Earnings call transcript: JFrog Q3 2025 earnings beat forecasts, stock rises

JFrog Ltd. reported robust financial results for the third quarter of 2025, surpassing analysts' expectations with an earnings per share (EPS) of $0.22, significantly above the forecasted $0.16. The company also reported revenue of $139.6 million, exceeding the expected $128.33 million. Following the announcement, JFrog's stock price increased by 2.47% in after-hours trading, reflecting investor optimism. According to InvestingPro data, JFrog has seen impressive momentum with a 60.69% year-to-date price return, despite trading at a high revenue multiple. Analysts maintain a bullish consensus with a price target up to $65.

Key Takeaways

• JFrog's EPS exceeded forecasts by 37.5%, indicating strong financial health.
• Revenue rose to $139.6 million, beating expectations by 8.78%.
• Cloud revenue saw a 50% year-over-year increase, highlighting strategic growth.
• The stock price gained 2.47% in after-hours trading, signaling positive market sentiment.

Company Performance

JFrog's performance in Q3 2025 was marked by substantial growth in both revenue and earnings. The company achieved a 26% year-over-year increase in total revenue, driven by a significant rise in cloud revenue, which now constitutes 46% of total revenues. This growth is indicative of JFrog's successful strategic focus on cloud solutions and its ability to capitalize on the increasing demand for software supply chain security and AI model management.

Financial Highlights

• Revenue: $139.6 million, up 26% year-over-year
• Earnings per share: $0.22, a 37.5% surprise over forecasts
• Gross margin: 83.9%
• Operating margin: 18.7%
• Net dollar retention: 118%
• Cash and short-term investments: $651.1 million

Earnings vs. Forecast

JFrog's Q3 2025 earnings per share of $0.22 surpassed the forecast of $0.16, marking a 37.5% positive surprise. The company's revenue of $139.6 million also exceeded expectations by 8.78%. This strong performance highlights JFrog's effective execution of its business strategy and its ability to outperform market predictions.

Market Reaction

Following the earnings announcement, JFrog's stock rose by 2.47% in after-hours trading, reaching $46.16. This movement reflects a positive investor response to the company's better-than-expected financial results. The stock remains within its 52-week range, which saw a high of $51.94 and a low of $27, indicating room for potential growth.

Outlook & Guidance

JFrog has provided a full-year 2025 revenue guidance of $523-$525 million, anticipating a 22.3% year-over-year growth. The company expects cloud growth to continue at 40-42% and projects a non-GAAP operating income of $87.3-$88.3 million, with a non-GAAP diluted EPS of $0.78-$0.80. These projections suggest sustained growth and a focus on expanding cloud services.

Executive Commentary

CEO Shlomi Ben Haim emphasized the strategic importance of JFrog's offerings, stating, "We are becoming the model registry of choice, securing the entire software supply chain of our customers." This underscores JFrog's commitment to enhancing its product capabilities and addressing the growing demand for secure software supply chains.

Risks and Challenges

• Potential challenges in cloud migration, especially with AI workloads.
• Increasing competition in the software supply chain security market.
• Economic uncertainties that could impact large enterprise deals.
• The complexity of integrating AI models and maintaining security.

Q&A

During the earnings call, analysts focused on JFrog's cloud migration efforts and the challenges associated with AI workloads. The company addressed these concerns by highlighting its strategic investments in AI and security solutions, as well as its flexibility in hybrid cloud strategies.

Full transcript - Jfrog Ltd (FROG) Q3 2025:

Operator/Moderator: Ladies and gentlemen, thank you for joining us, and welcome to the JFrog Q3 2025 financial results earnings call. After today's prepared remarks, we will host a question-and-answer session. If you would like to ask a question, please raise your hand. If you have dialed into today's call, please press star 9 to raise your hand and star 6 to unmute. I will now hand the conference over to Jeffrey Schreiner, Head of Investor Relations. Jeffrey, please go ahead.

Jeffrey Schreiner, Head of Investor Relations, JFrog: Thank you, Nicole. Good afternoon, and thank you for joining us as we review JFrog's Q3 2025 financial results, which were announced following the market close today via press release. Leading the call today will be JFrog's CEO and co-founder, Shlomi Ben Haim, and Ed Grabscheid, JFrog's CFO. During this call, we may make statements related to our business that are forward-looking under federal securities laws and are made pursuant to the safe harbor provisions of the Private Securities Litigation Reform Act of 1995, including statements related to our future financial performance and including our outlook for the full year of 2025. The words anticipate, believe, continue, estimate, expect, intend, will, and similar expressions are intended to identify forward-looking statements or similar indications of future expectations.

You are cautioned not to place undue reliance on these forward-looking statements, which reflect our views only as of today and not as of any subsequent date. Please keep in mind that we are not obligating ourselves to revise or publicly release the results of any revision to these forward-looking statements in light of new information or future events. These statements are subject to a variety of risks and uncertainties that could cause actual results to differ materially from expectations. For discussion of material risks and other important factors that could affect our actual results, please refer to our Form 10-K for the year ended December 31, 2024, which is available on the Investor Relations section of our website and the earnings press release issued earlier today.

