AI forces CTOs to rethink vendor contracts as cybersecurity shifts to agentic defense

Amid the 'SaaSpocalypse,' CIOs and CTOs take a harder line with their vendors | Fortune

Allegra Driscoll, the chief technology officer of Bread Financial, has a few ground rules when engaging with software vendors about generative AI capabilities. No agreements beyond one year, given the rapid pace of change. There will be times when she'll double-spend on two vendors with similar capabilities if the use case is a priority and Driscoll wants to see who is more likely to deliver. And the core focus of her conversations with vendors is also evolving. In 2023, at the start of the generative AI boom, Driscoll would discuss a software provider's AI roadmap, key milestones, and what an investment would look like for the provider of private-label and co-branded credit cards. But now, there's far more focus around how platforms are designed, talks Driscoll describes as almost philosophical. "The conversations are going a lot deeper into the architecture of the third-party solutions, where in the past, I've been more focused on the capacity, security, and data privacy," says Driscoll. Nice's chief information officer, Hadas Reisbaum, says she plans to leave her core systems in place for software that's deeply embedded in the customer relations management software provider's infrastructure. But she would like to see vendors evolve their pricing models and move away from the per-seat fee structure that's most prevalent across the software-as-a-service industry. "I think the clock is ticking," says Reisbaum, who anticipates that bigger pricing structure changes could occur within the next two to three quarters. "It will become more outcome-based," she added, meaning organizations like Nice will pay for service based on measurable results. Time is not on the side of major SaaS providers including Salesforce, SAP, Workday, and ServiceNow, whose shares have all tumbled by 30% or more since the beginning of 2026 -- far underperforming the Dow Jones Industrial Average's drop of nearly 4% -- a market downturn that's been called the "SaaSpocalypse." The thinking is that tools from AI startups like OpenAI and Anthropic can replicate SaaS products, which would eliminate the need for these more siloed tools. The proliferation of agentic AI adds another layer of pressure to the SaaS providers and their per-user fee structure. "In the future, you have these AI agents that are crawling through the environment, where the AI agents are often doing tasks that are independent of the human being," says Arun Chandrasekaran, an analyst at technology research firm Gartner. "And if they're doing that, it does not make a lot of sense to tie the licenses to a human that's doing the task." Even the buzzy, smaller AI startups may not be spared. Bread Financial works with upstarts like legal AI firm Harvey and AI content platform Jasper. But Driscoll says she could replace those vendor offerings as Bread Financial continues to develop its own agentic AI platform. Charles Guillemet, CTO of cybersecurity firm Ledger, says that it could be theoretically possible to rebuild the business software Workday does, but it would require far more effort than it's worth. "If another company disrupts them with AI, we might consider moving away," says Guillemet, especially if the alternative is cheaper and offers a stronger performance. "But for now, there's no reason to move." He sees two paths forward: the first is that the large language model makers, like OpenAI and Anthropic, are able to pour so many resources into developing their product offerings that compete with SaaS that it becomes nearly impossible for anyone else to compete. But the second, which Guillemet favors, is that the technology advancements from AI hyperscalers will plateau and that competition will shift toward optimizing the cost of delivering software. Intuit CTO Alex Balazs says his conversations with vendors have changed in a similar manner to how Intuit, a SaaS provider through its business software platforms like TurboTax, has evolved its own questions about AI. "In the early days of this boom, it was like, 'Okay, we're going to create this agent, and then Salesforce creates this agent, and Workday creates an agent, and then our agents will talk to each other,'" says Balazs. But the reality, according to Balazs, is that enterprises are discovering it is quite hard to get these unique SaaS-created agents to work together. He advocates for a more collaborative approach. "We want to make them expose their tools and skills, which for lack of a better word, is a new way of saying their API," says Balazs. "It's basically an AI API." Sagnik Nandy, the CTO at electronic-signature company DocuSign, says he fields countless pitches from vendors but says his priorities are "dollar, people, time," in that order. First, Nandy wants to know the upfront costs to sign a contract. From there, he asks questions about how many IT professionals are needed to implement a solution (vendors always provide a low estimate, Nandy says) and then seeks to understand how much time is needed before value can be unlocked and measured. Nandy says he's especially wary of vendor pitches that may generate value for his team, but where shifts in processes could create more work elsewhere. "A common pattern I sometimes see is that the CTO might get value, but the CIO's work goes up," says Nandy. "I don't go for those kinds of pitches." John Kell Send thoughts or suggestions to CIO Intelligence here. NEWS PACKETS Anthropic debuts "Project Glasswing." Anthropic on Tuesday