NASDAQ: PANW

•Next-Generation Firewalls. Our hardware ML-Powered Next-Generation Firewalls (“NGFWs”) secure on-premises environments including campus locations and data centers. Our software NGFWs secure cloud networks.

•Cloud-Delivered Security Services (“CDSS”). Our network security platform integrates a suite of CDSS that complements our SASE and Firewall solutions. These include Advanced Threat Prevention, Advanced WildFire®, Advanced URL Filtering, Advanced DNS Security, IoT/OT Security, GlobalProtect®, Prisma Access Agent, Enterprise Data Loss Prevention (“Enterprise DLP”), AI for IT Operations (“AIOps”), Software as a Service (“SaaS”) Security, and AI Access Security. Through these add-on services, our customers are able to secure their content, applications, users, and devices across their entire organization.

•Prisma AIRS. Prisma AIRS is a comprehensive AI security platform that has been designed to protect customers’ entire AI ecosystem by providing AI model scanning, posture management, red teaming, run-time security, and AI agent security.

•Strata Cloud Manager (“SCM”). SCM, our network security management solution, centrally manages network security across all remote workers, branches, headquarters, campuses, and cloud. SCM leverages AI to simplify and strengthen network security by enabling customers to proactively pinpoint vulnerabilities, gain real-time remediation recommendations, and enhance overall digital experiences, thereby reducing operational burden. This comprehensive solution includes Strata Copilot, which offers a natural language interface for enhanced insights and guided remediation, and integrates Autonomous Digital Experience Monitoring (“ADEM”) to proactively maintain infrastructure health, facilitate AI-driven one-click troubleshooting, and ensure seamless end-user performance across the enterprise.

Security Operations

Our AI-powered Cortex platform transforms end-to-end security operations with unified data, AI, and automation for more secure, faster, and cost effective outcomes. We have consolidated our industry-leading Security Operations and Cloud Security capabilities on a single comprehensive platform to provide centralized visibility, proactive protection, real-time prevention, AI-driven insights, and automated remediation across enterprise and cloud.

•Security Operations. We deliver the next generation of security operations capabilities that unifies standalone Security Information and Event Management (“SIEM”) tools, endpoint security, security automation, cloud detection and response (“CDR”), as well as attack surface management (“ASM”) capabilities on our Cortex® platform. These include Cortex XSIAM®, for AI-powered security operations replacing traditional SIEM tools, Cortex XDR®, for the prevention, detection, and response to complex cybersecurity attacks, Cortex XSOAR®, for security orchestration, automation, and response (“SOAR”), and Cortex Xpanse®, for ASM.

•Cloud Security. We deliver comprehensive security across the cloud application development lifecycle through Cortex Cloud, delivered as a scalable SaaS offering. As a comprehensive Cloud Native Application Protection Platform (“CNAPP”) combined with CDR, Cortex Cloud secures multi- and hybrid-cloud environments for applications, data, generative AI (“GenAI”) ecosystem, and the cloud native technology stack across the full development lifecycle, from code to cloud to security operations. As part of the Cortex Cloud platform, customers can expand from Cortex Cloud to our security operations offerings available on a single user experience and unified agent. We also offer our VM-Series and CN-Series virtual firewalls for inline network security on multi- and hybrid-cloud environments.

- 4 -

Table of Contents

Threat Intelligence and Advisory Services

•Unit 42® brings together world-renowned expertise across threat research, incident response, and security consulting to deliver intelligence-driven, response-ready outcomes that help customers reduce cyber risk. Our elite consultants serve as trusted advisors to our customers by assessing and testing their security controls against sophisticated threats, transforming their security strategy with a threat-informed approach, and responding to security incidents on behalf of our clients. Additionally, Unit 42 offers managed detection and response (“MDR”) and managed threat hunting services.

Products and Services

NETWORK SECURITY

Secure Access Service Edge

•Prisma Access. Prisma Access is a cloud-delivered security offering that helps organizations deliver consistent AI-driven security to remote networks and mobile users. With more than 100 locations around the world, Prisma Access offers global coverage, consistently inspecting all traffic across all ports and providing bidirectional networking to enable branch-to-branch and branch-to-headquarter traffic. Prisma Access consolidates point products into a single cloud-delivered solution, transforming network security and allowing organizations to enable secure hybrid work. Prisma Access protects all application traffic with complete, best-in-class security while also delivering a seamless user experience with industry-leading service-level agreements (“SLA”s). With native SASE integration, Prisma Access Browser extends Zero Trust to any device—managed or unmanaged—in minutes. Prisma Access delivers seamless user experience with a combination of application acceleration—up to 5x faster than direct-to-internet—and Autonomous Digital Experience Management.

•Prisma SD-WAN. Our Prisma SD-WAN solution is a next-generation SD-WAN solution that makes the secure cloud-delivered branch possible. Prisma SD-WAN enables organizations to replace traditional wide area network (“WAN”) architectures with affordable broadband and internet transport types that promote improved bandwidth availability, redundancy and performance at a reduced cost. Prisma SD-WAN leverages real-time application performance SLAs and visibility to control and intelligently steer application traffic to deliver a powerful user experience. Prisma SD-WAN also provides the flexibility of deploying with an on-premises controller to help businesses meet their industry-specific security compliance requirements and manage deployments with application-defined policies. Our Prisma SD-WAN simplifies network and security operations using AI and automation.

