SEC Info - Rubrik, Inc. - IPO: ‘424B4’ on 4/26/24

SEC Info℠

Home

Help

Please Sign In

Rubrik, Inc. – IPO: ‘424B4’ on 4/26/24

On: Friday, 4/26/24, at 5:20pm ET · Accession #: 1193125-24-118478 · File #: 333-278434

  As Of               Filer                 Filing    For·On·As Docs:Size             Issuer                      Filing Agent

 4/26/24  Rubrik, Inc.                      424B4                  1:6.9M                                   Donnelley … Solutions/FA

Initial Public Offering (IPO): Prospectus – Info Previously Omitted & New Facts or Events — Rule 424(b)(4)

Filing Table of Contents

Document/Exhibit                   Description                      Pages   Size 

 1: 424B4       Prospectus - Info Previously Omitted & New Facts    HTML   2.06M 
                or Events

Document Table of Contents

Page	(sequential)	(alphabetic)	↑Top
		Alternative Formats (Word, et al.) Business Capitalization Certain Relationships and Related Party Transactions Consolidated Balance Sheets Consolidated Statements of Cash Flows Consolidated Statements of Comprehensive Loss Consolidated Statements of Operations Consolidated Statements of Redeemable Convertible Preferred Stock and Stockholders' Deficit Description of Capital Stock Dilution Dividend Policy Executive Compensation Experts Index to Consolidated Financial Statements Legal Matters Management Management's Discussion and Analysis of Financial Condition and Results of Operations Market, Industry, and Other Data Material U.S. Federal Income Tax Consequences to Non-U.S. Holders of Our Class A Common Stock Notes to Consolidated Financial Statements Principal Stockholders Prospectus Summary Report of Independent Registered Public Accounting Firm Risk Factors Shares Eligible for Future Sale Special Note Regarding Forward-Looking Statements Table of Contents Underwriting (Conflicts of Interest) Use of Proceeds Where You Can Find Additional Information
1	1st Page – Filing Submission
"	Table of Contents
"	Prospectus Summary
"	Risk Factors
"	Special Note Regarding Forward-Looking Statements
"	Market, Industry, and Other Data
"	Use of Proceeds
"	Dividend Policy
"	Capitalization
"	Dilution
"	Management's Discussion and Analysis of Financial Condition and Results of Operations
"	Business
"	Management
"	Executive Compensation
"	Certain Relationships and Related Party Transactions
"	Principal Stockholders
"	Description of Capital Stock
"	Shares Eligible for Future Sale
"	Material U.S. Federal Income Tax Consequences to Non-U.S. Holders of Our Class A Common Stock
"	Underwriting (Conflicts of Interest)
"	Legal Matters
"	Experts
"	Where You Can Find Additional Information
"	Index to Consolidated Financial Statements
"	Report of Independent Registered Public Accounting Firm
"	Consolidated Balance Sheets
"	Consolidated Statements of Operations
"	Consolidated Statements of Comprehensive Loss
"	Consolidated Statements of Redeemable Convertible Preferred Stock and Stockholders' Deficit
"	Consolidated Statements of Cash Flows
"	Notes to Consolidated Financial Statements

This is an HTML Document rendered as filed. [ Alternative Formats ]

424B4

Filed pursuant to Rule 424(b)(4)

File No. 333-278434

23,500,000 Shares

LOGO

CLASS A COMMON STOCK

This is an initial public offering of shares of Class A common stock of Rubrik, Inc.

Prior to this offering, there has been no public market for our Class A common stock. The initial public offering price per share is $32.00. Our Class A common stock has been approved for listing on the New York Stock Exchange under the symbol “RBRK.”

We have two classes of authorized common stock: Class A common stock and Class B common stock. The rights of the holders of Class A common stock and Class B common stock are identical, except with respect to voting, conversion, and transfer rights. Each share of Class A common stock is entitled to one vote. Each share of Class B common stock is entitled to 20 votes and is convertible at any time into one share of Class A common stock. Outstanding shares of Class B common stock will represent approximately 99.3% of the voting power of our outstanding capital stock immediately following this offering, with our directors, executive officers, and principal stockholders representing approximately 63.6% of such voting power.

We are an “emerging growth company” as defined under the federal securities laws, and as such, we have elected to comply with certain reduced reporting requirements for this prospectus and may elect to do so in future filings.

See the section titled “Risk Factors” beginning on page 21 to read about factors you should consider before buying shares of our Class A common stock.

Neither the Securities and Exchange Commission nor any other regulatory body has approved or disapproved of these securities or passed upon the accuracy or adequacy of this prospectus. Any representation to the contrary is a criminal offense.


	PER SHARE		TOTAL
Initial public offering price	$	32.00	$	752,000,000
Underwriting discounts and commissions⁽¹⁾	$	1.776	$	41,736,000
Proceeds, before expenses, to Rubrik, Inc.	$	30.224	$	710,264,000

⁽¹⁾	See the section titled “Underwriting (Conflicts of Interest)” for additional information regarding compensation payable to the underwriters.

To the extent that the underwriters sell more than 23,500,000 shares of Class A common stock, the underwriters have the option to purchase up to an additional 3,525,000 shares of Class A common stock from us at the initial public offering price less underwriting discounts and commissions.

The underwriters expect to deliver the shares of Class A common stock against payment in New York, New York on April 29, 2024.


Goldman Sachs & Co. LLC		Barclays		Citigroup		Wells Fargo Securities



Guggenheim Securities	Mizuho	Truist Securities	BMO Capital Markets	Deutsche Bank Securities



KeyBanc Capital Markets	Cantor	CIBC Capital Markets

Capital One Securities	Wedbush Securities	SMBC Nikko

Prospectus dated April 24, 2024.

LOGO

TABLE OF CONTENTS


PROSPECTUS SUMMARY			1
RISK FACTORS			21
SPECIAL NOTE REGARDING FORWARD-LOOKING STATEMENTS			75
MARKET, INDUSTRY, AND OTHER DATA			77
USE OF PROCEEDS			78
DIVIDEND POLICY			79
CAPITALIZATION			80
DILUTION			83
MANAGEMENT’S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION AND RESULTS OF OPERATIONS			86
BUSINESS			114
MANAGEMENT			137
EXECUTIVE COMPENSATION			147
CERTAIN RELATIONSHIPS AND RELATED PARTY TRANSACTIONS			163
PRINCIPAL STOCKHOLDERS			166
DESCRIPTION OF CAPITAL STOCK			169
SHARES ELIGIBLE FOR FUTURE SALE			177
MATERIAL U.S. FEDERAL INCOME TAX CONSEQUENCES TO NON-U.S. HOLDERS OF OUR CLASS A COMMON STOCK			181
UNDERWRITING (CONFLICTS OF INTEREST)			185
LEGAL MATTERS			196
EXPERTS			196
WHERE YOU CAN FIND ADDITIONAL INFORMATION			196
INDEX TO CONSOLIDATED FINANCIAL STATEMENTS			F-1

Through and including May 19, 2024 (the 25th day after the date of this prospectus), all dealers effecting transactions in these securities, whether or not participating in this offering, may be required to deliver a prospectus. This is in addition to a dealer’s obligation to deliver a prospectus when acting as an underwriter and with respect to an unsold allotment or subscription.

Neither we nor any of the underwriters has authorized anyone to provide you with any information or to make any representations other than those contained in this prospectus or in any free writing prospectuses we have prepared. Neither we nor any of the underwriters take any responsibility for, and can provide no assurance as to the reliability of, any other information that others may give you. We are offering to sell, and seeking offers to buy, shares of our Class A common stock only in jurisdictions where offers and sales are permitted. The information contained in this prospectus is accurate only as of the date of this prospectus, regardless of the time of delivery of this prospectus or of any sale of our Class A common stock. Our business, financial condition, results of operations, and growth prospects may have changed since that date.

For investors outside the United States: Neither we nor any of the underwriters have done anything that would permit this offering or possession or distribution of this prospectus in any jurisdiction where action for that purpose is required, other than in the United States. Persons outside of the United States who come into possession of this prospectus must inform themselves about, and observe any restrictions relating to, the offering of the shares of our Class A common stock and the distribution of this prospectus outside of the United States.

PROSPECTUS SUMMARY

This summary highlights selected information contained elsewhere in this prospectus. This summary does not contain all of the information you should consider before investing in our Class A common stock. You should read this entire prospectus carefully, including the sections titled “Risk Factors,” “Special Note Regarding Forward-Looking Statements,” and “Management’s Discussion and Analysis of Financial Condition and Results of Operations,” and our consolidated financial statements and the related notes included elsewhere in this prospectus, before making an investment decision. Unless the context otherwise requires, all references in this prospectus to “we,” “us,” “our,” “our company,” and “Rubrik,” refer to Rubrik, Inc. and its consolidated subsidiaries. Unless otherwise indicated, references to our “common stock” include our Class A common stock and Class B common stock.

RUBRIK, INC.

Overview

We are on a mission to secure the world’s data.

Cyberattacks are inevitable. Realizing that cyberattacks ultimately target data, we created Zero Trust Data Security to deliver cyber resilience so that organizations can secure their data across the cloud and recover from cyberattacks. We believe that the future of cybersecurity is data security—if your data is secure, your business is resilient.

We built Rubrik Security Cloud, or RSC, with Zero Trust design principles to secure data across enterprise, cloud, and software-as-a-service, or SaaS, applications. RSC delivers a cloud native SaaS platform that detects, analyzes, and remediates data security risks and unauthorized user activities. Our platform is architected to help organizations achieve cyber resilience, which encompasses cyber posture and cyber recovery. We enable organizations to confidently accelerate digital transformation and leverage the cloud to realize business agility.

Traditional cybersecurity approaches have failed to not only prevent but also provide recovery from increasingly rampant and sophisticated cyberattacks. At the same time, legacy backup and recovery solutions have significant shortfalls in addressing cyber recovery and data security as they were primarily built for operational and natural disaster recoveries. They were not designed to enable reliable recovery from cyberattacks, nor were they designed to natively deliver cyber threat analytics and event response.

Architecture matters when it comes to securing data. We built a unique SaaS architecture that combines data and metadata from business applications across enterprise, cloud, and SaaS applications to create self-describing data as a time-series. Self-describing data contains information such as application context, user identity, data sensitivity, and application lineage. This allows us to apply artificial intelligence and machine learning directly to business data to understand emergent data security threats and deliver cyber recovery.

Our Zero Trust Data Security platform assumes that information technology infrastructure will be breached, and nothing can be trusted without authentication. Our data threat engine powered by artificial intelligence and machine learning analyzes the self-describing data time-series to derive

security intelligence from data and provide remediation recommendations. Automation is at the core of our architecture ethos. Our automated policy-driven platform delivers data security enforcement, incident response orchestration, and API integrations with the broader security ecosystem.

We use the following guiding principles to design our RSC platform and products:

•

Data resilience. Data is always available, notwithstanding cyberattacks, malicious insiders, and operational disruptions.

•

Data observability. Data is continuously monitored to strengthen data security posture and minimize attack surface. Emergent security risks are identified, contained, and resolved.

•

Data remediation. Points of infection are identified, threats are remediated, and impacted data assets are rapidly recovered without malware reinfection.

Our business is indexed to business data growth. Our customers’ need for our solutions grows in lockstep with their business data growth and their need for additional data security capabilities. We primarily sell subscriptions to RSC through our sales team and partner network by employing a land and expand sales strategy. We land new customers by selling subscriptions to RSC to secure any one of four distinct types of data: private cloud (which we refer to as enterprise), enterprise NAS⁽¹⁾ (which we refer to as unstructured data), cloud, and SaaS applications. Expansion happens along three vectors: the growth of data from applications already secured by Rubrik; new applications secured; and additional data security products. This expansion is driven by a natural flywheel effect in which the value of our platform increases as our customers’ data grows across various applications. As organizations manage more data with RSC, they gain deeper insights into their data, strengthen their overall security posture, and reduce compliance risk. Our average subscription dollar-based net retention rate was 133% as of January 31, 2024. See the section titled “Management’s Discussion and Analysis of Financial Condition and Results of Operations—Key Business Metrics” included elsewhere in this prospectus for our definitions of these metrics.

Our platform’s broad applicability allows us to serve organizations of all sizes across a wide range of industries and geographies. As of January 31, 2024, we had more than 6,100 customers, increasing from over 5,000 customers as of January 31, 2023.

Organizations around the world rely on Rubrik to achieve business resilience in the face of cyberattacks, malicious insiders, and operational disruptions. As a result, we have experienced rapid growth, with our subscription annual recurring revenue, or Subscription ARR, increasing from $532.9 million as of January 31, 2023, to $784.0 million as of January 31, 2024, representing a 47% increase, and our total revenue increasing from $599.8 million in the fiscal year ended January 31, 2023, or fiscal 2023, to $627.9 million in the fiscal year ended January 31, 2024, or fiscal 2024. We measure our business on the basis of Subscription ARR. Subscription ARR illustrates our success in acquiring new subscription customers and maintaining and expanding our relationships with existing subscription customers. As of January 31, 2024, we had 1,742 customers generating more than $100,000 in Subscription ARR and 99 customers generating more than $1,000,000 in Subscription ARR. We have continued to invest in growing our business and advancing our solutions to capitalize on our market opportunity. As a result, in fiscal 2023 and fiscal 2024, we incurred net losses of $(277.7) million and $(354.2) million, respectively. In fiscal 2023 and fiscal 2024, operating cash flow was $19.3 million and $(4.5) million, respectively, and free cash flow was $(15.0) million and $(24.5) million, respectively.

⁽¹⁾	Network-Attached Storage.

Industry Background

We believe that data is every organization’s most important asset, and that the following industry trends are driving a need for a new approach to data security:

Due to accelerated digitization, cloud adoption, and rapid data growth, organizations manage extensive, valuable data estates that are vulnerable to malicious actors.

•

Cloud and SaaS adoption. As more organizations embrace numerous cloud and SaaS applications, the IT environment continues to become more fragmented. As a result, organizations lose visibility and control over where their data resides, how it is used, and who is using it.

•

Data value is increasing. Data fuels organizational innovation, growth, and differentiation in the digital economy. The value of data further increases through a regulatory lens as organizations secure, manage, and govern their data to be compliant with industry and data privacy regulations (e.g., HIPAA, PCI, GDPR, CCPA). As data value increases, organizations face a growing threat of cyberattacks intent on exfiltrating data assets.

Recent AI progress forces organizations to contend with new data security, privacy, and compliance risks.

•

GenAI adoption requires data security. Generative AI breakthroughs have ushered in a technological paradigm shift that promises huge productivity gains for organizations. For enterprises to unlock competitive advantages, they need to build AI models based on data from their business applications. CIOs, CISOs, and senior technology leaders need to set guardrails to mitigate ensuing data security, privacy, and compliance risks.

•

GenAI could lead to more sophisticated cyberattacks. Generative AI fuels new visual, auditory, and textual methods of attacks, increasing the volume and sophistication of cyber incidents. Simultaneously, AI-based technologies will help organizations identify new vulnerabilities and navigate new data security risks.

The digital economy demands organizations to have 24x7 application availability and resilience against cyberattacks, faults, and failures.

•

2024. Organizations have evolved from using a full-trust, perimeter-guarding security approach to a more stringent Zero Trust infrastructure security model that denies access by default. Despite this, cyberattacks continue to occur, and infrastructure security solutions cannot help reconstitute the business in the event of a cyberattack.

Organizations must comply with a growing and ever-evolving data compliance and regulatory landscape.

•

Data compliance has become increasingly difficult. Compliance mandates for protecting sensitive data and user access are continually evolving and proliferating. As cyberattacks increase and enterprise AI adoption continues, organizations must navigate stricter regulations.

The culmination of these trends places organizations and their data assets at continuous risk. While organizations have increased security budgets and adopted advanced defenses, keeping up with evolving cyber threats remains a challenge as infrastructure continues to be compromised and data is breached. Securing data necessitates a new approach.

Limitations of Current Technologies

Current products and technologies struggle to meet the data security needs of today’s organizations and are limited by some or all of the following:

•

Built for security or for backup and recovery, but not both;

•

Inability to surface data security incidents for security operations;

•

Inability to recover data after a cyberattack;

•

Not built to manage and provide a unified view of hybrid multi-cloud environments;

•

Inability to provide deep visibility and understanding of disparate data sources over time;

•

Inability to orchestrate recovery of diverse data sources without malware reinfection;

•

Existing solutions’ full trust security model increases software supply chain risk; and

•

Difficult to use at scale and across data sources.

Our Data Security Platform

Rubrik has a unique Zero Trust Data Security approach to help organizations achieve business resilience against cyberattacks, malicious insiders, and operational disruptions. We believe a comprehensive cybersecurity strategy requires data security in addition to traditional infrastructure security approaches. We enable organizations to implement a Zero Trust framework at the data layer, deliver data availability that withstands the aforementioned adverse conditions, and uphold data integrity even when infrastructure is compromised.

RSC is a cloud native SaaS platform that secures data across disparate sources, allowing customers to have a single point of control from one user interface. RSC is built on a proprietary framework that represents time-series data and metadata generated across enterprise, cloud, and SaaS applications. We build products on top of RSC to address a myriad of use cases that help our customers achieve cyber resilience, from hardening their data security posture to cyber recovery. These use cases include protection and recovery from cyberattacks, malicious insiders, and operational disruptions; orchestration of cyber and operational recovery, failover/failback testing, and cloud migration; sensitive data classification and over-privileged data access; monitoring for governance, regulatory compliance, and data breaches; and identification, containment, and

remediation of ransomware and other security threats. Our access to time-series data and metadata allows us to deliver a breadth of products that span the following areas:

•

Data Protection. Our data protection products are built for ease of deployment and use, scalability, and rapid recovery from cyberattacks, malicious insiders, and operational disruptions. We offer data protection products to manage enterprise, unstructured data, cloud, and SaaS applications.

•

Data Threat Analytics. Our data threat analytics products use advanced machine learning to detect data threats and identify the blast radius of a cyberattack to enable a speedy recovery. They can also be used for threat hunting and to continuously monitor for indicators of compromise commonly used by bad actors to establish persistent access, move laterally, or exfiltrate data.

•

Data Security Posture. Our data security posture products strengthen cyber posture by locating sensitive data proliferation, in addition to identifying data risks. They can be used to discover where organizational data lives, sensitivity of data, and user access and activity.

•

Cyber Recovery. Our cyber recovery products improve cyber readiness and incident response by providing orchestrated recovery from a cyberattack and threat containment to quarantine data infected with malware.

In addition, we offer Ruby for AI data defense and recovery. Ruby is designed to augment human efforts with its generative AI capabilities, helping customers scale their data security operations with automation, boosting productivity, and bridging the users’ skills gap. Ruby uses Microsoft Azure OpenAI Service in combination with our own proprietary, internally developed software. Our proprietary software augments user queries to generate prompts that are submitted to the Azure OpenAI model and also enhances the model output to generate responses presented back to the user. We chose to use Microsoft Azure OpenAI Service based on its security features and because it offers an advanced AI model provisioned in Rubrik’s Azure environment such that the data stays within Rubrik’s control. For more information regarding the risks related to the use of AI in our business, see the risk factor titled “Our use of generative artificial intelligence tools may pose risks to our proprietary software and systems and subject us to legal liability” in the section titled “Risk Factors.”

Our RSC platform is built to be highly flexible and scalable, enabling us to innovate and deliver new products in the future.

RSC secures data across enterprise, cloud, and SaaS applications, including:

•

Enterprise: VMware, Microsoft Hyper-V, Microsoft SQL Server, Oracle, Microsoft Windows, Nutanix, Kubernetes, Cassandra, MongoDB, Linux, UNIX, AIX, NAS, Epic, and SAP HANA.

•

Cloud/SaaS: GCP, Azure, AWS, M365 (Microsoft Teams, SharePoint, Exchange Online, and OneDrive), and Atlassian Jira Cloud.

Architecture Matters

We believe the following attributes of our platform architecture allow us to offer a differentiated approach to data security:

•

Time-Series Data and Metadata. Combines data and metadata together into self-describing data and records its history over time. Self-describing data gives us the full context of data to address security use cases and conduct cyber recovery. Our proprietary framework uniformly represents self-describing data across time for a multitude of applications.

•

Zero Trust Design. Prevents threats to the data layer through native immutability, secure protocols, logical air gap, encryption, role-based access controls, multi-factor authentication, and native services.

•

Data Threat Engine. Uses machine learning and threat intelligence to analyze our time-series data and metadata, detecting anomalies, encryption, content sensitivity, and malware.

•

Automation. Delivers automated end-to-end policy management and enforcement, orchestration of security incident response, and API integrations.

Our Competitive Advantages

Key differentiating elements of our platform and approach include:

•

Zero Trust architectural design for data security;

•

Ability to surface data security incidents for security operations;

•

Built to enable operational continuity following cyberattacks and other security incidents;

•

Built to secure data across a hybrid multi-cloud environment;

•

Built to detect and analyze anomalies, sensitive data, user risk, and security threats;

•

Ability to automatically orchestrate complex recoveries without malware reinfection;

•

Radical simplicity at scale to ensure ease of use across complex environments; and

•

Fully extensible, API-first platform with a broad ecosystem of compatibility.

Key Benefits to Our Customers

Organizations choose Rubrik to:

•

Achieve cyber and operational resilience;

•

Strengthen data security posture;

•

Secure, govern, and recover data across hybrid multi-cloud and SaaS applications;

•

Comply with data regulations;

•

Catalog and govern data assets; and

•

Improve operational efficiency.

Our Opportunity

We believe our total addressable market opportunity for our platform will be approximately $36.3 billion by the end of calendar year 2024 and approximately $52.9 billion by the end of calendar year 2027, based on market estimates in Gartner® research, representing an average 13% compounded annual growth rate.⁽²⁾ These market estimates are as follows:

•

⁽²⁾

Gartner, Inc., Forecast: Enterprise Infrastructure Software, Worldwide, 2021-2027, 4Q23 Update, December 2023; Gartner, Inc., Forecast: Information Security and Risk Management, Worldwide, 2021-2027, 4Q23 Update, December 2023; Gartner, Inc., Forecast Analysis: Cloud Security Posture Management, Worldwide, July 2023. Calculations performed by Rubrik, Inc. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the United States and internationally and is used herein with permission. All rights reserved.

$1.9 billion in Archive Software.⁽³⁾ According to market estimates in Gartner® research, these markets will increase to $15.4 billion by the end of calendar year 2027.⁽⁴⁾

•

Security. Based on market estimates in Gartner® research, we believe our addressable market for Application Security, Cloud Security, Cloud Security Posture Management, Data Privacy, Data Security, and Privileged Access Management Software will represent approximately $23.4 billion by the end of calendar year 2024 and approximately $37.5 billion by the end of calendar year 2027.⁽⁵⁾⁽⁶⁾

Our Growth Strategy

Key elements of our growth strategy include:

•

Continuing to grow our platform and products;

•

Growing our customer base;

•

Expanding within our customer base;

•

Innovating and extending our product leadership;

•

Growing and harnessing our partner ecosystem;

•

Expanding our global footprint; and

•

Pursuing strategic acquisitions.

Risk Factors Summary

Investing in our Class A common stock involves numerous risks, including the risks described in the section titled “Risk Factors” and elsewhere in this prospectus. You should carefully consider these risks before making an investment. Below are some of these risks, any one of which could materially adversely affect our business, financial condition, results of operations, and growth prospects.

•

Our recent rapid growth may not be indicative of our future growth. Our rapid growth also makes it difficult to evaluate our future prospects.

•

If the market for data security solutions does not grow, our ability to grow our business and our results of operations may be adversely affected.

•

We have a limited operating history, particularly with respect to our offering of RSC, which makes it difficult to forecast our future results of operations.

•

If we are unable to attract new customers, our future results of operations could be harmed.

•

We have a history of operating losses and may not achieve or sustain profitability in the future.

⁽³⁾	Gartner, Inc., Forecast: Enterprise Infrastructure Software, Worldwide, 2021-2027, 4Q23 Update, December 2023. Calculations performed by Rubrik, Inc.

⁽⁴⁾	Ibid. Calculations performed by Rubrik, Inc. Includes $13.3 billion in Backup and Recovery Software and $2.1 billion in Archive Software.

⁽⁵⁾

Gartner, Inc., Forecast: Information Security and Risk Management, Worldwide, 2021-2027, 4Q23 Update, December 2023. Calculations performed by Rubrik, Inc. Includes $6.6 billion and $9.8 billion in Application Security, $6.9 billion and $12.8 billion in Cloud Security, $1.7 billion and $2.7 billion in Data Privacy, $4.2 billion and $5.9 billion in Data Security, and $2.4 billion and $2.9 billion in Privileged Access Management by the end of calendar years 2024 and 2027, respectively.

⁽⁶⁾	Gartner, Inc., Forecast Analysis: Cloud Security Posture Management, Worldwide, July 2023. Calculations performed by Rubrik, Inc. Includes $1.8 billion and $3.3 billion in Cloud Security Posture Management by the end of calendar years 2024 and 2027, respectively.

•

If our customers do not renew their subscriptions for our data security solutions or expand their subscriptions to increase the amount of data secured, secure new applications, or include new features or capabilities, our results of operations could be harmed.

•

If our data security solutions fail or do not perform as intended or are perceived to have defects, errors, or vulnerabilities, our brand and reputation will be harmed, which would adversely affect our business and results of operations.

•

Our information technology systems or data, or those of third parties upon which we rely, have in the past been, and may in the future be, compromised, which may cause us to experience significant adverse consequences, including but not limited to regulatory investigations or actions, litigation, fines and penalties, disruptions of our business operations, reputational harm, loss of revenue or profits, loss of customers or sales, and other adverse consequences. As a data security company, we have been and may in the future be specifically targeted by various threat actors who try to compromise our information technology systems or data.

•

Our use of generative artificial intelligence tools may pose risks to our proprietary software and systems and subject us to legal liability.

•

We expect our revenue mix and certain business factors to impact the amount of revenue recognized period to period, which could make period-to-period revenue comparisons not meaningful and make revenue difficult to predict.

•

We rely upon third-party cloud providers to host our data security solutions, and any disruption of, or interference with, our use of third-party cloud products would adversely affect our business, financial condition, and results of operations.

•

We may not be able to successfully manage our growth, and if we are not able to grow efficiently, our business, financial condition, and results of operations could be harmed.

•

The markets in which we participate are competitive, and if we do not compete effectively, our business, financial condition, and results of operations could be harmed.

•

The estimates of market opportunity, forecasts of market growth, and potential return on investment included in this prospectus may prove to be inaccurate, and even if the market in which we compete achieves the forecasted growth, our business could fail to grow at similar rates, if at all.

•

The dual class structure of our common stock as contained in our amended and restated certificate of incorporation has the effect of concentrating voting control with those stockholders who held our stock prior to this offering, including our executive officers, employees, and directors and their affiliates, and limiting your ability to influence corporate matters, which could adversely affect the trading price of our Class A common stock.

If we are unable to adequately address these and other risks we face, our business may be harmed.

Channels for Disclosure of Information

Following the closing of this offering, we intend to announce material information to the public through filings with the Securities and Exchange Commission, or the SEC, the investor relations page on our website, press releases, public conference calls, public webcasts, our blog posts on our website, and our X (formerly Twitter) (@rubrikInc) and LinkedIn (www.linkedin.com/company/rubrik-inc) accounts. Information contained on, or accessible through, our website and accounts is not a part of this prospectus, and the inclusion of our website and account addresses in this prospectus is only as inactive textual references.

The information disclosed through the foregoing channels could be deemed to be material information. As such, we encourage investors, the media, and others to follow the channels listed above and to review the information disclosed through such channels. Any updates to the list of disclosure channels through which we will announce information will be posted on the investor relations page on our website.

Corporate Information

We were initially incorporated under the laws of the State of Delaware in December 2013 under the name ScaleData, Inc. We changed our name to Rubrik, Inc. in October 2014. Our principal executive offices are located at 3495 Deer Creek Road, Palo Alto, California 94304. Our telephone number is (844) 478-2745. Our website address is www.rubrik.com. Information contained on, or accessible through, our website is not a part of this prospectus, and the inclusion of our website address in this prospectus is only as an inactive textual reference.

The Rubrik design logos, “Rubrik,” and our other registered or common law trademarks, trade names, or service marks appearing in this prospectus are the property of Rubrik, Inc. or its affiliates. Other trademarks, trade names, and service marks used in this prospectus are the property of their respective owners. Solely for convenience, trademarks, trade names, and service marks referred to in this prospectus may appear without the ^®, ^™, or ^SM symbols.

Implications of Being an Emerging Growth Company

As a company with less than $1.235 billion in revenue during our last fiscal year, we qualify as an “emerging growth company” as defined in the Jumpstart Our Business Startups Act, or JOBS Act, enacted in April 2012. An emerging growth company may take advantage of reduced reporting requirements that are otherwise applicable generally to public companies. These provisions include, but are not limited to:

•

not being required to comply with the auditor attestation requirements of Section 404 of the Sarbanes-Oxley Act of 2002, as amended;

•

reduced obligations with respect to financial data, including presenting only two years of audited financial statements;

•

reduced disclosure obligations regarding executive compensation in our periodic reports, proxy statements, and registration statements; and

•

exemptions from the requirements of holding a nonbinding advisory vote on executive compensation and any golden parachute payments not previously approved.

We may take advantage of these provisions until the last day of our fiscal year following the fifth anniversary of the date of the first sale of our Class A common stock in this offering. However, we will cease to be an emerging growth company prior to the end of such five-year period if (i) we become a “large accelerated filer,” with at least $700 million of common equity securities held by non-affiliates; (ii) our annual gross revenue exceeds $1.235 billion; or (iii) we issue more than $1.0 billion of non-convertible debt in any three-year period, whichever occurs first.

We have elected to take advantage of certain of the reduced disclosure obligations in the registration statement of which this prospectus is a part and may elect to take advantage of other reduced reporting requirements in future filings. As a result, the information that we provide to our stockholders may be different than you might receive from other public reporting companies in which you hold equity interests.

In addition, the JOBS Act provides that an “emerging growth company” can take advantage of an extended transition period for complying with new or revised accounting standards. This provision allows an emerging growth company to delay the adoption of some accounting standards until those standards would otherwise apply to private companies. We have elected to use this extended transition period to enable us to comply with certain new or revised accounting standards that have different effective dates for public and private companies until the earlier of the date we (i) are no longer an emerging growth company, or (ii) affirmatively and irrevocably opt out of the extended transition period provided in the JOBS Act. As a result, our financial statements may not be comparable to companies that comply with new or revised accounting pronouncements as of public company effective dates.

THE OFFERING

Class A common stock offered

23,500,000 shares

Option to purchase additional shares of Class A common stock in this offering

3,525,000 shares

Class A common stock to be outstanding after this offering

23,500,000 shares (or 27,025,000 shares, assuming the underwriters’ option to purchase additional shares of Class A common stock is exercised in full)

Class B common stock to be outstanding after this offering

152,432,212 shares

Total Class A common stock and Class B common stock to be outstanding after this offering

175,932,212 shares (or 179,457,212 shares, assuming the underwriters’ option to purchase additional shares of Class A common stock is exercised in full)

Directed share program

At our request, the underwriters have reserved up to 5% of the shares of Class A common stock offered by this prospectus, for sale at the initial public offering price through a directed share program to certain persons identified by our management, which may include certain parties we have a business relationship with and friends and family of management. Any reserved shares of Class A common stock that are not so purchased will be offered by the underwriters to the general public on the same terms as the other shares of our Class A common stock offered by this prospectus. See the section titled “Underwriting (Conflicts of Interest)—Directed Share Program.” If purchased by these persons, these shares will not be subject to lock-up restrictions, except to the extent that the purchasers of such shares are otherwise subject to lock-up or market stand-off agreements as a result of their relationships with us. The number of shares of Class A common stock available for sale to the general public will be reduced by the number of reserved shares sold pursuant to this program.

Concurrent bridge notes

Concurrently with, and conditioned upon, the pricing of this offering and certain other conditions, we issued senior notes, which we refer to as the Bridge Notes, to Goldman Sachs & Co. LLC and Barclays Capital

Inc. in an aggregate principal amount of approximately $321.4 million. The Bridge Notes accrue interest at 7.00% per year prior to the closing of this offering. We intend to use the borrowed amounts under the Bridge Notes, together with cash, cash equivalents, and short-term investments, to fund the payment of tax withholding and remittance obligations resulting from the RSU Net Settlement (as defined below), which payment will be made prior to the closing of this offering. We intend to use approximately $321.4 million of the net proceeds from this offering to repay such outstanding principal amount of the Bridge Notes and accrued interest thereon, as described below. See the section titled “Use of Proceeds” for more information regarding the Bridge Notes.

Use of proceeds

We estimate that our net proceeds from the sale of our Class A common stock in this offering will be approximately $698.3 million (or approximately $804.8 million if the underwriters’ option to purchase additional shares is exercised in full), based on the initial public offering price of $32.00 per share, and after deducting underwriting discounts and commissions and estimated offering expenses payable by us.

We intend to use approximately $321.4 million of the net proceeds we receive from this offering to repay in full the outstanding principal amount under the Bridge Notes and accrued interest thereon as well as debt issuance costs relating to the Bridge Notes. Prior to the closing of this offering, we intend to use the Bridge Notes, together with existing cash, cash equivalents, and short-term investments, to pay all of our anticipated tax withholding and remittance obligations related to the RSU Net Settlement. We intend to use the remaining net proceeds we receive from this offering for general corporate purposes, including working capital, operating expenses, and capital expenditures. We may also use a portion of the remaining net proceeds for acquisitions of, or strategic investments in, complementary businesses, products, services, or technologies, although we do not currently have any agreements or commitments for any material acquisitions or investments. See the section titled “Use of Proceeds” for additional information.

Conflicts of interest

Because Goldman Sachs & Co. LLC and Barclays Capital Inc. are purchasers of the Bridge Notes and will receive 5% or more of the net proceeds of this offering due to the repayment of the Bridge Notes from the net proceeds, Goldman Sachs & Co. LLC and Barclays Capital Inc. are deemed to have conflicts of interest within the meaning of Rule 5121 of the Financial Industry Regulatory Authority, Inc., or FINRA. Accordingly, this offering will be conducted in accordance with Rule 5121, which requires, among other things, that a “qualified independent underwriter” participate in the preparation of, and exercise the usual standards of “due diligence” with respect to, the registration statement and this prospectus. Citigroup Global Markets Inc. has agreed to act as a qualified independent underwriter for this offering and to undertake the legal responsibilities and liabilities of an underwriter under the Securities Act of 1933, as amended, or the Securities Act, specifically including those inherent in Section 11 thereof. Citigroup Global Markets Inc. will not receive any additional fees for serving as a qualified independent underwriter in connection with this offering. We have agreed to indemnify Citigroup Global Markets Inc. against liabilities incurred in connection with acting as a qualified independent underwriter, including liabilities under the Securities Act. See the section titled “Underwriting (Conflicts of Interest)—Conflicts of Interest” for additional information.

Voting rights

We have two classes of common stock: Class A common stock and Class B common stock. Class A common stock is entitled to one vote per share and Class B common stock is entitled to 20 votes per share and is convertible at any time into one share of Class A common stock.

Holders of Class A common stock and Class B common stock will generally vote together as a single class, unless otherwise required by law or our amended and restated certificate of incorporation that will be in effect immediately prior to the closing of this offering. Once this offering is completed, the holders of our outstanding Class B common stock will hold approximately 86.9% of our outstanding shares

and control approximately 99.3% of the voting power of our outstanding shares, and our executive officers, directors, and stockholders holding more than 5% of our outstanding shares, together with their affiliates, will beneficially own, in the aggregate, approximately 55.8% of our outstanding shares and control approximately 63.6% of the voting power of our outstanding shares.

The holders of our outstanding Class B common stock will have the ability to control the outcome of matters submitted to our stockholders for approval, including the election of our directors and the approval of any change in control transaction. See the sections titled “Principal Stockholders” and “Description of Capital Stock” for additional information.

Risk factors

See the section titled “Risk Factors” and the other information included elsewhere in this prospectus for a discussion of factors you should carefully consider before deciding to invest in our Class A common stock.

NYSE trading symbol

“RBRK”

The number of shares of our Class A common stock and Class B common stock that will be outstanding after this offering is based on no shares of our Class A common stock and 152,432,212 shares of our Class B common stock (including shares of our redeemable convertible preferred stock and convertible founders stock on an as-converted basis and after giving effect to the RSU Net Settlement, as defined below) outstanding as of January 31, 2024, and excludes:

•

3,185,020 shares of Class B common stock issuable upon the exercise of stock options outstanding as of January 31, 2024, with a weighted-average exercise price of $6.23 per share;

•

8,000,000 shares of Class B common stock issuable upon the exercise of a stock option to be granted to an executive officer immediately prior to the effectiveness of the registration statement of which this prospectus forms a part, which will be subject to market-based conditions, with an exercise price equal to the initial public offering price per share set forth on the cover page of this prospectus (see the section titled “Executive Compensation” for additional information on the market-based conditions);

•

29,296,462 shares of Class B common stock issuable upon the vesting and settlement of restricted stock units, or RSUs, outstanding as of the date of this prospectus subject to service-based, market-based, and/or performance-based conditions, for which (i) the service-based condition or market-based condition, as applicable, was not satisfied as of such date and (ii) the performance-based condition, if applicable, was satisfied upon the effectiveness of the registration statement of which this prospectus forms a part;

•

1,354,671 shares of our Class A common stock that we have reserved and may issue and donate in the future to fund our social impact and environmental, social, and governance

initiatives, as more fully described in the section titled “Business—Social Responsibility and Community Initiatives”;

•

86,426,166 shares of our common stock reserved for future issuance under our 2024 Equity Incentive Plan, or the 2024 Plan, which became effective at the time of execution of the underwriting agreement related to this offering, including 44,417,163 new shares and the number of shares (not to exceed 42,009,003 shares) (i) that remain available for grant of future awards under our Amended and Restated 2014 Stock Option and Grant Plan, or the 2014 Plan, at the time the 2024 Plan becomes effective, which shares will cease to be available for issuance under the 2014 Plan at such time, and (ii) any shares underlying outstanding stock awards granted under our 2014 Plan that expire, or are forfeited, cancelled, withheld, or reacquired; and

•

4,607,303 shares of Class A common stock reserved for future issuance under our 2024 Employee Stock Purchase Plan, or 2024 ESPP, which became effective in connection with this offering.

Our 2024 Plan and 2024 ESPP provide for annual automatic increases in the number of shares reserved thereunder. See the section titled “Executive Compensation—Employee Benefit and Stock Plans” for additional information.

Unless otherwise indicated, all information in this prospectus assumes:

•

our customer, annual recurring revenue, or ARR, and retention metrics do not include customers from our recent acquisition of Laminar Technologies, Inc.;

•

the reclassification of our common stock into Class B common stock and the authorization of our Class A common stock in connection with this offering;

•

the automatic conversion of 74,182,559 shares of our redeemable convertible preferred stock outstanding as of January 31, 2024 into an equal number of shares of Class B common stock immediately prior to the closing of this offering;

•

the automatic conversion of 5,400,000 shares of our convertible founders stock outstanding as of January 31, 2024 into an equal number of shares of Class B common stock immediately prior to the closing of this offering;

•

the filing and effectiveness of our amended and restated certificate of incorporation in Delaware and the adoption of our amended and restated bylaws, each of which will occur immediately prior to the closing of this offering;

•

the net issuance of 16,986,924 shares of Class B common stock in connection with the vesting and settlement of certain RSUs outstanding as of the date of this prospectus subject to service-based and/or performance-based conditions for which (i) the service-based condition was fully or partially satisfied as of such date and (ii) the performance-based condition, if applicable, was satisfied upon the effectiveness of the registration statement of which this prospectus forms a part (which we refer to as the IPO Vesting RSUs), after giving effect to the withholding of 12,875,699 shares of our Class B common stock to satisfy the associated estimated tax withholding and remittance obligations (based on the initial public offering price of $32.00 per share, and an assumed 44.5% tax withholding rate), which we refer to as the RSU Net Settlement;

•

the (i) expected incurrence of approximately $321.4 million in principal amount under the Bridge Notes following the date of this prospectus and the use of such borrowed amounts, together with existing cash, cash equivalents, and short-term investments, to fund the payment

of tax withholding and remittance obligations in connection with the RSU Net Settlement, which payment will be made prior to the closing of this offering, and (ii) repayment in full of the aggregate principal amount of the Bridge Notes and accrued interest thereon in connection with the closing of this offering using net proceeds from this offering;

•

no exercise or forfeitures of outstanding stock options and, except as described above, no settlement of outstanding RSUs; and

•

no exercise by the underwriters of their option to purchase up to an additional 3,525,000 shares of our Class A common stock in this offering.

The assumed 44.5% tax withholding rate used in this prospectus is an assumed blended withholding rate for the IPO Vesting RSUs that are subject to withholding in the RSU Net Settlement. A portion of the IPO Vesting RSUs that will settle as part of the RSU Net Settlement are not subject to tax withholding obligations. The estimates in this prospectus relating to the RSU Net Settlement and related share withholding may differ from actual results due to, among other things, actual forfeitures through the date of this prospectus, and actual tax withholding rates. In addition, information in this prospectus relating to RSUs outstanding as of the date of this prospectus reflect estimated forfeitures through April 11, 2024.

The table presented below sets forth a summary of our equity capitalization as follows:

•

On a historical basis, reflecting shares of Class B common stock, and securities convertible into, exchangeable for, or that represent the right to receive, shares of Class B common stock, in each case outstanding as of January 31, 2024 (other than for RSUs outstanding, as described in footnote (4) to the table); and

•

after giving effect to (i) the equity adjustments assumed in the information in this prospectus, as described in the bullet points above, and (ii) the sale and issuance by us of 23,500,000 shares of Class A common stock in this offering, as set forth on the cover page of this prospectus.

The information in the table presented below is based on (i) the initial public offering price of $32.00 per share and (ii) an assumed 44.5% tax withholding rate for the RSU Net Settlement. The actual share withholding amounts and related withholding rates may fluctuate based on each holder’s individual tax circumstances.


	January 31, 2024
Historical	Common Stock (Outstanding)		Redeemable Convertible Preferred Stock⁽¹⁾			Convertible Founders Stock⁽²⁾			Stock Options⁽³⁾		RSUs			Common Stock (Diluted)
Class B common stock		55,862,729													55,862,729
Redeemable convertible preferred stock				74,182,559											74,182,559
Convertible founders stock⁽²⁾							5,400,000								5,400,000
Stock options⁽³⁾										3,185,020					3,185,020
RSUs⁽⁴⁾												59,159,085			59,159,085

Total		55,862,729		74,182,559			5,400,000			3,185,020		59,159,085			197,789,393

Pro forma and offering adjustments conversion of redeemable convertible preferred stock		74,182,559		(74,182,559	)										—
Conversion of convertible founders stock		5,400,000					(5,400,000	)							—
RSU Net Settlement		16,986,924										(29,862,623	)		(12,875,699	)⁽⁵⁾
Class A common stock offered by us		23,500,000													23,500,000

Total		175,932,212		—			—			3,185,020		29,296,462			208,413,694

⁽¹⁾	Represents the shares of Class B common stock underlying all outstanding shares of redeemable convertible preferred stock on an as-converted basis.

⁽²⁾	Represents the shares of Class B common stock underlying all outstanding shares of convertible founders stock on an as-converted basis.

⁽³⁾

The weighted-average exercise price of the stock options outstanding as of January 31, 2024 was $6.23 per share. The table excludes a stock option for 8,000,000 shares of Class B common stock that will be granted to an executive officer in connection with this offering, with an exercise price equal to the initial public offering price per share in this offering set forth on the cover page of this prospectus.

⁽⁴⁾

Represents the sum of (i) 29,862,623 IPO Vesting RSUs, which consist of RSUs outstanding as of the date of this prospectus for which the service-based condition was satisfied as of such date and that will be part of the RSU Net Settlement, and (ii) 29,296,462 RSUs outstanding as of the date of this prospectus, for which the service-based condition was not satisfied as of such date but for which the performance-based condition was satisfied upon the effectiveness of the registration statement of which this prospectus forms a part.

⁽⁵⁾	Represents shares of Class B common stock to be withheld to satisfy tax obligations in connection with the RSU Net Settlement.

SUMMARY CONSOLIDATED FINANCIAL AND OTHER DATA

The following tables summarize our consolidated financial and other data. We derived the summary consolidated statements of operations data for the fiscal years ended January 31, 2023 and 2024 (except for pro forma net loss per share attributable to common stockholders and weighted-average shares used to compute pro forma net loss per share attributable to common stockholders) from our audited consolidated financial statements included elsewhere in this prospectus. Our historical results are not necessarily indicative of the results to be expected for any future period, and our interim results are not necessarily indicative of results to be expected for the full year or any other period. When you read this summary of consolidated financial and other data, it is important that you read it together with the historical consolidated financial statements and the related notes included elsewhere in this prospectus, as well as the section titled “Management’s Discussion and Analysis of Financial Condition and Results of Operations.”


Consolidated Statements of Operations Data	Year Ended January 31,
	2023			2024
	(in thousands, except per share amounts)
Revenue
Subscription	$	385,272		$	537,869
Maintenance		76,220			38,745
Other		138,327			51,278

Total revenue		599,819			627,892

Cost of revenue
Subscription⁽¹⁾		62,294			97,927
Maintenance⁽¹⁾		15,059			6,472
Other⁽¹⁾		104,661			40,563

Total cost of revenue		182,014			144,962

Gross profit		417,805			482,930
Operating expenses
Research and development⁽¹⁾		175,057			206,527
Sales and marketing⁽¹⁾		417,542			482,532
General and administrative⁽¹⁾		86,754			100,377

Total operating expenses		679,353			789,436

Loss from operations		(261,548	)		(306,506	)
Interest income		5,140			11,216
Interest expense		(11,709	)		(30,295	)
Other income (expense), net		(1,033	)		(1,884	)

Loss before income taxes		(269,150	)		(327,469	)
Income tax expense		8,596			26,689

Net loss	$	(277,746	)	$	(354,158	)

Net loss per share, basic and diluted⁽²⁾	$	(4.66	)	$	(5.84	)

Weighted-average shares used in computing net loss per share, basic and diluted⁽²⁾		59,590			60,628
Pro forma net loss per share, basic and diluted				$	(6.43	)

Pro forma weighted-average shares used in computing pro forma net loss per share, basic and diluted					151,798

⁽¹⁾	Includes stock-based compensation expense as follows:


	Year Ended January 31,
	2023		2024
	(in thousands)
Cost of revenue
Subscription	$	53	$	45
Maintenance		34		7
Other		140		11
Research and development		3,044		3,590
Sales and marketing		2,399		1,313
General and administrative		1,284		749

Total stock-based compensation expense	$	6,954	$	5,715

⁽²⁾

See Note 12 to our consolidated financial statements included elsewhere in this prospectus for an explanation of the method used to calculate basic and diluted net loss per share attributable to common stockholders and the weighted-average number of shares used in the computation of the per share amounts.

Pro Forma Net Loss Per Share

Pro forma basic and diluted net loss per share for the year ended January 31, 2024 has been computed to give effect to the conversion of outstanding shares of redeemable convertible preferred stock, the RSU Net Settlement and related stock-based compensation expense, and the repayment in full of the aggregate principal amount of the Bridge Notes in connection with the closing of this offering.

The following table sets forth the computation of the pro forma basic and diluted net loss per share:


	Year Ended January 31, 2024
	(in thousands, except per share amounts)
Numerator:
Net loss	$	(354,158	)
Stock-based compensation expense relating to the RSU Net Settlement⁽¹⁾		(621,501	)
Bridge Notes issuance costs and interest expense⁽²⁾		(947	)

Pro forma net loss, basic and diluted	$	(976,606	)

Denominator:
Weighted-average shares used in computing net loss per share, basic and diluted		60,628
Pro forma adjustment to reflect the conversion of redeemable convertible preferred stock⁽³⁾		74,183
Pro forma adjustment to reflect the RSU Net Settlement⁽⁴⁾		16,987

Pro forma weighted-average shares used in computing pro forma net loss per share, basic and diluted		151,798

Pro forma net loss per share, basic and diluted	$	(6.43	)

⁽¹⁾	Reflects stock-based compensation expense of $621.5 million related to RSUs subject to the RSU Net Settlement.

⁽²⁾	Reflects $0.9 million in estimated debt issuance costs and interest expense relating to the Bridge Notes.

⁽³⁾	Reflects the automatic conversion of all outstanding shares of redeemable convertible preferred stock, of which there were 74,182,559 shares outstanding as of January 31, 2024, into an equal number of shares of Class B common stock, as if such conversion had occurred on January 31, 2024.

⁽⁴⁾

Reflects the issuance of 16,986,924 shares of Class B common stock in connection with the RSU Net Settlement, after withholding 12,875,699 shares to satisfy estimated tax withholding and remittance obligations of $412.0 million (based on the initial public offering price of $32.00 per share and an assumed 44.5% tax withholding rate).


Consolidated Balance Sheet Data	January 31, 2024
	Actual			Pro Forma⁽¹⁾			Pro Forma As Adjusted⁽²⁾
	(in thousands)
Cash, cash equivalents, and short-term investments	$	279,251		$	188,641		$	571,005
Working capital⁽³⁾		(107,568	)		(519,591	)		185,138
Total assets		873,610			783,000			1,157,952
Deferred revenue, current and noncurrent		1,106,261			1,106,261			1,106,261
Redeemable convertible preferred stock		714,713			—			—
Total stockholders’ (deficit) equity		(1,419,257	)		(1,116,567	)		(419,248	)

⁽¹⁾

The pro forma consolidated balance sheet data gives effect to (i) the automatic conversion of all outstanding shares of redeemable convertible preferred stock, of which there were 74,182,559 shares outstanding as of January 31, 2024, into an equal number of shares of Class B common stock, as if such conversion had occurred on January 31, 2024, (ii) the automatic conversion of all outstanding shares of convertible founders stock, of which there were 5,400,000 shares outstanding as of January 31, 2024, into an equal number of shares of Class B common stock, as if such conversion had occurred on January 31, 2024, (iii) the reclassification of our outstanding common stock as Class B common stock, (iv) stock-based compensation expense of $621.5 million related to RSUs subject to the RSU Net Settlement, reflected as an increase to additional paid-in capital and accumulated deficit, as further described in Notes 2 and 11 of our consolidated financial statements included elsewhere in this prospectus, (v) the net issuance of 16,986,924 shares of Class B common stock in connection with the RSU Net Settlement, after withholding 12,875,699 shares to satisfy estimated tax withholding and remittance obligations of $412.0 million (based on the initial public offering price of $32.00 per share, and an assumed 44.5% tax withholding rate), (vi) the incurrence of $321.4 million in aggregate principal amount of Bridge Notes and the use of such borrowed amounts, together with existing cash, cash equivalents, and short-term investments, to pay the estimated tax withholding and remittance obligations in connection with the RSU Net Settlement prior to the closing of this offering, (vii) the related $321.4 million net increase in liabilities (without giving effect to $0.7 million in estimated debt issuance costs relating to the Bridge Note) and the corresponding $412.0 million decrease in additional paid-in capital and $90.6 million net decrease in cash, cash equivalents, and short-term investments resulting from (A) the RSU Net Settlement and related tax withholding and remittance obligations and (B) the subsequent issuance and use of proceeds from the Bridge Notes, together with existing cash, cash equivalents, and short-term investments, to repay such tax withholding and remittance obligations prior to the closing of this offering, and (viii) the filing and effectiveness of our amended and restated certificate of incorporation, which will occur immediately prior to the closing of this offering.

⁽²⁾

The pro forma as adjusted consolidated balance sheet data gives effect to (i) the items described in footnote (1) above, (ii) our receipt of $704.7 million estimated net proceeds from the sale of shares of Class A common stock in this offering at the initial public offering price of $32.0 per share, after deducting underwriting discounts and commissions and estimated offering expenses payable by us (which offering expenses exclude $6.5 million of deferred offering costs that have been previously paid as of January 31, 2024 but include $0.9 million of deferred offering costs accrued and unpaid as of January 31, 2024); (iii) the elimination of $7.4 million of deferred offering costs, of which $6.5 million have been paid as of January 31, 2024 and $0.9 million were accrued and unpaid as of January 31, 2024, reflected as a decrease in other assets and additional paid-in capital of $7.4 million and a decrease in current liabilities of $0.9 million; (iv) the use of net proceeds from this offering to repay in full the aggregate principal amount of the Bridge Notes, $0.2 million of estimated accrued interest thereon as well as $0.7 million of estimated debt issuance costs relating to the Bridge Notes in connection with the closing of this offering; and (v) the related $0.9 million increase in accumulated deficit for debt issuance costs and interest expense.

⁽³⁾	Working capital is defined as current assets less current liabilities.


Key Business Metrics	January 31,
	2023			2024
	(in thousands, except percentages and customers)
Subscription ARR⁽¹⁾	$	532,929		$	784,029
Cloud ARR⁽¹⁾	$	239,198		$	524,767
Average Subscription Dollar-Based Net Retention Rate⁽¹⁾		150	%		133	%
Customers with $100,000 or Greater in Subscription ARR⁽¹⁾		1,204			1,742

⁽¹⁾	See the section titled “Management’s Discussion and Analysis of Financial Condition and Results of Operations—Key Business Metrics” included elsewhere in this prospectus for our definitions of these metrics.

Risk Factors

Investing in our Class A common stock involves a high degree of risk. You should consider and read carefully all of the risks and uncertainties described below, as well as other information included in this prospectus, including our consolidated financial statements and related notes appearing elsewhere in this prospectus, before making an investment decision. The risks described below are not the only ones we face. The occurrence of any of the following risks or additional risks and uncertainties not presently known to us or that we currently believe to be immaterial could materially and adversely affect our business, financial condition, or results of operations. In such case, the trading price of our Class A common stock could decline, and you may lose some or all of your original investment.

Risks Related to Our Business

Our recent rapid growth may not be indicative of our future growth. Our rapid growth also makes it difficult to evaluate our future prospects.

Our revenue was $599.8 million and $627.9 million for the fiscal year ended January 31, 2023, or fiscal 2023, and the fiscal year ended January 31, 2024, or fiscal 2024, respectively. You should not rely on the revenue growth of any prior quarterly or annual period as an indication of our future performance. Even if our revenue continues to increase, we expect that our revenue growth rate will fluctuate in the future as a result of a variety of factors, including our transition for new and existing customers to sales of Rubrik Security Cloud, or RSC, for which an increasing amount of our software revenue will be recognized ratably.

Overall growth of our revenue also depends on a number of factors, including our ability to:

•

expand the features and functionality of our data security products as well as increase the amount of data sources protected across enterprise, cloud, and SaaS applications;

•

extend our product leadership to expand our addressable market;

•

differentiate our data security products from products offered by others;

•

successfully develop a substantial sales pipeline for our products;

•

hire sufficient sales personnel to support our growth and reduce the time for such personnel to achieve desired productivity levels;

•

attract new customers and expand sales to our existing customers, including by effectively marketing and pricing our data security products and successfully transitioning existing customers to RSC;

•

increase awareness of our brand on a global basis as a data security company to successfully compete with other companies;

•

provide our customers with support that meets their needs;

•

effectively leverage and expand our partner ecosystem;

•

protect against security incidents;

•

successfully protect our intellectual property in the United States and other jurisdictions; and

•

expand to new international markets and grow within existing markets.

We may not successfully accomplish any of these objectives, and as a result, it is difficult for us to forecast our future results of operations. If the assumptions that we use to plan our business are incorrect or if we are unable to maintain consistent revenue or revenue growth, our stock price could

be volatile and we may not be able to achieve and maintain profitability. You should not rely on our revenue for any prior quarterly or annual periods as any indication of our future revenue or revenue growth.

In addition, we expect to continue to expend substantial financial and other resources on:

•

expansion and enablement of our sales, services, and marketing organizations to increase brand awareness and drive adoption of our solutions;

•

product development, including investments in our product development team and the development of new products, new features, and functionality for our platform and products;

•

our cloud infrastructure technology, including systems architecture, scalability, availability, performance, and security;

•

our partner ecosystem;

•

international expansion;

•

acquisitions or strategic investments;

•

our information security program; and

•

general administration, including increased legal, human resources, and accounting expenses associated with being a public company.

These investments may not result in increased revenue for our business. If we are unable to maintain or increase our revenue at a rate sufficient to offset the expected increase in our costs, our business, financial condition, and results of operations will be harmed, and we may not be able to achieve or maintain profitability. Additionally, we may encounter unforeseen operating expenses, difficulties, complications, delays, decreased revenue growth associated with general macroeconomic and market conditions, volatility, or disruptions (including the effect of those events on our customers) and other unknown factors that may result in losses in future periods. If our revenue does not meet our expectations in future periods, our business, financial condition, and results of operations may be harmed.

If the market for data security solutions does not grow, our ability to grow our business and our results of operations may be adversely affected.

We believe our future success will depend in large part on the growth, if any, in the market for data security solutions. Traditionally, the cybersecurity industry has been focused on securing information technology infrastructure to prevent, detect, and investigate cyberattacks. Our platform brings a new approach to cybersecurity, which involves protecting our customers’ data across enterprise, cloud, and SaaS applications, observing the data itself to proactively identify emergent threats, remediating data security threats, and recovering protected data following a cybersecurity event. The market for data security solutions, such as our platform and data security products, is at an early stage and rapidly evolving. As such, it is difficult to predict this market’s potential growth, if any, customer adoption and retention rates, customer demand for data security platforms, or the success of competitive products. In the past, customer adoption of our platform and data security products has been driven by the need for data resilience due to increasing ransomware activity. We do not know whether the trends of increasing ransomware activity, or of increasing adoption of our platform and data security products such as ours that we have experienced in the past, will continue in the future. Any expansion in this market depends on a number of factors, including the cost, performance, and perceived value associated with our platform and data security products and similar solutions of our competitors, including preference to manage security with existing infrastructure security tools alone, rather than investing in a platform based data security solution. The markets for some of our solutions

are new, unproven, and evolving, and our future success depends on growth and expansion of these markets. If our platform and data security products do not achieve widespread adoption or there is a reduction in demand for our platform and data security products due to a lack of customer acceptance, technological challenges, competing products or solutions, privacy concerns, decreases in corporate spending, weakening economic conditions, or otherwise, it could result in early terminations, reduced customer retention rates, or decreased revenue, any of which would adversely affect our business, financial condition, and results of operations. You should consider our business and growth prospects in light of the risks and difficulties we encounter in this new and evolving market.

We have a limited operating history, particularly with respect to our offering of RSC, which makes it difficult to forecast our future results of operations.

Although we were founded in December 2013, we only began offering our products and services in the fiscal year ended January 31, 2016, and we began offering RSC as a cloud native SaaS solution in fiscal 2023. As a result of our limited operating history, our ability to accurately forecast our future results of operations is limited and subject to a number of uncertainties, including our ability to plan for and forecast future growth. Our historical revenue growth should not be considered indicative of our future performance. Further, in future periods, we expect our revenue growth to fluctuate, slow, and possibly decline for a number of reasons, including mix shifts in our platform and data security products, as well as the impact on our revenue recognition resulting from our transition from selling our products primarily on the basis of subscription term-based licenses to SaaS subscriptions. The timing for this transition and related implications on our revenue recognition and trends will depend on our ability to transition existing customers to RSC in a timely manner. We are implementing certain initiatives to accelerate our existing customers’ migration to RSC as part of our business transition to SaaS, which include enforcement of migration deadlines. These initiatives may be perceived negatively by our customers. For example, these initiatives may require customers to prioritize preparation for their migration over other organizational needs, potentially resulting in diversion of resources. For certain existing customers, the perceived benefits from undertaking the migration may be outweighed by the anticipated time and effort required to prepare for and execute the migration, resulting in potential delays in customers’ transition to RSC. We expect these customers may consume our platform and products through a mix of RSC and a transitional license for Cloud Data Management, or CDM-T, for an extended period of time, resulting in the continued recognition of a portion of the associated revenue for some of these customers upfront at the time we transfer control of the license to the customer. Conversely, if some or all of these customers complete their transition to RSC sooner than we expect, less revenue would be recognized upfront during this period, which could cause our revenue to be lower than our estimates or forecasts or even result in a decrease in our revenue growth rates. Any of these factors could result in continued fluctuations in our revenue growth and adversely impact our ability to accurately predict our future revenue.

In addition, we operate in a new market for data security solutions, and as such we have encountered, and will continue to encounter, risks and uncertainties frequently experienced by growing companies in new and rapidly changing markets, such as the risks and uncertainties described throughout this prospectus.

Moreover, in future periods, our revenue growth could slow or decline due to slowing demand for our platform or data security products, increasing competition, decreased productivity of our sales and marketing organization, failure to retain existing customers or expand existing subscriptions, changing technology, a decrease in the growth of our overall market, evolving macroeconomic conditions, such as high inflation and recessionary environments, or our failure, for any reason, to continue to take advantage of growth opportunities. If our assumptions regarding these risks and uncertainties and our future revenue growth are incorrect or change, or if we do not address these risks successfully, our financial condition and results of operations could differ materially from our expectations, and our business could suffer.

If we are unable to attract new customers, our future results of operations could be harmed.

To expand our customer base, we need to convince organizations to allocate a portion of their discretionary budgets to purchase our platform and data security products. Our sales efforts often involve educating organizations about the uses and benefits of our data security solutions. We may have difficulty convincing organizations of the value of adopting our data security solutions. Even if we are successful in convincing organizations that a platform like ours is critical to secure their data, they may not decide to purchase our data security solutions for a variety of reasons, some of which are out of our control. For example, any deterioration in general economic conditions has in the past caused, and may in the future cause, our current and prospective customers to delay or cut their overall security and IT operations spending. Macroeconomic concerns, customer financial difficulties, and constrained spending on security and IT operations may result in decreased revenue and adversely affect our financial condition and results of operations. Additionally, if the incidence of cyberattacks were to decline, or enterprises or governments perceive that the general level of cyberattacks has declined, our ability to attract new customers could be adversely affected. We may face additional difficulties in attracting organizations that use legacy security and data management products to purchase our data security products if they believe that these legacy products are more cost-effective or provide a level of IT security that is sufficient to meet their needs. Furthermore, the use of our data security products to manage data security, movement, and restoration across data centers is relatively new, and if we are unable to convince organizations of the benefits of our data security products, then our business, financial condition, and results of operations could be adversely impacted.

We have a history of operating losses and may not achieve or sustain profitability in the future.

We have experienced net losses in each period since inception. We generated net losses of $(277.7) million and $(354.2) million for fiscal 2023 and fiscal 2024, respectively. As of January 31, 2024, we had an accumulated deficit of $(1,682.5) million. While we have experienced rapid revenue growth in recent periods, we are not certain whether or when we will obtain a high enough volume of sales to achieve or maintain profitability in the future. In particular, as we expand the availability of our platform, increase our ability to secure data across multiple different sources, and extend our capabilities across data resilience, data observability, and data remediation, our ability to achieve and maintain profitability will be highly dependent on our ability to successfully market our platform and data security products to new and existing customers. We also expect our costs and expenses to increase in future periods, which could negatively affect our future results of operations if our revenue does not increase. In particular, we intend to continue to expend significant funds to further develop our data security products, including by introducing new features and functionality and securing additional applications, and to expand our sales, marketing, and services teams to drive new customer adoption, expand the use of our data security products by existing customers, support international expansion, and implement additional systems and processes to effectively scale operations. We will also face increased compliance costs associated with growth, the planned expansion of our customer base and pipeline, international expansion, and being a public company. In addition, our data security solutions operate on a public cloud infrastructure provided by third-party vendors, including Google Cloud, or GCP, Microsoft Azure, or Azure, and Amazon Web Services, or AWS, and our costs and gross margins are significantly influenced by the prices we are able to negotiate with these public cloud providers. To the extent we are able to drive adoption of our platform and data security products, we may incur increased costs related to our public cloud contracts, which would negatively impact our gross margins. Our efforts to grow our business may be costlier than we expect, or the rate of our growth in revenue may be slower than we expect, and we may not be able to increase our revenue enough to offset our increased operating expenses. In addition, our efforts and investments to implement systems and processes to scale operations may not be sufficient or may not be appropriately executed. As a result, we may incur significant losses in the future for a number of reasons, including the other risks described herein, unforeseen expenses, difficulties, complications, or

delays, and other unknown events. If we are unable to achieve and sustain profitability, the value of our business and Class A common stock may significantly decrease.

Furthermore, we have historically sold our products to customers as perpetual licenses with associated maintenance contracts or as subscription term-based licenses with associated support, and with respect to the latter, we recognized a portion of the revenue upfront at the time we transferred control of the subscription term-based license to the customer and deferred the remainder. Moving forward, we expect that substantially all of our new and existing customers will continue to adopt RSC primarily on a SaaS subscription basis. As of the end of fiscal 2024, RSC represented a majority of our total revenue. In addition, we have historically sold Rubrik-branded Appliances to help our customers secure their enterprise data. In the third quarter of fiscal 2023, we began transitioning the sale of Rubrik-branded Appliances from us to our contract manufacturers, and as a result, the amount of revenue we recognize from sales of Rubrik-branded Appliances has and will continue to decline over time. We expect these transitions to adversely affect our revenue as well as our profitability through the fiscal year ending January 31, 2027. However, this timing will depend in part on when a substantial portion of our existing customers complete their transition to RSC.

In addition, following the completion of this offering, the stock-based compensation expense related to our RSUs will result in significant increases in our expenses in future periods, which may negatively impact our ability to achieve profitability. In particular, in the quarter in which this offering is completed, we will recognize approximately $621.5 million of stock-based compensation expense associated with the satisfaction of the performance-based condition for certain outstanding RSUs, for which the service-based conditions have been fully or partially satisfied prior to this offering, which will also negatively impact our cash flow for that quarter.

If our customers do not renew their subscriptions for our platform and data security products or expand their subscriptions to increase the amount of data secured, secure new applications, or include new features or capabilities, our results of operations could be harmed.

