TipRanks Smart Growth Portfolio #49: Open Sesame
Dear Investors,
Welcome to the 49th edition of the Smart Growth Portfolio and Newsletter, where we spotlight a platform redefining how enterprises secure access in a borderless world. But first, here are some news and updates.
1
1
Investor Note on “SaaSpocalypse”
This week, Anthropic’s launch of new plugins for its Claude Cowork AI agent triggered a sharp sell-off across the software universe, wiping out hundreds of billions of dollars in market value across global software, data, and professional services stocks. Anthropic’s new tools automate tasks in areas like legal, sales, marketing, and data analysis, sparking investor fears that AI could disrupt or replace traditional software-as-a-service (SaaS) business models.
Since GenAI models evolved from simple chat interfaces with some picture-creating capabilities into serious tools capable of replacing many human-performed tasks, let alone software, we at Smart Growth have been mindful of the dangers, selling our sole SaaS holding last year. Now, our Portfolio is anchored in companies providing electronic components, communications gear, chip-related tools, and other solid-state offerings. Alongside that, we do have some software stocks, but they are concentrated in the financial and security realms, which will be irreplaceable by AI agents for many years to come.
EverQuote (EVER) – a fintech company operating an online lead-generation insurance marketplace – delivers value not through its underlying software, but through its massive amount of first-party consumer intent data and its relationships with insurance carriers. For EVER, AI is a tailwind – improving efficiency and supporting margins. Theoretically, AI agents could automate quote generation, customer acquisition, or sales processes – but that seems distant from a regulatory and legal perspective, even before discussing the technological possibilities.
Atlanticus Holdings (ATLC), another fintech holding, is fundamentally a lending and credit risk business. As such, it is practically insulated from Anthropic’s onslaught, since its proprietary underwriting models are not easily replaced by a general AI agent. For example, Claude can write an email or analyze a contract, but it cannot issue a $2,000 credit line to a subprime borrower. Although this, too, is technically possible in the future, consumer finances are protected by a regulatory firewall that will not allow any AI agents through.
Enova International (ENVA) is in a very similar position to Atlanticus. While it is experiencing some sentiment spillover from the SaaSpocalypse – with AI fears also hitting financial services and data-heavy stocks – it is far less vulnerable than pure software or data firms. ENVA is a lender (on its way to becoming a bank) with a proprietary AI platform that slices and dices 20 years of historical repayment data to predict if a subprime borrower will default. Besides regulatory protection, that is not something an AI agent would be able to replicate.
Other Smart Growth holdings that may seem connected to the software panic are Clear Secure (YOU) and Telos (TLS) – although they are actually some of the best-insulated stocks out there. The current panic is centered on agent-replaceable tasks, such as writing, coding, and scheduling. These two companies deal with physical security (Clear) and compliance (Telos) – sectors where AI agents cannot step in without regulatory permission. YOU’s biometric identity verification service focuses on physical identity tech, and the company’s position downstream from AI automation makes it a likely AI beneficiary. Meanwhile, TLS’s compliance and defense business is already seeing a massive tailwind from the advance of AI, which helps it automate processes, slashing costs and expanding margins. Besides, most of Telos’s revenue comes from massive federal contracts – and Claude isn’t going to get a Top Secret clearance to audit a Pentagon server anytime soon.
With Anthropic’s agentic tools targeting data analytics, among others, the knee-jerk sell-off also engulfed Innodata (INOD). However, the fact is that INOD – a data engineering firm specializing in AI data preparation, annotation, and transformation services – is likely a beneficiary of Anthropic’s moves, not a victim. It provides high-quality training data for large language models and generative AI systems, serving major tech clients (including some of the Mag 7 and now Palantir). Basically, Innodata makes money by helping companies like Anthropic build and test those very tools.
That said, the SaaSpocalypse has created knee-jerk selling pressure across most software-related stocks, and the negative momentum could continue if AI disruption fears persist. Moreover, it arrived at a time when AI capex fears are hitting the big spenders, pulling down the indexes, while a new “Crypto Winter” is poisoning the overall tech-market atmosphere.
