Palo Alto Detailed Q3-25 Review
The future AI cybersecurity giants continue to execute.
Everything you need to understand Palo Alto’s investment thesis is here.
Business.
Another strong quarter for Palo Alto, with continued deployment & demand for their platformization system, fueled by the rapid risk evolution of the AI sector, made clear a few weeks ago with the Anthropic hack, summarized by ChatGPT below.
What happened: In mid‑September 2025, a nation‑state threat actor used an AI agent (Claude Code) to autonomously conduct a large-scale cyberattack targeting ~30 global organizations.
How it worked: The AI performed most of the attack operations on its own — executing reconnaissance, exploitation, and lateral movement — with minimal human intervention (only at a few critical decision points). It used techniques like prompt injections, jailbreaks and model manipulation to advance the attack chain.
Significance: This was the first known case of an AI agent being the main actor in a cyberattack, demonstrating attackers can weaponize AI at scale, exfiltrate data faster, and exploit gaps in enterprise security in real time.
Events like this will inevitably push companies to adopt more defined plans to protect their environments against new AI threats. Palo Alto is the logical partner with its platformization strategy and the fact that most already work with them.
AI is exposing the cracks in our enterprise architectures, which do not have robust security. AI is here, and with it, AI attackers are here too. Our message to customers is clear: real-time visibility and security are essential for your infrastructure.
We must move away from today’s fragmented security landscape and towards platformization. AI requires a seamless cyber data strategy. This platform approach allows security agents to be utilized effectively by the good guys to detect attacks, protect customers, and remediate security concerns. Fragmentation creates friction, which in turn causes latency. Latency is a critical enemy of real-time cybersecurity.
This is the core of my bull case on Palo Alto: their capacity to deliver cross-platform & cross-sector cybersecurity services, and to leverage thousands of existing customers by migrating them toward those new services.
We now have approximately 6,800 SASE customers, including one-third of the Fortune 500, including leading technology companies like IBM and Oracle.
It was also interesting to see an analyst ask management how they expect to convince those migrations, especially toward new cybersecurity services they did not offer. Nikesh chose the language of facts to answer - politely.
Your question to me was, what makes you think you will succeed in a space you’ve never played in before? Brad, we proved that we can get close to 500 customers with $1M ARR. I don’t think I know any company in recent history in cybersecurity which has an average ARR per customer of a million dollars on a product category. I think we’ve proven that we are able to execute on the backend.
As I’ve shared in my investment thesis, I am a network security engineer and have worked with Palo Alto in multiple companies. From personal experience, they can execute. Most of the companies I’ve worked with gladly expand their use of Palo Alto’s systems, even beyond classic network security, because trust builds quickly. They’re simply that good.
And these aren’t just words. Taking the same ratio as last quarter, we see continued growth in RPOs while Next-Gen ARR growth slows, though it is starting to stabilize. This leads me to the same conclusion: clients are committing to platformization and therefore more services for longer timeframes.
This isn’t surprising and the potential remains huge when thinking about the potential consequences of AI hacks like the one described above.
I predict here that AI agents will become a problematic insider threat if not secured.
The reality is that while 78% of organizations are embracing AI transformation, a staggering 94% still lack the necessary security guardrails, presenting a massive risk.
Management also discussed quantum. I’m not a quantum bull and don’t believe in deployment within the next few years. I’m not an expert, so I won’t claim certainties, but I simply don’t believe it.
I do believe companies like Google will achieve breakthroughs in the short term. But accessibility is another matter. Even if developed, it will take many more years before it is commercialized and becomes a cybersecurity threat.
That said, cybersecurity companies must prepare now. Just in case.
Quantum computing has seen significant innovation over the last year. We’re getting more & more optimistic on the arrival of quantum & expect it to be commercialized by 2029. As is widely known, quantum computing has the ability to break current encryption across technology stacks. Enterprises have less than five years to get their estates to quantum readiness.
Anticipation is key. Even if it doesn’t translate to sales, Palo Alto must have services ready before commercialization - if it ever happens.
CyberArk & Chronosphere.
A few words on CyberArk, an acquisition announced months ago and expected to close by Q1‑26. I already commented on this last quarter, and not much new was shared, except reaffirming how crucial their services will be.
Once our acquisition of CyberArk closes, the addition of identity security will be critical to this mission, providing the essential privilege controls to govern these new autonomous insider threats and prevent agent identity impersonation.
More interestingly, management announced the acquisition of Chronosphere for $3.3B in cash and equity. Here’s a description of their service from ChatGPT.
Chronosphere is a cloud native platform that monitors the performance & reliability of an organization’s software systems and infrastructure. It collects and analyzes massive amounts of telemetry data in real time, giving engineers a clear view of system health. The platform enables quick detection of issues and supports automated responses to maintain uptime and efficiency. While it can help spot anomalies, its primary focus is system performance and operational visibility, not security.
