Zscaler - Earnings Call - Q2 2025

Executive Summary

• Zscaler delivered a solid Q2 FY25: revenue $647.9M (+23% YoY, +3% QoQ) and non-GAAP EPS $0.78, with non-GAAP operating margin at 22% and free cash flow (FCF) margin at 22%.
• Billings accelerated to $742.7M (+18% YoY), RPO reached $4.615B (+28% YoY), ARR surpassed $2.7B (+23% YoY), and NRR improved to 115% as large-customer momentum continued (620 customers >$1M ARR).
• Management raised FY25 guidance across revenue ($2.640–$2.654B), billings ($3.153–$3.168B), non-GAAP operating income ($562–$572M), and non-GAAP EPS ($3.04–$3.09), citing stronger pipeline, sales productivity, and platform breadth.
• Key catalysts: momentum in Zero Trust Branch (57% of purchasers were new logos), data protection net new ACV growth >40%, and deepening GSI engagement; management reiterated a path to “$3B or more” ARR by FY25 year-end.

What Went Well and What Went Wrong

What Went Well

• Billings/ARR/RPO momentum: Q2 billings +18% YoY to $742.7M; ARR >$2.7B (+23% YoY); RPO $4.615B (+28% YoY). CEO: “Billings accelerated in Q2… ARR grew 23%… NRR improved to 115%.”
• Product traction and platform expansion: Data protection net new ACV grew >40% YoY; Zero Trust Branch adoption strong with 57% of buyers as new logos; $1M+ ARR customers grew to 620 (+25% YoY).
• Go-to-market productivity and partner leverage: Management cited increased sales productivity, lower sales attrition, and growing GSI contributions to large deals; “I expect sales productivity to continue [to] grow in the second half”.

What Went Wrong

• Ongoing deal scrutiny and tight macro: “Our Q2 results exceeded… even with ongoing customer scrutiny of large deals”; macro still tight; federal deals are “lumpy” and not baked as a strong 2H driver.
• Gross margin modestly pressured by new product mix: Total gross margin ~80% with commentary that new, fast-growing products are optimized for go-to-market over margins near term.
• GAAP profitability remains negative (improved): GAAP net loss was $7.7M; GAAP tax benefit included a $17.2M one-time valuation allowance release in the UK, which does not affect non-GAAP results.

Transcript

Operator (participant)

Good day, and thank you for standing by. Welcome to the Zscaler second quarter 2025 earnings call. At this time, all participants are in a listen-only mode. Please be advised that today's conference is being recorded. After the speaker's presentation, there will be a question-and-answer session. To ask a question, please press star one-one on your telephone and wait for your name to be announced. To withdraw your question, please press star one-one again. I would now like to hand the conference over to your speaker today, Ashwin Kesireddy, Vice President, Investor Relations and Strategic Finance.

Ashwin Kesireddy (VP Investor Relations and Strategic Finance)

Good afternoon, everyone, and welcome to the Zscaler second quarter fiscal year 2025 earnings conference call. On the call with me today are Jay Chaudhry, Chairman and CEO, and Remo Canessa, CFO. Please note we have posted our earnings release and a supplemental financial schedule to our Investor Relations website. Unless otherwise noted, all numbers we talk about today will be on an adjusted non-GAAP basis. You'll find the reconciliation of GAAP to the non-GAAP financial measures in our earnings release.

I'd like to remind you that today's discussion will contain forward-looking statements, including, but not limited to, the company's anticipated future revenue, annual recurring revenue, calculated billings, operating performance, gross margin, operating expenses, operating income, net income, free cash flow, dollar-based net retention rate, future hiring decisions, remaining performance obligations, income taxes, earnings per share, our objectives and outlook, our customer response to our products, and our market share and market opportunity. These statements and other comments are not guarantees of future performance, but rather are subject to risk and uncertainty, some of which are beyond our control. These forward-looking statements apply as of today, and you should not rely on them as representing our views in the future. We undertake no obligation to update these statements after this call.

For a more complete discussion of the risks and uncertainties, please see our filings with the SEC, as well as in today's earnings release. I also want to inform you that we'll be attending the following conferences: Morgan Stanley TMT Conference on March 6th, Susquehanna Travel Tech Plus Gambling Forum on March 7th, Loop Capital Markets Investor Conference on March 10th, Stifel Technology Conference on March 11th, and Cantor Global Technology Conference on March 12th. Now, I'll turn the call over to Jay.

Jay Chaudhry (Chairman and CEO)

Thank you, Ashwin. Our outstanding Q2 results demonstrate the improvements in our go-to-market execution against a backdrop of growing customer demand for our platform. Billings accelerated in Q2, and revenue grew by 23% year over year, with both metrics coming in above the high-end offer guidance. Our go-to-market investments are resulting in increased sales productivity, double-digit new and upsell business growth, and lower sales attrition. I expect sales productivity to continue growth in the second half, driven by ongoing success of our go-to-market initiatives and growing number of ramped sales reps. Our annual recurring revenue, or ARR, grew 23% year over year in Q2 to over $2.7 billion, and our net retention rate, or NRR, improved to 115%. With our growing pipeline and better sales productivity, I expect us to achieve $3 billion or more in ARR by the end of the fiscal year.

Q2 was also a strong quarter for profitability, with 36% growth in operating profit, driving 2 percentage points improvement in operating margin to nearly 22%. Free cash flow margin was also a Q2 record of 22%. Driven by strong revenue growth and free cash flow margin, we operated above the Rule of 45, placing us in the rarefied category of large publicly traded SaaS companies that are growing rapidly at scale. Zscaler pioneered Zero Trust Architecture, which enables our customers' workforces to securely access applications wherever they reside. Prior to Zscaler, enterprises relied on firewall and VPN-based security, which allowed attackers to exploit their vulnerabilities and move unchecked across corporate networks. Many vendors are marketing SASE built on SD-WANs, which only worsens the growing issue of ransomware attacks.

