Nvidia Stock: How They Plan To Position For Q2 Earnings

You’re probably well aware that last quarter, Nvidia guided fiscal Q2 at $11 billion, which is 53% higher than analyst expectations of $7.2 billion. The stock was up 25% after hours, adding $200 billion to its market cap in the matter of a day. During the earnings call, the stock went from being up 15% after hours to being up 25% after hours when the CFO confirmed H2 would also be strong with visibility on supply.

Jensen Huang, CEO of NVIDIA, speaks during a press conference at the Computex 2023 in Taipei on May ... [+] 30, 2023. (Photo by Sam Yeh / AFP) (Photo by SAM YEH/AFP via Getty Images)

In addition to covering Nvidia’s AI angle many times since 2018, the I/O Fund holds an outsized Nvidia position at 17% allocation. Going into this year, they broke all of their portfolio management rules by holding a position that was over 10%. From there, we’ve talked consistently about a H2 2023 Semi Rebound to their premium members in webinars and analysis. I was also interviewed by Tier 1 media in August of 2022, and January of 2023 about this very high conviction. As you know, Nvidia would later beat in May.

In addition to covering Nvidia’s AI angle many times since 2018, the I/O Fund holds an outsized ... [+] Nvidia position at 17% allocation. Going into this year, they broke all of their portfolio management rules by holding a position that was over 10%. From there, we’ve talked consistently about a H2 2023 Semi Rebound to their premium members in webinars and analysis. I was also interviewed by Tier 1 media in August of 2022, and January of 2023 about this very high conviction. As you know, Nvidia would later beat in May.

Below, they will review why it’s likely Nvidia beats and sees expanding margins, and secondly, they will review their plans for their outsized position. My firm is unique in that they do not simply offer blanket buy recommendations, rather they disclose their trades in real-time to their premium members. Please also note their disclosure below that they cannot certain a stock’s performance, but they can tell you how the firm is managing their money.

As a reminder, Super Micro had a sizable beat with management doubling fiscal year guidance three months later from 20% to 40%, yet the market reacted harshly. Therefore, it is the practice of their firm to have an active portfolio stance by combining fundamentals and technicals for risk management.

It’s not a stretch to say that anticipation within the investment community is on par with the series finale of Game of Thrones. Everyone in the market will be watching this earnings report come market close.

In its Q1 announcement, Nvidia provided a first glimpse into the financial impact AI will have on its businesses with Q2 sales guidance of $11.07b. The sequential increase of +54% vs Q1 surprised the market. They expect Nvidia to only provide guidance into Q3. Although just one quarter, it will be an important data point for the market to assess the appropriate growth rate for the remainder of FY2024 and FY25.

Meeting or beating Q2 sales guidance and providing Q3 sales guidance better than consensus will be very important drivers behind Nvidia’s short-term stock performance.

During the earnings call, this was one of the comments that contributed to strong price action after hours:

“Vivek Arya:

Thanks for the question. Could I just wanted to clarify does visibility mean data center sales can continue to grow sequentially in Q3 and Q4 or do they sustain at Q2 levels? […]

Colette Kress:

Yeah, Vivek. Thanks for the question. Let me see if I can add a little bit more color. They believe that the supply that they will have for the second half of the year will be substantially larger than H1. So, they are expecting not only the demand that they just saw in this last quarter, the demand that they have in Q2 for their forecast, but also planning on seeing something in the second half of the year. They just have to be careful here. But they are not here to guide on the second half of that. Yes, they do plan a substantial increase in the second half compared to the first half.

On 6/14/23, Collette Kress, Nvidia CFO held a Q&A at the Jefferies Investor Conference . In particular, there is one question on all investors’ minds.

Question

“You guys gave guidance for the July quarter, which beat everybody’s expectations and 50% sequential growth. And I think there is a concern from investors that this is kind of a one-time spike that will come back down. I know you only guide one quarter at a time. But what do you say to investors who have a concern that it’s a one-time spike? And can you just talk in general terms, what is the visibility typically like with the data center and hyperscale companies?”

