Rapid7
NASDAQ: RPD
$11.42 ▲ +0.22  (+1.96%)
At close: Jul 8, 2026 · 2:52 PM UTC
Financial Ratios
Market Cap593.58 Mn
P/E26.49
P/S0.69
Div. Yield0.00
ROIC (Qtr)0.00
Total Debt (Qtr)597.57 Mn
Revenue Growth (1y) (Qtr)-0.27
Add ratio to table…

About

Rapid7 is a global cybersecurity operations software and service provider focused on making security simpler and more accessible. The company offers an integrated platform that combines threat exposure management with detection and response capabilities. Its solutions help organizations monitor vulnerabilities, detect attacks and respond to incidents across on premise, cloud and hybrid environments. Rapid7 emphasizes an attacker centric view to help security teams prioritize…

Read more ↓
Sector: Technology Industry: Software - Infrastructure CIK: 0001560327

Investment Thesis

▲ Bull case
  • Rapid7's strategic pivot to its core platform—Detection and Response (DNR) and Exposure Management—positions it to capitalize on a fundamental shift in the cybersecurity landscape driven by frontier AI models. Management explicitly framed this not as a threat but as a long-term tailwind, noting that while AI accelerates vulnerability discovery (e.g., Anthropic’s Methos identifying 2,000+ unknown flaws in seven weeks), it does not commoditize the operational complexity of managing those findings across hybrid environments. This creates asymmetric demand for Rapid7’s unified Command platform, which provides exploitability validation, runtime validation for cloud, and data security posture management (DSPM) to cut through noise and surface only what is actually reachable and critical. The integration of Kenzo Security’s agentic AI further accelerates this by enabling autonomous, machine-speed investigation and remediation—transforming MDR from AI-assisted workflows to true AI-native operations. This is not incremental improvement but a structural enhancement to the value proposition, allowing Rapid7 to deliver preemptive security at scale, a capability few legacy vendors can replicate due to lack of integrated exposure, detection, and response data foundations. The early traction with Fortune 500 customers in mining, aviation, and health services—each securing seven- or six-figure ARR deals for MDR or Exposure Command—validates that enterprise buyers are actively prioritizing partners who can unify data, apply contextual AI, and drive measurable outcomes in complex, hybrid environments. These wins are not isolated; they reflect a broader go-to-market shift under new CCO Alan, where tighter focus on core platform selling is yielding more consistent pipeline execution and higher-quality customer engagements, signaling that the organizational discipline implemented in February is beginning to translate into sustainable top-line momentum.
  • The company’s financial trajectory is improving beneath the surface of flat-to-slightly-declining headline ARR, with core platform solutions (now over 80% of total ARR) growing 2% YoY in Q1, led by DNR’s 7% growth. This core growth is being masked by intentional, managed decline in non-core standalone offerings—a strategic choice to reallocate investment toward higher-margin, higher-growth areas. Management’s transparency about this dynamic, particularly in response to probing questions from analysts like Joseph Gallo and Adam Tindle, reveals a disciplined approach: they are not overcompensating for non-core churn with unrealistic core growth expectations but are instead letting the core business prove its intrinsic strength while improving operational efficiency. This is underscored by Rafe Brown’s commentary on margin expansion, noting that investments made in 2025 (including the India global capability center) are now yielding productivity gains, with non-GAAP operating margins expected to reach the mid-teens in FY26 and continue improving into FY27. The confidence in margin expansion is further bolstered by Kenzo’s potential to drive software-driven efficiency in MDR—a historically lower-margin business—by reducing reliance on human alert triage through autonomous investigation and remediation at machine speed. With $670 million in cash and a $200 million undrawn revolver, Rapid7 has ample liquidity to fund both ongoing operations and strategic investments without dilution risk, while guiding to $125–135 million in FY26 free cash flow (flat YoY but with improving margins). This combination of core platform acceleration, margin expansion potential, and financial flexibility creates a powerful compounding effect that the market appears to be overlooking in its focus on quarterly ARR volatility.
  • An underappreciated catalyst lies in the recently announced Rapid7 Cyber GRC Early Access Program with 360 Advanced, which extends the Command Platform’s utility beyond traditional vulnerability management into continuous, threat-aware compliance automation. While not highlighted in the earnings call, this initiative directly addresses a critical pain point for enterprises juggling overlapping regulatory frameworks (SOC 2, HITRUST, ISO 27001, PCI DSS, FedRAMP, etc.)—disconnected systems, fragmented evidence collection, and point-in-time compliance activities that create blind spots and operational inefficiency. By aligning real-time security insights with governance, risk, and compliance workflows, Rapid7 is positioning itself at the convergence of cybersecurity and GRC, two markets that are increasingly intertwined as regulators demand continuous validation over periodic audits. This is not merely an add-on feature but a strategic expansion of the platform’s total addressable market (TAP), leveraging existing investments in exposure management, runtime validation, and DSPM to deliver measurable compliance outcomes. The fact that 360 Advanced—a firm with nearly 20 years of experience serving Fortune 500 clients—is co-developing and selling this solution lends immediate credibility and access to enterprise sales cycles. As organizations move from treating compliance as an annual audit to an operational, continuous process, Rapid7’s integrated approach could unlock new expansion revenue from its existing base while attracting new customers seeking unified security and compliance posture management—an adjacent opportunity that remains under-the-radar in current investor discourse.