announced it is giving large technology and cybersecurity companies a preview version of Claude Mythos, its unreleased and most advanced model, through an initiative called "Project Glasswing." It will allow companies including Amazon, CrowdStrike, Google, Apple, Microsoft, and Nvidia to use the preview version for defensive security work and then share those learnings with the broader industry. And while Anthropic says it doesn't plan to make Mythos Preview generally available, Fortune reports it does eventually want to launch Mythos-class models at scale when new safeguards are in place. Anthropic leaks its code; Mercor stung by data breach. Last week, Fortune and others reported that Anthropic accidentally leaked the source code for Claude Code, publicly exposing around 500,000 lines of code across 1,900 files. Anthropic said the release was caused by human error, not a security breach, and that no sensitive customer data or credentials were involved or exposed. But at Mercor, an AI startup whose customers include Anthropic and OpenAI, a security data breach was confirmed and may have exposed sensitive customer data. Mercor says it was "one of thousands of companies" affected by a supply-chain attack, which has been linked to the hacking group called TeamPCP. One of Mercor's customers, Meta, has responded by pausing work with the three-year-old startup. OpenAI, Anthropic separately announce acquisitions. As Anthropic and OpenAI gear up for likely debuts on the public markets later this year, each have recently inked a bolt-on acquisition over the past week. OpenAI has scooped up TBPN. The transaction value wasn't disclosed, though the Wall Street Journal reports that the online talk show is profitable and generated around $5 million in revenue from advertising in 2025 and is on track to make more than $30 million in revenue this year. Anthropic, meanwhile, paid $400 million to buy biotech AI startup Coefficient Bio, according to the Information, aligning with the larger company's increased focus to expand its life sciences offerings. Coefficient Bio was only launched eight months ago and its team of around 10 are expected to join Anthropic. IT's jobs market is looking dour amid threat from AI. All signs point to a challenging labor market for the technology industry, including a report last week from outplacement firm Challenger, Gray & Christmas, which said that technology sector job cuts were up more than 24% in March from the prior-year period. The industry cut more than 52,000 jobs in the first quarter of 2026. CompTIA, meanwhile, reviewed data from the U.S. Bureau of Labor Statistics and found that unemployment among technology professionals rose to 3.9% in March, up from 3.1% a year ago. The New York Times reporting on the topic cited research from Boston Consulting Group estimates that more than half of the jobs in the U.S. will be reshaped by AI over the next two to three years. The fast-growing startup with just two employees, thanks to AI. Amid the broader industry concerns about the impact of AI on jobs, the Times published a feature focused on the telehealth startup Medvi, which produced $401 million in sales during its first full year of business in 2025 and is on track to grow its top line to $1.8 billion this year -- all with only two employees. Founder Matthew Gallagher has only hired his brother to work at Medvi, using AI for customer service, to build the company website, and to create media for its ads. It hasn't always been smooth and Gallagher acknowledges that Medvi isn't an AI startup. But, "I did it with AI," he told the Times. ADOPTION CURVE As AI emerges as a cyber threat, budgets aren't keeping pace. Half of senior security leaders say that at least one quarter of the cybersecurity incidents they experienced in the past year were enabled by AI, and yet, a majority (85%) who use AI in cybersecurity say their budget is not sufficient to meet those rising AI-enabled threats. Almost all (96%) of the 500 senior corporate security leaders surveyed by consulting firm EY say that AI-enabled cybersecurity attacks are a "significant" threat to their organization. As organizations navigate these threats, they must contend with three key trends, according to Ganesh Devarajan, a cyber risk practice leader for EY Americas. He contends that cybersecurity leaders need to first acknowledge that as they place a bigger bet on agentic AI, the threat landscape has increased dramatically, while also acknowledging that defense systems offered by CrowdStrike, Palo Alto Networks, and other cyber firms tend to focus on their own ecosystems. And lastly, as agentic AI matures, there's still a large trust gap in cybersecurity governance. Only 20% of companies have embedded those frameworks into their organizational culture, the EY study reports. "In order for AI adoption to go up, we need to have trust," says Devarajan. "The trust is going to be cybersecurity, plus explainability or traceability of what's inside it, and then the governance and ethics that need to go with it." Courtesy of EY JOBS RADAR Hiring: - Route 92 Medical is seeking a director of IT, based in San Mateo, California. Posted salary range: $235K-$255K/year. - Vita Coco is seeking a VP of technology, based in New York. Posted salary range: $200K-$250K/year. - Kern Energy is seeking an IT director, based in Bakersfield, California. Posted salary range: $188.7K-$213.8K/year. Hired: - Home Depot has appointed Franziska "Fran" Bell to serve as CTO, effective April 6, to lead technology, product management, data, and AI. Before joining the home improvement retailer, Bell served as