Forrester

AI Will Reinvent Business Applications Into An Agentic Business Fabric AI agents will fundamentally reimagine the mature market of enterprise business applications into an agentic business fabric. This is a transformative architectural paradigm for the next generation of enterprise operations. Today’s business models require a fully connected value chain. Yesterday’s legacy environments cannot adapt to enable this change. The agentic business fabric is not just an evolution of current business applications; it is also a new paradigm designed for autonomous operation, perpetual learning, and optimization. It’s an integrated network of capabilities where data, AI, workflows, business logic, and user experiences are deeply interwoven. It consists of six core capabilities: The experience layer, which becomes a smart, adaptive interface for work. Experiences adapt to the user, skill level, and job to be done. Training dissolves into real-time “learning by doing.” Employees shift from today’s task execution to exception handling and AI supervision. The agent fabric, which orchestrates and optimizes AI agents. It is a mesh of AI agents — from vendors/partners or custom-developed — that coordinate, adapt, and learn across the business. The application mesh, which interconnects components, workflows, and platforms. The application mesh will evolve into a set of vendor-provided microservices, deterministic and compliance-based workflows, and custom components built via AI-infused low-code/no-code platforms. The data fabric with semantic intelligence, which powers AI decisions. A data fabric will unify, govern, and operationalize data across silos, clouds, and formats. The edge, which becomes a significant operational front line. Whether in factories, retail floors, or embedded sensors, edge nodes will process data, run AI inference, and execute automation instantly — without depending on cloud round trips. The trust layer, which provides pervasive protection and control. Governance, security, and control infuse AI-driven defenses directly into every agent, service, workflow, and data access. It’s a nonnegotiable layer to this architecture. The Agentic Business Fabric Changes Everything In Business Operations The agentic business fabric isn’t just a technological evolution; it’s a fundamental rewiring of the principles of business operations. Eventually, business operations will become completely AI-driven. Jobs to be done will fundamentally shift; org structures will be flatter and more aligned; monetization will be based on value (consumption and outcomes); and partner ecosystems will shift to more strategic work instead of core implementation tasks. How To Adopt The Agentic Business Fabric The agentic business fabric will fix the challenges of technical debt, data silos, and slow innovation that plague current IT environments. But the shift won’t be easy, and operations will get more complex before they become easier. Read our report and connect via inquiry to understand the details of this architecture and access Forrester’s framework for navigating the path to an agentic enterprise. Learn what you need to do right now to prepare you for this future. source

In the late 1960s, Joseph Weizenbaum, an MIT psychologist, developed ELIZA, a procedurally driven psychiatric chatbot. In response, Kenneth Colby of Stanford created PARRY, a model of a paranoid schizophrenic. The two connected online in 1972. Suffice to say, they didn’t get on. Their conversation (you can read the entire thing — it’s not pretty) neatly articulates one of the key questions we need to ask ourselves when we consider the development of new AI-powered customer experiences: Ask Not “Can We?” But “Should We?” Science fiction has wrestled with the question of human-created intelligence arguably since the days of the first work of science fiction, Mary Shelley’s “Frankenstein.” Yet science fiction usually posits not “Can we?” or even “Should we?” … instead, it leaps straight to “We already did, and it all went horribly wrong.” Science fiction has already given us an elegant ethical framework to govern the development of artificial intelligence: Isaac Azimov’s three laws of robotics. Elegant and simple, yes. Science fiction? Maybe, or maybe not. Robots are among us already, perhaps more than we realize, or at least more than many consumers realize, and our reactions to these seemingly benign assistants can be complex. The uncanny valley hypothesis predicts that an entity appearing almost human will risk eliciting eerie feelings in viewers in a way that obviously unhuman entities, such as Pepper the customer service robot or a robot arm in a factory, do not. The problem is that we’ve already surpassed the point of obviously unhuman: Lil Miquela has more than 2 million Instagram followers and pulls down 10 grand a day modeling for brands like BMW. But Lil Miquela is code. She’s one of a growing breed of virtual influencers, a virtual entity currently