Forrester

GenAI Mirrors Search Experiences Because of generative AI (genAI), all search experiences are increasingly conversational, assistive, and agentic. Consequently, distinctions between search experiences disappear. Perplexity and Rufus, Amazon’s shopping assistant, both leverage genAI-integrated search, blurring the line between search engine and site search experiences. Like Rufus, Perplexity’s shopping assistant rapidly summarizes reviews, compares features, and requires only one click to buy. Similarly, Adobe’s Acrobat AI Assistant, an example of cognitive search, facilitates conversations with PDFs and summarizes documents. This is similar to Leo, an AI assistant developed by private search engine Brave, which analyzes PDFs and Google Docs. Suddenly, search engine and cognitive search experiences look and feel alike. Examples abound of genAI-induced search convergence. Experiences like ChatGPT Tasks, Quora’s Poe, Reddit Answers, Salesforce’s Agentforce, ThredUp’s Style Chat, Workday Assistant, and more have much in common. Together, they form and reflect powerfully evolving search behavior. Now, users expect back-and-forth interactions with agents that act like personal assistants and, increasingly, act on users’ behalf. GenAI Minimizes Searchers’ Time To Value The convenience of genAI-integrated search experiences motivates mass adoption. Already, 37% of consumers use conversational search features whenever they can, according to a recent survey of Forrester’s Market Research Online Community. Such features replace the friction of clicks with the intuition of conversations and demand less effort. For example, when planning a trip, Google’s Gemini can let you know the best time to book flights, advise how to save money on hotels, create a trip planning document, draft a packing list, and check Gmail for confirmation codes. Microsoft’s Copilot can create a meal plan in seconds customized to your age by retrieving information from various sites. GenAI Demands Holistic Search As search experiences across engines, sites, and databases converge, silos between search marketing, commerce search, and cognitive search dissolve. Search-related tasks that once occurred in isolation — such as bid management for pay-per-click, log file analysis for search engine optimization, enhancing product metadata for commerce search, and synthesizing customer service answers for cognitive search — can now cross-pollinate in a holistic search strategy. Holistic search entails incrementality testing to mitigate keyword cannibalization, creating cross-functional testbeds for new search strategies and tactics, and listening more actively to customers’ voices. It means measuring search engine results page saturation, addressing websites’ existential crises, adopting commerce search, and investing in vector search. Our latest report — GenAI Forever Changes All Forms Of Search — details how to do all that and more. It’s a first-of-its-kind collaboration across Forrester’s B2C marketing, B2B marketing, commerce search, and cognitive search subject-matter experts. We look forward to your feedback and helping marketing, digital, and technology leaders and processes adapt to genAI-integrated search. As always, feel free to contact us to learn more. source

AI is transforming the way we live, work, and play. It’s altering how we make decisions and interact with technology. But for all its power, it still needs humans (for now) — not just any humans but those who understand how AI works, the dependencies between good data and useful AI outputs, and where human judgement is irreplaceable. Amidst a world rushing towards automation, data and AI literacy isn’t just a skill — it is how you become THE human in the loop. What Does It Mean To Be “The Human In The Loop”? The phrase “human in the loop” (HITL) comes from AI and machine learning, referring to the humans who step in to guide, correct, or make sense of AI-driven processes. Sometimes, it means reviewing AI-generated decisions to catch mistakes (think fraud detection or medical diagnoses). Other times, it’s about injecting human expertise where AI lacks context, nuance, or ethical reasoning. If you’ve attended a conference in the past year, the HITL is what vendors point to when assuring people with AI concerns that humans still will be a part of key governance structures and decision-making. What is often overlooked is how many humans will be in the loop, what the loops might look like, or how many AI/software loops one human can be responsible for. Here is our reality: Not all humans in the loop will be equal. Some will be passive overseers, clicking “approve” or “reject” on AI recommendations (the hospital scene from the 2006 film “Idiocracy” comes to mind here). Others will be active decision-makers driven within a culture of inquiry who shape how AI is used, train models with better data, and ask questions before being prompted by an algorithm. The key difference between passive human drones and those actively involved in guiding AI decisions is data and AI literacy within a culture of inquiry. Why AI And Data Makes You Indispensable Two short anecdotes illustrate this point well: Over the past year, I’ve been showing a friend who works at a bank how the simple use of AI tools outside of her company can help her improve engagement and impact at work. She was just highlighted at work for