What changed in Palo Alto Networks's 2024 10-K compared to 2023?

Across the narrative sections we track, Palo Alto Networks (PANW) added 380 paragraphs, removed 349, and edited 288 between the 2023 and 2024 10-K filings. The biggest movers are Item 1. Business (+123/−112), Item 1A. Risk Factors (+128/−116), Item 7. Management's Discussion & Analysis (+107/−101).

Did Palo Alto Networks add new Risk Factors in the 2024 10-K?

Yes — Item 1A Risk Factors shows 128 new/edited paragraphs and 116 removed paragraphs versus the 2023 10-K.

What changed in Palo Alto Networks's MD&A (Item 7) in 2024?

Item 7 Management's Discussion & Analysis shows 107 new/edited paragraphs and 101 removed paragraphs year-over-year. Read the side-by-side diff to see exactly which revenue, margin, and outlook commentary was rewritten.

Where does this PANW 10-K diff come from?

The source filings are Palo Alto Networks's official 2023 and 2024 Form 10-K annual reports from SEC EDGAR. 10q10k.net parses each filing, aligns paragraphs by section (Item 1, 1A, 1C, 2, 3, 7, 7A), and highlights every added, removed and edited sentence side-by-side.

What changed in Palo Alto Networks's 10-K — 2023 vs 2024

Paragraph-level year-over-year comparison of Palo Alto Networks's 2023 and 2024 10-K annual filings, covering the Business, Risk Factors, Legal Proceedings, Cybersecurity, MD&A and Market Risk sections. Every new, removed and edited paragraph is highlighted side-by-side so you can see exactly what management changed in the 2024 report.

+380 added−349 removedSource: 10-K (2024-09-06) vs 10-K (2023-09-01)

Top changes in Palo Alto Networks's 2024 10-K

380 paragraphs added · 349 removed · 288 edited across 5 sections

Item 1. Business+123 / −112 · 81 edited
Item 1A. Risk Factors+128 / −116 · 100 edited
Item 7. Management's Discussion & Analysis+107 / −101 · 89 edited
Item 5. Market for Registrant's Common Equity+14 / −13 · 12 edited
Item 7A. Quantitative and Qualitative Disclosures About Market Risk+8 / −7 · 6 edited

Item 1. Business

Business — how the company describes what it does

81 edited+42 added−31 removed54 unchanged

2023 filing

2024 filing

Biggest changeFollowing onboarding, there are a variety of ways that employees can assess their interests and skills, build a development plan specific to those insights, and continue to grow. Our development initiatives are delivered to employees through a comprehensive platform, FLEXLearn. The platform contains curated content and programs, such as assessment instruments, thousands of courses, workshops, and mentoring and coaching services.

Biggest changeAs part of our merger and acquisition strategy, we have established a robust integration program that works to enable individuals joining our teams to feel part of our culture. Following onboarding, there are a variety of ways that employees can assess their interests and skills, build a development plan specific to those insights, and continue to grow using FLEXLearn.

Professional Services. Professional services are primarily delivered directly by Palo Alto Networks and through a global network of authorized channel partners to our end-customers and include on-location and remote, hands-on experts who plan, design, and deploy effective security solutions tailored to our end-customers’ specific requirements.

Professional services are primarily delivered directly by Palo Alto Networks and through a global network of authorized channel partners to our end-customers and include on-location and remote, hands-on experts who plan, design, and deploy effective security solutions tailored to our end-customers’ specific requirements.

In addition, it includes a cloud-based URL filtering database which consists of millions of URLs across many categories and is designed to analyze web traffic and prevent web-based threats, such as phishing, malware, and C2. • DNS Security. This cloud-delivered security service uses machine learning to proactively block malicious domains and stop attacks in progress.

In addition, it includes a cloud-based URL filtering database which consists of millions of URLs across many categories and is designed to analyze web traffic and prevent web-based threats, such as phishing, malware, and C2. • Advanced DNS Security. This cloud-delivered security service uses machine learning to proactively block malicious domains and stop attacks in progress.

GlobalProtect ensures that the same secure application enablement policies that protect users at the corporate site are enforced for all users, independent of their location. • Enterprise DLP. This cloud-delivered security service provides consistent, reliable protection of sensitive data, such as personally identifiable information (“PII”) and intellectual property, for all traffic types, applications, and users.

GlobalProtect ensures that the same secure application enablement policies that protect users at the corporate site are enforced for all users, independent of their location. • Enterprise DLP. This cloud-delivered security service provides consistent, reliable protection of sensitive data, such as personally identifiable information and intellectual property, for all traffic types, applications, and users.

Prisma SD-WAN enables organizations to replace traditional Multiprotocol Label Switching (“MPLS”) based WAN architectures with affordable broadband and internet transport types that promote improved bandwidth availability, redundancy and performance at a reduced cost. Prisma SD-WAN leverages real-time application performance SLAs and visibility to control and intelligently steer application traffic to deliver an exceptional user experience.

Prisma SD-WAN enables organizations to replace traditional Multiprotocol Label Switching based WAN architectures with affordable broadband and internet transport types that promote improved bandwidth availability, redundancy and performance at a reduced cost. Prisma SD-WAN leverages real-time application performance SLAs and visibility to control and intelligently steer application traffic to deliver an exceptional user experience.

This post-sales, global organization advances our customers’ security maturity, supporting them when, where, and how they need it. We offer Standard Support, Premium Support, and Platinum Support to our end-customers and channel partners. Our channel partners that operate a Palo Alto Networks Authorized Support Center (“ASC”) typically deliver level-one and level-two support.

With Cortex XSOAR, security teams can standardize processes, automate repeatable tasks, and manage incidents across their security product stack to improve response time and analyst productivity. It learns from the real-life analyst interactions and past investigations to help SOC teams with analyst assignment suggestions, playbook enhancements, and best next steps for investigations.

With Cortex XSOAR, security teams can standardize processes, automate repeatable tasks, and manage incidents across their security product stack to improve response time and analyst productivity. Cortex XSOAR learns from the real-life analyst interactions and past investigations to help SOC teams with analyst assignment suggestions, playbook enhancements, and best next steps for investigations.

We provide level-three support 24 hours a day, seven days a week through regional support centers that are located worldwide. We also offer a service offering called Focused Services that includes Customer Success Managers (“CSM”) to provide support for end-customers with unique or complex support requirements.

We provide level-three support 24 hours a day, seven days a week through regional support centers that are located worldwide. We also offer a service offering called Focused Services that includes Customer Success Managers to provide support for end-customers with unique or complex support requirements.

Our sales organization is supported by sales engineers with responsibility for pre-sales technical support, solutions engineering for our end-customers, and technical training for our channel partners. Channel Program. Our NextWave Channel Partner program is focused on building in-depth relationships with solutions-oriented distributors and resellers that have strong security expertise.

Our Global Customer Success (“GCS”) organization is responsible for delivering professional, educational, and support services directly to our channel partners and end-customers. We leverage the capabilities of our channel partners and train them in the delivery of professional, educational, and support services to enable these services to be locally delivered.

Our Global Customer Success organization is responsible for delivering professional, educational, and support services directly to our channel partners and end-customers. We leverage the capabilities of our channel partners and train them in the delivery of professional, educational, and support services to enable these services to be locally delivered.

The platform helps developers prevent risks as they code and build the application, secures the software supply chain and the continuous integration and continuous development (“CI/CD”) pipeline, and provides complete visibility and real-time protection for applications in the cloud.

In addition to these components, key features include site-to-site virtual private network (“VPN”), remote access Secure Sockets Layer (“SSL”) VPN, and Quality-of-Service (“QoS”).

In addition to these components, key features include site-to-site virtual private network (“VPN”), remote access Secure Sockets Layer (“SSL”) VPN, and Quality-of-Service.

XDR Pro extends endpoint detection and response (“EDR”) to include cross-data analytics, including network, cloud, and identity data. Going beyond EDR, Cortex XDR detects the most complex threats using analytics across key data sources and reveals the root cause, which can significantly reduce investigation time as compared to siloed tools and manual processes. • Cortex XSOAR.

XDR Pro extends endpoint detection and response (“EDR”) to include cross-data analytics for network, cloud, and identity data. Going beyond EDR, Cortex XDR detects the most complex threats using analytics across key data sources and reveals the root cause, which can significantly reduce investigation time as compared to siloed tools and manual processes. • Cortex XSOAR.

Typical deployment scenarios include the enterprise network, the enterprise data center, cloud locations, and branch or remote locations. No single end-customer accounted for more than 10% of our total revenue in fiscal 2023, 2022, or 2021. Distribution.

We believe that a broad range of support services is essential to the successful customer deployment and ongoing support of our products, and we have hired support engineers with proven experience to provide those services. - 10 - Table of Contents Marketing.

We empower enterprises, organizations, service providers, and government entities to protect themselves against today’s most sophisticated cyber threats. Our cybersecurity platforms and services help secure enterprise users, networks, clouds, and endpoints by delivering comprehensive cybersecurity backed by industry-leading artificial intelligence and automation.

Unlike other solutions, it does not require endpoint routing configurations to be maintained and therefore cannot be bypassed. It allows our network security platform access to DNS signatures that are generated using advanced predictive analysis, machine learning, and malicious domain data from a growing threat intelligence sharing community of which we are a part.

Unlike other solutions, it does not require endpoint routing configurations to be maintained and therefore cannot be bypassed. It allows our network security platform access to Domain Name System (“DNS”) signatures that are generated using advanced predictive analysis, machine learning, and malicious domain data from a growing threat intelligence sharing community of which we are a part.

Finally, compliance teams use Cortex Xpanse to improve their audit processes and stay in compliance by assessing their access controls against regulatory frameworks. SUPPORT Customer Support. Global customer support helps our customers achieve their security outcomes with services and support capabilities covering the customer's entire journey with Palo Alto Networks.

Finally, compliance teams use Cortex Xpanse to improve their audit processes and stay in compliance by assessing their access controls against regulatory frameworks. - 8 - Table of Contents SUPPORT Customer Support. Global customer support helps our customers achieve their security outcomes with services and support capabilities covering the customer's entire journey with Palo Alto Networks.

Our ML-Powered Next Generation Firewalls embed machine learning in the core of the firewall and employ inline deep learning in the cloud, empowering our customers to stop zero-day threats in real time, see and secure their entire enterprise including IoT, and reduce errors with automatic policy recommendations.

Our ML-Powered Next Generation Firewalls embed machine learning in the core of the firewall and employ inline deep learning in the cloud, empowering our customers to stop zero-day threats in real time, see and secure their entire enterprise including Internet of Things (“IoT”), and reduce errors with automatic policy recommendations.

Integrity is one of our core values. Our corporate behavior and leadership practices model ethical decision-making. All employees are informed about our governance expectations through our Codes of Conduct, compliance training programs, and ongoing communications. Our board of directors is governed by Corporate Governance Guidelines, which are amended from time to time to incorporate best practices in corporate governance.

Our corporate behavior and leadership practices model ethical decision-making. All employees are informed about our governance expectations through our Codes of Conduct, compliance training programs, and ongoing communications. Our board of directors is governed by Corporate Governance Guidelines, which are amended from time to time to incorporate best practices in corporate governance.

Our education services include certifications, as well as free online technical courses and in-classroom training, which are primarily delivered through our authorized training partners. - 8 - Table of Contents RESEARCH AND DEVELOPMENT Our research and development efforts are focused on developing new hardware and software and on enhancing and improving our existing product and subscription offerings.

Our education services include certifications, as well as free online technical courses and in-classroom training, which are primarily delivered through our authorized training partners. RESEARCH AND DEVELOPMENT Our research and development efforts are focused on developing new hardware and software and on enhancing and improving our existing product and subscription offerings.

(“Cisco”), Microsoft, or those that have acquired, or may acquire, security vendors and have the technical and financial resources to bring competitive solutions to the market; • independent security vendors, such as Check Point Software Technologies Ltd. (“Check Point”), Fortinet, Inc. (“Fortinet”), Crowdstrike, Inc. (“Crowdstrike”), and Zscaler, Inc.

(“Cisco”), Microsoft, Alphabet, or those that have acquired, or may acquire, security vendors and have the technical and financial resources to bring competitive solutions to the market; • independent security vendors, such as Check Point Software Technologies Ltd. (“Check Point”), Fortinet, Inc. (“Fortinet”), CrowdStrike Holdings, Inc. (“CrowdStrike”), Zscaler, Inc. (“Zscaler”), and Wiz, Inc.

Reinforcing the importance of our ESG performance, the charter of the ESG and Nominating Committee of the board of directors includes the primary oversight of ESG. AVAILABLE INFORMATION Our website is located at www.paloaltonetworks.com, and our investor relations website is located at investors.paloaltonetworks.com.

Reinforcing the importance of our ESG performance, the charter of the Governance and Sustainability Committee of the board of directors includes the primary oversight of ESG. AVAILABLE INFORMATION Our website is located at www.paloaltonetworks.com, and our investor relations website is located at investors.paloaltonetworks.com.

All trademarks, trade names, or service marks used or mentioned herein belong to their respective owners. - 13 - Table of Contents

All trademarks, trade names, or service marks used or mentioned herein belong to their respective owners. - 14 - Table of Contents

Threat Intelligence and Security Consulting (Unit 42): • Unit 42 brings together world-renowned threat researchers with an elite team of incident responders and security consultants to create an intelligence-driven, response-ready organization to help customers proactively manage cyber risk.

Threat Intelligence and Advisory Services (Unit 42): • Unit 42 ® brings together world-renowned threat researchers with an elite team of incident responders and security consultants to create an intelligence-driven, response-ready organization to help customers manage cyber risk.

The program rewards these partners based on a number of attainment goals, as well as provides them access to marketing funds, technical and sales training, and support. To promote optimal productivity, we operate a formal accreditation program for our channel partners’ sales and technical professionals. As of July 31, 2023, we had more than 7,100 channel partners. Global Customer Success.

The program rewards these partners based on a number of attainment goals, as well as provides them access to marketing funds, technical and sales training, and support. To promote optimal productivity, we operate a formal accreditation program for our channel partners’ sales and technical professionals. As of July 31, 2024, we had more than 6,500 channel partners. Global Customer Success.

With its code-to-cloud security capabilities, Prisma Cloud uniquely stitches together a complete security picture by tracing back thousands of cloud risks and vulnerabilities that occur in the application runtime to their origin in the code-and-build phase of the application.

With its code-to-cloud security capabilities, Prisma Cloud creates a complete security picture by tracing back thousands of cloud risks and vulnerabilities that occur in the application runtime to their origin in the code-and-build phase of the application.

Our appliances and software are designed for different performance requirements throughout an organization and are classified based on throughput, ranging from our PA-410, which is designed for small organizations and branch offices, to our top-of-the-line PA-7080, which is designed for large-scale data centers and service provider use.

Our appliances and software are designed for different performance requirements throughout an organization and are classified based on throughput, ranging from our PA-410, which is designed for small organizations and branch offices, to our top-of-the-line PA-7500 Series, which is designed for large-scale data centers and service providers.

In addition, it offers inline deep learning to deliver real-time detection and prevention of unknown, evasive, and targeted command-and-control (“C2”) communications over HTTP, unknown-TCP, unknown-UDP, and encrypted over SSL. Advanced Threat Prevention is the first offering to protect patient zero from unknown command and control in real-time. - 5 - Table of Contents • Advanced WildFire.

In addition, it offers inline deep learning to deliver real-time detection and prevention of unknown, evasive, and targeted command-and-control (“C2”) communications over HTTP, unknown-TCP, unknown-UDP, and encrypted over SSL. Advanced Threat Prevention is the first offering to protect the enterprise from unknown command and control in real-time. • Advanced WildFire.

Expanded categorization of DNS traffic and comprehensive analytics allow deep insights into threats, empowering security personnel with the context to optimize their security posture. It offers comprehensive DNS attack coverage and includes industry-first protections against multiple emerging DNS-based network attacks. • IoT/OT Security.

Through these add-on security services, our customers are able to secure their content, applications, users, and devices across their entire organization. Panorama ® , our network security management solution, can centrally manage our network security platform irrespective of form factor, location, or scale. Cloud Security: • We enable cloud-native security through our Prisma Cloud platform.

Through these add-on security services, our customers are able to secure their content, applications, users, and devices across their entire organization. Strata Cloud Manager, our network security management solution, can centrally manage our network security platform irrespective of form factor, location, or scale.

(“Zscaler”), that offer a mix of security products; - 9 - Table of Contents • startups and point-product vendors that offer independent or emerging solutions across various areas of security; and • public cloud vendors and startups that offer solutions for cloud security (private, public, and hybrid cloud).

(“Wiz”), that offer a mix of security products; • startups and point-product vendors that offer independent or emerging solutions across various areas of security; and • public cloud vendors and startups that offer solutions for cloud security (private, public, and hybrid cloud).

Our firewalls come in a hardware form factor, a containerized form factor, called CN-Series, as well as a virtual form factor, called VM-Series, that is available for virtualization and cloud environments from companies such as VMware, Inc. (“VMware”), Microsoft Corporation (“Microsoft”), Amazon.com, Inc. (“Amazon”), and Google, Inc. (“Google”), and in Kernel-based Virtual Machine (“KVM”)/OpenStack environments.

Our firewalls come in a hardware form factor, a containerized form factor, called CN-Series, as well as a virtual form factor, called VM-Series, that is available for virtualization and cloud environments from companies such as Broadcom Inc., Microsoft Corporation (“Microsoft”), Amazon.com, Inc. (“Amazon”), and Alphabet Inc. (“Alphabet”), and in Kernel-based Virtual Machine /OpenStack environments.

Development and investment in our people is central to who we are, and will continue to be so. With a global workforce of 13,948 as of July 31, 2023, our People Strategy is a critical element of our overall company strategy. Our People Strategy is a comprehensive approach to source, hire, onboard, develop, engage, and reward employees.

Development and investment in our people is central to who we are, and will continue to be so. With a global workforce of 15,289 as of July 31, 2024, our People Strategy is a critical element of our overall company strategy. Our People Strategy is a comprehensive approach to source, hire, onboard, develop, listen, and engage employees.

Of these subscription offerings, cloud-delivered security services, such as Advanced Threat Prevention, Advanced WildFire, Advanced URL Filtering, DNS Security, IoT/OT Security, SaaS Security Inline, GlobalProtect, Enterprise DLP, and AIOps, are sold as options to our hardware and software firewalls, whereas SaaS Security API, Prisma Access, Prisma SD-WAN, Prisma Cloud, Cortex XSIAM, Cortex XDR, Cortex XSOAR, and Cortex Xpanse are sold on a per-user, per-endpoint, or capacity-based basis.

Of these subscription offerings, cloud-delivered security services, such as Advanced Threat Prevention, Advanced WildFire, Advanced URL Filtering, Advanced DNS Security, IoT/OT Security, SaaS Security Inline, GlobalProtect, Enterprise DLP, AIOps, and AI Runtime Security are sold as options to our hardware and software firewalls, whereas SaaS Security API, AI Access Security, Prisma Access, Prisma SD-WAN, Strata Cloud Manager, Prisma Cloud, Cortex XSIAM, Cortex XDR, Cortex XSOAR, and Cortex Xpanse are sold on a per-user, per-endpoint, or capacity-based basis—and they can be activated by customers with or without our firewalls.

Based on the outcomes from external sources, insights from internal sources, our modest attrition rate (compared to market trends), and strong participation in our Internal Mobility program, we believe employees at Palo Alto Networks feel engaged and rewarded. Inclusion & Diversity. We are intentional about including diverse points of view, perspectives, experiences, backgrounds, and ideas in our decision-making processes.

Based on employee feedback, ratings from external sources, our modest attrition rate compared to market trends, and strong participation in our development and Internal Mobility programs, we believe employees at Palo Alto Networks feel engaged. Inclusion & Diversity. We are intentional about including diverse points of view, perspectives, experiences, backgrounds, and ideas in our decision-making processes.

