manage data traffic and seamlessly work with their existing infrastructure. The Government Ministry in EMEA chose F5 to secure and scale AI security runtime operations for its AI-driven weather prediction platform. Expanding on a prior AI data delivery project, the Ministry required a comprehensive solution to ensure real-time access to AI-driven data with robust security for sensitive operations. F5 delivered a comprehensive solution suite, including AWAF for application security, SSLO for traffic inspection, APM for access control and LTM for reliable data delivery. With F5, the Ministry transitioned from manual inefficient forecasting to a secure real-time AI-powered platform improving performance, accuracy and operational efficiency. In an AI factory load balancing use case, a North American service provider specializing in providing high-performance computing solutions for AI and machine learning workloads, needed a high-performance solution to manage and scale AI workloads. They required enhanced scalability, reliability and accessibility for GPU-driven workloads as well as a proxy for container functions to optimize AI data pipeline performance. F5 provided an integrated solution featuring container ingress services with BIG-IP virtual editions delivering a critical control layer for performance, scalability and reliability across AI data pipelines. F5's ease of installation and ability to address the customer's specific needs set it apart from competing open-source alternatives. In Q4, we've strengthened our AI runtime security capabilities with the acquisition of CalypsoAI. Their cutting-edge technology enhances our offerings with real-time threat defense and red teaming at scale, addressing critical needs for enterprises deploying generative and agentic AI. We are integrating these capabilities into our ADSP, creating the most comprehensive solution for securing AI inference. In fact, we launched 2 new offerings in Q4 leveraging Calypso's technology. F5 AI Guardrails establishes and monitors how AI models and agents interact with users and data while defending against attackers. And F5 AI Red Team identifies threats and informs exactly where and how urgently guardrails should be implemented. Wasting no time, our team secured wins for these offerings with a top-tier investment bank and a global AI compute platform leader. Collectively, our Q4 successes underscore F5's growing leadership in the hybrid multicloud landscape and the real value our platform approach delivers to customers, empowering them to simplify operations, enhance security and accelerate innovation across their environments. I want to express my deepest gratitude to our customers and partners. Your urgency, collaboration and trust through every step of our incident response have been invaluable. We are truly honored to work alongside you and remain steadfast in our commitment to earn your confidence every single day. I also want to extend my heartfelt thanks to all F5ers who came together with incredible focus and dedication to drive a strong and effective response. Looking ahead, we are resolute in our commitment to emerge stronger from this experience and to working across the security community to build a better and safer digital world. In closing, I am deeply honored by the Board's appointment as Chair effective with Al Higginson's retirement in March 2026. As a Director for nearly 30 years and Chair for 20, Al's leadership has been essential to F5's growth and transformation. He has provided outstanding stewardship and tone at the top that has shaped the F5 we are today. I am humbled by the Board's trust and confidence in me to help lead F5 through its next chapter. I look forward to working alongside this talented management team and the Board to continue F5's trajectory of creating long-term value for shareholders. Operator, please open the call to questions.

Can you hear me?

We can.

I apologize for the brief music interruption. I have a question regarding the type of conservatism reflected in your estimates. Are you accommodating customers through discounts? Are potential buyers delaying their purchasing decisions while managing service or upgrade issues? Or are you providing additional incentives for upgrades? I’m trying to understand the nature of customer conservatism you are experiencing. Additionally, could you provide context on how much of the growth in fiscal '25 for the systems business was influenced by the product upgrade cycle?

