Skip to main content

AI assistant

Sign in to chat with this filing

The assistant answers questions, extracts KPIs, and summarises risk factors directly from the filing text.

JFrog Ltd Call Transcript 2026

Mar 11, 2026

Call Transcript

JFrog Ltd

Download source file

Okay, we're gonna get started. My name is Jonathan Ruykhaver. I cover most of the cyber names at Cantor Fitzgerald. Really pleased to be able to have JFrog today from the company and Ed Grabscheid, CFO, and Jeff Schreiner, who runs IR. So it's been a you know, interesting few weeks. I think you guys probably took it worse than anybody when Anthropic announced Claude Code, which was interesting because it had been in preview for you know, several weeks, so you could go and read how the developers were using it. But you know, the actual headline you know, was I guess available you know, drove your stock down 25%. It it's interesting. We reached out to several customers and was able to talk to one large customer in the telco vertical. I just wanna read this quote because I think it's a good starting point to try to understand how you've differentiated what the value proposition is. But this is what he said. Let me find. Okay, so quote, "LLM reasoning is not enough as it cannot validate trust, it cannot enforce policy, it cannot secure dependencies against scanned binaries or ML models, nor can it do anything around monitoring runtime systems." They basically said they're complementary. It's not a replacement to a broader supply chain platform. Maybe just, you know, start on that positioning. I think the one nuance that investors struggle with is just, you know, code-level security and binary security, and really kinda dig into how that differentiates JFrog and, you know, why you think it's defensible. Yeah. Thank you very much for the question, Jonathan. Thank you for the quote as well. Very helpful, I think, for many investors. I think one of the big, I guess, misconceptions and sometimes between investors is the difference of source code and binaries, and that there is a very distinct difference. I think to start in terms of the easiest distinction is that one is deployed into the wild, the binary, and is exposed out into the wild. One is kept very well protected and behind your firewall within the organization and never leaves the firewall. As it relates to source code security and binary security, what I've tried to do to help investors is to talk about the fact that the announcement, one, I think there was obviously a negative reaction, but maybe a miss on the positive potential of that announcement. Two, I'll start as well with the fact that if you make the assumption that I've secured everything because I've done security in source code, then there wouldn't be a need or high demand for one of the three reasons I buy Advanced Security from JFrog for binary, which is secrets detection, which has been done in source code for over 20 years. We just found a way that we think that actually helps you because even if I, the developer, say, "Yes, I will in fact go delete this password before I hit compile," if I happen to hit compile, that is now out there in the wild and is available to hackers and very malicious actors. You know, as it relates to kind of, you know, overall binaries and source code, I think as you said, they're very complementary. I've made the comment in other presentations, you may have heard that, you know, listen, we are the plumbing. JFrog is the plumbing, the infrastructure layer in your house, something that you were very incremental in your deployment with because having to go back on that would have been very painful and having to replace that's not very easy. Now, I'm no plumber. Replacing a kitchen sink is not very easy either, but it's easier than doing the plumbing. I think we've seen just even in the last 15 months, a lot of these tools that are used in source code changes who the leader is, and we wanna continue to integrate with those tools. As your quote stated, Jonathan, I think the real difference here, and one of the examples I've tried to use from the blog from our CTO that was written the Monday after that I think has really resonated with investors is, would you really like to have your trial if you were unfortunately involved in such a matter, be done with just two lawyers? They'd be continually, "Your motion's denied. No, your motion's denied." No, you're gonna need that lawyer in the courtroom to say, "Okay, Mr. Lawyer, be brilliant, do your thing, but here's the rules of my courtroom, my corporation, and do your thing within those rules." That's where JFrog and what binaries do. We're the governance and enforcement aspect of what the organization wants to happen as code and software is being built. Yeah. Ed, you wanted to? Yeah. No, what I was gonna say is you need the judge, not just the lawyer. It's Yes. The judge. Judge. Yeah, sorry. Yeah. Too many lawyers. Too many lawyers. Not enough judges. Not enough judges. Yes, yes. You know, the other thing I'm hearing from users is a team of developers could use 10 different static application or security composition analysis tools. There is still the need for kind of the human review of what those tools are telling you. Yeah. Just specifically to, you know, before we put this subject to rest, you know, Xray specifically, I know the adoption has been quite strong with the install base. Can you just clarify where that is? Then, you know, to your point, Ed, you know, you talked about, you know, the Advanced Security portfolio as being kind of more important, especially at the binary level. How that conversion has looked like from Xray, which is the starting point, to the actual security binaries, which is Advanced Security. Yeah. I'll start, Jeff, if you can fill in. Xray, first of all, that's part of the enterprise application or enterprise platform. It's also part of our Pro X subscription. That's included, that's ground zero in terms of security, and that does scanning capabilities. Once you bring the binary in. Organization that it scans and make sure that there's no malicious packages inside, the binary. The security, Advanced Security and Curation is an add-on, so that is a separate product. You have to have Artifactory and you have to be an enterprise customer in order to have Advanced Security or Curation. Now, what we see today is approximately 3,000 users, JFrog users, and customers that are on, using Xray. That is really our opportunity to go after, the add-on for Advanced Security and Curation. Today, we have hundreds of customers that are using it. We haven't given the number exactly, but we have hundreds of customers. You saw the results at the end of Q4. We have 16% of our RPO, 10% of ARR, 7% of our revenue that is coming from security. We certainly see great momentum coming from our security core products and customers are very pleased with protecting the outside or what we call protecting the castle through Curation, and we saw great momentum in the second half of 2025. We also see this adoption of Advanced Security as point solutions are being replaced and a consolidation from the point solutions to JFrog Advanced Security. Ed covered a lot. What I would just quickly add is kind of what I've alluded to in my first answer is the fact that let's look at what source code security is trying to do and what maybe even that announcement alluded to. We're gonna make better quality code. Great. If you're making a higher quality code and securing a better quality code, it is more likely than it is going to go into production, and we are going to have then a production binary which needs to be updated, maintained, stored. Versus today, speaking to my team internally that's very quote, "customer forward-facing," it's still the case even as of last week. We're still working with the agents to get it to do what we want. Build, compile, not good enough, bust. We're creating code and we're creating binaries, but it's not to the same scale of what it would be that when I put a production binary out there, I will have to do several updates to that. That will create additional data transfer and usage. I'll have to store that. I think that's another aspect that announcement, if they're gonna make the golden cup or golden chalice of code and source code great, it doesn't mean that it's over. It's the same thing that we've said that Ed just talked about our Curation product. In combination with Xray, we're not telling customers that because you have Curation deployed and you have a centralized kind of policy of what's even being brought into the organization, that you should stop using Xray. It's still best practice to continue to use Xray as well. I think there was this conception that I've made it so good on the source code side that I don't have to do any more security functionality after that point, and I think that was maybe a disconnect. Yeah. Yeah. Yeah. You know, there's so much, well I call it misinformation. I've got that, you know, just opinions on where this is all headed. Actually, Elon Musk predicted that AI. You're laughing, you know what I'm going to say. That AI will skip programming languages that humans use to go directly to the X's and O's, the machine readable format. You know, binaries in that example, if it were to come true, would see tremendous growth. Yeah. Did you have any thoughts on that? I mean, are you seeing in any customers the opportunity to kind of use these LLM models to go directly to the binary as opposed to starting off with human coding? I think that we're still understanding agents and wanting to use the agents. I think that that's a very forward-looking idea. I think it could be an idea that could come true as you start to see more of commoditization in the creation of code with the use of agents and what they can build. I don't know that it's anything we've yet heard, Jonathan, in terms of customers looking at that yet, because I still think that they're trying to solve the security, the implementation of agents. Things obviously are moving quickly in this day and age, but, you know, you're right. I think what that signals is that if we have to then or are able to start then at the binary. I think the importance of that asset will then also significantly increase, and we think that that will bring a lot of attention to JFrog as hopefully the system of record for that AI and for that binary. Yeah. Yeah, makes sense. I mean, you know, some of the questions I've had from investors is around when will Anthropic, you know, come out with a supply chain platform? Does that actually make economic sense then given all the money that they're having to spend to train models? I mean, is that a use case that can really generate the returns their investors require? You know, I think the bigger point is, you know, security is tough, right? You've got security engineers, you've got this domain knowledge that's taken years to build up the understanding of workflows, and you gotta tag metadata, you know, within the LLM models to be able to control those binaries and provide those guardrails. It's, you know, to me, I think when, where I sit, when I look at the potential worst case scenario, it would be an Anthropic or an OpenAI, you know, going out and just spending a ton of money upon, you know, a bunch of interesting startups that, you know, could compete with you as opposed to trying to do it internally. Anyway, I'm kind of meandering here. Yeah. Let's talk about the Switzerland. To me, it's very important to have, you know, kind of this trust to be independent. I think you've given an example of Anthropic generating a binary that is then used by OpenAI to create another artifact. You know, talk about the implication of that and why that sets you apart from, you know, maybe someone trying to do it within a model foundation. Well, I think to the gist of your question, Jonathan, I think it's much about that universality that's too integrated to fail. It goes back to the statement that I've been making that in this world, we've seen a very rapid evolution from who the quote-unquote leader or who is the tool of choice today for my AI developing. In that world, we've seen, you know, 15 months ago, Copilot, it was OpenAI. Today, you know, JFrog, we utilize Claude internally to build JFrog as well. I think that having that universality, because we obviously hear from investors as well. What about partnerships? We would love to work with all of these types of native AI or large language model companies. At the same time, I don't think you can point to one and say, "That's the one you need to work with," because we've already seen a landscape that is rapidly evolving as to who is the tool of choice for shift left in source code. And if you don't have that universality and you make that bet on, let's say, one horse, if that horse isn't the horse that ends up winning, then you don't have that ability to be true to the underlying infrastructure for an organization or software development. Yeah. Makes sense. Now you have referenced a foundational model provider who's looking to use Artifactory as a control plane for thousands of AI models. Can you just, you know, elaborate on what that looks like? Is it primarily around storage and distribution, or does it also expand into modern monitoring and governance and security? Yeah. At this stage, it's about storage and distribution. This is a customer that landed with JFrog in Q1. It started off as a self-hosted. Today, it's still a self-hosted, and they took an Enterprise Plus subscription. In Q2, that customer expanded and doubled the ARR, and now today it's over $1 million in terms of ARR. They're using that for the storage of their models and the distribution of their models. They also