Colette Kress

“Yes. What they have seen is certainly an astounding amount of interest worldwide globally from many different types of customer sets […] They have better visibility than what they have seen before and their ability to focus right now on procuring the supply.

As they indicated in their earnings, they have procured the supply to the demand that’s been put in front of us and that visibility that they see. […] So their guidance for Q2 is really building upon years and years of working of the industry on accelerated computing and solutions such as AI. And they continue to see demand and demand visibility for the full year as well that they believe will sustain as they finish in Q2.”

Comparing her response to consensus sales estimates for the remainder of FY24, they come away with a couple of observations.

For Q2, consensus is in line with Nvidia’s guidance. There’s a chance that Nvidia will exceed their ... [+] own forecasts. If Nvidia has indeed procured the supply needed to meet demand, they believe that consensus Q2/Q3 growth estimates of +12% is too conservative.

However, the magnitude of the Q3 guidance will be very important given heightened expectations. Assuming Nvidia meets its Q2 guidance, we’ve put together a simple scenario analysis to parameterize the different outcomes they anticipate based on Nvidia’s potential Q3 guidance. +/- indicates anticipated stock positive or negative price performance on the next trading day based on that scenario.

However, the magnitude of the Q3 guidance will be very important given heightened expectations. ... [+] Assuming Nvidia meets its Q2 guidance, we’ve put together a simple scenario analysis to parameterize the different outcomes they anticipate based on Nvidia’s potential Q3 guidance. +/- indicates anticipated stock positive or negative price performance on the next trading day based on that scenario.

We’re optimistic that continued strength in AI related demand and stabilization in gaming will allow Nvidia to meet if not exceed their Q2 guidance. According to the Financial Times, “multiple sources close to Nvidia and its manufacturer, Taiwan Semiconductor Manufacturing Company, the chipmaker will ship about 550,000 of its latest H100 chips globally in 2023, primarily to US tech companies. Nvidia declined to comment.”

At $40,000 per H100, that equals $22 billion in H100 sales alone, and when you add the A100 and other data center sales at a current run rate of $14 billion, the data center segment could report a total of $36 billion in 2023. When you equal this out across the upcoming quarters, it looks something like this:

Q1: $3.5B A100s, $750M H100s = already reported, $4.2B

Q2: $3B A100s, $5B H100s = $8B data center, guided

Q3: $2B to $3.5B A100s, $7B H100s = $9B to $10.5B data center

Q4: $2B to $3.5B A100s, $10B H100s = $12B to $13.5B data center

H100s are priced differently depending on where they are sourced. The Information has the H100s at $20,000 yet sourced an analyst that believes they could see over 1M H100s sold in 2023. This arrives at $35 billion in sales. Given these variables, and credible sources, it appears $30 to $40 billion is the range going into Q2 earnings that analysts want to see for full year data center revenue.

We believe the market will react negatively if Nvidia provides Q3 guidance that is in-line with consensus or lower than 12%. On the flip side, Nvidia will likely need to provide guidance of at least greater than 20% for a significant positive reaction. This is because consensus will likely need to make upward revisions to their earnings for the remainder of FY2024 and FY2025. This is critical to support the current valuation.

Our base case assumption is that Nvidia’s Q3 guidance will estimate q/q growth of at least +20%. Remember, H100 was only introduced to the market toward the end of the last calendar year. Q1FY24 was the very first quarter where Nvidia is beginning to see the impact of AI and demand for the H100. Ultimately, they believe Nvidia will close out the year with data center revenue that is 50% higher than Q2.

At the same conference, in response to a question of how much of revenue growth is pricing vs units, CFO Kress answered

Question

“I know that you have fielded this question probably 1,000 times since you reported there is kind of this view that all of your growth is driven by ASPs and maybe not as much by units. And how should investors think about the ASP growth versus the unit growth in the quarter past and the quarter outlook?”