We have gone far beyond SASE by pioneering our Zero Trust Exchange built on true Zero Trust Architecture, which eliminates lateral propagation of threats and dramatically reduces attack surface. Building upon our success in securing users, we expanded our platform to secure workloads, IoT/OT devices, B2B users, B2B systems, and more. Today, we are elevating the concept of Zero Trust to a new standard that we call Zero Trust Everywhere. For a customer to be Zero Trust Everywhere, they need Zero Trust Users where users are untrusted and never put on the corporate network, Zero Trust Cloud where workloads are untrusted and can communicate only through our Exchange, and Zero Trust Branch where branches, factories, warehouses, or IoT/OT devices are islands of their own. Our mission is to create a Zero Trust Everywhere world.

With the upcoming hardware refresh cycle, CXOs are increasingly looking for ways to eliminate the legacy security stack, including firewalls, VPNs, SD-WANs, and more. We are leaning into the opportunity presented by the refresh cycle with surgical field campaigns to educate our customers on how they can leapfrog to Zero Trust Everywhere and free themselves from firewalls and other legacy appliances forever. I'm happy to share that we are seeing initial success from these campaigns. As of the end of Q2, we surpassed 130 enterprises that have become Zero Trust Everywhere, and my mandate to our teams is to triple that number in the next 18 months. One of the core solutions of Zero Trust Everywhere is Zero Trust Branch, which is seeing tremendous customer interest. Let me share a customer example.

An existing Global 2000 manufacturing customer purchased our Zero Trust Branch in a seven-figure deal, adding to their ZIA and ZPA commitments. This customer is leveraging Zscaler to secure all their critical manufacturing sites, eliminating the need for firewalls, NACs, expensive switches, and routers at these sites. Next, we are working with this customer to upsell Zero Trust Cloud to put them on the path to become Zero Trust Everywhere. In another example, a large communications equipment company purchased our Zero Trust Branch to phase out their existing SD-WAN. We are excited to work with this customer to help them realize better security and operational simplicity of our platform. Zero Trust Branch is also helping us win new logo customers. In Q2, 57% of customers who purchase Zero Trust Branch are new logo customers.

Moving on to large customer metrics, our $1 million plus ARR customer count again grew 25% year over year. In one large customer win, a new logo Fortune 50 energy company adopted our Zero Trust platform to secure 25,000 users with ZIA and ZPA and made initial purchases of both Zero Trust Branch and Zero Trust Cloud in a seven-figure deal. This deal showcases how customers are adopting our broader platform, including workloads and branch in land deals. By embracing Zscaler as the platform of choice for the security transformation, the customer is eliminating firewalls, SD-WANs, legacy secure web gateways, VPNs, and more, thus improving their security while lowering cost and complexity. I am also pleased with the momentum in our data protection pillar, which experienced over 40% year-over-year growth in net new ACV.

We see two key drivers of this trend: one, consolidation of point products and operational simplicity of data protection. We have the most comprehensive data protection platform, which secures all types of data, whether structured or unstructured, data in motion or data at rest, and data across all channels, including web, email, endpoints, SaaS, cloud workloads, and more. These capabilities are packaged as various modules to provide flexibility to customers to adopt at their own pace. To give you an example, a Global 2000 retail company that had three data protection modules in the last fiscal year, adopted three new additional modules in Q1 of this fiscal year, and significantly expanded data protection to all users across all their six modules in Q2. This seven-figure upsell deal nearly tripled the annual spend of this already million-plus ARR customer.

The customer chose Zscaler to drive what, in their words, is the most significant transformation project in their network and security history. With too many data protection point products in their environments, customers are forced to manage multiple policies from multiple products. In contrast, Zscaler customers use a common set of policies that can be seamlessly implemented across all data protection modules, resulting in rapid deployment and lower operational overhead. For example, in a seven-figure upsell deal, an existing Global 2000 financial services customer significantly expanded the data protection purchases for 100,000 users. This upsell drove a 65% increase in the annual spend of this already million-plus ARR customer. As of the end of Q2, over 85% of our $1 million plus ARR customers have two or more data protection modules, and 65% have three or more modules. We expect this module adoption to continue to grow.

The second key driver for data protection growth is the increasing adoption of GenAI. With the widespread use of GenAI, all enterprises in all industries are confronting the risk of data loss to public AI apps such as Microsoft 365 Copilot, DeepSeek, ChatGPT, and more. This is elevating the importance of data protection across all customers, and customers are purchasing our solution to gain visibility into public AI apps and prevent data loss. For example, in Q2, many customers purchased data protection to securely adopt public AI, including a Global 2000 hospitality company, a Global 2000 technology company, a Global 2000 manufacturing company, and more. In addition to securing the use of public AI apps, we are investing to deliver solutions to secure customers' private AI apps, such as LLM and SLM models, chatbots, and inference engines.

We are expanding the functionality of our Zero Trust Exchange with an LLM proxy to analyze prompt queries and results in real time to detect and prevent prompt injections and other malicious activities. We are also utilizing AI to make our products even better and deliver more value to customers. Less than a year ago, we introduced ZDX Copilot, which leverages popular AI models like Gemini to deliver operational efficiency and faster resolution of end-to-end user performance issues. We offer ZDX Copilot in our ZDX Advanced Plus package. Following the launch of ZDX Copilot, bookings for ZDX Advanced Plus grew by over 45% to nearly $50 million, demonstrating the growth potential of AI-powered products. Building on the success, we are taking ZDX to the next level by leveraging ZDX's agentic AI technology to automate root cause analysis and expand IT workflow integrations for faster remediation and reduced resolution times.