Next-Generation Firewalls. Our hardware and software ML-Powered Next Generation Firewalls use AI—including machine learning and deep learning—to stop zero-day threats in real time, and detect and secure the entire enterprise including Internet of Things (“IoT”). All of our hardware and software firewalls incorporate the PAN-OS® operating system and include the same rich set of features, ensuring consistent operation across our entire product line. This includes SD-WAN capabilities to intelligently steer traffic to data centers, branches, and the cloud, natively integrated into our Next-Generation Firewalls. Enterprise data, applications, users, and devices become integral components of an organization’s security policy. Our hardware and software are designed for different performance requirements throughout an organization—with the ability to secure everything from small businesses and branch offices, to large-scale data centers and service providers. Our firewalls come in hardware form factors, containerized form factors, called CN-Series, as well as virtual form factors, called VM-Series, available on all major cloud hosting service providers. We also offer Cloud NGFW, a managed NGFW offering, to secure customers’ applications on Amazon Web Services (“AWS”) and Microsoft Azure (“Azure”).

Cloud-Delivered Security Services

•Advanced Threat Prevention. This cloud-delivered security service provides intrusion detection and prevention capabilities and blocks vulnerability exploits, viruses, spyware, buffer overflows, denial-of-service attacks, and port scans from compromising and damaging enterprise information resources. In addition, we offer inline deep learning to deliver real-time detection and prevention of unknown, evasive, and targeted command-and-control (“C2”) communications over HTTP, unknown-TCP, unknown-UDP, and encrypted over SSL. Advanced Threat Prevention is the industry’s only offering to protect the enterprise from unknown command and control in real-time with the power of Precision AITM.

•Advanced WildFire. This cloud-delivered security service provides protection against targeted malware and advanced persistent threats and provides a near real-time analysis engine for detecting previously unseen malware while resisting attacker evasion techniques. Advanced WildFire combines dynamic and static analysis, recursive analysis, and a custom-built analysis environment with network traffic profiling and fileless attack detection to discover even the most sophisticated and evasive threats. Preventions are delivered in seconds to our network security platform.

- 5 -

Table of Contents

•Advanced URL Filtering. This cloud-delivered security service offers the industry’s first Inline Deep Learning powered web protection engine. We deliver real-time detection and prevention of unknown, evasive, and targeted web-based threats, such as phishing. In addition, the service includes a cloud-based URL filtering database which consists of millions of URLs across many categories and is designed to analyze web traffic and prevent web-based threats, such as phishing, malware, and C2.

•Advanced DNS Security. This cloud-delivered security service uses machine learning to proactively block malicious domains and stop attacks in progress. The service allows our network security platform access to Domain Name System (“DNS”) signatures that are generated using advanced predictive analysis, machine learning, and malicious domain data from a growing threat intelligence sharing community of which we are a part of. We offer comprehensive DNS attack coverage and include industry-first protections against multiple emerging DNS-based network attacks, including real-time analysis of DNS response to prevent DNS hijacking.

•IoT/OT Security. This cloud-delivered security service uses machine learning to accurately identify and classify various IoT and operational technology (“OT”) devices, including never-been-seen-before devices, mission-critical OT devices, and unmanaged legacy systems. The service uses machine learning to baseline normal behavior, identify anomalous activity, assess risk, and provide policy recommendations.

•SaaS Security API. SaaS Security API is a multi-mode, cloud access security broker (“CASB”) that helps govern sanctioned SaaS application usage across all users and helps prevent breaches and non-compliance. Specifically, the service enables the discovery and classification of data stored in supported SaaS applications, protects sensitive data from accidental exposure, identifies and protects against known and unknown malware, and performs user activity monitoring to identify potential misuse or data exfiltration. The solution can be combined with SaaS Security Inline for a complete integrated CASB.

•SaaS Security Inline. SaaS Security Inline adds an inline service to automatically gain visibility and control over thousands of known and newly sanctioned, unsanctioned and tolerated SaaS applications in use within organizations today. The service provides enterprise data protection and compliance across all SaaS applications and prevents cloud threats in real time. The solution can be combined with SaaS Security API as a complete integrated CASB.

•GlobalProtect. This subscription provides protection for users of both traditional laptop and mobile devices. It expands the boundaries of the end-users’ physical network, effectively establishing a logical perimeter that encompasses remote laptop and mobile device users irrespective of their location. Regardless of the operating system, laptops, tablets, and phones will stay connected to the corporate network when they are on a network of any kind and as a result, are protected as if they never left the corporate campus.

•Prisma Access Agent. Prisma Access Agent provides secure, remote access to corporate resources for employees working from any location or device. The agent establishes an encrypted tunnel to Prisma Access or our NGFW, ensuring consistent security, data protection, and threat prevention for a distributed workforce accessing any application.

