NYSE: RBRK

Our Rubrik Security Cloud and Rubrik Agent Cloud suites are built on the same technology architecture.

Architecture matters when it comes to securing data and accelerating enterprise AI transformation. Our unique SaaS-based architecture combines data and metadata from business applications across enterprise, identity, cloud, and SaaS applications to create self-describing data as a time-series. Self-describing data contains information such as application context, identity, data sensitivity, and application lineage. Our data threat engine, powered by AI and machine learning analyzes the self-describing data time-series to derive security intelligence from data and deliver cyber recovery. This enables our unique Preemptive Recovery Engine to identify clean recovery points in advance of an attack to shorten cyber recovery times. We combined backup and recovery and cybersecurity into a single platform built with a Zero Trust architecture, significantly shrinking the attack surface that exists with legacy solutions. Our Zero Trust Data Security platform assumes that information technology infrastructure will be breached, and nothing can be trusted without authentication.

Our architecture’s ability to understand data, application, and identity context allows us to deliver Rubrik Agent Cloud, which serves as an enterprise control layer for managing the AI agent lifecycle.

Automation is at the core of our architecture ethos. Our automated policy-driven platform delivers data security enforcement, incident response orchestration, and API integrations with the broader security ecosystem.

Our business is indexed to business data growth. Our customers’ need for our solutions grows in lockstep with their business data growth and their need for additional data security capabilities. We primarily sell subscriptions to RSC through our sales team and partner network by employing a land and expand sales strategy. We land new customers by selling subscriptions to RSC to secure any one of five distinct types of data: enterprise, unstructured data, identity, cloud, and SaaS applications. Expansion happens primarily along three vectors: the growth of data from applications already secured by Rubrik; new applications or identities secured; and additional security products. This expansion is driven by a natural flywheel effect in which the value of our platform increases as our customers’ data grows across various applications. As organizations manage more data and identities with RSC, they gain deeper insights into their data, strengthen their overall security posture, and reduce compliance risk.

Our Platform and Products

Rubrik has a unique and purpose-built Zero Trust Data Security approach to help organizations achieve business resilience against cyberattacks, malicious insiders, operational disruptions, and accelerate AI adoption by reducing risk. We enable organizations to implement a Zero Trust framework at the data layer, deliver data availability that withstands the aforementioned adverse conditions, and uphold data integrity even when infrastructure is compromised or attacked.

Rubrik, Inc.
2026 Form 10-K
6

Table of Contents

RSC, built with a Zero Trust design, automates data policy management and enforcement, delivers threat analytics and response, and orchestrates rapid recovery. RSC is a cloud native SaaS suite that secures data across disparate sources, allowing customers to have a single point of control from one user interface. RSC is built on a proprietary framework that represents time-series data and metadata generated across enterprise, unstructured data, identity, cloud, and SaaS applications. We build products on top of RSC to address myriad use cases that help our customers achieve cyber resilience, from hardening their data security posture to cyber recovery. These use cases include protection and recovery from cyberattacks, malicious insiders, and operational disruptions; orchestration of cyber and operational recovery, failover/failback testing, and cloud migration; sensitive data classification and visibility into over-privileged data access; monitoring for governance, regulatory compliance, and data breaches; and identification, containment, and remediation of ransomware and other security threats.

Our access to time-series data and metadata allows us to deliver a breadth of products across two suites, Rubrik Security Cloud and Rubrik Agent Cloud.

Rubrik Security Cloud

Data Protection. Cyber-proofs various sources of data in an organization with secure, access-controlled backups. Our data protection products are built for ease of deployment and use, scalability, and rapid recovery from cyberattacks, malicious insiders, and operational disruptions. We offer data protection products to manage enterprise, unstructured data, cloud, and SaaS applications. We also protect identity provider services, such as Microsoft Active Directory, EntraID and Okta.

