Netskope Inc

NTSKCIK 0002063196 · Every Form 4 filed by insiders at this issuer. See financials →

Annual report (10-K)

Latest 10-K filed Mar 31, 2026. Sentiment + YoY language diff vs prior year. Read sections →

Signal:No prior 10-K

Risk Factors:tone -0.0281

MD&A: not detected

Sentiment via Loughran-McDonald lexicon · YoY diff via Jaccard similarity + paragraph set difference.

Recent 8-K announcements

Per-item disclosure feed. Item 2.02 is the earnings release.

Jun 3, 20262.02 · Results5.02 · Departure/Election7.01 · Regulation FD Disclosure9.01 · Financial Statements and Exhibits Mar 11, 2026no items parsed Dec 11, 2025no items parsed Sep 23, 2025no items parsed

YoY shift: Unscored

Year-over-year tone shift - average net-tone change across Risk Factors and MD&A vs the prior 10-K.

Why YoY instead of absolute: the LM lexicon has ~6.6× more negative words than positive (legal/risk-disclosure language is heavy on hedging), so every 10-K reads bearish on raw tone. Year-over-year change strips that bias and surfaces the actual shift in management's framing.

Per-snippet highlights

Sentence-level sentiment highlighting with category and subcategory filters is coming once the snippet-scoring pipeline lands. For now, dig into the actual section text on the Sections tab.

Top insiders

Most active reporters at Netskope Inc

Name	Roles	Filings
Del Matto Andrew H	Officer	8
Beri Sanjay	OfficerDirector	6
Bousquet Raphael	Officer	6
Iconiq Strategic Partners VI, L.P.	10% Owner	6
Griffith William J.g.	Director10% Owner	3

Showing 1-5 of 40

Per pagePage 1 of 8Next

Top performers

Insiders ranked by realized 90-day signed return on their open-market trades at Netskope Inc. Minimum 3 scored trades. Returns are signed - a sale followed by a rally counts against the insider.

#	Insider	Trades	Win rate	Avg	Median	Best	Worst
1	Del Matto Andrew H	4	100%	+47.0%	+45.8%	+51.6%	+44.7%
2	Beri Sanjay	5	100%	+46.8%	+46.1%	+51.6%	+44.7%
3	Bousquet Raphael	3	100%	+46.2%	+45.4%	+49.1%	+44.1%
4	Griffith William J.g.	4	0%	-23.5%	-23.5%	-23.5%	-23.5%
5	Iconiq Strategic Partners II, L.P.	4	0%	-23.5%	-23.5%	-23.5%	-23.5%
6	Iconiq Strategic Partners II-B, L.P.	4	0%	-23.5%	-23.5%	-23.5%	-23.5%
7	Iconiq Strategic Partners II Co-Invest, L.P. (Series Ns)	4	0%	-23.5%	-23.5%	-23.5%	-23.5%
8	Iconiq Strategic Partners II Gp, L.P.	4	0%	-23.5%	-23.5%	-23.5%	-23.5%
9	Iconiq Strategic Partners II Tt Gp, Ltd	4	0%	-23.5%	-23.5%	-23.5%	-23.5%
10	Iconiq Strategic Partners VI Co-Invest, L.P. (Series Ns)	4	0%	-23.5%	-23.5%	-23.5%	-23.5%

All filings

36 Form 4 / 4-A filings, newest first

Filed	Insider	Top transaction	Shares	Price	Value
Mar 17, 2026	Iconiq Strategic Partners VI, L.P. 10% Owner	CConversion	8,127,540	-	-
Mar 17, 2026	Iconiq Strategic Partners VI, L.P. 10% Owner	CConversion	8,127,540	-	-
Mar 17, 2026	Griffith William J.g. Director	CConversion	8,127,540	-	-
Jan 12, 2026	Bousquet Raphael Chief Revenue Offucer	SSale	3,823	$16.6572	$63,680
Jan 7, 2026	Del Matto Andrew H Chief Financial Officer	SSale	49,875	$17.1582	$855,765

Showing 6-10 of 36

Per pagePrevPage 2 of 8Next

Real-time Form 4 intelligence. Smarter insider tracking.