use it to build their infrastructure as well in terms of updates and deploying those updates. It's a great case. It's a foundational AI customer. We have three of the top five. We openly speak about one of those, which is NVIDIA. The other two we can't speak about. Of those top five, we speak with all of them. There could be an opportunity in the future to have all five of the foundational AI companies as JFrog customers. Yeah. Oh, go ahead. The other two you made, is that from systems or the? Yes. Today, the other two are using homegrown tools or trying to put together open source. We're, as I mentioned, in discussion with them, hoping to standardize them on JFrog. I wanted to just touch on Q4. The SaaS revenues grew, revenue grew 42%. You know, you're continuing to see usage, you know, beyond the, you know, committed package. Let's touch on that. From what I understand, overages are priced at a 20%-25% premium to negotiated rates. So that's a pretty, you know, material uptick. Then that, you know, provides an incentive for the customer to come back and you to negotiate, you know, a more favorable rate. But, you know, it certainly has, you know, a positive impact on ARR. If you just talk about, you know, the type of customer within the install base where you're seeing that behavior, is it isolated to a certain segment or is this broad-based? Then the drivers in terms of, you know, you talked about the PyPI and, you know, the containers and, you know, some of these applications having a bigger memory footprint. You know, what's that dynamic that ultimately drives that higher consumption? Sure. It's a great question. We actually did 45% year-over-year growth for the year, 42% in the quarter, and we're very pleased with where the cloud growth went on a year-over-year basis. It was an incredible year. We saw something in 2025 that we had not seen in 2024, which was usage over minimum commit. So customers are using. There was a push maybe from management or the board to innovate. Much of that was conventional package types, but we did see this emerging trend coming from native AI package types. So, Hugging Face, Conda, PyPI, these are packages that we know are specific to AI, and we saw a significant increase in those package types throughout the year. Now, in addition to that, Jonathan, you talked about how. Was it narrow? Was it broad? This was broad-based. It was across every single industry. We penetrate top ten across all industries. We have 80%+ of the Fortune 100, and there was not an industry where we did not see an increase for a customer that was exceeding minimum commitments. It was very positive from that perspective that it wasn't concentrated into one industry, but broad-based. Third was around what we are doing today now to capture those customers that are spending above their minimum commits and converting that to an annual commitment and increasing the minimum commitment, so that way, we have better visibility and clarity around where we're going to guide going forward. The word, the keyword here is clarity. Many of the customers today do not have clarity around what AI and what their workloads are gonna look like in the future. Therefore, they're willing to spend more than their annual minimum commits and maybe even go into an annual commit rate that's higher than their contractual minimum commit rate. If it's a 20%-25% increase in terms of the data consumption usage, they're willing to do that until they have true clarity. Once they have the clarity, then they're willing to commit with JFrog. We can't go after every single customer. It wouldn't make sense for us to go after every single customer that's spending over their minimum commit. Certainly, those large customers that have consistent continued use over the minimum commitment, we will certainly have an engaged conversation with those customers. It economically makes sense for them to commit to a larger commitment, annual commitment with JFrog. They get better unit economics. They go into a higher tier or higher usage, and a better tiered pricing, and it becomes a benefit to them. It's also a benefit to JFrog because we have better visibility on our commitments going forward and improves our ability to guide. Are you at the point where customers have that visibility and they're willing to commit, or is it still very much, "Let's kinda see if this is something that's sustained in terms of how we use JFrog now? We had success in 2025 in converting some of those customers. We're still speaking with those customers on a daily basis, and I wouldn't say that there's full clarity at this stage, but I believe that several customers in the future should be able to commit to higher annual commitments with JFrog. Just remind us also on the guidance philosophy. I think you established this outlook that's based on a floor including any kind of upside potential from these, you know, overages and also large deals. Just update us on that. Yeah. We actually changed the guidance philosophy mid-2024. There was a cadence of somewhere between 1% and 1.5% beat. Even if I take a step back, I'm stepping into year three as the CFO. I've been with the company seven years. The company has changed. There's been tectonic shifts in the way that this company has shifted and the go-to-market, the size of the deals, the ASPs. We would have, say, three or four years ago, a $200,000 deal was a very big deal for JFrog. But if that deal pushed, it was easy to pull three or four deals that were in the tens of thousands to cover that deal. Today, we have seven and eight-figure deals. Those deals are a little bit more difficult regardless of how many of those you have in the pipeline to pull earlier into the quarter and close. Therefore, we changed our philosophy. We wanted to be very responsible. We excluded our largest deals. Many of those are deals that either have a migration from self-hosted to cloud or they're taking security. They go through long negotiations that include procurement, maybe even the office of the CFO to sign off, and uncertainty in timing of when those will close, so we exclude those from our guidance. The second piece is the usage over the minimum commit. We saw heavy usage over minimum commits in 2025. We exclude that, and by doing that, we establish, as you mentioned, a floor. What we guide is a floor. 31% in the midpoint for our cloud is a floor. We would expect that assuming no large deals, no usage over minimum commit, 31% year-over-year growth in the cloud would be very, very reasonable. If we continue to see the trends that we saw in 2025, then there could be meaningful upside to those numbers. How do you quantify a large deal? A large deal not necessarily is quantified by a number because that number could change over time by the complexity of the deal. It could be, as I mentioned, a migration from self-hosted to cloud. It could be taking on security. It could be a significant increase driven by usage, and they have to take a commitment on a larger annual package, which could be multiple millions of dollars over a long period of time, say two or three years. The complexity of the deal is really what drives the decision of a de-risk. Yeah. Let me see. Any questions, Justin? You know, just out here with John and Corey, you know, sort of introduced some product last week. Like, you've obviously had to, in order to reduce something to look better. How much work was involved in this product? Was this the best, or how do you guys do 30-day turn on that deal? This is sort of, these things have changed so much from a perception to just another 30-day, another 60-day, and people realize, like, what is, like, what do you guys think is around the corner? Like, why don't you show us that this is raw human error that would be here that are actually being developed, and this is happening for a reason. Yeah. Yeah. Why don't I start, Jeff, and then you can fill in with your opinion on this. It's a great question. The question was, how do you change the perception? Every Friday, some new news right at the market close is coming out and we're defending ourselves as AI defendable company. Why are you AI defendable? My job has certainly changed. It's no longer talking about what JFrog is doing so great and the execution that we've done over the past year and probably had the best year in the history. I'm defending JFrog every single day for the last month and a half since we've had our earnings. But that's okay. I don't mind doing that. There's three things that we thought about on February 20th at 2 P.M. after that news came out. The first was, we created a blog by our CTO and co-founder, which I think really gave good insights around why JFrog is defendable against source code scanning and what JFrog does in the binary. Jeff articulated one point really good, which is you'll have a room of lawyers which are your agents, and those lawyers will argue the case, but you have to have a judge that governs and controls what goes in and out of your organization.You have to be able to go through each of those check gates, and that has to be managed and automated. It cannot be done by agents. The second is the buyback, which I'm sure we'll talk about. We immediately had a board meeting, and we deployed $300 million of capital to be able to do a buyback. Why would we do that? First of all, we're very fortunate that we drive a significant amount of free cash flow that gives us the opportunity to do this. It also gave us an opportunity where maybe, you know, investors and the market over-rotated based on the fundamentals of the business. We took advantage of that, and we did a $300 million buyback. The third leg of the stool, so to speak, is gonna have to be execution. The only way to disprove this theory that JFrog is gonna be displaced by the AI labs is to continue to execute. As long as we execute, I think ultimately the market will come back and understand truly that the value is not, or that JFrog is not gonna be replaced, but the value will be a collaboration between the AI labs that are driving efficiency for developers and source code, and the hosting of those binaries and securing, deploying those binaries through a single source of truth or a system of record, and that being JFrog. I'll just quickly add, I think the thing that I would say is it's always my job, obviously, as CEO, I already get out there and talk with all of you and try to educate you as to how we see things. I think we've done that. I think we'll continue to focus, as Ed said, on our execution. That's what we can control. That being said, I would like to say this, that I think a lot of the argument that's been made is very simplistic in nature, and this is not something you can oversimplify. Very similar to what started when I was here four years ago with you collectively as an investment group saying that a company that created source code was going to move right and mud stomp us because binaries are nothing, and there was gonna be one platform for them all in an enterprise. One platform for them all is not something that the enterprise is interested in. This is a very oversimplified thing, and I think at this time, instead of oversimplifying things, I think some investors would be very well served to talk to our customers after hearing the quote that Jonathan just gave and understanding that the people that are buying JFrog, how they view this versus what I think is a very much more oversimplified view of what Wall Street's taking today. Yeah. We have less than two minutes. Any other questions from the audience? You know, one thing that I think, you know, from my perspective, would be important to demonstrate over the next 12 months is, you know, you talk about, you know, supply chains, the supply chain for software, and then how a lot of those capabilities are relevant to AI models, AI development, and also ML development. And I know it's early in that journey, but anything that you can share as relates to are customers seeing governance control, you know, security, the other controls as they build ML models similarly to how they've developed software? Is that approach starting to resonate with those customers? Well, I think the governance aspect and the DevOps that we introduced in early September at our user conference swampUP last year in 2025 was very forward-thinking to where we are today. It was the first of its kind product. Again, a pain point that our customers had brought to JFrog to solve a pain point for customers, where today I'm manually keeping these records in Excel spreadsheets or what have you of the gates that have been passed as I build an application to have a record of that to present if something was to go wrong. This ties into another example I've tried to use in saying that, God forbid I wake up one day and say, "Well, I'm gonna just go ahead and secure my whole software stack with Claude," and then we have a breach, and I can't go into the courtroom and say, "Well, Claude fixed it right here in the chat." Okay, I'm gonna need to have this digital record at every gate and that every gate was passed. Now JFrog is offering our AppTrust solution that we're rolling out to customers this year, and that does the exact thing that we're talking about, the governance layer of keeping a record so that you have every gate stored in that platform for every build. We think that the customers have had a great response to this, and you heard it even at swampUP from some of our customers talked about the product. I think that's the next opportunity that we can bring to the market to add in terms of products to the platform. Yep. All right. Well, fantastic. I think that hits our time limit. Ed, Jeff, thank you very much. Thanks everybody for attending. Thank you, Jonathan.

