$FROG Risk Factor changes from 00/02/15/24/2024 to 00/02/14/25/2025

Item 1A. Risk Factors Investing in our ordinary shares involves a high degree of risk. A description of the risks and uncertainties associated with our business and ownership of our ordinary shares is set forth below.

You should carefully consider the risks and uncertainties described below, together with all of the other information contained in this Annual Report on Form 10-K, including the section titled “Management’s Discussion and Analysis of Financial Condition and Result of Operations” and our audited consolidated financial statements and the related notes thereto, before making a decision to invest in our ordinary shares. The risks and uncertainties described below are not the only ones we face. Our business, results of operations, financial condition, or prospects could also be harmed by risks and uncertainties that are not presently known to us or that we currently believe are not material. If any of the risks actually occur, our business, results of operations, financial condition, and prospects could be materially and adversely affected. In that event, the market price of our ordinary shares could decline and you could lose all or part of your investment.S.S., and other jurisdictions in which we may be subject to taxation; and • the future trading prices of our ordinary shares. Our employee headcount has also increased from approximately 1,400 as of December 31, 2023 to approximately 1,600 as of December 31, 2024. We focus on growing the number of large customers as a measure of our ability to scale with our customers and attract larger organizations to adopt our products. As of December 31, 2024, 1,018 of our customers had ARR of $100,000 or more, increasing from 886 customers as of December 31, 2023, and 52 of our customers had ARR of $1,000,000 or more, an increase from 37 customers as of December 31, 2023. In addition, as customers adopt our products for an increasing number of use cases, we have had to support more complex commercial relationships. In 2024, we released multiple JFrog Platform features across our core functionalities in DevOps, DevSecOps, and MLOps, as we continued to expand our position as the system of record for the unified software release lifecycle. We released significant enhancements to JFrog Advanced Security, including JFrog Runtime Security, as well as greatly expanded our MLOps functionality with the acquisition of Qwak AI, Ltd. (“Qwak”) as a foundational technology for our JFrog ML offering. We may not be able to sustain the pace of improvements to our products successfully or implement systems, processes, and controls in an efficient or timely manner or in a manner that does not negatively affect our results of operations. Our failure to improve our systems, processes, and controls, or their failure to operate in the intended manner, may result in our inability to manage the growth of our business and to forecast our revenue, expenses, and earnings accurately, or to prevent losses. As we continue to expand our business, we may find it difficult to maintain our corporate culture while managing our employee growth. Any failure to manage our anticipated growth and related organizational changes in a manner that preserves our culture could negatively impact future growth and achievement of our business objectives. Additionally, our productivity and the quality of our products may be adversely affected if we do not integrate and train our new employees quickly and effectively. Failure to manage any future growth effectively could result in increased costs, negatively affect our customers’ satisfaction with our products, and harm our results of operations. Our growth also makes it difficult to evaluate our future prospects and may increase the risk that we will not be successful. As noted above, our total revenues for the years ended December 31, 2024, 2023 and 2022 were $428. Even if our revenue continues to increase, we expect our revenue growth rate to decline in future periods. If our growth rate declines, investors’ perceptions of our business and the market price of our ordinary shares could be adversely affected. We have encountered in the past, and may encounter in the future, risks and uncertainties frequently experienced by growing companies in rapidly changing industries. If we fail to achieve the necessary level of efficiency in our organization as it grows, or if we are not able to accurately forecast future growth, our business would be harmed. Moreover, if the assumptions that we use to plan our business are incorrect or change in reaction to changes in our market, or we are unable to maintain consistent revenue or revenue growth, our share price could be volatile, and it may be difficult to achieve and maintain profitability. Our results of operations, including our revenue, cost of revenue, gross margin, operating expenses, cash flow, and deferred revenue, have fluctuated from quarter to quarter in the past and may continue to vary significantly in the future so that period-to-period comparisons of our results of operations may not be meaningful. Our quarterly financial results may fluctuate as a result of a variety of factors, many of which are outside of our control, may be difficult to predict, and may or may not fully reflect the underlying performance of our business.S. and internationally; • fluctuations in the mix of our revenue between self-managed subscriptions and SaaS subscriptions; • our overall effective tax rate, including impacts caused by any reorganization in our corporate tax structure and any new legislation or regulatory developments; • fluctuations in foreign currency exchange rates; and • the impact of political uncertainty or unrest, including the Russia-Ukraine war, the war between Israel, Hamas and Hezbollah, the regional conflict in the Middle East, other areas of geopolitical tension around the world, including Syria, or the worsening of such conflicts or tensions and any related global economic disruptions. The impact of one or more of the foregoing or other factors may cause our results of operations to vary significantly. Such fluctuations could cause us to fail to meet the expectations of investors or securities analysts, which could cause the trading price of our ordinary shares to fall substantially, and we could face costly lawsuits, including securities class action suits. We have a history of losses and may not be able to achieve profitability on a consistent basis. If we cannot achieve profitability, our business, financial condition, and results of operations may suffer. We incurred a net loss of $69.2 million in the years ended December 31, 2024, 2023 and 2022, respectively. As a result, we had an accumulated deficit of $359.7 million as of December 31, 2024. These efforts may prove more expensive than we currently anticipate, and we may not succeed in increasing our revenue sufficiently, or at all, to offset these higher expenses. Any failure to increase our revenue as we grow our business could prevent us from achieving profitability or maintaining positive operating cash flow and free cash flow at all or on a consistent basis, which would cause our business, financial condition, and results of operations to suffer. Our future success depends on the growth and expansion of these markets and our ability to adapt and respond effectively to evolving markets. The markets for our products are maturing in ways we may be unable to anticipate accurately. Accordingly, it is difficult to predict customer adoption and renewals and demand for our platform and our products, the entry of competitive products, the success of existing competitive products, or the future growth rate, expansion, longevity, and the size of the DevOps, DevSecOps, MLOps, and software release management software markets. If we or other software and SaaS providers experience security incidents, loss of customer data, or disruptions in delivery or service, the market for these applications as a whole, including our platform and products, may be negatively affected. We expect our revenue mix to vary over time, which could harm our gross margin and results of operations. Further, our gross margins and results of operations could be harmed by numerous other factors, including entry into new markets or growth in lower margin markets; entry into markets with different pricing and cost structures; pricing discounts; and increased price competition. Any one of these factors or the cumulative effects of certain of these factors may result in significant fluctuations in our gross margin and results of operations. This variability and unpredictability could result in our failure to meet internal expectations or those of securities analysts or investors for a particular period. If we fail to meet or exceed such expectations for these or any other reasons, the market price of our ordinary shares could decline. If we are not able to keep pace with technological and competitive developments or fail to integrate our products with a variety of technologies that are developed by others, our products may become less marketable, less competitive, or obsolete, and our results of operations may be adversely affected. The success of any new product introductions depends on a number of factors including, but not limited to, timely and successful product development, market acceptance, the quality of our product and the user experience, our ability to manage the risks associated with new product releases, the effective management of development and other spending in connection with anticipated demand for new products, and the availability of newly developed products. We have in the past experienced bugs, errors, or other defects or deficiencies in new products and product updates and delays in releasing new products, deployment options, and product enhancements and may have similar experiences in the future. As a result, some of our customers may either defer purchasing our products until the next upgrade is released or switch to a competitor if we are not able to keep up with technological developments. For example, AI and machine learning may change the way our industry operates, and businesses that are slow to adopt or fail to adopt these new technologies may face a competitive disadvantage. In addition, if defects are not discovered until after customers purchase our products, our customers could lose confidence in the quality of our products and our reputation and brand may be harmed. If significant bugs, errors, or other defects or deficiencies are not discovered and patched in a timely manner, unauthorized parties could gain access to such products. Any negative publicity related to the perceived quality of our products could harm our business, results of operations, and financial condition.” in this Part I, Item 1A. The market for our products is highly fragmented, quickly evolving, and subject to rapid changes in technology. Our products are available for self-managed, SaaS, and hybrid deployments. Over time, many companies built solutions in-house for specific use cases they uniquely required. Often, these solutions do not scale or were not designed to meet the needs of modern software delivery methodologies or technologies. •DevOps and developer-focused vendors. Many companies address only certain parts of the DevOps cycle and may compete with a limited set of JFrog offerings, including Microsoft’s GitHub, GitLab, Cloudsmith, and Sonatype. •Cloud providers.’s Google Cloud, may compete with a subset of JFrog functionality. •Security point solutions. Some security-focused companies may compete with a subset of JFrog’s holistic security offerings or address only developer-level security, such as Aqua Security, Snyk, Sonatype, and Synopsys. •Diversified vendors. Some diversified technology companies, such as IBM, Inc. (including Red Hat), Pivotal Software, and Broadcom’s VMware may have offerings that compete with certain JFrog products. Some existing and potential competitors have recently announced plans to be acquired. Such industry consolidation could result in heightened competition from companies with more significant resources than us. Many of our competitors have greater financial, technical, and other resources, greater brand recognition, larger sales forces and marketing budgets, broader distribution networks, more diverse product and services offerings, and larger and more mature intellectual property portfolios. They may be able to leverage these resources to gain business in a manner that discourages customers from purchasing our offerings. Furthermore, we expect that our industry will continue to attract new companies, including smaller emerging companies, which could introduce new offerings. We may also expand into new markets and encounter additional competitors in such markets. JFrog Artifactory is at the center of our platform and any decline in demand for JFrog Artifactory occasioned by malfunction, inferior performance, increased competition, or otherwise, will impact our business, results of operations and financial condition. Our subscription structure is aligned with the way we have built our platform, and JFrog Artifactory is at the center of our platform and all subscriptions. Accordingly, market acceptance of JFrog Artifactory is critical to our success. If demand for JFrog Artifactory declines, the demand for our other products will also decline. Demand for JFrog Artifactory is affected by a number of factors, many of which are beyond our control, such as continued market acceptance of JFrog Artifactory and products by customers for existing and new use cases, the timing of development and release of new features, functionality, and lower cost alternatives introduced by our competitors, technological changes and developments within the markets we serve, and growth or contraction in our addressable markets. We recognize a significant portion of our subscription revenue over the term of the relevant subscription period. As a result, much of the subscription revenue we report each fiscal quarter is the recognition of deferred revenue from subscription contracts entered into during previous fiscal quarters. Consequently, a decline in new or renewed subscriptions in any one fiscal quarter will not be fully or immediately reflected in revenue in that fiscal quarter and will negatively affect our revenue in future fiscal quarters. We expect to derive a significant portion of our revenue from renewals of existing subscriptions. Our customers have no contractual obligation to renew their subscriptions after the completion of their subscription term. Our customers’ renewals may decline or fluctuate as a result of a number of factors, including their satisfaction with our products and our customer support, the frequency and severity of product outages, our product uptime or latency, the pricing of our, or competing, products, additional new features and capabilities that we offer, new integrations, and updates to our products as a result of updates by technology partners. If our customers renew their subscriptions, they may renew for shorter subscription terms or on other terms that are less economically beneficial to us. We may not accurately predict future renewal trends. If our customers do not renew their subscriptions, or renew on less favorable terms, our revenue may grow more slowly than expected or decline. If we are unable to increase sales of our subscriptions to new customers, sell additional subscriptions to our existing customers, or expand the value of our existing customers’ subscriptions, our future revenue and results of operations will be harmed. Our future success depends on our ability to sell our subscriptions to new customers and to expand within our existing customers by selling paid subscriptions to our existing users and expanding the value and number of existing customers’ subscriptions within the organization. Our ability to sell new subscriptions depends on a number of factors, including the prices of our products, the functionality of our products, the prices of products offered by our competitors, and the budgets of our customers. We serve customer needs with multiple tiers of subscriptions that differ based on product depth and functionality. We also offer a limited free trial of our platform. To the extent that users of our free trial do not become, or lead others not to become, paying customers, we will not realize the intended benefits of these strategies, our expenses may increase as a result of associated hosting costs, and our ability to grow our business may be harmed. We also offer an open source version of JFrog Artifactory. Our open source version is intended to increase visibility and familiarity of our platform among the developer communities. We invest in developers and developer communities through multiple channels, including the introduction of new open source projects, as well as through our annual developer conference, swampUP, and other community-centered events. There is no guarantee that such events will translate into new customers, or that open source users will convert to paying subscribers. In addition, a significant aspect of our sales and marketing focus is to expand deployments within existing customers. The rate at which our customers purchase additional subscriptions and expand the value of existing subscriptions depends on a number of factors, including customers’ level of satisfaction with our products, the nature and size of the deployments, the desire to address additional use cases, and the perceived need for additional features, as well as general economic conditions. We have experienced in the past and expect in the future that recessionary concerns and other unfavorable economic conditions will negatively impact our ability to expand deployments within existing customers. If our customers do not recognize the potential of our products, our business would be materially and adversely affected. The loss of the services of any of our key personnel, the inability to attract or retain qualified personnel, or delays in hiring required personnel, particularly in engineering and sales, may seriously harm our business, financial condition, and results 24 Table of Contents of operations. For example, we onboarded a new Chief Legal Officer in late 2023, and a new Chief Financial Officer in early 2024. The loss of services of senior management could significantly delay or prevent the achievement of our development and strategic objectives, which could adversely affect our business, financial condition, and results of operations. We are also substantially dependent on the continued service of our existing engineering personnel because of the complexity of our products. There is currently a high demand for experienced professionals in all areas required to run a complex, multinational business, including but not limited to DevOps, DevSecOps, and MLOps. We may not be successful in attracting, integrating, or retaining qualified personnel to fulfill our current or future needs. Also, to the extent we hire personnel from competitors, we may be subject to allegations that they have been improperly solicited, that they have divulged proprietary or other confidential information, or that their former employers own their inventions or other work product. To execute our growth plan, we must attract and retain highly qualified personnel.S. headquarters are located. Therefore, we may not be successful in attracting and retaining qualified personnel. We have from time to time in the past experienced, and we expect to continue to experience, difficulty in hiring and retaining highly skilled employees with appropriate qualifications. Our recent hires and planned hires may not become as productive as we expect, and we may be unable to hire, integrate, or retain sufficient numbers of qualified individuals. We may not be able to make such a demonstration. Employees may be more likely to leave us if the shares they own or the shares underlying their equity incentive awards have significantly appreciated or significantly declined in value. Many of our employees may receive significant proceeds from sales of our equity in the public markets, which may reduce their motivation to continue to work for us and could lead to employee attrition. If we fail to attract new personnel, or fail to retain and motivate our current personnel, our business and growth prospects could be harmed. If we fail to maintain or expand these relationships, our results of operations and reputation could be harmed. We currently depend on, and anticipate we will continue to depend on, various third-party relationships to sustain and grow our business.’s Google Cloud (“Google Cloud”). Accordingly, our SaaS products must be compatible with major cloud service providers in order to support local hosting of our JFrog-managed products in geographies chosen by our customers and third parties with whom we may partner. We have also established relationships with certain channel partners to distribute our products. We believe that continued growth in our business is dependent upon identifying, developing, and maintaining strategic relationships with our existing and potential channel partners that can drive substantial revenue and provide additional value-added services to our customers. If we are unable to develop and maintain successful relationships with our channel partners, our business, results of operations, and financial condition could be harmed. In addition, our agreements with our channel partners are non-exclusive, so they may offer customers the products of several different companies, including products that compete with ours. 25 Table of Contents While also partners, public cloud providers (AWS, Azure and Google