•Enterprise DLP. This cloud-delivered security service provides consistent and reliable protection of sensitive data, such as personally identifiable information and intellectual property, for all traffic types, applications, and users. Native integration with our products makes the service simple to deploy, while advanced machine learning minimizes management complexity. Enterprise DLP allows organizations to consistently discover, classify, monitor, and protect sensitive data, wherever it may reside.

•AI Access Security. AI Access Security classifies and prioritizes GenAI applications to assess risk, detect anomalies and visualize insights across multiple GenAI-specific attributes. The service prevents sensitive data loss and defends against malicious responses, ensuring safe and effective AI adoption.

•AIOps. AIOps enables security teams to proactively strengthen security posture and resolve network disruptions. AIOps provides continuous best practice recommendations powered by machine learning based on industry standards, security policy context, and advanced telemetry data collected from our network security customers to improve security posture. The service also intelligently predicts health, performance, and capacity problems up to seven days in advance and provides actionable insights to resolve the predicted disruptions.

Prisma AIRS. Prisma AIRS is a comprehensive AI security platform engineered to protect customers' entire AI ecosystem across its lifecycle. It addresses unique AI security challenges such as prompt injection, data poisoning, and sensitive data leakage, by providing deep visibility and control across AI models, data, and applications. The platform offers AI Model Scanning for vulnerabilities, Posture Management for secure configurations, and AI Red Teaming for proactive testing. Critically, Runtime Security prevents threats during live AI model execution, while AI Agent Security extends protection to autonomous AI agents.

- 6 -

Table of Contents

Strata Cloud Manager. SCM enables our customers to easily manage their Palo Alto Networks’ Network Security infrastructure—including NGFWs and SASE deployments—from the cloud, via one unified management interface. As an AI-powered, unified cloud management solution, SCM enables organizations to enhance their network security posture and streamline operations. It utilizes AI to swiftly identify potential vulnerabilities, provide real-time recommendations for remediation, proactively address support needs, and improve overall digital experiences, leading to reduced operational overhead and improved speed, accuracy, and scale of support. By analyzing telemetry, historical data, and its diverse knowledge base, SCM can instantly answer questions, pinpoint solutions to known problems, and automate data collection to speed up assisted support for new challenges. Built into this robust solution are Strata Copilot, offering a natural language interface for intuitive insights and guided actions, and ADEM, designed for proactive infrastructure health, simplified troubleshooting, and consistent end-user performance across the network.

Panorama. Panorama is used for centralized policy management, device management, software licensing and updates, centralized logging and reporting, and log storage. Many of our existing deployments continue to use Panorama as the security management solution. New deployments benefit from using SCM for managing network security estate—including our Next-Generation Firewalls and SASE—with a cloud-based, unified management interface.

SECURITY OPERATIONS

•Cortex XSIAM. Our cloud-based AI-powered security operations platform harnesses the power of AI to significantly improve security outcomes and transform security operations. Cortex XSIAM customers are able to consolidate multiple products into a single unified platform that delivers security information and event management, extended detection and response (“XDR”), SOAR, network traffic analysis, ASM, threat intelligence management (“TIM”), identity threat detection and response, and CDR. CDR is the latest addition to Cortex XSIAM and XDR that addresses the growing need for security teams to respond to cloud threats with purpose-built SOC tools that seamlessly integrate with their security programs. Cortex XSIAM integrates these capabilities into a single platform built for security operations, enabling organizations to simplify operations, stop threats at scale, and accelerate incident remediation. Cortex XSIAM automates data integration, analysis, and triage to respond to most alerts, enabling analysts to focus on only the incidents that require human intervention.

•Cortex XDR. This cloud-based service enables organizations to collect telemetry from endpoint, network, identity and cloud data sources and apply advanced analytics and machine learning, to quickly find and stop targeted attacks, insider abuse, and compromised endpoints. Cortex XDR has two product tiers: XDR Prevent and XDR Pro. XDR Prevent delivers enterprise-class endpoint security focused on preventing attacks. XDR Pro extends endpoint detection and response (“EDR”) to include cross-data analytics for network, cloud, and identity data. Going beyond EDR, Cortex XDR detects the most complex threats using analytics across key data sources and reveals the root cause, which can significantly reduce investigation time as compared to siloed tools and manual processes.

•Cortex XSOAR. Available as a stand-alone cloud-based service, an on-premises virtual appliance, or delivered natively through Cortex XSIAM, Cortex XSOAR is a comprehensive SOAR offering that unifies playbook automation, case management, real-time collaboration, and threat intelligence management to serve security teams across the incident lifecycle. With Cortex XSOAR, security teams can standardize processes, automate repeatable tasks, and manage incidents across their security product stack to improve response time and analyst productivity. Cortex XSOAR learns from the real-life analyst interactions and past investigations to help SOC teams with analyst assignment suggestions, playbook enhancements, and best next steps for investigations. Many of our customers see significantly faster SOC response times and a significant reduction in the number of SOC alerts which require human intervention.