The Cryptocalypse 2.0 (reminiscent of the 2022 crash) is hitting Applied Digital (APLD) hard, although the company has long shifted from being a hosting provider for Bitcoin and Ethereum miners to renting out data-center capacity for HPC and AI use. Today, APLD is an AI infrastructure play, but with about 30% of revenue still derived from legacy crypto hosting and not-so-distant memories of its crypto-related crash in 2022, investors are taking profits after a 370%+ rally over the past year.
We are monitoring the situation in the tech-stock universe, but see no reason to panic. We assume that, like all dips over the past couple of years, this one, too, will be bought sooner or later.
1
1
Portfolio News
❖ Aviat Networks (AVNW) saw its stock soar after the networking solutions company released its fiscal Q2 2026 results, which reflected outperformance on both the top and bottom lines, along with surging bookings and several growth drivers lined up for FY2027.
AVNW’s non-GAAP EPS of $0.54 flew past estimates of $0.50, and revenue of $111.5 million topped forecasts of $109.7 million, marking its fourth consecutive quarter of earnings and revenue beats. The company clocked in an adjusted EBITDA of $11.3 million (a 10.1% margin) and positive operating cash flow of $23.9 million, while free cash flow of $22.5 million represented an all-time high. Aviat finished the quarter with cash and cash equivalents of $86.5 million, while net debt declined by more than 50% year-over-year to just $19.5 million. AVNW management projected that strong cash generation will continue into fiscal H2 and beyond.
While improvements in operating performance and strong cash generation are encouraging, the main drivers of the stock’s surge post-earnings were FQ2 bookings – the highest in at least a decade. The book-to-bill ratio remained above 1, indicating that demand continues to outstrip supply. Together, these metrics reflect positive backlog trends and increased revenue visibility for the next several quarters.
Additional momentum came from signs of commercial traction on new growth initiatives, including the first order for AVNW’s Aprisa LTE 5G rugged router from a public safety customer, and an initial multi-dwelling unit (MDU) fixed-wireless order from a U.S. tier-one provider. These early wins signal diversification and potential revenue upside as these products ramp. Moreover, management said the company will participate in projects funded by the $42.5 billion Broadband Equity Access and Deployment (BEAD) Program in the second half of the calendar year, with a positive impact expected in fiscal 2027. Meanwhile, guidance for fiscal 2026 remained unchanged, envisioning $440-460 million in revenue and $45-55 million in adjusted EBITDA.
1
1
1
This Week’s Top Growth Pick: Zscaler (ZS)
Zscaler, Inc. is a cloud-native cybersecurity company reshaping how enterprises protect users, applications, and data in a world where networks no longer have clear perimeters. Its platform replaces legacy hardware-based security with a Zero Trust1 architecture that connects users directly to applications, not networks – reducing attack surfaces while improving speed and resilience. Built for distributed workforces and cloud-first IT environments, Zscaler sits at the core of secure access, traffic inspection, and policy enforcement across the enterprise stack. As organizations migrate workloads to the cloud and embrace hybrid work at scale, the company positions security as a lightweight, always-on service rather than a physical chokepoint – aligning protection with how modern businesses actually operate.
—
1 – Zero Trust is a security model that assumes no user or device is trusted by default. Access is granted only after identity and context are verified, and users connect directly to specific applications rather than entire networks, reducing attack surfaces and limiting the impact of a breach.
—
Source: Zscaler, Inc. Fiscal Q1 2026 Earnings Presentation
1
Born Cloudward
Zscaler’s origins trace back to its founding in the late 2000s, when the company set out to rethink enterprise security for an internet-first world. Long before Zero Trust became industry shorthand, Zscaler was built around the conviction that enterprise traffic would eventually flow directly to the internet and cloud applications – not through centralized, appliance-based networks. At a time when cloud adoption and mobile work were still emerging, the company architected its platform for a more distributed future. That early, forward-looking design choice positioned Zscaler to scale naturally as enterprises later embraced cloud-first IT models and redefined how secure access should work in practice.
