Analyst(s): Fernando Montenegro
Publication Date: February 23, 2026
Palo Alto Networks’ Q2 FY 2026 results underscore steady top-line execution and platform-driven demand across SASE, software firewalls, and AI SOC. Management emphasized accelerating platformization momentum, growing AI security traction, and integration roadmaps for recent acquisitions aimed at identity and observability scale.
What is Covered in This Article:
- Palo Alto Networks’ Q2 FY 2026 financial results
- Platformization momentum and large consolidation wins
- SASE, secure browser, and firewall trajectory
- AI SOC, AIRS, and agentic endpoint strategy
- Guidance and Final Thoughts
The News: Palo Alto Networks (NASDAQ: PANW) reported Q2 FY 2026 revenue of $2.6 billion, up 15% year-on-year (YoY), which was at par with the Wall Street consensus. Product revenue was $514 million, up 22% YoY, and subscription and support revenue was $2.1 billion, up 13% YoY. Non-GAAP operating income was $785 million, up 22% YoY, with a non-GAAP operating margin of 30.3% (+190 basis points YoY). Non-GAAP net income was $732 million, up 29% YoY, and non-GAAP diluted EPS was $1.03, up 27% YoY.
“We saw continued strength in platformizations, a trend that is accelerating due to AI — customers are keen to both modernize and normalize their cybersecurity stack, aligning them to our approach,” said Nikesh Arora, chairman and CEO of Palo Alto Networks. “We are excited to welcome the employees of Chronosphere and CyberArk to help us drive our growth in the future.”
Palo Alto Networks Q2 FY 2026: ARR Accelerates as Platform Strategy Scales
Analyst Take: Palo Alto Networks delivered a solid Q2 FY 2026 that advances its platformization strategy while leaning into AI security, identity, and observability. The company’s news flow highlights expanding next-generation security demand, with execution spanning SASE, software firewalls, XSIAM, and Prisma AIRS. Recent and pending integrations (CyberArk, Chronosphere, Koi) point to a broader control-plane and data-plane architecture geared for AI-era scale. While near-term profitability guidance reflects acquisition effects and a higher SaaS mix, the setup into the second half is anchored by elevated ARR and RPO outlooks alongside visible customer consolidation pipelines. Overall, the quarter reinforces the company’s positioning at critical control points across network, endpoint, cloud, browser, and identity.
Platformization Momentum and Consolidation Wins
Management reported approximately 110 net new “platformization” deals in Q2 (about 1,550 total; up 35%), supported by a best-in-class 119% net retention rate among customers with low single-digit churn. Large multi-domain wins continue to validate the architecture-first approach, including an over $50 million transformation with a global automotive leader (about $30 million SASE and $20 million XSIAM) and an over $40 million global XSIAM-led modernization with a major technology supplier. A leading IT services provider expanded $20 million around XSIAM, completing platformization across network security and SecOps. These wins reflect customer shifts from first-generation point products to unified architectures spanning data center, cloud, and remote workforces. The combination of scale, outcomes, and consolidation potential remains a differentiator as adversaries accelerate attack speed. Taken together, platform adoption trends should continue to compound expansion and retention.
SASE, Secure Browser, and Firewall Trajectory
SASE surpassed $1.5 billion in ARR, growing roughly 40% YoY, as early SASE adopters reassess point offerings in favor of unified architectures. Prisma Browser adoption reached more than 1,500 customers (about 10% of the Global 2000), with over 9 million licenses sold to date and 2 million seats added in Q2. Software firewall ARR grew approximately 25%, reflecting multi-cloud dynamics and AI workload requirements, while hardware revenue increased nearly 10% on early Gen5 firewall adoption and SD-WAN. Management also highlighted emerging post-quantum priorities (for example, harvest-now/decrypt-later risk), with strong executive interest and nearly 5,000 attendees at the company’s recent Quantum summit. The breadth from browser to SASE to next-gen firewalls expands control-point coverage and data visibility. These drivers collectively reinforce sustained SASE and software form factor momentum amid evolving hybrid architectures.
AI SOC, AIRS, and the Agentic Endpoint
XSIAM surpassed $0.5 billion in ARR, adding nearly 150 new customers in the quarter to reach more than 600 total, with average ARR per customer near $1 million and, according to the company, over 60% achieving mean time to remediation under 10 minutes. Agentix extends automation beyond the SOC to first- and third-party infrastructure, already enabled by about 200 XSIAM customers, moving toward enterprise-wide autonomous response. Prisma AIRS (AI security) more than tripled customers quarter-over-quarter to over 100, with bookings doubling and a nine-figure pipeline forming, pointing to rapid adoption for model, agent, and runtime protection. The company also announced its intent to acquire Koi to secure the agentic endpoint layer across MCP servers, extensions, and plugins that bypass traditional controls. This expands visibility and governance across the emerging AI software stack, including endpoint-resident AI components. The combined AI SOC plus AIRS approach positions the company to operationalize prevention, detection, and remediation at machine speed.
Guidance and Final Thoughts
For Q3 FY 2026, the company guided next-generation security ARR to $7.94 billion to $7.96 billion (up 56% YoY), RPO to $17.85 billion to $17.95 billion (up 32%–33% YoY), revenue to $2.941 billion to $2.945 billion (up 28%–29% YoY), and non-GAAP diluted EPS to $0.78 to $0.80. For FY 2026, guidance is for next-generation security ARR of $8.52 billion to $8.62 billion (up 53%–54% YoY), RPO of $20.2 billion to $20.3 billion (up 28% YoY), revenue of $11.28 billion to $11.31 billion (up 22%–23% YoY), non-GAAP operating margin of 28.5%–29.0%, non-GAAP diluted EPS of $3.65 to $3.70, and adjusted free cash flow margin of 37%. Management raised outlook for revenue, NGS ARR, and RPO while resetting EPS to reflect acquisition integration and the mix impact from high-growth SaaS offerings. The multi-pillar strategy across network, SecOps, AI, identity, and observability should support durable demand as customers consolidate toolchains and automate response. Execution on integration milestones and cross-sell motions will be key watch items in the second half.
See the full press release on Palo Alto Networks’ Q2 FY 2026 financial results on the company website.
Declaration of generative AI and AI-assisted technologies in the writing process: This content has been generated with the support of artificial intelligence technologies. Due to the fast pace of content creation and the continuous evolution of data and information, The Futurum Group and its analysts strive to ensure the accuracy and factual integrity of the information presented. However, the opinions and interpretations expressed in this content reflect those of the individual author/analyst. The Futurum Group makes no guarantees regarding the completeness, accuracy, or reliability of any information contained herein. Readers are encouraged to verify facts independently and consult relevant sources for further clarification.
Disclosure: Futurum is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.
Analysis and opinions expressed herein are specific to the analyst individually and data and other information that might have been provided for validation, not those of Futurum as a whole.
Other Insights from Futurum:
Palo Alto Networks Q4 FY 2025 Earnings Show 16% Growth, Strong ARR Momentum
No More Playing Koi: Can Palo Alto Networks Secure the Modern Supply Chain?
Can Proofpoint Secure the Intent of the Autonomous Agent?
Author Information
Fernando Montenegro serves as the Vice President & Practice Lead for Cybersecurity & Resilience at The Futurum Group. In this role, he leads the development and execution of the Cybersecurity research agenda, working closely with the team to drive the practice's growth. His research focuses on addressing critical topics in modern cybersecurity. These include the multifaceted role of AI in cybersecurity, strategies for managing an ever-expanding attack surface, and the evolution of cybersecurity architectures toward more platform-oriented solutions.
Before joining The Futurum Group, Fernando held senior industry analyst roles at Omdia, S&P Global, and 451 Research. His career also includes diverse roles in customer support, security, IT operations, professional services, and sales engineering. He has worked with pioneering Internet Service Providers, established security vendors, and startups across North and South America.
Fernando holds a Bachelor’s degree in Computer Science from Universidade Federal do Rio Grande do Sul in Brazil and various industry certifications. Although he is originally from Brazil, he has been based in Toronto, Canada, for many years.