We are also leveraging AI in many other areas, including automated data classification, image classification, zero-day vulnerabilities detection and prevention, app segmentation, IoT/OT device discovery, and more. Our newly introduced AI analytics solutions, including Risk360, Unified Vulnerability Management, Business Insights, and others, continue to drive strong growth, and ACV from AI analytics nearly doubled year over year. To further accelerate the development of our AI solutions, we recently hired Phil Tee as our EVP of AI Innovations. Phil was the co-founder of an AI-driven enterprise software company that provided intelligent monitoring solutions for DevOps and IT Ops. In his role, Phil will lead an incubation group focusing on AI innovations to drive cutting-edge advancements in agentic AI to further transform our business and accelerate growth. AI is everywhere around us. The release of DeepSeek R1 highlights advancements in model training, which can make GenAI capabilities more widely available.

Someone called it Jevons paradox, which I agree with. In fact, I think this is the internet moment of AI, which will drive rapid adoption of AI in every aspect of our lives and will create a greater need for better security. Zscaler is very well positioned to protect our customers. At the World Economic Forum in Davos, I met CEOs of several global system integrators, or GSIs. We are seeing a sea change in GSI engagements compared to a year ago, as an increasing number of them are embedding Zscaler into their network and security transformation practices. Several GSIs and strategic national partners now consider Zscaler as one of their top strategic partners, just like Microsoft and Salesforce. In Q2, GSIs played a critical role in helping us close several deals.

For example, we partnered with Cognizant to close a seven-figure new logo deal with a Global 2000 insurance customer who purchased Zscaler for Users for 23,000 employees. In another example, a large GSI helped us close a seven-figure deal with an existing million-plus Fortune 500 healthcare customer. This customer purchased our ZIA, ZPA, and data protection solutions for more than 100,000 users, which increased the annual spend with us by over 350%. I am pleased to see that GSIs are leaning in, working closely with Zscaler, and dedicating resources to drive growth. Next, let me highlight the progress in our federal vertical. All of you are aware of the highly publicized efficiency measures taking place under the new administration in the United States.

Incumbent security vendors cannot save costs for our government, but Zscaler can and does by eliminating multiple legacy security products, including firewalls, VPNs, NACs, DLP, VDI, and more. Simply put, we offer better security at lower cost. Having landed in nearly all the cabinet-level federal agencies and with significant upsell opportunities still remaining, we are well positioned to benefit from the government's efficiency measures. Outside the U.S., we continue to make investments to grow our public sector practice, and we are seeing results. For example, in an eight-figure TCV deal, a national government purchased Zscaler for Users to secure the entire government workforce. This is a monumental win for Zscaler and our APJ sales team, and I'm humbled by the trust this nation's government has put in us. In conclusion, we are entering the second half of the fiscal year with three key drivers. First, our increasing sales productivity.

Sales productivity increased in Q2, driven by strong demand, and I expect productivity to continue to improve in the second half. Second, we are driving Zero Trust Everywhere in our customers. We have launched targeted campaigns to educate our customers on how they can become Zero Trust Everywhere and escape the refresh cycle for appliances. Third, the growing adoption of AI is driving demand across multiple dimensions, including data protection and our AI-powered security products. I fully expect to benefit from these tailwinds. As I mentioned earlier, with strong demand for our platform and growing innovations, I expect us to achieve $3 billion or more in ARR by the end of the fiscal year. I look forward to sharing more about our innovations and platform strategy at Zenith Live in June. Now, I'd like to turn over the call to Remo for our financial results.

Remo Canessa (CFO)

Thank you, Jay. Our Q2 results exceeded our guidance on growth and profitability, even with ongoing customer scrutiny of large deals. Revenue was $648 million, up 23% year-over-year and up 3% sequentially. From a geographic perspective, Americas represented 54% of revenue, EMEA was 30%, and APJ was 16%. Our annual recurring revenue, or ARR, exiting Q2 surpassed $2.7 billion. ARR growth was approximately 23% year-over-year. Remaining performance obligations, or RPO, grew 28% from a year ago to $4.615 billion. Current RPO was approximately 49% of the total RPO. Total calculated billings grew 18% year-over-year to $743 million. Our unbilled billings, comprised of new, upsell, and renewal billings, grew over 25% year-over-year. Our calculated current billings grew 19% year-over-year. We ended Q2 with 620 customers with over $1 million in ARR and 3,291 customers with over $100,000 in ARR.

This continued strong growth of large customers speaks to the strategic role we play in our customers' digital transformation journeys. Our 12-month trailing dollar-based net retention rate was 115%. While good for our business, our increased success in selling bigger bundles, selling multiple pillars from the start, and faster upsells within a year can reduce our dollar-based net retention rate in the future. There could be variability in this metric on a quarterly basis due to the factors I just mentioned. Turning to the rest of our Q2 financial performance, total gross margin of 80.4% compares to 80.8% in the year-ago quarter. Our total operating expenses increased 2% sequentially and 19% year-over-year to $380 million. We continue to generate significant leverage in our financial model with operating margin of approximately 22% and an increase of about 200 basis points year-over-year.

Our free cash flow margin was 22%, including data center CapEx at 2% of revenue. We ended the quarter with approximately $2.9 billion in cash, cash equivalents, and short-term investments. Next, let me provide our guidance for Q3 and full year fiscal 2025. As a reminder, these numbers are all non-GAAP. For the third quarter, we expect revenue in the range of $665 to $667 million, reflecting year-over-year growth of 20% to 21%. Gross margins of approximately 80%. I would like to remind investors that we're introducing new products that are experiencing strong growth and are optimized for faster go-to-market rather than margins. This will continue to influence our gross margins. We plan to optimize new products for margins over time as they scale. Operating profit in the range of $140 to $142 million. Net other income of $18 million.

