Financial Performance - Q1 2025 revenue reached $239.1 million[12] - Q1 2025 unlevered free cash flow was $86.8 million[12] - Q1 2025 non-GAAP gross margin was 82%[12] - Q1 2025 recurring revenue was 96%[12] - The company forecasts revenue between $970 million and $980 million for the full year 2025[52] - The company forecasts unlevered free cash flow between $265 million and $275 million for the full year 2025[52] Market Position and Growth - The company is a category leader in Exposure Management[11] - The company has approximately 44,000 customers[12] - The company is ranked 1 in market share in Vulnerability Management[12, 23] - The total addressable market for cyber exposure is estimated at $33 billion with an 18% CAGR[29]

Core Insights - The 2025 Cloud Security Risk Report by Tenable highlights the urgent need for unified cloud exposure management due to widespread risks from insecure cloud configurations [1][2] Cloud Security Risks - 9% of publicly accessible cloud storage contains sensitive data, with 97% classified as restricted or confidential, increasing the risk of exploitation [1][2] - Exposed sensitive data, misconfigurations, and poorly stored secrets such as passwords and API keys significantly heighten cloud environment risks [2][5] Organizational Vulnerabilities - Over half of organizations (54%) store at least one secret directly in AWS Elastic Container Service (ECS) task definitions, creating direct attack paths [7] - Similar vulnerabilities are found in Google Cloud Platform (GCP) Cloud Run (52%) and Microsoft Azure Logic Apps workflows (31%) [7] - 3.5% of all AWS Elastic Compute Cloud (EC2) instances contain secrets in user data, posing major risks given EC2's widespread use [7] Toxic Cloud Combinations - The percentage of organizations with a "toxic cloud trilogy" (publicly exposed, critically vulnerable, and highly privileged workloads) has decreased from 38% to 29%, but this remains a significant risk [7] Identity Management Challenges - While 83% of AWS organizations follow best practices in using Identity Providers (IdPs) for cloud identity management, risks persist due to overly-permissive defaults and excessive entitlements [7]