Colette Kress

“No. They truly are seeing demand and need across such a wide group of folks. And that’s not just based based on selling a brand new architecture and ramping a new architecture, Hopper architecture. They are still shipping their existing prior architecture. But no, this is not about ASPs, this really is about just the growth that they are seeing in focusing on AI and accelerated computing. I believe more of it is just about sheer volume of companies that are really interested in taking this next step and really leveraging generative AI for all the work that they do. That’s really what it’s about.”

CFO Kress’s answer is important because it indicates further potential for margins to expand not just from pricing. On a three-year basis, Nvidia has just returned to its prior peak of about 65% gross margins (reported). Given the positive pricing and unit demand dynamics, the new normal is perhaps between 65% and 70% gross margins:

CFO Kress’s answer is important because it indicates further potential for margins to expand not ... [+] just from pricing. On a three-year basis, Nvidia has just returned to its prior peak of about 65% gross margins (reported). Given the positive pricing and unit demand dynamics, the new normal is perhaps between 65% and 70% gross margins.

Operating Margin

Given CFO Kress’s comments that it’s both pricing and units, this suggests that there is upside to reported operating margins that still have yet to return to the prior 3-yr peak.

Given CFO Kress’s comments that it’s both pricing and units, this suggests that there is upside to ... [+] reported operating margins that still have yet to return to the prior 3-yr peak.

Net margin

A similar below-peak picture can be seen in reported net margins.

A similar below-peak picture can be seen in reported net margins. They likely won’t get answers to all ... [+] these medium term questions in Q2, but it will help us to assess what the margin potential is in the upcoming quarters.

We likely won’t get answers to all these medium term questions in Q2, but it will help us to assess what the margin potential is in the upcoming quarters.

Outlook for Gaming for FY2024

Gaming is still an important segment and contributed 31% to Q1FY24 sales and has been impacted by the weaker consumer. It appears that gaming bottom in Q1. Although gaming sales were down 38% y/y, they were positive 22% q/q. Critically, in the Q1 call Nvidia stated “We believe the channel inventory correction is behind us.

A resumption of growth in gaming is important for the overall sales and profitability and is probably not quite reflected in consensus estimates. It provides another lever for Nvidia to exceed their Q2 sales guidance and Q3 consensus sales estimates. So, they will look for continued signs of improvement and what growth rate is sustainable.

For more information on Nvidia’s Bull thesis, reference “Nvidia Will Still Surpass Apple’s Valuation” and also “Why Nvidia will Surpass Apple’s Valuation.”

Visually, you can see how Nvidia breaks down the $1 trillion opportunity. This was taken from the October 2022 investor presentation.

Visually, you can see how Nvidia breaks down the $1 trillion opportunity. This was taken from the ... [+] October 2022 investor presentation.

By Knox Ridley, Portfolio Manager

With the cash they raised throughout 2022, NVDA was the primary target of deploying some of this cash once their analysis signaled a bottom was in place. The below is a real-time trade notification they sent to their stock research members on the October 13th.

With the cash they raised throughout 2022, NVDA was the primary target of deploying some of this cash ... [+] once their analysis signaled a bottom was in place. Above is a real-time trade notification they sent to their stock research members on the October 13th.

The above alert was one out of nine alerts they sent out from 2021 – 2022 to buy NVDA below $200. However, since February of 2023, they have been systematically taking gains at key levels based on technical and macro warnings, while still holding it as their top position today.

In their last free Nvidia report, they identified the $405-$395 region as strong support. This was the buy zone they set up in advance, and were able to grab shares around the $410 region after it bounced from $403. Also, in their last report, they stressed the importance of last quarter’s earnings gap. For those that are not familiar, I’m referring to the rather large gap between closing price before their report and the opening price after the report.