Additional information will be made available in our Form 10-Q for the quarter ended September 30, 2025, and other filings and reports that we may file from time to time with the SEC. Additionally, non-GAAP financial measures will be discussed on this conference call. These non-GAAP financial measures, which are used as a measure of JFrog's performance, should be considered in addition to, not as a substitute for, or in isolation from, GAAP measures. Please refer to the tables in our earnings release for a reconciliation of those measures to their most directly comparable GAAP financial measures. A replay of this call will be available on the JFrog Investor Relations website for a limited time. With that, I'd like to turn the call over to JFrog CEO, Shlomi Ben Haim. Shlomi.

Shlomi Ben Haim, CEO and Co-Founder, JFrog: Thank you, Jeff. Good afternoon, and thank you all for joining the call. JFrog's focus as a foundational platform and system of record for software delivery continues to drive momentum in our business, and I'm pleased to report another solid quarter across all metrics. Our execution remains focused, our investment remains strategic, and our customers continue to tell us we are helping them to meet the demands of a fast-changing technology market. In Q3, JFrog's total revenue was $136.9 million, up 26% year-over-year. Our operating margin was 18.7% in the quarter, demonstrating our ongoing discipline between expenses and strategic investments. Cloud revenue for Q3 equaled $63.4 million, representing 50% year-over-year growth.

We experienced another strong quarter of cloud revenue growth driven by increased usage of conventional software packages and ongoing increases in usage of artifacts such as PyPI, Docker containers, NPM, and models coming from Hugging Face for AI and machine learning. Our go-to-market teams are executing on a clear strategy of guiding cloud customers with usage overages toward higher annual commitments in order to build stronger partnerships and drive predictable long-term value for customers and for JFrog. Our enterprise sales motions continue to bear fruits, with greater than $1 million customers growing to 71 compared to 46 in the year-ago period, equaling 54% growth year-over-year. Customers spending more than $100,000 annually grew to 1,121 compared to 966 in the year-ago period, equaling 16% year-over-year growth.

In Q3, our full trading quarter net dollar retention was 118%, demonstrating sustained growth among our customers' base, driven by strong cloud usage and fueled by our holistic software supply chain security offering. Ed will further discuss net dollar retention later in the call. Now, let me spotlight Q3's wins, including cloud and security, and discuss JFrog's AI and machine learning developments. First, addressing our cloud growth in Q3. Our ongoing growth in the cloud is supported by two vectors: our expertise in managing customers' binaries as they scale alongside AI-generated artifacts and our observation of emerging trends in AI software package volume. We believe Q3's cloud performance reinforces how customers view the JFrog Platform and Artifactory at the core of their operations. JFrog is already positioned as the universal binary repository to manage all software artifacts and is becoming the model registry of their software supply chain.

As software continues to be created at an ever-growing pace by both humans and machines, the volume of artifacts rises, demanding not just intelligent storage, but a robust binary delivery system and a single reliable system of record. As their delivery pace increases, our customers are adopting hybrid, fit-for-purpose cloud strategies for their emerging AI workloads. They tell us they value cloud elasticity for AI adoption and deployment, but remain flexible in their approach due to the unpredictable compute costs, advising us that it's still too early for them to go all in on the public cloud. Meanwhile, the volume of AI-driven packages is rising, fueled by our Hugging Face integration and native support for ML models, Docker, NPM, PyPI, and other key components demanded by AI.

We continue to monitor cloud adoption and AI-driven usage closely and believe it is still too early to bet on significant cloud usage growth. Our hybrid and multi-cloud offerings differentiate JFrog and uniquely position us to capture expansion due to AI, whether in the cloud or on-prem, delivering unmatched software supply chain holistic platform capabilities and deployment flexibility. Next, to security. In Q3, again, we saw some of JFrog's largest customers' wins, including new logos and significant multi-year contracts. Many of these deals included JFrog's holistic security solutions such as JFrog Curation and JFrog Advanced Security. We experienced this customer's purchasing behavior across multiple verticals and geographies. For example, we closed a three-year deal with the United Kingdom's Customs and Revenue Agency with a TCV of $9 million. In a similar move, a key U.S.

federal agency chose JFrog to shift left with JFrog Security Solutions and protect their software supply chain and 2,000 developers with an Enterprise Plus subscription, JFrog Advanced Security, and JFrog Curation as their open-source software package firewall. In North America, our enterprise focus drove the closing of a net new customer deal with a total contract value of more than $4 million for one of the world's top energy corporations. They were seeking to modernize and standardize software supply chain security and processes for their 3,500 developers, choosing the core JFrog Platform with JFrog Security Solutions in the cloud. These example wins gave us confidence that the future of the software supply chain security and software governance market is being written not by point solutions, but by a holistic system of record that incorporates binary management and end-to-end security consolidated into a single platform.

A unified platform is a growing requirement, as companies have seen software supply chain attacks increase significantly over the past year. These attacks have become more sophisticated, targeting build pipelines, AI and machine learning software supply chains, and exploiting vulnerabilities in software binaries. Recent NPM, PyPI, and MCP attacks show hackers are keeping pace with technology, but our security research team and the JFrog Curation solution have been praised by our customers for protecting them from these recent potentially devastating attacks. A cybersecurity lead at a Fortune 50 American company noted to us following the NPM attack, "Our JFrog Curation deployment provides a very effective and efficient supply chain protection. We were able to shut down recent provider attacks in mere minutes once discovered, and the control has proven 100% successful since." End quote.