Earnings per share in the range of $0.75 to $0.76, assuming a 23% tax rate and 163 million fully diluted shares. For the full year fiscal 2025, we expect billings in the range of $3.153 to $3.168 billion, reflecting the year-over-year growth of approximately 20% to 21%. For Q3, we expect billings growth to continue to improve and encourage modeling 200 to 260 basis points of sequential billings growth. Revenue in the range of $2.64 to $2.654 billion, reflecting year-over-year growth of approximately 22%. Operating profit in the range of $562 to $572 million. Earnings per share in the range of $3.04 to $3.09, assuming a 23% tax rate and approximately 163.5 million fully diluted shares. We expect our free cash flow margin to be approximately 24.5% to 25%.

With a large market opportunity and customers increasingly adopting the broader platform, we will invest aggressively to position us for long-term growth and profitability. With that, Operator, you may now open the call for questions.

Operator (participant)

Thank you. As a reminder, to ask a question, please press star 11 on your telephone and wait for your name to be announced. To withdraw your question, please press star 11 again. Please limit yourself to one question in the interest of time. One moment for questions. Our first question comes from Saket Kalia with Barclays. You may proceed.

Saket Kalia (Equity Research Analyst)

Okay, great. Hey, guys. Thanks for taking my questions here and good quarter. Jay, maybe for you, you dug into a couple of products in your prepared remarks that are clearly doing well, like data protection. But maybe the higher-level question is, how much of your business is kind of coming from ZIA and Secure Web Gateway replacements versus broader platform products in aggregate? Again, I know we've talked about certain products and we've gotten data points on how they're performing, but curious if you could talk about how the business is looking from that perspective of sort of ZIA and everything else that sort of forms the platform.

Jay Chaudhry (Chairman and CEO)

Sure. As you know, Zscaler, ZIA was the starting point. We started taking out Blue Coat and other web gateways. There's still a lot of Blue Coat left out there, but when we start, we quite often start with a platform that includes ZIA, ZPA, and ZDX. So starting from maybe coming from VPN replacement or Blue Coat, platform becomes the more common thing. In fact, recently, the Zero Trust Branch is becoming an important area as a starting point. The interesting number this quarter was that 57% of customers who bought our Zero Trust Branch are new logo customers. So expanded platform is a wonderful thing. Blue Coat, proxies are a starting point. VPN is a starting point. We are taking Zero Trust Everywhere: users, branches, and the cloud.

Saket Kalia (Equity Research Analyst)

Got it. Very helpful. Thank you.

Operator (participant)

Thank you. Our next question comes from Brad Zelnick with Deutsche Bank. You may proceed.

Brad Zelnick (Managing Director)

Great. Thanks so much for taking my question. Jay, it's good to see the go-to-market transformation coming to life. And I think we see it in the strength in million-plus customers and emerging product ARR growth. And Jay, I know you're not someone who's easily satisfied. What do you see that proves out that the go-to-market changes are making a difference and that those changes are durable? Thank you.

Jay Chaudhry (Chairman and CEO)

So Brad, first of all, the strength of pipeline, which is a leading indicator that is going, that good quality pipeline is going. Number two, our new ACV is up double digits. That's very important. And then other metrics across the board, data protection is growing over 40% and so on and so forth. It's very good. And the quality of engagements with C-level in large enterprises is getting stronger because the newer sales team, the leadership is very good in account relationships and expanding those accounts.

Brad Zelnick (Managing Director)

That's helpful. Maybe a quick follow-up for you, Remo. I think your commentary around Q3 billings is maybe a little bit lighter than some expected, even though the full year looks great. Just curious if there's been any change to the assumptions around scheduled versus unscheduled billings timing in the back half? Thanks again, guys. Great job.

Remo Canessa (CFO)

Thank you, Brad. No changes. We called out before with scheduled billings. We expected 7% in the first half and 23% in the second half. That is unchanged. And also on the unscheduled piece, it virtually remains unchanged also. You can see that we basically raised our guidance, so feel a little bit more bullish than we did before. It's based on our pipeline and our visibility. As Jay mentioned, things are going well. We're well-positioned and we feel good.

Brad Zelnick (Managing Director)

Awesome. Thanks again.

Operator (participant)

Thank you. Our next question comes from Mike Cikos with Needham. You may proceed.

Mike Cikos (VP and Senior Equity Research Analyst)

Hey, guys. Thanks for taking the questions here. If I could just build off of Brad's question on the go-to-market, it's great to see the number of million-dollar customers that you guys added this quarter. I wanted to get a sense. I know we've had Mike Rich there for some time now. You're talking about GSIs, but can you maybe color the million-dollar cohort that you have in light of some of these go-to-market initiatives that you guys have been working on now?

Jay Chaudhry (Chairman and CEO)

Yes. So two biggest things with the sales transformation effort. One was the account-centric sales process, and those are good results. We already talked about them. The second big thing was global system integrators playing an important role. And that's happening. We see that. You saw me highlighting a couple of deals in my earnings script where GSI played a very active role to help us drive that business.

They are embedding us into more and more of their platform. They're getting more and more people trained as well. And what we're seeing is, if you really think about the two G2K companies, right, they're both big opportunities for us. And there's still a 6X upsell opportunity for us in our installed base itself. And even our installed base, when customers get deployed, they want to remove all the legacy stuff, firewalls, VPN, all that kind of stuff. And these GSIs are playing an important role to help us. In fact, there's a large Fortune 50 company, I would say, where ZIA, ZPA, ZDX are sold. And then a GSI comes in to further simplify the stuff and help us upsell additional stuff. So very pleased with the performance, and that's part of our plan.

