When Technology Outruns its Foundations: What 2025 Revealed About Enterprise Systems

For most of the past decade, technology strategy rested on a simple assumption: that progress would compound. Cloud adoption would make systems more flexible. Automation would make work faster. Artificial intelligence would sit on top of it all and unlock new value.

By the end of 2025, that assumption no longer held.

Across industries and regions, organisations encountered similar friction points. AI initiatives stalled. Cyber incidents became harder to detect and more damaging. Cloud strategies are fragmented rather than simplified. Energy, data sovereignty, and governance constraints ceased to be abstract risks and began to shape day-to-day decisions.

These were not separate failures. They were signals of the same underlying reality: digital systems had become central to how organisations operate, yet they were still treated as supporting infrastructure rather than as core operating environments.

Matthew Prince, CEO of Cloudflare, captured that shift in plain terms. “The Internet isn’t just changing,” he said. “It is being fundamentally rewired.”

Cloudflare’s data shows what that rewiring looks like in practice. In 2025, global internet traffic grew by 19% year over year. During the same period, Cloudflare mitigated more than 25 record-breaking DDoS attacks, while post-quantum encryption expanded to protect over half of the human web traffic observed on its network. Scale, dependence, and exposure grew together.

That combination explains why 2026 feels different. Organisations are no longer preparing for future disruption. They are trying to stabilise systems that are already under strain.

AI did not fail in 2025. It revealed what was missing.

As AI adoption slowed through 2025, many organisations initially framed the problem as one of execution. Projects were described as “not ready,” “still experimental,” or “waiting for better data.” Over time, a more precise pattern emerged. The issue was not ambition or intelligence. It was readiness for production.

Fred Lherault, CTO for EMEA and Emerging Markets at Pure Storage, notes the extent to which this gap has become widespread. “We saw that roughly 95% of AI projects never moved beyond the pilot phase,” he said. “That does not mean the models did not work. It means organisations were not prepared to run AI systems continuously, securely, and at scale.”

That pattern is even more pronounced in agentic AI. Gartner now predicts that more than 40% of agentic AI projects will be cancelled by the end of 2027, largely due to governance, security, and integration failures rather than model performance.

Lherault explains that pilots tolerate instability in ways production environments cannot. “Once AI becomes part of daily operations, infrastructure has to support high availability, consistent performance, strong security, and non-disruptive recovery,” he said. “Many enterprises discovered that their existing foundations simply could not support that.”

As these limitations surfaced, the impact quickly moved beyond IT teams. AI ceased being a technical experiment and began affecting real business processes.

Dinesh Varadharajan, Chief Product Officer at Kissflow, describes how this change played out inside organisations. “For several years, companies treated AI as something that sat on top of work,” he said. “In 2025, many of them realised that embedding AI into workflows changes how decisions are made and who is accountable for them.”

According to Varadharajan, this is where the reality gap became visible. “When AI starts triggering approvals, handling exceptions, or coordinating tasks across systems, failures are no longer theoretical,” he said. “They affect outcomes. At that point, AI is no longer a productivity layer. It becomes part of how the organisation operates.”

That shift forced leaders to rethink the meaning of modernisation itself. Asanka Abeysinghe, CTO at WSO2, says 2025 marked a clear turning point. “Modernisation stopped being about moving away from legacy systems,” he said. “It became about architecting for AI, adaptability, and continuous change.”

Abeysinghe explains that this change elevated previously overlooked components. “When organisations began embedding AI into core journeys, integration, identity, and internal platforms moved to the centre of digital strategy,” he said. “Without those foundations, AI could not be deployed safely or consistently.”

At an enterprise level, the same story is repeated. Globant CTO Diego Tártara describes 2025 as the end of the experimentation phase. “AI is no longer a surface-level trend,” he said. “It is becoming the engine of enterprise transformation.”

But that transition is unforgiving. “When AI moves into core operations, any weakness in governance, ownership, or system design is exposed immediately,” Tártara said. “Organisations that did not address those fundamentals found that their initiatives simply could not scale.”

Bernd Greifeneder, Founder and CTO of Dynatrace, says the problem compounds once agentic systems enter the picture. “Agentic AI introduces a new level of system interaction that is exponentially harder to manage,” he said. “Without strong observability and clear guardrails, even well-architected environments can spiral into unpredictable behaviour.”

That concern is echoed by security teams working closer to the execution layer. A senior executive at Cequence Security, which works with large enterprises deploying agentic AI, says the core issue is not intelligence but control. “What we see repeatedly is organisations rushing to deploy agents without embedding authentication, authorisation, and monitoring from the start,” he said. “When agents are allowed to act without guardrails, they don’t just create technical risk. They create business risk.”

Taken together, these perspectives point to a single conclusion. AI did not disappoint in 2025. It made visible the cost of building intelligence on top of systems that were never designed to carry it.

Security broke for the same reason, but with far less warning

As AI exposed organisational limits, cybersecurity failures revealed them more abruptly.

By 2025, many of the most serious breaches no longer relied on malware. Instead, attackers exploited what organisations already trusted.