controlled by humans. The Velvet Sundown is a breakout Spotify success with more than a million monthly listeners. Not bad, given that they literally launched this year and are already releasing their third album. They, or perhaps it, is at the center of an ongoing controversy, as streaming platform Deezer has tagged them as “100% AI” while Spotify says nothing. And the “band” claims to be real … or do they? AI Is Everywhere, But Who (Or What) Do You Trust? Examples like Velvet Sundown highlight the difficulty we increasingly face in understanding where AI is being used. Consumers are confused. According to Forrester’s Consumer Benchmark Survey, 2025, 68% of Australian consumers think chatbots might be powered by AI, yet only 58% think that AI powers self-driving cars — which means that 42% of consumers don’t think that AI is driving self-driving cars. And in the UK, it’s even worse, yet some eight in 10 UK consumers agree that “companies should disclose where AI is being used.” Enterprises are concerned. AI is live in enterprises around the world. For customer experience use cases such as improving efficiency of customer-facing employees, identifying patterns in customer feedback and data, or analyzing contact center interactions, we now see some 30–40% of firms worldwide reporting production implementations. For the majority that aren’t there yet, the blockers aren’t technical. Ethics, privacy, and trust, along with employee experience and readiness, top the reasons why firms aren’t adopting generative AI. Trust Is The Killer App To Drive AI Adoption Emerging AI legislative approaches such as the EU AI Act or Australia’s emerging stance are risk- and principles-based. They lean into building trust through common principles like transparency, accountability, or fairness. Many of these principles are common across frameworks and map to the levers of trust in our own trust framework. We define trust as: The confidence in the high probability that a person or organization will spark a specific positive outcome in a relationship. But who do we trust to manage the risks of AI? As you can see from the following graphic, consumers are far more likely to trust regulated businesses, such as banks, to deploy trustworthy AI than less strictly governed businesses, such as technology firms. But don’t make the mistake of thinking that trust is nebulous or intangible. It’s hard won, easily lost, and highly measurable. Our latest research refreshes our trust framework and takes the AI risk levels outlined in the EU AI Act to examine how the drivers of trust change depending on consumer perception of risk. And the drivers do change. Consumers might be confused, but they definitely don’t want to be lied to. If you want to learn more, we spoke about AI design principles on the CX Cast last year. If you are a Forrester client, check out our latest trust research or book a guidance session with myself or Enza Iannopollo. source

In August’s episodes of the Forrester CX Cast, we focused on how customer experience (CX) leaders can evolve their CX strategies by sparking innovation, scaling journey management, and aligning marketing with CX. Learn from practitioners and Forrester analysts. Episode 415: Journey Innovation Joana de Quintanilha joined Angelina Gennis and Martin Gill to unpack how journey innovation goes beyond fixing broken experiences. This episode is ideal for CX leaders looking to embed creativity into their strategy. Why listen: Understand what journey innovation really means — and why it’s more than just problem-solving. Learn how to balance short-term fixes with long-term innovation. Explore how AI and tech can fuel imaginative CX design. Get tips on making innovation a repeatable habit. Episode 416: Can Employees Keep Up With Customers’ Tech Expectations? J. P. Gownder introduced Forrester’s Technology Change Quotient (TCQ), a framework for assessing how ready your teams are to adapt to tech-driven change. Why listen: Discover how TCQ helps leaders guide change effectively. Hear strategies for bridging the gap between customer expectations and employee capabilities. Learn how CX pros can stay ahead of tech trends without overwhelming their teams. Read more in J. P.’s blog post and explore the TCQ assessment. Episode 417: Practitioner Stories — Scaling Journey Management At Grundfos Cecilie Kobbelgaard shared how Grundfos built a scalable journey management framework from the ground up. This episode is a must for CX practitioners navigating organizational complexity. Why listen: Learn how to build CX maturity across diverse business units. Hear how Cecilie’s team created a journey mapping “cookbook” and standardized practices. Understand how to measure progress and overcome internal resistance. Get inspired by a real-world example of CX transformation. Episode 418: How Accurate Marketing Management Improves Customer Experience Brad Haag joined Angelina to explore how marketing analytics can enhance CX. This episode is perfect for CX pros collaborating with marketing teams. Why listen: Discover how marketing measurement intersects with CX. Learn how marketing mix modeling has evolved — and what it means for customer impact. Understand how data science supports smarter, more customer-centric marketing. Gain insights into aligning marketing efforts with CX goals. source

