Forrester

RSAC Conference 2025 started off strong last Monday morning with the 20th annual Innovation Sandbox competition. For those unfamiliar with the competition, 10 emerging cybersecurity companies give a 3-minute pitch to a panel of judges, who ask questions and then select a winner and a runner-up. Since the start of the contest, the finalists have collectively seen over 90 acquisitions and over $16.4 billion in investments. Starting this year, the 10 finalists will each receive a $5 million uncapped simple agreement for future equity (SAFE) investment provided by Crosspoint Capital Partners (owner of the conference) to further develop their offering. An uncapped SAFE investment means that the investor’s SAFE note does not have a maximum valuation cap, so there is no predetermined limit on how high the company’s valuation can be when the SAFE converts into equity at the next funding round. It’s not clear what strings may be attached to the investment and whether startups can refuse the investment and still participate in the competition. One small company we spoke with during RSAC 2025 (not an Innovation Sandbox finalist) admitted that its existing investors were nervous about the potential SAFE investment. AI, Firmware, And Vulnerability Management This year’s entrants (Aurascape, CalypsoAI, Command Zero, EQTY Lab, Knostic, Metalware, MIND, ProjectDiscovery, Smallstep, Twine Security) represented a range of cybersecurity categories covering several different use cases and problem sets for security leaders. However, there were few “category-creating” vendors in the contest this year. Instead, most of the vendors seemed to represent possible features (or products) for platform vendors to snag via acquisition. As expected, agentic AI was commonly referenced both as innovative and a shortcut to scale for vendors. During the break, while the judges deliberated, we tried to predict the likely winner. Many of us liked Smallstep’s pitch around device attestation but didn’t think the judges would pick it. EQTY Lab (verifiable AI agents) also got some votes. Heidi and Jeff both chose ProjectDiscovery, the eventual winner, in their top three. ProjectDiscovery, pitching open-source vulnerability detection, benefits from a built-in customer base due to its community model. The company’s pitch repeatedly compared itself to “20-year-old technology” and argues that advances in posture management and attack surface management don’t help with the actual problem in vulnerability management: prioritization. ProjectDiscovery contends that its ability to test exploitability — based on its templates — is the difference maker compared with legacy solutions because that element dictates whether to prioritize remediation of a vulnerability. Companies Or Features? At the start of this year’s Innovation Sandbox, Dr. Hugh Thompson, executive chairman of RSAC as well as program committee chairman of the RSA Conference Program Committee, displayed a list of 200 companies that were finalists over the past 20 years. The list included several — Abnormal, Axonius, Enveil, Sonatype, Yubico — that remain standalone players in the security space. By contrast, this year’s 10 contenders and their succinctly pitched offerings seemed more like glorified features and less like fully baked companies. We expect the majority of 2025 finalists to be acquired and bolted onto existing tools and platforms in the next 18 to 24 months. The winner, ProjectDiscovery, seemed the most likely of the bunch to remain a standalone company. One challenge in the Innovation Sandbox is that it’s not clear how much relative weight the judges assign to the quality of the pitch, the overall market opportunity, or how innovative the company or product is. Some pitches were very direct about the problem and backed up their assertions with data. Others struggled to answer questions about what problem they solved or how they brought their niche product to market. In one case, it took 2 minutes (of a 3-minute pitch) for the speaker to explain what the product was. As for innovation: ProjectDiscovery is game-changing in that it checks a lot of boxes for doing something differently to address a clear pain that has existed for a while, prioritizing vulnerability management according to what is truly exploitable. It also follows a previously successful model by blending open source, community effort, and enterprise support common in tech startups. EQTY Lab and Smallstep are game-changing in different ways, addressing emerging problems or introducing new technologies to solve perennial problems. EQTY Lab focuses on establishing trust in AI agents so that they can run safely and at scale. Smallstep offers an approach to device attestation using the ACME protocol to help fight phishing and exfiltration. Additionally, both startups developed a groundswell of support from major cloud providers and device manufacturers, respectively, lessening tech adoption friction. Knostic and CalypsoAI both tackle problems related to widespread adoption of enterprise AI for internal and external users in different ways. Knostic approaches the problem of AI oversharing by invoking need-to-know information but also helps by suggesting alternate info rather than simply blocking users. CalypsoAI’s agentic warfare solution is a continuous way to evaluate the security of AI by adapting and refining approaches with agentic AI. Command Zero impressed with its presentation about agentic AI in security operations. The 3-minute pitch demonstrated that the company understands the problems, vocabulary, and needs of security operations practitioners. Two entrants looked to reinvent data loss prevention (DLP) in different ways. MIND’s pitch of a DLP platform lacked detailed metrics or quantifiable gains over today’s solutions. Aurascape’s message of innovating fearlessly didn’t match the solution, which focused on AI application discovery and DLP-esque use cases. The remaining entrants also left us with questions about their barriers to entry. Metalware pitched a binary fuzzer to find security flaws in firmware. Fuzzing is a common approach in the IoT and OT security world, but the vendor will have to navigate a crowded supply chain security market, something the judges pointed out, as well. Twine Security introduced AI digital employees and provided some solid metrics on time saved, but the questions of accountability, governance, and trust must be addressed more directly. A few companies featured in the Innovation Sandbox reflected emerging technologies featured in Forrester’s report, The Top 10 Emerging