Nothing fuels us more than our customers' feedback, and we are committed to safeguarding their software supply chains and aiming to ensure digital trust across their software package lifecycle. Hackers are targeting software supply chains. They know that binaries, software packages, containers, and AI models are gateways into our customers' runtime environment. This is now a real threat to every organization. Without strong protection for your software supply chain and binaries, you remain exposed. Attacks are not a question of if, but when. While one quarter does not define a consumption trend, Q3's adoption of JFrog Security Solutions gives us cautious optimism for broader long-term momentum. Now to AI and machine learning. We continue to gain traction in the market as the model registry providers are being positioned as a system of record for AI delivery validated by some of the world's leading AI companies.

In fact, Justin Boitano, VP of Enterprise AI at NVIDIA, noted at the JFrog Annual User Conference Swamp Up in mid-September that JFrog enables enterprises to securely build, manage, and scale AI agents, the next generation of intelligent software from development to production. AI agents are the next wave of enterprise innovation, but they are also the newest and most critical software artifact to secure. This is no longer just about models. It's about industrializing intelligent, autonomous agents. By integrating with NVIDIA AI Enterprise and streamlining deployment onto AI factories, JFrog is delivering the essential pipeline to rapidly secure, manage, and scale these AI agents from development straight into production. End quote. Moving throughout 2025, JFrog has embraced the AI revolution, focusing on what we believe we do best, driving the next standouts in the market as the single source of truth for AI software packages.

We integrated JFrog ML into the JFrog Platform, empowering data scientists and developers to build, test, experiment, and deliver trusted models into production. We launched our MCP server alongside groundbreaking MCP security research, redefining how developers and AI agents interact with their software delivery platform. In addition, we introduced AI Catalog, a new add-on to JFrog Curation designed to secure and govern both third-party and internally developed AI models, ensuring they are safe, compliant, and aligned with company policies for responsible use across the organization. Our next generation of offerings in ML and AI, as well as our DevOps and security products, were highlighted for customers and analysts at Swamp Up in Q3. Every year, JFrog welcomes customers, prospects, and partners to our Swamp Up conference, a key industry gathering for DevOps, DevSecOps, and MLOps users. This year, JFrog innovations were front and center with pain-solving solutions for customers.

On stage, we announced a new way for companies to govern and trust their application with an innovative product, JFrog Uptrust. We were joined for the opening keynote by NVIDIA, ServiceNow, GitHub, and Sonar to showcase our partnerships in an industry-first DevGovOps solution. DevGovOps brings software development, security, and GRC groups together, focusing on, once again, the key asset of any company, the software binary. As the complexity in the world of software increases, the requirements of security compliance and governance put pressure on development teams. The need to release fast and often, combined with high regulation, requires automation and collection of evidence, such as quality testing or security results, to keep software flowing with confidence. With the new JFrog Uptrust product, companies will now have an automated way across platforms to manage governance as they deliver software faster than ever before.

True to our vision of cross-industry collaboration and our commitment to build solutions that are too integrated to fail, Uptrust was launched in partnership with ServiceNow as the ITOps system of record, with JFrog as the system of record for the software supply chain in the words of Raul Tripathi, General Manager of ITSM at ServiceNow. The future of software built by developers and AI agents must include automated governance, achievable only through evidence-based quality gates and systems. JFrog Uptrust is paving the way to make that vision a reality. In security, we further showcase new abilities to secure developer extensions or the plugins developers use in their environments. This is a different type of supply chain attack, and JFrog customers can now protect developer extensions in addition to their software assets.

We also launched agentic remediation capabilities and demonstrated on stage how JFrog solutions use AI agents to detect vulnerabilities in source code, identify remediation methods, prioritize contextual paths to fix problems, and even protect against similar vulnerabilities in the future, first through our GitHub Copilot integration and soon available for other code assistants. Finally, we introduced JFrog Fly, the world's first agentic repository, reimagining software supply chain management in the era of AI. With JFrog Fly, AI agents become co-builders alongside developers, orchestrating artifacts seamlessly across the entire software lifecycle. This allows developers to focus on what matters most, delivering software to production faster, at scale, and without friction. Small teams now enjoy a zero-hustle, AI-driven experience tightly integrated with GitHub and native AI tools like Cursor, Cloud Code, and GitHub Copilot.

JFrog Fly's agentic capabilities will be shared with selected users, giving developer teams the opportunity to experience AI-assisted software creation and delivery. These capabilities are planned for full integration into the JFrog Platform, powering our customers in the new era of intelligent, automated software supply chain practices built on an agentic binary repository. We believe that these product innovations shared at Swamp Up are, in the words of our customers, AT&T, a home run for our users. With that, I'll turn the call over to our CFO, Ed Grabscheid, with an in-depth recap of Q3 financial results and our updated outlook for the full fiscal year of 2025. Ed. Thank you, Shlomi, and good afternoon, everyone. During the third quarter of 2025, total revenues equaled $136.9 million, up 26% year over year.