Autonomous (or agentic) operations for most processes is the North Star for many enterprises. These hold the promise of adapting to the dynamic and unpredictable nature of real-world activity and help make connections that reduce software customizations while freeing workers for higher pursuits. Deterministic workflow engines, robotic process automation (RPA) bots, and digital process automation (DPA) tools are not powerful enough to implement the complexities required for autonomous operations. This is why various automation technologies from different domains, combined with a process mindset, are required to move toward autonomous operations. At Forrester, we are calling this combination adaptive process orchestration (APO). We define it as: An automation platform that uses AI agents and nondeterministic control flows, in addition to traditional deterministic control flows, to meet business goals, perform complex tasks, and make autonomous decisions. Process orchestration platforms enable organizations to define, automate, and monitor end-to-end workflows, ensuring that tasks are executed in the correct sequence and that data is seamlessly transferred between systems. This can lead to significant improvements in productivity, agility, and customer responsiveness. At the same time, software vendors from the automation space — as well as large portfolio vendors — are investing in native process orchestration capabilities. Adaptive process orchestration: Supports the progression of AI agents and agentic AI frameworks, leveraging their unique blend of capabilities for strategic planning, complex scenario reasoning, and cross-component collaboration. Focuses on long-running and/or complex business processes that drive ROI, utilizing external automation endpoints, traditional automation frameworks, and enterprise integration to achieve autonomous goals. Supports five key capabilities for agentic process management: model option and constraint management; content and format processing; the ability to create AI agents; agentic orchestration; and governance, data, and IP protection. Embraces the principles and architecture of the emerging automation fabric framework, unifying complementary automation applications, technologies, enterprise architectures, and governance models. Adaptive process orchestration is an essential capability for: Automation leaders intending to scale their enterprises’ efforts by combining existing automations with AI (including AI agents, agentic AI, ML models, and other capabilities). Transformation leaders working towards autonomous operations. Forrester is convinced that adaptive process orchestration is the next level of maturation in enterprise automation. Therefore, going forward we will not only dedicate qualitative research to this new software category, such as how automation vendors are pivoting to APO, how APO is different from RPA, DPA, and iPaaS, and how to select the right orchestration engine, but also evaluative research in this space. We will start with an adaptive process orchestration landscape report, which will hit the market by early Q2 2026, followed by an adaptive process orchestration Forrester Wave™, which will publish later in 2026. If you have a solution in this space and would like to brief me, please use our site to schedule a briefing. If you have questions about this space and are a Forrester client, please schedule an inquiry or guidance session. Thank you. source

The Forrester Wave™: Managed Detection And Response Services In Europe, Q3 2025, is live. It’s our second evaluation of the managed detection and response (MDR) space focused on the European market. It looks a bit different from our 2023 Wave, as European customers now place a greater emphasis on sovereignty, localization, speed, automation, and resilience. While some MDR providers have adapted their frameworks and service delivery models to embed these, others offer only superficial adjustments. This research used 26 different criteria to evaluate 11 vendors: Accenture, CrowdStrike, eSentire, ESET, EY, Kudelski Security, NCC Group, Obrela, Orange Cyberdefense, Sophos, and WithSecure. What You Should Look For Beyond standard needs such as faster detection and response, European CISOs also lean on their MDR providers to tackle tripartite pressures: complex regulation, economic volatility, and agile threat actors. The market has moved beyond one where extended detection and response was once considered a differentiator. European security leaders today also expect their MDR providers to enable operational resilience, as they lack the internal capabilities to