•Cortex Xpanse. Available as a stand-alone cloud-based service and a cloud-based subscription module within Cortex XSIAM, Cortex Xpanse provides ASM, which is the ability for an organization to identify what an attacker would see among all of its sanctioned and unsanctioned Internet-facing assets. In addition, Cortex Xpanse detects risky or out-of-policy communications between Internet-connected assets that can be exploited for data breaches or ransomware attacks. Cortex Xpanse continuously identifies Internet assets, risky services, or misconfigurations in third parties to help secure a supply chain or identify risks for mergers and acquisitions due diligence. Finally, compliance teams use Cortex Xpanse to improve their audit processes and stay in compliance by assessing their access controls against regulatory frameworks.

•Cortex Cloud. Available as a stand-alone cloud-based service or an add-on to Cortex XDR or to Cortex XSIAM. Cortex Cloud, the next generation of Prisma Cloud, merges CNAPP with CDR for real-time cloud security. The solution allows you to harness the power of AI and automation to prioritize cloud risks with runtime context, enable remediation at scale, and stop attacks as they happen. Cortex Cloud consolidates multiple code and cloud security technologies such as Cloud Detection and Response, Software Composition Analysis, Infrastructure as Code security, CI/CD security, secrets scanning, Cloud Security Posture Management, Cloud Identity and Entitlements Management, API security, Vulnerability Management, Cloud Workload Protection, Web Application and API Security, Cloud Network Security, and Cloud Attack Surface Management into a single unified offering. As part of the Cortex platform, customers can transform end-to-end security operations, from code to cloud to SOC, by adopting Cortex Cloud together with Cortex XSIAM. Existing customers can continue leveraging Prisma Cloud as they upgrade to Cortex Cloud for significantly better, faster and more effective multi-cloud protection.

- 7 -

Table of Contents

THREAT INTELLIGENCE AND ADVISORY SERVICES

•Customer Support. Global customer support helps our customers achieve their security outcomes with services and support capabilities covering the customer's entire journey with Palo Alto Networks. This post-sales, global organization advances our customers’ security maturity, supporting them when, where, and how they need it. We offer Standard Support, Premium Support, and Platinum Support to our end-customers and channel partners. Our channel partners that operate a Palo Alto Networks Authorized Support Center typically deliver level-one and level-two support. We provide level-three support 24 hours a day, seven days a week through regional support centers that are located worldwide. We also offer a service offering called Focused Services that includes Customer Success Managers to provide support for end-customers with unique or complex support requirements. We offer our end-customers ongoing support for hardware, software, and certain cloud offerings, which includes ongoing security updates, PAN-OS upgrades, bug fixes, and repairs. End-customers typically purchase these services for a one-year or longer term at the time of the initial product sale and typically renew for successive one-year or longer periods. Additionally, we provide expedited replacement for any defective hardware. We use a third-party logistics provider to manage our worldwide deployment of service-related spares.

•Threat Intelligence, Incident Response and Security Consulting. Unit 42 brings together world-renowned threat researchers, incident responders, and security consultants to create an intelligence-driven, response-ready organization that is passionate about helping clients proactively manage cyber risk. We help security leaders assess and test their security controls, transform their security strategy with a threat-informed approach, and respond to incidents rapidly. The Unit 42 Threat Intelligence team provides threat research that enables security teams to understand adversary intent and attribution, while enhancing protections offered by our products and services to stop advanced attacks. Our security consultants serve as trusted partners with state-of-the-art cyber risk expertise and incident response capabilities, helping customers build effective security programs, uncover critical exposures to prevent incidents, and, should incidents occur, respond to them with speed and confidence.

•Professional Services. Professional services are primarily delivered directly by Palo Alto Networks and through a global network of authorized channel partners to our end-customers and include on-location and remote, hands-on experts who plan, design, and deploy effective security solutions tailored to our end-customers’ specific requirements. These services include architecture design and planning, implementation, configuration, and firewall migrations for all our products, including Prisma and Cortex deployments. Customers can also purchase on-going technical experts to be part of customer’s security teams to aid in the implementation and operation of their Palo Alto Networks capabilities. Our education services include certifications, as well as free online technical courses and in-classroom training, which are primarily delivered through our authorized training partners.

RESEARCH AND DEVELOPMENT

Our research and development efforts are strategically centered on expanding our leadership within the enterprise security industry through AI-powered innovation. We focus on enhancing our integrated platforms and developing new software and hardware capabilities. Our engineering teams apply deep expertise in AI and machine learning across networking security, cloud security, endpoint security, and security operations to address the rapidly evolving threat landscape. This approach enables us to leverage core competencies across hardware and software for agile responsiveness and to ensure interoperability with third-party technologies. We supplement our own research with technologies and products licensed from third parties.

We believe that innovation and timely development of new features and products is essential to meeting the needs of our end-customers and improving our competitive position. During fiscal 2025, we introduced several new offerings, including: Prisma Access Browser, new capabilities in our OT Security solution, Cortex Cloud, Prisma AIRS, and Cortex XSIAM 3.0.

We plan to continue to significantly invest in our research and development efforts as we evolve and extend the capabilities of our portfolio.

