Just as "unprecedented" dominated the headlines of the COVID-19 pandemic, "uncertainty" dominates that of tech trends heading into the rest of 2026 and into the next year.
Info-Tech Research Group executives are attributing some of that uncertainty to artificial intelligence hype set by big voices in the tech scene, from Mark Zuckerberg to Jensen Huang.
Rob Meikle, Executive Counsellor at Info-Tech, revealed a sneak peek at the trends that will likely dominate CIOs' to-do lists in the next year.
"The budget and infrastructure decisions you make this year will shape your tooling portfolio for the next decade," said Meikle. "IT foundations have already started to shift - how software gets built is changing, how data flows is changing, how processes executed are changing, how customers are served are changing, and all of it is being rebuilt around AI."
At Info-Tech's June LIVE conference this year, Meikle put it to the audience of IT leaders to decide which trends were top of mind. Out of 20 firm-determined trends, 1362 participants identified cybersecurity complacency (a surge in zero-day attacks), sovereign AI obligations, supply chain intelligence & automation, and humanoid robotics as the four technology trends IT leaders must act on ahead of 2027.
1. Humanoid robots
These robots may be from mainstream deployment, but according to Info-Tech, it demands preparation now. Humanoid robotics (machines designed to operate in human environments) has moved from speculative territory into active commercial development.
Tesla is manufacturing the latest generation of its Optimus robot, designed to function in both office and manufacturing settings. The company is targeting late 2026 for initial limited production of the Optimus humanoid robot for internal use in its factories.
The broader investment landscape reflects the momentum: venture capital funding in robotics rose 263 per cent year over year, according to PitchBook's 2025 Vertical Snapshot.
Meikle drew a comparison with robotic vacuum cleaners, which have reached approximately 20 per cent of North American households - a trajectory that began as a novelty and became mainstream as the technology improved and costs fell.
For IT leaders, Meikle argued that the immediate question is not whether to purchase a robot, but whether existing IT infrastructure is ready to integrate physical AI systems as they are adopted elsewhere in the business.
2. Sovereign AI pressure
Continuing with the theme of being prepared for what's possible, the second-most-trending topic addresses growing regulatory fragmentation in AI governance and data sovereignty. Meikle described a split global environment: some regions are consolidating into unified frameworks while others are fracturing into jurisdiction-by-jurisdiction requirements that vary by state, sector, and country.
The pace of change, he argued, means that waiting for regulatory certainty is itself a strategic error. "The rules will keep on shifting. Your preparation needs to move faster than they do," said Meikle.
A market shift underpins the urgency. A March 2026 report by the US-China Economic and Security Review Commission cited estimates that around 80 per cent of American AI startups using open-source stacks are building on Chinese models. Meikle noted that open-source software licences have historically been permissive and politically neutral, but that open-weight model licences carry different terms and unforeseen implications.
Italy has banned the Chinese AI model DeepSeek outright, and parts of the U.S. government have removed it from internal use.
Info-Tech urged IT leaders to assess three things: whether their hyperscaler strategy creates compliance exposure in the markets where they operate; whether their AI governance framework is adaptable enough to keep pace with regulatory change; and how dependent their organisation is on foreign AI capabilities.
3. Supply chain intelligence
Meikle said the core shift of supply chain intelligence and automation is going from reactive, human-managed logistics to AI systems that can anticipate disruptions, reroute operations, and simulate scenarios in real time.
The global supply chain has been repeatedly exposed to major world events in recent years, from pandemics to wars, and newer AI technologies are beginning to address its underlying brittleness. Recovery times that previously ran to weeks or months can now be reduced to hours.
Meikle identified two capability layers that organisations need to build on the same underlying infrastructure. The first is predictive intelligence: AI that senses disruption and adapts. The second is autonomous execution: AI that acts without human intervention.
4. Zero-day risk
Organisations are shipping AI-powered solutions faster than they can properly vet them, a pattern Meikle described as calculated risk rather than accidental negligence, but dangerous nonetheless.
The primary driver is open-source code. Organisations pull public libraries into their infrastructure because they are accessible and easy to deploy, only to lose track of where those components sit. Attackers, by contrast, use AI tools to scan the same public repositories at scale, identifying exposed components before organisations have completed their own inventories.
"If you can't locate your code, you can't patch your code. If you can't patch the code, then you are more vulnerable. That's what fundamentally drives zero days. The gap is between the code you know about and the code you forgot about," said Meikle.
In October 2024, Google's Big Sleep, an LLM-assisted framework developed as a collaboration between Google Project Zero and Google DeepMind, discovered a zero-day vulnerability in the widely used open-source SQLite database engine.
Microsoft disclosed multiple prompt injection vulnerabilities in Microsoft 365 Copilot during 2024 and 2025. These included a February 2024 flaw that allowed exfiltration of sensitive inbox data through a malicious email, patched in July 2024, and EchoLeak, a critical zero-click exploit disclosed in June 2025 that could silently steal enterprise data without any user interaction.
Info-Tech distilled the issue to three diagnostic questions: whether the organisation has open-source implementation guidelines; whether it conducts software composition analysis; and whether its security team can respond quickly once a vulnerability is confirmed. "Three 'nos' means you're shipping AI on borrowed time," Meikle added.
"Every company is an AI company now. The only choice left now is whether you will defend like one or get breached like one."