deal with today’s region-specific, advanced and persistent threats, as well as with coordinating cross-border response efforts. As you compile a shortlist or consider a renewal: Ensure that your provider can meet all your sovereignty needs. Having data centers in the EU is hardly sufficient in today’s regulatory and geopolitical climate. Firms in regulated industries — such as healthcare, finance, and the public sector — with strict sovereignty and localization requirements need to be especially vigilant. Avoid regulatory exposure by choosing an MDR provider that can demonstrate where data is processed, data pathways and access mechanisms, analyst locations and language capabilities, and how cross-border containment actions are carried out. Carefully evaluate vendors’ claims of AI as the panacea for all MDR problems. MDR vendors have positioned AI as the panacea for all that ails security, and while their use of AI does shorten incident timelines, there are nuances to be considered when evaluating an MDR vendor’s AI capabilities. Use our evaluation to determine what exactly a provider does with AI and how that’s relevant (or not) to your organization’s needs. Favor vendors that can demonstrate how AI enables containment actions and configuration updates with appropriate human oversight. See and test how detection, response, and forensics are integrated. Choose providers that are able to weave endpoint coverage data, threat intelligence, and other telemetry into a useful tapestry of insights that inform your security strategy and reduce delays in containment and response. Test a provider’s ability to meet these objectives by asking them to walk you through a real incident, demonstrating how telemetry was collected, how quickly containment was executed, and whether forensics required a separate handoff. Forrester security and risk clients who have questions about the European MDR market can schedule a guidance session with me here. source

En 2025, les entreprises, partout dans le monde, évoluent dans un contexte difficile à appréhender : facteurs macroéconomiques imprévisibles, tensions géopolitiques, évolution des comportements des consommateurs… Dans de telles conditions, il est parfois délicat de prévoir l’avenir. Ainsi, où les responsables technologiques concentreront-ils leurs budgets IT en 2026 ? Nos guides Budget Planning 2026 vous apporteront des réponses claires, basées sur les résultats de la récente enquête de Forrester sur la planification budgétaire.  Pour les budgets 2026, les priorités des ​décideurs​​​ du secteur des technologies varient selon les régions. Mais à l’échelle mondiale, la tendance est claire : renforcer les effectifs n’est pas la priorité, notamment à cause des gains d’efficacité permis par l’IA. Dans toutes les zones géographiques et la plupart des secteurs, le recrutement est le domaine où la plus faible proportion des sondés envisage d’augmenter ses dépenses. Découvrons maintenant comment se structurent les budgets, région par région.  Amérique du Nord  En Amérique du Nord, les leaders et décideurs du secteur de la tech vont privilégier les investissements dans le cloud, les data centers et la sécurité. Plus de 75 % d’entre eux prévoient d’augmenter leurs dépenses dans ces trois domaines en 2026. L’essor spectaculaire de l’IA va stimuler l’augmentation des budgets cloud et data centers. Quant à la multiplication des cyberattaques médiatisées et l’émergence de nouvelles menaces (l’informatique post-quantique ou la tendance du bring your own AI), elles poussent les dirigeants nord-américains à investir massivement dans la sécurité.  Europe  La tendance est similaire en Europe. Le cloud et la sécurité seront les priorités des dirigeants, notamment sous l’effet des enjeux de souveraineté des données. Les investissements se dirigent vers le cloud privé et les offres de cloud public sectoriel ou souverain. Les dépenses dédiées aux data centers seront toutefois un peu plus limitées qu’en Amérique du Nord et en Asie-Pacifique. En effet, le marché européen reste moins mature, même si la région s’efforce de développer ses propres infrastructures.  Asie-Pacifique  C’est dans la région Asie-Pacifique que l’on attend la plus forte progression des dépenses IT en 2026 : 88 % des décideurs anticipent une hausse, contre 82 % en Amérique du Nord et en Europe. Mais les priorités diffèrent légèrement, puisque les investissements porteront davantage sur les logiciels ou la stratégie digitale. Cette évolution souligne la transition de la région Asie-Pacifique d’un rôle de pionnier rapide à celui d’innovateur audacieux. Elle détermine de nouveaux standards mondiaux dans des domaines comme l’IA générative multilingue ou encore la robotique humanoïde.  Après la sécurité (citée par 25 % des sondés ), le principal défi pour les dirigeants IT de la région Asie Pacifique reste le manque d’alignement entre les fonctions IT et business (20 % des sondés). Un alignement pourtant crucial pour que les investissements technologiques se traduisent en valeur tangible pour l’entreprise et ses clients.  