chief data, AI, and analytics officer for automaker Ford. Prior to that, she served as SVP of digital technology at BP and held executive roles at Uber and Toyota. - Workday promoted Gabe Monroy to the role of CTO, just seven months after he initially joined the business software company in August 2025 as a senior vice president. Previously, Monroy served as a VP at Google, chief product officer at DigitalOcean, and a VP at Microsoft. - Dycom Industries named Regina Salazar as chief information and digital officer, effective April 6, to lead enterprise technology strategy for the provider of contracting services for the telecommunications and utility industries. Most recently, Salazar was chief digital and information officer at aluminum products maker Novelis. She also previously served as CIO of Whirlpool's North America region. - V2X named Mike Uster as CIO, effective immediately, to oversee the defense contractor's IT strategy, enterprise systems, and digital transformation initiatives, with a focus on strengthening cybersecurity, and advancing AI capabilities. Most recently, Uster served as CIO, CTO, and SVP at defense firm ManTech. He also previously worked at Northrop Grumman, Lockheed Martin Skunk Works, and Rand Corporation. - Verkada announced the appointment of Chris Stori as CIO, overseeing corporate IT strategy and business systems. Stori joins the security systems company from manufacturing startup Bright Machines, where he served as CEO. Before that, he spent 11 years at Cisco Systems, including as SVP and general manager of networking experiences. Stori also previously worked as a consultant at McKinsey. - Crawford & Company appointed Jemin Thakkar as global CIO, reporting to the claims management company's president and CEO, Bruce Swain. Previously, Thakkar served as chief information security officer at Crawford, a role he held since 2022. Prior to that, Thakkar was an executive director at Cox Communications and a group director at Coca-Cola. - UserTesting named Neal Gottsacker as CTO, where he will lead the software company's global research and development organization. Gottsacker joins UserTesting after three years of software consulting. Previously, he held senior technology roles at workflow automation software provider Nintex and as a VP at HP. - ExtensisHR appointed Alan Missen as CIO. He joins the outsourcing company after most recently serving as CIO at healthcare software company PointClickCare. Missen also previously served as CIO at ELM Home & Building and FirstService Residential. He also previously worked at consulting giant PwC.

Palo Alto Networks CTO Lee Klarich: 'Still Optimistic' AI Will Help Defenders More Than Attackers

Even with the surge in automated cyberattacks, cyber defense teams still have a chance to gain the upper hand using AI and agentic, Klarich tells CRN. Palo Alto Networks is increasingly driving improved security outcomes with the utilization of AI such as through accelerated cyber remediation -- providing a strong indication that a more-automated approach can in fact give defenders the bigger AI advantage over threat actors, according to Palo Alto Networks CTO Lee Klarich. In an interview with CRN, Klarich, who also serves as chief product officer at the cybersecurity giant, said that security operations offerings such as the company's AI-powered Cortex XSIAM are "starting to see mean-time-to-remediation go from days to single-digit minutes." [Related: Channel Has 'Huge' Role In Securing AI Agent Revolution: Top Execs At RSAC 2026] It's just one example illustrating why, even with the surge in automated cyberattacks, cyber defense teams still have a chance to gain the upper hand using AI and agentic, he said. When it comes to AI-powered attacks, "the first wave of this is not feeling great, because the number of attacks is increasing, the speed of attacks is increasing," Klarich said during an interview at the RSAC 2026 conference in San Francisco. On the defender side, the clear answer is that "we need to start shifting from these workflows that were very human-centric, toward machine- and agentic-centric workflows," he said. "We've already proven this out in a number of places. We proved this out with XSIAM." Without a doubt, the dramatic reduction in mean-time-to-remediation that XSIAM has enabled is thanks to increased leveraging of AI, he said. "So how do we then apply that same logic to cloud security, to network security, to secure access, to the browser? And identity of course. That is the opportunity for defenders," Klarich said. Ultimately, "if we get that right, I do believe that [AI] can benefit defenders more than it benefits attackers. That's the area, in some ways, that I'm most hopeful for," he said. "But it will play out over the next few years." During the interview with CRN, Klarich also discussed the connection between platformization and secure usage of AI, how Palo Alto Networks' $25 billion acquisition of CyberArk is helping to enable agentic adoption and the major opportunity for partners to become "trusted security architects" for their customers in the AI era. What follows is more of CRN's interview with Klarich. How is security shifting in response to the fact that organizations are now grappling with agentic, whereas a year ago it was mainly about more basic forms of LLMs? I think [right now] everyone is talking about what's coming, as if it's already here. The reality, at least as I see it, is that the real here-and-now in production is what we were talking about last year -- which is adding AI to applications and the risk that brings. Where do your models come