Behind US stock gains, gold’s climb reflects growing market uncertainty: Macquarie
On Wednesday, 10 September 2025, Rapid7 Inc (NASDAQ:RPD) participated in the Piper Sandler 4th Annual Growth Frontiers Conference, outlining a strategic shift towards AI-driven security services. The company emphasized both stability and challenges, notably in the Managed Detection and Response (MDR) market, amid longer sales cycles and competitive pricing pressures.
Key Takeaways
- Rapid7 is focusing on AI-driven security services, particularly in MDR and Agentic SOC capabilities.
- The company is experiencing a shift towards larger, more strategic deals, resulting in longer sales cycles.
- There is a noted increase in Average Selling Prices (ASPs) and deal expansions, especially in exposure management.
- Rapid7 is reinvesting in R&D and sales & marketing to accelerate growth in enterprise MDR services.
- The company anticipates mild revenue growth acceleration next year.
Financial Results
- Stability and strength were observed in Q2, driven by the Detection and Response (DNR) business.
- Significant expansions in ASPs and deal cycles were noted, with exposure management upgrades resulting in uplifts exceeding 50%, and in some cases, over 100%.
- The DNR business continues to show healthy growth.
Operational Updates
- Rapid7 is heavily investing in AI-driven security services, including MDR and Agentic SOC.
- MDR constitutes over half of the company’s revenue, with the agentic platform reducing the relevance of Security Information and Event Management (SIEM) systems.
- The company is rolling out an agentic platform for incident command to MDR customers and tightening Service Level Agreements (SLAs) due to improved detection and response times.
- AI is being used to enhance code development speed, and a global capability center is being developed to drive innovation and efficiency.
Future Outlook
- Rapid7 expects mild revenue growth acceleration next year, driven by the DNR business.
- The company aims to improve its pipeline and conversion rates for larger deals with extended cycles.
- Rapid7 believes it has the necessary pipeline and product positioning for sustained growth without missing targets.
Q&A Highlights
- One-third of the MDR market is considered unachievable due to low pricing by competitors.
- The focus remains on Enterprise MDR Services and managing all customer data.
- The pipeline build for exposure management is on track, with more strategic discussions occurring than initially anticipated.
- Customers are making strategic decisions about platform consolidation rather than just upgrades.
For further insights, readers are encouraged to refer to the full conference call transcript below.
Full transcript - Piper Sandler 4th Annual Growth Frontiers Conference:
Rob, Analyst: All right, we’ll kick it off with our next company, Rapid7. Gentlemen, thanks for joining us.
Corey Thomas, CEO, Rapid7: Rob, thank you so much for having us.
Rob, Analyst: Absolutely. Welcome back to Nashville. Any predictions on the Vandy season this year? Any big upsets in the, I actually think, making?
Corey Thomas, CEO, Rapid7: Yeah, I think they’re going to have another good year this year. Their quarterbacks come back. I think this whole trade thing’s been great for mixing up in sports.
Rob, Analyst: That’s great.
Corey Thomas, CEO, Rapid7: I’m a Von Brandenburg alum, so I love the football here. I’m glad we could be here.
Rob, Analyst: Yeah, welcome back. Let’s kind of dive into it. Q2 results seem to show some level of improvement in execution relative to, I think, the first quarter, though there’s still some pressure points on budgets that are evident. Can you set the stage and help us think about some of the different factors that are playing into the growth algorithm right now?
Corey Thomas, CEO, Rapid7: Yeah, so if you, so one, yes, we saw stability and a bit of strength in Q2. If you think about the growth factors, there’s three things that are at play that we’ll probably spend some time with as we actually go through. The first is our DNR business, which is really the lead in what we think about as the AI-driven security services, anchored by our MDR business. It is continuing to show healthy growth in the teams. We expanded the addressable market for that service, but that remains healthy. The exposure management business, which we’ll probably spend a little bit of time overall, is new and getting going, which is the upgrade from the traditional vulnerability management business.
