Rapid7 (RPD) Q3 2025: MDR Now Over 50% of ARR, Shifting Growth Focus and Margin Model
Rapid7’s core transition to managed detection and response (MDR), now over half its annual recurring revenue (ARR), is reshaping its growth and profitability profile as leadership accelerates operational changes and resets guidance for higher forecast credibility. Despite deal timing headwinds and a conservative ARR outlook, the company’s AI-powered platform strategy and new Microsoft partnership signal a sharpened focus on integrated security operations and scalable margin expansion heading into 2026.
Summary
- MDR Mix Shift: Over half of ARR now stems from MDR, driving a new profitability and growth focus.
- Operational Reset: Leadership overhaul and go-to-market realignment aim to restore guidance credibility and accelerate execution.
- AI Platform Bet: AI-powered SOC and Microsoft integration underpin a unified security strategy for 2026 and beyond.
Performance Analysis
Rapid7’s third quarter reflected a business in transition, with ARR reaching $838 million, up 2% year-over-year, and revenue of $218 million, both modest but above outlook. MDR, managed detection and response, now comprises more than half of ARR, and continues to grow at a double-digit pace, offsetting slower legacy exposure management and professional services segments. Average ARR per customer increased to over $72,000, but sequential growth stalled as large deal cycles lengthened and new customer additions lagged expectations.
International revenue, at 25% of total, grew 8% year-over-year, outpacing domestic performance and reflecting targeted investment outside North America. Gross margins remained robust at 75% for product and 73% overall, with operating income of $37 million and free cash flow of $30 million, demonstrating underlying cost discipline. However, leadership acknowledged missing prior ARR targets and responded with a more conservative ARR outlook for Q4 and 2025, citing near-term forecasting variance and the impact of organizational changes.
- MDR Margin Expansion: Automation and AI have enabled MDR to deliver higher profitability than legacy managed services models.
- Deal Timing Variability: Large platform consolidation deals are pushing out sales cycles, impacting ARR timing and forecast precision.
- Professional Services Decline: De-emphasis of lower-margin services further concentrates the business on scalable, recurring revenue streams.
The company’s focus is clearly shifting toward scalable, higher-margin MDR and AI-driven platform services, but growth remains gated by pipeline conversion and execution on expansion opportunities.
Executive Commentary
"Rapid7 has made and continues to make significant organizational changes to accelerate our go-to-market motion, capture the large opportunity in front of us in AI SOC, and position the company for accelerating top-line growth...We are confident that we are making the right changes to re-accelerate Rapid7, but we also acknowledge that we have fallen short of the ARR guidance that we have provided to you in recent history and thus far this year."
Corey Thomas, CEO
"Year-over-year ARR growth in the third quarter was driven predominantly by 2% in ARR per customer, and we ended the third quarter with over 11,600 customers globally...We are raising our full-year operating income guidance to the upper half of our prior range and now expect to deliver $130 to $135 million in operating income for the year, representing an operating margin of 15 to 16%."
Tim Adams, CFO
Strategic Positioning
1. MDR as the Growth and Margin Engine
MDR now comprises more than 50% of ARR and is growing at a double-digit rate, fueled by AI-powered automation and operational leverage. Leadership emphasized that years of investment in automation and AI have enabled Rapid7 to deliver MDR at higher gross margins than traditional managed services. The company expects this segment to remain the primary engine for both growth and profitability, and is realigning resources and incentives accordingly.
2. AI-Powered Command Platform and Integration
The Command Platform, Rapid7’s AI-powered security operations center (SOC) solution, unifies exposure management and threat detection/response into a single customer experience. The platform’s open architecture, agentic AI workflows, and automation are positioned as key differentiators, with recent analyst recognition (Gartner Magic Quadrant, Forrester, IDC) validating the approach. The integration with Microsoft Defender further expands addressable market and positions Rapid7 as a preferred managed security partner for Microsoft’s large installed base.
3. Operational Realignment and Leadership Overhaul
Significant leadership changes, including a new Chief Commercial Officer and incoming CFO, are intended to reset go-to-market execution and restore credibility in forecasting. The new CCO is tasked with standardizing sales processes, unlocking expansion opportunities (especially VM to Exposure Command upgrades), and aligning teams around the high-potential MDR opportunity. The company is deliberately accepting near-term forecasting conservatism to establish a higher-confidence baseline for 2026 growth acceleration.