It's François. Let me address the first part of your question. I believe Cooper will handle the second question. To begin, we experienced a very strong quarter and a robust fiscal 2025, and the business momentum has been remarkable. This is largely driven by the secular trends we've mentioned, particularly hybrid multicloud and AI, which I can elaborate on later. Given these trends, we anticipated a mid-single-digit growth trajectory heading into 2026. However, we are guiding for a growth range of 0% to 4% for 2026 due to potential near-term impacts related to the security incident. I expect the majority of this impact to be felt in the first half of the year, with trends normalizing in the latter half. Regarding the near-term impact, there are three categories that may cause temporary disruption. First, our sales and field resources have been focused on assisting customers with upgrades and addressing issues, which takes time away from normal sales cycles. This applies to customers as well, as they allocate resources to upgrade their BIG-IPs and ensure their environments are properly set up, affecting their ability to consider new projects. The second potential disruption we identified in our guidance is that, due to the visibility of the security incident, we might experience delays in approvals or deals at the executive level as customers seek reassurance before moving forward with their projects. Lastly, there may be some projects that customers were planning to initiate but ultimately decide not to proceed with. It's important to note that over 70% of our revenues are recurring, and the impacts I mentioned mainly pertain to new projects or acquiring new footprints. So far, it’s early days since this was disclosed just two weeks ago, and we haven't observed any of the effects I've described, but we are cautious because we are still in the early stages of engaging with customers. Cooper?

Thanks. Yes. And then in terms of the systems business, we're seeing strength in both the product or tech refresh and capacity expansion. The growth has been pretty balanced actually across both. Roughly 2/3 of our systems business in FY '25 was tech refresh, with about 1/3 coming from what we call data center, increasing capacity, data sovereignty, use cases. A lot of it is really driven by AI that can be both direct and indirect. So it's just been a trend that we continue to see over the course of the year where we're seeing growth for both the refresh motion as well as some of these newer use cases. And then on the refresh motion, I would also note that I think we're still relatively early days on that refresh cycle with more than half of our installed base currently still on the legacy product families that would be going into software support.

Just continuing on that line of discussion, I guess I'm curious about how you actually size the potential impact from the security breach. I would imagine it's probably a complex exercise, but I'm curious if you could just kind of walk us through like the logic here. And then maybe related to that, can you give us a sense for how many customers were affected where there was configuration information taken or are there specific customer issues that you can point to?

Yes, sure, George. This is Cooper. I'll take the first part, and then François can address the second question. François mentioned earlier the percentage of our business that is recurring. During this process, we took a detailed look at our revenue sources to determine which would be most affected and which would be more resilient in the short term. Much of our revenue comes directly from our balance sheet. Our service revenue primarily stems from deferred revenue, our SaaS revenue is derived from beginning ARR, and a significant portion of our software revenue comes from subscription renewals. These revenue streams are quite resilient, and we don't anticipate much short-term impact on them. In contrast, newer revenue sources, such as competitive takeout or new software projects, may experience more immediate effects. We analyzed different segments of our revenue to gauge the potential near-term impact as customers navigate their operational responses following the incident. We also compared notes with historical data from peers who faced similar situations and assessed the revenue impacts they encountered. Additionally, we've engaged extensively with our sales teams to gather their insights on any potential effects, and we've maintained those discussions as they interact with customers. We're encouraged by the initial feedback from these conversations, which have been productive and have helped customers address their concerns. Overall, we feel confident about our relationships and the nature of these interactions with our clients.

I will address the second part of your question regarding customer impact. First, I want to express our disappointment that this situation arose and acknowledge the burden it has placed on our customers, who have had to work long hours to upgrade their BIG-IPs and secure their environments. We are actively collaborating with all our customers to ensure they reach their desired status. Regarding the customers affected, we confirmed that there was no evidence of access to F5 Distributed Cloud Services or NGINX environments; only BIG-IP customers were impacted. There were two main categories of impact. We strongly recommended that all BIG-IP customers upgrade to the latest releases, which we worked hard to make available on the day of our disclosure. We were genuinely impressed by the speed at which our customers mobilized resources to complete these upgrades and implement them in production. The primary impact was the need for customers to organize resources to conduct this work shortly after the disclosure, and we are pleased that many customers have already completed this task. Although this effort will continue, it’s great to see how quickly customers upgraded their BIG-IP systems. The second category of impact involved data exfiltration, which affected a small percentage of our customers. We are continuing with the e-discovery process to determine the specifics of what data was involved. However, from our initial investigation, we have identified the customers who were affected and have provided them with their data packages regarding any potentially exfiltrated information. Most customers have indicated that the data in question is not sensitive and they do not have concerns about it. There was no impact on our CRM or support system.