Comment réussir en 2026 et au-delà  Comment les leaders et les dirigeants du secteur ​IT​​ peuvent-ils se préparer à 2026 ? Dans notre nouveau guide Budget Planning 2026 : Technology Executives, nous leur recommandons de concentrer leurs investissements sur le cloud et les data centers. Face à l’impact de l’IA sur la demande et la capacité futures du cloud, et à la stratégie de maîtrise des coûts engagée par les entreprises, les responsables IT doivent absolument optimiser ces leviers.  Tirer parti des programmes IA est crucial. L’IA doit vous permettre de réallouer au moins 10 % de vos effectifs — encore faut-il définir avec stratégie votre nouveau modèle opérationnel. Les dernières recherches de Forrester sur la transformation réussie des operating models pourront vous aider : restez à l’écoute de nos prochaines analyses sur le redesign des modèles pilotés par l’IA.  Enfin, n’oubliez pas de voir plus loin que l’année 2026 : continuez à expérimenter avec des technologies émergentes qui pourraient aider votre entreprise. Notre guide Budget Planning mentionne plusieurs domaines prometteurs. Par exemple, la mobilité autonome, qui dépasse désormais les voitures sans chauffeur pour toucher aux processus opérationnels des entreprises. Elle aura un impact majeur à la fois pour les consommateurs, les fournisseurs et les prestataires. Mais aussi l’edge intelligence verticale, qui transformera la gestion des données sectorielles grâce aux avancées des chipsets, de la 5G et des modèles d’IA embarqués.  Les prochaines étapes  Vous souhaitez en savoir plus sur nos analyses issues du guide Budget Planning 2025 ? Pour découvrir nos recommandations et savoir où investir, désinvestir ou expérimenter en 2026, téléchargez gratuitement notre guide 2026 :  Budget Planning for Technology Executives et la worksheet associée pour mettre nos conseils en pratique.   Inscrivez-vous à notre prochain webinaire, au cours duquel nos analystes vous expliqueront comment les CIO et les CISO peuvent aligner budgets et priorités pour réussir en 2026.  source

Cybersecurity presentations are known for having pithy titles (usually, the more provocative, the better). And nobody will lose any points for dunking on a concept or term with as much saturation — and overuse in marketing — as Zero Trust. On that score, AmberWolf’s talk at DEF CON 33, titled “Zero Trust, Total Bust: Breaking Into Thousands Of Cloud-Based VPNs With One Bug,” ticks all the boxes. But what about the substance of the critique? Did the research uncover fundamental flaws in Zero Trust? Although we think the research uncovered some significant issues, calling it a “total bust” is definitely overblown. AmberWolf Identified Significant Flaws In Multiple Products Over the course of seven months, AmberWolf researchers examined Zero Trust network access (ZTNA) products from security vendors Check Point, Netskope, and Zscaler, finding multiple security issues — more specifically, identity and access management (IAM) problems: user impersonation, authentication bypass, local privilege escalation, and access to an SFTP server containing client logs and authentication material. In short, they found the same sorts of vulnerabilities that routinely appear in other software. The issue with security flaws in Zero Trust platforms themselves is that these platforms serve as foundational infrastructure and guardians responsible for access policy (authentication and authorization) enforcement to a wide variety and large number of enterprise resources instead of just one. These issues also highlight lingering implicit trust. We’ve made great strides in verifying users and endpoints, but we still rely on other systems to 1) implement and enforce policies reliably and 2) be trustworthy by virtue of being (mostly) free of critical, exploitable defects. The AmberWolf research demonstrates a breakdown in both. Zero Trust Isn’t A Product It bears repeating that Zero Trust isn’t a single thing (and it’s most definitely not a product). Zero Trust is a combination of things such as strong authentication (of users, devices, and apps/workloads), enforcement of least privilege, segmentation, data classification, and more. Each of the Zero Trust domains is intended to work on its own and in concert with the others to ensure that a failure in one control doesn’t result in a catastrophic breach. The metaphorical purpose of the architecture, in other words, is to prevent fire or — barring that — contain its spread and limit the resulting damage. Depending on any one element to achieve that goal is a textbook example of a single point of failure and antithetical to the philosophy and goals of Zero Trust. Product Security Problems Don’t Invalidate Architecture The ZTNA products that AmberWolf examined are unfortunately not the first security products to have security flaws. It’s quite a leap, however, to say that flaws in security products mean