In recognition of the vast range of talent and excellence in the UK’s IT industry, the CIO 100 UK has become the benchmark for achievement, insight sharing, and collaboration among an influential community of tech decision-makers who drive meaningful business outcomes through digital leadership, strategic vision, and technology breakthroughs.

Once again, the prestigious awards are back for 2026 as part of the global CIO Awards project, now in its fourth decade after first starting in the US and then expanding to other markets such as Germany, Spain, Singapore, Australia, South Korea, India, and, of course, the UK.

The deadline for this year’s applicants to enter is May 21, however, and the CIO 100 Awards & Conference UK takes place on September 24 at the prestigious Royal Lancaster hotel in London. During the event, past award winners and nominees will be in attendance to share their success stories with other IT leaders, creating an invaluable peer-to-peer learning experience.

A trusted platform

CIO.com, a publication of Foundry, highlights the work of top-level executives who drive valuable and measurable business results through digital leadership and strategic vision, and the CIO 100 UK celebrates those leaders. So the application process is designed to attract the best of the best by accepting various formats either by text, video, audio, or interview. 

They should also focus on delivering evidence-based answers that show data-driven impact, strong leadership, and alignment between technology and business goals. Plus, they should demonstrate how they shaped culture, collaboration, and strategic direction through specific actions. Of course, submissions should highlight standout achievements as well, with concise examples that showcase meaningful outcomes and what differentiates their leadership.

To read the full guidance for applying, please view the Guidance Criteria Document. You can also view the questions at a glance. And if you have any questions regarding your application, please email events-uk@foundryco.com.

Submit your application online here.

Every event at a glance

Here, you can find all of Foundry’s global CIO Award events at a glance. To show interest, register, or query anything, please contact our colleagues in the respective regions.

Currently, we’re accepting nominations for the CIO 100 and CIO 50 awards in the following countries and regions:

• CIO 100 USA (August 2026) — Application phase closed; registration for the conference is open here. Learn more
• CIO of the Year Germany (October 2026) — Application deadline: May 15, 2026. Learn more
• CIO 100 UK (September 2026) — Application deadline: May 21, 2026. Learn more
• CIO 50 Spain (October 2026) — Application deadline: May 29, 2026. Learn more
• CIO 100 India (September 2026) — Application deadline: June 5, 2026. Learn more
• CIO 100 Australia (September 2026) — Application deadline: June 19, 2026. Learn more
• CIO 100 ASEAN (November 2026) — Application deadline: July 27, 2026. Learn more
• CIO 50 Japan (December 2026) — Application deadline: mid-August 2026. Learn more

Un año más, vuelve la convocatoria de premios de referencia para distinguir a los mejores directivos de sistemas de información (CIO) en España y los proyectos de TI más innovadores realizados en el país. La iniciativa, conocida como los ‘Oscar de la industria de TI’, forma parte del proyecto global CIO Awards con el que la publicación internacional CIO, del grupo editorial Foundry, pone en valor la labor de ejecutivos de primer nivel capaces de impulsar valiosos resultados empresariales mediante el liderazgo digital, la visión estratégica y la innovación tecnológica.

Los premios esta vez recalan en España bajo el nombre de CIO 50 Awards. El plazo de recepción de candidaturas para la edición de 2026 está abierto hasta el próximo 29 de mayo y la cita de entrega de los galardones tendrá lugar el 8 de octubre en Madrid, en el marco de una gran conferencia que se celebrará en paralelo y estará centrada en la temática “Liderazgo tecnológico responsable, resiliencia y gobierno digital en el contexto español”. Durante la jornada, los galardonados en otras ediciones de los premios y los candidatos podrán compartir sus historias de éxito con otros líderes de TI, creando una experiencia de aprendizaje entre iguales de valor incalculable.

Quién puede participar

Pueden optar a los CIO 50 Awards los CIO y otros directivos/gerentes de tecnología de empresas, administraciones públicas u organizaciones sin ánimo de lucro (ONG).

Los directivos que se presenten a la convocatoria deben desempeñar una labor al más alto nivel en lo que respecta a estrategia y ejecución tecnológica y de transformación, pues los premios CIO 50 reconocen a aquellos líderes que definen la dirección de la organización, contribuyen a decisiones a nivel del consejo directivo y ejercen influencia en inversiones tecnológicas de gran envergadura. Un requisito para presentar candidatura es que los CIO lleven al menos un año en la organización para la que trabajan actualmente.

Los consultores, proveedores de TI, de software o de hardware y las empresas de estudios de mercado o servicios de información no podrán optar a los CIO 50.

Cómo se elige a los premiados

Como en las ediciones anteriores, las candidaturas serán valoradas por un jurado independiente que analizará aspectos como los desafíos afrontados en los proyectos y las soluciones implementadas; los beneficios y mejoras logrados; el impacto en el negocio (optimización de costes, mejora de márgenes, crecimiento de ingresos); los aumentos en la productividad y la transformación de los procesos empresariales gracias a las TI.

El jurado está conformado por Fernando Muñoz, director del CIO Executive by Foundry; Esther Macías, directora editorial de CIO y COMPUTERWORLD en España; los históricos CIO, ya retirados, José María Tavera, que lideró la estrategia de TI de gigantes como Telefónica o Acciona, y José María Fuster, quien estuvo al frente de las TI del Banco Santander y ahora es patrono de la Fundación Real Academia de Ciencias de España; Dimitris Bountolos, CIIO de Ferrovial y ganador de la categoría CIO del año de la edición 2025 de los CIO 100 Awards Spain; Gracia Sánchez-Vizcaíno, CIO para Iberia & Latinoamérica de Securitas Group; Mar Hurtado de Mendoza, vicepresidenta global de reclutamiento en IE University y profesora adjunta de esta escuela de negocio; y Patricia Arboleda, presidenta de Women in Tech – Spain.

