Palo Alto investment thesis is still being written. I will share it with you before the next earning season as it is part of my AI datacenter watchlist. A bit more patience.

Business.

Palo Alto is delivering an excellent quarter thanks to their new strategy to consolidate their cybersecurity services into three unified platforms, reducing complexity and enhancing efficiency.

The market doubted the strategy but it is now impossible to deny that it pleased Palo Alto’s clients, with an acceleration in conversion towards this new architecture and a strong retention.

The record breaking number of platformization deals this quarter demonstrates that customers are not just buying products, they're buying into a strategic partnership.

AI created new attack surfaces and improved the efficiency of cyberattacks. The entire sector had to evolve and Palo Alto did it faster than its competition.

Our results this quarter are a direct reflection of a strategy we have been architecting for years, anticipating where the market is going and building the future of cybersecurity before it arrives. This is a moment of conviction both for us and for our customers.

One example of AI impacts on cyberattacks is the average attack time, which is now around 25 min according to management - around 45 min from other sources but shortening rapidly. This implies that any cybersecurity service requiring more than 25 min to detect and correct a breach is effectively useless - to some extends, and there aren’t many ways to protect an infrastructure but consolidating the security layer.

These wonderful agents are going to come and make sure they're able to exfiltrate data and breach your enterprise. It doesn't matter how much you're spending in under twenty five minutes. To get there, the only way to get near real time is to have some consistency in your platform where data talks to each other and you're able to run agents on top of it.

We can't run agents on top of disparate infrastructure. There's no agent out there that understands three different firewall vendors in the infrastructure, two SASE vendors, browser vendor, and seven other vendors on top. Well, there's one, we'd love to hire it. So I think agentic is only going to make this worse because there are agents that bad actors can deploy to try and breach you. So I think from our perspective, AI is going to act as an accelerant towards the desire to consolidate.

Customers are beginning to feel the value of consolidated data, not just in security, in other areas as you can see. So I think it's all good, but, you know, it's going to have to be heads down execution.

This is another perk of Palo Alto’s platformization. As everything is interconnected and optimized, threats can be detected and fixed rapidly. This is what platformization is about and why their clients convert to it and others implement it.

This results in re-accelerating RPOs.

Remaining Performance Obligations represent the dollar amounts of contracts without time restriction, while ARRs are the annual recurring revenues. The dynamic of the first one stabilizing and potentially reaccelerating while the second one continues to slow down shows that their client base is committing for longer, hence a growing dollar value of long term contracts - average contract length is around 3 years.

ARR will follow RPOs in time, as long as this tendency continues, once the longer term contracts are to be paid during the year.

Palo Alto is a really sticky product, due to its sector, not necessarily the company itself. Once a large company chooses to work with a cybersecurity provider, going back on their choice is hard as it requires changing the entire infrastructure - with massive costs, retraining your engineers - more costs, and reconfiguring the entire networking stack - you guessed it.

Switching costs are massive.

As Nikesh noted, we saw customers making significant commitments to our platforms in Q4, as reflected by a large deal volume, net new platformizations and RPO growth. Contract duration in the quarter increased slightly on both a year over year and a quarter over quarter basis, but remains within our historical range at approximately three years.

This kind of commitment generally leads to more. As long as their softwares do the job, more clients will choose to uniformize their security stack with Palo Alto, and it will require a massive upgrade in efficiency, worth the troubles, for them to change.

Data and fundamentals align perfectly with a very healthy and growing company over the next years.

In terms of revenue sources, the software proportion of revenues continues to grow as more clients convert to platformization & Next-Gen firewalls, which aren’t physical machines anymore.

Palo Alto is involved and growing healthily all around the world, with U.S. as its biggest revenue source.

Some interesting notes on AI browsers, a hot subject lately with Palo Alto offering a new perspective as they see the subject not from a consumer point of view but from an enterprise point of view, within which no commercial tools are usually allowed despite how useful they can be.

That's what Perplexity is figuring out. That's what Google is figuring out. Suddenly you're beginning to see these, let's call it consumer browser wars that are beginning to start. Microsoft's gonna come back with more agentic features of browsers. Effectively, you deploy a browser on your device which is gonna start doing agentic tasks for you.

Now, what's great for the consumer is dangerous for the enterprise. No enterprise is going to love a do as you please browser which can run agents without control. How do you control agents in a browser for an enterprise employee? Well, you need a secure browser. You literally will come to a point where companies will say, you cannot use a consumer version of this product.

And think about it, it happens in enterprise all the time. You're not allowed to use a consumer version of DocuSign, not allowed to use a consumer version of Dropbox, you're not allowed to use a consumer version of a SaaS app in enterprise because it's missing the enterprise controls. So if you believe that agentic true future is coming through browsers in the future for the desktop, then you have to believe that that case for secure browser just became a mainstream case in the enterprise use case. So that's what I meant by the browser wars and consumer are going to drive the acknowledgment that we need to solve the browser problem in enterprise, then it's gonna become a critical part of your SASE stack.

This gives a great view on how management is focused on the next step and aware of the problematics of its sector. They move fast, innovate fast and ship fast, which is why more enterprises now rely on their security stack.

On an unrelated note, Palo Alto manufactures 100% of its hardware within the U.S. which is an advantage in the current political environment, avoiding the tariffs first but also in terms of optics as Trump’s administration sure likes American manufacturing. Most of their solutions are now softwares but none AI companies still rely to some hardware, so this won’t disapear tomorrow.

Financials.

Nothing much to comment here.

Revenues are up 14.8% YoY for the fiscal year and costs/expenses are stable with flat gross margins and expanding operating margins from 8.5% to 13.5%. Net margins closed at 12.3% and cann’t really be compared due to last year’s benefit from taxes.

In terms of cash, the company has a $2.56B net debt and generated $3.51B of FCF this year including $1.3B of SBCs, which starts to be a bit much in my opinion considering their financial profile now.

Not due to the SBCs themselves - I am for rewarding employees with stocks, but due to the dillution with shares outstanding growing 2% despite a billions-dollar buyback plan which they have not used this quarter while their share price took a hit.

It’s not a red flag but the company has what they need to slow down this dilution if they wanted to, although they also acquired both CyberArk & ProtectAI to expand their growth, investing in their future.

Important to note that the CyberArk acquisition will impact financials in a few quarters.

Guidance.

Management continues to expect a strong business starting a new fiscal year.

Investment Execution.

I continue to consider Palo Alto the best cybersecurity opportunity in the market and these results confirm a strong and accelerating demand for their solution, from new clients but also actual ones who reinforce their commitment and reinforce Palo Alto’s switching costs advantage by doing so.

That being said, the stock remains really expensive, logically.

This model assumes a 15% & 13% CAGR growth until FY26 & FY29 respectively, 13% net margins, 2% dilution and a P/S at x10.

The stock probably deserves a premium on my OCB due to a potential re-accelerating growth and its fundamentals as one of the most advanced and used cybersecurity service provider for AI and classic datacenters. I will let you add the premium you want but mine would certainly not make it a buy in the $180s.

Price action has been volatile after April and the CyberArk acquisition announcement which the market found really pricey at $25B to be paid partly in cash but mostly in stock dilution. Two really big and rapid drawdowns.

This quarter’s great results help the stock, but we are still way above my risk appetite, and I’d need Palo Alto to enter into a downtrend to consider buying the stock, and I don’t buy downtrends.

I’ll continue to follow the company and to share it with you, but I have no investing plans on the name for now.