Summary
The latest column explores the messy reality of enterprise AI rollouts and unexpected cloud budget drains. We also unpack grim new research on software supply chain vulnerabilities, making an case for relentless security automation. Finally, we discuss the intense challenges of leading an independent software vendor through market instability and rapid technical changes, offering practical advice for steady executive leadership.
I enjoy looking through my notes at the end of a busy quarter to see where the market is actually moving versus where the hype machine says it should be going. We hear constant noise about massive tech revolutions, but the conversations I am having with software founders tell a much more grounded story. This week, I am flipping through my notebook to share three honest observations on AI burnout, the software security crisis, and the unique leadership challenges of guiding an independent software vendor (ISV) in an unstable world.
The great AI reality check
Every software leader I know spent the last two years under immense pressure to inject artificial intelligence into their applications. There is no doubt that large language models are incredibly useful for handling basic text summaries and accelerating developer workflows. But if you look past the vendor marketing, a massive shift is happening in the enterprise space. We are seeing major companies quietly halt or scale back their ambitious AI rollouts because the return on investment simply is not showing up.
Recent enterprise data shows that a staggering 95% of generative AI pilots are failing to deliver their expected returns. On top of that, a 2026 survey found that 48% of C-suite executives now call their AI adoption a massive disappointment. The issue boils down to eye-popping computing costs, data preparation nightmares, and persistent software bugs (in some cases, bugs that lead to AI agents creating security holes or deleting critical data by mistake). It makes you wonder if the entire industry was oversold a dream just to make a handful of infrastructure giants incredibly wealthy. As an ISV leader, you cannot afford to build features just for the sake of a buzzword. It is time to stop chasing flashy tech demos and focus entirely on whether an AI tool solves a concrete problem that your customers will actually pay to fix.
Security is a moving target
If you think your application or your internal development environment is secure enough, you are mistaken. The hard truth of modern software development is that your defense strategy is never finished. Security requires your constant attention, especially as software supply chains become more automated and interconnected. Hackers are no longer just looking for an open network port (an old-school administrative headache). They are actively targeting developer credentials, continuous integration secrets, and the open source libraries your team relies on every day.
The numbers backing this up are incredibly sobering. The 2026 Open Source Security and Risk Analysis report revealed a massive 107% growth in open source vulnerabilities per codebase, with 87% of audited codebases containing at least one known security flaw. Worse yet, application vulnerability attacks jumped 56% year over year. You have to view security as a core business differentiator, not a chore for the engineering team. Whether you are auditing your own source code, securing third-party integrations, or locking down your cloud infrastructure, you must treat security as an aggressive, ongoing investment. Your customers are demanding proof of security, not just vague promises.
Leading through the chaos
Running a software business under normal circumstances is tough, but today’s environment is downright exhausting. We are living in a highly unstable world, the US economy is visibly struggling, and the pace of technical change is fast enough to give you whiplash. Your developers are likely anxious about automated tools replacing their jobs, your sales team is fighting tighter buyer budgets, and you are stuck trying to chart a profitable course through total unpredictability.
This environment calls for a deep sense of patience and deliberate leadership. Your team does not need a frantic executive chasing every market pivot, they need a steady anchor. Focus on transparent communication about the health of your business, and give your developers the breathing room to master core skills rather than burning them out on endless technical transitions. Protect your core product margins, double down on customer retention, and take care of your people. The macroeconomic noise is outside of your control, but the culture and focus of your development shop belong entirely to you. Be the calm voice in the room, and your business will outlast the turbulence.