Una distinción local con alma global

La historia de los galardones CIO 100 y CIO 50 a la excelencia en TI empresarial se remonta a hace más de tres décadas, cuando comenzaron a otorgarse a directivos de Estados Unidos, para extenderse después a otros mercados como Alemania, Reino Unido, España, Singapur, Australia, Corea del Sur e India.

Se trata de una iniciativa clave para reconocer logros, compartir conocimiento y conectar a una influyente comunidad de responsables de la toma de decisiones en tecnologías de la información.

En la actualidad, la publicación CIO, del grupo Foundry, tiene abierto el proceso de recepción de candidaturas a los premios CIO 100 y CIO 50 en los siguientes países/regiones:

• CIO 100 USA (agosto de 2026).– Fase de solicitud cerrada; La inscripción para la conferencia está abierta aquí. Más información
• CIO del Año Alemania (octubre de 2026).– Fecha límite de presentación de candidaturas: el 15 de mayo de 2026. Más información
• CIO 100 UK (septiembre de 2026).– Fecha límite de presentación de candidaturas: el 21 de mayo de 2026. Más información
• CIO 50 España (octubre de 2026).– Fecha límite de presentación de candidaturas: 29 de mayo de 2026. Más información
• CIO 100 India (septiembre de 2026).– Fecha límite de presentación de candidaturas: 5 de junio de 2026. Más información
• CIO 100 Australia (septiembre de 2026).– Fecha límite de presentación de candidaturas: 19 de junio de 2026. Más información
• CIO 100 ASEAN (noviembre de 2026).– Fecha límite de presentación de candidaturas: 27 de julio de 2026. Más información
• CIO 50 Japón (diciembre de 2026) – Fecha límite de presentación de candidaturas: mediados de agosto de 2026.

구글이 지난주 개최한 연례 컨퍼런스 ‘구글 클라우드 넥스트 2026’에서 내놓은 발표 가운데 가장 주목할 점은 새로운 모델이나 TPU가 아니었다. 기업 전반에 제미나이를 확산하는 또 다른 방식 역시 핵심은 아니었다.

오히려 이는 하나의 인정이자, 동시에 경고에 가까운 메시지로 읽힌다.

에이전트에는 감독이 필요하다

이미 알고 있던 사실이지만, “알고도 실행하지 않으면 진정으로 아는 것이 아니다”라는 말처럼 실제로 이를 실천하는 것은 또 다른 문제다. 우리는 에이전트를 분주하게 일을 처리하는 디지털 직원처럼 여기지만, 동시에 이들은 인증 정보와 예산, 메모리, 민감 데이터 접근 권한을 가진 취약한 소프트웨어 시스템이기도 하다. 게다가 비용이 크게 들고 원인 추적이 어려운 방식으로 실패하는 특성까지 갖고 있다.

이것이 ‘구글 클라우드 넥스트 2026’의 본질적인 메시지다. 많은 이들은 구글이 에이전틱 엔터프라이즈 시장을 선점하기 위해 나섰다고 해석하지만, 보다 흥미로운 해석은 구글이 이를 ‘통제하기 위해’ 등장했다는 점이다.

물론 구글은 ‘에이전틱 클라우드(agentic cloud)’를 적극적으로 강조했다. 요즘 어떤 행사에서도 빠지지 않는 주제다. 제미나이 엔터프라이즈 에이전트 플랫폼, 8세대 TPU(Tensor Processing Unit), 새로운 워크스페이스 인텔리전스 AI(Workspace Intelligence AI) 기능, 그리고 기업 전반에 AI를 자연스럽게 녹여내기 위한 다양한 통합 기능도 함께 발표했다. 에이전트 시대의 성과를 자축하는 자리로만 본다면 충분한 발표였다.

하지만 화려한 연출을 걷어내면 더 중요한 메시지가 드러난다. 지난 2년 동안 기업은 AI 에이전트에 열광해 왔고, 이제는 이들이 기업의 평판을 해치거나 재무적 손실을 일으키거나 민감 정보를 노출하지 않도록 통제해야 할 단계에 이르렀다는 점이다.

이는 구글을 비판하는 이야기가 아니다. 오히려 그 반대다. 이번 행사에서 가장 실질적인 가치가 있는 발표일 수 있다.

“신뢰하되 검증하라”

AI가 단순히 말하는 수준을 넘어 실제 행동을 수행하기 시작하는 순간, 기업 환경에서는 필수적인 질문들이 쏟아진다. 누가 이를 승인했는지, 어떤 데이터를 사용했는지, 어떤 시스템에 접근했는지, 왜 그런 행동을 했는지, 비용은 얼마나 들었는지, 그리고 필요할 경우 어떻게 중단할 수 있는지 등이다.

구글의 이번 발표는 상당 부분 이러한 질문에 대한 답변으로 구성됐다.

구글이 강조한 내용을 보면 이를 분명히 알 수 있다. 지식 카탈로그(Knowledge Catalog)는 기업 데이터 전반에서 신뢰할 수 있는 비즈니스 맥락을 제공해 에이전트의 판단을 보완하도록 설계됐다. 제미나이 엔터프라이즈에는 장시간 실행되는 에이전트를 포함해 이를 관리·모니터링할 수 있는 기능이 추가됐다.