Filed		Top transaction	Shares	Price	Value

The market for security, networking, and analytics, including our platform and products, is rapidly evolving. We believe our future success will depend in large part on growth in the market for security, networking, and analytics. We also believe that our platform and products represent a significant shift from on-premises appliance-based security solutions. While cloud-based security, networking, and analytics solutions have seen increased adoption, traditional on-premises security and networking appliance and software solutions continue to be rooted in the infrastructure of many of our potential customers, particularly large enterprises, because of their prior investment in, and their familiarity with, such solutions. As such, it is difficult to predict future demand for cloud-based security, networking, and analytics or the success of competitive products, and, as a result, customer adoption and retention rates for these products and the future growth of this market. Any expansion in this market depends on a number of factors, including the cost, performance, perceived value associated with our platform and products and similar solutions of our competitors, and enterprises' potential preference to manage security with existing appliances and infrastructure alone as opposed to investing in a security, networking, and analytics platform such as ours. The markets for some of our products are new, unproven, and evolving, and our future success depends on growth and expansion of these markets. For example, we have invested and intend to continue to invest in the development and marketing of products to address the potential needs of AI usage by our customers, however the adoption of AI by our customers and their needs for managing AI are not certain. Trends in hybrid and remote work may also impact our business. For example, some large enterprises have publicly signaled an intent to reduce hybrid and remote work, and a widespread reduction in hybrid and remote work could adversely impact demand for our platform and products. If our platform and products do not achieve widespread adoption or there is a reduction in demand for our platform and products due to a lack of customer acceptance, technological challenges, competing products or solutions, concerns relating to privacy, data protection, or cybersecurity, decreases in corporate spending, changes in hybrid and remote work arrangements, the impact of AI, weakening economic conditions or otherwise, it could result in early terminations, reduced customer retention rates, or decreased revenue, any of which would adversely affect our business, results of operations and financial condition.

We rely extensively on our ecosystem of channel partners, including VARs and distributors, technology alliances, service and telecommunications partners, MSPs, system integrators, and other strategic partners to deliver, customize, integrate, and manage our platform and products for substantially all of our customers. A significant portion of our sales also originates within our partner ecosystem. For example, sales through our top five partners and their affiliates, in aggregate, represented 35% of our revenue for fiscal 2026 and 33% of our revenue for fiscal 2025. We have experienced, and may in the future experience, consolidation in our partner ecosystem through the merger of certain of our channel partners, which may increase our reliance on individual channel partners. Not only does our joint sales approach require additional investment to grow and train our sales force, but we believe that continued growth in our business is dependent upon identifying, developing and maintaining strategic relationships with our existing and potential channel partners. Our arrangements with our channel partners are generally non-exclusive, meaning they may offer customers the products and services of several different companies, including products and services that compete with our platform and products. If our channel partners do not effectively market and sell our platform and products, choose to use greater efforts to market and sell our competitors' products or services, fail to meet the needs of our customers, or cease marketing our platform and products or providing services to us, our ability to grow our business and sell our platform and products may be adversely affected. Our channel partners may cease marketing our platform and products with limited or no notice and with little or no penalty. If one or more of our channel partners determines that it is unable to both provide services to us or cooperate with us in our go-to-market efforts while at the same time providing services to our competitors, those channel partners may cease marketing our platform and products or otherwise cease providing services to us or cooperating with us in our go-to-market efforts. Our ability to achieve revenue growth in the future will depend in part on our maintaining successful relationships with our channel partners, identifying additional channel partners and training our channel partners to independently sell and deploy our platform and products. If we are unable to maintain our relationships with our existing channel partners or develop successful relationships with new channel partners or if our channel partners fail to perform, the demand for our platform and our products could decline, and our business, results of operations and financial condition could be materially and adversely affected.