I just have two. First, just on OpEx, it seems like the implied OpEx growth for fiscal '26 is about 4% at the midpoint. Just wondering if you're seeing any additional costs as a result of the data breach, other investments in systems internally or costs related to offering free Falcon EDR subscription to affected customers. And then second, certainly encouraging to hear that it was just BIG-IP that was impacted, not NGINX or DCS. Could you just tell us what percentage of the revenue comes from BIG-IP?

Yes. I'll start with the latter. We do not disclose our product revenue separately as we operate as a single-segment company. BIG-IP is indeed our highest revenue product, but we do not specify its contribution. Regarding investment in security and operating expenses, we have been investing significantly in cybersecurity over the past several years. We have more than doubled our investment in cybersecurity in the last three years alone. We had anticipated continued investment in our planning for this year even before the recent incident. We have also gained valuable insights in the past few weeks, which has led us to incorporate additional investments into our planning. Cybersecurity was among our highest priority areas for investment as we entered the year.

And any costs related to the Falcon EDR subscription?

Yes. There are several costs associated with the incident remediation, and the offering you mentioned will either be covered by our cyber insurance or treated as separate one-time remediation expenses.

The sound quality on your end is poor, making it difficult to understand you. I have two sets of questions regarding software and system revenues. For systems, you began the year with $160 million, which then ramped up to around $180 million per quarter, with figures like $181 million and $186 million. Do you believe there is potential for further growth from this point, or will the growth rate decrease significantly since this level seems indicative of a steady-state refresh moving forward? I'm trying to gauge whether the increase from $130 million to $140 million last year, growing to about $180 million this year, suggests there will be further growth or if we'll maintain this level. Regarding software, I have a similar inquiry. If I examine the average quarterly revenue this year, there has been a noticeable increase compared to last year, yet it appears to stabilize around $210 million. Some quarters fall below this, while others exceed it, but it seems largely consistent, following a trend of renewals and refreshes. So my question is, what will drive software growth from this point, considering we’ve discussed renewals and the accounting treatment surrounding them in prior quarters? Essentially, what factors will drive growth for software and systems moving forward as opposed to the temporary influences we see currently?

I will start with hardware. We saw significant growth this year, and that was the starting point after a low period in FY '24. Customers had been hesitant to invest in their data centers due to macroeconomic constraints affecting their budgets. Over the last year, we have observed a catch-up period in deferred investments, which has been a major driver of growth in FY '25. We are still early in the refresh cycle and believe there is ample opportunity for growth in that area. Additionally, we are noticing a new growth vein in data center capacity expansion linked to AI readiness. While it's still in the early stages, we expect this new trend to provide sustained growth in the future. This year is positioned to be a robust year for refreshes, given how early we are in the cycle, and the expansion could continue to contribute to growth as well. Nonetheless, while we are optimistic, we anticipate some near-term impacts due to the recent security incident, and we will monitor how that unfolds.