워크스페이스에는 에이전트의 데이터 접근을 모니터링하고 제어하며 감사할 수 있는 기능이 도입돼 프롬프트 인젝션, 과도한 정보 공유, 데이터 유출 위험을 줄인다. 또한 구글 클라우드는 에이전트 방어 기능과 위즈(Wiz) 기반 보안 체계를 통해 클라우드와 AI 개발 환경 전반에서 에이전트를 보호할 수 있도록 했다.

이러한 기능들은 시스템이 완벽하게 작동할 때 필요한 도구가 아니다. 오히려 “데모에서는 잘 작동했지만 실제 업무에 맡겨도 되는가”라는 현실적인 고민에 직면한 기업을 위해 만들어진 것이다.

에이전트 관리 계층

업계 분석가들은 기업용 AI의 새로운 계층을 설명하는 용어로 ‘에이전트 컨트롤 플레인(agent control plane)’에 점차 합의하는 분위기다. 익숙한 개념이라는 점에서 적절한 표현이다. 마치 쿠버네티스(Kubernetes)가 인프라를 통합 관리하듯, AI 에이전트의 동작을 중앙에서 관리하는 플랫폼을 떠올리게 한다. 즉, 다수의 AI 에이전트를 한곳에서 관리하고 관찰하며, 라우팅·보안·최적화를 수행할 수 있는 통합 시스템을 의미한다.

하지만 현실은 아직 그 단계와 거리가 멀다.

에이전트에 컨트롤 플레인이 필요한 이유는 이들이 이미 직원을 대체하고 있어서가 아니다. 오히려 기업이 확률 기반 시스템인 에이전트를 기존의 결정론적 업무 프로세스에 연결하면서, 그 사이를 누군가 반드시 관리해야 한다는 사실을 깨닫고 있기 때문이다. 에이전트 데모에서는 자율성이 깔끔하게 보이지만, 실제 엔터프라이즈 시스템에서는 상황이 훨씬 복잡하게 전개된다.

고객 데이터는 한 시스템에, 계약 정보는 또 다른 시스템에 흩어져 있고, 예외 처리는 누군가의 이메일함에 남아 있으며, 정책 문서는 2021년에 업데이트된 PDF 파일에 머물러 있는 경우가 많다. 게다가 해당 업무 흐름을 이해하던 담당자는 팬데믹 기간 중 회사를 떠났을 수도 있다.

이처럼 복잡한 환경에 이제 에이전트까지 추가되고 있다.

이 때문에 필자는 구글의 컨트롤 플레인 전략에 일정 부분 공감하면서도, 지나치게 정돈된 벤더의 서사에는 여전히 경계심을 갖는다. 통합 에이전트 플랫폼, 거버넌스, 모니터링, 평가, 관측성, 시뮬레이션 기능은 모두 필요하다. 특히 제미나이 엔터프라이즈는 기업이 개별적으로 엮어 왔던 복잡한 운영 요소를 중앙화하려는 시도라는 점에서 의미가 있다.

다만 컨트롤 플레인을 실제 업무 그 자체로 오해해서는 안 된다.

파일럿은 쉽고, 운영은 어렵다

에이전틱 AI 관련 데이터는 한 가지 메시지를 반복하고 있다. 기대감이 실제 운영 성숙도를 크게 앞서고 있다는 점이다.

업무 자동화 기술 카문다(Camunda)의 ‘2026 에이전트 오케스트레이션 및 자동화 현황’ 보고서에 따르면, 71%의 조직이 AI 에이전트를 사용하고 있다고 답했지만 지난 1년간 실제 운영 환경에 적용된 사례는 11%에 그쳤다. 또한 73%는 에이전틱 AI에 대한 비전과 현실 사이에 격차가 있다고 인정했다.

가트너 역시 비슷한 전망을 내놓았다. 2027년 말까지 에이전틱 AI 프로젝트의 40% 이상이 중단될 것으로 예상되며, 그 이유로는 비용 부담, 불명확한 비즈니스 가치, 미흡한 리스크 관리가 꼽힌다.

분명히 짚고 넘어가야 할 점은, 이것이 모델의 문제가 아니라는 사실이다. 전형적인 엔터프라이즈 소프트웨어 운영 문제에 가깝다.

이 같은 흐름은 보안과 거버넌스 영역에서도 동일하게 나타난다. 생성형 AI 관리 플랫폼 라이터(Writer)의 2026 조사에 따르면, 67%의 경영진이 승인되지 않은 AI 도구로 인해 데이터 유출이나 보안 사고를 경험했다고 답했다.

또한 36%는 AI 에이전트를 감독하기 위한 공식적인 계획이 없으며, 35%는 문제가 발생한 에이전트를 즉시 중단할 수 없다고 밝혔다.

세 가지 가운데서도 특히 마지막 수치가 가장 우려되는 대목이다. 기업 시스템과 고객 데이터, 조직의 인증 정보에 접근할 수 있는 소프트웨어 에이전트임에도 불구하고, 3분의 1이 넘는 기업이 문제가 발생했을 때 이를 신속하게 중단할 수 있다고 확신하지 못하고 있다.

그럼에도 정말 걱정하지 않아도 되는 걸까?

에이전트는 덜 중요한 요소

에이전틱 엔터프라이즈 환경의 숨겨진 진실은, 정작 에이전트 자체는 아키텍처에서 가장 덜 중요한 요소일 수 있다는 점이다. 모든 주목과 기대는 에이전트에 쏠리지만, 실제 핵심은 따로 있다. 인증과 권한 관리, 워크플로 경계 설정, 데이터 품질, 검색과 메모리, 평가 체계, 감사 추적, 비용 통제, 그리고 에이전트가 혼란에 빠졌을 때 어떤 시스템을 ‘단일 진실의 원천(source of truth)’으로 삼을지 결정하는 문제 등이 진짜 과제다.