In order for us to maintain or improve our results of operations, it is important that our customers renew their subscriptions for our data security solutions, add data security products, and increase the volume of their data protected by our data security solutions. We expand our commercial purchase relationships with our existing customers as they increase the volume of their data protected by our data security solutions and secure additional applications and workloads. Our customers have no obligation to renew their subscription for our data security solutions after the expiration of their contractual subscription period, which is generally three years, and in the normal course of business, some customers have elected not to renew their subscriptions. In addition, customers may elect to shorten the term of their subscription, select a lower subscription edition, or purchase less capacity. Our customer retention and expansion may also decline or fluctuate as a result of a number of factors, including our customers’ satisfaction with our data security solutions, our pricing, customer prioritization of security, our customers’ spending levels, our customers’ ability to procure Rubrik-branded Appliances or other compatible third-party commodity servers to implement our data security products, mergers and acquisitions involving our customers, industry developments, competition, changing regulatory environments, and general economic conditions. Our strategies and initiatives to accelerate the transition of our existing customers to RSC, even if executed properly by our sales and support teams, may result in customer dissatisfaction, the loss of customers, or reduced usage of our platform, any of which would harm our business, financial condition, and results of operations. Moreover, customers tend to expand their usage of our data security solutions over time as the amount of data they need to protect grows. As a result, strong customer retention over time generally leads to a higher degree of usage of our data security solutions. Therefore, a decline in customer retention may have a significant impact on our results of operations, including a decline in our average subscription dollar-based net retention rate, which could cause the price of our Class A common stock to decline or

fluctuate. If our efforts to maintain and expand our relationships with our existing customers are not successful, our business, financial condition, and results of operations may suffer.

Our data security solutions are complex and, like all software, may contain undetected defects, errors, or vulnerabilities. Real or perceived defects, errors, or vulnerabilities in our data security solutions, the failure of our data security solutions to secure, observe, and restore our customers’ data, misconfiguration of our data security solutions, or the failure of customers to deploy our data security solutions in combination with industry best practices could harm our reputation, result in a loss of, or delay in, market acceptance of our data security solutions, result in a loss of existing or potential customers, and adversely affect our business, financial condition, and results of operations. We are continuing to evolve the features and functionality of our data security products through updates and enhancements, and as we do so, we may introduce defects, errors, or vulnerabilities that may not be detected until after deployment by our customers. In addition, implementation or use of our data security solutions that is not correct or as intended may result in inadequate performance and disruptions in service. Moreover, if we acquire companies or technologies developed by third parties, difficulties integrating such acquired technologies may result in product flaws or software vulnerabilities.

Additionally, we cannot assure you that our data security solutions will prevent all data loss or other types of data security incidents, especially in light of the rapidly changing security threat landscape that our data security solutions seek to address. Due to a variety of both internal and external factors, our data security solutions could become vulnerable to security incidents (both from intentional attacks and accidental causes) that could cause them to fail to adequately secure or observe data or to restore data in the event of a security incident, such as a ransomware event or disaster.

Moreover, as our data security solutions are adopted by an increasing number of organizations worldwide, it is possible that such solutions may be subject to continued, persistent research and reconnaissance by threat actors in order to discover weaknesses in our technology that can be exploited. If our data security solutions are compromised, a significant number or, in some instances, all, of our customers and their data could be adversely affected. The potential liability and associated consequences we could suffer as a result of such a large-scale event could be catastrophic and result in irreparable harm. Since our business is focused on providing data security services to our customers, an actual or perceived security incident affecting our internal systems, networks, or data would be especially detrimental to our reputation and our business.

Because we can access customer data in certain limited circumstances, such as when providing customer support, and such customer data in some cases may contain personal data or confidential information, a security compromise, or an accidental or intentional misconfiguration or malfunction of our platform, could result in personal data and other confidential information being compromised. If a high-profile ransomware attack occurs with respect to our or another cloud-based security platform or a third-party cloud provider, organizations may lose trust in SaaS platforms and associated products such as ours.

Organizations are increasingly subject to a wide variety of cyberattacks on their networks, systems, and data. If any of our customers experience a ransomware attack while using our data security solutions and are unable to secure, observe, or restore their data, such customers could discontinue use of our data security solutions, regardless of whether our data security solutions were adequately deployed, configured, or used to protect the data in the customer’s environment. Real or

perceived security incidents involving our customers’ networks could cause disruption or damage to their networks or other negative consequences and could result in negative publicity to us, damage to our reputation, and other customer relations issues, any of which may adversely affect our revenue and results of operations.

In addition, errors in our data security solutions could cause system failures, loss of data, or other adverse effects for our customers, which may result in the assertion of warranty and other claims for substantial damages against us. The potential liability and associated consequences we could suffer as a result of such an incident could be catastrophic and cause irreparable harm to our reputation and results of operations. Although our agreements with our customers typically contain provisions that are intended to limit our exposure to such claims, it is possible that these provisions may not be effective or enforceable under the laws of some jurisdictions. While we seek to insure against these types of claims, our insurance policies may not adequately limit our exposure. These claims, even if unsuccessful, could be costly and time consuming to defend and could harm our business, financial condition, results of operations, and cash flows.

As a SaaS provider, the reliability and continuous availability of our platform is critical to our success. In the ordinary course of our business, we or the third parties upon which we rely, may collect, receive, store, process, generate, use, transfer, disclose, make accessible, protect, secure, dispose of, transmit, share, or otherwise process proprietary, confidential, and other sensitive data, including customer data which may include data about individuals, including various data categories and elements associated with an individual, intellectual property, and trade secrets, or collectively, Sensitive Information. We collect such information from individuals located both in the United States and abroad and may store or process such information outside the country in which it was collected.

Organizations, particularly organizations like ours that provide data security solutions, are subject to a wide variety of attacks on their networks, systems, and endpoints, and techniques used to sabotage or to obtain unauthorized access to networks in which data is stored or through which data is transmitted change frequently. For example, in March 2023, we announced that a malicious third party gained unauthorized access to a limited amount of information in one of our non-production information technology testing environments. The unauthorized access did not include access to data that we secure on behalf of customers or access to any other sensitive data, and there was no disruption to our business or financial systems or to other operations. However, there can be no guarantee that any attack in the future will have a similarly minimal impact, should one occur.

Cyberattacks, malicious internet-based activity, online and offline fraud, and other similar activities threaten the confidentiality, integrity, and availability of our Sensitive Information and information technology systems, and those of the third parties upon which we rely. Such threats are prevalent, continuing to rise, increasingly difficult to detect, and come from a variety of sources, including traditional computer “hackers,” threat actors, “hacktivists,” organized criminal threat actors, personnel (such as through theft, misuse, or accidental disclosure), sophisticated nation states, and nation-state-supported actors. Some actors now engage in and are expected to continue to engage in cyberattacks, including without limitation nation-state actors for geopolitical reasons and in conjunction with military conflicts and defense activities. During times of war and other major conflicts, we and the

third parties upon which we rely may be vulnerable to a heightened risk of these attacks, including retaliatory cyberattacks, that could materially disrupt our systems and operations, supply chain, and ability to produce, sell, and distribute our data security solutions. We and the third parties upon which we rely may be subject to a variety of evolving threats, including but not limited to social-engineering attacks (including through phishing attacks), malicious code (such as viruses and worms), computer generated or altered fraudulent content (i.e., “deep fakes,” which may be increasingly difficult to identify), malware (including as a result of advanced persistent threat intrusions), denial-of-service attacks (such as credential stuffing), personnel misconduct or error, other inadvertent compromises of our systems and data (including those arising from process, coding, or human error), ransomware attacks, supply-chain attacks, software bugs, server malfunctions, software or commodity appliance failures, loss of data or other information technology assets, adware, telecommunications failures, attacks enhanced or facilitated by artificial intelligence, or AI, and other similar threats.

In particular, severe ransomware attacks are becoming increasingly prevalent and can lead to significant interruptions in our operations, loss of sensitive data and income, reputational harm, and diversion of funds. Extortion payments may alleviate the negative impact of a ransomware attack, but we may be unwilling or unable to make such payments due to, for example, applicable laws or regulations prohibiting such payments. Given our data security solutions’ capabilities and marketing and promotional programs related to ransomware recovery, we face heightened risk of being targeted by bad actors.

Moreover, future or past business transactions (such as acquisitions or integrations) could expose us to additional cybersecurity risks and vulnerabilities, as our systems could be negatively affected by vulnerabilities present in acquired or integrated entities’ systems and technologies. Furthermore, we may discover security issues that were not found during due diligence of such acquired or integrated entities, and it may be increasingly difficult to integrate companies into our information technology environment and security program.

We rely on third parties to provide and/or operate critical business systems, process sensitive information, and to help us deliver services to our customers and their end-users. These third parties process customer information in a variety of contexts, including, without limitation, cloud-based infrastructure, data center facilities, encryption and authentication technology, employee email, content delivery to customers, and other functions. For example, our data security solutions are built to be available on the infrastructure of third-party public cloud providers such as GCP, Azure, and AWS. We may also rely on other third-party service providers, contract manufacturers, and original equipment manufacturers, or OEMs, or collectively with contract manufacturers, Manufacturers, to provide other products or services, or otherwise to assist us with operating our business. While we conduct diligence on these third parties, our ability to monitor these third-parties’ information security practices is limited, and these third parties may not have adequate information security measures in place. In addition, supply-chain attacks have increased in frequency and severity, and we cannot guarantee that third parties’ infrastructure in our supply chain or our third-party partners’ supply chains have not been or will not be compromised.

We take steps designed to detect, mitigate, and remediate vulnerabilities in our information systems (such as our hardware and/or software, including that of third parties upon which we rely). However, we have and may be unable to detect and remediate all such vulnerabilities in our information systems (including our platform and data security products) on a timely basis. Further, we may experience delays in developing and deploying remedial measures and patches designed to address identified vulnerabilities that could be exploited and, ultimately, result in a security incident.

Any of the previously identified vulnerabilities or cybersecurity threats could cause a security incident or other interruption that could result in unauthorized, unlawful, or accidental acquisition,

modification, destruction, loss, alteration, encryption, disclosure of, or access to our Sensitive Information or our information technology systems, or those of the third parties upon whom we rely. A security incident or other interruption could disrupt our ability (and that of third parties upon whom we rely) to provide our platform. Additionally, our business depends upon the appropriate and successful implementation of our platform by our customers. If our customers fail to use our platform according to our specifications or are unwilling or unable to deploy such patches we make available for vulnerabilities effectively or in a timely manner, our customers may suffer a security incident or other interruptions on their own systems or other adverse consequences. Even if such an incident is unrelated to our security practices, it could result in our incurring significant economic and operational costs in investigating, remediating, and implementing additional measures to further protect our customers from their own security issues or vulnerabilities and could result in reputational harm.

Certain data privacy and security obligations may require us to implement and maintain specific industry standard, reasonable security measures to protect our information technology systems and customer information. Additionally, applicable data privacy and security obligations may require us to notify relevant stakeholders, including affected individuals, customers, regulators, and investors, of security incidents, or to implement other requirements, such as providing credit monitoring. Such disclosures, and compliance with such requirements, are costly, and the disclosure or the failure to comply with such requirements could lead to adverse consequences. Though we have expended, and anticipate continuing to expend, significant resources to try to protect against security incidents by implementing technical, administrative, and physical measures designed to protect the privacy and security of data running through our, and our third parties’, systems, it is virtually impossible for us to entirely eliminate the risk of such security incidents or interruptions.

If we (or a third-party upon whom we rely) experience a security incident or are perceived to have experienced a security incident, we may experience adverse consequences such as government enforcement actions (for example, investigations, fines, penalties, audits, and inspections); additional reporting requirements and/or oversight; restrictions on processing data (including data about individuals); litigation (including class claims); indemnification obligations; negative publicity; reputational harm; monetary fund diversions; interruptions in our operations (including availability of data); financial loss; and other similar harms. Security incidents and attendant consequences may cause customers to stop purchasing our data security solutions, deter new customers from purchasing our data security solutions, and negatively impact our ability to grow and operate our business. As a data security company, we could be exposed to additional reputational risks should a security incident occur.

Our contracts may not contain limitations of liability, and even where they do, there can be no assurance that limitations of liability in our contracts are sufficient to protect us from liabilities, damages, or claims related to security incidents, vulnerabilities, or our data privacy and security obligations. We cannot be sure that our insurance coverage will be adequate or sufficient to protect us from or to mitigate liabilities arising out of our privacy and security practices, that such coverage will continue to be available on commercially reasonable terms or at all, or that such coverage will pay future claims.

Our use of generative artificial intelligence tools may pose risks to our proprietary software and systems and subject us to legal liability.

We use generative AI tools in our business, and we expect to use generative AI tools in the future, including to generate code and other materials incorporated into our products, proprietary software, and systems, and for other internal and external uses. Generative AI refers to deep-learning models that can generate new data, such as text, images, and other content, by analyzing and emulating existing data. Advanced generative AI tools, which may produce content indistinguishable from that generated by humans, are a relatively novel development, with benefits, risks, and liabilities

still unknown. Recent decisions of governmental entities and courts (such as the U.S. Copyright Office, U.S. Patent and Trademark Office, and U.S. Court of Appeals for the Federal Circuit) interpret U.S. copyright and patent law as limited to protecting works and inventions created by human authors and inventors, respectively. We are therefore unlikely to be able to obtain U.S. copyright or patent protection for works or inventions wholly created by a generative AI tool, and our ability to obtain U.S. copyright and patent protection for source code, text, images, inventions, or other materials, which are developed with some use of generative AI tools, may be limited, if available at all. Likewise, the availability of such IP protections in other countries is unclear. In addition, we may have little or no insight into and no control over the content and materials used by vendors to train these generative AI tools. There is ongoing litigation over whether the use of copyrighted materials to train the AI models used in these tools is lawful, and the impact of decisions in such litigation on our use of generative AI tools is unknown. Additionally, our use of third-party generative AI tools to develop source code, text, images, inventions, or other materials may expose us to greater risks than utilizing contracted human developers, as third-party generative AI vendors typically do not provide warranties or indemnities with respect to the output generated by such generative AI tools, and generative AI tools may also hallucinate, providing output that appears correct but is erroneous. Furthermore, some generative AI tools may be offered under terms that do not protect the confidentiality of the prompts or inputs that users submit to such tools and may use prompts or inputs to train shared AI models, potentially resulting in third-party users receiving outputs containing information from prompts or inputs (including confidential, competitive, proprietary, or personal data) that we submitted to the tool. The disclosure and use of personal data in AI technologies is also subject to various privacy laws and other privacy obligations. Prior to implementing a generative AI tool, our AI Governance Committee (including leaders from our Engineering, Product, Legal, and Information Security teams) performs an analysis and review of the tool, including evaluation of potential legal, security, and business risks and steps that can be taken to mitigate any such risks. The selection criteria and analysis include consideration of how use of the generative AI tool could raise issues relating to confidential information, personal data and privacy, customer data and contractual obligations, open source software, copyright and other intellectual property rights, transparency, output accuracy and reliability, and security. Additionally, while we employ practices designed to evaluate, track, and mitigate risk around our use of third-party generative AI tools, our use of such tools may inadvertently violate a third party’s rights, be non-compliant with the applicable terms of use or our other legal obligations, or result in a security or privacy risk or data leakage. Our use of this technology could result in additional compliance costs, regulatory investigations and actions, and lawsuits. For example, we may face claims from third parties claiming infringement of their intellectual property rights or mandatory compliance with open-source software or other license terms with respect to software or other materials or content we believed to be available for use and not subject to license terms or other third-party proprietary rights. Any of these claims could result in legal proceedings and could require us to purchase costly licenses, comply with the requirements of third-party licenses, or limit or cease using the implicated software or other materials or content, unless and until we can re-engineer such software, materials, or content to avoid infringement or change the use of, or remove, the implicated third-party materials, which could reduce or eliminate the value of our technologies and services. Our use of generative AI tools to generate code may also present additional security risks because the generated source code may contain security vulnerabilities. Additionally, the vendors of these generative AI tools may fail to comply with their contractual obligations to us regarding the confidentiality or security of any data or other inputs provided to such vendor or outputs generated by their generative AI tools. Our sensitive information or that of our customers could be leaked, disclosed, or revealed as a result of or in connection with our employees’, personnel’s, or vendors’ use of third-party generative AI technologies.

We may also market our own products as generative AI tools, or Generative AI Products. Some of our customers, especially those in highly regulated industries, may be reluctant or unwilling to adopt Generative AI Products. Accordingly, adoption of generative AI features in our products and marketing our products as Generative AI Products could reduce or delay customer adoption. Because generative

AI models can hallucinate and provide erroneous output, offering Generative AI Products could result in customer dissatisfaction or potentially claims against us arising out of customer reliance on erroneous output to their detriment. Our Generative AI Products may require us to train or fine-tune AI models using datasets collected by us or from third-party vendors. While we have processes and practices designed to ensure that we and any vendors that we use to source training data have the necessary rights to use such datasets for training our Generative AI Products, we may not in every instance be able to confirm that all of the information contained in such datasets has been obtained with the necessary permissions for us to use for purposes of our Generative AI Products. For example, we may use publicly available data to train our Generative AI Products that contains information that was unlawfully acquired from third parties without our knowledge. While we have employed processes designed to help us avoid using any personal data to train or fine-tune our Generative AI Products, it may be difficult for us to avoid or identify all instances where a user might nonetheless submit personal data to our Generative AI Products. Furthermore, if we were to receive claims from third parties asserting rights against our use of certain datasets used to train our Generative AI Products, it may be difficult or impossible for us to disentangle our trained models from the subject matter of the claims.

Any of these risks could be difficult to eliminate or manage, and, if not addressed, could adversely affect our business, financial condition, results of operations, and growth prospects.

We expect our revenue mix to vary over time due to a number of factors, including the timing of when customers adopt RSC and the mix of our subscriptions for different data security products. Our subscription revenue includes revenue from sales of subscription term-based licenses, a portion of which is recognized upfront when we transfer control of the subscription term-based license to the customer, and revenue from sales of SaaS subscriptions and support, which is recognized ratably over the contract period. Due to the proportion of our contracts trending from subscription term-based licenses to SaaS subscriptions, the timing of the migration of our existing customers from Cloud Data Management to RSC, as well as the estimates and assumptions used to account for certain customers’ Subscription Credits (as defined below) related to their Refresh Rights (as defined below), our revenue may fluctuate and period-to-period revenue comparisons may not be meaningful, and our past results may not be indicative of future performance. We cannot be certain how long these factors may persist. For example, as our existing customers prepare to migrate to RSC, we expect certain of them to consume our solutions through a mix of RSC and CDM-T during which time we will continue recognizing a portion of the associated revenue upfront. These factors make it challenging to forecast our revenue as the mix of solutions and services, the timing of our customers’ RSC transition, as well as the size of contracts, are difficult to predict.

Customers of RSC and our other cloud services need to be able to access our data security solutions at any time, without interruption or degradation of performance, and we provide them with service-level commitments with respect to uptime. We leverage GCP, Azure, and AWS for substantially all of the infrastructure that supports our data security solutions. Our cloud services depend on the cloud infrastructure hosted by these third-party providers to support our configuration, architecture, features, and interconnection specifications, as well as secure the information stored in these virtual data centers, which is transmitted through third-party internet service providers. Any limitation on the capacity of our third-party hosting providers, including due to technical failures, shifts in product

capabilities or licensing models, natural disasters, fraud, or security attacks, could impede our ability to fulfill our current contractual commitments, onboard new customers, or expand the usage of our existing customers, which could adversely affect our business, financial condition, and results of operations.

In addition, third-party cloud providers run their own platforms that we access, and we are, therefore, vulnerable to their service interruptions. We may experience interruptions, delays, and outages in service and availability from time to time as a result of problems with our third-party cloud providers’ infrastructure. Lack of availability of this infrastructure could be due to a number of potential causes that we cannot predict or prevent, including technical failures, natural disasters, fraud, or cyber security attacks. Such outages could lead to the triggering of our service-level commitments and extensions of affected services at no charge to our customers, which may impact our business, financial condition, and results of operations. In addition, if our security, or that of any of these third-party cloud providers, is compromised, our software is unavailable, or our customers are unable to use our software within a reasonable amount of time or at all, our business, financial condition, and results of operations could be adversely affected. In some instances, we may not be able to identify the cause or causes of these performance problems within a period of time acceptable to our customers. It is possible that our customers and potential customers would hold us accountable for any breach of security affecting a third-party cloud provider’s infrastructure, and we may incur significant liability from those customers and from third parties with respect to any breach affecting these systems. We may not be able to recover a material portion of our liabilities to our customers and third parties from a third-party cloud provider. It may also become increasingly difficult to maintain and improve our performance, especially during peak usage times, as our software becomes more complex and the usage of our software increases. Any of the above circumstances or events may harm our business, financial condition, and results of operations.

We may not be able to successfully manage our growth, and if we are not able to grow efficiently, our business, financial condition, and results of operations could be harmed.

As usage and adoption of our platform and data security products grow, we will need to devote additional resources to improving our capabilities, features, and functionality. In addition, we will need to appropriately scale our internal business operations and our services organization to serve our growing customer base. Any failure of or delay in these efforts could result in impaired product performance and reduced customer satisfaction, resulting in decreased sales to new customers, lower average subscription dollar-based net retention rates, or the issuance of service credits or requested refunds, which would hurt our revenue growth and our reputation. Further, any failure in optimizing the costs associated with use of third-party cloud services as we scale could negatively impact our margins. Our expansion efforts will be expensive and complex and will require the dedication of significant management time and attention. We could also face inefficiencies, vulnerabilities, or service disruptions as a result of our efforts to scale our internal infrastructure, which may result in extended outages, loss of customer trust, and harm to our reputation. We cannot be sure that the expansion of and improvements to our internal infrastructure will be effectively implemented on a timely basis, if at all, and such failures could harm our business, financial condition, and results of operations.

The markets in which we participate are competitive, and if we do not compete effectively, our business, financial condition, and results of operations could be harmed.

The data security market is new and intensely competitive, characterized by rapidly changing technology and evolving standards, changing customer requirements, and frequent new product introductions. Our main competitors fall into the following categories:

•

Data management and protection vendors, such as Dell-EMC, IBM, Commvault, Veeam, and Cohesity (Cohesity recently announced its proposed acquisition of Veritas’ data protection business);

•

Cloud and SaaS data management vendors with products that compete in some of our markets; and

•

Vendors that provide cyber/ransomware detection and investigation, security posture management, insider threat detection, data classification, and other data security or data governance technologies.

The principal competitive factors in our industry include product functionality, product integration, platform coverage, ability to scale, price, worldwide sales infrastructure, global technical support, labor and development costs, name recognition, and reputation. The ability to converge data security and data management in a cloud architecture is also a significant competitive factor in our industry. If we are unable to address these factors, our competitive position could weaken, and we could experience a decline in revenue that could adversely affect our business.

Many of our current and potential competitors have longer operating histories and have substantially greater financial, technical, sales, marketing, and other resources than we do, as well as larger installed customer bases, greater name recognition, lower labor and development costs, and broader product solutions, including servers. Some of these competitors can devote greater resources to the development, promotion, sale, and support of their data security products than we can. As a result, these competitors may be able to respond more quickly to new or emerging technologies and changes in customer requirements. For example, many of our competitors are investing in AI technology to improve their data security products, which could enable them to respond more quickly to new or emerging threats and changes in customer requirements.

It is also costly and time-consuming to change data management systems. Most of our new or potential customers have already installed data management systems, which gives an incumbent competitor an advantage in retaining a customer due to significant risk to data continuity from switching vendors. The incumbent competitor already understands the data, applications, network infrastructure, user demands, and information technology needs of the customer, such that some customers are reluctant to invest the time, money, and resources necessary to implement configuration, integration, training, and other operational complexities that arise from another vendor. In addition, for any of our existing customers that have not yet transitioned to RSC, any perceived negative impacts or incremental costs associated with the transition to RSC, or a more rapid transition than planned by the customer, may result in customer dissatisfaction and give our competitors an opportunity to acquire these customers.

Our current and potential competitors may establish cooperative relationships among themselves or with third parties or may merge with each other. If so, new competitors, alliances, or merged entities that include our competitors may emerge that could acquire significant market share. In addition, large operating systems, applications, and cloud vendors have introduced products or functionality that include some of the same functions offered by our data security solutions. In the future, further development by these vendors could cause our data security solutions to become redundant, which could seriously harm our business, financial condition, and results of operations.

In addition, we expect to encounter new competitors, including public cloud providers and SaaS companies that build native data security and management solutions, as we expand in current markets or enter new markets. Furthermore, many of our existing competitors are broadening their operating systems platform coverage. We expect that competition will increase as a result of future software industry consolidation. Increased competition could harm our business by causing, among other things, price reductions of our data security solutions, reduced profitability, and loss of market share.

Market opportunity estimates and growth forecasts included in this prospectus, whether obtained from third-party sources or developed internally, are subject to significant uncertainty and are based on assumptions and estimates that may not prove to be accurate. The data security market is at an early stage and is rapidly evolving. As we are working to create a market for data security from other existing markets that focused on other elements of cybersecurity, our market is at an early stage and rapidly evolving. As a result, the size and future growth of this market are difficult to accurately estimate and subject to change. In addition, third-party estimates of the addressable market for the security and data management sectors reflect the opportunity available from all participants and potential participants, and we cannot predict with precision our ability to address this demand or the extent of market adoption of our platform and data security products. Moreover, the market segments we are targeting may grow at different rates. The variables that go into the calculation of our market opportunity are subject to change over time, and there is no guarantee that any particular number or percentage of addressable businesses covered by our market opportunity estimates will purchase our data security solutions or generate any particular level of revenue for us. Any expansion in our market opportunity depends on a number of factors, including the cost, performance, and perceived value associated with our data security solutions and the products of our competitors. Even if the areas in which we compete achieve the forecasted growth, our business could fail to grow at similar rates, if at all.

There are a limited number of contract manufacturers and original equipment manufacturers of commodity servers that are compatible with our data security solutions, and failure to accurately forecast demand for these commodity servers or successfully manage the relationship with such manufacturers could negatively impact the ability to sell our offerings.

A limited number of Manufacturers produce commodity servers that are compatible with our data security solutions. We do not own or operate any manufacturing facilities and rely on these Manufacturers for such products. These Manufacturers manage the supply chain for these products and, alone or together with us or our distributors and resellers, or Channel Partners, negotiate component costs. Our reliance on Manufacturers and Channel Partners reduces our control over the assembly process, quality assurance, production costs, and product supply. If the relationships with Manufacturers are not properly managed or if Manufacturers experience delays, interruptions, or supply-chain disruptions, including due to international conflicts and geopolitical tensions (such as the imposition of new trade restrictions and tariffs due to escalating tensions, hostilities, or trade disputes), health epidemics or pandemics, new trade laws and regulations, capacity constraints, or quality control problems in their operations, the ability for customers to procure compatible commodity servers could be impaired. If we or our Channel Partners are required to change or qualify a new Manufacturer for any reason, including financial considerations, reduction of manufacturing output made available to us, or the termination of our or our Channel Partners’ contract with the Manufacturers, we may lose revenue, incur increased costs, and our customer relationships may be damaged. In addition, our contract manufacturers may terminate the agreement with us or our Channel Partners with prior notice for reasons such as failure to perform a material contractual obligation.

A large majority of the customer enterprise data we secure relies upon Rubrik-branded Appliances, which are currently built on servers supplied and designed by Super Micro Computer, Inc., or Supermicro. If we are unable to manage our relationship with Supermicro effectively, or if Supermicro suffers delays or disruptions for any reason, experiences increased manufacturing lead-times, capacity constraints, or quality control problems in its manufacturing operations, or fails to meet our requirements for timely delivery, or if Supermicro no longer produces the servers for our Rubrik-branded Appliances,

our end-customer’s ability to procure Rubrik-branded Appliances in a timely manner would be impaired. While customers would have the ability to purchase compatible third-party commodity servers from other OEMs, and we have the ability to qualify new commodity servers for Rubrik-branded Appliances, this may create increased costs or delays for our customers and impact their customer experience, which could negatively impact our sales and our business. See the section titled “Business—Manufacturing” for additional information regarding our contractual relationship with Supermicro.

Certain of our OEMs carry products that compete with our data security solutions and may not continue producing or supporting compatible commodity servers for our customers in the future. We or our Channel Partners provide forecasts and purchase orders to Manufacturers for compatible commodity servers, and these orders may only be rescheduled or canceled under certain limited conditions. If we inaccurately forecast demand for our data security solutions and need for compatible commodity servers, our Manufacturers may have excess or inadequate inventory, and we may incur cancellation charges or penalties, which could adversely impact our operating results. If we experience increased demand for compatible commodity servers, then we, our Channel Partners, or Manufacturers may need to increase component purchases, contract manufacturing capacity, or internal test and quality functions. Our customers’ orders may represent a relatively small percentage of the overall orders received by Manufacturers from their customers. As a result, fulfilling our customers’ orders may not be considered a priority in the event Manufacturers are constrained in their ability to fulfill all of their customer obligations in a timely manner. Although we are transitioning the sale of Rubrik-branded Appliances from us to our contract manufacturers, if Manufacturers are unable to provide adequate supplies of high-quality products, or if we, our Channel Partners, or Manufacturers are unable to obtain adequate quantities of components, or control the costs of components, it could cause a delay in the fulfillment of our customers’ orders, in which case our business, financial condition, and results of operations could be adversely affected.

If customers have not utilized their Subscription Credits before they expire, this could result in customer dissatisfaction and our future results of operations could be harmed.

The customer enterprise data we secure relies upon compatible hardware. Historically, we sold Rubrik-branded Appliances produced by contract manufacturers to our customers. We started transitioning the sale of Rubrik-branded Appliances from us to our contract manufacturers in fiscal 2023 and offered limited-time incentives, or Subscription Credits, upon qualification, to certain existing customers in exchange for historically offered rights to next generation Rubrik-branded Appliances at no cost, which we refer to as Refresh Rights. If customers have not utilized their Subscription Credits before they expire, this could result in customer dissatisfaction or a decision not to purchase our data security solutions, which would have an adverse impact on our results of operations.

We rely on the performance of highly skilled personnel, including senior management and engineering, services, sales, and technology professionals. If we are unable to retain or motivate key personnel or hire, retain, and motivate qualified personnel, our business will be harmed.

We believe our success has depended, and continues to depend, on the efforts and talents of our senior management team, particularly Bipul Sinha, our Chairman of our board of directors, Chief Executive Officer, and co-founder, and Arvind Nithrakashyap, our Chief Technology Officer and co-founder, as well as our other key employees in the areas of research and development and sales and marketing.

From time to time, there may be changes in our senior management team or other key employees resulting from the hiring or departure of these personnel. Our executive officers and certain other key employees are employed on an at-will basis, which means that these personnel could

terminate their employment with us at any time. The loss of one or more of our executive officers, or the failure by our executive team to effectively work with our employees and lead our company, could harm our business. We also are dependent on the continued service of our existing software engineers because of the complexity of our data security solutions. In addition, a significant portion of our software engineers are located in Palo Alto, California and Bangalore, India. These locations offer access to a deep pool of highly skilled professionals, which is crucial for the development and maintenance of our complex data security solutions. However, this concentration also exposes us to potential continuity risk if these specific locations are negatively impacted by unforeseen events, such as natural disasters, political unrest, or disruptions in critical infrastructure.

In addition, to execute our growth plan, we must attract and retain highly qualified personnel. Competition for these personnel is intense, especially for engineers experienced in designing and developing cloud-based infrastructure products, for experienced sales professionals, and for cybersecurity professionals. If we are unable to attract such personnel at appropriate locations, we may need to hire in new regions, which may add to the complexity and costs of our business operations. From time to time, we have experienced, and we expect to continue to experience, difficulty in hiring and retaining employees with appropriate qualifications. Many of the companies with which we compete for experienced personnel have greater resources than we have. As has occurred in the past, if we hire employees from competitors or other companies, their former employers may attempt to assert that these employees or we have breached certain legal obligations, resulting in a diversion of our time and resources. In addition, prospective and existing employees often consider the value of the equity awards they receive in connection with their employment. If the perceived value of our equity awards declines, experiences significant volatility, or increases such that prospective employees believe there is limited upside to the value of our equity awards, it may adversely affect our ability to recruit and retain employees. If we fail to attract new personnel or fail to retain and motivate our current personnel, our business and growth prospects would be harmed.

We derive substantially all of our revenue from our data security platform. Failure of our platform to satisfy customer demands or achieve continued market acceptance over competitors would harm our business, financial condition, results of operations, and growth prospects.

We derive substantially all of our revenue from our platform, and we have directed, and intend to continue to direct, a significant portion of our financial and operating resources to developing more features and functionality for our platform.

Our growth will depend in large part on our ability to attract new customers and expand sales to existing customers, expand the features and functionality of our platform, hire sufficient sales personnel to support our growth, and decrease the ramp time for our sales personnel. In addition, the success of our business is substantially dependent on the actual and perceived viability, benefits, and advantages of our platform as a preferred provider for data security. As such, market adoption of our platform and data security products is critical to our continued success. Demand for our platform and data security products is affected by a number of factors, including increased market acceptance by new and existing customers, increased activity by or prevalence of cybersecurity bad actors, including the use of ransomware, effectiveness of our sales and marketing strategy, the extension of our platform to new applications and use cases, the timing of development and release of new capabilities by us and our competitors, technological change, and growth or contraction of the market in which we compete. Failure to successfully address or account for these factors, satisfy customer demands, achieve continued market acceptance over competitors, and achieve growth in sales of our data security products would harm our business, financial condition, results of operations, and growth prospects.

We expect fluctuations in our financial results, making it difficult to project future results, and if we fail to meet the expectations of securities analysts or investors with respect to our results of operations, our stock price and the value of your investment could decline.

Our results of operations have fluctuated in the past and are expected to fluctuate in the future due to a variety of factors, many of which are outside of our control. As a result, our past results may not be indicative of our future performance. In addition to the other risks described herein, factors that may affect our results of operations include:

•

changes in our revenue mix;

•

changes in actual and anticipated growth rates of our revenue, customers, and key operating metrics;

•

fluctuations in demand for or pricing of our data security solutions;

•

our ability to attract new customers;

•

the level of awareness and prevalence of cybersecurity threats, particularly advanced cyberattacks and ransomware attacks;

•

timing of our existing customers’ transition to RSC, including the impact on our revenue recognition and customer retention and expansion;

•

our ability to retain our existing customers, particularly large customers, and secure renewals of subscriptions, as well as the timing of customer renewals or non-renewals;

•

the pricing and quantity of subscriptions renewed, as well as our ability to accurately forecast customer expansions and renewals;

•

downgrades in customer subscriptions;

•

customers and potential customers opting for alternative data security solutions, including developing their own in-house solutions;

•

timing and amount of our investments to expand the capacity of our third-party cloud service providers;

•

seasonality in sales, results of operations, and remaining performance obligations;

•

investments in new data security products, including protection of new enterprise, cloud and SaaS applications, new features, and functionality;

•

fluctuations or delays in development, release, or adoption of new features and functionality for our data security solutions;

•

delays in closing sales, including the timing of renewals, which may result in revenue being pushed into the next fiscal quarter, particularly because a large portion of our sales occur toward the end of each fiscal quarter;

•

fluctuations or delays in purchasing decisions in anticipation of new data security products or enhancements by us or our competitors;

•

changes in customers’ budgets, the timing of their budget cycles and purchasing decisions, and payment schedules;

•

our customers’ ability to procure Rubrik-branded Appliances or compatible commodity servers from Manufacturers;

•

the number of qualified customers that elect to utilize their Subscription Credits before they expire;

•

our ability to control costs, including hosting costs and our operating expenses;

•

the amount and timing of payment for operating expenses, particularly research and development and sales and marketing expenses, including commissions;

•

timing of hiring personnel for our research and development and sales and marketing organizations;

•

the amount and timing of non-cash expenses, including stock-based compensation expense and other non-cash charges;

•

the amount and timing of costs associated with recruiting, educating, and integrating new employees and retaining and motivating existing employees;

•

the effects of acquisitions and their integration;

•

general economic conditions, both domestically and internationally, as well as economic conditions specifically affecting industries in which our customers participate;

•

fluctuations in foreign currency exchange rates;

•

the impact of new accounting pronouncements;

•

changes in regulatory or legal environments that may cause us to incur, among other things, expenses associated with compliance;

•

the impact of changes in tax laws or judicial or regulatory interpretations of tax laws, which are recorded in the period such laws are enacted or interpretations are issued and may significantly affect the effective tax rate of that period and following periods;

•

health epidemics or pandemics, such as the COVID-19 pandemic;

•

changes in the competitive dynamics of our market, including consolidation among competitors or customers; and

•

significant security incidents related to, technical difficulties with, or interruptions to, the delivery and use of our data security solutions.

Any of these and other factors, or the cumulative effect of some of these factors, may cause our results of operations to vary significantly. If our quarterly results of operations fall below the expectations of investors and securities analysts who follow our stock, the price of our Class A common stock could decline substantially, and we could face costly lawsuits, including securities class action suits.

In addition, while we recognize our SaaS subscription revenue ratably over the term of the subscription, our customers typically pay us for new multi-year subscriptions upfront and then annually upon one-year renewals. Recently, due to the growth in our SaaS product offerings, changes in our customer mix, and the uncertain macroeconomic environment, we have experienced an increase in customers electing annual or consumption payments instead of multi-year upfront payments, which has caused and may continue to cause volatility in our period over period cash flow and may have an adverse effect on our business and results of operations.

Our ability to introduce new data security products and features is dependent on adequate research and development resources and our ability to successfully complete acquisitions. If we do not adequately fund our research and development efforts or complete acquisitions successfully, we may not be able to compete effectively, and our business and results of operations may be harmed.

To remain competitive, we must continue to offer new data security products and enhancements to our platform and existing solutions. This is particularly true as we further expand and diversify our capabilities. Maintaining adequate research and development resources, such as the appropriate

personnel and development technology, to meet the demands of the market is essential. If we elect not to or are unable to develop solutions internally due to certain constraints, such as high employee turnover, lack of management ability, or a lack of other research and development resources, we may choose to expand into a certain market or strategy via an acquisition for which we could potentially pay too much or fail to successfully integrate into our operations. Further, many of our competitors expend a considerably greater amount of funds on their respective research and development programs, and those that do not may be acquired by larger companies that would allocate greater resources to our competitors’ research and development programs. Our failure to maintain adequate research and development resources or to compete effectively with the research and development programs of our competitors would give an advantage to such competitors, and our business, financial condition, and results of operations could be adversely affected. Moreover, there is no assurance that our research and development or acquisition efforts will successfully anticipate market needs and result in significant new marketable solutions or enhancements to our solutions, design improvements, cost savings, revenues, or other expected benefits. If we are unable to generate an adequate return on such investments, we may not be able to compete effectively, and our business and results of operations may be adversely affected.

We depend and rely on SaaS technologies from third parties to operate our business, and interruptions or performance problems with these technologies may adversely affect our business and results of operations.

We rely on hosted SaaS applications from third parties in order to operate critical functions of our business, including enterprise resource planning, order management, billing, project management, human resources, technical support, accounting, and other operational activities. If these services become unavailable due to extended outages, interruptions, or because they are no longer available on commercially reasonable terms, our expenses could increase, our ability to manage finances could be interrupted, and our processes for managing sales of our data security solutions and supporting our customers could be impaired until equivalent services, if available, are identified, obtained, and implemented, all of which could adversely affect our business and results of operations.

If we are unable to maintain successful relationships with our Channel Partners and technology alliance partners, or if our Channel Partners or technology alliance partners fail to perform, our ability to market, sell, and distribute our data security solutions will be limited, and our business, financial condition, and results of operations will be harmed.

In addition to our sales force, we rely on our Channel Partners, which include our distributors and resellers, to sell and support our data security solutions. A vast majority of sales of our data security solutions flow through our Channel Partners with the support of our sales force. Our three largest Channel Partners, Arrow Enterprise Computing Solutions, Exclusive Networks, and Ingram Micro Inc., and their respective affiliates collectively generated approximately 79% and 76% of our revenue for fiscal 2023 and fiscal 2024, respectively. Our agreements with our Channel Partners, including our agreements with our three largest Channel Partners, are non-exclusive, renew automatically in one-year term increments, and may be terminated by either party at any time. Further, our Channel Partners fulfill our sales on a purchase order basis and do not impose minimum purchase requirements or related terms on sales. Our Channel Partners enable us to extend our reach, in particular with smaller customers and in geographies where we have less sales presence. Additionally, we have entered, and intend to continue to enter, into technology alliance partnerships with third parties to support our future growth plans. For example, through our alliance with Microsoft Corporation, and along with our mutual go-to-market obligations, we have committed to spend $220 million over the course of up to 10 years for the use of Azure for our data security solutions and preferentially offer public cloud functionality for Azure to our customers.

For fiscal 2023 and fiscal 2024, we derived a substantial amount of our revenue from sales through Channel Partners, and we expect to continue to derive a substantial amount of our revenue from Channel Partners in future periods. Our agreements with our Channel Partners are generally non-exclusive and

do not prohibit them from working with our competitors or offering competing products, and many of our Channel Partners may have more established relationships with our competitors. If our Channel Partners choose to place greater emphasis on solutions other than our own, fail to effectively market and sell our data security solutions, or fail to meet the needs of our customers, then our ability to grow our business and sell our data security solutions may be adversely affected. In addition, the loss of one or more of our larger Channel Partners or technology alliance partners, who may cease marketing our data security solutions with limited or no notice, and any inability to replace them, could adversely affect our business, financial condition, and results of operations. Moreover, our ability to expand our distribution channels depends in part on our ability to maintain successful relationships with our Channel Partners and educate and train our current and future Channel Partners about our data security solutions, which can be complex. If we fail to effectively manage our existing sales channels, or if our Channel Partners are unsuccessful in fulfilling the orders for our data security solutions, or if we are unable to enter into arrangements with, and retain a sufficient number of, high quality Channel Partners in each of the regions in which we sell data security solutions and keep them motivated to sell our data security solutions, our business, financial condition, and results of operations will be harmed. Even if we are successful, these relationships may not result in greater customer usage of our data security products or increased revenue. Our ability to influence, or have visibility into, the actions or efforts of our Channel Partners may be limited. If our partners, including our Channel Partners, fail to comply with applicable law, including anti-corruption, antitrust, or competition laws, or engage in activities that result in or may result in liability, we may also be adversely affected through reputational harm, as well as other negative consequences, including litigation, government investigations and penalties.

In addition, the financial health of our Channel Partners and our continuing relationships with them are important to our success. Some of these Channel Partners may be unable to withstand adverse changes in economic conditions, including the current macroeconomic uncertainty, which could result in insolvency or the inability of such Channel Partners to obtain credit to finance purchases of our data security solutions and services. In addition, weakness in the end-user market could negatively affect the cash flows of our Channel Partners who could, in turn, delay paying their obligations to us, which would increase our credit risk exposure. Our business could be harmed if the financial condition of some of these Channel Partners substantially weakened, and we were unable to timely secure replacement Channel Partners.

If we do not effectively expand and train our sales force, we may be unable to add new customers or retain and increase sales to our existing customers, and our business will be adversely affected.

We depend on our sales force to obtain new customers and retain and increase sales with existing customers. Our ability to achieve significant revenue growth will depend, in large part, on our success in recruiting, training, and retaining sufficient numbers of sales personnel. We have expanded our sales organization significantly in recent periods and expect to continue to add additional sales capabilities in the near term. There is significant competition for sales personnel with the skills and technical knowledge that we require. New hires require significant training and may take significant time before they achieve full productivity, and this delay is accentuated by our long sales cycles. Our recent hires and planned hires may not become productive as quickly as we expect, and we may be unable to hire or retain sufficient numbers of qualified individuals in the markets where we do or plan to do business. In addition, a large percentage of our sales force is new to our company and selling our data security solutions, and therefore, this group may be less effective than our more seasoned sales personnel. Furthermore, hiring sales personnel in new countries, or expanding our existing presence, requires upfront and ongoing expenditures that we may not recover if the sales personnel fail to achieve full productivity. We may also incur additional compensation and training costs for our sales force, including as part of sales incentive realignment, as we work to migrate existing customers to RSC while ensuring retention and expansion. These additional costs may be higher than we expect

depending on timing to complete the transition to RSC and any unforeseen challenges that arise, including due to additional costs faced by customers. Moreover, we could face challenges in our ability to retain sales personnel if the migration to RSC results in the loss of existing customers. We cannot predict whether, or to what extent, our sales will increase as we expand our sales force or how long it will take for sales personnel to become productive. If we are unable to hire and train a sufficient number of effective sales personnel, or the sales personnel we hire are not successful in obtaining new customers or retaining and increasing sales to our existing customer base, our business, financial condition, and results of operations will be adversely affected.

Our sales cycles can be long and unpredictable, and our sales efforts require considerable time and expense.

Our revenue may fluctuate because of the length and unpredictability of the sales cycle for our data security solutions, particularly with respect to large organizations and government entities. For example, in light of current macroeconomic conditions, we have observed a lengthening of our sales cycles, which may be attributed to higher cost-consciousness around information technology budgets. Customers often view the subscription to our platform as a significant strategic decision and, as a result, frequently require considerable time to evaluate, test, and qualify our platform, including from a security and privacy perspective, prior to entering into or expanding a relationship with us. Large enterprises and government entities in particular often undertake a significant evaluation process that further lengthens our sales cycle. Additionally, RSC and other SaaS solutions may elongate our sales cycles as a result of additional customer security and privacy evaluations.

Our sales team develops relationships with our customers and works with our Channel Partners on account penetration, account coordination, sales, and overall market development. We spend substantial time and resources on our sales efforts without any assurance that our efforts will produce a sale. Data security product purchases are frequently subject to budget constraints, multiple approvals, and unanticipated administrative, processing, and other delays. As a result, it is difficult to predict whether and when a sale will be completed.

If we fail to adapt and respond effectively to rapidly changing technology, evolving industry standards, changing regulations, or to changing customer needs, requirements, or preferences, our data security solutions may become less competitive.

Our ability to attract new users and customers and increase revenue from existing customers depends in large part on our ability to enhance, improve, and differentiate our existing offering, increase adoption and usage of our data security solutions, and introduce new data security products and capabilities. The market in which we compete is relatively new and subject to rapid technological change, evolving industry standards, and changing regulations, as well as changing customer needs, requirements, and preferences. The success of our business will depend, in part, on our ability to adapt and respond effectively to these changes on a timely basis. Because the market for our data security solutions is relatively new, it is difficult to predict customer adoption, increased customer usage and demand for our data security solutions, the size and growth rate of this market, the entry of competitive products, or the success of existing competitive products. If we are unable to enhance our data security solutions and keep pace with rapid technological change, or if new technologies emerge that are able to deliver competitive products at lower prices, more efficiently, more conveniently, or more securely than our data security solutions, our business, financial condition, and results of operations could be adversely affected.

To remain competitive, we need to continuously modify and enhance our data security solutions to adapt to changes and innovation in existing and new technologies. We expect that we will need to continue to differentiate our data management and data security capabilities, as well as expand and

enhance our data security solutions to support a variety of use cases. This development effort will require significant engineering, sales, and marketing resources. Any failure to effectively offer data security solutions for these adjacent use cases could reduce customer demand for our platform. Further, our data security solutions must also integrate with a variety of network, commodity appliance, mobile, cloud, and software platforms and technologies, and we need to continuously modify and enhance our data security solutions to adapt to changes and innovation in these technologies. This development effort may require significant investment in engineering, support, marketing, and sales resources, all of which would affect our business and results of operations. Any failure of our data security solutions to operate effectively with widely adopted data infrastructure platforms, applications, and technologies would reduce the demand for our data security solutions. If we are unable to respond to customer demand in a cost-effective manner, our data security solutions may become less marketable and less competitive or obsolete, and our business, financial condition, and results of operations could be adversely affected.

The competitive position of our data security solutions depends in part on their ability to operate with third-party products and services, including those of our technology alliance partners, and if we are not successful in maintaining and expanding the compatibility of our data security solutions with such products and services, our business may be harmed.

The competitive position of our data security solutions depends in part on their ability to operate with products and services of third parties, including software companies, software services, and infrastructure, and our data security solutions must be continuously modified and enhanced to adapt to changes in commodity appliance, software, networking, browser, and database technologies. In the future, one or more technology companies, whether our technology alliance partners or otherwise, may choose not to support the operation of their software, software services, and infrastructure with our data security solutions, or our data security solutions may not support the capabilities needed to integrate with such software, software services, and infrastructure. In addition, to the extent that a third party were to develop software or services that compete with ours, that provider may choose not to support our offering. We intend to facilitate the compatibility of our platform with various third-party software, software services, and infrastructure offerings by maintaining and expanding our business and technical relationships. If we are not successful in achieving this goal, our business, financial condition, and results of operations may be harmed.

Incorrect or improper implementation or use of our data security solutions could result in customer dissatisfaction and harm our business, financial condition, and results of operations.

Our data security solutions are deployed in a wide variety of IT infrastructures, including large-scale, complex technology environments, and we believe our future success will depend, at least in part, on our ability to support such deployments. Implementations of our data security solutions may be technically complicated, and it may not be easy to maximize the value of our data security solutions without proper implementation, training, and support. Some of our customers have experienced difficulties implementing our data security solutions in the past and may experience implementation difficulties in the future. If we or our customers are unable to implement our data security solutions successfully, customer perceptions of our data security solutions may be impaired, our reputation and brand may suffer, or customers may choose not to renew their subscriptions or purchase additional data security products from us.

Any failure by customers to appropriately implement our data security solutions or any failure of our data security solutions to effectively integrate and operate within our customers’ data management infrastructure could result in customer dissatisfaction, impact the perceived reliability of our data security solutions, result in negative press coverage, negatively affect our reputation, and harm our business, financial condition, and results of operations.

We use third-party open-source software in our data security solutions, which could negatively affect our ability to sell our data security solutions or subject us to litigation or other actions.

Our data security solutions include third-party open-source software, and we intend to continue to incorporate third-party open-source software in our data security solutions in the future. There is a risk that the use of third-party open-source software in our software could impose conditions or restrictions on our ability to monetize our software or require making available the source code of all or part of our software that include, incorporate or rely upon such open-source software. Although we have internal policies in place designed to monitor the incorporation of open-source software into our data security solutions to avoid such restrictions, we cannot be certain that we have not incorporated open-source software in our data security solutions in a manner that is inconsistent with our licensing model or the licensing terms of any such open-source software. Certain open-source projects also incorporate other open-source software and there is a risk that those dependent open-source libraries may be subject to inconsistent licensing terms that affect our ability to use the software. This could create further uncertainties as to the governing terms for the open-source software we incorporate.

In addition, the terms of certain open-source licenses to which we are subject have not been interpreted by U.S. or foreign courts, and there is a risk that open-source software licenses could be construed in a manner that imposes unanticipated restrictions or conditions on our use of such software. Additionally, we may from time to time face claims from third parties claiming ownership of, or demanding release of, the software or derivative works that we developed using such open-source software, which could include proprietary portions of our source code, or otherwise seeking to enforce the terms of the open-source licenses. These claims could result in litigation and could require us to make those proprietary portions of our source code freely available, purchase a costly license or cease offering the implicated software or services unless and until we can re-engineer them to avoid infringement. This re-engineering process could require significant additional research and development resources, and we may not be able to complete it successfully.

In addition to risks related to license requirements, use of third-party open-source software can lead to greater risks than use of third-party commercial software, as open-source licensors generally do not provide warranties. Use of open-source software may also introduce security risks as it may contain security vulnerabilities, and hackers and other third parties may exploit the public availability of such open-source software to determine how to compromise our data security solutions.

In addition, licensors of open-source software included in our data security solutions may, from time to time, modify the terms of their license agreements applicable to any updates in such a manner that those license terms may include restrictions that make the use of such software incompatible with our business, and thus could, among other consequences, prevent us from using or incorporating new updates of such software that are subject to the modified license.

In addition, any source code that we contribute to open-source projects becomes publicly available, subject to the relevant open source license. As a result, our ability to protect some of our intellectual property rights in such source code may be limited or lost entirely, and we would be unable to prevent our competitors or others from using such contributed source code in accordance with the relevant open source license.

Any of these risks could be difficult to eliminate or manage, and if not addressed, could have a negative effect on our business, financial condition, and results of operations.

Our success depends, in part, on the integrity and scalability of our systems and infrastructures. System interruption or delays from third-party data center hosting facilities and the lack of integration, redundancy, and scalability in our systems and infrastructures could impair the delivery of our data security solutions and harm our business.

Our success depends, in part, on our ability to maintain the integrity of our systems and infrastructure, including websites, information, and related systems. System interruption and the lack of integration and sufficient redundancy in our information systems and infrastructures may harm our ability to operate websites, respond to customer inquiries, and generally maintain cost-efficient operations. We may experience occasional system interruptions that make some or all systems or data unavailable or prevent us from efficiently providing data security solutions.

We currently utilize third-party data center hosting facilities located in the United States and internationally, including North America, EMEA (Europe, the Middle East, and Africa), and Asia. Any damage to, or failure of, the data facilities generally could result in interruptions in our data security solutions. As we continue to add data center hosting facilities and add capacity in our existing data facilities, we may move or transfer our data and our customers’ data. Despite precautions taken during this process, any unsuccessful data transfers may impair the delivery of our data security solutions. We also rely on affiliate and third-party computer systems, broadband, and other communications systems and service providers in connection with the provision of services generally, as well as to facilitate, process, and fulfill transactions. Interruptions in our data security solutions may reduce our revenue, cause us to issue credits or pay penalties, cause customers to terminate their subscriptions or data security solutions contracts, or harm our renewal rates or our ability to attract new customers. Our business will also be harmed if our customers and potential customers believe our data security solutions are unreliable.

Fire, flood, power loss, telecommunications failure, hurricanes, tornadoes, earthquakes, acts of war or terrorism, acts of God, and similar events or disruptions may damage or interrupt computer, broadband, or other communications systems and infrastructures at any time. Any of these events could cause system interruption, delays, and loss of critical data, and could prevent us from providing our data security solutions. While we have backup systems for certain aspects of our operations, disaster recovery planning by its nature cannot be sufficient for all eventualities. In addition, we may not have adequate insurance coverage to compensate for losses from a major interruption. As we continue to expand the number of our customers and data security solutions products available to our customers, we may not be able to scale our technology to accommodate the increased capacity requirements, which may result in interruptions or delays in data security solutions. If any of these events were to occur, it could harm our business, financial condition, and results of operations.

We rely on software licensed from other parties. Defects in or the loss of software from third parties could increase our costs and harm the quality of our data security solutions.

Components of our data security solutions include or rely upon software licensed from third parties. Our business could be disrupted if any of the software we license from others and functional equivalents thereof were either no longer available to us or no longer offered on commercially reasonable terms. In either case, we may be required to either redesign our data security solutions to function with software available from other parties or develop these components ourselves, which would result in increased costs and could result in delays in the release of new data security solutions. Furthermore, we might be forced to limit the features available in our current or future data security solutions. If we fail to maintain or renegotiate any of these software licenses, we could face significant delays and diversion of resources in attempting to license and integrate functional equivalents. While we believe that in most cases there are commercially reasonable alternatives to the third-party software we currently license, this may not always be the case, or it may be time consuming or expensive to replace existing third-party software or find a replacement third-party provider. Our use of additional or alternative third-party software or third-party

providers would require us to enter into license agreements with third parties, and we may not be able to enter into such agreements on advantageous terms.

We are subject to governmental export and import controls and economic sanctions laws and regulations that could impair our ability to compete in international markets or subject us to liability and reputational harm if we violate the controls.

Our data security solutions are subject to U.S. export controls, including the Export Administration Regulations, and we incorporate encryption technology into our data security solutions. Our data security solutions and the underlying technology may be exported outside of the United States only in compliance with the required export authorizations, including by license, applicability of a license exception, or other appropriate government authorizations, including the filing of an encryption classification request or self-classification report, as applicable. Obtaining the necessary export license or other authorization for a particular sale may be time-consuming and may result in the delay or loss of sales opportunities.

Furthermore, we are required to comply with economic and trade sanctions laws and regulations of the countries where we do business, including those administered and enforced by the U.S. government (including through the Office of Foreign Assets Control of the U.S. Treasury Department and the U.S. Department of State). These economic and trade sanctions prohibit or restrict the provisions of products and services to embargoed jurisdictions or sanctioned persons, unless otherwise authorized.

While we have taken certain precautions to prevent our data security solutions from being provided in violation of trade controls and are in the process of enhancing our policies and procedures relating to trade controls, our data security solutions may have been in the past, and could in the future be, provided inadvertently and without our knowledge in violation of such laws. Violations of U.S. trade controls can result in significant fines or penalties and possible criminal liability for responsible employees and managers, in addition to potential reputational harm.

If our partners, including our Channel Partners, fail to obtain appropriate import, export, or re-export licenses or permits, we may also be adversely affected through reputational harm, as well as other negative consequences, including government investigations and penalties.

Also, various countries, in addition to the United States, regulate the import and export of certain encryption and other technology, including import and export licensing requirements, and have enacted laws that could limit our ability to distribute our data security solutions or could limit our customers’ ability to implement our data security solutions in those countries. Changes in our data security solutions or future changes in export and import regulations may create delays in the introduction of our data security solutions in international markets, prevent our customers with international operations from deploying our data security solutions globally or, in some cases, prevent the export or import of our data security solutions to certain countries, governments, or persons altogether. From time to time, various governmental agencies have proposed additional regulation of encryption technology.

Any change in export or import regulations, economic sanctions, or related laws or regulations, or change in the countries, governments, persons, or technologies targeted by such regulations, could result in decreased use of our data security solutions by, or in our decreased ability to export or sell our data security solutions to, existing or potential customers with international operations. Any decreased use of our data security solutions or limitation on our ability to export or sell our data security solutions would adversely affect our business, financial condition, results of operations, and growth prospects.

We are subject to anti-corruption, anti-bribery, and similar laws, and non-compliance with such laws can subject us to criminal or civil liability and harm our business, financial condition, and results of operations.

We are subject to the U.S. Foreign Corrupt Practices Act, or FCPA, U.S. domestic bribery laws, the UK Bribery Act, and other anti-corruption and anti-boycott laws in the countries in which we

conduct activities. Anti-corruption and anti-bribery laws have been enforced aggressively in recent years and are interpreted broadly to generally prohibit companies, their employees, and their third-party intermediaries from authorizing, offering, or providing, directly or indirectly, improper payments or benefits to recipients in the public or private sector. As a public company, the FCPA separately requires that we keep accurate books and records and maintain internal accounting controls sufficient to assure management’s control, authority, and responsibility over our assets. As we engage in and increase our international sales and business and sales to the public sector, we may engage with business partners and third-party intermediaries, including Channel Partners, to market and sell our data security solutions and to obtain necessary permits, licenses, and other regulatory approvals. In addition, we or our third-party intermediaries may have direct or indirect interactions with officials and employees of government agencies or state-owned or affiliated entities. We can be held liable for the corrupt or other illegal activities of these third-party intermediaries, our employees, representatives, contractors, partners, and agents, even if we do not explicitly authorize such activities.

While we have policies and procedures and conduct training designed to address compliance with such laws, our employees and agents may take actions in violation of our policies and applicable law, for which we may be ultimately held responsible. As we increase our international sales and business, our risks under these laws may increase.

Detecting, investigating, and resolving actual or alleged violations of anti-corruption laws can require a significant diversion of time, resources, and attention from senior management. In addition, noncompliance with anti-corruption, anti-bribery, or anti-boycott laws could subject us to whistleblower complaints, investigations, sanctions, settlements, prosecution, enforcement actions, fines, damages, other civil or criminal penalties or injunctions, suspension, or debarment from contracting with certain persons, reputational harm, adverse media coverage, and other collateral consequences. If any subpoenas or investigations are launched, or governmental or other sanctions are imposed, or if we do not prevail in any possible civil or criminal proceeding, our business, financial condition, and results of operations could be harmed. In addition, responding to any action will likely result in a materially significant diversion of management’s attention and resources and significant defense costs and other professional fees.

Downturns or upturns in our sales may not be immediately reflected in our financial condition and results of operations.

We recognize a significant portion of our revenue ratably over the term of subscriptions to our data security solutions. As a result, any decreases in new subscriptions or renewals in any one period may not immediately be fully reflected as a decrease in revenue for that period but would negatively affect our revenue in future quarters. This also makes it difficult for us to rapidly increase our revenue through the sale of additional subscriptions in any period. If our quarterly results of operations fall below the expectations of investors and securities analysts who follow our stock, the price of our Class A common stock would decline substantially, and we could face costly lawsuits, including securities class actions.

Seasonality may cause fluctuations in our revenue and related metrics.

Historically, we have experienced seasonality in revenue and related metrics, as we typically sell a higher percentage of subscriptions to new customers, and expansion and renewal subscriptions with existing customers in the fourth quarter of our fiscal year. We believe that this results from the procurement, budgeting, and deployment cycles of many of our customers, particularly our enterprise customers. We expect that this seasonality may continue to affect our revenue and related metrics in the future and might become more pronounced as we continue to target enterprise customers.

Our subscription annual recurring revenue, or Subscription ARR, cloud annual recurring revenue, or Cloud ARR, and certain other operational data in this prospectus are operating metrics that are subject to assumptions and limitations, including that the factors that impact Subscription ARR will vary from those that impact subscription revenue. As such, these metrics may not provide an accurate indication of our actual performance or our future results.

Subscription ARR, Cloud ARR, and other operational metrics are based on numerous assumptions and limitations, are calculated using our internal data from non-financial systems, have not been independently verified by third parties, and may not accurately reflect actual results nor provide an accurate indication of future or expected results. Further, the definitions and assumptions for these metrics may differ from those calculated by other businesses. Subscription ARR and Cloud ARR are not proxies for revenue or forecasts of revenue, and do not reflect any anticipated reductions in contract value due to contract non-renewals or service cancellations. In addition, the factors that impact Subscription ARR will vary from those that impact subscription revenue in a given period. As a result, Subscription ARR, Cloud ARR, and our other operational data may not accurately reflect our actual performance, and investors should consider these metrics in light of the assumptions and processes used in calculating such metrics and the limitations as a result thereof. Investors should not place undue reliance on these metrics as an indicator of our future or expected results. Moreover, these metrics may differ from similarly titled metrics presented by other companies and may not be comparable to such other metrics. See the section titled “Management’s Discussion and Analysis of Financial Condition and Results of Operations—Key Business Metrics” for additional information regarding Subscription ARR, Cloud ARR, and other operational metrics.

We will face risks associated with the growth of our business with certain heavily regulated industry verticals.

We market and sell our data security solutions to customers in heavily regulated industry verticals, including the banking, healthcare, and financial services industries. As a result, we face additional regulatory scrutiny, risks, and burdens from the governmental entities and agencies that regulate those industries. Entering new heavily regulated verticals and expanding in those verticals in which we are already operating will continue to require significant resources to address potential regulatory scrutiny, risks, and burdens, and there is no guarantee that such efforts will be successful or beneficial to us. If we are unable to successfully penetrate these verticals, maintain our market share in such verticals in which we already operate, or cost-effectively comply with governmental and regulatory requirements applicable to our activities with customers in such verticals, our business, financial condition, and results of operations may be harmed.

Sales to government entities are subject to a number of challenges and risks.

We sell to U.S. federal, state, and local, as well as foreign governmental agency customers. Sales to such entities are subject to a number of challenges and risks. Selling to such entities can be highly competitive, expensive, and time-consuming, often requiring significant upfront time and expense without any assurance that these efforts will generate a sale. Government contracting requirements may change and in doing so restrict our ability to sell into the government sector until we have obtained any required government certifications. Further, achieving and maintaining government certifications, such as U.S. Federal Risk and Authorization Management Program, or FedRAMP, certification for our data security solutions, may require significant upfront and ongoing cost, time, and resources. If we do not obtain and maintain FedRAMP certification for our data security solutions, we may not be able to sell certain solutions to the U.S. federal government and public sector customers as well as eligible private sector customers that require such certification for their intended use cases, which could harm our growth, business, and results of operations. This may also harm our competitive position against larger enterprises whose competitive data security solutions are certified. Further,

there can be no assurance that we will secure commitments or contracts with government entities even following such certifications, which could harm our margins, business, financial condition, and results of operations. Government demand and payment for our data security solutions are affected by public sector budgetary cycles and funding authorizations, with funding reductions or delays adversely affecting public sector demand for our data security solutions.

Further, governmental entities may demand contract terms that differ from our standard arrangements and are less favorable than terms agreed with private sector customers. Such entities may have statutory, contractual, or other legal rights to terminate contracts with us or our Channel Partners for convenience or for other reasons. Any such termination may adversely affect our ability to contract with other government customers as well as our reputation, business, financial condition, and results of operations. Governments routinely investigate and audit government contractors’ administrative processes, and any unfavorable audit could result in the government refusing to continue buying our subscriptions, a reduction of revenue, or fines or civil or criminal liability if the audit uncovers improper or illegal activities, which could adversely affect our business, financial condition, results of operations, and reputation.

Our customers also include certain non-U.S. governments, to which government procurement law risks similar to those present in U.S. government contracting also apply, particularly in certain emerging markets where our customer base is less established. In addition, compliance with complex regulations and contracting provisions in a variety of jurisdictions can be expensive and consume significant management resources. In certain jurisdictions, our ability to win business may be constrained by political and other factors unrelated to our competitive position in the market. These difficulties could harm our business, financial condition, and results of operations.

In October 2023, we received a grand jury subpoena from the Department of Justice, U.S. Attorney’s Office for the District of Maryland, or the DOJ, which requested information regarding two specific companies, which we subsequently learned were associated with an employee from one of our sales teams who is no longer with the company. We are fully cooperating with this investigation and have been conducting our own thorough internal investigation. In the course of our internal investigation, we have discovered communications among certain employees within one of our sales teams, including such former Rubrik employee, that relate to potential violations of federal law in connection with government contracts, and are similarly cooperating with the DOJ with respect to these matters. These investigations are ongoing, and we do not know when they will be completed, the entirety of facts we will ultimately discover as a result of the investigations, or what actions the government may or may not take. Because we cannot predict the outcome of these investigations, we are not able to provide an estimate of any possible consequences. A negative outcome in any or all of these matters could cause us to incur substantial fines, penalties, or other financial exposure, as well as reputational harm and exclusion from future contracting with the federal government.

Acquisitions, strategic investments, joint ventures, or alliances could be difficult to identify, pose integration challenges, divert the attention of management, disrupt our business and culture, dilute stockholder value, and adversely affect our business, financial condition, and results of operations.

