Risks Related to Our Business and Industry

Our business and operations have experienced significant growth, and if we do not appropriately manage future growth, if any, or are unable to improve and scale our systems, processes, and controls, our business, financial condition, results of operations, and prospects will be adversely affected.

We have experienced significant growth and increased demand for our products over time. We have experienced significant growth and increased demand for our products over time. Our total revenues for the years ended December 31, 2025, 2024, and 2023 were $531.8 million, $428.5 million, and $349.9 million, respectively, representing a growth rate of 24% and 22% for the years ended December 31, 2025 and 2024, respectively. Our total revenues for the years ended December 31, 2024, 2023 and 2022 were $428.5 million, $349.9 million, and $280.0 million, respectively, representing a growth rate of 22% and 25% for the years ended December 31, 2024 and 2023, respectively. Our employee headcount has also increased from approximately 1,600 as of December 31, 2024 to approximately 1,800 as of December 31, 2025. As of December 31, 2025, 1,168 of our customers had ARR of $100,000 or more, increasing from 1,018 customers as of December 31, 2024, and 74 of our customers had ARR of $1,000,000 or more, increasing from 52 customers as of December 31, 2024. We focus on growing the number of large customers as a measure of our ability to scale with our customers and attract larger organizations to adopt our products. The growth and expansion of our business places a continuous and significant strain on our management, operational, and financial resources. In addition, as customers adopt our products for an increasing number of use cases, we have had to support more complex commercial relationships. We must continue to improve and expand our information technology and financial infrastructure, our security and compliance requirements, our operating and administrative systems, our relationships with cloud providers, technology partners, other third parties, and our ability to manage headcount and processes in an efficient manner to manage our growth effectively. We must continue to improve and expand our information technology and financial infrastructure, our security and compliance requirements, our operating and administrative systems, our relationships with various partners and other third parties, and our ability to manage headcount and processes in an efficient manner to manage our growth effectively.

In 2025, we released multiple JFrog Platform features across our core functionalities in DevOps, DevSecOps, DevGovOps and AI/MLOps, as we continued to expand our position as the system of record for the unified software release lifecycle. We released significant enhancements to our platform, including the release of agentic security capabilities, AI Catalog and JFrog AppTrust for DevGovOps and compliance. We also released new subscription bundles to align more closely with the emerging market needs around application security and AI development. These enhancements and releases represent continuing expansion within and beyond our core DevOps business, delving more deeply into DevSecOps, DevGovOps and AI/MLOps. These enhancements and releases represent continuing expansion beyond our core DevOps business, delving more deeply into DevSecOps and Artificial Intelligence/MLOps. We may not be able to sustain the pace of improvements to our products successfully or implement systems, processes, and controls in an efficient or timely manner or in a manner that does not negatively affect our results of operations. Our failure to improve our systems, processes, and controls, or their failure to operate in the intended manner, may result in our inability to manage the growth of our business and to forecast our revenue, expenses, and earnings accurately, or to prevent losses.

As we continue to expand our business, we may find it difficult to maintain our corporate culture while managing our employee growth. As we continue to expand our business, we may find it difficult to maintain our corporate culture while managing our employee growth. Any failure to manage our anticipated growth and related organizational changes in a manner that preserves our culture could negatively impact future growth and achievement of our business objectives. Additionally, our productivity and the quality of our products may be adversely affected if we do not integrate and train our new employees quickly and effectively. Failure to manage any future growth effectively could result in increased costs, negatively affect our customers’ satisfaction with our products, and harm our results of operations.

Our recent results may not be indicative of our future performance, and we may not be able to sustain our revenue growth rate in the future. Our growth also makes it difficult to evaluate our future prospects and may increase the risk that we will not be successful.

As noted above, our total revenues for the years ended December 31, 2025, 2024, and 2023 were $531.8 million, $428.5 million, and $349.9 million, respectively, representing a growth rate of 24% and 22% for the years ended December 31, 2025 and 2024, respectively. You should not rely on the results of any prior quarterly or annual period as an indication of our future performance. Even if our revenue continues to increase, our revenue growth rate may decline in future periods. Even if our revenue continues to increase, we expect our revenue growth rate to decline in future periods. Many factors may contribute to declines in our growth rate, including but not limited to:

If our growth rate declines, investors’ perceptions of our business and the market price of our ordinary shares could be adversely affected.

Our ability to forecast our future results of operations is subject to a number of uncertainties, including our ability to effectively plan for and model future growth. We have encountered in the past, and may encounter in the future, risks and uncertainties frequently experienced by growing companies in rapidly changing industries. If we fail to achieve the necessary level of efficiency in our organization as it grows, or if we are not able to accurately forecast future growth, our business would be harmed. Moreover, if the assumptions that we use to plan our business are incorrect or change in reaction to changes in our market, or we are unable to maintain consistent revenue or revenue growth, our share price could be volatile, and it may be difficult to achieve and maintain profitability.

Our results of operations are likely to fluctuate from quarter to quarter, which could adversely affect the trading price of our ordinary shares.

Our results of operations, including our revenue, cost of revenue, gross margin, operating expenses, and cash flow, have fluctuated from quarter to quarter in the past and may continue to vary significantly in the future so that period-to-period comparisons of our results of operations may not be meaningful. Our quarterly financial results may fluctuate as a result of a variety of factors, many of which are outside of our control, may be difficult to predict, and may or may not fully reflect the underlying performance of our business. Factors that may cause fluctuations in our quarterly financial results include, but not limited to:

The impact of one or more of the foregoing or other factors may cause our results of operations to vary significantly. The impact of one or more of the foregoing or other factors may cause our results of operations to vary significantly. Such fluctuations could cause us to fail to meet the expectations of investors or securities analysts, which could cause the trading price of our ordinary shares to fall substantially, and we could face costly lawsuits, including securities class action suits.

We have a history of losses and may not be able to achieve profitability on a consistent basis. We have a history of losses and may not be able to achieve profitability on a consistent basis. If we cannot achieve profitability, our business, financial condition, and results of operations may suffer.

Although we have achieved positive operating cash flow and free cash flow, we have incurred annual losses since our inception. We incurred a net loss of $71.8 million, $69.2 million and $61.3 million in the years ended December 31, 2025, 2024 and 2023, respectively. We incurred a net loss of $69.2 million, $61.3 million and $90.2 million in the years ended December 31, 2024, 2023 and 2022, respectively. As a result, we had an accumulated deficit of $431.5 million as of December 31, 2025. We anticipate that our operating expenses will increase substantially in the foreseeable future as we continue to enhance our products, broaden our customer base, expand our sales and marketing activities, including strengthening our customer success team and continuing to invest in our strategic sales team, expanding our operations, hiring additional employees, investing in larger lease spaces for employees, and continuing to develop our technology. These efforts may prove more expensive than we currently anticipate, and we may not succeed in increasing our revenue sufficiently, or at all, to offset these higher expenses. Revenue growth may slow or revenue may decline for a number of possible reasons, including but not limited to slowing demand for our products, increasing competition, or changes in macroeconomic conditions. Any failure to increase our revenue as we grow our business could prevent us from achieving profitability or maintaining positive operating cash flow and free cash flow at all or on a consistent basis, which would cause our business, financial condition, and results of operations to suffer.

The markets for our products are maturing and may evolve more slowly or differently than we expect. Our future success depends on the growth and expansion of these markets and our ability to adapt and respond effectively to evolving markets.

The markets for our products are maturing in ways we may be unable to anticipate accurately. Accordingly, it is difficult to predict customer adoption and renewals and demand for our products, the entry of competitive products, the success of existing competitive products, or the future growth rate, expansion, longevity, and the size of the DevOps, DevSecOps, AI/MLOps, and software release management software markets. Accordingly, it is difficult to predict customer adoption and renewals and demand for our platform and our products, the entry of competitive products, the success of existing competitive products, or the future growth rate, expansion, longevity, and the size of the DevOps, DevSecOps, MLOps, and software release management software markets. The expansion of, and our ability to penetrate, these evolving markets depends on a number of factors, including, but not limited to, the cost, performance, and perceived value associated with DevOps, DevSecOps, DevGovOps, and AI/MLOps technologies, as well as the ability of DevOps workflows to improve critical steps in the lifecycle of software, including managing software security. The expansion of, and our ability to penetrate, these evolving markets depends on a number of factors, including the cost, performance, and perceived value associated with DevOps, DevSecOps, and MLOps technologies, as well as the ability of DevOps workflows to improve critical steps in the lifecycle of software, including managing software security. If we or other software and SaaS providers experience security incidents, loss of customer data, or disruptions in delivery or service, the market for these applications as a whole, including our products, may be negatively affected. If DevOps, DevSecOps, DevGovOps, AI/MLOps, and software release management software do not continue to achieve market acceptance, or there is a reduction in demand caused by decreased customer acceptance, technological challenges, weakening economic conditions, privacy, data protection and data security concerns, governmental regulation, competing technologies and products, or decreases in information technology or other spending, the market for our products might not continue to develop or might develop more slowly than we expect, which could adversely affect our business, financial condition, and results of operations. If DevOps, DevSecOps, MLOps, and software release management software do not continue to achieve market acceptance, or there is a reduction in demand caused by decreased customer acceptance, technological 21 Table of Contents challenges, weakening economic conditions, privacy, data protection and data security concerns, governmental regulation, competing technologies and products, or decreases in information technology or other spending, the market for our platform and products might not continue to develop or might develop more slowly than we expect, which could adversely affect our business, financial condition, and results of operations.

We expect our revenue mix to vary over time, which could harm our gross margin and results of operations. We expect our revenue mix to vary over time, which could harm our gross margin and results of operations.

We expect our revenue mix to vary over time due to a number of factors, including the mix of our subscriptions for self-managed and SaaS offerings, which may affect the timing and amount of revenue recognized and the associated costs. We expect our revenue mix to vary over time due to a number of factors, including the mix of our subscriptions for self-managed and SaaS offerings, which may affect the timing and amount of revenue recognized and the associated costs. Further, our gross margins and results of operations could be harmed by numerous other factors, including entry into new markets or growth in lower margin markets; entry into markets with different pricing and cost structures; pricing discounts; and increased price competition. Any one of these factors or the cumulative effects of certain of these factors may result in significant fluctuations in our gross margin and results of operations. This variability and unpredictability could result in our failure to meet internal expectations or those of securities analysts or investors for a particular period. If we fail to meet or exceed such expectations for these or any other reasons, the market price of our ordinary shares could decline.

If we are not able to keep pace with technological and competitive developments or fail to integrate our products with a variety of technologies that are developed by others, our products may become less marketable, less competitive, or obsolete, and our results of operations may be adversely affected. If we are not able to keep pace with technological and competitive developments or fail to integrate our products with a variety of technologies that are developed by others, our products may become less marketable, less competitive, or obsolete, and our results of operations may be adversely affected.

In order to provide value for our customers, we must offer a platform that allows our customers to consume source code and open source libraries from repositories, manage the dependencies among components within software packages, move packages

and ML models to a universal repository, ingest packages from third parties, including open source libraries, scan for vulnerabilities through various stages, distribute to endpoints, and deploy in production, all through a single user access point. The success of any new product introductions depends on a number of factors including, but not limited to, timely and successful product development, market acceptance, the quality of our product and the user experience, our ability to manage the risks associated with new product releases, the effective management of development and other spending in connection with anticipated demand for new products, and the availability of newly developed products. We have in the past experienced bugs, errors, or other defects or deficiencies in new products and product updates and delays in releasing new products, deployment options, and product enhancements and may have similar experiences in the future. As a result, some of our customers may either defer purchasing our products until the next upgrade is released or switch to a competitor if we are not able to keep up with technological developments. For example, AI and ML may change the way our industry operates, and businesses that are slow to adopt or fail to adopt these new technologies may face a competitive disadvantage. For example, AI and machine learning may change the way our industry operates, and businesses that are slow to adopt or fail to adopt these new technologies may face a competitive disadvantage. In addition, if defects are not discovered until after customers purchase our products, our customers could lose confidence in the quality of our products and our reputation and brand may be harmed. If significant bugs, errors, or other defects or deficiencies are not discovered and patched in a timely manner, unauthorized parties could gain access to such products. Any negative publicity related to the perceived quality of our products could harm our business, results of operations, and financial condition. See also, “We have acquired, and may in the future acquire, complementary businesses which could require significant management attention, disrupt our business, dilute shareholder value, and adversely affect our results of operations.” in this Part I, Item 1A.

We may not be able to compete successfully against current and future competitors, some of whom have greater financial, technical, and other resources than we do. We may not be able to compete successfully against current and future competitors, some of whom have greater financial, technical, and other resources than we do. If we do not compete successfully, our business, financial condition, and results of operations could be harmed.

Our platform consists of multiple products in DevOps, DevSecOps, DevGovOps, and AI/MLOps, and we compete in each product category as well as at the entire platform level. The market for our products is highly fragmented, quickly evolving, and subject to rapid changes in technology. We believe that our ability to compete successfully depends upon many factors both within and beyond our control, including, but not limited to, the following:

Our products are available for self-managed, SaaS, and hybrid deployments. Our products are available for self-managed, SaaS, and hybrid deployments. While we believe we compete successfully on the above factors, particularly with regards to the comprehensive nature of our solutions, we do experience competition in each of these categories with different vendors:

Some existing and potential competitors have recently announced plans to be acquired. Some existing and potential competitors have recently announced plans to be acquired. Such industry consolidation could result in heightened competition from companies with more significant resources than us. Many of our competitors have greater financial, technical, and other resources, greater brand recognition, larger sales forces and marketing budgets, broader distribution networks, more diverse product and services offerings, and larger and more mature intellectual property portfolios. They may be able to leverage these resources to gain business in a manner that discourages customers from purchasing our offerings. Furthermore, we expect that our industry will continue to attract new companies, including smaller emerging companies, which could introduce new offerings. We may also expand into new markets and encounter additional competitors in such markets.

JFrog Artifactory is at the center of our platform and any decline in demand for JFrog Artifactory occasioned by malfunction, inferior performance, increased competition, or otherwise, will impact our business, results of operations and financial condition.

Our subscription structure is aligned with the way we have built our platform, and JFrog Artifactory is at the center of our platform and all subscriptions. Accordingly, market acceptance of JFrog Artifactory is critical to our success. If demand for JFrog Artifactory declines, the demand for our other products will also decline. Demand for JFrog Artifactory is affected by a number of factors, many of which are beyond our control, such as continued market acceptance of JFrog Artifactory and products by customers for existing and new use cases, the timing of development and release of new features, functionality, and lower cost alternatives introduced by our competitors, technological changes and developments within the markets we serve, and growth or contraction in our addressable markets. If we are unable to continue to meet customer demand, if our products fail to compete with the products of our competitors, if we fail to achieve more widespread market acceptance of JFrog Artifactory, or if our platform and products fail to meet statutory, regulatory, contractual, or other applicable requirements, then our business, results of operations, and financial condition would be harmed. If we are unable to continue to meet customer demand, if our products fail to compete with the products of our competitors, if we fail to achieve more widespread market acceptance of JFrog Artifactory, or if our 23 Table of Contents products fail to meet statutory, regulatory, contractual, or other applicable requirements, then our business, results of operations, and financial condition would be harmed.

We recognize a significant portion of revenue from subscriptions over the term of the relevant subscription period, and as a result, downturns or upturns in sales may not immediately be fully reflected in our results of operations. We recognize a significant portion of revenue from subscriptions over the term of the relevant subscription period, and as a result, downturns or upturns in sales may not immediately be fully reflected in our results of operations.

We recognize a significant portion of our subscription revenue over the term of the relevant subscription period. As a result, much of the subscription revenue we report each fiscal quarter is the recognition of deferred revenue from subscription contracts entered into during previous fiscal quarters. Consequently, a decline in new or renewed subscriptions in any one fiscal quarter will not be fully or immediately reflected in revenue in that fiscal quarter and will negatively affect our revenue in future fiscal quarters. Accordingly, the effect of significant downturns in new or renewed sales of our subscriptions may not be fully reflected in our results of operations until future periods.

If our existing customers do not renew their subscriptions, our business and results of operations could be adversely affected. If our existing customers do not renew their subscriptions, our business and results of operations could be adversely affected.