구글 클라우드 넥스트에서의 발표는 에이전틱 엔터프라이즈가 이미 도래했음을 증명하지는 않았다. 대신, 에이전틱 기업이 현실화된다면 결국 기존 엔터프라이즈 소프트웨어가 중요한 국면에 접어들었을 때와 매우 유사한 모습이 될 것임을 보여줬다. 마법 같은 혁신보다는 거버넌스 중심의 구조로 수렴한다는 의미다.

이는 분명 진전이지만, 결코 ‘화려한 발전’은 아니다.

에이전틱 AI 시장에서 승자를 가려내고 싶다면, 가장 똑똑한 에이전트를 가진 기업을 찾기보다 데이터 계약이 명확하고, 평가 체계가 정교하며, 일관된 인증 모델을 갖추고, 비공식적인 ‘섀도우 AI’ 확산을 최소화하는 기업을 주목해야 한다. 그러나 업계는 이러한 이야기를 꺼리는 경향이 있다. 자율적으로 일하는 디지털 노동자에 대해 말하는 것이 데이터 계보나 접근 통제를 논하는 것보다 훨씬 흥미롭기 때문이다.

하지만 엔터프라이즈 소프트웨어가 현실이 되는 지점은 바로 이런 ‘지루함’ 속에 있다.

에이전트 시대의 도래를 성급히 선언하기 어려운 또 다른 이유도 있다. 에이전트의 유용성은 결국 안전하게 이해하고 활용할 수 있는 데이터에 달려 있기 때문이다. 구글 역시 이를 분명히 인식하고 있다. 지식 카탈로그 크로스 클라우드 레이크하우스 전략을 포함한 ‘에이전트 데이터 클라우드’ 개념은, 에이전트가 신뢰할 수 있는 비즈니스 맥락을 필요로 한다는 점을 인정한 것이다.

이러한 맥락이 없다면 에이전트는 엔터프라이즈의 업무 수행자가 아니라, 시스템을 떠도는 ‘말 잘하는 관광객’에 불과하다.

결국 이번 구글 클라우드 넥스트에서 가장 고무적인 발표는 에이전트를 더 자율적으로 만드는 기술이 아니었다. 오히려 에이전트를 더 잘 관리할 수 있도록 만드는 기능이었다. 에이전틱 AI는 거대한 가능성을 지니고 있지만, 그것이 현실이 되기 위해서는 무엇보다 ‘지루할 만큼 안정적인’ 특성을 입증해야 한다.
dl-ciokorea@foundryco.com

Identity has always been central to security, but the proliferation of AI agents is rapidly changing the challenge of managing and securing identity, spurring CISOs to rethink their identity strategies — even how it is defined.

“Identity is now both a control surface and an attack surface. We’ve had non-human identities as API keys, tokens, service accounts, but now we have agents, and that’s a new class,” says Dustin Wilcox, senior VP and CISO at S&P Global.

The challenge is attributing actions to non-human identities because the typical signals don’t apply. “The techniques to identify a person, like the telemetry of how they use the keyboard, we won’t be able to do that when it’s an agent that’s working entirely digitally,” Wilcox tells CSO.

And as agents proliferate, it becomes difficult for CISOs to maintain a complete picture of how many exist, what they’re used for, and what they’re authorized to do.

“With a human identity, you can validate access needs directly. With service accounts, and now with agents, that clarity is harder to achieve,” says Docusign CISO Michael Adams.

“Treating them as if they fit existing models can create gaps in visibility and control. At the same time, AI systems are contributing to rapid growth in non-human identities, including the creation of new credentials and tokens, which many inventory processes weren’t designed to track,” he adds.

“And on the human side, generative AI is making social engineering more convincing, eroding some of the behavioral signals defenders have historically relied on. The result is an expanding attack surface at the same moment traditional indicators are becoming less reliable,” Adams tells CSO.

The advice for CISOs is to adopt an identity-first security model that treats identity as the foundational layer of the security architecture.

“Every access decision flows through identity and is continuously verified, not just checked at the door,” says Adams.

Identity becomes the primary control plane

CISOs are now managing a new class of identities that includes copilots, autonomous agents, and AI-powered workflows that don’t fit neatly into existing frameworks. And they can access systems, take actions, and make decisions at machine speed.

Wilcox and Adams are speaking at the CSO Cybersecurity Awards & Conference, May 11–13. Reserve your place.

As a result, Adams says CISOs will increasingly need to adopt an identity-centric security architecture and there are several key tenets to consider.

Build a strong foundation before layering on complexity. The instinct when modernizing an identity program, says Adams, is to reach for sophisticated tooling. Instead, his advice is to get the fundamentals in place — clean directories, enforced least privilege, and reliable offboarding processes.

“Organizations that jump to continuous verification without establishing basic identity hygiene may find themselves building on an unstable foundation,” he says.

Design for the new class of identities. When designing role models and access policies, the temptation is to mirror existing structures.

“That often carries years of permission creep into a new architecture. Starting from least privilege rather than from legacy helps ensure users receive only the access required for their job functions,” he says. “It’s important to challenge ‘it’s always been done this way’ where appropriate.”

Get your non-human identity inventory in order. Build a full inventory of non-human identities and include who is responsible for each identity, and what each one is authorized to do. Do this before any more agents are operating.

“This is as much a governance challenge as a technology one,” he notes.