Mike Cikos (VP and Senior Equity Research Analyst)

Excellent. Thank you.

Operator (participant)

Thank you. Our next question comes from Shrenik Kothari with Baird. You may proceed.

Shrenik Kothari (Sector Head Director)

Hey, yeah. Congrats, everyone. Jay, Remo, thanks for taking my question. So Jay, you emphasized the Zero Trust Everywhere as a core strategic initiative. You guys have pretty ambitious targets. You said mandate to triple that figure in 18 months. Just curious, as you're seeing this upcoming hardware refresh cycle as an opportunity, can you talk about, is that going to be your anchor point in terms of CIO conversations looking to replace the aging stacks? Can you talk about the traction you've seen with customers who are willing to opt out of the legacy stack towards their full-stack Zero Trust? And I'd appreciate color for you.

Jay Chaudhry (Chairman and CEO)

Yes, so our customers have been telling us for quite some time that our Zero Trust Exchange is wonderful, but our branch still needs some help. I got some firewalls, some routers, some SD-WANs sitting in the branch creating complexity. Our Zero Trust Branch initiative is to simplify it. One simple appliance removes everything. The branch goes dark from the internet. It can't be discovered. It cannot be attacked. The cost and complexity goes low. There was a CXO Exchange summit we had recently, and we asked a survey question to 100 attendees. The question was, "Are you ready to embrace Zero Trust Branch, which becomes like a café without any firewall and any other stuff?" 96% of all CXOs said they're ready to embrace it. It actually exceeded all of my expectations. The combination of Zero Trust Branch with Zero Trust Users everywhere with Zero Trust Cloud becomes a very good story. Our customers love it.

Shrenik Kothari (Sector Head Director)

Thanks, Jay. Just quickly on the NRR improving to 115%. Just, can you provide more insights? You mentioned the increased number of RPO scales. RPO scales improving. Can you talk about the improving deal landing versus deal expansion velocity? And are you guys maximizing upfront deal sizes versus more longer-term expansion? And how does it play into the NRR things going forward?

Remo Canessa (CFO)

Yeah, we don't guide on the NRR, but all the things you mentioned all come into play. Deals are getting bigger. Our upsell, as we talked about before, we expected over 65% upsell this year. And that's what basically came in during the quarter. We are landing bigger deals. You can see with the large customer emphasis, with the companies that are greater than a million dollars. So all those factors and also the emerging products and new products, expanding the platform, they all come into play. The 115% is an outstanding metric. But again, it's something that we've talked about before. We really don't look at it other than on this call. We try to drive our top line basically on new ACV, whether it's upsell or new.

Shrenik Kothari (Sector Head Director)

Thank you. Got it.

Operator (participant)

Thank you. And as a reminder, please limit yourself to one question in the interest of time. Our next question comes from Roger Boyd with UBS. You may proceed.

Roger Boyd (Executive Director)

Awesome. Thanks for taking the questions. Jay, I wanted to go back to the eight-figure APJ government deal. I think you talked about kind of them going wall to wall with the Zscaler for Users. I'd love to hear any specifics you can give on the ROI with this customer, kind of the scale, the upsell there, and what you're replacing. And then as you think about the pipeline for global government deals, this feels like kind of a landmark deal for you guys. Just would love any color on how you're thinking about the opportunity with other governments. Thanks.

Jay Chaudhry (Chairman and CEO)

Yes, you said it right. It was a landmark deal for us. Zero Trust is very important for governments. And by the way, this deal wasn't driven by ROI. This was driven by cybersecurity having better protection. And what are we replacing? This deal includes Zero Trust access for users, whether they're at home or in the office, whether they're accessing internet, SaaS applications, or their internal applications. So essentially, a critical part of our platform. They're starting with this entire government workforce, which we're very proud of. We are engaged with several other U.S.-friendly countries to pursue this thing. But some of these government deals can take longer.

But it is good to see that we're getting traction. And we've done a lot of work in the U.S. government as well, which I shouldn't forget about. So we see it as good opportunities, but government deals can be a little bit, what do you call it, lumpy and can take time. But it's pretty unique for us. We are very, very proud of it.

Operator (participant)

Thank you. Our next question comes from Brian Essex with J.P. Morgan. You may proceed.

Brian Essex (Executive Director)

Hi, good afternoon, and thank you for taking the question. Jay, I was wondering if I could dig into maybe the comments that you had on ZDX and would love to know how you're seeing customers approach agentic protection. And on the data protection side, is your platform obviating the need for data discovery and classification, or are you coming in on top of that? How are enterprises viewing getting their data estate in order before they pursue agentic utilization? Thank you.

Jay Chaudhry (Chairman and CEO)

Sure. It's a very good question. Often, we like to give customers flexibility and choice where they can. Data classification is a hard problem. AI actually is helping a lot in doing data classification. So we do use GenAI technology for classification quite a bit. In fact, for quite some time, as your traffic goes out to the internet on the fly at our ZIA, we have been doing classification for customers for policy enforcement. But also, we can scan data sitting in OneDrive, SharePoint, or wherever else may be, and can do classification with our AI technology. Having said that, we also work along with data classification that may be done by other providers.

So we can take that classification and tags and apply it for policy enforcement because we're sitting in the traffic path. The only way the data can leak out is if it goes through us, and we are the natural policy enforcement point. Our data protection solution has been growing very nicely. Our ACV, for example, has grown 40% year over year. So it's a good opportunity, and it's no longer not only data inline. We're doing data at rest and SaaS applications. We're doing DSPM for data in the cloud. We're doing data security at endpoint. Data security for email using single policy engine, which is what customers like us because they were rather not buy five different point products.