that an underlying security architecture principle is flawed. If building materials like cement and steel are defective, we don’t say that the design principles behind building a skyscraper are junk. Instead, we look at the root cause of the flaws in those materials and figure out how to avoid them in the future. If it’s a pervasive issue, it may mean a new approach to making and testing those materials; if it’s a couple of suppliers cutting corners, it may mean purchasing materials somewhere else next time. One important way for vendors to ensure the security of their products is using and consistently upgrading robust, well-tested, standards-based packages such as OpenSSL, OpenSSH, OpenAM, and more. An important corollary to “don’t roll your own crypto” should be “don’t roll your own IAM libraries” to avoid precisely the issues identified by AmberWolf’s testing. Like any software or hardware vendor, security vendors must incorporate product security principles throughout the product lifecycle to protect their customers and their brand. This starts early in the lifecycle, where security must identify strategic risks and potential threats, and continues with activities such as threat modeling, security training, pre-release application security testing, and post-deployment protections. Critically, product security teams must also help product teams build in security and IAM features (like authentication), recommend secure default configurations, and make deployment and configuration guidance available to systems integrators that work with their customers. Through it all, close coordination with the product team is key. It’s not unreasonable to hold security vendors to a higher standard when it comes to product security. CISA launched the Secure by Design pledge, with hundreds of enterprise software companies signing on and committing to building security into their products. If a vendor that you work with (security or otherwise) hasn’t signed the pledge, ask why not. If they have, ask them to share their progress against the goals. Is Cloud Delivery Better, Worse, Or Just … Different? A large and growing number of security capabilities are delivered at least partially via the cloud. That could be seen as a liability in this context. Despite the attention-grabbing claim about breaking into thousands of VPNs using a single bug, AmberWolf did no such thing — although its research clearly shows that an attack on that scale would have been possible. We say “would have been” because, although cloud delivery can sometimes result in new attack vectors, the cloud also offers benefits in terms of vulnerability remediation. Zscaler responded to and fixed the vulnerability reported by AmberWolf the same day (although there was a brief regression several days later that was also quickly repaired). As with any case of security issues in security products, responsiveness and transparency matter. Contrast this with severe, exploited vulnerabilities in on-premises infrastructure that required federal law enforcement intervention or guidance that involved literally unplugging affected systems to remediate security issues — not to mention coordinated action on the part of hundreds or thousands of organizations, as opposed to just one. Connect With Us As always, Forrester clients can connect with Sandy for product security, Andras for identity, and me for Zero Trust by setting up a guidance session or inquiry. We’ll also be in Austin, Texas, on November 5–7 with a host of our colleagues for the Forrester Security & Risk Summit. This year’s theme is “Master Risk, Conquer

Every Ponzi scheme pays old obligations with new investment, creating a mirage of growth while speeding toward collapse. Your IT organization may be doing the same — funding yesterday’s shortcuts with today’s headcount. The test: What share of new engineering hires are building the future versus maintaining the past? If the majority are patching old systems, you’re using growth capital to service debt, not create value. When hiring slows due to freezes, cuts, or shortages, the illusion collapses. Systems fail, features stall, and your best engineers walk out the door. Unlike a financial Ponzi scheme, there’s no “declare bankruptcy” option for technical debt. The interest compounds unpredictably, buried in code, architecture, and process. And when payment comes due, it’s often sudden — a critical outage, a security breach, or a wave of resignations. The underlying dynamics aren’t random. They form reinforcing “doom loops” that keep organizations trapped: The Death Spiral. Technical debt spawns incidents that eat up capacity, starving investment in prevention and making debt grow faster. The Talent Drain. Experts hired to innovate end up firefighting. Burned out, they leave, forcing replacements to climb steep learning curves while creating more mistakes. The Delivery Squeeze. As maintenance eats into bandwidth, deadlines remain. Shortcuts get taken, planting the seeds