ACQUISITIONS

We believe that the enterprise security industry in which we operate necessitates a variety of technologies, products, capabilities, and features. We evaluate opportunities to acquire complementary businesses, technologies, services, and intellectual property to complement our organic innovation and research and development efforts, advance the development of our platforms, and enable further investment in our key priority areas. Our evaluation of acquisition opportunities seeks to confirm that any potential transaction would accelerate our strategy, represent an attractive customer opportunity, address a customer need, align with our customer base and go-to-market strategy, and present a clear timeline and path for value accretion. Our acquisitions enable us to gain access to talent, technology, products and features, and can range in size and complexity, from those that enhance or complement existing products and accelerate development of features to those that result in new offerings.

- 8 -

Table of Contents

For example, in August 2024, we completed the acquisition of certain QRadar assets from International Business Machines Corporation (“IBM”), which we expect will help accelerate the growth of our Cortex business. Additionally, in July 2025, we completed the acquisition of Protect AI, Inc., a privately-held cyber security company (“Protect AI”), which we expect will enhance the capabilities of our AI security platform. In July 2025, we also entered into a definitive agreement to acquire CyberArk Software Ltd. (“CyberArk”), an identity security company, which acquisition is expected to close during the second half of our fiscal 2026.

For additional information related to the impact of acquisitions to our business, see Part I, Item 1A “Risk Factors” in this Form 10-K.

INTELLECTUAL PROPERTY

We believe that our intellectual property rights are valuable and important to our business, and that our success depends, in part, on our ability to protect and use our core technology and intellectual property rights. We rely on a combination of trademarks, patents, copyrights, trade secrets, license agreements, intellectual property assignment agreements, confidentiality procedures, non-disclosure agreements, and employee non-disclosure and invention assignment agreements to establish, protect and control the use of our proprietary technology and intellectual property rights. We continue to grow our global portfolio of intellectual property rights in connection with our products, services, research and development. We file patent applications to protect our intellectual property and believe that the duration of our issued patents is sufficient when considering the expected lives of our products. We have registered various trademarks for our company and our products in the United States (“U.S.”) and other jurisdictions internationally. We intend to continue pursuing additional protections for our proprietary technology and intellectual property to the extent we believe it would be beneficial and cost-effective.

Despite our efforts to protect our proprietary technology and intellectual property rights, our rights may not be respected in the future or may be invalidated, circumvented, or challenged. Our industry is characterized by the existence of a large number of patents and frequent claims and related litigation based on allegations of patent infringement or other violations of intellectual property rights. We believe that competitors will try to develop products that are similar to ours and that may infringe our intellectual property rights. Our competitors, third-parties and non-practicing entities, may also claim that our cybersecurity platforms and services infringe their intellectual property rights. From time to time, third parties have in the past and may in the future assert claims of infringement, misappropriation and other violations of intellectual property rights against us or our customers, with whom our license or other agreements may obligate us to indemnify against these claims. Successful claims of infringement by a third party could affect our ability to offer, or prevent us from offering, certain products or features. This could result in time during which we may be unable to continue to offer our affected products or solutions because of a potential need for us to develop alternate, non-infringing technology, which could require significant time and resources, or require us to obtain a license, which may not be available on reasonable terms or at all, or could require us to pay substantial damages, royalties, or other fees. For additional information, see the section titled “Risks Related to Intellectual Property and Technology Licensing” in Part I, Item 1A “Risk Factors” in this Form 10-K.

GOVERNMENT REGULATION

We are subject to numerous U.S. federal, state, and foreign laws and regulations covering a wide variety of subject matters. Like other companies in the technology industry, we face scrutiny from both U.S. and foreign governments with respect to our compliance with laws and regulations. Our compliance with these laws and regulations may be onerous and could, individually or in the aggregate, increase our cost of doing business, impact our competitive position relative to our peers, and/or otherwise have an adverse impact on our business, reputation, financial condition, and operating results. For additional information about government regulation applicable to our business, see Part I, Item 1A “Risk Factors” in this Form 10-K.

COMPETITION

We operate in the intensely competitive enterprise security industry that is characterized by constant change and innovation. Changes in the application, threat, and technology landscape result in evolving customer requirements for the protection from threats and the safe enablement of applications. Our main competitors fall into four categories:

•large companies that incorporate security features in their products, such as Cisco Systems, Inc. (“Cisco”), Microsoft, Alphabet, or those that have acquired, or may acquire, security vendors and have the technical and financial resources to bring competitive solutions to the market;

•independent security vendors, such as Check Point Software Technologies Ltd. (“Check Point”), Fortinet, Inc. (“Fortinet”), CrowdStrike Holdings, Inc. (“CrowdStrike”), Zscaler, Inc. (“Zscaler”), and Wiz, Inc. (“Wiz”), that offer a mix of security products;

•startups and point-product vendors that offer independent or emerging solutions across various areas of security; and

•public cloud vendors and startups that offer solutions for cloud security (private, public, and hybrid cloud).

- 9 -

Table of Contents

As our market grows, it will attract more highly specialized vendors, as well as larger vendors that may continue to acquire or bundle their products more effectively.