Gaps are very important markers within price trends, and have many uses. For their purpose, the ... [+] question they need to answer – is this gap a breakaway gap (the halfway point in a trend), or is it an exhaustion gap (the final bullish push before rolling over)?

Gaps are very important markers within price trends, and have many uses. For their purpose, the question they need to answer – is this gap a breakaway gap (the halfway point in a trend), or is it an exhaustion gap (the final bullish push before rolling over)?

There are two general Elliott Wave counts I’m using that represent both of these gap possibilities.

The lowest I would allow this correction to go and still keep the red count valid would be the $340 ... [+] region. If they break below $340, then the odds shift that the gap from Nvidia’s last earnings call was in fact an exhaustion gap. Their next move would be to set up downward targets to accumulate Nvidia for the long haul.

The lowest I would allow this correction to go and still keep the red count valid would be the $340 region. If they break below $340, then the odds shift that the gap from Nvidia’s last earnings call was in fact an exhaustion gap. Their next move would be to set up downward targets to accumulate Nvidia for the long haul.

Another point worth mentioning is that the structure of the final leg in a corrective pattern (the C wave) is always a 5 wave drop. Furthermore, these patterns are fractal, so a small 5 wave patterns will morph into a larger one, which turns into an even bigger one. So, if they analyze the structure of the initial drop, they can get clues on what is playing out.

Another point worth mentioning is that the structure of the final leg in a corrective pattern (the C ... [+] wave) is always a 5 wave drop. Furthermore, these patterns are fractal, so a small 5 wave patterns will morph into a larger one, which turns into an even bigger one. So, if they analyze the structure of the initial drop, they can get clues on what is playing out.

This pattern appears to be an overlapping and corrective pattern, not a 5-wave pattern. If price can definitely break above the July high at $480, then the odds will shift heavily towards the red count as they push to new highs. The only chance the blue count will have is if they break $405 to make afresh low. If this happens, and it is followed by a 3 wave correction, then the odds will shift towards the blue count, allowing investors ample time to better risk manage this position.

If you own Nvidia stock, or are looking to own NVDA, they encourage you to attend their weekly premium webinars, held every Thursday at 4:30 pm EST. Next week, they will discuss NVDA, as well as a handful of other AI plays – what their targets are, where they plan to buy as well as take gains.

Please note: The I/O Fund conducts research and draws conclusions for the company’s portfolio. They then share that information with their readers and offer real-time trade notifications. This is not a certain of a stock’s performance and it is not financial advice. Please consult your personal financial advisor before buying any stock in the companies mentioned in this analysis. Beth Kindig and the I/O Fund own shares in NVDA at the time of writing and may own stocks pictured in the charts.

If you would like notifications when my new articles are published, please hit the button below to "Follow" me.

New Ransomware Threat Rhysida Linked to Notorious Vice Society Actors

It’s only been three months since the Rhysida ransomware group was detected, but the rising number of victims it’s racked up in such industries as education, manufacturing, and, more recently, healthcare is drawing the attention of cybersecurity pros trying to uncover more information about the operators behind it.

One of those security firms, Check Point, this week noted similarities in techniques that more tightly tied Rhysida and Vice Society, a highly aggressive ransomware group over the past two years that has primarily targeted organizations in the education and healthcare sectors.

Check Point researchers in a report also said Rhysida’s rise as a ransomware and double-extortion threat – exfiltrating data rather than simply encrypting in and threatening to publish it if the ransom isn’t paid – corresponds to the relative disappearance of Vice Society from the scene.

“As Vice Society was observed deploying a variety of commodity ransomware payloads, this link does not suggest Rhysida is exclusively used by Vice Society, but show with at least medium confidence that Vice Society operators are now using Rhysida ransomware,” the researchers wrote

Rhysida’s rise also highlights the trend in the cybercriminal world of threat groups reusing code and other components from previous malware in their own malicious tools, according to Cisco’s Talos threat intelligence unit.