Treat MFA as a starting point, not a destination. The identity roadmap needs to include phishing-resistant alternatives to SMS or push-based MFA. Least privilege, micro-segmentation, and continuous monitoring are part of the playbook.

“Assume credentials may be compromised and architect accordingly,” Adams advises.

AI and the shifting security balance

Identity systems have long been targets for attack. But as identity becomes the primary control plane, the risk becomes more concentrated and requires a different approach.

“I’d encourage every CISO to think deeply about the intersection of identity and AI,” says Adams, adding that systems need to be redesigned around the principle of intent instead of actual behavior to ensure agents operate within appropriate boundaries.

“That requires behavioral monitoring and real-time access evaluation — capabilities many organizations are still building toward,” he notes. “That’s the work ahead.”

Wilcox is ultimately optimistic that AI offers security practitioners more tools to combat malicious actors. If CISOs can get this right, it’s a way to level the playing field with the attackers in a way not previously available.

“We’ve had this asymmetric playing field where they’ve had the advantage for as long as I can remember. Now we can use AI both strategically and tactically to improve our defenses,” he says.

Agentic AI is rewriting the identity security playbook in real-time, and your peers are already adapting. Hear Dustin Wilcox, Michael Adams, Renee Guttmann, and other leading CISOs share what’s actually working at the CSO Cybersecurity Awards & Conference, May 11–13. Secure your seat before it fills up.

Enterprise AI initiatives are producing uneven results as organizations struggle to convert widespread experimentation into focused, repeatable business outcomes. This was the throughline during the CIO 100 Leadership Live Los Angeles conference on April 16, at the Torrance Marriott Redondo Beach.

A consensus emerged around key constraints limiting enterprise AI’s contribution to transformation objectives. Among them are misalignment between AI initiatives and operating models, fragmentation and confusion around business ownership, the need for dynamic data governance, and, perhaps most importantly, the need for a corporate culture that allows the human element to keep pace with the rate of change in today’s agentic economy.

Leadership moments define transformational outcomes

Keynote speaker and serial entrepreneur Chris Dyer kicked off the conference with a key insight about IT leadership today: Execution is shaped by how leaders act in those few defining moments when priorities, risk tolerance, and accountability are tested.

“You’ll remember less than 1% of this year,” he said. “But that fraction will define how your team sees you, whether your best people stay, and whether your biggest initiatives gain traction or quietly stall.”

Leadership consistency establishes the conditions for adoption and trust, but teams absorb most about a leader in moments of difficulty and crisis, he said, explaining that rapidly changing business conditions often result in competing initiatives and shifting priorities that can weaken execution discipline and dilute operational impact.

Scaling AI requires enterprise-wide structural change

The conversation on culture continued during a session that featured three executives from PwC US: Danielle Phaneuf, Alok Mirchandani, and Roshini Rajan.

According to Mirchandani, most AI efforts remain confined to isolated use cases that do not scale into coordinated execution. “The struggle is not the technology,” he said. “It’s how you move off that use case mentality and actually drive scale and adoption.”

When implemented successfully, AI systems cut across workflows, requiring coordination between business context, data, and execution. That coordination does not sit within a single discipline. It requires individuals who understand the end-to-end process and can direct how AI is applied within it.

Moreover, depth in a single domain is no longer sufficient when outcomes depend on how multiple systems and processes interact. Because of this, broader roles are beginning to emerge to connect those elements in real-time, particularly as AI moves into production where decisions and actions must align across the organization.

“The nature of work is fundamentally changing,” said Phaneuf. “It’s not about mastering a single discipline anymore. It’s about understanding the big picture and orchestrating the right outcomes.” Hiring models, training approaches, and team structures are adjusting to reflect that shift.

To that end, performance measurement is aligning with output rather than activity. “It’s no longer about effort,” Roshini said. “It’s about the velocity and throughput you’re driving.”

The evolving economics of AI PCs

Enterprise AI deployment is forcing IT leaders to rethink where workloads reside. The discussion largely centers on cloud versus on-prem, with security concerns around intellectual property, data, and personal information driving renewed interest in private environments.

Device manufacturers are positioning the edge as a third option, introducing new performance and cost dynamics. Charles Thomas, HP’s North American AI channel business manager, discussed the edge versus cloud decision in those terms.

The underlying math is not difficult to follow, he said. Organizations that route every AI task through centralized on-prem or cloud infrastructure face compounding costs as adoption scales.

Local processing, enabled by neural processing units (NPUs), offloads a meaningful share of those workloads before they hit the network. Unlike a CPU, which handles general computing tasks, or a GPU, which excels at graphics and parallel processing, NPUs are purpose-built to accelerate AI and machine learning operations, Thomas said.

The performance baseline for edge AI processing is moving faster than most enterprise procurement cycles can track. Today, NPUs are effectively the market floor, with current commercial devices reaching platform-level AI throughput as high as 180 trillions of operations per second (TOPS) when dedicated NPU and integrated graphics acceleration are combined. As a result, the raw compute argument for moving workloads to the device is no longer speculative.

Transformation requires business ownership and customer proximity

Transformation outcomes reflect how well organizations align ownership, process design, and execution across business functions. When technology exposes gaps in coordination, it may say more about leadership, vision, and execution than it does about how well new and legacy technologies coexist.

Session moderator James Rinaldi, executive director at UCLA and former CIO at NASA’s Jet Propulsion Laboratory, framed the challenge in terms of scale and complexity, noting that transformation efforts, by definition, span multiple functions with competing priorities and shared dependencies.

His panelists agreed.

“These are not IT projects. They’re business projects with people,” said Keith Golden, former CIO at RGP. “You’ve got to bring the business into these conversations every step of the way.”