Cloud) may compete with a subset of JFrog functionality. If we are unsuccessful in establishing or maintaining our partner relationships or any other strategic relationships with third parties, our ability to compete, our revenue, results of operations, and future prospects could be harmed. Even if we are successful in establishing and maintaining our relationships with third-parties, we cannot ensure that our relationships will result in sustained or increased usage of our platform. In addition, any failure of our solutions to operate effectively with the business applications of any third-party partners could reduce the demand for our solutions and cause harm to our business and reputation. We may also be held responsible for obligations that arise from the actions or omissions of third parties with which we do business. If we are unable to respond to changes in a cost-effective manner, our products may become less marketable, less competitive, or obsolete, and our results of operations may be negatively impacted. A limited-functionality version of JFrog Artifactory is licensed under an open source license, which could negatively affect our ability to monetize our products and protect our intellectual property rights.0 (“AGPL”). The AGPL grants licensees broad freedom to view, use, copy, modify, and redistribute the source code of this limited version of JFrog Artifactory. Anyone can download a free copy of this limited version of JFrog Artifactory from the Internet, and we neither know who all of our AGPL licensees are, nor have visibility into how JFrog Artifactory is being used by licensees, so our ability to detect violations of the open source license is extremely limited. This leads some commercial enterprises to consider AGPL-licensed software to be unsuitable for commercial use. However, the AGPL would not prevent a commercial licensee from taking this open source version of JFrog Artifactory under AGPL and using it for internal purposes for free. AGPL also would not prevent a commercial licensee from taking this open source version of JFrog Artifactory under AGPL and using it to compete in our markets by providing it for free. This competition can develop without the degree of overhead and lead time required by traditional proprietary software companies, due to the permissions allowed under AGPL. It is also possible for competitors to develop their own software based on our open source version of JFrog Artifactory. Although this software would also need to be made available for free under the AGPL, it could reduce the demand for our products and put pricing pressure on our subscriptions. We cannot guarantee that we will be able to compete successfully against current and future competitors, some of which may have greater resources than we have, or that competitive pressure or the availability of new open source software will not result in price reductions, reduced operating margins, and loss of market share, any one of which could harm our business, financial condition, results of operations, and cash flows. Our customers depend on our customer support services to resolve issues and realize the full benefits relating to our products. If we do not succeed in helping our customers quickly resolve post-deployment issues or provide effective ongoing support and education on our products, our ability to sell additional subscriptions to, or renew subscriptions with, existing customers or expand the value of existing customers’ subscriptions would be adversely affected and our reputation with potential customers could be damaged. Many larger enterprise customers have more complex IT environments and require higher levels of support than smaller customers. If we fail to meet the requirements of these enterprise customers, it may be more difficult to grow sales with them. Additionally, it can take several months to recruit, hire, and train qualified engineering-level customer support employees. We may not be able to hire such resources fast enough to keep up with demand, particularly if the sales of our products exceed our internal forecasts. To the extent that we are unsuccessful in hiring, training, and retaining adequate support resources, our ability to provide adequate and timely support to our customers, and our customers’ satisfaction with our products, will be adversely 26 Table of Contents affected. Our failure to provide and maintain high-quality support services would have an adverse effect on our business, reputation, and results of operations. Historically, we have experienced seasonality in customer bookings, as we typically enter into a higher percentage of subscription agreements with new customers and renewals with existing customers in our fourth quarter. We believe that this results from the procurement, budgeting, and deployment cycles of many of our customers, particularly our enterprise customers. We expect that this seasonality will continue to affect our bookings, deferred revenue, and our results of operations in the future and might become more pronounced as we continue to target larger enterprise customers. In addition, we have historically experienced seasonality in usage patterns by users of our SaaS subscriptions. We typically experience reduced usage by our customers during holiday periods, particularly at the end of the fourth quarter. As revenue from our SaaS subscriptions is recognized based upon usage, the changes in usage patterns may negatively affect revenues from our SaaS subscriptions and our results of operations. Our products are inherently complex and, despite extensive testing and quality control, have in the past and may in the future contain defects or errors, especially when first introduced, or not perform as contemplated. Any limitation of liability provisions that may be contained in our customer, user, third-party vendor, service provider, and partner agreements may not be accepted by customers, users, third-party vendors, service providers, and partners, or enforceable or adequate or effective as a result of existing or future applicable law or unfavorable judicial decisions, and they may not function to limit our liability arising from regulatory enforcement. The denial of our claims by our insurer or the successful assertion of claims by others against us that exceed available insurance coverage, or the occurrence of changes in our insurance policies, including premium increases or the imposition of large deductible or co-insurance requirements, could have a material adverse effect on our business, including our financial condition, results of operations, and reputation. Our products are often operated in large scale, complex IT environments. Our customers and some partners require training and experience in the proper use of and the benefits that can be derived from our products to maximize their potential. If users of our products do not implement, use, or update our products correctly or as intended, then inadequate performance and/or security vulnerabilities may result. Our failure to effectively provide training and implementation services to our customers could result in lost opportunities for follow-on sales to these customers and decrease subscriptions by new customers, which would adversely affect our business and growth prospects. Customers of our SaaS offerings need to be able to access our platform at any time, without interruption or degradation of performance, and we provide them with service-level commitments with respect to uptime. Public cloud providers maintain control over their platforms that we access and on which we build our product offerings. Therefore, we are vulnerable to their service interruptions and any changes in their product offerings. Moreover, our insurance may not be adequate to cover such liability and may be subject to exclusions. Any of the above circumstances or events may harm our business, results of operations, and financial condition. In addition, our website and internal technology infrastructure may experience performance issues due to a variety of factors, including infrastructure changes, human or software errors, website or third-party hosting disruptions, capacity constraints, technical failures, natural disasters, or fraud or security attacks. If our website is unavailable, our business could be harmed. We expect to continue to make significant investments to maintain and improve website performance and to enable rapid releases of new features and applications for our products. To the extent that we do not effectively upgrade our systems as needed and continually develop our technology to accommodate actual and anticipated changes in technology, our business and results of operations may be harmed. If these services become unavailable due to extended outages or interruptions or because they are no longer available on commercially reasonable terms or prices, our expenses could increase, our ability to manage our finances could be interrupted, our processes for managing sales of our products and supporting our customers could be impaired, and our ability to generate and manage sales leads could be weakened until equivalent services, if available, are identified, obtained, and implemented, any of which could harm our business and results of operations. We typically provide service-level commitments under our subscription agreements. Our subscription agreements typically contain service-level commitments. If we are unable to meet the stated service-level commitments, including failure to meet the uptime and response time requirements under our customer subscription agreements, we may be contractually obligated to provide these customers with certain credits which could significantly affect our revenue in the periods in which the failure occurs and the credits are applied. We offer multiple tiers of subscriptions to our products and as such our service-level commitments will increase if more customers choose subscriptions of JFrog Pro X, JFrog Enterprise X, and JFrog Enterprise Plus. Any service-level failures could also damage our reputation, which could also adversely affect our business, financial condition, and results of operations. Brand promotion activities may not generate user or customer awareness or increase revenue, and even if they do, any increase in revenue may not offset the expenses we incur in building our brand. If we fail to successfully promote and maintain our brand, we may fail to attract or retain users and customers necessary to realize a sufficient return on our brand-building efforts, or to achieve the widespread brand awareness that is critical for broad customer adoption of our products. Our corporate culture has contributed to our success, and if we cannot maintain this culture as we grow, we could lose the innovation, creativity, and entrepreneurial spirit we have worked to foster, which could harm our business. We believe that our culture has been and will continue to be a key contributor to our success. We expect to continue to hire as we expand. If we do not continue to maintain our corporate culture as we grow, we may be unable to foster the innovation, creativity, and entrepreneurial spirit we believe we need to support our growth. Our anticipated headcount growth and our continued operation as a public company may result in a change to our corporate culture, which could harm our business. We continue to enjoy a certain degree of inbound sales, which serve as a meaningful source of growth in our land-and-expand model. In the event that we experience a significant downturn in the inbound sales model, it may affect our future growth prospects. There is no guarantee, however, that this strategic sales team will be successful. If our efforts to sell subscriptions to new customers and to expand deployments with existing customers are not successful, our total revenue and revenue growth rate may decline and our business will suffer. Identifying, recruiting, and training such a qualified sales force would require significant time, expense, and attention and would significantly impact our business model. We believe that there is significant competition for sales personnel, including sales representatives, sales managers, and sales engineers, with the skills and technical knowledge that we require. Our ability to achieve revenue growth will depend, in large part, on our success in recruiting, training, and retaining sufficient numbers of sales personnel to support our growth. In addition, expanding our sales infrastructure would considerably change our cost structure and results of operations, and we may have to reduce other expenses, such as our research and development expenses, in order to accommodate a corresponding increase in marketing and sales expenses, and maintain positive operating cash flow and free cash flow. Moreover, recent hires and planned hires may not become productive as quickly as we expect, and we may be unable to hire or retain sufficient numbers of qualified individuals in the markets where we do business or plan to do business. In addition, particularly if we continue to grow rapidly, a large percentage of our sales force will have relatively little experience working with us, our subscriptions, and our business model. If our lack of a large, direct enterprise sales force limits us from reaching larger enterprise customers and growing our revenue and we are unable to hire, develop, and retain talented sales personnel in the future, our revenue growth and results of operations may be harmed. The sales prices of our products may fluctuate or decline, which may reduce our revenue and gross profit and adversely affect our financial results. The sales prices for our products may fluctuate or decline for a variety of reasons, including competitive pricing pressures, discounts, anticipation of the introduction of new products, or promotional programs. Competition continues to increase in the market segments in which we participate, and we expect competition to further increase in the future, thereby leading to increased pricing pressures. Larger competitors with more diverse offerings may reduce the price of offerings that compete with ours or may bundle them with other offerings and provide for free. Additionally, currency fluctuations in certain countries and regions may negatively impact actual prices that customers and partners are willing to pay in those countries and regions. Any decrease in the sales prices for our products, without a corresponding decrease in costs or increase in volume, would adversely affect our revenue and gross profit. Revenue and gross profit would also be adversely affected by a shift in mix of our subscriptions from self-managed to our SaaS offerings, which have a lower gross margin. We cannot assure you that we will be able to maintain our prices and gross profits at levels that will allow us to achieve and maintain profitability. Further, we have in the past, and expect in the future, to need to change our pricing model from time to time. While we do and will attempt to set prices based on our prior experiences and customer feedback, our assessments may not be accurate, and we could be underpricing or overpricing our products. Any such changes to our pricing strategies or our ability to efficiently price our offerings could adversely affect our business, results of operations, and financial condition. Our results of operations may fluctuate, in part, because of the length and variability of the sales cycle of our subscriptions and the difficulty in making short-term adjustments to our operating expenses. Our results of operations depend in part on sales to new large customers and increasing sales to existing customers. The length of our sales cycle, from initial contact from a prospective customer to contractually committing to our paid subscriptions, can vary substantially from customer to customer based on deal complexity as well as whether a sale is made directly by us. As a result, large individual sales have, in some cases, occurred in quarters subsequent to those we anticipated, or have not occurred at all. Because a substantial proportion of our expenses are relatively fixed in the short term, our results of operations will suffer if revenue falls below our expectations in a particular quarter, which could cause the price of our ordinary shares to decline. We rely on traditional web search engines and AI-powered synopses to direct traffic to our website. These rankings can be affected by a number of factors, many of which are not in our direct control, and they may change frequently. For example, a search engine may change its ranking algorithms, methodologies, or design layouts. As a result, links to our website may not be sufficiently prominent to drive traffic to our website, and we may not know how or otherwise be in a position to influence the results. Any reduction in the number of users directed to our website could reduce our revenue or require us to increase our customer acquisition expenditures. Our operations and financial performance depend in part on global economic conditions and the impact of these conditions on levels of information technology spending and the willingness of our current and prospective customers to purchase our products. For example, we are currently operating in a period of economic uncertainty. While interest rates have begun to decline and inflation is significantly lower than in past quarters in the U.S., costs of labor, capital, employee compensation, and other similar effects have increased in the recent past. To the extent our products are perceived by customers and potential customers as discretionary, our revenue may be disproportionately affected by delays or reductions in information technology spending. Such delays or reductions in technology spending are often associated with enhanced budget scrutiny by our customers including additional levels of approvals, cloud optimization efforts, and additional time to evaluate and test our products, which can lead to long and unpredictable sales cycles. Also, customers may choose to develop in-house software as an alternative to using our products, and competitors may respond to such negative conditions in the general economy by lowering prices, any of which could adversely affect demand for our products and limit our ability to grow our business. The present conditions and state of the U.S. and global economies make it difficult to predict whether, when, and to what extent a recession has occurred or will occur in the future. If the economic conditions of the general economy or markets in which we operate do not improve, or worsen from present levels, our business, results of operations, and financial condition could be adversely affected. For example, in July 2024, we acquired Qwak, a privately-held AI development platform company, and in 2021, we acquired both Vdoo Connected Trust Ltd. (“Vdoo”), a privately-held security company, and Upswift Ltd., a privately-held cloud-based platform company and creator of connected device management software for developers. The identification of suitable acquisition candidates is difficult, and we may not be able to complete such acquisitions on favorable terms, if at all. If we do complete future acquisitions, we may not ultimately strengthen our competitive position or achieve our goals and business strategy, we may be subject to claims or liabilities assumed from an acquired company, product, or technology, and any acquisitions we complete could be viewed negatively by our customers, investors, and securities analysts. Any integration process may require significant time and resources, which may disrupt our ongoing business and divert management’s attention, and we may not be able to manage the integration process successfully. We may have to pay cash, incur debt, or issue equity or equity-linked securities to pay for any future acquisitions, any of which could adversely affect our financial condition or the market price of our ordinary shares. The sale of equity or issuance of equity-linked debt to finance any future acquisitions could result in dilution to our shareholders. The incurrence of indebtedness would result in increased fixed obligations and could also include covenants or other restrictions that would impede our ability to raise additional capital and to manage our operations. The occurrence of any of these risks could harm our business, results of operations, and financial condition. Our failure to generate the significant capital or raise additional capital necessary to expand our operations and invest in new products could reduce our ability to compete and could harm our business. Although we currently anticipate that our existing cash and cash equivalents and operating cash flow will be sufficient to meet our cash needs for the next twelve months, we may require additional financing. We evaluate financing opportunities from time to time, and our ability to obtain financing will depend, among other things, on our development efforts, business plans, operating performance, and condition of the capital markets at the time we seek financing. We cannot assure you that additional financing will be available to us on favorable terms when required, or at all. If we raise additional funds through the issuance of equity or equity-linked or debt securities, those securities may have rights, preferences, or privileges senior to the rights of our ordinary shares, and our shareholders may experience dilution.S. or internationally; • hire, train, and retain employees; or • respond to competitive pressures or unanticipated working capital requirements. Our failure to have sufficient capital to do any of these things could harm our business, financial condition, and results of operations. Sales to government entities are subject