We rely on a limited number of vendors and suppliers globally for certain of the equipment, software and services we use to operate our global data center network and provide our platform and products to our customers, including sole or limited sourced hardware, software and Software-as-a-Service ("SaaS") services. Our reliance on these vendors and suppliers exposes us to risks, including reduced control over costs and constraints based on the then-current availability, terms and pricing offered by these vendors and suppliers. For example, we generally purchase equipment or the components of equipment on a purchase order basis, with future delivery dates, but do not have long-term contracts guaranteeing supply beyond our purchase orders. In addition, the technology industry has experienced component shortages, delivery delays, price increases and service interruptions in the past, and we may experience shortages, delays, materially increased costs or service interruptions in the future, including as a result of natural disasters, acts of war or international conflicts, epidemics or global pandemics, increased demand in the industry, trade policy, or if our suppliers do not have sufficient rights to supply the components in all jurisdictions in which we may host our platform and products. While global economic conditions have not had a material impact on our supply chain to date, these conditions have increased our costs in the past and could result in disruptions and delays for components in the future. For example, industry demand to build new data centers to support the rapid expansion of AI has increased the cost of components and hardware we use in our global network infrastructure, and while we have sufficient quantities of components and hardware for our near term expansion plans, the cost of building new data centers in the future could significantly impact our expenses or affect the expansion of our global network. There is a risk that current geopolitical, diplomatic and other developments affecting the relationship between China and Taiwan may materially and negatively impact the availability of certain critical components that we use in our data centers, which we source from overseas. The availability or price of such components may also be impacted by global trade policy, including the introduction or modification of tariffs affecting such components. For example, the current U.S. presidential administration has and may continue to impose tariffs on countries globally. If our supply of certain components is disrupted or delayed, there can be no assurance that available alternatives can serve as adequate replacements for the existing components or that alternatives will be available on terms that are favorable to us, if at all. Concentration among the vendors who host our co-located data centers may also increase our costs and exposure to business disruptions arising from our relationships with such vendors, including in the event that such vendors experienced a material service interruption or in the event that we are unable to renew our agreements with such vendors on terms that are favorable to us, if at all. Any disruption or delay in access to components, critical software and services that we use to operate our business may increase our costs, delay opening new data centers, delay increasing capacity or replacing defective equipment at existing data centers, or cause other constraints on our operations that could damage our channel partner or customer relationships or otherwise have a material adverse impact on our business.

The efforts we have taken to protect our intellectual property and proprietary rights may not be sufficient or effective, and our intellectual property and proprietary rights may be held invalid or unenforceable. Moreover, we cannot assure you that any patents will be issued with respect to our currently pending patent applications in a manner that gives us adequate defensive protection or competitive advantages, or that any patents issued to us will not be challenged, invalidated or circumvented. We have filed for patents in the United States and in certain non-U.S. jurisdictions, but such protections may not be available in all countries in which we operate or in which we seek to enforce our intellectual property rights, or may be difficult to enforce in practice. For example, many foreign countries have compulsory licensing laws under which a patent owner must grant licenses to third parties. In addition, many countries limit the enforceability of patents against certain third parties, including government agencies or government contractors. In these countries, patents may provide limited or no benefit. Moreover, we may need to expend additional resources to defend our intellectual property rights in these countries, and our inability to do so could impair our business or adversely affect our international expansion. Our currently issued patents and any patents that may be issued in the future with respect to pending or future patent applications may not provide sufficiently broad protection or they may not prove to be enforceable in actions against alleged infringers. Additionally, the U.S. Patent and Trademark Office and various foreign governmental patent agencies require compliance with a number of procedural, documentary, fee payment and other similar provisions during the patent application process and to maintain issued patents. There are situations in which noncompliance can result in abandonment or lapse of the patent or patent application, resulting in partial or complete loss of patent rights in the relevant jurisdiction. If this occurs, it could materially harm our business, operating results, financial condition and prospects.