The past five years have marked Zscaler’s most decisive evolution – transforming it from a secure web gateway pioneer into a broad Zero Trust platform provider. As remote work accelerated and applications migrated off private networks, ZS expanded its technology stack beyond user-to-internet security into full Zero Trust access for private applications, workloads, and data. This shift moved the company from a point-solution vendor toward a foundational security layer embedded deep within enterprise architectures.
Product innovation accelerated alongside that transition. Zscaler invested heavily in cloud-scale traffic inspection, advanced threat protection, and identity-aware policy enforcement, while steadily incorporating data protection and posture management2 capabilities. Its platform increasingly addressed not just access, but also how data is classified, protected, and governed across SaaS, public cloud, and hybrid environments. This broadened relevance helped Zscaler deepen relationships with large enterprises and become more embedded in long-term security roadmaps.
Strategic partnerships played a central role in reinforcing that trajectory. Over recent years, Zscaler has deepened its integrations with hyperscale cloud providers such as AWS, Microsoft, and Google Cloud, alongside leading identity platforms and endpoint security vendors like Okta and CrowdStrike. Rather than competing across every layer of the stack, Zscaler positioned itself deliberately as a neutral control layer – enforcing Zero Trust policies across cloud, identity, and device environments without forcing enterprises into a single-vendor ecosystem. This partner-first approach lowered deployment friction, fit naturally into complex, heterogeneous IT architectures, and made the platform easier to adopt at a global scale. In parallel, Zscaler continued to win large, security-sensitive customers across technology, financial services, healthcare, and government, providing real-world validation that its architecture could operate reliably at enterprise scale and under stringent regulatory and threat conditions.
Rather than pursuing large, transformative acquisitions, Zscaler focused on organic innovation and selective technology tuck-ins, prioritizing platform coherence over rapid expansion. The result is a company shaped less by consolidation and more by architectural consistency – one that grew alongside the cloud era and helped define how Zero Trust security is implemented in practice today.
—
2 – Posture management refers to the continuous assessment of whether users, devices, applications, or cloud resources are configured securely and comply with defined security policies.
—
Source: Zscaler, Inc. Website
1
Warp-Speed Trust
Zscaler’s business is built around delivering security as an always-on, cloud-native control layer that sits between users, applications, workloads, and now AI systems. Instead of protecting networks, ZS protects access and interactions – inspecting traffic inline and enforcing policy before connections are ever established. This architectural choice underpins how Zscaler makes money and explains why its relevance has expanded as enterprise IT has shifted away from fixed perimeters toward distributed, cloud-first environments.
At the core is the Zero Trust Exchange, a unified platform that brokers secure access to internet destinations, private applications, branches, and cloud workloads. Enterprises subscribe to these capabilities on a recurring basis, typically starting with user access and expanding over time as more traffic, locations, and workloads are routed through the platform. As customers deepen adoption, ZS increasingly replaces VPNs, firewalls, and point security tools, consolidating spend into a single control plane. Once deployed at scale, these architectures are difficult to unwind, raising switching costs and embedding Zscaler deeply into customers’ core security infrastructure.
Over the past two years, growth has broadened well beyond user access. Zero Trust Everywhere extends the model across branches, factories, campuses, and cloud workloads, enabling secure workload-to-workload communication and segmentation without relying on traditional network constructs. This has opened new enterprise use cases tied to cloud migration, ERP modernization, and distributed operations – areas where legacy tools struggle to keep up and where architectural simplicity is increasingly valued.
The clearest growth inflection, however, is AI Security, driven by urgent structural necessity rather than experimentation, and compounded by two shifts. The first is the sharp acceleration in enterprise AI usage while security controls lag behind, creating a widening protection gap as AI adoption outpaces governance, visibility, and enforcement. Moreover, AI is no longer limited to discrete tools – embedded AI inside everyday enterprise applications has given rise to unmanaged “shadow AI,” materially expanding attack surfaces beyond what traditional security models can observe or control and opening a new, high-velocity monetization vector.
The second shift is the rise of AI agents and autonomous workflows – non-human actors operating continuously and interacting with systems at machine speed. Traditional security models built around human sessions are ill-suited to govern these agents. Zscaler’s platform is designed to inspect AI prompts, responses, and agent-to-agent communication inline, enforcing least-privilege access and policy guardrails without human intervention.
