Rubrik
NYSE: RBRK
$84.00 ▼ -3.04  (-3.49%)
At close: Jul 8, 2026 · 2:55 PM UTC
Financial Ratios
Market Cap16.69 Bn
P/E-57.85
P/S11.72
Div. Yield0.00
ROIC (Qtr)-0.05
Revenue Growth (1y) (Qtr)38.99
Add ratio to table…

About

Rubrik, Inc. provides a Zero Trust Data Security platform that helps organizations protect, monitor, and recover data across enterprise, cloud, SaaS, and identity environments. The company’s Rubrik Security Cloud suite delivers data protection, threat analytics, identity security, and cyber recovery capabilities through a cloud native SaaS architecture. Rubrik, Inc. also offers Rubrik Agent Cloud, an AI operations platform that monitors, controls, and remediates agentic…

Read more ↓
Sector: Technology Industry: Software - Infrastructure CIK: 0001943896

Investment Thesis

▲ Bull case
  • Rubrik's platform strategy is creating powerful network effects that the market is underestimating, particularly through its practitioner community and healthcare partnerships. The recently launched Rubrik Practitioner Community addresses a critical gap identified in their Zero Labs research showing 86% of organizations expect AI agents to outpace security guardrails within the next year while only 23% have full visibility into existing agents. This community isn't just a marketing initiative—it creates real switching costs by enabling practitioners to share operational knowledge that rarely travels beyond incident teams, building durable recovery programs and fast decision-making during crises. Simultaneously, the American Hospital Association Preferred Cybersecurity Provider designation provides immediate access to nearly 5,000 hospitals representing 90% of the nation's healthcare systems, addressing a market where cyberattacks can force life-or-death facility shutdowns. Healthcare IT budgets are notoriously recession-resistant due to regulatory requirements and patient safety imperatives, and Rubrik's tailored offerings like the Cyber Resilience Bundle (including Identity Recovery and M365 protection) position them as an essential partner rather than a vendor, likely driving multi-year expansion cycles as hospitals consolidate vendors to meet stringent DORA and ECB-like healthcare regulations.
  • The Managed Service Provider (MSP) opportunity represents a structural shift in enterprise cybersecurity consumption that Rubrik is uniquely positioned to capture, yet the market appears to be overlooking its scale and profitability potential. Rubrik's new MSP program innovations target a projected $258 billion market by 2027, addressing critical pain points including talent scarcity, regulatory complexity, and the need for 24/7 operations that enterprises cannot build internally. Their consumption-based licensing, incident reinforcement, and earned operational maturity designation directly respond to Gartner's observation that organizations are transitioning from capital-heavy deployments to service models to achieve centralized management and operational cost-efficiencies. Crucially, Rubrik's approach enables MSPs to build profitable, scalable services through hybrid tenancy models with unified control—solving the core challenge that has historically made cybersecurity services low-margin and difficult to scale. This isn't merely an add-on channel; it represents a fundamental redistribution of cybersecurity spending toward service-based models where Rubrik's platform-native approach (unlike point solution competitors) provides the integrated visibility and control MSPs need to deliver guaranteed outcomes rather than just tools.
  • Rubrik's Semantic AI Governance Engine (SAGE) constitutes a technological leap in AI agent control that competitors cannot easily replicate, creating a durable moat in the rapidly accelerating AI operations market. Unlike traditional rule-based governance systems that fail with dynamic agent behaviors, SAGE uses a custom Small Language Model to interpret semantic policy intent—enabling real-time, context-aware guardrails that understand what agents are trying to accomplish rather than just monitoring for keyword violations. This was validated in head-to-head benchmarks against GPT-5.2 where Rubrik's SLM demonstrated superior comprehension of nuanced policy-agent interactions. The market is underestimating how this transforms Rubrik Agent Cloud from a monitoring tool into a true AI operations platform capable of enforcing complex organizational policies across heterogeneous agent fleets. Most critically, SAGE provides the industry's only 'rewind' capability to undo agentic mistakes—a feature that addresses the core enterprise fear that agents could cause catastrophic damage through hallucinations or compromise. As AI agent adoption explodes (with Gartner predicting 40% of enterprise applications will integrate task-specific agents by 2026), organizations will prioritize solutions that offer both speed and safety, making SAGE not just a feature but a potential platform-defining advantage that could dominate the emerging AI governance category.