“There has been huge growth in the ransomware and extortion space, potentially linked to the plethora of leaked builders and source code related to various ransomware cartels,” Talos researchers wrote in their own report this week. “This is just another example of how these groups can now quickly develop their own ransomware variants by standing on the shoulders of those criminals who had their previous work exposed publicly.”

The Rhysida group has been busy since emerging in May, racking up victims in a broad array of sectors, including government and tech. Now healthcare is in the gang’s crosshairs, including indications that it was involved in the attack earlier this month on Prospect Medical Holdings, which Check Point said affected 17 hospitals and 166 clinics in the United States.

The US Health and Human Services (HHS) Department around the same time issued an eight-page alert about Rhysida, outlining its tactics and techniques and pointing to possible connections with Vice Society, including the targeting of the education sector. The agency noted that 38.4% of Vice Society’s attacks targeted that space, compared with 30% of Rhysida’s victims.

“Of note, Vice Society mainly targets both educational and healthcare institutions, preferring to attack small-to-medium organizations,” the alert said. “If there is indeed a linkage between both groups, then it is only a matter of time before Rhysida could begin to look at the healthcare sector as a viable target.”

The healthcare industry is becoming a target of a lot of ransomware groups. According to a JAMA Network report last year, the number of ransomware attacks on healthcare delivery systems doubled between 2016 and 2021, exposing the personal heath data of almost 42 million patients.

Multiple studies of Rhysida found that the threat group gains initial access to targeted system via a number of avenues, including phishing and being a secondary payload dropped by command-and-control (C2) frameworks like Cobalt Strike.

Once in, they use a number of tools to move laterally through a compromised network, including Remote Desktop Protocol (RDP) and Remote PowerShell Sessions (WinRM). Both Check Point and Trend Micro said the ransomware itself was deployed using PsExec (which lets the operators execute processes on other systems). Trend Micro noted that Rhysida uses a 4096-bit RSA key and AES-CTR to encrypt files.

The bad actors use multiple backdoors to ensure persistence, including SystemBC, a proxy malware, and AnyDesk, a legitimate remote management tool, and evade detection by deleting logs and forensic artifacts, according to Check Point. They also change domain passwords to slow down remediation operations. Trend Micro also pointed to a PowerShell script called “SILENTKILL” used to end antivirus processes and services, delete shadow copies, modify RDP configurations, and change Active Directory passwords.

The security firms also highlighted the phrasing in the ransom notes left behind, with the attackers identifying themselves as the “security team at Rhysida” alerting the victims that their systems were compromised.

The connection to Vice Society, which has been raised before, become clearer as researchers dug deeper, according to Check Point. Many of the techniques, while used by many ransomware operators, were used in uncommon ways, including the tools used to create certain backups, creating a local firewall rule, and the domain-wide password change before the ransomware was deployed.

Along with the similarity in targets, the researchers used information on the leak sites of both groups to illustrated Vice Society’s fading presence once Rhysida came along. Since October 2022, Vice Society had keep a fairly consistent drumbeat of postings to its leak site. However, in May – when Rhysida appeared – the postings by Vice Society fell as Rhysida’s grew.

“Ever since Rhysida first appeared, Vice Society has only published two victims,” they wrote. “It’s likely that those were performance earlier and were only published in June. Vice Society actors stopped posting on their leak site since June 21, 2023.”

At Black Hat, Splunk, AWS, IBM Security and Others Launch Open Source Cybersecurity Framework

At a restaurant where the waiters, chefs and cooks speak the same language but use different words for what’s on the menu, you might order lobster bisque and wind up with steak frites. A similar Tower of Babel issue exists in cybersecurity, especially given increasing threats in 2023 — different security vendors don’t often use the same JavaScript strings to define events or even such parameters as dates and endpoints.

A consortium led by Splunk and AWS are hoping to fix this by standardizing how events are noted in logs, reducing the burden on security teams to decipher alerts they receive from multiple tools and vendors.