to a number of risks that are specific to public sector customers. Government certification requirements for products like ours may change, thereby restricting our ability to sell into the U.S. federal government, U.S. state governments, or non-U.S. Government demand and payment for our products may be affected by public sector budgetary cycles and funding authorizations, with funding reductions or delays adversely affecting public sector demand for our products. Additionally, any actual or perceived privacy, data protection, or data security incident, or even any perceived defect with regard to our practices or measures in these areas, may negatively impact public sector demand for our products. Additionally, we rely on certain partners to provide technical support services to certain of our government entity customers to resolve any issues relating to our products. If our partners do not effectively assist our government entity customers in deploying our products, succeed in helping our government entity customers quickly resolve post-deployment issues, or provide effective ongoing support, our ability to sell additional products to new and existing government entity customers would be adversely affected and our reputation could be damaged. Government entities may have statutory, contractual, or other legal rights to terminate contracts with us for convenience or due to a default, and any such termination may adversely affect our future results of operations. Governments routinely investigate and audit government contractors’ administrative processes, and any unfavorable audit could result in the government refusing to continue buying our subscriptions, a reduction of revenue, or fines or civil or criminal liability if the audit uncovers improper or illegal activities, which could materially and adversely affect our results of operations. Issues in the development and use of AI, combined with an uncertain regulatory environment, may result in reputational harm, liability, or other adverse consequences to our business operations. We have deployed machine learning and AI technologies in our products and business, including developing new product features utilizing AI technologies. AI technology may become more important to our operations or to our future growth over time. Our products and systems may become targets for abuse powered by AI, and our support for MLOps may fall behind existing standards which are changing rapidly. Our competitors or other third parties may incorporate AI technology into their products, offerings, and solutions more quickly or more successfully than us, which could impair our ability to compete effectively and adversely affect our results of operations. Suppliers of the third-party AI models we use in our products and business could terminate their relationship with us, cease to make certain models available to us, or make certain models more expensive for us to use. AI technology also may be the subject of new or modified legal and regulatory obligations. For example, the EU AI Act (the “AI Act”) which entered into force on August 1, 2024, will impose obligations on providers and users of AI. Under the AI Act, fines can reach up to €35 million or 7% of global income. The AI Act may impact the incorporation of AI technologies into our offerings and business in Europe. Other countries, including the U.S. at both the state and federal level, are increasingly looking to regulate AI. For example, several AI bills have been introduced in Congress. A significant number of other countries are contemplating laws regulating AI and numerous U.S. states have proposed, and in certain cases enacted, legislation relating to AI. We may not be able to anticipate how to respond to rapidly evolving legal frameworks, and we may have to expend resources to adjust our offerings in certain jurisdictions if the legal frameworks on AI and machine learning technologies are not consistent across jurisdictions. New laws, decisions, and guidance regarding AI technologies may limit our ability to use AI models, or require us to make changes to our operations or products, which would result in an increase to operating costs and hinder our ability to improve our products. Accordingly, it is not possible to predict all of the risks related to the use of AI and machine learning technologies that we may face, and changes in laws, rules, directives, and regulations governing the use of AI and machine learning technologies may adversely affect our ability to use or sell these technologies or subject us to legal liability. Any such research, implementation, and integration may be costly and could impact our results of operations. Additionally, AI may create content that appears correct, but is factually inaccurate, insufficient, poor quality, flawed, or contain other errors or inadequacies, any of which may not be easily detectable. AI and machine learning technologies have been known to produce false or hallucinatory inferences or outputs. If we do not have sufficient rights to use the output of such AI and machine learning tools, or other data or content on which the AI and machine learning tools we use rely, we also may incur liability by violation of applicable laws and regulations, third-party intellectual property or other rights, or contracts to which we are a party. Expectations of our performance relating to sustainability and governance factors may impose additional costs and expose us to new risks. We have undertaken and expect to continue to undertake certain sustainability and governance-related initiatives, goals, and commitments, which we have communicated on our website, in our SEC filings, and elsewhere. These initiatives, goals, or commitments could be difficult to achieve and costly to implement. We could fail to achieve, or be perceived to fail to achieve, these initiatives, goals, or commitments. In addition, we could be criticized for the timing, scope, or nature of these initiatives, goals, or commitments, or for any revisions to them. Stakeholders could also challenge the accuracy, adequacy, or completeness of our disclosures related to these initiatives. Damage to our reputation or reduced demand for our products may adversely impact our business, financial condition, or results of operations. Risks Related to our Intellectual Property Failure to protect our proprietary technology and intellectual property rights could substantially harm our business and results of operations. Our success depends to a significant degree on our ability to protect our proprietary technology, methodologies, know-how, and brand. We rely on a combination of trademarks, copyrights, patents, contractual restrictions, and other intellectual property laws and confidentiality procedures to establish and protect our proprietary rights. However, we make certain products, including a limited-functionality version of JFrog Artifactory, available under open source licenses, contribute other source code to open source projects under open source licenses, and release internal software projects under open source licenses, and anticipate doing so in the future. Because the source code for the open source version of JFrog Artifactory and any other software we contribute to open source projects or distribute under open source licenses is publicly available, our ability to monetize and protect our intellectual property rights with respect to such source code may be limited or, in some cases, lost entirely. Our competitors could access such source code and use it to create software and service offerings that compete with ours. Further, the steps we take to protect our intellectual property rights may be inadequate. We will not be able to protect our intellectual property rights if we are unable to enforce our rights or if we do not detect unauthorized use of our intellectual property rights. If we fail to protect our intellectual property rights adequately, our competitors may gain access to our proprietary technology and our business may be harmed. In addition, defending our intellectual property rights might entail significant expense. Any patents, trademarks, or other intellectual property rights that we have or may obtain may be challenged by others or invalidated through administrative process or litigation. We hold a number of active patents and have filed patent applications both in the U.S. and in other countries. There can be no assurance that our patent applications will result in issued patents. Even if we continue to seek patent protection in the future, we may be unable to obtain further patent protection for our technology. Furthermore, legal standards relating to the validity, enforceability, and scope of protection of intellectual property rights are uncertain. Despite our precautions, it may be possible for unauthorized third parties to copy our products and use information that we regard as proprietary to create offerings that compete with ours. Effective patent, trademark, copyright, and trade secret protection may not be available to us in every country in which our products are available. We may be unable to prevent third parties from acquiring domain names or trademarks that are similar to, infringe upon, or diminish the value of our trademarks and other proprietary rights.S., and mechanisms for enforcement of intellectual property rights may be inadequate. As we continue to expand our international activities, our exposure to unauthorized copying and use of our products and proprietary information will likely increase. Accordingly, despite our efforts, we may be unable to prevent third parties from infringing upon or misappropriating our intellectual property. We enter into confidential, non-compete, proprietary, and inventions assignment agreements with our employees and consultants and enter into confidentiality agreements with other parties. Further, these agreements may not prevent our competitors from independently developing technologies that are substantially equivalent or superior to our products. Our platform allows integration with third parties’ software, or the platform used by the customer. Such integrated software could impact negatively on the use of features or products available on the JFrog Platform. In addition, if the integration is misused by a third party to gain unlawful access to our platform, our business and reputation could be harmed. Litigation may be necessary in the future to enforce our intellectual property rights and to protect our trade secrets. Litigation brought to protect and enforce our intellectual property rights could be costly, time-consuming, and distracting to management, and could result in the impairment or loss of portions of our intellectual property. Further, our efforts to enforce our intellectual property rights may be met with defenses, counterclaims, and countersuits attacking the validity and enforceability of our intellectual property rights. Our inability to protect our proprietary technology against unauthorized copying or use, as well as any costly litigation or diversion of our management’s attention and resources, could delay further sales or the implementation of our products, impair the functionality of our products, delay introductions of new products, result in our substituting inferior or more costly technologies into our products, or injure our reputation. We could incur substantial costs as a result of any claim of infringement, misappropriation, or violation of another party’s intellectual property rights. In recent years, there has been significant litigation involving patents and other intellectual property rights in the software industry. We do not currently have a large patent portfolio, which could prevent us from deterring patent infringement claims through our own patent portfolio, and our competitors and others may now and in the future have significantly larger and more mature patent portfolios than we have. The intellectual property ownership and license rights, including copyright, surrounding AI technologies have not yet been fully addressed by lawmakers or courts, and the use of third party AI in our products offerings may result in exposure to claims of copyright infringement or other intellectual property misappropriation. We could incur substantial costs in prosecuting or defending any intellectual property litigation. We could also be subject to an injunction which could prohibit us from selling or using products that incorporate the disputed intellectual property. A significant portion of our intellectual property has been developed by our employees in the course of their employment for us. Under the Israeli Patents Law, 5727-1967 (the “Patents Law”), inventions conceived by an employee in the course and as a result of or arising from his or her employment with a company are regarded as “service inventions,” which belong to the employer, absent a specific agreement between the employee and employer giving the employee service invention rights. The Patents Law also provides that if there is no such agreement between an employer and an employee, the Israeli Compensation and Royalties Committee (the “Committee”), a body constituted under the Patents Law, shall determine whether the employee is entitled to remuneration for his or her inventions. The Committee will examine, on a case-by-case basis, the general contractual framework between the parties, applying interpretation rules of the general Israeli contract laws. Further, the Committee has not yet determined one specific formula for calculating this remuneration, but rather uses the criteria specified in the Patents Law. Although we generally enter into assignment-of-invention agreements with our employees pursuant to which such individuals assign to us all rights to any inventions created in the scope of their employment or engagement with us, we may face claims demanding remuneration in consideration for assigned inventions. As a consequence of such claims, we could be required to pay additional remuneration or royalties to our current and former employees, or be forced to litigate such claims, which could negatively affect our business. Indemnity provisions in various agreements potentially expose us to substantial liability for intellectual property infringement, misappropriation, violation, and other losses. Large indemnity payments could harm our business, results of operations, and financial condition. Any dispute with a customer with respect to such obligations could have adverse effects on our relationship with that customer and other existing customers and new customers and harm our business and results of operations. Our use of open source software could negatively affect our ability to sell our products and subject us to possible litigation. Our paid products incorporate open source software, and we expect to continue to incorporate open source software in our paid products in the future. Few of the licenses applicable to open source software have been interpreted by courts, and there is a risk that these licenses could be construed in a manner that could impose unanticipated conditions or restrictions on our ability to commercialize our paid products. In any of these events, we and our customers could be required to seek licenses from third parties in order to continue offering our products, and to re-engineer our products or discontinue the sale of our products in the event re-engineering cannot be accomplished on a timely basis. Some open source projects provided on an “as-is” basis have known vulnerabilities and architectural instabilities which, if not properly addressed, could negatively affect the performance of our product. Any of the foregoing could require us to devote additional research and development resources to re-engineer our solutions, could result in customer dissatisfaction, and may adversely affect our business, results of operations, and financial condition. Although our products do not involve the processing of large amounts of personal data or personal information, our platform and products support customers’ software, which may involve the processing of large amounts of personal data, personal information, and information that is confidential or otherwise sensitive or proprietary. In addition, these or other incidents may trigger new laws and regulations that increase our compliance burdens, add reporting obligations, or otherwise increase costs for oversight and monitoring of our platform, products, and supply chain. This information includes trade secrets, intellectual property, employee data, and other confidential data. We also engage vendors and service providers to store and otherwise process some of our and our customers’ data, including sensitive and proprietary information, personal data, and personal information. Our vendors and service providers have been and, in the future may be, the targets of cyberattacks, malicious software, supply chain attacks, phishing schemes, fraud, and other risks to the confidentiality, security, and integrity of their systems and the data they process for us. Our ability to monitor our vendors and service providers’ data security is limited, and, in any event, third parties may be able to circumvent those security measures, resulting in the unauthorized or unlawful access to, misuse, disclosure, loss, acquisition, corruption, unavailability, alteration, modification, or destruction of our and our customers’ data, including sensitive and proprietary information, personal data, and personal information. Security breaches and other security incidents that affect us may result from employee or contractor error or negligence or those of vendors, service providers, and strategic partners on which we rely. These attacks may come from individual hackers, criminal groups, and state-sponsored organizations. There have been and may continue to be significant supply chain attacks, and we cannot guarantee that our or our vendors or service providers’ systems and networks have not been breached or that they do not contain exploitable vulnerabilities, defects, or bugs that could result in a breach of or disruption to our systems and networks or the systems and networks of third parties that support us and our services. In addition, our customers and users may also disclose or leak their passwords, API keys, or secrets that could lead to unauthorized access to their accounts and data, including information about their software, source code, and security environment, stored within our products. Also, our expansion into new services and products could subject us to additional regulations. In addition, we are subject to other laws and regulations that obligate us to employ reasonable security measures. From time to time, we do identify product vulnerabilities, including through our bug bounty program. Certain vulnerabilities under certain circumstances could be exploited if our customers do not patch vulnerable versions of the product. In the future, we also may experience security breaches, including breaches resulting from a cybersecurity attack, phishing attack, or other means, including unauthorized access, unauthorized usage, malware, or similar breaches or disruptions. We incur significant costs in an effort to detect and prevent security breaches and other security-related incidents, including those to secure our product development, test, evaluation, and deployment activities, and we expect our costs will increase as we make improvements to our systems and processes to prevent future breaches and incidents. We may be more susceptible to security breaches and other security incidents in view of many of our employees and employees of our service providers working remotely, because we and our service providers have less capability to implement, monitor, and enforce our information security and data protection policies for those employees. Based on the examples set in other recent incidents, the more widespread our platform and products become, the more they may be viewed by malicious cyber threat actors as an attractive target for such an attack. In the past, we have experienced vulnerabilities, none of which led to account takeover and all such known vulnerabilities have been remedied. A security breach or other incident could result in reputational damage, litigation, regulatory investigations and orders, loss of business, indemnity obligations, damages for contract breach, penalties for violation of applicable laws, regulations, or contractual obligations, and significant costs, fees, and other monetary payments for remediation, including in connection with forensic examinations and costly and burdensome breach notification requirements. Any belief by customers or others that a security breach or other incident has affected us or any of our vendors or service providers, even if a security breach or other incident has not affected us or any of our vendors or service providers or has not actually occurred, could have any or all of the foregoing impacts on us, including damage to our reputation. Even the perception of inadequate security may damage our reputation and negatively impact our ability to gain new customers and retain existing customers. In the event of any such breach or incident, we could be required to expend significant capital and other resources to address our or our vendor or service provider’s incident. Considering the SolarWinds Orion incident and the Kaseya VSA incident, if our products were compromised in a way that offered a means of malicious access or delivery of ransomware or other malicious software to our customers, the impact of such an incident would likely be significant. Techniques used to sabotage or obtain unauthorized access to systems or networks are constantly evolving and, in some instances, are not identified