Data Threat Analytics and Data Security. Detects data threats and identifies the blast radius of a cyberattack to speed up data recovery. Combines Anomaly Detection, Threat Monitoring, and Turbo Threat Hunting. Anomaly Detection uses advanced machine learning to detect deletions, modifications, and encryptions. Threat Monitoring continuously monitors for indicators of compromise commonly used by bad actors to establish persistent access, move laterally, or exfiltrate data. Turbo Threat Hunting allows incident responders and Security Operations Center (SOC) analysts to hunt for indicators of compromise and determine the initial point, scope, and time of infection. Turbo Threat Hunting capabilities enable customers to instantly check against precomputed hash values to locate malware-free recovery points. Data Security strengthens cyber posture by locating sensitive data proliferation and identifying data risks. Includes Sensitive Data Monitoring and User Intelligence, which altogether discovers where data lives, sensitivity of data, and user access and activity.

Identity Security. Delivers visibility, continuous monitoring, risk remediation, attack rollback and orchestrated recovery across identity services providers. Identity Recovery orchestrates fast, reliable recovery of Microsoft Active Directory, EntraID, and Okta. Identity Resilience is designed to continuously monitor identity risks and policy violations and rapidly identify compromised accounts.

Cyber Recovery. Improves cyber readiness and incident response with orchestrated Cyber Recovery Simulation, Threat Containment, and orchestrated Active Directory Forest Recovery. Cyber Recovery Simulation is used to create, test, and validate recovery plans, while also staying compliant with policy and audit requirements. Cyber Recovery can also be used to recover compromised data within a safe environment for forensic analysis. Threat Containment is used to quarantine data infected with malware so that recovery is enabled without reinfection. Active Directory Forest Recovery orchestrates the recovery of an organization’s Active Directory identity service to the desired point in time while avoiding malware reintroduction.

Rubrik Agent Cloud. Designed to provide a comprehensive AI operations platform that can dynamically monitor, control, and remediate agentic actions. RAC is designed to accelerate AI transformation for our customers without introducing added risk. It became commercially available in February 2026.

Architecture Matters

We believe the following attributes of our platform architecture allow us to offer a differentiated approach to data security:

•Time-Series Data and Metadata. We design our platform to manage time-series data and metadata as core assets. Our platform combines data and metadata together into self-describing data and records its history over time. To provide a single point of control for data across enterprise, cloud, and SaaS applications, we have constructed a proprietary framework to uniformly represent self-describing data across time. Doing so gives us full context of data and unlocks security use cases, allowing us to build products for cyber recovery and security intelligence.

•Data Threat Engine. We have developed a proprietary machine learning and artificial intelligence-based data threat monitoring and management engine to surface anomalous activities and indicators of data breaches. Our self-describing data, which combines data and metadata, gives us the ability to surface emergent data threats, understand data sensitivity, and identify malicious user activities. In addition, our platform continuously scans self-describing data for indicators of compromise (IOCs) and malicious patterns using our native data threat engine and integrated threat intelligence. This allows us to pre-identify the last known clean snapshots and automate recovery workflows.

Rubrik, Inc.
2026 Form 10-K
7

Table of Contents

•Zero Trust Design. We employ Zero Trust principles to prevent threats at the data layer. Our use of native immutability, secure protocols, logical air gap, encryption, role-based access controls, multi-factor authentication, and native services uphold data integrity and availability.

•Automation. Core to our product design ethos is automation. To consistently secure and manage data at scale, our platform delivers automated end-to-end policy management and enforcement, orchestration of security incident response, and API integrations.

Key Benefits to Our Customers

Leading businesses, governments, and public entities around the world and across all industries and segments choose Rubrik to:

•Achieve cyber and operational resilience. Our platform allows organizations to continue business operations even when data and applications are compromised by cyberattacks, malicious insiders, and operational disruptions. From the beginning, we have built our platform with the assumption that security breaches are inevitable and that data availability and integrity must be maintained to minimize business downtime and data loss.

•Secure, govern, and recover data across hybrid multi-cloud and SaaS applications. We recognize that organizations are in various stages of their cloud and SaaS journeys, and are accumulating data across enterprise, cloud, and SaaS applications. Our platform provides a consistent, policy managed experience across hybrid multi-cloud and SaaS environments, allowing organizations to uniformly deliver data security, governance, and recovery.