We have in the past and may in the future seek to acquire or invest in businesses, joint ventures, products and platform capabilities, technologies, or technical know-how that we believe could complement or expand our platform capabilities, enhance our technical capabilities, or otherwise offer growth opportunities. Further, our anticipated proceeds from this offering increase the likelihood that we will devote resources to exploring larger and more complex acquisitions and investments than we have previously attempted. Any such acquisition or investment may divert the attention of management and cause us to incur various expenses in identifying, investigating, and pursuing suitable opportunities,

whether or not the transactions are completed, and may result in unforeseen operating difficulties and expenditures. In particular, we may encounter difficulties assimilating or integrating the businesses, technologies, products and platform capabilities, personnel, or operations of any acquired companies, particularly if the key personnel of an acquired company choose not to work for us, their software is not easily adapted to work with our data security solutions, or we have difficulty retaining the customers of any acquired business due to changes in ownership, management, or otherwise. These transactions may also disrupt our business, divert our resources, and require significant management attention that would otherwise be available for development of our existing business. We may also have difficulty establishing our company values with personnel of acquired companies, which may negatively impact our culture and work environment. Any such transactions that we are able to complete may not result in any synergies or other benefits we had expected to achieve, which could result in impairment charges that could be substantial. In addition, we may not be able to find and identify desirable acquisition targets or business opportunities or be successful in entering into an agreement with any particular strategic partner. These transactions could also result in dilutive issuances of equity securities or the incurrence of debt, which could adversely affect our results of operations. In addition, if the resulting business from such a transaction fails to meet our expectations, our business, financial condition, and results of operations may be adversely affected, or we may be exposed to unknown risks or liabilities.

Any inability to maintain a high-quality customer support organization could lead to a lack of customer satisfaction, which could hurt our customer relationships and have an adverse effect on our business, financial condition, and results of operations.

Once our data security solutions are deployed, customers rely on our technical support services to assist with service customization and optimization and to resolve certain issues relating to the implementation and maintenance of our data security solutions. Customers also rely on our or our Channel Partners’ support personnel to resolve issues and realize the full benefits that our solutions provide. If we or our Channel Partners do not effectively assist customers in deploying our data security solutions, succeed in helping customers quickly resolve technical issues or provide effective ongoing support, our ability to sell additional data security solutions as part of our platform to existing customers would be adversely affected, and our reputation with potential customers could be damaged.

In addition, our sales process is highly dependent on our product and business reputation and on positive recommendations from existing customers. Any failure to maintain high-quality technical support, or a market perception that we do not maintain high-quality technical support, could adversely affect our reputation, our ability to sell our services to existing and prospective customers, and our business, financial condition, and results of operations.

Our business is subject to the risks of warranty claims and product defects from real or perceived defects in our data security solutions or their misuse by customers or third parties and indemnity provisions in various agreements that potentially expose us to substantial liability for intellectual property infringement and other losses.

We may in the future be subject to liability claims for damages related to undetected defects, errors, or vulnerabilities in our data security solutions. A material liability claim or other occurrence that harms our reputation or decreases market acceptance of our platform could harm our business, financial condition, and results of operations. Although we generally have limitation of liability provisions in our terms and conditions, in rare cases we have agreed to limited exceptions to such liability caps, and such limitation of liability provisions may not fully or effectively protect us from claims as a result of federal, state, or local laws or ordinances, or unfavorable judicial decisions in the United States or other countries.

Moreover, as part of our ransomware recovery warranty, or the Ransomware Recovery Warranty, we also provide certain customers with up to $10,000,000 for recovery expenses related to data

recovery and restoration in the event that data backed up using our solutions cannot be recovered following a ransomware attack. As part of the Ransomware Recovery Warranty, if an eligible customer’s data that has been backed-up onto a Rubrik-branded Appliance, Rubrik-certified compatible third-party commodity server, or a Rubrik-hosted cloud platform, is not successfully recovered by way of one of our data security products due to a failure of such solution, we will reimburse the customer for its reasonable and necessary fees and expenses to restore, recover, or recreate its data up to $10,000,000. As of January 31, 2024, there had been no claims made under the Ransomware Recovery Warranty. However, if many of our customers experience security incidents or other incidents that fall within this program and we are not able to recover their data through our data security solutions, we could be required to pay significant amounts to comply with our obligations under the Ransomware Recovery Warranty. In the event that we are required to regularly provide financial assistance for such recovery activities, and particularly if we have to do so for multiple customers at the same or similar times, this could significantly increase our costs, harm our reputation and brand, and increase the costs to us associated with this warranty program, which could adversely affect our business, financial condition, and results of operations.

Additionally, we typically provide indemnification to customers for certain losses suffered or expenses incurred as a result of third-party claims arising from our infringement of a third party’s intellectual property. We also may be exposed to liability for certain breaches of confidentiality or customer data, as defined in our terms of service which, as a standard practice, are generally subject to caps on liability. We also assume limited liability in the event we breach certain of our terms of service. Certain of these contractual provisions survive termination or expiration of the applicable agreement. We have not received any material indemnification claims from third parties. However, as we continue to grow, the possibility of these claims against us will increase.

If customers or other third parties with whom we do business make intellectual property infringement or other indemnification claims against us, we will incur significant legal expenses and may have to pay damages, license fees, or stop using technology found to be in violation of a third-party’s rights. We may also have to seek a license for the technology. Such licenses may not be available on reasonable terms, if at all, and may significantly increase our operating expenses or may require us to restrict our business activities and limit our ability to deliver certain data security solutions or features. We may also be required to develop alternative non-infringing technology, which could either require significant effort and expense or cause us to alter our data security solutions, or both, which could harm our business. Large indemnity obligations, whether for intellectual property or in certain limited circumstances, other claims, would harm our business, financial condition, and results of operations.

Under certain circumstances, our personnel may have access to customer platforms. An employee may take advantage of such access to conduct malicious activities or fail to follow internal policies or make errors that could cause system failures, loss of data, or other adverse effects on our customers. Misuse of our data security solutions by our personnel could result in claims from our customers for damages related to such misuse. Such misuse of our data security solutions could also result in negative press coverage and negatively affect our reputation, which could result in harm to our reputation, business, financial condition, and results of operations. In addition, misuse of our data security solutions could also result in contractual breaches and damages to customers that may assert warranty and other claims for substantial damages against us.

We maintain insurance to protect against certain claims associated with the use of our data security solutions, but our insurance coverage may not adequately cover any claim asserted against us and is subject to deductibles. In addition, even claims that ultimately are unsuccessful could result in our expenditure of funds in litigation, divert management’s time and other resources, and harm our reputation, business, financial condition, and results of operations.

Failure to effectively develop and expand our sales and marketing capabilities or improve the productivity of our sales and marketing organization could harm our ability to expand our potential customer and sales pipeline, increase our customer base, and achieve broader market acceptance of our data security solutions.

Our ability to increase our customer base, achieve broader market adoption and acceptance of our data security solutions, and expand our potential customer and sales pipeline and brand awareness will depend to a significant extent on our ability to expand and improve the productivity of our sales and marketing organization. We plan to continue expanding our sales force, both domestically and internationally. We also plan to dedicate significant resources to sales and marketing programs to decrease the time required for our sales personnel to achieve desired productivity levels, which may be impacted in the short term from our new approach to sales force segmentation. Historically, newly hired sales personnel have needed several quarters to achieve desired productivity levels. Our increased sales and marketing efforts will also involve investing significant financial and other resources, which could result in increased costs and negatively impact margins. We are one of the only providers of a unified data security platform, so we must therefore invest heavily in our sales and marketing functions in order to educate customers and potential customers about our data security solutions. Our business and results of operations will be harmed if our sales and marketing efforts fail to successfully expand our potential customer and sales pipeline, including through increasing brand awareness, new customer acquisition, and market adoption of our platform and data security solutions, particularly for RSC, or fail to generate significant increases in revenue or result in increases that are smaller than anticipated. We may not achieve anticipated revenue growth from expanding our sales force if we are unable to hire, develop, integrate, and retain talented and effective sales personnel, if our new and existing sales personnel, on the whole, are unable to achieve desired productivity levels in a reasonable period of time or at all, or if our sales and marketing programs are not effective.

If we fail to enhance our brand cost-effectively, our ability to expand our customer base will be impaired and our business, financial condition, and results of operations may be adversely affected.

We believe that developing and maintaining awareness of our brand in a cost-effective manner is critical to achieving widespread acceptance of our existing and future data security solutions and is an important element in attracting new customers. In addition, creating brand awareness of our relatively new data security solutions will require added investment in our marketing and branding activities. We believe that the importance of brand recognition will increase as competition in our market increases. Successful promotion of our brand as a provider of data security solutions will depend largely on the effectiveness of our marketing efforts and on our ability to develop and deploy high-quality, reliable, and differentiated data security solutions to our customers. In the past, our efforts to build our brand have involved significant expense. Brand promotion activities may not yield increased revenue, and even if they do, any increased revenue may not offset the expense we incur in building our brand. If we fail to successfully promote and maintain our brand or incur substantial expense in an unsuccessful attempt to promote and maintain our brand, we may fail to attract new customers or retain our existing customers to the extent necessary to realize a sufficient return on our brand-building efforts, and our business, financial condition, and results of operations could be adversely affected.

We have a limited history with pricing models for our data security solutions, and we may need to adjust the pricing terms of our data security solutions, which could have an adverse effect on our revenue and results of operations.

We have limited experience with respect to determining the optimal prices for subscriptions to and renewals of our data security solutions, new subscription editions, and new enterprise, cloud, and SaaS applications. As the market for cloud data security evolves, or as new competitors introduce new products or services that compete with ours, we may be unable to attract new customers. In the past,

we have been able to increase our prices for our data security solutions, but we may choose not to introduce or be unsuccessful in implementing future price increases. Furthermore, since we have limited experience pricing RSC, we may be unsuccessful in implementing future price increases and our future pricing power may erode due to changing market dynamics, increased competition, or other factors. As a result of these and other factors, in the future we may be required to reduce our prices or be unable to increase our prices, or it may be necessary for us to increase our services or data security solutions without additional revenue to remain competitive, all of which could harm our financial condition and results of operations.

We may require additional capital to support the growth of our business, and this capital might not be available on acceptable terms, if at all.

We have funded our operations since inception primarily through equity financings, sales of our data security solutions, and the utilization of debt products, including our Amended Credit Facility (as described in the section titled “Management’s Discussion and Analysis of Financial Condition and Results of Operations—Liquidity and Capital Resources”). We cannot be certain when or if our operations will generate sufficient cash to fully fund our ongoing operations or the growth of our business. We intend to continue to make investments to support our business, which may require us to engage in equity or debt financings to secure additional funds. Additional financing may not be available on terms favorable to us, if at all, particularly during times of market volatility, higher interest rates, inflationary pressures, and general economic instability. If adequate funds are not available on acceptable terms, we may be unable to invest in future growth opportunities, which could harm our business, financial condition, and results of operations. If we incur additional debt, the debt holders would have rights senior to holders of common stock to make claims on our assets, and the terms of any debt could restrict our operations, including our ability to pay dividends on our Class A common stock. Furthermore, if we issue additional equity securities, stockholders will experience dilution, and the new equity securities could have rights senior to those of our Class A common stock. Because our decision to issue securities in the future will depend on numerous considerations, including factors beyond our control, we cannot predict or estimate the amount, timing, or nature of any future issuances of debt or equity securities. As a result, our stockholders bear the risk of future issuances of debt or equity securities reducing the value of our Class A common stock and diluting their interests.

We are exposed to fluctuations in currency exchange rates, which could negatively affect our results of operations.

Our data security solutions are billed in U.S. dollars, and therefore, our revenue is not subject to foreign currency risk. However, a strengthening of the U.S. dollar could increase the real cost of our data security solutions to our customers outside of the United States, which could adversely affect our results of operations. In addition, an increasing portion of our operating expenses are incurred outside the United States. These operating expenses are denominated in foreign currencies and are subject to fluctuations due to changes in foreign currency exchange rates. While we do not currently hedge against the risks associated with currency fluctuations, if our foreign currency risk increases in the future and we are not able to successfully hedge against the risks associated with currency fluctuations, our results of operations could be adversely affected.

Unfavorable conditions in our industry or the global economy, including those caused by the ongoing conflicts around the world, or reductions in technology spending, could limit our ability to grow our business and negatively affect our results of operations.

Global business activities face widespread macroeconomic uncertainties, and our results of operations may vary based on the impact of changes in our industry or the global economy on us or our customers and potential customers. Negative conditions in the general economy both in the United

States and abroad, including conditions resulting from changes in gross domestic product growth, financial and credit market fluctuations, inflation and efforts to control further inflation, including rising interest rates, bank failures, international trade relations, political turmoil, including the conflict in Israel and the surrounding area and the ongoing conflict between Russia and Ukraine, potential U.S. federal government shutdowns, natural catastrophes, warfare, and terrorist attacks could cause a decrease in business investments by existing or potential customers, including spending on technology, and negatively affect the growth of our business. As an example, in the United States, capital markets have experienced and continue to experience volatility and disruption. Furthermore, inflation rates in the United States have recently increased to levels not seen in decades. In addition to the foregoing, adverse developments that affect financial institutions, transactional counterparties, or other third parties, such as bank failures or concerns or speculation about any similar events or risks, could lead to market-wide liquidity problems, which in turn may cause third parties, including our customers, to become unable to meet their obligations under various types of financial arrangements as well as general disruptions or instability in the financial markets. Such economic volatility could adversely affect our business, financial condition, results of operations, and cash flows, and future market disruptions could negatively impact us. In particular, we have experienced and may continue to experience longer sales cycles and related negotiations for prospective customers and existing customer expansions, a reduction in multi-year upfront payments for our subscription offerings, reduced contract sizes or generally increased scrutiny on technology spending and budgets from existing and potential customers, due in part to the effects of macroeconomic uncertainty. These customer dynamics may persist in the future, even if macroeconomic conditions improve, and to the extent there is a sustained general economic downturn, a recession, or another situation where technology budgets grow at a slower rate or contract, these customer dynamics may be exacerbated. In addition to the foregoing, we have operations in Israel, which have been affected and may continue to be affected by the ongoing conflict in Israel and the surrounding area, and our growth, business, and results of operations could be further negatively impacted if the current conflict in Israel and the surrounding area continues, worsens, or expands to other nations or regions. Our competitors, many of whom are larger and have greater financial resources than we do, may respond to challenging market conditions by lowering prices in an attempt to attract our customers, which may require us to respond in kind and may negatively impact our existing customer relationships and new customer acquisition strategy. In addition, the increased pace of consolidation in certain industries may result in reduced overall spending on our data security solutions. We cannot predict the timing, strength, or duration of any economic slowdown, instability, or recovery, generally or within any particular industry.

We typically provide service-level commitments under our customer agreements. If we fail to meet these commitments, we could face customer terminations, a reduction in renewals, and damage to our reputation, which would lower our revenue and harm our business, financial condition, and results of operations.

Our agreements with our customers typically provide for service-level commitments relating to service availability. If we fail to meet these commitments, we could be required to extend affected services at no charge and could face customer terminations, or a reduction in renewals, which could significantly affect both our current and future revenue. Any service-level commitment failures could also damage our reputation. The complexity and quality of our customers’ implementation and the performance and availability of cloud services and cloud infrastructure are outside our control, and therefore, we are not in full control of whether we can meet these service-level commitments. Our business, financial condition, and results of operations could be adversely affected if we fail to meet our service-level commitments for any reason. Any extended service outages could adversely affect our business, reputation, and brand.

Sales to enterprise customers involve risks that may not be present or that are present to a lesser extent with respect to sales to smaller organizations.

We are seeing an increasing volume of sales to large, enterprise customers. Sales to enterprise customers and large organizations involve risks that may not be present or that are present to a lesser extent with sales to smaller customers, including the commercial customer segment. These risks include longer sales cycles and negotiations, more complex customer requirements (including audit and other requirements driven by such customers’ regulatory and industry contexts), substantial upfront sales costs, and less predictability in completing some of our sales. For example, enterprise customers may require considerable time to evaluate and test our data security solutions and those of our competitors prior to making a purchase decision and placing an order or may need specialized security features to meet regulatory requirements. A number of factors influence the length and variability of our sales cycle, including the need to educate potential customers about the uses and benefits of our data security solutions, the discretionary nature of purchasing and budget cycles, the macroeconomic uncertainty and challenges and resulting increased technology spending scrutiny, and the competitive nature of evaluation and purchasing approval processes. Since the processes for deployment, configuration, and management of our data security solutions are complex, we are also often required to invest significant time and other resources to train and familiarize potential customers with our data security solutions. Customers may engage in extensive evaluation, testing, and quality assurance work before making a purchase commitment, which increases our upfront investment in sales, marketing, and deployment efforts, with no guarantee that these customers will make a purchase or increase the scope of their subscriptions. In certain circumstances, an enterprise customer’s decision to use our data security solutions may be an organization-wide decision, and therefore, these types of sales require us to provide greater levels of education regarding the use and benefits of our data security solutions. As a result, the length of our sales cycle, from identification of the opportunity to deal closure, has varied, and may continue to vary, significantly from customer to customer, with sales to large enterprises and organizations typically taking longer to complete. Moreover, large enterprise customers often begin to deploy our data security solutions on a limited basis but nevertheless demand configuration, integration services, and pricing negotiations, which increase our upfront investment in the sales effort with no guarantee that these customers will deploy our data security solutions widely enough across their organization to justify our substantial upfront investment.

Given these factors, it is difficult to predict whether and when a sale will be completed and when revenue from a sale will be recognized due to the variety of ways in which customers may purchase our data security solutions. This may result in lower than expected revenue in any given period, which would have an adverse effect on our business, financial condition, and results of operations.

Our intellectual property rights may not adequately protect our business.

To be successful, we must protect our technology, know-how, and brand in the United States and other jurisdictions through trademarks, trade secrets, patents, copyrights, service marks, invention assignments, contractual restrictions, and other intellectual property rights and confidentiality procedures. Despite our efforts to implement these protections, they may not adequately protect our business for a variety of reasons, including:

•

our inability to successfully register or obtain patents, trademarks, and other intellectual property rights that sufficiently protect our brand and the full scope of important innovations;

•

any inability by us to maintain appropriate confidentiality and other protective measures to establish and maintain our trade secrets;

•

uncertainty in, and evolution of, legal standards relating to the validity, enforceability, and scope of protection of intellectual property rights;

•

potential invalidation of our intellectual property rights through administrative processes or litigation; and

•

other practical, resource, or business limitations on our ability to detect and prevent infringement or misappropriation of our rights and to enforce our rights.

Further, the laws of certain foreign countries, particularly certain developing countries, do not provide the same level of protection of corporate proprietary information and assets, such as intellectual property, including trademarks, trade secrets, know-how, and records, as the laws of the United States and mechanisms for enforcement of intellectual property rights may be inadequate. As a result, we may encounter significant problems in protecting and defending our intellectual property or proprietary rights abroad. Additionally, we may also be exposed to material risks of theft or unauthorized reverse engineering of our proprietary information and other intellectual property, including software source code, designs, specifications, or other sensitive information. Our efforts to enforce our intellectual property rights in such foreign countries may be inadequate to obtain a significant commercial advantage from the intellectual property that we develop, which could have an adverse effect on our business, financial condition, and results of operations. Moreover, if we are unable to prevent the disclosure of our trade secrets to third parties, or if our competitors independently develop any of our trade secrets, we may not be able to establish or maintain a competitive advantage in our market, which could seriously harm our business.

We also contribute to open-source projects. Although we have internal policies and procedures designed to pre-approve the incorporation of any of our source code into open-source projects, any such contribution becomes publicly available, subject to the relevant open source license. As a result, our ability to protect some of our intellectual property rights in such source code may be limited or lost entirely, and we would be unable to prevent our competitors or others from using such contributed source code in accordance with the relevant open source license.

Litigation may be necessary to enforce our intellectual property or proprietary rights, protect our trade secrets, or determine the validity and scope of proprietary rights claimed by others. Any litigation, whether or not resolved in our favor, could result in significant expense to us, divert the time and efforts of our technical and management personnel, and result in counterclaims alleging infringement of intellectual property rights by us or challenging the validity or scope of our intellectual property rights, which may lead to the impairment or loss of portions of our intellectual property. If we are unable to prevent third parties from infringing upon or misappropriating our intellectual property or are required to incur substantial expenses defending our intellectual property rights, our business, financial condition, and results of operations may be adversely affected.

If we are not successful in expanding our operations and customer base internationally, our business and results of operations could be negatively affected.

A component of our growth strategy involves the further expansion of our operations and customer base internationally. Customers outside the United States generated 31% and 32% of our total revenue for fiscal 2023 and fiscal 2024, respectively. We are continuing to adapt to and develop strategies to expand in international markets, but there is no guarantee that such efforts will have the desired effect. For example, we anticipate that we will need to establish relationships with new Channel Partners in order to expand into certain countries, and if we fail to identify, establish, and maintain such relationships, we may be unable to execute on our expansion plans. As of January 31, 2024, approximately 46% of our full-time employees were located outside of the United States, with approximately 26% of our full-time employees located in India. We expect that our international activities will continue to grow for the foreseeable future as we continue to pursue opportunities in existing and new international markets, which will require significant dedication of management

attention and financial resources. If we invest substantial time and resources to further expand our international operations and are unable to do so successfully and in a timely manner, our business and results of operations will suffer.

We are subject to stringent and evolving U.S. and foreign laws, regulations, rules, contractual obligations, policies, and other requirements relating to privacy and data security. Our actual or perceived failure to comply with such obligations could lead to regulatory investigations or actions, litigation, fines and penalties, disruptions of our business operations, reputational harm, loss of revenue, loss of customers or sales, and other adverse business consequences.

Due to the nature of the data security services and solutions we provide to our customers, we process various categories of data, including proprietary and confidential business data, trade secrets, intellectual property, data about individuals, and other data considered to be sensitive. Our data processing activities may subject us to numerous obligations relating to privacy and data security, such as various laws, regulations, guidance, industry standards, internal and external privacy and security policies, contractual requirements, and other obligations.

In the United States, federal, state, and local governments have enacted numerous data privacy and data security laws, including data breach notification laws, laws governing information about individuals, and consumer protection laws (e.g., Section 5 of the Federal Trade Commission Act). For example, the federal Health Insurance Portability and Accountability Act of 1996, or HIPAA, as amended by the Health Information Technology for Economic and Clinical Health Act, or HITECH, imposes specific requirements relating to the privacy, security, and transmission of individually identifiable health information. As another example, the California Consumer Privacy Act, or CCPA, requires businesses to provide specific disclosures in privacy notices, implement new operational practices, and honor requests from California residents to exercise certain privacy rights. The CCPA contains significant potential penalties for noncompliance (up to $7,500 per violation). California has adopted a new law, the California Privacy Rights Act of 2020, or CPRA, that substantially expands the CCPA, effective January 1, 2023, including by establishing a new California Privacy Protection Agency and by applying to certain business contact information and employment-related data. Other states also passed comprehensive privacy laws, and similar laws are being considered in many other states as well as at the federal level. These developments may further complicate compliance efforts and may increase legal risk and compliance costs for us, the third parties upon whom we rely, and our customers.

Outside the United States, an increasing number of laws, regulations, and industry standards may apply to our data processing activities. For example, the European Union’s General Data Protection Regulation, or EU GDPR, the United Kingdom’s General Data Protection Regulation, or UK GDPR, and Brazil’s General Data Protection Law (Lei Geral de Proteção de Dados Pessoais, or LGPD) (Law No. 13,709/2018) impose strict requirements for processing personal data. Under the EU GDPR, companies may face fines of up to the greater of 20 million Euros or 4% of their global annual revenues, temporary or definitive bans on data processing and other collective action, and private litigation related to the processing of personal data brought by classes of data subjects or consumer protection organizations authorized at law to represent their interests. Furthermore, in Europe, there is a proposed regulation related to AI that, if adopted, could impose onerous obligations related to the use of AI-related systems. In Canada, the Personal Information Protection and Electronic Documents Act, or PIPEDA, and various related provincial laws, as well as Canada’s Anti-Spam Legislation, or CASL, may apply to our operations. We also have operations in Japan and Singapore and may be subject to new and emerging data privacy regimes in Asia, including Japan’s Act on the Protection of Personal Information and Singapore’s Personal Data Protection Act.

Additionally, we may transfer personal data from Europe and other jurisdictions to the United States or other countries. Europe and other jurisdictions have enacted laws regulating the cross-border transfer of personal data from Europe to other countries, and, in particular, the European Economic

Area and the United Kingdom, or UK, have significantly restricted the cross-border transfer of personal data to the United States, unless the entity has achieved compliance under the Data Privacy Framework and is listed as an active participant on the International Trade Administration’s website. Currently, we are a listed participant. However, given historical challenges to similarly positioned frameworks, it is possible that the Data Privacy Framework is invalidated in the future, and we will need to rely on other established transfer mechanisms for cross border transfers. Other jurisdictions may adopt similarly stringent interpretations of their cross-border data transfer laws. Although standard contractual clauses, or SCCs, and other mechanisms, currently may be used to transfer personal data from European Economic Area to the United States, these mechanisms are frequently subject to legal challenges, and the efficacy and longevity of such mechanisms for making data transfers from the European Economic Area to the United States remains uncertain. If there is no lawful manner for us to transfer personal data from the European Economic Area or other jurisdictions to the United States, we could face significant consequences, including restricting our operations or relocating part of or all of our business to other jurisdictions and increased exposure to regulatory actions, substantial fines, civil proceedings, and injunctions against processing or transferring personal data, as well as incurring the associated legal and compliance costs. Some European regulators have prevented companies from transferring personal data out of Europe.

In addition to privacy, data protection, and data security laws and regulations, we may be contractually subject to industry standards adopted by industry groups, such as the Payment Card Industry Data Security Standards, or PCI, and may become subject to such obligations in the future. Additionally, the demands our customers place on us relating to privacy, data protection, and data security are becoming more stringent. Data protection laws, such as the EU GDPR, UK GDPR, and CCPA, increasingly require companies to impose specific contractual restrictions on their service providers and contractors. In addition, customers that use certain of our data security solutions to process protected health information may require us to sign business associate agreements that subject us to the privacy and security requirements under HIPAA and HITECH, as well as state laws that govern the privacy and security of health information. Our customers’ increasing data privacy and data security standards also increase the cost and complexity of ensuring that we, and the third parties we rely on to operate our business and deliver our services, can meet these standards. If we, or the third parties on which we rely, are unable to meet our customers’ demands or comply with the increasingly stringent legal or contractual requirements relating to data privacy and data security, we may face increased legal liability, customer contract terminations, and reduced demand for our data security solutions.

Finally, we publish privacy policies, marketing materials, and other statements, such as compliance with certain certifications or self-regulatory principles, as well as other documentation regarding our processing of information about individuals. If these policies, materials, statements, or documentations are found to be deficient, lacking in transparency, deceptive, unfair, or misrepresentative of our practices, we may be subject to investigation, regulatory enforcement actions, costly legal claims by affected individuals or our customers, or other adverse consequences.

Obligations related to data privacy and data security are quickly changing, becoming increasingly stringent, and creating regulatory uncertainty. Additionally, these obligations may be subject to differing applications and interpretations by regulators and other stakeholders, which may be inconsistent or conflict among jurisdictions. Preparing for and complying with these obligations requires us to devote significant resources. These obligations may necessitate changes to our services, information technologies, systems, and practices and to those of any third parties that process personal data on our behalf. In addition, these obligations may require us to change our business model.

Our business model materially depends on our ability to process personal data, so we are particularly exposed to the risks associated with the rapidly changing legal landscape. We may be at

heightened risk of regulatory scrutiny, and any changes in the regulatory framework could require us to fundamentally change our business model. Despite our efforts to comply with applicable data privacy and data security obligations, we may at times fail (or be perceived to have failed) in our efforts to comply. Moreover, despite our efforts, our personnel or third parties on whom we rely may fail to comply with such obligations, which could negatively impact our business operations. If we, or the third parties on which we rely, fail, or are perceived to have failed, to address or comply with applicable data privacy and data security obligations, we could face significant consequences, including but not limited to: government enforcement actions (e.g., investigations, fines, penalties, audits, inspections, and similar); litigation (including class-action claims); additional reporting requirements and/or oversight; bans on processing personal data; orders to destroy or not use information about individuals; and imprisonment of company officials. As a data security company, we could be exposed to additional reputational risks should a data privacy incident occur.

As a result of being a public company, we are obligated to develop and maintain proper and effective internal control over financial reporting, and any failure to maintain the adequacy of these internal controls may adversely affect investor confidence in our company and, as a result, the value of our Class A common stock.

We are required, pursuant to Section 404 of the Sarbanes-Oxley Act of 2002, as amended, or the Sarbanes-Oxley Act, to furnish a report by management on, among other things, the effectiveness of our internal control over financial reporting for the fiscal year ending January 31, 2026. This assessment will need to include disclosure of any material weaknesses identified by our management in our internal control over financial reporting. In addition, our independent registered public accounting firm will be required to attest to the effectiveness of our internal control over financial reporting in our first annual report required to be filed with the Securities and Exchange Commission, or the SEC, following the date we are no longer an “emerging growth company.” We have recently commenced the costly and challenging process of compiling the system and processing documentation necessary to perform the evaluation needed to comply with Section 404 of the Sarbanes-Oxley Act, or Section 404, but we may not be able to complete our evaluation, testing, and any required remediation in a timely fashion once initiated. Our compliance with Section 404 will require that we incur substantial expenses and expend significant management efforts. Although we currently have an internal audit group, we will need to hire additional accounting and financial staff with appropriate public company experience and compile the system and process documentation necessary to perform the evaluation needed to comply with Section 404.

During the evaluation and testing process of our internal controls, if we identify one or more material weaknesses in our internal control over financial reporting, we will be unable to certify that our internal control over financial reporting is effective. We cannot assure you that there will not be material weaknesses or significant deficiencies in our internal control over financial reporting in the future. Any failure to maintain internal control over financial reporting could severely inhibit our ability to accurately report our financial condition or results of operations. If we are unable to conclude that our internal control over financial reporting is effective, or if our independent registered public accounting firm determines we have a material weakness or significant deficiency in our internal control over financial reporting, we could lose investor confidence in the accuracy and completeness of our financial reports, the market price of our Class A common stock could decline, and we could be subject to sanctions or investigations by the SEC or other regulatory authorities. Failure to remedy any material weakness in our internal control over financial reporting, or to implement or maintain other effective control systems required of public companies, could also restrict our future access to the capital markets.

We may become subject to intellectual property disputes, which can be costly and may subject us to significant liability and increased costs of doing business.

We have been and may continue in the future to be subject to intellectual property disputes. In regard to future litigation, our success depends, in part, on our ability to develop and commercialize our data security solutions without infringing, misappropriating, or otherwise violating the intellectual property rights of third parties. However, we may not be aware that our data security solutions are infringing, misappropriating, or otherwise violating third-party intellectual property rights, and such third parties may bring claims against us, our business partners, and our customers alleging such infringement, misappropriation, or violation. Companies in the software industry are often required to defend against litigation claims based on allegations of infringement, misappropriation, or other violations of intellectual property rights. For example, between 2020 and 2021, we were involved in patent disputes with two of our competitors which have since been resolved. However, we may not in all instances be able to obtain a settlement, or proactively defend or ascertain all third-party rights implicated by our business. Further, certain patent holders that own large numbers of patents and other intellectual property, including “non-practicing entities,” often threaten or enter into litigation based on allegations of infringement or other violations of intellectual property rights. Any claims of intellectual property infringement, even those without merit, may be time-consuming and expensive to resolve, divert management’s time and attention, cause us to cease using or incorporating the challenged technology, expose us to other legal liabilities, such as indemnification obligations, or require us to enter into licensing agreements to obtain the right to use a third-party’s intellectual property. In addition, many companies have the capability to dedicate substantially greater resources to enforce their intellectual property rights and to defend claims that may be brought against them. Any litigation may also involve patent holding companies or other adverse patent owners that have no relevant product revenue, and therefore, our patents may provide little or no deterrence as we would not be able to assert them against such entities or individuals. If we are found to infringe a third-party’s intellectual property rights and we cannot obtain a license or develop a non-infringing alternative, we would be forced to cease business activities related to such intellectual property. Although we carry general liability insurance, our insurance may not cover potential claims of this type or may not be adequate to indemnify us for all liability that may be imposed. We cannot predict the outcome of lawsuits and cannot ensure that the results of any such actions will not have an adverse effect on our business, financial condition, or results of operations. Any intellectual property litigation to which we might become a party, or for which we are required to provide indemnification, may require us to do one or more of the following:

•

cease selling or using data security solutions that incorporate the intellectual property rights that we allegedly infringe, misappropriate, or violate;

•

make substantial payments for legal fees, settlement payments, or other costs or damages;

•

obtain a license, which may not be available on reasonable terms or at all, to sell or use the relevant technology; or

•

redesign the allegedly infringing data security solutions to avoid infringement, misappropriation, or violation, which could be costly, time-consuming, or impossible.

Even if the claims do not result in litigation or are resolved in our favor, these claims, and the time and resources necessary to resolve them, could divert the resources of our management and harm our business and results of operations. Moreover, there could be public announcements of the results of hearings, motions or other interim proceedings or developments, and if securities analysts or investors perceive these results to be negative, it could have a substantial adverse effect on the price of our Class A common stock. We expect that the occurrence of infringement claims is likely to grow as our business grows. Accordingly, our exposure to damages resulting from infringement claims could increase, and this could further exhaust our financial and management resources.

We and our employees have and may continue to be subject to claims alleging violations of our employees’ contractual obligations to their prior employers. These claims may be costly to defend, and if we do not successfully do so, our business could be harmed.

Many of our employees were previously employed at current or potential competitors. Although we have processes to ensure that our employees do not use proprietary information or disclose confidential information from their prior employer in their work for us or otherwise violate their contractual post-employment obligations such as customer and employee non-solicits, we or our employees may still in the future become subject to claims alleging such violations. Litigation may be necessary to defend against these claims. If we fail in defending such claims, in addition to paying monetary damages, we may lose valuable intellectual property rights or personnel. A loss of key personnel or their work product could negatively impact our business. Even if we are successful in defending against these claims, litigation efforts are costly, time-consuming, and a significant distraction to management.

Our company values have contributed to our success. If we cannot maintain these values as we grow, we could lose certain benefits we derive from them, and our employee turnover could increase, which could harm our business.

We believe our culture is driven by our company values which have been and will continue to be a key contributor to our success. Our core company values are:

•

Relentlessness. Unyielding will and curiosity to tackle the hardest challenges.

•

Integrity. Do what you say and do the right thing.

•

Velocity. Drive clarity, decide quickly, and move fast to delight our customers.

•

Excellence. Set a high standard and strive for greatness.

•

Transparency. Build trust and drive smart decisions through transparent communication.

We have rapidly increased our workforce across all departments, and we expect to continue to hire across our business. Our anticipated headcount growth, combined with our transition from a privately held to a publicly traded company, may result in changes to certain employees’ adherence to our core company values. If we do not continue to maintain our adherence to our company values as we grow, including through any future acquisitions or other strategic transactions, we may experience increased turnover in a portion of our current employee base and may not continue to be successful in hiring future employees. Moreover, following this offering, many of our employees may be eligible to receive significant proceeds from the sale of common stock in the public markets. This may lead to higher employee attrition rates or disparities in wealth among our employees, which may harm our culture and relations among employees.

We are subject to risks inherent in international operations that can harm our business, financial condition, and results of operations.

Our current and future international business and operations involve a variety of risks, including:

•

slower than anticipated availability and adoption of cloud-based data security solutions by international organizations;

•

changes in a specific country’s or region’s political or economic conditions;

•

the need to adapt and localize our data security solutions for specific countries;

•

greater difficulty collecting accounts receivable and longer payment cycles;

•

potential changes in trade relations, regulations, or laws;

•

unexpected changes in laws, including tax laws, or regulatory requirements;

•

more stringent regulations relating to privacy, data security, and data localization requirements and the unauthorized use of, or access to, commercial and personal information;

•

differing and potentially more onerous labor regulations, especially in Europe, where labor laws are generally more advantageous to employees as compared to the United States, including deemed hourly wage and overtime regulations in these locations;

•

challenges inherent in efficiently managing, and the increased costs associated with, an increased number of employees over large geographic distances, including the need to implement appropriate systems, policies, benefits, and compliance programs that are specific to each jurisdiction;

•

difficulties in managing a business in new markets with diverse cultures, languages, customs, legal systems, alternative dispute systems, and regulatory systems;

•

increased travel, real estate, infrastructure, and legal compliance costs associated with international operations;

•

currency exchange rate fluctuations and the resulting effect on our revenue and expenses, and the cost and risk of entering into hedging transactions if we choose to do so in the future;

•

limitations on our ability to reinvest earnings from operations in one country to fund the capital needs of our operations in other countries;

•

laws and business practices favoring local competitors or general market preferences for local vendors;

•

limited or insufficient intellectual property protection or difficulties obtaining, maintaining, protecting, or enforcing our intellectual property rights, including our trademarks and patents, in the United States or other foreign jurisdictions, such as China;

•

political instability, economic sanctions, terrorist activities, or international conflicts, including the conflict in Israel and the surrounding area and the ongoing conflict between Russia and Ukraine, which have in the past and may in the future impact the operations of our business or the businesses of our customers;

•

inflationary pressures, such as those the global market is currently experiencing, which may increase costs for certain services;

•

health epidemics or pandemics, such as the COVID-19 pandemic;

•

exposure to liabilities under anti-corruption and similar laws, including FCPA, U.S. domestic bribery laws, the UK Bribery Act, and similar laws and regulations in other jurisdictions; and

•

adverse tax burdens and foreign exchange controls that could make it difficult to repatriate earnings and cash.

The occurrence of any one of these risks could harm our international business and, consequently, our results of operations. Additionally, operating in international markets requires significant management attention and financial resources. We cannot be certain that the investment and additional resources required to operate in other countries will produce desired levels of revenue or profitability.

Changes in tax laws or regulations could harm our financial condition and results of operations.

The tax regimes to which we are subject or under which we operate, including income and non-income taxes, are unsettled in certain respects and may be subject to significant change. Changes in tax laws or regulations, or changes in interpretations of existing laws and regulations, could materially affect our financial condition and results of operations. For example, the Tax Cuts and Jobs Act, or the Tax Act, the Coronavirus Aid, Relief, and Economic Security Act, and the Inflation

Reduction Act made many significant changes to the U.S. tax laws. Effective January 1, 2022, the Tax Act eliminated the option to deduct research and development expenses for tax purposes in the year incurred and instead requires taxpayers to capitalize and subsequently amortize such expenses over five years for research activities conducted in the United States and over 15 years for research activities conducted outside the United States. Although there have been legislative proposals to repeal or defer the capitalization requirement to later years, there can be no assurance that the provision will be repealed or otherwise modified. The Tax Act also includes certain U.S. tax base anti-erosion provisions, the global intangible low-taxed income, or GILTI, provisions and the base erosion anti-abuse tax, or BEAT, provisions. The GILTI provisions require us to include in our U.S. taxable income foreign subsidiary earnings in excess of an allowable return on the foreign subsidiary’s tangible assets. We currently have no foreign subsidiaries with material earnings. Therefore, this provision currently has no material impact on us. The BEAT provisions apply to companies with average annual gross receipts of $500 million or more for the prior three-year period, eliminate the deduction of certain base-erosion payments made to related foreign corporations, and impose a minimum tax if greater than regular tax. We are evaluating the BEAT rules and do not currently expect the BEAT rules to have a material impact on U.S. tax expense in the near term; however, the potential impact of the BEAT rules on us in the future is not certain.

In addition, our tax obligations and effective tax rate in the jurisdictions in which we conduct business could increase, including as a result of the base erosion and profit shifting, or BEPS, project that is being led by the Organization for Economic Co-operation and Development, or OECD, and other initiatives led by the OECD or the European Commission. For example, the OECD is leading work on proposals commonly referred to as “BEPS 2.0,” which, if and to the extent implemented, would make important changes to the international tax system. These proposals are based on two “pillars,” involving the reallocation of taxing rights in respect of certain profits of multinational enterprises above a fixed profit margin to the jurisdictions within which they carry on business (subject to certain revenue threshold rules, which we do not currently meet but may meet in the future), referred to as “Pillar One,” and imposing a minimum effective tax rate on certain multinational enterprises, referred to as “Pillar Two.” A number of countries in which we conduct business have enacted with effect from January 1, 2024, or are in the process of enacting, core elements of the Pillar Two rules. Based on our current understanding of the minimum revenue thresholds contained in the Pillar Two proposal, we expect that we are likely to fall within the scope of its rules in the short-to-medium term. The OECD has issued administrative guidance providing transition and safe harbor rules in relation to the implementation of the Pillar Two proposal. We are monitoring developments and evaluating the potential impacts of these new rules, including on our effective tax rates, and considering our eligibility to qualify for these safe harbor rules. As another example, several countries have proposed or enacted taxes applicable to digital services, which could apply to our business.

Due to the large and expanding scale of our international business activities, these types of changes to the taxation of our activities could increase our worldwide effective tax rate, increase the amount of taxes imposed on our business and increase our compliance costs. Such changes also may apply retroactively to our historical operations and result in taxes greater than the amounts estimated and recorded in our consolidated financial statements. Any of these outcomes could harm our financial position and results of operations.

We could be required to collect additional sales or other indirect taxes or be subject to other tax liabilities in various jurisdictions that may adversely affect our results of operations.

We sell subscriptions and services primarily through a distribution channel, but if we were to begin selling more (or, in respect of certain jurisdictions, any) subscriptions and services directly to end user or non-business customers, we may be adversely impacted because an increasing number of U.S. states and foreign jurisdictions are considering or have adopted laws that impose tax collection

obligations on out-of-state companies or on companies with no taxable presence within such jurisdictions. State, local, or foreign governments may interpret existing laws, or have adopted or may adopt new laws, requiring us to calculate, collect and remit taxes on sales in their jurisdictions. A successful assertion by one or more taxing jurisdictions requiring us to collect taxes in jurisdictions in which we do not currently do so or to collect additional taxes in jurisdictions in which we currently collect taxes, could result in substantial tax liabilities, including taxes on past sales, as well as penalties and interest, and additional administrative expenses, which could harm our business. The imposition by state, local, or foreign governments of sales or other indirect tax collection obligations on out-of-state sellers or sellers with no taxable presence within the relevant jurisdiction also could create additional administrative burdens for us, put us at a competitive disadvantage if they do not impose similar obligations on our competitors, and decrease our future sales, which could have an adverse effect on our business and results of operations.

Our ability to use our net operating losses to offset future taxable income may be subject to certain limitations.

As of January 31, 2024, we had net operating loss, or NOL, carryforwards for federal and state income tax purposes of $533.6 million and $250.9 million, respectively, which may be available to offset taxable income in the future, and portions of which expire in various years beginning in 2037 for federal purposes and 2028 for state purposes if not utilized. Under current law, U.S. federal NOLs incurred in taxable years beginning after December 31, 2017 may be carried forward indefinitely, but such federal NOLs are permitted to be used in any taxable year to offset only up to 80% of taxable income in such year. A lack of future taxable income would adversely affect our ability to utilize certain of these NOLs before they expire. In addition, under Section 382 of the Internal Revenue Code of 1986, as amended, or the Code, a corporation that undergoes an “ownership change” (as defined under Section 382 of the Code and applicable Treasury Regulations; generally a greater than 50 percentage point change (by value) in its equity ownership by certain stockholders over a three-year period) is subject to limitations on its ability to utilize its pre-change NOLs to offset future taxable income. We have experienced ownership changes under Section 382 of the Code in the past and we may experience additional ownership changes in the future (including, potentially, in connection with this initial public offering) which could affect our ability to utilize our NOLs to offset our income. Similar provisions of state tax law may also apply. Furthermore, our ability to utilize NOLs of companies that we have acquired or may acquire in the future also may be subject to limitations. There is also a risk that due to regulatory changes, such as suspensions on the use of NOLs or other unforeseen reasons, our existing NOLs could expire or otherwise be unavailable to reduce future income tax liabilities, including for state tax purposes. For these reasons, we may not be able to utilize a material portion of the NOLs reflected on our balance sheet, even if we attain profitability, which could potentially result in increased future tax liability to us and could adversely affect our results of operations and financial condition.

We may be subject to additional tax liabilities, which could adversely affect our results of operations.

We are subject to taxes in the United States in federal, state, and local jurisdictions and in certain foreign jurisdictions in which we operate. The amount of taxes we pay in different jurisdictions depends on the application of the relevant tax laws to our business activities, the relative amounts of income before taxes in the various jurisdictions in which we operate, the application of new or revised tax laws, the interpretation of existing tax laws and policies, the outcome of current and future tax audits, examinations, or administrative appeals, our ability to realize our deferred tax assets, and our ability to operate our business in a manner consistent with our corporate structure and intercompany arrangements. We generally conduct our international operations through subsidiaries and report our taxable income in various jurisdictions worldwide based upon our business operations in those jurisdictions. Our intercompany relationships are subject to complex transfer pricing regulations

administered by taxing authorities in various jurisdictions. We may be subject to examination by U.S. federal, state, local, and foreign tax authorities, and such tax authorities may disagree with our tax positions. Our methodologies for pricing intercompany transactions may be challenged, or the taxing authorities in the jurisdictions in which we operate may disagree with our determinations as to the income and expenses attributable to specific jurisdictions or the ownership of certain property acquired or developed pursuant to our intercompany arrangements or property of companies that we have acquired or may acquire in the future. If such a challenge or disagreement were to occur and our position was not sustained, we could be required to pay additional taxes, interest, and penalties, which could result in one-time tax charges, higher effective tax rates, reduced cash flows, and lower overall profitability of our operations. While we regularly assess the likelihood of adverse outcomes from any such examinations and the adequacy of our provision for taxes, there can be no assurance that such provision is sufficient or that a determination by a tax authority would not adversely affect our business, financial condition, and results of operations. The determination of our overall provision for income and other taxes is inherently uncertain because it requires significant judgment with respect to complex transactions and calculations. As a result, fluctuations in our tax liabilities may differ materially from amounts recorded in our financial statements and could adversely affect our business, financial condition, and results of operations in the periods for which such determination is made.

If our estimates or judgments relating to our critical accounting policies prove to be incorrect, our results of operations could be adversely affected.

The preparation of financial statements in conformity with GAAP requires management to make estimates and assumptions that affect the amounts reported in our consolidated financial statements and accompanying notes appearing elsewhere in this prospectus. We base our estimates on historical experience and on various other assumptions that we believe to be reasonable under the circumstances, as provided in the section titled “Management’s Discussion and Analysis of Financial Condition and Results of Operations—Critical Accounting Policies and Estimates.” The results of these estimates form the basis for making judgments about the carrying values of assets, liabilities and equity, and the amount of revenue and expenses that are not readily apparent from other sources. Significant estimates and judgments involve our common stock valuations, the identification of the number of performance obligations in our RSC subscription offerings, and our material rights associated with our Refresh Rights and Subscription Credits. Our results of operations may be adversely affected if our assumptions change or if actual circumstances differ from those in our assumptions, which could cause our results of operations to fall below the expectations of securities analysts and investors, resulting in a decline in the market price of our Class A common stock.

Our leverage could adversely affect our financial condition, our ability to raise additional capital to fund our operations, our ability to operate our business, and our ability to react to changes in the economy or our industry, as well as divert our cash flow from operations for debt payments and prevent us from meeting our debt obligations.

We entered into the Amended Credit Facility in August 2023 with Goldman Sachs BDC, Inc., as administrative agent, and the other lenders party thereto, consisting of a $289.5 million term loan and $40.5 million of committed delayed draw term loans. The term loans mature in August 2028, and the interest payments associated with the term loans are due quarterly. The Amended Credit Facility refinanced and replaced the term loan facility we previously entered into in June 2022 with Goldman Sachs BDC, Inc., as administrative agent, and the other lenders party thereto.

Our leverage could have an adverse effect on our business and financial condition, including:

•

requiring a substantial portion of cash flow from operations to be dedicated to the payment of principal and interest on our indebtedness, thereby reducing our ability to use our cash flow to fund our operations and capital expenditures and pursue future business opportunities;

•

exposing us to increased interest expense, as our degree of leverage may cause the interest rates of any future indebtedness, whether fixed or floating rate interest, to be higher than they would be otherwise;

•

making it more difficult for us to satisfy our obligations with respect to our indebtedness, and any failure to comply with the obligations of any of our debt instruments, including restrictive covenants, could result in an event of default that accelerates our obligation to repay indebtedness;

•

restricting us from making strategic acquisitions;

•

limiting our ability to obtain additional financing for working capital, capital expenditures, product development, satisfaction of debt service requirements, acquisitions, and general corporate or other purposes;

•

increasing our vulnerability to adverse economic, industry, or competitive developments; and

•

limiting our flexibility in planning for, or reacting to, changes in our business or market conditions and placing us at a competitive disadvantage compared to our competitors who may be better positioned to take advantage of opportunities that our existing indebtedness prevents us from exploiting.

A substantial majority of our existing indebtedness consists of indebtedness under our Amended Credit Facility with Goldman Sachs BDC, Inc., as administrative agent, and the other lenders party thereto, which matures in August 2028. We may not be able to further refinance the existing indebtedness because of the amount of our debt, debt incurrence restrictions under our debt agreements, or adverse conditions in credit markets generally. Our inability to generate sufficient cash flow to satisfy our obligations, or to refinance our indebtedness on commercially reasonable terms or at all, would result in an adverse effect on our business, financial condition, and results of operations.

Furthermore, we may incur significant additional indebtedness in the future. Although the financing documents that govern substantially all of our indebtedness contain restrictions on the incurrence of additional indebtedness and entering into certain types of other transactions, these restrictions are subject to a number of qualifications and exceptions. Additional indebtedness incurred in compliance with these restrictions could be substantial. To the extent we incur additional indebtedness, the significant leverage risks described above would be exacerbated.

The terms of the financing documents governing our term loan and credit facilities restrict our current and future operations, particularly our ability to respond to changes or to take certain actions.

The financing documents governing our credit facilities impose significant operating and financial restrictions on us and may limit our ability to engage in acts that may be in our long-term best interests, including restrictions on our ability to:

•

incur or guarantee additional indebtedness;

•

pay dividends and make other distributions on, or redeem or repurchase, capital stock;

•

make certain investments;

•

incur certain liens;

•

enter into transactions with affiliates;

•

merge or consolidate;

•

enter into agreements that restrict the ability of subsidiaries to make certain intercompany dividends, distributions, payments, or transfers; and

•

transfer or sell assets, including our intellectual property.

As a result of the restrictions described above, we will be limited as to how we conduct our business, and we may be unable to raise additional debt or equity financing to compete effectively or to take advantage of new business opportunities. The terms of any future indebtedness we may incur could include more restrictive covenants. We cannot assure you that we will be able to maintain compliance with these covenants in the future and, if we fail to do so, that we will be able to obtain waivers from the lenders or amend the covenants.

Our failure to comply with the restrictive covenants described above as well as other terms of our indebtedness or the terms of any future indebtedness we may incur from time to time could result in an event of default, which, if not cured or waived, could result in our being required to repay these borrowings before their due date. If we are forced to refinance these borrowings on less favorable terms or are unable to refinance these borrowings, our business, financial condition, and results of operations could be adversely affected.

Risks Related to Ownership of Our Common Stock

Our Class B common stock has 20 votes per share, and our Class A common stock, which is the stock we are offering in this initial public offering, has one vote per share. Following the completion of this offering, stockholders who hold shares of Class B common stock, including our executive officers and directors and their affiliates, will together hold approximately 99.3% of the voting power of our outstanding capital stock following this offering, and our directors, executive officers, and principal stockholders will beneficially own approximately 55.8% of our outstanding classes of common stock as a whole, but will control approximately 63.6% of the voting power of our outstanding common stock, following this offering. As a result, our executive officers, directors, and other affiliates will have significant influence over our management and affairs and over all matters requiring stockholder approval, including election of directors and significant corporate transactions, such as a merger or other sale of the company or our assets, for the foreseeable future.

In addition, the holders of Class B common stock collectively will continue to be able to control all matters submitted to our stockholders for approval even if their stock holdings represent less than 50% of the outstanding shares of our common stock. Because of the 20-to-1 voting ratio between our Class B common stock and Class A common stock, the holders of our Class B common stock collectively will continue to control a majority of the combined voting power of our common stock even when the shares of Class B common stock represent as little as 5% of the outstanding shares of our Class A common stock and Class B common stock. This concentrated control will limit your ability to influence corporate matters for the foreseeable future, and, as a result, the market price of our Class A common stock could be adversely affected.

Future transfers by holders of shares of Class B common stock will generally result in those shares converting to shares of Class A common stock, which will have the effect, over time, of increasing the relative voting power of those holders of Class B common stock who retain their shares in the long term. Certain permitted transfers, as specified in our amended and restated certificate of incorporation that will be in effect immediately prior to the closing of this offering, will not result in shares of Class B common stock automatically converting to shares of Class A common stock.

FTSE Russell does not allow most newly public companies utilizing dual or multi-class capital structures to be included in their indices, including the Russell 2000. Also, in 2017, MSCI, a leading

stock index provider, opened public consultations on its treatment of no-vote and multi-class structures and temporarily barred new multi-class listings from certain of its indices; however, in October 2018, MSCI announced its decision to include equity securities “with unequal voting structures” in its indices and to launch a new index that specifically includes voting rights in its eligibility criteria. Under the announced policies, our dual class capital structure would make us ineligible for inclusion in certain indices, and as a result, mutual funds, exchange-traded funds, and other investment vehicles that attempt to passively track these indices will not be investing in our stock. In addition, we cannot assure you that other stock indices will not take similar actions. Given the sustained flow of investment funds into passive strategies that seek to track certain indices, exclusion from certain stock indices would likely preclude investment by many of these funds and would make our Class A common stock less attractive to other investors. As a result, the trading price, volume, and liquidity of our Class A common stock could be adversely affected.

Our stock price may be volatile, and the value of our Class A common stock may decline.

The market price of our Class A common stock may be highly volatile and may fluctuate or decline substantially as a result of a variety of factors, some of which are beyond our control, including:

•

actual or anticipated fluctuations in our financial condition or results of operations;

•

variance in our financial performance from our forecasts or the expectations of securities analysts;

•

changes in our revenue mix;

•

changes in the pricing of our data security solutions;

•

changes in our projected operating and financial results;

•

changes in laws or regulations applicable to our data security solutions;

•

announcements by us or our competitors of significant business developments, acquisitions, or new data security solutions;

•

significant data breaches, disruptions to, or other incidents involving our data security solutions;

•

our involvement in litigation;

•

future sales of our Class A common stock by us or our stockholders, as well as the anticipation of lock-up releases;

•

changes in senior management or key personnel;

•

the trading volume of our Class A common stock;

•

changes in the anticipated future size and growth rate of our market;

•

changes in demand for cybersecurity offerings;

•

rumors and market speculation involving us or other companies in our industry;

•

overall performance of the equity markets; and

•

general political, social, economic, and market conditions, in both domestic and our foreign markets, including effects of increased interest rates, inflationary pressures, bank failures, and macroeconomic uncertainty and challenges.

Broad market and industry fluctuations, as well as general economic, political, regulatory, and market conditions, may also negatively impact the market price of our Class A common stock. In addition, technology stocks have historically experienced high levels of volatility. In the past, companies that have experienced volatility in the market price of their securities have been subject to

securities class action litigation. We may be the target of this type of litigation in the future, which could result in substantial expenses and divert our management’s attention.

No public market for our Class A common stock currently exists, and an active public trading market may not develop or be sustained following this offering.

No public market for our Class A common stock currently exists. An active public trading market for our Class A common stock may not develop following the closing of this offering or, if developed, it may not be sustained. The lack of an active market may impair your ability to sell your shares at the time you wish to sell them or at a price that you consider reasonable. The lack of an active market may also reduce the fair value of your shares. An inactive market may also impair our ability to raise capital to continue to fund operations by selling shares and may impair our ability to acquire other companies or technologies by using our shares as consideration.

We will have broad discretion in the use of the net proceeds to us from this offering and may not use them effectively.

We will have broad discretion in the application of the net proceeds to us from this offering, including for any of the purposes described in the section titled “Use of Proceeds,” and you will not have the opportunity as part of your investment decision to assess whether the net proceeds are being used appropriately. Because of the number and variability of factors that will determine our use of the net proceeds from this offering, our ultimate use may vary substantially from our currently intended use. Investors will need to rely on the judgment of our management with respect to the use of proceeds. Pending use, we may invest the net proceeds from this offering in short-term, investment-grade, interest-bearing securities, such as money market funds, corporate notes and bonds, certificates of deposit, commercial paper, and guaranteed obligations of the U.S. government that may not generate a high yield for our stockholders. If we do not use the net proceeds that we receive in this offering effectively, our business, financial condition, results of operations, and growth prospects could be harmed, and the market price of our Class A common stock could decline.

Future sales of our Class A common stock in the public market could cause the market price of our Class A common stock to decline.

Sales of a substantial number of shares of our Class A common stock in the public market following the closing of this offering, or the perception that these sales might occur, could depress the market price of our Class A common stock and could impair our ability to raise capital through the sale of additional equity securities. Many of our existing equity holders have substantial unrecognized gains on the value of the equity they hold based upon the price of this offering, and therefore, they may take steps to sell their shares or otherwise secure the unrecognized gains on those shares. We are unable to predict the timing of or the effect that such sales may have on the prevailing market price of our Class A common stock.

All of our directors, executive officers, and the holders of substantially all of our common stock outstanding and securities exercisable for or convertible into our common stock, have entered into lock-up agreements with the underwriters and/or agreements with market stand-off provisions that restrict our and their ability to sell or transfer shares of our capital stock and securities convertible into or exercisable or exchangeable for shares of our capital stock, for a period of 180 days from the date of this prospectus, subject to earlier termination on the date on which an open trading window period commences following our release of earnings for the quarter ending July 31, 2024, or the Lock-up Period, subject to certain customary exceptions and certain provisions that provide for the release of certain shares of our common stock. In addition, Goldman Sachs & Co. LLC may release any of the securities subject to these lock-up agreements at any time, subject to the applicable notice

requirements. See the sections titled “Shares Eligible for Future Sale” and “Underwriting (Conflicts of Interest)” for a discussion of such exceptions and of the provisions that may allow for sales during the Lock-up Period. If not earlier released, all of the shares of Class A common stock not sold in this offering will become eligible for sale upon expiration of the Lock-up Period, except for any shares held by our affiliates as defined in Rule 144 under the Securities Act of 1933, as amended, or the Securities Act.

In addition, there were 3,185,020 shares of Class B common stock issuable upon the exercise of options and 29,296,462 restricted stock units, or RSUs, to be settled in shares of our Class B common stock (after giving effect to the RSU Net Settlement) as of the date of this prospectus. We intend to register all of the shares of common stock issuable upon exercise of outstanding options, the vesting and settlement of outstanding RSUs, and other equity incentives we may grant in the future, for public resale under the Securities Act. The shares of common stock will become eligible for sale in the public market to the extent such options are exercised or RSUs are vested and settled, subject to the lock-up agreements described above comply with applicable securities laws.

Further, based on shares outstanding as of January 31, 2024, holders of approximately 74,182,559 shares of our Class B common stock, or 42.2% of our shares outstanding after the closing of this offering, will have rights, subject to some conditions, to require us to file registration statements covering the sale of their shares or to include their shares in registration statements that we may file for ourselves or other stockholders.

We anticipate incurring substantial tax obligations on the initial settlement of certain RSUs in connection with this offering. The manner in which we fund these tax liabilities may have an adverse effect on our financial condition and may further dilute our stockholders.

In light of the large number of RSUs that will initially settle in connection with this offering, we anticipate that we will expend substantial funds, primarily using net proceeds from this offering, to satisfy tax withholding and remittance obligations. The majority of the RSUs granted prior to the date of this prospectus vest upon the satisfaction of service-based and performance-based conditions. The service-based condition is generally satisfied over a period of four years. The performance-based condition will be satisfied as of the effective date of the registration statement of which this prospectus forms a part. As a result, such RSUs that have previously satisfied the service-based condition will vest in connection with the effectiveness of the registration statement of which this prospectus forms a part. In connection with the settlement of these RSUs, we plan to withhold certain shares underlying RSUs and remit income taxes on behalf of the holders of such RSUs at applicable statutory tax withholding rates based on the initial public offering price per share in this offering. See the section titled “Use of Proceeds.” For RSUs that will vest after the effectiveness of the registration statement of which this prospectus forms a part and prior to the expiration of the lock-up and/or market stand-off period, we will have discretion to net settle or sell-to-cover shares underlying these RSUs and also to delay settlement of these RSUs following vesting until the expiration of the lock-up and/or market stand-off period.

Based on the number of RSUs for which the service-based condition was fully or partially satisfied on or before the date of this prospectus, and assuming (i) that the value of our Class B common stock at the time of settlement was equal to the initial public offering price of $32.00 per share and (ii) an assumed 44.5% tax withholding rate for the RSUs, we estimate that our tax liability on the settlement date for these RSUs will be approximately $412.0 million in the aggregate. Accordingly, we would expect to deliver an aggregate of approximately 17.0 million shares of our Class B common stock to RSU holders after withholding an aggregate of approximately 12.9 million shares of our Class B common stock. The amount of these tax liabilities and withholdings could be higher or lower, depending on, among other things, the actual price of shares of our Class A common stock sold in this offering, the actual tax withholding rates, and the actual number of RSUs for which the service-based condition has been satisfied on the

settlement or vesting date (after accounting for forfeitures prior to the settlement or vesting date). As a result, depending on these factors, we may need to use existing cash, cash equivalents, and short-term investments to fund a portion of these tax withholding and remittance obligations.

Our issuance of additional capital stock in connection with financings, acquisitions, investments, our equity incentive plans, or otherwise will dilute all other stockholders.

We expect to issue additional capital stock in the future that will result in dilution to all other stockholders. We expect to grant equity awards to employees, directors, and consultants under our equity incentive plans. We may also raise capital through equity financings in the future. As part of our business strategy, we may acquire or make investments in companies, products or technologies and issue equity securities to pay for any such acquisition or investment. Any such issuances of additional capital stock may cause stockholders to experience significant dilution of their ownership interests and the per share value of our Class A common stock to decline.

You will experience immediate and substantial dilution in the net tangible book value of the shares of common stock you purchase in this offering.

The initial public offering price of our Class A common stock is substantially higher than the pro forma net tangible book value per share of our Class A common stock immediately after this offering. If you purchase shares of our Class A common stock in this offering, you will suffer immediate dilution of $36.06 per share, representing the difference between our pro forma as adjusted net tangible book value per share after giving effect to the sale of Class A common stock in this offering, the RSU Net Settlement, and the initial public offering price of $32.00 per share. See the section titled “Dilution.”

We do not intend to pay dividends for the foreseeable future and, as a result, your ability to achieve a return on your investment will depend on appreciation in the price of our Class A common stock.

We have never declared or paid any cash dividends on our capital stock, and we do not intend to pay any cash dividends in the foreseeable future. Any determination to pay dividends in the future will be at the discretion of our board of directors. In addition, our Amended Credit Facility contains restrictions on our ability to pay cash dividends on our Class A Common Stock. Additionally, our ability to pay dividends may be further restricted by agreements we may enter into in the future. Accordingly, you may need to rely on sales of our Class A common stock after price appreciation, which may never occur, as the only way to realize any future gains on your investment.

We are an “emerging growth company,” and we cannot be certain if the reduced reporting and disclosure requirements applicable to emerging growth companies will make our Class A common stock less attractive to investors.

We are an “emerging growth company,” as defined in the JOBS Act, and we may take advantage of certain exemptions from various reporting requirements that are applicable to other public companies that are not “emerging growth companies,” including the auditor attestation requirements of Section 404, reduced disclosure obligations regarding executive compensation in our periodic reports and proxy statements, and exemptions from the requirements of holding a nonbinding advisory vote on executive compensation and stockholder approval of any golden parachute payments not previously approved. Pursuant to Section 107 of the JOBS Act, as an emerging growth company, we have elected to use the extended transition period for complying with new or revised accounting standards until those standards would otherwise apply to private companies. As a result, our consolidated financial statements may not be comparable to the financial statements of issuers who are required to

comply with the effective dates for new or revised accounting standards that are applicable to public companies, which may make our Class A common stock less attractive to investors. In addition, if we cease to be an emerging growth company, we will no longer be able to use the extended transition period for complying with new or revised accounting standards.

We will remain an emerging growth company until the first to occur of: (1) the last day of the year following the fifth anniversary of this offering; (2) the last day of the first year in which our annual gross revenue is $1.235 billion or more; (3) the date on which we have, during the previous rolling three-year period, issued more than $1.0 billion in non-convertible debt securities; and (4) the date we qualify as a “large accelerated filer,” with at least $700 million of equity securities held by non-affiliates.

We cannot predict if investors will find our Class A common stock less attractive if we choose to rely on these exemptions. For example, if we do not adopt a new or revised accounting standard, our future results of operations may not be as comparable to the results of operations of certain other companies in our industry that adopted such standards. If some investors find our Class A common stock less attractive as a result, there may be a less active trading market for our Class A common stock, and our stock price may be more volatile.

We will incur increased costs as a result of operating as a public company, and our management will be required to devote substantial time to compliance with our public company responsibilities and corporate governance practices.

As a public company, we will incur significant legal, accounting, and other expenses that we did not incur as a private company, which we expect to further increase after we are no longer an “emerging growth company.” The Sarbanes-Oxley Act, the Dodd-Frank Wall Street Reform and Consumer Protection Act, the listing requirements of the securities exchange on which our Class A common stock trades, and other applicable securities rules and regulations impose various requirements on public companies. Our management and other personnel will devote a substantial amount of time to compliance with these requirements. Moreover, these rules and regulations will increase our legal and financial compliance costs and will make some activities more time-consuming and costly. We cannot predict or estimate the amount of additional costs we will incur as a public company or the specific timing of such costs.

Anti-takeover provisions in our charter documents and under Delaware law could make an acquisition of our company more difficult, limit attempts by our stockholders to replace or remove our current management, and limit the market price of our Class A common stock.