As a comprehensive Cloud Native Application Protection Platform (“CNAPP”), Prisma Cloud secures multi- and hybrid-cloud environments for applications, data, and the entire cloud native technology stack across the full development lifecycle; from code to runtime. For inline network security on multi- and hybrid-cloud environments, we also offer our VM-Series and CN-Series Firewall offerings.

As a comprehensive Cloud Native Application Protection Platform (“CNAPP”), Prisma Cloud secures multi- and hybrid-cloud environments for applications, data, generative AI (“GenAI”) ecosystem, and the entire cloud native technology stack across the full development lifecycle, from code to cloud. We also offer our VM-Series and CN-Series virtual firewalls for inline network security on multi- and hybrid-cloud environments.

Our network security platform also includes our cloud-delivered security services, such as Advanced Threat Prevention, Advanced WildFire ® , Advanced URL Filtering, DNS Security, IoT/OT Security, GlobalProtect ® , Enterprise Data Loss Prevention (“Enterprise DLP”), Artificial Intelligence for Operations (“AIOps”), SaaS Security API, and SaaS Security Inline.

Our network security platform also includes our cloud-delivered security services, such as Advanced Threat Prevention, Advanced WildFire ® , Advanced URL Filtering, Advanced DNS Security, IoT/OT Security, GlobalProtect ® , Enterprise Data Loss Prevention (“Enterprise DLP”), AI for IT Operations (“AIOps”), SaaS Security, and AI Access Security.

From recurring 1:1 sessions, quarterly performance feedback, semi-annual performance reviews to use of our Cheers for Peers peer recognition program, employees get continuous input about the value they bring to the organization. These engagement and recognition strategies have informed our holistic People Strategy, including our Inclusion and Diversity (“I&D”) initiatives and Internal Mobility program.

From recurring 1:1 sessions, quarterly performance feedback, semi-annual performance reviews to use of our Cheers for Peers peer recognition program, employees get continuous input about the value they bring to the organization. These listening and engagement strategies have informed our holistic People Strategy.

While many vendors use machine learning to categorize web content or prevent malware downloads, Advanced URL Filtering is the industry’s first inline web protection engine capable of detecting never-before-seen web-based threats and preventing them in real-time.

It delivers real-time detection and prevention of unknown, evasive, and targeted web-based threats, such as phishing, malware, and C2. While many vendors use machine learning to categorize web content or prevent malware downloads, Advanced URL Filtering is the industry’s first inline web protection engine capable of detecting never-before-seen web-based threats and preventing them in real-time.

Prisma SD-WAN also provides the flexibility of deploying with an on-premises controller to help businesses meet their industry-specific security compliance requirements and manage deployments with application-defined policies. Our Prisma SD-WAN simplifies network and security operations using machine learning and automation. Cloud Security: • Prisma Cloud.

Security Operations: • We deliver the next generation of security automation, security analytics, endpoint security, and attack surface management solutions through our Cortex portfolio.

Security Operations: • We deliver the next generation of security operations capabilities that combine security analytics, endpoint security, automation, and attack surface management (“ASM”) solutions through our Cortex ® platform.

Prisma ® Access, our Security Services Edge (“SSE”) solution, when combined with Prisma SD-WAN, provides a comprehensive single-vendor SASE offering that is used to secure remote workforces and enable the cloud-delivered branch. We have been recognized as a leader in network firewalls, SSE, and SD-WAN.

For fiscal 2023, 49.7% of our total revenue was derived from sales to three distributors. We also sell our VM-Series virtual firewalls directly to end-customers through Amazon’s AWS Marketplace, Microsoft’s Azure Marketplace, and Google’s Cloud Platform Marketplace under a usage-based licensing model. Sales.

For fiscal 2024, 59.0% of our total revenue was derived from sales to four distributors. We also sell our VM-Series virtual firewalls directly to end-customers through Amazon’s AWS Marketplace, Microsoft’s Azure Marketplace, and Alphabet’s Google Cloud Marketplace under a usage-based licensing model. Sales.

The context helps security teams block attacks in the cloud runtime and developers fix risks in source code. A comprehensive library of compliance frameworks included in Prisma Cloud vastly simplifies the task of maintaining compliance. Seamless integration with security orchestration tools ensures rapid remediation of vulnerabilities and security issues.

Our company focuses on delivering value in four fundamental areas: Network Security: • Our network security platform, designed to deliver complete zero trust solutions to our customers, includes our hardware and software ML-Powered Next-Generation Firewalls, as well as a cloud-delivered Secure Access Service Edge (“SASE”).

We focus on delivering value in four sectors of the cybersecurity industry: Network Security: • Our network security platform, designed to deliver complete zero trust solutions to our customers, includes our hardware and software ML-Powered Next-Generation Firewalls, AI Runtime Security, as well as a cloud-delivered Secure Access Service Edge (“SASE”).

Available as a cloud-based subscription or an on-premises appliance, Cortex XSOAR is a comprehensive security orchestration automation and response (“SOAR”) offering that unifies playbook automation, case management, real-time collaboration, and threat intelligence management to serve security teams across the incident lifecycle.

Available as a stand-alone cloud-based subscription, an on-premises appliance, or delivered natively through Cortex XSIAM, Cortex XSOAR is a comprehensive SOAR offering that unifies playbook automation, case management, real-time collaboration, and TIM to serve security teams across the incident lifecycle.

We pursue sales opportunities both through our direct sales force and as assisted by our channel partners, including leveraging cloud service provider marketplaces. We expect to continue to grow our sales headcount to expand our reach in all key growth sectors.

We pursue sales opportunities both through our direct sales force and as assisted by our channel partners, which include resellers, global and regional systems integrators, service providers, and cloud providers. We expect to continue to grow our sales headcount to expand our reach in all key growth sectors.

These include Cortex XSIAM, our AI security automation platform, Cortex XDR ® for the prevention, detection, and response to complex cybersecurity attacks on the endpoint, Cortex XSOAR ® for security orchestration, automation, and response (“SOAR”), and Cortex Xpanse TM for attack surface management (“ASM”). These products are delivered as SaaS or software subscriptions.

These include Cortex XSIAM ® , our AI-driven security operations platform, Cortex XDR ® for the prevention, detection, and response to complex cybersecurity attacks, Cortex XSOAR ® for security orchestration, automation, and response (“SOAR”), and Cortex Xpanse ® for ASM. These products are delivered as software as a service (“SaaS”) or software subscriptions.

We file patent applications to protect our intellectual property and believe that the duration of our issued patents is sufficient when considering the expected lives of our products.

We continue to grow our global portfolio of intellectual property rights in connection with our products, services, research and development. We file patent applications to protect our intellectual property and believe that the duration of our issued patents is sufficient when considering the expected lives of our products.

Our onboarding experience starts with “pre-boarding.” Before an employee’s start date, they are provided access to foundational tools to help them prepare to join Palo Alto Networks. We view pre-boarding as fundamental to introducing new employees to our culture, building trust, and facilitating rapid productivity.

From onboarding to professional development, FLEXLearn, our comprehensive platform offers multiple paths to assess, develop, and grow. Before an employee’s start date, they are provided access to foundational tools to help them prepare to join Palo Alto Networks. We view pre-boarding as fundamental to introducing new employees to our culture, building trust, and facilitating rapid productivity.

We expanded our work to provide cybersecurity curriculum to schools, universities, and nonprofit organizations to help individuals of all ages protect their digital way of life and to prepare diverse adults for careers in cybersecurity. Employees continued to participate in our giving, matching, and volunteer programs to make impacts in their local communities. Governance.

We maintained our work to provide cybersecurity curriculum to schools, universities, and nonprofit organizations to help individuals of all ages protect their digital way of life and to prepare people for careers in cybersecurity. Employees continued to participate in our volunteering and giving programs to positively impact their local communities. Governance. Integrity is one of our core values.

Prisma Cloud is a comprehensive Cloud-Native Application Protection Platform (“CNAPP”), securing both cloud-native and lift-and-shift applications across multi- and hybrid-cloud environments. With broad security and compliance coverage and a flexible agentless, as well as agent-based, architecture, Prisma Cloud protects cloud-native applications across their lifecycle from code to cloud.

With broad security and compliance coverage and a flexible agentless, as well as agent-based, architecture, Prisma Cloud protects cloud-native applications across their lifecycle from code to cloud.

GOVERNMENT REGULATION We are subject to numerous U.S. federal, state, and foreign laws and regulations covering a wide variety of subject matters. Like other companies in the technology industry, we face scrutiny from both U.S. and foreign governments with respect to our compliance with laws and regulations.

Like other companies in the technology industry, we face scrutiny from both U.S. and foreign governments with respect to our compliance with laws and regulations.

The principal competitive factors in our market include: • product features, reliability, performance, and effectiveness; • product line breadth, diversity, and applicability; • product extensibility and ability to integrate with other technology infrastructures; • price and total cost of ownership; • adherence to industry standards and certifications; • strength of sales and marketing efforts; and • brand awareness and reputation.

As our market grows, it will attract more highly specialized vendors, as well as larger vendors that may continue to acquire or bundle their products more effectively. - 10 - Table of Contents The principal competitive factors in our market include: • product features, reliability, performance, and effectiveness; • product line breadth, diversity, and applicability; • product extensibility and ability to integrate with other technology infrastructures; • price and total cost of ownership; • adherence to industry standards and certifications; • strength of sales and marketing efforts; and • brand awareness and reputation.

Our consultants serve as trusted advisors to our customers by assessing and testing their security controls against the right threats, transforming their security strategy with a threat-informed approach, and responding to security incidents on behalf of our clients. - 4 - Table of Contents Product, Subscription, and Support Our customer offerings are available in the form of the product, subscription, and support offerings described below: PRODUCTS Hardware and software firewalls.

Through the deployment of our Global Supplier Code of Conduct, we continued to reach across our supply chain to communicate our expectations regarding labor standards, business practices, and workplace health and safety conditions. During fiscal 2023, we maintained our affiliate membership in the Responsible Business Alliance and maintained our commitment to Supplier Diversity.

In addition to our People Strategy described in the section titled “Human Capital” above, we continue to communicate our expectations regarding labor standards, business practices, and workplace health and safety conditions to our supply chain through our Global Supplier Code of Conduct. During fiscal 2024, we maintained our affiliate membership in the Responsible Business Alliance.

Our CEO has also earned a 92% employee approval rating on Glassdoor, a top percentile score. In addition to a comprehensive compensation and diverse benefits program, we believe in an always-on feedback and rewards philosophy.

Palo Alto Networks has been recognized by Comparably, Human Rights Campaign, Disability:IN, and others as an employer of choice. Our CEO has also earned a 91% employee approval rating on Glassdoor, a top percentile score. In addition to a comprehensive compensation and diverse benefits program, we believe in an always-on feedback and rewards philosophy.

These activities and tools benefit both our direct and indirect channels and are available at no cost to our channel partners. Backlog. Orders for subscription and support offerings for multiple years are generally billed upfront upon fulfillment and are included in deferred revenue. Contract amounts that are not recorded in deferred revenue or revenue are considered backlog.

Orders for subscription and support offerings for multiple years are generally billed upfront upon fulfillment and are included in deferred revenue. Contract amounts that are not recorded in deferred revenue or revenue are considered backlog.

It helps minimize the risk of a data breach both on-premises and in the cloud—such as in Office/Microsoft 365™, Salesforce ® , and Box—and assists in meeting stringent data privacy and compliance regulations, including GDPR, CCPA, PCI DSS, HIPAA, and others. - 6 - Table of Contents • AIOps: AIOps is available in both free and licensed premium versions.

Our approach is grounded on core tenants: respect each employee as an individual, demonstrate fairness and equity in all we do, facilitate flexibility, personalization, and choice whenever possible, and nurture a culture where employees are supported in doing the best work of their careers.

Our approach is grounded on core tenets: respect each employee as a unique individual, demonstrate fairness and equity, facilitate personalization whenever possible, and nurture a culture where employees have access to industry-leading professional development programs and are empowered to do the best work of their careers.

Located in more than 100 locations around the world, Prisma Access consistently inspects all traffic across all ports and provides bidirectional networking to enable branch-to-branch and branch-to-headquarter traffic. Prisma Access consolidates point-products into a single converged cloud- delivered offering, transforming network security and allowing organizations to enable secure hybrid workforces.

Secure Access Service Edge: • Prisma Access. Prisma Access is a cloud-delivered security offering that helps organizations deliver consistent security to remote networks and mobile users. Located in more than 100 locations around the world, Prisma Access consistently inspects all traffic across all ports and provides bidirectional networking to enable branch-to-branch and branch-to-headquarter traffic.

Including the recently launched CI/CD security module, Prisma Cloud’s code-to-cloud CNAPP delivers comprehensive protection for applications and their code, infrastructure (workloads, network, and storage), data, APIs, and associated identities. Security Operations: • Cortex XSIAM.

Prisma Cloud’s code-to-cloud CNAPP delivers comprehensive protection for applications and their code, infrastructure (workloads, network, and storage), data, APIs, and associated identities. Security Operations: • Cortex XSIAM. This cloud-based AI-driven security operations platform for the modern SOC harnesses the power of AI to radically improve security outcomes and transform security operations.

In addition, Advanced WildFire defeats highly evasive modern malware at scale with a new infrastructure and patented analysis techniques, including intelligent runtime memory analysis, dependency emulation, malware family fingerprinting, and more. Once identified, whether in the cloud or inline, preventive measures are automatically generated and delivered in seconds or less to our network security platform. • Advanced URL Filtering.

AIOps redefines network operational experience by empowering security teams to proactively strengthen security posture and resolve network disruptions. AIOps provides continuous best practice recommendations powered by machine learning (“ML”) based on industry standards, security policy context, and advanced telemetry data collected from our network security customers to improve security posture.

AIOps provides continuous best practice recommendations powered by machine learning based on industry standards, security policy context, and advanced telemetry data collected from our network security customers to improve security posture. It also intelligently predicts health, performance, and capacity problems up to seven days in advance and provides actionable insights to resolve the predicted disruptions.

Advanced WildFire combines dynamic and static analysis, recursive analysis, and a custom-built analysis environment with network traffic profiling and fileless attack detection to discover even the most sophisticated and evasive threats. A machine learning module derived from the cloud sandbox environment is now delivered inline on the ML-Powered Next-Generation Firewalls to identify the majority of unknown threats without cloud connectivity.

We value our role as a good corporate citizen and in fiscal 2023 continued to execute our social impact programs. We made charitable grants to support organizations providing services in our core funding areas of education, including academic scholarships, diversity, and basic needs.

We also value our role as a trusted corporate citizen and in fiscal 2024 continued to execute our social impact programs. We made charitable grants through our donor-advised fund to support nonprofit organizations providing services in areas such as cybersecurity education and disaster relief.

The Unit 42 Threat Intelligence team provides threat research that enables security teams to understand adversary intent and attribution, while enhancing protections offered by our products and services to stop advanced attacks. Our security consultants serve as trusted partners with state-of-the-art cyber risk expertise and incident response capabilities, helping customers focus on their business before, during, and after a breach.

We made progress towards our goals in fiscal 2023 through several milestones. We engaged with a local utility provider to power our Santa Clara, California headquarters with 100% renewable energy effective January 1, 2023. Our near-term scope 1, 2, and 3 emissions reduction goals, aligned to a warming scenario of 1.5° Celsius, were verified by the Science Based Targets initiative.

Fiscal 2024 is the first full year that we powered our Santa Clara, California headquarters with 100% renewable energy through our local utility provider. Our near-term scope 1, 2, and 3 emissions reduction goals have been verified by the Science Based Targets initiative.

We believe that hardware and software are both critical to expanding our leadership in the enterprise security industry. Our engineering team has deep networking, endpoint, and security expertise and works closely with end-customers to identify their current and future needs.

We believe that hardware and software are both critical to expanding our leadership in the enterprise security industry. Our engineering team has deep networking security, cloud security, endpoint security, security operations, and incident response expertise as well as expertise in AI and machine learning capabilities that are applied across these areas.

Many of our customers see significantly faster SOC response times and a significant reduction in the number of SOC alerts which require human intervention. • Cortex Xpanse. This cloud-based subscription provides attack surface management (“ASM”), which is the ability for an organization to identify what an attacker would see among all of its sanctioned and unsanctioned Internet-facing assets.

Available as a stand-alone cloud-based subscription and a cloud-based subscription module within Cortex XSIAM, Cortex Xpanse provides ASM, which is the ability for an organization to identify what an attacker would see among all of its sanctioned and unsanctioned Internet-facing assets.

Using a security-specific data model and applying AI, Cortex XSIAM automates data integration, analysis, and triage to respond to most alerts, enabling analysts to focus on only the incidents that require human intervention. - 7 - Table of Contents • Cortex XDR.

Cortex XSIAM integrates these capabilities into a single, converged platform built for security operations, enabling organizations to simplify operations, stop threats at scale, and accelerate incident remediation. Cortex XSIAM automates data integration, analysis, and triage to respond to most alerts, enabling analysts to focus on only the incidents that require human intervention. • Cortex XDR.

During fiscal 2023, we introduced several new offerings, including: Cortex XSIAM 1.0, major updates to Prisma Cloud (including three new security modules), Prisma Access 4.0, PAN-OS 11.0, Cloud NGFW for AWS, and Cloud NGFW for Azure. Additionally, we acquired productive investments that fit well within our long-term strategy. For example, we acquired Cider Security Ltd.

During fiscal 2024, we introduced several new offerings, including: Prisma Cloud Darwin release with newly integrated Code to Cloud intelligence capabilities, PAN-OS 11.2 Quasar, Cortex XSIAM 2.0, new Cortex XSIAM features, Prisma SASE 3.0, and Precision AI TM . Additionally, we acquired productive investments that fit well within our long-term strategy.

We believe that each member of our workforce is unique, and that their integration into Palo Alto Networks and their career journey involve unique needs, interests, and goals. That is why our development programs are grounded on individualization, flexibility, and choice. From onboarding to ongoing development, our FLEXLearn philosophy offers multiple paths to assess, develop, and grow.

Our hiring managers also receive unconscious bias training, and our interviewing process emphasizes values and capabilities that support our culture. Onboard & Develop. Each member of our workforce is unique, and their integration into Palo Alto Networks and career journey involve individual needs, interests, and goals. In response, our development programs are grounded on personalization, flexibility, and choice.

In addition, based on employee participation in an anonymous survey, the Best Practice Institute has certified Palo Alto Networks as a “most loved workplace” (2021, 2022, and 2023). Palo Alto Networks has been recognized by Glassdoor, Comparably, Human Rights Campaign, Disability Index, and others as an employer of choice.

We also listen to and address engagement through external sources such as Glassdoor, The Best Practice Institute, Comparably, and others. In addition, based on employee participation in an anonymous survey, the Best Practice Institute has certified Palo Alto Networks as “Top 100 Global Most Loved Workplaces” since 2021.

Prisma Access protects all application traffic with complete, best-in-class security while ensuring an exceptional user experience with industry-leading service-level agreements (“SLA”s). • Prisma SD-WAN. Our Prisma SD-WAN solution is a next-generation SD-WAN solution that makes the secure cloud-delivered branch possible.

Prisma Access consolidates point-products into a single converged cloud-delivered offering, transforming network security and allowing organizations to enable secure hybrid workforces. Prisma Access protects all application traffic with complete, best-in-class security while ensuring an exceptional user experience with industry-leading service-level agreements (“SLA”s). With native SASE integration, Prisma Access Browser extends Zero Trust to any device—managed or unmanaged—in minutes.

We continue to grow our patent portfolio and own intellectual property and related intellectual property rights around the world that relate to our products, services, research and development, and other activities, and our success depends in part upon our ability to protect our core technology and intellectual property.