until launched against a target. For example, AI technologies may be used in connection with certain cybersecurity attacks, resulting in heightened risks of security breaches and incidents. In addition, laws, regulations, government guidance, and industry standards and practices in the U.S. and elsewhere are rapidly evolving to combat these threats. We may face increased compliance burdens regarding such requirements with regulators and customers regarding our products and services and also incur additional costs for oversight and monitoring of our own supply chain. Further, any provisions in our customer and user agreements, contracts with our vendors and service providers, or other contracts relating to limitations of liability, may not be enforceable or adequate or otherwise protect us from any liabilities or damages with respect to any particular claim relating to a security breach or other security-related matter. While our insurance policies include liability coverage for certain of these matters, subject to applicable deductibles, if we experienced a widespread security breach or other incident that impacted a significant number of our customers, we could be subject to indemnity claims or other damages that exceed our insurance coverage. If such a breach or incident occurred, our insurance coverage might not be adequate for data handling or data security liabilities actually incurred, such insurance may not continue to be available to us in the future on economically reasonable terms, or at all, and insurers may deny us coverage as to any future claim. The successful assertion of one or more large claims against us that exceed available insurance coverage, or the occurrence of changes in our insurance policies, including premium increases or the imposition of large deductible or co-insurance requirements, could have a material adverse effect on our business, including our financial condition, operating results, and reputation. We are subject to stringent and changing laws, regulations, standards, and contractual obligations related to privacy, data protection, and data security. Our actual or perceived failure to comply with such obligations could harm our business. We receive, collect, store, process, transfer, retain, use, and otherwise process personal information and other data relating to users of our products, our employees and contractors, and other persons. We have legal and contractual obligations regarding the protection of confidentiality and appropriate use of certain data, including personal data and personal information. In addition, these laws and regulations could constrain our ability to use and process data in manners that may be commercially desirable. Our insurance covering certain security and privacy damages and claim expenses may not be sufficient to compensate for all liabilities we may incur. The regulatory environment applicable to the handling of EEA residents' personal data, and our actions taken in response, may cause us to assume additional liabilities or incur additional costs and could result in our business, operating results, and financial condition being harmed. We and our customers may face a risk of enforcement actions by data protection authorities in the EEA relating to personal data transfers to us and by us from the EEA. Any such enforcement actions could result in substantial costs and diversion of resources, distract management and technical personnel, and negatively affect our business, operating results and financial condition. While the EU and U.S.S. Data Privacy Framework (“DPF”) to foster EU-U.S. data transfers, the CJEU upheld the Standard Contractual Clauses (“SCCs”), and addressed the concerns of the CJEU’s “Schrems II” decision, it is uncertain whether the DPF and the SCCs will eventually be overturned or invalidated, as the predecessors to the DPF were. Additionally, certain countries have considered passing laws requiring varying degrees of local data residency. Any actual or perceived failure to comply with these laws could result in a costly investigation or litigation resulting in potentially significant liability, loss of trust by our users, and a material and adverse impact on our reputation and business. The Israeli Privacy Protection Law, 1981 (PPL), and its regulations, including but not limited to the Israeli Privacy Protection Regulations (Data Security) 2017 (Security Regulations) impose obligations regarding processing, transferring and securing of personal data. In addition, in 2023, the Privacy Protection Regulations (Provisions Regarding Information Transferred to Israel from the European Economic Area), 2023 (EU Regulations) were enacted and consequently provide, in certain cases, additional rights to data subjects from the EEA and Israel. Therefore, significant changes to the PPL and its regulations may necessitate adjustments to our data protection and security practices. Lack of compliance with the PPL and its regulations could result in enforcement actions, litigation (including class actions), fines and penalties. A material amendment to the PPL was approved by the Israeli Parliament in August 2024 and will take effect on August 14, 2025 (Amendment 13). Among other things, Amendment 13 expands the Privacy Protection Authority’s investigative authority and the monetary sanctions that can be imposed for breach of the PPL and its regulations, to substantial amounts that, in certain cases, may reach millions of NIS. We also expect that there will continue to be changes in interpretations of existing laws and regulations, or new proposed laws and regulations concerning privacy, data security, cybersecurity, data sovereignty, e-marketing, AI, and data protection. Furthermore, the costs of compliance with, and other burdens imposed by, the laws, regulations, other obligations, and policies that are applicable to the businesses of our users may limit the adoption and use of, and reduce the overall demand for, our platform. Risks Related to Foreign Operations Our international operations and expansion expose us to risks. Our primary research and development operations are located in Israel. As of December 31, 2024, we had customers located in over 90 countries, and our strategy is to continue to expand internationally. In addition, as a result of our strategy of leveraging a distributed workforce. As of December 31, 2024, we had employees located primarily in ten countries. Our current international operations involve, and we expect future initiatives will involve, a variety of risks, including: • challenges inherent to efficiently managing an increased number of employees over large geographic distances, including the need to implement appropriate systems, policies, benefits, and compliance programs; • different labor regulations, especially in Israel, the EU and India, where labor laws are generally more advantageous to employees as compared to the U.S., including differing hourly wages and overtime regulations in these locations; • exposure to many stringent and potentially inconsistent worldwide and industry-specific laws and regulations applicable to JFrog, directly or through customer contractual obligations relating to privacy, data protection, cybersecurity, AI, and data security; • unexpected changes in practices, tariffs, export quotas, custom duties, trade disputes, tax laws and treaties, particularly due to economic tensions and trade negotiations or other trade restrictions; • changes in a specific country’s or region’s political or economic conditions, such as the war between Israel, Hamas and Hezbollah, the regional conflict in the Middle East, the war between Russia and Ukraine and associated geopolitical tensions, as well as economic sanctions the U.S.S. dollar; • risks relating to the implementation of exchange controls, including restrictions promulgated by the OFAC, and other similar trade protection regulations and measures in the U.S., the EU, or in other jurisdictions; • reduced ability to timely collect amounts owed to us by our customers in countries where our recourse may be more limited; • slower than anticipated availability and adoption of cloud and hybrid infrastructures by international businesses; • limitations on our ability to reinvest earnings from operations derived from one country to fund the capital needs of our operations in other countries; • limited or unfavorable intellectual property protection; and • exposure to liabilities under anti-corruption and anti-money laundering laws, including the U.S. Foreign Corrupt Practices Act of 1977, as amended, and similar applicable laws and regulations in other jurisdictions. If we are unable to address these difficulties and challenges or other problems encountered in connection with our international operations and expansion, we may incur unanticipated liabilities or otherwise suffer harm to our business generally. Our future results depend, in part, on our ability to sustain and expand our penetration of the international markets in which we currently operate and to expand into additional international markets. Our ability to expand internationally will depend upon our ability to deliver functionality and foreign language translations that reflect the needs of the international clients that we target. Our ability to expand internationally involves various risks, including the need to invest significant resources in such expansion, and the possibility that returns on such investments will not be achieved in the near future or at all in these less familiar competitive environments. We may also choose to conduct our international business through strategic partnerships or other collaboration arrangements. If we are unable to identify partners or negotiate favorable terms, our international growth may be limited. In addition, we have incurred and may continue to incur significant expenses in advance of generating material revenue as we attempt to establish our presence in certain international markets. As we conduct operations in China, risks associated with economic, political, and social events in China could negatively affect our business and results of operations. We currently conduct limited operations in China, including its administrative regions such as Hong Kong.S. and China have had disagreements over political and economic issues. Controversies may arise in the future between these two countries.S. and China could adversely affect the U.S. and European economies and materially and adversely affect the market price of our ordinary shares, our business, financial position, and financial performance. In some cases, our software is subject to export control laws and regulations, including the Export Administration Regulations administered by the U.S. Department of Commerce, and our activities may be subject to trade and economic sanctions, including those administered by the United States Department of the Treasury’s Office of Foreign Assets Control (“OFAC”) (collectively, “Trade Controls”). As such, a license may be required to export or re-export our products, or provide related services, to certain countries and end-users, and for certain end-uses. Further, our products incorporating encryption functionality may be subject to special controls applying to encryption items and/or certain reporting requirements. We are currently working to enhance these procedures, with which failure to comply could subject us to both civil and criminal penalties, including substantial fines, possible incarceration of responsible individuals for willful violations, possible loss of our export or import privileges, and reputational harm. Further, the process for obtaining necessary licenses may be time-consuming or unsuccessful, potentially causing delays in sales or losses of sales opportunities. Trade Controls are complex and dynamic regimes, and monitoring and ensuring compliance can be challenging, particularly given that our products are widely distributed throughout the world and are available for download without registration. Although we have no knowledge that our activities have resulted in violations of Trade Controls, any failure by us or our partners to comply with applicable laws and regulations would have negative consequences for us, including reputational harm, government investigations, and penalties. In addition, various countries regulate the import of certain encryption technology, including through import permit and license requirements, and have enacted laws that could limit our ability to distribute our products or could limit our end-customers’ ability to implement our products in those countries. Changes in our products or changes in export and import regulations in such countries may create delays in the introduction of our products into international markets, prevent our end-customers with international operations from deploying our products globally or, in some cases, prevent or delay the export or import of our products to certain countries, governments, or persons altogether. Any change in export or import laws or regulations, economic sanctions or related legislation, shift in the enforcement or scope of existing export, import or sanctions laws or regulations, or change in the countries, governments, persons, or technologies targeted by such export, import, or sanctions laws or regulations, could result in decreased use of our products by, or in our decreased ability to export or sell our products to, existing or potential end-customers with international operations. Any decreased use of our products or limitation on our ability to export to or sell our products in international markets could adversely affect our business, financial condition, and results of operations. We are subject to the U.S. Foreign Corrupt Practices Act of 1977, as amended (the “FCPA”), the U.S. domestic bribery statute contained in 18 U.S.C. § 201, the U.S. Travel Act, the USA PATRIOT Act, the United Kingdom Bribery Act 2010, the Proceeds of Crime Act 2002, Chapter 9 (sub-chapter 5) of the Israeli Penal Law, 1977, the Israeli Prohibition on Money Laundering Law–2000 and possibly other anti-bribery and anti-money laundering laws in countries outside of the U.S. in which we conduct our activities. Anti-corruption and anti-bribery laws have been enforced aggressively in recent years and are interpreted broadly to generally prohibit companies, their employees, agents, representatives, business partners, and third-party intermediaries from authorizing, offering, or providing, directly or indirectly, improper payments or benefits to recipients in the public or private sector. We sometimes leverage third parties to sell our products and conduct our business abroad. We, our employees, agents, representatives, business partners, and third-party intermediaries may have direct or indirect interactions with officials and employees of government agencies or state-owned or affiliated entities and may be held liable for the corrupt or other illegal activities of these employees, agents, representatives, business partners, or third-party intermediaries, even if we do not explicitly authorize such activities. We cannot assure you that all of our employees and agents will not take actions in violation of applicable law, for which we may be ultimately held responsible. As we increase our international sales and business, our risks under these laws may increase. These laws also require that we keep accurate books and records and maintain internal controls and compliance procedures designed to prevent any such actions. Any allegations or violation of the FCPA or other applicable anti-bribery, anti-corruption laws, and anti-money laundering laws could result in whistleblower complaints, sanctions, settlements, prosecution, enforcement actions, fines, damages, adverse media coverage, investigations, loss of export privileges, severe criminal or civil sanctions, or suspension or debarment from U.S. government contracts, all of which may have an adverse effect on our reputation, business, results of operations, and prospects. Responding to any investigation or action will likely result in a materially significant diversion of management’s attention and resources and significant defense costs and other professional fees. In addition, the U.S. government may seek to hold us liable for successor liability for FCPA violations committed by companies in which we invest or that we acquire. Our functional currency is the U.S. dollar and our revenue and expenses are primarily denominated in U.S. dollars. However, a significant portion of our headcount related expenses, consisting principally of salaries and related personnel expenses as well as leases and certain other operating expenses, are denominated in NIS. This foreign currency exposure gives rise to market risk associated with exchange rate movements of the U.S. dollar against the NIS. Furthermore, we anticipate that a material portion of our expenses will continue to be denominated in NIS.S. dollar that are associated with future cash flows denominated in NIS. In addition, increased international sales in the future may result in greater foreign currency denominated sales, increasing our foreign currency risk. A material portion of our leases are denominated in currencies other than the U.S. Dollar, mainly in NIS. The associated lease liabilities are remeasured using the current exchange rate, which may result in material foreign exchange gains or losses. Moreover, operating expenses incurred outside the U.S. and denominated in foreign currencies are increasing and are subject to fluctuations due to changes in foreign currency exchange rates. If we are not able to successfully hedge against the risks associated with currency fluctuations, our financial condition and results of operations could be adversely affected. To date, we have entered into hedging transactions in an effort to reduce our exposure to foreign currency exchange risk. While we may decide to continue to enter into hedging transactions in the future, the availability and effectiveness of these hedging transactions may be limited and we may not be able to successfully hedge our exposure, which could adversely affect our financial condition and results of operations. The tax laws applicable to our business, including the laws of Israel, the U.S., and other jurisdictions, are subject to interpretation and certain jurisdictions may aggressively interpret their laws in an effort to raise additional tax revenue. The tax authorities of the jurisdictions in which we operate may challenge our methodologies for valuing developed technology or intercompany arrangements or our revenue recognition policies, which could increase our worldwide effective tax rate and harm our financial position and results of operations. It is possible that tax authorities may disagree with certain positions we have taken and any adverse outcome of such a review or audit could have a negative effect on our financial position and results of operations. Further, the determination of our worldwide provision for income taxes and other tax liabilities requires significant judgment by management, and there are transactions where the ultimate tax determination is uncertain. Although we believe that our estimates are reasonable, the ultimate tax outcome may differ from the amounts recorded in our consolidated financial statements and may materially affect our financial results in the period or periods for which such determination is made. In addition, we typically invoice customers for the full contract amount at the time of entering into a contract, but recognize revenue over the term of the subscription period. Applicable tax authorities may challenge our tax reporting position and may accelerate our tax obligation based on cash received, which may materially affect our financial results. Our corporate structure and intercompany arrangements are subject to the tax laws of various jurisdictions, and we could be obligated to pay additional taxes, which would harm our results of operations. Based on our current corporate structure, we are subject to taxation in several jurisdictions around the world with increasingly complex tax laws, the application of which can be uncertain. The amount of taxes we pay in these jurisdictions could increase substantially as a result of changes in the applicable tax principles, including increased tax rates, new tax laws, or revised interpretations of existing tax laws and precedents. The authorities in these jurisdictions could review our tax returns or require us to file tax returns in jurisdictions in which we are not currently filing, and could impose additional tax, interest, and penalties. These authorities could also claim that various withholding requirements apply to us or our subsidiaries, assert that benefits of tax treaties are not available to us or our subsidiaries, or challenge our methodologies for valuing developed technology or intercompany arrangements, including our transfer pricing. The relevant tax authorities may determine that the manner in which we operate our business does not achieve the intended tax consequences. Any increase in the amount of taxes we pay or that are imposed on us could increase our worldwide effective tax rate and harm our business and results of operations. We are eligible for certain tax benefits provided to a “Preferred Technology Enterprise” under the Israeli Law for the Encouragement of Capital Investments, 1959, referred to as the Investment Law. In order to remain eligible for the tax benefits for a Preferred Technology Enterprise, we must continue to meet certain conditions stipulated in the Investment Law and its regulations, as amended. Additionally, if we increase our activities outside of Israel through acquisitions, for example, our expanded activities might