As we do every year, we’ve heard from folks around the software development industry who share their thoughts on which areas will thrive and which might not survive in 2025 and beyond. Here are some of their predictions for next year.
Derek Holt, CEO of Digital.ai
While Value Stream Management continued to lose steam in 2024, we also saw the fast emergence of Software Engineering Intelligence (SEI) to take its place. SEI will have a breakout year in 2025 as more and more businesses realize they need to measure the end-to-end business process of software development and delivery in order to drive continuous improvement, truly deliver improved developer experiences and ultimately realize the potential gains for an AI-powered Software Development and Delivery capabilities. SEI is the key to each.
Emily Nakashima, VP of engineering at Honeycomb
While the current AI hype shows no signs of slowing, so much of the focus in 2024 was on AI code authorship rather than code ownership. Businesses ultimately spend much more time owning, maintaining, and operating software than authoring it. The current generation of AI tools has shown it can be inconsistently useful in the maintenance and ownership problem space. As such, 2025 will bring heightened awareness of the downsides of owning AI-generated code and running LLMs in production — what was fast to create in development is suddenly slow, expensive, and unpredictable in production. I’ll be looking out for advances in best practices for LLM observability and expect we’ll see headline-making security incidents due to LLM-generated code.
Dylan Thomas, senior director of product engineering at OpenText Cybersecurity
In 2025, DevSecOps will continue evolving beyond the ‘shift-left’ paradigm, embracing a more mature ‘shift everywhere’ approach. This shift calls on organizations to apply the right tools at the right stages of the DevSecOps cycle, improving efficiency and effectiveness in security practices. Lightweight analysis in IDEs will help developers catch issues early, while automation integrated into pull requests and CI/CD pipelines will ensure a cohesive ‘integrate once’ approach for core functions such as SAST, SCA, and increasingly DAST, particularly for API security testing.
Jans Aasman, CEO of Franz Inc.
As digital currencies grow, the sophistication of fraud, including money laundering and phishing will require more advanced detection methods. Emerging forms of AI, such as Neuro-Symbolic AI (NSAI) will combine pattern recognition, logical reasoning, and language understanding to identify suspicious transactions across decentralized platforms. By analyzing blockchain data, smart contracts, and transaction histories, NSAI will uncover hidden patterns of fraud, interpret the intent behind transactions, and distinguish legitimate trades from illicit activities like market manipulation. The unique abilities of NSAI will be able to flag high-risk transactions while providing clear, explainable reasons for the flags, helping regulators and industry players maintain transparency and compliance.
Alex Merced, Senior Tech Evangelist, Dremio
The competition to dominate the data catalog space will become a high-stakes showdown. As hybrid and multi-cloud ecosystems grow, organizations will demand seamless interoperability, driving fierce innovation in governance, lineage, and user-defined functions (UDFs). Apache Iceberg will emerge as a key player, redefining standards for open table formats with its hybrid catalog capabilities. This race won’t just reshape data architecture—it will decide who controls the future of data portability.
Jamil Valliani, head of AI product at Atlassian
2025 will be the year of the AI agent. As agents grow richer in interactivity and start to reach across more than just text and into audio and visual elements, they will bring about a powerful cultural shift in how humans collaborate with AI. Agents are already quite good at augmenting and accelerating our work — in the next year, they will get even better at performing highly specific tasks, taking specialized actions, and integrating across products, all with humans in the loop. I’m most excited to see agents becoming exponentially more sophisticated in how they can collaborate with teams to handle complex tasks. Our relationship with them will evolve, and we’ll see new forms of collaboration and communication on teams develop.”
Lucy Beaumont, talent management solution lead at SHL
In 2025, leading companies will increasingly view their workforce as a community of skills rather than as static job roles. This perspective allows organizations to harness and deploy skills fluidly, meeting dynamic business needs while supporting employee growth. To do this, organizations will need to create skill-based ecosystems where talent can be matched with opportunities seamlessly.
Christopher Robinson, chief security architect at OpenSSF
AI will increasingly help coders, defenders, and attackers accelerate their work. By integrating AI with automated tooling and CI/CD pipelines, developers will be able to quickly identify and fix coding flaws. Defenders can leverage AI’s ability to analyze massive amounts of data and identify patterns, accelerating the work of SOC teams and other blue-team operations. Unfortunately, attackers may also use AI to craft sophisticated social engineering attacks, review public code for vulnerabilities, and employ other tactics that will complicate cybersecurity in the near future. We need to learn how to secure AI before broadly deploying it for security purposes.
Sachin Aggarwal, co-founder and CEO of StackGen
In 2024, 52% of developers who responded to Stacked Up: The IaC Maturity Report shared that they spend more than 20% of their time on Infrastructure as Code (IaC). In 2025, IaC tools will evolve to generate infrastructure from code rather than relying on developers and infrastructure teams to learn new tools and programming languages. These tools will apply security and governance requirements by default, increasing the time developers can spend on writing application code that delivers business differentiation rather than wasting time struggling to write IaC.
Roshan Kindred, chief diversity officer at PagerDuty
Tech organizations, with their global workforces and customer bases, must develop and implement inclusive IDE strategies that extend beyond Western-centric views. This means designing localized initiatives tailored to the unique cultural and regional needs of employees to foster true global belonging. Supporting employee well-being will require regional and cultural alignment to address the diverse challenges the world will face over the next four years. Developing a global understanding of diversity must become a core leadership competency.
Arnab Sen, VP of data engineering at Tredence
Decentralization of data ownership with data mesh architecture will become more prevalent, allowing teams to manage their own data as products. This will be particularly beneficial for large organizations seeking independent, high-quality data exchange.
David A. Wheeler, director of open source supply chain security at OpenSSF
Many software vulnerabilities can be eliminated by using programming languages that are memory-safe by default. However, it is impractical to rewrite all existing software in C and C++, which are not memory-safe by default. I expect to see gradual rewrites of small C and C++ modules, along with more use of them. There will also be longer-term efforts in 2025 that may pan out later. Some are investigating using AI to economically translate C and C++ to a memory-safe language. There’s also work to develop a memory-safe variant of C++. These longer-term efforts won’t be ready for production use in 2025, but they might give us long-term alternatives.
Tricia Gee, lead developer advocate at Gradle
Flaky tests will continue to be a prominent issue for dev teams in 2025, especially as more companies continue to adopt microservices. This is because teams will need to do integration testing between microservices, which are inherently flaky. It will be critical for dev teams to prioritize identifying and fixing flaky tests before they cause toil and frustration for developers, and compromise the quality of delivered software.