We plan to continue to significantly invest in our research and development efforts as we evolve and extend the capabilities of our portfolio. - 9 - Table of Contents INTELLECTUAL PROPERTY We believe that our intellectual property rights are valuable and important to our business, and that our success depends, in part, on our ability to protect and use our core technology and intellectual property rights.

INTELLECTUAL PROPERTY Our industry is characterized by the existence of a large number of patents and frequent claims and related litigation regarding patent and other intellectual property rights. In particular, leading companies in the enterprise security industry have extensive patent portfolios and are regularly involved in both offensive and defensive litigation.

Despite our efforts to protect our proprietary technology and intellectual property rights, our rights may not be respected in the future or may be invalidated, circumvented, or challenged. Our industry is characterized by the existence of a large number of patents and frequent claims and related litigation based on allegations of patent infringement or other violations of intellectual property rights.

Our I&D philosophy is fully embedded in our talent acquisition, learning and development, performance elevation, and rewards and recognition programs. The diversity of our board of directors, with women representing 40% of our board as of July 31, 2023, is an example of our commitment to inclusion and diversity.

The diversity of our board of directors, with women representing 40% of our board as of July 31, 2024, is an example of our commitment to I&D. - 13 - Table of Contents ENVIRONMENTAL, SOCIAL, AND GOVERNANCE We believe integrating environmental, social, and governance (“ESG”) practices throughout our operations builds business resilience and helps manage risk.

In addition, FLEXLearn provides employees with events and activities that motivate and spark critical thinking, on topics ranging from inclusion to well-being and collaboration. On average, employees had completed 33 hours of development through the FLEXLearn platform during fiscal 2023. Engage & Reward. We aim to foster engagement through a multifaceted approach to collect, understand, and act on employee feedback.

Employees have agency to direct their growth at their pace and choosing. Development information about core business elements, required company-wide compliance training and information about activities on topics ranging from inclusion to well-being and collaboration, are also deployed through FLEXLearn. On average, employees had completed 33 hours of development through the FLEXLearn platform during fiscal 2024. Listen & Engage.

… 74 more changes not shown on this page.

Item 1A. Risk Factors

Risk Factors — what could go wrong, per management

100 edited+28 added−16 removed226 unchanged

2023 filing

2024 filing

Biggest changeIf we are not able to successfully hedge against the risks associated with foreign currency fluctuations, our financial condition and operating results could be adversely affected. We have entered into forward contracts in an effort to reduce our foreign currency exchange exposure related to our foreign currency denominated expenditures.

Biggest changeOur operating expenses incurred outside the United States and denominated in foreign currencies are generally increasing and are subject to fluctuations due to changes in foreign currency exchange rates. If we are not able to successfully hedge against the risks associated with foreign currency fluctuations, our financial condition and operating results could be adversely affected.

The Note Hedges for our 2025 Notes are generally expected to reduce the potential dilution to our common stock upon any conversion of our 2025 Notes.

The 2025 Note Hedges for our 2025 Notes are generally expected to reduce the potential dilution to our common stock upon any conversion of our 2025 Notes.

New legislation affecting the scope of personal data and personal information where we or our customers and partners have operations, especially relating to classification of Internet Protocol (“IP”) addresses, machine identification, AI, location data, and other information, may limit or inhibit our ability to operate or expand our business, including limiting strategic partnerships that may involve the sharing or uses of data, and may require significant expenditures and efforts in order to comply.

New legislation affecting the scope of personal data and personal information where we or our customers and partners have operations, especially relating to classification of Internet Protocol (“IP”) addresses, machine identification, AI and machine learning, location data, and other information, may limit or inhibit our ability to operate or expand our business, including limiting strategic partnerships that may involve the sharing or uses of data, and may require significant expenditures and efforts in order to comply.

Factors that could cause fluctuations in the market price of our common stock include, but are not limited to: • announcements of new products, subscriptions or technologies, commercial relationships, strategic partnerships, acquisitions, or other events by us or our competitors; • price and volume fluctuations in the overall stock market from time to time; • news announcements that affect investor perception of our industry, including reports related to the discovery of significant cyberattacks; • significant volatility in the market price and trading volume of technology companies in general and of companies in our industry; • fluctuations in the trading volume of our shares or the size of our public float; - 31 - Table of Contents • actual or anticipated changes in our operating results or fluctuations in our operating results; • whether our operating results meet the expectations of securities analysts or investors; • actual or anticipated changes in the expectations of securities analysts or investors, whether as a result of our forward-looking statements, our failure to meet such expectations or otherwise; • inaccurate or unfavorable research reports about our business and industry published by securities analysts or reduced coverage of our company by securities analysts; • litigation involving us, our industry, or both; • actions instituted by activist shareholders or others; • regulatory developments in the United States, foreign countries, or both; • major catastrophic events; • sales or repurchases of large blocks of our common stock or substantial future sales by our directors, executive officers, employees, and significant stockholders; • departures of key personnel; or • geopolitical or economic uncertainty around the world.

Factors that could cause fluctuations in the market price of our common stock include, but are not limited to: • announcements of new products, subscriptions or technologies, commercial relationships, strategic partnerships, acquisitions, or other events by us or our competitors; • price and volume fluctuations in the overall stock market from time to time; • news announcements that affect investor perception of our industry, including reports related to the discovery of significant cyberattacks; • significant volatility in the market price and trading volume of technology companies in general and of companies in our industry; • fluctuations in the trading volume of our shares or the size of our public float; • actual or anticipated changes in our operating results or fluctuations in our operating results; • whether our operating results meet the expectations of securities analysts or investors; • actual or anticipated changes in the expectations of securities analysts or investors, whether as a result of our forward-looking statements, our failure to meet such expectations or otherwise; • inaccurate or unfavorable research reports about our business and industry published by securities analysts or reduced coverage of our company by securities analysts; • litigation involving us, our industry, or both; • actions instituted by activist shareholders or others; • regulatory developments in the United States, foreign countries, or both; • major catastrophic events; • sales or repurchases of large blocks of our common stock or substantial future sales by our directors, executive officers, employees, and significant stockholders; • departures of key personnel; or • geopolitical or economic uncertainty around the world.

We may not successfully evaluate or utilize the acquired technology or personnel, realize anticipated synergies from the acquisition, or accurately forecast the financial impact of an acquisition transaction and integration of such acquisition, including accounting charges and any potential impairment of goodwill and intangible assets recognized in connection with such acquisitions.

We may not successfully evaluate or utilize the acquired technology, products, or personnel, realize anticipated synergies from the acquisition, or accurately forecast the financial impact of an acquisition transaction and integration of such acquisition, including accounting charges and any potential impairment of goodwill and intangible assets recognized in connection with such acquisitions.

These risks include, but are not limited to, the following: • Our operating results may be adversely affected by unfavorable economic and market conditions and the uncertain geopolitical environment. • Our business and operations have experienced growth in recent periods, and if we do not effectively manage any future growth or are unable to improve our systems, processes, and controls, our operating results could be adversely affected. • Our revenue growth rate in recent periods may not be indicative of our future performance, and we may not be able to maintain profitability, which could cause our business, financial condition, and operating results to suffer. • Our operating results may vary significantly from period to period, which makes our results difficult to predict and could cause our results to fall short of expectations, and such results may not be indicative of future performance. • Seasonality may cause fluctuations in our revenue. • If we are unable to sell new and additional product, subscription, and support offerings to our end-customers, especially to large enterprise customers, our future revenue and operating results will be harmed. • We rely on revenue from subscription and support offerings, and because we recognize revenue from subscription and support over the term of the relevant service period, downturns or upturns in sales or renewals of these subscription and support offerings are not immediately reflected in full in our operating results. • The sales prices of our products, subscriptions, and support offerings may decrease, which may reduce our revenue and gross profits and adversely impact our financial results. • We rely on our channel partners to sell substantially all of our products, including subscriptions and support, and if these channel partners fail to perform, our ability to sell and distribute our products and subscriptions will be limited and our operating results will be harmed. • We are exposed to the credit and liquidity risk of our customers, and to credit exposure in weakened markets, which could result in material losses. • A portion of our revenue is generated by sales to government entities, which are subject to a number of challenges and risks. • We face intense competition in our market and we may lack sufficient financial or other resources to maintain or improve our competitive position. • We may acquire other businesses, which could subject us to adverse claims or liabilities, require significant management attention, disrupt our business, adversely affect our operating results, may not result in the expected benefits of such acquisitions, and may dilute stockholder value. • If we do not accurately predict, prepare for, and respond promptly to rapidly evolving technological and market developments and successfully manage product and subscription introductions and transitions to meet changing end-customer needs in the enterprise security industry, our competitive position and prospects will be harmed. • Issues in the development and deployment of Artificial Intelligence (“AI”) may result in reputational harm and legal liability and could adversely affect our results of operations. • A network or data security incident may allow unauthorized access to our network or data, harm our reputation, create additional liability, and adversely impact our financial results. • Defects, errors, or vulnerabilities in our products, subscriptions, or support offerings, the failure of our products or subscriptions to block a virus or prevent a security breach or incident, misuse of our products, or risks of product liability claims could harm our reputation and adversely impact our operating results. • Our ability to sell our products and subscriptions is dependent on the quality of our technical support services and those of our channel partners, and the failure to offer high-quality technical support services could have a material adverse effect on our end-customers’ satisfaction with our products and subscriptions, our sales, and our operating results. • Claims by others that we infringe their intellectual property rights could harm our business. - 14 - Table of Contents • Our proprietary rights may be difficult to enforce or protect, which could enable others to copy or use aspects of our products or subscriptions without compensating us. • Our use of open source software in our products and subscriptions could negatively affect our ability to sell our products and subscriptions and subject us to possible litigation. • We license technology from third parties, and our inability to maintain those licenses could harm our business. • Because we depend on manufacturing partners to build and ship our hardware products, we are susceptible to manufacturing and logistics delays and pricing fluctuations that could prevent us from shipping customer orders on time, if at all, or on a cost-effective basis, which may result in the loss of sales and end-customers. • Managing the supply of our hardware products and product components is complex.

These risks include, but are not limited to, the following: • Our operating results may be adversely affected by unfavorable economic and market conditions and the uncertain geopolitical environment. • Our business and operations have experienced growth in recent periods, and if we do not effectively manage any future growth or are unable to improve our systems, processes, and controls, our operating results could be adversely affected. • Our revenue growth rate in recent periods may not be indicative of our future performance, and we may not be able to maintain profitability, which could cause our business, financial condition, and operating results to suffer. • Our operating results may vary significantly from period to period, which makes our results difficult to predict and could cause our results to fall short of expectations, and such results may not be indicative of future performance. • Seasonality may cause fluctuations in our revenue. • If we are unable to sell new and additional product, subscription, and support offerings to our end-customers, especially to large enterprise customers, our future revenue and operating results will be harmed. • If we are unable to attract new customers, our future results of operations could be harmed. • We rely on revenue from subscription and support offerings, and because we recognize revenue from subscription and support over the term of the relevant service period, downturns or upturns in sales or renewals of these subscription and support offerings are not immediately reflected in full in our operating results. • The sales prices of our products, subscriptions, and support offerings may decrease, which may reduce our revenue and gross profits and adversely impact our financial results. • We rely on our channel partners to sell substantially all of our products, including subscriptions and support, and if these channel partners fail to perform, our ability to sell and distribute our products and subscriptions will be limited and our operating results will be harmed. • We are exposed to the credit and liquidity risk of our customers, and to credit exposure in weakened markets, which could result in material losses. • A portion of our revenue is generated by sales to government entities, which are subject to a number of challenges and risks. • We face intense competition in our market and we may lack sufficient financial or other resources to maintain or improve our competitive position. • We may acquire other businesses, which could subject us to adverse claims or liabilities, require significant management attention, disrupt our business, adversely affect our operating results, may not result in the expected benefits of such acquisitions, and may dilute stockholder value. • If we do not accurately predict, prepare for, and respond promptly to rapidly evolving technological and market developments and successfully manage product and subscription introductions and transitions to meet changing end-customer needs in the enterprise security industry, our competitive position and prospects will be harmed. • Issues in the development and deployment of AI may result in reputational harm and legal liability and could adversely affect our results of operations. • A network or data security incident may allow unauthorized access to our network or data, harm our reputation, create additional liability, and adversely impact our financial results. • Defects, errors, or vulnerabilities in our products, subscriptions, or support offerings, the failure of our products or subscriptions to block a virus or prevent a security breach or incident, misuse of our products, or risks of product liability claims could harm our reputation and adversely impact our operating results. • Our ability to sell our products and subscriptions is dependent on the quality of our technical support services and those of our channel partners, and the failure to offer high-quality technical support services could have a material adverse effect on our end-customers’ satisfaction with our products and subscriptions, our sales, and our operating results. - 15 - Table of Contents • Claims by others that we infringe their intellectual property rights could harm our business. • Our proprietary rights may be difficult to enforce or protect, which could enable others to copy or use aspects of our products or subscriptions without compensating us. • Our use of open source software in our products and subscriptions could negatively affect our ability to sell our products and subscriptions and subject us to possible litigation. • We license technology from third parties, and our inability to maintain those licenses could harm our business. • Because we depend on manufacturing partners to build and ship our hardware products, we are susceptible to manufacturing and logistics delays and pricing fluctuations that could prevent us from shipping customer orders on time, if at all, or on a cost-effective basis, which may result in the loss of sales and end-customers. • Managing the supply of our hardware products and product components is complex.

If our efforts to sell additional products and subscriptions to our end-customers are not successful, our revenues may grow more slowly than expected or decline. - 17 - Table of Contents Sales to large enterprise end-customers, which is part of our growth strategy, involve risks that may not be present, or that are present to a lesser extent, with sales to smaller entities, such as (a) longer sales cycles and the associated risk that substantial time and resources may be spent on a potential end-customer that elects not to purchase our products, subscriptions, and support, and (b) increased purchasing power and leverage held by large end-customers in negotiating contractual arrangements.

If our efforts to sell additional products and subscriptions to our end-customers are not successful, our revenues may grow more slowly than expected or decline. - 18 - Table of Contents Sales to large enterprise end-customers, which is part of our growth strategy, involve risks that may not be present, or that are present to a lesser extent, with sales to smaller entities, such as (a) longer sales cycles and the associated risk that substantial time and resources may be spent on a potential end-customer that elects not to purchase our products, subscriptions, and support, and (b) increased purchasing power and leverage held by large end-customers in negotiating contractual arrangements.

Additionally, certain provisions contained in the indenture governing our Notes could make it more difficult or more expensive for a third party to acquire us. The application of Section 203 or certain provisions contained in the indenture governing our Notes also could have the effect of delaying or preventing a change in control of us.

Additionally, certain provisions contained in the indenture governing our 2025 Notes could make it more difficult or more expensive for a third party to acquire us. The application of Section 203 or certain provisions contained in the indenture governing our 2025 Notes also could have the effect of delaying or preventing a change in control of us.

The Warrants could separately have a dilutive effect to the extent that the market price per share of our common stock exceeds the applicable strike price of the Warrants unless, subject to certain conditions, we elect to cash settle such Warrants.

The 2025 Warrants could separately have a dilutive effect to the extent that the market price per share of our common stock exceeds the applicable strike price of the 2025 Warrants unless, subject to certain conditions, we elect to cash settle such 2025 Warrants.

We and our subsidiaries may incur substantial additional debt in the future, subject to the restrictions contained in our debt instruments, that could have the effect of diminishing our ability to make payments on our Notes when due.

Valid patents may not issue from our pending applications, and the claims eventually allowed on any patents may not be sufficiently broad to protect our technology or products and subscriptions.

Valid patents may not issue from our pending applications, and the claims eventually allowed on any patents may not be sufficiently broad to comprehensively protect our technology or products and subscriptions.

It is possible that domestic or international tax authorities may subject us to tax examinations, or audits, and such tax authorities may disagree with certain positions we have taken, and any adverse outcome of such an examination, review or audit could result in additional tax liabilities and penalties and otherwise have a negative effect on our financial position and operating results.

Additionally, our international sales and operations are subject to a number of risks, including the following: • political, economic, and social uncertainty around the world, health risks such as epidemics and pandemics like COVID-19, macroeconomic challenges in Europe, terrorist activities, Russia’s invasion of Ukraine, tensions between China and Taiwan, and continued hostilities in the Middle East; • unexpected changes in, or the application of, foreign and domestic laws and regulations (including intellectual property rights protections), regulatory practices, trade restrictions, and foreign legal requirements, including those applicable to the importation, certification, and localization of our products, tariffs, and tax laws and treaties, including regulatory and trade policy changes adopted by the current administration, such as the Sanctions on Russia, or foreign countries in response to regulatory changes adopted by the current administration; and • non-compliance with U.S. and foreign laws, including antitrust regulations, anti-corruption laws, such as the U.S.

Additionally, our international sales and operations are subject to a number of risks, including the following: • political, economic, and social uncertainty around the world, health risks such as epidemics and pandemics like COVID-19, macroeconomic challenges, terrorist activities, Russia’s invasion of Ukraine, tensions between China and Taiwan, the hostilities in Israel and the surrounding region, and continued hostilities in the Middle East; • unexpected changes in, or the application of, foreign and domestic laws and regulations (including intellectual property rights protections), regulatory practices, trade restrictions, and foreign legal requirements, including those applicable to the importation, certification, and localization of our products, tariffs, and tax laws and treaties, including regulatory and trade policy changes adopted by the current administration, such as the Sanctions on Russia, or foreign countries in response to regulatory changes adopted by the current administration; and • non-compliance with U.S. and foreign laws, including antitrust regulations, anti-corruption laws, such as the U.S.

GDPR, the U.K.) to the United States and other jurisdictions only where adequate safeguards are implemented or a derogation applies. In practice, we rely on standard contractual clauses approved under the GDPR to carry out such transfers and to receive personal data subject to the GDPR (directly or indirectly) in the United States.

(or, in the case of the U.K. GDPR, the U.K.) to the United States and other jurisdictions only where adequate safeguards are implemented or a derogation applies. In practice, we rely on standard contractual clauses approved under the GDPR to carry out such transfers and to receive personal data subject to the GDPR (directly or indirectly) in the United States.

We base our estimates on historical experience and on various other assumptions that we believe to be reasonable under the circumstances, the results of which form the basis for making judgments about the carrying values of assets, liabilities, equity, revenue, and expenses that are not readily apparent from other sources.

We base our estimates on historical experience and on various other assumptions that we believe to be reasonable under the circumstances, the results of which form the basis for making judgments about the carrying amounts of assets, liabilities, equity, revenue, and expenses that are not readily apparent from other sources.

GDPR,” and collectively the “GDPR”), both of which impose stringent data protection requirements, provide for costly penalties for noncompliance (up to the greater of (a) €20 million under the “E.U. GDPR” or £17.5 million under the “U.K.

General Data Protection Regulation (“U.K. GDPR,” and collectively the “GDPR”), both of which impose stringent data protection requirements, provide for costly penalties for noncompliance (up to the greater of (a) €20 million under the “E.U. GDPR” or £17.5 million under the “U.K.

Our future success depends, in part, on our ability to expand the deployment of our portfolio with existing end-customers, especially large enterprise customers, and create demand for our new offerings, The rate at which our end-customers purchase additional products, subscriptions, and support depends on a number of factors, including the perceived need for additional security products, including subscription and support offerings, as well as general economic conditions.

Our future success depends, in part, on our ability to expand the deployment of our portfolio with existing end-customers, especially large enterprise customers, including through our platformization strategy, and create demand for our new offerings, The rate at which our end-customers purchase additional products, subscriptions, and support depends on a number of factors, including the perceived need for additional security products, including subscription and support offerings, as well as general economic conditions.

Although we monitor our use of open source software to avoid subjecting our products and subscriptions to conditions we do not intend, the terms of many open source licenses have not been interpreted by United States courts, and there is a risk that these licenses could be construed in a way that could impose unanticipated conditions or restrictions on our ability to commercialize our products and subscriptions.