•Strengthen identity and data security posture. Our platform helps organizations manage security threats with detection and analysis of security risks. We combine machine learning and threat intelligence to detect anomalies and unusual behavior in application and identity data. Our platform also analyzes the blast radius of impact, automates ransomware monitoring, and rapidly recovers impacted data and identity services. Our ability to continuously discover and classify sensitive data, in addition to understanding user access, helps reduce the risk of data exfiltration. Our products can be integrated into security operations’ automated playbooks for managing and mitigating ransomware and other data attacks.

•Accelerate AI transformation. Our platform helps enterprises move from their AI pilots to production by addressing the fundamentals expected of mission-critical systems: visibility, control, and recovery.

•Comply with data regulations. Our platform continuously discovers and classifies sensitive data, which provides increasing value to organizations as more data is accumulated across enterprise, cloud, and SaaS applications. This allows organizations to facilitate compliance with evolving data privacy and security regulations, such as GDPR, and reduce risk of double extortion ransomware attacks.

•Catalog and govern data assets. We provide a single platform for complete visibility and management as organizations accumulate more data across enterprise, cloud, and SaaS applications. We help organizations understand what data they have, where that data resides, sensitivity of data, and who has unqualified data access. As a result, our customers can shrink their attack surface, reduce risk of security breaches, and accelerate industry regulatory compliance. Our understanding of sensitive data and user access can help enterprises adopt generative AI by setting guardrails to mitigate exposure to compliance, data privacy, and cybersecurity risks.

•Improve operational efficiency. As organizations adopt hybrid multi-cloud and SaaS strategies, they encounter many different tools, interfaces, and workflows. Organizations can streamline and standardize data security and management operations with our unified policy automation engine and workflows. This reduces the need for employee training, simplifies security and governance challenges, provides reliable and rapid recoveries, and makes it easier to manage exponential data growth and the accumulation of diverse data sources.

Our Growth Strategy

Key elements of our growth strategy include:

•Continuing to grow our SaaS solutions. We believe there is a large and growing market opportunity for our multi-tenant, cloud native solutions as more organizations and customers move their applications and data to the cloud. We plan to continue to invest in the development of RSC and RAC, building additional products on top of our platform, and our accompanying go-to-market motion to capitalize on this meaningful opportunity.

•Growing our customer base. As cyberattacks increase in scale and sophistication amidst accelerated digitization and ever-evolving data regulations, organizations are rethinking how to secure data across various data sources. We believe we will continue to acquire new customers based on our ability to drive cyber resilience, identity security, AI transformation, and regulatory compliance.

Rubrik, Inc.
2026 Form 10-K
8

Table of Contents

•Expanding within our customer base. Our existing customer base represents a significant growth opportunity. As our customers accelerate digitization, they adopt more applications and generate more data that must be secured and readily available. We expect to expand our data security products to cover additional scale and scope of data, in addition to cross-selling identity security, data governance and compliance products and the RAC suite.

•Innovating and extending our product leadership. We have a history of creating and introducing disruptive technologies that help our customers achieve business resilience. We intend to continue making significant investments in research and development as well as hiring top technical talent to further increase our product differentiation. In particular, we believe that generative AI will play an important role driving further need for new products to help secure sensitive data and user access, monitor agents adoption, govern agent access and recover unwanted agentic actions. As we continue to invest in our platform, we will focus on features and functionalities that help enterprises securely adopt generative AI within an evolving threat landscape.

•Growing and harnessing our partner ecosystem. We plan to continue investing in building out and leveraging our partner ecosystem to broaden our distribution footprint, drive more platform usage, and drive greater awareness of our platform. Our partner ecosystem includes distributors and resellers, or Channel Partners, system integrators, managed system providers, and technology partners.