The software testing landscape is undergoing a seismic shift. For years, continuous automation testing (CAT) platforms have been the gold standard for reducing manual testing and ensuring comprehensive coverage across diverse environments. But with the advent of generative AI (genAI) and large language models (LLMs), we are entering a new era: the rise of autonomous testing platforms. This transition is not just timely — it is necessary to address the challenges posed by AI-driven development and the accelerated pace of modern software delivery. From Continuous Automation Testing To Autonomous Testing Platforms CAT platforms have long been defined by their ability to streamline testing processes, offering scalable automation tools that integrate seamlessly into DevOps pipelines. These platforms have been instrumental in reducing the complexity of testing, especially in enterprise environments where applications span multiple channels, technologies, and packaged environments. But CAT platforms have struggled to move the industry beyond 23–25% of automated tests to significantly higher percentages of automation. In addition, as software development evolves, so do its demands. The integration of AI in development has introduced new challenges that CAT platforms are not equipped to fully address. Generative AI tools are enabling developers to produce code at unprecedented speeds, while AI-powered business applications are generating outputs that can be plausible yet incorrect (hallucinations). These shifts necessitate testing platforms that go beyond automation — platforms that are intelligent, adaptive, and capable of augmenting human testers in tackling AI’s complexities. Enter autonomous testing platforms, which are powered by AI and infused with genAI capabilities. These platforms leverage what Forrester has coined “tester TuringBots,” advanced AI tools (aka agents) that augment testers’ productivity and effectiveness. Tester TuringBots bring intelligence and adaptability to the testing process. This enables organizations to test faster, handle larger volumes of code and functional requirements, and address the unique challenges posed by AI applications.   Why Is This Transition Happening Now? From a research perspective, the timing of this transition is ideal. The convergence of several factors has created the perfect storm for the adoption of autonomous testing platforms: Generative AI in development. Developers are increasingly using genAI tools to write code, accelerating productivity and creating a need for testing platforms that can keep pace. The proliferation of AI applications. Businesses are deploying AI-driven applications that leverage LLMs and genAI, which require specialized testing to address issues such as hallucinated outputs and complex behavior. A shift to faster delivery cycles. Continuous delivery pipelines demand faster and more accurate testing to avoid bottlenecks in the development process. The integration of AI into testing platforms represents the logical next step in addressing these challenges, enabling organizations to scale their testing efforts while maintaining accuracy and efficiency. The era of autonomous testing platforms will likely dominate the software testing landscape for the next five years or more. As AI continues to permeate every aspect of software development and business applications, the need for intelligent, adaptive testing solutions will remain high. As technology evolves, however, we may eventually see the emergence of even more advanced platforms — perhaps driven by self-learning AI or quantum computing — that redefine testing once again. Research Milestones: What’s Next? I am making several updates to my Forrester research. This week, I am launching “The Autonomous Testing Platforms Landscape, Q2 2025,” which is replacing The Continuous Automation Testing Platforms Landscape, Q3 2022. Similarly, I am evolving The Forrester Wave™: Continuous Automation Testing Platforms, Q4 2022, into “The Forrester Wave™: Autonomous Testing Platforms, Q4 2025.” These updates aim to provide you with deeper insights into whether your current testing partner — or a potential new one — has the capabilities to support emerging use cases and deliver required functionality. This new research promises to offer valuable insights into existing and new testing platforms shaping this exciting transition. Final Thoughts The evolution from continuous automation testing to autonomous testing platforms represents a paradigm shift in software testing. By embracing AI and genAI-infused tools such as tester TuringBots, organizations can tackle the growing complexity of modern development while maintaining speed and accuracy. This transition is not just a technological upgrade — it’s a strategic imperative to ensure that testing keeps pace with the rapidly changing world of software development. Here are some of the criteria I am thinking will make autonomous testing relevant: web and multiple-device-type UI test automation, model-based automation, keywords, behavior-driven-development test case design, test case scripting and/or coding, change analysis, natural language tests and interfaces, test agent creation and orchestration, test agent administration, monitoring, management, quality-assurance AI accuracy, hallucinations, bias, retrieval-augmented generation pipes, agile planning and DevOps platform integration, cloud browser and device lab testing grids, performance and benchmark testing, test data and insights for enterprise/team reporting, API testing, test data management, and software-as-a-service and on-premises business process testing. Are any capabilities missing that you’d expect to see in autonomous testing? Reach out to me at [email protected], and I’ll be happy to refine my list. The future of testing is autonomous, and the journey begins now … source

