F5 (FFIV) Q4 2025: Security Incident Drives 0–4% FY26 Growth Guide Amid 42% Systems Surge
F5’s standout FY25—marked by robust systems growth and record profitability—faces a near-term reset as a recent security incident tempers FY26 guidance. Management’s transparency and rapid customer response are mitigating reputational risk, but sales cycles and new project momentum face disruption in the first half. Investors should monitor how quickly F5’s platform adoption and AI-driven demand can offset this temporary pause and reaccelerate growth by year-end.
Summary
- Security Incident Disruption: Recent breach drives near-term sales delays and a conservative FY26 growth outlook.
- Systems and AI Tailwinds: Tech refresh and AI use cases fueled record FY25 product growth and margin expansion.
- Platform Adoption Critical: Sustained SaaS and multi-product traction will determine F5’s recovery pace in FY26.
Performance Analysis
F5 capped FY25 with $3 billion in revenue and $1 billion in operating profit, both all-time highs, reflecting a strong product cycle and expanding operating leverage. Product revenue led the quarter, up 16% year-over-year, driven by a 42% jump in systems as enterprise demand for data center modernization, AI infrastructure, and competitive takeouts accelerated. Software revenue was steady, held back by SaaS transitions and a temporary customer shift toward hardware for select use cases. Recurring revenue—comprising 72% of Q4’s total—remained a foundation of stability as maintenance, subscription, and SaaS renewals provided ballast against volatility.
Margin expansion was a standout, with non-GAAP gross margin rising 138 basis points and operating margin up 255 basis points year-over-year. Free cash flow reached a record $906 million, up 19% from FY24, and F5 returned 55% of this to shareholders via buybacks. Regional growth was broad-based, with APAC outpacing at 19%. Notably, enterprise customers made up 73% of Q4 product bookings, with government at 19% and service providers lagging at 8%. The business model’s resilience was evident in the recurring revenue mix and strong deferred revenue, which climbed 11% to $2 billion.
- Systems Momentum: Tech refresh and AI demand drove a 42% YoY systems revenue surge, with growth split between refreshes and new capacity expansion.
- Recurring Revenue Stability: 72% recurring revenue mix insulated F5 from abrupt swings, as renewals and maintenance contracts provided visibility.
- Software Headwinds and Transition: Software revenue growth was muted by SaaS transitions and timing of renewals, but multi-year agreements and distributed cloud adoption remain positive underlying drivers.
While FY25’s momentum was robust, the immediate impact of the security breach is expected to weigh on new project bookings and sales execution in the first half of FY26, with normalization forecasted in the second half.
Executive Commentary
"Our immediate focus, however, has been on our incident response, and I will speak to our priorities and offer an update on where we are now. Upon identifying the threat on August 9th, our team immediately activated our incident response process. Our priorities were clear. First, contain the threat actor, initiate a thorough investigation, and take immediate and urgent action to strengthen F5 security posture... Our initial steps have been successful."
Francois Locodinou, President and CEO
"We delivered a strong Q4, growing revenue 8% to $810 million, with a mix of 49% global services revenue and 51% product revenue... We generated $906 million in free cash flow for all of FY25, up 19% from FY24, resulting in a free cash flow margin of 29%, highlighting the strength of our business fundamentals."
Cooper Werner, Executive Vice President and CFO
Strategic Positioning
1. Security Incident Response and Trust Rebuild
F5’s decisive, transparent response to the August security breach is shaping its near-term strategy. Immediate priorities included rapid code updates, customer outreach, and bolstering internal security investments. The addition of a Chief Technology Operations Officer with deep cybersecurity expertise and new trust center initiatives signal a long-term commitment to regaining customer confidence and industry leadership in security.
2. Platform and SaaS Adoption Acceleration
The Application Delivery and Security Platform (ADSP), F5’s unified offering, is gaining traction as customers seek to simplify hybrid multi-cloud complexity. Nearly 900 customers now leverage F5’s XOps capabilities, up from just 20 a year ago, and SaaS customer count grew 57% year-over-year. The company’s “land and expand” model is proving effective, with a third of distributed cloud customers expanding spend by 90% post-initial deployment. This multi-product adoption is a key growth lever as legacy SaaS transitions wind down.
3. AI-Driven Use Cases and Data Center Modernization
AI infrastructure demand is driving a wave of data center refreshes and new use cases for F5’s portfolio. FY25 saw wins in data delivery, AI runtime security, and AI factory load balancing, with more than 30 AI-related customer wins. The acquisition of Calypso AI adds real-time threat defense for generative AI, broadening F5’s addressable market and deepening its differentiation in securing emerging workloads.