I'll address the second part of your question. It's important to note that we are confident in the continued robust growth of our software, driven by current trends in our business. This year, our active multiyear software agreements grew by 20% year-on-year, and we anticipate that this growth will persist. The flexible consumption agreements, which allow customers to engage with our offerings over several years and various portfolio segments, are gaining traction as customers increasingly adopt hybrid multicloud architectures and require diverse solutions, including software and Software-as-a-Service. For instance, our SaaS adoption saw nearly a 60% increase this year, specifically 57%. Currently, we have over 1,300 distributed cloud customers, a significant rise from about 800 a year ago. This trend is evident among our largest customers, with over 26% of our top 1,000 customers now utilizing F5 distributed cloud. As we have navigated through various transitions in our SaaS business, we expect that SaaS and managed services will contribute to software growth moving forward. Additionally, customers are recognizing the advantages of our comprehensive portfolio, reflected in the growing number of customers using multiple F5 product families. Four years ago, 30% of our top 1,000 customers engaged with multiple product families; this figure has now increased to 70%. Our application delivery and security platform, particularly our XOps capabilities, is experiencing rapid adoption. When considering all these factors—growth in flexible consumption agreements, SaaS adoption, and the uptake of our application delivery and security platform—it’s clear that these elements will drive continued growth in our software business in the future.

But François, if that's true, and I know you slightly lowered the guidance due to the cybersecurity breach, even before that you only projected a growth rate of 5%. So if that's the case, why aren't we seeing a faster growth rate?

Correct. So Tal, I mean we've talked about this, and François talked about this on several calls. There is a timing nature because of these 3-year cycles on the renewals. And so the subscription business that we sold in FY '23 had a lower growth rate because new projects were under pressure. This was 3 years ago. And so that's what's coming up for renewal in FY '26. And so the base with which we're starting doesn't have as much growth in FY '26 and that's what was behind what we said was a mid-single-digit growth opportunity when we talked in July. That same base has much more growth in FY '27 and we don't have the headwind related to our SaaS and managed service business because we're through the transition. So we tried to lay out that there are going to be some ups and downs in the annual growth rates tied to the timing of those renewal motions. But we've given that look ahead beyond the current year into '27 to give that visibility that we expect a reacceleration in software growth rate. The underlying trends are very healthy. François laid out several metrics to point to the underlying health of the software business and we saw that last year. If you look at our term license business, that was up 18%. We have the headwind related to SaaS where our SaaS and managed service was down 9%. But again, that's going to be behind us and so it points to a very healthy software view beyond FY '26.

Two quicker ones, if I could. I just wanted to follow up, François, on Distributed Cloud Services. Part of my question was about multiproducts. I think you just answered that there. But could you talk about some of the other economics that you see as you transition to DCS, things like deal sizes, win rates, maybe when we get to it, dollar retention or add-ons on top of that, number one? And then number two, if you could just quickly touch on a few of the verticals at least on a bookings basis, we're a little out of band. Enterprise was really strong year-over-year and service provider was pretty weak, all for pretty weak numbers. So anything that's driving kind of a little bit of out-of-band performance on those 2 verticals, that'd be great.

Tim, let me start again. Can you hear me?

Okay, great. To address your question, Tim, regarding distributed cloud, this approach is a land-and-expand strategy. Typically, initial deals are small and then grow over time. For instance, one-third of our distributed cloud customers have increased their annual recurring revenue with us, and for those who have expanded, their growth has been 90%. This indicates significant customer growth after onboarding, which will continue as we introduce more services onto the F5 distributed cloud. We are consistently adding features that customers have appreciated on BIG-IP to the F5 distributed cloud. Regarding the verticals, we are noticing that key enterprise sectors are adopting hybrid multicloud strategies for various reasons, ultimately directing their needs toward F5. For example, financial services often keep core banking data on-premises while also building disaster recovery solutions to meet operational resilience regulations, utilizing public cloud resources. Whenever a customer employs both on-prem and public cloud environments, it underscores the value of F5. The same pattern is occurring in health care, manufacturing, retail, and the public sector. Therefore, as these verticals embrace hybrid multicloud, it enables us to increase our market share and drives cross-selling of our offerings. In the service provider segment you mentioned, it’s true that this area has been relatively subdued, partly because 5G has not developed as anticipated over the past couple of years. Consequently, we haven’t seen significant growth or a driving force for service providers in terms of average revenue per user or 5G service adoption, leading to stability without notable growth to date.