Provisions in our amended and restated certificate of incorporation and amended and restated bylaws, as they will be in effect immediately prior to the closing of this offering, may have the effect of preventing a change of control or changes in our management. Our amended and restated certificate of incorporation and amended and restated bylaws will include provisions that:

•

authorize our board of directors to issue, without further action by the stockholders, shares of undesignated preferred stock with terms, rights, and preferences determined by our board of directors that may be senior to our Class A common stock;

•

require that any action to be taken by our stockholders be effected at a duly called annual or special meeting and not by written consent;

•

specify that special meetings of our stockholders can be called only by our board of directors, the chairperson of our board of directors, our chief executive officer, or our president (in the absence of a chief executive officer);

•

establish an advance notice procedure for stockholder proposals to be brought before an annual meeting, including proposed nominations of persons for election to our board of directors;

•

establish that our board of directors is divided into three classes, with each class serving three-year staggered terms;

•

prohibit cumulative voting in the election of directors;

•

provide that our directors may be removed for cause only upon the vote of at least 66 2/3% of our outstanding shares of voting stock;

•

provide that vacancies on our board of directors may be filled only by the affirmative vote of a majority of directors then in office, even though less than a quorum, or by a sole remaining director; and

•

require the approval of our board of directors or the holders of at least 66 2/3% of our outstanding shares of voting stock to amend our bylaws and certain provisions of our certificate of incorporation.

These provisions may frustrate or prevent any attempts by our stockholders to replace or remove our current management by making it more difficult for stockholders to replace members of our board of directors, which is responsible for appointing the members of our management. In addition, because we are incorporated in Delaware, we are governed by the provisions of Section 203 of the Delaware General Corporation Law, which generally, subject to certain exceptions, prohibits a Delaware corporation from engaging in any of a broad range of business combinations with any “interested” stockholder for a period of three years following the date on which the stockholder became an “interested” stockholder. Any of the foregoing provisions could limit the price that investors might be willing to pay in the future for shares of our Class A common stock, and they could deter potential acquirers of our company, thereby reducing the likelihood that you would receive a premium for your shares of our Class A common stock in an acquisition.

Our amended and restated certificate of incorporation will designate the Court of Chancery of the State of Delaware and the federal district courts of the United States of America as the exclusive forums for certain disputes between us and our stockholders, which will restrict our stockholders’ ability to choose the judicial forum for disputes with us or our directors, officers, or employees.

Our amended and restated certificate of incorporation, to be effective immediately prior to the closing of this offering, will provide that the Court of Chancery of the State of Delaware (or, if and only if the Court of Chancery of the State of Delaware lacks subject matter jurisdiction, any state court located within the State of Delaware or, if and only if all such state courts lack subject matter jurisdiction, the federal district court for the District of Delaware) is the sole and exclusive forum for the following types of actions or proceedings under Delaware statutory or common law: (i) any derivative action or proceeding brought on our behalf; (ii) any action or proceeding asserting a claim of breach of a fiduciary duty owed by any of our current or former directors, officers, or other employees to us or our stockholders, or any action asserting a claim for aiding and abetting such breach of fiduciary duty; (iii) any action or proceeding asserting a claim against us or any of our current or former directors, officers or other employees arising out of or pursuant to any provision of the Delaware General Corporation Law, our amended and restated certificate of incorporation or our amended and restated bylaws; (iv) any action or proceeding to interpret, apply, enforce or determine the validity of our amended and restated certificate of incorporation or our amended and restated bylaws (including any right, obligation, or remedy thereunder); (v) any action or proceeding as to which the Delaware General Corporation Law confers jurisdiction to the Court of Chancery of the State of Delaware; and (vi) any action or proceeding asserting a claim against us or any of our current or former directors, officers, or other employees that is governed by the internal affairs doctrine, in all cases to the fullest extent permitted by law and subject to the court’s having personal jurisdiction over the indispensable parties named as defendants. This provision would not apply to suits brought to enforce a duty or liability

created by the Securities Exchange Act of 1934, as amended, or the Exchange Act, or any other claim for which the federal courts have exclusive jurisdiction. In addition, to prevent having to litigate claims in multiple jurisdictions and the threat of inconsistent or contrary rulings by different courts, among other considerations, our amended and restated certificate of incorporation to be effective immediately prior to the closing of this offering will provide that, unless we consent in writing to the selection of an alternative forum, to the fullest extent permitted by law, the federal district courts of the United States of America will be the exclusive forum for resolving any complaint asserting a cause of action arising under the Securities Act, including all causes of action asserted against any defendant named in such complaint. For the avoidance of doubt, this provision is intended to benefit and may be enforced by us, our officers and directors, the underwriters to any offering giving rise to such complaint, and any other professional entity whose profession gives authority to a statement made by that person or entity and who has prepared or certified any part of the documents underlying the offering. However, as Section 22 of the Securities Act creates concurrent jurisdiction for federal and state courts over all suits brought to enforce any duty or liability created by the Securities Act or the rules and regulations thereunder, there is uncertainty as to whether a court would enforce such provision. Our amended and restated certificate of incorporation, to be effective immediately prior to the closing of this offering, will further provide that any person or entity holding, owning or otherwise acquiring any interest in any of our securities shall be deemed to have notice of and consented to these provisions. Investors also cannot waive compliance with the federal securities laws and the rules and regulations thereunder.

These choice of forum provisions may limit a stockholder’s ability to bring a claim in a judicial forum that it finds favorable for disputes with us or our directors, officers, or other employees. While the Delaware courts have determined that such choice of forum provisions are facially valid, a stockholder may nevertheless seek to bring such a claim arising under the Securities Act against us, our directors, officers, or other employees in a venue other than in the federal district courts of the United States of America. In such instance, we would expect to vigorously assert the validity and enforceability of the exclusive forum provisions of our amended and restated certificate of incorporation. This may require significant additional costs associated with resolving such action in other jurisdictions and we cannot assure you that the provisions will be enforced by a court in those other jurisdictions. If a court were to find either exclusive-forum provision in our amended and restated certificate of incorporation to be inapplicable or unenforceable in an action, we may incur further significant additional costs associated with resolving the dispute in other jurisdictions, all of which could harm our business.

If securities or industry analysts do not publish research or publish unfavorable or inaccurate research about our business, the market price and trading volume of our Class A common stock could decline.

The market price and trading volume of our Class A common stock following the closing of this offering will be heavily influenced by the way analysts interpret our financial information and other disclosures. We do not have control over these analysts. If few securities analysts commence coverage of us, or if industry analysts cease coverage of us, our stock price would be negatively affected. If securities or industry analysts do not publish research or reports about our business, downgrade our Class A common stock, or publish negative reports about our business, our stock price would likely decline. If one or more of these analysts cease coverage of us or fail to publish reports on us regularly, demand for our Class A common stock could decrease, which might cause our stock price to decline and could decrease the trading volume of our Class A common stock.

General Risk Factors

Any future litigation against us could be costly and time-consuming to defend.

We have in the past been and in the future may become subject to legal proceedings and claims that arise in the ordinary course of business, such as intellectual property claims, including trade secret misappropriation and breaches of confidentiality terms, alleged breaches of non-competition or non-solicitation terms, or employment claims made by our current or former employees. Litigation might result in substantial costs and may divert management’s attention and resources, which might seriously harm our business, financial condition, and results of operations. Insurance might not cover such claims, might not provide sufficient payments to cover all the costs to resolve one or more such claims, and might not continue to be available on terms acceptable to us. A claim brought against us that is uninsured or underinsured could result in unanticipated costs, potentially harming our business, financial condition, and results of operations.

Our business could be disrupted by catastrophic events.

Occurrence of any catastrophic event, including earthquake, fire, flood, tsunami, or other weather event, power loss, telecommunications failure, software or commodity appliance malfunction, cyberattack, war, or terrorist attack, explosion, or pandemic could impact our business. In particular, our corporate headquarters are located in the San Francisco Bay Area, a region known for seismic activity, and are thus vulnerable to damage in an earthquake. Our insurance coverage may not compensate us for losses that may occur in the event of an earthquake or other significant natural disaster. Additionally, we rely on third-party cloud providers and enterprise applications, technology systems, and our website for our development, marketing, operational support, hosted services, and sales activities. In the event of a catastrophic event, we may be unable to continue our operations and may endure system interruptions, reputational harm, delays in our product development, lengthy interruptions in our data security solutions, and breaches of data security, all of which could have an adverse effect on our results of operations. If we are unable to develop adequate plans to ensure that our business functions continue to operate during and after a disaster and to execute successfully on those plans in the event of a disaster or emergency, our business would be harmed.

SPECIAL NOTE REGARDING FORWARD-LOOKING STATEMENTS

This prospectus contains forward-looking statements about us and our industry that involve substantial risks and uncertainties. All statements other than statements of historical facts contained in this prospectus, including statements regarding our future financial condition or results of operations, business strategy and plans, and objectives of management for future operations are forward-looking statements. In some cases, you can identify forward-looking statements because they contain words such as “anticipate,” “believe,” “continue,” “could,” “estimate,” “expect,” “intend,” “may,” “plan,” “potential,” “predict,” “project,” “should,” “target,” “toward,” “will,” “would,” or the negative of these words or other similar terms or expressions. These forward-looking statements include, but are not limited to, statements concerning the following:

•

our expectations regarding our revenue, cost of revenue, gross profit or gross margin, operating leverage, operating expenses, and other results of operations, including our key metrics;

•

the growth rate of the market in which we compete;

•

our business plan and our ability to effectively manage our growth and associated investments;

•

anticipated trends, growth rates, and challenges in our business and in the markets in which we operate;

•

our ability to achieve or sustain our profitability;

•

future investments in our business, our anticipated capital expenditures, and our estimates regarding our capital requirements;

•

the costs and success of our marketing efforts and our ability to promote our brand;

•

our beliefs and objectives for future operations;

•

our ability to increase sales of our products;

•

our ability to acquire new customers and successfully retain and expand platform usage with existing customers;

•

our ability to successfully transition our customers to RSC;

•

our ability and expectations to continue to innovate and enhance our platform;

•

our reliance on key personnel and our ability to identify, recruit, and retain skilled personnel;

•

our ability to obtain, maintain, protect, and enforce our intellectual property rights and any costs associated therewith;

•

our ability to operate our business under evolving macroeconomic conditions, such as high inflation, bank failures and related uncertainties, or recessionary or uncertain environments;

•

the impact of the ongoing conflicts in Israel and the surrounding area and between Russia and Ukraine on our business and operations;

•

the effects of the COVID-19 pandemic or other epidemics or pandemics;

•

our ability to compete effectively with existing competitors and new market entrants;

•

our ability to introduce new products on top of our platform;

•

our ability and expectations to expand internationally;

•

our ability to utilize AI successfully in our current and future products;

•

our ability to comply or remain in compliance with laws and regulations that currently apply or become applicable to our business in the United States and other jurisdictions where we elect to do business;

•

the expiration or release of market stand-off or contractual lock-up agreements, anticipation of such events, and sales of shares of our Class A common stock by us or our stockholders; and

•

our intended use of the net proceeds from this offering.

We caution you that the foregoing list may not contain all of the forward-looking statements made in this prospectus.

You should not rely on forward-looking statements as predictions of future events. We have based the forward-looking statements contained in this prospectus primarily on our current expectations and projections about future events and trends that we believe may affect our business, financial condition, and results of operations. The outcome of the events described in these forward-looking statements is subject to risks, uncertainties, and other factors described in the section titled “Risk Factors” and elsewhere in this prospectus. Moreover, we operate in a very competitive and rapidly changing environment. New risks and uncertainties emerge from time to time, and it is not possible for us to predict all risks and uncertainties that could have an impact on the forward-looking statements contained in this prospectus. The results, events, and circumstances reflected in the forward-looking statements may not be achieved or occur, and actual results, events, or circumstances could differ materially from those described in the forward-looking statements.

In addition, statements that “we believe” and similar statements reflect our beliefs and opinions on the relevant subject. These statements are based on information available to us as of the date of this prospectus. While we believe such information provides a reasonable basis for these statements, such information may be limited or incomplete. Our statements should not be read to indicate that we have conducted an exhaustive inquiry into, or review of, all relevant information. These statements are inherently uncertain, and investors are cautioned not to unduly rely on these statements.

The forward-looking statements made in this prospectus relate only to events as of the date on which the statements are made. We undertake no obligation to update any forward-looking statements made in this prospectus to reflect events or circumstances after the date of this prospectus or to reflect new information, actual results, revised expectations, or the occurrence of unanticipated events, except as required by law. We may not actually achieve the plans, intentions, or expectations disclosed in our forward-looking statements, and you should not place undue reliance on our forward-looking statements. Our forward-looking statements do not reflect the potential impact of any future acquisitions, mergers, dispositions, joint ventures, or investments.

MARKET, INDUSTRY, AND OTHER DATA

This prospectus contains statistical data, estimates, forecasts, and information concerning our industry, including the market size and growth of the markets in which we participate, that are based on independent industry publications or other publicly available information, as well as other information based on our internal sources. While we believe the industry and market data included in this prospectus are reliable and are based on reasonable assumptions, these data involve many assumptions and limitations, and you are cautioned not to give undue weight to these estimates. We have not independently verified the accuracy or completeness of the data contained in these industry publications and other publicly available information. The industry in which we operate is subject to a high degree of uncertainty and risk due to a variety of factors, including those described in the sections titled “Risk Factors” and “Special Note Regarding Forward-Looking Statements.” These and other factors could cause results to differ materially from those expressed in the projections and estimates made by the independent third parties and us.

The sources of certain statistical data, estimates, and forecasts contained in this prospectus are:

•

Customer Relationship Management Institute LLC, 2023.

•

Cybersecurity Ventures, Top 10 Cybersecurity Predictions and Statistics for 2024, February 2024.

•

Gartner, Inc., Forecast Analysis: Cloud Security Posture Management, Worldwide, July 2023.

•

Gartner, Inc., Forecast: Enterprise Infrastructure Software, Worldwide, 2021-2027, 4Q23 Update, December 2023.

•

Gartner, Inc., Forecast: Information Security and Risk Management, Worldwide, 2021-2027, 4Q23 Update, December 2023.

•

Gartner, Inc., Press Release, Gartner Forecasts Global Security and Risk Management Spending to Grow 14% in 2024, September 28, 2023. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.

•

International Data Corporation (IDC), Worldwide IDC Global DataSphere Forecast, 2023-2027: It’s a Distributed, Diverse, and Dynamic (3D) DataSphere, April 2023 (#US50554523).

•

International Data Corporation (IDC), IDC MarketScape: Worldwide Cyber-Recovery 2023 Vendor Assessment, November 2023 (#US49787923).

•

Netskope, Inc., Cloud Report, August 2019.

The Gartner^® content described herein, or the Gartner Content, represent(s) research opinions or viewpoints published, as part of a syndicated subscription service, by Gartner, Inc., or Gartner, and are not representations of fact. Each Gartner Content speaks as of its original publication date (and not as of the date of this prospectus) and the opinions expressed in the Gartner Content are subject to change without notice.

USE OF PROCEEDS

We estimate that we will receive net proceeds from this offering of approximately $698.3 million (or approximately $804.8 million if the underwriters’ option to purchase additional shares is exercised in full) based on the initial public offering price of $32.00 per share, after deducting underwriting discounts and commissions and estimated offering expenses payable by us.

The principal purposes of this offering are to increase our capitalization and financial flexibility and create a public market for our Class A common stock. We intend to use approximately $321.4 million of the net proceeds we receive from this offering to repay in full the aggregate principal amount of the Bridge Notes and accrued interest thereon as well as estimated debt issuance costs relating to the Bridge Notes. Prior to the closing of this offering, we intend to use the borrowed amounts under the Bridge Notes, together with existing cash, cash equivalents, and short-term investments, to pay all of our anticipated tax withholding and remittance obligations related to the RSU Net Settlement. In connection with the RSU Net Settlement, assuming (i) the fair market value of our Class B common stock at the time of settlement will be equal to the initial public offering price per share of $32.00 and (ii) an assumed 44.5% tax withholding rate, we estimate that these tax withholding and remittance obligations on the RSU Net Settlement will be $412.0 million in the aggregate.

The Bridge Notes will be terminated following our repayment in full of the aggregate principal amount thereof and accrued interest thereon. The Bridge Notes accrue interest at 7.00% per year prior to the closing of this offering. We intend to repay the Bridge Notes in full in connection with the closing of this offering, with such date being the earliest that the Bridge Notes may mature.

We intend to use the remaining net proceeds we receive from this offering for general corporate purposes, including working capital, operating expenses, and capital expenditures. We cannot specify with certainty all of the particular uses for the remaining net proceeds to us from this offering. We may also use a portion of the remaining net proceeds for the acquisitions of, or strategic investments in, complementary businesses, products, services, or technologies. However, we do not have any agreements or commitments to enter into any material acquisitions or investments at this time. We will have broad discretion over how we use the net proceeds from this offering. Pending the use of the proceeds from this offering as described above, we intend to invest the net proceeds from the offering that are not used as described above in investment-grade, interest-bearing instruments such as money market funds, corporate notes and bonds, certificates of deposit, commercial paper, and guaranteed obligations of the U.S. government.

DIVIDEND POLICY

We have never declared or paid cash dividends on our capital stock. We currently intend to retain all available funds and future earnings, if any, to fund the development and expansion of our business, and we do not anticipate paying any cash dividends in the foreseeable future. Any future determination regarding the declaration and payment of dividends, if any, will be at the discretion of our board of directors and will depend on then-existing conditions, including our financial condition, results of operations, contractual restrictions, capital requirements, business prospects, and other factors our board of directors may deem relevant. Our Amended Credit Facility contains restrictions on our ability to pay cash dividends on our capital stock. Additionally, our ability to pay dividends may be further restricted by agreements we may enter into in the future.

CAPITALIZATION

The following table sets forth our cash, cash equivalents, and short-term investments and our capitalization as of January 31, 2024 on:

•

an actual basis;

•

a pro forma basis, to reflect (i) the automatic conversion of all outstanding shares of our redeemable convertible preferred stock, of which there were 74,182,559 shares outstanding as of January 31, 2024, into an equal number of shares of Class B common stock, as if such conversion had occurred on January 31, 2024; (ii) the automatic conversion of all outstanding shares of convertible founders stock, of which there were 5,400,000 shares outstanding, as of January 31, 2024, into an equal number of shares of Class B common stock as if such conversion had occurred on January 31, 2024; (iii) the reclassification of our outstanding common stock as Class B common stock; (iv) stock-based compensation expense of $621.5 million related to RSUs subject to the RSU Net Settlement, reflected as an increase to additional paid-in capital and accumulated deficit, as further described in Notes 2 and 11 of our consolidated financial statements included elsewhere in this prospectus; (v) the net issuance of 16,986,924 shares of Class B common stock in connection with the RSU Net Settlement, after withholding 12,875,699 shares to satisfy estimated tax withholding and remittance obligations of $412.0 million (based on the initial public offering price of $32.00 per share, and an assumed 44.5% tax withholding rate); (vi) the incurrence of the Bridge Notes in an aggregate principal amount of $321.4 million, together with existing cash, cash equivalents, and short-term investments, to pay the estimated tax withholding and remittance obligations in connection with the RSU Net Settlement prior to the closing of this offering; (vii) the related $321.4 million net increase in total debt and total liabilities (without giving effect to $0.7 million in estimated debt issuance costs relating to the Bridge Notes) and the corresponding $412.0 million decrease in additional paid-in capital and $90.6 million net decrease in cash, cash equivalents, and short-term investments resulting from (A) the RSU Net Settlement and related tax withholding and remittance obligations and (B) the subsequent incurrence and use of proceeds from the Bridge Notes, together with existing cash, cash equivalents, and short-term investments, to repay such tax withholding and remittance obligations prior to the closing of this offering; and (vii) the filing and effectiveness of our amended and restated certificate of incorporation, which will occur immediately prior to the closing of this offering; and

•

a pro forma as adjusted basis, to reflect the adjustments described above and further reflect (i) our receipt of $704.7 million in estimated net proceeds from the sale and issuance by us of 23,500,000 shares of Class A common stock in this offering, at the initial public offering price of $32.00 per share, after deducting underwriting discounts and commissions and estimated offering expenses payable by us (which offering expenses exclude $6.5 million of deferred offering costs that have been previously paid as of January 31, 2024); (ii) the use of net proceeds from this offering, together with existing cash, cash equivalents, and short-term investments, if necessary, to repay in full the aggregate principal amount under the Bridge Notes, $0.2 million of accrued interest thereon as well as $0.7 million of estimated debt issuance costs relating to the Bridge Note in connection with the closing of this offering; and (iii) the related $0.9 million increase in accumulated deficit for debt issuance costs and interest expense.

The pro forma as adjusted information below is illustrative only, and our capitalization following the closing of this offering will be adjusted based on, among other things, the actual initial public offering price and other terms of this offering determined at pricing, the actual tax withholding rates, as well as the actual amount of RSUs settled in connection with this offering. You should read this information together with the section titled “Management’s Discussion and Analysis of Financial Condition and Results of Operations” and our consolidated financial statements and the related notes included elsewhere in this prospectus.


	January 31, 2024
	Actual			Pro Forma			Pro Forma as Adjusted
	(in thousands, except share and per share amounts)
Cash, cash equivalents, and short-term investments	$	279,251		$	188,641		$	571,005

Total debt⁽¹⁾	$	287,042		$	608,455		$	287,042

Redeemable convertible preferred stock, par value $0.000025 per share; 74,182,559 shares authorized, issued, and outstanding, actual; no shares authorized, issued, or outstanding, pro forma and pro forma as adjusted		714,713			—			—

Stockholders’ (deficit) equity:
Preferred stock, par value $0.000025 per share; no shares authorized, issued, or outstanding, actual; no shares authorized, issued, or outstanding, pro forma and pro forma as adjusted		—			—			—
Common stock, par value $0.000025 per share; 203,935,682 shares authorized, 55,862,729 shares issued and outstanding, actual; no shares authorized, issued, or outstanding, pro forma and pro forma as adjusted		1			—			—
Convertible founders stock, par value $0.000025 per share; 5,400,000 shares authorized, 5,400,000 shares issued and outstanding, actual; no shares authorized, issued, or outstanding, pro forma and pro forma as adjusted		—			—			—
Class A common stock, par value $0.000025 per share; no shares authorized, issued, or outstanding, actual; 1,070,000,000 shares authorized, no shares issued or outstanding, pro forma; 1,070,000,000 shares authorized, 23,500,000 shares issued and outstanding, pro forma as adjusted		—			—			1
Class B common stock, par value $0.000025 per share; no shares authorized, issued, or outstanding, actual; 210,000,000 shares authorized, 152,432,212 shares issued and outstanding, pro forma and pro forma as adjusted		—			4			4
Additional paid-in capital		265,494			1,189,682			1,887,945

Accumulated other comprehensive (loss)		(2,239	)		(2,239	)		(2,239	)

Accumulated deficit		(1,682,513	)		(2,304,014	)		(2,304,961	)

Total stockholders’ (deficit) equity		(1,419,257	)		(1,116,567	)		(419,250	)

Total capitalization	$	(417,502	)	$	(508,112	)	$	(132,208	)

(1)	Net of debt discount and issuance costs, other than for the Bridge Notes.

The number of shares of our Class A common stock and Class B common stock that will be outstanding after this offering is based on no shares of our Class A common stock and 152,432,212 shares of our Class B common stock (including shares of our redeemable convertible preferred stock and convertible founders stock on an as-converted basis and after giving effect to the RSU Net Settlement) outstanding as of January 31, 2024, and excludes:

•

3,185,020 shares of Class B common stock issuable upon the exercise of stock options outstanding as of January 31, 2024, with a weighted-average exercise price of $6.23 per share;

•

29,296,462 shares of Class B common stock issuable upon the vesting and settlement of RSUs, outstanding as of the date of this prospectus subject to service-based, market-based and/or performance-based conditions, for which (i) the service-based condition or market-based condition, as applicable, was not satisfied as of such date and (ii) the performance-based condition, if applicable, and will not be satisfied prior to the effectiveness of the registration statement of which this prospectus forms a part and (ii) the performance-based condition, if applicable, was satisfied upon the effectiveness of the registration statement of which this prospectus forms a part;

•

1,354,671 shares of our Class A common stock that we have reserved and may issue and donate in the future to fund our social impact and environmental, social, and governance initiatives, as more fully described in the section titled “Business—Social Responsibility and Community Initiatives”;

•

86,426,166 shares of our common stock reserved for future issuance under our 2024 Plan, which became effective upon the effectiveness of the registration statement of which this prospectus forms a part, including 44,417,163 new shares and the number of shares (not to exceed 42,009,003 shares) (i) that remain available for grant of future awards under our 2014 Plan at the time the 2024 Plan becomes effective, which shares will cease to be available for issuance under the 2014 Plan at such time, and (ii) any shares underlying outstanding stock awards granted under our 2014 Plan that expire, or are forfeited, cancelled, withheld, or reacquired; and

•

4,607,303 shares of Class A common stock reserved for future issuance under our 2024 ESPP, which became effective in connection with this offering.

DILUTION

If you invest in our Class A common stock in this offering, your ownership interest will be immediately diluted to the extent of the difference between the initial public offering price per share of Class A common stock and the pro forma as adjusted net tangible book value per share of Class A common stock immediately after this offering.

Our historical net tangible book deficit as of January 31, 2024 was $(1,722.2) million, or $(28.11) per share of common stock. Historical net tangible book deficit represents the amount of our total tangible assets less our total liabilities and redeemable convertible preferred stock, divided by the number of shares of common and convertible founders stock outstanding as of January 31, 2024.

Our pro forma net tangible book deficit as of January 31, 2024 was $(1,419.5) million, or $(9.31) per share. Pro forma net tangible book value per share represents the amount of our total tangible assets less our total liabilities, divided by the number of shares of our common stock outstanding as of January 31, 2024, after giving effect to (i) the automatic conversion of all outstanding shares of our redeemable convertible preferred stock, of which there were 74,182,559 shares outstanding as of January 31, 2024, into an equal number of shares of Class B common stock as if such conversion had occurred on January 31, 2024; (ii) the automatic conversion of all outstanding shares of convertible founders stock, of which there were 5,400,000 shares outstanding as of January 31, 2024, into an equal number of shares of Class B common stock as if such conversion had occurred on January 31, 2024; (iii) the net issuance of 16,986,924 shares of Class B common stock in connection with the RSU Net Settlement, after withholding 12,875,699 shares to satisfy estimated tax withholding and remittance obligations of $412.0 million (based on the initial public offering price of $32.00 per share, and an assumed 44.5% tax withholding rate); (iv) the incurrence of an aggregate principal amount of $321.4 million of Bridge Notes and the use of such borrowed amounts, together with existing cash, cash equivalents, and short-term investments, to pay the estimated tax withholding and remittance obligations in connection with the RSU Net Settlement prior to the closing of this offering; and (v) the $321.4 million net increase in liabilities (without giving effect to $0.7 million in estimated debt issuance costs relating to the Bridge Notes) and the corresponding $412.0 million decrease in additional paid-in capital and $90.6 million net decrease in cash, cash equivalents, and short-term investments resulting from (A) the RSU Net Settlement and related tax withholding and remittance obligations and (B) the subsequent incurrence and use of proceeds from the Bridge Notes, together with existing cash, cash equivalents, and short-term investments, to repay such tax withholding and remittance obligations prior to the closing of this offering.

After giving further effect to (i) our receipt of $704.7 million in estimated net proceeds from the sale and issuance by us of shares of Class A common stock in this offering at the initial public offering price of $32.00 per share, and after deducting underwriting discounts and commissions and estimated offering expenses payable by us (which offering expenses exclude $6.5 million of deferred offering costs that have been previously paid as of January 31, 2024), and (ii) the use of net proceeds from this offering to repay in full the aggregate principal amount of the Bridge Notes, $0.2 million of accrued interest thereon as well as $0.7 million of debt issuance costs relating to the Bridge Notes in connection with the closing of this offering, our pro forma as adjusted net tangible book value as of January 31, 2024 would have been $(714.8) million, or $(4.06) per share. This amount represents an immediate increase in pro forma net tangible book value of $5.25 per share to our existing stockholders and immediate dilution in pro forma as adjusted net tangible book value of approximately $36.06 per share to new investors purchasing shares of Class A common stock in this offering.

Dilution per share to new investors is determined by subtracting pro forma as adjusted net tangible book value per share after this offering from the initial public offering price per share paid by

new investors. The following table illustrates this dilution (without giving effect to any exercise by the underwriters of their option to purchase additional shares):


Initial public offering price per share				$	32.00
Historical net tangible book deficit per share as of January 31, 2024	$	(28.11	)
Increase per share attributable to the pro forma adjustments described above	$	18.80

Pro forma net tangible book value per share as of January 31, 2024, before giving effect to this offering	$	(9.31	)
Increase in pro forma net tangible book value per share attributable to investors purchasing shares in this offering	$	5.25

Pro forma as adjusted net tangible book value per share after this offering				$	(4.06	)

Dilution in pro forma as adjusted net tangible book value per share to new investors in this offering				$	36.06

If the underwriters exercise their option to purchase additional shares in full, the pro forma as adjusted net tangible book value after the offering would be $(3.39) per share and the dilution per share to new investors would be $35.39 per share, in each case an initial public offering price of $32.00 per share.

The following table summarizes, on the pro forma as adjusted basis described above, as of January 31, 2024, the differences between the number of shares of our Class B common stock purchased from us by our existing stockholders and our Class A common stock purchased from us by new investors purchasing shares in this offering, the total consideration paid to us in cash, the average price per share paid by existing stockholders for shares of common stock issued prior to this offering, and the price to be paid by new investors for shares of Class A common stock in this offering. The calculation below is based on the initial public offering price of $32.00 per share, before deducting underwriting discounts and commissions and estimated offering expenses payable by us.


	Shares Purchased					Total Consideration					Average Price per Share
	Number		Percent			Amount (in millions)		Percent			Average Price per Share
Existing stockholders		152,432,212		87	%	$	762		50	%	$	5.00
New investors		23,500,000		13	%	$	752		50	%	$	32.00

Total		175,932,212		100%		$	1,514		100%		$	8.61

If the underwriters exercise their option to purchase additional shares in full, our existing stockholders would own 85%, and the investors purchasing shares of our common stock in this offering would own 15% of the total number of shares of our Class A common stock outstanding immediately after the closing of this offering.

The number of shares of our Class A common stock and Class B common stock that will be outstanding after this offering is based on no shares of our Class A common stock and 152,432,212 shares of our Class B common stock (including shares of our redeemable convertible preferred stock and convertible founders stock on an as-converted basis and after giving effect to the RSU Net Settlement) outstanding as of January 31, 2024, and excludes:

•

3,185,020 shares of Class B common stock issuable upon the exercise of stock options outstanding as of January 31, 2024, with a weighted-average exercise price of $6.23 per share;

•

29,296,462 shares of Class B common stock issuable upon the vesting and settlement of RSUs outstanding as of the date of this prospectus, for which (i) the service-based condition or market-based condition, as applicable, was not satisfied as of such date and (ii) the performance-based condition, if applicable, was satisfied upon the effectiveness of the registration statement of which this prospectus forms a part;

•

4,607,303 shares of Class A common stock reserved for future issuance under our 2024 ESPP, which became effective in connection with this offering.

To the extent any outstanding options are exercised, or any outstanding RSUs settle, or new stock options or RSUs are issued under our equity incentive plans, or we issue additional equity or convertible debt securities in the future, there will be further dilution to investors participating in this offering. If all outstanding options and RSUs under our 2014 Plan as of the date of this prospectus were exercised or settled, then our existing stockholders, including the holders of these securities would own approximately 89% and our new investors would own approximately 11% of the total number of shares of our Class A common stock and Class B common stock outstanding on the closing of this offering. In addition, we may choose to raise additional capital because of market conditions or strategic considerations, even if we believe that we have sufficient funds for our current or future operating plans. If we raise additional capital through the sale of equity or convertible debt securities, the issuance of these securities could result in further dilution to our stockholders.

MANAGEMENT’S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION

AND RESULTS OF OPERATIONS

The following discussion and analysis of our financial condition and results of operations should be read in conjunction with the section titled “Summary Consolidated Financial and Other Data,” and the consolidated financial statements and related notes included elsewhere in this prospectus. Some of the information contained in this discussion and analysis, including information with respect to our planned investments in our research and development, sales and marketing, and general and administrative functions, includes forward-looking statements that involve risks and uncertainties. You should review the sections titled “Special Note Regarding Forward-Looking Statements” and “Risk Factors” for a discussion of forward-looking statements and important factors that could cause actual results to differ materially from the results described in or implied by the forward-looking statements contained in the following discussion and analysis. Our fiscal year end is January 31, and our fiscal quarters end on April 30, July 31, October 31, and January 31. References to fiscal 2023 and fiscal 2024, for example, refer to the fiscal years ended January 31, 2023 and January 31, 2024, respectively.

Overview

We are on a mission to secure the world’s data.

We built Rubrik Security Cloud, or RSC, with Zero Trust design principles to secure data across enterprise, cloud, and SaaS applications. RSC delivers a cloud native SaaS platform that detects, analyzes, and remediates data security risks and unauthorized user activities. Our platform is architected to help organizations achieve cyber resilience, which encompasses cyber posture and cyber recovery. We enable organizations to confidently accelerate digital transformation and leverage the cloud to realize business agility.

LOGO

We launched our first enterprise software product, Converged Data Management, in fiscal 2016, which combined data and metadata together into a single layer of software to offer Zero Trust data protection, and sold it as a perpetual license along with associated maintenance contracts. Our early customers deployed Converged Data Management as a self-managed platform on our Rubrik-branded commodity servers, or Rubrik-branded Appliances, purchased from us to protect their enterprise data across hybrid cloud environments.

LOGO

In fiscal 2019, we extended data protection to cloud native applications and rebranded Converged Data Management to Cloud Data Management, or CDM. Data protection for cloud native applications are sold as a SaaS subscription product. In addition, we began offering new SaaS subscription products, Ransomware Monitoring & Investigation (now known as Anomaly Detection), and Sensitive Data Monitoring & Management (now known as Sensitive Data Monitoring). In fiscal 2020, we continued our business evolution to a subscription pricing model by offering our CDM

platform as a subscription term-based license with associated support. Included in this subscription term-based license was the right to next generation Rubrik-branded Appliances at no cost for qualified customers, which we refer to as Refresh Rights. As of February 1, 2022, we generally stopped offering CDM as a perpetual license.

LOGO

In fiscal 2023, to meet customer demands for data security and a single, unified cloud-based control plane, we launched RSC, a comprehensive Zero Trust Data Security platform. RSC culminates our early vision of providing one point of control to secure data across enterprise, cloud, and SaaS applications. RSC is primarily adopted by our customers as a cloud-native, fully managed SaaS solution. It is also available as an enterprise-ready, self-managed version, or RSC-Private, for a few select customers that are subject to stringent data control policies. For U.S. public sector organizations, we also offer a specialized cloud-native fully managed SaaS solution called RSC-Government. We continued to innovate in our security product portfolio on the RSC platform by releasing Threat Hunting, Threat Containment, and Cyber Recovery, in addition to previously released subscription products Anomaly Detection (formerly known as Ransomware Monitoring Investigation) and Sensitive Data Monitoring (formerly known as Sensitive Data Monitoring & Management).

We began transitioning customers from our legacy CDM capabilities to RSC in fiscal 2023, all of which are subscription-based offerings. As part of this business transition, we began transitioning the sale of Rubrik-branded Appliances from us to our contract manufacturers and stopped offering the Refresh Rights as part of our subscription offerings. In lieu of the outstanding Refresh Rights, upon qualification, we offer Subscription Credits, with an associated expiration date, which, if utilized, will offset against Subscription ARR and revenue. As of the end of fiscal 2024, RSC represented a majority of our total revenue.

We recognize revenue from the sales of our RSC platform (excluding RSC-Private) ratably over the term of the subscription. We recognize a portion of revenue from sales of RSC-Private upon delivery and the remainder ratably over the term of the subscription. The majority of sales of our subscriptions are for three-year terms with upfront payment, and renewals are typically for one-year terms.

LOGO

We expect new and existing customers to increasingly adopt RSC. As such, sales of RSC contributed to the majority of our subscription revenue at the end of fiscal 2024. Our new customers have generally been rapidly adopting the RSC platform. We are actively migrating our existing customers from our legacy CDM capabilities to RSC. As part of this migration, we expect certain existing customers, to consume our platform and products through a mix of RSC and a transitional CDM license, or CDM-T, during which time we expect to continue recognizing a portion of the associated revenue from these customers upfront at the time we transfer control of the license to the customer. We cannot predict how long these customers will use this mix before they complete their transition. Our revenue will fluctuate when qualified customers choose to exercise or forfeit their Subscription Credits upon expiry date which are customer options that are accounted for as material rights. Due to the ratable revenue recognition related to new and existing customer adoption of RSC and the impact of the Subscription Credits, we believe our subscription revenue growth will fluctuate through fiscal 2027, depending in part on the timing of completing the migration of existing customers to RSC. See the risk factor titled, “We expect our revenue mix and certain business factors to impact the amount of revenue recognized period to period, which could make period-to-period revenue comparisons not meaningful and difficult to predict” in the section titled “Risk Factors.”

As part of our business transition, we expect our maintenance revenue to continue to decrease as we generally no longer offer new perpetual licenses. In addition, we are converting existing maintenance customers into subscription customers as their maintenance contracts come up for renewal. We expect the conversion of maintenance contracts to subscription offerings to be largely completed by the end of fiscal 2026.

We expect our other revenue to decrease as a percentage of total revenue as we transition the sale of Rubrik-branded Appliances from us to our contract manufacturers and generally no longer offer perpetual licenses.

The trends described above are a result of our business transition which will cause fluctuations to our total revenue growth through fiscal 2027 and limit the comparability of our revenue with past performance. As a result, we measure the success of our business on the basis of Subscription ARR. Subscription ARR illustrates our success in acquiring new subscription customers and maintaining and expanding our relationships with existing subscription customers.

Our total revenue increased from $599.8 million in fiscal 2023 to $627.9 million in fiscal 2024. Our Subscription ARR grew from $532.9 million as of January 31, 2023 to $784.0 million as of January 31, 2024, representing a 47% increase. Of the 47% increase, approximately four percentage points are a result of transitioning our existing maintenance customers to our subscription editions. In addition, as customers experience the benefits of our platform, they typically expand their usage significantly, as evidenced by our average subscription dollar-based net retention rate of 133% as of January 31, 2024.

As a result of our business transition and resulting fluctuations to revenue, we expect our net income (losses) to fluctuate through fiscal 2027 and limit the comparability of our net income (losses) with past performance. In fiscal 2023 and fiscal 2024, we incurred net losses of $(277.7) million and $(354.2) million, respectively. In fiscal 2023 and fiscal 2024, operating cash flow was $19.3 million and $(4.5) million, respectively, and free cash flow was $(15.0) million and $(24.5) million, respectively.

Our Go-to-Market Strategy

RSC is primarily adopted by our customers as a cloud-native, fully managed, SaaS solution. For select customers in highly regulated industries subject to stringent data control policies, we offer RSC-Private as an enterprise-ready, self-managed version. Both versions of our platform include various products built on top of RSC that, in combination, help organizations achieve business resilience against cyberattacks, malicious insiders, and operational disruptions.

Our platform can be purchased in three subscription editions. Our various editions include a combination of products across data sources (enterprise, cloud, and SaaS applications). We price our subscription editions primarily based on edition tier and data volume. Our subscription editions are as follows:

•

Foundation Edition. Keeps data secure and recoverable from cyberattacks and operational failures.

•

Business Edition. Builds upon Foundation Edition by proactively monitoring for ransomware.

•

Enterprise Edition. Builds upon Business Edition by continuously monitoring data risk and orchestrating cyber recovery.

LOGO

We primarily sell subscriptions of RSC through our global sales team and partner network, where we target the largest organizations worldwide to mid-sized organizations. We also sell to smaller customers through a high-velocity engagement model driven by our inside sales team. Our platform’s broad capability allows us to serve organizations of all sizes across a wide range of industries and geographies. We are trusted by some of the world’s largest organizations and brands to protect their data.

We utilize a land and expand approach, acquiring new customers and expanding with existing customers. We sell our products through subscription editions and can land in four distinct ways by securing private cloud (which we refer to as enterprise), enterprise NAS⁽¹⁾ (which we refer to as unstructured data), cloud, and SaaS applications. After the initial purchase, our customers often expand the adoption of our platform within their organization. Expansion happens along three vectors: the growth of data from applications already secured by Rubrik, new applications secured, and additional data security products. This expansion is driven by a natural flywheel effect in which the value of our platform increases as our customers’ data grows across various applications. As organizations manage more data with RSC and adopt additional data security products, they gain deeper insights into their data, strengthen their overall security posture, and reduce compliance risk, thereby increasing their overall affinity with Rubrik and driving further adoption.

Key Factors Affecting Our Performance

Evolution of the Market and Adoption of Our Solutions

Our future success depends in part on the market adoption of our approach to Zero Trust Data Security. Many organizations have focused on preventing cyberattacks instead of protecting their data and having a plan to recover it in case of a cyberattack. We believe that the existing security ecosystem lacks a data security platform that will secure a customer’s data, wherever it lives, across enterprise, cloud, and SaaS applications. RSC is our Zero Trust Data Security platform that addresses the growing demand from organizations of virtually any size, across a wide range of industries, to address data security and cyberattack risks. As the data security market continues to evolve, we expect to continuously innovate our platform and product functionality to keep us in a strong position to capture the large opportunity ahead.

⁽¹⁾	Network-Attached Storage.

New Customer Acquisition

Our business model relies on rapidly and efficiently engaging with new customers. Our ability to attract new customers will depend on a number of factors, including our ability to innovate upon our product breadth and capabilities, our success in recruiting and scaling our sales and marketing organization, our ability to accelerate ramp time of our sales force, our ability to develop and maintain strong partnerships, the impact of marketing efforts to enhance our brand, and competitive dynamics in our target markets. We have seen our customer count grow to over 6,100 as of January 31, 2024 from over 5,000 as of January 31, 2023.

Retaining and Expanding Within Our Existing Customer Base

Our ability to retain customers and expand within existing customers is integral to our growth and future success. Our growing base of customers represents a significant opportunity for further expansion across our platform. Our customers typically start with securing data in one or more applications on our platform, and then expand by securing additional applications and increasing the amount of data secured. They further extend their use of our platform through adoption of additional security products. Several of our largest customers have deployed our platform to protect enterprise, unstructured data, cloud, and SaaS applications, securing large amounts of their data. Our ability to expand and extend within our customer base will depend on a number of factors, including platform performance, our customers’ satisfaction with our platform, competitive offerings, pricing, overall changes in our customers’ spending levels, and the effectiveness of our efforts to help our customers realize the benefits of our platform.

Key Business Metrics

We monitor the following key business metrics to help us evaluate our business.

Subscription ARR

Subscription ARR is calculated as the annualized value of our active subscription contracts as of the measurement date, assuming any contract that expires during the next 12 months is renewed on existing terms. Subscription contracts include offerings for our RSC platform and related SaaS products, term-based licenses for our RSC-Private platform and related products, prior sales of CDM sold as a subscription term-based license with associated support and related SaaS products, and standalone sales of our SaaS subscription products like Ransomware Monitoring & Investigation (now known as Anomaly Detection) and Sensitive Data Monitoring & Management (now known as Sensitive Data Monitoring). We believe Subscription ARR illustrates our success in acquiring new subscription customers and maintaining and expanding our relationships with existing subscription customers.

The following table sets forth our Subscription ARR as of the dates presented:


	January 31,
	2023			2024
	(in thousands, except percentages)
Subscription ARR	$	532,929		$	784,029
% growth		96	%		47	%

Subscription ARR does not include any maintenance revenue associated with perpetual licenses, which we generally no longer offer. Of the 96% and 47% growth, approximately 17 percentage points and four percentage points of growth for fiscal 2023 and fiscal 2024, respectively, were a result of transitioning our existing maintenance customers to our subscription editions.

Cloud Annual Recurring Revenue, or Cloud ARR

Cloud ARR is calculated as the annualized value of our active cloud-based subscription contracts as of the measurement date, based on our customers’ total contract value and, assuming any contract that expires during the next 12 months is renewed on existing terms. Our cloud-based subscription contracts include RSC and RSC-Government (excluding RSC-Private) and SaaS subscription products like Ransomware Monitoring & Investigation (now known as Anomaly Detection) and Sensitive Data Monitoring & Management (now known as Sensitive Data Monitoring). Cloud ARR also includes SaaS subscription products like Ransomware Monitoring & Investigation (now known as Anomaly Detection) and Sensitive Data Monitoring & Management (now known as Sensitive Data Monitoring) sold standalone or with prior sales of term-license offerings of CDM. We believe that Cloud ARR provides important information on new and existing customers purchasing new RSC subscription offerings and existing subscription term-based license customers renewing with RSC subscription offerings. Sales of RSC contributed the majority of our subscription revenue by the end of fiscal 2024.

The following table sets forth our Cloud ARR as of the dates presented:


	January 31,
	2023			2024
	(in thousands)
Cloud ARR	$	239,198		$	524,767
% Growth		229	%		119	%

LOGO

Average Subscription Dollar-Based Net Retention Rate

Our average subscription dollar-based net retention rate compares our Subscription ARR from the same set of subscription customers across comparable periods. We calculate our average subscription dollar-based net retention rate by first identifying subscription customers, or the Prior Period Subscription Customers, which were subscription customers at the end of a particular quarter, or the Prior Period. We then calculate the Subscription ARR from these Prior Period Subscription Customers at the end of the same quarter of the subsequent year, or the Current Period. This calculation captures upsells, contraction, and attrition since the Prior Period. We then divide total Current Period Subscription ARR by the total Prior Period Subscription ARR for Prior Period Subscription Customers. Our average subscription dollar-based net retention rate in a particular quarter is obtained by averaging the result from that particular quarter with the corresponding results from each of the prior three quarters. We believe that our average subscription dollar-based net retention rate provides useful information about the evolution of our existing customers as they expand through the increase of data from applications we already secure, new applications for us to secure, additional data security products, and conversion of our recurring revenue related to maintenance contracts into subscription revenue.

The following table sets forth our Average Subscription Dollar-Based Net Retention Rate as of the dates presented:


	January 31,
	2023			2024
Average Subscription Dollar-Based Net Retention Rate		150	%		133	%

Customers with $100,000 or More in Subscription ARR

We believe that customers with $100,000 or more in Subscription ARR is a helpful metric in measuring our ability to scale with our customers and the success of our ability to acquire large customers. Additionally, we believe that our ability to increase the number of customers with $100,000 or more in Subscription ARR is a useful indicator of our market penetration and demand for our platform. As of January 31, 2024, the number of customers with $100,000 or more in Subscription ARR accounted for 80% of total Subscription ARR.

The following table sets forth the number of customers with $100,000 or more in Subscription ARR as of the dates presented:


	January 31,
	2023			2024
Customers with $100,000 or more in Subscription ARR		1,204			1,742
% growth		92	%		45	%

Additionally, as of January 31, 2018, 2019, 2020, 2021, and 2022 the number of customers generating more than $100,000 in Subscription ARR was 1, 23, 137, 309, and 628, respectively.

Non-GAAP Financial Measures

We believe that non-GAAP financial measures, when taken collectively, may be helpful to investors because they provide consistency and comparability with past financial performance. However, non-GAAP financial measures are presented for supplemental informational purposes only, have limitations as an analytical tool, and should not be considered in isolation or as a substitute for financial information presented in accordance with GAAP. Other companies, including companies in our industry, may calculate similarly titled non-GAAP financial measures differently or may use other measures to evaluate their performance, all of which could reduce the usefulness of our non-GAAP

financial measures as tools for comparison. A reconciliation is provided below for each non-GAAP financial measure to the most directly comparable financial measure stated in accordance with GAAP. Investors are encouraged to review the related GAAP financial measures and the reconciliation of these non-GAAP financial measures to their most directly comparable GAAP financial measures, and not to rely on any single financial measure to evaluate our business.

Free Cash Flow

Free cash flow is a non-GAAP financial measure that we calculate as net cash provided by (used in) operating activities less cash used for purchases of property and equipment and capitalized internal-use software. We believe that free cash flow is a helpful indicator of liquidity that provides information to management and investors about the amount of cash generated or used by our operations that, after the investments in property and equipment and capitalized internal-use software, can be used for strategic initiatives, including investing in our business and strengthening our financial position. One limitation of free cash flow is that it does not reflect our future contractual commitments. Additionally, free cash flow is not a substitute for cash used in operating activities and the utility of free cash flow as a measure of our liquidity is further limited as it does not represent the total increase or decrease in our cash balance for a given period.

Free cash flow was $(103.2) million, $(15.0) million, and $(24.5) million for fiscal year ended January 31, 2022, or fiscal 2022, fiscal 2023, and fiscal 2024, respectively. In fiscal 2023, the increase in new customer commitments, which were mostly paid upfront, and efficiency gains in our cost structure drove significant improvements in our free cash flow. In addition, as we transitioned sales of Rubrik-branded Appliances from us to contract manufacturers, our fulfillment cycles were shortened. Shortened fulfillment cycles positively impacted our free cash flow which may not continue in future periods. In the longer term, we view continued Subscription ARR growth and our multi-year cash collection as drivers of free cash flow. While we continue to see the majority of our customers pay us for new multi-year commitments upfront, in fiscal 2024, we have experienced an increase in annual and consumption payments due to the growth in our SaaS products and uncertain macroeconomic environment. See the risk factor titled “We expect fluctuations in our financial results, making it difficult to project future results, and if we fail to meet the expectations of securities analysts or investors with respect to our results of operations, our stock price and the value of your investment could decline” in the section titled “Risk Factors.” This trend, when combined with changes in new business growth, may result in free cash flow volatility across periods. Additionally, free cash flow does not represent the total increase or decrease in our cash balance for a given period.

The following table presents a reconciliation of free cash flow to net cash provided by (used in) operating activities for the periods presented:


	Year Ended January 31,
	2022			2023			2024
	(in thousands)
Net cash provided by (used in) operating activities	$	(82,785	)	$	19,287		$	(4,518	)
Less: Purchase of property and equipment		(14,986	)		(25,017	)		(12,333	)
Less: Capitalized internal-use software		(5,463	)		(9,281	)		(7,675	)

Free cash flow	$	(103,234	)	$	(15,011	)	$	(24,526	)

Net cash provided by (used in) investing activities	$	8,417		$	(125,188	)	$	(93,623	)
Net cash provided by financing activities	$	22,872		$	171,823		$	95,949

Subscription ARR Contribution Margin

We define Subscription ARR Contribution Margin, a non-GAAP financial measure, as the Subscription ARR Contribution (as defined below) divided by Subscription ARR at the end of the period. We define

Subscription ARR Contribution as Subscription ARR at the end of the period less: (i) our non-GAAP subscription cost of revenue and (ii) our non-GAAP operating expenses for the prior 12-month period ending on that date. In fiscal 2023, we began transitioning customers from our legacy CDM capabilities to our subscription-based RSC offerings. As a result of differing revenue recognition treatment between CDM and RSC, this business transition will cause fluctuations to our total revenue growth and limit the comparability of our revenue with past performance. As a result, we measure the performance of our business on the basis of Subscription ARR. We believe that Subscription ARR Contribution Margin is a helpful indicator of operating leverage during this business transition. One limitation of Subscription ARR Contribution Margin is that the factors that impact Subscription ARR will vary from those that impact subscription revenue and, as such, may not provide an accurate indication of our actual or future GAAP results. Additionally, the historical expenses in this calculation may not accurately reflect the costs associated with future commitments.

Subscription ARR Contribution Margin was (117)%, (38)%, and (12)% for fiscal 2022, fiscal 2023, and fiscal 2024, respectively. The increase in Subscription ARR Contribution Margin was primarily driven by the strong year-over-year growth in Subscription ARR, compared to year-over-year growth in non-GAAP subscription costs of sales and non-GAAP operating expenses. We believe that this increase in Subscription ARR Contribution Margin reflects increased operating leverage in our business.

The following table presents the calculation of Subscription ARR Contribution Margin for the periods presented as well as a reconciliation of (i) non-GAAP subscription cost of revenue to cost of revenue and (ii) non-GAAP operating expenses to operating expenses.


	Year Ended January 31,
	2022			2023			2024
	(in thousands, except percentages)
GAAP subscription cost of revenue	$	32,385		$	62,294		$	97,927
Amortization of acquired intangibles		(944	)		(822	)		(1,676	)
Stock-based compensation expense		(1,175	)		(53	)		(45	)
Stock-based compensation from amortization of capitalized internal-use software		(261	)		(287	)		(153	)

Non-GAAP subscription cost of revenue	$	30,005		$	61,132		$	96,053

GAAP operating expenses	$	602,975		$	679,353		$	789,436
Stock-based compensation expense		(42,590	)		(6,727	)		(5,652	)

Non-GAAP operating expenses	$	560,385		$	672,626		$	783,784

Subscription ARR	$	271,735		$	532,929		$	784,029
Non-GAAP subscription cost of revenue		(30,005	)		(61,132	)		(96,053	)
Non-GAAP operating expenses		(560,385	)		(672,626	)		(783,784	)

Subscription ARR Contribution	$	(318,655	)	$	(200,829	)	$	(95,808	)

Subscription ARR Contribution Margin		(117	)%		(38	)%		(12)%

Components of Results of Operations

Revenue

We generate revenue primarily from sales of subscriptions and typically invoice our customers at the inception of the contract. We previously sold perpetual licenses for our CDM product, which we generally no longer offer.

We expect new and existing customers to increasingly purchase subscriptions of RSC, which is recognized ratably over the term of the subscription. Our revenue will fluctuate based on the timing for transitioning our existing customers to RSC and when qualified customers choose to exercise or forfeit

their customer options that are accounted for as material rights. These expected trends, when combined with the transition of the sale of Rubrik-branded Appliances from us to our contract manufacturers, will limit and cause fluctuations to our revenue growth through fiscal 2027. We primarily measure our business on the basis of Subscription ARR, as we believe it best reflects our actual growth and our growth prospects.

Subscription Revenue

Our subscription revenue consists of SaaS subscriptions and subscription term-based licenses with related support services.

SaaS includes SaaS subscription products like Ransomware Monitoring & Investigation (now known as Anomaly Detection) and Sensitive Data Monitoring & Management (now known as Sensitive Data Monitoring) sold standalone or with prior sales of term-license offerings of CDM prior to the launch of the RSC platform as well as sales of RSC. RSC is offered as a fully-hosted subscription or a hybrid cloud subscription. RSC is a fully-hosted subscription in the case of protection of cloud, SaaS and unstructured data applications. When RSC is securing enterprise applications, it is a hybrid cloud subscription which includes software hosted from the cloud (as a service) and an on-premise license for securing enterprise applications. The hybrid cloud subscription is accounted for as a single performance obligation because the software hosted from the cloud (as a service) and the on-premise software licenses are not separately identifiable and serve together to fulfill our promise to the customer, which is to provide a single, unified data security solution. Our subscription capabilities are primarily sold as editions which bundle multiple products into our Foundation Edition, Business Edition, and Enterprise Edition. Subscription revenue related to SaaS is recognized ratably over the subscription period.

Subscription term-based licenses provide our customer with a right to use the software for a fixed term commencing upon delivery of the license to our customer. Support services are bundled with each subscription term-based license for the term of the subscription. Subscription revenue related to subscription term-based licenses includes upfront revenue recognized at the later of the start date of the subscription term-based license and the date when the subscription term-based license is delivered. The remainder of the revenue is recognized ratably over the subscription period for support services, commencing with the date the service is made available to customers.

As customers continue to adopt or transition to RSC, we expect the ratable portion of our subscription revenue to increase. We expect certain customers to consume our platform and products through a mix of RSC and CDM-T as they complete the migration, which will result in a recognition of a portion of the associated revenue for these customers upfront. Furthermore, our subscription revenue will also fluctuate when qualified customers choose to exercise or forfeit their customer options that are accounted for as material rights. The combination of both of these factors will limit and cause fluctuations in our subscription revenue growth through fiscal 2027, depending in part on the timing of our existing customers’ transition to RSC.

Maintenance Revenue

Maintenance revenue represents fees earned from software updates on a when-and-if-available basis, telephone support, integrated web-based support, and Rubrik-branded Appliance maintenance relating to our perpetual licenses. Maintenance revenue is recognized ratably over the term of the service period. As we generally no longer offer new perpetual licenses, we expect our maintenance revenue to decrease as we drive adoption of RSC for existing maintenance customers.

Other Revenue

Other revenue represents fees earned from sales of perpetual licenses, Rubrik-branded Appliances, and professional services. We recognize revenue for the amount allocated to the perpetual

software license at the later of the license term start date or the date the license is delivered. Revenue for Rubrik-branded Appliances is recognized when shipped to the customer. When we sell our software license with our Rubrik-branded Appliances, revenue for both the Rubrik-branded Appliances and software licenses are recognized at the same time. Revenue related to professional services is typically recognized as the services are performed. In the third quarter of fiscal 2023, we began transitioning the sale of Rubrik-branded Appliances from us to our contract manufacturers. Additionally, we generally no longer offer new perpetual licenses. As a result, we expect other revenue as a percentage of total revenue to decrease over time.

Cost of Revenue

Cost of revenue primarily includes employee compensation and related expenses associated with customer support, certain hosting costs, amortization of capitalized internal-use software, and cost of Rubrik-branded Appliances. In the several quarters following the closing of this offering, we expect to recognize a portion of stock-based compensation related to the equity awards that include a performance-based condition that will be met in connection with this offering. We expect our cost of revenue as a percentage of revenue to increase in the near term due to the stock-based compensation expense that we expect to recognize in connection with this offering and following this offering, but over the long-term, we expect our cost of revenue as a percentage of revenue to decrease as we increasingly transition the sale of Rubrik-branded Appliances from us to our contract manufacturers.

Cost of Subscription Revenue

Cost of subscription revenue primarily includes employee compensation and related expenses associated with customer support for our subscription offerings, certain hosting costs, and amortization of capitalized internal-use software. We expect our cost of subscription revenue to increase as our subscription revenue increases.

Cost of Maintenance Revenue

Cost of maintenance revenue primarily includes employee compensation and related expenses associated with customer support from our perpetual licenses. Over the long-term, as we generally no longer offer new perpetual licenses, we expect our cost of maintenance revenue to decrease as our maintenance revenue decreases.

Cost of Other Revenue

Cost of other revenue primarily includes the cost of Rubrik-branded Appliances and professional services. We expect cost of other revenue as a percentage of total cost of revenue to decrease due to the sales of Rubrik-branded Appliances transitioning from us to our contract manufacturers.

Gross Profit and Margin

Gross profit is revenue less cost of revenue.

Gross margin is gross profit expressed as a percentage of revenue. Our gross margin has been, and will continue to be, affected by a number of factors, including the mix of subscription term-based licenses, SaaS subscriptions, and other products, when qualified customers choose to exercise or forfeit their customer options that are accounted for as material rights, the timing and extent of our investments in our global customer support organization, certain hosting costs, the amortization of capitalized internal-use software, and stock-based compensation expense in periods following this offering. We expect our gross margin to be negatively impacted in the quarter in which we complete

this offering due to the stock-based compensation expense that we expect to recognize in connection with this offering and following this offering. Over time, we expect our gross margin to fluctuate due to the factors described above.

Subscription Gross Margin

With increased adoption of RSC, we expect SaaS revenue to increase as a percentage of total revenue, which we expect will result in an increase in associated hosting costs. As customers adopt RSC, we expect our subscription gross margin to fluctuate through fiscal 2027. This is due to the revenue being recognized ratably over the subscription term rather than a portion being recognized upfront from subscription term-based licenses and associated increases in hosting costs for our SaaS solutions.

Maintenance Gross Margin

We expect maintenance revenue to decrease as a percentage of total revenue, which we expect will result in a decrease in maintenance costs. We expect our maintenance margin to fluctuate until the end of fiscal 2026 as maintenance revenue and related costs decline as customers adopt RSC.

Other Gross Margin

We expect sales of Rubrik-branded Appliances to decrease as we transition the sale from us to contract manufacturers, which will result in a decrease in associated Rubrik-branded Appliance costs. We expect our other gross margin to fluctuate through fiscal 2025 as we ceased offering new perpetual licenses and are transitioning the sale of Rubrik-branded Appliances from us to our contract manufacturers.

Operating Expenses

Our operating expenses consist of research and development, sales and marketing, and general and administrative expenses. Personnel costs are the most significant component of operating expenses. We also incur other non-personnel costs such as colocation and certain hosting costs, office space costs, fees for third-party professional services, and costs associated with software and subscription services. In the several quarters following the closing of this offering, we expect to recognize a portion of stock-based compensation related to the equity awards that include a performance-based condition that will be met in connection with this offering. We also expect to incur additional stock-based compensation expense in future periods following this offering as additional equity awards vest. We expect our operating expense as a percentage of revenue to increase in the near term due to the stock-based compensation expense that we expect to recognize in connection with this offering and following this offering, but over the long term, we expect our operating expenses as a percentage of revenue to decrease.

Research and Development

Research and development expenses consist primarily of employee compensation and related expenses, net of capitalized amounts, and colocation and certain hosting costs. To capture share in the ever-growing data security market, we expect to continuously innovate our platform and product functionality and will continue to invest in research and development. We expect our research and development expenses will continue to increase as our business grows. We also expect our research and development expenses as a percentage of revenue to increase in the near term due to the stock-based compensation expense that we expect to recognize in connection with this offering and following this offering, but over the long term, we expect our research and development expenses as a percentage of revenue to decrease.

Sales and Marketing

Sales and marketing expenses consist primarily of employee compensation and related expenses including sales commissions, marketing programs, and travel-related costs. We expect our sales and marketing expenses will increase over time and continue to be our largest operating expense for the foreseeable future as we expand our sales force, increase our marketing efforts, and expand into new markets. We also expect our sales and marketing expenses as a percentage of revenue to increase in the near term due to the stock-based compensation expense that we expect to recognize in connection with this offering and following this offering, but over the long term, we expect our sales and marketing expenses as a percentage of revenue to decrease.

General and Administrative

General and administrative expense consists primarily of employee compensation and related expenses for administrative functions, including finance, legal, human resources, information technology, and fees for third-party professional services. Leading up to and following the closing of this offering, we expect to incur additional general and administrative expenses as a result of operating as a public company, including costs to comply with the rules and regulations applicable to companies listed on a national securities exchange, costs related to compliance and reporting obligations, and increased expenses for investor relations and third-party professional services. We also expect that our general and administrative expenses will increase as our business grows. We also expect our general and administrative expenses as a percentage of revenue to increase in the near term due to the stock-based compensation expense that we expect to recognize in connection with this offering and following this offering, but over the long term, we expect our general and administrative expenses as a percentage of revenue to decrease.

Other Non-Operating Income (Expense)

Other non-operating income (expense) consists primarily of interest income, interest expense, and foreign exchange gains and losses.

Income Tax Expense

Income tax expense consists primarily of income taxes in certain foreign jurisdictions in which we conduct business, as well as federal and state income taxes in the United States. We have recorded U.S. federal and state net deferred tax assets for which we provide a full valuation allowance, which includes net operating loss carryforwards and tax credits. We expect to maintain this full valuation allowance for the foreseeable future as it is more likely than not that some or all of those deferred tax assets may not be realized based on our history of losses.

100

Results of Operations

The following tables summarize our consolidated statements of operations data for the periods presented. The period-to-period comparison of results is not necessarily indicative of results for future periods.


	Year Ended January 31,
	2023			2024
	(in thousands)
Revenue
Subscription	$	385,272		$	537,869
Maintenance		76,220			38,745
Other		138,327			51,278

Total revenue		599,819			627,892

Cost of revenue
Subscription⁽¹⁾		62,294			97,927
Maintenance⁽¹⁾		15,059			6,472
Other⁽¹⁾		104,661			40,563

Total cost of revenue		182,014			144,962

Gross profit		417,805			482,930
Operating expenses
Research and development⁽¹⁾		175,057			206,527
Sales and marketing⁽¹⁾		417,542			482,532
General and administrative⁽¹⁾		86,754			100,377

Total operating expenses		679,353			789,436

Loss from operations		(261,548	)		(306,506	)
Interest income		5,140			11,216
Interest expense		(11,709	)		(30,295	)
Other income (expense), net		(1,033	)		(1,884	)

Loss before income taxes		(269,150	)		(327,469	)
Income tax expense		8,596			26,689

Net loss	$	(277,746	)	$	(354,158	)

(1)	Includes stock-based compensation expense as follows:


	Year Ended January 31,
	2023		2024
	(in thousands)
Cost of revenue
Subscription	$	53	$	45
Maintenance		34		7
Other		140		11
Research and development		3,044		3,590
Sales and marketing		2,399		1,313
General and administrative		1,284		749

Total stock-based compensation expense	$	6,954	$	5,715

101

The following table sets forth our consolidated statements of operations data expressed as a percentage of revenue for the periods indicated:


	Year Ended January 31,
	2023			2024
Revenue
Subscription		64	%		86	%
Maintenance		13			6
Other		23			8

Total revenue		100			100

Cost of revenue
Subscription		10			16
Maintenance		3			1
Other		17			6

Total cost of revenue		30			23

Gross margin		70			77
Operating expenses
Research and development		29			33
Sales and marketing		71			77
General and administrative		14			16

Total operating expenses		114			126

Loss from operations		(44	)		(49	)
Interest income		1			2
Interest expense		(2	)		(5	)
Other income (expense), net		—			—

Loss before income taxes		(45	)		(52	)
Income tax expense		1			4

Net loss		(46	)%		(56	)%

Comparison of Fiscal 2023 and Fiscal 2024

Revenue


	Year Ended January 31,
	2023		2024
	(in thousands)
Revenue
Subscription	$	385,272	$	537,869
Maintenance		76,220		38,745
Other		138,327		51,278

Total revenue	$	599,819	$	627,892

Subscription revenue increased by $152.6 million, or 40%, in fiscal 2024 as compared to fiscal 2023. Approximately 41% of this increase from fiscal 2024 as compared to fiscal 2023 was from sales to new customers and the remaining increase was attributable to sales to existing customers. Our Subscription ARR grew from $532.9 million as of January 31, 2023 to $784.0 million as of January 31, 2024, representing a 47% increase. Of the increase, approximately four percentage points are a result of transitioning our existing maintenance customers to our subscription editions. A further indication of our ability to expand revenue from existing customers is through our average subscription dollar-based

102

net retention rate which was 133% as of January 31, 2024. We had 1,742 customers with $100,000 or more in Subscription ARR as of January 31, 2024, increasing from 1,204 as of January 31, 2023.