not be eligible for inclusion in future Israeli tax benefit programs. We could be required to collect additional sales, use, value added, digital services, or other similar taxes or be subject to other liabilities that may increase the costs our clients would have to pay for our products which would adversely affect our results of operations. We collect sales, value added, and other similar taxes in a number of jurisdictions. One or more U.S. states or countries may seek to impose incremental or new sales, use, value added, digital services, or other tax collection obligations on us. Further, an increasing number of U.S. states have considered or adopted laws that attempt to impose tax collection obligations on out-of-state companies.S. Supreme Court ruled in South Dakota v. Wayfair, Inc. In response to Wayfair, or otherwise, many U.S. A successful assertion by one or more U.S. states requiring us to collect taxes where we presently do not do so, or to collect more taxes in a jurisdiction in which we currently do collect some taxes, could result in substantial liabilities, including taxes on past sales, as well as interest and penalties. A successful assertion by a U.S. Our ability to use our net operating loss carryforwards to offset future taxable income may be subject to certain limitations. As of December 31, 2024, we had net operating loss carryforwards of $168.2 million in Israel and U.S. state net operating loss carryforwards of $64. Limitations imposed by the applicable jurisdictions on our ability to utilize net operating loss carryforwards, including with respect to the net operating loss carryforwards of companies that we have acquired or may acquire in the future, could cause income taxes to be paid earlier than would be paid if such limitations were not in effect and could cause such net operating loss carryforwards to expire unused, in each case reducing or eliminating the benefit of such net operating loss carryforwards. Furthermore, we may not be able to generate sufficient taxable income to utilize our net operating loss carryforwards before they expire. If any of these events occur, we may not derive some or all of the expected benefits from our net operating loss carryforwards. Risks Related to Our Ordinary Shares The market price for our ordinary shares may be volatile or may decline regardless of our operating performance. The concentration of our share ownership with insiders will likely limit your ability to influence corporate matters, including the ability to influence the outcome of director elections and other matters requiring shareholder approval. As a result, these shareholders, acting together, will have control over certain matters that require approval by our shareholders, including matters such as the appointment and dismissal of directors, capital increases, amendment to our articles of associations, and approval of certain corporate transactions. Corporate action might be taken even if other shareholders oppose them. This concentration of ownership might also have the effect of delaying or preventing a change of control of us that other shareholders may view as beneficial. It should be noted that we are not aware of any voting agreement or arrangement between our shareholders. If industry or financial analysts do not publish research or reports about our business, or if they issue inaccurate or unfavorable research regarding our ordinary shares, our share price and trading volume could decline. We do not control these analysts, or the content and opinions included in their reports. If any of the analysts who cover us issues an inaccurate or unfavorable opinion regarding our company, our share price would likely decline. If our financial results fail to meet, or significantly exceed, our announced guidance or the expectations of analysts or public investors, analysts could downgrade our ordinary shares or publish unfavorable research about us. If one or more of these analysts cease coverage of our company or fail to publish reports on us regularly, our visibility in the financial markets could decrease, which in turn could cause our share price or trading volume to decline. Our amended and restated articles of association authorize us to issue up to 500 million ordinary shares and up to 50 million preference shares with such rights and preferences as included in our articles of association. Subject to compliance with applicable rules and regulations, we may issue ordinary shares or securities convertible into ordinary shares from time to time in connection with a financing, acquisition, investment, our share incentive plans, or otherwise. Any such issuance could result in substantial dilution to our existing shareholders unless pre-emptive rights exist and cause the market price of our ordinary shares to decline. Provisions of Israeli law and our amended and restated articles of association may delay, prevent, or make undesirable an acquisition of all or a significant portion of our shares or assets. Certain provisions of Israeli law and our articles of association could have the effect of delaying or preventing a change in control and may make it more difficult for a third party to acquire us or for our shareholders to elect different individuals to our board of directors, even if doing so would be beneficial to our shareholders, and may limit the price that investors may be willing to pay in the future for our ordinary shares. For example, Israeli corporate law regulates mergers and requires that a tender offer be effected when certain thresholds of percentage ownership of voting power in a company are exceeded (subject to certain conditions). Further, Israeli tax considerations may make potential transactions undesirable to us or to some of our shareholders whose country of residence does not have a tax treaty with Israel granting tax relief to such shareholders from Israeli tax. Our amended and restated Articles of Association provide that the federal district courts of the United States of America will be the exclusive forum for resolving any complaint asserting a cause of action arising under the Securities Act, which could limit our shareholders’ ability to choose the judicial forum for disputes with us or our directors, shareholders, officers, or other employees. Section 22 of the Securities Act creates concurrent jurisdiction for U.S. federal and state courts over all such Securities Act actions. Accordingly, both U.S. state and federal courts have jurisdiction to entertain such claims. To prevent having to litigate claims in multiple jurisdictions and the threat of inconsistent or contrary rulings by different courts, among other considerations, our amended and restated Articles of Association provide that, unless we consent in writing to the selection of an alternative forum, the federal district courts of the United States of America shall be the exclusive forum for the resolution of any complaint asserting a cause of action arising under the Securities Act. This exclusive forum provision will not apply to suits brought to enforce any liability or duty created by the Exchange Act. Any person or entity purchasing or otherwise acquiring any interest in any of our securities shall be deemed to have notice of and consented to the foregoing provision of our amended and restated Articles of Association. Although we believe this exclusive forum provision benefits us by providing increased consistency in the application of U.S. federal securities laws in the types of lawsuits to which they apply, the exclusive forum provision may limit a shareholder’s ability to bring a claim in a judicial forum of its choosing for disputes with us or any of our directors, shareholders, officers, or other employees, which may discourage lawsuits with respect to such claims against us and our current and former directors, shareholders, officers, or other employees. Our shareholders will not be deemed to have waived our compliance with the U.S. federal securities laws and the rules and regulations thereunder as a result of our exclusive forum provision. We have not in the past and do not intend to pay dividends in the foreseeable future. As a result, your ability to achieve a return on your investment will depend on appreciation in the price of our ordinary shares. We have never declared or paid any cash dividends on our shares. We currently intend to retain all available funds and any future earnings for use in the operation of our business and do not anticipate paying any dividends on our ordinary shares in the foreseeable future. Consequently, investors who purchase our ordinary shares may be unable to realize a gain on their investment except by selling such shares after price appreciation, which may never occur. Our board of directors has sole discretion whether to pay dividends. If our board of directors decides to pay dividends, the form, frequency, and amount will depend upon our future, operations and earnings, capital requirements and surplus, general financial condition, contractual restrictions, and other factors that our directors may deem relevant. The Israeli Companies Law, 5759-1999 (the “Companies Law”) imposes restrictions on our ability to declare and pay dividends. Payment of dividends may also be subject to Israeli withholding taxes.S., India, and France), given the conditions in Israel, the regional conflict in the Middle East, including attacks by Hamas, Hezbollah, Iran, the Houthi movement of Yemen, and other militant groups, it is possible that our operations could be adversely affected over time, which could lead to a disruption in our business. Since the establishment of the State of Israel in 1948, a number of armed conflicts have occurred between Israel and its neighboring countries and terrorist organizations active in the region. In October 2023, Hamas militants and members of other terrorist organizations infiltrated Israel’s southern border from the Gaza Strip and conducted a series of terror attacks on civilian and military targets, Hezbollah militants conducted a series of terror attacks on civilian and military targets from the northern border of Israel. Since the commencement of these events, there have been additional active hostilities, including with the Houthi movement of Yemen, Iran, and other regional actors, and with Iran. However, certain ceasefire agreements have been reached with Hamas and Lebanon (with respect to Hezbollah), and some Iranian proxies have declared a halt to attacks. Additionally, Israel has conducted limited military operations targeting the Syrian army, Iranian military assets, and infrastructure linked to Hezbollah and other Iran-supported groups. Despite these ceasefire agreements and declarations, it is possible that these hostilities will escalate in the future into a broader regional conflict, and that additional terrorist organizations and countries will actively join the hostilities. The intensity and duration of Israel’s current war against Hamas, Hezbollah, and other terror organizations is difficult to predict (including with respect to the recent geopolitical changes in Syria and the involvement of other regional actors), as are such war’s economic implications on the Company’s business and operations and on Israel's economy in general. Certain of our employees and consultants in Israel have been called, and additional employees may be called, for service in the current or future wars or other armed conflicts. Such employees may be absent for an extended period of time. As a result, our operations may be disrupted by such absences, which disruption may materially and adversely affect our business and results of operations. In January 2024, the International Court of Justice, or ICJ, issued an interim ruling against Israel, which could have a material adverse effect on our business. In November 2024, the International Criminal Court issued arrest warrants for Israeli leaders. There are concerns that companies and businesses will terminate, and may have already terminated, certain commercial relationships with Israeli companies following the ICJ decision. Additionally, proposed changes to Israel's judicial system may lead to political instability or civil unrest, adversely affecting our business. 46 Table of Contents It may be difficult to enforce a U.S.S., or to assert U.S.S. Most of our assets and those of our non-U.S.S. Service of process upon us or our non-U.S. resident directors and officers may be difficult to obtain within the U.S. We have been informed by our legal counsel in Israel that it may be difficult to assert claims under U.S. securities laws in original actions instituted in Israel or obtain a judgment based on the civil liability provisions of U.S. federal securities laws. Israeli courts may refuse to hear a claim based on an alleged violation of U.S. securities laws against us or our non-U.S. officers or directors, reasoning that Israel is not the most appropriate forum to hear such a claim. In addition, even if an Israeli court agrees to hear a claim, it may determine that Israeli law and not U.S. law is applicable to the claim. If U.S. law is found to be applicable, the content of applicable U.S. law must be proved as a fact by expert witnesses, which can be a time-consuming and costly process. Certain matters of procedure may also be governed by Israeli law. There is little binding case law in Israel addressing the matters described above. Israeli courts might not enforce judgments rendered outside Israel, which may make it difficult to collect on judgments rendered against us or our non-U.S. officers and directors. Moreover, among other reasons, including but not limited to, fraud or absence of due process, or the existence of a judgment which is at variance with another judgment that was given in the same matter if a suit in the same matter between the same parties was pending before a court or tribunal in Israel, an Israeli court will not enforce a foreign judgment if it was given in a state whose laws do not provide for the enforcement of judgments of Israeli courts (subject to exceptional cases), or if its enforcement is likely to prejudice the sovereignty or security of the State of Israel. Your rights and responsibilities as our shareholder are governed by Israeli law, which may differ in some respects from the rights and responsibilities of shareholders of U.S. corporations. We are incorporated under Israeli law. The rights and responsibilities of holders of our ordinary shares are governed by our amended and restated articles of association and the Companies Law. These rights and responsibilities differ in some respects from the rights and responsibilities of shareholders in typical U.S. corporations. In addition, a controlling shareholder of an Israeli company or a shareholder who knows that it possesses the power to determine the outcome of a shareholder vote or who has the power to appoint or prevent the appointment of a director or officer in the company, or has other powers toward the company, has a duty of fairness toward the company. However, Israeli law does not define the substance of this duty of fairness. There is little case law available to assist in understanding the implications of these provisions that govern shareholder behavior. We have received Israeli government grants for certain of our research and development activities. The terms of these grants may require us to satisfy specified conditions in order to develop and transfer technologies supported by such grants outside of Israel. In addition, in some circumstances, we may be required to pay penalties in addition to repaying the grants. Our research and development efforts were financed, in part, through grants from the IIA. From our inception through 2015, we conducted projects with the IIA’s support and received grants totaling $1.2 million from the IIA and repaid to the IIA $1.3 million (the entire amount of the grants and accrued interest). The Innovation Law requires, inter alia, that the products developed as part of the programs under which the grants were given be manufactured in Israel and restricts the ability to transfer know-how funded by IIA outside of Israel. Transfer of IIA-funded know-how outside of Israel requires prior approval and is subject to payment of a redemption fee to the IIA calculated according to a formula provided under the Innovation Law. A transfer for the purpose of the Innovation Law is generally interpreted very broadly and includes, inter alia, any actual sale of the IIA-funded know-how, any license to develop the IIA-funded know-how or the products resulting from such IIA-funded know-how, or any other transaction, which, in essence, constitutes a transfer of IIA-funded know-how. We cannot be certain that any approval of the IIA will be obtained on terms that are acceptable to us, or at all. We may not receive the required approvals should we wish to transfer IIA-funded know-how and/or development outside of Israel in the future. Transfer of IIA know-how created, in whole or in part, in connection with an IIA-funded project, to a third party outside Israel requires prior approval and is subject to payment to the IIA of a redemption fee calculated according to a formula provided under the Innovation Law. Subject to prior approval of the IIA, we may transfer the IIA-funded know-how to another Israeli company. In such case, the acquiring company would have to assume all of the applicable restrictions and obligations towards the IIA (including the restrictions on the transfer of know-how and manufacturing capacity, to the extent applicable, outside of Israel) as a condition to IIA approval. General Risk Factors The requirements of being a public company may strain our resources and divert management’s attention. As a public company listed in the U.S., we are subject to the reporting requirements of the Exchange Act, the Sarbanes-Oxley Act, the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010, Nasdaq listing requirements and other applicable securities rules and regulations. Compliance with these rules and regulations increases our legal and financial compliance costs, makes some activities more difficult, time-consuming, or costly, and increases demand on our systems and resources. The Exchange Act requires, among other things, that we file annual, quarterly, and current reports with respect to our business and results of operations. As a result of disclosure of information in our filings with the SEC, our business and financial condition are visible, which may result in threatened or actual litigation, including by competitors and other third parties. If such claims are successful, our business and results of operations could be adversely affected, and even if the claims do not result in litigation or are resolved in our favor, these claims, and the time and resources necessary to resolve them, could divert the resources of our management and adversely affect our business and results of operations. If we fail to maintain an effective system of disclosure controls and internal control over financial reporting, our ability to produce timely and accurate financial statements or comply with applicable regulations could be impaired. As a public company, we are subject to the reporting requirements of the Exchange Act, the Sarbanes-Oxley Act, and the rules and regulations of the applicable Nasdaq listing standards. This assessment will need to include disclosure of any material weaknesses identified by our management in our internal control over financial reporting. In addition, our independent registered public accounting firm is required to attest to the effectiveness of our internal control over financial reporting. For example, since our IPO, we have implemented additional policies and procedures associated with the financial statement close process and implemented a system to supplement our core accounting system as part of our control environment. We expect that the requirements of these rules and regulations will continue to increase our legal, accounting, financial compliance and audit costs, make some activities more difficult, time-consuming and costly, and increase demand on our personnel, systems, and resources. In addition, our current controls and any new controls that we develop may become inadequate because of changes in the conditions in our business, including increased complexity resulting from our international expansion. Further, weaknesses in our disclosure controls or our internal control over financial reporting may be discovered in the future. Any failure to maintain internal control over financial reporting could severely inhibit our ability to accurately report our financial condition or results of operations. If we are unable to conclude that our internal control over financial reporting is effective, or if our independent registered public accounting firm determines we have a material weakness in our internal control over financial reporting, we could lose investor confidence in the accuracy and completeness of our financial reports, the market price of our ordinary share could decline, and we could be subject to sanctions or investigations by the SEC or other regulatory authorities. Failure to remedy any material weakness in our internal control over financial reporting, or to implement or maintain other effective control systems required of public companies, could also restrict our future access to the capital markets. 48 Table of Contents The impact of the war between Israel, Hamas and Hezbollah, and regional conflict in the Middle East, the war between Russia and Ukraine, and other areas of geopolitical tension around the world, including the related global economic disruptions, remains uncertain at this time, and could harm or continue to harm our business and results of operations.