Although we take reasonable steps to monitor our use of open source software to avoid subjecting our products and subscriptions to conditions we do not intend, the terms of many open source licenses have not been interpreted by United States courts, and there is a risk that these licenses could be construed in a way that could impose unanticipated conditions or restrictions on our ability to commercialize our products and subscriptions.

Developing, testing, and deploying AI systems may also increase the cost profile of our offerings due to the nature of the computing costs involved in such systems. - 21 - Table of Contents The intellectual property ownership and license rights surrounding AI technologies, as well as data protection laws related to the use and development of AI, are currently not fully addressed by courts or regulators.

Developing, testing, and deploying AI systems may also increase the cost profile of our offerings due to the nature of the computing costs involved in such systems. The intellectual property ownership and license rights surrounding AI technologies, as well as data protection laws related to the use and development of AI, are currently not fully addressed by courts or regulators.

Any production interruptions for any reason, such as a natural disaster, epidemic or pandemic, capacity shortages, or quality problems at one of our manufacturing partners would negatively affect sales of our product lines manufactured by that manufacturing partner and adversely affect our business and operating results. Managing the supply of our hardware products and product components is complex.

Any production interruptions for any reason, such as a natural disaster, epidemic or pandemic, capacity shortages, or quality problems at one of our manufacturing partners would negatively affect sales of our product lines manufactured by that manufacturing partner and adversely affect our business and operating results. - 27 - Table of Contents Managing the supply of our hardware products and product components is complex.

In addition, other natural disasters, such as fire or floods, a significant power outage, telecommunications failure, terrorism, an armed conflict, cyberattacks, epidemics and pandemics such as COVID-19, or other geo-political unrest could affect our supply chain, manufacturers, logistics providers, channel partners, end-customers, or the economy as a whole, and such disruption could impact our shipments and sales.

In addition, other natural disasters, such as fire or floods, a significant power outage, telecommunications failure, terrorism, an armed conflict, cyberattacks, epidemics and pandemics such as COVID-19, or other geopolitical unrest could affect our supply chain, manufacturers, logistics providers, channel partners, end-customers, or the economy as a whole, and such disruption could impact our shipments and sales.

In response to Russia’s invasion of Ukraine, the United States, along with the European Union, has imposed restrictive sanctions on Russia, Russian entities, and Russian citizens (“Sanctions on Russia”). We are subject to these governmental sanctions and export controls, which may subject us to liability if we are not in full compliance with applicable laws.

In response to Russia’s invasion of Ukraine, the United States, along with the European Union (the “E.U.”) has imposed restrictive sanctions on Russia, Russian entities, and Russian citizens (“Sanctions on Russia”). We are subject to these governmental sanctions and export controls, which may subject us to liability if we are not in full compliance with applicable laws.

The resulting stoppage or delay in selling our hardware products and the expense of redesigning our hardware products would result in lost sales opportunities and damage to customer relationships, which would adversely affect our business and operating results. - 26 - Table of Contents If we are unable to attract, retain, and motivate our key technical, sales, and management personnel, our business could suffer.

The resulting stoppage or delay in selling our hardware products and the expense of redesigning our hardware products would result in lost sales opportunities and damage to customer relationships, which would adversely affect our business and operating results. If we are unable to attract, retain, and motivate our key technical, sales, and management personnel, our business could suffer.

Any of these provisions could, under certain circumstances, depress the market price of our common stock. - 33 - Table of Contents General Risk Factors Our business is subject to the risks of earthquakes, fire, power outages, floods, health risks, and other catastrophic events, and to interruption by man-made problems, such as terrorism.

Any of these provisions could, under certain circumstances, depress the market price of our common stock. General Risk Factors Our business is subject to the risks of earthquakes, fire, power outages, floods, health risks, and other catastrophic events, and to interruption by man-made problems, such as terrorism.

If we fail to effectively manage our sales channels or channel partners, our ability to sell our products and subscriptions and operating results will be harmed. - 18 - Table of Contents We are exposed to the credit and liquidity risk of our customers, and to credit exposure in weakened markets, which could result in material losses.

If we fail to effectively manage our sales channels or channel partners, our ability to sell our products and subscriptions and operating results will be harmed. We are exposed to the credit and liquidity risk of our customers, and to credit exposure in weakened markets, which could result in material losses.

Any such issuance could result in substantial dilution to our existing stockholders and cause the market price of our common stock to decline. - 32 - Table of Contents We cannot guarantee that our share repurchase program will be fully consummated or that it will enhance shareholder value, and share repurchases could affect the price of our common stock.

Any such issuance could result in substantial dilution to our existing stockholders and cause the market price of our common stock to decline. We cannot guarantee that our share repurchase program will be fully consummated or that it will enhance shareholder value, and share repurchases could affect the price of our common stock.

Any of these events would have a material adverse effect on our business, financial condition, and operating results. - 24 - Table of Contents Our use of open source software in our products and subscriptions could negatively affect our ability to sell our products and subscriptions and subject us to possible litigation.

Any of these events would have a material adverse effect on our business, financial condition, and operating results. Our use of open source software in our products and subscriptions could negatively affect our ability to sell our products and subscriptions and subject us to possible litigation.

Each of these laws and regulations, and any changes to these laws and regulations, or new laws and regulations, could impose significant limitations, or require changes to our business model or practices or growth strategy, which may increase our compliance expenses and make our business more costly or less efficient to conduct. - 29 - Table of Contents Tax, Accounting, Compliance, and Regulatory Risks We may have exposure to greater than anticipated tax liabilities.

Each of these laws and regulations, and any changes to these laws and regulations, or new laws and regulations, could impose significant limitations, or require changes to our business model or practices or growth strategy, which may increase our compliance expenses and make our business more costly or less efficient to conduct. - 31 - Table of Contents Tax, Accounting, Compliance, and Regulatory Risks We may have exposure to tax liabilities that are greater than anticipated.

We may not complete our analysis of our internal control over financial reporting in a timely manner, or our internal control may not be determined to be effective, which may adversely affect investor confidence in our company and, as a result, the value of our common stock. • Our reputation and/or business could be negatively impacted by environmental, social, and governance (“ESG”) matters and/or our reporting of such matters. • Failure to comply with governmental laws and regulations could harm our business. • We may not have the ability to raise the funds necessary to settle conversions of our Notes, repurchase our Notes upon a fundamental change, or repay our Notes in cash at their maturity, and our future debt may contain limitations on our ability to pay cash upon conversion or repurchase of our Notes. • We may still incur substantially more debt or take other actions that would diminish our ability to make payments on our Notes when due. • The market price of our common stock historically has been volatile, and the value of an investment in our common stock could decline. • The convertible note hedge and warrant transactions may affect the value of our common stock. • The issuance of additional stock in connection with financings, acquisitions, investments, our stock incentive plans, the conversion of our Notes or exercise of the related Warrants, or otherwise will dilute stock held by all other stockholders. • We cannot guarantee that our share repurchase program will be fully consummated or that it will enhance shareholder value, and share repurchases could affect the price of our common stock. • We do not intend to pay dividends for the foreseeable future. • Our charter documents and Delaware law, as well as certain provisions contained in the indentures governing our Notes, could discourage takeover attempts and lead to management entrenchment, which could also reduce the market price of our common stock. • Our business is subject to the risks of earthquakes, fire, power outages, floods, health risks, and other catastrophic events, and to interruption by man-made problems, such as terrorism. • Our failure to raise additional capital or generate the significant capital necessary to expand our operations and invest in new products and subscriptions could reduce our ability to compete and could harm our business. - 15 - Table of Contents Risks Related to Global Economic and Geopolitical Conditions Our operating results may be adversely affected by unfavorable economic and market conditions and the uncertain geopolitical environment.

We may not complete our analysis of our internal control over financial reporting in a timely manner, or our internal control may not be determined to be effective, which may adversely affect investor confidence in our company and, as a result, the value of our common stock. • Our reputation and/or business could be negatively impacted by ESG matters and/or our reporting of such matters. • Failure to comply with governmental laws and regulations could harm our business. • We may not have the ability to raise the funds necessary to settle conversions of our Notes, repurchase our Notes upon a fundamental change, or repay our Notes in cash at their maturity, and our future debt may contain limitations on our ability to pay cash upon conversion or repurchase of our Notes. • We may still incur substantially more debt or take other actions that would diminish our ability to make payments on our Notes when due. • The market price of our common stock historically has been volatile, and the value of an investment in our common stock could decline. • The convertible note hedge and warrant transactions may affect the value of our common stock. • The issuance of additional stock in connection with financings, acquisitions, investments, our stock incentive plans, the conversion of our Notes or exercise of the related Warrants, or otherwise will dilute stock held by all other stockholders. • We cannot guarantee that our share repurchase program will be fully consummated or that it will enhance shareholder value, and share repurchases could affect the price of our common stock. • We do not intend to pay dividends for the foreseeable future. • Our charter documents and Delaware law, as well as certain provisions contained in the indentures governing our Notes, could discourage takeover attempts and lead to management entrenchment, which could also reduce the market price of our common stock. • Our business is subject to the risks of earthquakes, fire, power outages, floods, health risks, and other catastrophic events, and to interruption by man-made problems, such as terrorism. - 16 - Table of Contents Risks Related to Global Economic and Geopolitical Conditions Our operating results may be adversely affected by unfavorable economic and market conditions and the uncertain geopolitical environment.

Effective August 1, 2023 through October 31, 2023, all of the 2025 Notes are convertible. If all of the note holders decided to convert their 2025 Notes, we would be obligated to pay the $2.0 billion principal amount of the 2025 Notes in cash.

Effective August 1, 2024 through October 31, 2024, all of the 2025 Notes are convertible. If all of the note holders decided to convert their 2025 Notes, we would be obligated to pay the $1.0 billion principal amount of the 2025 Notes in cash.

Foreign Corrupt Practices Act and the U.K. Bribery Act, U.S. or foreign sanctions regimes and export or import control laws, and any trade regulations ensuring fair trade practices. These and other factors could harm our future international revenues and, consequently, materially impact our business, operating results, and financial condition.

Foreign Corrupt Practices Act and the United Kingdom (“U.K.”) Bribery Act, U.S. or foreign sanctions regimes and export or import control laws, and any trade regulations ensuring fair trade practices. These and other factors could harm our future international revenues and, consequently, materially impact our business, operating results, and financial condition.

The manufacturing operations of some of our component suppliers are geographically concentrated in Asia and elsewhere, which makes our supply chain vulnerable to regional disruptions, such as natural disasters, fire, political instability, civil unrest, power outages, or health risks. In addition, we continue to experience supply chain disruption and have incurred increased costs resulting from inflationary pressures.

The manufacturing operations of some of our component suppliers are geographically concentrated in Asia and elsewhere, which makes our supply chain vulnerable to regional disruptions, such as natural disasters, fire, political instability, civil unrest, power outages, or health risks. In the past, we experienced supply chain disruption and have incurred increased costs resulting from inflationary pressures.

Insufficient supply and inventory would result in lost sales opportunities or delayed revenue, while excess inventory would harm our gross margins. • Because some of the key components in our hardware products come from limited sources of supply, we are susceptible to supply shortages or supply changes, which, in certain cases, have disrupted or delayed our scheduled product deliveries to our end-customers, increased our costs and may result in the loss of sales and end-customers. • If we are unable to attract, retain, and motivate our key technical, sales, and management personnel, our business could suffer. • We generate a significant amount of revenue from sales to distributors, resellers, and end-customers outside of the United States, and we are therefore subject to a number of risks associated with international sales and operations. • We are exposed to fluctuations in foreign currency exchange rates, which could negatively affect our financial condition and operating results. • We face risks associated with having operations and employees located in Israel. • We are subject to governmental export and import controls that could subject us to liability or impair our ability to compete in international markets. • Our actual or perceived failure to adequately protect personal data could have a material adverse effect on our business. • We may have exposure to greater than anticipated tax liabilities. • If our estimates or judgments relating to our critical accounting policies are based on assumptions that change or prove to be incorrect, our operating results could fall below our publicly announced guidance or the expectations of securities analysts and investors, resulting in a decline in the market price of our common stock. • We are obligated to maintain proper and effective internal control over financial reporting.

Insufficient supply and inventory would result in lost sales opportunities or delayed revenue, while excess inventory would harm our gross margins. • Because some of the key components in our hardware products come from limited sources of supply, we are susceptible to supply shortages or supply changes, which, in certain cases, have disrupted or delayed our scheduled product deliveries to our end-customers, increased our costs and may result in the loss of sales and end-customers. • If we are unable to attract, retain, and motivate our key technical, sales, and management personnel, our business could suffer. • We generate a significant amount of revenue from sales to distributors, resellers, and end-customers outside of the United States, and we are therefore subject to a number of risks associated with international sales and operations. • We are exposed to fluctuations in foreign currency exchange rates, which could negatively affect our financial condition and operating results. • We face risks associated with having operations and employees located in Israel. • We are subject to governmental export and import controls that could subject us to liability or impair our ability to compete in international markets. • We may incur increased costs to comply with privacy and data protection laws and, if we fail to comply, we could be subject to government enforcement actions, private litigation and adverse publicity. • We may have exposure to tax liabilities that are greater than anticipated. • If our estimates or judgments relating to our critical accounting policies are based on assumptions that change or prove to be incorrect, our operating results could fall below our publicly announced guidance or the expectations of securities analysts and investors, resulting in a decline in the market price of our common stock. • We are obligated to maintain proper and effective internal control over financial reporting.

Our revenue growth rate in recent periods may not be indicative of our future performance, and we may not be able to maintain profitability, which could cause our business, financial condition, and operating results to suffer. We have experienced revenue growth rates of 25.3% and 29.3% in fiscal 2023 and fiscal 2022, respectively.

Our revenue growth rate in recent periods may not be indicative of our future performance, and we may not be able to maintain profitability, which could cause our business, financial condition, and operating results to suffer. We have experienced revenue growth rates of 16.5% and 25.3% in fiscal 2024 and fiscal 2023, respectively.

In connection with each such sale of the 2025 Notes, we also entered into warrant transactions with the counterparties pursuant to which we sold warrants (the “2025 Warrants”) for the purchase of our common stock. In addition, we also entered into warrant transactions in connection with our 2023 Notes (together with the 2025 Warrants, the “Warrants”).

Subject to compliance with applicable rules and regulations, we may issue shares of common stock or securities convertible into shares of our common stock from time to time in connection with a financing, acquisition, investment, our stock incentive plans, the conversion of our Notes, the settlement of our Warrants related to each such series of the Notes, or otherwise.

Subject to compliance with applicable rules and regulations, we may issue shares of common stock or securities convertible into shares of our common stock from time to time in connection with a financing, acquisition, investment, our stock incentive plans, the conversion of our 2025 Notes, the settlement of our 2025 Warrants, or otherwise.

If, in the future, our chief executive officer, chief financial officer, or independent registered public accounting firm determines that our internal control over financial reporting is not effective as defined under Section 404, we could be subject to one or more investigations or enforcement actions by state or federal regulatory agencies, stockholder lawsuits, or other adverse actions requiring us to incur defense costs, pay fines, settlements, or judgments, causing investor perceptions to be adversely affected and potentially resulting in a decline in the market price of our stock.

Military actions or armed conflict, including Russia’s invasion of Ukraine and any related political or economic responses and counter-responses, and uncertainty about, or changes in, government and trade relationships, policies, and treaties could also lead to worsening economic and market conditions and geopolitical environment.

Military actions or armed conflict, including the hostilities in Israel and the surrounding region, Russia’s invasion of Ukraine and any related political or economic responses and counter-responses, and uncertainty about, or changes in, government and trade relationships, policies, and treaties could also lead to worsening economic and market conditions and geopolitical environment.

We could fail to achieve, or be perceived to fail to achieve, our ESG-related initiatives, goals, or commitments. In addition, we could be criticized for the timing, scope or nature of these initiatives, goals, or commitments, or for any revisions to them.

These initiatives, goals, or commitments could be difficult to achieve and costly to implement. We could fail to achieve, or be perceived to fail to achieve, our ESG-related initiatives, goals, or commitments. In addition, we could be criticized for the timing, scope or nature of these initiatives, goals, or commitments, or for any revisions to them.

We have experienced growth and increased demand for our products and subscriptions over the last few years. As a result, our employee headcount has increased, and we expect it to continue to grow over the next year. For example, from the end of fiscal 2022 to the end of fiscal 2023, our headcount increased from 12,561 to 13,948 employees.

We have experienced growth and increased demand for our products and subscriptions over the last few years. As a result, our employee headcount has increased, and we expect it to continue to grow over the next year. For example, from the end of fiscal 2023 to the end of fiscal 2024, our headcount increased from 13,948 to 15,289 employees.

GDPR,” and (b) 4% of annual worldwide turnover), and confer the right upon data subjects and consumer associations to lodge complaints with supervisory authorities, seek judicial remedies, and obtain compensation for damages resulting from violations. The GDPR requires, among other things, that personal data be transferred outside of the E.U. (or, in the case of the U.K.

GDPR,” and (b) 4% of annual worldwide turnover), and confer the right upon data subjects and consumer associations to lodge complaints with supervisory authorities, seek judicial remedies, and obtain compensation for damages resulting from violations. - 30 - Table of Contents The GDPR requires, among other things, that personal data be transferred outside of the E.U.

Our amended and restated certificate of incorporation and amended and restated bylaws include provisions that: • establish that our board of directors is divided into three classes, Class I, Class II, and Class III, with three-year staggered terms; • authorize our board of directors to issue shares of preferred stock and to determine the price and other terms of those shares, including preferences and voting rights, without stockholder approval; • provide our board of directors with the exclusive right to elect a director to fill a vacancy created by the expansion of our board of directors or the resignation, death, or removal of a director; • prohibit our stockholders from taking action by written consent; • specify that special meetings of our stockholders may be called only by the chairman of our board of directors, our president, our secretary, or a majority vote of our board of directors; • require the affirmative vote of holders of at least 66 2/3% of the voting power of all of the then outstanding shares of the voting stock, voting together as a single class, to amend the provisions of our amended and restated certificate of incorporation relating to the issuance of preferred stock and management of our business or our amended and restated bylaws; • authorize our board of directors to amend our bylaws by majority vote; and • establish advance notice procedures with which our stockholders must comply to nominate candidates to our board of directors or to propose matters to be acted upon at a stockholders’ meeting.

These laws and regulations are also subject to frequent and unexpected changes, new or additional laws or regulations may be adopted, and rulings that invalidate prior laws or regulations may be issued. For example, we are subject to the E.U. General Data Protection Regulation (“E.U. GDPR”) and the U.K. General Data Protection Regulation (‘U.K.

These laws and regulations are also subject to frequent, inconsistent and unexpected changes; new, modified or additional laws or regulations may be adopted; and rulings that invalidate prior laws, regulations, or interpretations of such laws or regulations may be issued. For example, we are subject to the E.U. General Data Protection Regulation (“E.U. GDPR”) and the U.K.

As a result, when problems occur in a network, it may be difficult to identify the sources of these problems. - 22 - Table of Contents The occurrence of any such problem in our products and subscriptions, whether real or perceived, could result in: • expenditure of significant financial and product development resources in efforts to analyze, correct, eliminate, or work-around errors or defects or to address and eliminate vulnerabilities; • loss of existing or potential end-customers or channel partners; • delayed or lost revenue; • delay or failure to attain market acceptance; • an increase in warranty claims compared with our historical experience, or an increased cost of servicing warranty claims, either of which would adversely affect our gross margins; and • litigation, regulatory inquiries, investigations, or other proceedings, each of which may be costly and harm our reputation.

The occurrence of any such problem in our products and subscriptions, whether real or perceived, could result in: • expenditure of significant financial and product development resources in efforts to analyze, correct, eliminate, or work-around errors or defects or to address and eliminate vulnerabilities; • loss of existing or potential end-customers or channel partners; • delayed or lost revenue; • delay or failure to attain market acceptance; • an increase in warranty claims compared with our historical experience, or an increased cost of servicing warranty claims, either of which would adversely affect our gross margins; and • litigation, regulatory inquiries, investigations, or other proceedings, each of which may be costly and harm our reputation.