That has started off nicely, although the deal cycles are much larger than we expected, which leads to the last, I would just say, piece of the equation is that Rapid7 traditionally has been heavily, not just mid-market, but I would just say mid-ASP, in the $40,000-$50,000 ASP range. What we’re seeing is between the DNR and the exposure commit upgrades, we’re seeing significant expansions in the ASPs and the deal cycles, which causes longer sale cycles, but it also has a phenomenon of a few deals actually are swinging the corners a little bit. Q1, we missed by two to three deals and actually closed. Q2, we actually had a healthy close, but again, much larger ASPs overall, and so we’re readjusting to the larger, more strategic deal cycles.
Rob, Analyst: Is that an intentional up-leveling of deals and customers, or is that just a natural byproduct of what’s been happening in cyber over the last five years?
Corey Thomas, CEO, Rapid7: Yeah, it’s a great question. One, it’s a natural byproduct of partially the consolidation the customers have. You are seeing people spend more with fewer. It’s also, Detection and Response is just a higher ASP business than the traditional Vulnerability Management business, so that’s a natural mix shift in general. The third one is somewhat, could be market, but it could be a bit of us too, is that we expected the exposure management, the Vulnerability Management to exposure management upgrades to be 20% to 30% uplifts overall, and we’re seeing over 50% and many over 100% uplifts. That was unplanned for. Now, I don’t know whether that, we’re figuring out whether that’s our pricing packaging or whether that’s the go-to-market teams upsizing them.
That’s one where, in the upgrades, we would like to have some of the business be a little bit of the more traditional 20% upgrades because those tend to be faster and have lower data. That said, we considered a major validation point that people are both upgrading and we’re getting some of the strategic upgrades, and that’s a positive evidence point, but we do want to actually have it in smaller chunks.
Rob, Analyst: When we think about exposure management, it seems like it’d be the new rage in a bit of a noisy category, right?
Corey Thomas, CEO, Rapid7: Yes, absolutely.
Rob, Analyst: You have your traditional competitors and everyone’s fully all in on exposure management, but you also have the bigger platform players that are starting to roll out solutions, or at least it’s in their slideware. Maybe you can speak to the competitive environment, the noise, and I think that probably goes for your detection response business too, right?
Corey Thomas, CEO, Rapid7: Yeah, absolutely.
Rob, Analyst: You have some competitors that really have been struggling, and I think are discounting quite a bit.
Corey Thomas, CEO, Rapid7: Yeah, absolutely. I’d say both of those. Let’s start with the detection response. By the way, it’s the one that we’re in the most. If you think about our transformation from traditional vulnerability management, detection response, even though it’s a harder one to get to, it’s the one that we invested in earlier, and we’re probably the furthest along. That’s over half of our revenue. It’s our view that as customers go, the backdrop of it is that our fundamental belief is that as customers scale, they’re going to have increasing regulatory environments, more complexity, but they would not want to actually build up the security staff and team to manage a global 24 by 7 Security Operations Center. That’s just not where customers have the capacity or desire to build the skill set.
The question is, can you use both technology, now AI, combined with services to allow customers to outsource more of their security operations to an AI-driven technology provider?
Rob, Analyst: Right.
Corey Thomas, CEO, Rapid7: Detection and response is the one that’s furthest along. As you say, we’ve had a lot of success in that market. It has always been a highly competitive market to your point. If you look at the fastest growth part of that market, the MDR part of the market, it is largely private companies. To your point, many of them are trying to figure out what’s next for this phase, which has actually caused a high degree of dysfunctional pricing in that market. We have actually stayed disciplined and focused, so we’ve continued to grow, even though we’re at scale. Look, we’ve actually said there’s some things that we’re just not going to do. We don’t think that the pricing is long-term, likely to cause because you see even some of the companies are in a bit of duress and they’re pulling back.
We think that creates massive opportunities for us in the market as we actually go forward, that the companies are no longer being funded for unsustainable businesses. We look at that as an opportunity. At the same time, you have some interests like Zscaler coming to the space via acquisitions. I think that rationalization is a healthy thing, and I actually think that there’s more opportunity than threat there overall in detection and response. Any questions there before I go over to the exposure management competitors?