being “forward-thinking and proactive” for getting creative without sacrificing security. KPMG recently gave me a demo of its “Curiosity Workbench,” an AI tool that helps its employees locate and leverage decades of knowledge, data, and expertise to help with clients and get them moving quickly. Both of these examples depend on humans interpreting information and learning more by being curious and inquisitive. After all, AI is only as good as the data it learns from — and data is only as useful as the humans interpreting it. If you want to be the human in the loop, you need three things: Data literacy: the foundation. AI depends on clean, consistent, relevant, and representative data. Without data literacy, you’re just a spectator to the AI revolution. With it, you’re the one shaping impact. Ask yourself: Can you spot bad data before it leads to bad outcomes? Do you understand how bias can slide into datasets like a creepy social media stalker can slide into your DMs? Can you interpret AI-driven insights to make business decisions, rather than just accepting whatever a model spits out? AI literacy: the next level. AI literacy isn’t about coding your own model from scratch. It’s about understanding how AI influences decisions, where it’s useful, and where it needs a human course interaction. In 2025, I ask our clients to imagine that AI is like the world’s best intern: It can do 80% of most common jobs very well, but that remaining 20% is still pretty suspect and needs the guidance of a wiser mentor who can work with it to get you 100% there. Ask yourself: Do you know how AI models make predictions and where they can go wrong? Can you question AI outputs instead of blindly trusting them? Are you aware of ethical risks, compliance issues, and real-world AI failures? Enterprise culture of (data) inquiry. AI is just software, but without a body of users who are enabled to find it, ask questions of it, grow using it, communicate with it, and trust it, it is as worthless as the grains of sand that its chips are built from. A culture of inquiry is one where all are empowered in a psychologically safe environment to ask questions and share commentary. A culture of data inquiry ensures that, within that safe environment, users can locate, leverage, trust, and communicate those insights found within data without fear. Ask yourself: Do I work within an environment where all can locate data? Do I work in an environment where all can leverage data? Do I work in an environment where all can trust data? Do I work in an environment where all can communicate data? Be The One Behind The AI Automation is here for many routine tasks. But to truly make the most of it, organizations will need humans who: Understand when AI is making good vs. bad recommendations. Know how to validate AI insights before acting on them. Can explain AI-driven decisions in clear, human terms — to coworkers, executives, regulators, and customers. Can translate business challenges to more technical and data-focused AI engineers while also listening and learning from them in turn. Being the human in the loop isn’t about resisting AI. It’s about being the person who knows how to use it responsibly, effectively, and strategically. Now What? Reach out for an inquiry ([email protected]) with me today to uncover your natural strengths and purpose, via your own roles, goals, and values VIP evaluation, to improve your own data communications and data storytelling skills, and then to discover how to build your enterprise culture of data inquiry via curiosity velocity and data and AI literacy programming. I look forward to working with you! If you are a vendor looking to share insights on your AI literacy offerings or have a use case of how

Over the past two weeks, we attended back-to-back CX events: first, Qualtrics’ X4 in Salt Lake City, then Medallia Experience in Las Vegas. Both Leaders in The Forrester Wave™: Customer Feedback Management Solutions, Q4 2024, these vendors court enterprisewide CX programs as well as digital, contact center, and location-based operations leaders. Despite the similarities in the products and target audiences, Both providers announced a host of new or enhanced features, but of course the focus was on all things AI. Qualtrics made a bold jump into the (very busy) AI agent space with its announcement of Experience Agents. Experience Agents will be customer-facing, able to deliver chatlike experiences that go beyond menu-driven chatbots such as helping customers find products tailored to their needs, performing real-time service recovery, and conducting conversational surveys. In contrast, Medallia’s AI-related announcements mainly focused on employee-facing enhancements, including AI-supported Root Cause Assist and text analytics theme improvements. These features will help employees get more out of unstructured text and accelerate the insights-to-action process. What both approaches have in common is that providers in this space continue to offer more than most clients can — or want to — handle. For many clients, especially those in healthcare or financial services, using generative AI in customer-facing applications is still too risky. For others, their organization’s unwillingness to pull more data into these platforms will limit the value of the AI-enhanced features. Attendees at both events echoed what we see in our work with clients: