That shift shows up clearly in this year’s research. Organizations are placing greater emphasis on data-centric security and cloud guardrails, while traditional perimeter approaches are becoming less central. DevSecOps practices are also evolving in a practical direction: Teams are embedding automated controls into CI/CD pipelines while relying on runtime visibility to catch what slips through. At the same time, supply chain risk is no longer a niche concern, and while SBOM adoption is widespread, turning visibility into enforcement remains a work in progress. And as AI agents move into production, questions around data exposure and identity are becoming harder to ignore.