Our overachievement during the quarter was the result of strong go-to-market and operational execution, continued momentum in our cloud revenues, growing adoption of JFrog security products, and expansion by customers within our enterprise-level subscriptions. As noted by Shlomi, third-quarter cloud revenues grew to $63.4 million, up 50% year over year, and represented 46% of total revenues versus 39% in the prior year. Our growth in the cloud was driven by increased usage across a broad set of package types, demand for JFrog Advanced Security and Curation, and conversion of customers with usage above minimum commitments into higher annual contracts. During the third quarter, our self-managed or on-prem revenues were $73.5 million, up 10% year over year. We continue to proactively engage our on-prem customers to migrate DevSecOps workloads to our cloud or explore solutions better aligned with their specific use cases, including hybrid and fit-for-purpose deployments.

In Q3, 56% of total revenues came from Enterprise Plus subscriptions, up from 50% in the prior year. Driven by ongoing execution of our enterprise go-to-market strategy and broader customer adoption of the JFrog platform, revenue contribution from Enterprise Plus subscriptions grew 39% year over year. Net dollar retention for the four trailing quarters was 118%, consistent with the prior quarter, highlighting the continued adoption of our security core products and increased cloud data consumption, resulting in higher customer commitments. We continue to demonstrate that our customers view JFrog solutions as mission-critical to their software supply chain, with gross retention that equaled 97% as of the third quarter 2025. Now, I'll review the income statement in more detail. Gross profit in the quarter was $114.9 million, representing a gross margin of 83.9% versus 82.8% in the year-ago period.

We remained focused on cost optimization with the cloud service providers and continue to expect annual gross margins to remain between 82.5% and 83.5% for 2025. Operating expenses in the third quarter were $89.3 million, equaling 65% of revenues. This compares to $75.5 million, or 69% of revenues in the year-ago period. Our operating profit in Q3 increased to $25.6 million, or an operating margin of 18.7%, compared to $14.7 million and 13.5% operating margin in the third quarter of 2024. The continued balance between strategic investments and operational efficiency demonstrates our commitment to profitable growth. Cash flow from operations equaled $30.2 million in the third quarter. After taking into consideration CapEx requirements, our free cash flow reached $28.8 million, or 21% margin, compared to $26.7 million, or 24% margin in the year-ago period.

During the third quarter, we completed payments totaling $5.7 million under a holdback agreement related to the acquisition of Qwak, which was completed in July 2024. Now, turning to the balance sheet, we ended the third quarter of 2025 at $651.1 million in cash and short-term investments, compared to $522 million at the end of 2024. As of September 30, 2025, our RPO totaled $508 million, a 47% increase year over year. This performance highlights the successful execution of our go-to-market strategy as customers continue to make larger, multi-year commitments to our DevSecOps offerings. Now, let's turn to the outlook and guidance for Q4 and the full year 2025. While we're encouraged by our strong year-to-date performance amid geopolitical uncertainty and ongoing macroeconomic volatility, we believe it remains prudent to continue to approach our forward outlook with measured caution.

Our updated 2025 guidance reigns suggest sustained contributions from the JFrog Security Corps, steady expansion of customer commitments, and adoption of the full JFrog Platform. We continue to de-risk our outlook by excluding our largest opportunities, given the uncertainty regarding the timing of certain large customer deployments. We estimate our full year 2025 baseline cloud growth to now be in the range of 40%-42%. Cloud revenue guidance continues to exclude any contribution from usage above annual customers' minimum commitments. Taking into account our strong year-to-date results and fourth-quarter guidance, we are raising our expectation for net dollar retention to above 116% for 2025.

For Q4, we expect revenues to be in the range of $136.5 million-$138.5 million, with non-GAAP operating profit anticipated to be between $21 million and $22 million, and non-GAAP earnings per diluted share of $0.18-$0.20, assuming a share count of approximately 125 million shares. For the full year of 2025, we anticipate a revenue range of $523 million-$525 million, representing approximately 22.3% year-over-year growth at the midpoint. Non-GAAP operating income is expected to be between $87.3 million and $88.3 million, and non-GAAP diluted earnings per share of $0.78-$0.80, assuming a share count of approximately 122 million shares. Now, I'll turn the call back to Shlomi for some closing remarks before we take your questions. Thank you, Ed. The third quarter of 2025 is behind us. We committed and we delivered on innovation, on product execution, and across every financial metric.

Despite macro challenges, the JFrog team soared. Over the past three quarters, we not only earned the trust of the enterprise, we reinforced our position as the definitive system of record for the software supply chain. As the world becomes powered by AI-driven software and every aspect of software creation and delivery is being transformed, one fact stands out: more software means more packages, more artifacts, more binaries. That is exactly where JFrog stands, front and center now and in the future. We're becoming the model registry of choice, securing the entire software supply chain of our customers, from passport control at the gate to safe and trusted delivery. We manage the full lifecycle of AI models, and we've introduced the world's first DevGovOps solution, preparing our customers for the ongoing tsunami of AI regulation and compliance.

We continue to run our business with efficiency, focus, and discipline while staying deeply energized by the opportunities ahead. This quarter was also a deeply meaningful one for our Israeli team. As the war in the region came to an end and hostages were finally returned safely to their families after two long years, we stand in solidarity with the families of the remaining hostages still held by the terrorist organization Hamas, and we pray for their safe return home for proper burial. As we prepare for 2026, we're ready to leap forward in product, people, and business. We remain determined to continue building on what we've created by developers for the developers of the modern software world. With that, thank you for joining our call, and may the Frog be with you. Operator, we are now open to take questions. We will now begin the question and answer session.