We expect to derive a significant portion of our revenue from renewals of existing subscriptions. Our customers have no contractual obligation to renew their subscriptions after the completion of their subscription term. Our self-managed subscriptions are offered on an annual and multi-year basis, while our SaaS subscriptions are offered on a monthly, annual, and multi-year basis and can consist of fixed and usage-based fees. Our customers’ renewals may decline or fluctuate as a result of a number of factors, including their satisfaction with our products and our customer support, the frequency and severity of product outages (including, without limitation, possible outages with public cloud providers), our product uptime or latency, the pricing of our, or competing, products, additional new features and capabilities that we offer, new integrations, and updates to our products as a result of updates by technology partners. Our customers’ renewals may decline or fluctuate as a result of a number of factors, including their satisfaction with our products and our customer support, the frequency and severity of product outages, our product uptime or latency, the pricing of our, or competing, products, additional new features and capabilities that we offer, new integrations, and updates to our products as a result of updates by technology partners. If our customers renew their subscriptions, they may renew for shorter subscription terms or on other terms that are less economically beneficial to us. We may not accurately predict future renewal trends. If our customers do not renew their subscriptions, or renew on less favorable terms, our revenue may grow more slowly than expected or decline.

If we are unable to increase sales of our subscriptions to new customers, sell additional subscriptions to our existing customers, or expand the value of our existing customers’ subscriptions, our future revenue and results of operations will be harmed.

Our future success depends on our ability to sell our subscriptions to new customers and to expand within our existing customers by selling paid subscriptions to our existing users and expanding the value and number of existing customers’ subscriptions within the organization. Our ability to sell new subscriptions depends on a number of factors, including the prices of our products, the functionality of our products, the prices of products offered by our competitors, and the budgets of our customers. We serve customer needs with multiple tiers of subscriptions that differ based on product depth and functionality. We also offer a limited free trial of our platform. To the extent that users of our free trial do not become, or lead others not to become, paying customers, we will not realize the intended benefits of these strategies, our expenses may increase as a result of associated hosting costs, and our ability to grow our business may be harmed.

We also offer an open source version of JFrog Artifactory. Our open source version is intended to increase visibility and familiarity of our platform among the developer communities. We invest in developers and developer communities through multiple channels, including the introduction of new open source projects, as well as through our annual developer conference, swampUP, and other community-centered events. There is no guarantee that such events will translate into new customers, or that open source users will convert to paying subscribers.

In addition, a significant aspect of our sales and marketing focus is to expand deployments within existing customers. The rate at which our customers purchase additional subscriptions and expand the value of existing subscriptions depends on a number of factors, including customers’ level of satisfaction with our products, the nature and size of the deployments, the desire to address additional use cases, and the perceived need for additional features, as well as general economic conditions. We have experienced in the past and expect in the future that recessionary concerns and other unfavorable economic conditions will negatively impact our ability to expand deployments within existing customers. If our customers do not recognize the potential of our products, our business would be materially and adversely affected.

We depend on our executive officers and other key employees, and the loss of one or more of these employees or an inability to attract and retain highly skilled employees could harm our business. We depend on our executive officers and other key employees, and the loss of one or more of these employees or an inability to attract and retain highly skilled employees could harm our business.

Our future success depends, in part, on our ability to continue to attract and retain key executives and other highly skilled personnel. The loss of the services of any of our key personnel, the inability to attract or retain qualified personnel, or delays in hiring required personnel, particularly in engineering and sales, may seriously harm our business, financial condition, and results of operations. Our future performance also depends on the continued services and continuing contributions of our senior management to execute on our business plan and to identify and pursue new opportunities and product innovations. The loss of services of senior management could significantly delay or prevent the achievement of our development and strategic objectives, which could adversely affect our business, financial condition, and results of operations.

Additionally, the industry in which we operate is generally characterized by significant competition for skilled personnel as well as high rates of employee attrition. Additionally, the industry in which we operate is generally characterized by significant competition for skilled personnel as well as high rates of employee attrition. We rely on the continued service of our engineering personnel because of the complexity of our products. There is currently a high demand for experienced professionals in all areas required to run a complex, multinational business, including engineering and other technical roles. There is currently a high demand for experienced professionals in all areas required to run a complex, multinational business, including but not limited to DevOps, DevSecOps, and MLOps. We may not be successful in attracting, integrating, or retaining qualified personnel to fulfill our current or future needs. Also, to the extent we hire personnel from competitors, we may be subject to allegations that they have been improperly solicited, that they have divulged proprietary or other confidential information, or that their former employers own their inventions or other work product.

To execute our growth plan, we must attract and retain highly qualified personnel. Competition for these employees is intense, specifically for engineers for research and development, security experts, and support positions, and such competition can result in increasing wages. Therefore, we may not be successful in attracting and retaining qualified personnel. We have from time to time in the past experienced, and we expect to continue to experience, difficulty in hiring and retaining highly skilled employees with appropriate qualifications. In addition, changes in U.S. immigration laws, regulations, policies, or their interpretation or implementation (including the availability, timing, or cost of work authorization such as H-1B visas) could make it more difficult or more expensive to hire and retain qualified personnel to work in the United States, which could adversely affect our business, financial condition, and results of operations.

Our recent hires and planned hires may not be as productive as we expect, and we may face challenges in hiring, integrating, or retaining sufficient numbers of qualified individuals. Many of the companies with which we compete for experienced personnel have greater resources than we have, and due to our profile and market position, such competitors actively seek to hire skilled personnel away from us, even if such employees have entered into a non-compete agreement with us. Israeli labor courts have required employers seeking to enforce non-compete undertakings of a former employee to demonstrate that the competitive

activities of the former employee will harm one of a limited number of material interests of the employer recognized by the courts, such as the protection of a company’s trade secrets or other intellectual property. We may not be able to make such a demonstration.

In addition, in making employment decisions, particularly in the internet, software, and high-technology industries, job candidates often consider the value of the total compensation that may include equity, bonus, commissions, and other benefits that they may receive in connection with their employment. Employees may be more likely to leave us if the trading price of our ordinary shares significantly appreciated or significantly declined in value. Employees may be more likely to leave us if the shares they own or the shares underlying their equity incentive awards have significantly appreciated or significantly declined in value. The resulting direct effect on the value of employee equity awards and perceived compensation, may adversely affect our ability to recruit and retain employees. If we fail to attract new personnel or fail to retain our current personnel, our business and growth prospects could be harmed. If we fail to attract new personnel, or fail to retain and motivate our current personnel, our business and growth prospects could be harmed.

Our business and success depend in part on our strategic relationships with third parties, including our public cloud providers and our channel partners. Our business and success depend in part on our strategic relationships with third parties, including our public cloud providers and our channel partners. If we fail to maintain or expand these relationships, our results of operations and reputation could be harmed.

We currently depend on, and anticipate we will continue to depend on, various third-party relationships to sustain and grow our business. We currently depend on, and anticipate we will continue to depend on, various third-party relationships to sustain and grow our business. For example, we currently partner with public cloud partners, AWS, Microsoft Azure, including Azure DevOps (Azure), and Alphabet Inc.’s Google Cloud (“Google Cloud”). Our technology partnership ecosystem powers significant extensibility of our products, offers our customers the ability to integrate tools outside our platform with our products, provides the ability to deploy our products in their preferred environments, and allows them to support new package technologies as they are released. Accordingly, our SaaS products must be compatible with major cloud service providers in order to support local hosting of our JFrog-managed products in geographies chosen by our customers and third parties with whom we may partner.

We have also established relationships with certain channel partners to distribute our products. We have also established relationships with certain channel partners to distribute our products. We believe that continued growth in our business is dependent upon identifying, developing, and maintaining strategic relationships with our existing and potential channel partners that can drive substantial revenue and provide additional value-added services to our customers. If we are unable to develop and maintain successful relationships with our channel partners, our business, results of operations, and financial condition could be harmed. In addition, our agreements with our channel partners are non-exclusive, so they may offer customers the products of several different companies, including products that compete with ours.

It is uncertain whether these channel partners will be successful in co-marketing our solutions to provide a significant volume and quality of lead referrals and orders or whether they will continue to work with us long-term. It is uncertain whether these channel partners will be successful in co-marketing our solutions to provide a significant volume and quality of lead referrals and orders or whether they will continue to work with us long-term.

While also partners, public cloud providers (AWS, Azure and Google Cloud) may compete with a subset of JFrog functionality. For example, these public cloud providers currently selling our products and services could build and market their own competing products and services or market competing products and services of other vendors.

Further, identifying and negotiating new and expanded partner relationships, whether channel partners, cloud providers, or technology partnerships, requires significant resources and participation from such parties, and we cannot guarantee that the parties with which we currently have relationships can or will continue to devote the resources necessary to operate and expand their use of our platform. Further, identifying and negotiating new and expanded partner relationships, whether channel partners, cloud providers, or technology partnerships, requires significant resources and participation from such parties, and we cannot guarantee that the parties with which we currently have relationships can or will continue to devote the resources necessary to operate and expand their use of our platform. If we are unsuccessful in establishing or maintaining our partner relationships or any other strategic relationships with third parties, our ability to compete, our revenue, results of operations, and future prospects could be harmed.

Even if we are successful in establishing and maintaining our relationships with third-parties, we cannot ensure that our relationships will result in sustained or increased usage of our platform. In addition, any failure of our solutions to operate effectively with the business applications of any third-party partners could reduce the demand for our solutions and cause harm to our business and reputation. We may also be held responsible for obligations that arise from the actions or omissions of third parties with which we do business. Further, any expansion into new geographies may require us to invest in developing new relationships with providers. If we are unable to respond to changes in a cost-effective manner, our products may become less marketable, less competitive, or obsolete, and our results of operations may be negatively impacted.

A limited-functionality version of JFrog Artifactory is licensed under an open source license, which could negatively affect our ability to monetize our products and protect our intellectual property rights. A limited-functionality version of JFrog Artifactory is licensed under an open source license, which could negatively affect our ability to monetize our products and protect our intellectual property rights.

We make a limited-functionality version of JFrog Artifactory that only supports Java-based packages, and also lacks other features required for organization-wide adoption by DevOps teams, available under an open source license, the Affero General Public License version 3.0 (“AGPL”). We make a limited-functionality version of JFrog Artifactory that only supports Java-based packages, and also lacks other features required for organization-wide adoption by DevOps teams, available under an open source license, the Affero General Public License version 3.0 (“AGPL”). Anyone can download a free copy of this limited version of JFrog Artifactory from the Internet, and we neither know who all of our AGPL licensees are, nor have visibility into how JFrog Artifactory is being used by licensees, so our ability to detect violations of the open source license is extremely limited.

The AGPL has a “copyleft” requirement that further distribution of AGPL-licensed software and modifications or adaptations to that software be made available pursuant to the AGPL as well. This leads some commercial enterprises to consider AGPL-licensed software to be unsuitable for commercial use.

It is possible for competitors to develop their own software based on our open source version of JFrog Artifactory. It is also possible for competitors to develop their own software based on our open source version of JFrog Artifactory. Although this software would also need to be made available for free under the AGPL, it could reduce the demand for our products and put pricing pressure on our subscriptions. We cannot guarantee that we will be able to compete successfully against current and future competitors, some of which may have greater resources than we have, or that competitive pressure or the availability of new open source software will not result in price reductions, reduced operating margins, and loss of market share, any one of which could harm our business, financial condition, results of operations, and cash flows.

Our ability to achieve customer renewals and increase sales of our products is highly dependent on the quality of our customer support, and our failure to offer high quality support would have an adverse effect on our business, reputation, and results of operations. Our ability to achieve customer renewals and increase sales of our products is highly dependent on the quality of our customer support, and our failure to offer high quality support would have an adverse effect on our business, reputation, and results of operations.

Our customers depend on our customer support services to resolve issues and realize the full benefits relating to our products. If we do not succeed in helping our customers quickly resolve post-deployment issues or provide effective ongoing support and education on our products, our ability to sell additional subscriptions to, or renew subscriptions with, existing customers or expand the value of existing customers’ subscriptions would be adversely affected and our reputation with potential customers could be damaged. Many larger enterprise customers have more complex IT environments and require higher levels of support than smaller customers. If we fail to meet the requirements of these enterprise customers, it may be more difficult to grow sales with them.

Additionally, it can take several months to recruit, hire, and train qualified engineering-level customer support employees. We may not be able to hire such resources fast enough to keep up with demand, particularly if the sales of our products exceed our internal forecasts. To the extent that we are unsuccessful in hiring, training, and retaining adequate support resources, our ability to provide adequate and timely support to our customers, and our customers’ satisfaction with our products, will be adversely affected. Our failure to provide and maintain high-quality support services would have an adverse effect on our business, reputation, and results of operations.

Seasonality may cause fluctuations in our sales and results of operations. Seasonality may cause fluctuations in our sales and results of operations.

Historically, we have experienced seasonality in customer bookings, as we typically enter into a higher percentage of subscription agreements with new customers and renewals with existing customers in our fourth quarter. We believe that this results from the procurement, budgeting, and deployment cycles of many of our customers, particularly our enterprise customers. We expect that this seasonality will continue to affect our bookings, deferred revenue, and our results of operations in the future and might become more pronounced as we continue to target larger enterprise customers.

In addition, we have historically experienced seasonality in usage patterns by users of our SaaS subscriptions. We typically experience reduced usage by our customers during holiday periods, particularly at the end of the fourth quarter. As revenue from our SaaS subscriptions includes usage-based overage above minimum commitments, the changes in usage patterns may negatively affect revenues from our SaaS subscriptions and our results of operations. As revenue from our SaaS subscriptions is recognized based upon usage, the changes in usage patterns may negatively affect revenues from our SaaS subscriptions and our results of operations.

A real or perceived defect, security vulnerability, error, or performance failure in our platform could cause us to lose revenue, expose us to liability, and damage our reputation.

Our products are inherently complex and, despite extensive testing and quality control, have in the past and may in the future contain defects or errors, or security vulnerabilities, especially when first introduced, or not perform as contemplated. These defects, security vulnerabilities, errors, or other performance failures could cause breach of contractual provisions, thereby exposing us to liabilities, termination of agreements, loss of customers or revenue, order cancellations, service terminations, damage to our reputation, or lack of market acceptance of our products. These defects, security vulnerabilities, errors, or performance failures could cause breach of contractual provisions, thereby exposing us to liabilities, termination of agreements, loss of customers or revenue, order cancellations, service terminations, damage to our reputation, or lack of market acceptance of our products. As the use of our products, including products that were recently acquired or developed, expands to more sensitive, secure, or mission critical uses by our customers, we may be subject to increased contractual liability, scrutiny, loss of revenue or customers, potential reputational risk, or potential liability should our products fail to perform as contemplated in such deployments. We have in the past and may in the future need to issue corrective releases of our products to fix these defects, errors, security vulnerabilities, or performance failures, and develop processes and controls which could require us to allocate significant research and development and customer support resources to address these problems. We have in the past and may in the future need to issue corrective releases of our products to fix these defects, errors, or performance failures, and develop processes and controls which could require us to allocate significant research and development and customer support resources to address these problems.

Any limitation of liability provisions that may be contained in our customer, third-party vendor, service provider, and partner agreements may not be accepted by customers, third-party vendors, service providers, and partners, or enforceable or adequate

or effective as a result of existing or future applicable law or unfavorable judicial decisions, and they may not function to limit our liability arising from regulatory enforcement. The sale and support of our products entail the risk of liability claims, which could be substantial in light of the use of our products in large scale and in enterprise-wide environments, depending on the nature of the limitation of liability provisions.

In addition, our insurance against these liabilities may not be adequate to cover a potential claim and potentially may be subject to exclusions, or that the insurer will deny coverage as to any future claim or exclude from our coverage such claims in policy renewals. In addition, our insurance against these liabilities may not be adequate to cover a potential claim and potentially may be subject to exclusions, or that the insurer will deny coverage as to any future claim or exclude from our coverage such claims in policy renewals. The denial of our claims by our insurer or the successful assertion of claims by others against us that exceed available insurance coverage, or the occurrence of changes in our insurance policies, including premium increases or the imposition of large deductible or co-insurance requirements, could have a material adverse effect on our business, including our financial condition, results of operations, and reputation.

Incorrect implementation or use of, or our customers’ failure to update, our products could result in customer dissatisfaction and negatively affect our business, operations, financial results, and growth prospects.

Our products are often operated in large scale, complex IT environments. Our customers and some partners require training and experience in the proper use of and the benefits that can be derived from our products to maximize their potential. If users of our products do not implement, use, or update our products correctly or as intended, then inadequate performance and/or security vulnerabilities may result, and such customers may be at a higher risk of security incidents and breaches. If users of our products do not implement, use, or update our products correctly or as intended, then inadequate performance and/or security vulnerabilities may result. Because our customers rely on our products to manage a wide range of operations, the incorrect implementation, use of, or our customers’ failure to update, our products or our failure to train customers on how to use our products productively has in the past and may in the future result in customer dissatisfaction and may adversely affect our reputation and brand. Our failure to effectively provide training and implementation services to our customers could result in lost opportunities for follow-on sales to these customers and decrease subscriptions by new customers, which would adversely affect our business and growth prospects.