The enterprise security industry has grown quickly and continues to evolve rapidly. Moreover, many of our end-customers operate in markets characterized by rapidly changing technologies and business plans, which require them to add numerous network access points and adapt increasingly complex enterprise networks, incorporating a variety of hardware, software applications, operating systems, and networking protocols.

Moreover, many of our end-customers operate in markets characterized by rapidly changing technologies and business plans, which require them to add numerous network access points and adapt increasingly complex enterprise networks, incorporating a variety of hardware, software applications, operating systems, and networking protocols.

These potential issues could subject us to regulatory risk, legal liability, including under new proposed legislation regulating AI in jurisdictions such as the EU and regulations being considered in other jurisdictions, and brand or reputational harm.

These efforts could subject us to regulatory risk, legal liability, including under new proposed legislation regulating AI in jurisdictions such as the E.U. and regulations being considered in other jurisdictions, or brand or reputational harm.

The tax authorities of the jurisdictions in which we operate may challenge our methodologies for valuing developed or acquired technology or determining the proper charges for intercompany arrangements, which could increase our worldwide effective tax rate and harm our financial position and operating results.

The tax authorities of the jurisdictions in which we operate may challenge our methodologies for valuing developed or acquired technology or determining the proper charges for intercompany arrangements, which could increase our worldwide effective tax rate, harm our financial position and operating results, and have a negative effect on our cash flow.

Our data centers and networks may experience technical failures and downtime or may fail to meet the increased requirements of a growing installed end-customer base, any of which could temporarily or permanently expose our end-customers’ networks, leaving their networks unprotected against the latest security threats.

The data centers, networks, and cloud infrastructure that we use to deliver our products and services may experience technical failures and downtime or may fail to meet the increased requirements of a growing installed end-customer base, any of which could temporarily or permanently expose our end-customers’ networks, leaving their networks unprotected against the latest security threats.

The preparation of consolidated financial statements in conformity with U.S. GAAP requires management to make estimates and assumptions that affect the amounts reported on our consolidated financial statements and accompanying notes.

The preparation of consolidated financial statements in conformity with U.S. generally accepted accounting principles (“U.S. GAAP”) requires management to make estimates and assumptions that affect the amounts reported on our consolidated financial statements and accompanying notes.

Subscription and support revenue accounts for a significant portion of our revenue, comprising 77.1% of total revenue in fiscal 2023, 75.2% of total revenue in fiscal 2022, and 73.7% of total revenue in fiscal 2021.

Subscription and support revenue accounts for a significant portion of our revenue, comprising 80.0% of total revenue in fiscal 2024, 77.1% of total revenue in fiscal 2023, and 75.2% of total revenue in fiscal 2022.

If we are unable to maintain consistent or increasing revenue or revenue growth, the market price of our common stock could be volatile, and it may be difficult for us to maintain profitability or maintain or increase cash flow on a consistent basis. - 16 - Table of Contents In addition, we have incurred losses in fiscal years prior to fiscal 2023 and, as a result, we had an accumulated deficit of $1.2 billion as of July 31, 2023.

If we are unable to maintain consistent or increasing revenue or revenue growth, the market price of our common stock could be volatile, and it may be difficult for us to maintain profitability or maintain or increase cash flow on a consistent basis. - 17 - Table of Contents In addition, we have incurred losses in fiscal years prior to fiscal 2023.

Substantially all of our revenue is generated by sales through our channel partners, including distributors and resellers. For fiscal 2023, three distributors individually represented 10% or more of our total revenue and in the aggregate represented 49.7% of our total revenue.

Substantially all of our revenue is generated by sales through our channel partners, including distributors and resellers. For fiscal 2024, four distributors individually represented 10% or more of our total revenue and in the aggregate represented 59.0% of our total revenue.

Third parties are asserting, have asserted, and may in the future assert claims of infringement of intellectual property rights against us. - 23 - Table of Contents Third parties may also assert such claims against our end-customers or channel partners, whom our standard license and other agreements obligate us to indemnify against claims that our products and subscriptions infringe the intellectual property rights of third parties.

Third parties may also assert such claims against our end-customers or channel partners, whom our standard license and other agreements obligate us to indemnify against claims that our products and subscriptions infringe the intellectual property rights of third parties.

If we are unable to obtain adequate financing or financing on terms satisfactory to us when we require it, our ability to continue to support our business growth and to respond to business challenges could be significantly impaired, and our business may be adversely affected. - 34 - Table of Contents Item 1B. Unresolved Staff Comments Not applicable.

Our main competitors fall into four categories: • large companies that incorporate security features in their products, such as Cisco, Microsoft, or those that have acquired, or may acquire, security vendors and have the technical and financial resources to bring competitive solutions to the market; • independent security vendors, such as Check Point, Fortinet, Crowdstrike, and Zscaler, that offer a mix of security products; • startups and point-product vendors that offer independent or emerging solutions across various areas of security; and • public cloud vendors and startups that offer solutions for cloud security (private, public, and hybrid cloud). - 19 - Table of Contents Many of our competitors have greater financial, technical, marketing, sales, and other resources, greater name recognition, longer operating histories, and a larger base of customers than we do.

Our main competitors fall into four categories: • large companies that incorporate security features in their products, such as Cisco, Microsoft, Alphabet or those that have acquired, or may acquire, security vendors and have the technical and financial resources to bring competitive solutions to the market; • independent security vendors, such as Check Point, Fortinet, CrowdStrike, Zscaler, and Wiz, that offer a mix of security products; • startups and point-product vendors that offer independent or emerging solutions across various areas of security; and • public cloud vendors and startups that offer solutions for cloud security (private, public, and hybrid cloud).

The effectiveness of our existing hedging transactions and the availability and effectiveness of any hedging transactions we may decide to enter into in the future may be limited, and we may not be able to successfully hedge our exposure, which could adversely affect our financial condition and operating results.

The effectiveness of our existing hedging transactions and the availability and effectiveness of any hedging transactions we may decide to enter into in the future may be limited and we may not be able to successfully hedge our exposure, which could adversely affect our financial condition and operating results. - 29 - Table of Contents We face risks associated with having operations and employees located in Israel.

Most of our sales are made on an open credit basis. Beyond our open credit arrangements, we have also experienced demands for customer financing and deferred payments due to, among other things, macro-economic conditions. To respond to this demand, our customer financing activities have increased and will likely continue to increase in the future.

Additionally, the U.S. government may require certain of the products that it purchases to be manufactured in the United States and other relatively high-cost manufacturing locations, and we may not manufacture all products in locations that meet such requirements, affecting our ability to sell these products, subscriptions, and support offerings to the U.S. government. - 20 - Table of Contents We face intense competition in our market and we may lack sufficient financial or other resources to maintain or improve our competitive position.

In addition, any new channel partner requires extensive training and may take several months or more to achieve productivity. Our channel partner sales structure could subject us to lawsuits, potential liability, and reputational harm if, for example, any of our channel partners misrepresent the functionality of our products or subscriptions to end-customers or violate laws or our corporate policies.

Our channel partner sales structure could subject us to lawsuits, potential liability, and reputational harm if, for example, any of our channel partners misrepresent the functionality of our products or subscriptions to end-customers or violate laws or our corporate policies.

If we are held to have breached the terms of an open source software license, we could be required to seek licenses from third parties to continue offering our products and subscriptions on terms that are not economically feasible, to reengineer our products and subscriptions, to discontinue the sale of our products and subscriptions if reengineering could not be accomplished on a timely basis, or to make generally available, in source code form, our proprietary code, any of which could adversely affect our business, operating results, and financial condition. - 26 - Table of Contents In addition to risks related to license requirements, usage of open source software can lead to greater risks than use of third-party commercial software, as open source licensors generally do not provide warranties or assurance of title or controls on origin of the software.

This activity could also cause or prevent an increase or a decrease in the market price of our common stock or our 2025 Notes, which could affect a note holder’s ability to convert its 2025 Notes and, to the extent the activity occurs during any observation period related to a conversion of our 2025 Notes, it could affect the amount and value of the consideration that the note holder will receive upon conversion of our 2025 Notes. - 34 - Table of Contents We do not make any representation or prediction as to the direction or magnitude of any potential effect that the transactions described above may have on the price of our 2025 Notes or our common stock.

In June 2020, we issued our 2025 Notes (the “2025 Notes”).

In June 2020, we issued our 0.375% Convertible Senior Notes due 2025 (the “2025 Notes”).

Additionally, defects may cause our products or subscriptions to be vulnerable to security attacks, cause them to fail to help secure networks, or temporarily interrupt end-customers’ networking traffic.

Additionally, defects or vulnerabilities may cause our products or subscriptions to become temporarily unavailable, to be vulnerable to security attacks, cause them to fail to help secure networks, or temporarily interrupt end-customers’ networking traffic, or the availability of other information technology infrastructure or systems.

A successful claimant could secure a judgment, or we may agree to a settlement that prevents us from distributing certain products or performing certain services or that requires us to pay substantial damages, royalties, or other fees. Any of these events could seriously harm our business, financial condition, and operating results.

Defects, errors, or vulnerabilities in our products, subscriptions, or support offerings, the failure of our products or subscriptions to block a virus or prevent a security breach or incident, misuse of our products, or risks of product liability claims could harm our reputation and adversely impact our operating results.

Any of these negative outcomes could adversely impact the market perception of our products and subscriptions and end-customer and investor confidence in our company and could seriously harm our business or operating results. - 23 - Table of Contents Defects, errors, or vulnerabilities in our products, subscriptions, or support offerings, the failure of our products or subscriptions to block a virus or prevent a security breach or incident, misuse of our products, or risks of product liability claims could harm our reputation and adversely impact our operating results.

We depend on manufacturing partners, primarily our EMS provider, Flex, to manufacture our hardware product lines. Our reliance on these manufacturing partners reduces our control over the manufacturing process and exposes us to risks, including reduced control over quality assurance, product costs, product supply, timing, and transportation risk.

We depend on manufacturing partners, primarily our EMS provider, Flex, to manufacture our hardware product lines. Our substantial reliance on Flex, as well as other manufacturing partners subjects us to potential concentration risks, such as reduced control over the manufacturing process, quality assurance, product costs, product supply, and timing.

In addition, the program may be suspended or terminated at any time, which may result in a decrease in the price of our common stock. We do not intend to pay dividends for the foreseeable future. We have never declared or paid any dividends on our common stock.

The share repurchase program could affect the price of our common stock, increase volatility, and diminish our cash reserves. In addition, the program may be suspended or terminated at any time, which may result in a decrease in the price of our common stock. We do not intend to pay dividends for the foreseeable future.

The occurrence of any of these risks could harm our business, operating results, and financial condition. - 20 - Table of Contents If we do not accurately predict, prepare for, and respond promptly to rapidly evolving technological and market developments and successfully manage product and subscription introductions and transitions to meet changing end-customer needs in the enterprise security industry, our competitive position and prospects will be harmed.

If we do not accurately predict, prepare for, and respond promptly to rapidly evolving technological and market developments and successfully manage product and subscription introductions and transitions to meet changing end-customer needs in the enterprise security industry, our competitive position and prospects will be harmed. The enterprise security industry has grown quickly and continues to evolve rapidly.

There can be no assurance that we will successfully identify opportunities for new products and subscriptions, develop and bring new products and subscriptions to market in a timely manner, achieve market acceptance of our products and subscriptions, or that products, subscriptions, and technologies developed by others will not render our products, subscriptions, and technologies obsolete or noncompetitive. - 22 - Table of Contents Issues in the development and deployment of AI may result in reputational harm and legal liability and could adversely affect our results of operations.

In addition, due to the Russian invasion of Ukraine, there could be a significant increase in Russian cyberattacks against our customers, resulting in an increased risk of a security breach of our end-customers’ systems. Furthermore, defects or errors in our subscription updates or our products could result in a failure to effectively update end-customers’ hardware and cloud-based products.

Moreover, our products must interoperate with our end-customers’ existing infrastructure, which often have varied specifications, utilize multiple protocol standards, deploy products from multiple vendors, and contain multiple generations of products that have been added over time.

We face intense competition in our market and we may lack sufficient financial or other resources to maintain or improve our competitive position. The industry for enterprise security products is intensely competitive, and we expect competition to increase in the future from established competitors and new market entrants.

The industry for enterprise security products is intensely competitive, and we expect competition to increase in the future from established competitors and new market entrants.

If the payment of the related indebtedness were to be accelerated after any applicable notice or grace periods, we may not have sufficient funds to repay the indebtedness and repurchase our 2025 Notes or to pay cash upon conversion of our 2025 Notes. - 33 - Table of Contents We may still incur substantially more debt or take other actions that would diminish our ability to make payments on our Notes when due.

Our proprietary rights may be difficult to enforce or protect, which could enable others to copy or use aspects of our products or subscriptions without compensating us.

Any of these events could seriously harm our business, financial condition, and operating results. - 25 - Table of Contents Our proprietary rights may be difficult to enforce or protect, which could enable others to copy or use aspects of our products or subscriptions without compensating us.

As a result, our costs have increased and we have raised, and may be required to further raise, prices on our hardware products, all of which could severely impair our ability to fulfill orders. Our manufacturing partners typically fulfill our supply requirements on the basis of individual purchase orders.

Some components that we import for final manufacturing in the United States have been impacted by these tariffs. As a result, our costs have increased and we have raised, and may be required to further raise, prices on our hardware products. Our manufacturing partners typically fulfill our supply requirements on the basis of individual purchase orders.

Further, we believe that a critical contributor to our success and our ability to retain highly skilled personnel has been our corporate culture, which we believe fosters innovation, inclusion, teamwork, passion for end-customers, focus on execution, and the facilitation of critical knowledge transfer and knowledge sharing.

If we are unable to hire, integrate, train, or retain the qualified and highly skilled personnel required to fulfill our current or future needs, our business, financial condition, and operating results could be harmed. - 28 - Table of Contents Further, we believe that a critical contributor to our success and our ability to retain highly skilled personnel has been our corporate culture, which we believe fosters innovation, inclusion, teamwork, passion for end-customers, focus on execution, and the facilitation of critical knowledge transfer and knowledge sharing.

In addition, our classifications of application type, virus, spyware, vulnerability exploits, data, or URL categories may falsely detect, report, and act on applications, content, or threats that do not actually exist.

In addition, even claims that ultimately are unsuccessful could result in our expenditure of funds in litigation, divert management’s time and other resources, and harm our reputation. - 24 - Table of Contents In addition, our classifications of application type, virus, spyware, vulnerability exploits, data, or URL categories may falsely detect, report, and act on applications, content, or threats that do not actually exist.

These include laws enacted in at least ten states, which all go into effect by January 1, 2026. We may also from time to time be subject to obligations relating to personal data by contract, or face assertions that we are subject to self-regulatory obligations or industry standards.

These include laws enacted in at least 19 states, and six other states have active privacy bills pending in state legislative processes. We may also from time to time be subject to obligations relating to personal data by contract, or face assertions that we are subject to self-regulatory obligations or industry standards.

We communicate certain ESG-related initiatives, goals, and/or commitments regarding environmental matters, diversity, responsible sourcing and social investments, and other matters in our annual ESG Report, on our website, in our filings with the SEC, and elsewhere. These initiatives, goals, or commitments could be difficult to achieve and costly to implement.

There is an increasing focus from regulators, certain investors, and other stakeholders concerning ESG matters, both in the United States and internationally. We communicate certain ESG-related initiatives, goals, and/or commitments regarding environmental matters, diversity, responsible sourcing and social investments, and other matters in our annual ESG Report, on our website, in our filings with the SEC, and elsewhere.

The portion of our hardware products that are sourced outside the United States may subject us to geopolitical risks, additional logistical risks or risks associated with complying with local rules and regulations in foreign countries. - 25 - Table of Contents Significant changes to existing international trade agreements could lead to sourcing or logistics disruption resulting from import delays or the imposition of increased tariffs on our sourcing partners.

… 64 more changes not shown on this page.

Item 5. Market for Registrant's Common Equity

Market for Common Equity — stock, dividends, buybacks

12 edited+2 added−1 removed4 unchanged

2023 filing

2024 filing

Biggest changePurchases of Equity Securities by the Issuer and Affiliated Purchasers In February 2019, we announced that our board of directors authorized a $1.0 billion share repurchase program, which is funded from available working capital.

Biggest changeThe issuances of the securities pursuant to the Transactions were exempt from registration under the Securities Act by virtue of Section 4(a)(2) of the Act and Rule 506 of Regulation D promulgated thereunder. - 40 - Table of Contents Purchases of Equity Securities by the Issuer and Affiliated Purchasers In February 2019, we announced that our board of directors authorized a $1.0 billion share repurchase program, which is funded from available working capital.

This performance graph assumes $100 was invested on July 31, 2018, in each of the common stock of Palo Alto Networks, Inc., the Nasdaq 100 Index, the Standard & Poor’s 500 Index, and the Standard & Poor’s 500 Information Technology Index, and assumes the reinvestment of any dividends.

This performance graph assumes $100 was invested on July 31, 2019, in each of the common stock of Palo Alto Networks, Inc., the Nasdaq 100 Index, the Standard & Poor’s 500 Index, and the Standard & Poor’s 500 Information Technology Index, and assumes the reinvestment of any dividends.

This performance graph compares the cumulative total return on our common stock with that of the Nasdaq 100 Index, the Standard & Poor’s 500 Index, and the Standard & Poor’s 500 Information Technology Index for the five years ended July 31, 2023.

The expiration date of this repurchase authorization was extended to December 31, 2023, and our repurchase program may be suspended or discontinued at any time.

The expiration date of this repurchase authorization was extended to December 31, 2024, and our repurchase program may be suspended or discontinued at any time.

Market for Registrant’s Common Equity, Related Stockholder Matters and Issuer Purchases of Equity Securities Market Information Our common stock, $0.0001 par value per share, is traded on the Nasdaq Global Select Market under the symbol “PANW.” Prior to October 22, 2021, our common stock traded on the New York Stock Exchange (“NYSE”) under the symbol “PANW.” Holders of Record As of August 18, 2023, there were 414 holders of record of our common stock.

Market for Registrant’s Common Equity, Related Stockholder Matters and Issuer Purchases of Equity Securities Market Information Our common stock, $0.0001 par value per share, is traded on the Nasdaq Global Select Market under the symbol “PANW.” Prior to October 22, 2021, our common stock traded on the New York Stock Exchange under the symbol “PANW.” Holders of Record As of August 19, 2024, there were 502 holders of record of our common stock.

The stock price performance on this performance graph is not necessarily indicative of future stock price performance. Palo Alto Networks, Inc.

The stock price performance on this performance graph is not necessarily indicative of future stock price performance. - 41 - Table of Contents Palo Alto Networks, Inc.

In December 2020, August 2021, and August 2022, we announced additional $700.0 million, $676.1 million, and $915.0 million increases to this share repurchase program, respectively, bringing the total authorization to $3.3 billion, with $750.0 million remaining as of July 31, 2023.

In December 2020, August 2021, August 2022, and November 2023, we announced additional $700.0 million, $676.1 million, $915.0 million, and $316.7 million increases to this share repurchase program, respectively, bringing the total authorization to $3.6 billion, with $500.0 million remaining as of July 31, 2024.

Recent Sales of Unregistered Equity Securities During the three months ended July 31, 2023, we issued a total of 3,569 shares of our unregistered common stock in connection with certain of our acquisitions (the “Transactions”). The Transactions did not involve any underwriters, any underwriting discounts or commissions, or any public offering.

Additionally, during the three months ended July 31, 2024, we issued a total of 12,841 shares of our unregistered common stock in connection with certain of our acquisitions (the “Transactions”).The Transactions did not involve any underwriters, any underwriting discounts or commissions, or any public offering.