•Expanding our global footprint. As organizations around the world create more data across enterprise, cloud, and SaaS applications and grapple with an ever-increasing threat level of cyberattacks, including ransomware, and ever-evolving data privacy and security regulations, we believe there is significant opportunity to expand the use of our platform in all major global markets. We have invested in research and development, sales and marketing, and customer support across EMEA and Asia-Pacific regions and expect to continue to do so. We grew our international revenue from such regions from $250.4 million in fiscal year ended 2025 to $364.5 million in fiscal year ended 2026.

•Pursuing strategic acquisitions. We have a history of acquiring and integrating strategic products and technologies into our platform to deliver comprehensive data security products to our customers and partners. We intend to continue to pursue strategic teams, technologies, and products to accelerate time-to-market for new data security capabilities and widen the competitive moat for our products and solutions.

Our Customers

We sell to organizations of various sizes that operate across a wide range of industries, including financial services; retail, trade, and transportation; energy and industrials; healthcare and life sciences; public sector and education; technology, media, and communications; and services.

Our Commercial Offerings

Rubrik Security Cloud

RSC is a cloud native SaaS platform that secures data across disparate sources. We build products on top of RSC to address a myriad of use cases that help our customers achieve cyber resilience. The primary commercial products in our RSC suite are as follows:

Data Protection

•Enterprise Data Protection. Cyber-proofs enterprise data on physical systems, operating systems, virtual machines, databases, file systems, and containers with air-gapped, immutable, access-controlled backups.

•Unstructured Data Protection. Cyber-proofs unstructured file and object data stored on petabyte scale NAS systems with air-gapped, immutable backups.

•Cloud Data Protection. Cyber-proofs Azure, AWS, GCP and Oracle cloud application data and databases with secure, access-controlled backups.

•SaaS Data Protection. Cyber-proofs M365, Salesforce, and Atlassian Jira Cloud data with air-gapped, immutable data resilience and rapid recovery at scale.

Data Security | Data Threat Analytics

•Data Security Posture Management. Strengthens cyber posture by locating sensitive data proliferation and identifying data risks. Includes Sensitive Data Monitoring and User Intelligence, which altogether enables discovery of where data lives, its sensitivity, and user access and activity. A hardened cyber posture helps customers proactively reduce the risk of cyberattacks, data exfiltration, and sensitive data exposure, in addition to enhancing data governance for generative AI.

Rubrik, Inc.
2026 Form 10-K
9

Table of Contents

•Anomaly Detection, Threat Monitoring, and Turbo Threat Hunting. Detects data threats and identifies the blast radius of a cyberattack to speed up data recovery. Anomaly Detection uses advanced machine learning to detect deletions, modifications, and encryptions. Threat Monitoring continuously monitors for indicators of compromise commonly used by bad actors to establish persistent access, move laterally, or exfiltrate data. Turbo Threat Hunting allows incident responders and SOC analysts to hunt for indicators of compromise and determine the initial point, scope, and time of infection.

Identity Security

•Identity Recovery. Cyber-proofs Microsoft Active Directory, EntraID, and Okta with immutable backups and rapid recovery across hybrid environments.

•Identity Resilience. Monitors and protects human and non-human identities, tracks misconfigurations and high risk or malicious changes within Active Directory and Entra ID. It also enhances risk posture and accelerates cyber recovery by linking identity-based information such as privileged access with Rubrik's DSPM sensitive data context and activity.

Cyber Recovery

•Improves cyber readiness and incident response with orchestrated Cyber Recovery Simulation, Threat Containment, and orchestrated Active Directory Forest Recovery. Cyber Recovery Simulation is used by our customers to create, test, and validate recovery plans, while also staying compliant with policy and audit requirements. Cyber Recovery can also be used to recover compromised data within a safe environment for forensic analysis. Threat Containment quarantines data infected with malware to prevent malware reinfection during recovery. Active Directory Forest Recovery orchestrates the recovery of an organization’s Active Directory identity service to the desired point in time while avoiding malware reintroduction.