In brief, it is an agent which ensures companies’ services run smoothly, a task made harder by technological advances and AI which made applications much heavier & treating much more data than historically. This adds another vertical to Palo Alto’s ability to ensure security & performance.
Chronosphere is known to be the cost leading service for comparable performance to competition, which make them a very attractive solution.
Leading born-in-the-cloud consumer platforms are deploying full comprehensive observability, offering 99.9+% availability to their customers. Kronosphere is able to deliver this capability at a third of the cost of other industry-leading solutions. Yes, a third. With $1.5 trillion of compute coming online over the next few years, there will be continued demand for next-generation observability led by Kronosphere.
The company generates ~$160M ARR and is growing triple digits YoY. Its team will integrate into Palo Alto but operate as a standalone company, with Palo Alto only providing HR guidance and customer access.
Kronosphere will run independently. Martin and team have done a great job. We will provide, obviously, the services from the HR finance marketing people, which is great because they do not have a large team in doing that. They are basically a bunch of really smart engineers and forward-deployed engineers, as well as a few salespeople.
We’re going to give them some support by introducing them to the right customers in a very targeted fashion. Martin is very capable. He will run the business with his team. We trust him to do that. We’re just going to provide the sort of rocket fuel in him to go out and meet customers and execute on his plan.
I see this as a great deal. An excellent team with an excellent and competitive product, answering a real need. The only things missing were structure and a client list, both of which Palo Alto has.
And Palo Alto’s client list isn’t small.
Financials.
Pretty classic.
Revenues grew 15.6% YoY, continuing its acceleration started in since Q2‑24. Gross margins were flat and pre‑tax margins continue to expand. I used pre‑tax margins in the chart below as Palo Alto’s taxes have been irregular and pre‑tax margins are a better reflection of the business itself. Net income decreased 5.6% because of taxes, but this doesn’t reflect the underlying business improvements, which is what I wanted to highlight today.
In term of cash, the company closed the quarter with $3.86B in net cash & generated $1.69B in FCF. Keep in mind that acquisitions are not yet closed; the balance sheet will change during 2026, combined with significant share dilution as the value of CyberArk and Chronosphere acquisition combined is slightly below $30B.
They did not buy back any shares. Management’s conclusion is the same then mine, although they’re not as direct: the stock is expensive.
We do not repurchase any shares in Q1. Our buyback strategy remains opportunistic. We have a billion dollars in share repurchase authorization remaining through December 2026.
Guidance.
Continuous strength, with no surprises to me and consistent with what I’ve detailed on this write‑up.
RPO growth remains stable which is ideal, and we should remain patient on ARR growth which should also stabilize.
Investment Execution.
Palo Alto is transforming itself into the leading performance and security solution for every companies within the AI era, offering interconnected horizontal services that share information to ensure the highest level of security and performance across enterprises.
The opportunity is massive & Palo Alto can leverage its extensive client base and its industry’s shifting cost structures to push companies toward its solutions, which will become essential for anyone who wants to thrive in the AI era.
There is never a day that goes by without significant announcements on investments in AI data centers, AI infrastructure. This large surge towards building AI compute is causing a lot of the AI players to think about newer models for software stacks and infrastructure stacks in the future.
I see no reason to be bearish or neutral on Palo Alto’s business and execution. And many reasons to be bullish, to assume the company can and will become the #1 AI cybersecurity and performance control company in the AI era.
That said, the stock remains very expensive. The acquisitions add dilution & reduce balance sheet strength. But this is the price of growth and building an AI giant. It just doesn’t make the stock attractive today, though I hope this changes in the future.
This model assumes a 15% & 13% CAGR growth until FY26 & FY29 respectively, 14% net margins, 2% dilution and a P/S at x10.
This is the best way to value Palo Alto as the company deserves a premium for its switching costs and potential to become an AI giant, not just a network cybersecurity company. You can add any premium you want to quantify that, but even with such premium, I don’t think $180 is a great buy.
My investing style is to buy big on mispriced names. Palo Alto isn’t mispriced today. It is an excellent company with massive potential for the next decade, a history of strong execution and large investments to make their next step happen. I have little to no doubt they will achieve their goals.
And I’d love to be part of the story, but not at today’s price.
In term of price action, the uptrend is intact, confirmed in November with a new. We are diverging once more below the weekly 50 which has been a good entry point this year, and the late negative price action is probably due to more dillution from another acquisition following the massive $25B CyberArk deal.
This name is not for me today. I wouldn’t accumulate it at today’s price, even with a 5Y+ timeframe, I believe there are better opportunities on the market. But I would hold my shares if I was already involved in this name below $150 with the same 5Y timeframe.
Palo Alto is an amazing company. But that doesn’t make it an amazing buy at any price. So I’ll be patient and hope for better opportunities in the future.