Rapid7 (RPD) Q4 2025: Detection & Response Hits 7% Growth, AI Investments Anchor Transformation

2026-02-10 | By EarningsIQ Research

Rapid7’s Q4 highlighted a strategic pivot toward AI-enabled managed security, as detection and response ARR grew 7% and leadership doubled down on outcome-based models. Despite flat total ARR and a cautious 2026 outlook, the company’s investments in platform consolidation and AI-driven services position it for potential share gains if execution improves. Management’s transparency on near-term headwinds signals a reset in priorities and accountability as the new leadership team takes the helm.

Summary

• AI-Driven Security Operations Take Center Stage: Rapid7 is prioritizing AI-enabled managed detection and response and platform consolidation to differentiate in a crowded cybersecurity market.
• Execution Reset Under New Leadership: Fresh go-to-market and operational changes aim to improve sales productivity, retention, and customer engagement, but near-term growth remains pressured.
• 2026 Guidance Reflects Discipline, Not Optimism: Management is conservative on ARR and revenue visibility, emphasizing operational efficiency and cash flow over immediate expansion.

Business Overview

Rapid7 provides cybersecurity software and managed services, focusing on detection and response (DNR), exposure management, and AI-enabled security operations. The company generates revenue primarily through annual recurring revenue (ARR) from its platform and managed services, with detection and response now accounting for just over half of total ARR. Its business model is increasingly anchored on outcome-based pricing, tying fees to the scope of protected environments and measurable security outcomes for enterprise customers.

Performance Analysis

Q4 2025 results came in ahead of guidance, with total revenue at $217.4 million and full-year revenue at $859.8 million. However, overall growth was muted, with ARR ending flat year-over-year at $839.9 million as the company absorbed a mix shift toward its faster-growing detection and response segment. DNR ARR grew approximately 7% and now makes up just over 50% of total ARR, offsetting ongoing declines in legacy and slower-growth areas.

Profitability was a relative bright spot, with non-GAAP operating income of $30.1 million for Q4 and $135.7 million for the year, though margins dipped sequentially due to ramped investments in sales, product, and global capacity. Free cash flow remained solid at $130 million, and the balance sheet is robust, supporting liquidity ahead of a 2027 debt maturity. The company’s professional services revenue declined as more delivery shifted to partners, enabling Rapid7 to focus on core offerings and higher-margin managed services.

• Detection & Response Drives Growth: DNR’s 7% ARR growth is the primary engine, but not yet enough to offset softness elsewhere.
• Exposure Management Shows Early Uptick: Exposure Command saw increased adoption in Q4, but upgrades remain a work in progress.
• Cost Base Reset for Efficiency: Elevated Q4 expenses will persist into early 2026, with margin expansion expected as efficiency gains materialize.

Unit economics are improving as AI automates routine security tasks, freeing expert staff to focus on higher-value engagements. Still, overall topline growth is constrained by headwinds in legacy segments and a deliberate shift away from lower-margin, non-core offerings.

Executive Commentary

Strategic Positioning

1. AI-Enabled Managed Services as Core Differentiator

Rapid7 is betting its future on the convergence of proprietary security data, AI-driven automation, and deep human expertise. The company’s managed detection and response (MDR, outsourced threat monitoring and response) offering is being enhanced with agentic AI, automating repetitive SOC (Security Operations Center) tasks and enabling experts to focus on complex incidents. This blend of technology and service is positioned as defensible against pure software or point solution competitors.

2. Platform Consolidation and Integration

The Exposure Command platform and integrations with partners like Microsoft are designed to consolidate fragmented security tools and provide unified risk visibility. The company’s 500+ integrations and open data architecture aim to make Rapid7 the central platform for security operations, a key lever as customers seek to simplify and consolidate vendors.

3. Go-to-Market and Customer Success Overhaul

Leadership is restructuring sales, marketing, and customer success, with new incentive plans, tighter alignment, and a renewed focus on the core mid-market enterprise segment (organizations with 1,000–20,000 employees). The intent is to drive higher sales productivity, improve retention, and win more “singles and doubles” alongside large enterprise deals.

4. Portfolio Rationalization and Resource Focus

Rapid7 is intentionally shifting resources away from legacy on-premises and non-core offerings, accepting near-term revenue headwinds in favor of investing in high-growth, high-margin areas like managed services and AI-powered solutions. This trade-off is expected to yield more durable growth and margin expansion over time.