The market in which we compete is relatively new and subject to rapid technological change, evolving industry standards, and changing regulations, as well as changing customer needs, requirements, and preferences. To remain competitive, we must continue to offer new security, networking, and analytics products, features, and functionalities and enhancements to our platform and products. Maintaining adequate research and development resources, such as the appropriate personnel and development technology, to meet the demands of the market, is essential. We may be unable to develop products, features, and functionality internally due to certain constraints, such as hiring and retaining employees with the necessary skills and experience, lack of management ability, or a lack of other research and development resources. Additionally, we have and will continue to incorporate AI into our product development and releases, but there can be no assurance that we will realize the desired or anticipated benefits from AI in a timely or cost-effective manner. Further, many of our competitors expend a considerably greater amount of funds on their respective research and development programs, and those that do not may partner with or be acquired by larger companies resulting in the devotion of greater resources to our competitors' research and development programs. Our failure to maintain adequate research and development resources or to compete effectively with the research and development programs of our competitors would give an advantage to such competitors, and our business, results of operations, and financial condition could be adversely affected. Moreover, our research and development efforts may not successfully anticipate market needs or result in significant new marketable products or enhancements to our platform and products, design improvements, cost savings, revenues, or other expected benefits. Any new products, features, or functionalities that we develop or acquire might not be introduced in a timely or cost-effective manner and might not achieve the broad market acceptance necessary to generate significant revenue. If we are unable to generate an adequate return on such investments, we may not be able to compete effectively, and our business and results of operations may be adversely affected. There can be no assurance that we will successfully identify opportunities for new products, develop and bring new products to market in a timely manner, achieve market acceptance of our platform and products, or that products and technologies developed by others will not render our platform, products, and technologies obsolete or noncompetitive.

We currently host our platform and products and serve our customers from a global network of over 125 data centers. While we have electronic access to the components and infrastructure of our platform that are hosted by third parties, we do not control the operation of these facilities. Consequently, we may be subject to service disruptions as well as a lack of adequate support for our data center operations due to reasons that are outside of our direct control. Our data centers are vulnerable to damage and connections to our data centers may be interrupted by a variety of sources, including terrorism, military actions, earthquakes, floods, fires, power loss, system or infrastructure failures, computer viruses, physical or electronic break-ins, human error or interference (including by disgruntled employees, former employees or contractors) and other catastrophic events, some of which may be exacerbated by the effects of climate change. Our data centers may also be subject to national or local administrative actions; changes in government regulations, including, for example, the impact of global economic and other sanctions like those levied in response to the current conflict between Russia and Ukraine; changes to legal or permitting requirements and litigation to stop, limit or delay operations. Despite precautions taken at these facilities, such as disaster recovery and business continuity arrangements, the occurrence of a natural disaster, military strike or an act of terrorism, a decision to close the facilities without adequate notice or other unanticipated problems at these facilities could result in interruptions or delays in our platform and products, impede our ability to scale our operations or have other adverse impacts upon our business. In addition, if we do not accurately plan for our infrastructure capacity requirements or experience significant strains on our data center capacity, we may experience delays and additional expenses in arranging new data centers, and our customers could experience performance degradation or service outages that may subject us to financial liabilities, result in customer losses and materially harm our business.