  • The identity security business is becoming Rubrik's most powerful growth engine with structural tailwinds that far exceed current market expectations, driven by the evolving nature of cyber threats. Management revealed they crossed 900 identity customers in Q4 alone—up from 400 just one quarter prior—making it the fastest-growing product in company history, yet this trajectory appears underestimated in forward guidance. This explosive growth is occurring against the backdrop of Rubrik Zero Labs research showing nearly 80% of cyberattacks today are identity-driven and 90% of IT/security leaders citing identity threats as their top concern—fundamental shifts that are increasing, not temporary. Rubrik's approach goes beyond basic protection to deliver Identity Resilience capabilities that enable investigation, reversal of malicious changes, and trusted recovery—a complete lifecycle solution increasingly demanded as attackers target Active Directory, Entra ID, and Okta with sophisticated tradecraft. The healthcare collaborations (MEDITECH, AHA) further amplify this opportunity, as healthcare organizations face unique identity challenges with legacy systems that cannot be easily replaced yet must meet stringent regulatory requirements for patient data access and audit trails. As identity becomes the primary attack surface, Rubrik's integrated approach—tying identity recovery to data protection and AI governance—creates a defensible position that point solution competitors cannot match, likely driving significant wallet expansion from existing customers.
  • Rubrik's international expansion is demonstrating successful execution in complex markets that the market is overlooking, particularly in sovereign cloud and regulated environments where their platform approach provides unique advantages. While overall international revenue grew 51% versus 45% in the Americas, deeper analysis reveals strong traction in sovereign cloud opportunities where countries are mandating data localization and seeking to create AI infrastructure as 'digital embassies'—a nuance management highlighted but didn't quantify in guidance. Their success displacing legacy providers in highly regulated European financial services (meeting DORA/ECB guidelines) and global hospitality companies proves their platform can navigate complex compliance landscapes where point solutions fail. The sovereign cloud opportunity represents a structural shift as nations rebuild IT infrastructure with stringent data controls—exactly the environment where Rubrik's ability to provide uniform policy-driven automation across on-premises, cloud, and SaaS environments becomes critical. Unlike competitors focused on single-cloud or single-function solutions, Rubrik's platform-native approach to data, identity, and application context allows them to serve as the trusted partner for nations seeking to build secure, resilient digital foundations—a multi-decade opportunity that is just beginning to materialize as geopolitical pressures intensify data sovereignty requirements globally.
▼ Bear case
  • The AI agent security market is significantly more crowded and competitive than management acknowledged, creating substantial execution risk for Rubrik Agent Cloud that the market is underpricing. While Bipul positioned Rubrik as having a 'unique perspective and solution' in the agent control market, he simultaneously admitted 'everybody with a mother is jumping into this market' and acknowledged it's 'very crowded with a lot of noise'—a candid assessment that contrasts with the bullish narrative being promoted. Most concerning is his observation that traditional cybersecurity companies 'are not suitable for this market because traditional cybersecurity is all about rule-based platforms, and they are not in the real-time control of action,' which reveals that numerous entrenched players are rapidly repositioning themselves despite lacking the required AI/model engineering capabilities. Rubrik's reliance on their Predibase acquisition for 'AI firepower' creates integration and execution risk, especially as pure-play AI startups and established cloud providers (Google, Microsoft, Amazon) pour resources into similar agent governance solutions. The go-to-market challenge is substantial: as Keith Frances Bachman of BMO noted, the buyers for Agent Cloud (CIO, CDO, CAIO, engineering teams) are often different from traditional Rubrik buyers (CISO, CTO), requiring significant sales motion adaptation that management hasn't quantified in guidance. With Agent Cloud only recently achieving general availability and still in early POC stages with Fortune 500 companies, expecting meaningful revenue contribution in the near future appears optimistic given the lengthy enterprise sales cycles for novel security platforms.
  • Management's guidance for fiscal year 2027 reveals a significant decoupling between their promotional narrative around AI opportunities and their actual financial expectations, suggesting the market may be overestimating near-term AI monetization. Despite extensive commentary about Rubrik Agent Cloud being 'the most consequential security and AI operations company for the AI era' and securing early POCs with Fortune 500 companies, Kiran Choudary explicitly stated 'the assumption on AI, while we are very excited, is we have not assumed much when we talk about fiscal 2027.' This striking admission indicates that while management is promoting AI as a transformative opportunity, their internal financial models do not yet reflect meaningful revenue contribution from these initiatives—a classic case of promotional outpacing executable. The guidance shows subscription ARR growth decelerating to 25-26% year-over-year for FY27 compared to 34% in FY26, with total revenue growth guidance of 27-28% (normalized for material rights) versus 48% cloud ARR growth and 50% subscription revenue growth in Q4 FY26. This deceleration occurs despite management's repeated emphasis on AI as a 'business imperative' and '100 times more productivity,' suggesting either that enterprise AI adoption is slower than portrayed, that Rubrik's solutions face adoption barriers, or that the competitive landscape is more intense than acknowledged—all risks the market appears to be ignoring in favor of the promotional narrative.