RSAC is the largest cybersecurity conference in the world. Leaders and practitioners across all sectors come together to tackle challenges, all under the maxim of “managing risk.” But what does “risk” actually mean at a security conference? Is it a mythical pursuit? Marketing buzzword? Or generic substitute for “the thing we need to detect/prevent/remediate”? RSAC Chairman Dr. Hugh Thompson opened this year’s conference by asking: “How do we operate with purpose in a time of great uncertainty?” This simple question is at the core of risk management and marks a radical departure from the security status quo. Where security focuses on “operate,” risk focuses on “uncertainty.” The goal of risk is to make better decisions that maximize opportunity and minimize loss while operating under uncertain conditions. Security and risk intersect by leveraging security data about today’s operational environment to make risk-informed trade-offs. Where Does Risk Fit In At A Security Conference? Even In Places You Don’t Expect. Of RSAC’s 535-plus open conference sessions, more than one-third prioritized risk-centric topics. Regulatory compliance still occupies the most space in risk conversations, but there was nearly an even split between strategic/programmatic topics (regulatory, risk management process and governance, and strategic and business risk) and technical risk domains (application security, AI/ML risks, supply chain and third-party risks, threat and vulnerability intelligence, cloud and infrastructure security, and data privacy and security).   Key Trends Reshaping The Risk Narrative As we noted in our RSAC themes blog, efficiency drove vendor messaging. AI agents (hoping to be fully agentic one day), platformization, automation, and intelligence dominated. These RSAC themes, current business trends, and thousands of end-user conversations we’ve held at the intersection of security and risk signal key industrywide shifts, such as: Technology resilience must be connected to customer services and business value. Regulatory mandates have put operational resilience on the map for financial organizations worldwide, and it’s now influencing global IT practices. To better define and plan for resilient outcomes, risk leaders emphasize connecting technologies with the critical services those technologies enable — even when regulation isn’t forcing their hand. This approach isn’t new, but it’s accelerating, creating stronger partnerships between risk and IT teams and enabling risk teams to better articulate revenue impacts from failures in critical business and technology components. Professional services and business recovery firms highlighted this at RSAC, further underscoring the resilience imperative. Newer GRC vendors innovate continuous controls monitoring (CCM). The enterprise governance, risk, and compliance (GRC) market has talked about CCM for years. But it required customers to have developer-level expertise to manage API specifications or perform DIY for integrations (spoiler alert: most risk teams don’t have this!). Smaller vendors have leapfrogged established ones by building out-of-the-box integrations that target cloud-native SaaS providers where more “greenfield” customers operate their tech stack. For now, these newer GRC offerings will struggle with enterprise customers who have legacy and on-premises tech footprints with plenty of technical debt to contend with, but they are paving a path to CCM that shows it isn’t just for “high maturity” organizations. Legal and security teams form an unlikely but critical alliance. This year, RSAC featured many general counsels and heads of legal (30 by our count!) in its GRC and CISO sessions. Legal and security teams are working more closely together, driven by the legal and regulatory landscape. In his session “A Deep Dive Into The New SEC Cybersecurity Disclosure Requirements,” Forrester’s Jeff Pollard explored the legal implications that boards and CISOs must consider. General counsels and CISOs are establishing structured communication channels and regular cross-departmental check-ins to align priorities and share information effectively. This new power couple’s shared goal: Protect their organizations and mitigate risk to the business. “Supply chain” has become a confusing catch-all in the market. Plastered on conference booths were dozens of references to supply chain risk. Vendors use it to describe a range of capabilities, including AI-driven third-party assessments, fourth- and nth-party discovery, and vulnerability identification in the software supply chain. This broad usage muddles the distinction between managing risks to and from entities versus the security risks posed by components and processes. The result? Buyers are often misled about the solutions. Cyber risk quantification (CRQ) gains mass appeal among CISOs and vendors. Business-minded CISOs are increasingly seeking ways to articulate operational cyber risk in terms of its material impact on the business. Concurrently, security vendors across various market categories are beginning to integrate CRQ analysis into their products, including vulnerability, attack surface, security posture management, Zero Trust, risk ratings, third-party risk, and GRC technologies. These tools provide essential security telemetry that, when applied through a CRQ model, delivers objective risk insights. Industry efforts to champion open standards, automation, and integrated data models for cyber risk analysis have helped shake off legacy ideas that CRQ is too manual and difficult to accomplish. Now, CRQ is evolving into a core capability of a