Rob, Analyst: Yeah, I think there are because we’ve heard for a while about next-generation SIEM. We hear security is a data problem. Some folks have approached it from a managed perspective, and you’ve got a business there. SecOps, SOC transformation, however we want to think about this. Is this a SIEM issue? Is it eventually an agentic opportunity that maybe displaces SIEM? Maybe that’s, you know, I know that’s what Jay said or what Zscaler has articulated as a reason for Red Canary, but where are customers, especially in the mid-market?
Corey Thomas, CEO, Rapid7: Customers are mid-market and I would just say mid-to-large enterprise. If you think about our ICP, our target customer profile, the customers that have, you know, dialed into 20,000 employees around the world. It’s not the largest of the large, but we actually do, we have an incredibly robust business in the large but not very large enterprise space. Here’s the primary driver of it. It is all about scale of the job that needs to be done. SIEMs are good technology storage. Getting value to run a security program out of them requires a large team and a large amount of resources. If you have to do that on a 24 by 7 basis, it is uneconomical to do the job. SIEMs are just ill-equipped to do the job that they were designed for.
What you see is multiple facets of ways that people are solving that problem to actually, how do you run a 24 by 7 security operations stack? One, which was probably the first one out the gate, was an MDR-centric approach. Let’s start with the MSSP approach, which you actually traded off. You got cost efficiency, but not efficacy, where the quality of those services generally were not great.
Rob, Analyst: Someone lost your network when you slept.
Corey Thomas, CEO, Rapid7: Exactly. Yeah, exactly. MDRs were designed, when they did it right, to actually provide a scale solution by giving you talent leverage where you had great people and technology that actually scaled it. The best of them have now actually started focusing on adding AI kit. Look, the really good ones have been doing both integrations, machine learning, and automation for years now. We rolled out our agentic platform for an incident command. We started rolling out to our MDR customers early this year, and then we actually made it available to the broader market. Agentic SOC capabilities essentially are doing the work as a frontline SOC analyst. We thought that was going to be five years away. That’s probably going to be in the next two years where we can actually do it. The workload productivity that we’re seeing is massive there.
We sell that too, and we think it’s an add. You have some AAA startups that just have a vision of the agentic SOC, where AI can run everything. It’s going to take years before you can actually have no people to actually do it. My belief, and this is what you heard from Zscaler too, is that what you really want to have is you want to have people and expertise that can actually do their work, but more and more of the workloads are run by the agentic SOC agents. That’s definitely the dynamic that we’re actually seeing, and that’s where a big part of our investment and focus is.
Rob, Analyst: In many cases, that’s an outsourced Security Operations Center, so.
Corey Thomas, CEO, Rapid7: That’s just the start of that. I think that same dynamic is like we’re helping customers with AI-driven outsourcing on the SOC today.
Rob, Analyst: Yeah.
Corey Thomas, CEO, Rapid7: Same is going to be applied to other areas as we go forward.
Rob, Analyst: How close are we to automation versus suggestion on the back end?
Corey Thomas, CEO, Rapid7: Actually very far along. This is the part that’s, yeah, this is where, yeah, the way to think about it is it depends on what you are. There are three core things that you have to think about. One is how do you get in, manage, and organize the data. You can use AI to do lots of that, and it can actually just do it. We’re constantly investing there. The third in there, I would say it’s getting better and better from that data organization perspective. That’s one of the big areas of investment that we’re still unlocking. The second, to your question, is to think about the filtering and the disposition of alerts and processing that large alert volume that people can’t get through. It’s quickly moved, and we are, I would say, auto-managing, getting rid of all the noise. That is happening today.
It moved pretty fast there just because it was more effective, and people weren’t processing the volume. We’ve seen massive success. In fact, if you talk to our SOC leaders, they’re just like, okay, you proved it. Why aren’t you doing like quadruple the amount faster? We’re unlocking that and massive velocity to do that. That’s actually improving the signal-to-noise ratio. The part I think that you’re getting to, though, that’s just suggestion right now, is not there, is the AI-driven response. Then you have the agentic response where it does the containment. What we’re hearing from our customers is they want us to, and this is one of the investments that we’re making, green light containment responses. So deprovisioning of IDs, containment of machines.