Speaker 3: Okay, we're gonna get started. My name is Jonathan Ruykhaver. I cover most of the cyber names at Cantor Fitzgerald. Really pleased to be able to have JFrog today from the company and Ed Grabscheid, CFO, and Jeff Schreiner, who runs IR. So it's been a you know, interesting few weeks. I think you guys probably took it worse than anybody when Anthropic announced Claude Code, which was interesting because it had been in preview for you know, several weeks, so you could go and read how the developers were using it. But you know, the actual headline you know, was I guess available you know, drove your stock down 25%. It it's interesting. Okay, we're gonna get started. okay we're gonna get started My name is Jonathan Ruykhaver. my name is jonathan ruykhaver I cover most of the cyber names at Cantor Fitzgerald. i cover most of the cyber names at cantor fitzgerald Really pleased to be able to have JFrog today from the company and Ed Grabscheid, CFO, and Jeff Schreiner, who runs IR. really pleased to be able to have jfrog today from the company and ed grabscheid cfo and jeff schreiner who runs ir So it's been a you know, interesting few weeks. so it's been a you know interesting few weeks I think you guys probably took it worse than anybody when Anthropic announced Claude Code, which was interesting because it had been in preview for you know, several weeks, so you could go and read how the developers were using it. i think you guys probably took it worse than anybody when anthropic announced claude code which was interesting because it had been in preview for you know several weeks so you could go and read how the developers were using it But you know, the actual headline you know, was I guess available you know, drove your stock down 25%. but you know the actual headline you know was i guess available you know drove your stock down 25% It it's interesting. it it's interesting We reached out to several customers and was able to talk to one large customer in the telco vertical. I just wanna read this quote because I think it's a good starting point to try to understand how you've differentiated what the value proposition is. But this is what he said. Let me find. Okay, so quote, "LLM reasoning is not enough as it cannot validate trust, it cannot enforce policy, it cannot secure dependencies against scanned binaries or ML models, nor can it do anything around monitoring runtime systems." They basically said they're complementary. It's not a replacement to a broader supply chain platform. We reached out to several customers and was able to talk to one large customer in the telco vertical. we reached out to several customers and was able to talk to one large customer in the telco vertical I just wanna read this quote because I think it's a good starting point to try to understand how you've differentiated what the value proposition is. i just wanna read this quote because i think it's a good starting point to try to understand how you've differentiated what the value proposition is But this is what he said. but this is what he said Let me find. let me find Okay, so quote, "LLM reasoning is not enough as it cannot validate trust, it cannot enforce policy, it cannot secure dependencies against scanned binaries or ML models, nor can it do anything around monitoring runtime systems." They basically said they're complementary. okay so quote "llm reasoning is not enough as it cannot validate trust it cannot enforce policy it cannot secure dependencies against scanned binaries or ml models nor can it do anything around monitoring runtime systems." they basically said they're complementary It's not a replacement to a broader supply chain platform. it's not a replacement to a broader supply chain platform Maybe just, you know, start on that positioning. I think the one nuance that investors struggle with is just, you know, code-level security and binary security, and really kinda dig into how that differentiates JFrog and, you know, why you think it's defensible. Maybe just, you know, start on that positioning. maybe just you know start on that positioning I think the one nuance that investors struggle with is just, you know, code-level security and binary security, and really kinda dig into how that differentiates JFrog and, you know, why you think it's defensible. i think the one nuance that investors struggle with is just you know code-level security and binary security and really kinda dig into how that differentiates jfrog and you know why you think it's defensible

Speaker 2: Yeah. Thank you very much for the question, Jonathan. Thank you for the quote as well. Very helpful, I think, for many investors. I think one of the big, I guess, misconceptions and sometimes between investors is the difference of source code and binaries, and that there is a very distinct difference. I think to start in terms of the easiest distinction is that one is deployed into the wild, the binary, and is exposed out into the wild. One is kept very well protected and behind your firewall within the organization and never leaves the firewall. Yeah. yeah Thank you very much for the question, Jonathan. thank you very much for the question jonathan Thank you for the quote as well. thank you for the quote as well Very helpful, I think, for many investors. very helpful i think for many investors I think one of the big, I guess, misconceptions and sometimes between investors is the difference of source code and binaries, and that there is a very distinct difference. i think one of the big i guess misconceptions and sometimes between investors is the difference of source code and binaries and that there is a very distinct difference I think to start in terms of the easiest distinction is that one is deployed into the wild, the binary, and is exposed out into the wild. i think to start in terms of the easiest distinction is that one is deployed into the wild the binary and is exposed out into the wild One is kept very well protected and behind your firewall within the organization and never leaves the firewall. one is kept very well protected and behind your firewall within the organization and never leaves the firewall As it relates to source code security and binary security, what I've tried to do to help investors is to talk about the fact that the announcement, one, I think there was obviously a negative reaction, but maybe a miss on the positive potential of that announcement. Two, I'll start as well with the fact that if you make the assumption that I've secured everything because I've done security in source code, then there wouldn't be a need or high demand for one of the three reasons I buy Advanced Security from JFrog for binary, which is secrets detection, which has been done in source code for over 20 years. As it relates to source code security and binary security, what I've tried to do to help investors is to talk about the fact that the announcement, one, I think there was obviously a negative reaction, but maybe a miss on the positive potential of that announcement. as it relates to source code security and binary security what i've tried to do to help investors is to talk about the fact that the announcement one i think there was obviously a negative reaction but maybe a miss on the positive potential of that announcement Two, I'll start as well with the fact that if you make the assumption that I've secured everything because I've done security in source code, then there wouldn't be a need or high demand for one of the three reasons I buy Advanced Security from JFrog for binary, which is secrets detection, which has been done in source code for over 20 years. two i'll start as well with the fact that if you make the assumption that i've secured everything because i've done security in source code then there wouldn't be a need or high demand for one of the three reasons i buy advanced security from jfrog for binary which is secrets detection which has been done in source code for over 20 years We just found a way that we think that actually helps you because even if I, the developer, say, "Yes, I will in fact go delete this password before I hit compile," if I happen to hit compile, that is now out there in the wild and is available to hackers and very malicious actors. You know, as it relates to kind of, you know, overall binaries and source code, I think as you said, they're very complementary. I've made the comment in other presentations, you may have heard that, you know, listen, we are the plumbing. We just found a way that we think that actually helps you because even if I, the developer, say, "Yes, I will in fact go delete this password before I hit compile," if I happen to hit compile, that is now out there in the wild and is available to hackers and very malicious actors. we just found a way that we think that actually helps you because even if i the developer say "yes i will in fact go delete this password before i hit compile," if i happen to hit compile that is now out there in the wild and is available to hackers and very malicious actors You know, as it relates to kind of, you know, overall binaries and source code, I think as you said, they're very complementary. you know as it relates to kind of you know overall binaries and source code i think as you said they're very complementary I've made the comment in other presentations, you may have heard that, you know, listen, we are the plumbing. i've made the comment in other presentations you may have heard that you know listen we are the plumbing JFrog is the plumbing, the infrastructure layer in your house, something that you were very incremental in your deployment with because having to go back on that would have been very painful and having to replace that's not very easy. Now, I'm no plumber. Replacing a kitchen sink is not very easy either, but it's easier than doing the plumbing. I think we've seen just even in the last 15 months, a lot of these tools that are used in source code changes who the leader is, and we wanna continue to integrate with those tools. JFrog is the plumbing, the infrastructure layer in your house, something that you were very incremental in your deployment with because having to go back on that would have been very painful and having to replace that's not very easy. jfrog is the plumbing the infrastructure layer in your house something that you were very incremental in your deployment with because having to go back on that would have been very painful and having to replace that's not very easy Now, I'm no plumber. now i'm no plumber Replacing a kitchen sink is not very easy either, but it's easier than doing the plumbing. replacing a kitchen sink is not very easy either but it's easier than doing the plumbing I think we've seen just even in the last 15 months, a lot of these tools that are used in source code changes who the leader is, and we wanna continue to integrate with those tools. i think we've seen just even in the last 15 months a lot of these tools that are used in source code changes who the leader is and we wanna continue to integrate with those tools As your quote stated, Jonathan, I think the real difference here, and one of the examples I've tried to use from the blog from our CTO that was written the Monday after that I think has really resonated with investors is, would you really like to have your trial if you were unfortunately involved in such a matter, be done with just two lawyers? They'd be continually, "Your motion's denied. No, your motion's denied." No, you're gonna need that lawyer in the courtroom to say, "Okay, Mr. As your quote stated, Jonathan, I think the real difference here, and one of the examples I've tried to use from the blog from our CTO that was written the Monday after that I think has really resonated with investors is, would you really like to have your trial if you were unfortunately involved in such a matter, be done with just two lawyers? as your quote stated jonathan i think the real difference here and one of the examples i've tried to use from the blog from our cto that was written the monday after that i think has really resonated with investors is would you really like to have your trial if you were unfortunately involved in such a matter be done with just two lawyers They'd be continually, "Your motion's denied. they'd be continually "your motion's denied No, your motion's denied." No, you're gonna need that lawyer in the courtroom to say, "Okay, Mr. no your motion's denied." no you're gonna need that lawyer in the courtroom to say "okay mr Lawyer, be brilliant, do your thing, but here's the rules of my courtroom, my corporation, and do your thing within those rules." That's where JFrog and what binaries do. We're the governance and enforcement aspect of what the organization wants to happen as code and software is being built. Lawyer, be brilliant, do your thing, but here's the rules of my courtroom, my corporation, and do your thing within those rules." That's where JFrog and what binaries do. lawyer be brilliant do your thing but here's the rules of my courtroom my corporation and do your thing within those rules." that's where jfrog and what binaries do We're the governance and enforcement aspect of what the organization wants to happen as code and software is being built. we're the governance and enforcement aspect of what the organization wants to happen as code and software is being built