holistic cyber risk management program. AI is GRC’s shiny object. GRC is overdue for innovation. AI holds tremendous potential to automate data collection, processing, and reporting, which has been a prolonged pain point for GRC users. While AI promises to drive efficiency and reduce overhead — a core business priority for GRC buyers — scaling AI and agentic AI requires resources to manage workflows and agents, and GRC teams are still struggling with the basics. They’d love to use AI to automatically conduct risk assessments when new assets are identified but are stuck building scalable control testing processes or maintaining accurate asset inventories. To help customers fully embrace AI, GRC vendors need to streamline the fundamentals so that customers have more time and resources to plan for AI-enabled workflows. RSAC conference sessions, vendor messaging, and customer conversations reflect what we’ve known: Risk is not a compliance checkbox but a dynamic discipline to navigate uncertainty and enable business outcomes. Has it reached critical mass? Not yet. Risk practitioners must continue to drive the conversation by showing up to security conferences, challenging status-quo thinking, and pressuring vendors and presenters alike to

The more I see social media conversations about brand versus demand or ideas like the 95-5 rule, the more I realize that a lack of good, objective data is at the center of these conversations. The conversations are typically spawned by someone or some company that wants marketers to increase their advertising investments or hire someone with expertise in “brand to demand” or some such concept. In other words, they can be seen as self-serving, so are their “findings” and arguments to be trusted? I did some number crunching, and here’s what I found that can hopefully help B2B marketers objectively decide how to best invest in B2B brand and demand advertising. The 95-5 Rule Is More Like The 85-15 Variable To quote the original research, “The 95% figure is not meant to be a precise rule. We’re using it as a heuristic […] ” Heuristics aside, how many B2B buyers are actually in market at any given time? It turns out that 5% is too low on average across all B2B purchases. For example, according to my findings, which I will limit to the B2B marketing technology categories we track at Forrester for the purposes of this blog: Roughly 20% of B2B organizations, on average, are planning to change their primary B2B marketing technology provider. Of the 20% planning to change, 78% are planning a change within the next 12 months, so that works out to around 15.6% in market each year. There are variations across categories such as account-based marketing platforms (23%), B2B data providers (21%), and B2B customer data platforms (18%). There are also material variations between specific incumbent vendors. For example, one B2B data provider has 15% of its customers planning to replace it while another has 30%. Key takeaway: Don’t assume that only 5% of your potential buyer audience is in market! Research your market and survey your customers’ buying networks to find out what the actual ratio is (you can generally assume that it’s between 15–30% of your total audience if you’re a B2B marketing technology vendor). Advertise To Every Target Audience All The Time (If You Can Afford To) It may seem counterintuitive, but I can objectively recommend after much analysis of B2B advertising that B2B marketers should advertise to all audiences that matter all the time. The best approach is a steady stream of reputation-focused advertising flights mixed with a degree of extra emphasis on demand capture when detected signals indicate more proximity to a purchase for specific audiences. To estimate your optimal advertising budget, use this formula. First, divide the number of impressions you think you need in each targeted audience by 1,000 and then multiply that by the average cost per mille (CPM) in your advertising mix. For example, if you want to serve 12 impressions per week for 52 weeks to 100,000 people, and your average CPM is expected to be $60 across all individually addressable channels, your estimated budget should be $3,744,000 (62,400,000 impressions divided by 1,000 times $60). And if you are shooting for a ratio of a 4:1 return on marketing investment, for example, you will need to show around $15,000,000 in revenue lift. That would be 150 closed/won sales at a $100,000 average selling price. Key takeaway: You can advertise to all your audiences some of the time or some of your audiences all of the time. But you’ll be better off if you can advertise to all of your audiences all of the time. If you are a Forrester client, reach out to schedule a guidance session. I’d love to hear what you think and help you drive engagement with your target audiences and better business outcomes from your brand and demand advertising budgets. source

Buying a car is a major and often stressful purchase. To improve this experience, Capital One introduced Chat Concierge, an AI agent designed to simplify car buying. Unlike typical chatbots, this conversational agent uses multiple specialized AI agents to understand prompts, create and validate action plans, and execute tasks based on buyer preferences. Chat Concierge was built to be able to compare vehicles, estimate trade-in values, and schedule test drives in one conversation. This type of innovation marks a new era in digital banking where AI agents take action, paving the way for more agentic experiences in our lives. Digital Banking Is Poised For A Revolutionary Transformation Over The Next Decade In my new report, The Future Of Digital Experiences In Banking, I explore how banks, fintechs, and big tech firms will leverage both maturing and emerging technologies to redefine digital banking experiences, ultimately reshaping the financial landscape. So what’s on the horizon? AI-powered interfaces: crafting human-centered digital banking experiences Conversational banking has emerged in recent years, and