Repurchases under our program are to be made at management’s discretion on the open market, through privately negotiated transactions, transactions structured through investment banking institutions, block purchase techniques, 10b5-1 trading plans, or a combination of the foregoing.

The average value of shares delivered to satisfy tax withholding requirements during these periods were $246.53 per share and $243.33 per share, respectively. The number of shares delivered to satisfy tax withholding requirements during these periods was not significant.

The average value of shares delivered to satisfy tax withholding requirements during these periods were $308.10 per share, $317.02 per share, and $330.89 per share, respectively. The number of shares delivered to satisfy tax withholding requirements during these periods was not significant.

During the three months ended July 31, 2023, we did not repurchase any shares pursuant to our share repurchase program. - 36 - Table of Contents Between June 1, 2023 and June 30, 2023 and July 1, 2023 and July 31, 2023, shares of restricted stock were delivered by certain employees upon vesting of equity awards to satisfy tax withholding requirements.

Between May 1, 2024 and May 31, 2024, June 1, 2024 and June 30, 2024, and July 1, 2024 and July 31, 2024, shares of restricted stock were delivered by certain employees upon vesting of equity awards to satisfy tax withholding requirements.

Comparison of Total Return Performance Company/Index 7/31/2018 7/31/2019 7/31/2020 7/31/2021 7/31/2022 7/31/2023 Palo Alto Networks, Inc. $ 100.00 $ 114.26 $ 129.08 $ 201.28 $ 251.74 $ 378.23 Nasdaq 100 Index $ 100.00 $ 109.74 $ 154.04 $ 212.86 $ 185.61 $ 227.88 S&P 500 Index $ 100.00 $ 107.99 $ 120.90 $ 164.96 $ 157.31 $ 177.78 S&P 500 Information Technology Index $ 100.00 $ 115.72 $ 160.75 $ 225.10 $ 212.69 $ 269.79 Item 6. [Reserved] - 37 - Table of Contents

Comparison of Total Return Performance Company/Index 7/31/2019 7/31/2020 7/31/2021 7/31/2022 7/31/2023 7/31/2024 Palo Alto Networks, Inc. $ 100.00 $ 112.97 $ 176.15 $ 220.31 $ 331.01 $ 430.03 Nasdaq 100 Index $ 100.00 $ 140.37 $ 193.97 $ 169.14 $ 207.66 $ 257.35 S&P 500 Index $ 100.00 $ 111.96 $ 152.76 $ 145.67 $ 164.63 $ 201.10 S&P 500 Information Technology Index $ 100.00 $ 138.91 $ 194.51 $ 183.79 $ 233.14 $ 315.19 Item 6. [Reserved] - 42 - Table of Contents

Removed

The issuances of the securities pursuant to the Transactions were exempt from registration under the Securities Act of 1933, as amended (the “Act”) by virtue of Section 4(a)(2) of the Act and Rule 506 of Regulation D promulgated thereunder.

Added

Recent Sales of Unregistered Equity Securities During the three months ended July 31, 2024, holders of the 2025 Notes converted $199.6 million in aggregate principal amount of the 2025 Notes, which we repaid in cash.

Added

We also issued 1.3 million shares of our unregistered common stock to the holders of the 2025 Notes for the conversion value in excess of the principal amount. These shares of our common stock were issued in reliance on the exemption from registration provided by Section 3(a)(9) of the Securities Act of 1933, as amended (the “Securities Act”).

Item 7. Management's Discussion & Analysis

Management's Discussion & Analysis (MD&A) — revenue / margin commentary

89 edited+18 added−12 removed48 unchanged

2023 filing

2024 filing

Biggest changeYear Ended July 31, 2023 2022 2021 Amount % of Revenue Amount % of Revenue Amount % of Revenue (dollars in millions) Revenue: Product $ 1,578.4 22.9 % $ 1,363.1 24.8 % $ 1,120.3 26.3 % Subscription and support 5,314.3 77.1 % 4,138.4 75.2 % 3,135.8 73.7 % Total revenue 6,892.7 100.0 % 5,501.5 100.0 % 4,256.1 100.0 % Cost of revenue: Product 418.3 6.1 % 455.5 8.3 % 308.5 7.2 % Subscription and support 1,491.4 21.6 % 1,263.2 22.9 % 966.4 22.8 % Total cost of revenue (1) 1,909.7 27.7 % 1,718.7 31.2 % 1,274.9 30.0 % Total gross profit 4,983.0 72.3 % 3,782.8 68.8 % 2,981.2 70.0 % Operating expenses: Research and development 1,604.0 23.3 % 1,417.7 25.8 % 1,140.4 26.8 % Sales and marketing 2,544.0 36.9 % 2,148.9 39.0 % 1,753.8 41.1 % General and administrative 447.7 6.5 % 405.0 7.4 % 391.1 9.2 % Total operating expenses (1) 4,595.7 66.7 % 3,971.6 72.2 % 3,285.3 77.1 % Operating income (loss) 387.3 5.6 % (188.8) (3.4) % (304.1) (7.1) % Interest expense (27.2) (0.4) % (27.4) (0.5) % (163.3) (3.8) % Other income, net 206.2 3.0 % 9.0 0.1 % 2.4 — % Income (loss) before income taxes 566.3 8.2 % (207.2) (3.8) % (465.0) (10.9) % Provision for income taxes 126.6 1.8 % 59.8 1.1 % 33.9 0.8 % Net income (loss) $ 439.7 6.4 % $ (267.0) (4.9) % $ (498.9) (11.7) % (1) Includes share-based compensation as follows: Year Ended July 31, 2023 2022 2021 (in millions) Cost of product revenue $ 9.8 $ 9.3 $ 6.2 Cost of subscription and support revenue 123.4 110.2 93.0 Research and development 488.4 471.1 428.9 Sales and marketing 335.3 304.7 269.9 General and administrative 130.4 118.1 128.9 Total share-based compensation $ 1,087.3 $ 1,013.4 $ 926.9 - 42 - Table of Contents REVENUE Our revenue consists of product revenue and subscription and support revenue.

Biggest changeYear Ended July 31, 2024 2023 2022 Amount % of Revenue Amount % of Revenue Amount % of Revenue (dollars in millions) Revenue: Product $ 1,603.3 20.0 % $ 1,578.4 22.9 % $ 1,363.1 24.8 % Subscription and support 6,424.2 80.0 % 5,314.3 77.1 % 4,138.4 75.2 % Total revenue 8,027.5 100.0 % 6,892.7 100.0 % 5,501.5 100.0 % Cost of revenue: Product 348.2 4.3 % 418.3 6.1 % 455.5 8.3 % Subscription and support 1,711.0 21.4 % 1,491.4 21.6 % 1,263.2 22.9 % Total cost of revenue (1) 2,059.2 25.7 % 1,909.7 27.7 % 1,718.7 31.2 % Total gross profit 5,968.3 74.3 % 4,983.0 72.3 % 3,782.8 68.8 % Operating expenses: Research and development 1,809.4 22.5 % 1,604.0 23.3 % 1,417.7 25.8 % Sales and marketing 2,794.5 34.8 % 2,544.0 36.9 % 2,148.9 39.0 % General and administrative 680.5 8.5 % 447.7 6.5 % 405.0 7.4 % Total operating expenses (1) 5,284.4 65.8 % 4,595.7 66.7 % 3,971.6 72.2 % Operating income (loss) 683.9 8.5 % 387.3 5.6 % (188.8) (3.4) % Interest expense (8.3) (0.1) % (27.2) (0.4) % (27.4) (0.5) % Other income, net 312.7 3.9 % 206.2 3.0 % 9.0 0.1 % Income (loss) before income taxes 988.3 12.3 % 566.3 8.2 % (207.2) (3.8) % Provision for (benefit from) income taxes (1,589.3) (19.8) % 126.6 1.8 % 59.8 1.1 % Net income (loss) $ 2,577.6 32.1 % $ 439.7 6.4 % $ (267.0) (4.9) % (1) Includes share-based compensation as follows: Year Ended July 31, 2024 2023 2022 (in millions) Cost of product revenue $ 7.3 $ 9.8 $ 9.3 Cost of subscription and support revenue 121.0 123.4 110.2 Research and development 525.5 488.4 471.1 Sales and marketing 300.8 335.3 304.7 General and administrative 124.1 130.4 118.1 Total share-based compensation $ 1,078.7 $ 1,087.3 $ 1,013.4 - 47 - Table of Contents REVENUE Our revenue consists of product revenue and subscription and support revenue.

COST OF SUBSCRIPTION AND SUPPORT REVENUE Cost of subscription and support revenue includes personnel costs for our global customer support and technical operations organizations, customer support and repair costs, third-party professional services costs, data center and cloud hosting service costs, amortization of acquired intangible assets and capitalized software development costs, and shared costs.

COST OF SUBSCRIPTION AND SUPPORT REVENUE Cost of subscription and support revenue includes personnel costs for our global customer support and technical operations organizations, data center and cloud hosting service costs, third-party professional services costs, amortization of acquired intangible assets and capitalized software development costs, customer support and repair costs, and shared costs.

We expect operating expenses generally to increase in absolute dollars and decrease over the long term as a percentage of revenue as we continue to scale our business.

We expect operating expenses generally to increase in absolute dollars and to decrease over the long term as a percentage of revenue as we continue to scale our business.

INTEREST EXPENSE Interest expense primarily consists of interest expense related to our 0.75% Convertible Senior Notes due 2023 (the “2023 Notes”) and the 0.375% Convertible Senior Notes due 2025 (the “2025 Notes,” and together with “2023 Notes,” the “Notes”).

INTEREST EXPENSE Interest expense primarily consists of interest expense related to our 0.75% Convertible Senior Notes due 2023 (the “2023 Notes”) and our 0.375% Convertible Senior Notes due 2025 (the “2025 Notes,” and together with “2023 Notes,” the “Notes”).

Upon conversion of the 2025 Notes, we will pay cash equal to the aggregate principal amount of the 2025 Notes to be converted, and, at our election, will pay or deliver cash and/or shares of our common stock for the amount of our conversion obligation in excess of the aggregate principal amount of the 2025 Notes being converted.

Upon conversion of the 2025 Notes, we will pay cash equal to the aggregate principal amount of the 2025 Notes to be converted, and, at our election, we will pay or deliver cash and/or shares of our common stock for the amount of our conversion obligation in excess of the aggregate principal amount of the 2025 Notes being converted.

Our future capital requirements will depend on many factors including our growth rate, the timing and extent of spending to support development efforts, the expansion of sales and marketing activities, the introduction of new and enhanced products and subscription and support offerings, the costs to acquire or invest in complementary businesses and technologies, the costs to ensure access to adequate manufacturing capacity, the investments in our infrastructure to support the adoption of our cloud-based subscription offerings, the repayment obligations associated with our Notes, the continuing market acceptance of our products and subscription and support offerings and macroeconomic events.

Our future capital requirements will depend on many factors including our growth rate, the timing and extent of spending to support development efforts, the expansion of sales and marketing activities, the introduction of new and enhanced products and subscription and support offerings, the costs to acquire or invest in complementary businesses and technologies, the costs to ensure access to adequate manufacturing capacity, the investments in our infrastructure to support the adoption of our cloud-based subscription offerings, the repayment obligations associated with our 2025 Notes, the continuing market acceptance of our products and subscription and support offerings and macroeconomic events.

When end-customers purchase our physical, virtual, or container firewall appliances, or certain cloud offerings, they typically purchase support in order to receive ongoing security updates, upgrades, bug fixes, and repairs. In addition to the subscriptions purchased with these appliances, end-customers may also purchase other subscriptions on a per-user, per-endpoint, or capacity-based basis.

When customers purchase our physical, virtual, or container firewall appliances, or certain cloud offerings, they typically purchase support in order to receive ongoing security updates, upgrades, bug fixes, and repairs. In addition to the subscriptions purchased with these appliances, customers may also purchase other subscriptions on a per-user, per-endpoint, or capacity-based basis.

The interest rates and commitment fees are also subject to upward and downward adjustments based on our progress towards the achievement of certain sustainability goals related to greenhouse gas emissions. As of July 31, 2023, there were no amounts outstanding, and we were in compliance with all covenants under the 2023 Credit Agreement. Refer to Note 10.

The interest rates and commitment fees are also subject to upward and downward adjustments based on our progress towards the achievement of certain sustainability goals related to greenhouse gas emissions. As of July 31, 2024, there were no amounts outstanding, and we were in compliance with all covenants under the Credit Agreement. Refer to Note 10.

We believe that our cash provided by operating activities, our existing cash, cash equivalents and investments, and existing sources of and access to financing will be sufficient to meet our anticipated cash needs should the holders choose to convert their 2025 Notes during the fiscal quarter ending October 31, 2023 or hold the 2025 Notes until maturity on June 1, 2025.

We believe that our cash provided by operating activities, our existing cash, cash equivalents and investments, and existing sources of and access to financing will be sufficient to meet our anticipated cash needs should the holders choose to convert their 2025 Notes during the fiscal quarter ending October 31, 2024 or hold the 2025 Notes until maturity on June 1, 2025.

As of July 31, 2023, we expect to recognize approximately $2.0 billion of share-based compensation expense over a weighted-average period of approximately 2.6 years, excluding additional share-based compensation expense related to any future grants of share-based awards. Share-based compensation expense is generally recognized on a straight-line basis over the requisite service periods of the awards.

As of July 31, 2024, we expect to recognize approximately $2.0 billion of share-based compensation expense over a weighted-average period of approximately 2.6 years, excluding additional share-based compensation expense related to any future grants of share-based awards. Share-based compensation expense is generally recognized on a straight-line basis over the requisite service periods of the awards.

Actual component usage and product demand may be materially different from our forecast and could be caused by factors outside of our control, which could have an adverse impact on our results of operations. Through July 31, 2023, we have not accrued significant costs associated with this exposure.

Actual component usage and product demand may be materially different from our forecast and could be caused by factors outside of our control, which could have an adverse impact on our results of operations. Through July 31, 2024, we have not accrued significant costs associated with this exposure.

As of July 31, 2023, we had no unremitted earnings when evaluating our outside basis difference relating to our U.S. investment in foreign subsidiaries. However, there could be local withholding taxes due to various foreign countries if certain lower tier earnings are distributed.

As of July 31, 2024, we had no unremitted earnings when evaluating our outside basis difference relating to our U.S. investment in foreign subsidiaries. However, there could be local withholding taxes due to various foreign countries if certain lower tier earnings are distributed.

Our three geographic theaters had similar year-over-year revenue growth rates for fiscal 2023, with the Americas contributing the highest increase in revenue due to its larger scale. COST OF REVENUE Our cost of revenue consists of cost of product revenue and cost of subscription and support revenue.

Our three geographic theaters had similar year-over-year revenue growth rates for fiscal 2024, with the Americas contributing the highest increase in revenue due to its larger scale. COST OF REVENUE Our cost of revenue consists of cost of product revenue and cost of subscription and support revenue.

Subscription and support gross margin increased for fiscal 2023 compared to fiscal 2022, primarily due to our growth in subscription and support revenue, which outpaced the subscription and support costs. OPERATING EXPENSES Our operating expenses consist of research and development, sales and marketing, and general and administrative expenses.

Subscription and support gross margin increased for fiscal 2024 compared to fiscal 2023 primarily due to our growth in subscription and support revenue, which outpaced the subscription and support costs. OPERATING EXPENSES Our operating expenses consist of research and development, sales and marketing, and general and administrative expenses.

GAAP and non-GAAP key financial metrics, which management monitors to evaluate our performance. • Results of Operations. A discussion of the nature and trends in our financial results and an analysis of our financial results comparing fiscal 2023 to fiscal 2022.

An analysis of changes on our balance sheets and cash flows, and a discussion of our financial condition and our ability to meet cash needs. • Critical Accounting Estimates. A discussion of our accounting policies that require critical estimates, assumptions, and judgments.

The sale price condition for the 2025 Notes was met during the fiscal quarter ended July 31, 2023, and as a result, holders may convert their 2025 Notes during the fiscal quarter ending October 31, 2023.

The sale price condition for the 2025 Notes was met during the fiscal quarter ended July 31, 2024, and as a result, holders may convert their 2025 Notes during the fiscal quarter ending October 31, 2024.

If all of the holders convert their 2025 Notes during this period, we would be obligated to settle the $2.0 billion principal amount of the 2025 Notes in cash.

If all of the holders convert their 2025 Notes during this period, we would be obligated to settle the $1.0 billion principal amount of the 2025 Notes in cash.

In April 2023, we entered into a new credit agreement (the “2023 Credit Agreement”) that provides for a $400.0 million unsecured revolving credit facility (the “2023 Credit Facility”), with an option to increase the amount of the 2023 Credit Facility by up to an additional $350.0 million, subject to certain conditions.

In April 2023, we entered into a credit agreement (the “Credit Agreement”) that provides for a $400.0 million unsecured revolving credit facility (the “Credit Facility”), with an option to increase the amount of the Credit Facility by up to an additional $350.0 million, subject to certain conditions.

For discussion and analysis related to our financial results comparing fiscal 2022 to 2021, refer to Part II, Item 7. Management’s Discussion and Analysis of Financial Condition and Results of Operations in our Annual Report on Form 10-K for fiscal 2022, which was filed with the Securities and Exchange Commission on September 6, 2022. • Liquidity and Capital Resources.

For discussion and analysis related to our financial results comparing fiscal 2023 to 2022, refer to Part II, Item 7. Management’s Discussion and Analysis of Financial Condition and Results of Operations in our Annual Report on Form 10-K for fiscal 2023, which was filed with the Securities and Exchange Commission on September 1, 2023. • Liquidity and Capital Resources.

Our subscriptions provide our end-customers with near real-time access to the latest antivirus, intrusion prevention, web filtering, modern malware prevention, data loss prevention, and cloud access security broker capabilities across the network, endpoints, and the cloud.

Our subscriptions provide our end-customers with near real-time access to the latest antivirus, intrusion prevention, web filtering, modern malware prevention, data loss prevention, CASB and AI security capabilities across the network, endpoints, and the cloud.

We are monitoring the tensions between China and Taiwan, and between the U.S. and China, which could have an adverse impact on our business or results of operations in future periods.

We are also monitoring the impact of inflationary pressures and the tensions between China and Taiwan, and between the U.S. and China, which could have an adverse impact on our business or results of operations in future periods.

FINANCING ACTIVITIES Our financing activities have consisted of cash used to repurchase shares of our common stock, proceeds from sales of shares through employee equity incentive plans, and payments for tax withholding obligations of certain employees related to the net share settlement of equity awards.

FINANCING ACTIVITIES Our financing activities have consisted of repayments of our convertible senior notes, cash used to repurchase shares of our common stock, proceeds from sales of shares through employee equity incentive plans, and payments for tax withholding obligations of certain employees related to the net share settlement of equity awards.

Threat Intelligence and Advisory Services (Unit 42): • Unit 42 brings together world-renowned threat researchers with an elite team of incident responders and security consultants to create an intelligence-driven, response-ready organization to help customers manage cyber risk.

Refer to Note 10. Debt in Part II, Item 8 of this Annual Report on Form 10-K for information on the Notes. As of July 31, 2023, our total cash, cash equivalents, and investments of $5.4 billion were held for general corporate purposes.

Refer to Note 10. Debt in Part II, Item 8 of this Annual Report on Form 10-K for information on the Notes. As of July 31, 2024, our total cash, cash equivalents, and investments of $6.8 billion were held for general corporate purposes.

The increase was primarily due to an increase in purchases of investments and an increase in net cash payments for business acquisitions, partially offset by an increase in proceeds from sales and maturities of investments during fiscal 2023.

The decrease was primarily due to a decrease in purchases of investments, partially offset by a decrease in proceeds from sales and maturities of investments and an increase in net cash payments for business acquisitions during fiscal 2024.