of tomorrow’s crises. The Incident Explosion. Quick fixes under pressure add complexity, increasing the likelihood and severity of the next failure. The Cognitive Overload. Complexity accumulates until no one fully understands the system, making every change risky and slow. Breaking The Cycle The only way out is to stop borrowing against the future and start paying down the past. Escaping requires sustained platform investment — enough to reach equilibrium where debt stops growing. This means: Refactoring to improve code structure and reduce the cost of future changes. Refreshing technologies before they become emergencies. Rationalizing redundant systems to reduce complexity and risk. Big-bang modernizations are often problematic. They create disruption that drives away experts, introduce new debt through rushed implementation, fail to complete migrations (leaving legacy systems running, as there’s “no ROI” on sunsetting them), and cost more than promised while delivering less. The sustainable path is continuous, disciplined investment, treating technical debt like a mortgage that demands regular, gated, and guaranteed payments regardless of shifting priorities. There’s emerging industry consensus that 20% is a good place to start: 20%, ongoing, of the available engineering budget and time dedicated to platform health and debt reduction. This commitment creates a virtuous cycle: Debt shrinks, incidents drop, capacity grows, and investment accelerates. You can keep the illusion alive until the collapse, or face reality now. Every day you delay, the compound interest grows. Will you act while you can still escape — or wait until it’s too late? Just ask Bernie Madoff how that worked out. Learn More Want to learn more about managing technical debt? Come to our upcoming Technology & Innovation Summit EMEA in London October 8–10, where I’ll be hosting a workshop called “The Hidden Costs: Managing Tech Debt Through M&A And Organizational Change.” In the workshop, we’ll show you how to prioritize and address critical technical liabilities, provide some best practices for technology integration and consolidation, and help you foster a culture of proactive tech debt management in your organization. And see my new report on “The Doom Loops Of Technical Debt,” just published! source

Two weeks ago, President Trump announced America By Design, a new federal initiative to improve Americans’ experiences using government services, such as when renewing a passport, applying for a small business loan, or filing taxes. It includes updating the government’s design language and the websites and physical sites that have a major impact on Americans’ everyday lives. Trump has appointed the country’s first chief design officer, Airbnb cofounder Joe Gebbia, and created a National Design Studio to help agencies implement changes, with initial results expected by July 4, 2026. What’s Promising About This New Initiative? Here’s what’s encouraging about America By Design: It mandates that public experiences become more usable. Prioritizing design is a significant shift in a space where design often takes a back seat to competing priorities. Mandating that agencies work with skilled designers to improve experiences sends a signal that design is essential. Mandates have had a powerful effect on making experiences accessible, for example, so mandating better design could very well lead to positive results for Americans. It may drive broader adoption of the government’s design system. The U.S. Web Design System was launched in 2015 by 18F and the U.S. Digital Service, but its use does not appear to be widespread — although some agencies such as the VA and the NIH Library have adopted it. The new chief design officer has an opportunity to treat the design system as a product, which means funding cross-discipline teams of designers and developers, creating a contribution model, and establishing telemetry and metrics to track usage and effectiveness. It renews (at least part of) the attention that Trump gave to CX in his first term. The first Trump administration continued the White House’s spotlight on customer experience (CX), supported by the bipartisan 21st Century IDEA Act. That law called for public websites to be accessible, searchable, secure, mobile-ready, and efficient at meeting users’ needs. Additionally, CX initiatives and metrics were tracked at performance.gov, including actions taken by high-impact service providers to improve critical government services — such as checking for Medicaid eligibility and applying for and receiving disaster aid. Performance.gov has laid dormant under the current administration, but this executive order may presage the release of the President’s Management Agenda (which drives what gets managed and reported) and, with it, renewed tracking of digital service performance at the touchpoint and journey level. Why We’re Not Convinced That This Spells Good News For Design It’s unlikely that this initiative will