Maintenance revenue associated with sales of perpetual licenses of our legacy CDM product decreased by $37.5 million, or 49%, in fiscal 2024 as compared to fiscal 2023. Maintenance revenue represented 13% and 6% of total revenue for fiscal 2023 and fiscal 2024, respectively. This decrease is a result of generally no longer offering new perpetual licenses as well as existing maintenance customers adopting RSC subscription offerings. We expect this transition to be largely completed by the end of fiscal 2026.

Other revenue, which consists primarily of sales of perpetual licenses, Rubrik-branded Appliances, and professional services, decreased by $87.0 million, or 63%, in fiscal 2024 as compared to fiscal 2023. Sales of Rubrik-branded Appliances and our perpetual licenses decreased by $83.2 million, as we are transitioning our sales of our Rubrik-branded Appliances from us to our contract manufacturers and no longer offer new perpetual licenses. We expect our other revenue as a percentage of total revenue to continue to decrease.

Cost of Revenue


	Year Ended January 31,
	2023		2024
	(in thousands)
Cost of revenue
Subscription	$	62,294	$	97,927
Maintenance		15,059		6,472
Other		104,661		40,563

Total cost of revenue	$	182,014	$	144,962

Cost of subscription revenue increased by $35.6 million, or 57%, in fiscal 2024 as compared to fiscal 2023, primarily due to the development and launch of more SaaS products, which resulted in increases of $22.7 million in hosting costs, and the growth in our customer support organization, which resulted in an increase of $8.5 million.

Cost of maintenance revenue decreased by $8.6 million, or 57%, in fiscal 2024 as compared to fiscal 2023, due to a decrease in our customer support organization costs relating to maintenance revenue, as we no longer offer new perpetual licenses and as existing maintenance customers adopt RSC subscription offerings.

Cost of other revenue decreased by $64.1 million, or 61%, in fiscal 2024 as compared to fiscal 2023, as we no longer offer new perpetual licenses and are transitioning the sale of Rubrik-branded Appliances from us to our contract manufacturers.

Gross Profit and Gross Margin


	Year Ended January 31,
	2023		2024
	(in thousands)
Gross profit
Subscription	$	322,978	$	439,942
Maintenance		61,161		32,273
Other		33,666		10,715

Total gross profit	$	417,805	$	482,930

103


	Year Ended January 31,
	2023			2024
Gross margin
Subscription		84	%		82	%
Maintenance		80			83
Other		24			21
Total gross margin		70	%		77	%

Subscription gross margin decreased to 82% in fiscal 2024 from 84% in fiscal 2023 as revenue became increasingly ratable with customer adoption of our SaaS products and due to increasing hosting costs associated with our development and launch of more SaaS products.

Maintenance gross margin increased to 83% in fiscal 2024 from 80% in fiscal 2023 due to efficiencies from our customer support organization.

Other gross margin decreased to 21% in fiscal 2024 from 24% in fiscal 2023 due to a decrease in sales of perpetual licenses and Rubrik-branded Appliances.

Operating Expenses

Research and Development


	Year Ended January 31,
	2023		2024
	(in thousands)
Research and Development	$	175,057	$	206,527

Research and development expenses increased by $31.5 million, or 18%, in fiscal 2024 as compared to fiscal 2023. Employee compensation and related expenses increased by $21.2 million due to increases in headcount as we continued to release new products and develop and enhance the functionalities of our existing products. The remainder of the increase was primarily attributable to an increase of $4.5 million in colocation and hosting fees in developing our new and existing products and an increase of $3.6 million of software and subscription services.

Sales and Marketing


	Year Ended January 31,
	2023		2024
	(in thousands)
Sales and marketing	$	417,542	$	482,532

Sales and marketing expenses increased by $65.0 million, or 16%, in fiscal 2024 as compared to fiscal 2023. Employee compensation and related expenses increased by $47.9 million due to increases in headcount. The remainder of the increase was primarily attributable to increased marketing and pipeline generation activities of $4.9 million, travel and entertainment related expenses of $2.5 million, and software and subscription services of $2.3 million.

104

General and Administrative


	Year Ended January 31,
	2023		2024
	(in thousands)
General and administrative	$	86,754	$	100,377

General and administrative expenses increased by $13.6 million, or 16%, in fiscal 2024 as compared to fiscal 2023. Employee compensation and related expenses increased by $3.7 million due to increases in headcount. The remainder of the increase was primarily attributable to increased third-party professional services.

Other Non-Operating Income (Expense)


	Year Ended January 31,
	2023			2024
	(in thousands)
Interest income		$ 5,140			$ 11,216
Interest expense		(11,709	)		(30,295	)
Other income (expense), net		(1,033	)		(1,884	)

Interest income increased by $6.1 million in fiscal 2024 as compared to fiscal 2023 due to higher cash, cash equivalents, and investment balances and higher interest rates.

Interest expense increased by $18.6 million in fiscal 2024 as compared to fiscal 2023 due to our Existing and Amended Credit Facilities (as defined in the subsection titled “—Liquidity and Capital Resources”).

Income Tax Expense


	Year Ended January 31,
	2023		2024
	(in thousands)
Income tax expense	$	8,596	$	26,689

Our income tax expense increased by $18.1 million, or 210%, in fiscal 2024 as compared to fiscal 2023, primarily due to an increase in our uncertain tax positions related to the Laminar acquisition and the integration of its operations as well as a waiver of certain deductions. Our effective tax rate may fluctuate significantly on a quarterly basis and could be adversely affected to the extent that earnings are lower than anticipated in countries that have lower statutory tax rates and higher than anticipated in countries that have higher statutory tax rates. In addition, tax authorities may challenge our transfer pricing policies, resulting in a higher effective tax rate.

105

Quarterly Results of Operations

The following tables set forth our unaudited quarterly consolidated statements of operations data for each of the quarters indicated as well as the percentage that each line item represents of our total revenue for each quarter presented. The information for each quarter has been prepared on a basis consistent with our audited consolidated financial statements included in this prospectus and reflect, in the opinion of management, all adjustments of a normal, recurring nature that are necessary for a fair presentation of the financial information contained in those statements. Our historical results are not necessarily indicative of the results that may be expected in the future. The following quarterly financial data should be read in conjunction with our consolidated financial statements included elsewhere in this prospectus.


	Three Months Ended
	April 30, 2022			July 31, 2022			October 31, 2022			January 31, 2023			April 30, 2023			July 31, 2023			October 31, 2023			January 31, 2024
Revenue
Subscription	$	77,994		$	105,480		$	103,363		$	98,435		$	108,398		$	127,456			$ 143,363		$	158,652
Maintenance		21,856			20,850			18,219			15,295			12,288			10,594			8,979			6,884
Other		32,300			40,894			43,148			21,985			15,054			13,485			13,262			9,477

Total revenue		132,150			167,224			164,730			135,715			135,740			151,535			165,604			175,013


Cost of revenue
Subscription		11,664			13,744			17,363			19,523			21,637			23,204			22,697			30,389
Maintenance		4,625			4,277			3,355			2,802			2,271			1,749			1,398			1,054
Other		24,468			31,073			33,361			15,759			11,983			10,437			9,613			8,530

Total cost of revenue		40,757			49,094			54,079			38,084			35,891			35,390			33,708			39,973

Gross profit		91,393			118,130			110,651			97,631			99,849			116,145			131,896			135,040


Operating expenses
Research and development		42,409			43,778			43,411			45,459			46,266			49,762			51,372			59,127
Sales and marketing		93,424			111,515			104,823			107,780			115,362			117,615			120,847			128,708
General and administrative		21,095			20,976			21,579			23,104			22,817			22,288			24,956			30,316

Total operating expenses		156,928			176,269			169,813			176,343			184,445			189,665			197,175			218,151

Loss from operations		(65,535	)		(58,139	)		(59,162	)		(78,712	)		(84,596	)		(73,520	)		(65,279	)		(83,111	)
Interest income		450			668			1,697			2,325			2,617			2,745			2,934			2,920
Interest expense		—			(2,017	)		(4,496	)		(5,196	)		(5,532	)		(6,173	)		(9,006	)		(9,584	)
Other income (expense), net		(140	)		(345	)		(245	)		(303	)		(554	)		(1,124	)		104			(310	)

Loss before income taxes		(65,225	)		(59,833	)		(62,206	)		(81,886	)		(88,065	)		(78,072	)		(71,247	)		(90,085	)
Income tax expense		1,425			2,235			844			4,092			1,208			3,049			15,020			7,412

Net loss	$	(66,650	)	$	(62,068	)	$	(63,050	)	$	(85,978	)	$	(89,273	)	$	(81,121	)	$	(86,267	)	$	(97,497	)

106


*Percentage of Revenue Data*
	Three Months Ended
	April 30, 2022			July 31, 2022			October 31, 2022			January 31, 2023			April 30, 2023			July 31, 2023			October 31, 2023			January 31, 2024
Revenue
Subscription		59	%		63	%		63	%		73	%		80	%		84	%		87	%		91	%
Maintenance		17			12			11			11			9			7			5			4
Other		24			25			26			16			11			9			8			5

Total revenue		100			100			100			100			100			100			100			100


Cost of revenue
Subscription		9			8			11			15			15			15			14			17
Maintenance		4			2			2			2			2			1			1			1
Other		18			19			20			11			9			7			5			5

Total cost of revenue		31			29			33			28			26			23			20			23

Gross margin		69			71			67			72			74			77			80			77


Operating expenses
Research and development		32			26			26			33			34			33			31			34
Sales and marketing		71			67			64			80			85			78			73			73
General and administrative		16			13			13			17			17			15			15			17

Total operating expenses		119			106			103			130			136			126			119			124

Loss from operations		(50	)		(35	)		(36	)		(58	)		(62	)		(49	)		(39	)		(47	)
Interest income		—			—			1			2			1			2			1			1
Interest expense		—			(1	)		(3	)		(4	)		(4	)		(4	)		(5	)		(5	)
Other income (expense), net		1			—			—			—			—			(1	)		—			—

Loss before income taxes		(49	)		(36	)		(38	)		(60	)		(65	)		(52	)		(43	)		(51	)
Income tax expense		1			1			—			3			1			2			9			5

Net loss		(50	)%		(37	)%		(38	)%		(63	)%		(66	)%		(54	)%		(52	)%		(56	)%

Quarterly Trends in Revenue

Our quarterly subscription revenue increased in each period presented when compared to the results of the same period in the prior year primarily due to increases in the number of new customers as well as retention with existing customers and sales of new products year over year. The RSC adoption by new and existing customers began in the third quarter of fiscal 2023. We recognize revenue from the sales of RSC ratably over the term of the subscription, and sales of RSC contributed to the majority of our subscription revenue by the end of fiscal 2024. Our revenue will fluctuate when qualified customers choose to exercise or forfeit their Subscription Credits upon expiry date, which are customer options that are accounted for as material rights. Both of these factors will drive fluctuations in our subscription revenue through fiscal 2027.

Our quarterly maintenance revenue has declined as we generally no longer offer new perpetual licenses. In addition, we are converting existing maintenance customers into subscription customers as their maintenance contracts come upon renewal. We expect the conversion of maintenance contracts to subscription offerings to be largely completed by the end of fiscal 2026.

Our quarterly other revenue has fluctuated quarter to quarter as we generally no longer offer CDM as a perpetual license. In addition, in the fourth quarter of fiscal 2023, we began the transition of the sale

107

of Rubrik-branded Appliances from us to our contract manufacturers. We expect our other revenue to continue to decrease as a percentage of total revenue.

The trends described above are a result of our business transition and will cause fluctuations to our total revenue growth through fiscal 2027 and limit the comparability of our revenue with past performance. As such, we measure the success of our business on the basis of Subscription ARR. Subscription ARR illustrates our success in acquiring new subscription customers and maintaining and expanding our relationships with existing subscription customers.

Quarterly Trends in Operating Expenses

Our quarterly operating expenses have generally increased in each period presented when compared to the results of the same quarter in the prior year primarily related to increases in personnel-related costs to support our expanded operations and our continued investment to release new products and develop and enhance the functionalities of existing products.

Key Business Metrics

In addition to the measures presented in our quarterly consolidated financial data, we use the following key business metrics and non-GAAP financial measures to help us evaluate our business and operating performance, identify trends affecting our business, formulate plans, and make strategic decisions:


	As of
	April 30, 2022			July 31, 2022			October 31, 2022			January 31, 2023			April 30, 2023			July 31, 2023			October 31, 2023			January 31, 2024
	(in thousands, except percentages and customers)
Subscription ARR	$	315,500		$	381,510		$	459,888		$	532,929		$	587,454		$	655,022		$	724,811		$	784,029
Cloud ARR	$	94,637		$	125,357		$	172,059		$	239,198		$	296,917		$	376,800		$	454,866		$	524,767
Customers with Subscription ARR≥ $100K		732			870			1,031			1,204			1,314			1,463			1,581			1,742
Average Subscription Dollar-Based Net Retention Rate		144	%		146	%		149	%		150	%		149	%		146	%		140	%		133	%

Liquidity and Capital Resources

To date, we have financed our operations principally through private placements of our redeemable convertible preferred stock, our term loan credit facility, and payments received from customers.

In June 2022, we entered into a $195.0 million credit facility, or the Existing Credit Facility, consisting of initial term loans in an aggregate principal amount of $175.0 million and delayed draw term loan commitments in an aggregate principal amount of $20.0 million. The Existing Credit Facility was scheduled to mature in June 2027. We borrowed the full amount of the initial term loans in June 2022, the proceeds of which were used for general corporate purposes, and subsequently drew approximately $14.5 million of delayed draw term loans to pay accrued quarterly interest payments under the Existing Credit Facility.

In August 2023, we amended and restated the Existing Credit Facility, or the Amended Credit Facility, to increase the total borrowing capacity thereunder to $330.0 million, consisting of initial term

108

loans in an aggregate principal amount of approximately $289.5 million and delayed draw term loan commitments in an aggregate principal amount of approximately $40.5 million. The Amended Credit Facility will mature in August 2028. We borrowed the full amount of the initial term loans and approximately $4.1 million of delayed draw term loans under the Amended Credit Facility on the closing date of the Amended Credit Facility in order to (i) refinance and replace in full the outstanding term loans under the Existing Credit Facility, (ii) finance the consideration for the acquisition of Laminar, and (iii) pay the accrued quarterly interest under the Existing Credit Facility then due. Borrowings under the Amended Credit Facility will bear interest, at our option, at a rate per annum equal to (i) (x) a base rate equal to the highest of (A) the prime rate as published by The Wall Street Journal, (B) the federal funds rate plus 0.5%, and (C) an adjusted SOFR rate for a one-month interest period plus 1.0% plus (y) a margin of 6.0%, or (ii) an adjusted SOFR rate for a selected interest period plus a margin of 7.0%. We have the option to elect to fund up to 100.0% of the interest payments under the Amended Credit Facility with the incurrence of additional delayed draw term loans, subject to a temporary increase of 0.5% in the annual interest rate due on outstanding term loans for a period of 90 to 180 days from the latest date of incurrence of such additional delayed draw term loans. The annual interest rate on outstanding term loans under the Amended Credit Facility can also decrease by 0.5% if we achieve certain financial targets. In connection with each of the Existing Credit Facility and the Amended Credit Facility, we were also required to pay customary fees for a credit facility of this size and type, including an upfront fee. We have the option to prepay the loans under the Amended Credit Facility at any time subject to a prepayment premium of (i) 1.5% in the first year following the closing of the Amended Credit Facility, (ii) 0.5% in the second year following the closing of the Amended Credit Facility, and (iii) 0.0% thereafter.

In August 2023, we acquired all of the outstanding stock of Laminar, a data security posture management, or DSPM platform. We accounted for this transaction as a business combination. The acquisition date fair value of the purchase consideration was $104.9 million, of which $90.8 million was paid in cash and the remainder in common stock. The cash consideration of $90.8 million excludes $23.8 million we held back, which is subject to service-based vesting and will be recorded as expense over the period the services are provided. The acquisition of Laminar is intended to support our leadership position as a data security platform provider and help accelerate our cyber posture offerings.

Our billings grow with new business growth. The majority of our billings are driven by invoicing our customers for multi-year commitments. However, this may evolve as customers have opted to, and may continue to opt to, pay us on an annual basis based on products purchased due to the growth in our SaaS product offerings and the uncertain macroeconomic environment. In addition, our billings are subject to seasonality, with billings in the fourth quarter being substantially higher than in the other three quarters. As of January 31, 2024, we had cash, cash equivalents, and short-term investments of $279.3 million. Our cash equivalents and investments primarily consist of money market funds, U.S. treasuries, commercial paper, corporate bonds, and U.S. government agencies securities. We have generated significant operating losses from our operations as reflected in our accumulated deficit of $(1,682.5) million as of January 31, 2024. We expect to continue to incur operating losses, and our operating cash flows may fluctuate between positive and negative amounts for the foreseeable future due to the investments we intend to make as described above. As a result, we may require additional capital resources to execute strategic initiatives to grow our business.

We believe that our existing cash and cash equivalents will be sufficient to fund our operating and capital needs for at least the next 12 months.

Our longer-term future capital requirements will depend on many factors, including our subscription growth rate, subscription renewal activity, including the timing and the amount of cash received from customers, the expansion of sales and marketing activities, the timing and extent of spending to support development efforts, the introduction of new and enhanced products, and the

109

continuing market adoption of our platform. We may in the future enter into arrangements to acquire or invest in complementary businesses, services, and technologies, including intellectual property rights. We continue to assess our capital structure and evaluate the merits of deploying available cash. We may be required to seek additional equity or debt financing. In the event that additional financing is required from outside sources, we may not be able to raise it on terms acceptable to us or at all. If we are unable to raise additional capital when desired, or if we cannot expand our operations or otherwise capitalize on our business opportunities because we lack sufficient capital, our business, financial condition, and operating results would be adversely affected.

The following table summarizes our cash flows for the periods presented:


	Year Ended January 31,
	2023		2024
	(in thousands)
Net cash provided by (used in) operating activities	$	19,287	$	(4,518)
Net cash used in investing activities	$	(125,188)	$	(93,623)
Net cash provided by financing activities	$	171,823	$	95,949

Operating Activities

Our largest source of operating cash is payments received from our customers. We typically invoice our customers in advance for multi-year contracts. Therefore, a substantial source of our cash is from such prepayments, which are included on our consolidated balance sheets in deferred revenue. We generally experience seasonality based on when we enter into agreements with our customers. Given the seasonality in our business, the operating cash flow benefit from increased collections from our customers generally occurs in the subsequent quarter after billing. We expect seasonality, timing of billings, and collections from our customers to have a material impact on our cash flow from operating activities from period to period. Our primary uses of cash from operating activities are for employee compensation and related expenses, sales commissions, fees for third-party professional services, colocation and hosting costs, and marketing programs.

Net cash used in operating activities during fiscal 2024 of $4.5 million resulted primarily from a net loss of $(354.2) million, partially offset by $76.5 million of amortization of deferred commissions, $24.3 million for depreciation and amortization, $10.1 million for non-cash interest related to debt, $5.7 million of stock-based compensation, and $234.1 million of net cash inflow from changes in operating assets and liabilities. The net cash inflow from changes in operating assets and liabilities was primarily the result of a $299.8 million increase in deferred revenue, resulting primarily from increased billings, a $22.9 million increase in accrued expenses and other liabilities, and a $17.2 million decrease in accounts receivables. The cash inflow was partially offset by a $107.1 million increase in deferred commissions.

Net cash provided by operating activities during fiscal 2023 of $19.3 million resulted primarily from a net loss of $(277.7) million, partially offset by $81.3 million of amortization of deferred commissions, $22.4 million for depreciation and amortization, $8.5 million for non-cash interest related to debt, $7.0 million of stock-based compensation, and $174.5 million of net cash inflow from changes in operating assets and liabilities. The net cash inflow from changes in operating assets and liabilities was primarily the result of a $338.8 million increase in deferred revenue, resulting primarily from increased billings and a $8.8 million decrease in accounts receivables. The cash inflow was partially offset by a $135.0 million increase in deferred commissions and $32.7 million increase in prepaid expenses and other assets.

Investing Activities

Net cash used in investing activities during fiscal 2024 of $93.6 million resulted from $246.0 million in purchases of investments, $90.3 million paid for acquiring Laminar, $12.3 million in

110

purchases of property and equipment, and $7.7 million in capitalized internal-use software, offset by $262.7 million in proceeds from maturities and sales of investments.

Net cash used in investing activities during fiscal 2023 of $125.2 million resulted from $219.0 million in purchases of investments, $25.0 million in purchases of property and equipment, and $9.3 million in capitalized internal-use software, offset by $128.1 million in proceeds from maturities and sales of investments.

Financing Activities

Net cash provided by financing activities of $95.9 million during fiscal 2024 was primarily due to $96.5 million in proceeds from the issuance of debt, net of discount and $3.4 million from the exercise of stock options, partially offset by $3.7 million for payment of deferred offering costs.

Net cash provided by financing activities of $171.8 million during fiscal 2023 was primarily due to $171.5 million in proceeds from the issuance of debt, net of discount and $3.8 million from the exercise of stock options, partially offset by $2.7 million for payment of deferred offering costs.

Contractual Obligations and Commitments

As of January 31, 2024, our commitments consisted of (i) obligations under operating leases for offices and data centers on an undiscounted basis, of which $11.7 million will be due within 12 months and $24.1 million will be due thereafter, (ii) purchase obligations relating primarily to hosting and software and subscription services, of which $19.7 million will be due within 12 months and $188.7 million will be due thereafter, and (iii) debt, including the quarterly interest payments. As of January 31, 2024, the aggregate principal amount of our $293.6 million debt obligation is due in fiscal 2029.

The contractual commitment amounts above are associated with agreements that are enforceable and legally binding. Obligations under contracts that we can cancel without a significant penalty are not included above. Purchase orders issued in the ordinary course of business are not included above, as our purchase orders represent authorizations to purchase rather than binding agreements.

Quantitative and Qualitative Disclosures About Market Risk

We have operations in the United States and internationally, and we are exposed to market risk in the ordinary course of our business.

Interest Rate Risk

As of January 31, 2024, we had cash, cash equivalents, and short-term investments of $279.3 million and restricted cash of $7.0 million. Our cash, cash equivalents, and short-term investments are held for working capital purposes. We do not enter into investments for trading or speculative purposes. Our investments are exposed to market risk due to fluctuations in interest rates, which may affect our interest income. A hypothetical 10% increase or decrease in interest rates would not have a material effect on the fair market value of our portfolio.

Currency Risk

Our reporting currency is the U.S. dollar and the functional currency for all of our foreign subsidiaries are the respective local currencies. All of our sales contracts are denominated in U.S. dollars. A portion of our operating expenses are incurred outside of the United States, denominated in foreign currencies, and subject to fluctuations due to changes in foreign currency exchange rates. Our consolidated results of operations and cash flows are, therefore, subject to fluctuations due to changes

111

in foreign currency exchange rates and may be adversely affected in the future due to changes in foreign exchange rates. To date, we have not entered into any hedging arrangements with respect to foreign currency risk or other derivative financial instruments, although we may choose to do so in the future. We do not believe a 10% increase or decrease in the relative value of the U.S. dollar would have a material impact on our results of operations.

Critical Accounting Policies and Estimates

Our financial statements are prepared in accordance with GAAP. The preparation of these financial statements requires us to make estimates and assumptions that affect the reported amounts of assets, liabilities, revenue, and expenses as well as related disclosures. We evaluate our estimates and assumptions on an ongoing basis. Our estimates are based on historical experience and various other assumptions that we believe to be reasonable under the circumstances. Our actual results could differ from these estimates.

The critical accounting estimates, assumptions, and judgments that we believe have the most significant impact on our consolidated financial statements are described below.

Revenue Recognition

We identify performance obligations in a customer contract by assessing whether products and services are capable of being distinct and distinct in the context of the contract. The determination of the performance obligations for RSC when offered as a hybrid cloud subscription requires significant judgment due to the ongoing interaction between the software hosted from the cloud (as a service) and the on-premise software licenses. We have concluded that the software hosted from the cloud (as a service) and software licenses are not distinct from each other in the context of the contract such that revenue from the combined offering should be recognized ratably over the subscription period for which the software hosted from the cloud (as a service) are provided. In reaching this conclusion, we considered the nature of our promise to customers with a hybrid cloud subscription, which is to provide a single, unified data security solution that operates seamlessly across multiple data sources and teams, and to give customers the ability to manage all their data sources consistently and/or in a manner they dictate. We only fulfill this multi-faceted promise by providing access to an integrated solution comprised of both cloud-based and on-premise software. The cloud-based software and on-premise software work together to provide features and functionalities necessary to fulfill that promise, which neither the software hosted from the cloud (as a service) nor the software licenses could provide on their own or together with third-party resources.

Our contracts with customers may include customer options that are material rights. The determination of the likelihood of customers exercising their options requires significant judgment. Our management team estimates the likelihood of customers exercising their options by taking into account available information such as the number and timing of options exercised or forfeited, and considers other factors, such as customer churn, that may impact the options that have yet to be exercised or forfeited. Depending on the type of customer option exercised, the amount of consideration allocated to the material rights will be recognized into revenue at a point in time or over time beginning at the date the customer accepts the option. Deferred revenue associated with customer options that are subsequently forfeited will be released into revenue at the time the options are forfeited.

Common Stock Valuations

The fair value of the common stock underlying our stock-based awards has historically been determined by our board of directors, with input from management and reference to contemporaneous unrelated independent third-party valuations. We believe that our board of directors has the relevant experience and expertise to determine the fair value of our common stock. Given the absence of a

112

public trading market of our common stock, and in accordance with the American Institute of Certified Public Accountants Practice Aid, Valuation of Privately-Held-Company Equity Securities Issued as Compensation, our board of directors exercised reasonable judgment and considered numerous objective and subjective factors to determine the best estimate of the fair value of our common stock. These factors include:

•

the results of contemporaneous unrelated third-party valuations of our common stock at periodic intervals;

•

the prices, rights, preferences, and privileges of our redeemable convertible preferred stock relative to those of its common stock;

•

the lack of marketability of our common stock;

•

our actual operating and financial results;

•

our current business conditions and projections;

•

market multiples of comparable companies in our industry;

•

the likelihood of achieving a liquidity event, such as an initial public offering or sale of our company, given prevailing market conditions;

•

recent secondary stock sales transactions; and

•

macroeconomic conditions.

The determination of the fair value of our common stock involves the use of estimates, judgments, and assumptions that are highly complex and subjective, such as those regarding our expected future revenue, expenses, future cash flows, discount rates, market multiples, the selection of comparable public companies, and the probability of and timing associated with possible future events. Changes in any or all of these estimates and assumptions or the relationships between those assumptions impact our valuations and may have a material impact on the valuation of our common stock.

Following this offering, the fair value of our common stock will be based on the closing price as reported on the date of grant on the stock exchange on which we are listed.

JOBS Act Accounting Election

We are an emerging growth company, as defined in the JOBS Act. The JOBS Act provides that an emerging growth company can take advantage of an extended transition period for complying with new or revised accounting standards. This provision allows an emerging growth company to delay the adoption of some accounting standards until those standards would otherwise apply to private companies. We have elected to use the extended transition period under the JOBS Act for the adoption of certain accounting standards until the earlier of the date we (i) are no longer an emerging growth company or (ii) affirmatively and irrevocably opt out of the extended transition period provided in the JOBS Act. As a result, our financial statements may not be comparable to companies that comply with new or revised accounting pronouncements as of public company effective dates.

113

BUSINESS

Overview

We are on a mission to secure the world’s data.

Architecture matters when it comes to securing data. We built a unique software-as-a-service, or SaaS, architecture that combines data and metadata from business applications across enterprise, cloud, and SaaS applications to create self-describing data as a time-series. Self-describing data contains information such as application context, user identity, data sensitivity, and application lineage. This allows us to apply artificial intelligence and machine learning directly to business data to understand emergent data threats and deliver cyber recovery. We combined backup and recovery and cybersecurity into a single platform built with a Zero Trust architecture, significantly shrinking the attack surface that exists with legacy solutions. Our Zero Trust Data Security platform assumes that information technology infrastructure will be breached, and nothing can be trusted without authentication. Our data threat engine powered by artificial intelligence and machine learning analyzes the self-describing data time-series to derive security intelligence from data and provide remediation recommendations. Automation is at the core of our architecture ethos. Our automated policy-driven platform delivers data security enforcement, incident response orchestration, and API integrations with the broader security ecosystem.

We use the following guiding principles to design our RSC platform and products:

•

Data resilience. Data is always available, notwithstanding cyberattacks, malicious insiders, and operational disruptions.

•

Data observability. Data is continuously monitored to strengthen data security posture and minimize attack surface. Emergent security risks are identified, contained, and resolved.

•

Data remediation. Points of infection are identified, threats are remediated, and impacted data assets are rapidly recovered without malware reinfection.

114

and expand sales strategy. We land new customers by selling subscriptions to RSC to secure any one of four distinct types of data: enterprise, unstructured data, cloud, and SaaS applications. Expansion happens along three vectors: the growth of data from applications already secured by Rubrik; new applications secured; and additional data security products. This expansion is driven by a natural flywheel effect in which the value of our platform increases as our customers’ data grows across various applications. As organizations manage more data with RSC, they gain deeper insights into their data, strengthen their overall security posture, and reduce compliance risk. Our average subscription dollar-based net retention rate was 133% as of January 31, 2024.

Organizations around the world rely on Rubrik, which was recognized as a Leader in cyber-recovery in the IDC MarketScape: Worldwide Cyber-Recovery 2023 Vendor Assessment, to achieve business resilience in the face of cyberattacks, malicious insiders, and operational disruptions. As a result, we have experienced rapid growth, with our Subscription ARR has grown from $532.9 million as of January 31, 2023 to $784.0 million as of January 31, 2024, representing a 47% increase and with our total revenue increasing from $599.8 million in fiscal 2023 to $627.9 million in fiscal 2024. We measure our business on the basis of Subscription ARR. Subscription ARR illustrates our success in acquiring new subscription customers and maintaining and expanding our relationships with existing subscription customers. As of January 31, 2024, we had 1,742 customers generating more than $100,000 in Subscription ARR and 99 customers generating more than $1,000,000 in Subscription ARR. We have continued to invest in growing our business and advancing our solutions to capitalize on our market opportunity. As a result, in fiscal 2023 and fiscal 2024, we incurred net losses of $(277.7) million and $(354.2) million, respectively. In fiscal 2023 and fiscal 2024, operating cash flow was $19.3 million and $(4.5) million, respectively, and free cash flow was $(15.0) million and $(24.5) million, respectively.

Industry Background

We believe that data is every organization’s most important asset. Accelerated digitization is creating an enormous volume of data and fragmenting it across enterprise, cloud, and SaaS applications, exposing a sprawling attack surface easily exploited by malicious actors and subject to privacy risk. According to IDC, more than 129 zettabytes of data will be generated in 2023, and this is forecasted to increase to 291 zettabytes by 2027, representing a 22.5% compound annual growth rate, or CAGR, from 2023 to 2027. Generative AI breakthroughs have lowered the barriers to enterprise AI adoption, and will add another layer of data growth. The explosion of data has been accompanied by increased data protection and privacy legislation. According to the United Nations Conference on Trade and Development, by 2021, 137 out of 194 countries put into place data protection and privacy legislation. Meanwhile, attacks on data have also grown. According to Cybersecurity Ventures, the frequency of ransomware attacks will continue to rise over the next eight years and reach every two seconds by 2031 (up from every 14 seconds in 2019). The relentless pace and success of cyberattacks indicates that most organizations lack a comprehensive cybersecurity approach to securing their data assets.

To stay ahead of malicious actors, organizations have adopted various Zero Trust security models and solutions. However, these approaches are largely limited to securing infrastructure (network, applications, endpoints, etc.) while data remains vulnerable. This is akin to securing a home with doors, locks, cameras, floodlights, and motion sensors, while your valuables remain in plain sight and unprotected by a safe. Organizations need to rethink their cybersecurity strategy to achieve business resilience that withstands cyberattacks. Since cyberattacks target data, organizations must strengthen their data security posture and be ready to reconstitute their business with data to achieve cyber resilience. Therefore, a complete cybersecurity strategy requires not only infrastructure security, but also data security. Since infrastructure is frequently compromised, organizations require solutions that implement Zero Trust for data, proactively identify and remediate data risks, and uphold data integrity for reliable recovery when infrastructure is compromised or attacked.

115

We believe the following industry trends are driving a need for a new approach to data security:

Due to accelerated digitization, cloud adoption, and rapid data growth, organizations manage extensive, valuable data estates that are vulnerable to malicious actors.

•

Accelerated digitization. Organizations are racing to deliver digital customer experiences, digitize operations, and implement new workforce models to drive higher productivity. Customers expect near-instantaneous service delivery, and employees expect tools that allow them to work on any device from anywhere. The proliferation of new technologies has resulted in an increasingly complex web of relationships among people, services, systems, and data, all of which have expanded the cyberattack surface area.

•

Cloud and SaaS adoption. As more organizations embrace numerous cloud and SaaS applications to reduce time to market and compete in the marketplace, the IT environment continues to become more fragmented. According to a study conducted by Netskope, among the enterprises surveyed, enterprises average more than 1,000 cloud services, indicating that more data than ever is being created, transferred, and used across an ever-expanding web of enterprise, cloud, and SaaS applications. As a result, organizations lose visibility and control over where their data resides, how it is used, and who is using it.

•

Data value is increasing. Since data fuels organizational innovation, growth, and differentiation in the digital economy, it continues to become an even more valuable asset. Organizations make business shifts based on customer behavioral data, drive innovation from intellectual property data, and increase operational efficiencies using financial data. The value of data further increases through a regulatory lens as organizations secure, manage, and govern their data to be compliant with industry and data privacy regulations (e.g., HIPAA, PCI, GDPR, CCPA). As data value increases, organizations face a growing threat of cyberattacks intent on exfiltrating data assets.

Recent AI progress forces organizations to contend with new data security, privacy, and compliance risks.

•

GenAI adoption requires data security. Generative AI breakthroughs, while decades in the making, have dramatically lowered the barriers to AI adoption in a short period of time. It has ushered in a technological paradigm shift that promises huge productivity gains for organizations. For enterprises to unlock competitive advantages, they need to build AI models based on data from their business applications. They also need to be careful to not expose sensitive and proprietary data to these models. CIOs, CISOs, and senior technology leaders need to set guardrails to mitigate such data security, privacy, and compliance risks.

•

GenAI could lead to more sophisticated cyberattacks. Generative AI accelerates the pace at which the security threat landscape evolves. It fuels new visual, auditory, and textual methods of attacks, increasing the volume and sophistication of cyber incidents. Simultaneously, AI-based technologies will help organizations identify new vulnerabilities and navigate new data security risks.

The digital economy demands organizations to have 24x7 application availability and resilience against cyberattacks, faults, and failures.

•

24x7 application availability is a business requirement. Organizations must ensure that their applications are available 24x7 to meet the demands of both customers and employees. Application availability requires organizations to withstand cyberattacks, malicious insiders, and operational disruptions. When business application continuity is disrupted, customer experiences and operational efficiency suffer. Since data is the lifeblood of applications, data availability is necessary for the continued functioning of business operations during adverse conditions.

116

•

Cyberattacks are increasing in scale and sophistication. As organizations amass valuable data, malicious actors have increased their efforts to exploit it. Whether targeting end-customer data or holding organizations hostage through breaches, cyber criminals and hostile state actors are putting organizations at growing risk. This is accomplished through a variety of new methods and attack vectors, all employed to access the sensitive troves of data that organizations rely upon. Cybersecurity Ventures predicts there will be a ransomware attack on businesses, consumers, or devices every two seconds by 2031. As long as there is a financial incentive for cyberattacks, no industry is safe. Organizations must evolve their cybersecurity strategy to solve for business resilience instead.

•

Emergence of new infrastructure security paradigms. The increase in surface area for a potential cyberattack and the explosion of intrusions have driven increased cybersecurity budgets and new approaches to security. According to Gartner^®, the world is on track to spend over $200 billion a year for all segments in security and risk management end-user spending in 2024. Attacks are becoming even more sophisticated, exposing security weaknesses in areas such as identity management and the software supply chain. This has forced business leaders, CIOs, and CISOs to actively manage cyber risk, as opposed to retroactively managing data breaches. In response, organizations have evolved from using a full-trust, perimeter-guarding security approach to a more stringent Zero Trust infrastructure security model that denies access by default. Despite this, cyberattacks continue to occur, and infrastructure security solutions cannot help reconstitute the business in the event of a cyberattack.

Organizations must comply with a growing and ever-evolving data compliance and regulatory landscape.

•

Data compliance has become increasingly difficult. Compliance mandates for protecting sensitive data and user access are continually evolving and proliferating. Regulations such as the EU GDPR and CCPA have increased the regulatory burden on organizations and made it increasingly costly to manage data compliance. EU GDPR came into effect in May 2018 and put consumer data privacy at center stage for the world. Shortly after, California pioneered data privacy legislation in the United States with CCPA, a more stringent and protective act that increased costs and complexity for businesses collecting personal information in California. As cyberattacks increase and enterprise AI adoption continues, organizations must navigate stricter regulations.

Limitations of Current Technologies

Current products and technologies struggle to meet the data security needs of today’s organizations. Traditional cybersecurity approaches focus on preventing and detecting security incidents impacting the information technology infrastructure while backup and recovery remain outside the scope of security operations. Traditional backup and recovery products are focused on operational data backup and are not focused on security. They are built on a legacy, multi-tiered architecture that can be easily compromised, resulting in unreliable data recovery. These shortcomings weaken an organization’s security posture by not providing comprehensive business resiliency in the face of cyberattacks, and malicious insiders.

Current products and technologies are limited by some or all of the following:

•

Built for security or for backup and recovery, but not both. Existing security products primarily focus on prevention, detection, and investigation of security threats to infrastructure—

117

perimeter, network, applications, endpoints, and identity. These products lack visibility into business data. Existing backup and recovery solutions focus on creating copies of data for recovery from human errors and operational disruptions, but the data remains vulnerable to security breaches and malicious insiders. These legacy providers have not traditionally invested in data security, such as identifying, analyzing, and remediating security incidents within the data. The gap between security and backup and recovery leaves organizations vulnerable to cyberattacks and malicious insiders.

•

Inability to surface data security incidents for security operations. Data security incidents are typically not integrated into security operations, which traditionally have focused on infrastructure security. Existing security products primarily focus on security incidents in infrastructure breaches and lack context of the targeted asset, which is data. This gap in coverage represents a critical lapse in an organization’s security posture.

•

Inability to recover data after a cyberattack. Existing backup and recovery technologies are not built to recover data after a cyberattack, such as ransomware. They often rely on backup data that has been compromised during a ransomware attack. These legacy technologies are built on a full trust architecture that can be bypassed without detection. The usage of insecure protocols with weak authentication mechanisms exposes data to corruption, theft, and deletion by cyberattacks and bad actors.

•

Not built to manage and provide a unified view of hybrid multi-cloud environments. Most backup and recovery products were designed before the widespread adoption of cloud and SaaS. Today’s organizations deploy several cloud and hybrid solutions for mission-critical services, such as customer relationship management, enterprise resource planning, and billing. The fragmentation across enterprise, cloud, and SaaS applications results in increasingly complex IT environments to manage and secure. We believe adoption of generative AI applications will amplify the complexity of managing multiple point solutions across multiple data sources since AI is data intensive and will consume business data across enterprise, cloud, and SaaS applications.

•

Inability to provide deep visibility and understanding of disparate data sources over time. Existing solutions were not designed to identify and continuously monitor for sensitive content and exposure, anomalies, and scope of attack across time. An inability to understand where sensitive data sits, the timeline of an attack, and attack blast radius introduces the risk of double extortion attacks, malware reinfection, and lengthy recovery times. Furthermore, the inability to understand data sensitivity hinders enterprise adoption of generative AI applications.

•

Inability to orchestrate recovery of diverse data sources without malware reinfection. Existing backup and recovery technologies are not built to easily restore business operations at scale, let alone after cyberattacks, and are not designed to avoid malware reinfection during recovery. To quickly restore business operations, organizations must have the ability to automate complex application and data recovery workflows and the ability to quarantine infected data. Existing technologies lack threat hunting and containment capabilities in regard to business data and may expose organizations to malware reinfection when orchestrating recovery.

•

Existing solutions’ full trust security model increases software supply chain risk. Existing backup and recovery technologies employ a multi-tier architecture with a full trust security model, relying on insecure network protocols that introduce a security risk to data under management. With a multi-tier architecture, organizations must rely on numerous disparate products to secure and manage their data, creating a web of complexities and structural weak points at the intersection of siloed software. These interdependencies introduce unnecessary software supply chain risk into an organization’s security posture.

•

Difficult to use at scale and across data sources. Existing technologies become more complex to use when managing large and diverse data sets due to lack of automation,

118

sophisticated policy engines, and ability to support heterogeneous environments. Configuring and administering data policies to meet service-level agreements, or SLAs, and security requirements become operationally complex as data volume grows. Managing data across enterprise, cloud, and SaaS applications often requires a patchwork of siloed tools. A highly fragmented approach introduces a higher risk of costly configuration errors, makes it more difficult to ensure consistent data policies are applied, and impedes recovery times from cyberattacks, malicious insiders, and operational disruptions.

Our Data Security Platform and Products

Rubrik has a unique and purpose-built Zero Trust Data Security approach to help organizations achieve business resilience against cyberattacks, malicious insiders, and operational disruptions. Despite investment in security tools focused on infrastructure security, encompassing networks, applications, endpoints, and identity, cyberattacks continue unabated. We believe a comprehensive cybersecurity strategy requires data security in addition to traditional infrastructure security approaches. We enable organizations to implement a Zero Trust framework at the data layer, deliver data availability that withstands the aforementioned adverse conditions, and uphold data integrity even when infrastructure is compromised or attacked.

RSC, built with a Zero Trust design, automates data policy management and enforcement, delivers threat analytics and response, and orchestrates rapid recovery. RSC is a cloud native SaaS platform that secures data across disparate sources, allowing customers to have a single point of control from one user interface. RSC is built on a proprietary framework that represents time-series data and metadata generated across enterprise, cloud, and SaaS applications. We build products on top of RSC to address a myriad of use cases that help our customers achieve cyber resilience, from hardening their data security posture to cyber recovery. These use cases include protection and recovery from cyberattacks, malicious insiders, and operational disruptions; orchestration of cyber and operational recovery, failover/failback testing, and cloud migration; sensitive data classification and visibility into over-privileged data access; monitoring for governance, regulatory compliance, and data breaches; and identification, containment, and remediation of ransomware and other security threats.

Our access to time-series data and metadata allows us to deliver a breadth of products that span the following areas:

Data Protection. Cyber-proofs various sources of data in an organization with secure, access-controlled backups. Our data protection products are built for ease of deployment and use, scalability, and rapid recovery from cyberattacks, malicious insiders, and operational disruptions. We offer data protection products to manage enterprise, unstructured data, cloud, and SaaS applications.

Data Threat Analytics. Detects data threats and identifies the blast radius of a cyberattack to speed up data recovery. Combines Anomaly Detection, Threat Monitoring, and Threat Hunting. Anomaly Detection uses advanced machine learning to detect deletions, modifications, and encryptions. Threat Monitoring continuously monitors for indicators of compromise commonly used by bad actors to establish persistent access, move laterally, or exfiltrate data. Threat Hunting allows incident responders and Security Operations Center (SOC) analysts to hunt for indicators of compromise and determine the initial point, scope, and time of infection.

Data Security Posture. Strengthens cyber posture by locating sensitive data proliferation and identifying data risks. Includes Sensitive Data Monitoring and User Intelligence, which altogether discovers where data lives, sensitivity of data, and user access and activity.

Cyber Recovery. Improves cyber readiness and incident response with orchestrated Cyber Recovery Simulation and Threat Containment. The former is used to create, test, and validate recovery

119

plans, while also staying compliant with policy and audit requirements. The latter is used to quarantine data infected with malware so that recovery is enabled without reinfection. Cyber Recovery can also be used to recover compromised data within a safe environment for forensic analysis.

Our products are delivered and consumed via our RSC platform. RSC secures data across enterprise, cloud, and SaaS applications, including:

•

Enterprise: VMware, Microsoft Hyper-V, Microsoft SQL Server, Oracle, Microsoft Windows, Nutanix, Kubernetes, Cassandra, MongoDB, Linux, UNIX, AIX, NAS, Epic, and SAP HANA.

•

Cloud/SaaS: GCP, Azure, AWS, M365 (Microsoft Teams, SharePoint, Exchange Online, and OneDrive), and Atlassian Jira Cloud.

Architecture Matters

We believe the following attributes of our platform architecture allow us to offer a differentiated approach to data security:

•

Time-Series Data and Metadata. We design our platform to manage time-series data and metadata as core assets. Our platform combines data and metadata together into self-describing data and records its history over time. To provide a single point of control for data across enterprise, cloud, and SaaS applications, we have constructed a proprietary framework to uniformly represent self-describing data across time. Doing so gives us full context of data and unlocks security use cases, allowing us to build products for cyber recovery and security intelligence.

•

Zero Trust Design. We employ Zero Trust principles to prevent threats at the data layer. Our use of native immutability, secure protocols, logical air gap, encryption, role-based access controls, multi-factor authentication, and native services uphold data integrity and availability.

•

Data Threat Engine. We have developed a proprietary machine learning and artificial intelligence based data threat monitoring and management engine to surface anomalous activities and indicators of data breaches. Our self-describing data, which combines data and metadata, gives us the ability to surface emergent data threats, understand data sensitivity, and identify malicious user activities.

•

Automation. Core to our product design ethos is automation. To consistently secure and manage data at scale, our platform delivers automated end-to-end policy management and enforcement, orchestration of security incident response, and API integrations.

Our Competitive Advantages

Key differentiating elements of our platform and approach include:

•

Zero Trust architectural design for data security. We apply Zero Trust principles to the design of our architecture to prevent threats at the data layer. We have designed our architecture to eliminate trust throughout. Our usage of native immutability, secure protocols, logical air gap, encryption, role-based access controls, multi-factor authentication, and native services allows us to preserve data integrity and reduce software supply chain risk. As a result, we can deliver data availability that withstands adverse conditions and allows businesses to restore their data when infrastructure is attacked.

•

Ability to surface data security incidents for security operations. We have designed our platform to be extensible with our customers’ existing infrastructure security technologies. Our API-first architecture surfaces data context, data relationships, and data security incidents to

120

help security operations investigate, respond, and recover faster from cyber threats. Our differentiated approach allows us to integrate end-to-end with an array of cybersecurity products, extending protection from the perimeter to the data layer.

•

Built to enable operational continuity following cyberattacks and other security incidents. Our platform combines data security and automation to deliver fast data recovery even when applications are compromised by cyberattacks, malicious insiders, and operational disruptions. Our underlying architecture is built on Zero Trust design, assumes that infrastructure will inevitably be compromised, and data must always be available with the right authentication to achieve business resilience.

•

Built to secure data across a hybrid multi-cloud environment. Our platform is built to secure data across enterprise, cloud, and SaaS applications through one user interface. To deliver cyber recovery, we have built deep application integrations across a multitude of enterprise, cloud, and SaaS applications. Our proprietary framework that uniformly represents time-series data and metadata from a variety of applications allows us to address security use cases and seamlessly introduce new products for the user.

•

Built to detect and analyze anomalies, sensitive data, user risk, and security threats. Our platform uses machine learning to analyze data and continuously monitor for ransomware, identify the timeline of an attack, and assess the attack blast radius. Our platform also surfaces sensitive data proliferation, who has access to sensitive data, and over-privileged data access to help organizations enforce data governance, facilitate compliance with data privacy and residency regulations, and reduce data exfiltration risk. Our platform’s understanding of sensitive data and ability to surface user intelligence can help organizations mitigate risks from compliance, data privacy, and cybersecurity as they deploy AI and large language models.

•

Ability to automatically orchestrate complex recoveries without malware reinfection. Our platform is built to automate complex application and data recovery workflows for organizations to achieve business resilience in the event of cyber disasters, operational disruptions, and cloud migration operations. Our platform allows organizations to configure blueprints to define the recovery process of applications and data while minimizing downtime and data loss. Our ability to quarantine infected data allows us to orchestrate recoveries without malware reinfection.

•

Radical simplicity at scale. From the beginning, we have built our platform to be easy to use from deployment to ongoing operations, even when managing complex environments at large scale.

•

Fully extensible, API-first platform with a broad ecosystem of compatibility. Our platform is built on APIs that enable complete extensibility to integrate with an organization’s ecosystem of technologies and systems. Our API-first architecture and pre-built integrations allow customers to integrate data security and data policy management into self-service automation, infrastructure as code, centralized monitoring, log management, and security operations.

Key Benefits to Our Customers

Leading businesses, governments, and public entities around the world and across all industries and segments choose Rubrik to:

•

Achieve cyber and operational resilience. Our platform allows organizations to continue business operations even when data and applications are compromised by cyberattacks, malicious insiders, and operational disruptions. From the beginning, we have built our platform with the assumption that security breaches are inevitable and that data availability and integrity must be maintained to minimize business downtime and data loss.

•

Strengthen data security posture. Our platform helps organizations manage security threats with detection and analysis of security risks. We combine machine learning and threat intelligence

121

to detect data anomalies and unusual behavior, analyze the blast radius of impact, automate ransomware monitoring, and rapidly recover impacted data. Our ability to continuously discover and classify sensitive data, in addition to understanding user access, helps reduce the risk of data exfiltration. Our products can be integrated into security operations’ automated playbooks for managing and mitigating ransomware and other data attacks.

•

Secure, govern, and recover data across hybrid multi-cloud and SaaS applications. We recognize that organizations are in various stages of their cloud and SaaS journeys, and are accumulating data across enterprise, cloud, and SaaS applications. Our platform provides a consistent, policy managed experience across hybrid multi-cloud and SaaS environments, allowing organizations to uniformly deliver data security, governance, and recovery.

•

Comply with data regulations. Our platform continuously discovers and classifies sensitive data, which provides increasing value to organizations as more data is accumulated across enterprise, cloud, and SaaS applications. This allows organizations to facilitate compliance with evolving data privacy and security regulations, such as GDPR, and reduce risk of double extortion ransomware attacks.

•

Catalog and govern data assets. We provide a single platform for complete visibility and management as organizations accumulate more data across enterprise, cloud, and SaaS applications. We help organizations understand what data they have, where that data resides, sensitivity of data, and who has unqualified data access. As a result, our customers can shrink their attack surface, reduce risk of security breaches, and accelerate industry regulatory compliance. Our understanding of sensitive data and user access can help enterprises adopt generative AI by setting guardrails to mitigate exposure to compliance, data privacy, and cybersecurity risks.

•

Improve operational efficiency. As organizations adopt hybrid multi-cloud and SaaS strategies, they encounter many different tools, interfaces, and workflows. Organizations can streamline and standardize data security and management operations with our unified policy automation engine and workflows. This reduces the need for employee training, simplifies security and governance challenges, provides reliable and rapid recoveries, and makes it easier to manage exponential data growth and the accumulation of diverse data sources.

Our Opportunity

We believe our total addressable market opportunity for our platform will be approximately $36.3 billion by the end of calendar year 2024 and approximately $52.9 billion by the end of calendar year 2027, based on market estimates in Gartner® research, representing an average 13% CAGR.⁽¹⁾ These market estimates are as follows:

•

Data Management. Based on market estimates in Gartner® research, we estimate that our addressable market for data management will be approximately $12.9 billion by the end of calendar year 2024, which includes $11.1 billion in Backup and Recovery Software and $1.9 billion in Archive Software.⁽²⁾ According to market estimates in Gartner® research, these markets will increase to $15.4 billion by the end of calendar year 2027.⁽³⁾

•

Security. Based on market estimates in Gartner® research, we believe our addressable market for Application Security, Cloud Security, Cloud Security Posture Management, Data

⁽¹⁾

⁽²⁾	Gartner, Inc., Forecast: Enterprise Infrastructure Software, Worldwide, 2021-2027, 4Q23 Update, December 2023. Calculations performed by Rubrik, Inc.

⁽³⁾	Ibid. Calculations performed by Rubrik, Inc. Includes $13.3 billion in Backup and Recovery Software and $2.1 billion in Archive Software.

122

Privacy, Data Security, and Privileged Access Management Software will represent approximately $23.4 billion by the end of calendar year 2024 and approximately $37.5 billion by the end of calendar year 2027.⁽⁴⁾⁽⁵⁾

Our Growth Strategy

Key elements of our growth strategy include:

•

Continuing to grow our SaaS solutions. We believe there is a large and growing market opportunity for our multi-tenant, cloud native solutions as more organizations and customers move their applications and data to the cloud. We plan to continue to invest in the development of RSC, building additional products on top of our platform, and our accompanying go-to-market motion to capitalize on this meaningful opportunity.

•

Growing our customer base. We grew our customer base from over 5,000 as of January 31, 2023 to over 6,100 as of January 31, 2024. As cyberattacks increase in scale and sophistication amidst accelerated digitization and ever-evolving data regulations, organizations are rethinking how to secure data across various data sources. We believe we will continue to acquire new customers based on our ability to drive cyber resilience, data security posture management, and regulatory compliance.

•

Expanding within our customer base. Our existing customer base represents a significant growth opportunity. As our customers accelerate digitization, they adopt more applications and generate more data that must be secured and readily available. We expect to expand our data security products to cover additional scale and scope of data, in addition to cross-selling data governance and compliance products.

•

Innovating and extending our product leadership. We have a history of creating and introducing disruptive technologies that help our customers achieve business resilience. We intend to continue making significant investments in research and development as well as hiring top technical talent to further increase our product differentiation. In particular, we believe that generative AI will play an important role driving further need for new products to help secure sensitive data and user access. As we continue to invest in our data platform, we will focus on features and functionalities that help enterprises securely adopt generative AI within an evolving threat landscape.

•

Growing and harnessing our partner ecosystem. We plan to continue investing in building out and leveraging our partner ecosystem to broaden our distribution footprint, drive more platform usage, and drive greater awareness of our platform. Our partner ecosystem includes distributors and resellers, or Channel Partners, system integrators, managed system providers, and technology partners.

•

Expanding our global footprint. As organizations around the world create more data across enterprise, cloud, and SaaS applications and grapple with an ever-increasing threat level of cyberattacks, including ransomware, and ever-evolving data privacy and security regulations, we believe there is significant opportunity to expand the use of our platform in all major global markets. We have invested in research and development, sales and marketing, and customer support

⁽⁴⁾

Gartner, Inc., Forecast: Information Security and Risk Management, Worldwide, 2021-2027, 4Q23 Update, December 2023. Calculations performed by Rubrik, Inc. Includes $6.6 billion and $9.8 billion in Application Security, $6.9 billion and $12.8 billion in Cloud Security, $1.7 billion and $2.7 billion in Data Privacy, $4.2 billion and $5.9 billion in Data Security, and $2.4 billion and $2.9 billion in Privileged Access Management Software by the end of calendar years 2024 and 2027, respectively.

⁽⁵⁾	Gartner, Inc., Forecast Analysis: Cloud Security Posture Management, Worldwide, July 2023. Calculations performed by Rubrik, Inc. Includes $1.8 billion and $3.3 billion in Cloud Security Posture Management by the end of calendar years 2024 and 2027, respectively.

123

across EMEA and Asia-Pacific regions and expect to continue to do so. We grew our international revenue from such regions from $171.5 million in fiscal 2023 to $186.4 million in fiscal 2024.

•

Pursuing strategic acquisitions. We have a history of acquiring and integrating strategic products and technologies into our platform to deliver comprehensive data security products to our customers and partners. We intend to continue to pursue strategic teams, technologies, and products to accelerate time-to-market for new data security capabilities and widen the competitive moat for our products and solutions.

Our Customers

We had over 6,100 customers as of January 31, 2024. We sell to organizations of various sizes that operate across a wide range of industries, including financial services; retail, trade, and transportation; energy and industrials; healthcare and life sciences; public sector and education; technology, media, and communications; and services.


Industry		Representative Customers

Financial Services:		Barclays; Citigroup; Goldman Sachs; M&T Bank; Alpine Bank; City National Bank of Florida; AmFam

Retail, Trade & Transportation:		The Home Depot; PepsiCo; Sephora; Goya Foods; BJ’s Restaurants; Carhartt

Energy & Industrial:		Whirlpool; NOV; Simpson Strong-Tie; Dunn Lumber

Healthcare & Life Sciences:		Illumina; UCSF Health; Kern Medical; UCI Health; Chapters Health System; St. Luke’s University Health Network

Public Sector & Education:		State of Utah; The Scottish Government; NJ Transit; Dartmouth; King’s College London; City of San Diego; City of Austin; El Dorado County; Pasco County; City of Carrollton; Cranfield University

Technology, Media & Communications:		Fiserv; Arrow Electronics; Denver Broncos; Italiaonline; Sesame Workshop; Iron Mountain

Services:		Choice Hotels; Schiphol; Payette; Ballard Spahr; Baker McKenzie; Republic Airways

Customer Case Studies

UCSF Health

Situation: Internationally renowned for providing highly specialized and innovative care, UCSF Health consistently ranks among the best hospitals and education programs in the United States. UCSF Health’s medical and research environments required data security and data protection solutions that could operate at multi-petabyte scale while proactively safeguarding critical research and hospital data against cyber threats.

Solution: To ensure critical data and workloads are protected to the highest standard, UCSF Health purchased RSC for cyber resilience and data security. UCSF has continued to grow its data secured by Rubrik, as well as invest in Rubrik solutions, including M365 protection, Unstructured Data Protection, and Anomaly Detection to protect and secure critical workloads, including Linux, Unix, VMware, and Windows, which support Oracle, SQL, Epic, and unstructured NAS data critical to research and patient care.

“Prioritizing a holistic data security strategy across the enterprise allows us to continue providing leading edge patient care while delivering on our mission of advancing health worldwide.” – CTO, UCSF Health

124

St. Luke’s University Health Network

Situation: St. Luke’s University Health Network, or St. Luke’s, is a non-profit organization committed to providing high-quality healthcare services to patients regardless of their ability to pay. In order to provide these high-quality healthcare services, St. Luke’s needs to ensure cyber resiliency of their business operations including the security and availability of patient data at all times. With a vision to modernize its information technology strategy and move beyond traditional backup solutions that have historically lacked essential cloud and security capabilities, St. Luke’s sought a cloud-based data security platform to deliver visibility, protection, and control of sensitive data to help mitigate cyber risk and ensure the cyber resiliency of their business.

Solution: In October 2021, St. Luke’s purchased Rubrik solutions to protect and support the migration to Azure of their patient access and medical records system that houses sensitive patient data. After witnessing improvement in backup and recovery performance and significant cost savings from replacing the legacy vendor, St. Luke’s upgraded to RSC Enterprise Edition in March 2022, less than six months after the initial implementation, bolstering St. Luke’s data security posture and cyber resiliency. They have deployed a variety of products to ensure data integrity, including alerting St. Luke’s security teams of anomalies and changes in the environment in real time. In July 2023, St. Luke’s further expanded their use of Rubrik by purchasing protection for thousands of M365 users and growing data sets as part of an ongoing cyber resiliency initiative with RSC as its extendable foundation. In January 2024, St. Luke’s also purchased Cloud Native Protection for their Azure workloads and Laminar to further strengthen their data security posture in the cloud.

“Healthcare doesn’t sleep. In our industry, a cyberattack paralyzes our ability to provide life-saving care to our patients – so cyber resiliency is not optional. With Rubrik, we have secured our sensitive data, have gained confidence and peace of mind in the resiliency of our operations, and can uphold our commitment to providing outstanding healthcare services even if we face a cyber event.” – CISO, St. Luke’s

Payette

Situation: Payette is an award-winning architecture firm that has created cutting-edge science centers to world-changing hospitals across the globe. With large sets of unstructured NAS data, Payette trusted Rubrik to secure and protect their business data in case of cyber threat. In 2020, they experienced a breach that threatened to take down their servers.

Solution: With Rubrik, Payette fended off the cyber breach with zero data lost and 100% recovery; the cyberattack was thwarted before the hacker could demand ransom. Payette has continued to enhance their data security posture with Rubrik, adding Anomaly Detection, as well as adopting Rubrik Cloud Data Protection to secure its Azure and M365 data. Payette has reported the following benefits with Rubrik:

•

Critical systems online in less than 24 hours after a cyberattack

•

Cyberattack thwarted before hacker could demand ransom

•

100% recovery within one week and zero data lost

•

M365 and Azure data resilient against cyber threats

“Rubrik’s software intelligence is a winning combination. Not only do we have one comprehensive data security solution that checks all the boxes, it is also the most innovative I have seen. Rubrik has a deep understanding of their customers and what they are trying to accomplish. I sleep better at night knowing we have Rubrik.” – Director of IT, Payette

City of Carrollton

Situation: Located in the heart of the Dallas-Fort Worth area, the City of Carrollton’s residents and businesses depend on the city and its departments for services from public works, fire and EMS,

125

municipal courts, emergency management, and police to trash and recycling. Supported by a centralized IT department, the City of Carrollton sought to replace their legacy backup technology with a modern data protection platform following a ransomware attack in 2019 and insourcing of IT in 2020.

Solution: After evaluating multiple vendors, the City of Carrollton selected Rubrik Foundation Edition with Anomaly Detection in 2021. Rubrik was distinguished not only by data security products that other vendors lacked, but a Zero Trust architecture and native immutability that was critical in keeping data protected in the face of cyber threats. Later in 2021, the City of Carrollton added additional Rubrik capacity to further support the resiliency of their cyber operations. In 2022, they expanded their work with Rubrik again, adding data protection for their M365 environment. In 2023, the City of Carrollton upgraded to RSC Enterprise Edition to elevate their data security posture with products such as Sensitive Data Monitoring to secure data spanning numerous apps and workloads across city departments in the face of cyber threats.

“We initially turned to Rubrik for better backup and data protection. Now we look to them as a cybersecurity multi-tool to help us better manage and secure data across all our various data sources. They provide us with increased visibility and data security in our cyber operations.” – CISO, City of Carrollton

Barclays

Situation: With an increasing reliance on technology, greater use of cloud service providers, and a changing cyber threat landscape, Barclays looked to enhance its cyber resilience—including upgrading backup solutions for its private and public cloud storage and database workloads, virtual and physical machines, M365, and other key applications—to achieve significantly improved and more predictable recovery time objectives, or RTO, and enhanced security.

Solution: After evaluating multiple backup vendors, Barclays selected Rubrik Cloud Data Management in January 2022. Rubrik was distinguished from competitors by demonstrating its ability to meet Barclays’ RTOs while offering the security desired with its unique Zero Trust architecture and native immutability. In October 2022, Barclays expanded its engagement with Rubrik, purchasing Rubrik SaaS Data Protection to safeguard the M365 data of its employees.

In August 2023, Barclays upgraded its Rubrik deployment to RSC Enterprise Edition to better protect enterprise and cloud applications across its Important Business Services (IBS), such as trading, payments, and checking account platforms. Rubrik provides a single pane of glass for Barclays to monitor and manage the health and security of various data types while simultaneously scanning, detecting, and quarantining cyber threats in its backup environment in real-time with advanced Threat Hunting and Anomaly Detection. With RSC, Barclays has access to immutable copies of its critical data and the ability to quickly orchestrate a speedy recovery response at scale.

“Rubrik stood above others with a holistic, unified data protection and data security offering that is tailored to Barclays’ needs.” – Group CIO, Barclays

Barclays is serving as an underwriter in this transaction.

Citigroup

Situation: Leading global financial institution, Citigroup, or Citi, serves 100+ million customers and does business in nearly 160 countries and with 90% of the global Fortune 500 companies. Citi’s vast network allows them to flow $4+ trillion each day across borders, currencies and asset classes. With increasing complexity tied to business and geopolitics in addition to evolving consumer expectations,

126

Citi sought to modernize their legacy data protection tools with a state-of-the-art data security platform that could be deployed at speed and scale to safeguard Citi’s data and ensure its operations stay efficient, effective, and resilient in the face of cyber threats.

Solution: After evaluating multiple vendors, in July 2022, Citi selected Rubrik Cloud Data Management for its Zero Trust architecture, native immutability, scalability, and performance. Citi quickly deployed Rubrik to protect business critical NAS data. With Rubrik, Citi experienced marked performance improvement in Recovery Performance Objective compared to their legacy backup tool when protecting a large amount of data. Following the success of the initial Rubrik implementation, Citi expanded their partnership by upgrading to RSC Enterprise Edition in January 2023. RSC was distinguished by its comprehensive data security product suite to help Citi mitigate compliance risk, cyber threats, and preserve customer trust and brand reputation.

Citigroup is serving as an underwriter in this transaction.

The Home Depot

Situation: The Home Depot is the world’s largest home improvement retailer with over 2,300 stores and approximately 475,000 employees across North America and Guam. To support their business objective of delivering best-in-class customer, employee, community, and shareholder experience, The Home Depot pursued a technology transformation initiative to ensure data availability and enhanced protection at its retail sites.

Solution: Since deploying Rubrik solutions to protect, manage, and recover data distributed across over 2,300 stores, The Home Depot has significantly increased their Rubrik footprint. In 2022, The Home Depot expanded the partnership with Rubrik by deploying RSC Enterprise Edition to proactively monitor and mitigate cyber threats, such as ransomware, while monitoring for sensitive data exposure.

Cranfield University

Situation: Cranfield University is the largest UK provider of master’s-level graduates in engineering. The university’s work informs government policy and leads the way in producing cutting-edge new technologies and products in partnership with industry. As a leading research institution, Cranfield University generates large volumes of sensitive data, including national insurance numbers, tax references, and other sensitive user data. As the university accelerated its digital transformation to meet the increasing demand of agile services, it sought a cloud-based data protection solution that delivered visibility, protection, and control of its highly sensitive data to mitigate cyber risk.