During fiscal 2023, we repaid in cash $1.7 billion in aggregate principal amount of the 2023 Notes and issued 11.4 million shares of common stock to the holders for the conversion value in excess of the principal amount of the 2023 Notes converted, which were fully offset by shares we received from our exercise of the associated note hedges.

During fiscal 2024, we repaid in cash $1.0 billion in aggregate principal amount of the 2025 Notes and issued 7.0 million shares of common stock to the holders for the conversion value in excess of the principal amount of the 2025 Notes converted, which were fully offset by shares we received from our exercise of the associated note hedges.

As of July 31, 2023, we have total operating lease obligations of $339.4 million recorded on our consolidated balance sheet. As of July 31, 2023, our commitments to purchase products, components, cloud and other services totaled $1.8 billion. Refer to Note 12.

As of July 31, 2024, we have total operating lease obligations of $446.4 million recorded on our consolidated balance sheet. As of July 31, 2024, our commitments to purchase products, components, cloud and other services totaled $4.8 billion. Refer to Note 12.

Personnel costs grew $97.0 million for fiscal 2023 compared to fiscal 2022 primarily due to headcount growth. - 44 - Table of Contents GROSS MARGIN Gross margin has been and will continue to be affected by a variety of factors, including the introduction of new products, manufacturing costs, the average sales price of our products, cloud hosting service costs, personnel costs, the mix of products sold, and the mix of revenue between product and subscription and support offerings.

Personnel costs grew $48.2 million for fiscal 2024 compared to fiscal 2023, primarily due to headcount growth. - 49 - Table of Contents GROSS MARGIN Gross margin has been and will continue to be affected by a variety of factors, including the introduction of new products, manufacturing costs, the average sales price of our products, cloud hosting service costs, personnel costs, the mix of products sold, and the mix of revenue between product and subscription and support offerings.

However, there are many uncertainties associated with any litigation, and these actions or other third-party claims against us may cause us to incur substantial settlement charges, which are inherently difficult to estimate and could adversely affect our results of operations.

From time to time, we are involved in disputes, litigation, and other legal actions. However, there are many uncertainties associated with any litigation, and these actions or other third-party claims against us may cause us to incur substantial settlement charges, which are inherently difficult to estimate and could adversely affect our results of operations.

Our appliances and software licenses have significant standalone functionalities and capabilities. Accordingly, these appliances and software licenses are distinct from our subscriptions and support services as the customer can benefit from the product without these services and such services are separately identifiable within the contract.

Accordingly, these appliances and software licenses are distinct from our subscriptions and support services as the customer can benefit from the product without these services and such services are separately identifiable within the contract.

GAAP, is provided below: Year Ended July 31, 2023 2022 2021 (in millions) Free cash flow (non-GAAP): Net cash provided by operating activities $ 2,777.5 $ 1,984.7 $ 1,503.0 Less: purchases of property, equipment, and other assets 146.3 192.8 116.0 Free cash flow (non-GAAP) $ 2,631.2 $ 1,791.9 $ 1,387.0 Net cash used in investing activities $ (2,033.8) $ (933.4) $ (1,480.6) Net cash used in financing activities $ (1,726.3) $ (806.6) $ (1,104.0) - 41 - Table of Contents Results of Operations The following table summarizes our results of operations for the periods presented and as a percentage of our total revenue for those periods based on our consolidated statements of operations data.

GAAP, is provided below: Year Ended July 31, 2024 2023 2022 (in millions) Free cash flow (non-GAAP): Net cash provided by operating activities $ 3,257.6 $ 2,777.5 $ 1,984.7 Less: purchases of property, equipment, and other assets 156.8 146.3 192.8 Free cash flow (non-GAAP) $ 3,100.8 $ 2,631.2 $ 1,791.9 Net cash used in investing activities $ (1,509.9) $ (2,033.8) $ (933.4) Net cash used in financing activities $ (1,343.1) $ (1,726.3) $ (806.6) - 46 - Table of Contents Results of Operations The following table summarizes our results of operations for the periods presented and as a percentage of our total revenue for those periods based on our consolidated statements of operations data.

Cloud hosting service costs, which support our cloud-based subscription offerings, increased $101.0 million for fiscal 2023 compared to fiscal 2022.

Cloud hosting service costs, which support our cloud-based subscription offerings, increased $116.0 million for fiscal 2024 compared to fiscal 2023.

As of July 31, 2023, substantially all of our 2025 Notes remained outstanding. Refer to Note 10. Debt in Part II, Item 8 of this Annual Report on Form 10-K for more information on the Notes.

As of July 31, 2024, $1.0 billion of our 2025 Notes remained outstanding. Refer to Note 10. Debt in Part II, Item 8 of this Annual Report on Form 10-K for more information on the Notes.

Cash provided by operating activities during fiscal 2023 was $2.8 billion, an increase of $792.8 million compared to fiscal 2022. The increase was primarily due to growth of our business as reflected by increases in collections during fiscal 2023, partially offset by higher cash expenditure to support our business growth.

Cash provided by operating activities during fiscal 2024 was $3.3 billion, an increase of $480.1 million compared to fiscal 2023. The increase was primarily due to growth of our business as reflected by increases in collections during fiscal 2024, partially offset by higher cash expenditure to support our business growth.

The mix between subscription revenue and support revenue will fluctuate over time, depending on the introduction of new subscription offerings, renewals of support services, and our ability to increase sales to new and existing end-customers. - 43 - Table of Contents REVENUE BY GEOGRAPHIC THEATER Year Ended July 31, Year Ended July 31, 2023 2022 Change 2022 2021 Change Amount Amount Amount % Amount Amount Amount % (dollars in millions) Americas $ 4,719.9 $ 3,802.6 $ 917.3 24.1 % $ 3,802.6 $ 2,937.5 $ 865.1 29.5 % EMEA 1,359.6 1,055.8 303.8 28.8 % 1,055.8 817.3 238.5 29.2 % APAC 813.2 643.1 170.1 26.5 % 643.1 501.3 141.8 28.3 % Total revenue $ 6,892.7 $ 5,501.5 $ 1,391.2 25.3 % $ 5,501.5 $ 4,256.1 $ 1,245.4 29.3 % Revenue from the Americas, Europe, the Middle East, and Africa (“EMEA”) and Asia Pacific and Japan (“APAC”) increased year-over-year for fiscal 2023 as we continued to increase investment in our global sales force in order to support our growth and innovation.

The mix between subscription revenue and support revenue will fluctuate over time, depending on the introduction of new subscription offerings, renewals of support services, and our ability to increase sales to new and existing end-customers. - 48 - Table of Contents REVENUE BY GEOGRAPHIC THEATER Year Ended July 31, Year Ended July 31, 2024 2023 Change 2023 2022 Change Amount Amount Amount % Amount Amount Amount % (dollars in millions) Americas $ 5,482.9 $ 4,719.9 $ 763.0 16.2 % $ 4,719.9 $ 3,802.6 $ 917.3 24.1 % Europe, the Middle East, and Africa (“EMEA”) 1,602.0 1,359.6 242.4 17.8 % 1,359.6 1,055.8 303.8 28.8 % Asia Pacific and Japan (“APAC”) 942.6 813.2 129.4 15.9 % 813.2 643.1 170.1 26.5 % Total revenue $ 8,027.5 $ 6,892.7 $ 1,134.8 16.5 % $ 6,892.7 $ 5,501.5 $ 1,391.2 25.3 % Revenue from the Americas, EMEA and APAC increased year-over-year for fiscal 2024 as we continued to increase investment in our global sales force in order to support our growth and innovation.

Commitments and Contingencies in Part II, Item 8 of this Annual Report on Form 10-K for more information on these commitments.

Refer to Note 12. Commitments and Contingencies in Part II, Item 8 of this Annual Report on Form 10-K for more information.

The same firewall functionality that is delivered in our physical appliances is also available in our VM-Series virtual firewalls, which secure virtualized and cloud-based computing environments, and in our CN-Series container firewalls, which secure container environments and traffic. Our subscription and support revenue grew to $5.3 billion or 77.1% of total revenue for fiscal 2023, representing year-over-year growth of 28.4%.

The same firewall functionality that is delivered in our physical appliances is also available in our VM-Series virtual firewalls, which secure virtualized and cloud-based computing environments, and in our CN-Series container firewalls, which secure container environments and traffic. Our subscription and support revenue grew to $6.4 billion or 80.0% of total revenue for fiscal 2024, representing year-over-year growth of 20.9%.

Year Ended July 31, Year Ended July 31, 2023 2022 Change 2022 2021 Change Amount Amount Amount % Amount Amount Amount % (dollars in millions) Cost of subscription and support revenue $ 1,491.4 $ 1,263.2 $ 228.2 18.1 % $ 1,263.2 $ 966.4 $ 296.8 30.7 % Cost of subscription and support revenue increased for fiscal 2023 compared to fiscal 2022 primarily due to increased costs to support the growth of our subscription and support offerings.

Year Ended July 31, Year Ended July 31, 2024 2023 Change 2023 2022 Change Amount Amount Amount % Amount Amount Amount % (dollars in millions) Cost of subscription and support revenue $ 1,711.0 $ 1,491.4 $ 219.6 14.7 % $ 1,491.4 $ 1,263.2 $ 228.2 18.1 % Cost of subscription and support revenue increased for fiscal 2024 compared to fiscal 2023 primarily due to increased costs to support the growth of our subscription and support offerings.

Liquidity and Capital Resources July 31, 2023 2022 (in millions) Working capital (1) $ (1,689.5) $ (1,891.4) Cash, cash equivalents, and investments: Cash and cash equivalents $ 1,135.3 $ 2,118.5 Investments 4,302.6 2,567.9 Total cash, cash equivalents, and investments $ 5,437.9 $ 4,686.4 (1) Current liabilities included net carrying amounts of convertible senior notes of $2.0 billion and $3.7 billion as of July 31, 2023 and 2022, respectively.

Liquidity and Capital Resources July 31, 2024 2023 (in millions) Working capital (1) $ (833.0) $ (1,689.5) Cash, cash equivalents, and investments: Cash and cash equivalents $ 1,535.2 $ 1,135.3 Investments 5,216.8 4,302.6 Total cash, cash equivalents, and investments $ 6,752.0 $ 5,437.9 (1) Current liabilities included net carrying amounts of convertible senior notes of $1.0 billion and $2.0 billion as of July 31, 2024 and 2023, respectively.

We calculate billings in the following manner: - 40 - Table of Contents Year Ended July 31, 2023 2022 2021 (in millions) Billings: Total revenue $ 6,892.7 $ 5,501.5 $ 4,256.1 Add: change in total deferred revenue, net of acquired deferred revenue 2,301.7 1,970.0 1,196.1 Billings $ 9,194.4 $ 7,471.5 $ 5,452.2 • Cash Flow Provided by Operating Activities.

We calculate billings in the following manner: Year Ended July 31, 2024 2023 2022 (in millions) Billings: Total revenue $ 8,027.5 $ 6,892.7 $ 5,501.5 Add: change in total deferred revenue, net of acquired deferred revenue 2,180.6 2,301.7 1,970.0 Billings $ 10,208.1 $ 9,194.4 $ 7,471.5 • Cash Flow Provided by Operating Activities.

We discuss revenue, gross margin, and the components of operating income (loss) and margin below under “Results of Operations.” July 31, 2023 2022 (in millions) Total deferred revenue $ 9,296.4 $ 6,994.0 Cash, cash equivalents, and investments $ 5,437.9 $ 4,686.4 Year Ended July 31, 2023 2022 2021 (dollars in millions) Total revenue $ 6,892.7 $ 5,501.5 $ 4,256.1 Total revenue year-over-year percentage increase 25.3 % 29.3 % 24.9 % Gross margin 72.3 % 68.8 % 70.0 % Operating income (loss) $ 387.3 $ (188.8) $ (304.1) Operating margin 5.6 % (3.4) % (7.1) % Billings $ 9,194.4 $ 7,471.5 $ 5,452.2 Billings year-over-year percentage increase 23.1 % 37.0 % 26.7 % Cash flow provided by operating activities $ 2,777.5 $ 1,984.7 $ 1,503.0 Free cash flow (non-GAAP) $ 2,631.2 $ 1,791.9 $ 1,387.0 • Deferred Revenue.

We discuss revenue, gross margin, and the components of operating income (loss) and margin below under “Results of Operations.” July 31, 2024 2023 (in millions) Total deferred revenue $ 11,480.5 $ 9,296.4 Cash, cash equivalents, and investments $ 6,752.0 $ 5,437.9 Year Ended July 31, 2024 2023 2022 (dollars in millions) Total revenue $ 8,027.5 $ 6,892.7 $ 5,501.5 Total revenue year-over-year percentage increase 16.5 % 25.3 % 29.3 % Gross margin 74.3 % 72.3 % 68.8 % Operating income (loss) $ 683.9 $ 387.3 $ (188.8) Operating margin 8.5 % 5.6 % (3.4) % Billings $ 10,208.1 $ 9,194.4 $ 7,471.5 Billings year-over-year percentage increase 11.0 % 23.1 % 37.0 % Cash flow provided by operating activities $ 3,257.6 $ 2,777.5 $ 1,984.7 Free cash flow (non-GAAP) $ 3,100.8 $ 2,631.2 $ 1,791.9 • Deferred Revenue.

Year Ended July 31, Year Ended July 31, 2023 2022 Change 2022 2021 Change Amount Amount Amount % Amount Amount Amount % (dollars in millions) Sales and marketing $ 2,544.0 $ 2,148.9 $ 395.1 18.4 % $ 2,148.9 $ 1,753.8 $ 395.1 22.5 % Sales and marketing expense increased for fiscal 2023 compared to fiscal 2022 primarily due to increased personnel costs, which grew $290.7 million, largely due to headcount growth and increased travel and entertainment expenses.

Year Ended July 31, Year Ended July 31, 2024 2023 Change 2023 2022 Change Amount Amount Amount % Amount Amount Amount % (dollars in millions) Sales and marketing $ 2,794.5 $ 2,544.0 $ 250.5 9.8 % $ 2,544.0 $ 2,148.9 $ 395.1 18.4 % Sales and marketing expense increased for fiscal 2024 compared to fiscal 2023 primarily due to increased personnel costs, which grew $117.3 million, largely due to headcount growth.

CASH FLOWS The following table summarizes our cash flows for the years ended July 31, 2023, 2022, and 2021: Year Ended July 31, 2023 2022 2021 (in millions) Net cash provided by operating activities $ 2,777.5 $ 1,984.7 $ 1,503.0 Net cash used in investing activities (2,033.8) (933.4) (1,480.6) Net cash used in financing activities (1,726.3) (806.6) (1,104.0) Net increase (decrease) in cash, cash equivalents, and restricted cash $ (982.6) $ 244.7 $ (1,081.6) - 48 - Table of Contents Cash from operations could be affected by various risks and uncertainties detailed in Part I, Item 1A “Risk Factors” in this Form 10-K.

Commitments and Contingencies in Part II, Item 8 of this Annual Report on Form 10-K for more information on these commitments. - 53 - Table of Contents CASH FLOWS The following table summarizes our cash flows for the years ended July 31, 2024, 2023, and 2022: Year Ended July 31, 2024 2023 2022 (in millions) Net cash provided by operating activities $ 3,257.6 $ 2,777.5 $ 1,984.7 Net cash used in investing activities (1,509.9) (2,033.8) (933.4) Net cash used in financing activities (1,343.1) (1,726.3) (806.6) Net increase (decrease) in cash, cash equivalents, and restricted cash $ 404.6 $ (982.6) $ 244.7 Cash from operations could be affected by various risks and uncertainties detailed in Part I, Item 1A “Risk Factors” in this Form 10-K.

INVESTING ACTIVITIES Our investing activities have consisted of capital expenditures, net investment purchases, sales, and maturities, and business acquisitions. We expect to continue such activities as our business grows. Cash used in investing activities during fiscal 2023 was $2.0 billion, an increase of $1.1 billion compared to fiscal 2022.

INVESTING ACTIVITIES Our investing activities have consisted of capital expenditures, net investment purchases, sales, and maturities, and business acquisitions. We expect to continue such activities as our business grows. Cash used in investing activities during fiscal 2024 was $1.5 billion, a decrease of $523.9 million compared to fiscal 2023.

We monitor our deferred revenue balance because it represents a significant portion of revenue to be recognized in future periods. • Billings. We define billings as total revenue plus the change in total deferred revenue, net of acquired deferred revenue, during the period. We consider billings to be a key metric used by management to manage our business.

We monitor our deferred revenue balance because it represents a significant portion of revenue to be recognized in future periods. - 45 - Table of Contents • Billings. We define billings as total revenue plus the change in total deferred revenue, net of acquired deferred revenue, during the period.

Year Ended July 31, Year Ended July 31, 2023 2022 Change 2022 2021 Change Amount Amount Amount % Amount Amount Amount % (dollars in millions) Product $ 1,578.4 $ 1,363.1 $ 215.3 15.8 % $ 1,363.1 $ 1,120.3 $ 242.8 21.7 % Product revenue increased for fiscal 2023 compared to fiscal 2022 driven by increased demand for our new generation of hardware products, increased software revenue primarily due to a new go-to-market strategy for certain Network Security offerings and an increased demand for our VM-Series virtual firewalls, partially offset by decreased revenue from our prior generation of hardware products.

Year Ended July 31, Year Ended July 31, 2024 2023 Change 2023 2022 Change Amount Amount Amount % Amount Amount Amount % (dollars in millions) Product $ 1,603.3 $ 1,578.4 $ 24.9 1.6 % $ 1,578.4 $ 1,363.1 $ 215.3 15.8 % Product revenue increased for fiscal 2024 compared to fiscal 2023 driven by increased software revenue primarily due to our go-to-market strategy for certain Network Security offerings, and a change in mix shift within our new generation of hardware products, partially offset by decreased demand for our prior generation of hardware products.

To the extent that there are material differences between these estimates and our actual results, our future consolidated financial statements will be affected. We believe that of our significant accounting policies described in Note 1.

Actual results could differ materially from those estimates due to risks and uncertainties, including uncertainty in the current economic environment. To the extent that there are material differences between these estimates and our actual results, our future consolidated financial statements will be affected. We believe that of our significant accounting policies described in Note 1.

Year Ended July 31, Year Ended July 31, 2023 2022 Change 2022 2021 Change Amount Amount Amount % Amount Amount Amount % (dollars in millions) Subscription $ 3,335.4 $ 2,539.0 $ 796.4 31.4 % $ 2,539.0 $ 1,898.8 $ 640.2 33.7 % Support 1,978.9 1,599.4 379.5 23.7 % 1,599.4 1,237.0 362.4 29.3 % Total subscription and support $ 5,314.3 $ 4,138.4 $ 1,175.9 28.4 % $ 4,138.4 $ 3,135.8 $ 1,002.6 32.0 % Subscription and support revenue increased for fiscal 2023 compared to fiscal 2022 due to increased demand for our subscription and support offerings from our end-customers.

Year Ended July 31, Year Ended July 31, 2024 2023 Change 2023 2022 Change Amount Amount Amount % Amount Amount Amount % (dollars in millions) Subscription $ 4,188.5 $ 3,335.4 $ 853.1 25.6 % $ 3,335.4 $ 2,539.0 $ 796.4 31.4 % Support 2,235.7 1,978.9 256.8 13.0 % 1,978.9 1,599.4 379.5 23.7 % Total subscription and support $ 6,424.2 $ 5,314.3 $ 1,109.9 20.9 % $ 5,314.3 $ 4,138.4 $ 1,175.9 28.4 % Subscription and support revenue increased for fiscal 2024 compared to fiscal 2023 due to increased demand for our subscription and support offerings from our end-customers.

Our appliances and software licenses include a broad set of built-in networking and security features and functionalities. Our products are designed for different performance requirements throughout an organization, ranging from our PA-410, which is designed for small organizations and remote or branch offices, to our top-of-the-line PA-7080, which is designed for large-scale data centers and service provider use.