A couple things I wanted to check on. One, hopefully easy is, what are you seeing in terms of U.S. federal in light of the government shutdown? Is that an aspect that's affecting the outlook for your December quarter? And the other thing I wanted to get a better sense of is you've given us some commentary around the mix of software and hardware for the December quarter, but what's baked in for software versus hardware growth in that full year 0% to 4% guidance?

Let me start by noting that we have taken into account some level of disruption in the U.S. federal government sector in our guidance, particularly in the first quarter due to the government shutdown, which is clearly affecting project delays and approvals. We hope that this situation will normalize throughout the year. However, in Q1, we expect that the performance from the federal sector will not match what we have historically experienced in that part of the business as a result of the government shutdown.

Yes. Thanks, Simon. We're not guiding mix at this point, just given that we're 12 days since the announcement of the incident and we've done a lot of work to provide a range on the growth outlook which, as we said, we've discounted some risk of short-term disruption to demand. We expect the demand to normalize in the second half of the year and I think as we see demand start to normalize, we'll look to give an update of what software and hardware growth can look like for the rest of the year.

Just maybe you could clarify because you've got BIG-IP as the appliance system business, but you have virtual editions of BIG-IP. So when you talked about the breach, you said it affected BIG-IP. Does that mean that the breach affects both software and hardware equally?

Yes, it does.

François, just curious to hear your thoughts in terms of how the market share dynamics change on account of the potential impact that you're outlining for the first half. Because I'm just wondering if sort of we should expect to see some of the spend from your customers if it does get delayed from first half to see some catch-up in the second half, particularly when it comes to potentially the systems part of your business. And I have a quick follow-up after that, sorry.

Yes. So we cannot know if on a 1- or 2-quarter basis that's hopefully enough of a runway to see substantial change in market share. So if I speak more on an annual basis and what I expect going forward, my expectation is that we continue to gain share in the application delivery and security market. The reason I say that is relative to other players in the space, we are investing more in our road map. We have been very aggressive at investing in security, and I think through the conversations with our customers around what we are doing to secure our environment, build trust centers to allow customers to come and do penetration testing of our code. All of the work that we are doing with partners to continue to look for any vulnerabilities and secure our code, that our customers are going to continue to see that F5 is really the right partner, is 100% committed to maximum security in our products and in their environments. And that will pay in terms of over time, customers, of course, continuing to partner with F5 and where possible, consolidate spend on our application delivery and security platform in their environment. And we have a world-class road map for our customers to continue to deliver functionality in delivery and security. So I think you have to look at it over a period of time. There may be a short-term blip in the first half of our year because of the factors that I described earlier. But in terms of our market share, our market position, our relationship with customers, I think if anything, over time, it will continue to strengthen.

Got it. Got it. And for my follow-up, I was just looking at the disclosure that you had on standalone security revenues. I think you said $463 million for this year. Looks like it's been fairly consistent for the last couple of years without material growth, like I have $458 million for fiscal '24, $475 million for the year before. Any sort of more details you can provide in terms of what you're seeing on the standalone security side and why hasn't there been more significant growth on that front?

Our overall security business grew by about 6% last year. What we're noticing is a trend where customers prefer to use our platform and combine multiple functions in one place. This has led to slower growth from standalone solutions and a shift towards our flexible consumption program, where customers are adding more modules and enhancing their existing security. Therefore, this growth is primarily occurring in a platform format. Additionally, it's worth noting that the standalone security segment has been somewhat affected by the SaaS transition of some of our legacy offerings, but we expect that impact to diminish in the future.

I have two as well. I guess, Cooper, maybe just to start with you, can you just walk through the operating margin for the year? I think you're implying 34% margins for fiscal '26, but it's also the same, I think, for fiscal Q1. So I'd love to just get a sense on why aren't we seeing leverage in the back half of the year versus the front half. And then if you just quantify what the OpEx uptick in the March quarter will be for some of the events you talked about, that would be helpful.

