Investment Memorandum · Preview
For informational purposes only. Not investment advice.
Zscaler, Inc.
ZS
May 27, 2026
Zscaler, Inc. (NASDAQ: ZS) is a cloud-native cybersecurity company and category leader in Zero Trust / SASE (Secure Access Service Edge). Founded in 2007 by Jay Chaudhry (who retains ~35% equity), ZS operates a proxy-based architecture that inspects 100% of enterprise internet traffic inline via its core platforms ZIA, ZPA, and ZDX. Fiscal year ends July 31. As of FY2025A, ZS reported $2.67B in revenue (+23% YoY), $3.015B ARR, ~$808M reported FCF, and ~$268M true FCF (ex-SBC). Net cash stands at ~$1.87B. The company serves enterprise and federal customers and is positioned uniquely for AI Security upsell given its inline traffic inspection architecture.
▲ Bull Case
- ◆Rule of 40 = 62 with positive and compounding true FCF: ZS combines 24% ARR growth and 30% FCF margin simultaneously — a combination almost impossible to replicate from legacy architecture. True FCF triples from $268M (FY2025A) to ~$908M (FY2028E), making ZS the highest-quality cybersecurity name on a real-owner-earnings basis versus peers like SNOW and MDB where SBC exceeds FCF.
- ◆AI Security structural moat at zero incremental deployment cost: ZIA already inspects 100% of enterprise internet traffic inline, meaning ChatGPT, Copilot, Gemini, and Claude queries all flow through ZS infrastructure. AI Security is an upsell requiring zero new deployment for any existing ZIA customer — the highest-probability zero-incremental-cost revenue expansion in ZS's product history, and it is not priced into the base model.
- ◆Founder alignment and counter-positioning moat widening: Jay Chaudhry's 35% equity stake and 20+ years of CISO/federal relationships embedded in the ARR base create governance and competitive advantages that hired-CEO competitors cannot replicate. The cloud-native architecture cannot be matched by legacy vendors without a full rebuild, and the moat is widening as the AI Security layer adds a new network-effects dimension.
▼ Bear Case
- ◆PANW competitive displacement via free SASE bundling: Palo Alto Networks' 'platformization' strategy — offering free SASE bundled with broader security contracts — is creating extended deal cycles, compressing new logo ARR growth, and represents a structural headwind that management acknowledged on the Q2 FY2026 call. If PANW formally displaces ZS at a named Fortune 100 enterprise, it would trigger a category re-rating and severe multiple compression.
- ◆NRR declining from peak (130%+) toward 115% and risk of further compression: Net Revenue Retention has fallen from 130%+ to ~115% and has not yet stabilized. A continued decline below 110% for two consecutive quarters would signal that the land-and-expand engine is breaking — existing customers churning rather than upselling — which would invalidate the ARR compounding thesis.
- ◆SBC dilution (~20–25% of revenue) and GAAP losses obscure true cost of capital: At $540–580M/yr in SBC, true dilution is material. True FCF ($268M FY2025A) is significantly below reported FCF ($808M), and GAAP EPS remains negative. Any deceleration in ARR growth that also compresses FCF margin below 27% would simultaneously destroy the Rule of 40 premium and make the valuation — currently 7.6x NTM revenue — difficult to defend.
“The central Wall Street debate on ZS is whether the PANW platformization threat is a cyclical deal-timing headwind or a structural competitive displacement risk. Bulls argue the cloud-native architecture moat is durable, the NRR decline is stabilizing, and AI Security provides a new upsell vector that re-accelerates NRR toward 120%+. Bears argue that ZS's growth is decelerating into the mid-20s even as PANW bundles SASE free, that the 7.6x NTM revenue multiple is still expensive for a business approaching a Rule of 40 inflection point, and that NRR below 115% signals the land-expand model is structurally impaired. A secondary debate centers on FCF quality — reported FCF of $808M vs. true FCF of $268M after $540M SBC — with bears arguing the Street's EV/FCF metrics systematically overstate profitability. The AI Security optionality is acknowledged but not yet quantified in consensus estimates, leaving the magnitude of its NRR contribution as the highest-variance unresolved question.”
- ◆Q3 FY2026 earnings (May 26, 2026 AH): ARR vs. $3.43B implied run-rate; FY2026 ARR guidance reiteration at $3.73–3.75B; AI Security ARR run-rate disclosure
- ◆AI Security monetization at scale: First quantified NRR contribution from ZIA-based AI Security upsell — any disclosed ARR contribution would trigger upward estimate revisions
- ◆Q4 FY2026 earnings (September 2026): Full-year ARR close + FY2027 initial ARR guidance ($4.1–4.3B implied); first read on FY2027 growth trajectory
- ◆Analyst Day (late 2026 expected): AI Security TAM articulation, new product announcements, FY2027–2028 financial targets — potential re-rating catalyst if AI Security TAM is credibly framed
- ◆NRR stabilization and inflection above 115%: Two consecutive quarters of stable or rising NRR would remove the primary bear case and expand the multiple toward CrowdStrike comps
- ◆Federal / FedRAMP pipeline acceleration: Any large federal contract announcements would validate the government vertical as a third growth engine alongside enterprise SASE and AI Security
- ◆PANW free SASE bundling causes ARR guide cut below $3.73B (Kill Switch #1): The most immediate binary risk; occurs tonight on Q3 FY2026 earnings call
- ◆NRR declines below 110% for two consecutive quarters (Kill Switch #2): Signals land-expand model is structurally impaired rather than cyclically pressured
- ◆Fortune 100 PANW displacement event (Kill Switch #3): A public, named major enterprise migration from ZS to PANW Prisma Access would cause immediate category re-rating and multiple compression
- ◆FCF margin compression below 27% (Kill Switch #4): Destroys Rule of 40 = 62 premium; signals S&M reinvestment is failing or operating leverage is reversing
- ◆Founder Jay Chaudhry departure or incapacitation (Kill Switch #5): Removes primary governance alignment signal and embedded CISO/federal customer relationships
- ◆SBC dilution ongoing at $540–580M/yr: True FCF remains significantly below reported FCF; any ARR deceleration that also pressures FCF margin makes the true FCF multiple difficult to sustain
Full Memo Continues
5 more sections, locked
- ●Valuation Range & DCFBase/bull/bear fair-value range, WACC, terminal growth, sensitivity to revenue + margin assumptions.
- ●Risk/Reward AssessmentPosition-sizing framework with explicit upside/downside skew and entry conditions.
- ●Management & Capital AllocationMulti-year capital-allocation track record, incentive alignment, and management readout.
- ●Monitoring FrameworkWhat to watch each quarter — leading indicators and inflection signals tracked by the analyst.
- ●Unresolved QuestionsOpen analyst questions and follow-up research items — the depth signal.
For Agents — $2 per memo
Call the JSON API with a Stripe Shared Payment Token. No account, no signup — just pay and call.
GET /api/v1/research/ZS/memo Authorization: Bearer spt_...
Fund managers — coverage subscriptions launching soon. See marginofinsight.com.