advancements in AI are set to further transform consumer interactions within financial services. The future of digital banking will be defined by modern, intuitive, and human-centered interfaces. AI-powered virtual assistants will observe, gather information, learn, and communicate with consumers. This will allow organizations to gain deeper insights into consumer intent and emotions, enabling them to generate multimodal responses that incorporate appropriate tone, emotion, and visual elements. AI and IoT: unlocking consumer insights and transforming data into actionable intelligence In the future, sensors and IoT analytics combined with AI will help firms understand consumers’ context and intent. Open finance will enable secure data sharing across ecosystems, supporting embedded finance. Advanced AI and analytics will turn raw data into actionable insights, while AI and ML will streamline data processing. Large language models and generative AI will enhance data analysis, creating vast datasets and new content. Meanwhile, sensory AI, synthetic data, and explainable AI will improve situational understanding, generate insights where data is limited, and make AI systems more transparent and trustworthy. Edge computing and AI: accelerating real-time insights and autonomous decision-making Edge computing and AI, powered by faster networks (5G/6G) and advanced hardware, will bring data processing closer to its source, reducing latency and bandwidth use. This will enable faster insights, real-time analytics, and smarter decision-making. Real-time transactions and data processing will enhance responsiveness and efficiency. AI decisioning technologies will scale near-real-time engagement, while IoT will embed finance into objects, vehicles, and homes, creating automated, IoT-enabled scenarios. AI agents: automating decisions and paving the way for autonomous finance AI and advanced analytics will automate decisions, processes, and experiences. Expert AI agents will integrate analysis and execution, automating complex tasks. Although still in its early stages, agentic AI will pave the way for more advanced AI applications in automation and personalized services. Ultimately, this will lead to the development of personal AI agents and autonomous finance. Banks And Platforms Will Empower Consumers With Future Digital Experiences Over the next decade, we believe that consumers will shift from rigid, predetermined paths to cocurated, conversational journeys. They’ll take a more active role in deciding where, what, and how they consume content, information, and advice. Banks and platforms will reduce cognitive load by delivering the right content or services at the moment of need, dynamically assembling content and services based on data and context, providing actionable suggestions, and acting on behalf of consumers with their permission. Digital Banking Experiences Will Evolve Through Three Phases As consumers adopt new digital experiences and technologies mature, Forrester expects digital banking experiences to evolve through three interrelated and mutually reinforcing phases: Assistive experiences. Currently, consumers interact with banks through chatbots and virtual assistants, asking questions, making payments, and disputing transactions. Banks use data and real-time models to engage consumers with relevant experiences, delivering tailored insights, alerts, and suggestions. Anticipatory experiences. In this phase, consumers will engage in meaningful interactions through multimodal interfaces, sharing comprehensive data with banks and platforms. Conversational AI assistants will evolve into trusted digital financial advisors, using data and predictive tools to generate personalized insights and help reduce financial stress. Banks and platforms will continuously optimize experiences by offering diagnostic tools, coaching, and real-time solutions. Agentic experiences. In this phase, banks and platforms will leverage agentic AI systems for real-time personalization and automation. Consumers will use personal AI agents trained with their data to refine outputs and manage finances. Major platforms such as Apple and Google will use AI to create dynamic experiences, with personal AI agents autonomously seeking information, learning, and acting on consumers’ behalf. As AI technologies advance, digital financial assistants will provide more comprehensive advice across various financial products, transforming the landscape of autonomous finance.   Trust Will Be A Key Factor In Shaping This Future Trust will be a key factor in determining how much personal data consumers are willing to share, the degree of autonomy they allow AI agents, and the breadth of services they utilize. Empowered consumers will demand transparency and control over their data, sharing it only for personalized experiences that offer real value. They’ll tailor their interactions with AI, balancing convenience and control based on perceived risks. If you’re a Forrester client, read the full report, The Future Of Digital Experiences In Banking, to understand how digital banking experiences will evolve and how to prepare for that future. And stay tuned for upcoming research on conversational and agentic banking as we continue to explore the future of digital experiences. Visit my Forrester bio page and click “Follow” to receive notifications. You can also follow me on LinkedIn here. Forrester clients can also schedule an inquiry or guidance session with me to delve deeper into this topic. source