Interruptions or performance problems associated with our technology and infrastructure, and our reliance on technologies from third parties, may adversely affect our business operations and financial results.

We outsource substantially all of the infrastructure relating to our cloud products to public cloud providers chosen by our customers. Customers of our SaaS offerings need to be able to access our platform at any time, without interruption or degradation of performance, and we provide them with service-level commitments with respect to uptime. Public cloud providers maintain control over their platforms that we access and on which we build our product offerings. Therefore, we are vulnerable to their service interruptions and any changes in their product offerings. Any limitation on the capacity of our public cloud providers could impede our ability to onboard new customers or expand the usage of our existing customers, which could adversely affect our business, financial condition, and results of operations. In addition, any incident affecting our public cloud providers’ infrastructure that may be caused by their operational failures, or by cyber-attacks, natural disasters, fire, flood, severe storm, earthquake, power loss, telecommunications failures, terrorist or other attacks, protests or riots, and other similar events beyond our control could negatively affect our SaaS platform and hybrid products. It is also possible that our customers and regulators could seek to hold us accountable for any breach of security affecting a public cloud provider’s infrastructure and we may incur significant liability in investigating such an incident and responding to any claims, investigations, or proceedings made or initiated by those customers, regulators, and other third parties. We may not be able to recover a material portion of such liabilities from any of our public cloud providers. Moreover, our insurance may not be adequate to cover such liability and may be subject to exclusions. Any of the above circumstances or events may harm our business, results of operations, and financial condition.

In addition, our website and internal technology infrastructure may experience performance issues due to a variety of factors, including infrastructure changes, human or software errors, website or third-party hosting disruptions, capacity constraints, technical failures, natural disasters, or fraud or security attacks. If our website is unavailable, our business could be harmed. We expect to continue to make significant investments to maintain and improve website performance and to enable rapid releases of new features and applications for our products. To the extent that we do not effectively upgrade our systems as needed and continually develop our technology to accommodate actual and anticipated changes in technology, our business and results of operations may be harmed.

In the event that our agreements with our public cloud providers are terminated, or there is a lapse of service, elimination of services or features that we utilize, interruption of internet service provider connectivity, or damage to such facilities, we could experience interruptions in access to our platform as well as significant delays and additional expense in arranging or creating new facilities and services and/or re-architecting our cloud solution for deployment on a different cloud infrastructure service provider, which could adversely affect our business, financial condition, and results of operations.

We also rely on cloud services from public cloud providers in order to operate critical functions of our business, including financial management services, relationship management services, and lead generation management services. If these services become unavailable due to extended outages or interruptions or because they are no longer available on commercially reasonable terms or prices, our expenses could increase, our ability to manage our finances could be interrupted, our processes for managing sales of our products and supporting our customers could be impaired, and our ability to generate and manage sales leads could be weakened until equivalent services, if available, are identified, obtained, and implemented, any of which could harm our business and results of operations.

We provide service-level commitments under our subscription agreements. If we fail to meet these or materially breach other contractual commitments, we could face liabilities or subscription termination with refunds of prepaid amounts, which would decrease our revenue and harm our business, financial condition, and results of operations.

Our cloud subscription agreements contain uptime commitments. If we are unable to meet the stated uptime commitments under our customer subscription agreements, we may be contractually obligated to provide these customers with certain credits which could significantly affect our revenue in the periods in which the failure occurs and the credits are applied. If we are unable to meet the stated service-level commitments, including failure to meet the uptime and response time requirements under our customer subscription agreements, we may be contractually obligated to provide these customers with certain credits which could significantly affect our revenue in the periods in which the failure occurs and the credits are applied. We could also face subscription terminations and a reduction in renewals, which would significantly affect our future revenue. As our cloud offering expands, any service-level failures could also damage our reputation, which could also adversely affect our business, financial condition, and results of operations.

If we are not able to maintain and enhance our brand, especially among developers, security teams, data scientists and IT operators, our business and results of operations may be adversely affected.

We believe that developing and maintaining widespread awareness of our brand, especially with developers, security teams, data scientists, and IT operators, is critical to achieving widespread acceptance of our software and attracting new users and customers. Brand promotion activities may not generate user or customer awareness or increase revenue, and even if they do, any increase in revenue may not offset the expenses we incur in building our brand. If we fail to successfully promote and maintain our brand, we may fail to attract or retain users and customers necessary to realize a sufficient return on our brand-building efforts, or to achieve the widespread brand awareness that is critical for broad customer adoption of our products.

Our corporate culture has contributed to our success, and if we cannot maintain this culture as we grow, we could lose the innovation, creativity, and entrepreneurial spirit we have worked to foster, which could harm our business.

We believe that our culture has been and will continue to be a key contributor to our success. We expect to continue to hire as we expand. If we do not continue to maintain our corporate culture as we grow, we may be unable to foster the innovation, creativity, and entrepreneurial spirit we believe we need to support our growth. Our anticipated headcount growth and our continued operation as a public company may result in a change to our corporate culture, which could harm our business.

Our inbound sales model may not continue to be as successful as we anticipate and our direct, traditional sales functions may not be able to fully compensate for a potential large downturn in the inbound business.

We continue to enjoy a certain degree of inbound sales, which serve as a meaningful source of growth in our land-and-expand model. In the event that we experience a significant downturn in the inbound sales model, it may affect our future growth prospects. We intend to continue to expand our strategic and enterprise sales teams to identify new use cases, drive expansion, and standardization on JFrog within our largest customers. There is no guarantee, however, that this strategic sales team will be successful. Moreover, we are not able to predict whether the deployment of our strategic and enterprise sales teams may adversely affect our inbound sales model. If our efforts to sell subscriptions to new customers and to expand deployments with existing customers are not successful, our total revenue and revenue growth rate may decline and our business will suffer.

Further, as we continue to scale our business, a more traditional sales infrastructure could assist in reaching larger enterprise customers and growing our revenue. Further, as we continue to scale our business, a more traditional sales infrastructure could assist in reaching larger enterprise customers and growing our revenue. Identifying, recruiting, and training such a qualified sales force would require significant time, expense, and attention and would significantly impact our business model. We believe that there is significant competition for sales personnel, including sales representatives, sales managers, and sales engineers, with the skills and technical knowledge that we require. Our ability to achieve revenue growth will depend, in large part, on our success in recruiting, training, and retaining sufficient numbers of sales personnel to support our growth. New hires require significant training and it may take significant time before they achieve full productivity.

In addition, expanding our sales infrastructure would considerably change our cost structure and results of operations, and we may have to reduce other expenses, such as our research and development expenses, in order to accommodate a corresponding increase in marketing and sales expenses, and maintain positive operating cash flow and free cash flow. Moreover, recent hires

and planned hires may not become productive as quickly as we expect, and we may be unable to hire or retain sufficient numbers of qualified individuals in the markets where we do business or plan to do business. In addition, particularly if we continue to grow rapidly, a large percentage of our sales force will have relatively little experience working with us, our subscriptions, and our business model. If our lack of a large, direct enterprise sales force limits us from reaching larger enterprise customers and growing our revenue and we are unable to hire, develop, and retain talented sales personnel in the future, our revenue growth and results of operations may be harmed.

The sales prices of our products may fluctuate or decline, which may reduce our revenue and gross profit and adversely affect our financial results.

The sales prices for our products may fluctuate or decline for a variety of reasons, including competitive pricing pressures, discounts, anticipation of the introduction of new products, or promotional programs. Competition continues to increase in the market segments in which we participate, and we expect competition to further increase in the future, thereby leading to increased pricing pressures. Larger competitors with more diverse offerings may reduce the price of offerings that compete with ours or may bundle them with other offerings and provide for free. Additionally, currency fluctuations in certain countries and regions may negatively impact actual prices that customers and partners are willing to pay in those countries and regions. Any decrease in the sales prices for our products, without a corresponding decrease in costs or increase in volume, would adversely affect our revenue and gross profit. Revenue and gross profit would also be adversely affected by a shift in mix of our subscriptions from self-managed to our SaaS offerings, which have a lower gross margin. We cannot assure you that we will be able to maintain our prices and gross profits at levels that will allow us to achieve and maintain profitability.

Further, we have in the past, and expect in the future, to need to change our pricing model from time to time. While we do and will attempt to set prices based on our prior experiences and customer feedback, our assessments may not be accurate, and we could be underpricing or overpricing our products. In addition, if our subscriptions change, then we may need to revise our pricing strategies. In addition, if our subscriptions change, then we may need to revise our pricing 29 Table of Contents strategies. Any such changes to our pricing strategies or our ability to efficiently price our offerings could adversely affect our business, results of operations, and financial condition. Pricing pressures and decisions could result in reduced sales, reduced margins, losses, or the failure of our products to achieve or maintain more widespread market acceptance, any of which could negatively impact our overall business, results of operations, and financial condition.

The length of our sales cycle can be unpredictable, particularly with respect to sales to large customers, and our sales efforts may require considerable time and expense. The length of our sales cycle can be unpredictable, particularly with respect to sales to large customers, and our sales efforts may require considerable time and expense.

Our results of operations may fluctuate, in part, because of the length and variability of the sales cycle of our subscriptions and the difficulty in making short-term adjustments to our operating expenses. Our results of operations depend in part on sales to new large customers and increasing sales to existing customers. The length of our sales cycle, from initial contact from a prospective customer to contractually committing to our paid subscriptions, can vary substantially from customer to customer based on deal complexity as well as whether a sale is made directly by us. It is difficult to predict exactly when, or even if, we will make a sale to a potential customer or if we can increase sales to our existing customers. As a result, large individual sales have, in some cases, occurred in quarters subsequent to those we anticipated, or have not occurred at all. Because a substantial proportion of our expenses are relatively fixed in the short term, our results of operations will suffer if revenue falls below our expectations in a particular quarter, which could cause the price of our ordinary shares to decline.

We rely on traditional web search engines and AI-powered synopses to direct traffic to our website. If our website fails to rank prominently in these search results, traffic to our website could decline and our business would be adversely affected.

Our success depends in part on our ability to attract users through unpaid Internet search results on traditional web search engines such as Google, as well as on AI-generated search results and synopses. The number of users we attract to our website from searches is due in large part to how and where our website ranks in unpaid search results. These rankings can be affected by a number of factors, many of which are not in our direct control, and they may change frequently. For example, a search engine may change its ranking algorithms, methodologies, or design layouts. As a result, links to our website may not be sufficiently prominent to drive traffic to our website, and we may not know how or otherwise be in a position to influence the results. Any reduction in the number of users directed to our website could reduce our revenue or require us to increase our customer acquisition expenditures.

Unfavorable economic conditions may adversely affect our business and financial condition due to impacts on enterprise spending trends, including reductions in information technology spending and decreased demand for our products, which could limit our ability to grow our business.

Our operations and financial performance depend in part on global economic conditions and the impact of these conditions on levels of information technology spending and the willingness of our current and prospective customers to purchase our products. Adverse macroeconomic conditions, including inflationary trends, slower growth or recession, changes to fiscal and monetary policies, tighter credit, higher interest rates, currency fluctuations, and adverse changes to global trade relationships, including newly imposed tariffs and non-tariff trade barriers, could adversely impact confidence and enterprise spending and negatively affect demand for our products. Adverse macroeconomic conditions, including inflation, slower growth or recession, bank failures or instability in the financial services sector, changes to fiscal and monetary policies, tighter credit, higher interest rates, and currency fluctuations, could adversely impact confidence and enterprise spending and negatively affect demand for our products.

For example, we are currently operating in a period of heightened economic uncertainty. For example, we are currently operating in a period of economic uncertainty. If conditions in the national and global economy worsen, our current and potential customers’ operating costs will likely increase, which could result in reduced operating and information technology budgets. If conditions in the national and global economy do not continue to improve or instead worsen, our current and potential customers’ operating costs will likely increase, which could result in reduced operating and information technology budgets. To the extent our products are perceived by customers and potential customers as discretionary, our revenue may be disproportionately affected by delays or reductions in information technology spending. Such delays or reductions in technology spending are often associated with enhanced budget scrutiny by our customers including additional levels of approvals, cloud optimization efforts, and additional time to evaluate and test our products, which can lead to long and unpredictable sales cycles. We have experienced longer sales cycles for certain products and enhanced budget scrutiny by our customers and expect to continue to experience these challenges given the current macroeconomic environment. Also, customers may choose to develop in-house software as an alternative to using our products, and competitors may respond to such negative conditions in the general economy by lowering prices, any of which could adversely affect demand for our products and limit our ability to grow our business.

The present conditions and state of the U.S. and global economies make it difficult to predict whether, when, and to what extent a recession has occurred or will occur in the future. We cannot predict the timing, strength, or duration of any economic slowdown, instability, or recovery, generally or within any particular industry. Further, we cannot yet predict the effect of changing global trade relationships, including the recent imposition of tariffs and non-tariff trade barriers, on the global economy or markets in which we operate. If the economic conditions of the general economy or markets in which we operate do not improve, or worsen from present levels, our business, results of operations, and financial condition could be adversely affected.

We have acquired, and may in the future acquire, complementary businesses which could require significant management attention, disrupt our business, dilute shareholder value, and adversely affect our results of operations. See also, “We have acquired, and may in the future acquire, complementary businesses which could require significant management attention, disrupt our business, dilute shareholder value, and adversely affect our results of operations.

As part of our business strategy, and to keep pace with technological and competitive developments, we may acquire or make investments in the acquisition of complementary businesses, technologies, services, products, and other assets that expand the products that we can offer our customers. As part of our business strategy, and to keep pace with technological and competitive developments, we may acquire or make investments in the acquisition of complementary businesses, technologies, services, products, and other assets that expand the products that we can offer our customers. We have in the past acquired, and expect in the future to acquire, businesses that we believe will complement or augment our existing business. For example, in July 2024, we acquired Qwak, a privately-held AI development platform company, and in 2021, we acquired both Vdoo Connected Trust Ltd. (“Vdoo”), a privately-held security company, and Upswift Ltd., a privately-held cloud-based platform company and creator of connected device management software for developers. The identification of suitable acquisition candidates is difficult, and we may not be able to complete such acquisitions on favorable terms, if at all. If we do complete future acquisitions, we may not ultimately strengthen our competitive position or achieve our goals and business strategy, we may be subject to claims or liabilities assumed from an acquired company, product, or technology, and any acquisitions we complete could be viewed negatively by our customers, investors, and securities analysts. In addition, if we are unsuccessful at integrating future acquisitions, including retaining employees of the acquired company, or the technologies associated with such acquisitions, the revenue and results of operations of the combined company could be adversely affected. In addition, if we are unsuccessful at integrating future acquisitions, or the technologies associated with such acquisitions, the revenue and results of operations of the combined company could be adversely affected. Any integration process may require significant time and resources, which may disrupt our ongoing business and divert management’s attention, and we may not be able to manage the integration process successfully.

We may have to pay cash, incur debt, or issue equity or equity-linked securities to pay for any future acquisitions, any of which could adversely affect our financial condition or the market price of our ordinary shares. We may have to pay cash, incur debt, or issue equity or equity-linked securities to pay for any future acquisitions, any of which could adversely affect our financial condition or the market price of our ordinary shares. The sale of equity or issuance of equity-linked debt to finance any future acquisitions could result in dilution to our shareholders. The incurrence of indebtedness would result in increased fixed obligations and could also include covenants or other restrictions that would impede our ability to raise additional capital and to manage our operations. The occurrence of any of these risks could harm our business, results of operations, and financial condition.

Our failure to generate significant capital or raise additional capital necessary to expand our operations and invest in new products could reduce our ability to compete and could harm our business.

Historically, we have funded our operations and capital expenditures primarily through cash generated from our operations and through equity issuances. Although we currently anticipate that our existing cash and cash equivalents and operating cash flow will be sufficient to meet our cash needs for the next twelve months, we may require additional financing. We evaluate financing opportunities from time to time, and our ability to obtain financing will depend, among other things, on our development efforts, business plans, operating performance, and condition of the capital markets at the time we seek financing. We cannot assure you that additional financing will be available to us on favorable terms when required, or at all. If we raise additional funds through the issuance of equity or equity-linked or debt securities, those securities may have rights, preferences, or privileges senior to the rights of our ordinary shares, and our shareholders may experience dilution.

If we need additional capital and cannot raise it on acceptable terms, we may not be able to, among other things:

Our failure to have sufficient capital to do any of these things could harm our business, financial condition, and results of operations. Our failure to have sufficient capital to do any of these things could harm our business, financial condition, and results of operations.