Brian Essex (Executive Director)

Got it. Super helpful and great to see the better sales productivity. Appreciate it.

Jay Chaudhry (Chairman and CEO)

Thank you.

Operator (participant)

Our next question comes from Gregg Moskowitz with Mizuho. You may proceed.

Gregg Moskowitz (Managing Director)

Thank you very much for taking the question. The Zero Trust Everywhere campaign appears to be off to a very good start. I realize it's early, but was curious if you're seeing more adoption thus far from small, mid-sized, or larger enterprises. And then also from what you've observed so far, how does the size of Zero Trust Everywhere land? How does that compare to Zscaler's typical net new logo?

Jay Chaudhry (Chairman and CEO)

Right. So first of all, our focus remains larger enterprises. There is a natural growth happening on the lower end of the business, which keeps on going. But primary focus has not changed. I was very happy to see that over 130 enterprises who've gone in with Zero Trust Everywhere. And for that case, we essentially like to say your users are Zero Trust no matter where they're sitting, at home or coffee shop or at your headquarters.

Your branch is Zero Trust. Your cloud is Zero Trust. That's really the essence of Zero Trust everywhere. Now, what we also are bullish. We think we can triple this number in the next 18 months. And that's based on the customer feedback and reception we're getting. So we think we are going to make a big difference in the branch area. I'm excited with the refresh opportunity. Our CIO, I was talking to, said, "I'm glad you're moving forward because I do not want to go through the refresh cycles of firewall one more time."

Gregg Moskowitz (Managing Director)

Very helpful. Thanks, Jay.

Operator (participant)

Thank you. Our next question comes from Fatima Boolani with Citi. You may proceed.

Fatima Boolani (Managing Director)

Well, good afternoon. Thank you for taking my questions. Remo, you made a specific reference to the fact that there is ongoing scrutiny on large deals. So I wanted to ask you both actually a very stratospheric question. The entire business and the business model and the pipeline is becoming more tethered and indexed to larger deals. You're talking about scrutiny, and then you layer on the fact that there are segments of the economy and maybe the global economy that have been a little bit in flux by virtue of trade wars and tariffs and things like that. I wanted to get your perspective on how that's maybe helping accelerate the conversation for you, if at all, just kind of given that could have implications for how sectors of the economy think about transforming their networks and their security architecture.

And any kind of anecdotal feedback or color you got actually from your CXO summit that you referenced earlier, we'd love to kind of get some real-time feedback from how customers are internalizing some of this with their budgetary aspirations and expectations. Thank you.

Jay Chaudhry (Chairman and CEO)

So Fatima, let me start. Yeah. From what we know so far, we expect limited direct impact from tariffs to our business. Now, as we said in our remarks, macro is still tight. Yes, there's large deal scrutiny, budgets for ITR, tight in general, but not for cyber. Now, if I can go to a CIO or CISO and talk about Zero Trust cybersecurity, they get interested. But then if I can say, "We'll do this and reduce cost for you," the interest becomes double. So these two things together are actually driving our pipeline. If we didn't have these two factors, the pipeline will struggle.

Then it takes a lot more to close the pipeline. To close the pipeline, they actually want to see cost savings. We have been refining and refining our business value assessment to create business-ready cases for CFO approval. That stuff is helping us. When we go in and say, "We are going to help you with Zero Trust Everywhere," that really means a bigger part of the platform. The fascinating thing is the more savings they want, the bigger part of the platform they need to buy. Okay? It becomes an interesting combination. If you can show the saving and can tell them in one quarter, this goes out, in two quarters, this goes out, three quarters, this goes out, CXOs become essentially a champion, and they're pushed to get deals done. That's really what we're seeing. It is helping us.

GSIs are also helping us because they come along as partners to really drive that transformation. Someone has to do that work, and they're good partners for us. Remo?

Remo Canessa (CFO)

Yeah. I mean, just to follow on some of Jay's comments, I mean, you take a look at our guidance for the second half, good pipeline, strong pipeline. Jay called out stronger sales productivity, which we're seeing. Demand for the product. We're not baking in a strong or banking on a strong federal in the second half with the uncertainties that are currently going on. Having said that, we're very well positioned. We're in 14 of the 15 cabinet agencies. We feel that our product platform, related to the efficiencies and cost and security, I believe we're well positioned. But again, as Jay mentioned, those types of deals are lumpy.

The negatives, as we called out, the macro, the overall macro, and deal scrutiny. Jay called out tariffs also. We're a service company, so we don't believe tariffs will have an impact on us or any significant impact at this point unless things change. So we're well positioned. But those are kind of the pluses and minuses related to our guide for the second half and going forward.

Fatima Boolani (Managing Director)

Thank you.

Our next question comes from Joseph Gallo with Jefferies. You may proceed.

Joseph Gallo (Senior VP)

Hey, guys. Thanks for the question. Remo, as a follow-up to your earlier calculated billings comments, does that acceleration peak in Q4, or how should we think about that piece of the business as we move into fiscal 2026? Thank you.

Remo Canessa (CFO)

Yeah. So we're not making a comment for fiscal 2026, but it does increase in the back half.

Joseph Gallo (Senior VP)

Okay. Thanks.

Operator (participant)

Thank you. Our next question comes from Matt Hedberg with RBC. You may proceed.

Matt Hedberg (Managing Director and Software Research Analyst)

All right. Thanks for taking my question, guys. Congrats on the results. Jay, I wanted to go back to your comments about agentic and ZDX. And I guess I'm curious. It feels like a natural fit there, but I guess I'm wondering, as customers roll out agents, right? I think a lot of people think identity. They might think aspects of cloud security. What's Zscaler's role in protecting customers' agents? Because it seems like that's obviously a massive trend that's very early.