It’s a tough market for everyone in commerce and commerce tech right now. There are lingering market circumstances, such as a lack of interest in B2C commerce replatforming. Among consumers, one major retail CEO notes observing “stress behaviors,” and a VP at NielsenIQ sees a “conservation mentality.” Uncertainty across global economies is causing analysis paralysis for many businesses. So what do things look like for the order management system (OMS) market? Digital businesses will still adopt OMS solutions, but we expect that most will do so in limited, specific ways. I see most OMS adoption in the next one or two years coming from companies as 1) a first-ever packaged OMS purchase or 2) mini-adoption to solve a specific problem. A less likely scenario is a complete replatforming for businesses that already have an OMS. This situation is similar to what’s happening in the B2C commerce solutions market but for very different reasons. In commerce, most digital businesses that were ready to move to a modern, cloud-based solution already have done so recently. And once they’re using one of these solutions, they’re unlikely to find “greener grass” from replatforming to another vendor in that class. Likely OMS Adoption Scenario Number One: A First-Ever Packaged OMS Purchase In OMS, on the contrary, there’s still a huge portion of the market that is using a homegrown solution or a highly customized enterprise resource planning connector to solve for OMS. These projects were a good idea at the time — likely a decade ago or more. Now, they are aging and don’t scale well given modern customer requirements and the strides that vendors have made across commerce technology. And they certainly won’t serve inventory availability, in near real time from all stores and warehouses, during the milliseconds of the digital experience when a customer is most likely to abandon the cart. If you’re still managing orders, inventory, delivery promising, and fulfillment orchestration with anything other than a modern, packaged OMS, it’s time for a change. You’re one of many digital businesses ready — right now — for your first packaged OMS. Likely OMS Adoption Scenario Number Two: Mini-Adoption To Solve A Problem More digital businesses are buying their commerce tech incrementally. Call it the old “strangler pattern” as you whittle away at your legacy tech, replacing it bit by bit. Call it “composable” as you add just the modules you need. Call it “augmentative” as you realize that what you’re composing might be pieces of solutions within the same category (e.g., modules from a newer OMS on top of your original OMS). Using Forrester’s Function-First Tech Buying Framework, businesses begin by identifying the problem they need to solve and then identify the bare minimum tech they require to tackle that problem. Forrester introduced this model for buying tech nearly three years ago, and it’s now widely in practice across the market. Particularly in uncertain economic times, digital businesses are looking for short-term bang for their buck. In OMS adoption, this means modular buying, not full-solution purchasing. In Forrester’s Industry- And Customer-Supporting Software Survey, 2025, digital businesses indicate that they plan to move toward multivendor, modular solutions; single-vendor, complete solutions; and customized, packaged products. They’re moving away from buying modularly from a single vendor, and the largest drop is in their intent to build an OMS from scratch.   I’m pleased to see increased trust in packaged products — even when businesses plan to build on top of them. I’m also fascinated to see the move toward modules from multiple vendors, as I uncovered in my recent report, Dual-OMS Strategy Pays Off When The Secondary OMS Improves Revenue — Forrester’s Dual-OMS Total Economic Impact™ (TEI) Study. Some companies will do a clean replacement of their OMS with another. But I suspect that even when digital businesses intend to replatform, they’ll make more incremental changes over time rather than a full rip-and-replace. What does this mean for your relationships with vendors? These shifts in models (e.g., increased modularity or deep customization) call for adjustments to how you pay for your tech. Look for more flexible pricing that’s more closely tied to functionality. Push for guarantees on ROI with real, contractual concessions if the numbers don’t deliver. In a market that’s squeezing budgets and blowing up plans, it’s a great time to negotiate with vendors that need their foot in the door. source

As the Forrester research team conducted its analysis for the top 10 emerging technologies this year, it became clear that some of the dynamics in Europe are different, both for current and planned investment in emerging technologies. Contrary to continued popular misconception, this isn’t a story about European firms lagging behind in technology adoption or a lack of innovative startups. For example, when we look back at AI adoption rates across Europe in 2020, the European rates weren’t that different from what we were seeing elsewhere; most of the software, however, was procured from non-European companies, mostly US-based providers. As for Europe’s emerging tech startups, the best tended to be snapped up by US firms (e.g., DeepMind, acquired by Google) or chose to move their headquarters to the US in order to grow (e.g., Spotify). While all of this is still the case today, recent geopolitical developments have resulted in a concerted drive toward reducing that dependency. EU initiatives include the AI continent action plan, the aim of which is for the EU to become “a global leader in artificial intelligence” and a leading AI continent. Less than a month after the AI plan launch, European Commission President Ursula von der Leyen in early May announced the no less ambitious Choose Europe for Science drive, which seeks to attract international research talent to the EU with grants and reduced bureaucracy. The UK, ranked fifth in the 2024 Government AI Readiness Index and first in Western Europe, has laid out its own AI Opportunities Action Plan, even though it’s not clear yet how much government funding will be available. So with all of this in mind, let’s look at a few of the emerging technologies from our top 10 list through a European lens: Generative AI for language is leveling the playing field for other languages. Today, only one of the most widely used large language models comes from Europe (Mistral). But it’s not for want of talent, as already