A minor portion of our revenue is generated by sales to government entities, which are subject to a number of challenges and risks. 31 Table of Contents A minor portion of our revenue is generated by sales to government entities, which are subject to a number of challenges and risks.

Sales to government entities are subject to a number of risks that are specific to public sector customers. Selling to government entities can be highly complex, competitive, and may have longer sales cycles, often requiring significant upfront time, expertise, and expense without any assurance that these efforts will generate a sale. Selling to government entities can be highly competitive, expensive, and time-consuming, often requiring significant upfront time, expertise, and expense without any assurance that these efforts will generate a sale. Government requirements for software like ours may change, thereby restricting our ability to sell into the U.S. federal government, U.S. state and local governments, or non-U.S. government entities, or non-U.S. government-controlled entities until we have complied with such requirements. Government demand and payment for our platform may be affected by public sector budgetary cycles and funding authorizations, with funding reductions or delays adversely affecting public sector demand for our platform. Government demand and payment for our products may be affected by public sector budgetary cycles and funding authorizations, with funding reductions or delays adversely affecting public sector demand for our products. Additionally, any actual or perceived privacy, data protection, or data security incident, or even any perceived defect with regard to our practices or measures in these areas, may negatively impact public sector demand for our platform.

Additionally, we rely on certain partners to provide technical support services to certain of our government entity customers to resolve any issues relating to our platform. If our partners do not effectively assist our government entity customers in deploying our platform, succeed in helping our government entity customers quickly resolve post-deployment issues, or provide effective ongoing support, our ability to expand and to sell to new and existing government entity customers would be adversely affected and our reputation could be damaged. If our partners do not effectively assist our government entity customers in deploying our products, succeed in helping our government entity customers quickly resolve post-deployment issues, or provide effective ongoing support, our ability to sell additional products to new and existing government entity customers would be adversely affected and our reputation could be damaged.

Government entities may have statutory, contractual, or other legal rights to terminate contracts with us for convenience or due to a default, and any such termination may adversely affect our future results of operations. Government entities may have statutory, contractual, or other legal rights that limit our ability to negotiate limitations of liability, or other provisions of the agreements that may shift more risk to us. Governments routinely investigate and audit government contractors’ administrative processes, and any unfavorable audit could result in the government refusing to continue buying our subscriptions, a reduction of revenue, or fines or civil or criminal liability if the audit uncovers improper or illegal activities, which could materially and adversely affect our results of operations.

Issues in the development and use of AI, combined with an uncertain regulatory environment, may result in reputational harm, liability, or other adverse consequences to our business operations.

We have deployed AI and ML technologies in our products and business, including developing new features utilizing AI technologies. AI technology may become more important to our operations or to our future growth over time. We may fail to properly implement or market our AI features and platform. We may fail to properly implement or market our AI products and business. Our platform and systems may become targets for abuse powered by AI, and our support for MLOps may fall behind existing demands which are changing rapidly. Our products and systems may become targets for abuse powered by AI, and our support for MLOps may fall behind existing standards which are changing rapidly. Our competitors or other third parties may incorporate AI technology into their products, offerings, and solutions more quickly or more successfully than us, which could impair our ability to compete effectively and adversely affect our results of operations. Suppliers of the third-party AI models we use in our platform and business could terminate their relationship with us, cease to make certain models available to us, or make certain models more expensive for us to use. Suppliers of the third-party AI models we use in our products and business could terminate their relationship with us, cease to make certain models available to us, or make certain models more expensive for us to use.

AI technology also may be the subject of new or modified legal and regulatory obligations. AI technology also may be the subject of new or modified legal and regulatory obligations. For example, the EU AI Act (the “AI Act”) entered into force on August 1, 2024, with obligations related to certain AI practices and AI literacy, effective February 2, 2025, and provisions pertaining to General Purpose AI Models, effective August 2, 2025. Under the AI Act, fines can reach up to €35 million or 7% of global income. The AI Act may impact the incorporation of AI technologies into our offerings and business in Europe. Other countries, including the U.S. at both the state and federal level, are increasingly looking to regulate AI, or have already done so. For example, several AI bills have been introduced in Congress and in state legislatures. For example, several AI bills have been introduced in Congress. We may not be able to anticipate how to respond to rapidly evolving legal frameworks, and we may have to expend resources to adjust our offerings in certain jurisdictions if the legal frameworks on AI and ML technologies are not consistent across jurisdictions. New laws, decisions, and guidance regarding AI technologies may limit our ability to use AI models, or require us to make changes to our operations or platform, which would result in an increase to operating costs and hinder our ability to improve our offering to our customers. New laws, decisions, and guidance regarding AI technologies may limit our ability to use AI models, or require us to make changes to our operations or products, which would result in an increase to operating costs and hinder our ability to improve our products. Accordingly, it is not possible to predict all of the risks related to the use of AI and ML technologies that we may face, and changes in laws, rules, directives, and regulations governing the use of AI and ML technologies may adversely affect our ability to use or sell these technologies or subject us to legal liability. Accordingly, it is not possible to predict all of the risks related to the use of AI and machine learning technologies that we may face, and changes in laws, rules, directives, and regulations governing the use of AI and machine learning technologies may adversely affect our ability to use or sell these technologies or subject us to legal liability. For instance, the European Commission’s Digital Omnibus Proposal, published in November 2025, includes proposed amendments to certain EU laws and regulations, including among other matters the AI Act. At this time, however, such proposed amendments remain at an early stage of the EU legislative process.

Uncertainty regarding new and emerging AI technologies, such as agentic AI, generative AI, and advances in ML, may require us to incur costly additional expenses to research and integrate AI technologies into our future product offerings and our internal systems. Uncertainty regarding new and emerging AI technologies, such as generative AI and machine learning, may require us to incur additional expenses to research and integrate AI technologies into our future product offerings and our internal systems. Additionally, AI may create content that appears correct, but is factually inaccurate, biased, insufficient, poor quality, flawed, or contain other errors or inadequacies, any of which may not be easily detectable. Additionally, AI may create content that appears correct, but is factually inaccurate, insufficient, poor quality, flawed, or contain other errors or inadequacies, any of which may not be easily detectable. AI and ML technologies have been known to produce false or hallucinatory inferences or outputs. AI and machine learning technologies have been known to produce false or hallucinatory inferences or outputs. Our use of AI technologies may expose us to additional claims, demands, and proceedings by private parties, customers, and regulatory authorities and subject us to legal liability as well as brand and reputational harm, confidentiality or security risks, competitive harm, ethical and social concerns, or other complications that could adversely affect our business, reputation, or financial results. If we do not have sufficient rights to use the output of such AI and ML tools, or other data or content on which the AI and ML tools we use rely, we also may incur liability by violation of applicable laws and regulations, third-party intellectual property or other rights, or contracts to which we are a party. If we do not have sufficient rights to use the output of such AI and machine learning tools, or other data or content on which the AI and machine learning tools we use rely, we also may incur liability by violation of applicable laws and regulations, third-party intellectual property or other rights, or contracts to which we are a party.

Expectations of our performance relating to sustainability and governance factors may impose additional costs and expose us to new risks. Expectations of our performance relating to sustainability and governance factors may impose additional costs and expose us to new risks.

We have undertaken and expect to continue to undertake certain sustainability and governance-related initiatives, goals, and commitments, which we have communicated on our website, in our SEC filings, and elsewhere. We have undertaken and expect to continue to undertake certain sustainability and governance-related initiatives, goals, and commitments, which we have communicated on our website, in our SEC filings, and elsewhere. These initiatives, goals, or commitments could be difficult to achieve and costly to implement. We could fail to achieve, or be perceived to fail to achieve, these initiatives, goals, or commitments. In addition, we could be criticized for the timing, scope, or nature of these initiatives, goals, or commitments, or for any revisions to them. Stakeholders could also challenge the accuracy, adequacy, or completeness of our disclosures related to these initiatives. For example, many sustainability initiatives leverage data, methodologies, technologies, and/or standards that are complex, subject to varying interpretations, and continuing to evolve. As with other companies, our approach is expected to continue to evolve as well, and we cannot guarantee that our approach will align with the expectations or interpretations of any particular stakeholder. Stakeholders (including, without limitation, policymakers) have varying, and at times conflicting, expectations. Our actual or perceived failure to achieve some or all of these initiatives, goals, or commitments or maintain sustainability or governance practices that meet evolving stakeholder expectations or regulatory requirements could harm our reputation (including, without limitation, impacts to any related ratings), adversely impact our ability to attract and retain employees or customers, and expose us to increased scrutiny from sustainability and governance-focused investors, regulatory authorities, and others, or subject us to liability. Our actual or perceived failure to achieve some or all of these initiatives, goals, or commitments or maintain sustainability or governance practices that meet evolving stakeholder expectations or regulatory requirements could harm our reputation, adversely impact our ability to attract and retain employees or customers, and expose us to increased scrutiny from sustainability and governance-focused investors, regulatory authorities, and others, or subject us to liability. Damage to our reputation or reduced demand for our products may adversely impact our business, financial condition, or results of operations.

In addition, we expect there will likely continue to be increasing levels of regulation, as policymakers in jurisdictions such as Europe, California, and Australia are adopting or considering adopting various requirements regarding sustainability disclosures or actions. Such regulations are not uniform, which may increase the cost and complexity of compliance, as well as associated risks. Moreover, both advocates and opponents of sustainability matters are increasingly resorting to a range of activism forms, including litigation, to advance their perspectives. Addressing stakeholder expectations and regulatory requirements may be costly and any failure to successfully navigate such expectations, as well as evolving interpretations of any existing or new governmental laws or requirements, may result in reputational harm, loss of customers or contracts, regulatory or investor engagement, or other adverse impacts to our business. Our customers and other stakeholders are also subject to many of these expectations and regulatory considerations, which may augment or result in additional risks that also could adversely impact our business, results of operations, or financial condition.

Risks Related to our Intellectual Property

Failure to protect our proprietary technology and intellectual property rights could substantially harm our business and results of operations.

Our success depends to a significant degree on our ability to protect our proprietary technology, methodologies, know-how, and brand. We rely on a combination of trademarks, copyrights, patents, contractual restrictions, and other intellectual property laws and confidentiality procedures to establish and protect our proprietary rights. However, we make certain products, including a limited-functionality version of JFrog Artifactory, available under open source licenses, contribute other source code to open source projects under open source licenses, and release internal software projects under open source licenses, and anticipate doing so in the future. Because the source code for the open source version of JFrog Artifactory and any other software we contribute to open source projects or distribute under open source licenses is publicly available, our ability to monetize and protect our intellectual property rights with respect to such source code may be limited or, in some cases, lost entirely. Our competitors could access such source code and use it to create software and service offerings that compete with ours.

Further, the steps we take to protect our intellectual property rights may be inadequate. We will not be able to protect our intellectual property rights if we are unable to enforce our rights or if we do not detect unauthorized use of our intellectual property rights. If we fail to protect our intellectual property rights adequately, our competitors may gain access to our proprietary technology and our business may be harmed. In addition, defending our intellectual property rights might entail significant expense. Any patents, trademarks, or other intellectual property rights that we have or may obtain may be challenged by others or invalidated through administrative process or litigation. We hold a number of active patents and have filed patent applications both in the U.S. and in other countries. There can be no assurance that our patent applications will result in issued patents. Even if we continue to seek patent protection in the future, we may be unable to obtain further patent protection for our technology. In addition, any patents issued in the future may not provide us with competitive advantages, or may be successfully challenged by third parties. Furthermore, legal standards relating to the validity, enforceability, and scope of protection of intellectual property rights are uncertain.

Despite our precautions, it may be possible for unauthorized third parties to copy our platform, in whole or in part, and use information that we regard as proprietary to create offerings that compete with ours. Effective patent, trademark, copyright, and trade secret protection may not be available to us in every country in which our platform is available. We may be unable to prevent third parties from acquiring domain names or trademarks that are similar to, infringe upon, or diminish the value of our trademarks and other proprietary rights. The laws of some countries may not be as protective of intellectual property rights as those in the U.S., and mechanisms for enforcement of intellectual property rights may be inadequate. As we continue to expand our international activities, our exposure to unauthorized copying and use of our products and proprietary information will likely increase. Accordingly, despite our efforts, we may be unable to prevent third parties from infringing upon or misappropriating our intellectual property.

We enter into confidential, non-compete, proprietary, and inventions assignment agreements with our employees and consultants and enter into confidentiality agreements with other parties. No assurance can be given that these agreements will be effective in controlling access to and distribution of our proprietary information, especially in certain states and countries, including Israel, that are less willing to enforce such agreements. No assurance can be given that these agreements will be 33 Table of Contents effective in controlling access to and distribution of our proprietary information, especially in certain states and countries, including Israel, that are less willing to enforce such agreements. Further, these agreements may not prevent our competitors from independently developing technologies that are substantially equivalent or superior to our products. Our platform allows integration with third parties’ software, or the platform used by the customer. Such integrated software could impact negatively on the use of features or products available on the JFrog Platform. In addition, if the integration is misused by a third party to gain unlawful access to our platform, our business and reputation could be harmed.

In order to protect our intellectual property rights, we may be required to spend significant resources to monitor and protect our intellectual property rights. In order to protect our intellectual property rights, we may be required to spend significant resources to monitor and protect our intellectual property rights. Litigation may be necessary in the future to enforce our intellectual property rights and to protect

our trade secrets. Litigation brought to protect and enforce our intellectual property rights could be costly, time-consuming, and distracting to management, and could result in the impairment or loss of portions of our intellectual property. Further, our efforts to enforce our intellectual property rights may be met with defenses, counterclaims, and countersuits attacking the validity and enforceability of our intellectual property rights. Our inability to protect our proprietary technology against unauthorized copying or use, as well as any costly litigation or diversion of our management’s attention and resources, could delay further sales or the implementation of our products, impair the functionality of our products, delay introductions of new products, result in our substituting inferior or more costly technologies into our products, or injure our reputation.

We could incur substantial costs as a result of any claim of infringement, misappropriation, or violation of another party’s intellectual property rights.

In recent years, there has been significant litigation involving patents and other intellectual property rights in the software industry. We do not currently have a large patent portfolio, which could prevent us from deterring patent infringement claims through our own patent portfolio, and our competitors and others may now and in the future have significantly larger and more mature patent portfolios than we have. The intellectual property ownership and license rights, including copyright, surrounding AI technologies have not yet been fully addressed by lawmakers or courts, and the use of third party AI in our products offerings may result in exposure to claims of copyright infringement or other intellectual property misappropriation. We could incur substantial costs in prosecuting or defending any intellectual property litigation. If we sue to enforce our rights or are sued by a third party that claims that our products infringe, misappropriate, or violate their rights, the litigation could be expensive, time-consuming and could divert our management and other employee resources. We could also be subject to an injunction which could prohibit us from selling or using products that incorporate the disputed intellectual property.

Any intellectual property litigation to which we might become a party, or for which we are required to provide indemnification, may require us to do one or more of the following:

If we are required to make substantial payments or undertake any of the other actions noted above as a result of any intellectual property infringement, misappropriation, or violation claims against us or any obligation to indemnify our customers for such claims, such payments or actions could harm our business. If we are required to make substantial payments or undertake any of the other actions noted above as a result of any intellectual property infringement, misappropriation, or violation claims against us or any obligation to indemnify our customers for such claims, such payments or actions could harm our business.

We may become subject to claims for remuneration or royalties for assigned service invention rights by our employees, which could result in litigation and would adversely affect our business.

A significant portion of our intellectual property has been developed by our employees in the course of their employment for us. Under the Israeli Patents Law, 5727-1967 (the “Patents Law”), inventions conceived by an employee in the course and as a result of or arising from his or her employment with a company are regarded as “service inventions,” which belong to the employer, absent a specific agreement between the employee and employer giving the employee service invention rights. The Patents Law also provides that if there is no such agreement between an employer and an employee, the Israeli Compensation and Royalties Committee (the “Committee”), a body constituted under the Patents Law, shall determine whether the employee is entitled to remuneration for his or her inventions. Case law clarifies that the right to receive consideration for “service inventions” can be waived by the employee and that, in certain circumstances, such waiver does not necessarily have to be explicit. Case law clarifies that the right to receive consideration for “service inventions” 34 Table of Contents can be waived by the employee and that, in certain circumstances, such waiver does not necessarily have to be explicit. The Committee will examine, on a case-by-case basis, the general contractual framework between the parties, applying interpretation rules of the general Israeli contract laws. Further, the Committee has not yet determined one specific formula for calculating this remuneration, but rather uses the criteria specified in the Patents Law. Although we generally enter into assignment of invention and waiver agreements with our employees pursuant to which such individuals assign to us all rights to any inventions created in the scope of their employment or engagement with us, and pursuant to which such individuals explicitly and irrevocably waive any right to claim royalties or other consideration in respect of service inventions, including under Section 134 of the Patents Law, we may nevertheless face claims demanding remuneration in consideration for assigned inventions. Such waivers are generally recognized and enforceable under Israeli law and are taken into account by the Committee when evaluating such claims. As a consequence of such claims, we could be required to incur legal costs and expend management time in responding to or

defending against such claims, which are generally assessed in light of the explicit waivers executed by our employees, and such circumstances and developments could negatively affect our business. .