Systems behave according to the decisions organizations make about workflows and priorities. Anthony Moses, former CIO and global chief strategy and innovation officer at Yamaha Motor Finance, emphasized the executive responsibility that comes with implementation.

“Everything is like a blank Excel sheet when you buy a platform,” he said. “In reality, you own what the system will do.”

Purchasing a platform is about acquiring potential rather than capability. Translating one into the other requires people who understand the technology and the operational context it is meant to serve. It is the organizational equivalent of a craftsperson who knows not just how to use a tool but how to use it to accomplish a future desired state.

That distinction matters because the vision an IT leader brings to deployment rarely arrives intact at the employee level. A solution shaped around a specific outcome only delivers that outcome if the workforce it is designed to serve understands the intent, internalizes the logic, and has the capacity to work within it effectively.

AI value emerges in targeted use cases

The question of where AI is delivering on its promise moved from structural to operational during a panel focused on the business case for AI. The session drew on perspectives from three practitioners navigating that question in real-time: Bhupesh Arora, now at South Jersey Industries; Lucy Avetisyan, CIO at UCLA; and Feroz Merchhiya, CIO and CISO for the City of Santa Monica.

Their collective assessment reflected the broader tension of how to ensure AI is producing results in well-defined contexts, while organizations struggle to see across their own initiatives clearly enough to scale what is working.

“We have everything from pilots to production,” said Arora. “Some have a true business case.”

Customer service operations, as an example, are producing tangible results, with automation reducing call volumes and improving response times during peak demand while limiting the need for additional hiring. “There’s a hard dollar value to it,” he said.

Arora also pointed to a more ambitious application within the company’s wholesale natural gas trading operation, where manual Excel-based workflows currently support buying, selling, and scheduling decisions across roughly $70 million in annual business activity. The objective, he said, is to automate that process end to end, from generating trading suggestions to executing trade scheduling.

“It’s real business automation with AI,” he said, moving the technology from back-office efficiency to core revenue-generating operations, where the potential returns are considerably higher.

Merchhiya agreed that efficiency alone should not define a sound AI business case. “Not every business case is about cost saving,” he said. “Not every business case is about bottom-line delivery. Each one has its own unique lens that you have to apply.”

It’s an important perspective for a city government navigating fiscal pressure while managing everything from public safety infrastructure to transportation networks.

For Avetisyan, AI adoption at an institution like UCLA requires thinking well beyond functional improvement. Workforce readiness, student preparation, governance, and ethical use all carry their own accountability structures and timelines for measuring return.

“If we’re going to just take and put AI on existing processes, existing work, that’s the worst thing we could do,” she said. Instead, business processes must be rethought to make the most of AI.

AI adoption constrained by trust in data

The relation of AI performance to the quality and reliability of the underlying data was the central theme of a panel that brought together Ilker Taskaya, field CTO at Perforce Software; Marivi Stuchinsky, VP of software engineering at Experian; and Chris Fodera, senior IT director at Qualcomm.

Their collective experience across financial services, semiconductor manufacturing, and enterprise data protection illustrated how differently the data problem presents itself depending on context.

“Without it, you’re just guessing,” Fodera said.

The observation carries particular weight given his background managing data across Qualcomm’s automotive and industrial IoT divisions. In his first two years supporting the automotive unit alone, the volume of sensor data exceeded everything Qualcomm had accumulated in the company’s prior 38 years.

The challenge, though, is to understand which data to trust in which context. Qualcomm’s autonomous driving models trained on San Diego road data perform reliably in Los Angeles. They do not perform reliably in India, where road infrastructure differs fundamentally.

“If you dirty down your model with data that doesn’t belong in it, it’s going to key off things you don’t want it to,” Fodera said.

Stuchinsky described Experian’s approach as drawing a deliberate boundary between consumer-facing data, which does not flow into AI pipelines, and internal operational data, which does. Rather than cleaning petabytes of legacy data before deployment, her team uses a vectorized database architecture that validates data as it is needed.

“This way, when AI points to it, it’s already clean,” she said.

Taskaya contextualized the broader stakes from the vendor side. AI has expanded the attack surface and raised the cost of exposure, while inverting the relative value of data and the applications sitting on top of it. As software commoditizes, data becomes the differentiating asset. As a result, protecting and governing data moves from being a compliance function to a source of competitive differentiation.

Investment shifts toward focused AI applications

A venture capital panel moderated by Julie Bort, editor at TechCrunch, brought a market-level perspective to the day’s recurring question about where AI is delivering value. The panel featured Chiraag Deora, principal at Greycroft; Maddi Holman, co-founder and general partner at Daring Ventures; Rob Smith, partner at M13; and Kesar Varma, partner at Upfront.

The session started with a provocative, even skeptical, opening question from Bort, who challenged the panel by characterizing LLMs as “the worst intern I’ve ever hired” and questioning whether AI would ever deliver on the transformational promises Silicon Valley has attached to it.

“AI is not making things better, yet,” Smith said. “At this point it’s about making them faster and more efficient.”

VC investment today, all agreed, is concentrating around defined use cases where outcomes can be measured and scaled. Healthcare revenue cycle management, data security, pharma sales compliance, and government services automation drew attention as areas where structured workflows and clear performance metrics are allowing AI to find traction.

Still, durable competitive advantage requires either owning proprietary data or controlling distribution, Holman said.

“You can’t just be displaying data for someone that could have it themselves,” she said. Smaller, purpose-built models drew consensus as the more defensible next wave, particularly in regulated industries where hallucination risk carries real consequences and institutional knowledge that walks out the door with departing employees can now be encoded and retained.