Jay Chaudhry (Chairman and CEO)

That's correct. So the question often gets asked is, if agents are used, the headcount comes down, what's the impact on the SaaS-based model? If that's what your question is. We haven't seen any big changes yet, but I do believe some of those changes are coming.

No matter what happens to users, there will be more communication among users, machines, workloads, and in the future, more with AI agents. Agentic AI agents is just another entity for us. We are on the Zero Trust Exchange to enforce policy for all communications. More communication means more traffic. That means more value delivered to our customers. We expect our pricing to evolve as agents' traffic grows as well. In the past, we've seen customer headcount reduction from time to time, and in most cases, they're able to keep up or grow ARR by upselling additional modules. We think that we have an active role to play to secur e agent communication, but also using AI agent technology in ZDX and data protection to help our customers, and for that, we can charge additional dollars as well, and we have been charging, for example, ZDX, where we started selling Copilot.

Now we're moving to agent. They're able to charge higher prices for those products that Zscaler has.

Matt Hedberg (Managing Director and Software Research Analyst)

Thanks, Jay.

Operator (participant)

Our next question comes from Joshua Tilton with Wolfe Research. You may proceed.

Joshua Tilton (Director)

Hey, guys. Thanks for sneaking me in here, and I'll echo my congrats on a solid quarter as well. I have a two-parter, but it's along the lines of the sales productivity comments. Good to see the improvements this quarter. I guess what I'm trying to understand is, is the sales productivity that you saw in the quarter kind of ahead of what you were expecting as we entered this year, and then if I look to the balance of the year, where does sales productivity have to go from here in order to hit the updated billings guidance that you gave us for the year today?

Remo Canessa (CFO)

Yeah. I mean, it's expected. Basically, what we called out on our call before is that we expected sales productivity to increase throughout the year. And we did see that in Q2. What I can say about the sales productivity, I would expect it to continue to go up. I don't want to give any more color than that other than the sales productivity supports our guidance. And we feel our guidance is prudent.

Joshua Tilton (Director)

Thank you.

Operator (participant)

Our next question comes from Gray Powell with BTIG. You may proceed.

Gray Powell (Managing Director)

All right. Great. Thanks for taking the question. And yeah, I just wanted to say congrats on the good results. But yeah, so I wanted to follow up. I think it was Gregg's earlier question about the firewall refresh. Can you talk about some of the targeted marketing you're doing with existing customers to get in front of the firewall refresh? And then just how should we think about sizing the opportunity? And I know it's early days, but when should we actually start to see it materialize in the results in a more meaningful way? I'm guessing it's really sometime next year, but just wanted to get some general thoughts around that.

Jay Chaudhry (Chairman and CEO)

Right. So first of all, the branch solution we launched, Zero Trust Branch, is the underpinning of our driver to replace firewall. So we aren't really focused on the data center inside the data center, but we have large, large enterprises. They've got hundreds of thousands of branches out there. Most of them are asking for, "How do I make my branch like a café?" Your branch should be no more complicated than you sitting at home and being able to access applications. That's really the disruptive and simply the technology you bring to the table.

Our customers, existing customers today, have some kind of firewall, some kind of routers, or some kind of SD-WAN with firewalls sitting out there. They are looking for us to replace it so we become a single point to collect data and get it to our Exchange and take care of it. That is really what is driving. The firewalls that are sitting in the branch office are our primary target. Our campus becomes the next natural thing for us. What are we doing to reach our customers? We do not have 200,000 SMB customers out there. We are dealing with 8,000 to 9,000 customers. The top, essentially 30% to 40% of them are good large enterprise size. We have these account-based teams. These teams are in touch with our customer.

They give them marketing material, collateral benefits, and some marketing campaigns to reach out to our customers, webinars, some of these CXO summits we're doing. There's a number of ways to engage with them, get their feedback, and get them moving on our new solution. So it's working well. We talked about 57% of customers who bought Zero Trust Branch are new customers. That's exciting for us. What's telling me is that our Zero Trust Branch is helping us grow our new customer logo base.

Gray Powell (Managing Director)

Okay. That's very helpful. Thank you.

Operator (participant)

Our next question comes from Tal Liani with Bank of America. You may proceed. Yes. Tal, your line is now open.

Tal Liani (Technology Analyst)

Here we go. Sorry, I was on mute. I was talking to myself. Can you hear me now? Yes. Okay. Thank you, guys. I want to understand the concept of Zero Trust, what it means for you. Meaning, Zero Trust is a concept, and I'm trying to break it down to products. So when you talk about Zero Trust Branch, when you talk about Zero Trust Cloud, practically, what does it mean? What are you selling to the customers? And second, how does it change the competitive landscape? Meaning, if someone is in the branch and someone is in the cloud, and there are competitive solutions, if I rewind back two years, you competed on SASE. How does it change the competitive landscape when you focus on Zero Trust?

Jay Chaudhry (Chairman and CEO)

So to start with, by the way, SASE is not Zero Trust. SASE is secure access based on SD-WAN. Anyone falls under SASE. Every firewall, VPN, any network is essentially SASE. In our meeting, Zero Trust starts with not being on the network, not having lateral movement left and right.

Until our Zero Trust Branch, a customer had a branch. They had an SD-WAN or MPLS connection, and inside the branch, they had either VLANs for segmentation or they had East-West firewalls. We eliminate all of that using the Airgap technology. We go through acquisition. We are doing segmentation inside the branch in Zero Trust way without firewalls, without VLANs. From the branch to the wide area network or internet, our Zero Trust appliance makes the Zero Trust connection, means no lateral movement, no SD-WAN. A given party in the branch gets connected to an application through our Zero Trust Exchange or switchboard. No lateral movement. That's the beauty of Zero Trust Branch. Zero Trust Cloud means entities sitting in the cloud can talk to each other without moving laterally on the network, so our switchboard, our Exchange is sitting in the cloud.