Many are still struggling to mature beyond surveys to look at other sources of data, earn stakeholder buy-in, and show how CX connects to business goals. Attendees are excited for AI-powered tools, but they are realistic in understanding that these are in fact just tools. Organizational culture and strategy remain just as important and no less challenging to overcome. Whether you’re using Qualtrics, Medallia, or another CFM solution, these events should have you thinking about: AI. No kidding. But as ServiceNow CEO Bill McDermott said from the Qualtrics stage, “the worst advice I can give you is to wait for second-mover advantage.” While your organization might not be ready to use the new AI-powered features, it’s time to start figuring out a path toward using AI to help understand your customers and create better interactions. Data. As Carolynn Smith, vice president and head of USB Service at Prudential Financial, said during a Medallia breakout session, “you can’t just layer genAI on top of bad data.” Prudential has been on a 10-year journey to modernize its data, and that labor is paying off now as it is able to experiment with lots of different AI innovations across the business. CX pros need to get closer to their data and IT counterparts to ensure that customer feedback is part of the organization’s data and AI strategy. Employees. There was a lot of talk about EX and CX connections during these events, but CX pros also need to think about how they can help employees boost their artificial intelligence quotient (AIQ) to leverage AI-enabled tech. Don’t underestimate the amount of internal effort needed to bring employees along as AI becomes more and more of a part of the everyday. There’s a lot more to unpack from these events. If you’re a client and want to learn more, please give us a call! source

In a climate of economic and political uncertainty, tech budgets are under pressure. According to Forrester’s Industry- And Customer-Supporting Software Survey, 2025, 23% of organizations cite budget as their number one software challenge. Currency depreciation, ranging from 6 to 12% in EMEA/APAC, adds further strains on US-dollar-denominated renewals. Making things worse, 27% of organizations report that over 50% of non-IT tech spending occurs without IT oversight (source: Forrester’s Security Survey, 2024). This fragmentation undermines cost management and increases risk. In this environment, software asset management (SAM) tools emerge as a critical lever to gain visibility, regain control, and optimize license utilization — tracking usage in real time and driving cost efficiency across the technology landscape. Reclaiming Control In A Complex Tech Stack SAM tools bring discipline to the entire software lifecycle by automating discovery, deployment, and retirement. They centralize software-as-a-service (SaaS) management, giving IT clear visibility into subscriptions, usage patterns, and costs. This enables smarter license utilization and prevents waste. In addition to cost tracking, high-performance IT organizations utilize SAM budget forecasting and identification of underutilized assets. Leading platforms reduce the risk of surprise true-ups by automating license reconciliation and real-time usage monitoring to maintain continuous compliance. SAM also enforces governance by aligning software usage with policy, reducing audit risks and unexpected spend. In The Forrester Wave™: Software Asset Management Solutions, Q1 2025, we highlight the following features as crucial when selecting a SAM tool. Ensure that the tool offers: AI/ML in contract and license management. Vendors should integrate AI/ML to automate contract term extraction, ensure compliance, and provide predictive insights into software usage trends. SaaS management with extended FinOps capabilities. Providers should offer comprehensive SaaS management with real-time visibility into subscriptions, license utilization, and spending optimization. Support for the entire software lifecycle management process. Vendors should enable end-to-end lifecycle management, streamlining software acquisition, requests, approvals, and compliance. Choosing The Right Vendor Is Half The Battle No two IT environments are the same. Each operates with its own blend of tech stacks, philosophies around build vs. buy, asset management practices, and definitions of success. Accordingly, selecting the right SAM vendor that meets the IT team’s needs is crucial. IT teams should start by identifying their most critical criteria, such as avoiding true-ups, managing security vulnerabilities, or optimizing costs. They should then examine these criteria in detail to identify the essential functionalities of a SAM tool that can best meet their needs. Refer to our latest Forrester Wave evaluation of the SAM solutions space to gain insight into each type of functionality, helping you choose the right vendor that aligns with broader organizational goals and objectives. source