You know, there’s a whole bunch, I would just say 90% of the responses we’re not automatically doing, and they’re still in review mode, because you can break stuff if it’s wrong there. If we misallocate like a filtering thing, that just means someone got some noise. If we do a response that’s inaccurate, that’s a problem. That’s staying in recommendation mode a little bit longer.
Rob, Analyst: How is agentic speeding the customer decision time or process? It does feel like people are behind and trying to catch up really quickly.
Corey Thomas, CEO, Rapid7: Yes, you talk operationally how the speed of the time. Yeah, like if you look at the mean time to detect, the mean time to respond, they’re actually going down. We are actually contracting our SLAs on what we can actually do. We’re seeing our partners being able to tighten that up. Look, the agentic piece is a, I can’t say enough, it is a massive deal. It’s the first time in a while. This is why the SIEM is becoming less relevant. If you look at our strategy, we have the MDR thing for people that are actually looking to get scale efficacy, which leverages technology in the environment. Our approach on launching incident command was to do a major SIEM displacement wave. You see lots of early stage companies also doing that, just to be clear. We actually think it’s a massive opportunity.
Rob, Analyst: When do you think this starts to translate in improved fundamentals for Rapid7 in terms of go to market? I know you’re hiring a new Chief Commercial Officer.
Corey Thomas, CEO, Rapid7: Yeah, Alan started. Alan is on board. We expect DNR to have continued good performance. Alan started. I think there’s two things that we’re really focused on. One is that we were selling too many things and we were all over a little bit. We’re adding focus and discipline. We are going to be heavily focused on two things. One, driving the land motion around DNR where we see the opportunity and it has good scale, good economics. AI-driven services, you’ll see our sales team tightening up that. Listen, from where the stock price is, which is a little bit crazy, it does not make sense to overpromise as we go into it.
Rob, Analyst: Absolutely.
Corey Thomas, CEO, Rapid7: We expect to see mild levels of real acceleration as we go in next year, just from the DNR. The piece that we’re actually looking to bring in is we’ve both built the pipeline and the conversion, but it’s a much larger deal with longer deal cycles and exposure. Upgrading the install base, that’s the piece that really unlocks the growth, and we’re looking at what the pace and time of that is.
Rob, Analyst: All right. Any questions at this point from the group?
Corey Thomas, CEO, Rapid7: Yeah.
Rob, Analyst: Yeah, so there’s two types of opportunities that are in there. One is opportunities that we actually can do quite well because we have one of the more efficient MDR SOCs. We do see definite opportunities there, and it actually adds to the growth drivers and fundamentals. I will say there’s probably like a third of their business, though, that we probably won’t touch or go to because they actually just priced it uneconomically. Part of what Rob was talking about earlier is you have many of the private MDR players that are going through their own sales and transition processes, and they were focused on getting growth to keep up the numbers. They just did things that did not make economic sense.
Trying to go in and tell customers that, like, hey, listen, to get a good quality of service, you got to actually pay 30% more, it’s just not worth the time and the effort. We’re going to be fairly disciplined on this, which is why the growth calculation that we’re doing, I would just say more than anything, is that the bigger driver on growth as we actually go into next year is the enterprise, is the enterprise MDR service, where our MDR service was just our data, which works well for, I would say, a mid-enterprise. As you go larger and larger, they want you to manage all of their data, and we need to still do that at great gross margins. That’s what we’ve been leveraging lots of the AI.
We just did that this year, but think about like probably the largest part of our addressable market MDR, we were not competing in. On one hand, we were getting squeezed at the low end by people that were just doing deals that just made no sense at all. On the other end, we just weren’t competing with that. Now that we’ve unlocked that higher end, those places where you’ll see like Accenture, ReliaQuest, and stuff like that, we can compete quite effectively in that space. That’s a very robust space of now doing all of customers’ data across the environment. Thanks. Let me talk about OpEx. You, like many companies, massively expanded profitability post-COVID. Now you’re actually starting to reinvest and lean back in. You can look at R&D as a percent of revenue taking up, sales and marketing as a percent of revenue taking up.