Indemnity provisions in various agreements potentially expose us to substantial liability for intellectual property infringement, misappropriation, violation, and other losses.

Our agreements with customers and other third parties generally include indemnification provisions under which we agree to indemnify them for losses suffered or incurred as a result of claims by third parties against customers, alleging intellectual property infringement, misappropriation or violation, or other liabilities relating to or arising from our software, services or other contractual obligations. Typically, we do not have a cap on our liability for indemnity claims and any payments under such agreements would harm our business, results of operations, and financial condition. Pursuant to certain agreements, we do not have a cap on our liability for indemnity claims and any payments under such agreements would harm our business, results of operations, and financial condition. Any dispute with a customer with respect to such obligations could have adverse effects on our relationship with that customer and other existing customers and new customers and harm our business and results of operations.

Our use of open source software could negatively affect our ability to sell our products and subject us to possible litigation.

Our paid platform incorporates open source software, and we expect to continue to incorporate open source software in our paid platform in the future. Few of the licenses applicable to open source software have been interpreted by courts, and there is a risk that these licenses could be construed in a manner that could impose unanticipated conditions or restrictions on our ability to commercialize our paid products. There have been claims challenging the ownership rights in open source software against companies that incorporate open source software into their products, and the licensors of such open source software provide no warranties or indemnities with respect to such claims. In addition, if an author or other third party that distributes such open source software were to allege that we had not complied with the conditions of one or more of these licenses, we could be required to incur significant legal expenses defending against such allegations and could be subject to significant damages, enjoined from the sale of our products that contained the open source software, and required to comply with onerous conditions or restrictions on these products, which could disrupt the distribution and sale of these products. In any of these events, we and our customers could be required to seek licenses from third parties in order to continue offering our products, and to re-engineer our products or discontinue the sale of our products in the event re-engineering cannot be accomplished on a timely basis. We and our customers may also be subject to suits by parties claiming infringement, misappropriation, or violation due to the reliance by our solutions on certain open source software, and such litigation could be costly for us to defend or subject us to an injunction. Some open source software has vulnerabilities and architectural instabilities which, if not properly addressed, could negatively affect the performance of our product. Some open source projects provided on an “as-is” basis have known vulnerabilities and architectural instabilities which, if not properly addressed, could negatively affect the performance of our product. Any of the foregoing could require us to devote additional research and development resources to re-engineer our solutions, could result in customer dissatisfaction, and may adversely affect our business, results of operations, and financial condition.

Risks Related to Privacy, Data Protection, and Cybersecurity

A breach of our security measures or unauthorized access to proprietary and confidential data, or a perception that any security breach or other incident has occurred, may result in our platform or products being perceived as not secure, lower customer use or stoppage of use of our products, and significant liabilities.

We collect, store, and process certain sensitive and proprietary information, and certain personal data and personal information, in the operation of our business. This information includes trade secrets, intellectual property, employee data, and other data. We have taken measures to protect our sensitive and proprietary information, personal data, and personal information, as well as such information that we otherwise obtain or process, including from our customers. We have taken measures to protect our own sensitive and proprietary information, personal data, and personal information, as well as such information that we otherwise obtain, including from our customers. Although our products do not involve processing large amounts of personal data or personal information, our platform and products support customers’ software, which may involve processing large amounts of personal data, personal information, and information that is confidential or otherwise sensitive or proprietary. Although our products do not involve the processing of large amounts of personal data or personal information, our platform and products support customers’ software, which may involve the processing of large amounts of personal data, personal information, and information that is confidential or otherwise sensitive or proprietary. Embedded AI in our products may increase these risks for us and our customers. We also engage vendors and service providers to store and otherwise process some of our and our customers’ data, including sensitive and proprietary information, personal data, and personal information.

Techniques used to sabotage or obtain unauthorized access to systems or networks are constantly evolving and, in some instances, are not identified until launched against a target. For example, AI technologies may be used in connection with certain cybersecurity attacks and vulnerabilities, resulting in heightened risks of security breaches and incidents, including through inadvertent or intentional actions by our employees, contractors, consultants, partners, and/or other third parties. We and our vendors and service providers may be unable to anticipate these techniques, react, remediate, or otherwise address any security breach or other security incident in a timely manner, or implement adequate preventative measures. We have experienced vulnerabilities in the past, and we identify product vulnerabilities from time to time, including through our bug bounty program. Certain vulnerabilities could be exploited if our customers do not patch vulnerable versions of the product. Certain vulnerabilities under certain circumstances could be exploited if our customers do not patch vulnerable versions of the product. We may experience

security breaches and incidents, including those resulting from a cybersecurity attack or phishing attack, whether from hackers, criminal groups, or state-sponsored organizations, or other means, including unauthorized access, unauthorized usage, malware, similar events or causes, or employee or contractor error or negligence, or those of vendors, service providers, and strategic partners on which we rely. There also have been and may continue to be significant supply chain attacks. Our vendors and service providers have been and, in the future may be, the targets of cyberattacks, malicious software, supply chain attacks, phishing schemes, fraud, and other risks to the confidentiality, security, and integrity of their systems and the data they process for us. Certain of our vendors and service providers have suffered from security breaches and incidents, and from disruptions to their systems and networks, and we cannot guarantee that our or our vendors or service providers’ systems and networks have not been breached or do not contain exploitable vulnerabilities, defects, or bugs that could result in a breach of, incident impacting, or other disruption to our systems and networks or the systems or networks of third parties that support us and our services. In addition, our customers and users may disclose or leak their passwords, API keys, or secrets that could lead to unauthorized access to their accounts and data, including information about their software, source code, and security environment, stored within our products and associated systems. In addition, our customers and users may also disclose or leak their passwords, API keys, or secrets that could lead to unauthorized access to their accounts and data, including information about their software, source code, and security environment, stored within our products.

Despite our efforts, our systems and those of our vendors, service providers, and strategic partners are vulnerable to computer malware, malicious access or delivery of ransomware or other malicious software to our customers, AI risks, viruses, computer hacking, fraudulent use, social engineering attacks, phishing attacks, ransomware attacks, credential stuffing attacks, denial-of-service attacks, supply chain attacks, OAuth abuse, unauthorized access, exploitation of bugs, defects, and vulnerabilities, breakdowns, damage, interruptions, system malfunctions, power outages, terrorism, acts of vandalism, failures, security breaches and incidents, inadvertent or intentional actions by our employees, contractors, consultants, partners, and/or other third parties, and other real or perceived cyberattacks and other sources of security breaches and incidents. Despite our efforts, our systems and those of our vendors, service providers, and strategic partners also are potentially vulnerable to computer malware, malicious access or delivery of ransomware or other malicious software to our customers, AI risks, viruses, computer hacking, fraudulent use, social engineering attacks, phishing attacks, ransomware attacks, credential stuffing attacks, denial-of-service attacks, unauthorized access, exploitation of bugs, defects, and vulnerabilities, breakdowns, damage, interruptions, system malfunctions, power outages, terrorism, acts of vandalism, failures, security breaches and incidents, inadvertent or intentional actions by our employees, contractors, consultants, partners, and/or other third parties, and other real or perceived cyberattacks. Our risks of cyberattacks and other sources of security breaches and incidents, and those faced by our vendors, service providers, and strategic partners, may be heightened in connection with regional conflicts, and other geopolitical tensions and regional instability. Our risks of cyberattacks and other sources of security breaches and incidents, and those faced by our vendors, service providers, and strategic partners, may be heightened in connection with the war between Israel, Hamas and Hezbollah, the regional conflict in the Middle East, the war between Russia and Ukraine, and other associated geopolitical tensions and regional instability. Any of these incidents or any compromise of our security or any unauthorized access to or breaches of, or other incidents impacting, the security of our or our service providers’ systems or data processing tools or processes, or of our platform and product offerings, as a result of third-party action, employee error, vulnerabilities, defects or bugs, malfeasance, or otherwise, may have resulted in and in the future could result in unauthorized or unlawful access to, misuse, disclosure, loss, acquisition, corruption, unavailability, alteration, modification, or destruction of our and our customers’ data, including sensitive and proprietary information, personal data and personal information, or interruptions or other disruptions to, or compromises or risks to the security of our or our customers’ systems. Any of these incidents or any compromise of our security or any unauthorized access to or breaches of the security of our or our service providers’ systems or data processing tools or processes, or of our platform and product offerings, as a result of third-party action, employee error, vulnerabilities, defects or bugs, malfeasance, or otherwise, could result in unauthorized or unlawful access to, misuse, disclosure, loss, acquisition, corruption, unavailability, alteration, modification, or destruction of our and our customers’ data, including sensitive and proprietary information, personal data and personal information, or a risk to the security of our or our customers’ systems. We, our vendors, service providers, and strategic partners may be unable to anticipate these techniques and vulnerabilities, react, remediate, or otherwise address any security breach or other security incident in a timely manner, or implement adequate preventative measures.

Many of our and our service providers’ employees and other personnel work remotely, and are increasingly using AI technologies, all of which may increase our and their susceptibility to security breaches and incidents. We maintain certain policies and controls designed to address identified risks relating to our employees’ use of generative AI, but personnel may unknowingly or otherwise inappropriately enter proprietary or sensitive information, data, or code into AI tools, may use tools making use of AI agents or other types of AI inappropriately, or may use unauthorized AI tools, all of which may lead to loss of intellectual property protection, inappropriate disclosure or other processing of proprietary or sensitive information, data, or code, noncompliance with applicable laws, regulations, or other obligations, and other liabilities. As we continue to expand our offerings, including through the acquisition of complementary businesses, such as our acquisition of Vdoo in 2021 and our acquisition of Qwak in July 2024, our products will likely have access to more sensitive and personal information of our customers, which could result in greater adverse effects from security breaches and other security incidents. Further, the more widespread our platform and products become, the more they may be viewed by malicious actors as attractive targets for attacks.

A security breach or incident impacting us or any of our vendors or service providers could result in disruptions to our operations, reputational damage, litigation, regulatory investigations and orders, loss of business, indemnity obligations, damages for contract breach, penalties for violation of applicable laws, regulations, or contractual obligations, and significant costs, fees, and other monetary payments for remediation, including in connection with forensic examinations and costly and burdensome breach notification requirements. A security breach or other incident could result in reputational damage, litigation, regulatory investigations and orders, loss of business, indemnity obligations, damages for contract breach, penalties for violation of applicable laws, regulations, or contractual obligations, and significant costs, fees, and other monetary payments for remediation, including in connection with forensic examinations and costly and burdensome breach notification requirements. Any belief by customers or others that a security breach or other incident has affected us or any of our vendors or service providers, even if inaccurate, could have any or all of the foregoing impacts on us. Any belief by customers or others that a security breach or other incident has affected us or any of our vendors or service providers, even if a security breach or other incident has not affected us or any of our vendors or service providers or has not actually occurred, could have any or all of the foregoing impacts on us, including damage to our reputation. Even the perception of inadequate security may damage our reputation and negatively impact our ability to gain new customers and retain existing customers. Any security breach or incident could require us to expend significant capital and other resources. The impact of any compromise of our product offering means of malicious access, or delivery of ransomware or other malicious software to our customers, would likely be significant.

We incur substantial costs in an effort to detect and prevent security breaches and other security-related incidents, including those to secure our product development, test, evaluation, and deployment activities, and we expect our costs will increase as we make improvements to our relevant systems and processes. Security incidents affecting widely-trusted data security architecture

have occurred in recent years, and these or future incidents may increase customer expectations regarding the security, testing, and compliance documentation of our products for secure software development operations, management, automation, and releases. In addition, these or other incidents, our expansion into new products and services, or other factors may result in new or expanded laws, regulations, regulatory guidance, and industry standards and practices in the U.S. and elsewhere. We may face increased compliance burdens, customer requirements, reporting obligations, and increased costs for oversight and monitoring of our products and supply chain. We may face increased compliance burdens regarding such requirements with regulators and customers regarding our products and services and also incur additional costs for oversight and monitoring of our own supply chain.

Further, any provisions in our customer and user agreements, contracts with our vendors and service providers, or other contracts relating to limitations of liability, may not be enforceable or adequate or otherwise protect us from any liabilities or damages relating to a security breach or other security-related matter. Further, any provisions in our customer and user agreements, contracts with our vendors and service providers, or other contracts relating to limitations of liability, may not be enforceable or adequate or otherwise protect us from any liabilities or damages with respect to any particular claim relating to a security breach or other security-related matter. A security breach or other incident impacting a significant number of our customers could subject us to indemnity claims or other damages or liabilities that exceed our insurance coverage. Our insurance coverage might not be adequate for liabilities incurred, such insurance may not continue to be available to us on economically reasonable terms, or at all, and insurers may deny us coverage as to any claim. The successful assertion of one or more large claims against us that exceed available insurance coverage, or the occurrence of changes in our insurance policies, including premium increases or large deductible or co-insurance requirements, could have a material adverse effect on our business, including our financial condition, operating results, and reputation. The successful assertion of one or more large claims against us that exceed available insurance coverage, or the occurrence of changes in our insurance policies, including premium increases or the imposition of large deductible or co-insurance requirements, could have a material adverse effect on our business, including our financial condition, operating results, and reputation.

We are subject to stringent and changing laws, regulations, standards, and contractual obligations related to privacy, data protection, and data security. We are subject to stringent and changing laws, regulations, standards, and contractual obligations related to privacy, data protection, and data security. Our actual or perceived failure to comply with such obligations could harm our business.

We receive, collect, store, process, transfer, retain, use, and otherwise process personal information and other data relating to users of our products, our employees and contractors, and other persons. We have legal and contractual obligations regarding the protection of confidentiality and appropriate use of certain data, including personal data and personal information. We are subject to numerous federal, state, local, and international laws, directives, and regulations regarding privacy, data protection, e-marketing, cybersecurity, AI, and data security and the collection, storing, sharing, use, processing, transfer, retention, security, disclosure, and protection of personal information and other data, the scope of which are changing, subject to differing interpretations, and may be inconsistent among jurisdictions or conflict with other legal and regulatory requirements. We are also subject to certain contractual obligations to third parties related to privacy, data protection, cybersecurity, AI, data security, and the collection, storing, sharing, use, processing, transfer, retention, security, disclosure, and protection of personal information and other data. We are also subject to certain contractual obligations to third parties related to privacy, data protection, cybersecurity, AI, and data security. We strive to comply with our applicable policies and applicable laws, regulations, contractual obligations, and other legal obligations relating to privacy, data protection, cybersecurity, AI, data security, and the collection, storing, sharing, use, processing, transfer, retention, security, disclosure, and protection of personal information and other data to the extent possible. We strive to comply with our applicable policies and applicable laws, regulations, contractual obligations, and other legal obligations relating to privacy, data protection, cybersecurity, and data security to the extent possible. However, the regulatory framework for these matters worldwide is, and is likely to remain for the foreseeable future, uncertain and complex, and it is possible that these or other actual or alleged obligations may be interpreted and applied in a manner that we do not anticipate or that is inconsistent from one jurisdiction to another and may conflict with other legal obligations or our practices. However, the regulatory framework for privacy, data protection, cybersecurity, e-marketing, AI, and data security worldwide is, and is likely to remain for the foreseeable future, uncertain and complex, and it is possible that these or other actual or alleged obligations may be interpreted and applied in a manner that we do not anticipate or that is inconsistent from one jurisdiction to another and may conflict with other legal obligations or our practices. For example, the European Union’s Data Act which became effective on September 12, 2025, may require us to adjust contractual terms with customers and develop technical measures for data portability. Any perception of concerns relating to these matters or an inability to comply with applicable laws, regulations, policies, industry standards, contractual obligations, or other legal obligations, even if unfounded, may result in additional cost and liability to us, harm our reputation and inhibit adoption of our products by current and future customers, and adversely affect our business, financial condition, and results of operations. Any perception of privacy, data security, cybersecurity, or data protection concerns or an inability to comply with applicable laws, regulations, policies, industry standards, contractual obligations, or other legal obligations, even if unfounded, may result in additional cost and liability to us, harm our reputation and inhibit adoption of our products by current and future customers, and adversely affect our business, financial condition, and results of operations. Further, any significant change to applicable laws, regulations, or industry practices relating to privacy, data protection, cybersecurity, AI, data security, or the collection, storing, sharing, use, retention, security, protection, disclosure, other processing of data, or their interpretation, or any changes regarding the manner in which the consent of users or other data subjects for the collection, use, retention, disclosure, or other processing of such data must be obtained, could increase our costs and require us to modify our services and features, possibly in a material manner, which we may be unable to complete, and may limit our ability to store and process user data or develop new services and features. Further, any significant change to applicable laws, regulations, or industry practices regarding the collection, storing, sharing, use, retention, security, protection, disclosure, other processing of data, or their interpretation, or any changes regarding the 37 Table of Contents manner in which the consent of users or other data subjects for the collection, use, retention, disclosure, or other processing of such data must be obtained, could increase our costs and require us to modify our services and features, possibly in a material manner, which we may be unable to complete, and may limit our ability to store and process user data or develop new services and features.