Our products are designed for different performance requirements throughout an organization, ranging from our PA-410, which is designed for small organizations and remote or branch offices, to our top-of-the-line PA-7500, which is designed for large-scale data centers and service provider use.

Description of Business and Summary of Significant Accounting Policies in Part II, Item 8 of this Annual Report on Form 10-K, the critical accounting estimates, assumptions, and judgments that have the most significant impact on our consolidated financial statements are described below. - 49 - Table of Contents REVENUE RECOGNITION The majority of our contracts with our customers include various combinations of our products and subscriptions and support.

These include Cortex XSIAM, our AI-driven security operations platform, Cortex XDR ® for the prevention, detection, and response to complex cybersecurity attacks, Cortex XSOAR ® for SOAR, and Cortex Xpanse TM for ASM. These products are delivered as SaaS or software subscriptions.

Year Ended July 31, Year Ended July 31, 2023 2022 Change 2022 2021 Change Amount Amount Amount % Amount Amount Amount % (dollars in millions) Other income, net $ 206.2 $ 9.0 $ 197.2 2,191.1 % $ 9.0 $ 2.4 $ 6.6 275.0 % Other income, net increased for fiscal 2023 compared to fiscal 2022 primarily due to higher interest income as a result of higher interest rates and higher average cash, cash equivalent, and investments balances for fiscal 2023 compared to fiscal 2022.

Year Ended July 31, Year Ended July 31, 2024 2023 Change 2023 2022 Change Amount Amount Amount % Amount Amount Amount % (dollars in millions) Other income, net $ 312.7 $ 206.2 $ 106.5 51.6 % $ 206.2 $ 9.0 $ 197.2 * * Not meaningful Other income, net increased for fiscal 2024 compared to fiscal 2023 primarily due to higher interest income as a result of higher interest rates and higher average cash, cash equivalents, and investments balance for fiscal 2024 compared to fiscal 2023.

Prisma ® Access, our SSE solution, when combined with Prisma SD-WAN, provides a comprehensive single-vendor SASE offering that is used to secure remote workforces and securely enable the cloud-delivered branch.

Cloud Security: • We deliver scalable and comprehensive security across the cloud application development lifecycle through our Code to Cloud TM platform, Prisma Cloud. As a comprehensive CNAPP, Prisma Cloud secures multi- and hybrid-cloud environments for applications, data, GenAI ecosystem, and the entire cloud native technology stack across the full development lifecycle, from code to cloud.

For inline network security on multi- and hybrid-cloud environments, we also offer our VM-Series and CN-Series Firewall offerings. - 38 - Table of Contents Security Operations: • We deliver the next generation of security automation, security analytics, endpoint security, and attack surface management solutions through our Cortex portfolio.

We also offer our VM-Series and CN-Series virtual firewalls for inline network security on multi- and hybrid-cloud environments. - 43 - Table of Contents Security Operations: • We deliver the next generation of security operations capabilities that combine security analytics, endpoint security, automation, and ASM solutions through our Cortex platform.

Year Ended July 31, Year Ended July 31, 2023 2022 Change 2022 2021 Change Amount Amount Amount % Amount Amount Amount % (dollars in millions) Research and development $ 1,604.0 $ 1,417.7 $ 186.3 13.1 % $ 1,417.7 $ 1,140.4 $ 277.3 24.3 % Research and development expense increased for fiscal 2023 compared to fiscal 2022 primarily due to increased personnel costs, which grew $154.2 million, largely due to headcount growth. - 45 - Table of Contents SALES AND MARKETING Sales and marketing expense consists primarily of personnel costs, including commission expense.

Year Ended July 31, Year Ended July 31, 2024 2023 Change 2023 2022 Change Amount Amount Amount % Amount Amount Amount % (dollars in millions) Research and development $ 1,809.4 $ 1,604.0 $ 205.4 12.8 % $ 1,604.0 $ 1,417.7 $ 186.3 13.1 % Research and development expense increased for fiscal 2024 compared to fiscal 2023 primarily due to increased personnel costs, which grew $143.4 million, largely due to headcount growth.

Year Ended July 31, 2023 2022 2021 Amount Gross Margin Amount Gross Margin Amount Gross Margin (dollars in millions) Product $ 1,160.1 73.5 % $ 907.6 66.6 % $ 811.8 72.5 % Subscription and support 3,822.9 71.9 % 2,875.2 69.5 % 2,169.4 69.2 % Total gross profit $ 4,983.0 72.3 % $ 3,782.8 68.8 % $ 2,981.2 70.0 % Product gross margin increased for fiscal 2023 compared to fiscal 2022 primarily due to increased software revenue and a favorable hardware product mix.

Year Ended July 31, 2024 2023 2022 Amount Gross Margin Amount Gross Margin Amount Gross Margin (dollars in millions) Product $ 1,255.1 78.3 % $ 1,160.1 73.5 % $ 907.6 66.6 % Subscription and support 4,713.2 73.4 % 3,822.9 71.9 % 2,875.2 69.5 % Total gross profit $ 5,968.3 74.3 % $ 4,983.0 72.3 % $ 3,782.8 68.8 % Product gross margin increased for fiscal 2024 compared to fiscal 2023 primarily due to increased software revenue and lower costs largely driven by an easing of supply chain challenges.

Our end-customers represent a broad range of industries, including education, energy, financial services, government entities, healthcare, Internet and media, manufacturing, public sector, and telecommunications, and include almost all of the Fortune 100 companies and a majority of the Global 2000 companies. We maintain a field sales force that works closely with our channel partners in developing sales opportunities.

As of July 31, 2024, we had end-customers in over 180 countries. Our end-customers represent a broad range of industries, including education, energy, financial services, government entities, healthcare, Internet and media, manufacturing, public sector, and telecommunications, and include almost all of the Fortune 100 companies and a majority of the Global 2000 companies.

We believe that the growth of our business and our short-term and long-term success are dependent upon many factors, including our ability to extend our technology leadership, grow our base of end-customers, expand deployment of our portfolio and support offerings within existing end-customers, and focus on end-customer satisfaction.

On August 31, 2024, we completed the acquisition of IBM’s QRadar SaaS assets and we expect the acquisition will help accelerate the growth of our Cortex XSIAM business. - 44 - Table of Contents We believe that the growth of our business and our short-term and long-term success are dependent upon many factors, including our ability to extend our technology leadership, grow our base of end-customers, expand deployment of our portfolio and support offerings within existing end-customers, focus on end-customer satisfaction, and address any product vulnerabilities.

In December 2020, August 2021, and August 2022, our board of directors authorized additional $700.0 million, $676.1 million, and $915.0 million increases to this share repurchase program, respectively, bringing the total authorization under this share repurchase program to $3.3 billion. Repurchases will be funded from available working capital and may be made at management’s discretion from time to time.

In December 2020, August 2021, August 2022, and November 2023, our board of directors authorized additional $700.0 million, $676.1 million, $915.0 million, and $316.7 million increases to this share repurchase program, respectively, bringing the total authorization under this share repurchase program to $3.6 billion.

If we determine that a loss is reasonably possible, then we disclose the possible loss or range of the possible loss or state that such an estimate cannot be made.

If we determine that a loss is reasonably possible, then we disclose the possible loss or range of the possible loss or state that such an estimate cannot be made. We regularly evaluate current information available to us to determine whether an accrual is required, an accrual should be adjusted, or a range of possible loss should be disclosed.

Overview We empower enterprises, organizations, service providers, and government entities to protect themselves against today’s most sophisticated cyber threats. Our cybersecurity platforms and services help secure enterprise users, networks, clouds, and endpoints by delivering comprehensive cybersecurity backed by industry-leading artificial intelligence and automation.

A discussion of expected impacts of impending accounting changes on financial information to be reported in the future. Overview We empower enterprises, organizations, service providers, and government entities to protect themselves against today’s most sophisticated cyber threats. Our cybersecurity platforms and services help secure enterprise users, networks, clouds, and endpoints by delivering comprehensive cybersecurity backed by AI and automation.

While these areas present significant opportunities for us, they also pose challenges and risks that we must successfully address in order to sustain the growth of our business and improve our operating results. For additional information regarding the challenges and risks we face, see the “Risk Factors” section in Part I, Item 1A of this Annual Report on Form 10-K.

In June 2020, we issued the 2025 Notes with an aggregate principal amount of $2.0 billion. The 2025 Notes mature on June 1, 2025; however, under certain circumstances, holders may surrender their 2025 Notes for conversion prior to the applicable maturity date.

The 2025 Notes mature on June 1, 2025; however, under certain circumstances, holders may surrender their 2025 Notes for conversion prior to the maturity date.

Our growth reflects the increased adoption of our portfolio, which consists of product, subscriptions, and support. We believe our portfolio will enable us to benefit from recurring revenues and new revenues as we continue to grow our end-customer base. As of July 31, 2023, we had end-customers in over 180 countries.

For fiscal 2024 and 2023, total revenue was $8.0 billion and $6.9 billion, respectively, representing year-over-year growth of 16.5%. Our growth reflects the increased adoption of our portfolio, which consists of product, subscriptions, and support. We believe our portfolio will enable us to benefit from recurring revenues and new revenues as we continue to grow our end-customer base.

Product revenue is derived from sales of our appliances, primarily our ML-Powered Next-Generation Firewall. Product revenue also includes revenue derived from software licenses of Panorama, SD-WAN, and the VM-Series. Our ML-Powered Next-Generation Firewall incorporates our PAN-OS operating system, which provides a consistent set of capabilities across our entire network security product line.

Our ML-Powered Next-Generation Firewall incorporates our PAN-OS operating system, which provides a consistent set of capabilities across our entire network security product line. Our appliances and software licenses include a broad set of built-in networking and security features and functionalities.

We accrue costs for manufacturing purchase commitments in excess of our forecasted demand, including costs for excess components or for carrying costs incurred by our manufacturing partners and component suppliers.

These forecasts of future demand are based upon historical trends and analysis from our sales and product management functions as adjusted for overall market conditions. We accrue costs for manufacturing purchase commitments in excess of our forecasted demand, including costs for excess components or for carrying costs incurred by our manufacturing partners and component suppliers.

Year Ended July 31, Year Ended July 31, 2023 2022 Change 2022 2021 Change Amount Amount Amount % Amount Amount Amount % (dollars in millions) Provision for income taxes $ 126.6 $ 59.8 $ 66.8 111.7 % $ 59.8 $ 33.9 $ 25.9 76.4 % Effective tax rate 22.4 % (28.9) % (28.9) % (7.3) % Our provision for income taxes for fiscal 2023 was primarily due to U.S. federal and state income taxes, withholding taxes, and foreign income taxes.

Year Ended July 31, Year Ended July 31, 2024 2023 Change 2023 2022 Change Amount Amount Amount % Amount Amount Amount % (dollars in millions) Provision for (benefit from) income taxes $ (1,589.3) $ 126.6 $ (1,715.9) * $ 126.6 $ 59.8 $ 66.8 111.7 % Effective tax rate (160.8) % 22.4 % 22.4 % (28.9) % * Not meaningful Our benefit from income taxes in fiscal 2024 was $1.6 billion, a net change of $1.7 billion compared to a provision for income taxes of $126.6 million in fiscal 2023, primarily due to the release of our valuation allowance in fiscal 2024.

Our consultants serve as trusted advisors to our customers by assessing and testing their security controls against the right threats, transforming their security strategy with a threat-informed approach, and responding to security incidents on behalf of our clients. For fiscal 2023 and 2022, total revenue was $6.9 billion and $5.5 billion, respectively, representing year-over-year growth of 25.3%.

Our consultants serve as trusted advisors to our customers by assessing and testing their security controls against the right threats, transforming their security strategy with a threat-informed approach, and responding to security incidents on behalf of our clients. Additionally, Unit 42 offers managed detection and response and managed threat hunting services.

This increase was offset by releases of uncertain tax positions during fiscal 2023 resulting from tax settlements. Refer to Note 15. Income Taxes in Part II, Item 8 of this Annual Report on Form 10-K for more information.

This is also the primary driver of the change in our effective tax rate for fiscal 2024 compared to fiscal 2023. Refer to Note 15. Income Taxes in Part II, Item 8 of this Annual Report on Form 10-K for more information.

Worsening economic conditions, including inflation, higher interest rates, slower growth, fluctuations in foreign exchange rates, and other conditions, may adversely affect our results of operations and financial performance. We continue to experience supply chain disruption and incur increased costs resulting from inflationary pressures.

Impact of Macroeconomic Developments and Other Factors on Our Business Our overall performance depends in part on worldwide economic and geopolitical conditions and their impact on customer behavior. Worsening economic conditions, including inflation, higher interest rates, slower growth, fluctuations in foreign exchange rates, supply chain disruptions, and other conditions, may adversely affect our results of operations and financial performance.

We adjust these reserves in light of changing facts and circumstances, such as the closing of a tax audit or the refinement of an estimate. To the extent that the final tax outcome of these matters is different than the amounts recorded, such differences may impact the provision for income taxes in the period in which such determination is made.

We adjust these reserves in light of changing facts and circumstances, such as the closing of a tax audit or the refinement of an estimate.

Year Ended July 31, Year Ended July 31, 2023 2022 Change 2022 2021 Change Amount Amount Amount % Amount Amount Amount % (dollars in millions) General and administrative $ 447.7 $ 405.0 $ 42.7 10.5 % $ 405.0 $ 391.1 $ 13.9 3.6 % General and administrative expenses increased for fiscal 2023 compared to fiscal 2022 primarily due to increased personnel costs, which grew $23.2 million, largely due to share-based compensation related to our recent acquisitions and headcount growth.

Year Ended July 31, Year Ended July 31, 2024 2023 Change 2023 2022 Change Amount Amount Amount % Amount Amount Amount % (dollars in millions) General and administrative $ 680.5 $ 447.7 $ 232.8 52.0 % $ 447.7 $ 405.0 $ 42.7 10.5 % General and administrative expenses increased for fiscal 2024 compared to fiscal 2023 primarily due to litigation-related charges of $204.4 million in fiscal 2024.

Sales and marketing expense also includes costs for market development programs, promotional and other marketing costs, professional services, and shared costs. We continue to strategically invest in headcount and have grown our sales presence.

We continue to strategically invest in headcount and have grown our sales presence.

Critical Accounting Estimates Our consolidated financial statements have been prepared in accordance with U.S. GAAP. The preparation of these consolidated financial statements requires us to make estimates and assumptions that affect the reported amounts of assets, liabilities, revenue, expenses, and related disclosures.

The preparation of these consolidated financial statements requires us to make estimates and assumptions that affect the reported amounts of assets, liabilities, revenue, expenses, and related disclosures. We base our estimates on historical experience and on various other assumptions that we believe are reasonable under the circumstances. We evaluate our estimates and assumptions on an ongoing basis.

Year Ended July 31, Year Ended July 31, 2023 2022 Change 2022 2021 Change Amount Amount Amount % Amount Amount Amount % (dollars in millions) Cost of product revenue $ 418.3 $ 455.5 $ (37.2) (8.2) % $ 455.5 $ 308.5 $ 147.0 47.6 % Cost of product revenue decreased for fiscal 2023 compared to fiscal 2022 due to a favorable hardware product mix.

Year Ended July 31, Year Ended July 31, 2024 2023 Change 2023 2022 Change Amount Amount Amount % Amount Amount Amount % (dollars in millions) Cost of product revenue $ 348.2 $ 418.3 $ (70.1) (16.8) % $ 418.3 $ 455.5 $ (37.2) (8.2) % Cost of product revenue decreased for fiscal 2024 compared to fiscal 2023 primarily due to decreased demand for our prior generation of hardware products and lower costs largely driven by an easing of supply chain challenges, partially offset by a change in mix shift within our new generation hardware products.

PROVISION FOR INCOME TAXES Provision for income taxes consists primarily of U.S. taxes driven by capitalization of research and development expenditures, foreign income taxes, and withholding taxes. We maintain a full valuation allowance for domestic and certain foreign deferred tax assets, including net operating loss carryforwards and certain domestic tax credits.

We continue to maintain a valuation allowance for California and certain deferred tax assets, including net operating loss carryforwards and certain domestic tax credits.

… 39 more changes not shown on this page.

Item 7A. Quantitative and Qualitative Disclosures About Market Risk

Market Risk — interest-rate, FX, commodity exposure

6 edited+2 added−1 removed6 unchanged

2023 filing

2024 filing

Biggest changeAdditionally, fluctuations in foreign currency exchange rates may cause us to recognize transaction gains and losses in our statement of operations. The effect of an immediate 10% adverse change in foreign exchange rates on monetary assets and liabilities at July 31, 2023 would not be material to our financial condition or results of operations.

Biggest changeA hypothetical 10% change in foreign exchange rates on monetary assets and liabilities would not be material to our financial condition or results of operations after taking into consideration the effect of foreign currency forward contracts in place as of July 31, 2024.

Based on investment positions as of July 31, 2023, a hypothetical 100 basis point increase in interest rates across all maturities would result in a $55.5 million decline in the fair market value of the portfolio. Such losses would only be realized if we sold the investments prior to maturity.

Based on investment positions as of July 31, 2024, a hypothetical 100 basis point increase in interest rates across all maturities would result in a $97.8 million decline in the fair market value of the portfolio. Such losses would only be realized if we sold the investments prior to maturity.

As of July 31, 2023, foreign currency transaction gains and losses and exchange rate fluctuations have not been material to our consolidated financial statements. We enter into foreign currency derivative contracts with maturities of 24 months or less, which we designate as cash flow hedges, to manage the foreign currency exchange risk associated with our foreign currency denominated operating expenditures.

We enter into foreign currency derivative contracts with maturities of 24 months or less, which we designate as cash flow hedges, to manage the foreign currency exchange risk associated with our foreign currency denominated operating expenditures.

However, the fair value of fixed rate debt instruments fluctuates when interest rates change, and additionally, in the case of the 2025 Notes, when the market price of our common stock fluctuates. - 51 - Table of Contents

As these instruments have a fixed annual interest rate, we have no financial and economic exposure associated with changes in interest rates. However, the fair value of fixed rate debt instruments fluctuates when interest rates change, and additionally, in the case of the 2025 Notes, when the market price of our common stock fluctuates. - 57 - Table of Contents

Conversely, a hypothetical 100 basis point decrease in interest rates would lead to a $55.5 million increase in the fair market value of the portfolio. In June 2020, we issued $2.0 billion aggregate principal amount of 0.375% Convertible Senior Notes due 2025 (the “2025 Notes”).

Conversely, a hypothetical 100 basis point decrease in interest rates would lead to a $97.8 million increase in the fair market value of the portfolio. In June 2020, we issued $2.0 billion aggregate principal amount of the 2025 Notes. We carry these instruments at face value less unamortized issuance costs on our consolidated balance sheets.

Removed

We carry these instruments at face value less unamortized issuance costs on our consolidated balance sheets. As these instruments have a fixed annual interest rate, we have no financial and economic exposure associated with changes in interest rates.

Added

Additionally, fluctuations in foreign currency exchange rates may cause us to recognize transaction gains and losses in our statement of operations. Foreign currency remeasurement gains and losses and foreign currency transaction gains and losses have not had a significant impact to our consolidated financial statements.

Added

We also enter into foreign currency derivative contracts that are not designated as hedging instruments to hedge a portion of our outstanding monetary assets and liabilities denominated in foreign currencies. These foreign currency derivative contracts reduce but do not entirely eliminate the effect of foreign exchange rate fluctuations.

Top changes in Palo Alto Networks's 2024 10-K

Item 1. Business

Item 1A. Risk Factors

Item 5. Market for Registrant's Common Equity

Item 7. Management's Discussion & Analysis

Item 7A. Quantitative and Qualitative Disclosures About Market Risk

Other PANW 10-K year-over-year comparisons