Speaker 3: Yeah. Ed, you wanted to? Yeah. yeah Ed, you wanted to? ed you wanted to

Speaker 1: Yeah. No, what I was gonna say is you need the judge, not just the lawyer. It's Yeah. yeah No, what I was gonna say is you need the judge, not just the lawyer. no what i was gonna say is you need the judge not just the lawyer It's it's

Speaker 2: Yes. Yes. yes

Speaker 3: The judge. The judge. the judge

Speaker 2: Judge. Yeah, sorry. Judge. judge Yeah, sorry. yeah sorry

Speaker 1: Yeah. Yeah. yeah

Speaker 3: Too many lawyers. Too many lawyers. too many lawyers

Speaker 2: Too many lawyers. Too many lawyers. too many lawyers

Speaker 1: Not enough judges. Not enough judges. not enough judges

Speaker 2: Not enough judges. Yes, yes. Not enough judges. not enough judges Yes, yes. yes yes

Speaker 3: You know, the other thing I'm hearing from users is a team of developers could use 10 different static application or security composition analysis tools. There is still the need for kind of the human review of what those tools are telling you. You know, the other thing I'm hearing from users is a team of developers could use 10 different static application or security composition analysis tools. you know the other thing i'm hearing from users is a team of developers could use 10 different static application or security composition analysis tools There is still the need for kind of the human review of what those tools are telling you. there is still the need for kind of the human review of what those tools are telling you

Speaker 2: Yeah. Yeah. yeah

Speaker 3: Just specifically to, you know, before we put this subject to rest, you know, Xray specifically, I know the adoption has been quite strong with the install base. Can you just clarify where that is? Then, you know, to your point, Ed, you know, you talked about, you know, the Advanced Security portfolio as being kind of more important, especially at the binary level. How that conversion has looked like from Xray, which is the starting point, to the actual security binaries, which is Advanced Security. Just specifically to, you know, before we put this subject to rest, you know, Xray specifically, I know the adoption has been quite strong with the install base. just specifically to you know before we put this subject to rest you know xray specifically i know the adoption has been quite strong with the install base Can you just clarify where that is? can you just clarify where that is Then, you know, to your point, Ed, you know, you talked about, you know, the Advanced Security portfolio as being kind of more important, especially at the binary level. then you know to your point ed you know you talked about you know the advanced security portfolio as being kind of more important especially at the binary level How that conversion has looked like from Xray, which is the starting point, to the actual security binaries, which is Advanced Security. how that conversion has looked like from xray which is the starting point to the actual security binaries which is advanced security

Speaker 1: Yeah. I'll start, Jeff, if you can fill in. Xray, first of all, that's part of the enterprise application or enterprise platform. It's also part of our Pro X subscription. That's included, that's ground zero in terms of security, and that does scanning capabilities. Once you bring the binary in. Organization that it scans and make sure that there's no malicious packages inside, the binary. The security, Advanced Security and Curation is an add-on, so that is a separate product. You have to have Artifactory and you have to be an enterprise customer in order to have Advanced Security or Curation. Yeah. yeah I'll start, Jeff, if you can fill in. i'll start jeff if you can fill in Xray, first of all, that's part of the enterprise application or enterprise platform. xray first of all that's part of the enterprise application or enterprise platform It's also part of our Pro X subscription. it's also part of our pro x subscription That's included, that's ground zero in terms of security, and that does scanning capabilities. that's included that's ground zero in terms of security and that does scanning capabilities Once you bring the binary in. once you bring the binary in Organization that it scans and make sure that there's no malicious packages inside, the binary. organization that it scans and make sure that there's no malicious packages inside the binary The security, Advanced Security and Curation is an add-on, so that is a separate product. the security advanced security and curation is an add-on so that is a separate product You have to have Artifactory and you have to be an enterprise customer in order to have Advanced Security or Curation. you have to have artifactory and you have to be an enterprise customer in order to have advanced security or curation Now, what we see today is approximately 3,000 users, JFrog users, and customers that are on, using Xray. That is really our opportunity to go after, the add-on for Advanced Security and Curation. Today, we have hundreds of customers that are using it. We haven't given the number exactly, but we have hundreds of customers. You saw the results at the end of Q4. We have 16% of our RPO, 10% of ARR, 7% of our revenue that is coming from security. Now, what we see today is approximately 3,000 users, JFrog users, and customers that are on, using Xray. now what we see today is approximately 3,000 users jfrog users and customers that are on using xray That is really our opportunity to go after, the add-on for Advanced Security and Curation. that is really our opportunity to go after the add-on for advanced security and curation Today, we have hundreds of customers that are using it. today we have hundreds of customers that are using it We haven't given the number exactly, but we have hundreds of customers. we haven't given the number exactly but we have hundreds of customers You saw the results at the end of Q4. you saw the results at the end of q4 We have 16% of our RPO, 10% of ARR, 7% of our revenue that is coming from security. we have 16% of our rpo 10% of arr 7% of our revenue that is coming from security We certainly see great momentum coming from our security core products and customers are very pleased with protecting the outside or what we call protecting the castle through Curation, and we saw great momentum in the second half of 2025. We also see this adoption of Advanced Security as point solutions are being replaced and a consolidation from the point solutions to JFrog Advanced Security. We certainly see great momentum coming from our security core products and customers are very pleased with protecting the outside or what we call protecting the castle through Curation, and we saw great momentum in the second half of 2025. we certainly see great momentum coming from our security core products and customers are very pleased with protecting the outside or what we call protecting the castle through curation and we saw great momentum in the second half of 2025 We also see this adoption of Advanced Security as point solutions are being replaced and a consolidation from the point solutions to JFrog Advanced Security. we also see this adoption of advanced security as point solutions are being replaced and a consolidation from the point solutions to jfrog advanced security

Speaker 2: Ed covered a lot. What I would just quickly add is kind of what I've alluded to in my first answer is the fact that let's look at what source code security is trying to do and what maybe even that announcement alluded to. We're gonna make better quality code. Great. If you're making a higher quality code and securing a better quality code, it is more likely than it is going to go into production, and we are going to have then a production binary which needs to be updated, maintained, stored. Versus today, speaking to my team internally that's very quote, "customer forward-facing," it's still the case even as of last week. Ed covered a lot. ed covered a lot What I would just quickly add is kind of what I've alluded to in my first answer is the fact that let's look at what source code security is trying to do and what maybe even that announcement alluded to. what i would just quickly add is kind of what i've alluded to in my first answer is the fact that let's look at what source code security is trying to do and what maybe even that announcement alluded to We're gonna make better quality code. we're gonna make better quality code Great. great If you're making a higher quality code and securing a better quality code, it is more likely than it is going to go into production, and we are going to have then a production binary which needs to be updated, maintained, stored. if you're making a higher quality code and securing a better quality code it is more likely than it is going to go into production and we are going to have then a production binary which needs to be updated maintained stored Versus today, speaking to my team internally that's very quote, "customer forward-facing," it's still the case even as of last week. versus today speaking to my team internally that's very quote "customer forward-facing," it's still the case even as of last week We're still working with the agents to get it to do what we want. Build, compile, not good enough, bust. We're creating code and we're creating binaries, but it's not to the same scale of what it would be that when I put a production binary out there, I will have to do several updates to that. That will create additional data transfer and usage. I'll have to store that. I think that's another aspect that announcement, if they're gonna make the golden cup or golden chalice of code and source code great, it doesn't mean that it's over. It's the same thing that we've said that Ed just talked about our Curation product. We're still working with the agents to get it to do what we want. we're still working with the agents to get it to do what we want Build, compile, not good enough, bust. build compile not good enough bust We're creating code and we're creating binaries, but it's not to the same scale of what it would be that when I put a production binary out there, I will have to do several updates to that. we're creating code and we're creating binaries but it's not to the same scale of what it would be that when i put a production binary out there i will have to do several updates to that That will create additional data transfer and usage. that will create additional data transfer and usage I'll have to store that. i'll have to store that I think that's another aspect that announcement, if they're gonna make the golden cup or golden chalice of code and source code great, it doesn't mean that it's over. i think that's another aspect that announcement if they're gonna make the golden cup or golden chalice of code and source code great it doesn't mean that it's over It's the same thing that we've said that Ed just talked about our Curation product. it's the same thing that we've said that ed just talked about our curation product In combination with Xray, we're not telling customers that because you have Curation deployed and you have a centralized kind of policy of what's even being brought into the organization, that you should stop using Xray. It's still best practice to continue to use Xray as well. I think there was this conception that I've made it so good on the source code side that I don't have to do any more security functionality after that point, and I think that was maybe a disconnect. In combination with Xray, we're not telling customers that because you have Curation deployed and you have a centralized kind of policy of what's even being brought into the organization, that you should stop using Xray. in combination with xray we're not telling customers that because you have curation deployed and you have a centralized kind of policy of what's even being brought into the organization that you should stop using xray It's still best practice to continue to use Xray as well. it's still best practice to continue to use xray as well I think there was this conception that I've made it so good on the source code side that I don't have to do any more security functionality after that point, and I think that was maybe a disconnect. i think there was this conception that i've made it so good on the source code side that i don't have to do any more security functionality after that point and i think that was maybe a disconnect

Speaker 3: Yeah. Yeah. yeah

Speaker 2: Yeah. Yeah. yeah

Speaker 3: Yeah. You know, there's so much, well I call it misinformation. I've got that, you know, just opinions on where this is all headed. Actually, Elon Musk predicted that AI. You're laughing, you know what I'm going to say. That AI will skip programming languages that humans use to go directly to the X's and O's, the machine readable format. You know, binaries in that example, if it were to come true, would see tremendous growth. Yeah. yeah You know, there's so much, well I call it misinformation. you know there's so much well i call it misinformation I've got that, you know, just opinions on where this is all headed. i've got that you know just opinions on where this is all headed Actually, Elon Musk predicted that AI. actually elon musk predicted that ai You're laughing, you know what I'm going to say. you're laughing you know what i'm going to say That AI will skip programming languages that humans use to go directly to the X's and O's, the machine readable format. that ai will skip programming languages that humans use to go directly to the x's and o's the machine readable format You know, binaries in that example, if it were to come true, would see tremendous growth. you know binaries in that example if it were to come true would see tremendous growth