The revenue is not where you want it, of course, but you are leaning in. How long till these investments start to pay off? What are the proof points you guys are looking for in terms of that happening?
Corey Thomas, CEO, Rapid7: Yeah, Sunil, you want to take that one?
Sunil, Unidentified, Rapid7: Yeah, for sure. I mean, look, I think this year was certainly a year to focus in on kind of that product vision and really driving the products as we think about next year and position ourselves to drive this reacceleration, particularly with Alan coming in on the sales side. Really sort of scaling our presence to get our global capability center set up to drive the ability to continue to steer innovation, but to do it more efficiently and more effectively as we go forward. I think first and foremost, this was a core year to drive all that stuff as we go forward into 2026 and beyond. We do want to see the benefits and the scales of that. I think there’s a couple of things that stand out as number one, from an innovation standpoint, as Corey referenced, right?
I mean, we’ve seen really good engagement with customers on the vision of holistic risk and being able to manage risk across their environment. The deal dynamics are a bit different than we expected when we came into the year, but certainly the traction that we’re seeing there, the willingness for customers to sign up for more strategic, larger deals and larger commitments over larger periods of time, I think, validates the strategy behind it. We need to work through the motions and the ability to be able to get that across more of our base, which I think Alan will really support and benefit from.
I think continuing to invest, we’ve released a lot on the AI side of the agentic SOC from a Detection and Response standpoint, really accelerating the ability for our customers to go solve things, but really elevating the ability for our SOC to continue to be able to disposition more things as the alerts continue to grow in a very fragmented environment, be able to manage that more effectively. I think that’s another great proof point that we’re seeing as we see these more continual releases. One of the things you’ll notice is that we’ve had a much quicker cadence of releasing new capabilities, features, as we’ve gone over the past, you know, 8, 10, 12 months than we had prior to that. That’s another thing.
The third thing I’d say is really kind of the presence that we’ve really started to build from a global standpoint, in particular this global capability center, right? We’re scaling not only our R&D capability, we’re scaling our SOC there, right? We’ve already started to see people come in and start to add value. That is one of those things that is going to drive sort of durable value, even as we look into 2026 and beyond, to allow us to continue to drive and leverage those investments, but leverage them for more scale and efficiency over time. I think we’re starting to see the early things that we wanted to, but now we’ve got to continue to drive that, right? We’ve got those investments continuing through the balance of this year.
We’ll absorb them as we get into the early part of next year and really start to see the benefits and the scale coming back.
Corey Thomas, CEO, Rapid7: Yeah, because if you look, Rob, what you’re trying to get to is just like a wink and we see it in the reacceleration of growth. I would just say, listen, the two things that we hear from all of our investors are sort of like two different things. We believe that we both have the pipeline and the product positioning, and you’ll see a bunch of stuff coming up around that that validates that, to set up a reasonable growth acceleration where we’re through the Detection and Response. We will focus in and tighten in sort of like the focus in sales as we actually go along. The exposure management is far enough around and has enough foot points. At the same time, people are just like, listen, we don’t need any sort of misses. Manage the expectations well.
I would just say, I would expect that we’ll see some modest level of reacceleration next year. You should also expect that we don’t want to get, people want us to actually really have a cadence where we don’t have misses. Those are the two things, but the fundamental support, the modest levels of reacceleration next year.
Rob, Analyst: Great. Corey, operationally, where’s Rapid7 leveraging agentic at this point?
Corey Thomas, CEO, Rapid7: Yeah, AI and, you know, it’s someone who likes to be hands-on. What’s been?
Rob, Analyst: I’d love to be hands-on.
Corey Thomas, CEO, Rapid7: What’s the most interesting thing to you at this point?
Rob, Analyst: For me, I should probably do the company first, then we can actually do mine. Rob knows I’m a geek. At the company level, like everyone else, we’re clearly using it in development, and it is actually making the velocity of writing quality code much faster.