If we were found in violation of any applicable laws or regulations relating to privacy, data protection, cybersecurity, AI, data security, or otherwise relating to the collection, storing, sharing, use, processing, transfer, retention, security, disclosure, and protection of personal information or other data, in addition to any regulatory fines, penalties, contract breach, costs for remediation, or litigation costs, our business may be materially and adversely affected and we would likely have to change our business practices and potentially the services and features available through our platform. Any failure or perceived failure by us to comply with our posted privacy notices, our privacy-related obligations to users or other third parties, or any other actual or asserted legal obligations or regulatory requirements relating to privacy, data protection, cybersecurity, e-marketing, AI, or data security, may result in governmental investigations or enforcement actions, litigation, claims, or public statements against us by privacy advocacy groups or others and could result in significant liability, cause our customers to lose trust in us, and otherwise materially and adversely affect our reputation and business. In addition, these laws and regulations could constrain our ability to use and process data in manners that may be commercially desirable. In addition, if a security breach or incident were to occur or to be alleged to have occurred, if any violation of laws and regulations relating to privacy, data protection, or data security were to be alleged, or if we had any actual or alleged defect in our safeguards or practices relating to privacy, data protection, or data security, our solutions may be perceived as less desirable and our business, prospects, financial condition, and results of operations could be materially and adversely affected. In addition, if a breach of data security were to occur or to be alleged to have occurred, if any violation of laws and regulations relating to privacy, data protection, or data security were to be alleged, or if we had any actual or alleged defect in our safeguards or practices relating to privacy, data protection, or data security, our solutions may be perceived as less desirable and our business, prospects, financial condition, and results of operations could be materially and adversely affected. Our insurance covering certain security and privacy damages and claim expenses may not be sufficient to compensate for all liabilities we may incur.

The regulatory environment applicable to the handling of European Economic Area (“EEA”) residents’ personal data, and our actions taken in response, may cause us to assume additional liabilities or incur additional costs and could result in our business, operating results, and financial condition being harmed. We and our customers may face a risk of enforcement actions by data protection authorities in the EEA relating to personal data transfers to us and by us from the EEA. Any such enforcement actions could result in substantial costs and diversion of resources, distract management and technical personnel, and negatively affect our business, operating results and financial condition. While the EU and U.S. governments have adopted the EU-U.S. Data Privacy Framework (“DPF”) to foster EU-U.S. data transfers, the Court of Justice of the European Union (“CJEU”) upheld the Standard Contractual Clauses (“SCCs”), and addressed the concerns of the CJEU’s “Schrems II” decision, it is uncertain whether the DPF and the SCCs will eventually be overturned or invalidated, as was the case with the predecessors to the DPF. Additionally, certain countries have considered passing laws requiring varying degrees of local data residency. Any actual or perceived failure to comply with these laws could result in a costly investigation or litigation resulting in potentially significant liability, loss of trust by our users, and a material and adverse impact on our reputation and business.

The Israeli Privacy Protection Law, 1981 (“PPL”), and its regulations, including but not limited to the Israeli Privacy Protection Regulations (Data Security) 2017 (Security Regulations) impose obligations regarding processing, transferring and securing of personal data. The Israeli Privacy Protection Law, 1981 (PPL), and its regulations, including but not limited to the Israeli Privacy Protection Regulations (Data Security) 2017 (Security Regulations) impose obligations regarding processing, transferring and securing of personal data. In addition, in 2023, the Privacy Protection Regulations (Provisions Regarding Information Transferred to Israel from the European Economic Area), 2023 (EU Regulations) were enacted and consequently provide, in certain cases, additional rights to data subjects from the EEA and Israel. Therefore, significant changes to the PPL and its regulations may necessitate adjustments to our data protection and security practices. Lack of compliance with the PPL and its regulations could result in enforcement actions, litigation (including class actions), fines and penalties.

A material amendment to the PPL took effect on August 14, 2025 (“Amendment 13”). Among other things, Amendment 13 expands the Privacy Protection Authority’s investigative authority and the monetary sanctions that can be imposed for breach of the PPL and its regulations, to substantial amounts that, in certain cases, may reach millions of NIS.

There are increasing restrictions in the United States on certain personal sensitive data transfers involving foreign countries. Executive Order 14117 entitled “Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern” dated as of February 28, 2024 and which became effective as of April 8, 2025, prohibits data transfer of personal identifiers, precise geolocation data, biometric identifiers, health data, and financial data over a certain bulk threshold to identified countries of concern (i.e., China, Hong Kong, Macau, Cuba, Iran, North Korea, Russia, and Venezuela). The regulations also restrict data brokerage agreements, investment agreements, employment agreements, and vendor agreements involving such data and countries of concern. Violations of these regulations may be punishable by criminal and/or civil sanctions, and may result in exclusion from participation in federal and state programs. These data transfer restrictions may create operational challenges and legal risks for our business, particularly with regard to China, where we continue to have limited operations.

We also expect that there will continue to be changes in interpretations of existing laws and regulations, or new proposed laws and regulations concerning privacy, data security, cybersecurity, data sovereignty, e-marketing, AI, and data protection. We also expect that there will continue to be changes in interpretations of existing laws and regulations, or new proposed laws and regulations concerning privacy, data security, cybersecurity, data sovereignty, e-marketing, AI, and data protection. We cannot yet determine the impact these laws and regulations or changed interpretations may have on our business, but we anticipate that they could impair our or our customers’ ability to collect, use, or disclose information relating to individuals, which could decrease demand for our platform, increase our costs, and impair our ability to maintain and grow our customer base and increase our revenue. Moreover, because the interpretation and application of many laws, regulations, and industry standards relating to privacy, security, cybersecurity, e-marketing, AI, data protection, and the collection, storing, sharing, use, processing, transfer, retention, security, disclosure, and protection of personal information and other data, are uncertain, it is possible that these laws, regulations and standards, or contractual obligations to which we are or may become subject, may be interpreted and applied in a manner that is inconsistent with our existing or future data management practices or features of our platform and products. Moreover, because the interpretation and application of many laws and regulations relating to privacy, security, cybersecurity, e-marketing, AI, and data protection, along with mandatory industry standards, are uncertain, it is possible that these laws, regulations and standards, or contractual obligations to which we are or may become subject, may be interpreted and applied in a manner that is inconsistent with our existing or future data management practices or features of our platform and products. Any failure or perceived failure by us to comply with our posted privacy notices, our privacy-related obligations to users or other third parties, or any other actual or asserted legal obligations or regulatory requirements relating to privacy, data protection, cybersecurity, e-marketing, AI, or data security, may result in governmental investigations or enforcement actions, litigation, claims, or public statements against us by privacy advocacy groups or others and could result in significant liability, cause our customers to lose trust in us, and otherwise materially and adversely affect our reputation and business. Furthermore, the costs of compliance with, and other burdens imposed by, the laws, regulations, other obligations, and policies that are applicable to the businesses of our users may limit the adoption and use of, and reduce the overall demand for, our platform. Additionally, if third parties we work with violate applicable laws, regulations, or contractual obligations, such violations may put our users’ data at risk, could result in governmental investigations or enforcement actions, fines, litigation, claims, or public statements against us by privacy advocacy groups or others, and could result in significant liability, cause our customers to lose trust in us, and otherwise materially and adversely affect our reputation and business. Additionally, if third parties we work with violate applicable laws, regulations, or contractual obligations, such violations may 38 Table of Contents put our users’ data at risk, could result in governmental investigations or enforcement actions, fines, litigation, claims, or public statements against us by privacy advocacy groups or others, and could result in significant liability, cause our customers to lose trust in us, and otherwise materially and adversely affect our reputation and business. Further, public scrutiny of, or complaints about, technology companies or their data handling or data protection practices, even if unrelated to our business, industry, or operations, may lead

to increased scrutiny of technology companies, including us, and may cause government agencies to enact additional regulatory requirements, or to modify their enforcement or investigation activities, which may increase our costs and risks.

Risks Related to Foreign Operations

Our international operations and expansion expose us to risks.

Our primary research and development operations are located in Israel. As of December 31, 2025, we had customers located in over 90 countries, and our strategy is to continue to expand internationally. In addition, as a result of our strategy of leveraging a distributed workforce. As of December 31, 2025, we had employees located primarily in eleven countries. Our current international operations involve, and we expect future initiatives will involve, a variety of risks, including:

If we are unable to address these difficulties and challenges or other problems encountered in connection with our international operations and expansion, we may incur unanticipated liabilities or otherwise suffer harm to our business generally. If we are unable to address these difficulties and challenges or other problems encountered in connection with our international operations and expansion, we may incur unanticipated liabilities or otherwise suffer harm to our business generally.

If we are not successful in sustaining and expanding our international business, we may incur additional losses and our revenue growth could be harmed. 39 Table of Contents If we are not successful in sustaining and expanding our international business, we may incur additional losses and our revenue growth could be harmed.

Our future results depend, in part, on our ability to sustain and expand our penetration of the international markets in which we currently operate and to expand into additional international markets. Our ability to expand internationally will depend upon

our ability to deliver functionality and foreign language translations that reflect the needs of the international clients that we target. Our ability to expand internationally involves various risks, including the need to invest significant resources in such expansion, and the possibility that returns on such investments will not be achieved in the near future or at all in these less familiar competitive environments. We may also choose to conduct our international business through strategic partnerships or other collaboration arrangements. If we are unable to identify partners or negotiate favorable terms, our international growth may be limited. In addition, we have incurred and may continue to incur significant expenses in advance of generating material revenue as we attempt to establish our presence in certain international markets.

As we conduct operations in China, risks associated with economic, political, and social events in China could negatively affect our business and results of operations. As we conduct operations in China, risks associated with economic, political, and social events in China could negatively affect our business and results of operations.

We currently conduct limited operations in China, including its administrative regions such as Hong Kong. We currently conduct limited operations in China, including its administrative regions such as Hong Kong. Our operations in China are subject to a number of risks relating to China’s economic and political systems, including but not limited to:

Any actions and policies adopted by the government of the People’s Republic of China, particularly with regard to intellectual property rights and their enforcement, any slowdown in China’s economy, alignment with territories of geopolitical tension such as Russia, or increased restrictions related to the transfer of data pursuant to the Chinese Cyber Security Law, could have an adverse effect on our business, results of operations, and financial condition. Any actions and policies adopted by the government of the People’s Republic of China, particularly with regard to intellectual property rights and their enforcement, any slowdown in China’s economy, alignment with territories of geopolitical tension such as Russia, or increased restrictions related to the transfer of data pursuant to the Chinese Cyber Security Law, could have an adverse effect on our business, results of operations, and financial condition.

Further, the U.S. and China continue to have disagreements over political and economic issues, including a recent escalation of tensions over the trade deficit, tariff restrictions, and other non-tariff trade barriers. Any new or worsening of current political or trade controversy between the U.S. and China could adversely affect the U.S. and European economies and materially and adversely affect the market price of our ordinary shares, our business, financial position, and financial performance.

We are subject to various governmental export controls, trade sanctions, and import laws and regulations that could impair our ability to compete in international markets or subject us to liability if we violate these controls. We are subject to various governmental export controls, trade sanctions, and import laws and regulations that could impair our ability to compete in international markets or subject us to liability if we violate these controls.

In some cases, our software is subject to export control laws and regulations, including the Export Administration Regulations administered by the U.S. Department of Commerce, and our activities may be subject to trade and economic sanctions, including those administered by the OFAC (collectively, “Trade Controls”). As such, a license may be required to export or re-export our products, or provide related services, to certain countries and end-users, and for certain end-uses. Further, our products incorporating encryption functionality may be subject to special controls applying to encryption items and/or certain reporting requirements.

While we take precautions and maintain procedures to prevent our products and solutions from being exported in violation of these laws, we cannot guarantee that the precautions we take will prevent violations of export control and sanctions laws. We are currently working to enhance these procedures, with which failure to comply could subject us to both civil and criminal penalties, including substantial fines, possible incarceration of responsible individuals for willful violations, possible loss of our export or import privileges, and reputational harm. Further, the process for obtaining necessary licenses may be time-consuming or unsuccessful, potentially causing delays in sales or losses of sales opportunities. Trade Controls are complex and dynamic

regimes, and monitoring and ensuring compliance can be challenging, particularly given that our products are widely distributed throughout the world and are available for download without registration. Although we have no knowledge that our activities have resulted in violations of Trade Controls, any failure by us or our partners to comply with applicable laws and regulations would have negative consequences for us, including reputational harm, government investigations, and penalties.

In addition, various countries regulate the import of certain encryption technology, including through import permit and license requirements, and have enacted laws that could limit our ability to distribute our products or could limit our end-customers’ ability to implement our products in those countries. Changes in our products or changes in export and import regulations in such countries may create delays in the introduction of our products into international markets, prevent our end-customers with international operations from deploying our products globally or, in some cases, prevent or delay the export or import of our products to certain countries, governments, or persons altogether. Any change in export or import laws or regulations, economic sanctions or related legislation, shift in the enforcement or scope of existing export, import or sanctions laws or regulations, or change in the countries, governments, persons, or technologies targeted by such export, import, or sanctions laws or regulations, could result in decreased use of our products by, or in our decreased ability to export or sell our products to, existing or potential end-customers with international operations. Any decreased use of our products or limitation on our ability to export to or sell our products in international markets could adversely affect our business, financial condition, and results of operations.

Failure to comply with anti-bribery, anti-corruption, anti-money laundering laws, and similar laws, could subject us to penalties and other adverse consequences.

We are subject to the U.S. Foreign Corrupt Practices Act of 1977, as amended (the “FCPA”), the U.S. domestic bribery statute contained in 18 U.S.C. § 201, the U.S. Travel Act, the USA PATRIOT Act of 2001, the United Kingdom Bribery Act 2010, the Proceeds of Crime Act 2002, Chapter 9 (sub-chapter 5) of the Israeli Penal Law, 1977, the Israeli Prohibition on Money Laundering Law–2000 and possibly other anti-bribery and anti-money laundering laws in countries outside of the U.S. in which we conduct our activities. Anti-corruption and anti-bribery laws have been enforced aggressively in recent years and are interpreted broadly to generally prohibit companies, their employees, agents, representatives, business partners, and third-party intermediaries from authorizing, offering, or providing, directly or indirectly, improper payments or benefits to recipients in the public or private sector.

We sometimes leverage third parties to sell our products and conduct our business abroad. We, our employees, agents, representatives, business partners, and third-party intermediaries may have direct or indirect interactions with officials and employees of government agencies or state-owned or affiliated entities and may be held liable for the corrupt or other illegal activities of these employees, agents, representatives, business partners, or third-party intermediaries, even if we do not explicitly authorize such activities. We cannot assure you that all of our employees and agents will not take actions in violation of applicable law, for which we may be ultimately held responsible. As we increase our international sales and business, our risks under these laws may increase.

These laws also require that we keep accurate books and records and maintain internal controls and compliance procedures designed to prevent any such actions. While we have policies and procedures to address compliance with such laws, we cannot assure you that none of our employees, agents, representatives, business partners, or third-party intermediaries will take actions in violation of our policies and applicable law, for which we may be ultimately held responsible.