The past five years have been a whirlwind of change, with unprecedented disruption, turbulent global financial markets, and geopolitical and social upheaval. This volatility has upended carefully crafted tech strategies, budgets, and priorities, leaving technology leaders feeling unsure and overwhelmed. For many, this is a familiar feeling, as we have been down this same path over these past few years. Many leaders and individual contributors alike are running on empty. As much as we want to regain control, lead people through difficult times, and navigate the ongoing chaos gracefully, it can feel like an insurmountable goal in the current reality. To lead through this change, the best approach is to keep it simple and tangible. Focus on clarifying the unclear, celebrating successes, managing risk, and giving employees the space to innovate and take ownership to drive a better path forward. At the same time, tech leaders won’t have a choice — we will need to do more with even less. This will mean dusting off the cost-cutting playbook from prior years to seek out additional optimization opportunities but without sacrificing your AI ambitions. What are a few cost-cutting measures to focus on? Assess and rationalize your portfolio (duh!). We know this one well — and also know that it is easier said than done. Eliminating redundancy is crucial as sprawling portfolios drain budgets and increase security risks. Focus on consolidating contracts, standardizing across business units, and eliminating redundant capabilities. You’ll need a way to prioritize your cuts; lean on your IT financial management practice if you’ve got one. Remember, these cuts aren’t just about freeing up the cash you need, but more importantly, this effort also creates a tighter, cleaner tech stack that enhances data consistency, security, and AI readiness. Quick wins include reclaiming software-as-a-service licenses, sunsetting underutilized software, and removing operational overhead for end-of-life technology. Eliminate cloud waste and seek out discounts. Often hidden within cloud bills is waste, and for those who haven’t formally addressed this, this waste can typically be 30% of the total bill. Use native cloud cost management tools (practically free) or third-party platforms to identify unused, untagged, and poorly fitted instances, potentially yielding significant savings. For larger enterprises, negotiating discounts with hyperscalers can also provide substantial cost reductions. For some organizations, virtualization sprawl or mainframe prioritization can also fend off new purchases by freeing up existing resources for new use. Examine abstraction layers. While virtualization improved IT cost efficiencies, today’s multiple layers, such as hypervisors, app servers, and containers, can create redundancies and high costs. Simplifying these layers can enhance performance and security as well as reduce license costs. Consider managed public cloud services for container runtimes and explore alternative Kubernetes paths and cost-effective open-source options. We include a longer list of options in our report, Technology Leaders: How To Thrive Through Volatility, while digging into enterprise risk management and change leadership to help you navigate these difficult times — again. We will also be hosting a webinar for clients, Leading Through Volatility: Technology Expert Panel, on April 29 at 11 a.m. ET. Join us live or watch it on demand later. Lastly, a few reminders for managing through volatility: Do not abandon long-term, North Star strategies already in place or in development. This will not only hurt your organization but your long-term ability to lead, as your best talent wants to be part of progressing toward a better end state, and when that vision is put aside in times of strife, you risk losing their presence and sliding backwards from any cultural gains when it comes to embedding continuous improvement and curiosity. Your employees will not be quick to forget this and will be less ready to follow you in sunnier times or into the next battle. Without your best talent playing a key part in taking major cultural strides, it will be near impossible to drive the long-term success and transformation needed for your organization. If you want to discuss the report or ways to respond to circumstances specific to your organization, please reach out to schedule an inquiry. source

Last week, I spoke at The-C2 conference in London. The-C2 conference is an invite-only threat intelligence conference run by the team at SE LABS. The core themes of the event were timely and provoked interesting discussion: artificial intelligence, supply chain security, and cyber hygiene. All three of these dominated the conversations surprisingly equally and were — unsurprisingly — very interlinked. Below are a few thoughts on each coming out of the conference. Generative AI Innovation In Security Tools Starts Now We’ve had over two years of generative AI (genAI) developments in security tools, from copilots to AI analyst claims to a resurgence of the autonomous security operations center. “The Blob” strikes again! Yet we’ve seen that many of the features introduced aren’t providing the value that analysts really need. The most common use cases have been content creation (such as human-readable case descriptions or query language conversion) or knowledge articulation (such as chatbots). Human-readable case descriptions are novel, but few security professionals want to read paragraphs on paragraphs of text instead of getting a fast and direct answer. Query language translation from human language is interesting but is only really effective for simple queries. Plus, it may give you less efficient output. Chatbots can be fun to interact with but take the analyst out of their workflow and