Furthermore, because of our subscription-based business model, the impact of these factors may not be fully reflected in our results of operations and overall financial condition until future periods, if at all. The preparation of financial statements in conformity with GAAP requires management to make estimates and assumptions that affect the amounts reported in the consolidated financial statements and accompanying notes. We base our estimates on historical experience and on various other assumptions that we believe to be reasonable under the circumstances, the results of which form the basis for making judgments about the carrying values of assets, liabilities, equity, revenue, and expenses that are not readily apparent from other sources. Our results of operations may be adversely affected if our assumptions change or if actual circumstances differ from those in our assumptions, which could cause our results of operations to fall below our publicly announced guidance or the expectations of securities analysts and investors, resulting in a decline in the market price of our ordinary shares. Significant items subject to such estimates and assumptions include, but are not limited to, the allocation of transaction price among various performance obligations, the estimated benefit period of deferred contract acquisition costs, the allowance for credit losses, the fair value of acquired intangible assets and goodwill, the useful lives of acquired intangible assets and property and equipment, the incremental borrowing rate for operating leases, and the valuation of deferred tax assets and uncertain tax positions. We are exposed to credit risk and fluctuations in the market values of our investment portfolio. Given the global nature of our business, we have diversified U.S. and non-U.S. investments. Credit ratings and pricing of our investments can be negatively affected by liquidity, credit deterioration, financial results, economic risk, political risk, sovereign risk, or other factors. As a result, the value and liquidity of our investments may fluctuate substantially. Therefore, although we have not realized any significant losses on our investments, future fluctuations in their value could result in a significant realized loss. Catastrophic events, or man-made problems such as terrorism, may disrupt our business. A significant natural disaster, such as an earthquake, fire, flood, or significant power outage could have an adverse impact on our business, results of operations, and financial condition.S. headquarters are located, a region known for seismic activity and increasingly, wildfires. In the event our or our partners’ abilities are hindered by any of the events discussed above, sales could be delayed, resulting in missed financial targets for a particular quarter. All of the aforementioned risks may be further increased if our disaster recovery plans prove to be inadequate. Item 1B. Unresolved Staff Comments None. CybersecurityRisk Management and StrategyWe have developed an information security program intended to protect the confidentiality, integrity, and availability of our critical systems and information. Our information security program is managed by our SVP, Chief Security Officer (“CSO”), whose team (the “CSO Office”) is responsible for leading enterprise-wide cybersecurity strategy, policy, standards, architecture, technologies, and processes. Our CSO’s primary responsibility includes assessing, monitoring, and managing our cybersecurity risks. This collaboration is aligned with industry standards of the Software Development Life Cycle, underscoring our commitment to maintaining robust security protocols across all phases of our operations. We have developed and maintain a robust cybersecurity incident response plan. JFrog’s cybersecurity incident response team has a comprehensive strategy and policies in place for managing security incidents. Along with swift threat classification, containment, and eradication, the strategy includes notification procedures to promptly inform and support stakeholders in accordance with applicable data breach notification laws. Incident analysis is carried out to understand root causes and drive continuous improvement. Our information security controls and practices are certified against globally recognized standards: ISO 27001, ISO 27701, ISO 27017, SOC 2 Type II, CSA start level 1, TISAX and KY3P by S&P Global. We are also aligned to cybersecurity practices and controls recommended by the National Institute of Standards and Technology (“NIST”), part of the U.S. Department of Commerce. This program is designed to oversee and identify risks from cybersecurity threats associated with its use of third-party service providers. Training and AwarenessOur employees undertake cybersecurity and data privacy training during onboarding. The majority of our employees complete annual refresher modules. JFrog also maintains a secure-code training program for developers and quarterly phishing simulation to improve our employees’ awareness. These partnerships enable us to leverage specialized knowledge and insights, helping our cybersecurity strategies and processes remain consistent with applicable generally adopted industry best practices.