In addition, we offer Ruby, an AI agent for cyber resilience designed to help customers scale their data security operations through intelligent automation that increases productivity and bridges the users’ skills gap. To ensure optimal performance, Ruby is designed to be interoperable with multiple high-performing models, enabling the selection of the best-fit LLM for a customer's needs. These models work in combination with our proprietary, internally developed software, which augments user queries and enhances model outputs to generate responses or execute actions. For more information regarding the risks related to the use of AI in our business, see the risk factor titled “Our use of generative and other AI tools may pose risks to business and operations, including our proprietary software and systems, and may subject us to legal liability” in the section titled “Risk Factors.”

Our commercial products are used by customers to deliver business resilience against operational failures and cyberattacks. Customers use our Data Protection, Identity Security, and Cyber Recovery products to strengthen cyber posture, comply with regulations, and conduct recovery from cyber attacks, operational failures, human errors, or natural disasters. During a cyberattack, customers use Data Threat Analytics in addition to the above products to identify, contain, and remediate data threats, determine scope of sensitive data exposure, recover data, and conduct event response.

Our RSC platform is built to be highly flexible and scalable, enabling us to innovate and deliver new data security products in the future.

Our products are available for purchase via four subscription editions to our RSC platform, which are as follows:

•Foundation Edition. Keeps data secure and recoverable from cyberattacks and operational failures.

•Business Edition. Builds upon Foundation Edition by proactively monitoring for ransomware.

•Enterprise Edition. Builds upon Business Edition by continuously monitoring data risk and orchestrating cyber recovery.

Our commercial offerings are accompanied by customer support. We offer several support solutions and capabilities that enhance the value proposition of our software and SaaS solutions:

•SentryAI. SentryAI is our proprietary AI deep learning-based platform for system health monitoring, allowing us to deliver proactive customer service throughout the entire customer lifecycle. Our platform uses AI to detect anomalous behavior from telemetry data from our customers. Data analyzed includes performance, security and SLA compliance, and capacity utilization. SentryAI is included within our base support offering.

•Premium-Plus Add-on Support. Our program provides a CEM and an Assigned Support Engineer, or ASE, for personalized, technical support. Our dedicated teams develop an in-depth understanding of our customers’ unique environment requirements, collaborate closely with our customers’ operation teams, and provide a direct path to accelerate resolution times.

•Ransomware Recovery Team. Our 24x7 Ransomware Recovery Team assists and complements our customers’ recovery plans.

•Education. We offer Rubrik University, which includes instructor-led training with hands-on labs, on-demand e-learning courses, and certification exams. Education capabilities are targeted at different types of users and delivery modalities to suit end-customer needs. We have instructor-led training and self-paced on-demand courses.

Rubrik, Inc.
2026 Form 10-K
10

Table of Contents

•Certification Program. Our certification program enables technical personnel to demonstrate and validate in-depth knowledge of data security by becoming a Rubrik Certified Systems Administrator.

In February 2026, Rubrik Agent Cloud became commercially available. RAC provides a comprehensive AI operations platform that can dynamically monitor, control, and remediate agentic actions. RAC is designed to accelerate AI transformation for our customers without introducing added risk.

Our Technology

We have designed a highly differentiated and innovative architecture that is comprised of the following elements:

•Time-Series Data and Metadata. Our architecture combines data and metadata from business applications to create self-describing data as a time-series. Self-describing data is important since it contains information such as application context, user identity, data sensitivity, and application lineage, allowing us to understand emergent data threats and deliver cyber recovery. In addition, we have constructed a proprietary framework to uniformly represent this time-series data and metadata from enterprise, cloud, and SaaS applications. Since we have a common way to represent data across a multitude of application sources, we can easily introduce new products on top of our platform.

•Zero Trust Design. We employ Zero Trust principles to prevent threats at the data layer. Our usage of native immutability, secure protocols, logical air gap, encryption, role-based access controls, multi-factor authentication, and native services allows us to preserve data integrity and reduce software supply chain risk.

•Native Immutability. Our platform was custom designed to provide built-in immutability and preserve data integrity. Our proprietary, append-only file system, combined with data integrity checks, protects data from unauthorized modification, encryption, or deletion, thereby preventing data from being compromised.