create meaningful improvements for Americans because: It’s overly focused on aesthetics rather than the true purpose of design. Joe Gebbia’s post on X comparing government services to the “beautifully designed” Apple Store experience is a parity trap and a classic example of low design literacy. Apple’s designs show a balance of form and function, understanding that a beautiful but unusable design is bad design. When designers deeply understand user needs, they create experiences that are effective, intuitive, and emotionally resonant. Beauty is the outcome of empathy and curiosity, not the goal. If the initiative prioritizes visual appearance over usability, meaningful service improvements will not follow. It risks lowering the standard for quality design. The government has historically set the floor for what good design is, not the ceiling — especially in areas like accessibility. Yet accessibility isn’t mentioned in the executive order, and ironically, the America By Design website is inaccessible, with issues such as poor color contrast and a flag animation that can’t be paused. Despite feedback from experts, to date, these problems remain unfixed. While the legal foundation for accessibility is still strong, there’s a risk here: If the standards developed and mandated under this order are adopted, sacrificing accessibility in pursuit of questionable aesthetics, many Americans will be shut out. If the private sector follows suit, the risk could be magnified to levels that digitally disenfranchise millions of Americans. The government already had (and fired) strong design talent. That talent sat in 18F and the U.S. Digital Service (before it was renamed and retasked to become DOGE); both shut down earlier this year. The new chief design officer is tasked with recruiting private-sector designers, but there’s no acknowledgement of past designers’ contributions to improving government services or plans to recover lost expertise. Design is most successful when it’s embedded in the organization and informed by domain knowledge, so regaining that insight and knowledge will be critical to the initiative’s success. Get In Touch Good design isn’t a nice-to-have; it’s mission-critical for government services, and it’s a foundation for winning and serving customers in the private sector. We’re here to help Forrester clients of all sectors; there’s no time like the present to set up a conversation about experience design best practices. source

As you would expect, I am fielding a lot of questions from clients about how to deploy, embed, and integrate AI into their workforce. Some of the questions imply a hasty workforce replacement strategy, while others are more nuanced about how to prepare their workforce to use AI in their evolving work. But all of these leaders are flying blind, because AI doesn’t replace jobs; it replaces tasks. And no leader we talk to has an easy way to look at the tasks being done. Enter task intelligence, an emerging use case for AI. Task intelligence draws on task-level data, then offers insights about those tasks, such as automation potential, duplication across teams, transferability, cost to outsource, etc. It sits at the elevation that makes sense to leaders — more tangible than job titles but more visible than granular skills data. This level of task intelligence will be key to unlocking meaningful workforce optimization. It’s a lens for understanding how work happens now— and how it can happen better. Gratefully, tools now exist that can extract and analyze task-level data at scale, from public and proprietary job descriptions. This isn’t just a technical breakthrough — it’s a strategic one. Task intelligence helps leaders answer questions they’ve long struggled with: Where are we duplicating effort across teams? Which tasks are ripe for automation? How do we redeploy talent after a merger or restructuring? What invisible work is keeping our organization running? It also shifts the conversation from abstract workforce planning to actionable decisions. Instead of debating whether a role should exist, we can ask whether the tasks it performs are still relevant, efficient, or necessary. Are there ways that task intelligence needs to improve? Of course. Employees do work outside of their job description all the time, so we need an approach like classic job analysis or ethnographic observation of work to fill out the full picture of valuable work and make sure that we don’t cut so much that our organization can’t function or handle pivots and change. Vendors are working on scalable approaches to that as we speak, using, you guessed it, AI. Task intelligence will become a foundational capability for any leader serious about workforce strategy. I’m excited to have a front-row seat as organizations tackle this underlying challenge, central to the future of work. Stay tuned for more from me on this topic, and feel free to share what you’re learning as you explore and test different approaches. source