Please limit yourself to one question and one follow-up. If you would like to ask a question, please raise your hand now. If you have dialed into today's call, please press star nine to raise your hand and star six to unmute. Please stand by while we compile the Q&A roster. Your first question comes from the line of Michael Cikos with Needham. Your line is open. Please go ahead. Hey, guys. Thanks for taking the questions here. Jeff, great to hear you on the call. And for Shlomi and Ed, congrats on the strong quarter. I wanted to tap into cloud. And first, just a sanity check, the results are super strong here. Was there anything one-time or was this really just a confluence of a number of different pieces of the platform coming alongside the execution? Can you help us unpack that? Hey, Mike, this is Ed.

I'll go ahead and start with that. There is nothing in the cloud revenues that is one-time. This is a convergence of strong usage across multiple package types, geos, and different verticals. In addition to that, we saw strong security. Security also is a leading driver of our cloud growth. You had a combination of those two things happening, but no one-time. It was a very strong quarter. Excellent. I did just want to tap in. I guess this is probably more for Shlomi, but again, on the cloud. We have a couple of quarters now of really strong growth. What is different, if anything has changed, but from an execution standpoint on the go-to-market? What have you guys implemented that continues to bear out here? How should we be thinking about that? Thank you again. Hi, Mike.

This is Shlomi, and thank you for the kind words. I think that what you see in the cloud is a strong and consistent execution, not only of our technology, but also the go-to-market philosophy of working with our customers that have overusage, converting them to higher commitments. That is translated to consistent cloud growth and less volatility. As you know, even when we guide, we provide you with a commitments-based guidance, and consumption might come and go, but we wanted to have an alignment between the go-to-market philosophy and the execution of our cloud business. That is on top, of course, to what Ed said, that our cloud customers are now also embracing our security solution, which obviously gives us more room to grow and to expand. Your next question comes from the line of Sanjit Singh with Morgan Stanley. Your line is open. Please go ahead.

Yeah, thank you for taking the questions, and congrats, Mike. Congrats on the strong results this quarter. Shlomi, I was wondering if you could expand a little bit more on the theme on your script around the broadening of the types of artifacts that Artifactory is managing and storing and serving as a system of record. What does that mix start to look like between kind of traditional software artifacts, containers, registries, and some of the AI artifacts that are starting to come through? Can you speak to some of the underlying trends in terms of what Artifactory is storing and managing these days? Yes. Hi, Sanjit. What we see, and we obviously are monitoring it closely, is that artifacts or different types of artifacts that are heavily used by AI creators are seeing kind of a growth in usage in our cloud and on-prem customers. We see that.

Obviously, Hugging Face is scaling up. This is the open-source models hub for AI models, but also languages that support AI development like Python with PyPI, NPM, Docker containers for distribution of models. All of them are aligned and correlated and growing together. It's still too early for us to say that this trend is actually going to lead to a higher consumption in the future, but it's very encouraging to see that our customers are using JFrog as the system of records for all packages, including AI models, and that obviously drives the higher consumption, as we reported. Your next question comes from the line of Kingsley Crane with Canaccord. Your line is open. Please go ahead. Hey, thanks for taking the question. Really encouraging results. For Shlomi, the demo of JFrog Fly was really impressive at Swamp Up. The MCP capabilities are nice to see as well.

It got me thinking. AI is changing how consumers interact with technology. It's leading many companies to rethink their UI, their UX. How relevant is that for JFrog, and is that something that you're thinking about? Yes, thank you, Kingsley. The JFrog Fly release is a disruption to the entire software supply chain system of record. We understand that software in the future will be created not just by developers, but also by agents. Therefore, whatever repository you want to build must come with agentic capabilities. This is what we wanted first to have at JFrog Fly. The second thing, based on our research with thousands of developers, was that developers want to be focused on what they need to be focused on: create software, deliver software with trust, fast and rapidly. JFrog Fly provides that.

Instead of taking it feature by feature within Artifactory, we thought that what we will do better is to build a full agentic experience for our users, reimagining how software supply chain will look like, and then slowly bring those capabilities into the JFrog Platform. Obviously, the enterprise market will adopt it one by one, feature by feature. The community and small team can run faster. That is the idea behind Fly, and we are very excited to see how the market reacts to it. Your next question comes from the line of Koji Ikeda with Bank of America. Your line is open. Please go ahead. Yeah, hey, guys. Thanks so much for taking the questions. I wanted to ask on NRR and maybe pick on the metric just a little bit because it was flat at 118%.

When I look at the cloud growth, that's really, really strong. Just knowing that NRR is calculated on a trailing 12-month metric, on a 12-month basis, that just really means that there are some new customers that are growing very fast. Is that the right interpretation on kind of looking at NRR versus the cloud performance? If that is true, how sustainable is that growth from these new customers going forward? Thank you, Koji. I'll stop, and Ed, feel free to chime in. MRR represents a tier of customers that are not committed to an annual. NDR. NDR. Oh, sorry. Let me go ahead and jump in here on the NDR. First off, let me remind you that we had three of the largest customers close during Q3 of last year. We're building off of that. It's a trailing 12-month metric.