Solution: In 2018, Cranfield University selected Rubrik for its cloud-based data protection strategy to ensure business resiliency as it migrated critical data to Azure. With Rubrik’s policy-based data management and cloud archival capabilities, the university experienced faster recovery times and cost savings compared to their legacy backup and recovery solutions. Based on this early success, in 2019, Cranfield University expanded their use of Rubrik offerings to include Anomaly Detection to help assess the blast radius and identify malicious activity in the event of a cyber incident, enabling incident responders to accelerate recovery time. In 2020, the university added Sensitive Data Monitoring to be able to identify and remediate sensitive data sprawl and stay compliant with stringent regulations mandated by the GDPR and UK Information Commissioner’s Office. Most recently, in 2023, Cranfield University began utilizing RSC and M365 protection to cover the M365 data of its faculty, students, and employees.

“We partner with Rubrik because they continue to innovate and provide solutions that help our university stay resilient in the face of evolving threats.” – Head of IT Infrastructure, Cranfield University

127

Carhartt

Situation: Carhartt is a global premium workwear brand that prioritizes an omnichannel approach to business, providing consumers with easier and faster access to the apparel they need, whenever and wherever. This adds significant complexity to ensuring the security of Carhartt’s growing data against the increasing threat of cyberattacks. Prior to Rubrik, Carhartt used multiple disparate backup and recovery solutions across the enterprise until a data loss incident drove them to reevaluate their data protection strategy. Carhartt sought a modern data security platform that could be deployed at speed and scale to safeguard their data and ensure they can provide a reliable and secure buying experience for their customers.

Solution: In February 2023, Carhartt selected RSC Enterprise Edition as its single cyber resilience platform, replacing multiple legacy backup and recovery solutions. RSC was distinguished by its Zero Trust architecture, comprehensive data security solutions, and immutability. Rubrik’s products, such as Anomaly Detection, Sensitive Data Monitoring, and Threat Hunting, help Carhartt mitigate the risk of cyber threats by securing critical data and identifying anomalies, malicious files, and compromised data sets for fast and secure data recovery in the event of a cyber incident. To further enrich, expedite, and automate their threat investigations, Carhartt integrates RSC with Microsoft Sentinel. In January 2024, Carhartt further expanded its Rubrik footprint by purchasing Laminar to bolster its data security posture in the cloud, an initiative for Carhartt’s board of directors for 2024.

“Rubrik Security Cloud gives our team a centralized view of all the data for all systems across the Carhartt landscape. The combination of Anomaly Detection, Sensitive Data Monitoring, and air gapping makes Rubrik and its Zero Trust design stand out. Rubrik isn’t just a data security solution, it’s peace of mind for our brand.” – Senior Manager of Cybersecurity, Carhartt

Our Commercial Offerings

RSC is a cloud native SaaS platform that secures data across disparate sources. We build products on top of RSC to address a myriad of use cases that help our customers achieve cyber resilience. Our primary commercial products are as follows:

Data Protection

•

Enterprise Data Protection. Cyber-proofs enterprise data on physical systems, operating systems, virtual machines, databases, file systems, and containers with air-gapped, immutable, access-controlled backups.

•

Unstructured Data Protection. Cyber-proofs unstructured file and object data stored on petabyte scale NAS systems with air-gapped, immutable backups.

•

Cloud Data Protection. Cyber-proofs Azure, AWS, and GCP cloud application data and databases with secure, access-controlled backups.

•

SaaS Data Protection. Cyber-proofs M365 data with air-gapped, immutable data resilience and rapid recovery at scale.

Data Threat Analytics

•

Detects data threats and identifies the blast radius of a cyberattack to speed up data recovery. Combines Anomaly Detection, Threat Monitoring, and Threat Hunting. Anomaly Detection uses advanced machine learning to detect deletions, modifications, and encryptions. Threat Monitoring continuously monitors for indicators of compromise commonly used by bad actors to

128

establish persistent access, move laterally, or exfiltrate data. Threat Hunting allows incident responders and SOC analysts to hunt for indicators of compromise and determine the initial point, scope, and time of infection.

Data Security Posture

•

Strengthens cyber posture by locating sensitive data proliferation and identifying data risks. Includes Sensitive Data Monitoring and User Intelligence, which altogether discovers where data lives, sensitivity of data, and user access and activity. A hardened cyber posture helps customers proactively reduce the risk of cyberattacks, data exfiltration, and sensitive data exposure.

Cyber Recovery

•

Improves cyber readiness and incident response with orchestrated Cyber Recovery Simulation and Threat Containment. Cyber Recovery Simulation is used by our customers to create, test, and validate recovery plans, while also staying compliant with policy and audit requirements. Threat Containment quarantines data infected with malware to prevent malware reinfection during recovery. Cyber Recovery can also be used to recover compromised data within a safe environment for forensic analysis.

Our commercial products are used by customers to deliver business resilience against operational failures and cyberattacks. Customers use our Data Protection, Cyber Recovery, and Data Security Posture products to strengthen cyber posture, comply with regulations, and conduct recovery from operational failures, human errors, or natural disasters. During a cyberattack, customers use Data Threat Analytics in addition to the above products to identify, contain, and remediate data threats, determine scope of sensitive data exposure, recover data, and conduct event response.

129

LOGO

Our RSC platform is built to be highly flexible and scalable, enabling us to innovate and deliver new data security products in the future.

Our products are available for purchase via three subscription editions to our RSC platform, which are as follows:

•

Foundation Edition. Keeps data secure and recoverable from cyberattacks and operational failures.

•

Business Edition. Builds upon Foundation Edition by proactively monitoring for ransomware.

•

Enterprise Edition. Builds upon Business Edition by continuously monitoring data risk and orchestrating cyber recovery.

Our commercial offerings are accompanied by customer support. We offer several support solutions and capabilities that enhance the value proposition of our software and SaaS solutions:

•

SentryAI. SentryAI is our proprietary AI deep learning-based platform for system health monitoring, allowing us to deliver proactive customer service throughout the entire customer lifecycle. Our platform uses AI to detect anomalous behavior from telemetry data from our customers. Data analyzed includes performance, security and SLA compliance, and capacity utilization. SentryAI is included within our base support offering.

•

Customer Experience Manager, or CEM. We offer dedicated customer experience managers to proactively monitor the health of our customers’ environments, preemptively detect and resolve emerging issues, including those related to cybersecurity, deliver operational risk management, and recommend strategies for ROI scaling and maximization.

130

•

Premium-Plus Add-on Support. Our program provides a CEM and an Assigned Support Engineer, or ASE, for personalized, technical support. Our dedicated teams develop an in-depth understanding of our customers’ unique environment requirements, collaborate closely with our customers’ operation teams, and provide a direct path to accelerate resolution times.

•

Ransomware Recovery Team. Our 24x7 Ransomware Recovery Team assists and complements our customers’ recovery plans. This is a free service available to our customers and helps them remediate and recover faster.

•

Education. We offer Rubrik University, which includes instructor-led training with hands-on labs, on-demand e-learning courses, and certification exams. Education capabilities are targeted at different types of users and delivery modalities to suit end-customer needs. We have instructor-led training and self-paced on-demand courses.

•

Certification Program. Our certification program enables technical personnel to demonstrate and validate in-depth knowledge of data security by becoming a Rubrik Certified Systems Administrator.

As of December 31, 2023, we achieved an average Net Promoter Score, or NPS, of 86. Our NPS is verified by the Customer Relationship Management Institute LLC. Our NPS was calculated by a survey of our customer base that we conducted over the 12-month period ended December 2023. We measure NPS using a scale of zero to 10 based on a customer’s response to the following survey question: How likely is it that you would recommend Rubrik to a friend or colleague? An NPS can range from a low of -100 to a high of +100. NPS measures the willingness of customers to recommend a company’s products or services to other potential customers and is viewed as a proxy for measuring customers’ brand loyalty and satisfaction with a company’s product or service. According to Delighted by Qualtrics, Rubrik’s NPS ranks in the 100th percentile within the software category. We believe our NPS demonstrates our dedication to delivering exceptional customer outcomes and a world-class customer experience.

Our Technology

We have designed a highly differentiated and innovative architecture that is comprised of the following elements:

•

Time-Series Data and Metadata. Our architecture combines data and metadata from business applications to create self-describing data as a time-series. Self-describing data is important since it contains information such as application context, user identity, data sensitivity, and application lineage, allowing us to understand emergent data threats and deliver cyber recovery. In addition, we have constructed a proprietary framework to uniformly represent this time-series data and metadata from enterprise, cloud, and SaaS applications. Since we have a common way to represent data across a multitude of application sources, we can easily introduce new products on top of our platform.

•

Zero Trust Design. We employ Zero Trust principles to prevent threats at the data layer. Our usage of native immutability, secure protocols, logical air gap, encryption, role-based access controls, multi-factor authentication, and native services allows us to preserve data integrity and reduce software supply chain risk.

•

Native Immutability. Our platform was custom designed to provide built-in immutability and preserve data integrity. Our proprietary, append-only file system, combined with data integrity checks, protects data from unauthorized modification, encryption, or deletion, thereby preventing data from being compromised.

•

Secure Protocols. We architected our platform to allow data access only in an authenticated manner and via secure protocols. Contrast this approach to that of legacy technologies, which offer multi-tier architectures with a full trust security model leveraging insecure network and storage protocols, thereby leaving data vulnerable to corruption, deletion, or theft.

131

•

Logical Air Gap. Data is protected by creating a multi-layered barrier between data and malicious actors. Logical processes, such as encryption, hashing, and granular role-based access controls, prevent data from being modified, deleted, or stolen. Our immutable, append-only file system also contributes to establishing a logical air gap by preventing data from being manipulated once written.

•

Native Services. Our platform provides robust built-in functionality with native services. We do not provide privileged access to third-party applications, thereby reducing the risk of software supply chain attacks.

•

Threat Engine. Our threat engine uses machine learning and threat intelligence to analyze our time-series data and metadata, detecting anomalies, encryption, content sensitivity, and malware. We can identify the initial point, scope, and time of attack to avoid malware reinfection during recovery.

•

Automation. Core to our design ethos is automation. To secure data at scale and with consistency, our platform is architected to deliver automated end-to-end policy management, orchestration of security incident response, and API integrations.

•

Policy Automation. Our fully orchestrated policy engine simplifies how data security objectives are created, enforced, and managed. By providing simplicity and automation in securing data, organizations easily deliver a consistent and uniform data security posture.

•

Integration with Security Operations. Our solutions integrate with security tools, such as SIEM/SOAR and cloud security, to address a critical gap: security risks and threats at the data layer. Existing security tools pull in data from every corner of the infrastructure (network, applications, endpoints, etc.) but not from the data itself. By integrating continuous monitoring of data and user context, SecOps teams accelerate risk mitigation, incident response, and business resiliency.

•

API-integration. Our API-first design means that any operation performed via Rubrik’s UI is performed through multi-factor authenticated APIs. We offer an extensive collection of pre-built integrations that allow customers to leverage our APIs to integrate data security and data policy management into self-service automation, infrastructure as code, centralized monitoring, log management, and security operations.

Our Go-to-Market Strategy

We primarily sell subscriptions to RSC through our global sales team and partner network. We target the largest organizations worldwide to mid-sized organizations. We sell to smaller customers through a high velocity engagement model driven by our inside sales team.

We utilize a land and expand approach, acquiring new customers and expanding with existing customers. We sell our products through subscriptions to RSC editions and can land in four distinct ways by securing enterprise, unstructured data, cloud, and SaaS applications. After initial purchase, our customers often expand the deployment of our platform within their organization. Expansion happens along three vectors: the growth of data from applications already secured by Rubrik; new applications secured; and additional data security products. This expansion is driven by a natural flywheel effect in which the value of our platform increases as our customers’ data grows across various applications. As organizations manage more data with RSC and adopt additional data security products, they gain deeper insights into their data, strengthen their overall security posture, and reduce compliance risk, increasing their overall affinity with Rubrik.

132

LOGO

Our sales organization includes sales development, inside sales, sales engineering, and field sales personnel and is segmented both geographically and by the size of prospective customers. We also have dedicated sales teams for the public sector, including federal, state, and local government organizations. Our sales teams identify prospective customers, manage customer accounts, and identify expansion opportunities, while working with our partner network.

We sell our subscriptions to customers through our Channel Partners utilizing a two-tier, indirect fulfillment model. We also offer SaaS products through the marketplaces of our technology alliance partners, including GCP, Azure, and AWS.

Our marketing organization works closely with our sales team to build brand and product awareness and drive sales pipeline. We leverage a mix of outbound marketing tactics such as industry conferences, user events, webinars, and digital programs to target new business, as well as support our upsell and cross-sell efforts. Every year, we organize our user conference, Rubrik Forward, to help our customers realize greater business results through data security. In addition, we leverage inbound marketing activities to generate pipeline and engage in joint marketing activities with our channel and technology alliance partners.

As of January 31, 2024, we had more than 1,300 employees in our sales and marketing organizations.

Our Partnerships

Our partnerships consist of Channel Partners, system integrators, managed service providers, and technology partners. Our partner program is designed to maximize technology expertise, technology alliances, and geographic coverage. Our Rubrik Transform Partner Program is a global program that manages our business relationships with our partners.

Our partners help expand the reach of our technology by building brand and product awareness, generating leads, implementing our solutions, providing value-added professional services, and reselling our services. On occasion, we may form deeper strategic relationships, such as our partnership with Microsoft that extends from driving go-to-market activities to co-engineering projects to delivering integrated Zero Trust Data Security products built on Azure.

133

Research and Development

Our research and development team is responsible for the design, development, testing, operation, and quality of our data security platform. This organization works closely with our cloud operations team to ensure that our platform is available, reliable, and stable. Rubrik Zero Labs is our internal data security research lab that analyzes the global threat landscape, works to eliminate threats with our data security platform, and reports on emerging data security issues. Our research and development leadership team is located in Palo Alto, California and Bangalore, India. We intend to continue to invest in our research and development capabilities to extend our platform and drive innovation of new products to expand our market size and customer impact.

Manufacturing

We rely on a limited number of contract manufacturers, including Super Micro Computer, Inc., or Supermicro, to assemble, test, and load our software onto Supermicro servers to deliver Rubrik-branded commodity servers, or Rubrik-branded Appliances, which the customer enterprise data we secure relies upon. All Rubrik-branded Appliances are currently built on servers designed and supplied by Supermicro. Our Original Equipment Manufacturer Agreement with Supermicro expires in November 2024, with the option to terminate upon each automatic annual renewal thereafter, and does not contain minimum purchase requirements that we must satisfy. We and Supermicro have also agreed to a “Direct-to-Distributor” model, whereby our Channel Partners are authorized to place purchase orders directly with Supermicro, and Supermicro is authorized to sell our Rubrik-branded Appliances directly to our Channel Partners.

Our Competition

The markets we serve are highly competitive and rapidly evolving. Our competition is specific to use cases that we target. We believe we have a unique Zero Trust data architecture. As such, we are not aware of other companies with a Zero Trust Data Security approach that secures and recovers data across enterprise, cloud, and SaaS applications. As customer requirements evolve and new technologies are introduced, we anticipate competition will increase as established or emerging companies develop solutions that address the data security market. Our main competitors fall into the following categories:

•

Data management and protection vendors, such as Commvault, Dell EMC, IBM, Veeam, and Cohesity (Cohesity recently announced its proposed acquisition of Veritas’ data protection business);

•

Smaller cloud and SaaS data management vendors with products that compete in some of our markets; and

•

Vendors that provide cyber/ransomware detection and investigation, data security posture management, insider threat detection, data classification, incident containment, and other security and data governance technologies.

We believe we compete favorably based on the following competitive factors:

•

Ability to converge backup and recovery and cybersecurity in a cloud architecture;

•

Ability to automatically manage and secure diverse data types across hybrid cloud, public cloud, and SaaS environments in an easy-to-use, unified platform;

•

Ability to provide cyber recovery from a cyberattack;

•

Ability to harden data security posture by continuously observing data for security risks;

134

•

Business data access for cyber resilience;

•

Ease of deployment, implementation, and use;

•

Performance, scalability, and reliability;

•

Ease of integration and collection of pre-built integrations with a wide variety of applications, infrastructure, automation, and security products driven by an API-first architecture;

•

Time to value and pricing;

•

Integrated data governance and compliance capabilities;

•

Quality of customer success and professional services; and

•

Brand recognition and reputation.

Our Culture and Employees

We consider our culture and employees to be important to our success. Our vision for our people is to establish an environment where our people can grow their careers and feel like they belong and succeed at Rubrik, allowing us to attract, develop, and retain the best talent in the industry to drive Rubrik’s success well into the future. We do this through incentivizing and integrating our employees through our competitive rewards and benefits, including equity-based compensation, and by our unique culture.

Our culture is driven by our core company values, and we measure performance against these values:

•

Relentlessness. Unyielding will and curiosity to tackle the hardest challenges.

•

Integrity. Do what you say and do the right thing.

•

Velocity. Drive clarity, decide quickly, and move fast to delight our customers.

•

Excellence. Set a high standard and strive for greatness.

•

Transparency. Build trust and drive smart decisions through transparent communication.

As of January 31, 2024, we had over 3,100 full-time employees operating across 23 countries. We also engage contractors and consultants. None of our employees are represented by a labor union. In certain countries in which we operate, such as Germany and France, we are subject to, and comply with, local labor law requirements, which include works councils and industry-wide collective bargaining agreements. We have not experienced any work stoppages, and we consider our relations with our employees to be good.

Social Responsibility and Community Initiatives

At Rubrik, we are committed to making the world a more secure and better place. In furtherance of our values and this goal, we are joining the Pledge 1% movement, and are committing to donate 1,354,671 shares of our Class A common stock (representing approximately 1% of our outstanding capital stock immediately prior to this offering) over the next 10 years to fund our social impact and environmental, social, and governance initiatives. We plan to commit our time, in addition to our equity and financial resources, to support our social responsibility and community initiatives.

Intellectual Property

Intellectual property rights are important to the success of our business. We rely on a combination of patents, copyrights, trademarks, and trade secret laws in the United States and other jurisdictions,

135

as well as license agreements, confidentiality procedures, non-disclosure agreements with third parties, and other contractual protections, to protect our intellectual property rights, including rights in our proprietary technology, software, know-how and brand. We also use open source software in our offering.

As of January 31, 2024, we had 255 issued U.S. patents and patents in various non-U.S. jurisdictions, 207 patent applications pending in the United States, and two patent applications pending in various non-U.S. jurisdictions. Our issued patents as of January 31, 2024 expire between April 30, 2034 and June 9, 2042. As of January 31, 2024, we had 16 registered trademarks in the United States, four trademark applications pending in the United States, 19 registered trademarks in various non-U.S. jurisdictions, and four trademark applications pending in various non-U.S. jurisdictions.

Although we rely on intellectual property rights, including contractual protections, to establish and protect our intellectual property, we believe that factors such as the technological and creative skills of our personnel, creation of new services, features and functionality, and frequent enhancements to our platform are essential to establishing and maintaining our technology leadership position.

We control access to and use of our proprietary technology and other confidential information through the use of internal and external controls, including contractual protections with employees, contractors, customers, and partners. We require our employees, consultants, independent contractors, and other third parties to enter into confidentiality and proprietary rights agreements, and we control and monitor access to our software, documentation, proprietary technology, and confidential information. Our policy is to require all employees, consultants, and independent contractors to sign agreements assigning to us any inventions, trade secrets, works of authorship, developments, processes, and other intellectual property generated by them on our behalf and under which they agree to protect our confidential information. In addition, we generally enter into confidentiality agreements with our customers, technology alliance partners, and Channel Partners. See the section titled “Risk Factors” for a more comprehensive description of risks related to our intellectual property.

Our Facilities

We are headquartered in Palo Alto, California, where we lease approximately 81,031 square feet pursuant to a lease which expires in 2027. We currently lease other office space in Austin, Texas; Morrisville, North Carolina; Lawrence, Kansas; Reston, Virginia; Amsterdam, Netherlands; Cork, Ireland; Tel Aviv, Israel; Bangalore, India; and Sydney, Australia, with a total aggregate size of approximately 260,000 square feet. We do not own any real property. We believe that our facilities are adequate to meet our current needs.

Legal Proceedings

From time to time, we are involved in various legal proceedings arising from activities in the normal course of business. We are not presently a party to any litigation the outcome of which, we believe, if determined adversely to us, would individually or taken together have a material adverse effect on our business, financial condition, results of operations, and cash flows. Defending any legal proceedings is costly and can impose a significant burden on management and employees. The results of any current or future litigation cannot be predicted with certainty, and regardless of the outcome, litigation can have an adverse impact on us because of defense and settlement costs, diversion of management resources, and other factors.

136

MANAGEMENT

The following table sets forth information for our executive officers and directors as of April 1, 2024:


Name	Age		Position
*Executive Officers*
Bipul Sinha		50	Chief Executive Officer and Chairman of our Board of Directors
Kiran Choudary		49	Chief Financial Officer
Arvind Nithrakashyap		50	Chief Technology Officer and Director
Brian McCarthy		44	Chief Revenue Officer

*Non-Employee Directors*
Asheem Chandna⁽¹⁾⁽²⁾		59	Director
R. Scott Herren⁽¹⁾		62	Director
Mark D. McLaughlin⁽²⁾		58	Director
Ravi Mhatre⁽²⁾⁽³⁾		57	Director
Enrique Salem⁽³⁾		58	Director
John W. Thompson⁽³⁾*		74	Director
Yvonne Wassenaar⁽¹⁾		55	Director

(1)	Member of the audit committee.

(2)	Member of the compensation committee.

(3)	Member of the nominating and governance committee.

*	Lead Independent Director

Executive Officers

Bipul Sinha. Mr. Sinha is our co-founder and has served as our Chief Executive Officer and as a member of our board of directors since January 2014, and as Chairman of our board of directors since July 2016. Since January 2014, Mr. Sinha has also served as Venture Partner at Lightspeed Venture Partners, a global technology venture capital firm. From July 2010 to January 2014, Mr. Sinha served as a Partner at Lightspeed Venture Partners. Mr. Sinha previously served on the board of directors of Nutanix, Inc., a public enterprise cloud platform company, from December 2011 to October 2017. Mr. Sinha holds a Bachelor of Technology in Electrical Engineering from the Indian Institute of Technology and a Master of Business Administration from the Wharton School of the University of Pennsylvania. Mr. Sinha was selected to serve on our board of directors because of the perspective and experience he provides as our co-founder and Chief Executive Officer, as well as his extensive experience with advising and leading technology companies.

Kiran Choudary. Mr. Choudary has served as our Chief Financial Officer since November 2020 and was formerly our Senior Vice President of Finance and Strategy from August 2018 to November 2020. From August 2013 to August 2018, Mr. Choudary served as Vice President of Finance and Strategy at Atlassian Corporation PLC, or Atlassian, a public software technology company. Prior to Atlassian, Mr. Choudary served as Vice President in the Technology Investment Banking group at The Goldman Sachs Group, Inc. Mr. Choudary holds a Bachelor of Technology from the Indian Institute of Technology, a master’s degree in Engineering from the Massachusetts Institute of Technology, and a Master of Business Administration from the Wharton School of the University of Pennsylvania.

Arvind Nithrakashyap. Mr. Nithrakashyap is our co-founder and has served as our Chief Technology Officer and as a member of our board of directors since January 2014. From March 2010 to January 2014, Mr. Nithrakashyap served as Senior Rocket Scientist at Rocket Fuel Inc., or Rocket

137

Fuel, a public advertisement technology company, acquired by Sizmek Inc. Prior to Rocket Fuel, Mr. Nithrakashyap served as Senior Software Engineer at Pursima, Inc., or Pursima, a data management software company. Prior to Pursima, Mr. Nithrakashyap served as Principal Member of Technical Staff at Oracle Corporation, a public computer technology company. Mr. Nithrakashyap holds a Bachelor of Technology in Computer Science from the Indian Institute of Technology and a master’s degree in Computer Science from the University of Massachusetts Amherst. Mr. Nithrakashyap was selected to serve on our board of directors because of the perspective and experience he provides as our co-founder and Chief Technology Officer, as well as his extensive experience with leading product development at technology companies.

Brian McCarthy. Mr. McCarthy has served as our Chief Revenue Officer since February 2021. From September 2018 to February 2021, Mr. McCarthy served as Executive Vice President and Chief Revenue Officer of ThoughtSpot, Inc., a business intelligence analytics search software company. From May 2017 to September 2018, Mr. McCarthy served as Vice President of Sales for AppDynamics, Inc., an application performance management and IT operations analytics company, acquired by Cisco Systems, Inc. Mr. McCarthy holds a Bachelor of Arts in Theology and History from the Franciscan University of Steubenville.

Each executive officer serves at the discretion of our board of directors and holds office until his successor is duly appointed and qualified or until his earlier resignation or removal.

Non-Employee Directors

Asheem Chandna. Mr. Chandna has served as a member of our board of directors since March 2015. Since September 2003, Mr. Chandna has served as Partner at Greylock Partners, a venture capital firm. From April 1996 to December 2002, Mr. Chandna served as Vice President, Business Development and Product Management at Check Point Software Technologies Ltd., a public cybersecurity company. He currently serves on the board of directors of a number of privately held companies. Mr. Chandna previously served on the board of directors of Palo Alto Networks, Inc., or Palo Alto Networks, a public cybersecurity company, from April 2005 to December 2022, Imperva, Inc., a public cybersecurity company, acquired by Thoma Bravo, LLC, from July 2003 to June 2013, and Sourcefire, Inc., a public cybersecurity company, acquired by Cisco Systems, Inc., from May 2003 to October 2009. Mr. Chandna holds a Bachelor of Science in Electrical Engineering and a Master of Science in Computer Engineering from Case Western Reserve University. Mr. Chandna was selected to serve on our board of directors because of his extensive background with cybersecurity and cloud products, enterprise IT markets, and his experience on the boards of directors of various public and private companies.

R. Scott Herren. Mr. Herren has served as a member of our board of directors since November 2021. Since December 2020, Mr. Herren has served as Executive Vice President and Chief Financial Officer of Cisco Systems, Inc., a public technology company. From November 2014 to December 2020, Mr. Herren served as Chief Financial Officer of Autodesk, Inc., or Autodesk, a public cloud-based design and engineering software company. Prior to Autodesk, Mr. Herren served in various leadership and financial roles at Citrix Systems, Inc., or Citrix, a public cloud computing company. Prior to Citrix, Mr. Herren spent 16 years in senior strategy and financial positions at FedEx Corporation, a public transportation and e-commerce company, and International Business Machines Corporation, a public technology company. Mr. Herren previously served on the board of directors of Proofpoint, Inc., a public cybersecurity company, acquired by Thoma Bravo, LLC. Mr. Herren holds a Bachelor of Science in Industrial Engineering from Georgia Institute of Technology and a Master of Business Administration from Columbia University. Mr. Herren was selected to serve on our board of directors because of his extensive experience in operations, international business, accounting, financial management, and investor relations at publicly held technology companies.

138

Mark D. McLaughlin. Mr. McLaughlin has served as a member of our board of directors since November 2022. Since April 2023, Mr. McLaughlin has served as a director of Snowflake Inc., a public data-cloud company, and since August 2019, Mr. McLaughlin has served as chairperson of the board of directors of QUALCOMM Incorporated, or Qualcomm, a public global semiconductor company, and has served as a member of the board of directors of Qualcomm since July 2015. From August 2011 to December 2022, Mr. McLaughlin served as a member of the board of directors of Palo Alto Networks, a public cybersecurity company. In addition, Mr. McLaughlin served as Chief Executive Officer of Palo Alto Networks from August 2011 to June 2018 and as President from August 2011 to August 2016. From February 2000 to July 2011, Mr. McLaughlin served in various roles at VeriSign, Inc., or VeriSign, a public internet infrastructure company, most recently as President and Chief Executive Officer. Prior to VeriSign, Mr. McLaughlin served as Vice President, Sales and Business Development at Signio Inc., an internet payments company, acquired by VeriSign. In January 2011, President Barack Obama appointed Mr. McLaughlin to serve on the President’s National Security Telecommunications Advisory Committee, where he served through April 2023, and from November 2014 to December 2016, he served as the chairperson of the committee. Mr. McLaughlin holds a Bachelor of Science from the U.S. Military Academy at West Point and a Juris Doctorate from Seattle University School of Law. Mr. McLaughlin was selected to serve on our board of directors because of his extensive leadership experience and knowledge of the technology industry.

Ravi Mhatre. Mr. Mhatre has served as a member of our board of directors since January 2014. Mr. Mhatre co-founded Lightspeed Venture Partners, a global technology venture capital firm, and has served as Partner of Lightspeed Venture Partners since August 1999. He currently serves on the board of directors of several private companies. Mr. Mhatre previously served on the boards of directors of Nutanix, Inc., a public enterprise cloud platform company, from July 2010 to April 2021, and Mulesoft, Inc., a public enterprise software company, acquired by Salesforce, Inc., from May 2007 to May 2018. Mr. Mhatre holds a Bachelor of Arts in Economics and a Bachelor of Science in Electrical Engineering from Stanford University and a Master of Business Administration from Stanford University’s Graduate School of Business. Mr. Mhatre was selected to serve on our board of directors because of his extensive experience in the venture capital industry, knowledge of technology companies, and service on the boards of directors of various private and public companies.

Enrique Salem. Mr. Salem has served as a member of our board of directors since August 2019. Since July 2014, Mr. Salem has served as Managing Director of Bain Capital Ventures, a venture capital firm. From June 2004 to July 2012, Mr. Salem served in various roles at Symantec Corporation, or Symantec, now known as NortonLifeLock Inc., a public cybersecurity company, most recently as President and Chief Executive Officer. Prior to Symantec, Mr. Salem served as President and Chief Executive Officer of Brightmail, Inc., an email filtering company, prior to its acquisition by Symantec in 2004. Mr. Salem has also held senior leadership roles at Oblix Inc., Ask Jeeves Inc., Peter Norton Computing, Inc., and Security Pacific Merchant Bank. In March 2011, he was appointed to President Barack Obama’s Management Advisory Board. Mr. Salem currently serves on the boards of directors of Mandiant, Inc., formerly known as FireEye, Inc., a public cybersecurity company acquired by Google LLC, a multinational technology conglomerate, in September 2022, Atlassian Corporation PLC, a public software technology company, and DocuSign, Inc., a public electronic document management software company. He previously served on the boards of directors of ForeScout Technologies, Inc., a network security company, from September 2013 to July 2020, Automatic Data Processing, Inc., a public cloud-based human capital management software company, from January 2010 to November 2013, and Symantec from April 2009 to July 2012. Mr. Salem also currently serves on the boards of directors of multiple private companies. He received the Estrella Award from the Hispanic IT Executive Council in 2010 and was named Entrepreneur of the Year in 2004 by Ernst & Young. Mr. Salem holds an Artium Baccalaureus in Computer Science from Dartmouth College. Mr. Salem was selected to serve on our board of directors because of his extensive leadership experience, including oversight of global operations, his knowledge of technology companies, and his service on the boards of directors of various private and public companies.

139

John W. Thompson. Mr. Thompson has served as a member of our board of directors since January 2018. Since May 2018, Mr. Thompson has served as Venture Partner at Lightspeed Venture Partners, a global technology venture capital firm. From 2012 to December 2023, Mr. Thompson served on the board of directors of Microsoft Corporation, a public technology company. From May 2021 to May 2023, Mr. Thompson served as chairperson of the board of directors of Illumina, Inc., or Illumina, a public genomics technology company. From October 2017 to March 2018, Mr. Thompson served as Executive Advisor at Riverwood Capital Management L.P., or Riverwood Capital, a private equity firm. Prior to Riverwood Capital, Mr. Thompson served as Chief Executive Officer at Virtual Instruments Corporation, a software solutions company, Chief Executive Officer at Symantec Corporation, or Symantec, now known as NortonLifeLock Inc., a public cybersecurity company, and General Manager at International Business Machines Corporation, a public technology company. Mr. Thompson previously served on the board of directors of Symantec from 1999 to 2011. Mr. Thompson holds a Bachelor of Arts in Business Administration from Florida Agricultural and Mechanical University and a master’s degree in Management Science from Massachusetts Institute of Technology, Sloan School of Management. Mr. Thompson was selected to serve on our board of directors because of his extensive leadership experience and his knowledge of technology companies.

Yvonne Wassenaar. Ms. Wassenaar has served as a member of our board of directors since November 2021. From January 2019 to May 2022, Ms. Wassenaar served as Chief Executive Officer of Puppet, Inc., an information technology automation software company. From June 2017 to September 2018, Ms. Wassenaar served as Chief Executive Officer of Airware, an enterprise drone solutions company. From August 2014 to May 2017, Ms. Wassenaar served in various roles at New Relic, Inc., or New Relic, a public cloud-based observability platform company, most recently as Chief Information Officer. Prior to New Relic, Ms. Wassenaar held various senior positions at VMware, Inc., a public cloud computing and virtualization technology company. Ms. Wassenaar currently serves on the board of directors of Arista Networks, Inc., a public cloud networking company, Forrester Research, Inc., a public research and advisory company, and JFrog Ltd., a public software supply chain company. Ms. Wassenaar previously served on the boards of directors of Anaplan, Inc., a public cloud-based business planning software company, acquired by Thoma Bravo, LLC, from November 2019 to June 2022, and Mulesoft, Inc., a public enterprise software company, acquired by Salesforce, Inc., from December 2017 to May 2018. Ms. Wassenaar also currently serves on the boards of directors of various private companies and non-profit institutions. Ms. Wassenaar holds a Bachelor of Arts in Economics with a specialization in computing from the University of California, Los Angeles and a Master of Business Administration from the UCLA Anderson School of Business. Ms. Wassenaar was selected to serve on our board of directors because of her extensive knowledge of the technology industry, her extensive experience in senior leadership positions at technology companies, and her service on the boards of directors of various private and public companies.

Family Relationships

There are no family relationships among any of our executive officers or directors.

Composition of Our Board of Directors

Our business and affairs are managed under the direction of our board of directors. Pursuant to our certificate of incorporation and our amended and restated voting agreement, our directors were elected as follows:

•

Messrs. Sinha, Salem, and Nithrakashyap were elected as the designees nominated by holders of our common stock;

•

Mr. Mhatre was elected as the designee nominated by holders of our Series A redeemable convertible preferred stock;

140

•

Mr. Chandna was elected as the designee nominated by holders of our Series B redeemable convertible preferred stock; and

•

Messrs. Herren, Thompson, and McLaughlin and Ms. Wassenaar were elected as the independent designees nominated by the board of directors.

Immediately prior to the closing of this offering, our amended and restated voting agreement will terminate, our certificate of incorporation, along with our bylaws, will be amended and restated, and none of our stockholders will have any special rights regarding the election or designation of members of our board of directors. After the closing of this offering, the number of directors will be fixed by our board of directors, subject to the terms of our amended and restated certificate of incorporation and amended and restated bylaws. Each of our current directors will continue to serve as a director until the election and qualification of his or her successor, or until his or her earlier death, resignation, or removal.

In accordance with our amended and restated certificate of incorporation that will be in effect immediately prior to the closing of this offering, immediately after this offering, our board of directors will be divided into three classes with staggered three-year terms. At each annual meeting of stockholders, the successors to directors whose terms then expire will be elected to serve from the time of election and qualification until the third annual meeting following election. Our directors will be divided among the three classes as follows:

•

the Class I directors will be Enrique Salem, John W. Thompson, and Yvonne Wassenaar, and their terms will expire at our first annual meeting of stockholders following this offering;

•

the Class II directors will be Arvind Nithrakashyap, Asheem Chandna, and Ravi Mhatre, and their terms will expire at our second annual meeting of stockholders following this offering; and

•

the Class III directors will be Bipul Sinha, R. Scott Herren, and Mark D. McLaughlin, and their terms will expire at our third annual meeting of stockholders following this offering.

We expect that any additional directorships resulting from an increase in the number of directors will be distributed among the three classes so that, as nearly as possible, each class will consist of one third of the directors. The division of our board of directors into three classes with staggered three-year terms may delay or prevent a change of our management or a change in control.

Director Independence

Our board of directors has undertaken a review of the independence of each director. Based on information provided by each director concerning his or her background, employment, and affiliations, our board of directors has determined that Asheem Chandna, R. Scott Herren, Mark D. McLaughlin, Ravi Mhatre, Enrique Salem, John W. Thompson, and Yvonne Wassenaar do not have relationships that would interfere with the exercise of independent judgment in carrying out the responsibilities of a director and that each of these directors is “independent” as that term is defined under the New York Stock Exchange, or NYSE, listing standards. In making these determinations, our board of directors considered the current and prior relationships that each non-employee director has with our company and all other facts and circumstances our board of directors deemed relevant in determining their independence. In addition, our board of directors considered the beneficial ownership of our shares held by each non-employee director and the transactions described in the section titled “Certain Relationships and Related Party Transactions.”

141

Lead Independent Director

Upon the closing of this offering, our corporate governance guidelines will provide that one of our independent directors will serve as our Lead Independent Director. Our board of directors has appointed Mr. Thompson to serve as our Lead Independent Director. The Lead Independent Director will be responsible for presiding over each executive session of non-management directors in which those directors meet without management participation and perform other duties as our board of directors may determine from time to time.

Committees of Our Board of Directors

Our board of directors has established an audit committee, a compensation committee, and a nominating and corporate governance committee. The composition and responsibilities of each of the committees of our board of directors are described below. Members serve on these committees until their resignation or until otherwise determined by our board of directors. Our board of directors may establish other committees as it deems necessary or appropriate from time to time.

Audit Committee

Our audit committee consists of Asheem Chandna, R. Scott Herren, and Yvonne Wassenaar. The chairperson of our audit committee is Mr. Herren. Our board of directors has determined that each member of our audit committee satisfies the independence requirements under the listing standards of the NYSE and Rule 10A-3(b)(1) of the Exchange Act. Our board of directors has determined that Mr. Herren is an “audit committee financial expert” within the meaning of SEC regulations. Each member of our audit committee can read and understand fundamental financial statements in accordance with applicable requirements. In arriving at these determinations, our board of directors has examined each audit committee member’s scope of experience and the nature of their employment.

The primary purpose of our audit committee is to discharge the responsibilities of our board of directors with respect to our corporate accounting and financial reporting processes, systems of internal control and financial statement audits, and to oversee our independent registered public accounting firm. Specific responsibilities of our audit committee include:

•

helping our board of directors oversee our corporate accounting and financial reporting processes;

•

managing the selection, engagement, qualifications, independence, and performance of a qualified firm to serve as the independent registered public accounting firm to audit our financial statements and the effectiveness of our internal control over financial reporting, when required;

•

discussing the scope and results of the audit with the independent registered public accounting firm, and reviewing, with management and the independent accountants, our interim and

•

year-end results of operations;

•

developing procedures for employees to submit concerns anonymously about questionable accounting or audit matters;

•

reviewing related party transactions;

•

reviewing our policies on risk assessment and risk management;

•

approving or, as permitted, pre-approving, audit and permissible non-audit services to be performed by the independent registered public accounting firm and the related fees; and

•

preparing the audit committee report that the SEC requires in our annual proxy statement.

142

Our audit committee operates under a written charter that satisfies the applicable listing standards of the NYSE.

Compensation Committee

Our compensation committee consists of Asheem Chandna, Ravi Mhatre, and Mark D. McLaughlin. The chairperson of our compensation committee is Mr. Chandna. Our board of directors has determined that each member of our compensation committee is independent under the listing standards of the NYSE, and a “non-employee director” as defined in Rule 16b-3 promulgated under the Exchange Act.

The primary purpose of our compensation committee is to discharge the responsibilities of our board of directors in overseeing our compensation policies, plans, and programs, and to review and determine or recommend to our board of directors for approval, as applicable, the compensation to be paid to our executive officers, directors, and other senior management, as appropriate. Specific responsibilities of our compensation committee include:

•

reviewing and recommending to the independent members of our board of directors the compensation of our chief executive officer;

•

in consultation with our chief executive officer, reviewing and approving the compensation of our other executive officers;

•

reviewing and recommending to our board of directors the compensation of our non-employee directors;

•

administering our equity incentive plans and other benefit programs;

•

reviewing, adopting, amending, and terminating incentive compensation and equity plans, severance agreements, bonus plans, change of control protections, and any other compensatory arrangements for our executive officers and other senior management; and

•

reviewing and establishing general policies and programs relating to compensation and benefits of our employees, including our overall compensation philosophy.

Our compensation committee operates under a written charter that satisfies the applicable listing standards of the NYSE.

Nominating and Corporate Governance Committee

Our nominating and corporate governance committee consists of John W. Thompson, Ravi Mhatre, and Enrique Salem. The chairperson of our nominating and corporate governance committee is Mr. Thompson. Our board of directors has determined that each member of our nominating and corporate governance committee is independent under the listing standards of the NYSE.

Specific responsibilities of our nominating and corporate governance committee include:

•

identifying and evaluating candidates, including the nomination of incumbent directors for reelection and nominees recommended by stockholders, to serve on our board of directors;

•

considering and making recommendations to our board of directors regarding the composition and chairpersons of the committees of our board of directors;

•

developing and making recommendations to our board of directors regarding corporate governance guidelines and matters; and

143

•

overseeing periodic evaluations of the board of directors’ performance, including committees of the board of directors.

Our nominating and corporate governance committee operates under a written charter that satisfies the applicable listing standards of the NYSE.

Code of Conduct

We have adopted a code of conduct that applies to our directors, officers, and employees, including our principal executive officer, principal financial officer, principal accounting officer, or controller, or persons performing similar functions. Immediately prior to the closing of this offering, our code of conduct will be available under the Corporate Governance section of our website at www.rubrik.com. In addition, we intend to post on our website all disclosures that are required by law or the listing standards of the NYSE concerning any amendments to, or waivers from, any provision of our code of conduct. Information contained on, or accessible through, our website is not a part of this prospectus, and the inclusion of our website address in this prospectus is only as an inactive textual reference.

Compensation Committee Interlocks and Insider Participation

None of the members of our compensation committee are currently or has been at any time one of our officers or employees. None of our executive officers currently serves, or has served during the last year, as a member of the board of directors or compensation committee of any entity that has one or more executive officers serving as a member of our board of directors or compensation committee.

Non-Employee Director Compensation

During fiscal 2024, we did not pay any compensation to our non-employee directors for their service on our board of directors. We have reimbursed and will continue to reimburse all of our non-employee directors for their reasonable out-of-pocket expenses incurred in attending board of directors and committee meetings.

See the section titled “Executive Compensation” for additional information regarding the compensation earned by Mr. Sinha.

As of January 31, 2024, the aggregate number of shares underlying outstanding stock awards and options under our 2014 Plan held by each of our non-employee directors was as follows:


Name	Number of Shares Underlying Stock Awards		Number of Shares Underlying Options
Asheem Chandna		—		—
R. Scott Herren		75,000		—
Mark D. McLaughlin		50,000		—
Ravi Mhatre		—		—
Enrique Salem		—		—
John W. Thompson		150,000		165,946
Yvonne Wassenaar		50,000		—

Non-Employee Director Compensation Policy

Our board of directors adopted a non-employee director compensation policy in March 2024 that will become effective upon and following the date of the underwriting agreement related to this

144

offering (the effective date) and will be applicable to our eligible non-employee directors. This compensation policy provides that each such non-employee director will receive equity compensation for service on our board of directors, as described below.

Retainer RSU Grants

For each fiscal year following the initial fiscal year (as defined below), each eligible non-employee director will be granted a retainer RSU grant with an aggregate grant value determined based on specific service to our board of directors and committees of our board of directors during the fiscal year, as provided below:

•

retainer RSU grant for service as lead independent director with value of $50,000;

•

retainer RSU grant for service as a member of the audit committee with value of $10,000 and retainer RSU grant for service as chair of the audit committee with value of $35,000 (in lieu of the committee member service grant);

•

retainer RSU grant for service as a member of the compensation committee with value of $10,000 and retainer RSU grant for service as chair of the compensation committee with value of $25,000 (in lieu of the committee member service grant); and

•

retainer RSU grant for service as a member of the nominating and corporate governance committee with value of $5,000 and retainer RSU grant for service as chair of the nominating and corporate governance committee with value of $15,000 (in lieu of the committee member service grant).

Each retainer RSU grant will automatically be granted on January 15th of the applicable fiscal year and will be fully vested. The number of RSUs subject to each retainer RSU grant will be determined by dividing the aggregate retainer RSU grant value that such eligible non-employee director is eligible to receive by the closing price per share of our Class A common stock on the trading day immediately preceding the applicable grant date, rounded down to the nearest whole share.

Initial RSU Grants

Each new eligible non-employee director who joins our board of directors after the effective date will automatically receive an initial RSU grant with an aggregate grant date value of $950,000. The number of RSUs subject to each initial RSU grant will equal (i) the grant date fair value set forth in the previous sentence divided by (ii) the 20-trading day average share price of our Class A common stock for the period ending on the date such director was initially elected or appointed to our board of directors, rounded down to the nearest whole share. The initial RSU grants will vest over a three-year period in 12 successive equal quarterly installments. The “initial fiscal year” refers to the fiscal year in which such eligible non-employee director’s initial RSU grant is granted.

Annual RSU Grants

On the date of each annual meeting of our stockholders (the annual meeting), each eligible non-employee director (excluding any director whose initial fiscal year falls in the same fiscal year as such annual meeting) will automatically receive an annual RSU grant with an aggregate grant date value of $250,000; provided, however, that no eligible non-employee director who was serving on our board of directors as of the effective date will be eligible for an annual RSU grant until the date of the annual meeting held in 2025. The number of RSUs subject to each annual RSU grant will equal (i) the grant date fair value set forth in the previous sentence divided by (ii) the 20-trading day average share price

145

of our Class A common stock for the period ending on the date of the applicable annual meeting, rounded down to the nearest whole share. The annual RSU grants will vest over a one-year period, in four successive equal quarterly installments.

Terms of RSU Grants

The vesting of each non-employee director’s RSU grant made pursuant to the compensation policy is subject to such director’s continuous service with us as of the applicable vesting date. Each of the RSUs granted to our non-employee directors under the compensation policy or otherwise that are unvested as of a change in control (as defined in the 2024 Plan) will automatically vest upon such change in control for each director who remains in continuous service with us through the date of such change in control. Pursuant to the compensation policy, the compensation described above, with respect to any fiscal year beginning after the year in which the effective date occurs, will be subject to the limits on non-employee director compensation set forth in the 2024 Plan. Each RSU grant described above will be granted under our 2024 Plan, the terms of which are described in more detail below under “Executive Compensation—Equity Benefit and Stock Plans—2024 Equity Incentive Plan.”

Expenses

We have reimbursed and will continue to reimburse all of our non-employee directors for their ordinary, necessary and reasonable out-of-pocket expenses incurred in attending board of directors and committee meetings.

146

EXECUTIVE COMPENSATION

Our named executive officers for fiscal 2024, consisting of our principal executive officer and the next two most highly compensated executive officers, were:

•

Bipul Sinha, our Chief Executive Officer;

•

Kiran Choudary, our Chief Financial Officer; and

•

Brian McCarthy, our Chief Revenue Officer.

Summary Compensation Table

The following table presents all of the compensation awarded to, earned by, or paid to our named executive officers during fiscal 2024.


Name	Year Ended January 31,		Salary ($)			Bonus ($)⁽¹⁾		Stock Awards ($)⁽²⁾			Non-Equity Incentive Plan Compensation ($)⁽³⁾			All Other Compensation ($)			Total ($)
Bipul Sinha Chief Executive Officer		2024		375,000	⁽¹⁰⁾		28,125		—			103,125	⁽⁶⁾		114,244	⁽⁸⁾		620,494
Kiran Choudary Chief Financial Officer		2024		365,000			27,375		12,028,500	⁽⁴⁾		100,375	⁽⁶⁾		—			12,521,250
Brian McCarthy Chief Revenue Officer		2024		550,000			15,000		9,294,750	⁽⁵⁾		440,053	⁽⁷⁾		11,654	⁽⁹⁾		10,311,457

⁽¹⁾	Amounts reported represent discretionary cash bonuses paid to the named executive officers as a special one-time award in recognition of our 10th anniversary. These special bonuses were paid to all eligible Rubrik employees to show our appreciation for their efforts during fiscal 2024.

⁽²⁾

Amounts reported represent the aggregate grant date fair value of stock awards granted to our executive officers during fiscal 2024, under our 2014 Plan, computed in accordance with Financial Accounting Standards Board Accounting Standards Codification Topic 718, Compensation—Stock Compensation, or ASC Topic 718, excluding the effect of estimated forfeitures. The assumptions used in calculating the grant date fair value of the stock awards reported in these columns are set forth in the notes to our audited consolidated financial statements included elsewhere in this prospectus. These amounts will not reflect the actual economic value that may be realized by the named executive officers.

⁽³⁾	Amounts reported in this column represent total cash bonuses earned by the named executive officers based on achievement of corporate performance goals as determined by our compensation committee (and, with respect to Mr. Sinha, by our board of directors) for fiscal 2024.

⁽⁴⁾

Mr. Choudary was granted an RSU award that is subject to service-based and performance-based conditions. The amount disclosed represents the aggregate grant date fair value of such RSU award, computed in accordance with ASC Topic 718, assuming achievement of the performance-based condition. See the section titled “—Equity-Based Incentive Awards” below for additional information.

⁽⁵⁾

Mr. McCarthy was granted an RSU award that is subject to service-based and performance-based conditions. The amount disclosed represents the aggregate grant date fair value of such RSU award, computed in accordance with ASC Topic 718, assuming achievement of the performance-based condition. See the section titled “—Equity-Based Incentive Awards” below for additional information.

⁽⁶⁾	Amounts reported in this column represent total cash bonuses earned during fiscal 2024 for Messrs. Sinha and Choudary based on achievement of corporate performance goals as determined by our compensation committee (and, with respect to Mr. Sinha, by our board of directors).

⁽⁷⁾	Amounts reported for Mr. McCarthy represent commission-based payments earned in fiscal 2024. See the section titled “—Annual Performance-Based Bonus Opportunity” below for additional information.

⁽⁸⁾	Reflects $100,000 in contributions paid by us on behalf of Mr. Sinha to a not-for-profit entity on which Mr. Sinha serves on the board of directors, and $14,244 in legal fees we have paid or intend to pay on behalf of Mr. Sinha for the review of his grant agreements.

⁽⁹⁾	Reflects $11,654 in travel expenses to our President’s Club trip for Mr. McCarthy’s wife paid by us on behalf of Mr. McCarthy.

⁽¹⁰⁾	In March 2024, upon the recommendation of our compensation committee, our board of directors approved an increase to Mr. Sinha’s annual base salary to $575,000, effective August 1, 2024.

147

Annual Performance-Based Bonus Opportunity

In addition to base salaries, our named executive officers are eligible to receive performance-based cash bonuses (including commission-based payments, with respect to Mr. McCarthy), which are designed to provide appropriate incentives to our executives to achieve defined performance goals and to reward our executives for individual achievement towards these goals (or sales goals, with respect to Mr. McCarthy). The performance-based bonus each executive officer is eligible to receive is generally based on the extent to which we achieve the corporate goals that our board of directors or compensation committee establishes.

For fiscal 2024, Messrs. Sinha, Choudary, and McCarthy were each eligible to receive a bonus at an annual target of 50%, 50%, and 100%, respectively, of their base salaries. Our corporate performance objectives for fiscal 2024 related to achievement of certain financial metrics and with respect to Mr. McCarthy, sales targets under our sales compensation plan. In March 2024, upon the recommendation of our compensation committee, our board of directors approved an increase to Mr. Sinha’s annual bonus target to 100% of his base salary, effective February 1, 2024.

Equity-Based Incentive Awards

Our equity award program is the primary vehicle for offering long-term incentives to our executives. We believe that equity awards provide our executives with a strong link to our long-term performance, create an ownership culture, and help to align the interests of our executives and our stockholders. We believe that our equity awards are an important retention tool for our executives as well as for our other employees.

Historically, we have granted RSU awards and stock option awards subject to service-based, performance-based, and/or market-based conditions. Grants to our executives and other employees are made at the discretion of our compensation committee (or our board of directors, with respect to Mr. Sinha) and are not made at any specific time period during a year. Prior to this offering, all of the equity awards we granted were made pursuant to our 2014 Plan, the terms of which are described below under “—Employee Benefit and Stock Plans.” The terms of equity awards granted to our named executive officers in fiscal 2024 are described below under “—Outstanding Equity Awards at Fiscal Year End.”

Mr. Sinha

On June 3, 2022, after carefully considering market data and recommendations from our independent compensation consultant, our board of directors approved the grant of a stock option under our 2014 Plan to Mr. Sinha to purchase up to 8,000,000 shares of Class B common stock, contingent and effective upon a listing event, which includes this offering. This award was approved in recognition of Mr. Sinha’s instrumental role in achieving our strategic and business goals to date and, more importantly, the significant potential impact of his role on an ongoing basis. This award is designed to provide both multi-year retention incentives for Mr. Sinha and to align achievement of business and operating objectives with long-term stockholder value creation. Our board of directors believes that achievement of the Target Stock Values described below would result in significant value for our stockholders over the performance period.

Mr. Sinha’s option is divided into 10 tranches that may be earned as specified in the table below, subject to both (1) a service-based condition and (2) our achievement of Target Stock Value prior to the applicable Option Valuation Expiration Date. “Target Stock Value” with respect to Mr. Sinha’s award is based on the percentage of the price per share at which shares of our Class A common stock are first sold to the public in connection with this offering, or the IPO Price, except as described below in the event of a “sale event.”

148


Tranche	Number of Shares That May Be Earned		Target Stock Value (% of IPO Price)*			Option Valuation Expiration Date
1		666,667		134	%	Fifth anniversary of the listing event Seventh anniversary of the listing event
2		666,667		168	%
3		666,667		202	%
4		666,667		236	%
5		666,667		270	%
6		666,667		303	%
7		666,667		337	%
8		666,667		371	%
9		1,333,332		506	%
10		1,333,332		759	%

*	Stock price measurement will not commence until expiration of any applicable lock-up period.

For purposes of the option, the Target Stock Value will be achieved, following a listing event, on the date when the volume weighted-average price per share of our Class A common stock during a period of 90 consecutive trading days equals or exceeds the applicable Target Stock Value. The exercise price per share of the option will be the IPO Price. Each tranche of the option will vest on the first date following satisfaction of both the service-based condition and the Target Stock Value subject to Mr. Sinha’s continued service with us as our full-time Chief Executive Officer or co-Chief Executive Officer through such date. The shares underlying each tranche will satisfy the service-based condition in 20 equal quarterly installments (rounding down to the nearest whole share, except for the last vesting installment), beginning on January 27, 2022. Each unvested tranche of the option will expire and be forfeited if the Target Stock Value is not achieved on or before the Option Valuation Expiration Date noted in the table above, and each vested tranche will expire and be forfeited on the tenth anniversary of the grant date.

If a Sale Event (as defined in our 2014 Plan) occurs following a listing event, the fair market value of a share will be calculated as of the consummation of such sale event with reference to the consideration payable to the holder of one share in connection with such sale event (with linear interpolation if the common stock value falls between two target stock values). If the Target Stock Value is met as of such sale event, the option will continue to vest subject to Mr. Sinha’s continued performance of services and be subject to any “double-trigger” acceleration provisions provided in any written employment agreement, offer letter or other agreement or arrangement between us and Mr. Sinha, unless otherwise provided. If the stock valuation condition is met as of such sale event and this option is not assumed or continued or substituted for by the successor entity, the option will be deemed to have met the service-based condition effective as of immediately prior to the sale event. To the extent any portion of the option does not meet the Target Stock Value as of the sale event (and is not otherwise vested and exercisable), such portion will terminate in its entirety, unless otherwise provided.

If Mr. Sinha’s continued service with us as our full-time Chief Executive Officer or co-Chief Executive Officer is terminated by us without cause, as a result of Mr. Sinha’s resignation for good reason, or due to Mr. Sinha’s death or disability after achieving the applicable Target Stock Value, such portion of the option will be deemed to have met the service-based condition and be fully vested and exercisable as of the date of termination.

Shares acquired upon exercise of the option must be held by Mr. Sinha for at least 12 months while he continues to have a service relationship (as defined in our 2014 Plan) with us, unless otherwise provided.

The actual grant date fair value associated with the option will be determined upon the closing of this offering.

149

Mr. Choudary

In March 2023, our compensation committee granted an RSU award in respect of 550,000 shares of our Class B common stock to Mr. Choudary. The RSU award vests upon satisfaction of both a service-based condition and a performance-based condition. The service-based condition is satisfied in four annual installments beginning March 15, 2024 through March 15, 2027 in respect of 75,000, 125,000, 150,000, and 200,000 shares, respectively, subject to continued service with us as of each such date. The performance-based condition will be satisfied in connection with this offering.

Mr. McCarthy

In March 2023, our compensation committee granted an RSU award in respect of 425,000 shares of our Class B common stock to Mr. McCarthy. The RSU award vests upon satisfaction of both a service-based condition and a performance-based condition. The service-based condition is satisfied in four annual installments beginning March 15, 2024 through March 15, 2027 in respect of 50,000, 100,000, 125,000, and 150,000 shares, respectively, subject to continued service with us as of each such date. The performance-based condition will be satisfied in connection with this offering.

Agreements with Our Named Executive Officers

We have entered into confirmatory offer letters with each of our named executive officers, which provide for an annual base salary, target annual bonus opportunity, severance benefits pursuant to our Severance Plan (described below under “—Potential Payments upon Termination or Change in Control”) and standard employee benefits generally available to our employees. We have entered into an Employee Confidential Information and Inventions Assignment Agreement with each of our named executive officers. Each of our named executive officers is employed at-will.

Potential Payments upon Termination or Change in Control

Regardless of the manner in which a named executive officer’s service terminates, each named executive officer is entitled to receive amounts earned during his term of service, including unpaid salary and unused vacation.

Each of our named executive officers is eligible to receive benefits under the terms of our Severance and Change in Control Plan, or the Severance Plan, which was approved on March 2, 2023. The Severance Plan provides for severance benefits to the named executive officers upon a “change in control termination” (as described below). Upon a change in control termination, each of our named executive officers is entitled to a lump sum payment equal to a portion of his base salary (18 months for Mr. Sinha and 12 months for each of Messrs. Choudary and McCarthy), a lump sum payment equal to 100% of his annual target cash bonus, payment of COBRA premiums for up to 12 months and accelerated vesting of outstanding time-vesting equity awards. To the extent an equity award is not assumed, continued or substituted for in the event of certain change in control transactions and the executive’s employment is not terminated as of immediately prior to such change in control, the vesting of such equity award will also accelerate in full (and for equity awards subject to performance vesting, performance will be deemed to be achieved at target, unless otherwise provided in individual award documents). All severance benefits under the Severance Plan are subject to the executive’s execution of an effective release of claims against us.

For purposes of the Severance Plan, a “change in control termination” is an involuntary termination without “cause” (and not as a result of death or disability) or a resignation for “good reason” (each as defined in the Severance Plan), in any case that occurs during the period of time beginning three months prior to, and ending 12 months following, a “change in control,” as defined in the Severance Plan, or the “change in control period.”

150

Each of our named executive officers’ equity awards is further subject to the terms of our 2014 Plan and the applicable award agreement thereunder. A description of the termination and change in control provisions in our 2014 Plan and awards granted thereunder is provided below under “—Employee Benefit and Stock Plans,” and a description of the vesting provisions of each equity award held by our named executive officers which is outstanding and unvested as of January 31, 2024 is provided below under “—Outstanding Equity Awards at Fiscal Year End.” A description of the option to be granted to Mr. Sinha in connection with and contingent upon this offering is provided above under “—Equity-Based Incentive Awards.”

Outstanding Equity Awards at Fiscal Year End

The following table presents the outstanding equity awards held by each named executive officer as of January 31, 2024.


					Option Awards							Stock Awards
Name and Principal Position	Grant Date⁽¹⁾		Vesting Commencement Date		Number of Securities Underlying Unexercised Options (#) Exercisable			Option Exercise Price ($)		Option Expiration Date		Equity Incentive Plan Awards: Number of Unearned Shares, Units or Other Rights That Have Not Vested (#)			Equity Incentive Plan Awards: Market or Payout Value of Unearned Shares, Units or Other Rights That Have Not Vested⁽²⁾
Bipul Sinha Chief Executive Officer		05/02/2018		—		—			—		—		1,158,082	⁽⁴⁾	$	33,155,888
Kiran Choudary		09/18/2018		08/20/2018		98,450	⁽³⁾		7.99		09/17/2028		—			—
Chief Financial Officer		09/18/2018		06/15/2018		—			—		—		50,000	⁽⁵⁾	$	1,431,500
		05/08/2020		06/15/2020		—			—		—		3,338	⁽⁶⁾	$	95,567
		05/08/2020		03/15/2020		—			—		—		50,000	⁽⁷⁾	$	1,431,500
		11/19/2020		09/15/2020									50,000	⁽⁸⁾	$	1,431,500
		11/19/2020		09/15/2020		—			—		—		700,000	⁽⁹⁾	$	20,041,000
		04/13/2022		03/15/2022		—			—		—		115,000	⁽¹⁰⁾	$	3,292,450
		03/24/2023		03/15/2023		—			—		—		550,000	⁽¹¹⁾	$	15,746,500
Brian McCarthy		03/30/2021		03/15/2021		—			—		—		900,000	⁽¹²⁾	$	25,767,000
Chief Revenue Officer		03/30/2021		—		—			—		—		150,000	⁽¹³⁾	$	4,294,500
		04/13/2022		03/15/2022		—			—		—		100,000	⁽¹⁴⁾	$	2,863,000
		03/24/2023		03/15/2023		—			—		—		425,000	⁽¹⁵⁾	$	12,167,750

⁽¹⁾

All equity awards listed in this table were granted pursuant to our 2014 Plan, the terms of which are described below under “—Equity Plans—2014 Stock Plan.” The equity awards are subject to acceleration upon certain events as described in the section titled “—Potential Payments and Benefits upon Termination or Change of Control.”

⁽²⁾	Amounts reported represent the fair value of our common stock of $28.63 per share as of January 31, 2024 as determined by our compensation committee in good faith, pursuant to authority from our board of directors.

⁽³⁾

25% of the shares subject to the stock option vest on the first anniversary of the vesting commencement date, and the remaining of the shares vest in 36 equal quarterly installments thereafter, subject to the named executive officer’s continued service to us through each applicable vesting date. If Mr. Choudary’s service relationship is terminated by us without cause or Mr. Choudary resigns for good reason (each as defined in the stock option award agreement) within 12 months of a sale event (as defined in our 2014 Plan), 50% of the then unvested shares subject to the stock option will immediately vest as of the date of such termination or resignation.

⁽⁴⁾

The performance RSUs, or PSUs, granted to Mr. Sinha (as amended by the board of directors in February 2024) will vest if a stock price hurdle of $30 per share is achieved by May 2, 2028, subject to Mr. Sinha’s continued service to us through the achievement date. The stock price hurdle is based on the average closing stock price of our Class A common stock over 45 consecutive trading days following the date that occurs no fewer than 180 days after the completion of this offering. In addition, if (x) a sale event (as defined in our 2014 Plan) occurs prior to the initial public offering, (y) Mr. Sinha provides continued service to us through the date of such sale event, and (z) the consideration paid per share in connection with such sale event equals or exceeds $30 per share, then 100% of the PSUs will immediately vest upon consummation of such sale event. If Mr. Sinha’s service relationship is terminated by us without cause or Mr. Sinha resigns for good reason (each as defined in the PSU award agreement), in each case after the initial public offering (as defined in the 2014 Plan) but prior to the vesting of the PSUs, then, subject to Mr. Sinha’s delivery of an effective release of claims in our favor, 100% of the PSUs will immediately vest as of the date of such termination or resignation.

151

⁽⁵⁾

The RSUs vest on the first date upon which both a service-based condition and a performance-based condition are satisfied. The service-based condition is satisfied as to 25% of the RSUs on the first anniversary of the vesting commencement date, and the remaining RSUs vest in 12 equal quarterly installments thereafter, subject to the named executive officer’s continued service to us through each applicable vesting date. The performance-based condition will be satisfied in connection with this offering. If Mr. Choudary’s service relationship is terminated by us without cause or Mr. Choudary resigns for good reason (each as defined in the stock option award agreement) within 12 months of a sale event (as defined in our 2014 Plan), 50% of the RSUs will immediately vest as of the date of such termination or resignation.

⁽⁶⁾

The RSUs vest on the first date upon which both a service-based condition and a performance-based condition are satisfied. The service-based condition is satisfied as to 50% of the RSUs on the six-month anniversary of the vesting commencement date, and the remaining RSUs vest in two equal quarterly installments thereafter, subject to the named executive officer’s continued service to us through each applicable vesting date. The performance-based condition will be satisfied in connection with this offering.

⁽⁷⁾

The RSUs vest on the first date upon which both a service-based condition and a performance-based condition are satisfied. The service-based condition is satisfied in 16 equal quarterly installments, measured from March 15, 2020, subject to the named executive officer’s continued service to us through each applicable vesting date. The performance-based condition will be satisfied in connection with this offering.

⁽⁸⁾

The RSUs vest on the first date upon which both a service-based condition and a performance-based condition are satisfied. The service-based condition is satisfied in four equal quarterly installments, measured from September 15, 2020, subject to the named executive officer’s continued service to us through each applicable vesting date. The performance-based condition will be satisfied in connection with this offering.

⁽⁹⁾

The RSUs vest on the first date upon which both a service-based condition and a performance-based condition are satisfied. The service-based condition is satisfied in 16 equal quarterly installments, measured from September 15, 2020, subject to the named executive officer’s continued service to us through each applicable vesting date. The performance-based condition will be satisfied in connection with this offering.

⁽¹⁰⁾

The RSUs vest on the first date upon which both a service-based condition and a performance-based condition are satisfied. The service-based condition is satisfied in 16 equal quarterly installments, measured from March 15, 2022, subject to the named executive officer’s continued service to us through each applicable vesting date. The performance-based condition will be satisfied in connection with this offering.

⁽¹¹⁾

The RSUs vest on the first date upon which both a service-based condition and a performance-based condition are satisfied. The service-based condition is satisfied in four annual installments, measured from March 15, 2023, in respect of 75,000, 125,000, 150,000, and 200,000 shares, respectively, subject to the named executive officer’s continued service to us through each applicable vesting date. The performance-based condition will be satisfied in connection with this offering.