▼ Bear case
  • Rapid7’s core platform growth remains fragile and overly dependent on a narrow set of large, lighthouse customer wins that may not be repeatable or scalable across the broader market. While management highlighted seven-figure MDR deals with a Fortune 500 mining company and a health services provider, and a six-figure Exposure Command expansion with an aviation manufacturer, these victories came after long, competitive sales cycles and represent a small subset of the company’s 11,500+ customer base. The reliance on such high-touch, enterprise-specific engagements raises concerns about the sustainability of growth, particularly as the company attempts to transition from a services-heavy MDR model to a scalable, software-driven platform. The integration of Kenzo Security, while promising for autonomous investigation, does not yet demonstrate clear monetization pathways or margin expansion in the MDR business—historically a lower-margin segment—and management admitted that active response automation remains an “expansion area” and “potential monetization area” that is “a bit too early” to quantify. This suggests that the anticipated efficiency gains from AI may be delayed or less impactful than implied, leaving the core platform vulnerable to margin pressure if scale does not accompany investment. Furthermore, the 2% YoY core platform ARR growth in Q1, while positive, is modest and heavily influenced by the lapping of a weak prior-year base; without clearer evidence of accelerating new logo acquisition or expansion revenue trends, the growth trajectory risks stalling as the initial momentum from go-to-market changes fades.
  • The non-core business decline, while framed as strategic and managed, poses hidden risks to customer retention and cross-sell opportunities that management may be underestimating. Rafe Brown acknowledged that standalone non-core products—though not central to strategy—still serve over 11,500 customers, many of whom may have overlapping relationships with the core platform. Adam Tindle’s question about customer overlap and potential spillover effects from non-core churn was met with a defensive reassurance that “not all customers are overlapping” and that teams are “actively working” to manage the experience, but no concrete data was provided on churn rates, attachment rates, or conversion success from standalone to platform offerings. Gray Powell’s follow-up highlighted the logical opportunity to upsell non-core customers onto the Command Platform, yet management offered no specifics on conversion rates, pipeline velocity, or incentives driving migration—only a vague statement about “looking for technologies to integrate.” This lack of transparency suggests that the non-core decline may be accelerating faster than anticipated, and the assumed upgrade path to core solutions may be more aspirational than operational. If a significant portion of non-core customers churn without migrating to the platform, it could erode trust, increase sales and marketing costs to replace lost revenue, and create a perception of product abandonment—particularly damaging in a market where trust and long-term partnership are critical to security vendor selection.
  • External pressures from macroeconomic and geopolitical uncertainty, combined with shifting enterprise IT budgets, could disproportionately impact Rapid7’s growth prospects despite its AI-driven narrative. While Corey Thomas noted that customers are in a “show me” stage for AI and seeking scalable security operations, he also admitted that organizations are grappling with how to budget for AI, plan for leapfrogging technology, and balance competing priorities—including AI spend that may be crowding out other enterprise software investments. This environment creates a heightened risk of delayed or reduced capital expenditure on cybersecurity platforms, especially as enterprises prioritize proven, lower-risk solutions over emerging AI-native architectures. The company’s guidance for Q2 ARR of ~$820 million (down from $832 million in Q1) and full-year revenue decline of ~2.4% YoY reflects this reality, yet the bullish case assumes that AI-driven demand will overcome these headwinds. However, if enterprises continue to consolidate vendors, extend contract cycles, or favor incumbent platforms with deeper integration and discounting power, Rapid7 may struggle to gain share even as the threat landscape evolves. Furthermore, the company’s reliance on its India global capability center for cost efficiency introduces execution risk—any delays in ramp-up, talent retention challenges, or geopolitical tensions affecting offshoring could undermine the margin expansion thesis, leaving the business with higher-than-expected cost bases and less flexibility to invest in growth initiatives.

Product and Service Breakdown of Revenue (2025)

Geographical Breakdown of Revenue (2025)

Peer Comparison

Companies in the Software - Infrastructure
S.No. Ticker Company Market CapP/EP/STotal Debt (Qtr)
1 MSFT Microsoft Corp 2,853.66 Bn22.798.9740.26 Bn
2 ORCL Oracle Corp 408.21 Bn23.926.06122.34 Bn
3 PLTR Palantir Technologies Inc. 300.98 Bn131.2457.61-
4 PANW Palo Alto Networks Inc 247.84 Bn193.3425.05-
5 CRWD CrowdStrike Holdings, Inc. 193.63 Bn-1,201.4140.240.75 Bn
6 FTNT Fortinet, Inc. 117.45 Bn60.0816.520.50 Bn
7 NET Cloudflare, Inc. 86.88 Bn-1,001.4737.311.29 Bn
8 SNPS Synopsys Inc 86.18 Bn1,416.9910.7610.04 Bn