”Governance Our Board of Directors considers cybersecurity as part of its overall risk oversight function and believes it has established robust oversight mechanisms to support effective governance in managing risks associated with cybersecurity threats. Data protection under their guidance and oversight remains a strategic priority at the highest levels of our organization. The Board has delegated to the Audit Committee the responsibility to oversee the information security program (see below) and is also updated regularly regarding matters discussed with the Audit Committee.The Audit Committee is responsible for oversight of our information security program and receives reports at least quarterly from executive management, including the CSO, CTO, and CIO, concerning cybersecurity matters. The Audit Committee’s charter directs that the committee oversee and periodically review the Company’s risks related to privacy, cybersecurity, and information and technology security, including: •discussing with management the Company’s plans to mitigate cybersecurity risks and response to data breaches;•reviewing any reports from management on data breaches, and• overseeing the disclosure of any significant risks and incidents to the extent required by applicable law, including SEC rules and regulations. Our CSO, who reports directly to our CTO, works closely with our CIO who reports directly to our Chief Executive Officer. Over the past two decades, our CIO has held various positions in information technology and information security, including as CIO in two public companies, managing and controlling cybersecurity long-term programs and risks. Both our CTO, who is a co-founder of JFrog and is also a member of our Board, and our CSO have extensive experience assessing and managing cybersecurity programs and cybersecurity risks, and they work closely to define the initiatives of our cybersecurity program, the CSO organization structure and cyber business continuity plan planning. Our CTO is updated regularly on the status of our cybersecurity program. This allows us to address emerging threats and make informed decisions in real-time and to protect our systems on a timely basis.Finally, our VP of Internal Audit leads an annual internal audit plan which includes a cybersecurity, privacy, or information technology security component. .