You can say workloads and VPC A can only talk to workloads and VPC B. None of these North-South or East-West firewalls needed in the cloud as well. That's the exciting part of it. Did it make sense? Yes. And when you focus on it, the second part of my question was, what's your competition? Who do you meet that provides the same kind of value, and you have to compete with them? Our competition is legacy. Lots of firewall vendors, in some cases in a branch, NAC vendors, VLAN vendors. None of that is needed. Legacy versus the new Zero Trust way of doing stuff.

Operator (participant)

Thank you. Our next question comes from Peter Weed with Bernstein. You may proceed.

Peter Weed (Senior Analyst)

Thank you. And glad to hear the continued progress, particularly with upsells. Obviously, NRR expanding is pretty exciting and probably a good signal around the sales performance. The one thing, though, that it also does seem to indicate is the contribution from net new customers has been declining. How should we think about that looking forward? Is that a short-term deceleration and would pick back up? And so when you put those two things together, we could get even stronger growth, or should we be expecting lower kind of contribution from net new customers looking forward?

Jay Chaudhry (Chairman and CEO)

Right. So if you think about it, when you're a young company, you have very few customers. You have to have new logo only. As you grow, when we got 45 plus percent of Fortune 500 companies and have a very big platform, there's tons of upsell opportunity. In fact, internally, Remo and I and our CRO, we debate, do we give special push to new versus upsell? We really want new ACV coming from upsell or new logos.

So today, with a large customer base, upsell is sitting about two-thirds, Remo, right? The new logo is smaller. And over the years, I would expect upsell to keep on going up from there onwards because we'll have a larger install base of customers. I think it's a good thing. Having said that, we do have a sizable customer base customers to go after. There are about 55% of Fortune 500 companies who aren't customers yet. They are an opportunity for us. When you go to the next level of customers, you go to G2K, there are about two-thirds of them. They are good for us. So we see opportunities, both new logos and as well upsell, and the platform keeps on growing and growing.

Remo Canessa (CFO)

The only thing that I want to add, which I was mentioning, is that we have a 6X opportunity in our existing base on the user side only, not including the new customers. Our focus, if you take a look at it, for the Global 2000, our penetration is over 35% currently, and for the Fortune 500, it's over 45%. The hard part is landing these customers, but once you're in and you build their trust, you have the ability to upsell. So Jay is 100% correct. As you go forward, as we go forward as a company, and currently, we said we'd have 65% upsell in this fiscal year, I would expect that percentage to increase. Our penetration in the G2K and Fortune 500 is very, very important, and continued product introduction and selling across our platform really bodes well for Zscaler.

But I think we're just in a great position. And you take a look at our penetration into the G2K and Fortune 500, it's quite impressive.

Peter Weed (Senior Analyst)

Thank you.

Operator (participant)

Thank you. And our last question comes from Keith Bachman with BMO. You may proceed.

Keith Bachman (Analyst)

Hi. Thank you very much. Jay, I wanted to direct this to you. And at a high level, I wanted to dig a bit deeper on how you think AI changes your competitive positioning versus some of the landscape out there. And if I change the question around a little bit, you have in your slide deck an AI and analytics solution as a $2 billion TAM relative to $96 billion. So it's a relatively small part. Now, data protection, we could argue is part of that as well, which is much more meaningful.

But if I break the question down again into two parts, I just want to understand from a technology perspective, how do you change your solutions to capture the benefits of AI? And is that embedding into existing products, or is it offering new products downstream or both? Thank you.

Jay Chaudhry (Chairman and CEO)

So it's a very, very good question. Yes, the point you made about AI analytics, it's a small piece about a couple of products that are already out there that are growing nicely. That was a starting point. But if you think about AI, AI is only as good as the data that powers it. With Zero Trust Everywhere, Zero Trust Exchange platform, as you're getting over 500 billion transaction logs a day, that's the largest security cloud anywhere out there. So that's our one North Star.

Now, taking that data and building products around it becomes a next big North Star for us. We acquired Avalor, which has become the data fabric technology for us to take all that data and harmonize it, synthesize it, dedupe it, and build value around it. What is the value that can be built around it? We have already launched things like Unified Vulnerability Management. We just launched Asset Risk Management. There are more and more products that are going to come around breach prediction, around security operations alike. So you see a number of products unfolding that are powered by the AI engine to do that part. That's one part. The second part ends up being taking digital experience and using more AI and agentic AI technology to make it more powerful. ZDX is already a pretty sizable business, but it'll get accelerated because of AI.

Third area is data protection. We have been doing some very good data classification already. But in addition to that, the number one question CIOs ask us is, "My company is using AI, public AI, such as ChatGPT, Gemini, or others. How do we make sure my data doesn't leak?" We are sitting in the traffic path of the internet. We're using our DLP to make sure they can use it safely. Then customers are using private AI applications and building their own LLM models. We are building an LLM proxy to be able to inspect and enforce policy. So several opportunities for us. What we believe is the combination of Zero Trust Exchange to secure customers and generate all the logs and then use AI to power it becomes probably the most compelling combination.

Gray Powell (Managing Director)

Perfect. Thank you, Jay.

Jay Chaudhry (Chairman and CEO)

Thank you.

Operator (participant)

Thank you. I would now like to turn the call back over to Jay Chaudhry for any closing remarks.

Jay Chaudhry (Chairman and CEO)

Well, thank you all for joining us for this call. I look forward to seeing you in one of the many investor conferences we plan to attend. Thank you again. Thank you.

Goodbye.

Operator (participant)

Thank you. This concludes the conference. Thank you for your participation. You may now disconnect.