Data Security Everywhere complements this by protecting sensitive information across web traffic, cloud applications, endpoints, and AI workflows. Enterprises increasingly adopt multiple data protection modules together, using ZS to replace fragmented tools with unified, policy-driven enforcement across the organization. That breadth and cohesion are increasingly recognized externally – most notably in Gartner’s latest Secure Access Service Edge assessment, which places Zscaler firmly in the Leaders quadrant for its cloud-delivered Zero Trust access, data protection, and consistent policy enforcement across users, applications, and workloads.
Taken together, these layers position Zscaler not merely as an access broker, but as infrastructure-level security for the AI era – with a large, fast-growing addressable market and substantial runway to continue gaining share as AI-driven activity scales.
Source: Gartner, Inc.
1
Bundling the Upside
Zscaler’s financial profile over the past several years tells a story of consistent execution, accelerating scale, and steadily improving earnings quality, even as the company continues to invest aggressively in growth. The most recent quarter, fiscal Q1 2026, extended a long-running pattern: Zscaler has beaten analyst consensus on adjusted EPS every quarter since at least fiscal Q4 2021 and has exceeded revenue expectations for at least eight consecutive quarters, reinforcing its credibility with investors.
In FQ1, revenue reached $788.1 million, up 26% year-over-year and ahead of both company guidance and Street forecasts. Annual recurring revenue (ARR) climbed to just over $3.2 billion, representing approximately 26% year-over-year growth, while organic net new ARR also showed a clear step-up versus the prior year. Importantly, remaining performance obligations (RPO) rose about 35% year-over-year, and deferred revenue increased roughly 32%, signaling strong forward visibility and a healthy backlog of contracted demand.
Growth remained broad-based, supported by strong expansion within existing customers and rising adoption of newer platform modules. The AI Security pillar grew over 80% year-over-year, surpassing the FY 2026 target of $400 million ARR three quarters early, with expectations to exceed $500 million by the end of the fiscal year. Zero Trust Everywhere also achieved its goal of securing 390 enterprises three quarters ahead of the target date, now with over 450 enterprises onboard. The recently introduced Z Flex program generated over $175 million in total contract value (TCV), growing over 70% from FQ4 2025 through accelerating upsells and shortening sales cycles. Customer metrics also set new highs, as ZS closed FQ1 with 698 customers generating over $1 million in ARR and 3,754 customers exceeding $100,000 in ARR.
Profitability continued to improve. Gross margin remained near 80%, down modestly from the prior year as ZS deliberately prioritized faster go-to-market and platform expansion over near-term margin optimization. Operating leverage is emerging, however, as scale builds. Free cash flow was particularly strong in the quarter, with a free cash flow margin above 50%, placing Zscaler well above traditional growth efficiency benchmarks. The company now comfortably exceeds the “Rule of 40,” with the combined revenue growth rate and free cash flow margin reaching 78% – a rare combination of growth and cash generation for a company still in expansion mode. With no meaningful debt on the balance sheet, Zscaler is well-positioned to invest in innovation, pursue targeted acquisitions, and absorb competitive pressure without financial strain.
ZS reached sustained non-GAAP profitability back in 2018, although GAAP profitability has lagged due to stock-based compensation and ongoing investment, but operating losses have narrowed steadily, and consensus expectations point toward GAAP profitability emerging over the next one to two fiscal years as growth and operating leverage continue to compound.
Looking ahead, management guided fiscal 2026 revenue to $3.28-3.30 billion, implying about 23% year-over-year growth at the midpoint, and adjusted EPS of $3.78-3.82, projecting earnings-per-share growth of about 16%. Alongside that, ARR and cash generation are expected to continue expanding at fast rates. Guidance came in broadly ahead of prior expectations, and analysts continue to model sustained growth across revenue and earnings. Risks remain – competition is intense, and investment levels are high – but the opportunity set remains larger. With accelerating ARR, rising cash flow, and a clear trajectory toward GAAP profitability, Zscaler’s financial foundation increasingly matches the scale of its ambition.