•Secure Protocols. We architected our platform to allow data access only in an authenticated manner and via secure protocols. Contrast this approach to that of legacy technologies, which offer multi-tier architectures with a full trust security model leveraging insecure network and storage protocols, thereby leaving data vulnerable to corruption, deletion, or theft.

•Logical Air Gap. Data is protected by creating a multi-layered barrier between data and malicious actors. Logical processes, such as encryption, hashing, and granular role-based access controls, prevent data from being modified, deleted, or stolen. Our immutable, append-only file system also contributes to establishing a logical air gap by preventing data from being manipulated once written.

•Native Services. Our platform provides robust built-in functionality with native services. We do not provide privileged access to third-party applications, thereby reducing the risk of software supply chain attacks.

•Threat Engine. Our threat engine uses machine learning and threat intelligence to analyze our time-series data and metadata, detecting anomalies, encryption, content sensitivity, and malware. We can identify the initial point, scope, and time of attack to avoid malware reinfection during recovery.

•Automation. Core to our design ethos is automation. To secure data at scale and with consistency, our platform is architected to deliver automated end-to-end policy management, orchestration of security incident response, and API integrations.

•Policy Automation. Our fully orchestrated policy engine simplifies how data security objectives are created, enforced, and managed. By providing simplicity and automation in securing data, organizations easily deliver a consistent and uniform data security posture.

•Integration with Security Operations. Our solutions integrate with security tools, such as SIEM/SOAR and cloud security, to address a critical gap: security risks and threats at the data layer. Existing security tools pull in data from every corner of the infrastructure (network, applications, endpoints, etc.) but not from the data itself. By integrating continuous monitoring of data and user context, SecOps teams accelerate risk mitigation, incident response, and business resiliency.

•API-integration. Our API-first design means that any operation performed via Rubrik’s UI is performed through multi-factor authenticated APIs. We offer an extensive collection of pre-built integrations that allow customers to leverage our APIs to integrate data security and data policy management into self-service automation, infrastructure as code, centralized monitoring, log management, and security operations.

Our Go-to-Market Strategy

We primarily sell subscriptions to RSC through our global sales team and partner network. We target the largest organizations worldwide to mid-sized organizations. We sell to smaller customers through a high velocity engagement model driven by our inside sales team.

Rubrik, Inc.
2026 Form 10-K
11

Table of Contents

We utilize a land and expand approach, acquiring new customers and expanding with existing customers. We sell our products through subscriptions to RSC editions and can land in five distinct ways by securing enterprise, unstructured data, cloud, SaaS, and identity providers. After initial purchase, our customers often expand the deployment of our platform within their organization. Expansion happens along three vectors: the growth of data from applications already secured by Rubrik; new applications secured; and additional data security products. This expansion is driven by a natural flywheel effect in which the value of our platform increases as our customers’ data grows across various applications. As organizations manage more data with RSC and adopt additional data security products, they gain deeper insights into their data, strengthen their overall security posture, and reduce compliance risk, increasing their overall affinity with Rubrik.

Our sales organization includes sales development, inside sales, sales engineering, and field sales personnel and is segmented both geographically and by the size of prospective customers. We also have dedicated sales teams for the public sector, including federal, state, and local government organizations. Our sales teams identify prospective customers, manage customer accounts, and identify expansion opportunities, while working with our partner network.

We sell our subscriptions to customers through our Channel Partners utilizing a two-tier, indirect fulfillment model. We also offer SaaS products through the marketplaces of our technology alliance partners, including GCP, Azure, and AWS.

Our marketing organization works closely with our sales team to build brand and product awareness and drive sales pipeline. We leverage a mix of outbound marketing tactics such as industry conferences, user events, webinars, and digital programs to target new business, as well as support our upsell and cross-sell efforts. Every year, we organize our user conference, Rubrik Forward, to help our customers realize greater business results through data security. In addition, we leverage inbound marketing activities to generate pipeline and engage in joint marketing activities with our channel and technology alliance partners.