5. Outcome-Based Pricing Model

The company’s move toward outcome and usage-based pricing, rather than per-seat models, is intended to align value with customer security needs and scale with protected environments. This model is also more resilient to AI-driven disruption in software pricing.

Key Considerations

Rapid7’s Q4 signals a strategic inflection, with new leadership and a sharper focus on sustainable, AI-driven managed security operations. Execution risk remains high, but the company is laying the groundwork for a more defensible and scalable business model.

Key Considerations:

• Detection & Response Must Accelerate: DNR growth needs to outpace declines elsewhere to return the company to sustained ARR expansion.
• Exposure Command Adoption is Pivotal: Early Q4 momentum in exposure management must continue for meaningful net retention gains.
• Operational Efficiency is Core to Margin Story: AI automation and India-based capacity centers are intended to drive margin gains, but require flawless execution.
• Leadership Transition Brings Accountability: New CFO and go-to-market leadership are resetting expectations and prioritizing transparency, but execution will take time to bear fruit.
• Conservative Guidance Reflects Volatility: Management’s decision to withhold full-year ARR guidance signals caution amid ongoing transformation and market uncertainty.

Risks

Rapid7 faces several material risks, including execution challenges as it pivots to AI-enabled managed services, potential customer churn in legacy segments, and competitive pressure from both established and emerging cybersecurity vendors. The shift away from legacy offerings and focus on larger, more complex deals could create near-term volatility in ARR and retention. Additionally, the company’s ability to deliver on efficiency and margin expansion targets hinges on successful integration of new leadership and operational processes, as well as continued customer adoption of its AI-driven platform.

Forward Outlook

For Q1 2026, Rapid7 guided to:

• ARR of approximately $830 million (down 1% YoY)
• Total revenue of $207–$209 million (down 1% YoY at midpoint)
• Non-GAAP operating income of $19–$21 million (margin of 9.6% at midpoint)

For full-year 2026, management maintained guidance:

• Total revenue of $835–$843 million (decline of 2% YoY at midpoint)
• Non-GAAP operating income of $108–$116 million (margin of 13.3% at midpoint)
• Free cash flow of $125–$135 million (margin of 15.5%)

Management highlighted several factors that will shape 2026:

• Benefits from sales and operational investments are not expected to impact Q1, but should build through the year.
• Margin expansion is expected as efficiency gains from AI and global capacity take hold, especially in the second half.

Takeaways

Rapid7’s Q4 and 2026 outlook reflect a deliberate pivot toward AI-powered managed security, with a willingness to accept near-term growth headwinds for longer-term defensibility and scalability.

• Managed Detection & Response Is the Core Growth Engine: DNR’s 7% ARR growth and AI enhancements are critical to offsetting legacy declines and enabling future expansion.
• Execution on Platform Upgrades and Go-to-Market is Crucial: Leadership’s new structure and focus on operational rigor must deliver improved sales productivity and customer retention.
• Investors Should Watch for Evidence of Uptick in Exposure Command and Margin Expansion: Sustained improvement in these areas will be key to validating the transformation narrative over the next 2–3 quarters.

Conclusion

Rapid7’s Q4 2025 results and guidance for 2026 mark a reset in both strategy and expectations. While immediate growth is under pressure, the company’s focus on AI-driven managed services, platform consolidation, and operational discipline could position it for share gains if execution aligns with vision. Investors should watch for tangible progress on platform adoption, margin expansion, and sales productivity as signals of durable improvement.

Industry Read-Through

Rapid7’s results reinforce a broader cybersecurity industry trend: Customers are increasingly demanding outcome-based, AI-augmented managed services that combine technology and expert human oversight. The shift away from legacy, seat-based software models toward integrated, outcome-driven platforms is accelerating, with consolidation and automation as central themes. Vendors unable to blend proprietary data, AI innovation, and deep services are likely to face increasing margin and retention pressure. This read-through applies to both public and private cybersecurity providers, especially those exposed to legacy or point solution models. The urgency around platform consolidation and the growing importance of managed services are likely to drive further M&A and partnership activity across the sector.

RPD Technology Cybersecurity AI Managed Services Platform ARR Detection Response