Speaker 2: Yeah. Yeah. yeah

Speaker 3: Did you have any thoughts on that? I mean, are you seeing in any customers the opportunity to kind of use these LLM models to go directly to the binary as opposed to starting off with human coding? Did you have any thoughts on that? did you have any thoughts on that I mean, are you seeing in any customers the opportunity to kind of use these LLM models to go directly to the binary as opposed to starting off with human coding? i mean are you seeing in any customers the opportunity to kind of use these llm models to go directly to the binary as opposed to starting off with human coding

Speaker 2: I think that we're still understanding agents and wanting to use the agents. I think that that's a very forward-looking idea. I think it could be an idea that could come true as you start to see more of commoditization in the creation of code with the use of agents and what they can build. I don't know that it's anything we've yet heard, Jonathan, in terms of customers looking at that yet, because I still think that they're trying to solve the security, the implementation of agents. Things obviously are moving quickly in this day and age, but, you know, you're right. I think that we're still understanding agents and wanting to use the agents. i think that we're still understanding agents and wanting to use the agents I think that that's a very forward-looking idea. i think that that's a very forward-looking idea I think it could be an idea that could come true as you start to see more of commoditization in the creation of code with the use of agents and what they can build. i think it could be an idea that could come true as you start to see more of commoditization in the creation of code with the use of agents and what they can build I don't know that it's anything we've yet heard, Jonathan, in terms of customers looking at that yet, because I still think that they're trying to solve the security, the implementation of agents. i don't know that it's anything we've yet heard jonathan in terms of customers looking at that yet because i still think that they're trying to solve the security the implementation of agents Things obviously are moving quickly in this day and age, but, you know, you're right. things obviously are moving quickly in this day and age but you know you're right I think what that signals is that if we have to then or are able to start then at the binary. I think the importance of that asset will then also significantly increase, and we think that that will bring a lot of attention to JFrog as hopefully the system of record for that AI and for that binary. I think what that signals is that if we have to then or are able to start then at the binary. i think what that signals is that if we have to then or are able to start then at the binary I think the importance of that asset will then also significantly increase, and we think that that will bring a lot of attention to JFrog as hopefully the system of record for that AI and for that binary. i think the importance of that asset will then also significantly increase and we think that that will bring a lot of attention to jfrog as hopefully the system of record for that ai and for that binary

Speaker 3: Yeah. Yeah, makes sense. I mean, you know, some of the questions I've had from investors is around when will Anthropic, you know, come out with a supply chain platform? Does that actually make economic sense then given all the money that they're having to spend to train models? I mean, is that a use case that can really generate the returns their investors require? You know, I think the bigger point is, you know, security is tough, right? You've got security engineers, you've got this domain knowledge that's taken years to build up the understanding of workflows, and you gotta tag metadata, you know, within the LLM models to be able to control those binaries and provide those guardrails. Yeah. yeah Yeah, makes sense. yeah makes sense I mean, you know, some of the questions I've had from investors is around when will Anthropic, you know, come out with a supply chain platform? i mean you know some of the questions i've had from investors is around when will anthropic you know come out with a supply chain platform Does that actually make economic sense then given all the money that they're having to spend to train models? does that actually make economic sense then given all the money that they're having to spend to train models I mean, is that a use case that can really generate the returns their investors require? i mean is that a use case that can really generate the returns their investors require You know, I think the bigger point is, you know, security is tough, right? you know i think the bigger point is you know security is tough right You've got security engineers, you've got this domain knowledge that's taken years to build up the understanding of workflows, and you gotta tag metadata, you know, within the LLM models to be able to control those binaries and provide those guardrails. you've got security engineers you've got this domain knowledge that's taken years to build up the understanding of workflows and you gotta tag metadata you know within the llm models to be able to control those binaries and provide those guardrails It's, you know, to me, I think when, where I sit, when I look at the potential worst case scenario, it would be an Anthropic or an OpenAI, you know, going out and just spending a ton of money upon, you know, a bunch of interesting startups that, you know, could compete with you as opposed to trying to do it internally. Anyway, I'm kind of meandering here. It's, you know, to me, I think when, where I sit, when I look at the potential worst case scenario, it would be an Anthropic or an OpenAI, you know, going out and just spending a ton of money upon, you know, a bunch of interesting startups that, you know, could compete with you as opposed to trying to do it internally. it's you know to me i think when where i sit when i look at the potential worst case scenario it would be an anthropic or an openai you know going out and just spending a ton of money upon you know a bunch of interesting startups that you know could compete with you as opposed to trying to do it internally Anyway, I'm kind of meandering here. anyway i'm kind of meandering here

Speaker 2: Yeah. Yeah. yeah

Speaker 3: Let's talk about the Switzerland. To me, it's very important to have, you know, kind of this trust to be independent. I think you've given an example of Anthropic generating a binary that is then used by OpenAI to create another artifact. You know, talk about the implication of that and why that sets you apart from, you know, maybe someone trying to do it within a model foundation. Let's talk about the Switzerland. let's talk about the switzerland To me, it's very important to have, you know, kind of this trust to be independent. to me it's very important to have you know kind of this trust to be independent I think you've given an example of Anthropic generating a binary that is then used by OpenAI to create another artifact. i think you've given an example of anthropic generating a binary that is then used by openai to create another artifact You know, talk about the implication of that and why that sets you apart from, you know, maybe someone trying to do it within a model foundation. you know talk about the implication of that and why that sets you apart from you know maybe someone trying to do it within a model foundation

Speaker 2: Well, I think to the gist of your question, Jonathan, I think it's much about that universality that's too integrated to fail. It goes back to the statement that I've been making that in this world, we've seen a very rapid evolution from who the quote-unquote leader or who is the tool of choice today for my AI developing. In that world, we've seen, you know, 15 months ago, Copilot, it was OpenAI. Today, you know, JFrog, we utilize Claude internally to build JFrog as well. I think that having that universality, because we obviously hear from investors as well. What about partnerships? We would love to work with all of these types of native AI or large language model companies. Well, I think to the gist of your question, Jonathan, I think it's much about that universality that's too integrated to fail. well i think to the gist of your question jonathan i think it's much about that universality that's too integrated to fail It goes back to the statement that I've been making that in this world, we've seen a very rapid evolution from who the quote-unquote leader or who is the tool of choice today for my AI developing. it goes back to the statement that i've been making that in this world we've seen a very rapid evolution from who the quote-unquote leader or who is the tool of choice today for my ai developing In that world, we've seen, you know, 15 months ago, Copilot, it was OpenAI. in that world we've seen you know 15 months ago copilot it was openai Today, you know, JFrog, we utilize Claude internally to build JFrog as well. today you know jfrog we utilize claude internally to build jfrog as well I think that having that universality, because we obviously hear from investors as well. i think that having that universality because we obviously hear from investors as well What about partnerships? what about partnerships We would love to work with all of these types of native AI or large language model companies. we would love to work with all of these types of native ai or large language model companies At the same time, I don't think you can point to one and say, "That's the one you need to work with," because we've already seen a landscape that is rapidly evolving as to who is the tool of choice for shift left in source code. And if you don't have that universality and you make that bet on, let's say, one horse, if that horse isn't the horse that ends up winning, then you don't have that ability to be true to the underlying infrastructure for an organization or software development. At the same time, I don't think you can point to one and say, "That's the one you need to work with," because we've already seen a landscape that is rapidly evolving as to who is the tool of choice for shift left in source code. at the same time i don't think you can point to one and say "that's the one you need to work with," because we've already seen a landscape that is rapidly evolving as to who is the tool of choice for shift left in source code And if you don't have that universality and you make that bet on, let's say, one horse, if that horse isn't the horse that ends up winning, then you don't have that ability to be true to the underlying infrastructure for an organization or software development. and if you don't have that universality and you make that bet on let's say one horse if that horse isn't the horse that ends up winning then you don't have that ability to be true to the underlying infrastructure for an organization or software development

Speaker 3: Yeah. Makes sense. Now you have referenced a foundational model provider who's looking to use Artifactory as a control plane for thousands of AI models. Can you just, you know, elaborate on what that looks like? Is it primarily around storage and distribution, or does it also expand into modern monitoring and governance and security? Yeah. yeah Makes sense. makes sense Now you have referenced a foundational model provider who's looking to use Artifactory as a control plane for thousands of AI models. now you have referenced a foundational model provider who's looking to use artifactory as a control plane for thousands of ai models Can you just, you know, elaborate on what that looks like? can you just you know elaborate on what that looks like Is it primarily around storage and distribution, or does it also expand into modern monitoring and governance and security? is it primarily around storage and distribution or does it also expand into modern monitoring and governance and security

Speaker 1: Yeah. At this stage, it's about storage and distribution. This is a customer that landed with JFrog in Q1. It started off as a self-hosted. Today, it's still a self-hosted, and they took an Enterprise Plus subscription. In Q2, that customer expanded and doubled the ARR, and now today it's over $1 million in terms of ARR. They're using that for the storage of their models and the distribution of their models. They also use it to build their infrastructure as well in terms of updates and deploying those updates. It's a great case. It's a foundational AI customer. We have three of the top five. Yeah. yeah at At this stage, it's about storage and distribution. at this stage it's about storage and distribution This is a customer that landed with JFrog in Q1. this is a customer that landed with jfrog in q1 It started off as a self-hosted. it started off as a self-hosted Today, it's still a self-hosted, and they took an Enterprise Plus subscription. today it's still a self-hosted and they took an enterprise plus subscription In Q2, that customer expanded and doubled the ARR, and now today it's over $1 million in terms of ARR. in q2 that customer expanded and doubled the arr and now today it's over $1 million in terms of arr They're using that for the storage of their models and the distribution of their models. they're using that for the storage of their models and the distribution of their models They also use it to build their infrastructure as well in terms of updates and deploying those updates. they also use it to build their infrastructure as well in terms of updates and deploying those updates It's a great case. it's a great case It's a foundational AI customer. it's a foundational ai customer We have three of the top five. we have three of the top five We openly speak about one of those, which is NVIDIA. The other two we can't speak about. Of those top five, we speak with all of them. There could be an opportunity in the future to have all five of the foundational AI companies as JFrog customers. We openly speak about one of those, which is NVIDIA. we openly speak about one of those which is nvidia The other two we can't speak about. the other two we can't speak about Of those top five, we speak with all of them. of those top five we speak with all of them There could be an opportunity in the future to have all five of the foundational AI companies as JFrog customers. there could be an opportunity in the future to have all five of the foundational ai companies as jfrog customers