Cyber attacks or other cybersecurity breaches, incidents, or disruptions with respect to our networks, systems, or applications, or those of our vendors, including loss or unavailability of, or unauthorized access to, or disclosure or other processing of, our proprietary, confidential, or sensitive information, including personal information, could disrupt our operations, compromise sensitive information related to our business or personal information processed by us or on our behalf, and expose us to liability, which could harm our reputation and adversely affect our business, results of operations, and financial condition. It is virtually impossible for us to entirely mitigate the risk of breaches of our platform or other security incidents affecting our platform or the systems, networks or data used in our business. As we grow, we may become a more attractive target for cyber attacks. Our security, networking, and analytics products analyze and otherwise process proprietary and confidential information, including personal information. Companies in our industry are subject to a wide variety of attacks on their networks and systems. As a well-known provider of security, networking, and analytics, we pose an attractive target for such attacks, and as our footprint grows larger, we may become an even more attractive target for cyber attacks. We and the vendors on which we rely, have previously experienced, and may in the future experience, various cybersecurity incidents and other attempts to access or disrupt our networks, systems, and applications. For example, in February 2023, we experienced a significant denial of service attack, which was mitigated within hours but temporarily impacted performance and some services. We face threats from a variety of sources, including sophisticated nation-state and nation-state supported actors, cyber criminals, terrorists, and politically motivated groups or individuals that pose risks to our networks and systems, our platform, our third-party service providers, and our customers' systems and the proprietary, confidential, or sensitive information, including personal information processed by us or on our behalf. The growth in state sponsored cyber activity, including those actions taken in connection with the current conflict between Russia and Ukraine, showcase the increasing sophistication of cyber threats. As a result, we may be unable to anticipate these techniques or implement adequate measures to prevent an electronic intrusion into our customers through our platform or to prevent breaches and other security incidents affecting our platform, internal networks, systems or data. Further, we may be unable to remediate or otherwise respond to any identified breach or other incident in a timely manner.

Despite significant efforts to create security barriers to safeguard against such threats, it is impossible for us to entirely mitigate these risks. Despite our security measures and our cybersecurity risk management program, our and our vendors' IT and infrastructure may be vulnerable to security risks, including loss or theft of, damage to, or unauthorized access to, use, disclosure or other processing of proprietary information or other customer data, employee error or misconduct, denial of service attacks, and other means to disrupt our platform or our or our service providers' networks and systems, and hacking attacks or other cyber attacks originated from our infrastructure. The security measures we have integrated into our networks, systems and platform, which are designed to detect unauthorized activity and help protect our proprietary, confidential, or sensitive information, including personal information, and to help prevent data loss and prevent or minimize security breaches, incidents, or disruptions, may not function as expected or may not be sufficient to protect our internal networks and platform against certain attacks. In addition, techniques used to sabotage or obtain unauthorized access to networks in which data is stored or through which data is transmitted change frequently, generally are not recognized until launched against a target, and may be difficult to discover for an extended period. Even if identified, we may be unable to adequately investigate or remediate incidents or breaches due to attackers increasingly using tools and techniques that are designed to circumvent controls, to avoid detection, and to remove or obfuscate forensic evidence. For example, threat actors may leverage emerging AI technologies to develop new hacking tools and attack vectors, exploit vulnerabilities, obscure their activities, increase the frequency or intensity of attacks, and increase the difficulty of threat attribution and remediation. Such cyber attacks and other cybersecurity breaches, incidents, or disruptions may continue to evolve in frequency and sophistication, and we may be unable to anticipate these techniques and implement adequate preventative, detection, mitigation or other measures.

If an actual or perceived breach of security occurs with respect to, or an actual or perceived security incident impacts, us or any of our vendors, whether as result of third-party action, employee error, malfeasance, or otherwise, the market perception of the effectiveness of our security measures could be harmed, our brand and reputation could be impacted, we could lose potential sales and existing customers, our ability to operate our business could be impaired, we could be subject to claims, demands and litigation, regulatory audits, investigations, enforcement actions and other proceedings, additional reporting requirements, and restrictions on data processing, and we may be subject to fines or penalties or otherwise incur significant liabilities. Some of our contracts may contain relatively high limitations of liability for such events, and even where they do, there can be no assurance that any such limitations of liability are or will be sufficient to protect us from liabilities, damages, or claims related to any such actual or perceived breaches or incidents. Further, our platform and products may be perceived as less desirable, which could negatively affect our business and damage our reputation. Our ability to retain existing customers, expand product adoption and penetration with our existing customers, and acquire new customers is dependent upon our reputation as a trusted provider of security, networking, and analytics. The importance of our reputation in retaining existing business and acquiring new business is heightened by our focus on enterprise customers. In addition, we have numerous customers that operate in highly-regulated industries in which our customers' data is considered particularly sensitive, such as financial services and healthcare. An actual or perceived security breach or incident could damage our relationships with customers, result in the loss of customers, and make it more challenging to acquire new customers, and such damage would likely be heightened in the event a network or security breach or incident occurred in the highly-regulated industries we serve.