Our Partnerships

Our partnerships consist of Channel Partners, system integrators, managed service providers, and technology partners. Our partner program is designed to maximize technology expertise, technology alliances, and geographic coverage. Our Rubrik Transform Partner Program is a global program that manages our business relationships with our partners.

Our partners help expand the reach of our technology by building brand and product awareness, generating leads, implementing our solutions, providing value-added professional services, and reselling our services. On occasion, we may form deeper strategic relationships, such as our partnership with Microsoft that extends from driving go-to-market activities to co-engineering projects to delivering integrated Zero Trust Data Security products built on Azure.

Research and Development

Our research and development team is responsible for the design, development, testing, operation, and quality of our data security platform. This organization works closely with our cloud operations team to ensure that our platform is available, reliable, and stable. Rubrik Zero Labs is our internal data security research lab that analyzes the global threat landscape, works to eliminate threats with our data security platform, and reports on emerging data security issues. Our research and development leadership team is located in Palo Alto, California, Tel Aviv, Israel and Bangalore, India. We intend to continue to invest in our research and development capabilities to extend our platform and drive innovation of new products to expand our market size and customer impact.

Manufacturing

We rely on a limited number of contract manufacturers, including Super Micro Computer, Inc., or Supermicro, to assemble, test, and load our software onto Supermicro servers to deliver Rubrik-branded commodity servers, or Rubrik-branded Appliances, which the customer enterprise data we secure relies upon. All Rubrik-branded Appliances are currently built on servers designed and supplied by Supermicro. Our Original Equipment Manufacturer Agreement with Supermicro expires in November 2026, with the option to terminate upon each automatic annual renewal thereafter, and does not contain minimum purchase requirements that we must satisfy. We and Supermicro have also agreed to a “Direct-to-Distributor” model, whereby our Channel Partners are authorized to place purchase orders directly with Supermicro, and Supermicro is authorized to sell our Rubrik-branded Appliances directly to our Channel Partners.

Our Competition

The markets we serve are highly competitive and rapidly evolving. Our competition is specific to use cases that we target. We believe the Rubrik Platform is unique and we are not aware of other companies that take a similar approach to deliver cyber resilience and accelerate enterprise AI transformation. Legacy backup and recovery solutions have significant shortfalls in addressing cyber recovery, data security and agentic AI operations as they were primarily built for recoveries from operational and natural disaster. At the same time, traditional cybersecurity approaches have failed to not only prevent but also provide recovery from increasingly rampant and sophisticated cyberattacks.

Rubrik, Inc.
2026 Form 10-K
12

Table of Contents

As customer requirements evolve and new technologies are introduced, we anticipate competition will increase as established or emerging companies develop solutions that address the data security market. Our main competitors fall into the following categories:

•Data management and protection vendors, such as Commvault, Dell EMC, IBM, Veeam, and Cohesity;

•Smaller cloud and SaaS data management vendors with products that compete in some of our markets; and

•Vendors that provide cyber/ransomware detection and investigation, identity recovery and resilience, data security posture management, insider threat detection, data classification, incident containment, and other security and data governance technologies.

We believe the principal competitive factors in our market are:

•Ability to converge backup and recovery and cybersecurity in a cloud architecture;

•Ability to automatically manage and secure diverse data types across hybrid cloud, public cloud, and SaaS environments in an easy-to-use, unified platform;

•Ability to provide cyber recovery from a cyberattack;

•Ability to harden data security posture by continuously observing data for security risks;

•Business data access for cyber resilience;

•Ease of deployment, implementation, and use;

•Performance, scalability, and reliability;

•Ease of integration and collection of pre-built integrations with a wide variety of applications, infrastructure, automation, and security products driven by an API-first architecture;

•Time to value and pricing;

•Integrated data governance and compliance capabilities;

•Quality of customer success and professional services; and

•Brand recognition and reputation.

Our Culture and Employees

We consider our culture and employees to be important to our success. Our vision for our people is to establish an environment where our people can grow their careers and feel like they belong and succeed at Rubrik, allowing us to attract, develop, and retain the best talent in the industry to drive Rubrik’s success well into the future. We do this through incentivizing and integrating our employees through our competitive rewards and benefits, including equity-based compensation, and by our unique culture.