The principal competitive factors in our market include:

•product features, reliability, performance, and effectiveness;

•product line breadth, diversity, and applicability;

•product extensibility and ability to integrate with other technology infrastructures;

•price and total cost of ownership;

•adherence to industry standards and certifications;

•strength of sales and marketing efforts; and

•brand awareness and reputation.

We believe we generally compete favorably with our competitors on the basis of these factors as a result of the features and performance of our portfolio, the ease of integration of our security solutions with technological infrastructures, and the relatively low total cost of ownership of our products. However, some of our competitors may have substantially greater financial, technical, and other resources, greater name recognition, larger sales and marketing budgets, broader distribution, more diversified product lines, and larger and more mature intellectual property portfolios.

SALES, MARKETING, SERVICES, AND SUPPORT

Customers. Our end-customers consist of enterprises, service providers, and government entities. Our end-customers operate in a variety of industries, including education, energy, financial services, government entities, healthcare, Internet and media, manufacturing, public sector, and telecommunications. Our end-customers deploy our portfolio of solutions for a variety of security use cases across several settings. Typical deployment settings include the enterprise network, the enterprise data center, cloud locations, branch or remote locations, and on-device agents. No single end-customer accounted for more than 10% of our total revenue in fiscal 2025, 2024, or 2023.

Distribution. We primarily sell our products and subscription and support offerings to end-customers through our channel partners utilizing a two-tier, indirect fulfillment model whereby we sell our products and subscription and support offerings to our distributors, which, in turn, sell to our resellers, which then sell to our end-customers. Sales are generally subject to our standard, non-exclusive distributor agreement, which provides for an initial term of one year, one-year renewal terms, termination by us with 30 to 90 days written notice prior to the renewal date, and payment to us from the channel partner within 30 to 45 calendar days of the date we issue an invoice for such sales. For fiscal 2025, 44.2% of our total revenue was derived from sales to three distributors.

We also sell our VM-Series virtual firewalls and Cloud NGFW via various cloud marketplaces. For example, our VM-Series virtual firewalls are sold on Amazon’s AWS Marketplace, Microsoft’s Azure Marketplace, Alphabet’s Google Cloud Marketplace, and Oracle Corporation’s Oracle Cloud Marketplace either directly to end customers or as part of the respective cloud hosting service provider’s offerings under a usage-based licensing model.

Sales. Our sales organization is responsible for large-account acquisition and overall market development, which includes the management of the relationships with our channel partners, working with our channel partners in winning and supporting end-customers through a direct-touch approach, and acting as the liaison between our end-customers and our marketing and product development organizations. We pursue sales opportunities both through our direct sales force and as assisted by our channel partners, which include resellers, global and regional systems integrators, service providers, managed security service providers, and cloud hosting service providers. We expect to continue to grow our sales headcount to expand our reach in all key growth sectors.

Our sales organization is supported by sales engineers with responsibility for pre-sales technical support, solutions engineering for our end-customers, and technical training for our channel partners.

Channel Program. Our NextWave Channel Partner program is focused on building in-depth relationships with solutions-oriented distributors, channel, delivery and services partners that have strong security expertise. The program rewards these partners based on a number of attainment goals, as well as provides them access to marketing resources, technical and sales training, and support. To promote optimal productivity, we operate a formal accreditation program for our channel partners’ sales and technical professionals. As of July 31, 2025, we had more than 8,500 channel partners.

Global Customer Success. Our Global Customer Success organization is responsible for delivering professional, educational, and support services directly to our end-customers and partners. We leverage a global network of certified partners to extend the reach and consistency of these services. We believe that a comprehensive suite of customer success offerings is critical to the successful deployment, adoption, and ongoing use of our products. To support this, we have invested in hiring and developing technical experts with deep domain knowledge and proven experience across our portfolio.

- 10 -

Table of Contents

Marketing. Our marketing is focused on building our brand reputation and the market awareness of our portfolio and driving pipeline and end-customer demand. Our marketing team consists primarily of product marketing, brand, demand generation, field marketing, digital marketing, communications, analyst relations, and marketing analytics functions. Marketing activities include pipeline development through demand generation, social media and advertising programs, managing the corporate website and partner portal, trade shows and conferences, analyst relationships, customer advocacy, and customer awareness. Every year we organize multiple signature events, such as our end-customer conference “Ignite” and focused conferences such as “Cortex Symphony” and “SASE Converge.” We also publish threat intelligence research, such as the Unit 42 Cloud Threat Report and the Unit 42 Network Threat Trends Research Report, which are based on data from our global threat intelligence team, Unit 42. These activities and tools benefit both our direct and indirect channels and are available at no cost to our channel partners.

Our products and services have been recognized as leading in 25 categories by third-party industry analysts firms that perform independent assessments of these categories. This recognition by third parties is an important measure of validation for our customers.

Backlog. Contract amounts that are not recorded in deferred revenue or revenue are considered backlog. Orders billed prior to revenue recognition are included in deferred revenue. We expect backlog will change from period to period for various reasons, including the timing of billing and fulfillment, such as inventory shortages. As such, we do not believe that backlog at any particular time is necessarily indicative of our future operating results.