Corey Thomas, CEO, Rapid7: Fewer developers or same number of developers?
Rob, Analyst: I mean, we have a massive amount of work to do to actually build it out. We’re actually just getting developer productivity as we actually go along. We’re not trying to have fewer developers. It’s not an optimization. It is an acceleration of how do we actually deliver faster, more than anything else. Our team started off skeptical, but they are actually fairly impressed with some of the stuff that they’re actually able to do now. That’s the first and foremost. Improving the customer experience is the second one. As you can imagine, support, other things. It’s actually a boon to marketing and to be able to actually be able to communicate to the universe. One, we have some interesting pilots that are not yet yielding in the sales engagement space, about how do we actually do sales.
Sunil, do you want to talk about how we’re actually, in the early finance?
Sunil, Unidentified, Rapid7: Yeah, I mean, operationally, we’re looking at all the different ways to kind of assess, to apply to predictions and trends that we’re seeing in the business. Ultimately, across all elements of how we forecast, how we think about the business, how we partner with different parts of the organization and process a lot of information, and how we understand kind of the landscape around us.
Corey Thomas, CEO, Rapid7: Personally, I’m obsessed with leveraging it for personal productivity, and making the velocity and the speed that we actually operate and run much faster.
Rob, Analyst: All right, we got time for one more question if there is one.
Corey Thomas, CEO, Rapid7: Yeah.
Unidentified speaker: I’ve been getting suggestions on upsell costs and opportunities. The question is, you’re one way in the process of upselling customers from DMUs to management. I’ve looked at the main customer’s price tags through that. The second question is, which customer overlap DMUs displays the difference DNR run? Any kind of articulation or one on like the financial?
Corey Thomas, CEO, Rapid7: Yeah, two great questions. The pipeline build is actually great on the exposure and roughly where we expected it to be on the exposure management for the upgrade cycle. The ASPs and the way we’ve been able to chunk it are much larger, and we’re just seeing that it takes a long time. We were a little bit worried coming into the year, especially exiting Q1, that like, all right, have we built things that are not effective? What we saw going through Q2 is that they were converting. We were just shocked about the size of the things. What’s happening is that the thesis was it would allow us to move from the on-prem vulnerability management and actually capture more of the endpoint dollars and some of the cloud dollars. That’s turning out to be true.
We originally thought it would just be upgrading the in-place environment and then steadily expanding, and people are making a, and for, it’s not even a negative. People are using it to make a strategic decision. Now it’s a strategic decision about consolidation on the platform versus just an upgrade. That has pros and cons to it too, but it’s different than what we expected, but not negative. It’s a way to say we’re engaged in far more strategic discussions on exposure and management than we expected to be, but there are strategic discussions that have longer and higher deal cycles around that. The second one is there’s a massive amount of both technological and operational overlap between them. In some ways, it’s completely artificial, but we have to segment the market in some ways. Part of why you see so much consolidation is there were artificial barriers.
Both of them happen to have a core foundation of what’s in my environment, what’s the technologies, assets, controls, and exposures across the environment. You need that, whether you actually think about exposure management, it’s about managing down the attack surface and think about detection responses and monitoring that attack surface. You still have to know what the attack surface is. In fact, vulnerability management didn’t understand the attack surface. The biggest investment that us, Tenable, and Wiz have made is actually moving from a cloud player or a VM player to actually understanding the full attack surface. That’s the single biggest investment we made. That is critical and necessary to actually do anyway. The second aspect that you actually have on it is the remediation. Think about the same remediation that you actually do to actually automate more of the exposure management remediation.
It is the same response piece that you actually do when you have an attack for containment. Make this change, add this containment, fix it. Those two things are the same, but there are some differences. Those two things are really big similarities.
Rob, Analyst: All right, that’s all we have time for.
Corey Thomas, CEO, Rapid7: Thank you all very much.
Rob, Analyst: Thank you.
This article was generated with the support of AI and reviewed by an editor. For more information see our T&C.