4. Flexible Consumption and Customer Retention
Flexible multi-year agreements and distributed cloud services are increasing wallet share from top customers. 26% of F5’s top 1,000 customers now use distributed cloud services, up from 17% last year, and 70% consume multiple product families. These trends support long-term recurring revenue growth and reduce reliance on transactional hardware cycles.
5. Vertical and Regional Dynamics
Enterprise and APAC outperformed, while service provider bookings remained subdued due to sluggish 5G adoption and limited new drivers in telecom. The public sector is facing short-term headwinds from government shutdowns, but hybrid multi-cloud adoption in core verticals continues to expand F5’s addressable market.
Key Considerations
The strategic context for Q4 is a balancing act between robust platform momentum and the reputational risk from the security incident. Investors must weigh the durability of F5’s recurring revenue and platform adoption against the uncertain duration of sales disruption and potential competitive encroachment.
Key Considerations:
- Incident Impact Scope: The breach affected BIG-IP customers, both hardware and virtual editions, with a small subset experiencing non-sensitive data exfiltration; SaaS and NGINX were unaffected.
- Sales Cycle Disruption: Management expects most impact in H1 FY26 as resources shift to remediation and customer approvals slow; recurring revenue streams remain resilient.
- AI and Data Center Refresh Leverage: AI-driven demand and tech refresh cycles are expanding F5’s footprint and opening new insertion points, with early-stage growth potential.
- SaaS Transition Headwind Fading: The wind-down of legacy SaaS offerings is nearly complete, setting the stage for SaaS and managed services revenue to return to growth in FY26.
- Margin and Cash Discipline: Despite short-term growth pressure, F5 maintains strong gross and operating margins, with continued commitment to shareholder returns via buybacks.
Risks
The primary risk is extended sales disruption or reputational damage from the security breach, which could delay new project bookings or drive competitive churn if not managed effectively. Additional risks include slower-than-expected recovery in government and service provider verticals, timing mismatches in software renewals, and the potential for further cybersecurity incidents as threat actors increasingly target infrastructure providers. The company’s guidance assumes normalization by H2 FY26, but this is contingent on customer confidence and execution.
Forward Outlook
For Q1 FY26, F5 guided to:
- Revenue of $730 to $780 million, reflecting a wider-than-normal range due to sales cycle disruption.
- Non-GAAP gross margin of 82.5% to 83.5% and non-GAAP EPS of $3.35 to $3.85 per share.
For full-year FY26, management guided:
- Revenue growth of 0% to 4%, with impact concentrated in H1 and normalization expected in H2.
- Non-GAAP operating margin of 33.5% to 34.5% and EPS of $14.50 to $15.50.
Management highlighted several factors that will influence results:
- Persistent demand drivers in hybrid multi-cloud and AI, supporting a mid-single-digit growth trajectory once incident impacts subside.
- Continued investment in cybersecurity and platform innovation to rebuild trust and expand addressable market.
Takeaways
F5’s FY25 was marked by strong execution, but the security incident introduces a near-term reset. The business model’s recurring revenue and platform adoption provide resilience, but recovery hinges on customer trust and sales execution in the coming quarters.
- Incident Response and Customer Retention: The speed and transparency of F5’s response will be critical in retaining high-value customers and restoring growth momentum.
- Platform and AI Opportunity: Continued expansion of ADSP and AI-driven use cases is the primary lever for reaccelerating growth and differentiating from point-solution competitors.
- Watch for H2 Reacceleration: Investors should monitor H2 FY26 for signs of sales normalization and platform-led growth, as well as continued margin discipline and capital returns.
Conclusion
F5 exits FY25 with record profitability and robust platform adoption, but faces a near-term pause as it navigates the aftermath of a security incident. The underlying business remains healthy, with strong recurring revenue and expanding AI use cases. Execution on customer trust, platform innovation, and sales recovery will determine how quickly F5 returns to its mid-single-digit growth trajectory.
Industry Read-Through
F5’s experience underscores the rising operational and reputational risks for infrastructure software providers as threat actors increasingly target core platforms. The company’s rapid incident response and transparency set a new bar for peer vendors, while the shift toward unified platforms and recurring models highlights the value of customer retention over transactional sales. The AI-driven data center refresh cycle is a secular tailwind for the broader application delivery and security market, but sustained growth will depend on how effectively vendors can secure trust amid an evolving threat landscape. Investors in adjacent infrastructure, security, and cloud software firms should expect heightened customer scrutiny and prioritize resilience in recurring revenue streams and platform adoption.