How 100 Enterprise CIOs Are Building and Buying Gen AI in 2025

TLDR Summary:
In 2025, enterprise AI spending exceeds expectations, becoming a permanent budget item driven by internal and customer-facing use cases. Enterprises increasingly utilize multiple AI models, with OpenAI, Google, and Anthropic leading the market. Procurement processes mirror traditional software buying, emphasizing cost and security. Enterprises are shifting from building to buying AI applications as the ecosystem matures, particularly in software development and customer support. However, concerns around outcome-based pricing persist. Overall, the landscape shows strategic deployment, diversified model use, and a shift towards AI-native applications.

https://a16z.com/ai-enterprise-2025/

EU – NIS2: Three Difficult Implementation Issues

NIS2 Directive aims to enhance EU cybersecurity but faces implementation challenges. Key issues include:
1. Scope – Expansive definitions make it unclear who is covered, especially for diverse organizations.
2. Implementing Regulation – Complex obligations may lead to non-compliance; partially flexible requirements exist.
3. Director Liability – Management boards could face personal liability variably across jurisdictions, complicating compliance.

Overall, the EU's legislative push seeks to address cyber threats, stressing that cybersecurity must be a priority amidst regulatory complexities.

https://www.linklaters.com/en/insights/blogs/digilinks/eu-nis2—-three-difficult-implementation-issues

CIO Wants to Clone Top Techies as Digital Twin and AI Agents

CIO Dr. Vince Kellen at UC San Diego plans to enhance tech staff productivity by creating digital twins and AI agents to automate repetitive tasks. He aims to address funding pressures and security challenges through automation, enabling his team to focus on complex threats. Kellen proposes digitizing expert knowledge to improve AI's network management and reduce IT professionals' after-hours work.

https://www.theregister.com/2025/06/12/cio_wants_to_grow_tech/

Support for AI Act Pause Grows but Parameters Still Unclear

Support for delaying parts of the EU's AI Act is increasing, following a meeting of member states and the European Commission's tech leaders. They propose a “stop the clock” approach due to impending deadlines and unresolved guidelines. Member states differ on how long to postpone implementations, with calls for up to two years for some components. The AI industry endorses this delay, citing the need for additional time for compliance. However, any amendments would require legislative review, and predictions on outcomes are uncertain, highlighting divisions within the Commission.

https://iapp.org/news/a/support-for-ai-act-pause-grows-but-parameters-still-unclear

8 Things CISOs Have Learned From Cyber Incidents

CISOs learn key lessons from cyber incidents:

  1. Share Insights: Sharing experiences from breaches enhances industry resilience and fosters community support.
  2. Shift Strategies: Incidents change CISOs' roles, requiring offensive strategies and adaptability.
  3. Develop Playbooks: A tactical response plan with clear roles is crucial for managing incidents effectively.
  4. Guard Backups: Ensure backup systems are secure and functional to prevent ransomware threats.
  5. Enhance Security: Post-incident, focus on continuous improvement and higher security standards.
  6. Stay Focused: Avoid distractions from flashy tools; prioritize core security practices.
  7. Expect Budget Fluctuations: Funding can diminish post-incident, despite heightened interest in cybersecurity.
  8. Prioritize Well-being: Mental health and stress management are vital for CISOs facing increased pressures.

https://www.csoonline.com/article/4002175/8-things-cisos-have-learnt-from-cyber-incidents.html

The Enterprise Is Not Ready for Vibe Coding — Yet

Vibe coding, using AI for software development, intrigues businesses but isn’t yet ready for widespread implementation due to security and scalability issues. Experts advocate for cautious adoption, recommending controlled experiments while acknowledging the need for engineers to upskill. By 2028, Gartner predicts that vibe coding will generate 40% of new software, but organizations must ensure rigorous standards to mitigate risks.

https://www.ciodive.com/news/vibe-coding-enterprise-CIO-strategy/750349/

Scroll to Top