Our operations involve analyzing and processing our customers' and other third parties' confidential and proprietary information, including, in some cases, personal information. We have legal and contractual obligations with respect to the confidentiality and use of such information. Security incidents impacting our platform or the systems of our third-party service providers could result in a risk of loss of, damage to, or unauthorized access to or acquisition, use, disclosure, or other processing of the information we process on behalf of our customers. Any such actual or perceived incident could require notification under applicable laws and regulations or other actual or asserted obligations to which we are or may become subject and could lead to claims, demands, and litigation, regulatory audits, investigations, enforcement actions, and other proceedings, and fines, penalties and other possible liability, damage our relationships with our existing customers, trigger indemnification and other contractual obligations, cause us to incur investigation, mitigation, and remediation expenses, and have a negative impact on our ability to attract and retain new customers. Furthermore, any such incident, including a breach of our customers' systems, could compromise our networks or networks secured by our platform and products, creating system disruptions or slowdowns and exploiting security vulnerabilities of our or our customers' networks, and the information stored on or otherwise processed by our or our customers' systems could be accessed, disclosed, or otherwise processed without authorization, altered, lost, or stolen, which could subject us to liability and cause us financial harm. An actual or perceived breach of, or incident impacting, our networks, our customers' networks, those of our vendors or other networks secured by our platform and products, whether or not due to a vulnerability in our platform, may also undermine confidence in our platform or our industry and result in expenditure of significant resources in efforts to analyze, correct, eliminate, or work around errors or defects, delayed or lost revenue, delay in the development or release of new products, features, or functionalities, an increase in collection cycles for accounts receivable, damage to our brand and reputation, negative publicity, loss of channel partners, customers and sales, increased costs to remedy any problem, increased insurance expense, and costly litigation.

Our continued growth depends in part on the ability of our existing customers and new customers to consistently access our platform and products at any time and within an acceptable amount of time. Any interruption or delay in the delivery of our platform and products will negatively impact our customers. One function of our platform and products is to enable secure connections to cloud-based applications and other destinations via the internet. Our customers depend on the continuous availability of our platform and products to access the internet, and our platform and products are designed to operate without interruption in accordance with our service level commitments. However, our platform and products are complex and may contain defects or errors that are not detected until after deployment. Further, some of our software and features are powered by ML and AI, which depend on datasets and algorithms that could be flawed, including through inaccurate, insufficient, outdated, or biased data. In addition, our ability to access certain third-party cloud or SaaS solutions, including those of our service providers and of our customers, is important to our operations and the delivery of our customer support and professional services. If we fail to timely detect defects or errors affecting deployment or use, or if our entire platform or individual products were to fail, customers and users could lose access to critical services and applications until such disruption is resolved or customers deploy disaster recovery measures to bypass our platform and products to access the internet. The adverse effects of any service interruptions on our reputation and financial condition may be disproportionately heightened due to the nature of our business and the fact that our customers expect continuous and uninterrupted service and have a low tolerance for interruptions of any duration. While we do not consider them to have been material, we have experienced, and may in the future experience, service disruptions and other performance problems due to a variety of factors.