⁽¹²⁾

⁽¹³⁾

The PSUs granted to Mr. McCarthy will vest if a stock price hurdle of $40 per share is achieved by March 30, 2028, subject to Mr. McCarthy’s continued service to us through the achievement date. The stock price hurdle is based on the average closing stock price of our Class A common stock over 45 consecutive trading days following expiration of the lock-up period relating to this offering.

⁽¹⁴⁾

The RSUs vest on the first date upon which both a service-based condition and a performance-based condition are satisfied. The service-based condition is satisfied in 16 equal quarterly installments, measured from March 15, 2022, subject to the named executive officer’s continued service to us through each applicable vesting date. The performance-based condition will be satisfied in connection with this offering.

⁽¹⁵⁾

The RSUs vest on the first date upon which both a service-based condition and a performance-based condition are satisfied. The service-based condition is satisfied in four annual installments, measured from March 15, 2023, in respect of 50,000, 100,000, 125,000, and 150,000 shares, respectively, subject to the named executive officer’s continued service to us through each applicable vesting date. The performance-based condition will be satisfied in connection with this offering.

Emerging Growth Company Status

We are an emerging growth company, as defined in the JOBS Act. As an emerging growth company, we will be exempt from certain requirements related to executive compensation, including, but not limited to, the requirements to hold a nonbinding advisory vote on executive compensation and to provide information relating to the ratio of total compensation of our Chief Executive Officer to the median of the annual total compensation of all of our employees, each as required by the Investor Protection and Securities Reform Act of 2010, which is part of the Dodd-Frank Wall Street Reform and Consumer Protection Act.

152

Other Compensation and Benefits

All of our current named executive officers are eligible to participate in our employee benefit plans, including our medical, dental, vision, life, disability, and accidental death and dismemberment insurance plans, in each case, on the same basis as all of our other employees. We pay the premiums for the life, disability, and accidental death and dismemberment insurance for all of our employees, including our named executive officers. We also provide a cell phone allowance to all of our employees, including our named executive officers other than Mr. Sinha. Other than such broad-based benefits and our 401(k) plan as described below, we generally do not provide perquisites or personal benefits to our named executive officers.

Our named executive officers did not participate in, or earn any benefits under, any pension or nonqualified deferred compensation plan sponsored by us during fiscal 2024. Our board of directors may elect to provide our officers and other employees with nonqualified defined contribution or other nonqualified deferred compensation benefits in the future if it determines that doing so is in our best interests.

Employee 401(k) Plan

We maintain a 401(k) plan that provides eligible U.S. employees with an opportunity to save for retirement on a tax advantaged basis. Eligible employees are able to make pre-tax and after-tax contributions of eligible compensation up to certain Code limits, which are updated annually. We have the ability to make matching and discretionary contributions to the 401(k) plan. Currently, we do not make matching contributions or discretionary contributions to the 401(k) plan. The 401(k) plan is intended to be qualified under Section 401(a) Internal Revenue Code of 1986, as amended, or the Code, with the related trust intended to be tax exempt under Section 501(a) of the Code. As a tax-qualified retirement plan, contributions to the 401(k) plan are deductible by us when made and pre-tax contributions and earnings on pre-tax and after-tax contributions are not generally taxable to the employees until withdrawn or distributed from the 401(k) plan.

Employee Benefit and Stock Plans

2024 Equity Incentive Plan

In March 2024, our board of directors adopted, and in April 2024, our stockholders approved, the 2024 Plan. Our 2024 Plan is a successor to and continuation of our 2014 Plan and became effective at the time of execution of the underwriting agreement related to this offering. Our 2024 Plan came into existence upon its adoption by our board of directors and no grants will be made under our 2024 Plan prior to its effectiveness. No further grants will be made under our 2014 Plan.

Types of Awards. Our 2024 Plan provides for the grant of incentive stock options, or ISOs, within the meaning of Section 422 of the Code, to our employees and our parent and subsidiary corporations’ employees, if applicable, and for the grant of nonstatutory stock options, or NSOs, stock appreciation rights, restricted stock awards, RSU awards, performance-based awards and other awards, or collectively, awards. ISOs may be granted only to our employees, including our officers, and the employees of our affiliates. All other awards may be granted to our employees, including our officers, our non-employee directors and consultants and the employees and consultants of our affiliates.

Authorized Shares. The maximum number of shares of Class A common stock that may be issued under our 2024 Plan is 86,426,166 shares, which is the sum of: (1) 44,417,163 new shares, plus (2) an additional number of shares not to exceed 42,009,003, consisting of (A) shares that remain available for the issuance of awards under our 2014 Plan as of immediately prior to the time our 2024

153

Plan becomes effective and (B) shares of our common stock subject to outstanding awards granted under our 2014 Plan that, on or after the effective date of our 2024 Plan, terminate or expire prior to exercise or settlement; are not issued because the award is settled in cash; are forfeited because of the failure to vest; or are reacquired or withheld (or not issued) to satisfy a tax withholding obligation or the purchase or exercise price, if any, as such shares become available from time to time. The number of shares of Class A common stock reserved for issuance under our 2024 Plan will automatically increase on February 1 of each fiscal year, beginning on February 1, 2025, and continuing through and including February 1, 2034, by five percent (5%) of the aggregate number of shares of common stock of all classes issued and outstanding on January 31 of the preceding fiscal year, or a lesser number of shares determined by our board of directors prior to the applicable February 1. The maximum number of shares of Class A common stock that may be issued upon the exercise of ISOs under our 2024 Plan is 259,278,499 shares.

Shares issued under our 2024 Plan will be authorized but unissued or reacquired shares of Class A common stock. Shares subject to awards granted under our 2024 Plan that expire or terminate without being exercised in full, or that are paid out in cash rather than in shares, will not reduce the number of shares available for issuance under our 2024 Plan. Additionally, shares issued pursuant to awards under our 2024 Plan that we repurchase or that are forfeited, as well as shares used to pay the exercise price of an award or to satisfy the tax withholding obligations to an award, will become available for future grant under our 2024 Plan.

The maximum number of shares of Class A common stock subject to stock awards granted under the 2024 Plan or otherwise during any fiscal year that begins following execution of the underwriting agreement for this offering to any non-employee director, taken together with any cash fees paid by us to such non-employee director during such fiscal year for service on the board of directors, will not exceed $750,000 in total value (calculating the value of any such stock awards based on the grant date fair value of such stock awards for financial reporting purposes), or, with respect to the fiscal year in which a non-employee director is first appointed or elected to our board of directors, $1,500,000.

Plan Administration. Our board of directors, or a duly authorized committee of our board of directors, will administer our 2024 Plan and is referred to as the “administrator.” The administrator may also delegate to one or more persons or bodies the authority to do one or more of the following: (1) designate recipients (other than officers) to receive specified awards provided that no person or body may be delegated authority to grant an award to themselves; (2) determine the number of shares subject to such awards; and (3) determine the terms of such awards. The administrator has the authority to determine the terms of awards, including recipients, the exercise, purchase, or strike price of awards, if any, the number of shares subject to each award, the fair market value of a share of Class A common stock, the vesting schedule applicable to the awards, together with any vesting acceleration, and the form of consideration, if any, payable upon exercise or settlement of the awards and the terms of the award agreements for use under our 2024 Plan.

In addition, subject to the terms of the 2024 Plan, the administrator also has the power to modify outstanding awards under our 2024 Plan, including the authority to reprice any outstanding option or stock appreciation right, cancel and re-grant any outstanding option or stock appreciation right in exchange for new stock awards, cash, or other consideration, or take any other action that is treated as a repricing under GAAP, with the consent of any materially adversely affected participant.

Stock Options. ISOs and NSOs are granted pursuant to stock option agreements adopted by the administrator. The administrator determines the exercise price for a stock option, within the terms and conditions of the 2024 Plan, provided that the exercise price of a stock option generally cannot be less than 100% of the fair market value of our Class A common stock on the date of grant. Options granted under the 2024 Plan vest at the rate specified in the stock option agreement as determined by the administrator.

154

The administrator determines the term of stock options granted under the 2024 Plan, up to a maximum of 10 years. Unless the terms of an optionholder’s stock option agreement provide otherwise, if an optionholder’s service relationship with us, or any of our affiliates, ceases for any reason other than disability, death, or cause, the optionholder may generally exercise any vested options for a period of three months following the cessation of service. The option term may be extended in the event that either an exercise of the option or an immediate sale of shares acquired upon exercise of the option following such a termination of service is prohibited by applicable securities laws or our insider trading policy. If an optionholder’s service relationship with us or any of our affiliates ceases due to disability or death, or an optionholder dies within a certain period following cessation of service, the optionholder or a beneficiary may generally exercise any vested options for a period of 12 months in the event of disability and 18 months in the event of death. In the event of a termination for cause, options generally terminate immediately upon the termination of the individual for cause. In no event may an option be exercised beyond the expiration of its term.

Acceptable consideration for the purchase of Class A common stock issued upon the exercise of a stock option will be determined by the administrator and may include (1) cash, check, bank draft, or money order, (2) a broker-assisted cashless exercise, (3) the tender of shares of Class A common stock previously owned by the optionholder, (4) a net exercise of the option if it is an NSO, and (5) other legal consideration approved by the administrator.

Options may not be transferred to third-party financial institutions for value. Unless the administrator provides otherwise, options generally are not transferable except by will, the laws of descent, and distribution or pursuant to a domestic relations order. An optionholder may designate a beneficiary who may exercise the option following the optionholder’s death.

Tax Limitations on ISOs. The aggregate fair market value, determined at the time of grant, of Class A common stock with respect to ISOs that are exercisable for the first time by an optionholder during any calendar year under all of our stock plans may not exceed $100,000. Options or portions thereof that exceed such limit will be treated as NSOs. No ISOs may be granted to any person who, at the time of the grant, owns or is deemed to own stock possessing more than 10% of our total combined voting power or that of any of our parent or subsidiary corporations, unless (1) the option exercise price is at least 110% of the fair market value of the stock subject to the option on the date of grant, and (2) the term of the ISO does not exceed five years from the date of grant.

Restricted Stock Awards. Restricted stock awards are granted pursuant to restricted stock award agreements adopted by the administrator. The administrator determines the consideration, if any, payable for restricted stock awards, which may include, but is not limited to, cash, check, bank draft, or money order. Class A common stock acquired under a restricted stock award may, but need not, be subject to a share repurchase option in our favor in accordance with a vesting schedule to be determined by the administrator. A restricted stock award may be transferred only upon such terms and conditions as set by the administrator. Except as otherwise provided in the applicable award agreement, restricted stock awards that have not vested may be forfeited or repurchased by us upon the participant’s cessation of continuous service for any reason.

Restricted Stock Unit Awards. RSU awards are granted pursuant to RSU award agreements adopted by the administrator. The administrator determines the consideration, if any, payable for RSU awards, which may include, but is not limited to, cash, check, bank draft, or money order. A RSU award may be settled by cash, delivery of stock, or a combination of cash and stock as deemed appropriate by the administrator or in any other form of consideration set forth in the RSU award agreement. Additionally, dividend equivalents may be credited in respect of shares covered by a RSU award. Except as otherwise provided in the applicable award agreement, RSUs that have not vested will be forfeited upon the participant’s cessation of continuous service for any reason.

155

Stock Appreciation Rights. Stock appreciation rights are granted pursuant to stock appreciation right grant agreements adopted by the administrator. The administrator determines the strike price for a stock appreciation right, which generally cannot be less than 100% of the fair market value of Class A common stock on the date of grant. Upon the exercise of a stock appreciation right, we will pay the participant an amount equal to the product of (1) the excess of the per share fair market value of Class A common stock on the date of exercise over the strike price, multiplied by (2) the number of shares of Class A common stock with respect to which the stock appreciation right is exercised. A stock appreciation right granted under the 2024 Plan vests at the rate specified in the stock appreciation right agreement as determined by the administrator.

The administrator determines the term of stock appreciation rights granted under the 2024 Plan, up to a maximum of 10 years. Unless the terms of a participant’s stock appreciation right agreement provide otherwise, if a participant’s service relationship with us or any of our affiliates ceases for any reason other than disability, death, or cause, the participant may generally exercise any vested stock appreciation right for a period of three months following the cessation of service. The stock appreciation right term may be further extended in the event that exercise of the stock appreciation right following such a termination of service is prohibited by applicable securities laws. If a participant’s service relationship with us, or any of our affiliates, ceases due to disability or death, or a participant dies within a certain period following cessation of service, the participant or a beneficiary may generally exercise any vested stock appreciation right for a period of 12 months in the event of disability and 18 months in the event of death. In the event of a termination for cause, stock appreciation rights generally terminate immediately upon the occurrence of the event giving rise to the termination of the individual for cause. In no event may a stock appreciation right be exercised beyond the expiration of its term.

Performance Awards. Our 2024 Plan permits the grant of performance-based stock and cash awards. The administrator can structure such awards so that the stock or cash will be issued or paid pursuant to such award only following the achievement of certain pre-established performance goals during a designated performance period. Performance awards that are settled in cash or other property are not required to be valued in whole or in part by reference to, or otherwise based on, our Class A common stock.

The performance criteria that will be used to establish such performance goals may be based on any one of, or combination of, the following as determined by the administrator: earnings (including earnings per share and net earnings); earnings before interest, taxes and depreciation; earnings before interest, taxes, depreciation and amortization; total stockholder return; relative stockholder return; return on equity or average stockholder’s equity; return on assets, investment, or capital employed; stock price; margin (including gross margin); income (before or after taxes); operating income; operating income after taxes; pre-tax profit; operating cash flow; sales, annual recurring revenue or revenue targets; increases in revenue or product revenue; expenses and cost reduction goals; improvement in or attainment of working capital levels; economic value added (or an equivalent metric); market share; cash flow; cash flow per share; share price performance; debt reduction; customer satisfaction; stockholders’ equity; capital expenditures; debt levels; operating profit or net operating profit; workforce diversity; growth of net income or operating income; billings; financing; regulatory milestones; stockholder liquidity; corporate governance and compliance; intellectual property; personnel matters; progress of internal research; progress of partnered programs; partner satisfaction; budget management; partner or collaborator achievements; internal controls, including those related to the Sarbanes-Oxley Act; investor relations, analysts, and communication; implementation or completion of projects or processes; employee retention; number of users, including unique users; strategic partnerships or transactions (including in-licensing and out-licensing of intellectual property); establishing relationships with respect to the marketing, distribution and sale of our products; supply chain achievements; co-development, co-marketing, profit sharing, joint venture

156

or other similar arrangements; individual performance goals; corporate development and planning goals; and any other measure of performance selected by the administrator.

The administrator may establish performance goals on a company-wide basis, with respect to one or more business units, divisions, affiliates, or business segments, and in either absolute terms or relative to the performance of one or more comparable companies or the performance of one or more relevant indices. Unless specified otherwise in the award agreement at the time the award is granted or in such other document setting forth the performance goals at the time the goals are established, the administrator will appropriately make adjustments in the method of calculating the attainment of the performance goals as follows: (1) to exclude restructuring and/or other nonrecurring charges; (2) to exclude exchange rate effects; (3) to exclude the effects of changes to GAAP; (4) to exclude the effects of any statutory adjustments to corporate tax rates; (5) to exclude the effects of items that are “unusual” in nature or occur “infrequently” as determined under GAAP; (6) to exclude the dilutive effects of acquisitions or joint ventures; (7) to assume that any business divested by us achieved performance objectives at targeted levels during the balance of a performance period following such divestiture; (8) to exclude the effect of any change in the outstanding shares of Class A or Class B common stock by reason of any stock dividend or split, stock repurchase, reorganization, recapitalization, merger, consolidation, spin-off, combination, or exchange of shares or other similar corporate change, or any distributions to common stockholders other than regular cash dividends; (9) to exclude the effects of stock-based compensation and the award of bonuses under our bonus plans; (10) to exclude costs incurred in connection with potential acquisitions or divestitures that are required to be expensed under GAAP; and (11) to exclude the goodwill and intangible asset impairment charges that are required to be recorded under GAAP.

Other Awards. The administrator may grant other awards based in whole or in part by reference to Class A common stock. The administrator will set the number of shares under the award and all other terms and conditions of such awards.

Changes to Capital Structure. In the event there is a change in our capital structure, such as a stock split, reverse stock split or recapitalization, appropriate adjustments will be made to (1) the class and maximum number of shares reserved for issuance under the 2024 Plan, (2) the class and maximum number of shares by which the share reserve may increase automatically each year, (3) the class and maximum number of shares that may be issued upon the exercise of ISOs, and (4) the class, number of shares, and exercise price, strike price, or purchase price, if applicable, of all outstanding awards.

Corporate Transactions. In the event of a corporate transaction, any stock awards outstanding under the 2024 Plan may be assumed, continued, or substituted for by any surviving or acquiring corporation (or its parent company), and any reacquisition or repurchase rights held by us with respect to the stock award may be assigned to the successor (or its parent company). If the surviving or acquiring corporation (or its parent company) does not assume, continue or substitute for such stock awards, then (i) with respect to any such stock awards that are held by participants whose continuous service has not terminated prior to the effective time of the corporate transaction, or current participants, the vesting (and exercisability, if applicable) of such stock awards will be accelerated in full to a date prior to the effective time of the corporate transaction (contingent upon the effectiveness of the corporate transaction), and such stock awards will terminate if not exercised (if applicable) at or prior to the effective time of the corporate transaction, and any reacquisition or repurchase rights held by us with respect to such stock awards will lapse (contingent upon the effectiveness of the corporate transaction), and (ii) any such stock awards that are held by persons other than current participants will terminate if not exercised (if applicable) prior to the effective time of the corporate transaction, except that any reacquisition or repurchase rights held by us with respect to such stock awards will not terminate and may continue to be exercised notwithstanding the corporate transaction.

157

In addition, the administrator may also provide, in its sole discretion, that the holder of a stock award that will terminate upon the occurrence of a corporate transaction if not previously exercised will receive a payment, if any, equal to the excess of the value of the property the participant would have received upon exercise of the stock award over the exercise price otherwise payable in connection with the stock award.

Under the 2024 Plan, a corporate transaction is generally the consummation of (1) a sale or other disposition of all or substantially all of our assets, (2) a sale or other disposition of at least 50% of our outstanding securities, (3) a merger, consolidation or similar transaction following which we are not the surviving corporation, or (4) a merger, consolidation or similar transaction following which we are the surviving corporation but the shares of common stock of all classes issued and outstanding immediately prior to such transaction are converted or exchanged into other property by virtue of the transaction.

A stock award may be subject to additional acceleration of vesting and exercisability upon or after a change in control as may be provided in an applicable award agreement or other written agreement, but in the absence of such provision, no such acceleration will occur.

Transferability. A participant may not transfer awards under our 2024 Plan other than by will, the laws of descent and distribution, or as otherwise provided under our 2024 Plan.

Plan Amendment or Termination. Our board of directors has the authority to amend, suspend or terminate our 2024 Plan, provided that such action does not materially impair the existing rights of any participant without such participant’s written consent. Certain material amendments also require the approval of our stockholders. No ISOs may be granted after the tenth anniversary of the date our board of directors adopted our 2024 Plan. No awards may be granted under our 2024 Plan while it is suspended or after it is terminated.

2024 Employee Stock Purchase Plan

In March 2024, our board of directors adopted, and in April 2024, our stockholders approved, the 2024 ESPP, which became effective at the time of execution of the underwriting agreement related to this offering. The purpose of our 2024 ESPP will be to secure the services of new employees, to retain the services of existing employees, and to provide incentives for such individuals to exert maximum efforts toward our success and that of our affiliates. Our 2024 ESPP will include two components. One component will be designed to allow eligible U.S. employees to purchase our Class A common stock in a manner that may qualify for favorable tax treatment under Section 423 of the Code. The other component will permit the grant of purchase rights that do not qualify for such favorable tax treatment in order to allow deviations necessary to permit participation by eligible employees who are foreign nationals or employed outside of the United States, while complying with applicable foreign laws.

Authorized Shares. The maximum aggregate number of shares of Class A common stock that may be issued under our 2024 ESPP is 4,607,303 shares. The number of shares of Class A common stock reserved for issuance under our 2024 ESPP will automatically increase on February 1 of each fiscal year, beginning on February 1, 2025 and continuing through and including February 1, 2034, by the lesser of (1) one percent (1%) of the aggregate number of shares of common stock of all classes issued and outstanding on January 31 of the preceding fiscal year, (2) 9,214,605 shares, or (3) a lesser number of shares determined by our board of directors. Shares subject to purchase rights granted under our 2024 ESPP that terminate without having been exercised in full will not reduce the number of shares available for issuance under our 2024 ESPP.

Plan Administration. Our board of directors, or a duly authorized committee of our board of directors, will administer our 2024 ESPP and is referred to as the “administrator.” The 2024 ESPP is

158

implemented through a series of offerings with specific terms approved by the administrator and under which eligible employees are granted purchase rights to purchase shares of Class A common stock on specified dates during such offerings. Under the 2024 ESPP, we may specify offerings with durations of not more than 27 months, and may specify shorter purchase periods within each offering. Each offering will have one or more purchase dates on which shares of Class A common stock will be purchased for our eligible employees participating in the offering. An offering under the 2024 ESPP may be terminated under certain circumstances.

Payroll Deductions. Generally, employees, including executive officers, employed by us or by any of our designated affiliates, may participate in the 2024 ESPP and may contribute, normally through payroll deductions, up to a maximum dollar amount as designated by the administrator. Unless otherwise determined by the administrator, Class A common stock will be purchased for the accounts of employees participating in the 2024 ESPP at a price per share equal to the lower of (a) 85% of the fair market value of a share of Class A common stock on the first date of an offering or (b) 85% of the fair market value of a share of Class A common stock on the date of purchase. For the initial offering, which we expect will commence upon the execution and delivery of the underwriting agreement relating to this offering, the fair market value on the first day of the initial offering will be the price at which shares are first sold to the public.

Limitations. Our employees, including executive officers, or any of our designated affiliates may have to satisfy one or more of the following service requirements before participating in our 2024 ESPP, as determined by the administrator: (1) customary employment with us or one of our affiliates for more than 20 hours per week and more than five months per calendar year, or (2) continuous employment with us or one of our affiliates for a minimum period of time, not to exceed two years, prior to the first date of an offering. An employee may not be granted rights to purchase stock under our 2024 ESPP if such employee (1) immediately after the grant would own stock possessing 5% or more of the total combined voting power or value of common stock, or (2) holds rights to purchase stock under our 2024 ESPP that would accrue at a rate that exceeds $25,000 worth of our stock for each calendar year that the rights remain outstanding.

Changes to Capital Structure. In the event that there occurs a change in our capital structure through such actions as a stock split, merger, consolidation, reorganization, recapitalization, reincorporation, stock dividend, dividend in property other than cash, large nonrecurring cash dividend, liquidating dividend, combination of shares, exchange of shares, change in corporate structure, or similar transaction, the board of directors will make appropriate adjustments to (1) the number of shares reserved under the 2024 ESPP, (2) the maximum number of shares by which the share reserve may increase automatically each year, (3) the number of shares and purchase price of all outstanding purchase rights, and (4) the number of shares that are subject to purchase limits under ongoing offerings.

Corporate Transactions. In the event of certain corporate transactions, any then-outstanding rights to purchase our Class A common stock under the 2024 ESPP may be assumed, continued, or substituted for by any surviving or acquiring entity (or its parent company). If the surviving or acquiring entity (or its parent company) elects not to assume, continue, or substitute for such purchase rights, then the participants’ accumulated payroll contributions will be used to purchase shares of our Class A common stock within 10 business days (or such other period specified by the administrator) prior to such corporate transaction, and such purchase rights will terminate immediately.

Under the 2024 ESPP, a corporate transaction is generally the consummation of: (1) a sale of all or substantially all of our assets, (2) the sale or disposition of more than 50% of our outstanding securities, (3) a merger or consolidation where we do not survive the transaction, and (4) a merger or consolidation where we do survive the transaction but the shares of our Class A common stock outstanding immediately before such transaction are converted or exchanged into other property by virtue of the transaction.

159

2024 ESPP Amendment or Termination. The administrator has the authority to amend or terminate our 2024 ESPP, provided that except in certain circumstances such amendment or termination may not materially impair any outstanding purchase rights without the holder’s consent. We will obtain stockholder approval of any amendment to our ESPP as required by applicable law or listing requirements.

Amended and Restated 2014 Stock Option and Grant Plan

Our board of directors adopted, and our stockholders approved, our 2014 Plan in January 2014. Our 2014 Plan was most recently amended in March 2024. No further stock awards will be granted under our 2014 Plan on or after the effectiveness of our 2024 Plan; however, awards outstanding under our 2014 Plan will continue to be governed by their existing terms.

Types of Awards. Our 2014 Plan allows us to grant ISOs, NSOs, restricted stock awards, unrestricted stock awards, RSU awards, or any combination thereof to eligible employees, directors, officers, consultants, and key persons of ours and any subsidiary of ours.

Authorized Shares. As of January 31, 2024, options to purchase 3,185,020 shares of our Class B common stock and 50,191,670 RSUs (including performance-based and market-based vesting RSUs) remained outstanding under our 2014 Plan and 6,254,868 shares of Class B common stock remained available for future issuance under our 2014 Plan. In the event that an outstanding option, RSU award, or other award for any reason expires or is canceled, the shares allocable to such award will be added to the number of shares then available for issuance under our 2024 Plan once approved by our stockholders. Any shares remaining available for issuance under our 2014 Plan at the time our 2024 Plan became effective will be available for issuance under our 2024 Plan.

Plan Administration. Our board of directors, or a committee appointed by our board of directors, acts as the administrator of our 2014 Plan. Our 2014 Plan provides that the board may delegate its authority to a committee consisting of two or more members of our board of directors. Subject to the terms and conditions of our 2014 Plan, the administrator has the authority to take any actions it deems advisable for the administration of our 2014 Plan. All decisions and interpretations of the administrator will be binding on all participants in our 2014 Plan.

Options. Stock options have been granted under our 2014 Plan. The per share exercise price of each option is determined by the administrator but may not be less than 100% of the fair market value of our Class B common stock on the date of grant, or 110% of the fair market value of our Class B common stock on the date of grant in the case of a grant of an ISO to an employee who owns or is deemed to own more than 10% of the combined voting power of all classes of our stock (or any parent or subsidiaries). The term of each option is fixed by the administrator but may not exceed 10 years from the date of grant. The administrator determines at what time or times each option may vest and/or become exercisable. After the termination of an optionee’s service relationship, the optionee may exercise his or her option, to the extent vested, for the period of time stated in his or her option agreement. Generally, if termination is due to death or disability, the option will remain exercisable for 12 months. In all other cases, the option will generally remain exercisable for three months following the termination of the service relationship. However, in no event may an option be exercised later than the expiration of its term.

Restricted Stock Unit Awards. RSU awards have been granted under our 2014 Plan. The administrator may award RSUs to participants subject to such conditions and restrictions as it may determine. These conditions and restrictions may include the achievement of certain performance goals and/or continued employment with us through a specified vesting period.

160

Changes to Capital Structure. In the event of a dividend, reorganization, reclassification, stock split, reverse stock split, or other similar change in our capital structure, the administrator will make appropriate adjustments to (1) the maximum number of shares reserved for future issuance under our 2014 Plan, (2) the number and kind of shares or other securities subject to each outstanding award, (3) the repurchase price, if any, for each share subject to an outstanding award, and (4) the exercise price of each outstanding stock option.

Sale Event. In the event of a sale event, the administrator has the discretion to arrange for the assumption or continuation of an award by the surviving or acquiring entity or for the substitution of the shares subject to the award for new awards or other awards with an equitable or proportionate adjustment as to the number and kind of shares and if appropriate, the per share exercise price, as we and the successor entity agree. In the event that a successor entity does not assume, continue, or substitute awards, the awards will terminate upon, or be forfeited immediately prior to, the effective time of the sale event. In addition to or in lieu of the foregoing, with respect to outstanding options that are exercisable or will become exercisable as a result of the sale event, the administrator may provide that the option must be exercised within a time period provided by the administrator otherwise such option will either terminate outright at the time of the sale event or terminate in exchange for a cash payment equal to the excess of the value of the consideration payable per share of our Class B common stock pursuant to the sale event times the number of shares subject to the stock options being canceled over the aggregate exercise price of such vested options. If not assumed, continued, or substituted, outstanding options that are not exercisable and will not become exercisable as a result of the sale event, and restricted shares and restricted stock units that will not become vested as a result of the sale event, will terminate or be forfeited upon the effective time of the sale event (in the event of forfeiture of restricted shares in connection with the sale event, we will repurchase such shares from the holder at a price equal to the original per share purchase price paid by the holder). If not assumed, continued, or substituted, the administrator may make or provide for a cash payment to holders of restricted shares and restricted stock unit awards that will become vested as a result of the sale event in exchange for the cancellation of such awards in an amount equal to the value of the consideration payable per share of our Class B common stock pursuant to the sale event times the number of shares subject to the awards that will vest.

Under our 2014 Plan, a sale event is generally (1) our dissolution or liquidation, (2) the sale of all or substantially all of our assets, (3) the consummation of a merger, reorganization, or consolidation pursuant to which the outstanding voting securities held by our stockholders immediately prior to the transaction represent less than a majority of the combined voting power of the outstanding voting securities of the surviving or acquiring entity after the transaction, (4) the acquisition of all or a majority of our outstanding voting stock by a person or group of persons, or (5) any other acquisition of our business, as determined by the administrator.

Transferability of Awards. Awards granted under our 2014 Plan generally may not be transferred or assigned in any manner other than by will or the laws of descent and distribution, unless otherwise permitted by the administrator.

Amendment; Termination. Our board of directors may terminate or amend our 2014 Plan at any time, provided that such action does not impair a participant’s rights under outstanding awards without such participant’s written consent. As noted above, in connection with this offering, our 2014 Plan will be terminated and no further awards will be granted thereunder. All outstanding awards will continue to be governed by their existing terms.

Limitations of Liability and Indemnification Matters

Immediately prior to the closing of this offering, our amended and restated certificate of incorporation will contain provisions that limit the liability of our current and former directors for

161

monetary damages to the fullest extent permitted by Delaware law. Delaware law allows a corporation to provide that its directors will not be personally liable for monetary damages for any breach of fiduciary duties as directors, except liability for:

•

any breach of the director’s duty of loyalty to the corporation or its stockholders;

•

any act or omission not in good faith or that involves intentional misconduct or a knowing violation of law;

•

unlawful payments of dividends or unlawful stock repurchases or redemptions; or

•

any transaction from which the director derived an improper personal benefit.

Such limitation of liability does not apply to liabilities arising under federal securities laws and does not affect the availability of equitable remedies such as injunctive relief or rescission.

Our amended and restated certificate of incorporation that will be in effect immediately prior to the closing of this offering will authorize us to indemnify our directors, officers, employees, and other agents to the fullest extent permitted by Delaware law. Our amended and restated bylaws that will be in effect immediately prior to the closing of this offering will provide that we are required to indemnify our directors and officers to the fullest extent permitted by Delaware law and may indemnify our other employees and agents. Our amended and restated bylaws that will be in effect immediately prior to the closing of this offering will also provide that, on satisfaction of certain conditions, we will advance expenses incurred by a director or officer in advance of the final disposition of any action or proceeding, and permit us to secure insurance on behalf of any officer, director, employee, or other agent for any liability arising out of his or her actions in that capacity regardless of whether we would otherwise be permitted to indemnify him or her under the provisions of Delaware law. We have entered into, or will enter into in connection with this offering, agreements to indemnify our directors and executive officers. With certain exceptions, these agreements provide for indemnification for related expenses including attorneys’ fees, judgments, fines, and settlement amounts incurred by any of these individuals in connection with any action, proceeding, or investigation. We believe that our amended and restated certificate of incorporation and these amended and restated bylaw provisions and indemnification agreements are necessary to attract and retain qualified persons as directors and officers. We also maintain customary directors’ and officers’ liability insurance.

The limitation of liability and indemnification provisions in our amended and restated certificate of incorporation and amended and restated bylaws may discourage stockholders from bringing a lawsuit against our directors for breach of their fiduciary duty. They may also reduce the likelihood of derivative litigation against our directors and officers, even though an action, if successful, might benefit us and other stockholders. Further, a stockholder’s investment may be adversely affected to the extent that we pay the costs of settlement and damage awards against directors and officers as required by these indemnification provisions.

Insofar as indemnification for liabilities arising under the Securities Act may be permitted for directors, executive officers, or persons controlling us, we have been informed that, in the opinion of the SEC, such indemnification is against public policy as expressed in the Securities Act and is therefore unenforceable.

162

CERTAIN RELATIONSHIPS AND RELATED PARTY TRANSACTIONS

Other than compensation arrangements for our directors and executive officers, which are described elsewhere in this prospectus, below we describe transactions since February 1, 2021 and each currently proposed transaction in which:

•

we have been or are to be a participant;

•

the amounts involved exceeded or will exceed $120,000; and

•

any of our directors, executive officers, or holders of more than 5% of our outstanding capital stock, or any immediate family member of, or person sharing the household with, any of these individuals or entities had or will have a direct or indirect material interest.

We believe the terms obtained or consideration that we paid or received, as applicable, in connection with the transactions described below were comparable to terms available or the amounts that would be paid or received, as applicable in arm’s length transactions.

Secondary Transactions

In May 2021 and June 2021, Arvind Jain, a holder of more than 5% of our outstanding capital stock, entered into stock transfer agreements with new and existing investors in our company pursuant to which he sold and transferred 29,500 and 40,000 shares of common stock at a price of $34.00 and $39.50 per share, respectively, for proceeds of approximately $1.0 million and $1.6 million, respectively. We waived our right of first refusal and the requisite stockholders waived their right of first refusal and right of co-sale in connection with the stock transfers described above.

In February 2021, Arvind Nithrakashyap entered into a stock transfer agreement with a new investor in our company pursuant to which he sold and transferred 208,334 shares of common stock at a price of $24.00 per share for aggregate proceeds of approximately $5.0 million. We waived our right of first refusal and the requisite stockholders waived their right of first refusal and right of co-sale in connection with the stock transfer described above.

In April 2022, Kiran Choudary entered into a stock transfer agreement with an existing investor in our company pursuant to which he sold and transferred 41,550 shares of common stock at a price of $40.00 per share for aggregate proceeds of approximately $1.7 million. We allowed our right of first refusal to expire in connection with the stock transfer described above.

In August 2023, Kiran Choudary entered into a stock transfer agreement with an existing investor in our company pursuant to which he sold and transferred 40,000 shares of common stock at a price of $30.00 per share for aggregate proceeds of $1.2 million. We allowed our right of first refusal to expire in connection with the stock transfer described above.

In October 2023, Kiran Choudary entered into a stock transfer agreement with an existing investor in our company pursuant to which he sold and transferred 20,000 shares of common stock at a price of $32.00 per share for aggregate proceeds of $640,000. We allowed our right of first refusal to expire in connection with the stock transfer described above.

Relationship with Confluera, Inc.

Mr. Sinha, our Chief Executive Officer and a member of our board of directors, was a co-founder and chairman of the board of directors of Confluera, Inc., or Confluera, a cloud cybersecurity and response company. Pursuant to a service vendor agreement with Confluera, we made payments to Confluera of $124,640 during fiscal 2022. Our agreement with Confluera was negotiated in the ordinary course of business.

163

Relationship with Glean Technologies, Inc.

Since April 2021, we paid Glean Technologies, Inc., or Glean, $356,000 in connection with a purchase of Glean’s product. Arvind Jain, the founder and the Chief Executive Officer of Glean, is a holder of more than 5% of our outstanding capital stock and Mr. Mhatre, one of our directors, is a member of Glean’s board of directors and entities affiliated with Lightspeed hold more than 10% ownership interest in Glean. Our agreement with Glean was negotiated in the ordinary course of business.

Relationship with Abnormal Security Corp.

Mr. Chandna, a member of our board of directors and a Partner at Greylock, currently sits on the board of directors of Abnormal Security Corp., or Abnormal, a cloud email security company. Entities affiliated with Greylock, which holds greater than 5% of our outstanding capital stock, hold more than 10% ownership interest in Abnormal. Pursuant to a service vendor agreement with Abnormal, we have made payments to Abnormal of $396,127 since February 2021. Our agreement with Abnormal was negotiated in the ordinary course of business.

Investor Rights Agreement

We are party to an amended and restated investor rights agreement, or IRA, with certain holders of our capital stock, including Mr. Sinha, our Chief Executive Officer; Mr. Nithrakashyap, our Chief Technology Officer; Mr. Jain, a holder of more than 5% of our outstanding capital stock; entities affiliated with Lightspeed, which holds greater than 5% of our outstanding capital stock and are affiliated with our director, Mr. Mhatre; entities affiliated with Greylock, which holds great than 5% of our outstanding capital stock and are affiliated with our director, Mr. Chandna; and entities affiliated with our director, Mr. Salem, as well as other holders of our redeemable convertible preferred stock. The IRA provides certain holders of our redeemable convertible preferred stock with certain registration rights, including the right to demand that we file a registration statement or request that their shares be covered by a registration statement that we are otherwise filing. The IRA also provides certain of these stockholders with information rights, which will terminate on the closing of this offering, and a right of first refusal with regard to certain issuances of our capital stock, which will not apply to, and will terminate on, the closing of this offering. For a description of these registration rights, see the section titled “Description of Capital Stock—Registration Rights.”

Voting Agreements

We are party to voting agreements under which certain holders of our capital stock, including our Chief Executive Officer and director, Mr. Sinha; our Chief Technology Officer and director, Mr. Nithrakashyap; entities affiliated with Lightspeed, which holds greater than 5% of our outstanding capital stock and are affiliated with our director, Mr. Mhatre; entities affiliated with Greylock, which holds greater than 5% of our outstanding capital stock and are affiliated with our director, Mr. Chandna; and entities affiliated with our director, Mr. Salem, have agreed as to the manner in which they will vote their shares of our capital stock on certain matters, including with respect to the election of directors. This agreement will terminate upon the closing of this offering, and thereafter none of our stockholders will have any special rights regarding the election or designation of members of our board of directors.

Right of First Refusal

Pursuant to our equity compensation plans and certain agreements with our stockholders, including a right of first refusal and co-sale agreement with certain holders of our capital stock, including our Chief Executive Officer and director, Mr. Sinha; our Chief Technology Officer and director Mr. Nithrakashyap; entities affiliated with Lightspeed, which holds greater than 5% of our outstanding capital stock and are

164

affiliated with our director, Mr. Mhatre; entities affiliated with Greylock, which holds greater than 5% of our outstanding capital stock and are affiliated with our director, Mr. Chandna; and entities affiliated with our director, Mr. Salem, we or our assignees have a right to purchase shares of our capital stock which stockholders propose to sell in certain circumstances to other parties. This right will terminate upon the closing of this offering. Since February 1, 2021, we have allowed our right of first refusal in connection with the sale of certain shares of our capital stock, including sales by certain of our executive officers, resulting in the purchase of such shares by certain of our stockholders, including related parties, to expire.

Directed Share Program

At our request, the underwriters have reserved up to 5% of the shares of Class A common stock offered by this prospectus, for sale at the initial public offering price per share through a directed share program to certain persons identified by our management, which may include certain parties we have a business relationship with and friends and family of management. See the section titled “Underwriting (Conflicts of Interest)—Directed Share Program.”

Indemnification Agreements

Our amended and restated certificate of incorporation that will be in effect immediately prior to the closing of this offering will contain provisions limiting the liability of directors, and our amended and restated bylaws that will be in effect on the closing of this offering will provide that we will indemnify each of our directors and officers to the fullest extent permitted under Delaware law. Our amended and restated certificate of incorporation and amended and restated bylaws that will be in effect on the closing of this offering will also provide our board of directors with discretion to indemnify our employees and other agents when determined appropriate by the board. In addition, we have entered or will enter into an indemnification agreement with each of our directors and executive officers, which requires us to indemnify them in certain circumstances. For more information regarding these agreements, see the section titled “Executive Compensation—Limitations of Liability and Indemnification Matters.”

Policies and Procedures for Related Person Transactions

Our board of directors has adopted a related person transactions policy setting forth the policies and procedures for the identification, review, and approval or ratification of related person transactions. This policy covers, with certain exceptions set forth in Item 404 of Regulation S-K under the Securities Act, any transaction, arrangement, or relationship, or any series of similar transactions, arrangements, or relationships, in which we and a related person were or will be participants and the amount involved exceeds $120,000, including purchases of goods or services by or from the related person or entities in which the related person has a material interest, indebtedness, and guarantees of indebtedness. In reviewing and approving any such transactions, our audit committee will consider all relevant facts and circumstances as appropriate, such as the purpose of the transaction, the availability of other sources of comparable offerings or services, whether the transaction is on terms comparable to those that could be obtained in an arm’s length transaction, management’s recommendation with respect to the proposed related person transaction, and the extent of the related person’s interest in the transaction.

165

PRINCIPAL STOCKHOLDERS

The following table sets forth information with respect to the beneficial ownership of our capital stock as of January 31, 2024, and as adjusted to reflect the sale of Class A common stock offered by us in this offering assuming no exercise of the underwriters’ option to purchase additional shares, for:

•

each of our named executive officers;

•

each of our directors;

•

all of our executive officers and directors as a group; and

•

each person or group of affiliated persons known by us to beneficially own more than 5% of our Class A common stock and/or Class B common stock.

We have determined beneficial ownership in accordance with the rules and regulations of the SEC, and the information is not necessarily indicative of beneficial ownership for any other purpose. Except as indicated by the footnotes below, we believe, based on information furnished to us, that the persons and entities named in the table below have sole voting and sole investment power with respect to all shares that they beneficially own, subject to applicable community property laws.

Applicable percentage ownership before the offering is based on 163,046,971 shares of Class B common stock outstanding as of January 31, 2024, assuming the automatic conversion of (i) 74,182,559 shares of our redeemable convertible preferred stock outstanding as of January 31, 2024 into an equal number shares of our Class B common stock, (ii) 5,400,000 shares of our convertible founders stock outstanding as of January 31, 2024 into an equal number of shares of Class B common stock, and (iii) the vesting of 27,601,683 RSUs, for which the service-based condition was satisfied as of January 31, 2024 and for which the performance-based condition, if applicable, will be satisfied in connection with this offering. Applicable percentage ownership after the offering is based on 23,500,000 shares of Class A common stock and 152,432,212 shares of Class B common stock outstanding immediately after the closing of this offering, assuming no exercise by the underwriters of their option to purchase additional shares, and the net issuance of 16,986,924 shares of Class B common stock in connection with the RSU Net Settlement, after withholding 12,875,699 shares to satisfy estimated tax withholding and remittance obligations (based on the initial public offering price of $32.00 per share set forth on the cover page of this prospectus, and an assumed 44.5% tax withholding rate).

In computing the number of shares beneficially owned by a person and the percentage ownership of such person, we deemed to be outstanding all shares subject to options held by the person that are currently exercisable, or exercisable within 60 days of January 31, 2024 or issuable pursuant to RSUs that are subject to vesting and settlement conditions expected to occur within 60 days of January 31, 2024, including the performance-based condition, which was satisfied upon the effectiveness of the registration statement of which this prospectus forms a part, and after giving effect to the RSU Net Settlement. However, except as described above, we did not deem such shares outstanding for the purpose of computing the percentage ownership of any other person. In addition, the actual share withholding or repurchase and cancellation amounts, as applicable, and related tax withholding rates will fluctuate based on each holder’s individual tax circumstances.

166

Unless otherwise indicated, the address of each beneficial owner listed below is c/o Rubrik, Inc., 3495 Deer Creek Road, Palo Alto, California 94304.


	Shares Beneficially Owned Prior to this Offering						Shares Beneficially Owned Following this Offering
	Class B common stock				% of Total Voting Power†		Class A common stock				Class B common stock				% of Total Voting Power†
Name of Beneficial Owner	Shares		%		% of Total Voting Power†		Shares		%		Shares		%		% of Total Voting Power†
5% or greater stockholders:
Entities affiliated with Lightspeed⁽¹⁾		38,984,426		23.9		23.9		—		—		38,984,426		25.6		25.4
Entities affiliated with Greylock Partners⁽²⁾		19,895,317		12.2		12.2		—		—		19,895,317		13.1		13.0
Bipul Sinha		12,342,646		7.6		7.6		—		—		12,342,646		8.1		8.0
Arvind Jain		11,404,364		7.0		7.0		—		—		11,404,364		7.5		7.4
Arvind Nithrakashyap⁽³⁾		10,896,392		6.7		6.7		—		—		10,896,392		7.1		7.1
Named executive officers and directors:
Bipul Sinha		12,342,646		7.6		7.6		—		—		12,342,646		8.1		8.0
Arvind Nithrakashyap⁽³⁾		10,896,392		6.7		6.7		—		—		10,896,392		7.1		7.1
Kiran Choudary⁽⁴⁾		996,788		*		*		—		—		996,788		*		*
Brian McCarthy⁽⁵⁾		775,000		*		*		—		—		775,000		*		*
Mark D. McLaughlin⁽⁶⁾		37,894		*		*		—		—		37,894		*		*
Ravi Mhatre⁽⁷⁾		38,984,426		23.9		23.9		—		—		38,984,426		25.6		25.4
Asheem Chandna⁽⁸⁾		19,895,317		12.2		12.2		—		—		19,895,317		13.1		13.0
Enrique Salem⁽⁹⁾		2,495,498		1.5		1.5		—		—		2,495,498		1.6		1.6
John W. Thompson⁽¹⁰⁾		1,119,392		*		*		—		—		1,119,392		*		*
R. Scott Herren⁽¹¹⁾		49,998		*		*		—		—		49,998		*		*
Yvonne Wassenaar⁽¹²⁾		33,332		*		*		—		—		33,332		*		*
All current executive officer and directors as a group (11 persons)⁽¹³⁾		87,626,683		53.0		53.0		—		—		87,626,683		56.7		56.3

*	Represents beneficial ownership of less than 1%.

†

Represents the voting power with respect to all shares of our Class A common stock and Class B common stock, voting as a single class. Each share of Class A common stock will be entitled to one vote per share, and each share of Class B common stock will be entitled to 20 votes per share. The Class A common stock and Class B common stock will vote together on all matters (including the election of directors) submitted to a vote of stockholders, except under limited circumstances described in “Description of Capital Stock—Class A Common Stock and Class B Common Stock—Voting Rights.”

⁽¹⁾

Represents (i) 17,759,816 shares held of record by Lightspeed Venture Partners IX, L.P., or Lightspeed IX; (ii) 8,015,457 shares held of record by Lightspeed SPV I, LLC, or Lightspeed SPV I; (iii) 5,094,719 shares held of record by Lightspeed SPV I-B, LLC, or Lightspeed SPV I-B; (iv) 3,566,303 shares held of record by Lightspeed SPV I-C, LLC, or Lightspeed SPV I-C; (v) 4,123,410 shares held of record by Lightspeed Venture Partners Select II, L.P., or Lightspeed Select II; (vi) 406,637 shares held of record by Lightspeed Venture Partners X, L.P., or Lightspeed X; and (vii) 18,084 shares held of record by Lightspeed Affiliates X, L.P., or Lightspeed Affiliates X. Lightspeed Ultimate General Partner IX, Ltd., or LUGP IX, serves as the sole general partner of Lightspeed General Partner IX, L.P., or LGP IX, which serves as the sole general partner of Lightspeed IX. Barry Eggers, Ravi Mhatre, and Peter Nieh are directors of LUGP IX and share voting and dispositive power over the shares held by Lightspeed IX. LS SPV Management, LLC, or LS SPV, serves as the sole manager of each of Lightspeed SPV I, Lightspeed SPV I-B, and Lightspeed SPV I-C. Messrs. Eggers, Mhatre, and Nieh are managing members of LS SPV and share voting and dispositive power over the shares held by each of Lightspeed SPV I, Lightspeed SPV I-B, and Lightspeed SPV I-C. Lightspeed Ultimate General Partner Select II, Ltd., or LUGP Select II, serves as the sole general partner of Lightspeed General Partner Select II, L.P., or LGP Select II, which serves as the sole general partner of Lightspeed Select II. Messrs. Eggers, Mhatre, and Nieh are directors of LUGP Select II and share voting and dispositive power over the shares held by Lightspeed Select II. Lightspeed Ultimate General Partner X, Ltd., or LUGP X, serves as the sole general partner of each of Lightspeed General Partner X, L.P., or LGP X, which serves as the sole general partner of Lightspeed X and Lightspeed Affiliates X. Messrs. Eggers, Mhatre, and Nieh are

directors of LUGP X and share voting and dispositive power over the shares held by each of Lightspeed X and Lightspeed Affiliates X. The address for Lightspeed Venture Partners is 2200 Sand Hill Road, Menlo Park, California 94025.

167

⁽²⁾

Represents (i) 17,905,789 shares held of record by Greylock XIV Limited Partnership, or Greylock XIV LP; (ii) 994,764 shares held of record by Greylock XIV-A Limited Partnership, or Greylock XIV-A LP; and (iii) 994,764 shares of record held by Greylock XIV Principals LLC, or Greylock XIV Principals. Greylock XIV GP LLC, or Greylock XIV GP, is the general partner of Greylock XIV and Greylock XIV-A, and the manager of Greylock XIV Principals. Greylock XIV GP may be deemed to share voting and dispositive power with regard to the shares held directly by Greylock XIV LP, Greylock XIV-A LP, and Greylock XIV Principals and may be deemed to have indirect beneficial ownership of an indeterminate number of such shares. William W. Helman, Reid Hoffman, David Sze, Donald Sullivan, and Asheem Chandna share voting and investment power over the shares held by the Greylock XIV LP, Greylock XIV-A LP, and Greylock XIV Principals. The address for these entities is 2550 Sand Hill Road, Menlo Park, California 94025.

⁽³⁾	Represents (i) 10,696,392 shares held of record by Mr. Nithrakashyap; and (ii) 200,000 shares held of record by Arvind Nithrakashyap, as Trustee of the Nithrakashyap/Chatterjee Revocable Trust, of which Mr. Nithrakashyap is trustee and shares voting and dispositive power with his spouse.

⁽⁴⁾

Represents (i) 98,450 shares subject to options exercisable within 60 days of January 31, 2024, all of which are vested as of such date; (ii) 769,275 shares issuable upon settlement of RSUs for which the service-based condition has been satisfied and for which the performance-based condition will be satisfied in connection with this offering; and (iii) 129,063 shares that may be acquired upon the settlement of outstanding RSUs within 60 days of January 31, 2024.

⁽⁵⁾

Represents (i) 662,500 shares issuable upon settlement of RSUs for which the service-based condition has been satisfied and for which the performance-based condition will be satisfied in connection with this offering; and (ii) 112,500 shares that may be acquired upon the settlement of outstanding RSUs within 60 days of January 31, 2024.

⁽⁶⁾

Represents (i) 21,228 shares held of record by McLaughlin Revocable Living Trust, of which Mr. McLaughlin is a co-trustee and shares voting and dispositive power with his spouse; and (ii) 16,666 shares issuable upon settlement of RSUs for which the service-based condition has been satisfied and for which the performance-based condition will be satisfied in connection with this offering.

⁽⁷⁾	Represents the shares listed in footnote (1). Mr. Mhatre, one of our directors, is a partner of Lightspeed Venture Partners and may be deemed to exercise voting and investment discretion with respect to such shares.

⁽⁸⁾	Represents the shares listed in footnote (2). Mr. Chandna, one of our directors, is a partner at Greylock Partners and, may be deemed to exercise voting and investment discretion with respect to such shares.

⁽⁹⁾

Represents (i) 1,205,442 shares held of record by Bain Capital Venture Coinvestment Fund II, L.P., or Venture Coinvestment Fund II, (ii) 1,195,844 shares held of record by Bain Capital Venture Fund 2019, L.P., or BCV Fund 2019, (iii) 48,218 shares held of record by BCV 2019-MD Coinvestment II, L.P., or BCV-2019 MD Coinvestment, and (iv) 45,994 shares held of record by BCV 2019-MD Primary, L.P., or BCV 2019-MD Primary. Bain Capital Venture Investors, LLC, or BCVI is the manager of Bain Capital Venture Coinvestment II Investors, LLC, which is a general partner of Venture Coinvestment Fund II and BCV 2019-MD Coinvestment. BCVI is a manager of Bain Capital Venture Investors 2019, LLC, which is the general partner of BCV Fund 2019 and BCV 2019-MD Primary. The governance, investment strategy and decision-making process with respect to the investments held by Venture Coinvestment Fund II, BCV Fund 2019, BCV-2019 MD Coinvestment and BCV 2019-MD Primary is directed by the Executive Committee of BCVI, which consists of Enrique Salem and Ajay Agarwal. As a result, BCVI and Messrs. Salem and Agarwal may be deemed to share voting and dispositive power with respect to the securities held by Venture Coinvestment Fund II, BCV Fund 2019, BCV-2019 MD Coinvestment and BCV 2019-MD Primary. The address for these entities is 200 Clarendon Street, Boston, Massachusetts 02116.

⁽¹⁰⁾

Represents (i) 853,447 shares held of record by John and Sandra Thompson Trust, of which Mr. Thompson is a co-trustee and shares voting and dispositive power with his spouse; (ii) 165,946 shares subject to options that are exercisable within 60 days of January 31, 2024, all of which are vested as of such date; and (iii) 99,999 shares issuable upon settlement of RSUs for which the service-based condition has been satisfied and for which the performance-based condition will be satisfied in connection with this offering.

⁽¹¹⁾	Represents 49,998 shares issuable upon settlement of RSUs for which the service-based condition has been satisfied and for which the performance-based condition will be satisfied in connection with this offering.

⁽¹²⁾	Represents 33,332 shares issuable upon settlement of RSUs for which the service-based condition has been satisfied and for which the performance-based condition will be satisfied in connection with this offering.

⁽¹³⁾

Represents (i) 85,488,954 shares beneficially owned by our current executive officers and directors as a group; (ii) 264,396 shares subject to options exercisable within 60 days of January 31, 2024, all of which are vested as of such date; (iii) 1,631,770 shares issuable upon settlement of RSUs for which the service-based condition has been satisfied and for which the performance-based condition will be satisfied in connection with this offering; and (iv) 241,563 shares that may be acquired upon the settlement of outstanding RSUs within 60 days of January 31, 2024.

168

DESCRIPTION OF CAPITAL STOCK

General

The following is a summary of the rights of our capital stock and some of the provisions of our amended and restated certificate of incorporation and amended and restated bylaws, which will each become effective immediately prior to the closing of this offering, the investor rights agreement and relevant provisions of Delaware General Corporation Law. The descriptions herein are qualified in their entirety by our amended and restated certificate of incorporation, amended and restated bylaws, and investor rights agreement, copies of which have been filed as exhibits to the registration statement of which this prospectus is a part, as well as the relevant provisions of Delaware General Corporation Law.

Immediately prior to the closing of this offering, our authorized capital stock will consist of 1,300,000,000 shares, all with a par value of $0.000025 per share, of which:

•

1,070,000,000 shares are designated as Class A common stock;

•

210,000,000 shares are designated as Class B common stock; and

•

20,000,000 shares are designated as preferred stock.

As of January 31, 2024, we had no shares of Class A common stock, 55,862,729 shares of Class B common stock, 5,400,000 shares of convertible founders stock, and 74,182,559 shares of redeemable convertible preferred stock outstanding. After giving effect to (i) the automatic conversion of all outstanding shares of redeemable convertible preferred stock and convertible founders stock outstanding as of January 31, 2024 into shares of Class B common stock immediately prior to the closing of this offering, and (ii) the net issuance of 16,986,924 shares of Class B common stock in connection with the RSU Net Settlement, after withholding 12,875,699 shares to satisfy estimated tax withholding and remittance obligations (based on the initial public offering price of $32.00 per share, and an assumed 44.5% tax withholding rate), there would have been 152,432,212 shares of Class B common stock outstanding on the date of this prospectus held by 4,327 stockholders of record.

Class A Common Stock and Class B Common Stock

All issued and outstanding shares of our Class A common stock and Class B common stock will be duly authorized, validly issued, fully paid, and non-assessable. All authorized but unissued shares of our Class A common stock and Class B common stock will be available for issuance by our board of directors without any further stockholder action, except as required by the listing standards of the NYSE. The rights of our Class A common stock and Class B common stock are identical, except with respect to voting, conversion, and transfer rights.

Voting Rights

The Class A common stock is entitled to one vote per share on any matter that is submitted to a vote of our stockholders. Holders of our Class B common stock are entitled to 20 votes per share on any matter submitted to our stockholders. Holders of shares of Class A common stock and Class B common stock will vote together as a single class on all matters (including the election of directors) submitted to a vote of stockholders, unless otherwise required by Delaware law.

Under Delaware law, holders of our Class A common stock or Class B common stock would be entitled to vote as a separate class if a proposed amendment to our amended and restated certificate of incorporation would increase or decrease the aggregate number of authorized shares of such class, increase or decrease the par value of the shares of such class, or alter or change the powers,

169

preferences, or special rights of the shares of such class so as to affect them adversely. As a result, in these limited instances, the holders of a majority of the Class A common stock could defeat any amendment to our amended and restated certificate of incorporation. For example, if a proposed amendment of our amended and restated certificate of incorporation provided for the Class A common stock to rank junior to the Class B common stock with respect to (1) any dividend or distribution, (2) the distribution of proceeds were we to be acquired, or (3) any other right, Delaware law would require the vote of the Class A common stock. In this instance, the holders of a majority of Class A common stock could defeat that amendment to our amended and restated certificate of incorporation.

Our amended and restated certificate of incorporation that will be in effect immediately prior to the closing of this offering will not provide for cumulative voting for the election of directors.

Economic Rights

Except as otherwise will be expressly provided in our amended and restated certificate of incorporation that will be in effect immediately prior to the closing of this offering or required by applicable law, all shares of Class A common stock and Class B common stock will have the same rights and privileges and rank equally, share ratably, and be identical in all respects for all matters, including those described below.

Dividends and Distributions

Subject to preferences that may apply to any shares of preferred stock outstanding at the time, the holders of Class A common stock and Class B common stock will be entitled to share equally, identically, and ratably, on a per share basis, with respect to any dividend or distribution of cash or property paid or distributed by the company, unless different treatment of the shares of the affected class is approved by the affirmative vote of the holders of a majority of the outstanding shares of such affected class, voting separately as a class. See the section titled “Dividend Policy” for additional information.

Liquidation Rights

On our liquidation, dissolution, or winding-up, the holders of Class A common stock and Class B common stock will be entitled to share equally, identically, and ratably in all assets remaining after the payment of any liabilities, liquidation preferences, and accrued or declared but unpaid dividends, if any, with respect to any outstanding preferred stock, unless a different treatment is approved by the affirmative vote of the holders of a majority of the outstanding shares of such affected class, voting separately as a class.

Change of Control Transactions

The holders of Class A common stock and Class B common stock will be treated equally and identically with respect to shares of Class A common stock or Class B common stock owned by them, unless different treatment of the shares of each class is approved by the affirmative vote of the holders of a majority of the outstanding shares of the class treated differently, voting separately as a class, on (a) the closing of the sale, transfer, or other disposition of all or substantially all of our assets, (b) the consummation of a consolidation, merger, or reorganization which results in our voting securities outstanding immediately before the transaction (or the voting securities issued with respect to our voting securities outstanding immediately before the transaction) representing less than a majority of the combined voting power of the voting securities of the company or the surviving or acquiring entity, or (c) the closing of the transfer (whether by merger, consolidation, or otherwise), in one transaction or a series of related transactions, to a person or group of affiliated persons of securities of the company if, after closing, the transferee person or group would hold 50% or more of the outstanding voting

170

power of the company (or the surviving or acquiring entity). However, consideration to be paid or received by a holder of common stock in connection with any such assets sale, consolidation, merger, or reorganization under any employment, consulting, severance, or other compensatory arrangement will be disregarded for the purposes of determining whether holders of common stock are treated equally and identically.

Subdivisions and Combinations

If we subdivide or combine in any manner outstanding shares of Class A common stock or Class B common stock, the outstanding shares of the other class will be subdivided or combined in the same proportion and manner.

No Preemptive or Similar Rights

Our Class A common stock and Class B common stock are not entitled to preemptive rights, and are not subject to conversion, redemption, or sinking fund provisions, except for the conversion provisions with respect to the Class B common stock described below.

Conversion

Each outstanding share of Class B common stock is convertible at any time at the option of the holder into one share of Class A common stock. In addition, each share of Class B common stock will convert automatically into one share of Class A common stock upon any transfer, whether or not for value, which occurs after the completion of this offering, except for certain permitted transfers set forth in our amended and restated certificate of incorporation, including, but not limited to, transfers to certain trusts for estate planning purposes and entities under common control with or controlled by such holder of our Class B common stock. Once converted into Class A common stock, the Class B common stock will not be reissued.

All of the outstanding shares of Class B common stock will convert automatically into shares of Class A common stock upon the earliest to occur following this offering: (i) the date fixed by our board of directors that is no less than 61 days and no more than 180 days following the date on which the outstanding shares of Class B common stock represent less than 5% of the then outstanding shares of Class A and Class B common stock; (ii) the tenth anniversary of this offering; (iii) the date fixed by our board of directors that is no less than 61 days and no more than 180 days following the date on which Mr. Sinha is no longer providing services to Rubrik as an officer, employee, or director; (iv) the date fixed by our board of directors that is no less than 61 days and no more than 180 days following the death or incapacity of Mr. Sinha; or (v) the date specified by a vote of the holders of a majority of the outstanding shares of Class B common stock.

Fully Paid and Non-Assessable

In connection with this offering, our legal counsel will opine that the shares of our Class A common stock to be issued under this offering will be fully paid and non-assessable.

Preferred Stock

As of January 31, 2024, there were 74,182,559 shares of redeemable convertible preferred stock outstanding. Immediately prior to the closing of this offering, each outstanding share of redeemable convertible preferred stock will convert into one share of Class B common stock. Upon the closing of this offering, our board of directors may, without further action by our stockholders, fix the rights, preferences, privileges, and restrictions of up to an aggregate of 20,000,000 shares of preferred stock

171

in one or more series and authorize their issuance. These rights, preferences, and privileges could include dividend rights, conversion rights, voting rights, terms of redemption, liquidation preferences, sinking fund terms, and the number of shares constituting any series or the designation of such series, any or all of which may be greater than the rights of our common stock. The issuance of our preferred stock could adversely affect the voting power of holders of our common stock, and the likelihood that such holders will receive dividend payments and payments upon liquidation. In addition, the issuance of preferred stock could have the effect of delaying, deferring, or preventing a change of control or other corporate action. Upon the closing of this offering, no shares of preferred stock will be outstanding, and we have no present plan to issue any shares of preferred stock.

Founders Stock

As of January 31, 2024, there were 5,400,000 shares of convertible founders stock outstanding. Immediately prior to the closing of this offering, each outstanding share of convertible founders stock will convert into one share of Class B common stock. Each share of convertible founders stock is convertible into convertible preferred stock if purchased by an investor in conjunction with a round of preferred stock financing. If otherwise transferred or sold, each share of convertible founders stock is convertible into Class B common stock, except in the case of certain permitted transfers. Upon the closing of this offering, no shares of convertible founders stock will be outstanding.

Options

As of January 31, 2024, there were options to purchase an aggregate of 3,185,020 shares of Class B common stock outstanding under our equity compensation plans, with a weighted-average exercise price of $6.23 per share.

Restricted Stock Units

As of date of this prospectus, there were 59,159,085 RSUs for shares of Class B common stock outstanding. In connection with this offering, we will issue a number of new shares of Class B common stock in connection with the vesting and settlement of certain outstanding RSUs subject to service-based and performance-based conditions for which the service-based condition was or will be fully or partially satisfied prior to this offering and the performance-based condition was satisfied upon the effectiveness of the registration statement of which this prospectus forms a part, after giving effect to the net issuance of 16,986,924 shares of our Class B common stock in connection with the RSU Net Settlement, after withholding 12,875,699 shares to satisfy estimated tax withholding and remittance obligations (based on the initial public offering price of $32.00 per share, and an assumed 44.5% tax withholding rate). All remaining RSUs will become an equivalent number of shares of Class B common stock subject to outstanding RSUs under our 2014 Plan immediately prior to the closing of this offering.

Registration Rights

Our IRA provides that certain holders of our redeemable convertible preferred stock, our convertible founders stock, and our Class A common stock have certain registration rights as set forth below. The registration of shares of our common stock by the exercise of registration rights described below would enable the holders to sell these shares without restriction under the Securities Act when the applicable registration statement is declared effective. We will pay the registration expenses, other than underwriting discounts and commissions, of the shares registered by the demand, piggyback, and Form S-3 registrations described below.

172

Generally, in an underwritten offering, the managing underwriter, if any, has the right, subject to specified conditions, to limit the number of shares such holders may include. The demand, piggyback, and Form S-3 registration rights described below will expire five years after the closing of this offering, or with respect to any particular stockholder, such time after the closing of this offering that such stockholder can sell all of its shares entitled to registration rights under Rule 144 of the Securities Act during any 90-day period.

Demand Registration Rights

The holders of an aggregate of 74,182,559 shares of our Class B common stock will be entitled to certain demand registration rights. At any time beginning six months after the effective date of the registration statement of which this prospectus forms a part, certain holders of these shares may request that we register all or a portion of the registrable shares. We are obligated to effect only two such registrations. Such request for registration must cover at least that number of registrable shares as would have an anticipated aggregate offering price of at least $15.0 million.

Piggyback Registration Rights

In connection with this offering, the holders of an aggregate of 79,582,559 shares of our Class B common stock were entitled to, and the necessary percentage of holders waived, their rights to notice of this offering and to include their shares of registrable securities in this offering. After this offering, in the event that we propose to register any of our securities under the Securities Act, either for our own account or for the account of other security holders, the holders of these shares will be entitled to certain piggyback registration rights allowing the holder to include their shares in such registration, subject to certain marketing and other limitations. As a result, whenever we propose to file a registration statement under the Securities Act, other than with respect to (i) a registration relating to the demand registration rights set forth above, (ii) a registration relating solely to the issuance of securities by us or a subsidiary pursuant to a stock option, stock purchase, or similar plan, (iii) a registration relating to a corporate reorganization or transaction under Rule 145 of the Securities Act, (iv) a registration on any form that does not include substantially the same information as would be required to be included in a registration statement covering the sale of the shares held by the holders, or (v) a registration in which the only common stock being registered is common stock issued upon conversion of debt securities that are also being registered, the holders of these shares are entitled to notice of the registration, and have the right to include their shares in the registration, subject to limitations that the underwriters may impose on the number of shares included in the offering.