require even more context switching to use, negatively affecting analyst experience. There are a few cases where genAI features have been very useful, such as automating report writing, translating and localizing between human languages (i.e., Japanese to English, etc.), and script analysis. But the true innovation is on the horizon with AI agents. Some vendors have already released agents that automate alert triage for phishing use cases and some others, including endpoint. Others have built generative AI features to simplify security information and event management (SIEM) migration via translation between SIEM query languages and parsers at scale. The combination of simplifying mundane tasks and doing it all at scale in an explainable way is driving better outcomes for analysts. These innovations are where security professionals should be looking for feature enhancements. Supply Chain Resilience Is A Messy Hair Ball That’s Just Getting Messier Supply chain resilience comes from two sides: securing the software supply chain and building resilience with the nth-party vendors you use via third-party risk management. The software supply chain becomes more complex as generative AI applications grow, particularly when it comes to understanding how data is being used and how to protect it. In some ways, it’s the same old principles. In others … it’s a bit different. One of the highlights of the conference was the conversation around software bills of materials (SBOMs). SBOMs should be a critical requirement for software providers to produce, as they enable teams to know exactly what software is being used and why. And yet the industry has lagged. In my Forrester Wave™ evaluations, I always include a question regarding SBOMs to push security vendors to lead the charge in providing better visibility for customers into their software supply chain. None Of This Matters If You Don’t Do Basic Security Hygiene Enterprise cybersecurity is all about managing trade-offs and resources. All the flashy new technology in the world may help solve the problem but only incrementally. In contrast, if you have a list of critical common vulnerabilties and exposures that you haven’t patched, prioritizing and addressing the ones at the top can have a major, positive impact. Forrester’s research on proactive security strategies shows how to continuously enhance visibility, prioritization, and remediation while customizing prioritization to your business case. We expect these three topics to be major themes in 2025. Check out our report, Top Recommendations For Your Security Program, 2025, to read more about how to defend against the most important changes happening this year. If you have more questions about AI, supply chain resilience, or security hygiene, book an inquiry or guidance session with me or one of my colleagues. source

About seven years ago, I was on an initiative to explore low-code. When I saw Salesforce’s low-code product in demos, my impression was that the product was only suitable for buyers with a strong Salesforce CRM focus — a feeder to drive more revenue into Salesforce’s flagship product. When Salesforce acquired MuleSoft, many worried that it would turn MuleSoft into a similar appendage of Salesforce CRM. While that might have been good for Salesforce shareholders, it would not have been good for MuleSoft customers. Surprisingly, this never transpired. Although they pursued synergies between parent and child companies such as API Community Manager, MuleSoft’s direction has remained appealing to buyers lacking a Salesforce-centric focus. My experience at Salesforce’s TDX 2025 conference makes me believe that there may finally be a pivot to more deeply merge MuleSoft into the broader Salesforce ecosystem, and this time, it may be a good thing. AppGen Encourages Application Vendors To Rethink Their Strategies Before explaining why this may be good, we should first focus on where software is going. The ability of today’s generative AI tools to generate code snippets will evolve into the ability to generate entire applications (a concept Forrester refers to as application generation, or AppGen). The arrival of AppGen is causing larger tech vendors such as Salesforce to increasingly incorporate capabilities like natural language prompting, visual low-code models, domain-specific languages, and integrated lower-level code generation for custom components and extensions. AppGen threatens smaller app-centric vendors that cannot provide these capabilities. One buys applications today because they offer best practices and domain knowledge. Although vendors strive to make their applications flexible, you are still limited to the application’s way of doing things. What if you could generate a bespoke application with a large language model that contains those same best practices and domain knowledge? This will cause application vendors to rethink their strategies. MuleSoft And Salesforce’s Platform Pivot Today, Salesforce has some of the components of a future AppGen development platform: Apex is for pro code and Flow for low-code; Salesforce Data Cloud brings together the organization’s data with zero copy; Agentforce provides emerging AI agent capabilities; Einstein provides generative AI for compressing the software development lifecycle; and MuleSoft is there to link everything together inside and outside of the Salesforce