Speaker 3: Yeah. Oh, go ahead. Yeah. yeah Oh, go ahead. oh go ahead

Speaker 4: The other two you made, is that from systems or the? The other two you made, is that from systems or the? the other two you made is that from systems or the

Speaker 1: Yes. Today, the other two are using homegrown tools or trying to put together open source. We're, as I mentioned, in discussion with them, hoping to standardize them on JFrog. Yes. yes Today, the other two are using homegrown tools or trying to put together open source. today the other two are using homegrown tools or trying to put together open source We're, as I mentioned, in discussion with them, hoping to standardize them on JFrog. we're as i mentioned in discussion with them hoping to standardize them on jfrog

Speaker 3: I wanted to just touch on Q4. The SaaS revenues grew, revenue grew 42%. You know, you're continuing to see usage, you know, beyond the, you know, committed package. Let's touch on that. From what I understand, overages are priced at a 20%-25% premium to negotiated rates. So that's a pretty, you know, material uptick. Then that, you know, provides an incentive for the customer to come back and you to negotiate, you know, a more favorable rate. But, you know, it certainly has, you know, a positive impact on ARR. I wanted to just touch on Q4. i wanted to just touch on q4 The SaaS revenues grew, revenue grew 42%. the saas revenues grew revenue grew 42% You know, you're continuing to see usage, you know, beyond the, you know, committed package. you know you're continuing to see usage you know beyond the you know committed package Let's touch on that. let's touch on that From what I understand, overages are priced at a 20%-25% premium to negotiated rates. from what i understand overages are priced at a 20%-25% premium to negotiated rates So that's a pretty, you know, material uptick. so that's a pretty you know material uptick Then that, you know, provides an incentive for the customer to come back and you to negotiate, you know, a more favorable rate. then that you know provides an incentive for the customer to come back and you to negotiate you know a more favorable rate But, you know, it certainly has, you know, a positive impact on ARR. but you know it certainly has you know a positive impact on arr If you just talk about, you know, the type of customer within the install base where you're seeing that behavior, is it isolated to a certain segment or is this broad-based? Then the drivers in terms of, you know, you talked about the PyPI and, you know, the containers and, you know, some of these applications having a bigger memory footprint. You know, what's that dynamic that ultimately drives that higher consumption? If you just talk about, you know, the type of customer within the install base where you're seeing that behavior, is it isolated to a certain segment or is this broad-based? if you just talk about you know the type of customer within the install base where you're seeing that behavior is it isolated to a certain segment or is this broad-based Then the drivers in terms of, you know, you talked about the PyPI and, you know, the containers and, you know, some of these applications having a bigger memory footprint. then the drivers in terms of you know you talked about the pypi and you know the containers and you know some of these applications having a bigger memory footprint You know, what's that dynamic that ultimately drives that higher consumption? you know what's that dynamic that ultimately drives that higher consumption

Speaker 1: Sure. It's a great question. We actually did 45% year-over-year growth for the year, 42% in the quarter, and we're very pleased with where the cloud growth went on a year-over-year basis. It was an incredible year. We saw something in 2025 that we had not seen in 2024, which was usage over minimum commit. So customers are using. There was a push maybe from management or the board to innovate. Much of that was conventional package types, but we did see this emerging trend coming from native AI package types. So, Hugging Face, Conda, PyPI, these are packages that we know are specific to AI, and we saw a significant increase in those package types throughout the year. Sure. sure It's a great question. it's a great question We actually did 45% year-over-year growth for the year, 42% in the quarter, and we're very pleased with where the cloud growth went on a year-over-year basis. we actually did 45% year-over-year growth for the year 42% in the quarter and we're very pleased with where the cloud growth went on a year-over-year basis It was an incredible year. it was an incredible year We saw something in 2025 that we had not seen in 2024, which was usage over minimum commit. we saw something in 2025 that we had not seen in 2024 which was usage over minimum commit So customers are using. so customers are using There was a push maybe from management or the board to innovate. there was a push maybe from management or the board to innovate Much of that was conventional package types, but we did see this emerging trend coming from native AI package types. much of that was conventional package types but we did see this emerging trend coming from native ai package types So, Hugging Face, Conda, PyPI, these are packages that we know are specific to AI, and we saw a significant increase in those package types throughout the year. so hugging face conda pypi these are packages that we know are specific to ai and we saw a significant increase in those package types throughout the year Now, in addition to that, Jonathan, you talked about how. Was it narrow? Was it broad? This was broad-based. It was across every single industry. We penetrate top ten across all industries. We have 80%+ of the Fortune 100, and there was not an industry where we did not see an increase for a customer that was exceeding minimum commitments. It was very positive from that perspective that it wasn't concentrated into one industry, but broad-based. Third was around what we are doing today now to capture those customers that are spending above their minimum commits and converting that to an annual commitment and increasing the minimum commitment, so that way, we have better visibility and clarity around where we're going to guide going forward. Now, in addition to that, Jonathan, you talked about how. now in addition to that jonathan you talked about how Was it narrow? was it narrow Was it broad? was it broad This was broad-based. this was broad-based It was across every single industry. it was across every single industry We penetrate top ten across all industries. we penetrate top ten across all industries We have 80%+ of the Fortune 100, and there was not an industry where we did not see an increase for a customer that was exceeding minimum commitments. we have 80%+ of the fortune 100 and there was not an industry where we did not see an increase for a customer that was exceeding minimum commitments It was very positive from that perspective that it wasn't concentrated into one industry, but broad-based. it was very positive from that perspective that it wasn't concentrated into one industry but broad-based Third was around what we are doing today now to capture those customers that are spending above their minimum commits and converting that to an annual commitment and increasing the minimum commitment, so that way , we have better visibility and clarity around where we're going to guide going forward. third was around what we are doing today now to capture those customers that are spending above their minimum commits and converting that to an annual commitment and increasing the minimum commitment so that way , we have better visibility and clarity around where we're going to guide going forward The word, the keyword here is clarity. Many of the customers today do not have clarity around what AI and what their workloads are gonna look like in the future. Therefore, they're willing to spend more than their annual minimum commits and maybe even go into an annual commit rate that's higher than their contractual minimum commit rate. If it's a 20%-25% increase in terms of the data consumption usage, they're willing to do that until they have true clarity. Once they have the clarity, then they're willing to commit with JFrog. We can't go after every single customer. It wouldn't make sense for us to go after every single customer that's spending over their minimum commit. The word, the keyword here is clarity. the word the keyword here is clarity Many of the customers today do not have clarity around what AI and what their workloads are gonna look like in the future. many of the customers today do not have clarity around what ai and what their workloads are gonna look like in the future Therefore, they're willing to spend more than their annual minimum commits and maybe even go into an annual commit rate that's higher than their contractual minimum commit rate. therefore they're willing to spend more than their annual minimum commits and maybe even go into an annual commit rate that's higher than their contractual minimum commit rate If it's a 20%-25% increase in terms of the data consumption usage, they're willing to do that until they have true clarity. if it's a 20%-25% increase in terms of the data consumption usage they're willing to do that until they have true clarity Once they have the clarity, then they're willing to commit with JFrog. once they have the clarity then they're willing to commit with jfrog We can't go after every single customer. we can't go after every single customer It wouldn't make sense for us to go after every single customer that's spending over their minimum commit. it wouldn't make sense for us to go after every single customer that's spending over their minimum commit Certainly, those large customers that have consistent continued use over the minimum commitment, we will certainly have an engaged conversation with those customers. It economically makes sense for them to commit to a larger commitment, annual commitment with JFrog. They get better unit economics. They go into a higher tier or higher usage, and a better tiered pricing, and it becomes a benefit to them. It's also a benefit to JFrog because we have better visibility on our commitments going forward and improves our ability to guide. Certainly, those large customers that have consistent continued use over the minimum commitment, we will certainly have an engaged conversation with those customers. certainly those large customers that have consistent continued use over the minimum commitment we will certainly have an engaged conversation with those customers It economically makes sense for them to commit to a larger commitment, annual commitment with JFrog. it economically makes sense for them to commit to a larger commitment annual commitment with jfrog They get better unit economics. they get better unit economics They go into a higher tier or higher usage, and a better tiered pricing, and it becomes a benefit to them. they go into a higher tier or higher usage and a better tiered pricing and it becomes a benefit to them It's also a benefit to JFrog because we have better visibility on our commitments going forward and improves our ability to guide. it's also a benefit to jfrog because we have better visibility on our commitments going forward and improves our ability to guide

Speaker 3: Are you at the point where customers have that visibility and they're willing to commit, or is it still very much, "Let's kinda see if this is something that's sustained in terms of how we use JFrog now? Are you at the point where customers have that visibility and they're willing to commit, or is it still very much, "Let's kinda see if this is something that's sustained in terms of how we use JFrog now? are you at the point where customers have that visibility and they're willing to commit or is it still very much "let's kinda see if this is something that's sustained in terms of how we use jfrog now