Form S-3 Registration Rights

The holders of an aggregate of 74,182,559 shares of Class B common stock will be entitled to certain Form S-3 registration rights. At any time after the effective date of the registration statement of which this prospectus forms a part, the holders of these shares can make a request that we register their shares on Form S-3 if we are qualified to file a registration statement on Form S-3 and if the anticipated aggregate price of the shares offered would be at least $1.0 million. We will not be required to effect more than two registrations on Form S-3 within any 12-month period.

Anti-Takeover Effects of Delaware Law and Our Certificate of Incorporation and Bylaws

Some provisions of Delaware law, our amended and restated certificate of incorporation, and our amended and restated bylaws contain or will contain provisions that could make the following transactions more difficult: an acquisition of us by means of a tender offer, a proxy contest or otherwise; or the removal of our incumbent officers and directors. It is possible that these provisions

173

could make it more difficult to accomplish or could deter transactions that stockholders may otherwise consider to be in their best interest or in our best interests, including transactions which provide for payment of a premium over the market price for our shares.

These provisions, summarized below, are intended to discourage coercive takeover practices and inadequate takeover bids. These provisions are also designed to encourage persons seeking to acquire control of us to first negotiate with our board of directors. We believe that the benefits of the increased protection of our potential ability to negotiate with the proponent of an unfriendly or unsolicited proposal to acquire or restructure us outweigh the disadvantages of discouraging these proposals because negotiation of these proposals could result in an improvement of their terms.

Preferred Stock

Our board of directors will have the authority, without further action by our stockholders, to issue up to 20,000,000 shares of undesignated preferred stock with rights and preferences, including voting rights, designated from time to time by our board of directors. The existence of authorized but unissued shares of preferred stock would enable our board of directors to render more difficult or to discourage an attempt to obtain control of us by means of a merger, tender offer, proxy contest, or other means.

Stockholder Meetings

Our amended and restated bylaws will provide that a special meeting of stockholders may be called only by our chairperson, chief executive officer, or by a resolution adopted by a majority of our board of directors.

Requirements for Advance Notification of Stockholder Nominations and Proposals

Our amended and restated bylaws will establish advance notice procedures with respect to stockholder proposals to be brought before a stockholder meeting and the nomination of candidates for election as directors, other than nominations made by or at the direction of the board of directors, or a committee of the board of directors.

Elimination of Stockholder Action by Written Consent

Our amended and restated certificate of incorporation and amended and restated bylaws will eliminate the right of stockholders to act by written consent without a meeting.

Staggered Board

Our board of directors will be divided into three classes. The directors in each class will serve for a three-year term, one class being elected each year by our stockholders by a plurality of the votes cast. For more information on the classified board, see the section titled “Management—Composition of our Board of Directors.” This system of electing and removing directors may tend to discourage a third-party from making a tender offer or otherwise attempting to obtain control of us, because it generally makes it more difficult for stockholders to replace a majority of the directors.

Removal of Directors

Our amended and restated certificate of incorporation will provide that no member of our board of directors may be removed from office by our stockholders except for cause and, in addition to any other vote required by law, upon the approval of at least 66 2/3% of the total voting power of all of our outstanding voting stock then entitled to vote in the election of directors.

174

Stockholders Not Entitled to Cumulative Voting

Our amended and restated certificate of incorporation will not permit stockholders to cumulate their votes in the election of directors. Accordingly, the holders of a majority of the outstanding shares of our common stock entitled to vote in any election of directors can elect all of the directors standing for election, if they choose, other than any directors that holders of our preferred stock (if any) may be entitled to elect.

Delaware Anti-Takeover Statute

We are subject to Section 203 of the Delaware General Corporation Law, which prohibits persons deemed to be “interested stockholders” from engaging in a “business combination” with a publicly held Delaware corporation for three years following the date these persons become interested stockholders unless the business combination is, or the transaction in which the person became an interested stockholder was, approved in a prescribed manner or another prescribed exception applies. Generally, an “interested stockholder” is a person who, together with affiliates and associates, owns, or within three years prior to the determination of interested stockholder status did own, 15% or more of a corporation’s voting stock. Generally, a “business combination” includes a merger, asset or stock sale, or other transaction resulting in a financial benefit to the interested stockholder. The existence of this provision may have an anti-takeover effect with respect to transactions not approved in advance by the board of directors.

Choice of Forum

Our amended and restated certificate of incorporation to be effective immediately prior to the closing of this offering will provide that the Court of Chancery of the State of Delaware (or, if and only if the Court of Chancery of the State of Delaware lacks subject matter jurisdiction, any state court located within the State of Delaware or, if and only if all such state courts lack subject matter jurisdiction, the federal district court for the District of Delaware) is the sole and exclusive forum for the following types of actions or proceedings under Delaware statutory or common law: (1) any derivative action or proceeding brought on our behalf; (2) any action or proceeding asserting a breach of fiduciary duty; (3) any action or proceeding asserting a claim against us under the Delaware General Corporation Law; (4) any action or proceeding regarding our amended and restated certificate of incorporation or our amended and restated bylaws; (5) any action or proceeding as to which the Delaware General Corporation Law confers jurisdiction to the Court of Chancery of the State of Delaware; or (6) any action or proceeding asserting a claim against us that is governed by the internal affairs doctrine.

This choice of forum provision would not apply to claims brought to enforce a duty or liability created by the Securities Act, the Exchange Act or any other claim for which the federal courts have exclusive jurisdiction. Our amended and restated certificate of incorporation to be effective immediately prior to the closing of this offering will further provide that, unless we consent in writing to the selection of an alternative forum, to the fullest extent permitted by law, the federal district courts of the United States of America will be the exclusive forum for resolving any complaint asserting a cause or causes of action arising under the Securities Act In addition, our amended and restated certificate of incorporation to be effective immediately prior to the closing of this offering will provide that any person or entity holding, owning or otherwise acquiring any interest in any of our securities shall be deemed to have notice of and consented to these provisions.

Amendment of Charter Provisions

The amendment of any of the above provisions, except for the provision making it possible for our board of directors to issue preferred stock, would require approval by holders of at least 66 2/3% of the total voting power of all of our outstanding voting stock.

175

The provisions of Delaware law, our amended and restated certificate of incorporation, and our amended and restated bylaws could have the effect of discouraging others from attempting hostile takeovers and, as a consequence, they may also inhibit temporary fluctuations in the market price of our Class A common stock that often result from actual or rumored hostile takeover attempts. These provisions may also have the effect of preventing changes in the composition of our board and management. It is possible that these provisions could make it more difficult to accomplish transactions that stockholders may otherwise deem to be in their best interests.

Transfer Agent and Registrar

The transfer agent and registrar for our Class A common stock and Class B common stock will be Equiniti Trust Company, LLC. The transfer agent and registrar’s address is 1110 Centre Pointe Curve, Suite 101, Mendota Heights, MN 55120.

Exchange Listing

Our common stock is currently not listed on any securities exchange. Our Class A common stock has been approved for listing on the NYSE under the symbol “RBRK.”

176

SHARES ELIGIBLE FOR FUTURE SALE

Prior to this offering, there has been no public market for our Class A common stock. Future sales of substantial amounts of Class A common stock in the public market, or the perception that such sales may occur, could adversely affect the market price of our Class A common stock. Although our Class A common stock on the NYSE has been approved for listing, we cannot assure you an active public market for our Class A common stock will develop.

Following the closing of this offering, based on the number of shares of our Class B common stock outstanding as of January 31, 2024 and assuming (i) the issuance of 23,500,000 shares of Class A common stock in this offering, (ii) the automatic conversion of 74,182,559 shares of our redeemable convertible preferred stock outstanding as of January 31, 2024 into an equal number of shares of Class B common stock immediately prior to the closing of this offering, (iii) the automatic conversion of 5,400,000 shares of our convertible founders stock outstanding as of January 31, 2024 into an equal number of shares of Class B common stock immediately prior to the closing of this offering, (iv) the net issuance of 16,986,924 shares of Class B common stock in connection with the RSU Net Settlement, after withholding 12,875,699 shares to satisfy estimated tax withholding and remittance obligations (based on the initial public offering price of $32.00 per share, and an assumed 44.5% tax withholding rate); and (v) no exercise of the underwriters’ option to purchase additional shares, we will have outstanding an aggregate of approximately 23,500,000 shares of Class A common stock and 152,432,212 shares of Class B common stock.

Of these shares, all shares of Class A common stock sold in this offering will be freely tradable without restriction or further registration under the Securities Act, except for any shares purchased by our “affiliates,” as that term is defined in Rule 144 under the Securities Act. Shares purchased by our affiliates would be subject to the Rule 144 resale restrictions described below, other than the holding period requirement.

The remaining outstanding shares of Class A common stock and Class B common stock will be, and shares underlying outstanding RSUs and shares subject to stock options and RSUs will be upon issuance, deemed “restricted securities” as defined in Rule 144 under the Securities Act. These restricted securities are eligible for public sale only if they are registered under the Securities Act or if they qualify for an exemption from registration under Rule 144 or Rule 701 under the Securities Act, each of which is summarized below. Substantially all of these shares will be subject to a lock-up period under the lock-up agreements and market stand-off agreements described below.

177

As a result of these agreements and the provisions of our IRA, described below, and subject to the provisions of Rule 144 and Rule 701 and our Insider Trading Policy, these restricted securities may be available for sale in the public market as follows:


Earliest Date Available for Sale in the Public Market		Number of Shares of Common Stock
The opening of trading on the first trading day after any 10-consecutive trading day period during which the closing price of our Class A common stock on NYSE has exceeded 130% of the initial public offering price per share set forth on the cover page of this prospectus for at least five (5) trading days (one of which must be a trading day occurring after the date of our public announcement of earnings for the fiscal quarter ending April 30, 2024, or the Initial Earnings Release) out of such 10-consecutive trading day period; provided that such applicable date occurs in a broadly applicable “open trading window” period.		Up to 5.8 million shares held by Employee Stockholders (as defined below).

The earlier of (i) the date on which an open trading window period commences following our release of earnings for the fiscal quarter ending July 31, 2024, or (ii) the date that is 180 days after the date of this prospectus.		All remaining shares held by our stockholders not previously eligible for sale, subject to applicable limitations under Rule 144, including for “affiliates” and compliance with other applicable law, as described below.

In addition, after this offering, up to 40,481,482 shares of Class B common stock may be issued upon exercise of outstanding stock options or vesting and settlement of outstanding RSUs as of the date of this prospectus, and 50,680,330 shares of Class A common stock are available for future issuance under our 2024 Plan and our 2024 ESPP.

Lock-Up Agreements

All of our directors, executive officers, and the holders of substantially all of our outstanding common stock and securities exercisable for or convertible into our Class B common stock, have entered into lock-up agreements with the underwriters and/or agreements with market stand-off provisions that restrict our and their ability to sell or transfer shares of our capital stock, and securities convertible into or exercisable or exchangeable for shares of our capital stock, during the period ending the earlier of (i) the date on which an open trading window period commences following our release of earnings for the quarter ending July 31, 2024, or (ii) the date that is 180 days after the date of this prospectus, which we refer to as the Lock-up Period. Subject to certain exceptions, we and they will not, and will not cause or direct any of our or their respective affiliates, and will not publicly disclose an intention to, without the prior written consent of Goldman Sachs & Co. LLC:

•

offer, sell, contract to sell, pledge, grant any option to purchase, lend, or otherwise transfer or dispose of any shares of our common stock, or any options or warrants to purchase any shares of our common stock, or any securities convertible into, exchangeable for, or that represent the right to receive, shares of our common stock, whether now owned or hereinafter acquired;

•

engage in any hedging or other transaction or arrangement that is designed to or that reasonably could be expected to lead to or result in a sale, loan, pledge, or other disposition, or transfer of any of the economic consequences of ownership, in whole or in part, directly or indirectly, of any shares of our common stock, or any securities convertible into, exchangeable for, or that represent the right to receive, shares of our common stock, whether any such transaction or arrangement (or instrument provided for thereunder) would be settled by delivery of common stock or other securities, in cash or otherwise; or

178

•

make any demand for or exercise any right with respect to the registration of any shares of our common stock, or any securities convertible into, exchangeable for, or that represent the right to receive, shares of our common stock.

Notwithstanding the foregoing, if (i) a holder is an employee and is not one of our directors or our executive officers as of the fifth calendar day prior to the date of the Initial Earnings Release, any such person, an Employee Stockholder, and (ii) the closing price of our Class A common stock on NYSE has exceeded 130% of the initial public offering price per share set forth on the cover page of this prospectus for at least five trading days (one of which must be a trading day occurring after the date of the Initial Earnings Release) out of any 10-consecutive trading day period, provided that such applicable date occurs in a broadly applicable “open trading window” period under our insider trading policy, such Employee Stockholder may sell in the public market, beginning at the opening of trading on the first trading day after the applicable 10-consecutive trading day period, up to 25% of the sum of (i) the outstanding shares of common stock that are held by such Employee Stockholder as of March 15, 2024, and (ii) the securities convertible into or exchangeable or exercisable for common stock that were held by such Employee Stockholder and fully vested as of March 15, 2024.

The number of shares that may be sold following the Initial Earnings Release prior to the Lock-up Period termination equals approximately 5.8 million shares, including approximately 4.8 million shares issuable upon exercise of vested options and settlement of RSUs.

In addition to the restrictions contained in the lock-up agreements described above, we have entered into agreements with all of our security holders that contain market stand-off provisions imposing restrictions on the ability of such security holders to offer, sell, or transfer our equity securities for a period of 180 days following the date of this prospectus.

Rule 144

Affiliate Resales of Restricted Securities

In general, once we have been subject to the public company reporting requirements of Section 13 or Section 15(d) of the Exchange Act for at least 90 days, a person who is an affiliate of ours, or who was an affiliate at any time during the 90 days before a sale, who has beneficially owned shares of our capital stock for at least six months, would be entitled to sell in “broker’s transactions” or certain “riskless principal transactions” or to market makers, a number of shares within any three-month period that does not exceed the greater of:

•

1% of the number of shares of Class A common stock then outstanding, which will equal approximately 230,000 shares immediately after this offering; or

•

the average weekly trading volume in Class A common stock on the NYSE during the four calendar weeks preceding the filing of a notice on Form 144 with respect to such sale.

Affiliate resales under Rule 144 are also subject to the availability of current public information about us. In addition, if the number of shares being sold under Rule 144 by an affiliate during any three-month period exceeds 5,000 shares or has an aggregate sale price in excess of $50,000, the seller must file a notice on Form 144 with the SEC concurrently with either the placing of a sale order with the broker or the execution of a sale directly with a market maker.

Non-Affiliate Resales of Restricted Securities

In general, once we have been subject to the public company reporting requirements of Section 13 or Section 15(d) of the Exchange Act for at least 90 days, a person who is not an affiliate of ours at the time of sale, and has not been an affiliate at any time during the three months preceding a

179

sale, and who has beneficially owned shares of our capital stock for at least six months but less than a year, is entitled to sell such shares subject only to the availability of current public information about us. If such person has held our shares for at least one year, such person can resell under Rule 144(b)(1) without regard to any Rule 144 restrictions, including the 90-day public company requirement and the current public information requirement.

Non-affiliate resales are not subject to the manner of sale, volume limitation, or notice filing provisions of Rule 144.

Rule 701

Rule 701 generally allows a stockholder who was issued shares under a written compensatory plan or contract and who is not deemed to have been an affiliate of our company during the immediately preceding 90 days, to sell these shares in reliance on Rule 144, but without being required to comply with the public information, holding period, volume limitation, or notice provisions of Rule 144. Rule 701 also permits affiliates of our company to sell their Rule 701 shares under Rule 144 without complying with the holding period requirements of Rule 144. All holders of Rule 701 shares, however, are required by that rule to wait until 90 days after the date of this prospectus before selling those shares under Rule 701, subject to the expiration of the lock-up agreements described above.

Form S-8 Registration Statement

We intend to file one or more registration statements on Form S-8 under the Securities Act to register all shares of Class A common stock and Class B common stock subject to outstanding stock options and RSUs and common stock issued or issuable under our 2024 Plan, 2024 ESPP, and our 2014 Plan, as applicable. We expect to file the registration statement covering shares offered pursuant to these stock plans shortly after the date of this prospectus, permitting the resale of such shares by non-affiliates in the public market without restriction under the Securities Act and the sale by affiliates in the public market subject to compliance with the resale provisions of Rule 144.

Registration Rights

As of January 31, 2024, holders of up to 79,582,559 shares of our Class B common stock, which includes all of the shares of Class B common stock issuable upon the automatic conversion of our redeemable convertible preferred stock and convertible founders stock immediately prior to the closing of this offering, or their transferees, will be entitled to various rights with respect to the registration of these shares under the Securities Act upon the closing of this offering and the expiration of lock-up agreements. Registration of these shares under the Securities Act would result in these shares becoming fully tradable without restriction under the Securities Act immediately upon the effectiveness of the registration, except for shares purchased by affiliates. See the section titled “Description of Capital Stock—Registration Rights” for additional information. Shares covered by a registration statement will be eligible for sale in the public market upon the expiration or release from the terms of the lock-up agreement.

180

MATERIAL U.S. FEDERAL INCOME TAX CONSEQUENCES

TO NON-U.S. HOLDERS OF OUR CLASS A COMMON STOCK

The following summary describes the material U.S. federal income tax consequences of the ownership and disposition of our Class A common stock acquired in this offering by Non-U.S. Holders (as defined below). This discussion is not a complete analysis of all potential U.S. federal income tax consequences relating thereto, does not deal with non-U.S., state, and local tax consequences that may be relevant to Non-U.S. Holders in light of their particular circumstances, and does not address U.S. federal tax consequences other than income tax consequences. For example, it does not address estate and gift taxes, the alternative minimum tax, the Medicare contribution tax on net investment income, or the application of special tax accounting rules under Section 451(b) of the Internal Revenue Code of 1986, as amended, or the Code. Special rules different from those described below may apply to certain Non-U.S. Holders that are subject to special treatment under the Code, such as banks, financial institutions, investment funds, insurance companies, tax-exempt organizations, tax-qualified retirement plans, governmental organizations, broker-dealers and traders in securities, U.S. expatriates, “controlled foreign corporations,” “passive foreign investment companies,” corporations that accumulate earnings to avoid U.S. federal income tax, corporations organized outside of the United States, any state thereof, or the District of Columbia that are nonetheless treated as U.S. taxpayers for U.S. federal income tax purposes, persons that hold our Class A common stock as part of a “straddle,” “hedge,” “conversion transaction,” “synthetic security,” or integrated investment or other risk reduction strategy, persons who acquire our Class A common stock through the exercise of an option or otherwise as compensation, “qualified foreign pension funds” as defined in Section 897(l)(2) of the Code and entities all of the interests of which are held by qualified foreign pension funds, partnerships and other pass-through entities or arrangements and investors in such pass-through entities or arrangements, persons that own, or have owned, actually or constructively, more than 5% of our common stock at any time; persons deemed to sell our Class A common stock under the constructive sale provisions of the Code, and persons that own, or are deemed to own, our Class B common stock. Such Non-U.S. Holders are urged to consult their own tax advisors to determine the U.S. federal, state, local, and other tax consequences that may be relevant to them. Furthermore, the discussion below is based upon the provisions of the Code and Treasury Regulations promulgated thereunder, published rulings and administrative pronouncements or the Internal Revenue Service, or IRS, and judicial decisions, each as of the date hereof, and such authorities may be repealed, revoked, or modified, perhaps retroactively, so as to result in U.S. federal income tax consequences different from those discussed below. We have not requested a ruling from the IRS with respect to the statements made and the conclusions reached in the following summary, and there can be no assurance that the IRS will agree with such statements and conclusions. This discussion assumes that the Non-U.S. Holder holds our Class A common stock as a “capital asset” within the meaning of Section 1221 of the Code (generally, property held for investment).

THIS DISCUSSION IS FOR INFORMATIONAL PURPOSES ONLY AND IS NOT TAX ADVICE. PERSONS CONSIDERING THE PURCHASE OF OUR CLASS A COMMON STOCK PURSUANT TO THIS OFFERING SHOULD CONSULT THEIR OWN TAX ADVISORS CONCERNING THE U.S. FEDERAL INCOME, GIFT, ESTATE, AND OTHER TAX CONSEQUENCES OF ACQUIRING, OWNING, AND DISPOSING OF OUR CLASS A COMMON STOCK IN LIGHT OF THEIR PARTICULAR CIRCUMSTANCES AS WELL AS ANY CONSEQUENCES ARISING UNDER THE LAWS OF ANY OTHER TAXING JURISDICTION, INCLUDING ANY STATE, LOCAL, OR NON-U.S. TAX CONSEQUENCES, OR UNDER ANY APPLICABLE INCOME TAX TREATY.

For the purposes of this discussion, a “Non-U.S. Holder” is a beneficial owner of our Class A common stock that is neither a U.S. Holder (as defined below) nor a partnership (or other entity treated as a partnership for U.S. federal income tax purposes regardless of its place of organization or

181

formation). A “U.S. Holder” means a beneficial owner of our Class A common stock that is for U.S. federal income tax purposes any of the following:

•

an individual who is a citizen or resident of the United States;

•

a corporation (or other entity treated as a corporation for U.S. federal income tax purposes) created or organized in or under the laws of the United States, any state thereof, or the District of Columbia;

•

an estate, the income of which is subject to U.S. federal income taxation regardless of its source; or

•

a trust if it (1) is subject to the primary supervision of a court within the United States and one or more United States persons (within the meaning of Section 7701(a)(30) of the Code) have the authority to control all substantial decisions of the trust or (2) has a valid election in effect under applicable U.S. Treasury Regulations to be treated as a United States person.

Distributions

As described in the section titled “Dividend Policy,” we do not anticipate paying any cash dividends in the foreseeable future. However, if we do make distributions of cash or property on our Class A common stock to a Non-U.S. Holder, such distributions, to the extent made out of our current or accumulated earnings and profits (as determined under U.S. federal income tax principles), generally will constitute dividends for U.S. tax purposes and will be subject to withholding tax at a 30% rate or such lower rate as may be specified by an applicable income tax treaty, subject to the discussions below regarding effectively connected income, backup withholding, and foreign accounts. To obtain a reduced rate of withholding under a treaty, a Non-U.S. Holder generally will be required to provide us with a properly executed IRS Form W-8BEN (in the case of individuals) or IRS Form W-8BEN-E (in the case of entities), or other appropriate form, certifying the Non-U.S. Holder’s entitlement to benefits under that treaty. We do not intend to adjust our withholding unless such certificates are provided to us or our paying agent before the payment of dividends and are updated as may be required by the IRS. In the case of a Non-U.S. Holder that is an entity, Treasury Regulations and the relevant tax treaty provide rules to determine whether, for purposes of determining the applicability of a tax treaty, dividends will be treated as paid to the entity or to those holding an interest in that entity. If a Non-U.S. Holder holds our Class A common stock through a financial institution or other agent acting on the holder’s behalf, the holder will be required to provide appropriate documentation to such agent. The holder’s agent will then be required to provide certification to us or our paying agent, either directly or through other intermediaries. If you are eligible for a reduced rate of U.S. federal withholding tax under an income tax treaty and you do not timely file the required certification, you may be able to obtain a refund or credit of any excess amounts withheld by timely filing an appropriate claim for a refund with the IRS.

We generally are not required to withhold tax on dividends paid to a Non-U.S. Holder that are effectively connected with the Non-U.S. Holder’s conduct of a trade or business within the United States (and, if required by an applicable income tax treaty, are attributable to a permanent establishment or fixed base that such holder maintains in the United States) if a properly executed IRS Form W-8ECI, stating that the dividends are so connected, is furnished to us (or, if our Class A common stock is held through a financial institution or other agent, to such agent). In general, such effectively connected dividends will be subject to U.S. federal income tax on a net income basis at the regular rates applicable to U.S. persons. A corporate Non-U.S. Holder receiving effectively connected dividends may also be subject to an additional “branch profits tax,” which is imposed, under certain circumstances, at a rate of 30% (or such lower rate as may be specified by an applicable treaty) on the

182

corporate Non-U.S. Holder’s effectively connected earnings and profits, subject to certain adjustments. Non-U.S. Holders should consult their tax advisors regarding any applicable income tax treaties that may provide for different rules.

To the extent distributions on our Class A common stock, if any, exceed our current and accumulated earnings and profits, they will first reduce the Non-U.S. Holder’s adjusted basis in our Class A common stock, but not below zero, and then will be treated as gain to the extent of any excess amount distributed, and taxed in the same manner as gain realized from a sale or other disposition of our Class A common stock as described in the next section.

Gain on Disposition of Our Class A Common Stock

Subject to the discussions below regarding backup withholding and foreign accounts, a Non-U.S. Holder generally will not be subject to U.S. federal income tax with respect to gain realized on a sale or other disposition of our Class A common stock unless (a) the gain is effectively connected with a trade or business of such holder in the United States (and, if required by an applicable income tax treaty, is attributable to a permanent establishment or fixed base that such holder maintains in the United States), (b) the Non-U.S. Holder is a nonresident alien individual and is present in the United States for 183 or more days in the taxable year of the disposition and certain other conditions are met, or (c) we are or become a “United States real property holding corporation” within the meaning of Section 897(c)(2) of the Code at any time within the shorter of the five-year period preceding such disposition or such holder’s holding period in our Class A common stock. In general, we would be a United States real property holding corporation if the fair market value of our U.S. real property interests equals or exceeds 50% of the sum of the fair market value of our worldwide real property interests plus our other assets used or held for use in a trade or business. We believe that we are not currently, and do not anticipate becoming, a United States real property holding corporation. Even if we are treated as a United States real property holding corporation, gain realized by a Non-U.S. Holder on a disposition of our Class A common stock will not be subject to U.S. federal income tax so long as (1) the Non-U.S. Holder owned, directly, indirectly, and constructively, no more than 5% of our Class A common stock at all times within the shorter of (i) the five-year period preceding the disposition or (ii) the holder’s holding period in our Class A common stock and (2) our Class A common stock is “regularly traded,” as defined by applicable Treasury Regulations, on an established securities market. There can be no assurance that our Class A common stock will qualify as regularly traded on an established securities market for purposes of these rules. If any gain on your disposition is taxable because we are a United States real property holding corporation and your ownership of our Class A common stock exceeds 5%, you will be taxed on such disposition generally in the manner as gain that is effectively connected with the conduct of a U.S. trade or business (subject to the provisions under an applicable income tax treaty), except that the branch profits tax generally will not apply.

If you are a Non-U.S. Holder described in (a) above, you will be required to pay tax on a net income basis at the U.S. federal income tax rates applicable to U.S. Holders, and corporate Non-U.S. Holders described in (a) above may be subject to the additional branch profits tax at a 30% rate or such lower rate as may be specified by an applicable income tax treaty. If you are a Non-U.S. Holder described in (b) above, you will be subject to U.S. federal income tax at a flat 30% rate (or such lower rate as may be specified by an applicable income tax treaty) on the net gain derived from the disposition, which gain may be offset by certain U.S.-source capital losses (even though you are not considered a resident of the United States), provided that the Non-U.S. Holder has timely filed U.S. federal income tax returns with respect to such losses. Non-U.S. Holders should consult their tax advisors regarding any applicable income tax treaties that may provide for different rules.

183

Information Reporting Requirements and Backup Withholding

Information returns are required to be filed with the IRS and provided to Non-U.S. Holders in connection with payments of distributions on our Class A common stock. This information also may be made available under an applicable treaty or agreement with the tax authorities in the country in which the non-U.S. holder resides or is established. You may be subject to backup withholding on payments on our Class A common stock or on the proceeds from a sale or other disposition of our Class A common stock unless you comply with certification procedures to establish that you are not a U.S. person or otherwise establish an exemption. Your provision of a properly executed applicable IRS Form W-8 certifying your non-U.S. status will permit you to avoid backup withholding. Amounts withheld under the backup withholding rules are not additional taxes and may be refunded or credited against your U.S. federal income tax liability, provided the required information is timely furnished to the IRS.

Foreign Accounts

Sections 1471 through 1474 of the Code (commonly referred to as FATCA) impose a U.S. federal withholding tax of 30% on certain payments paid to a foreign financial institution (as specifically defined by applicable rules) unless such institution enters into an agreement with the U.S. government to withhold on certain payments and to collect and provide to the U.S. tax authorities substantial information regarding U.S. account holders of such institution (which includes certain equity holders of such institution, as well as certain account holders that are foreign entities with U.S. owners). FATCA also generally imposes a federal withholding tax of 30% on certain payments to a non-financial foreign entity unless such entity provides the withholding agent with either a certification that it does not have any substantial direct or indirect U.S. owners or provides information regarding substantial direct and indirect U.S. owners of the entity. An intergovernmental agreement between the United States and an applicable foreign country may modify these requirements. The withholding tax described above will not apply if the foreign financial institution or non-financial foreign entity otherwise qualifies for an exemption from the rules. Under certain circumstances, a non-U.S. holder might be eligible for refunds or credits of such taxes.

FATCA withholding currently applies to payments of dividends. The U.S. Treasury Department has released proposed regulations which, if finalized in their present form, would eliminate the federal withholding tax of 30% that would be applicable to the gross proceeds of a disposition of our Class A common stock. In its preamble to such proposed regulations, the U.S. Treasury Department stated that taxpayers may generally rely on the proposed regulations until final regulations are issued. Non-U.S. Holders are encouraged to consult with their own tax advisors regarding the possible implications of FATCA on their investment in our Class A common stock.

EACH PROSPECTIVE INVESTOR SHOULD CONSULT ITS OWN TAX ADVISOR REGARDING THE TAX CONSEQUENCES OF PURCHASING, HOLDING, AND DISPOSING OF OUR CLASS A COMMON STOCK, INCLUDING THE CONSEQUENCES OF ANY RECENT OR PROPOSED CHANGE IN APPLICABLE LAW.

184

UNDERWRITING (CONFLICTS OF INTEREST)

We and the underwriters named below have entered into an underwriting agreement with respect to the shares of Class A common stock being offered. Subject to certain conditions, each underwriter has severally agreed to purchase the number of shares indicated in the following table. Goldman Sachs & Co. LLC is the representative of the underwriters.


Underwriters	Number of Shares
Goldman Sachs & Co. LLC		7,941,307
Barclays Capital Inc.		3,850,331
Citigroup Global Markets Inc.		3,850,331
Wells Fargo Securities, LLC		2,406,456
Guggenheim Securities, LLC		1,035,800
Mizuho Securities USA LLC		817,736
Truist Securities, Inc.		817,736
BMO Capital Markets Corp.		675,995
Deutsche Bank Securities Inc.		490,642
KeyBanc Capital Markets Inc.		436,126
Cantor Fitzgerald & Co.		381,610
CIBC World Markets Corp.		327,095
Capital One Securities, Inc.		218,063
Wedbush Securities Inc.		163,547
SMBC Nikko Securities America, Inc.		87,225

Total		23,500,000

The underwriters are committed to take and pay for all of the shares being offered, if any are taken, other than the shares covered by the option described below unless and until this option is exercised.

The underwriters have an option to buy up to an additional 3,525,000 shares of Class A common stock from us to cover sales by the underwriters of a greater number of shares than the total number set forth in the table above. They may exercise that option for 30 days. If any shares are purchased pursuant to this option, the underwriters will severally purchase shares in approximately the same proportion as set forth in the table above.

The following table shows the per share and total underwriting discounts and commissions to be paid to the underwriters by us. Such amounts are shown assuming both no exercise and full exercise of the underwriters’ option to purchase up to 3,525,000 additional shares of our Class A common stock.


	No Exercise		Full Exercise
Per Share	$	1.776	$	1.776
Total	$	41,736,000	$	47,996,400

Shares sold by the underwriters to the public will initially be offered at the initial public offering price set forth on the cover of this prospectus. Any shares sold by the underwriters to securities dealers may be sold at a discount of up to $1.0656 per share from the initial public offering price. After the initial offering of the shares, the representative may change the offering price and the other selling terms. The offering of the shares by the underwriters is subject to receipt and acceptance and subject to the underwriters’ right to reject any order in whole or in part.

185

We have agreed to reimburse the underwriters for certain of their expenses in an amount up to $75,000. The underwriters have agreed to reimburse us for certain expenses incurred by us in connection with this offering upon closing of this offering. Goldman Sachs & Co. LLC and Barclays Capital Inc. are the purchasers of the Bridge Notes. The Bridge Notes are non-convertible debt securities that are entered into at a fair price in compliance with the requirements under FINRA Rule 5110(a)(4)(B)(iv)(a) and, therefore, have no compensation value.

All of our directors, executive officers, and the holders of substantially all of our outstanding common stock and securities exercisable for or convertible into our common stock have agreed with the underwriters, subject to certain exceptions, not to dispose of or hedge any shares of our common stock or securities convertible into or exchangeable for shares of our common stock, without the prior written consent of Goldman Sachs & Co. LLC, during the period ending the earlier of (i) the date on which an open trading window period commences following our release of earnings for the quarter ending July 31, 2024, or (ii) the date that is 180 days after the date of this prospectus, which we refer to as the Lock-up Period.

Notwithstanding the foregoing, if (i) a holder is an Employee Stockholder, and (ii) the closing price of our Class A common stock on NYSE has exceeded 130% of the initial public offering price per share set forth on the cover page of this prospectus for at least five trading days (one of which must be a trading day occurring after the date of the Initial Earnings Release) out of any 10-consecutive trading day period, provided that such applicable date occurs in a broadly applicable “open trading window” period under our insider trading policy, such Employee Stockholder may sell in the public market, beginning at the opening of trading on the first trading day after the applicable 10-consecutive trading day period up to 25% of the sum of (i) the outstanding shares of common stock that are held by such Employee Stockholder as of March 15, 2024, and (ii) the securities convertible into or exchangeable or exercisable for common stock that were held by such Employee Stockholder and fully vested as of March 15, 2024. The number of shares that may be sold following the Initial Earnings Release prior to the Lock-up Period termination equals approximately 5.8 million shares, including approximately 4.8 million shares issuable upon exercise of vested options and settlement of RSUs. For these purposes, (i) an Employee Stockholder means someone who is our employee and is not one of our directors or a member of our executive leadership team (which includes our executive officers) as of the fifth calendar day prior to the date of the Initial Earnings Release, and (ii) the Initial Earnings Release means our public announcement of earnings for the fiscal quarter ending April 30, 2024.

Furthermore, (i) an additional approximately 71.7% of our outstanding Class B common stock and securities directly or indirectly convertible into or exchangeable or exercisable for our Class B common stock are subject to the market stand-off provisions in IRA, in which such holders agreed to not lend, offer, pledge, sell, contract to sell, sell any option or contract to purchase, purchase any option or contract to sell, grant any option, right or warrant to purchase, or otherwise transfer or dispose of, directly or indirectly, any shares of common stock or any securities convertible into or exercisable or exchangeable for common stock held immediately prior to the effectiveness to the effectiveness of this registration statement, or enter into any swap or other arrangement that transfers to another, in whole or in part, any of the economic consequences of ownership of such common stock and (ii) an additional approximately 28.0% of our outstanding Class B common stock and securities directly or indirectly convertible into or exchangeable or exercisable for our Class A common stock are subject to restrictions contained in market stand-off agreements with us which include restrictions on the sale, transfer, or other disposition of shares. The forms and specific restrictive provisions within these market stand-off provisions vary between security holders. For example, although some of these market stand-off agreements do not specifically restrict hedging transactions and others may be subject to different interpretations between us and security holders as to whether they restrict hedging, our Insider Trading Policy prohibits hedging by all of our current directors, officers, employees, contractors, and consultants. Sales, short sales, or hedging transactions involving our equity securities, whether before or after this offering and whether or not we believe them to be prohibited, could adversely affect the price of our Class A common stock.

186

As a result of the foregoing, substantially all of our outstanding Class B common stock and securities directly or indirectly convertible into or exchangeable or exercisable for our Class A common stock are subject to a lock-up agreement or market stand-off provisions during the lock-up period. We have agreed to enforce all such market stand-off restrictions on behalf of the underwriters and not to amend or waive any such market stand-off provisions during the lock-up period without the prior consent of Goldman Sachs & Co. LLC, on behalf of the underwriters, provided that we may release shares from such restrictions to the extent such shares would be entitled to release under the form of lock-up agreement with the underwriters signed by our officers, directors, and certain holders of our securities as described herein.

The restrictions imposed by the lock-up agreements and market stand-off provisions are subject to certain exceptions, including with respect to:

(i)

transfers as bona fide gifts, charitable contributions, or for bona fide estate planning purposes;

(ii)

transfers upon death by will, testamentary document, or the laws of intestate succession;

(iii)

transfers to immediate family members or to any trust for the direct or indirect benefit of the holder or the immediate family of the holder or, if the holder is a trust, to a trustor or beneficiary of the trust or the estate of a beneficiary of such trust;

(iv)

transfers to a partnership, limited liability company, or other entity of which the holder and the immediate family of the holder are the legal and beneficial owner of all of the outstanding equity securities or similar interests;

(v)

transfers to a nominee or custodian of a person or entity to whom a disposition or transfer would be permissible under clauses (i) through (iv) above;

(vi)

transfers by a business entity (A) to an affiliated or controlled entity or (B) as part of a distribution to the holder’s stockholders, partners, members, or other equityholders or to the estate of any such stockholders, partners, members, or other equityholders;

(vii)

transfers by operation of law, such as pursuant to a qualified domestic order, divorce settlement, divorce decree, or separation agreement;

(viii)

transfers to us from one of our employees upon their death, disability, or termination of employment;

(ix)

if the holder is not an executive officer or director, transfers of shares acquired (A) from the underwriters in this offering or (B) in open market transactions after the closing of this offering;

(x)

transfers to us in connection with the vesting, settlement, or exercise of RSUs, options, warrants, or other rights to purchase shares of our common stock (including, in each case, by way of “net” or “cashless” exercise), including transfers to us for the payment of taxes, including estimated taxes, due as a result of the vesting, settlement, or exercise of options, RSUs, restricted stock, options, warrants, or other rights to purchase shares of our common stock, in each case granted under a stock incentive plan or other equity award plan or arrangement described in this prospectus;

(xi)

sales or other transfers to satisfy tax obligations or payments due as a result of (A) the exercise of stock options, if such options expire or the post-termination exercise period applicable to such options expire during the lock-up period, or (B) the settlement of RSUs pursuant to awards granted under a stock incentive plan or other equity award plan or arrangement described in this prospectus;

187

(xii)

transfers to us in connection with the conversion, exchange, or reclassification of our outstanding equity securities into shares of our common stock, or any reclassification, exchange, or conversion of our common stock, in each case as described in this prospectus;

(xiii)

transfers to the underwriters pursuant to the underwriting agreement;

(xiv)

transfers in connection with the termination of employment of an employee, including following voluntary resignation of such employee, if such transfers or dispositions are determined by us to be required under applicable law;

(xv)

entry into a written plan meeting the requirements of Rule 10b5-1 under the Exchange Act relating to the transfer of shares of common stock, provided that shares of common stock subject to such plan may not be sold during the lock-up period; and

(xvi)

transfers pursuant to a bona fide third-party tender offer, merger, consolidation, or other similar transaction that is approved by our board of directors and made to all holders of our common stock, and which involves a change in control;

provided, in the case of any transfer, disposition, or distribution pursuant to clauses (i) through (vii), that each transferee, donee, or distributee shall sign and deliver a lock-up agreement.

Prior to the offering, there has been no public market for the shares of our Class A common stock. The initial public offering price was negotiated between us and the representative. Among the factors considered in determining the initial public offering price of the shares, in addition to prevailing market conditions, were our historical performance, estimates of our business potential and earnings prospects, an assessment of our management, and the consideration of the above factors in relation to market valuation of companies in related businesses.

Our Class A common stock has been approved for listing on the NYSE under the symbol “RBRK.”

In connection with the offering, the underwriters may purchase and sell shares of our Class A common stock in the open market. These transactions may include short sales, stabilizing transactions, and purchases to cover positions created by short sales. Short sales involve the sale by the underwriters of a greater number of shares than they are required to purchase in the offering, and a short position represents the amount of such sales that have not been covered by subsequent purchases. A “covered short position” is a short position that is not greater than the amount of additional shares for which the underwriters’ option described above may be exercised. The underwriters may cover any covered short position by either exercising their option to purchase additional shares or purchasing shares in the open market. In determining the source of shares to cover the covered short position, the underwriters will consider, among other things, the price of shares available for purchase in the open market as compared to the price at which they may purchase additional shares pursuant to the option described above. “Naked” short sales are any short sales that create a short position greater than the amount of additional shares for which the option described above may be exercised. The underwriters must cover any such naked short position by purchasing shares in the open market. A naked short position is more likely to be created if the underwriters are concerned that there may be downward pressure on the price of the Class A common stock in the open market after pricing that could adversely affect investors who purchase in the offering. Stabilizing transactions consist of various bids for or purchases of Class A common stock made by the underwriters in the open market prior to the completion of the offering.

The underwriters may also impose a penalty bid. This occurs when a particular underwriter repays to the underwriters a portion of the underwriting discount received by it because the representative has repurchased shares sold by or for the account of such underwriter in stabilizing or short covering transactions.

188

Purchases to cover a short position and stabilizing transactions, as well as other purchases by the underwriters for their own accounts, may have the effect of preventing or retarding a decline in the market price of our Class A common stock, and together with the imposition of the penalty bid, may stabilize, maintain or otherwise affect the market price of Class A common stock. As a result, the price of Class A common stock may be higher than the price that otherwise might exist in the open market. The underwriters are not required to engage in these activities and may end any of these activities at any time. These transactions may be effected on the NYSE, in the over-the-counter market, or otherwise.

We have agreed to indemnify the several underwriters against certain liabilities, including liabilities under the Securities Act.

Conflicts of Interest

Goldman Sachs & Co. LLC and Barclays Capital Inc. are the purchasers of the Bridge Notes. As described in the section titled “Use of Proceeds,” net proceeds from this offering will be used to repay in full the Bridge Notes and, as such, Goldman Sachs & Co. LLC and Barclays Capital Inc. will receive 5% or more of the net proceeds of this offering due to repayment of the Bridge Notes. Therefore, such underwriters are deemed to have conflicts of interest within the meaning of FINRA Rule 5121. Accordingly, this offering is being conducted in accordance with Rule 5121, which requires, among other things, that a “qualified independent underwriter” participate in the preparation of, and exercise the usual standards of “due diligence” with respect to, the registration statement and this prospectus. Citigroup Global Markets Inc. has agreed to act as a qualified independent underwriter for this offering and to undertake the legal responsibilities and liabilities of an underwriter under the Securities Act, specifically including those inherent in Section 11 thereof.

Citigroup Global Markets Inc. will not receive any additional fees for serving as a qualified independent underwriter in connection with this offering. We have agreed to indemnify Citigroup Global Markets Inc. against liabilities incurred in connection with acting as a qualified independent underwriter, including liabilities under the Securities Act.

Pursuant to Rule 5121, Goldman Sachs & Co. LLC and Barclays Capital Inc. will not confirm any sales to any account over which it exercises discretionary authority without the specific written approval of the account holder. See the section titled “Use of Proceeds” for additional information.

Other Relationships

The underwriters and their respective affiliates are full service financial institutions engaged in various activities, which may include sales and trading, commercial and investment banking, advisory, investment management, investment research, principal investment, hedging, market making, brokerage, and other financial and non-financial activities and services. Certain of the underwriters and their respective affiliates have provided, and may in the future provide, a variety of these services to the issuer and to persons and entities with relationships with the issuer, for which they received or will receive customary fees and expenses. In addition, affiliates of Goldman Sachs & Co. LLC, an underwriter in this offering, are lenders under the Amended Credit Facility. Furthermore, Bipul Sinha, our Chief Executive Officer and Chairman of our board of directors, through an affiliated trust, has entered into a loan and security agreement dated January 20, 2021, or the loan agreement, with Goldman Sachs Bank, an affiliate of one of the underwriters of this offering. The loan agreement provides for a $10,000,000 credit facility. We are not a party to the loan agreement.

In the ordinary course of their various business activities, the underwriters and their respective affiliates, officers, directors, and employees may purchase, sell, or hold a broad array of investments and

189

actively trade securities, derivatives, loans, commodities, currencies, credit default swaps, and other financial instruments for their own account and for the accounts of their customers, and such investment and trading activities may involve or relate to our assets, securities, and/or instruments (directly, as collateral securing other obligations or otherwise) and/or persons and entities with relationships with us. The underwriters and their respective affiliates may also communicate independent investment recommendations, market color, or trading ideas and/or publish or express independent research views in respect of such assets, securities, or instruments and may at any time hold, or recommend to clients that they should acquire, long and/or short positions in such assets, securities, and instruments.

Directed Share Program

At our request, the underwriters have reserved up to 5% of the shares of Class A common stock offered by this prospectus for sale at the initial public offering price through a directed share program to certain persons identified by our management, which may include certain parties we have a business relationship with and friends and family of management. If purchased by these persons, these shares will not be subject to a lock-up restriction, except to the extent that the purchasers of such shares are otherwise subject to lock-up or market stand-off agreements as a result of their relationships with us. The number of shares of Class A common stock available for sale to the general public will be reduced by the number of reserved shares sold to these persons. Any reserved shares not purchased by these persons will be offered by the underwriters to the general public on the same basis as the other shares of Class A common stock offered by this prospectus. Other than the underwriting discount described on the front cover of this prospectus, the underwriters will not be entitled to any commission with respect to shares of Class A common stock sold pursuant to the directed share program. We have agreed to indemnify the underwriters against certain liabilities and expenses, including liabilities under the Securities Act, in connection with sales of the shares reserved for the directed share program. Goldman Sachs & Co. LLC will administer our directed share program.

Selling Restrictions

European Economic Area

In relation to each EEA Member State, each a “Relevant Member State,” no shares have been offered or will be offered pursuant to the offering to the public in that Relevant Member State prior to the publication of a prospectus in relation to the shares which has been approved by the competent authority in that Relevant Member State or, where appropriate, approved in another Relevant Member State and notified to the competent authority in that Relevant Member State, all in accordance with the Prospectus Regulation, except that the shares may be offered to the public in that Relevant Member State at any time:

•

to any legal entity which is a qualified investor as defined under Article 2 of the Prospectus Regulation;

•

to fewer than 150 natural or legal persons (other than qualified investors as defined under Article 2 of the Prospectus Regulation), subject to obtaining the prior consent of the representative for any such offer; or

•

in any other circumstances falling within Article 1(4) of the Prospectus Regulation,

provided that no such offer of the shares shall require us and/or any underwriter to publish a prospectus pursuant to Article 3 of the Prospectus Regulation or supplement a prospectus pursuant to Article 23 of the Prospectus Regulation.

190

For the purposes of this provision, the expression an “offer to the public” in relation to the shares in any Relevant Member State means the communication in any form and by any means of sufficient information on the terms of the offer and any shares to be offered so as to enable an investor to decide to purchase or subscribe for any shares, and the expression “Prospectus Regulation” means Regulation (EU) 2017/1129.

Each person in a Relevant Member State who receives any communication in respect of, or who acquires any shares under, the offering contemplated hereby will be deemed to have represented, warranted and agreed to and with each of the underwriters and their affiliates and us that:

it is a qualified investor within the meaning of the Prospectus Regulation; and

in the case of any shares acquired by it as a financial intermediary, as that term is used in Article 5 of the Prospectus Regulation, (i) the shares acquired by it in this offering have not been acquired on a non-discretionary basis on behalf of, nor have they been acquired with a view to their offer or resale to, persons in any Relevant Member State other than qualified investors, as that term is defined in the Prospectus Regulation, or have been acquired in other circumstances falling within the points (a) to (d) of Article 1(4) of the Prospectus Regulation and the prior consent of the representative has been given to the offer or resale; or (ii) where the shares have been acquired by it on behalf of persons in any Relevant Member State other than qualified investors, the offer of those shares to it is not treated under the Prospectus Regulation as having been made to such persons.

We, the underwriters and their affiliates, and others will rely upon the truth and accuracy of the foregoing representation, acknowledgement and agreement. Notwithstanding the above, a person who is not a qualified investor and who has notified the representative of such fact in writing may, with the prior consent of the representative, be permitted to acquire shares in this offering.

United Kingdom

This prospectus and any other material in relation to the shares described herein is only being distributed to, and is only directed at, and any investment or investment activity to which this prospectus relates is available only to, and will be engaged in only with persons who are (i) persons having professional experience in matters relating to investments who fall within the definition of investment professionals in Article 19(5) of the Financial Services and Markets Act 2000 (Financial Promotion) Order 2005, or the FPO; or (ii) high net worth entities falling within Article 49(2)(a) to (d) of the FPO; (iii) outside the United Kingdom, or the UK; or (iv) persons to whom an invitation or inducement to engage in investment activity (within the meaning of Section 21 of the Financial Services and Markets Act 2000, or the FSMA) in connection with the issue or sale of any shares may otherwise lawfully be communicated or caused to be communicated, (all such persons together being referred to as “Relevant Persons”). The shares are only available in the UK to, and any invitation, offer or agreement to purchase or otherwise acquire the shares will be engaged in only with the Relevant Persons. This prospectus and its contents are confidential and should not be distributed, published or reproduced (in whole or in part) or disclosed by recipients to any other person in the UK. Any person in the UK that is not a Relevant Person should not act or rely on this Prospectus or any of its contents.

No shares have been offered or will be offered pursuant to the offering to the public in the UK prior to the publication of a prospectus in relation to the shares which has been approved by the Financial Conduct Authority, except that the shares may be offered to the public in the UK at any time:

to any legal entity which is a qualified investor as defined under Article 2 of the UK Prospectus Regulation;

191

to fewer than 150 natural or legal persons (other than qualified investors as defined under Article 2 of the UK Prospectus Regulation), subject to obtaining the prior consent of the representative for any such offer; or

in any other circumstances falling within Section 86 of the FSMA,

provided that no such offer of the shares shall require us and/or any underwriter or any of their affiliates to publish a prospectus pursuant to Section 85 of the FSMA or supplement a prospectus pursuant to Article 23 of the UK Prospectus Regulation. For the purposes of this provision, the expression an “offer to the public” in relation to the shares in the UK means the communication in any form and by any means of sufficient information on the terms of the offer and any shares to be offered so as to enable an investor to decide to purchase any shares, and the expression “UK Prospectus Regulation” means Regulation (EU) 2017/1129 as it forms part of domestic law by virtue of the European Union (Withdrawal) Act 2018.

Each person in the UK who acquires any shares in the offering or to whom any offer is made will be deemed to have represented, acknowledged and agreed to and with us, the underwriters, and their affiliates that it meets the criteria outlined in this section.

Canada

The shares may be sold in Canada only to purchasers purchasing, or deemed to be purchasing, as principal that are accredited investors, as defined in National Instrument 45-106 Prospectus Exemptions or subsection 73.3(1) of the Securities Act (Ontario), and are permitted clients, as defined in National Instrument 31-103 Registration Requirements, Exemptions, and Ongoing Registrant Obligations. Any resale of the shares must be made in accordance with an exemption from, or in a transaction not subject to, the prospectus requirements of applicable securities laws.

Securities legislation in certain provinces or territories of Canada may provide a purchaser with remedies for rescission or damages if this prospectus (including any amendment thereto) contains a misrepresentation, provided that the remedies for rescission or damages are exercised by the purchaser within the time limit prescribed by the securities legislation of the purchaser’s province or territory. The purchaser should refer to any applicable provisions of the securities legislation of the purchaser’s province or territory of these rights or consult with a legal advisor.

Pursuant to section 3A.3 of National Instrument 33-105 Underwriting Conflicts, or NI 33-105, the underwriters are not required to comply with the disclosure requirements of NI 33-105 regarding underwriter conflicts of interest in connection with this offering.

Hong Kong

The shares may not be offered or sold in Hong Kong by means of any document other than (i) in circumstances which do not constitute an offer to the public within the meaning of the Companies (Winding Up and Miscellaneous Provisions) Ordinance (Cap. 32 of the Laws of Hong Kong), or Companies (Winding Up and Miscellaneous Provisions) Ordinance, or which do not constitute an invitation to the public within the meaning of the Securities and Futures Ordinance (Cap. 571 of the Laws of Hong Kong), or Securities and Futures Ordinance, or (ii) to “professional investors” as defined in the Securities and Futures Ordinance and any rules made thereunder, or (iii) in other circumstances which do not result in the document being a “prospectus” as defined in the Companies (Winding Up and Miscellaneous Provisions) Ordinance, and no advertisement, invitation or document relating to the shares may be issued or may be in the possession of any person for the purpose of issue (in each case whether in Hong Kong or elsewhere), which is directed at, or the contents of which are likely to be accessed or

192

read by, the public in Hong Kong (except if permitted to do so under the securities laws of Hong Kong) other than with respect to shares which are or are intended to be disposed of only to persons outside Hong Kong or only to “professional investors” in Hong Kong as defined in the Securities and Futures Ordinance and any rules made thereunder.

Singapore

This prospectus has not been registered as a prospectus with the Monetary Authority of Singapore. Accordingly, this prospectus and any other document or material in connection with the offer or sale, or invitation for subscription or purchase, of the shares may not be circulated or distributed, nor may the shares be offered or sold, or be made the subject of an invitation for subscription or purchase, whether directly or indirectly, to persons in Singapore other than (i) to an institutional investor (as defined under Section 4A of the Securities and Futures Act, Chapter 289 of Singapore, or the SFA) under Section 274 of the SFA, (ii) to a relevant person (as defined in Section 275(2) of the SFA) pursuant to Section 275(1) of the SFA, or any person pursuant to Section 275(1A) of the SFA, and in accordance with the conditions specified in Section 275 of the SFA, or (iii) otherwise pursuant to, and in accordance with the conditions of, any other applicable provision of the SFA, in each case subject to conditions set forth in the SFA.

Where the shares are subscribed or purchased under Section 275 of the SFA by a relevant person which is a corporation (which is not an accredited investor (as defined in Section 4A of the SFA)) the sole business of which is to hold investments and the entire share capital of which is owned by one or more individuals, each of whom is an accredited investor, the securities (as defined in Section 239(1) of the SFA) of that corporation shall not be transferable for 6 months after that corporation has acquired the shares under Section 275 of the SFA except: (1) to an institutional investor under Section 274 of the SFA or to a relevant person (as defined in Section 275(2) of the SFA), (2) where such transfer arises from an offer in that corporation’s securities pursuant to Section 275(1A) of the SFA, (3) where no consideration is or will be given for the transfer, (4) where the transfer is by operation of law, (5) as specified in Section 276(7) of the SFA, or (6) as specified in Regulation 32 of the Securities and Futures (Offers of Investments) (Shares and Debentures) Regulations 2005 of Singapore, or Regulation 32.

Where the shares are subscribed or purchased under Section 275 of the SFA by a relevant person which is a trust (where the trustee is not an accredited investor (as defined in Section 4A of the SFA)) whose sole purpose is to hold investments and each beneficiary of the trust is an accredited investor, the beneficiaries’ rights and interest (howsoever described) in that trust shall not be transferable for 6 months after that trust has acquired the shares under Section 275 of the SFA except: (1) to an institutional investor under Section 274 of the SFA or to a relevant person (as defined in Section 275(2) of the SFA), (2) where such transfer arises from an offer that is made on terms that such rights or interest are acquired at a consideration of not less than S$200,000 (or its equivalent in a foreign currency) for each transaction (whether such amount is to be paid for in cash or by exchange of securities or other assets), (3) where no consideration is or will be given for the transfer, (4) where the transfer is by operation of law, (5) as specified in Section 276(7) of the SFA, or (6) as specified in Regulation 32.

Japan

The shares have not been and will not be registered under the Financial Instruments and Exchange Act of Japan (Act No. 25 of 1948, as amended), or the FIEA. The shares may not be offered or sold, directly or indirectly, in Japan or to or for the benefit of any resident of Japan (including any person resident in Japan or any corporation or other entity organized under the laws of Japan) or to others for reoffering or resale, directly or indirectly, in Japan or to or for the benefit of any resident of Japan, except pursuant to an exemption from the registration requirements of the FIEA and otherwise in compliance with any relevant laws and regulations of Japan.

193

Australia

No placement document, prospectus, product disclosure statement, or other disclosure document has been lodged with the Australian Securities and Investments Commission in relation to the offering. This offering document does not constitute a prospectus, product disclosure statement or other disclosure document under the Corporations Act 2001, or the Corporations Act, and does not purport to include the information required for a prospectus, product disclosure statement or other disclosure document under the Corporations Act.

Any offer in Australia of the shares may only be made to persons, or the Exempt Investors who are “sophisticated investors” (within the meaning of section 708(8) of the Corporations Act), “professional investors” (within the meaning of section 708(11) of the Corporations Act), or otherwise pursuant to one or more exemptions contained in section 708 of the Corporations Act so that it is lawful to offer the shares without disclosure to investors under Chapter 6D of the Corporations Act.

The shares applied for by Exempt Investors in Australia must not be offered for sale in Australia in the period of 12 months after the date of allotment under the offering, except in circumstances where disclosure to investors under Chapter 6D of the Corporations Act would not be required pursuant to an exemption under section 708 of the Corporations Act or otherwise or where the offer is pursuant to a disclosure document which complies with Chapter 6D of the Corporations Act. Any person acquiring shares must observe such Australian on-sale restrictions.

This offering document contains general information only and does not take account of the investment objectives, financial situation, or particular needs of any particular person. It does not contain any securities recommendations or financial product advice. Before making an investment decision, investors need to consider whether the information in this offering document is appropriate to their needs, objectives, and circumstances, and, if necessary, seek expert advice on those matters.

Dubai International Financial Centre

This prospectus relates to an Exempt Offer in accordance with the Offered Securities Rules of the Dubai Financial Services Authority, or DFSA. This prospectus is intended for distribution only to persons of a type specified in the Offered Securities Rules of the DFSA. It must not be delivered to, or relied on by, any other person. The DFSA has no responsibility for reviewing or verifying any documents in connection with Exempt Offers. The DFSA has not approved this prospectus nor taken steps to verify the information set forth in this prospectus and has no responsibility for the offering document. The securities to which this offering document relates may be illiquid and/or subject to restrictions on their resale. Prospective purchasers of the securities offered should conduct their own due diligence on the securities. If you do not understand the contents of this offering document you should consult an authorized financial advisor.

Switzerland

The shares may not be publicly offered in Switzerland and will not be listed on the SIX Swiss Exchange, or SIX, or on any other stock exchange or regulated trading facility in Switzerland. This document does not constitute a prospectus within the meaning of, and has been prepared without regard to, the disclosure standards for issuance prospectuses under art. 652a or art. 1156 of the Swiss Code of Obligations or the disclosure standards for listing prospectuses under art. 27 ff. of the SIX Listing Rules or the listing rules of any other stock exchange or regulated trading facility in Switzerland. Neither this document nor any other offering or marketing material relating to the Class A common stock or the offering may be publicly distributed or otherwise made publicly available in Switzerland.

194

Neither this document nor any other offering or marketing material relating to the offering, us, or our shares has been or will be filed with or approved by any Swiss regulatory authority. In particular, this document will not be filed with, and the offer of shares will not be supervised by, the Swiss Financial Market Supervisory Authority and the offer of Class A common stock has not been and will not be authorized under the Swiss Federal Act on Collective Investment Schemes, or CISA. The investor protection afforded to acquirers of interests in collective investment schemes under the CISA does not extend to acquirers of Class A common stock.

195

LEGAL MATTERS

The validity of the shares of Class A common stock being offered by this prospectus will be passed upon for us by Cooley LLP, Palo Alto, California. Certain legal matters in connection with this offering will be passed upon for the underwriters by Latham & Watkins LLP, Menlo Park, California. An attorney affiliated with Latham & Watkins LLP owns 12,397 shares of our Class B common stock.

EXPERTS

The consolidated financial statements of Rubrik, Inc. as of January 31, 2024 and 2023, and for each of the years in the two-year period ended January 31, 2024, have been included herein in reliance upon the report of KPMG LLP, independent registered public accounting firm, appearing elsewhere herein, and upon the authority of said firm as experts in accounting and auditing.

WHERE YOU CAN FIND ADDITIONAL INFORMATION

We have filed with the SEC a registration statement on Form S-1, including exhibits and schedules, under the Securities Act, with respect to the shares of Class A common stock being offered by this prospectus. This prospectus, which constitutes part of the registration statement, does not contain all of the information in the registration statement and its exhibits. For further information with respect to us and the Class A common stock offered by this prospectus, we refer you to the registration statement and its exhibits. Statements contained in this prospectus as to the contents of any contract or any other document referred to are not necessarily complete, and in each instance, we refer you to the copy of the contract or other document filed as an exhibit to the registration statement. Each of these statements is qualified in all respects by this reference.

You can read our SEC filings, including the registration statement, over the internet at the SEC’s website at www.sec.gov.

Following this offering, we will be subject to the information reporting requirements of the Exchange Act and we will file reports, proxy statements, and other information with the SEC. These reports, proxy statements, and other information will be available for inspection and copying at the website of the SEC referred to above. We also maintain a website at www.rubrik.com, at which, following the closing of this offering, you may access these materials free of charge as soon as reasonably practicable after they are electronically filed with, or furnished to, the SEC. Information contained on, or accessible through, our website is not a part of this prospectus, and the inclusion of our website address in this prospectus is only as an inactive textual reference.

196

INDEX TO CONSOLIDATED FINANCIAL STATEMENTS


	Page
Report of Independent Registered Public Accounting Firm		F-2
Consolidated Balance Sheets		F-3
Consolidated Statements of Operations		F-4
Consolidated Statements of Comprehensive Loss		F-5
Consolidated Statements of Redeemable Convertible Preferred Stock and Stockholders’ Deficit		F-6
Consolidated Statements of Cash Flows		F-7
Notes to Consolidated Financial Statements		F-8

F-1

Report of Independent Registered Public Accounting Firm

To the Stockholders and Board of Directors

Rubrik, Inc.:

Opinion on the Consolidated Financial Statements

We have audited the accompanying consolidated balance sheets of Rubrik, Inc. and subsidiaries (the Company) as of January 31, 2024 and 2023, the related consolidated statements of operations, comprehensive loss, redeemable convertible preferred stock and stockholders’ deficit, and cash flows for each of the years in the two-year period ended January 31, 2024, and the related notes (collectively, the consolidated financial statements). In our opinion, the consolidated financial statements present fairly, in all material respects, the financial position of the Company as of January 31, 2024 and 2023, and the results of its operations and its cash flows for each of the years in the two-year period ended January 31, 2024, in conformity with U.S. generally accepted accounting principles.

Basis for Opinion

These consolidated financial statements are the responsibility of the Company’s management. Our responsibility is to express an opinion on these consolidated financial statements based on our audits. We are a public accounting firm registered with the Public Company Accounting Oversight Board (United States) (PCAOB) and are required to be independent with respect to the Company in accordance with the U.S. federal securities laws and the applicable rules and regulations of the Securities and Exchange Commission and the PCAOB.

We conducted our audits in accordance with the standards of the PCAOB. Those standards require that we plan and perform the audit to obtain reasonable assurance about whether the consolidated financial statements are free of material misstatement, whether due to error or fraud. Our audits included performing procedures to assess the risks of material misstatement of the consolidated financial statements, whether due to error or fraud, and performing procedures that respond to those risks. Such procedures included examining, on a test basis, evidence regarding the amounts and disclosures in the consolidated financial statements. Our audits also included evaluating the accounting principles used and significant estimates made by management, as well as evaluating the overall presentation of the consolidated financial statements. We believe that our audits provide a reasonable basis for our opinion.

/s/ KPMG LLP

We have served as the Company’s auditor since 2018.

Santa Clara, California

March 18, 2024

F-2

Rubrik, Inc.

CONSOLIDATED BALANCE SHEETS

(in thousands, except par value amounts)


	January 31,
	2023			2024
Assets
Current assets
Cash and cash equivalents	$	135,807		$	130,031
Short-term investments		160,106			149,220
Accounts receivable, net of allowances of $442 and $247		150,622			133,544
Deferred commissions		57,524			72,057
Prepaid expenses and other current assets		60,736			63,861

Total current assets		564,795			548,713
Property and equipment, net		49,294			47,873
Deferred commissions, noncurrent		97,729			113,814
Goodwill		4,236			100,343
Other assets, noncurrent		53,129			62,867

Total assets	$	769,183		$	873,610

Liabilities, redeemable convertible preferred stock and stockholders’ deficit
Current liabilities
Accounts payable	$	8,085		$	6,867
Accrued expenses and other current liabilities		111,365			122,934
Deferred revenue		315,954			526,480

Total current liabilities		435,404			656,281
Deferred revenue, noncurrent		490,279			579,781
Other liabilities, noncurrent		36,417			55,050
Debt, noncurrent		179,699			287,042

Total liabilities		1,141,799			1,578,154

Commitments and contingencies (Note 9)
Redeemable convertible preferred stock
Redeemable convertible preferred stock, $0.000025 par value – 74,183 shares authorized as of January 31, 2023 and 2024; 74,183 shares issued and outstanding as of January 31, 2023 and 2024; liquidation preference of $715,100 as of January 31, 2023 and 2024		714,713			714,713
Stockholders’ deficit
Common stock, $0.000025 par value – 209,336 shares authorized as of January 31, 2023 and 2024 (inclusive of 5,400 shares authorized of founders stock, $0.000125 par value, convertible to common stock as of January 31, 2023 and 2024); 59,879 and 61,263 shares issued and outstanding as of January 31, 2023 and 2024, respectively (inclusive of 5,400 convertible founders stock issued and outstanding as of January 31, 2023 and 2024)		1			1
Additional paid-in capital		242,326			265,494
Accumulated other comprehensive loss		(1,301	)		(2,239	)
Accumulated deficit		(1,328,355	)		(1,682,513	)

Total stockholders’ deficit		(1,087,329	)		(1,419,257	)

Total liabilities, redeemable convertible preferred stock and stockholders’ deficit	$	769,183		$	873,610