Our culture is driven by our core company values, and we measure performance against these values:

•Relentlessness. Unyielding will and curiosity to tackle the hardest challenges.

•Integrity. Do what you say and do the right thing.

•Velocity. Drive clarity, decide quickly, and move fast to delight our customers.

•Excellence. Set a high standard and strive for greatness.

•Transparency. Build trust and drive smart decisions through transparent communication.

As of January 31, 2026, we had approximately 3,797 full-time employees worldwide. We also engage contractors and consultants. None of our employees are represented by a labor union. In certain countries in which we operate, including Germany and France, we are subject to, and comply with, local labor law requirements, which include works councils and industry-wide collective bargaining agreements. We have not experienced any work stoppages, and we consider our relations with our employees to be good.

Social Responsibility and Community Initiatives

At Rubrik, we are committed to making the world a more secure and better place. In furtherance of our values and this goal, we have joined the Pledge 1% movement, and have committed to donating 1,354,671 shares of our Class A common stock representing approximately 1% of our outstanding capital stock as of immediately prior to our initial public offering over the next 10 years to fund our social impact and environmental, social, and governance initiatives. We plan to commit our time, in addition to our equity and financial resources (including via the donor-advised fund we have established), to support our social responsibility and community initiatives.

Rubrik, Inc.
2026 Form 10-K
13

Table of Contents

Intellectual Property

Intellectual property rights are important to the success of our business. We rely on a combination of patents, copyrights, trademarks, and trade secret laws in the United States and other jurisdictions, as well as license agreements, confidentiality procedures, non-disclosure agreements with third parties, and other contractual protections, to protect our intellectual property rights, including rights in our proprietary technology, software, know-how and brand. We also use open source software in our offering.

As of January 31, 2026, we had 425 issued U.S. patents and patents in various non-U.S. jurisdictions, 260 patent applications pending in the United States, and 9 patent applications pending in various non-U.S. jurisdictions. Our issued patents as of January 31, 2026 expire between April 30, 2034 and January 30, 2045. As of January 31, 2026, we had 10 registered trademarks in the United States, 4 trademark applications pending in the United States, and 29 registered trademarks in various non-U.S. jurisdictions.

Although we rely on intellectual property rights, including contractual protections, to establish and protect our intellectual property, we believe that factors such as the technological and creative skills of our personnel, creation of new services, features and functionality, and frequent enhancements to our platform are essential to establishing and maintaining our technology leadership position.

We control access to and use of our proprietary technology and other confidential information through the use of internal and external controls, including contractual protections with employees, contractors, customers, and partners. We require our employees, consultants, independent contractors, and other third parties to enter into confidentiality and proprietary rights agreements, and we control and monitor access to our software, documentation, proprietary technology, and confidential information. Our policy is to require all employees, consultants, and independent contractors to sign agreements assigning to us any inventions, trade secrets, works of authorship, developments, processes, and other intellectual property generated by them on our behalf and under which they agree to protect our confidential information. In addition, we generally enter into confidentiality agreements with our customers, technology alliance partners, and Channel Partners. See the section titled “Risk Factors” for a more comprehensive description of risks related to our intellectual property.

Available Information

We are headquartered in Palo Alto, California. Our website address is www.rubrik.com. Information found on, or accessible through, our website is not a part of, and is not incorporated into, this Annual Report on Form 10-K. We file electronically with the Securities and Exchange Commission, or the SEC, our annual reports on Form 10-K, quarterly reports on Form 10-Q, current reports on Form 8-K, and amendments to those reports filed or furnished pursuant to Section 13(a) or 15(d) of the Exchange Act. We make available on our website at www.rubrik.com, free of charge, copies of these reports and other information as soon as reasonably practicable after we electronically file such material with, or furnish it to, the SEC. The SEC also maintains an internet site at www.sec.gov that contains reports, proxy and information statements, and other information regarding issuers that file electronically with the SEC.

Rubrik, Inc.
2026 Form 10-K
14

Table of Contents