A number of companies in our industry hold a large number of patents and also protect their copyright, trade secret and other intellectual property rights, and companies in the networking and security industry frequently enter into litigation based on allegations of patent infringement or other violations of intellectual property rights. In addition, patent holding companies seek to monetize patents they previously developed, have purchased or otherwise obtained. Many companies, including our competitors, may now, and in the future, have significantly larger and more mature patent, copyright, trademark and trade secret portfolios than we have, which they may use to assert claims of infringement, misappropriation and other violations of intellectual property rights against us and which may lead to litigation. For example, in 2022, we filed in the Northern District of California for declaratory judgement in response to communications by Fortinet alleging that we have been infringing certain of their patents, which proceedings and related litigation remain ongoing. In addition, intellectual property litigation may involve non-practicing entities or other patent owners who have no relevant product offerings or revenue and against whom our own patents may therefore provide little or no deterrence or protection. As we face increasing competition and gain an increasingly higher profile the possibility of intellectual property rights claims against us grows. Claims asserting that we are infringing third parties' intellectual property, even if without merit, could harm our business, including by increasing our costs, reducing our revenue, creating customer concerns that result in delayed or reduced sales, distracting our management from the running of our business and requiring us to cease use of important intellectual property. In addition, because patent applications can take years to issue and are often afforded confidentiality for some period of time, there may currently be pending applications, unknown to us, that later result in issued patents that could cover one or more of our products. Moreover, in a patent infringement claim against us, we may assert, as a defense, that we do not infringe the relevant patent claims, that the patent is invalid or both. The strength of our defenses will depend on the patents asserted, the interpretation of these patents, and our ability to invalidate the asserted patents. However, we could be unsuccessful in advancing non-infringement and/or invalidity arguments in our defense. In the United States, issued patents enjoy a presumption of validity, and the party challenging the validity of a patent claim must present clear and convincing evidence of invalidity, which is a high burden of proof. Conversely, the patent owner need only prove infringement by a preponderance of the evidence, which is a lower burden of proof. Furthermore, because of the substantial amount of discovery required in connection with patent and other intellectual property rights litigation, there is a risk that some of our confidential information could be compromised by the discovery process.

Some aspects of our platform and products are built using open source software, and we intend to continue to use open source software in the future. From time to time, we contribute software source code to open source projects under open source licenses or release internal software projects under open source software licenses and anticipate doing so in the future. Open source software is generally freely accessible, usable, and modifiable. However, certain open source licenses may, in certain circumstances, require us to offer our products that incorporate the open source software for no cost, make available source code for modifications or derivative works we create based upon the open source software, incorporate or use the open source software, and/or license such modifications or derivative works under the terms of the particular open source license or otherwise unfavorable terms. The terms of certain open source licenses to which we are subject have not been interpreted by U.S. or foreign courts, and there is a risk that open source software licenses could be construed in a manner that imposes unanticipated conditions or restrictions on our ability to monetize our platform and products. While we try to insulate our proprietary code from the effects of such open source license provisions, we cannot guarantee that we will be successful, that all open source software is reviewed prior to use in our platform and products, that our developers have not incorporated open source software into our platform and products in potentially disruptive ways, or that they will not do so in the future. Additionally, we may from time to time face claims from third parties claiming ownership of, or demanding release of, the open source software or derivative works that we developed using such software, which could include our proprietary source code, or otherwise seeking to enforce the terms of the applicable open source software license. These claims could result in costly litigation and could require us to make our software source code freely available, purchase a costly license, or cease offering the implicated products unless and until we can re-engineer them to avoid infringement or violation. This re-engineering process could require significant additional research and development resources, and we may not be able to complete it successfully. We could also be subject to suits by parties claiming ownership of what we believe to be open source software. In addition to risks related to license requirements, use of certain open source software can lead to greater risks than use of third-party commercial software, as open source licensors generally do not provide warranties or controls on the origin of software and, thus, may contain security vulnerabilities or broken code. Moreover, some open source projects have known security and other vulnerabilities and architectural instabilities, or are otherwise subject to security attacks due to their wide availability, and are provided on an "as-is" basis. There is typically no support available for open source software, and we cannot ensure that the authors of such open source software will implement or push updates to address security risks or will not abandon further development and maintenance. Further, our use of any AI tools that use, incorporate, or output any open source software may heighten the foregoing risks. Any of these risks could be difficult to eliminate or manage, and if not addressed, could have a negative effect on our business, operating results, and financial condition.