Speaker 1: We had success in 2025 in converting some of those customers. We're still speaking with those customers on a daily basis, and I wouldn't say that there's full clarity at this stage, but I believe that several customers in the future should be able to commit to higher annual commitments with JFrog. We had success in 2025 in converting some of those customers. we had success in 2025 in converting some of those customers We're still speaking with those customers on a daily basis, and I wouldn't say that there's full clarity at this stage, but I believe that several customers in the future should be able to commit to higher annual commitments with JFrog. we're still speaking with those customers on a daily basis and i wouldn't say that there's full clarity at this stage but i believe that several customers in the future should be able to commit to higher annual commitments with jfrog

Speaker 3: Just remind us also on the guidance philosophy. I think you established this outlook that's based on a floor including any kind of upside potential from these, you know, overages and also large deals. Just update us on that. Just remind us also on the guidance philosophy. just remind us also on the guidance philosophy I think you established this outlook that's based on a floor including any kind of upside potential from these, you know, overages and also large deals. i think you established this outlook that's based on a floor including any kind of upside potential from these you know overages and also large deals Just update us on that. just update us on that

Speaker 1: Yeah. We actually changed the guidance philosophy mid-2024. There was a cadence of somewhere between 1% and 1.5% beat. Even if I take a step back, I'm stepping into year three as the CFO. I've been with the company seven years. The company has changed. There's been tectonic shifts in the way that this company has shifted and the go-to-market, the size of the deals, the ASPs. We would have, say, three or four years ago, a $200,000 deal was a very big deal for JFrog. But if that deal pushed, it was easy to pull three or four deals that were in the tens of thousands to cover that deal. Today, we have seven and eight-figure deals. Yeah. yeah We actually changed the guidance philosophy mid-2024. we actually changed the guidance philosophy mid-2024 There was a cadence of somewhere between 1% and 1.5% beat. there was a cadence of somewhere between 1% and 1.5% beat Even if I take a step back, I'm stepping into year three as the CFO. even if i take a step back i'm stepping into year three as the cfo I've been with the company seven years. i've been with the company seven years The company has changed. the company has changed There's been tectonic shifts in the way that this company has shifted and the go-to-market, the size of the deals, the ASPs. there's been tectonic shifts in the way that this company has shifted and the go-to-market the size of the deals the asps We would have, say, three or four years ago, a $200,000 deal was a very big deal for JFrog. we would have say three or four years ago a $200,000 deal was a very big deal for jfrog But if that deal pushed, it was easy to pull three or four deals that were in the tens of thousands to cover that deal. but if that deal pushed it was easy to pull three or four deals that were in the tens of thousands to cover that deal Today, we have seven and eight-figure deals. today we have seven and eight-figure deals Those deals are a little bit more difficult regardless of how many of those you have in the pipeline to pull earlier into the quarter and close. Therefore, we changed our philosophy. We wanted to be very responsible. We excluded our largest deals. Many of those are deals that either have a migration from self-hosted to cloud or they're taking security. They go through long negotiations that include procurement, maybe even the office of the CFO to sign off, and uncertainty in timing of when those will close, so we exclude those from our guidance. The second piece is the usage over the minimum commit. Those deals are a little bit more difficult regardless of how many of those you have in the pipeline to pull earlier into the quarter and close. those deals are a little bit more difficult regardless of how many of those you have in the pipeline to pull earlier into the quarter and close Therefore, we changed our philosophy. therefore we changed our philosophy We wanted to be very responsible. we wanted to be very responsible We excluded our largest deals. we excluded our largest deals Many of those are deals that either have a migration from self-hosted to cloud or they're taking security. many of those are deals that either have a migration from self-hosted to cloud or they're taking security They go through long negotiations that include procurement, maybe even the office of the CFO to sign off, and uncertainty in timing of when those will close, so we exclude those from our guidance. they go through long negotiations that include procurement maybe even the office of the cfo to sign off and uncertainty in timing of when those will close so we exclude those from our guidance The second piece is the usage over the minimum commit. the second piece is the usage over the minimum commit We saw heavy usage over minimum commits in 2025. We exclude that, and by doing that, we establish, as you mentioned, a floor. What we guide is a floor. 31% in the midpoint for our cloud is a floor. We would expect that assuming no large deals, no usage over minimum commit, 31% year-over-year growth in the cloud would be very, very reasonable. If we continue to see the trends that we saw in 2025, then there could be meaningful upside to those numbers. We saw heavy usage over minimum commits in 2025. we saw heavy usage over minimum commits in 2025 We exclude that, and by doing that, we establish, as you mentioned, a floor. we exclude that and by doing that we establish as you mentioned a floor What we guide is a floor. 31% in the midpoint for our cloud is a floor. what we guide is a floor 31% in the midpoint for our cloud is a floor We would expect that assuming no large deals, no usage over minimum commit, 31% year-over-year growth in the cloud would be very, very reasonable. we would expect that assuming no large deals no usage over minimum commit 31% year-over-year growth in the cloud would be very very reasonable If we continue to see the trends that we saw in 2025, then there could be meaningful upside to those numbers. if we continue to see the trends that we saw in 2025 then there could be meaningful upside to those numbers

Speaker 3: How do you quantify a large deal? How do you quantify a large deal? how do you quantify a large deal

Speaker 1: A large deal not necessarily is quantified by a number because that number could change over time by the complexity of the deal. It could be, as I mentioned, a migration from self-hosted to cloud. It could be taking on security. It could be a significant increase driven by usage, and they have to take a commitment on a larger annual package, which could be multiple millions of dollars over a long period of time, say two or three years. The complexity of the deal is really what drives the decision of a de-risk. A large deal not necessarily is quantified by a number because that number could change over time by the complexity of the deal. a large deal not necessarily is quantified by a number because that number could change over time by the complexity of the deal It could be, as I mentioned, a migration from self-hosted to cloud. it could be as i mentioned a migration from self-hosted to cloud It could be taking on security. it could be taking on security It could be a significant increase driven by usage, and they have to take a commitment on a larger annual package, which could be multiple millions of dollars over a long period of time, say two or three years. it could be a significant increase driven by usage and they have to take a commitment on a larger annual package which could be multiple millions of dollars over a long period of time say two or three years The complexity of the deal is really what drives the decision of a de-risk. the complexity of the deal is really what drives the decision of a de-risk

Speaker 3: Yeah. Let me see. Any questions, Justin? Yeah. yeah Let me see. let me see Any questions, Justin? any questions justin

Speaker 4: You know, just out here with John and Corey, you know, sort of introduced some product last week. Like, you've obviously had to, in order to reduce something to look better. How much work was involved in this product? Was this the best, or how do you guys do 30-day turn on that deal? This is sort of, these things have changed so much from a perception to just another 30-day, another 60-day, and people realize, like, what is, like, what do you guys think is around the corner? Like, why don't you show us that this is raw human error that would be here that are actually being developed, and this is happening for a reason. You know, just out here with John and Corey, you know, sort of introduced some product last week. you know just out here with john and corey you know sort of introduced some product last week Like, you've obviously had to, in order to reduce something to look better. like you've obviously had to in order to reduce something to look better How much work was involved in this product? to look better how much work was involved in this product Was this the best, or how do you guys do 30-day turn on that deal? was this the best or how do you guys do 30-day turn on that deal This is sort of, these things have changed so much from a perception to just another 30-day, another 60-day, and people realize, like, what is, like, what do you guys think is around the corner? this is sort of these things have changed so much from a perception to just another 30-day another 60-day and people realize like what is like what do you guys think is around the corner Like, why don't you show us that this is raw human error that would be here that are actually being developed, and this is happening for a reason. like why don't you show us that this is raw human error that would be here that are actually being developed and this is happening for a reason

