Qualys Q4 Earnings Call Highlights

Qualys (NASDAQ:QLYS) executives highlighted continued growth, strong profitability, and a product strategy centered on what the company calls an “agentic AI-driven risk fabric” during the company’s fourth quarter 2025 earnings call. Management said it is pushing beyond traditional vulnerability detection toward a broader “risk operations center” (ROC) concept that combines exposure management, exploit validation, risk quantification, and automated remediation.

Get alerts:

Management frames strategy around “pre-breach” risk operations

President and CEO Sumedh Thakar said threat actors are exploiting vulnerabilities faster, arguing that organizations need to shift from simply finding more exposures to operationalizing cyber risk management aligned with business risk tolerance. Thakar positioned Qualys’ approach as “vendor-agnostic” and designed to unify fragmented security tools into what he described as a centralized risk fabric that can quantify risk in business terms and automate remediation.

Thakar said the company expanded its Enterprise TruRisk Management (ETM) platform to ingest third-party data and added an orchestration layer to unify Qualys and non-Qualys findings. He also pointed to new capabilities including an “agentic AI risk management marketplace,” which he said allows customers to deploy specialized autonomous “experts,” as well as a natively integrated identity security posture management solution.

A key differentiator emphasized throughout the call was “Agent Val,” which Thakar described as an agentic AI workflow that safely validates whether a vulnerability is actually exploitable in a customer’s specific environment. He contrasted that with what he called “theoretical” risk scoring approaches, arguing exploit confirmation can reduce time wasted on findings that are mitigated by existing controls and speed up remediation for issues that are truly exploitable.

Customer wins, federal momentum, and partner-led motion

Thakar cited several recent wins tied to the ROC/ETM strategy:

• An existing “Global 50” customer expanded ETM and ingested third-party data sources as part of a stack consolidation effort, which Qualys said resulted in a mid-six-figure annual bookings upsell.
• During planning for an ETM proof-of-concept with a “Global 200” company in Latin America, Qualys said it secured a seven-figure annual bookings upsell that included TotalCloud CNAPP and Policy Audit.
• In the federal market, Qualys said it achieved a mid-six-figure expansion with a FedRAMP High authorized deployment supporting a shared security service used by multiple agencies, and noted it is pursuing a broader multi-agency ETM rollout. The company also referenced another six-figure upsell with a separate large federal agency.

Management said partner-led execution continues to increase. Thakar said deal registration through partners rose again in Q4 and that more than a dozen certified “mROC” partners are actively launching services, contributing to what he called momentum toward a “global ROC alliance.” In response to questions, Thakar emphasized partners’ ability to sell higher-value services tied to business-oriented risk visibility and to leverage automation to reduce manual consulting work.

Financial results: 10% revenue growth and 47% adjusted EBITDA margin

CFO Joo Mi Kim said that, except for revenue, the company’s financial figures on the call were discussed on a non-GAAP basis. For full-year 2025, Qualys reported:

• Revenue: up 10% to $669.1 million
• Adjusted EBITDA margin: 47%
• Net income and EPS: up 13% and 15% to $257.8 million and $7.07 per diluted share
• Free cash flow: $304.4 million, or 45% of revenue

For the fourth quarter, revenue grew 10% to $175.3 million. Kim said the channel represented 51% of total revenue, up from 48% a year earlier, with channel partner revenue up 17% versus 4% growth for direct revenue. International growth of 15% outpaced U.S. growth of 6%, with a 56%/44% U.S./international mix.

Qualys reported Q4 adjusted EBITDA of $82.6 million for a 47% margin, unchanged from the prior year. Operating expenses rose 11% to $68.9 million, driven by sales and marketing investment, which Kim said increased 18%. Q4 EPS was $1.87 per diluted share, and free cash flow was $74.9 million, representing a 43% margin compared to 26% in the prior year.

Bookings mix and retention metrics

Kim said customers continue to prioritize security within IT budgets, but the company expects a selling environment similar to last year, with low- to mid-single-digit growth in security spend “persisting for the foreseeable future.”

She said gross dollar retention remained “comfortably above 90%,” while net dollar expansion was 103% in Q4, down from 104% the prior quarter.

Kim also detailed increasing bookings contribution from several products in 2025:

• CyberSecurity Asset Management plus ETM: 10% of total bookings and 13% of new bookings (up from 8% and 9% in the prior year)
• Patch Management: 8% of total bookings and 16% of new bookings (up from 7% and 16%)
• TotalCloud: 5% of total bookings (up from 4%)

Capital return and 2026 guidance

Qualys used $44.7 million in Q4 to repurchase 328,000 shares and spent $724,000 on capital expenditures. Kim said that since the repurchase program began in February 2018, the company has repurchased 10.7 million shares and returned more than $1.2 billion to shareholders. The company had $160.5 million remaining under its authorization at quarter-end, and Kim announced the board approved an additional $200 million, bringing total authorization available to $360.5 million.

For 2026, Qualys guided to:

• Full-year revenue: $717 million to $725 million (7% to 8% growth)
• Q1 revenue: $172.5 million to $174.5 million (8% to 9% growth)
• Full-year EPS: $7.17 to $7.45; Q1 EPS: $1.76 to $1.83
• EBITDA margin: mid-forties; free cash flow margin: low forties
• Capex: $8 million to $12 million for the year; $1.2 million to $2.6 million for Q1

Kim said the guidance assumes no material change in net dollar expansion and moderate contribution from new business. She also said Qualys expects seasonality to remain similar to 2025, skewed toward the second half.

In Q&A, management described “Q-Flex” as a pricing and packaging model in beta that aims to reduce friction in adopting more Qualys capabilities over time, with a longer-term plan to move toward general availability. Kim said the company expects current billings growth to be broadly in line with revenue growth (7% to 8%), while executives characterized ETM adoption as early, with encouraging proof-of-concept activity but not yet enough to map a confirmed trajectory.

About Qualys (NASDAQ:QLYS)

Qualys, Inc (NASDAQ: QLYS) is a leading provider of cloud-based security and compliance solutions designed to help organizations streamline their IT security programs. Operating on a unified, modular platform, Qualys offers continuous visibility into global IT assets through a combination of lightweight cloud agents and on-premises scanner appliances. The platform supports an array of security and compliance use cases, enabling real-time detection of vulnerabilities, policy violations and misconfigurations across on-premises, cloud and hybrid environments.

The company’s flagship Qualys Cloud Platform delivers a suite of integrated applications, including vulnerability management, detection and response (VMDR), policy compliance, web application scanning, file integrity monitoring, asset inventory and container security.

Further Reading

• Five stocks we like better than Qualys
• The day the gold market broke
• NEW LAW: Congress Approves Setup For Digital Dollar?
• He just nailed another gold prediction …
• What a Former CIA Agent Knows About the Coming Collapse
• Your Bank Account Is No Longer Safe