Yes. I mentioned in my prepared remarks that we expect Q2 to be the lowest point for operating margins, which is usually the case due to seasonality with payroll tax resets and our large customer event in March. Therefore, we anticipate some improvement in the second half of the year following the lower operating margins in Q2. While we won't provide guidance on Q2's operating expenses today, you can refer to seasonal trends to understand the typical increase in operating expenses during Q2.

Got it. François, can you help us understand if the source code is compromised, how do you assure customers that there's no hidden zero-day threat? Could you walk us through that? Also, does this situation affect your ability to raise prices on the hardware side, similar to what Citrix has been doing? I would like to understand the zero-day risk and if this might limit potential price increases in the future.

Thank you. I'll begin with discussing our code before addressing the price increase separately. I previously mentioned that customers will continue to select F5 because we offer top-tier application delivery and security solutions. Regarding our code, I outlined earlier the steps we are taking to remain vigilant against potential vulnerabilities. We have partnered with firms to scan our code, and we will persist in this practice to ensure any vulnerabilities are promptly addressed. We are establishing a trust center for our customers to conduct penetration testing on our code and will utilize AI for penetration tracking as well. We are also enhancing our bug bounty program. These initiatives are designed to keep us alert and provide our customers with maximum assurance regarding the security of our code moving forward. We aim to be the best in the industry in this regard. Conversations with our customers have shown that they are satisfied with our proactive measures and are reassured that the products they receive from F5 remain secure and free from vulnerabilities. Furthermore, as noted in our disclosures, we are collaborating with CrowdStrike to incorporate EDR capabilities in BIG-IP, adding an additional layer of protection and allowing customers greater visibility and monitoring, which is unprecedented for perimeter devices. This exemplifies our innovation with industry partners to enhance security for our customers. The topic of price increases is distinct. As you mentioned regarding one of our competitors, our strategy focuses on building enduring relationships with our customers while demonstrating the value we provide over time. We plan to maintain our current policy and approach consistently. We can do this because customers acknowledge the investments we are making in security and our comprehensive road map for delivering top-notch security and delivery platforms for hybrid multicloud environments. We are currently the only company capable of serving their traditional, modern, and AI applications across hardware, software, and SaaS. We continue to invest both organically and through acquisitions, such as our recent purchase of CalypsoAI, to enhance our platform specifically for AI application security within our application delivery and security framework. Customers will witness these ongoing investments from F5, and we believe this will justify the value we derive from our customer interactions.

Most of my questions have been answered, but just a quick clarification. When you talked about the migration of your end-of-life products out there today, kind of where are you now in that migration? How do you think about that going forward? Are you seeing some pushouts? Are you giving customers any kind of time frame breaks because of the breach to migrate those products going end of life?

Yes. We have indicated that we are still in the early stages of the refresh process, with over 50% of our installed base on those two platforms. We have not changed the end of software support dates, which have been publicly available for a long time. We are collaborating with customers to ensure they have a smooth process for completing those refreshes across our portfolio.

Got it. Helpful. And maybe circling back to your comments on the telecom segment. Obviously, yes, 5G has been disappointing there in terms of kind of the deployment of virtualization, but are you seeing any new activities in the telecom domain around the new 5G core, maybe picking up momentum or anything else to call out on the telecom front here?

Yes, look, I think what we're seeing is the sort of 4G to 5G transition continue with some geographies ahead of others. Those customers who have implemented 5G were seeing growth inside of these environments, capacity, in some cases, growing fairly rapidly. But generally, this transition from 4G to 5G and frankly the revenues that telecom operators expected from that transition have not really materialized and that, in turn, has put pressure on their CapEx spend. So we are continuing to find new use cases inside of our service provider customers, but it hasn't been significant enough to drive a substantial uptick in the overall segment for F5.

Thank you, everybody, for being with us today. We look forward to seeing many of you during the quarter.