Seasonality. Our business is affected by seasonal fluctuations in customer spending patterns. We have begun to see seasonal patterns in our business, which we expect to become more pronounced as we continue to grow, with our strongest sequential revenue growth generally occurring in our fiscal second and fourth quarters.

MANUFACTURING

We outsource the manufacturing of our products to various manufacturing partners, which include our electronics manufacturing services provider (“EMS provider”) and original design manufacturers. This approach allows us to reduce our costs as it reduces our manufacturing overhead and inventory and also allows us to adjust more quickly to changing end-customer demand. Our EMS provider is Flextronics International, Ltd. (“Flex”), who assembles our products using design specifications, quality assurance programs, and standards that we establish, and procures components and assembles our products based on our demand forecasts. These forecasts are based upon historical trends and analysis, adjusted for overall market conditions. All of our hardware products are assembled in the U.S.

The component parts within our products are either sourced by our manufacturing partners or by us from various component suppliers. Our manufacturing and supply contracts, generally, do not guarantee a certain level of supply or fixed pricing, which increases our exposure to supply shortages or price increases.

HUMAN CAPITAL

We believe our ongoing success depends on our employees. With a global workforce of 16,068 as of July 31, 2025, our People Strategy is a critical element of our overall company strategy and is overseen by our Chief People Officer who regularly updates our board of directors and the board’s Compensation and People Committee on human capital matters. Our People Strategy is designed to enable a workforce that is nimble, high-performing and innovative. We take a comprehensive approach to attracting, enabling and engaging world-class talent and fostering a culture where every employee can thrive. Our approach includes respecting each employee as a unique individual, demonstrating fairness in all we do and advancing a culture where employees are inspired to do the best work of their careers. We also focus on integrating AI into people programs and processes to build a more agile, skilled and forward-thinking workforce prepared for the future of cybersecurity. Our values of disruption, execution, collaboration, inclusion and integrity were co-created with employees and serve as the foundation of our culture. These values are embedded in our talent acquisition, learning and enablement, engagement and performance elevation, rewards and recognition programs.

Attract & Hire. At Palo Alto Networks, we source talent with the necessary skills and capabilities to contribute to our culture and mission. We utilize structured interviewing practices, thorough job analyses and success profiles to identify high-quality candidates and staff critical roles. In fiscal 2025, we began to transform our hiring operations by strategically embedding AI across the talent acquisition lifecycle to sharpen our competitive edge for talent. We are deploying intelligent tools to automate and enhance core processes, including AI-generated job descriptions, structured interview guides and preparation materials; intelligent interview scheduling; launching an automated talent sourcing and screening pilot; and using AI to augment feedback summaries. Each step is optimized for speed, consistency and bias mitigation. Recognizing that technical skills evolve rapidly in an AI-driven world, our recruitment strategy prioritizes durable, "AI-readiness" capabilities. We assess candidates for core competencies such as critical thinking, adaptability and a capacity for continuous learning to help ensure every hire can not only excel today but also innovate and lead in the future.

- 11 -

Table of Contents

Our Global Hiring Committee continues to play a key role in maintaining our hiring standards, which help drive objectivity. This group of cross-functional senior leaders reviews finalist candidates’ information with a focus on experience and capability. To build robust talent pipelines, we partner with academic institutions and other organizations to support new careers in cybersecurity, promote open roles, proactively reach out to candidates across multiple hiring channels and source candidates with a range of experiences. We also encourage employee referrals.

Onboard & Enable. Each member of our workforce has a unique career journey and individual needs, interests and goals. To that end, we strive to create an environment where everyone feels valued, respected and supported to solve the world’s toughest cybersecurity challenges.

In fiscal 2025, we started to evolve from a traditional training program to a system of AI-powered talent enablement, where we integrate learning and growth throughout the flow of an employee’s daily work. From day 1, new hires embark on a journey that blends in-person connection with personalized digital guidance, including generative AI onboarding roadmaps and AI-curated mentor networks. For ongoing growth, through The Learning Center, our intelligent learning platform, we deliver adaptive learning tracks for employees, including specialized paths for interns, new graduates and individuals joining through acquisitions. We also piloted real-time AI-enabled feedback simulations to coach and equip managers with the skills to guide their teams more effectively.

Development information about core business elements, required company-wide compliance training and information about activities on topics ranging from well-being to collaboration are also offered. To further support our employees to advance up the AI adoption curve, we have offered self-paced online certifications, live training and an experimentation challenge that encouraged peer-driven use cases and employees voting to select the finalists. We will continue our enablement journey, using employee questions and feedback to offer both practical and role-specific use cases to help increase productivity and new skill acquisition. On average, employees completed 36 hours of development during fiscal 2025.

Listen & Engage. We aim to foster engagement and help employees feel connected to our mission and values. Through our comprehensive approach, we use in-person and virtual channels to provide a regular flow of information to and between employees and leadership. These channels include company meetings, digital displays across our sites, our intranet, regular email communications, an active Slack platform, pulse surveys, a peer-to-peer recognition platform and regular two-way dialogue—such as small, in-person listening sessions hosted by our chief executive officer.