platform. I’m not going to comment on the quality of all these since, as an analyst, I only cover MuleSoft. (My fellow analysts evaluate other components, such as in The Forrester Wave™: Data Lakehouses, Q2 2024, and The Forrester Wave™: Low-Code Development Platforms For Professional Developers, Q2 2023.) Regardless of their current strengths or weaknesses, however, Salesforce has many pieces needed to build a future platform for generating applications. There were several announcements leading up to and during TDX 2025. For MuleSoft, the main thing was integrating it with other Salesforce platform products. A new connector brings Agentforce’s agents into MuleSoft integrations. Topic Center and API Catalog let Agentforce agents use MuleSoft APIs as tools. MuleSoft for Flow lets citizen developers in Flow more easily consume MuleSoft APIs. What I did not notice was a heavy push toward Salesforce’s applications. Of course, that remains the company’s bread and butter, and TDX ’25 is more oriented toward developers than Dreamforce. Nonetheless, my impression is that Salesforce seeks to move beyond its core and create a next-generation platform for building custom applications of any sort. MuleSoft is finally pivoting toward more Salesforce centricity but not in the way many originally feared. Instead of being a feeder to Salesforce CRM applications, it’s becoming a support pillar of a broader software development platform while still remaining a viable product for organizations that have not bought into that broader platform. When AppGen arises as a disruptor to application vendors, Salesforce will be prepared to respond to that disruption. source

Generative AI was so two years ago. Now, businesses are all about agentic AI (not to be confused with AI agents), channeling the brouhaha of ChatGPT in 2023. But where is the consumer in all this? While businesses are moving to experiment and learn more about agentic AI, consumers are not. Business-oriented, not consumer-oriented, use cases continue to drive most of the buzz around agentic AI. Today, AI Assists And Informs Consumer Decisions For consumers right now, AI primarily helps them access information faster. But while it informs their research and purchase decisions, AI does not pick the right item or complete the transaction; that action still falls to the consumer. For example: Walmart’s GenAI search surfaces collections of products. Consumers now put in a query such as “Plan my daughter’s unicorn-themed fifth birthday” and results will show all the various products related to that ask. Previously, consumers had to search for specific products or product types. Amazon Fashion takes the guesswork out of unfamiliar brands’ sizing. Based on a customer’s past purchases and an analysis of product reviews, Amazon will show the likely size of a clothing item that the customer is viewing. AI @ Morgan Stanley helps advisors better focus on their clients. Financial services companies such as Morgan Stanley are using AI to help assist in note-taking and email summarization for financial advisors so that they can better focus on their conversations with their wealth management clients. Soon, AI Will Be Cognizant Of Consumer Context As businesses implement agentic AI, it will begin to trickle into consumer experiences, but widespread adoption will be limited by consumers’ comfort with agentic AI. An intermediary phase of not-fully-agentic AI will emerge in which AI apps will connect with third-party tools and datasets to understand consumer context and need but won’t yet have the full executional capabilities required to act on a consumer’s behalf. Big Tech — think Microsoft, Apple, and Google — will lead the way, not brands. For example: Project Astra engages multiple sources to better personalize responses. Google’s AI assistant taps into not just Gemini but Google Search, Maps, and Lens to create responses. Apple’s Siri observes users’ interactions to predict next steps. Siri can register the apps that a user has open and derive what the user is hoping to accomplish when Siri is prompted. Microsoft Copilot interacts with different browser tabs to suggest next-step actions. Vision is a feature within Microsoft’s Edge browser that analyzes a user’s browser tabs to answer questions and suggest next steps. What will agentic AI use cases for consumers look like? According to Forrester’s Market Research Online Community, only 12% of consumers have heard of the term agentic AI while 38% have heard of AI agents. But even among those who have heard of either, most assume that they’re terms for AI assistants or customer service help. Check out our new report, Consumer Use Cases For AI, 2025, for a deeper dive into all of the phases of consumer-facing AI. Clients, schedule a guidance session with us to learn more about how to roll out consumer-facing AI experiences in ways that engender trust. source