Ziad Nasr, General Manager for Acronis in the Middle East, describes the shift clearly. “We are seeing more intrusions that do not involve malware at all,” he said. “Attackers are using stolen credentials, misconfigured cloud environments, compromised identities, and legitimate administrative tools.”

Nasr explains why this is so difficult to detect. “When attackers operate inside trusted systems, their activity blends in with normal behaviour,” he said. “By the time organisations realise something is wrong, the damage is often already done.”

Christopher Hills, Chief Security Strategist at BeyondTrust, sees the same pattern. “The primary target has shifted,” he said. “It is no longer devices or files. It is identity.”

Once identity is compromised, Hills explains, access follows naturally. “If you control identity, you can move laterally, escalate privileges, and persist without triggering traditional alarms,” he said.

At a deeper infrastructure level, Infoblox’s experts explain why some basic systems are becoming increasingly important. Dr. Renée Burton, Head of Threat Intelligence at Infoblox, explains that while attackers increasingly use AI, deepfakes, and automation, DNS remains constant. “DNS does not change just because attackers adopt new tools,” she said. “That consistency makes it one of the few places where defenders can reliably observe malicious behaviour.”

At the same time, the nature of attacks is changing. Infoblox CEO Scott Harrell warns that AI enables mass personalisation. “We are seeing attacks tailored to specific individuals and organisations at scale,” he said. “That makes it much harder to rely on generic controls or assume you will blend into the crowd.”

Infrastructure choices became political, not just technical

As security and AI pressures mounted, infrastructure decisions moved into a different category. They ceased to be purely technical and became strategic.

Nasr notes that in 2025, cyber activity increasingly intersected with physical disruption. GPS interference affected aviation and shipping in parts of the Middle East. “Digital operations are no longer isolated from physical consequences,” he said. “They increasingly shape safety, logistics, and movement.”

At the same time, concerns around sovereignty became more concrete. Pure Storage argues that AI and data sovereignty are driving organisations to reconsider where their most critical data resides. Control during crises, regulatory pressure, and geopolitical risk all influence infrastructure decisions.

Ayres argues this is why the UAE gained strategic weight in 2025. “As regulations tightened globally, the UAE stood out for offering clarity rather than ambiguity,” he said. “That matters when you’re building financial infrastructure meant to scale across borders.”

NetApp’s Suhail Hasanian describes how this is reshaping cloud strategy in practice. “The conversation is no longer about moving everything to the cloud,” he said. “It is about deciding where workloads belong based on performance needs, privacy requirements, and data location.”

As a result, cloud environments are becoming deliberately hybrid. Compute itself is fragmenting, with regional providers and GPU-centric platforms expanding capacity but also increasing complexity. More platforms mean more identities, more integrations, and more exposure.

2026 will demand autonomy, but only where control exists

Looking ahead, most organisations expect more autonomous systems in 2026. AI agents will recommend actions, execute tasks, and coordinate work across systems.

Globant characterises this shift as a transition from assistance to execution. WSO2 expects AI-native architectures in which agents are the core building blocks. ServiceNow President for EMEA Cathy Mauzaize describes the rise of agentic platforms where humans and machines work side by side.

However, Mauzaize also highlights the central constraint. “As AI becomes inseparable from operations, governance cannot be treated as a separate layer,” she said. “It has to be embedded directly into how work gets done.”

Jürgen Hatheier, Vice President of Business Development and CTO for Global Partnerships at Ciena, says the network itself is becoming the bottleneck. “AI-driven workloads are exposing the limits of architectures built for predictable traffic,” he said. “In 2026, ultra-low latency, deterministic performance, and programmable networks will move from ‘nice to have’ to critical.”

Hadi Jaafarawi, Regional VP at Qualys, expects security teams to shift toward risk-based models that prioritise business impact over alert volume. He also warns against the indiscriminate use of AI. “Using AI to manage AI risk without clear priorities can increase complexity faster than it reduces risk,” he said.

Infoblox’s Harrell adds a practical reality. “Modern cloud environments are already beyond the scale of human troubleshooting,” he said. “Autonomous systems will increasingly resolve issues on their own.”

That only works, he argues, if organisations understand and trust those systems.

Loyalty platforms show what happens when AI meets trust at scale

The loyalty sector illustrates how these pressures converge.

Loylogic estimates that the Middle East loyalty market reached $3.27 billion in 2025, increasing by more than 16% year over year. But scale alone is no longer the goal.

CEO Gabi Kool explains the shift. “Brands are looking for reward ecosystems that are relevant, commercially sound, and trusted,” he said. “Choice without intelligence does not create value.” COO Amit Bendre adds that intelligence cannot come at the expense of trust. “Our focus is on better insight and better experiences,” he said, “but always within strong standards for security, transparency, and regulatory compliance.”

As AI-driven personalisation deepens, loyalty platforms sit at the intersection of identity, finance, and consumer trust. In that environment, governance becomes part of the product itself.

What 2025 ultimately revealed is not that technology moved too fast — but that many organisations built speed on top of systems that were never designed to carry the weight.