Source: Zscaler, Inc. Website
1
The Trust Multiple
Zscaler operates within a tight cohort of cloud-native security platforms that secure access, traffic, and workloads at scale, rather than selling discrete tools or legacy appliances. Its most relevant public peers are companies that sit directly in the path of enterprise data flows and monetize security as an always-on control layer. CrowdStrike and Cloudflare represent the closest growth-stage comparisons, sharing cloud-first architectures, recurring revenue models, and premium positioning tied to scale and threat intelligence. Palo Alto Networks provides a reference point for platform consolidation at maturity, offering context on how security leaders evolve as breadth and profitability expand. Fortinet rounds out the group as a contrast case, combining scale and historically strong margins with a business model that remains more exposed to hardware cycles and execution risk than its cloud-native peers.
Over the past year, Zscaler’s share price has largely moved in line with the broader cloud-security group, but with a noticeably different outcome. While Cloudflare gained about 15% and CrowdStrike ended roughly flat, Zscaler declined just over 9% – still outperforming Palo Alto and Fortinet, which fell more sharply. That spread isn’t about demand for cybersecurity – all five names benefited from the same rebound from April 2025 lows and faced the same pullbacks later in the year. Instead, it reflects how investors reassessed business models, execution risk, and valuation durability within the same sector. Cloudflare was re-rated as an AI-adjacent infrastructure platform, while CrowdStrike was treated as a fully priced compounder with little room for multiple expansion. Fortinet, by contrast, lost credibility after exposing structural limits tied to its hardware cycle, and Palo Alto faced skepticism around platform complexity and acquisitions. Zscaler landed in between – its fundamentals continued to strengthen, but elevated expectations and a shift toward larger, platform-wide deals led the market to pause rather than re-rate.
That pause now strengthens ZS’s investment case. The pullback has pushed Zscaler’s valuation below its historical averages and closer to broader large-cap technology medians, despite continued execution. On a relative basis, Zscaler now trades at a clear discount to CrowdStrike, Cloudflare, and Palo Alto across trailing and forward Non-GAAP P/E, Price/Sales, and EV/Sales, as well as forward EV/EBITDA, PEG, and trailing Price/Cash Flow metrics. At the same time, Zscaler’s expected revenue and EBITDA growth remains broadly comparable to CrowdStrike’s and only modestly below Cloudflare’s, underscoring that the valuation gap reflects sentiment and timing more than fundamentals.
Wall Street analysts currently assign nearly 90% upside to the Strong Buy–rated stock, framing Zscaler as a rare case where growth durability and valuation discipline are beginning to converge. The result is a stock that now offers exposure to a category-defining security platform at a valuation driven by caution, not deterioration.
1
To Sum It All Up
Zscaler is a growth story shaped by how enterprises actually operate today – borderless, cloud-driven, and increasingly automated. What began as a rethink of network security has evolved into a control platform for how users, applications, workloads, and AI systems interact. That evolution is not cosmetic; it reflects a deeper shift in enterprise architecture, where access and policy matter more than perimeter defense. Zscaler’s advantage lies in being native to that reality, with a platform designed to scale as digital activity accelerates. Execution has followed the strategy, expanding relevance well beyond user access into workloads, data protection, and AI governance. The market, however, still prices Zscaler more as a security vendor than as the infrastructure layer it is becoming. As enterprises move faster, automate more, and tolerate less risk, that distinction increasingly works in the company’s favor.
1
1
Smart Growth Portfolio
|
1
Disclaimer
The information contained in this article represents the views and opinions of the writer only, and not the views or opinions of TipRanks or its affiliates and should be considered for informational purposes only. TipRanks makes no warranties about the completeness, accuracy, or reliability of such information. Nothing in this article should be taken as a recommendation or solicitation to purchase or sell securities. Nothing in the article constitutes legal, professional, investment and/or financial advice and/or takes into account the specific needs and/or requirements of an individual, nor does any information in the article constitute a comprehensive or complete statement of the matters or subject discussed therein. TipRanks and its affiliates disclaim all liability or responsibility with respect to the content of the article, and any action taken upon the information in the article is at your own and sole risk. The link to this article does not constitute an endorsement or recommendation by TipRanks or its affiliates. Past performance is not indicative of future results, prices, or performance.