Recently Filed

Click on a ticker to see risk factors

Ticker *	File Date
NUS	6 days, 11 hours ago
GPN	6 days, 11 hours ago
CBRE	6 days, 11 hours ago
NSIT	6 days, 11 hours ago
CTVA	6 days, 11 hours ago
HTH	6 days, 11 hours ago
AMG	6 days, 11 hours ago
NTGR	6 days, 11 hours ago
FCX	6 days, 11 hours ago
DIOD	6 days, 11 hours ago
AMCX	6 days, 11 hours ago
REG	6 days, 11 hours ago
AN	6 days, 11 hours ago
FROG	6 days, 11 hours ago
DEI	6 days, 11 hours ago
WCC	6 days, 11 hours ago
MSA	6 days, 11 hours ago
VNDA	6 days, 11 hours ago
NWL	6 days, 11 hours ago
BIO	6 days, 11 hours ago
AUR	6 days, 11 hours ago
THS	6 days, 11 hours ago
DWAC	6 days, 11 hours ago
PLD	6 days, 11 hours ago
LHX	6 days, 11 hours ago
IRM	6 days, 11 hours ago
AB	6 days, 11 hours ago
DOV	6 days, 11 hours ago
HASI	6 days, 12 hours ago
MCO	6 days, 12 hours ago
HLIT	6 days, 12 hours ago
WY	6 days, 12 hours ago
AMGN	6 days, 12 hours ago
JPM	6 days, 12 hours ago
RDN	6 days, 12 hours ago
KRBP	6 days, 12 hours ago
DASH	6 days, 12 hours ago
NMIH	6 days, 12 hours ago
CPS	6 days, 12 hours ago
LYFT	6 days, 12 hours ago
SITM	6 days, 12 hours ago
UBER	6 days, 12 hours ago
ALK	6 days, 12 hours ago
IVAC	6 days, 12 hours ago
HCSG	6 days, 12 hours ago
ROKU	6 days, 12 hours ago
WRE	6 days, 12 hours ago
LEA	6 days, 12 hours ago
CAR	6 days, 12 hours ago
AKR	6 days, 12 hours ago

OTHER DATASETS

House Trading

Dashboard

Corporate Flights

Dashboard

App Ratings

Dashboard

Strategies

Alerts

Browse Data

Risk Factors Dashboard

View risk factors by ticker

Search filings by term

Risk Factors - FROG

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing

$FROG Risk Factor changes from 00/02/15/24/2024 to 00/02/14/25/2025

Recently Filed

OTHER DATASETS

House Trading

Corporate Flights

App Ratings

TRADE SMARTER

TRADE SMARTER

Strategies

Alerts

Browse Data

Risk Factors Dashboard

View risk factors by ticker

Search filings by term

Risk Factors - FROG

-New additions in green-Changes in blue-Hover to see similar sentence in last filing

$FROG Risk Factor changes from 00/02/15/24/2024 to 00/02/14/25/2025

Recently Filed

OTHER DATASETS

House Trading

Corporate Flights

App Ratings

TRADE SMARTER

TRADE SMARTER

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing