Rapid7 is like:

• Palo Alto Networks for integrated vulnerability management, incident response, and cloud security.
• Tenable for vulnerability management, but expanded to also provide incident detection, cloud security, and security automation.

```html

• Insight Platform: A cloud-native platform enabling customers to create and manage analytics-driven cybersecurity risk management programs.
• InsightIDR: An incident detection and response solution for identifying and addressing security incidents.
• InsightCloudSec: A comprehensive cloud security solution integrating posture management, workload protection, and infrastructure entitlements management.
• InsightVM: A vulnerability risk management solution designed to collect vulnerability data, prioritize risk, and automate remediation.
• InsightAppSec: Provides application security testing to analyze web applications for security vulnerabilities.
• InsightConnect: A security orchestration and automation response (SOAR) solution used by security professionals.
• DivvyCloud: A cloud security posture management solution.
• Nexpose: An on-premises version of the company's vulnerability risk management solution.
• AppSpider: An on-premises version of the company's application security testing solution.
• Metasploit: A penetration testing software solution.
• Professional Services: Services providing expert assistance and support for cybersecurity solutions.

```

Rapid7 (RPD) Major Customers

Rapid7, Inc. primarily sells its cybersecurity solutions to other companies and organizations.

The provided background information does not specify the names of individual major customer companies. Instead, it indicates that Rapid7 serves customers across a wide range of industries. These industries represent the categories of companies that utilize Rapid7's platform and products:

• Technology
• Energy
• Financial Services
• Healthcare and Life Sciences
• Manufacturing
• Media and Entertainment
• Retail
• Education
• Real Estate
• Transportation
• Government
• Professional Services

Rapid7 delivers its solutions through various methods, including term or perpetual software licenses, cloud-based subscriptions, and managed services. It reaches these customer organizations directly through its sales teams and indirectly through channel partner relationships across the Americas, Europe, the Middle East, Africa, and the Asia Pacific regions.

null

Corey E. Thomas, Chief Executive Officer

Corey E. Thomas is the Chairman and Chief Executive Officer of Rapid7, joining the company in 2008, becoming CEO in 2012, and taking it public in 2015. His background includes roles as Vice President of Marketing at Parallels Inc., Group Product Manager at Microsoft, and consultant at Deloitte Consulting. He is also an active angel investor in technology companies and serves on the boards of directors for organizations such as LPL Financial, Blue Cross Blue Shield of Massachusetts, and Vanderbilt University.

Rafe Brown, Chief Financial Officer

Rafe Brown was appointed Chief Financial Officer of Rapid7, effective December 1, 2025. Prior to joining Rapid7, Mr. Brown served as President and Chief Operating Officer of Mimecast Limited, where he also held the position of Chief Financial Officer. His experience also includes serving as Chief Financial Officer for SevOne, Inc. and Pegasystems, Inc. Before Mimecast, he was an Operating Partner at Francisco Partners, a technology investment firm. He began his public accounting career at Arthur Andersen LLP and PricewaterhouseCoopers LLP.

Christina Luconi, Chief People Officer

Christina Luconi serves as the Chief People Officer at Rapid7, focusing on strategic people initiatives. Before joining Rapid7, she owned People Innovations, an independent consulting firm specializing in innovative people strategies for startups and high-growth companies in the high technology industry. She also served as Chief People Officer at @stake, a professional services security firm that was acquired by Symantec, and was Vice President of People Strategy at Sapient Corporation prior to its public offering.

Craig Adams, Chief Product Officer

Craig Adams is the Chief Product Officer at Rapid7, where he is recognized for his expertise in helping organizations manage their attack surface and defend against cyber threats. Before his role at Rapid7, Craig held leadership positions at Recorded Future. He also spent over two decades at Akamai Technologies, where he oversaw their Security and Performance portfolio.

Jeremiah Dewey, Senior Vice President, Managed Services & Consulting Services Delivery

Jeremiah Dewey is the Senior Vice President, Managed Services & Consulting Services Delivery at Rapid7, overseeing service delivery and client satisfaction. His prior experience includes significant roles at Stroz Friedberg, where he was Vice President of Incident Response. He also honed his skills in cybersecurity and technology management at FireEye and the U.S. Environmental Protection Agency.

Here are the key risks to Rapid7's business:

1. Financial Health and Profitability Concerns: Rapid7 faces significant challenges with its financial health, including rising long-term debt, particularly senior convertible notes, which could lead to share dilution and financial instability. Despite strong revenue growth, the company's profitability remains a concern, highlighted by net losses in previous fiscal years, shrinking operating margins, and an underperforming stock price compared to competitors. An Altman Z-Score in the distress zone further implies a potential bankruptcy risk.

2. Intense Competition in a Fragmented Cybersecurity Market: Rapid7 operates in a highly competitive and fragmented market for SecOps and cybersecurity solutions. The company faces significant competition from both established industry giants like Microsoft and Palo Alto Networks, as well as specialized vendors such as Qualys and Tenable in vulnerability management, and CrowdStrike and Splunk in SIEM and XDR. This intense competitive landscape impacts Rapid7's ability to acquire and retain customers, limits its pricing power, and puts pressure on its overall growth, billings, and operating margins.

3. Rapidly Evolving Threat Landscape and Technological Advancements: As a cybersecurity company, Rapid7 is inherently exposed to a constantly and rapidly evolving threat landscape. Emerging risks include the proliferation of AI-driven attacks, the looming threat of quantum computing rendering current encryption systems obsolete, and the increasing impact of geopolitical conflicts on cyber warfare. Staying ahead of these sophisticated and dynamic threats requires continuous and significant investment in research and development and product innovation, which can impact the company's financial performance if not managed effectively.

null

Rapid7 (NASDAQ: RPD) operates in several significant cybersecurity markets, with its main products and services addressing various aspects of security operations.

The estimated addressable market sizes for Rapid7's core product categories, on a global scale, are as follows:

• Security Orchestration, Automation, and Response (SOAR): The global SOAR market was valued at approximately USD 1.72 billion in 2024 and is projected to reach USD 4.11 billion by 2030, exhibiting a Compound Annual Growth Rate (CAGR) of 15.8% from 2025 to 2030. Another estimate places the global SOAR market at USD 1.8 billion in 2025, with a projection to reach USD 5.0 billion by 2035.
• Penetration Testing: The global penetration testing market size was valued at USD 2.45 billion in 2024 and is projected to grow to USD 6.25 billion by 2033, demonstrating a CAGR of 12.5% during the forecast period (2025–2033).
• Vulnerability Management (VM) / Security and Vulnerability Management: The global security and vulnerability management market size was valued at USD 17.67 billion in 2025 and is predicted to increase to approximately USD 34.01 billion by 2035, expanding at a CAGR of 6.77% from 2026 to 2035.
• Cloud Security Posture Management (CSPM): The global cloud security posture management market size was valued at USD 3.14 billion in 2025 and is projected to grow to USD 21.31 billion by 2034, exhibiting a CAGR of 24.20% during the forecast period.
• Application Security Testing (AST): The global Application Security Testing (AST) platforms market size is expected to grow from USD 3.2 billion in 2023 to USD 8.5 billion by 2032, reflecting a CAGR of 11.2%. Another source indicates the global Application Security Testing market was valued at USD 11.05 billion in 2025 and is projected to reach USD 25.82 billion by the end of 2030.
• Incident Response (IR): The global incident response market size was over USD 38.4 billion in 2025 and is estimated to reach USD 204.1 billion by the end of 2035, expanding at a CAGR of 20.4% during the forecast timeline.

Rapid7 itself has also highlighted a substantial overall addressable market. The company's investor presentation indicated that the security operations market was estimated at over USD 54 billion in 2024 and is projected to grow to USD 85 billion by 2027.

Here are 3-5 expected drivers of future revenue growth for Rapid7 (RPD) over the next 2-3 years:

1. Continued Growth in Managed Detection and Response (MDR) Offerings: Rapid7 expects continued momentum in its Managed Detection and Response (MDR) offerings. The MDR segment comprises over 50% of the company's ending Annual Recurring Revenue (ARR) and has shown high-single-digit growth. Rapid7 is also expanding its MDR coverage, including integrating Microsoft security telemetry, to enhance threat detection and remediation without requiring additional infrastructure.
2. Expansion and Adoption of the Exposure Command Platform: The Exposure Command platform is identified as a source of encouraging growth and is expected to drive future revenue. This platform has contributed to over 20% year-over-year growth in risk and exposure management pipeline generation, and management views scaling its AI-enabled exposure management solutions as central to future growth.
3. Strategic Investments in AI-Enabled Security Operations: Rapid7 is making strategic investments in artificial intelligence (AI) and machine learning capabilities to enhance its security offerings. The company anticipates that the acceleration of AI-driven service adoption will be a key factor in its future performance, as enterprises increasingly seek comprehensive and automated security solutions.
4. Customer Consolidation on the Insight Platform: Rapid7 aims to deepen customer engagement and solidify its position as the security operations platform of choice. The company notes that customers are consolidating their security operations onto its Insight platform due to its effectiveness and strong value proposition, which helps them manage and secure their environments more efficiently.
5. Enhanced Partner Ecosystem and Go-to-Market Execution: Rapid7 has been working to scale its partner ecosystem, with a significant portion of new ARR being booked through its channel partners. The company is also implementing go-to-market organizational changes and a unified sales approach, which are intended to drive improved growth and customer retention.

Rapid7 (RPD) has made various capital allocation decisions over the last 3-5 years, reflecting strategic investments in its growth and operations.

Share Repurchases

Rapid7's 5-Year Share Buyback Ratio as of December 2025 was -4.30%, indicating a net share issuance rather than significant repurchases over that period.

Share Issuance

In March 2021, Rapid7 priced $525.0 million in 0.25% convertible senior notes due 2027. Approximately $183.0 million of the net proceeds from this offering, along with the issuance of about 2.2 million shares, were used to repurchase approximately $182.6 million of its outstanding 1.25% Convertible Senior Notes due 2023. Additionally, about $66.5 million of the net proceeds were allocated to capped call transactions. On November 15, 2025, Rapid7's CEO had 12,969 shares withheld to cover tax obligations related to the vesting of restricted stock units.

Outbound Investments

For the full year 2025, Rapid7 reported $5.5 million in the purchase of strategic equity investments. Rapid7's Change in Acquisitions & Divestments for Q3 2025 was $107.0 million, with a 5-year average of $47.3 million. In January 2026, Rapid7 announced a partnership with ARMO to enhance cloud and application runtime security for its Command platform.

Capital Expenditures

Rapid7's capital expenditures for the full fiscal year 2025 amounted to $7.60 million. The company's strategic focus for investments in 2025 included driving innovation, scaling execution, securing customer attack surfaces, and enhancing AI-enabled security operations. Ongoing investments were made in AI, machine learning, and managed AI SOC, alongside expanding Managed Detection and Response (MDR) coverage and integrating with third-party alerts, including Microsoft.