Topic: Q1 beat vs. full-year guidance raise magnitude
Key points:
Q1 revenue outperformed estimates by ~$7 million; Q2 guide came in ahead by ~$2 million, totaling ~$10 million above prior expectations.
Full-year raise is less than the Q1+Q2 beat combined, implying revised assumptions about the second-half ramp.
Mgmt stance: Neutral — Ed Grabscheid explains that while Q1 was strong (cloud growth 50%, cloud mix >50% at 51% for the first time), much of the upside came from usage over minimum commitments. The company only guides on annual commitments, so uncommitted overage is not included in guidance until converted.
Q2 — Sanjit Singh (follow-up) & Shlomi Haim
Topic: Durability of JFrog’s security portfolio amid AI/model log disruption
Key points:
Market sees a flood of software supply chain attacks targeting open-source maintainers; all JFrog Curation customers were protected against those attempts.
JFrog’s differentiator is being the system of record for binaries/artifacts (not source code), which remains critical even as coding agents replace human-written source code.
Three pillars: secure hosting of artifacts (needed in multi-agent world), protection at the gate against open-source risks (Python, NPM, Hugging Face, Docker), and combining security for new AI outputs with legacy binaries already in production.
Mgmt stance: Bullish — Shlomi Haim states new logos are now buying JFrog with security, seeing it as the future. He emphasizes confusion in the market between source-code and binary security, and views JFrog’s binary expertise and Artifactory moat as durable.
Shlomi defines “legacy” as existing binary code in production that must be regulated for 7–45 years (e.g., banks, automakers); these binaries remain first-class citizens in the system of record even as coding agents build new binaries.
Ed Grabscheid says Q1 cloud strength was broad-based, not concentrated on AI-native customers; traditional and non-AI-native customers contributed. The $1 million land with an AI-native customer from last year renewed.
Shlomi adds that serving AI labs (the power grid of their software supply chain) provides learnings for the rest of the portfolio, beyond direct revenue from those accounts.
Mgmt stance: Bullish — management sees legacy binary management as a large, lasting asset for customers, and views AI-natives as strategic partners that enhance overall platform value.
Q4 — Michael Cikos
Topic: Customer architecture modernization due to Agentic AI; cloud strength qualification
Key points:
Customers are questioning every human-interaction technology; source code has become cheap and can be produced 1,000x faster experimentally.
Key new use cases: MCP servers (machine-to-machine interaction) are another binary type; JFrog can become the “MCP registry” for all MCP servers. NVIDIA inquired about “skills” for agents—another binary type—and whether JFrog can become the “Skills Registry.”
Cloud strength was broad-based across geography and industry, from start to finish in Q1; cloud guide raised from 30%–32% to 33%–35%.
Mgmt stance: Bullish — Shlomi sees JFrog’s universal system of record for all binaries (machine language, not source code) as the natural answer for the Agentic stack evolution; Ed confirms confidence in cloud growth.
Q5 — William Miller Jump
Topic: AI-driven binary production vs. a year ago; customer hesitancy to commit larger deals
Key points:
Shlomi uses a digital-photography analogy: source code became cheap (like digital photos), so the number of binaries (the “prints” taken to production) is growing rapidly compared to a year ago.
Binaries must be immutable, tracked, and governed; JFrog addresses both volume growth and governance (e.g., ensuring no sensitive data in the “pictures”).
No specific numbers on customer hesitancy to commit; Shlomi implies the conversation is about managing the new volume and governance, not about barriers to commitment.
Mgmt stance: Bullish — Shlomi frames the binary growth as a structural trend (replacing film with digital photography) that directly benefits JFrog’s core value proposition of secure binary management and governance.
Q&A Batch (6-10 of 14)
Q6 — Howard Ma
Topic: Revenue drivers for Curation and Advanced Security
Key points:
Curation acts as a firewall enforcing policy on open-source packages; demand increased after every attack since Q4 2025, including MCP and Python attacks in Q1.
Advanced Security and Xray handle secrets, composition analysis, and dependency graph security inside Artifactory.
Curation monetization is based on seats (common security currency); attacks drive seat demand but not data consumption (data consumption driven by packages in/out of production).
Mgmt stance: Bullish – Curation scales to AI-level pull requests (1,000x faster), and customers embrace it due to rising attack frequency.
Q7 — Mark Cash
Topic: Customer need for JFrog governance (MCP registry, AI catalog)
Key points:
Customers requested an MCP registry because MCP servers are binary code; JFrog released it this quarter.
Similar demand for Skills (coding agents) and CLI technologies – all are binary code and natural expansions of Artifactory.
Customers trust JFrog to provide a safe place for MCP servers, analogous to existing NPM/Python/Docker registries.
Mgmt stance: Bullish – Binary code management is JFrog’s core, and AI agent trends (MCP, Skills, CLI) expand Artifactory’s role.
Q8 — Jason Celino
Topic: Customer alternatives to Curation and capacity to meet demand
Key points:
Alternatives are any binary management tool; JFrog differentiators: universality (“Switzerland of binaries”), 17 years of scalability, hybrid cloud/on-prem, ecosystem integration (DevOps, DevSecOps, DevGovOps).
JFrog avoids vendor lock-in; a threat would be a universal solution matching these attributes.
Mgmt stance: Bullish – Strong moat built on universality, scalability, and hybrid freedom; no direct competitor matches all.
Q9 — William Kingsley Crane
Topic: Urgency of Curation/Advanced Security vs. larger architectural decisions; Q1 cloud upside
Key points:
Every software supply chain attack (now every few weeks) immediately boosts pipeline; attacks include SolarWinds, Log4j, and recent NPM attacks.
Source code scanning is now “overappreciated”; protection of production binaries is key.
Some customers react based on fear, but responsibility is increasing due to attack magnitude.
Mgmt stance: Neutral – Attacks drive immediate pipeline, but customer decisions vary; no specific Q1 cloud upside number provided.
Q10 — Shrenik Kothari
Topic: AI code transition from experimental to production grade
Key points:
Customers are in experimental mode; tools shift rapidly (Copilot, Cursor, Anthropic, Codex).
No customer has a fully autonomous process; it’s still human developers + coding agents.
AI has not yet taken over fully autonomous development from scratch to production.
Mgmt stance: Cautious – AI adoption is early; “some miles to go” before full autonomy, but collaboration between humans and coding agents is rising.