OCBC has emerged as a leader in enterprise AI adoption, seamlessly integrating generative AI (genAI) across its operations. I recently spoke with Donald MacDonald, head of OCBC’s Group Data Office, about the bank’s AI journey. Q: Donald, OCBC’s success with AI seems to stem from a long-term vision rather than a sudden pivot. How did this foundation come about? Donald MacDonald: One of our core principles has always been “achieve greater results with the same resources.” We never had multiple data platforms or multiple teams — it was always going to be one central team taking the lead on analytics for OCBC. This became a strength. Two decades ago, we made a strategic bet on a single, centralized data platform rather than fragmented solutions across business units. That decision drove us to integrate and scale our analytics consistently over the years. When generative AI came along, we already had the necessary foundations — clean, structured data; robust deployment processes; and a strong AI team — to move fast. If you’re spending your time fixing data pipelines while trying to innovate, you’re already behind. Q: OCBC’s approach to generative AI is notably pragmatic. How do you balance rapid deployment with regulatory constraints? Donald MacDonald: We’ve built a governance-first approach without letting it become a bottleneck. Our model management platform (MMP) and Hydra framework ensure that AI models are rigorously monitored, but they also streamline deployment. We don’t wait for perfection; we roll out solutions incrementally while keeping a close eye on performance and risk. Take OCBC GPT, for example. This is the bank’s internal enterprisewide generative AI assistant, which helps our employees create content and generate ideas. This application is freely available to every employee within the bank, used around 250,000 times a month. At the same time, because it was built within our secure on-premises environment, we could iterate safely and improve it in real time. Regulation isn’t a barrier when you bake it into your AI strategy from day one. This creates the trust that’s essential to high-performance IT. Q: One of OCBC’s strengths has been democratizing AI access within the organization. How do you ensure AI adoption at scale? Donald MacDonald: AI adoption isn’t about flashy demos; it’s about usable tools that add business value. We’ve made AI tools like Buddy and OCBC GPT available to all employees, not just data scientists. But access alone isn’t enough; you need an open culture where people aren’t afraid to experiment. Our AI team operates more like an internal open-source hub, where employees can experiment and build on existing tools rather than waiting for centralized IT to do everything. The result? We see genAI adoption spread organically, often in ways we wouldn’t have anticipated. This flexibility enhances our organizational adaptivity, allowing us to respond quickly to emerging opportunities. Q: OCBC has also developed AI copilots tailored to specific roles. What has been the impact of these specialized tools? Donald MacDonald: The real magic happens when AI goes beyond generic use cases and starts solving deeper role-specific problems: Take HOLMES AI, our relationship manager (RM) copilot that generates curated talking points based on investment research, saving the front line hours of prep work, or our compliance copilot, which reduces some customer onboarding tasks from days to potentially just minutes. These AI copilots aren’t gimmicks; they tangibly improve workflow efficiency and decision-making. We’re now exploring multiagent AI systems that can automate even more complex processes, like customer onboarding in private banking. Strategic alignment between business needs and technology is key here. Q: Looking ahead, how do you envision AI transforming the banking industry? Donald MacDonald: The future of banking will be fundamentally altered by AI, changing how we operate and engage with customers. At OCBC, we’ve already seen how generative AI enhances efficiency and personalization. For instance, our Buddy chatbot helps employees navigate over 400,000 internal documents, while our agentic AI systems significantly reduce lengthy private banking onboarding times. Looking forward, I see banking becoming more predictive and personalized, with AI enabling us to anticipate customer needs before they even realize them. This will free our staff from routine tasks, allowing them to focus on more complex, value-added activities that require human judgment. Of course, we’ll continue to approach this transformation responsibly, maintaining robust data privacy protections and governance frameworks. The AI-powered bank of the future will blend advanced technology with human expertise, delivering services that are both efficient and deeply personalized. Conclusion OCBC’s journey demonstrates how a thoughtful approach to AI can deliver significant business value while managing risk effectively. By building strong foundations, aligning technology with business objectives, and creating a culture of innovation, the financial services group has positioned itself at the forefront of AI adoption in financial services. Forrester clients can read our complete case study to explore how OCBC exemplifies high-performance IT through its strategic alignment, trust-building governance, and adaptive capabilities in AI implementation. source