mentioned; for example, the core of Meta’s Llama model was also developed in France. So it shouldn’t be too much of a stretch to fulfil the promise of developing models that support European cultural and linguistic diversity. The cumbersomely named Alliance for Language Technologies European Digital Infrastructure Consortium formed in 2024, together with the more recently established Language Data Space, supports the collection of multilingual data and making it available via a marketplace for language data. All the AI technologies in our top 10 can benefit from investment in compute infrastructure. Back in 2021, the EU introduced a regulation to establish the European High Performance Computing Joint Undertaking with the objective of building a new generation of supercomputers within Europe and to widen access to existing and future supercomputing capacity and services. In 2025, a number of AI factories became available as part of this initiative; they offer compute power and support services free of charge to small and medium enterprises as well as startups. Autonomous mobility technologies are more widely used than is obvious. You won’t see any driverless robotaxis on European roads today, and there aren’t as many factory robots deployed as in some of the APAC countries. That said, Germany is in fourth place when it comes to robot density in the manufacturing industry (behind South Korea, Singapore, and China). Autonomous trams and underground trains operate in many European countries, and a variety of transportation vehicles move autonomously in closed environments such as factories and ports. Rollouts of services like autonomous shopping deliveries exist, as well, albeit at a small scale. Also worth mentioning are the advances made in the hardware and software of autonomous drones driven by the needs of the war in Ukraine. Cost pressures, demographic shifts, and the desire to reduce dependency on imports will continue to drive investment in all of the technologies under the autonomous mobility umbrella. I’ve touched on some, but not all, of our top 10 emerging technologies for 2025 in this post. If you want to get a deeper understanding of these technologies, check out our upcoming webinar on May 21, where Brian Hopkins, Forrester vice president of the emerging tech portfolio, will walk through the 10 technologies, explain our benefit horizons segmentation, and share more use cases. source

Boardrooms are abuzz with meetings to tackle head on the reverberations of country-specific US tariffs on the world and the subsequent retaliatory measures from large global trading partners, such as from Canada, China, the EU, Mexico, etc. These organizations, transcending industries, are all grappling with increased costs, disrupted supply chains, and heightened uncertainty. The automotive sector, for example, is one such industry that is bearing the brunt of the impact. Some large organizations are extremely wary of giving out a revenue outlook forecast. Procurement should take on the baton during these turbulent times and navigate the tariff conundrum with short-term mitigation measures, combining these with efforts aimed at building long-term resilience while driving competitive advantage with sustainable growth. Tariff Disputes Will Drive Up Cost, Volatility, And Complexity The immediate impact of the ensuing tariff war is apparent: increases in input costs for US-based firms, counter tariffs levied by other nations, the loss of competitiveness of US exports, and global supply chains in disarray. In essence, the short-term pressure mounts, and the immediate consequences are stark: Financial impact. Businesses face the difficult choice of absorbing higher costs, squeezing profitability, or passing them on to consumers, risking demand elasticity. General Motors, for example, faces billions in potential losses to its earnings forecast, increased costs on imported auto parts, pressure on pricing that would impact demand, and reduced profitability impacting future R&D investments. Supply chain volatility. Tariffs can disrupt established global supply chains, forcing organizations to reduce their dependency on a single country and diversify by seeking alternative sources, often with limited lead time and potentially higher costs and other quality compromises. Adidas, for instance, had to shift its strategy to diversify its sourcing location by moving away from China. Increased administrative burden. Tariff classifications, impact analysis, duty payments, and evolving trade regulations add complexity and administrative overhead, forcing organizations to divert resources away from core business activities. Small and midsized companies with limited resources face the brunt of allocating resources to calculate increased duties and prepare additional documentation for audits, extended scrutiny, and so on. Short-Term Procurement Measures Focus On The Immediate Impact Of Tariffs As we have outlined in previous research, in times of volatility and uncertainty, procurement can become the secret weapon. In the short term, procurement leaders should focus on: Rapid cost optimization. Identify immediate cost-saving opportunities through aggressive negotiation with existing strategic, tactical, and niche suppliers; explore value engineering options; and scrutinize non-essential spending. Underperforming suppliers should be put on performance improvement plans. Use Forrester’s Strategic Partnership Assessment Template to identify the correct segmentation of your suppliers. Prioritize the high-impact strategic and tactical suppliers for immediate cost-savings negotiations. Consider also the rationalization of the niche suppliers. Supplier contractual renegotiation. Engage in urgent dialogues with key and niche suppliers to understand the impact of tariffs on their pricing and explore potential cost-sharing or alternative contractual arrangements. Procurement should not wait until the next quarterly business review but instead call for an extraordinary request to come to