What I said in the beginning of the year, Koji, if you recall, if there was going to be an acceleration in net dollar retention, two things would have to happen. Number one, I want to see an uptake in my security. Number two, I want to see usage over minimum commit in the cloud. Both of those are happening. You start on a trailing 12-month metric with a very strong base off of those three very large deals that were closed at the end of Q3, and we've continued to build on that. We've actually expanded our net dollar retention rate, and we're very happy with where it is as it's stabilized quarter over quarter at 118%. Yeah, and Koji, sorry, I heard MRR and answered about the cloud monthly usage.

Regarding net dollar retention, we also have to remember that part of the strategy of embedding our security solution into the platform will be a way to also expand our customers with a different persona. Getting our customers expanding with security actually addresses a completely different addressable market. Your next question comes from the line of Mark Cash with Raymond James. Your line is open. Please go ahead. Thank you. Shlomi, if I could start with you, I also want to ask around Fly, but more around if you see Fly opening up new customers or buying centers that you have not serviced previously, and then what kind of go-to-market plans or tweaks would be required to drive market awareness versus maybe the market mostly thinking about JFrog more large-scale artifacts.

And then if I could sneak one in for Ed, I mean, you beat by $9 million, raised by additional $6.5 million. I guess maybe some of that comes with better visibility from RPO, CRPO strength, but you're still taking a prudent approach you laid out. What are the key drivers that give you confidence to raise by such an amount to be compared to 90 days ago? Thank you, guys. Yeah, I'll start with Fly. This is obviously an opportunity, but it's not our goal. Our goal is to make sure that everything that you have at the JFrog Platform in the future will support both agents and developers as they manage their software supply chain. Why is that important? Because we know that in the future, the way that the engineering team will be structured will be a combination of developers and agents.

It will not be just developers. Software will be made by agents. If you do not provide them, these agents will not have access to your repository, then they will have another system of record. With Fly's success, basically what we see is how we fuel and power the entire JFrog Platform. Now, can a small team use Fly, and this will be another avenue of revenue generation? Yes, maybe. Our main goal is to make sure that we adopt this agentic experience across the platform. Fly is the North Star of adopting the AI experience. Yeah, and regarding the guidance and the confidence that I had moving into Q4, first of all, I only guide on the commitment. I am confident that what I am providing to you.

Ninety days after the last time I provided to you guidance, is the fact that I have the strong commitment. We saw a strong performance during the quarter. That is built into my forecast based on those commitment levels. I have removed anything that is related to usage over the minimum commitments and feel very confident with those numbers provided. Your next question comes from the line of Miller Jump with Truist. Your line is open. Please go ahead. Hey, thank you for taking the questions and congratulations on the strong results. Yeah, so for Shlomi, maybe for a couple of quarters now, we have heard about the demand for hybrid solutions correlated with AI. I am just trying to reconcile this with the clear momentum that you are seeing in cloud. Is this something that you are seeing shift the pipeline composition right now?

And then if I could ask one for Ed as well, just throughout this year, maybe the last two quarters, really, you've talked about the conversion of customers that are going over commit. I'm just curious, what are you seeing from the customers that move on to new contracts? Are they continuing to ramp up their consumption? How has that played out towards your expectations? Thanks. Yeah, thank you, Mila. I'll start. First, what we see is what we reported in the past, and we see it still. In our pipeline, there are some big deals that, part of them include cloud migration. We hear from our customers that they need more certainty before they double down on the cloud and go there with the entire AI workload that is currently being built.

For sure, the fit for purpose that we reported in the past is still relevant. You also know that part of our guidance philosophy, these deals are being de-risked from our pipeline. We are being very cautious with kind of hanging the expectations high. When it comes to cloud migration and cloud consumption, in terms of the consumption, as I answered before to Sanjit’s question, we see more software packages that are related to the AI world being used. Still, we want to make sure that this is a new behavior and not just a trend that will pass. When people will decide whether they go with cloud or on-prem, regarding what we see from the behavior of those customers that are above minimum commitments that go to a higher annual commitment, it is still not easy to do this.

The sales team has done a good job. That is strategically aligned with our philosophy. Budgets are still not fully aligned there yet. For those customers, they are now secure, and it gives them that confidence to flex up and down. We continue to see strong usage across the board, especially in Q3. We also know heading into Q4, it is a seasonably slower quarter due to the holidays. That is also something that we take into consideration. Your next question comes from the line of Brian Essex with J.P. Morgan. Your line is open. Please go ahead. Hi, good afternoon. Thank you for taking the question. Congrats from me as well. These results are really nice to see, the acceleration. Maybe for Shlomi, could you, any way to quantify what kind of lift you get in the quarter or you had in the quarter from conversions.

To cloud. Maybe what percentage of your customer base is kind of remaining to convert? Yeah, we are not disclosing this number, Brian, but what I can tell you is that if you look at the report of the over $1 million customers, we have now 71. That's a growth of 54% over here. I can say that the majority of them were not just using more platform capabilities, but also used it in the cloud. While we are not disclosing it, the cloud for sure is a strong growth engine for the company. Your next question comes from the line of Shrenik Kothari with Baird. Your line is open. Please go ahead. Yeah, thanks a lot for taking my question. Shlomi, definitely securing the software supply chain for AI models, continuous packages, sounds like a critical pain point right now.