Any allegations or violation of the FCPA or other applicable anti-bribery, anti-corruption laws, and anti-money laundering laws could result in whistleblower complaints, sanctions, settlements, prosecution, enforcement actions, fines, damages, adverse media coverage, investigations, loss of export privileges, severe criminal or civil sanctions, or suspension or debarment from U.S. government contracts, all of which may have an adverse effect on our reputation, business, results of operations, and prospects. Responding to any investigation or action will likely result in a materially significant diversion of management’s attention and resources and significant defense costs and other professional fees. In addition, the U.S. government may seek to hold us liable for successor liability for FCPA violations committed by companies in which we invest or that we acquire. As a general matter, investigations, enforcement actions, and sanctions could harm our reputation, business, results of operations, and financial condition.

We are exposed to fluctuations in currency exchange rates, which could negatively affect our financial condition and results of operations.

Our functional currency is the U.S. dollar and our revenue and expenses are primarily denominated in U.S. dollars. However, a significant portion of our headcount related expenses, consisting principally of salaries and related personnel expenses as well as leases and certain other operating expenses, are denominated in NIS. This foreign currency exposure gives rise to market risk associated with exchange rate movements of the U.S. dollar against the NIS. Furthermore, we anticipate that a material portion

of our expenses will continue to be denominated in NIS. We currently utilize foreign currency contracts with financial institutions to protect against foreign exchange risks, mainly the exposure to changes in the exchange rate of the NIS against the U.S. dollar that are associated with future cash flows denominated in NIS.

In addition, increased international sales in the future may result in greater foreign currency denominated sales, increasing our foreign currency risk. A material portion of our leases are denominated in currencies other than the U.S. Dollar, mainly in NIS. The associated lease liabilities are remeasured using the current exchange rate, which may result in material foreign exchange gains or losses. Moreover, operating expenses incurred outside the U.S. and denominated in foreign currencies are increasing and are subject to fluctuations due to changes in foreign currency exchange rates. If we are not able to successfully hedge against the risks associated with currency fluctuations, our financial condition and results of operations could be adversely affected. To date, we have entered into hedging transactions in an effort to reduce our exposure to foreign currency exchange risk. While we may decide to continue to enter into hedging transactions in the future, the availability and effectiveness of these hedging transactions may be limited and we may not be able to successfully hedge our exposure, which could adversely affect our financial condition and results of operations.

Risks Related to Taxation

Unanticipated changes in effective tax rates or adverse outcomes resulting from examination of our income or other tax returns could expose us to greater than anticipated tax liabilities.

The tax laws applicable to our business, including the laws of Israel, the U.S., and other jurisdictions, are subject to interpretation and certain jurisdictions may aggressively interpret their laws in an effort to raise additional tax revenue. The tax authorities of the jurisdictions in which we operate may challenge our methodologies for valuing developed technology or intercompany arrangements or our revenue recognition policies, which could increase our worldwide effective tax rate and harm our financial position and results of operations. It is possible that tax authorities may disagree with certain positions we have taken and any adverse outcome of such a review or audit could have a negative effect on our financial position and results of operations. Further, the determination of our worldwide provision for income taxes and other tax liabilities requires significant judgment by management, and there are transactions where the ultimate tax determination is uncertain. Although we believe that our estimates are reasonable, the ultimate tax outcome may differ from the amounts recorded in our consolidated financial statements and may materially affect our financial results in the period or periods for which such determination is made.

In addition, we typically invoice customers for the full contract amount at the time of entering into a contract, but recognize revenue over the term of the subscription period. Applicable tax authorities may challenge our tax reporting position and may accelerate our tax obligation based on cash received, which may materially affect our financial results.

Our corporate structure and intercompany arrangements are subject to the tax laws of various jurisdictions, and we could be obligated to pay additional taxes, which would harm our results of operations.

Based on our current corporate structure, we are subject to taxation in several jurisdictions around the world with increasingly complex tax laws, the application of which can be uncertain. The amount of taxes we pay in these jurisdictions could increase substantially as a result of changes in the applicable tax principles, including increased tax rates, new tax laws, or revised interpretations of existing tax laws and precedents. The authorities in these jurisdictions could review our tax returns or require us to file tax returns in jurisdictions in which we are not currently filing, and could impose additional tax, interest, and penalties. These authorities could also claim that various withholding requirements apply to us or our subsidiaries, assert that benefits of tax treaties are not available to us or our subsidiaries, or challenge our methodologies for valuing developed technology or intercompany arrangements, including our transfer pricing. The relevant tax authorities may determine that the manner in which we operate our business does not achieve the intended tax consequences. If such a disagreement were to occur, and our position was not sustained, we could be required to pay additional taxes, interest, and penalties. Any increase in the amount of taxes we pay or that are imposed on us could increase our worldwide effective tax rate and harm our business and results of operations.

The tax benefits that are available to us require us to continue to meet various conditions and may be terminated or reduced in the future, which could increase our costs and taxes.

We are eligible for certain tax benefits provided to a “Preferred Technology Enterprise” under the Israeli Law for the Encouragement of Capital Investments, 1959, referred to as the Investment Law. In order to remain eligible for the tax benefits for a Preferred Technology Enterprise, we must continue to meet certain conditions stipulated in the Investment Law and its regulations, as amended. If these tax benefits are reduced, canceled, or discontinued, our Israeli taxable income from the Preferred Technology Enterprise would be subject to regular Israeli corporate tax rates. Additionally, if we increase our activities outside

of Israel through acquisitions, for example, our expanded activities might not be eligible for inclusion in future Israeli tax benefit programs.

We could be required to collect additional sales, use, value added, digital services, or other similar taxes or be subject to other liabilities that may increase the costs our clients would have to pay for our products which would adversely affect our results of operations.

We collect sales, value added, and other similar taxes in a number of jurisdictions. One or more U.S. states or countries may seek to impose incremental or new sales, use, value added, digital services, or other tax collection obligations on us. Further, an increasing number of U.S. states have considered or adopted laws that attempt to impose tax collection obligations on sales made into the state or other economic presence. A successful assertion by one or more U.S. states requiring us to collect taxes where we presently do not do so, or to collect more taxes in a jurisdiction in which we currently do collect some taxes, could result in substantial liabilities, including taxes on past sales, as well as interest and penalties. Furthermore, certain jurisdictions, such as the United Kingdom and France, introduced a digital services tax, which is generally a tax on gross digital services revenue generated from users or customers located in those jurisdictions, and other jurisdictions have enacted or are considering enacting similar laws. A successful assertion by a U.S. state or local government, or other country or jurisdiction that we should have been or should be collecting additional sales, use, value added, digital services, or other similar taxes could, among other things, result in substantial tax payments, create significant administrative burdens for us, discourage potential customers from subscribing to our platform due to the incremental cost of any such sales or other related taxes, or otherwise harm our business.

Our ability to use our net operating loss carryforwards to offset future taxable income may be subject to certain limitations.

As of December 31, 2025, we had net operating loss carryforwards of 239.7 million in Israel and U.S. state net operating loss carryforwards of 76.5 million, which may be utilized against future taxable income. Limitations imposed by the applicable jurisdictions on our ability to utilize net operating loss carryforwards, including with respect to the net operating loss carryforwards of companies that we have acquired or may acquire in the future, could cause income taxes to be paid earlier than would be paid if such limitations were not in effect and could cause such net operating loss carryforwards to expire unused, in each case reducing or eliminating the benefit of such net operating loss carryforwards. Furthermore, we may not be able to generate sufficient taxable income to utilize our net operating loss carryforwards before they expire. If any of these events occur, we may not derive some or all of the expected benefits from our net operating loss carryforwards.

Risks Related to Our Ordinary Shares

The market price for our ordinary shares may be volatile or may decline regardless of our operating performance.

The market price of our ordinary shares may be highly volatile and may fluctuate or decline substantially as a result of a variety of factors, many of which are beyond our control, including but not limited to:

The concentration of our share ownership with insiders will likely limit your ability to influence corporate matters, including the ability to influence the outcome of director elections and other matters requiring shareholder approval. The concentration of our share ownership with insiders will likely limit your ability to influence corporate matters, including the ability to influence the outcome of director elections and other matters requiring shareholder approval.

Our executive officers, directors, current 5% or greater shareholders (excluding passive institutional investors who hold their shares for investment purposes only and do not seek to influence control), and affiliated entities together beneficially owned approximately 12% of our ordinary shares outstanding as of December 31, 2025. As a result, these shareholders, acting together, will likely have control over certain matters that require approval by our shareholders, including matters such as the appointment and dismissal of directors, capital increases, amendment to our articles of associations, and approval of certain corporate transactions. Corporate action might be taken even if other shareholders oppose them. This concentration of ownership might also have the effect of delaying or preventing a change of control of us that other shareholders may view as beneficial. It should be noted that we are not aware of any voting agreement or arrangement between our shareholders.

If industry or financial analysts do not publish research or reports about our business, or if they issue inaccurate or unfavorable research regarding our ordinary shares, our share price and trading volume could decline. If industry or financial analysts do not publish research or reports about our business, or if they issue inaccurate or unfavorable research regarding our ordinary shares, our share price and trading volume could decline.

The trading market for our ordinary shares is influenced by the research and reports that industry or financial analysts publish about us or our business. The trading market for our ordinary shares is influenced by the research and reports that industry or financial analysts publish about us or our business. We do not control these analysts, or the content and opinions included in their reports. If any of the analysts who cover us issues an inaccurate or unfavorable opinion regarding our company, our share price would likely decline. If our financial results fail to meet, or significantly exceed, our announced guidance or the expectations of analysts or public investors, analysts could downgrade our ordinary shares or publish unfavorable research about us. If one or more of these analysts cease coverage of our company or fail to publish reports on us regularly, our visibility in the financial markets could decrease, which in turn could cause our share price or trading volume to decline.

Sales of substantial amounts of our ordinary shares in the public markets, or the perception that they might occur, could reduce the price that our ordinary shares might otherwise attain. 44 Table of Contents Sales of substantial amounts of our ordinary shares in the public markets, or the perception that they might occur, could reduce the price that our ordinary shares might otherwise attain.

Sales of a substantial number of our ordinary shares in the public market, particularly sales by our directors, executive officers, and significant shareholders, or the perception that these sales could occur, could adversely affect the market price of our ordinary shares and may make it more difficult for you to sell your ordinary shares at a time and price that you deem appropriate. We have also registered the offer and sale of all ordinary shares that we may issue under our equity compensation plan and employee stock purchase plan.

The issuance of additional shares in connection with financings, acquisitions, investments, our share incentive plans or otherwise will dilute all other shareholders.

Our amended and restated articles of association authorize us to issue up to 500 million ordinary shares and up to 50 million preference shares with such rights and preferences as included in our articles of association. Subject to compliance with applicable rules and regulations, we may issue ordinary shares or securities convertible into ordinary shares from time to time in connection with a financing, acquisition, investment, our share incentive plans, or otherwise. Any such issuance could result in substantial dilution to our existing shareholders unless pre-emptive rights exist and cause the market price of our ordinary shares to decline.

Provisions of Israeli law and our amended and restated articles of association may delay, prevent, or make undesirable an acquisition of all or a significant portion of our shares or assets.

Certain provisions of Israeli law and our articles of association could have the effect of delaying or preventing a change in control and may make it more difficult for a third party to acquire us or for our shareholders to elect different individuals to our board of directors, even if doing so would be beneficial to our shareholders, and may limit the price that investors may be willing to pay in the future for our ordinary shares. For example, Israeli corporate law regulates mergers and requires that a tender offer be effected when certain thresholds of percentage ownership of voting power in a company are exceeded (subject to certain conditions). Further, Israeli tax considerations may make potential transactions undesirable to us or to some of our shareholders whose country of residence does not have a tax treaty with Israel granting tax relief to such shareholders from Israeli tax.

Furthermore, under the Encouragement of Research, Development and Technological Innovation in the Industry Law, 5744-1984, and the regulations, guidelines, rules, procedures, and benefit tracks thereunder, collectively, the Innovation Law, to which we are subject due to our receipt of grants from the Israeli National Authority for Technological Innovation, or the Israeli Innovation Authority (the “IIA”), a recipient of IIA grants such as our company must report to the IIA regarding any change in the holding of means of control of our company which transforms any non-Israeli citizen or resident into an “interested party,” as defined in the Israeli Securities Law, and such non-Israeli citizen or resident shall execute an undertaking in favor of IIA, in a form prescribed by IIA.

Our amended and restated Articles of Association provide that the federal district courts of the United States of America will be the exclusive forum for resolving any complaint asserting a cause of action arising under the Securities Act, which could limit our shareholders’ ability to choose the judicial forum for disputes with us or our directors, shareholders, officers, or other employees.

Section 22 of the Securities Act creates concurrent jurisdiction for U.S. federal and state courts over all such Securities Act actions. Accordingly, both U.S. state and federal courts have jurisdiction to entertain such claims. To prevent having to litigate claims in multiple jurisdictions and the threat of inconsistent or contrary rulings by different courts, among other considerations, our amended and restated Articles of Association provide that, unless we consent in writing to the selection of an alternative forum, the federal district courts of the United States of America shall be the exclusive forum for the resolution of any complaint asserting a cause of action arising under the Securities Act. This exclusive forum provision will not apply to suits brought to enforce any liability or duty created by the Exchange Act. Any person or entity purchasing or otherwise acquiring any interest in any of our securities shall be deemed to have notice of and consented to the foregoing provision of our amended and restated Articles of Association.

Although we believe this exclusive forum provision benefits us by providing increased consistency in the application of U.S. federal securities laws in the types of lawsuits to which they apply, the exclusive forum provision may limit a shareholder’s ability to bring a claim in a judicial forum of its choosing for disputes with us or any of our directors, shareholders, officers, or other employees, which may discourage lawsuits with respect to such claims against us and our current and former directors, shareholders, officers, or other employees. Our shareholders will not be deemed to have waived our compliance with the U.S. federal securities laws and the rules and regulations thereunder as a result of our exclusive forum provision. Further, in the event a court finds the exclusive forum provision contained in our amended and restated Articles of Association to be unenforceable or inapplicable in an action, we may incur additional costs associated with resolving such action in other jurisdictions, which could harm our results of operations. Further, in the event a court finds the exclusive forum provision contained in our amended and restated Articles of Association to be unenforceable or 45 Table of Contents inapplicable in an action, we may incur additional costs associated with resolving such action in other jurisdictions, which could harm our results of operations.

We have not in the past and do not intend to pay dividends in the foreseeable future. As a result, your ability to achieve a return on your investment will depend on appreciation in the price of our ordinary shares.

We have never declared or paid any cash dividends on our shares. We currently intend to retain all available funds and any future earnings for use in the operation of our business and do not anticipate paying any dividends on our ordinary shares in the

foreseeable future. Consequently, investors who purchase our ordinary shares may be unable to realize a gain on their investment except by selling such shares after price appreciation, which may never occur.

Our board of directors has sole discretion whether to pay dividends. If our board of directors decides to pay dividends, the form, frequency, and amount will depend upon our future, operations and earnings, capital requirements and surplus, general financial condition, contractual restrictions, and other factors that our directors may deem relevant. The Israeli Companies Law, 5759-1999 (the “Companies Law”) imposes restrictions on our ability to declare and pay dividends. Payment of dividends may also be subject to Israeli withholding taxes.

Risks Related to Our Incorporation and Location in Israel

While most of our go-to-market and support services are located outside of Israel (mainly in the U.S., India, and Europe), given the conditions in Israel and the regional conflict in the Middle East, it is possible that our operations could be adversely affected over time, which could lead to a disruption in our business.

A material part of our research and development activities is conducted in Israel and certain members of our board of directors and management, as well as more than half of our employees and consultants, are located in Israel. As a result, our business and operations could be affected by economic, political, geopolitical, and military conditions in Israel. Since the establishment of the State of Israel in 1948, Israel has experienced a number of armed conflicts involving neighboring countries and terrorist organizations active in the region. Since the establishment of the State of Israel in 1948, a number of armed conflicts have occurred between Israel and its neighboring countries and terrorist organizations active in the region.

In October 2023, Hamas militants and members of other terrorist organizations infiltrated Israel’s southern border from the Gaza Strip and carried out attacks against both civilian and military targets. Hezbollah militants also launched attacks against civilian and military targets from Israel’s northern border. Since these events began, additional hostilities have involved other parties in the region, including Iran and its proxies, and tensions between the United States and Iran have increased. In October 2025, Israel and Hamas reached a ceasefire agreement, resulting in a cessation of direct conflict between them; however, the situation remains volatile and may escalate again. The intensity and duration of these conflicts and their economic implications for the Company and Israel’s economy are difficult to predict. These events may also have broader macroeconomic consequences, including a deterioration of Israel’s economic standing (for example, a downgrade of Israel’s credit rating by certain agencies), which could have a material adverse effect on the Company and its ability to conduct its operations effectively. These events may imply wider macroeconomic indications of a deterioration of Israel’s economic standing (including as the result of a downgrade in Israel’s credit rating by certain credit rating agencies), which may have a material adverse effect on the Company and its ability to effectively conduct its operations.