the negotiating table. Going forward, procurement leaders should have this flexibility to revisit contracts incorporated in their master services agreements and other contracts so as to avoid any resistance from suppliers. Risk assessment and mitigation. Evaluate the immediate risks to the supply chain, identifying vulnerable suppliers and materials and exploring short-term alternative sourcing options, even if they come with compromises. Keep a weekly check-in with the risk team as a priority. Tariff engineering and compliance. Work closely with internal stakeholders such as legal, risk, and trade compliance teams to understand tariff classifications, explore potential exemptions, and ensure continued adherence to evolving regulations. Long-Term Procurement Strategies Elevate Overall Resilience And Competitive Advantage While the immediate focus is on damage control, the long-term implications of the evolving trade landscape necessitate a fundamental shift in procurement strategy. In previous research reports, we talked about how procurement should pivot beyond reactive knee-jerk measures to embrace a proactive, strategic approach to build resilience and competitive advantage for the long haul. Procurement leaders need to look beyond the immediate horizon and drive long-term strategic initiatives such as: Supply chain diversification and broader location strategies. The reliance on concentrated global supply chains has made companies more vulnerable to geopolitical disruption. Procurement organizations should diversify their portfolios and enhance agility by exploring broader location strategies, including nearshoring or reshoring production to reduce reliance of sole-sourced providers on tariff-affected regions. For example, as a result of tariffs, Apple is expanding production in India and Vietnam to reduce reliance on Chinese manufacturing. Further, the firm is committing to investing $500 billion in the US over the next four years to mitigate tariff risks and improve responsiveness. Strategic supplier collaboration and strategic sourcing relationships. Procurement should start focusing on supplier relation management and build stronger, more collaborative relationships with strategic partners. This includes deeper visibility into their supply chains, initiating joint risk assessments and collaborative innovation efforts to identify cost efficiencies and alternative materials. Strategic suppliers should be favored for future sourcing projects, and their footprints should show an increasing trend. Supplier value management (SVM) technology adoption. Procurement should leverage SVM technology for enhanced supply chain visibility and predictive analytics for demand forecasting. AI-powered procurement processes will be crucial for navigating complexity and making informed decisions in the dynamic trade environment while automating operational procurement. Digital procurement platforms streamline processes, enhance data visibility, and enable real-time decision-making. Cross-functional collaboration within the company. Procurement must work more closely with other functions, including finance, sales, risk, supply chain, operations, and legal, to develop holistic strategies that align sourcing decisions with overall business objectives and risk tolerance. The opportunity at hand is to enhance procurement’s image and positioning within organizations exponentially. Procurement should not waste this moment to shrug off its cost-cutting image by developing long-term sourcing strategies that help move the needle. It needs to keep supplier relationship management as a key focus of procurement roles, prioritizing innovation and mutual value creation. For black-swan events, procurement should proactively identify and mitigate supply chain disruptions by scenario planning and developing

Our annual report on the state of application security highlights the explosion of AI in applications and in-application development trends. source

The Asia Pacific (APAC) region was remarkably resilient throughout 2024 and early 2025, navigating challenges such as ongoing geopolitical tensions and China’s economic shifts. Initial projections indicated that the region would grow by 4.5% in 2025; we based our forecast of APAC technology spending on these assumptions. But recent events — specifically, the shifts in global trade policy induced by the US government’s announcement in April that it would impose broad tariffs — have substantially altered the trade landscape and introduced considerable uncertainty into the global economic outlook. It’s critical to note that: The tariffs will upend tech markets … US tariffs are likely to drive up technology prices, disrupt supply chains, and weaken IT investment worldwide as fears of a broader economic slowdown take hold. Advances in key technologies, particularly in the areas of AI and digital finance, continue to be powerful drivers of change across APAC, and concerns around sustainability and labor market dynamics remain important long-term considerations. But the immediate economic headwinds and heightened uncertainty stemming from the new tariff environment are likely to influence the pace, prioritization, and funding of technology initiatives in the coming months. … introducing volatility that complicates forecasting. The detailed forecasts presented in our forecast report reflect the market conditions and expectations that prevailed before the April tariff announcements and do not incorporate the potential dampening effects of these policy changes and the resulting market volatility. Given these developments, our original forecasts may be too optimistic by 1 to 2 percentage points, depending on a country’s trade exposure and the IT spending category in question (e.g., hardware versus software or services). The situation remains highly fluid, and the full impact of new US policy on APAC tech spending will likely take several months to fully manifest.   Potential Impact Of US Tariffs On Asia Pacific Technology Markets source