On risk posture, Smith’s advice reframed how CIOs might approach vendor evaluation.

“Invest in the people building the software, not the software itself,” he said. “The software will become obsolete in 18 months. If you back the right team with the right vision, they will continuously adapt.”

For CIOs, the panel’s experience translates into three posture shifts. On risk assessment, start with the team, not the technology, and ask founders directly about runway and five-year vision.

When it comes to vendor selection they recommended mapping procurement requirements before a pilot begins so both sides understand what a path to contract looks like. On roadmap planning, treat early-stage engagement as a design partnership rather than a vendor evaluation.

In the final analysis, they all agreed, the risk of inaction, is no longer smaller than the risk of engagement.

Google didn’t so much announce products at Cloud Next ’26 as it tried to reframe the real bottleneck to scaling AI as the architecture that CIOs have been building while trying to piece it together.

For years, enterprises have treated AI like a kit, with models, infrastructure, and data spread across different vendors and heterogenous environments, an approach that worked well enough in pilot mode, but has proven harder to scale into something dependable.

That, at least, is the problem that Google Cloud CEO Thomas Kurian chose to name, and own, on stage. “You have moved beyond the pilot. The experimental phase is behind us,” he said, before posing the more uncomfortable question for CIOs: “How do you move AI into production across your entire enterprise?”

His answer: “A unified stack.”

What that “unified stack” amounts to in practice, though, is Google stitching together layers it has historically sold and marketed separately into an architecture that represents a single operating fabric for enterprise AI.  

Kurian cast it as the “connective tissue” binding what are typically siloed layers, such as custom silicon, models, data, applications, and security, into a single, coordinated system. That translates into workload-specific TPUs to run and scale AI, Gemini Enterprise and the Gemini Enterprise Agent Platform to build and embed agents into business workflows, the Agentic Data Cloud to ground them in enterprise context, and a parallel push to secure both agents and the infrastructure they run on.

A turnkey answer to integration fatigue?

It’s a neat and a timely argument for enterprises, said independent consultant David Linthicum, especially for those that are frustrated with stalled pilots as a result of fragmented AI stacks,.

In addition, noted Ashish Chaturvedi, leader of executive research at HFS Research, most CIOs are drowning in integration tax, which compounds the costs of scaling an AI initiative. “The average enterprise has spent the last two years stitching together models from one vendor, orchestration from another, data pipelines from a third, and governance as an afterthought,”  Chaturvedi said. “Google, in contrast, is pitching a turnkey solution.”

That turnkey solution, said Shelly DeMotte Kramer, principal analyst at Kramer & Company, could be attractive on a number of fronts if CIOs are building on Google Cloud. It could reduce integration risk, offer faster pilot-to-production trajectories, and democratize AI across the organization and beyond IT via the Workspace Studio no-code agent builder. 

Concerns around execution and clarity

However, Kramer is not confident about Google’s execution of its unified stack vision. “Google Cloud has consistently come in in third place in terms of enterprise cloud share, with what could, in all candor, be called thinner organizational muscle for large-scale professional services engagements than what you might expect from AWS and Microsoft,” he said.

HyperFRAME Research’s leader of the AI stack Stephanie Walter, also has doubts. She questioned the clarity of the offerings that Google is packaging and marketing as part of that vision.

“While the pitch will resonate with enterprises tired of stitching together products to scale AI, it lacks clarity,” she said. “Google announced a lot at once, and the way the AI product portfolio fits together is still somewhat unclear, so CIOs will like the ambition while still asking for a cleaner map of where Gemini Enterprise, the Agent Platform, the Application, and the data layer begin and end.”

Converging vendor visions add complexity

That ambiguity, analysts say, will be further deepened for CIOs as they try to evaluate Google’s pitch against converging visions from rivals AWS and Microsoft, who, since last year, have been promoting their own visions of moving AI pilots into production.

While the convergence in vendor pitches will simplify choices at a high level, it will add complexity in practice because the control planes, pricing, ecosystem depth, and interoperability across offerings vary meaningfully, Linthicum said.

“CIOs still have to map those differences to their existing estate, talent base, and governance model. Similar narratives do not mean equivalent operating realities,” he added.

That, according to Walter, risks leaving CIOs comparing architectures that sound strikingly alike on paper, even as their underlying trade-offs remain difficult to parse at an operational level.

The convergence in vendor pitches could also backfire on Google, Chaturvedi noted. “The more similar the top-line narratives become, the more the decision swings on non-technical factors such as existing relationships, migration costs, and trust,” he said.

If anything, that dynamic may push enterprises toward a more pragmatic split. Paul Chada, co-founder of agentic AI startup Doozer AI, expects CIOs to end up standardizing on two distinct layers when scaling AI: a primary agent control plane aligned with where enterprise applications and user workflows reside, and a separate data reasoning layer anchored in governed data environments.

“The dream of a single vendor owning both likely won’t survive procurement,” he said.

“Unified” could still mean complex pricing

Further, analysts pointed out that Google’s unified stack pitch could introduce concerns for CIOs that go beyond architectural clarity.

For example, Linthicum noted that bundling infrastructure, models, data services, and agents into a single narrative doesn’t necessarily simplify costs, rather it makes pricing harder to predict and optimize,.

“A unified product story can still produce a highly fragmented bill. CIOs should expect more pricing complexity,” he said.

And Mike Leone, principal analyst at Moor Insights and Strategy, added that the problem of pricing complexity around AI offerings, doesn’t change with CIOs switching vendors. “Every hyperscaler is walking in the same direction,” he said.