The regulatory frameworks for privacy, data protection, data processing, data sovereignty and security matters are rapidly evolving and are likely to remain volatile for the foreseeable future. Our handling of personal data is subject to various laws and regulations addressing privacy, data protection, cybersecurity, information security, location of data and other regulations or requirements where we offer our platform and products around the world. We also may be or become subject to codes of conduct, rules or other actual or asserted obligations relating to privacy, data protection, data location, cybersecurity, information security, data processing or other matters, including such obligations promulgated or otherwise adopted by industry or other self-regulatory bodies or other cybersecurity or information security or data protection-related organizations. Further, we may be bound by additional, more stringent contractual obligations and other actual and asserted obligations, such as industry standards, relating to our collection, use, disclosure, storage, and other processing of personal and other information. We have numerous customers that operate in highly-regulated industries in which our customers' data is considered particularly sensitive, such as financial services and healthcare, and contracts with customers in these industries may require that we comply with the regulatory standards governing such customers' businesses. For example, in Europe, the Digital Operational Resilience Act (“DORA”), which aims to ensure the resilience of EU financial entities, including through mandatory risk management, incident reporting, resilience testing and third-party outsourcing restrictions, went into effect in 2025 and imposes additional requirements on certain service providers to such entities. Changes in laws or regulations that adversely affect the use of the internet, including laws impacting net neutrality, could also impact our business. For example, the availability of our platform and products in certain jurisdictions has in the past been temporarily disrupted due to government actions requiring us to implement certain content moderation standards applicable under local law.

We are subject to federal, state, and local income taxes in the United States and numerous foreign jurisdictions. Determining our provision for income taxes requires management's judgment, and the ultimate tax outcome may be uncertain. Our corporate structure and associated transfer pricing policies are designed to support our business in international markets, and consider the functions, risks and assets of the various entities involved in the intercompany transactions. In addition, our provision for income taxes is subject to volatility and could be adversely affected by many factors, including, among other things, changes to our corporate structure and associated transfer pricing policies, changes in the timing or amounts of earnings in jurisdictions with differing statutory tax rates, changes in the valuation of deferred tax assets and liabilities, changes in tax rates, new or revised tax laws or interpretations of existing tax laws and policies, and our ability to operate our business in a manner consistent with our corporate structure and intercompany arrangements. For example, on July 4, 2025, the United States enacted federal tax legislation commonly referred to as the One Big Beautiful Bill Act (or “OBBBA”) and made a number of changes to United States federal income tax laws. Among other things, the OBBBA restored deductions for U.S. research and development expenditures (while continuing to require taxpayers to capitalize and amortize foreign research and development expenditures), changed the calculation and deductibility of global intangible low-taxed income (renamed Net CFC Tested Income) and foreign derived intangibles income (renamed Foreign-Derived Deduction Eligible Income) for taxable years beginning after December 31, 2025, and changed the calculation of deductible business interest expense to include depreciation and amortization. The taxing authorities of the jurisdictions in which we operate or regularly target may challenge our methodologies for pricing intercompany transactions pursuant to our intercompany arrangements, disagree with our determinations as to the income and expenses attributable to specific jurisdictions. If such a challenge or disagreement were to occur, and our position was not sustained, or if there are changes in tax laws or the way existing tax laws are interpreted or applied, we could be required to pay additional taxes, interest and penalties. While we regularly assess the adequacy of our provision for income taxes, there can be no assurance that the outcomes of such challenges or disagreements, or the changes in tax laws or their interpretation and application, will not have a material impact on our business, results of operations and financial condition.