Employee sentiment is also collected and measured from external sources, such as Glassdoor and Comparably. In addition, based on employee participation in an anonymous survey, the Best Practice Institute has certified Palo Alto Networks as one of the “Top 100 Global Most Loved Workplaces” since 2021. Palo Alto Networks has been recognized by Comparably for “Best Leadership Teams” and “Best Company Outlook”, in addition to other employer of choice awards. Our chief executive officer has also earned a 91% employee approval rating on Glassdoor, a top percentile score.

In addition to our formal, company-wide, semiannual performance review process, which helps employees set learning and development plans, we believe in always-on performance feedback. Further providing engagement are eleven Employee Network Groups, open to all employees, that leverage different perspectives to build, understand and support our culture.

Compensation & Benefits. We offer employees competitive compensation and our flexible benefits plans include a variety of health, time off, wellness and voluntary benefits. Our pay strategy, which includes base salary, cash bonus programs, and equity awards, focuses on compensation based on individual performance. Palo Alto Networks is a fair pay company and we annually engage a third-party consultancy to analyze our pay practices. Through our flexible benefits programs, employees are able to request reimbursement for a range of lifestyle items including fitness, caregiving and education. Additionally, through our Giving+ program, employees can request monetary matching of their charitable donations and volunteer time.

Health, Safety & Wellbeing. Our commitment to the health, safety and wellbeing of our employees includes providing tools, resources and benefits focused on physical, mental and emotional wellbeing. This includes courses designed to equip employees with the knowledge to work safely, safety awareness campaigns and a mental health hub on our employee intranet.

CORPORATE RESPONSIBILITY

Our Corporate Responsibility (CR) strategy supports our company's purpose of a safe and secure world, and is informed through many inputs, including our business strategy and objectives, ongoing stakeholder engagement, investor and customer interests, benchmarking of industry best practices, regulatory developments and more. We execute meaningful CR initiatives that include advancing environmental sustainability, investing in people and operating with integrity.

Advance Environmental Sustainability. Palo Alto Networks is doing our part to limit global warming to less than 1.5°C. Our decarbonization pathway includes implementing operational efficiencies, procuring 100% renewable electricity, targeting greenhouse gas emissions reductions across our value chain and making progress on our science-based targets. We continue to be recognized by CDP (formerly Carbon Disclosure Project) as a “Supplier Engagement Assessment A-list.” We report progress towards our goals in our annual Corporate Responsibility report.

- 12 -

Table of Contents

Invest in People. In addition to our People Strategy described in the section titled “Human Capital” above, we continue to communicate our expectations regarding labor standards, business practices and workplace health and safety conditions to our supply chain through our Global Supplier Code of Conduct. During fiscal 2025, we maintained our affiliate membership in the Responsible Business Alliance. As a company built on trust, continuing to be a leader in responsible business practices and social impact supports our corporate strategy. We made charitable grants through our donor-advised fund to support nonprofit organizations providing services in areas such as cybersecurity education and expanding pathways to cyber careers. We maintained our work to provide cybersecurity curriculum to schools, universities and nonprofit organizations to help prepare people for careers in cybersecurity.

Operate with Integrity. Integrity is one of our core values. Employees, contractors and suppliers are informed about our governance expectations, including through our Codes of Conduct, compliance training programs and ongoing communications. The Governance and Sustainability Committee of the board of directors provides primary oversight of corporate responsibility and the board of directors and applicable committees receive regular updates on corporate responsibility topics.

AVAILABLE INFORMATION

Our website is located at www.paloaltonetworks.com, and our investor relations website is located at investors.paloaltonetworks.com. Our Annual Reports on Form 10-K, Quarterly Reports on Form 10-Q, Current Reports on Form 8-K, and amendments to reports filed or furnished pursuant to Sections 13(a) and 15(d) of the Securities Exchange Act of 1934, as amended (the “Exchange Act”), are available free of charge on the Investors portion of our website as soon as reasonably practicable after we electronically file such material with, or furnish it to, the Securities and Exchange Commission (“SEC”). We also provide a link to the section of the SEC’s website at www.sec.gov that has all of our public filings, including Annual Reports on Form 10-K, Quarterly Reports on Form 10-Q, Current Reports on Form 8-K, all amendments to those reports, our Proxy Statements, and other ownership-related filings.

We also use our investor relations website as a channel of distribution for important company information. For example, webcasts of our earnings calls and certain events we participate in or host with members of the investment community are on our investor relations website. Additionally, we announce investor information, including news and commentary about our business and financial performance, SEC filings, notices of investor events, and our press and earnings releases, on our investor relations website. Investors and others can receive notifications of new information posted on our investor relations website in real time by signing up for email alerts and RSS feeds. Further corporate governance information, including our corporate governance guidelines, board committee charters, and code of conduct, is also available on our investor relations website under the heading “Governance.” The contents of our websites are not incorporated by reference into this Annual Report on Form 10-K or in any other report or document we file with the SEC, and any references to our websites are intended to be inactive textual references only. All trademarks, trade names, or service marks used or mentioned herein belong to their respective owners.

- 13 -

Table of Contents