I just wanted to hear your thoughts on. What do you think about customers kind of truly allocating new budgets towards this and just the sustainability of these budgets? Or you're saying it's getting bundled into existing DevSecOps and you are gaining from consolidation. You did note many attacks like the recent NPM and PyPI threats that are thwarted by curation. Just curious how. Customers are thinking about the budgets going forward. And then I'll follow for Ed. Yeah, Shrenik, that's actually two different questions. First of all, there is a higher threat on software supply chain because hackers are after your software packages. And if you don't cover yourself there, as I said, it's a matter of when and not a matter of if you will be attacked.

NPM, PyPI, MCP, in the past, you remember Log4j, these are all software packages, and attackers are going there because this is binaries, and binaries are also the asset that our customers have in the runtime. Basically, if you are attacked from runtime through the binaries, you have full access to the software supply chain. That is front and center for every CISO now. The other question regarding new budget allocated to security in the world of AI, I believe the answer is yes. It is not only the traditional security, but also GLC budgets. Cyber risk organizations are also looking at what happened in terms of governance and regulation a moment before AI is fully adopted by the biggest bank and the biggest car manufacturers and the biggest retail companies. The gap between full adoption of AI to what we see now is basically.

Trust, control, security, and governance. For sure, there is more budget there and more attention of CISOs and CIOs to make sure that software delivery driven by AI is not putting the company in risk. Okay, Shlomi, just quickly, a follow-up on federal wins were highlighted. You mentioned meaningful GCV. Just in light of the strong Q3 and traction around security AI, the guide for Q4 does appear measured. You did touch upon it. It's coming from a place of prudence, but just implied is more kind of 25%-30%. Is there more prudence coming from the Fed side? Anything that you can comment on deal timing, variability, just given the prolonged shutdown? Yeah, thanks for the question, Shrenik. There's nothing related to a government shutdown that would change anything in terms of our sentiment going forward. We've managed this year with prudence.

We're continuing to manage the year with prudence. There's a lot of factors that we take into consideration. I want to remind you, there is no usage over minimum commitments in our guide. We de-risk for our largest deals as the timing of those deals is still uncertain, but nothing has changed from our previous philosophy. We're continuing to use that same philosophy in our Q4 and fiscal year guidance. Your next question comes from the line of Itai Kidron with Oppenheimer. Your line is open. Please go ahead. Thank you. Hey, congrats, guys. Really impressive. Maybe a couple for me. Ed, just on this last comment that you made about that you don't give guide over the minimum commits, can you tell us in the quarter itself, this quarter, what was the upside from kind of spillover over the minimum commits?

Yeah, we did not break that out, and we are not willing to provide that information. If you think about what we have carried over from Q3 into Q4 sequentially, that is the commitment levels. Anything above that, I would consider to be usage over minimum commits. Okay. Shlomi, for you, clearly you are doing very well. I am kind of wondering, internally, what % of your sales force is running above quota for the year, and if that is running at a level that is higher than your normal internal averages. I am just trying to think about, you are soon to finish the year, you have to start thinking about how do you make tweaks and changes.

I was wondering if you have any initial thoughts, given the change in the landscape, AI, the breadth of your portfolio, if you have any initial thoughts on how you're going to tinker with comp as you go into next year. Yes, Itai. Obviously, we will not share some operational metrics, but of course, we're tracking it. There are very important kickers for the go-to-market team when it comes to the growth engine, when it's security, when it's cloud, cloud migration, AI and MLOps adoption, now DevGovOps and compliance. What you can see in the numbers, and this is not the first quarter, I think it's the fifth quarter in a row that we are consistently delivering what we are committed to, is that not only the sales team is focused, but also.

They use the methodologies of top-down enterprise sales, things that in the past we did not practice like three years ago or four years ago when we used to sell to developers. There were no expansion. Now what you can see, not only by the reports of the big numbers or the big companies, but also the entire revenue growth and the consistent growth, is that the team is focused on enterprise sales, upmarket, know exactly how to expand the platform. We are very pleased with the results. Your next question comes from the line of Brad Reback with Stifel. Your line is open. Please go ahead. Great. Thanks very much. Shlomi, I will take the five quarters one step farther and say the magnitude of the SaaS beat over those five quarters continues to get bigger.

Maybe building on Itai's question, is there any reason why you wouldn't accelerate sales and marketing headcount spend as we head into next year to take advantage of all this opportunity you see? No reason. We are investing in go-to-market. We are investing in go-to-market in a responsible way. We want to see that what we deploy also comes out as the right ROI for our investment. And it's on all fronts. You can see the amount of releases from the product side, but you can also see the alignment on the go-to-market side when we delivered the numbers with such a strong beat. Your next question comes from the line of Andrew Sherman with TD Cowen. Your line is open. Please go ahead. Great. Thank you. Shlomi, I wanted to ask about the security wins and pipeline. Some good color there in the quarter.

For the Q4 pipeline and beyond that, how is that tracking? How much is that pipeline up? What's your confidence in closing some of these big deals? Have the sales cycles changed at all? How's the market kind of shaping up competitively for these deals too? Thanks. Yeah, great question. We see a lot of opportunities in our pipeline, including security. Obviously, JFrog Curation following the incident of NPM is something that a lot of our customers are asking and inquiring about. The sales cycles are longer when it comes to security because no customer comes with zero security coverage. So obviously, it's not just a matter of upgrading themselves, but also displacing something that they used in the past. The answer regarding the pipeline, it's growing, and we are very pleased with what we see there.

