SentinelOne Q1 FY2026 Earnings Recap | Slipped Deals
Stock -11%, financial overview, macro headwinds, platform gains, fundamentals remain strong, balance sheet and share buybacks, valuation, charts and extras
Well, here we go again…
SentinelOne kicked off FY2026 with solid results and continued operational momentum, even as near-term macro uncertainty led to a tempered outlook. The company is executing well on its platform vision, expanding beyond endpoint protection into data, AI, and cloud security. In addition, the company continued to show improving margins and record free cash flow margins.
However, the company beat their revenue guidance by the skin of their teeth, fell short on net new ARR, and lowered guidance again for the next quarter and full year. This is the second time in a row the company has posted what are basically in-line results with lowered guidance.
It has been quite frustrating to see the company continue to win every accolade there is for their technological capabilities, hear the CEO talk overwhelmingly positive about how this is the fastest growing name in cyber, and then proceed to lower guidance again and again.
Nonetheless, below are my key takeaways from the quarter.
Financial Overview
SentinelOne posted double-digit growth with expanding margins and positive free cash flow.
Revenue: $229M, up 23% Y/Y
ARR: $948M, up 24% Y/Y
NNARR: $28M, below $32M consensus expectation
Free cash flow margin: 20%, a new record
Beat consensus expectations by ~10%
Non-GAAP gross margin: 79%
Non-GAAP operating margin: -2%, up 4 pts Y/Y
Beat consensus expectations by ~8%
Non-GAAP EPS: $0.02, turning positive
Share buyback: First-ever repurchase program announced / $200M or approx. 3.5% of market cap
Q2 revenue is expected to land at ~$242M, with full-year guidance now between $996–$1,001M. An approximate 1% decrease across the board.
Macro Headwinds: Slipped, Not Lost
Management cited cautious buyer behavior in April as a key factor in its lowered guidance. A number of enterprise deals slipped out of Q1 and into future quarters. The bulk of the slippage came from new logo’s and not customer renewals, which is a good sign. Ultimately, management insisted these deals are not lost, just delayed.
“We haven’t seen project cancellations or lost deals, and our win rates remain strong.”
Tomer Weingarten, CEO
Clients are hesitating to commit amid broader macro uncertainty. SentinelOne expects many of these delayed deals to close in the second half of the year, and stressed that the competitive landscape remains stable. They also said that May has been very encouraging in terms of deal-making becoming more normalized.
Beyond Endpoint: Platform Gains and AI Acceleration
The quarter marked another step forward in SentinelOne’s platform journey. Customers are buying more than just endpoint protection and it's showing up in the numbers.
Data & AI SIEM surpassed $100M in ARR
Launch of Purple AI (Athena) for autonomous security workflows
Purple AI achieved triple-digit Y/Y bookings growth, with an attach rate exceeding 25% of subscriptions sold in the quarter.
Cloud Security Suite released with unified CNAPP functionality
Fortune 500 wins included bundled platform deals across multiple modules
Platform adoption does appear to be rising. SentinelOne now protects endpoints, cloud workloads, containers, identities, and offers a fully integrated AI-powered SIEM and SOAR solution. As in the previous quarter, non-endpoint solutions accounted for approximately 50% of revenue in the quarter.
Fundamentals Remain Strong
Despite deal slippage and lowered guidance, the underlying metrics remain healthy.
RPO: $1.2B, up 33% Y/Y
Customers with $100K+ ARR: 1,459, up 22%
ARR per customer: All-time high
Federal pipeline expanding, aided by FedRAMP High authorization across the entire Singularity platform. “Purple AI is now the first and only cybersecurity agentic AI solution approved for US government organizations” (Tomer Weingarten, CEO)
No increase in competitive churn - an important point that was emphasized during the Q&A with analysts that the decrease in guidance was in no way due to competition
Balance Sheet Strength & Share Repurchase
SentinelOne exited the quarter with an extremely strong balance sheet.
Key highlights:
$1.2 billion in cash and investments as of quarter-end, up from the prior quarter
Free cash flow margin of 20%, a record high for the company
No debt, providing ample flexibility to invest or return capital
“In that context, we're announcing a $200 million open-ended share repurchase authorization. This decision reflects our confidence in the long-term trajectory of the business and our view that our current stock price does not fully reflect our underlying fundamentals or future potential.”
Barbara Larson, CFO
$200 million share repurchase program authorized
Aimed at offsetting dilution from stock-based compensation
Described by management as “opportunistic,” signaling long-term confidence
Executions will occur over time based on market conditions
Valuation
The relative valuation of this stock on a growth-adjusted forward revenue multiple is about as low as it gets in the software sector and certainly the lowest for cybersecurity. The company needs to continue to show margin expansion without deteriorating revenue growth, which they haven’t necessarily shown.
~4.5x Forward EV/Revenue compared to ~10x for average cybersecurity peers
~0.2x growth adjusted compared to 0.5x for software median
An analyst on the call pointed out that Crowdstrike has significantly better margins, a much larger revenue base, and is growing revenue at around the same level.
In addition, BofA analyst, Tal Liani, pointed to SentinelOne’s operating margin of 3.5% versus Crowdstrike’s 10% when it was at a similar scale.
This margin point paired with the company’s persistent in-line results/lowered guidance are without a doubt the reason for the basement multiple right now. I don’t see a near-term catalyst right now to get out of this funk. Other than Thoma Bravo showing up to save the day…where are you Orlando!?
Charts & Extras
Thanks! Very well presented.
My 2¢:
Crowdstrike, of course, had an early leg-up from its FBI & Deep State connections. Without which it would never have got off the ground. So I discount Crowdstrike as a benchmark.
The challenge for cybersec defense technology businesses from a technical perspective (as opposed to a capital return/valuation perspective) is that 97% of leaks, breaches and losses are socially-engineered, mainly (92%) resulting from phishing emails.
CISOs are spending most of their cybersec budgets on defending against the 3% pure-play technical exploits, because it is easier and sexier and everyone gets it.
The other 97% of the threat should be addressed by a blended HR, finance and organizational function, with IT playing a support role. Because the humans who fall for these attacks are outside the CISOs’ remits. Hackers Hack People.
Unless boards force HR to be part of the solution, no way will HR step up. CEOs and CFOs like to keep HR close and safe, whereas if HR owns the threat, then HR is going to take the fall that CISOs now take.
CISOs only last 18-24 months in each gig, because they are techies and they don’t run HR. When they stop being techies and play at being C Suite operators, they lose their cyber mojo and get fired. Catch 22.
So CISOs often value their cybertech vendor relationships more than they value their relationships with C Suites and boards: they will take the vendors into their new gigs, because the vendors make the CISOs look smart.
Meanwhile, the hackers in the darknet are technically smarter than the defense vendors and are unbounded by “the rules”.
Thinking outside the box is part of the hacking deal. And it is easy if you are technically adept and understand people.
So what?
Growth rates in Cyberlosses outpace cybersec industry growth rates maybe 10x each year. And everyone likes this: more salaries, more VC, more jam tomorrow. “More failure so we must try harder!”
Vendors that fix the gap that I have pointed out can change the game and outpace the likes of Crowdstrike.
It’s not hard: SentinelOne could do it but they are in the hammer-making business. They need to get into the people business as well.
I struggle to understand their differentiation. They say AI but if I’m a CIO that sounds good, but am I willing to bet my high paying job on AI now? This might explain their lower profit margins. They may need to lower price to push sales over the line. Or maybe you have a better perspective on their differentiation? Not trying to attack, just wondering what your thoughts are.