Speaker 1: Yeah. Yeah. yeah

Speaker 3: Yeah. Yeah. yeah

Speaker 1: Why don't I start, Jeff, and then you can fill in with your opinion on this. It's a great question. The question was, how do you change the perception? Every Friday, some new news right at the market close is coming out and we're defending ourselves as AI defendable company. Why are you AI defendable? My job has certainly changed. It's no longer talking about what JFrog is doing so great and the execution that we've done over the past year and probably had the best year in the history. I'm defending JFrog every single day for the last month and a half since we've had our earnings. But that's okay. I don't mind doing that. Why don't I start, Jeff, and then you can fill in with your opinion on this. why don't i start jeff and then you can fill in with your opinion on this It's a great question. it's a great question The question was, how do you change the perception? the question was how do you change the perception Every Friday, some new news right at the market close is coming out and we're defending ourselves as AI defendable company. every friday some new news right at the market close is coming out and we're defending ourselves as ai defendable company Why are you AI defendable? why are you ai defendable My job has certainly changed. my job has certainly changed It's no longer talking about what JFrog is doing so great and the execution that we've done over the past year and probably had the best year in the history. it's no longer talking about what jfrog is doing so great and the execution that we've done over the past year and probably had the best year in the history I'm defending JFrog every single day for the last month and a half since we've had our earnings. i'm defending jfrog every single day for the last month and a half since we've had our earnings But that's okay. but that's okay I don't mind doing that. i don't mind doing that There's three things that we thought about on February 20th at 2 P.M. after that news came out. The first was, we created a blog by our CTO and co-founder, which I think really gave good insights around why JFrog is defendable against source code scanning and what JFrog does in the binary. Jeff articulated one point really good, which is you'll have a room of lawyers which are your agents, and those lawyers will argue the case, but you have to have a judge that governs and controls what goes in and out of your organization.You have to be able to go through each of those check gates, and that has to be managed and automated. There's three things that we thought about on February 20th at 2 P.M. after that news came out. there's three things that we thought about on february 20th at 2 p.m after that news came out The first was, we created a blog by our CTO and co-founder, which I think really gave good insights around why JFrog is defendable against source code scanning and what JFrog does in the binary. the first was we created a blog by our cto and co-founder which i think really gave good insights around why jfrog is defendable against source code scanning and what jfrog does in the binary Jeff articulated one point really good, which is you'll have a room of lawyers which are your agents, and those lawyers will argue the case, but you have to have a judge that governs and controls what goes in and out of your organization. jeff articulated one point really good which is you'll have a room of lawyers which are your agents and those lawyers will argue the case but you have to have a judge that governs and controls what goes in and out of your organization You have to be able to go through each of those check gates, and that has to be managed and automated. you have to be able to go through each of those check gates and that has to be managed and automated It cannot be done by agents. The second is the buyback, which I'm sure we'll talk about. We immediately had a board meeting, and we deployed $300 million of capital to be able to do a buyback. Why would we do that? First of all, we're very fortunate that we drive a significant amount of free cash flow that gives us the opportunity to do this. It also gave us an opportunity where maybe, you know, investors and the market over-rotated based on the fundamentals of the business. We took advantage of that, and we did a $300 million buyback. It cannot be done by agents. it cannot be done by agents The second is the buyback, which I'm sure we'll talk about. the second is the buyback which i'm sure we'll talk about We immediately had a board meeting, and we deployed $300 million of capital to be able to do a buyback. we immediately had a board meeting and we deployed $300 million of capital to be able to do a buyback Why would we do that? why would we do that First of all, we're very fortunate that we drive a significant amount of free cash flow that gives us the opportunity to do this. first of all we're very fortunate that we drive a significant amount of free cash flow that gives us the opportunity to do this It also gave us an opportunity where maybe, you know, investors and the market over-rotated based on the fundamentals of the business. it also gave us an opportunity where maybe you know investors and the market over-rotated based on the fundamentals of the business We took advantage of that, and we did a $300 million buyback. we took advantage of that and we did a $300 million buyback The third leg of the stool, so to speak, is gonna have to be execution. The only way to disprove this theory that JFrog is gonna be displaced by the AI labs is to continue to execute. As long as we execute, I think ultimately the market will come back and understand truly that the value is not, or that JFrog is not gonna be replaced, but the value will be a collaboration between the AI labs that are driving efficiency for developers and source code, and the hosting of those binaries and securing, deploying those binaries through a single source of truth or a system of record, and that being JFrog. The third leg of the stool, so to speak, is gonna have to be execution. the third leg of the stool so to speak is gonna have to be execution The only way to disprove this theory that JFrog is gonna be displaced by the AI labs is to continue to execute. the only way to disprove this theory that jfrog is gonna be displaced by the ai labs is to continue to execute As long as we execute, I think ultimately the market will come back and understand truly that the value is not, or that JFrog is not gonna be replaced, but the value will be a collaboration between the AI labs that are driving efficiency for developers and source code, and the hosting of those binaries and securing, deploying those binaries through a single source of truth or a system of record, and that being JFrog. as long as we execute i think ultimately the market will come back and understand truly that the value is not or that jfrog is not gonna be replaced but the value will be a collaboration between the ai labs that are driving efficiency for developers and source code and the hosting of those binaries and securing deploying those binaries through a single source of truth or a system of record and that being jfrog

Speaker 2: I'll just quickly add, I think the thing that I would say is it's always my job, obviously, as CEO, I already get out there and talk with all of you and try to educate you as to how we see things. I think we've done that. I think we'll continue to focus, as Ed said, on our execution. That's what we can control. That being said, I would like to say this, that I think a lot of the argument that's been made is very simplistic in nature, and this is not something you can oversimplify. I'll just quickly add, I think the thing that I would say is it's always my job, obviously, as CEO, I already get out there and talk with all of you and try to educate you as to how we see things. i'll just quickly add i think the thing that i would say is it's always my job obviously as ceo i already get out there and talk with all of you and try to educate you as to how we see things I think we've done that. i think we've done that I think we'll continue to focus, as Ed said, on our execution. i think we'll continue to focus as ed said on our execution That's what we can control. that's what we can control That being said, I would like to say this, that I think a lot of the argument that's been made is very simplistic in nature, and this is not something you can oversimplify. that being said i would like to say this that i think a lot of the argument that's been made is very simplistic in nature and this is not something you can oversimplify Very similar to what started when I was here four years ago with you collectively as an investment group saying that a company that created source code was going to move right and mud stomp us because binaries are nothing, and there was gonna be one platform for them all in an enterprise. One platform for them all is not something that the enterprise is interested in. This is a very oversimplified thing, and I think at this time, instead of oversimplifying things, I think some investors would be very well served to talk to our customers after hearing the quote that Jonathan just gave and understanding that the people that are buying JFrog, how they view this versus what I think is a very much more oversimplified view of what Wall Street's taking today. Very similar to what started when I was here four years ago with you collectively as an investment group saying that a company that created source code was going to move right and mud stomp us because binaries are nothing, and there was gonna be one platform for them all in an enterprise. very similar to what started when i was here four years ago with you collectively as an investment group saying that a company that created source code was going to move right and mud stomp us because binaries are nothing and there was gonna be one platform for them all in an enterprise One platform for them all is not something that the enterprise is interested in. one platform for them all is not something that the enterprise is interested in This is a very oversimplified thing, and I think at this time, instead of oversimplifying things, I think some investors would be very well served to talk to our customers after hearing the quote that Jonathan just gave and understanding that the people that are buying JFrog, how they view this versus what I think is a very much more oversimplified view of what Wall Street's taking today. this is a very oversimplified thing and i think at this time instead of oversimplifying things i think some investors would be very well served to talk to our customers after hearing the quote that jonathan just gave and understanding that the people that are buying jfrog how they view this versus what i think is a very much more oversimplified view of what wall street's taking today

Speaker 1: Yeah. Yeah. yeah

Speaker 3: We have less than two minutes. Any other questions from the audience? You know, one thing that I think, you know, from my perspective, would be important to demonstrate over the next 12 months is, you know, you talk about, you know, supply chains, the supply chain for software, and then how a lot of those capabilities are relevant to AI models, AI development, and also ML development. And I know it's early in that journey, but anything that you can share as relates to are customers seeing governance control, you know, security, the other controls as they build ML models similarly to how they've developed software? Is that approach starting to resonate with those customers? We have less than two minutes. we have less than two minutes Any other questions from the audience? any other questions from the audience You know, one thing that I think, you know, from my perspective, would be important to demonstrate over the next 12 months is, you know, you talk about, you know, supply chains, the supply chain for software, and then how a lot of those capabilities are relevant to AI models, AI development, and also ML development. you know one thing that i think you know from my perspective would be important to demonstrate over the next 12 months is you know you talk about you know supply chains the supply chain for software and then how a lot of those capabilities are relevant to ai models ai development and also ml development And I know it's early in that journey, but anything that you can share as relates to are customers seeing governance control, you know, security, the other controls as they build ML models similarly to how they've developed software? and i know it's early in that journey but anything that you can share as relates to are customers seeing governance control you know security the other controls as they build ml models similarly to how they've developed software Is that approach starting to resonate with those customers? is that approach starting to resonate with those customers

Speaker 2: Well, I think the governance aspect and the DevOps that we introduced in early September at our user conference swampUP last year in 2025 was very forward-thinking to where we are today. It was the first of its kind product. Again, a pain point that our customers had brought to JFrog to solve a pain point for customers, where today I'm manually keeping these records in Excel spreadsheets or what have you of the gates that have been passed as I build an application to have a record of that to present if something was to go wrong. Well, I think the governance aspect and the DevOps that we introduced in early September at our user conference swampUP last year in 2025 was very forward-thinking to where we are today. well i think the governance aspect and the devops that we introduced in early september at our user conference swampup last year in 2025 was very forward-thinking to where we are today It was the first of its kind product. it was the first of its kind product Again, a pain point that our customers had brought to JFrog to solve a pain point for customers, where today I'm manually keeping these records in Excel spreadsheets or what have you of the gates that have been passed as I build an application to have a record of that to present if something was to go wrong. again a pain point that our customers had brought to jfrog to solve a pain point for customers where today i'm manually keeping these records in excel spreadsheets or what have you of the gates that have been passed as i build an application to have a record of that to present if something was to go wrong This ties into another example I've tried to use in saying that, God forbid I wake up one day and say, "Well, I'm gonna just go ahead and secure my whole software stack with Claude," and then we have a breach, and I can't go into the courtroom and say, "Well, Claude fixed it right here in the chat." Okay, I'm gonna need to have this digital record at every gate and that every gate was passed. Now JFrog is offering our AppTrust solution that we're rolling out to customers this year, and that does the exact thing that we're talking about, the governance layer of keeping a record so that you have every gate stored in that platform for every build. This ties into another example I've tried to use in saying that, God forbid I wake up one day and say, "Well, I'm gonna just go ahead and secure my whole software stack with Claude," and then we have a breach, and I can't go into the courtroom and say, "Well, Claude fixed it right here in the chat." Okay, I'm gonna need to have this digital record at every gate and that every gate was passed. this ties into another example i've tried to use in saying that god forbid i wake up one day and say "well i'm gonna just go ahead and secure my whole software stack with claude," and then we have a breach and i can't go into the courtroom and say "well claude fixed it right here in the chat." okay i'm gonna need to have this digital record at every gate and that every gate was passed Now JFrog is offering our AppTrust solution that we're rolling out to customers this year, and that does the exact thing that we're talking about, the governance layer of keeping a record so that you have every gate stored in that platform for every build. now jfrog is offering our apptrust solution that we're rolling out to customers this year and that does the exact thing that we're talking about the governance layer of keeping a record so that you have every gate stored in that platform for every build We think that the customers have had a great response to this, and you heard it even at swampUP from some of our customers talked about the product. I think that's the next opportunity that we can bring to the market to add in terms of products to the platform. We think that the customers have had a great response to this, and you heard it even at swampUP from some of our customers talked about the product. we think that the customers have had a great response to this and you heard it even at swampup from some of our customers talked about the product I think that's the next opportunity that we can bring to the market to add in terms of products to the platform. i think that's the next opportunity that we can bring to the market to add in terms of products to the platform

Speaker 3: Yep. All right. Well, fantastic. I think that hits our time limit. Ed, Jeff, thank you very much. Thanks everybody for attending. Yep. yep All right. all right Well, fantastic. well fantastic I think that hits our time limit. i think that hits our time limit Ed, Jeff, thank you very much. ed jeff thank you very much Thanks everybody for attending. thanks everybody for attending

Speaker 2: Thank you, Jonathan. Thank you, Jonathan. thank you jonathan