from? And are they safe, secure, etc.? What does that full supply chain look like? The posture of the application, the AI red teaming to test it, the prompt injection attack to protect it -- those types of things. A year ago, that's what we were talking about. And now, that is what everyone is dealing with in production. At the same time, everyone's thinking about, "Where am I going to be in production in six, nine, 12 months from now?" And everyone's [thinking that] all this AI stuff is going to become a lot more autonomous. It's going to start looking like agents. And as it looks like agents, what does that then mean? Obviously some bleeding edge organizations are already there. But for a lot of people, they're running pilots, they're doing testing, they're doing all this kind of stuff to get ready for production. [With] Prisma AIRS 3.0, a lot of the enhancements to it are oriented toward AI becoming more agentic in nature. So you saw us add to model scanning and the ability to look at other aspects of the supply chain. You saw us talk about additional protection mechanisms which are oriented toward agentic attacks, which are different than traditional AI applications. And we're also expanding the posture capabilities to assess the posture of these agentic platforms. And then we pre-announced the agentic gateway, which will allow us to actually sit in the flow of agent-to- agent communication and secure that traffic. Because there, the key is not only do we have to be able to control that traffic -- we also have to be able to inspect it, secure it and inject identity into it using the CyberArk agentic identity. But the gateway becomes the place to inject that and enforce that. In terms of what you're hearing from CISOs, are you hearing greater concern about agentic than with the LLMs we've had up until this point? I would describe the concerns I hear from CISOs as, the promise and benefits of AI in general are so great that the business can't say no. And so the concerns from CISOs are, how am I going to be able to say yes and stay secure? If you think about past cycles -- after the first SaaS application went online, how long was it before SaaS applications were mainstream in the enterprise? It took a while. It was many, many years. Think about cloud adoption -- when was the first time you heard about the cloud versus when it was mainstream in the enterprise? It was quite a few years, actually. With AI, we've had three years to get to the point where we are now. And every enterprise is using it to some extent, in three years. I don't think that's ever happened that fast before. The reason why the driving force is there is because the promise is so high to the business. That forcing function basically says, "Thou shalt adopt -- now just tell me how secure we can be." So we're trying to be there for our customers to say, "Actually, we think you can be pretty secure." And we're going to be there as your partner, not just [by] offering you a security solution today -- but we're going to be adding to that in a very rapid fashion, and adapting as these AI architectures change. I don't know exactly how AI is going to be architected 12 months from now. So I better make sure that our solution for securing it is adaptable enough that, as we see that evolution, we will be able to quickly add that next thing. What are some of the biggest challenges you see coming for partners on these issues? In the partner context, I think the biggest challenge is architectural and deployment-oriented. I'm a product person, so it's not to say that that part is not important. But I see this huge opportunity for our partners to become the trusted security architects for the customer. Because these are complex designs. They are changing rapidly, and that creates need and opportunity. The need from the customer is to have a partner that can help them understand this. The opportunity is for partners to actually become those experts and the trusted advisor to the end customer. And that, in itself, is a business opportunity. Then in addition to that, being that trusted advisor means that as we [work] with our partners with the solution, they're not just showing up saying, "You should do something" -- they're showing up saying, "This is what you should do. And working with Palo Alto Networks, here is that solution that we can implement." So that's what I believe. It's not that dissimilar [compared to] looking at past cycles. When cloud adoption first happened, a lot of these companies went and looked and said, "Who can I go partner with, who is going to help me on this journey?" The same thing is happening again with AI. How big of a boost is CyberArk bringing to what you're doing with AI and agentic? As we go from AI as a helper, to AI with more autonomy, AI and agents talk to other AI agents and applications. And so as that happens, identity becomes incredibly important. CyberArk is very well-positioned, because they have both the human identity side and the non-human identity side. Today, a lot of agents are actually effectively delegated from a specific person. If you look at vibe coding as an example, a developer is delegating permissions to the vibe-coding solution to go do things on the developer's behalf. What we pre-announced with CyberArk is their ability to perform what's called "on behalf of" identity -- where they can understand the agent is working on behalf of a user. That allows us to understand the relationship between the user and the agent. It also allows us to perform authentication and permissioning oriented toward that agent -- importantly, to make sure that