Jump to:

Last week at Black Hat, a steering committee comprising Splunk, AWS and IBM announced the general availability of the Open Cybersecurity Schema Framework. It is an open-sourced project hosted on GitHub that is designed to remove security data silos and standardize event formats across vendors and applications.

SEE: What happens at Black Hat …  More from the 2023 conference (TechRepublic)

When OCSF was first announced at Black Hat 2022, 18 organizations were on board. Now, OCSF comprises 145 security companies including AWS and IBM and 435 individual contributors. Splunk describes OCSF as an open and extensible framework that organizations can integrate into any environment, application or solution to complement existing security standards and processes.

At its heart, OCSF is a JavaScript object notation schema. In JavaScript, data is represented with a series of code strings with quotes and brackets. While there is an open standard notation for JavaScript logs called JSON, JSON names for different events are not standardized — this is the issue OCSF is meant to address.

Mark Ryland, director, Office of the CISO at AWS, said, “A great example is Greenwich mean time, GMT. Every tool might encode it, but not in the same way, so if I’m trying to do a date comparison, I may be seeing many representations of a given GMT date. Every tool is describing the reality it sees with a slightly different variation based on how it is sharing that information.”

He said that, because of this, analysts end up looking at multiple screens and in effect cutting and pasting to present data in a denormalized way.

“Working with Splunk and other vendors, they realized if they could decrease the amount of time spent on data cleansing, munging and transformation, they could increase productivity of security teams, because the problem would be solved in common formats across all telemetry,” he said.

SEE: ‘Munging’ AI at Black Hat: bane or boon for cybersecurity? (TechRepublic) 

Patrick Coughlin, VP, Technical GTM at Splunk, noted that security teams at organizations often use up to 100 tools, each with different structures, formats and ways of showing alerts.

“It’s a massive problem when they talk about alert fatigue,” he said. “If I have to talk to different systems that talk about alerts in different ways, it’s that much worse. OCSF brings it all together in a way that makes it far easier to understand, but also to automate.”

Ryan Kovar, distinguished security strategist at Splunk and director of the firm’s SURGe threat intelligence and analysis unit, said that if, for example, a ransomware attacker encrypts a file system, the way this ransomware encryption event is recognized in an event log by one vendor may be very different from how it is recognized by another.

“If there are several proprietary taxonomies for alerts — one for each of your security vendors — you can no longer tell if they are alerting for the same event or not. By contrast, the security solutions that utilize the OCSF schema produce data in the same consistent format, so security teams can save time and effort on normalizing the data and get to analyzing it sooner, accelerating time-to-detection.”

Building upon the ICD Schema work done at Symantec, OCSF includes contributions from 15 additional initial members including: Cloudflare, CrowdStrike, DTEX, IronNet, JupiterOne, Okta, Palo Alto Networks, Rapid7, Salesforce, Securonix, Sumo Logic, Tanium, Trend Micro and Zscaler.

Couphlin explained that, while there have been several standards and initiatives around data and cyber over the course of the past decade including STIX (Structured threat Information eXpressioin, a standardized XML programming language for cyber threats) and TAXII (for Trusted Automated eXchange of Indicator Information, a transport protocol for sharing of threat info across organizations), he is surprised by the uptake rate for OCSF.

“We have seen a significant acceleration of adoption of OCSF,” he said. “If you had asked me 12 months ago when they were here, I would have said it is going to be a slow, long road to traction because standards are tough and companies are territorial. I just learned that Barracuda, for example, has already launched its first product that natively integrates with OCSF, so it has grown by orders of magnitude in the past year. The big fundamental difference over the past 12 months is they can now point to products and capabilities in the market that are OCSF compliant, which they did not have last year.”

The proliferation of security solutions can leave buyers stymied. To learn more about criteria for choosing a cybersecurity solution that can block cyberattacks and protect allowed traffic from threats, get this definitive guide. It will show you how to effectively evaluate cybersecurity solutions through the request for proposal process.