Last week’s mega deal of Google acquiring CNAPP provider Wiz for $32 billion has some lamenting the future of IPOs in the cybersecurity space. Wiz was on a high growth trajectory, and given that Wiz had previously rebuffed Google’s interest in the summer of 2024, many assumed Wiz was on target for a 2025 IPO, the success of which was meant to serve as a bellwether for the overall health of the cybersecurity market. With Wiz no longer an IPO candidate, has momentum for cybersecurity IPOs stalled? In the short term, the answer is yes, but that is more to do with the health of the overall tech IPO market, not just cybersecurity. Genesys, a provider of AI-driven call center software, recently postponed its planned spring 2025 IPO, citing market uncertainty, with plans to revisit an IPO in the second half of 2025. And despite last year’s uneven macroeconomic environment, there were still over 220 IPOs in the US stock markets last year, up from 150 in 2023. While approximately 10% of the 2024 IPOs were of the SPAC (special-purpose acquisition company) variety, there were still several significant tech IPOs in 2024, including Reddit, OneStream, Ingram Micro, and ServiceTitan, to name a few. Rubrik’s April 2024 IPO also marked the first cybersecurity-related IPO in two years. While the cybersecurity IPO market may be muted right now, there are still several possible cybersecurity IPO candidates for 2025. While there is a lot of discussion on tariffs and the current market volatility hindering IPOs, indexes such as the Cboe’s VIX Index (which analyzes S&P 500 index options to derive a forward-looking projection of volatility) have not moved as much as the overall market indices. Some have suggested that this is because much of current volatility is derived from policy decisions (like tariffs), meaning they can be quickly reversed and are also not tied as directly to structural economic factors. Despite this current uncertainty, the resilience of the US stock market, and the fact that there are still several cybersecurity companies seeking a liquidity event, mean that cybersecurity IPOs could still happen in 2025, especially in the second half of the year. The current tech IPO bellwether is AI darling CoreWeave. Despite a tepid initial trading day, CoreWeave has since rebounded and its shares are up. This current (but by no means comprehensive) list of potential cybersecurity IPO candidates for the fall of 2025 can be put into two distinct categories: Category one: venture-backed, with $500 million or more in VC funding and high annual recurring revenue (ARR) growth of over 40% Netskope: In October 2024, Netskope CEO Sanjay Beri indicated plans to proceed with an IPO in the second half of 2025, depending on market conditions and investor appetite. Netskope has raised over $1 billion in venture capital, reported over $500 million in ARR, and competes in the high demand Zero Trust edge network security segment. While Netskope has not filed an S-1 form with the SEC yet, it is a vendor to watch in 2025 as a strong contender for an IPO. Snyk: Like Netskope, application security developer Snyk has raised over $1 billion in venture capital, hit $300 million in ARR last year, and is growing ARR 40% annually. While Snyk has not filed an S-1 with the SEC, it is long rumored to be an IPO candidate and fits the criteria for this category. Application security remains a high growth area. OneTrust: This privacy management company has raised over $1 billion and is exceeding $500 million in ARR. While the firm has been mum on any IPO plans, it meets the size, valuation, and growth metrics for an IPO. Armis has not reached the $500 million ARR milestone yet but is growing rapidly and has raised over $800 million in venture capital. According to Bloomberg, it is looking at 2026 for an IPO, so continued success and growth in 2025 will position the company for an IPO next year. Category two: established cybersecurity firm owned by private equity (PE) firms for two or more years and seeking exit This category already has a successful 2025 IPO: identity management and governance vendor SailPoint, which PE investor Thoma Bravo took public in February, raising $1.4 billion in the IPO at a $12 billion valuation. Some other IPO candidates in this category include: Proofpoint: Email and data security vendor Proofpoint was taken private by Thoma Bravo for $12 billion in 2021. Last fall, Proofpoint indicated plans to return to public markets within 12 to 18 months. Thoma Bravo has held Proofpoint for five years; this would be a good IPO candidate once market conditions improve. Illumio: Also owned by Thoma Bravo since 2021, Illumio has raised more than $500 million in funding, is growing fast, and had a $2 billion-plus valuation when acquired by Thoma Bravo. Illumio was a Leader in The Forrester Wave™: Microsegmentation Solutions, Q3 2024, last year and competes in the high-demand cloud security and Zero Trust segments. Delinea: Last week, the PE owner of privileged identity management vendor Delinea indicated that it’s considering IPO plans. TPG has owned Delinea since 2021 when it merged Thycotic and Centrify and renamed the new entity Delinea. With Delinea’s ARR at almost $400 million, it fits the criteria, especially if the PE owner is looking to exit this investment in 2025. While macroeconomic factors or geopolitical events could affect the public market’s appetite for tech IPOs, this post has hopefully shown that there are plenty of well-funded and capitalized cybersecurity companies capable of going public in the next 12 months based on market conditions. And seeing as all these companies are growing and investing in their product offerings, security professionals should view pending cybersecurity IPOs as a positive validation of the overall cybersecurity market and their supplier’s position within that market. source