Certain of our employees and consultants in Israel have been called, and additional employees may be called, for service and may be absent for an extended period of time. As a result, our operations may be disrupted by such absences, which disruption may materially and adversely affect our business and results of operations. In addition, military reservists in Israel are expected to perform long reserve duty service in the coming years, which could further impact our operations.

Certain countries, companies, and organizations participate in boycotts of Israeli companies, and recent efforts to expand boycotts of Israeli goods and services or to restrict business with Israel have increased. Certain countries, companies, and organizations participate in a boycott of Israeli companies, and there have been increased efforts recently to cause companies and consumers to boycott Israeli goods and services. Any such boycotts and any restrictive laws, policies, or practices targeting Israel, Israeli businesses, or Israeli citizens could, individually or in the aggregate, have a material adverse effect on our business. Any boycott, restrictive laws, policies, or practices directed towards Israel, Israeli businesses, or Israeli citizens could, individually or in the aggregate, have a material adverse effect on our business. The International Court of Justice has issued rulings and has taken actions relating to Israel, which could adversely affect our business, including by prompting companies to terminate, or decline to enter into, commercial relationships with Israeli companies. In addition, proposed changes to Israel's judicial system may contribute to political instability or civil unrest, which may adversely affect our business, results of operations, and ability to raise additional funds if needed.

It may be difficult to enforce a U.S. judgment against us, our officers and directors in Israel or the U.S., or to assert U.S. securities laws claims in Israel or serve process on our Israeli officers and directors.

Not all of our directors or officers are residents of the U.S. Most of our assets and those of our non-U.S. directors and officers are located outside the U.S. Service of process upon us or our non-U.S. resident directors and officers may be difficult to obtain within the U.S. We have been informed by our legal counsel in Israel that it may be difficult to assert claims under U.S. securities laws in original actions instituted in Israel or obtain a judgment based on the civil liability provisions of U.S. federal securities laws. Israeli courts may refuse to hear a claim based on an alleged violation of U.S. securities laws against us or our non-U.S. officers or directors, reasoning that Israel is not the most appropriate forum to hear such a claim. In addition, even if an Israeli court agrees to hear a claim, it may determine that Israeli law and not U.S. law is applicable to the claim. If U.S. law is found to be applicable, the content of applicable U.S. law must be proved as a fact by expert witnesses, which can be a time-consuming and costly process. Certain matters of procedure may also be governed by Israeli law. There is little binding case law in Israel addressing the matters described above. Israeli courts might not enforce judgments rendered outside Israel, which may make it difficult to collect on judgments rendered against us or our non-U.S. officers and directors.

Moreover, among other reasons, including but not limited to, fraud or absence of due process, or the existence of a judgment which is at variance with another judgment that was given in the same matter if a suit in the same matter between the same parties was pending before a court or tribunal in Israel, an Israeli court will not enforce a foreign judgment if it was given in a state whose laws do not provide for the enforcement of judgments of Israeli courts (subject to exceptional cases), or if its enforcement is likely to prejudice the sovereignty or security of the State of Israel.

Your rights and responsibilities as our shareholder are governed by Israeli law, which may differ in some respects from the rights and responsibilities of shareholders of U.S. corporations.

We are incorporated under Israeli law. The rights and responsibilities of holders of our ordinary shares are governed by our amended and restated articles of association and the Companies Law. These rights and responsibilities differ in some respects from the rights and responsibilities of shareholders in typical U.S. corporations. In particular, pursuant to the Companies Law, each shareholder of an Israeli company has to act in good faith and in a customary manner in exercising his or her rights and fulfilling his or her obligations toward the company and other shareholders and to refrain from abusing his or her power in the company, including, among other things, in voting at the general meeting of shareholders, on amendments to a company’s articles of association, increases in a company’s authorized share capital, mergers, and certain transactions requiring shareholders’ approval under the Companies Law. In addition, a controlling shareholder of an Israeli company or a shareholder who knows that it possesses the power to determine the outcome of a shareholder vote or who has the power to appoint or prevent the appointment of a director or officer in the company, or has other powers toward the company, has a duty of fairness toward the company. However, Israeli law does not define the substance of this duty of fairness. There is little case law available to assist in understanding the implications of these provisions that govern shareholder behavior.

We have received Israeli government grants for certain of our research and development activities. The terms of these grants may require us to satisfy specified conditions in order to develop and transfer technologies supported by such grants outside of Israel. In addition, in some circumstances, we may be required to pay penalties in addition to repaying the grants.

Our research and development efforts were financed, in part, through grants from the IIA. From our inception through 2015, we conducted projects with the IIA’s support and received grants totaling $1.2 million from the IIA and repaid to the IIA $1.3 million (the entire amount of the grants and accrued interest).

The Innovation Law requires, inter alia, that the products developed as part of the programs under which the grants were given be manufactured in Israel and restricts the ability to transfer know-how funded by IIA outside of Israel. The Innovation Law requires, inter alia, that the products developed as part of the programs under which the grants were given be manufactured in Israel and restricts the ability to transfer know-how funded by IIA outside of Israel. Transfer of IIA-funded know-how outside of Israel requires prior approval and is subject to payment of a redemption fee to the IIA calculated according to a formula provided under the Innovation Law. A transfer for the purpose of the Innovation Law is generally interpreted very broadly and includes, inter alia, any actual sale of the IIA-funded know-how, any license to develop the IIA-funded know-how or the products resulting from such IIA-funded know-how, or any other transaction, which, in essence, constitutes a transfer of IIA-funded know-how. We cannot be certain that any approval of the IIA will be obtained on terms that are acceptable to us, or at all. We may not receive the required approvals should we wish to transfer IIA-funded know-how and/or development outside of Israel in the future.

Transfer of IIA know-how created, in whole or in part, in connection with an IIA-funded project, to a third party outside Israel requires prior approval and is subject to payment to the IIA of a redemption fee calculated according to a formula provided under the Innovation Law. Subject to prior approval of the IIA, we may transfer the IIA-funded know-how to another Israeli company. If the IIA-funded know-how is transferred to another Israeli entity, the transfer would still require IIA approval but will not be subject to the payment of the redemption fee. If the IIA-funded know-how is transferred to another Israeli entity, the transfer would still require IIA approval but will not be 47 Table of Contents subject to the payment of the redemption fee. In such case, the acquiring company would have to assume all of the applicable restrictions and obligations towards the IIA (including the restrictions on the transfer of know-how and manufacturing capacity, to the extent applicable, outside of Israel) as a condition to IIA approval.

General Risk Factors

The requirements of being a public company may strain our resources and divert management’s attention.

As a public company listed in the U.S., we are subject to the reporting requirements of the Exchange Act, the Sarbanes-Oxley Act, the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010, Nasdaq listing requirements and other applicable securities rules and regulations. Compliance with these rules and regulations increases our legal and financial compliance costs, makes some activities more difficult, time-consuming, or costly, and increases demand on our systems and resources. The Exchange Act requires, among other things, that we file annual, quarterly, and current reports with respect to our business and results of operations.

In addition, changing laws, regulations, and standards relating to corporate governance and public disclosure, including regulations implemented by the SEC and Nasdaq, and monitoring and adhering to guidelines issued periodically by shareholder advisory firms like ISS and Glass Lewis, may increase legal and financial compliance costs and make some activities more time consuming. These laws, regulations, and standards are subject to varying interpretations, and as a result, their application in practice may evolve over time as new guidance is provided by regulatory and governing bodies.

As a result of disclosure of information in our filings with the SEC, our business and financial condition are visible, which may result in threatened or actual litigation, including by competitors and other third parties. If such claims are successful, our business and results of operations could be adversely affected, and even if the claims do not result in litigation or are resolved in our favor, these claims, and the time and resources necessary to resolve them, could divert the resources of our management and adversely affect our business and results of operations.

If we fail to maintain an effective system of disclosure controls and internal control over financial reporting, our ability to produce timely and accurate financial statements or comply with applicable regulations could be impaired. If we fail to maintain an effective system of disclosure controls and internal control over financial reporting, our ability to produce timely and accurate financial statements or comply with applicable regulations could be impaired.

As a public company, we are subject to the reporting requirements of the Exchange Act, the Sarbanes-Oxley Act, and the rules and regulations of the applicable Nasdaq listing standards. We are required, pursuant to Section 404 of the Sarbanes-Oxley Act, to furnish a report by management on, among other things, the effectiveness of our internal control over financial reporting. This assessment will need to include disclosure of any material weaknesses identified by our management in our internal control over financial reporting. In addition, our independent registered public accounting firm is required to attest to the effectiveness of our internal control over financial reporting.

In order to maintain and improve the effectiveness of our disclosure controls and procedures and internal control over financial reporting, we have expended and anticipate that we will continue to expend significant resources, including accounting-related costs and significant management oversight. For example, since our IPO, we have implemented additional policies and procedures associated with the financial statement close process and implemented a system to supplement our core accounting system as part of our control environment. We expect that the requirements of these rules and regulations will continue to increase our legal, accounting, financial compliance and audit costs, make some activities more difficult, time-consuming and costly, and increase demand on our personnel, systems, and resources.

In addition, our current controls and any new controls that we develop may become inadequate because of changes in the conditions in our business, including increased complexity resulting from our international expansion. In addition, our current controls and any new controls that we develop may become inadequate because of changes in the conditions in our business, including increased complexity resulting from our international expansion. Further, weaknesses in our disclosure controls or our internal control over financial reporting may be discovered in the future. Any failure to maintain internal control over financial reporting could severely inhibit our ability to accurately report our financial condition or results of operations. If we are unable to conclude that our internal control over financial reporting is effective, or if our independent registered public accounting firm determines we have a material weakness in our internal control over financial reporting, we could lose investor confidence in the accuracy and completeness of our financial reports, the market price of our ordinary share could decline, and we could be subject to sanctions or investigations by the SEC or other regulatory authorities. Failure to remedy any material weakness in our internal control over financial reporting, or to implement or maintain other effective control systems required of public companies, could also restrict our future access to the capital markets.

The impact of the regional conflict in the Middle East, the war between Russia and Ukraine, and other areas of geopolitical tension around the world, including the related global economic disruptions, remains uncertain at this time, and could harm or continue to harm our business and results of operations. As of the date of this Annual Report on Form 10-K, the full impact of the war between Israel, Hamas and Hezbollah, the regional conflict in the Middle East, the war between Russia and Ukraine, and related global economic disruptions on our financial condition and results of operations remains uncertain.

The regional conflict in the Middle East, the war between Russia and Ukraine, and other areas of geopolitical tension around the world continue to impact worldwide economic activity and financial markets. In October 2025, a ceasefire agreement was reached between Israel and Hamas, resulting in a cessation of active hostilities between these parties. However, the situation remains volatile, and there is still a risk of renewed escalation or spillover involving other parties in the region. As a result, we could experience disruptions in our business or the business of our partners, customers, or the economy as a whole, any of which could adversely affect and could materially adversely impact our business, results of operations, and overall financial condition in future periods.

The regional conflict in the Middle East, the Russia-Ukraine war, and related global economic disruptions on our operational and financial condition will depend on certain developments, including: government responses to the conflicts and wars; the impact of the conflicts and wars on our customers and our sales cycles; their impacts on customer, industry, or technology-based community events; and their effect on our partners, some of which are uncertain, difficult to predict, and not within our control. The extent and continued impact of the war between Israel, Hamas and Hezbollah, the regional conflict in the Middle East, the Russia-Ukraine war, and related global economic disruptions on our operational and financial condition will depend on certain developments, including: government responses to the wars; the impact of the wars on our customers and our sales cycles; their impacts on customer, industry, or technology-based community events; and their effect on our partners, some of which are uncertain, difficult to predict, and not within our control. General economic conditions and disruptions in global markets due to the regional conflict in the Middle East, the Russia-Ukraine

war, and other areas of geopolitical tension around the world, and any actions taken by governmental authorities and other third parties in response may also affect our future performance.

As of the date of this Annual Report on Form 10-K, the full impact of the regional conflict in the Middle East, the war between Russia and Ukraine, and related global economic disruptions on our financial condition and results of operations remains uncertain.As of the date of this Annual Report on Form 10-K, we are not aware of any cybersecurity threats that have materially affected or are reasonably likely to materially affect the Company, including our business strategy, results of operations, or financial condition. Furthermore, because of our subscription-based business model, the impact of these factors may not be fully reflected in our results of operations and overall financial condition until future periods, if at all.

If our estimates or judgments relating to our critical accounting policies are based on assumptions that change or prove to be incorrect, our results of operations could fall below expectations of securities analysts and investors, resulting in a decline in the trading price of our ordinary shares. If our estimates or judgments relating to our critical accounting policies are based on assumptions that change or prove to be incorrect, our results of operations could fall below expectations of securities analysts and investors, resulting in a decline in the trading price of our ordinary shares.

The preparation of financial statements in conformity with GAAP requires management to make estimates and assumptions that affect the amounts reported in the consolidated financial statements and accompanying notes. We base our estimates on historical experience and on various other assumptions that we believe to be reasonable under the circumstances, the results of which form the basis for making judgments about the carrying values of assets, liabilities, equity, revenue, and expenses that are not readily apparent from other sources. Our results of operations may be adversely affected if our assumptions change or if actual circumstances differ from those in our assumptions, which could cause our results of operations to fall below our publicly announced guidance or the expectations of securities analysts and investors, resulting in a decline in the market price of our ordinary shares. Significant items subject to such estimates and assumptions include, but are not limited to, the allocation of transaction price among various performance obligations, the estimated benefit period of deferred contract acquisition costs, the allowance for credit losses, the fair value of acquired intangible assets and goodwill, the useful lives of acquired intangible assets and property and equipment, the incremental borrowing rate for operating leases, and the valuation of deferred tax assets and uncertain tax positions.

We are exposed to credit risk and fluctuations in the market values of our investment portfolio. We are exposed to credit risk and fluctuations in the market values of our investment portfolio.

Given the global nature of our business, we have diversified U.S. and non-U.S. investments. Credit ratings and pricing of our investments can be negatively affected by liquidity, credit deterioration, financial results, economic risk, political risk, sovereign risk, or other factors. As a result, the value and liquidity of our investments may fluctuate substantially. Therefore, although we have not realized any significant losses on our investments, future fluctuations in their value could result in a significant realized loss.

Catastrophic events, or man-made problems such as terrorism, may disrupt our business.

A significant catastrophic event (such as an earthquake, fire, flood, heat wave, hurricane, severe weather, storm, tornado, tsunami, typhoon, volcanic eruption, or other natural disaster), or significant power outage could have an adverse impact on our business, results of operations, and financial condition. Climate change and other environmental factors are contributing to an increase in erratic weather patterns globally and intensifying the impact of certain types of catastrophes. We have a number of our employees and executive officers located in the San Francisco Bay Area where our U.S. headquarters are located, a region known for seismic activity, rising ocean levels, and increasingly, wildfires and associated flash floods. A significant natural disaster, such as an earthquake, tsunami, wildfire, flood or significant power outage affecting the Bay Area, could have a material adverse impact on our business, results of operations, and financial condition. In the event our or our partners’ abilities are hindered by any of the events discussed above, sales could be delayed, resulting in missed financial targets for a particular quarter. In addition, acts of terrorism, pandemics (such as the outbreak of the novel coronavirus or another public health crisis), protests, riots, armed conflict, and other geopolitical unrest could cause disruptions in our business or the business of our partners, customers, or the economy as a whole. In addition, acts of terrorism, pandemics, such as the outbreak of the novel coronavirus or another public health crisis, protests, riots, and other geopolitical unrest could cause disruptions in our business or the business of our partners, customers, or the economy as a whole.

The risks associated with catastrophic events, the geopolitical landscape, and terrorism are inherently unpredictable, and it is difficult to forecast the timing of such events or estimate the amount of losses they will generate. Such events may adversely impact our current or potential customers, which may prevent us from maintaining or expanding our customer base and increasing our revenue, as such events may cause customers to postpone purchases and professional service engagements or to discontinue existing projects. Any disruption in the business of our partners or customers that affects sales in a given fiscal quarter could have a significant adverse impact on our quarterly results for that and future quarters. Any disruption in the business of our partners or 49 Table of Contents customers that affects sales in a given fiscal quarter could have a significant adverse impact on our quarterly results for that and future quarters. All of the aforementioned risks may be further increased if our disaster recovery plans prove to be inadequate.

Item 1B. Unresolved Staff Comments

None.