  • The healthcare opportunity, while real and prominently featured in recent news, faces significant implementation and sales cycle challenges that could delay meaningful financial impact, yet the market appears to be treating it as an immediate growth driver. The American Hospital Association Preferred Cybersecurity Provider designation provides access to nearly 5,000 hospitals, but healthcare IT procurement is notoriously complex with multi-stakeholder approval processes (clinical, administrative, IT, security, compliance) that can extend sales cycles to 18-24 months or more for enterprise-wide agreements. Rubrik's offerings like the Cyber Resilience Bundle require integration with complex legacy hospital systems including EHRs, identity platforms, and specialized medical devices—far more intricate than standard enterprise IT environments. While the MEDITECH collaboration addresses EHR-specific needs, healthcare organizations often run multiple EHR systems across different departments, creating integration fragmentation. Furthermore, healthcare cybersecurity budgets, while recession-resistant, are subject to annual appropriation cycles and competing priorities (staff wages, medical equipment, regulatory fines) that can cause sudden spending pauses. The AHA's emphasis on 'financial impact assessment' and 'ransomware-response workshop' suggests hospitals are still in the education and risk quantification phase rather than active procurement, meaning the near-term revenue contribution may be minimal despite the prestigious partnership. Management's focus on this opportunity in news releases without discussing implementation realities creates an overly optimistic near-term outlook that could disappoint if sales cycles prove longer than anticipated.
  • Identity security, while showing impressive customer growth, faces increasing competitive pressure and potential commoditization that could undermine Rubrik's premium pricing and growth trajectory—risks not adequately addressed in management's commentary. Although they highlighted crossing 900 identity customers in Q4 and displacing legacy providers in healthcare and financial services, they did not address how point solution competitors (specializing exclusively in Active Directory, Okta, or Entra ID protection) are rapidly innovating in this space. The Rubrik Zero Labs research showing identity as the top concern for 90% of IT/security leaders has attracted significant investment from both established players (SailPoint, Okta themselves, Azure AD) and well-funded startups, creating a crowded marketplace where differentiation becomes challenging. More concerning is the architectural shift toward zero trust and decentralized identity models that could reduce the relevance of traditional identity recovery solutions Rubrik specializes in. While Rubrik offers Identity Resilience (pre- and during-attack capabilities), the market is increasingly moving toward identity threat detection and response (ITDR) platforms that focus on preventing compromise rather than recovering from it—a potential strategic misalignment if Rubrik's recovery-centric approach becomes less valuable as prevention improves. Management's emphasis on 'board-mandated less than 48-hour recovery time objective' suggests they are selling against recovery time SLAs, but as prevention technologies advance, the frequency of incidents requiring recovery may decrease, potentially shrinking the addressable market for their core identity offerings despite high current growth rates.
  • The company's financial progress remains heavily dependent on temporary cloud transition tailwinds and aggressive growth investments that mask underlying profitability challenges, creating vulnerability if growth decelerates. While free cash flow of $238 million for FY26 represents a tenfold improvement from FY25, approximately $18 million of Q4 revenue came from material rights related to the cloud transition—a tailwind that guidance shows will diminish to only ~$10 million for the entire FY27 year. This reveals that a portion of the reported revenue growth and cash flow improvement is non-recurring in nature, tied to the completion of their cloud migration rather than sustainable business fundamentals. More concerning is the persistent gap between non-GAAP and GAAP results: despite guiding to non-GAAP earnings per share of $0.07 to $0.27 for FY27, the company expects to remain deeply unprofitable on a GAAP basis (with historical GAAP net loss of $348.8 million in FY26) due to enormous stock-based compensation expenses ($329.4 million in FY26). This compensation overhang continues to dilute shareholders significantly, and while management highlights improving Subscription ARR contribution margin (11.6% FY26 vs 2.1% FY25), this metric excludes critical operating expenses like sales and marketing—which remained massive at $769 million for FY26. If growth decelerates as their guidance suggests (to 25-26% ARR growth), the operating leverage benefits may not materialize as expected, leaving the company dependent on continued investment to maintain growth rather than transitioning to self-funded profitability—a scenario that could trigger negative investor sentiment if not managed carefully.

Geographical Breakdown of Revenue (2026)

Timing of Transfer of Good or Service Breakdown of Revenue (2026)

Peer Comparison

Companies in the Software - Infrastructure
S.No. Ticker Company Market CapP/EP/STotal Debt (Qtr)
1 MSFT Microsoft Corp 2,853.66 Bn22.798.9740.26 Bn
2 ORCL Oracle Corp 408.21 Bn23.926.06122.34 Bn
3 PLTR Palantir Technologies Inc. 300.98 Bn131.2457.61-
4 PANW Palo Alto Networks Inc 247.84 Bn193.3425.05-
5 CRWD CrowdStrike Holdings, Inc. 193.63 Bn-1,201.4140.240.75 Bn
6 FTNT Fortinet, Inc. 117.45 Bn60.0816.520.50 Bn
7 NET Cloudflare, Inc. 86.88 Bn-1,001.4737.311.29 Bn
8 SNPS Synopsys Inc 86.18 Bn1,416.9910.7610.04 Bn