4. Transition from Legacy to Strategic Revenue Mix
Rapid7 is actively de-emphasizing lower-margin professional services and legacy on-premise vulnerability management (VM), shifting focus and resources to managed services and integrated platform sales. This mix shift is expected to drive higher retention, larger average deal sizes, and more predictable recurring revenue, but requires execution on complex, longer-cycle deals and customer upgrades.
5. Channel and International Investment
International markets now contribute 25% of revenue and are growing faster than domestic, reflecting recent investment. The channel is also being leveraged more aggressively to scale go-to-market reach, particularly for MDR and platform solutions, providing leverage for future growth.
Key Considerations
Rapid7’s Q3 marks a pivotal phase in its business model evolution, with operational discipline and strategic bets on AI and MDR setting the tone for 2026. Investors should focus on the company’s ability to execute on expansion, manage deal cycle variability, and translate platform differentiation into sustained ARR growth.
Key Considerations:
- MDR Margin Model: Automation and AI have enabled Rapid7 to scale MDR profitably, setting a new benchmark for managed service economics.
- Expansion Engine Execution: Upgrades from legacy VM to Exposure Command are producing larger deals, but conversion rates remain slower than planned, highlighting execution risk.
- Forecasting Credibility: Leadership is deliberately conservative in guidance, aiming to rebuild investor trust after prior ARR misses and leadership turnover.
- Microsoft Partnership Potential: Early-stage integration with Microsoft Defender could unlock significant cross-sell and new customer opportunities, but requires focused sales enablement and execution.
- International and Channel Leverage: Non-US revenue outpaces domestic growth, and channel expansion is expected to drive incremental scale and reach.
Risks
Deal cycle variability and execution on large, complex upgrades remain the most immediate risks, with forecasting uncertainty heightened by ongoing organizational changes. Competitive pricing pressure in MDR and the need to accelerate new customer ARR could constrain near-term growth. The company’s shift away from legacy services is strategically sound, but leaves little room for error in scaling the new model. Investors should monitor churn trends and the success of operational realignment for signs of sustainable momentum.
Forward Outlook
For Q4, Rapid7 guided to:
- Revenue of $214 million to $216 million
- Non-GAAP operating income of $25 million to $30 million
- Non-GAAP net income per share of $0.37 to $0.44
For full-year 2025, management tightened guidance to:
- Revenue of $856 million to $858 million (1-2% YoY growth)
- Operating income of $130 million to $135 million (15-16% margin)
- Free cash flow of $125 million to $135 million
Management emphasized that ARR is expected to end Q4 approximately flat, reflecting conservative assumptions around pipeline conversion and the impact of operational changes. The focus remains on establishing a credible baseline for 2026 growth acceleration, with new leadership tasked to deliver improved execution and pipeline visibility.
Takeaways
Rapid7 is in the late stages of a multi-year business model shift, with MDR and AI-driven platform services now at the core. The company is prioritizing operational discipline and forecasting credibility over near-term growth, while setting up for a potential reacceleration in 2026 as new leadership beds in and strategic partnerships scale.
- MDR Dominance: The mix shift to MDR is reshaping both growth and margin profiles, but requires disciplined execution and pipeline management to deliver on its promise.
- Operational Realignment: Leadership changes and sales process standardization are critical for restoring investor confidence and unlocking latent expansion opportunities.
- 2026 Setup: Investors should watch for evidence of pipeline conversion, sales force alignment, and early returns from the Microsoft partnership as key signals for a growth inflection next year.
Conclusion
Rapid7’s Q3 results underscore a deliberate pivot to scalable, high-margin MDR and AI-powered platform services, supported by operational realignment and a reset in guidance conservatism. The company’s ability to execute on these changes, convert large deals, and leverage new partnerships will determine whether it can deliver on its growth ambitions in 2026 and beyond.
Industry Read-Through
Rapid7’s margin-focused MDR model and AI SOC strategy spotlight a sector-wide shift toward managed, integrated security platforms, as customers consolidate fragmented tools and seek operational efficiency. The company’s experience with longer deal cycles and the need for sales process standardization mirrors broader industry challenges in moving upmarket. Rapid7’s partnership with Microsoft highlights the growing importance of ecosystem integration, suggesting that security vendors with deep platform alliances and automation capabilities will be best positioned to capture future growth. Investors should expect continued mix shifts, margin focus, and operational resets across the cybersecurity landscape as managed services and AI become central to the value proposition.