It's also, to remind you, it's only part of our Enterprise X and Enterprise Plus subscription. Sometimes it also drives an upgrade in the subscription. Through to our methodology, when it comes to mega deals in the world of platform that also includes security, we are de-risking it to make sure that we are not missing a quarter because the customer needs a bit more time to conclude the proof of concept. Overall, the sales cycles are a bit longer, but not massively longer. I would say three quarters on average. Sometimes it's four quarters. Really depends on how many personas are involved in what you need to adopt from JFrog. Your next question comes from the line of Jason Celino with KeyBank. Your line is open. Please go ahead. Hey, great. Thanks for fitting me in. And really wonderful quarter.

You know the two wins you talked about that I thought were interesting. The one U.K. customer and then the U.S. federal agency. Did these deals directly benefit from the launch of Uptrust? I'm just trying to understand how Uptrust and the government opportunity might play as a catalyst. Thank you. Yeah, that was really a big win. Obviously, it was an RFP. Not only JFrog competed over this opportunity, and we are very proud of the team that delivered that, by the way, a very long process, obviously in front of the government. Uptrust is not yet included. Uptrust was just announced last month, a few weeks, a baby product. We announced that together with ServiceNow. We are building the pipeline for Uptrust. The DevGovOps landscape governance is something that we know will get even more demanding when AI will fit in.

Not yet, but I will answer something that you did not ask. There is room to grow with all of our customers when Uptrust is in. Your next question comes from the line of Iman Coughlin with Barclays. Your line is open. Please go ahead. Hey, guys. Thanks for the question. Really, congrats on a great quarter. The strong enterprise customer adds really stood out in the quarter. Can you help us understand some of the key drivers there? Are you spending more time engaging with your partner ecosystem? Is it a function of a more mature sales team? Just curious if there is anything you are doing to adjust a little bit of your sales motion or go-to-market motion. Thanks. Hi, Iman. Thanks for the question. Yeah, we are seeing great traction in the enterprise, especially those customers over $1 million.

What we see, and Shlomi talked about this previously, security is becoming a driver of many of those large deals, and it's also in the cloud. We see this expansion of the usage over the minimum commit and expanding to a bigger commitment, taking security on top of that. That drove many of the deals that we saw, 10 customers that we had over a million during the quarter, 54% growth. It's the efforts of the go-to-market team, and it's really a three or four-year investment that we made, and we're starting to see the fruits of those labor. Your next question comes from the line of Jonathan Reekhaver with Cantor. Your line is open. Please go ahead. Yeah, hey, guys. Congrats on the performance. I'm curious. Last week, OpenAI announced a private beta of a security application called, I think it's Ardvark.

It seems to differentiate with an LLM-driven approach to vulnerability detection and remediation. I'm curious if you could just talk about how this compares to Xray's capabilities, but maybe, I think more importantly, the announcement at SwampUp around agentic remediation capabilities. How do you think this maybe further differentiates you from emerging competition? Yeah, John. This was a very important announcement coming from OpenAI, and obviously, we saw it, and we work with OpenAI on a monthly basis, if not daily basis. This is great news because it's yet another proof that human security is—sorry, human code creation is being covered by models. That's basically supporting the philosophy that what you need to invest in is to protect your binaries. The announcement from OpenAI is a solution that replaces static code analysis, basically code that is created in human language and not binaries.

If it will drive something, I think it will drive more interest in what we bring to the market, which is a complementary solution to protect your entire software supply chain. Yes, LLM can provide your source code security, but not binaries. That was the release from OpenAI. Your final question comes from the line of Rob Owens with Piper Sandler. Your line is open. Please go ahead. Great. Good afternoon. Thanks for squeezing me in. Just a couple of quick ones for me. Where you talked about cloud migration and some of those in the pipeline. Taking the other side of that, customers that aren't moving to cloud, what are some of the governors or some of the reasons that they're not moving to cloud at this point?

I understand that having a hybrid architecture is part of your value proposition, but it's just contemplating that move to cloud and maybe some of the barriers to get to certain customers to move. Yeah, that's a good question, Rob. Assuming that our customers, enterprise, big customers moving to the cloud from an on-prem setup means that they had their own projects, they understood the scope of these projects, and they wanted to move the workload to the cloud. In order to kind of provide a better elasticity for the company. Now comes AI, and they see a new workload. They do not know how much they will pay for storage. They do not know how much they would pay for data transfer when you train these models, where the data that train this model will be hosted. That takes a bit more time for them to analyze.

Putting aside the cost predictability, they also have some security and governance concerns. Who is training this model? How is this model being exposed? What are we doing in order to protect the company from having any type of malicious models coming in? This, I think, brings them to take a bit more time, or at least this is what they tell us. They need a bit more time before they fully bet on the cloud like it used to be maybe in a process a year ago or two years ago. JFrog is positioned to capture the opportunity both ways. Either they will stay as on-prem customers and we will support them and go with them there, or they will move to the cloud and we will do it in the cloud with them on a multi-cloud basis or one cloud.

Basically, the hybrid solution that JFrog provided is the fit for purpose that they asked for. There are no further questions at this time. I will now turn the call back to Shlomi for closing remarks. Thank you, everyone, for joining us on this quarter results and earning call. May the frog be with you. Take care. This concludes today's call. Thank you for attending. You may now disconnect.

This article was generated with the support of AI and reviewed by an editor. For more information see our T&C.