agent has to always go through proper authentication permissions. And then that will tie into our agentic gateway. So those things will work in concert. Over time, when you get to true autonomy of agents, they're going to be machines not delegated from a human. So if a machine is taking a trigger from some signal in the infrastructure -- and it's not being triggered by a person -- well, now you need non-human identity paired with agentic identity. And if you look at CyberArk, they're a leader in non-human identity. What we liked about them was they have both the human and the non-human pieces. And so, as we deliver on agentic identity, it will be plugged into, effectively, both of those infrastructures. That puts us well-suited to solve what will be one of the critical aspects of securing agentic deployments. How much more important do you believe platformization is going to become as we move forward in AI? Let me start with the aspect of how platformization will aid in AI adoption. If you're a cybersecurity team, everything else that you have to deal with [besides AI] is not going away. All your network security and SASE and cloud and SOC -- all of those things you still have to run. And now you have this new thing. So the first way the platformization helps with AI adoption is, it frees up time -- because instead of running 100 different point products for all your other things, you're running a set of platforms. Now it might be a set of platforms with some select technologies built in. I don't subscribe to this [idea that] an enterprise is going to have three vendors. But it can't be 100. So the first way is, we can dramatically reduce the strain on all of the existing security things that need to be dealt with -- hopefully then freeing up the teams to spend more time on the new, changing AI space. The second is, platformization helps with AI adoption in security. So before we talk about how to secure your AI adoption, platformization helps with adopting AI capabilities to help the security practitioners be more efficient. Because we can build things like AgentiX and AI workflows into our platforms, which then actually further help with tackling the operational burden that most organizations are dealing with. The third way is, when it comes to AI security, Prisma AIRS and our approach to platformizing AI security for our customers is super powerful. Because then, instead of [introducing] the next 20 security tools for AI -- which just perpetuates the problem of point products -- we can say, "Here's our AI security platform. Here's all the things that we can do natively, best of breed, but delivered in the form of a platform." So then you don't have to go try to figure out how you're going to stitch all these other point products together, which is just the same problem repeated over and over. What would be something you still feel uncertain about when it comes to how AI and agentic will impact cybersecurity going forward? I'm still optimistic that AI will benefit defenders more than it benefits attackers, but that is still uncertain. If you think about attackers using AI, most of what they've done so far is using it to do, roughly speaking, the same attacks, but faster or at a higher scale. So yes, they've used AI to write malware. They've used AI to find vulnerabilities in code. They've used AI to automate certain things. But we had all those problems before. Now, the first wave of this is not feeling great, because the number of attacks is increasing, the speed of attacks is increasing. So that's why I say, this is still somewhat uncertain. But then the question is, why do I think that it could benefit defenders more than attackers? Well, if you think about the biggest challenges in defending against attackers, often it's having these little, tiny gaps in your security infrastructure. The attacker found the one identity that was not configured properly, was not locked down properly. And historically, the solution for that is people reviewing configurations and data. But these environments are so complex. Think about a company with 200,000 employees spread around the world and different business units and different cloud environments and data centers and on-prem. And then you go and say, "Hey, can you make sure that all your identities are configured correctly?" It's like, "Oh my God, how am I going to do that?" And, "Oh, by the way, I need you to do that on a continuous basis." So if we imagine bringing AI to that problem and saying, "Hey, AI, I want you to analyze my identities across 200,000 employees and cloud and on-prem and this environment and that environment, and I want you to [do this] on a continuous basis" -- [the answer would be] "Sure, no problem." So we need to, No. 1, actually get our security stacks or platforms up so they're able to have AI components to them. So this gets back to how platformization can help. Second, we need to start shifting from these workflows that were very human-centric, toward machine- and agentic-centric workflows. We've already proven this out in a number of places. We proved this out with XSIAM. We're starting to see mean-time-to-remediation go from days to single-digit minutes. That is the result of automation and AI. So how do we then apply that same logic to cloud security, to network security, to secure access, to the browser? And identity of course. That is the opportunity for defenders. And if we get that right, I do believe that [AI] can benefit defenders more than it benefits attackers. That's the area, in some ways, that I'm most hopeful for. But it will play out over the next few years.