JFrog (NASDAQ:FROG) executives said the company closed fiscal 2025 with what they described as “high-quality, sustained growth,” driven by cloud momentum, increased adoption of its security products, and early signs of rising software artifact volumes tied to AI-assisted development.
Financial results: Q4 beats guidance ranges
Chief Financial Officer Ed Grabscheid said the company “exceed[ed] the high end of the range on every metric we guided for the quarter.” Fourth-quarter total revenue was $145.3 million, up 25% year-over-year. For the full year, revenue totaled $531.8 million, up 24% year-over-year.
Self-managed (on-prem) revenue was $75.1 million in Q4. For the full year, self-managed revenue totaled $288.5 million, up 11% year-over-year. Management said it continues to engage on-prem customers to migrate DevSecOps workloads to the cloud or adopt “hybrid and fit-for-purpose deployments.”
Security highlighted as growth engine amid supply chain attacks
Chief Executive Officer and co-founder Shlomi Ben Haim framed 2025 results around a “surge in binaries” created by both human developers and AI agents, arguing that enterprises need a “single source of truth” to store, manage, secure, and govern artifacts end-to-end.
Ben Haim said JFrog’s strategy has been to unify security and DevOps on one platform, positioning the company as a “system of record for software supply chain security.” He cited increased attacks targeting software packages and referenced the “npm Shai-Hulud incident,” which he said customers and the community described as a “mega attack” comparable in impact to other ecosystem events such as Log4j and PyPI-related incidents. He added that customers using JFrog Curation “remained protected,” describing the product as enforcing policies and preventing business impact.
JFrog provided several disclosures on security adoption:
- As of Dec. 31, 2025, JFrog Advanced Security and JFrog Curation comprised over 10% of total ARR, according to Ben Haim.
- Grabscheid said Security Core revenue was 7% of total revenue for 2025, and Security Core products (excluding Xray) were more than 10% of ending total ARR.
- Security represented 16% of ending RPO as of Dec. 31, 2025, up from 12% the prior year; management attributed the increase to more large, multi-year commitments.
When asked whether security incidents should be viewed as one-time or structural drivers, Ben Haim said the trend of software supply chain attacks has been building for several years and that AI code agents are increasing the volume of packages and binaries, which he expects will “only grow.” Management also said it is not providing a “rule of thumb” linking any specific incident to revenue, instead pointing to expansion opportunities within its existing enterprise base and new enterprise logos adopting the platform with security from the start.
Cloud execution and customer mix shifts
Management emphasized discipline in cloud usage management and a focus on migrating customers toward annual commitments. Ben Haim said purchasing behavior in 2025 reflected CIOs prioritizing hybrid and multi-cloud architectures—particularly as they adopt new AI solutions—rather than “mega cloud migration initiatives.”
Grabscheid said cloud growth in Q4 was driven by customers expanding annual commitments and increasing demand for Security Core, adding that “ongoing npm incidents” during the quarter accelerated adoption. He also described efforts to strengthen partnerships with major cloud providers, improve commercial terms, and align with consumption-based pricing standards.
JFrog also discussed customer metrics and how it is reshaping its go-to-market approach around larger enterprise accounts. In Q4, Ben Haim said customers generating more than $1 million grew to 74, up from 52 a year earlier, and customers spending more than $100,000 annually increased to 1,168 from 1,018. Grabscheid said the company ended 2025 with approximately 6,600 customers.
In response to a question about customer count trends, Ben Haim said the company is focused on enterprise and “sometimes it means that we will have to let go low ASP customers.” He also noted an internal methodology change that consolidated approximately 300 lower-ASP subsidiaries into parent entities, and referenced churn tied to “geographic regulations,” including decisions involving China and Russia.
Margins, cash flow, and balance sheet
JFrog reported Q4 gross profit of $121.6 million and a gross margin of 83.7%, up from 83.2% a year earlier. The company said it remains focused on cloud hosting cost optimization and estimated 2026 annual gross margin in the range of 82% to 83% given expectations for a larger cloud mix.
Fourth-quarter operating expenses were $95.8 million, or 66% of revenue, compared with 65% a year earlier. Non-GAAP operating profit for Q4 was $25.7 million (operating margin of 17.7%), compared with $20.9 million (18% margin) in the prior-year quarter. For full-year 2025, the company reported non-GAAP EPS of $0.82, up 26% year-over-year.
Operating cash flow was $50.7 million in Q4, and free cash flow was $49.9 million (34% margin). For the full year, operating cash flow was $145.7 million and free cash flow was $142.2 million (27% margin). The company ended 2025 with $704 million in cash and short-term investments, up from $522 million at the end of 2024, and reported RPO of $566 million, up 40% year-over-year.
2026 guidance: revenue up mid-to-high teens, baseline cloud growth 30%-32%
For the first quarter of 2026, JFrog guided revenue of $146 million to $148 million, non-GAAP operating profit of $25 million to $26 million, and non-GAAP EPS of $0.20 to $0.22, assuming approximately 127 million diluted shares.
For full-year 2026, the company guided revenue of $623 million to $628 million, representing 17.5% growth at the midpoint, non-GAAP operating income of $106 million to $108 million, and non-GAAP EPS of $0.88 to $0.92, assuming approximately 128 million diluted shares.
Grabscheid said the company is encouraged by “strength in our pipeline and a stabilized purchasing environment,” but reiterated a conservative guidance approach that de-risks large deals due to timing uncertainty and excludes potential upside from cloud usage above contractual commitments, including early AI workload trends. He said the company estimates full-year 2026 baseline cloud growth of 30% to 32% and expects net dollar retention of 117% for 2026. He also cited a year-over-year headwind to operating expenses from a weakening U.S. dollar against global currencies, while noting the company has a hedging program and aims to keep expense discipline.
On product and market direction, Ben Haim highlighted investments in JFrog ML, AI Catalog, Agentic Remediation, and integrations such as the MCP server, describing a shift toward a “business-to-agent” future where AI agents interact directly with software supply chain infrastructure. He also said governance is emerging as a bottleneck, pointing to AppTrust as aimed at automating governance with evidence stored in Artifactory as a system of record.
About JFrog (NASDAQ:FROG)
JFrog is a software company specializing in DevOps solutions designed to streamline the management, distribution and security of software binaries. Its core offering, JFrog Artifactory, serves as a universal artifact repository manager compatible with all major package formats, enabling development teams to store, version and share build artifacts across the software delivery pipeline. The company’s platform also includes tools for continuous integration and delivery (CI/CD), security scanning and release automation.
Among JFrog’s flagship products are JFrog Xray, a security and compliance scanning service that analyzes artifacts and dependencies for vulnerabilities; JFrog Pipelines, a CI/CD orchestration engine that automates build and release workflows; and JFrog Distribution, which accelerates the secure distribution of software releases to edge nodes and end users.