That, said Dion Hinchcliffe, lead of the CIO practice at The Futurum Group, leaves CIOs with fewer levers to simplify costs at the vendor level and more responsibility to manage them internally. To that extent, he added that enterprises will need to lean more heavily on FinOps disciplines to regain control over increasingly complex and opaque AI spending.

Different strengths

There is, however, a more nuanced upside for CIOs willing to look past the unified vision pitch.

Kramer, for one, pointed to Google’s control over its own AI silicon as a potential differentiator. “That makes the comparatively better performance-per-dollar pitch for AI workloads at the infra level somewhat defensible,” he said.

At the same time, the analysts agreed, the competitive field, at least for CIOs, is far from settled.

“Microsoft looks best positioned on enterprise distribution and workflow adjacency. AWS is strongest on operational breadth, developer familiarity, and cloud maturity. Google is strongest where AI infrastructure, analytics, and model-platform integration matter most,” Linthicum said.

CIOs, in turn, should align  vendor strengths with enterprise priorities, whether that’s driving user adoption, scaling operations, or deepening AI and data platform capabilities, he added.

Hosted by CIO.com and CSOonline.com, the event brings together CIOs, CTOs, CSOs and industry experts for a focused, interactive peer-led programme designed for tech leaders to deliberate on one central question: how do organisations move from digital ambition to real, scalable outcomes? With a focus on secure, modern, intelligent, the inaugural CIO100 Leadership Live Singapore conference is a critical gathering point for senior IT leaders navigating this shift, offering not just perspectives, but practical insight into what it takes to lead in today’s environment.

Enterprise technology leaders are facing a defining moment.

AI investment is accelerating, expectations from the board are rising and the pressure to translate innovation into measurable business value has never been greater.

According to CIO.com research, 71% of IT leaders plan to increase investment in AI-enabled technologies, while half already have AI in production in at least one business unit. At the same time, organisations are discovering that scaling AI, securely, effectively, and at enterprise level is far more complex than launching pilots.

Moving beyond AI hype

While AI continues to dominate boardroom agendas, many organisations are encountering a familiar challenge: moving from experimentation to execution.

CIO.com’s latest State of the CIO research highlights just how central AI has become — with 75% of CIOs expecting to deepen their involvement in AI initiatives, and IT teams leading adoption efforts across the enterprise.

But with this momentum comes a growing reality: success is not guaranteed. Research shows a clear divide between organisations that are realising returns on AI and those that are not, often due to gaps in governance, data readiness, and operating models.

CIO Leadership Live Singapore is designed to address this gap head-on, through sessions such as “From AI Strategy to Business Impact: What Leading CIOs Are Doing Differently,” the event will explore how forward-thinking organisations are aligning AI investments with business priorities, governance frameworks, and measurable ROI.

Closing the gap between pilots and production

A recurring issue for many organisations is what leaders often describe as the “production gap,” the difficulty of turning promising ideas into scalable, enterprise-grade solutions.

While AI adoption is growing, only a small proportion of organisations have implemented AI at a true enterprise scale, highlighting the challenge of moving beyond isolated use cases.

At CIO Leadership Live Singapore, this challenge is addressed through sessions focused on execution. Industry leaders will examine what it takes to scale AI successfully, including modernising infrastructure, aligning data strategies and embedding automation across workflows

Scaling the autonomous enterprise

As organisations mature in their AI journey, the conversation is shifting beyond individual use cases toward AI-native operations and autonomous systems.

CIO.com research shows that 58% of IT leaders believe AI will fundamentally transform how their business operates, while emerging technologies are already driving new levels of automation and decision-making.

At the ”Scaling the Autonomous Enterprise” panel, CIO100 award-winning leaders come together to share how they are designing organisations around these capabilities, embedding AI into workflows, decision-making, and customer engagement.

However, these advancements comes with new responsibilities. Leaders must balance innovation with governance, ensuring that AI systems are trusted, secure, and aligned with business objectives.

Modernisation remains mission-critical

While AI dominates the agenda, one message is clear: modernisation is the foundation of everything.CIO.com research data shows that organisations are heavily investing in foundational capabilities such as data management, infrastructure, and skills development to support AI at scale.

CIO Leadership Live Singapore sessions will explore how CIOs are tackling the complex challenge of modernising legacy environments while maintaining operational stability.This includes managing technical debt, transitioning to cloud-native architectures, leveraging automation to improve agility

Cyber resilience moves to the forefront

As digital ecosystems expand, so too does the risk landscape.CIO.com research highlights that security concerns remain the number one barrier to adopting innovative technologies, even as organisations accelerate innovation.

This is driving a shift toward cyber resilience focusing not just on prevention, but on the ability to respond, recover, and continue operating.

Sessions at the event will explore how CIOs and CISOs are embedding resilience into their strategies, and how they are communicating cyber risk at the board level.

The Strategic CIO

Underlying all these trends is a fundamental shift in the role of the CIO. Today, 50% of CIOs identify as business leaders, actively shaping strategy and driving organisational outcomes. At the same time, 82% say their role is becoming more focused on digital innovation. This evolution is at the heart of CIO Leadership Live Singapore.

This event is not just about technology; it is about leadership, decision-making, and the ability to navigate complexity in a rapidly changing environment.

CIO Leadership Live Singapore offers a unique opportunity to:

• Learn from peers who are delivering results at scale
• Gain practical insights into AI, modernisation, and resilience
• And engage in meaningful conversations with leaders facing the same challenges

For further information: https://event.foundryco.com/cio-leadership-live-singapore/