What's happening
Gartner published its inaugural Magic Quadrant™ for AI Governance Platforms, positioning 13 vendors based on ability to execute and completeness of vision. Holistic AI was positioned as the only Challenger. In the companion Critical Capabilities report, Holistic AI ranked #1 for the AI Risk and Compliance Use Case and placed in the top three for the AI Agent Governance Use Case.
Why it matters
The AI governance market is crowded, but enterprise buyers have had limited ways to distinguish between broad claims and operational capabilities. A formal evaluation framework changes that. AI governance now spans risk, compliance, security, legal, procurement, and business teams, and it has outgrown policies, spreadsheets, and point-in-time reviews.
Key implications
If you are shortlisting platforms, the evaluation criteria worth borrowing from the analysts are clear. Can the platform govern agents already in production, AI embedded in third-party tools, and systems that change faster than manual processes can track? For many enterprises, regulation and board oversight have already moved the conversation beyond whether governance is needed. The differentiator now is whether a platform can keep pace.
Go deeper → The first-ever Gartner® Magic Quadrant™ for AI Governance Platforms
What's happening
Gartner projects that up to $234 billion in enterprise application software spending will be exposed to “agentic arbitrage” between now and 2030, representing roughly 20% of enterprise application SaaS spending by the end of the decade.
Why it matters
Enterprise SaaS has traditionally been priced around access: how many people use the product, which features they can access, and how often they log in. That model becomes harder to defend when agents can complete work across several applications without behaving like conventional users. Seat counts are no longer the whole story. What matters is the work the software performs and the outcome that work produces.
Key implications
Vendors may need to move toward pricing based on usage, workflows, transactions, outcomes, or some combination of them. Buyers will also need a different way to measure ROI, shifting from employee adoption and productivity estimates toward the cost, quality, and business impact of work completed by agents.
That transition will not be simple. Outcomes can be difficult to attribute, particularly when several agents and applications contribute to the same result. Customers will need visibility into which agents acted, which systems they used, what resources they consumed, and who remains accountable.
Go deeper → Gartner Says $234 Billion in Enterprise Application Software Spend Is at Risk from Agentic AI
What's happening
In a Cisco and Foundry survey of more than 3,400 senior IT and networking decision-makers, 69% said AI workloads had introduced new blind spots in network security monitoring. Seventy-three percent said they were already facing, or expected to face, campus and branch network capacity constraints within two years.
Why it matters
AI’s effect on the network is not limited to employees using unsanctioned tools. Approved applications, agents, and AI-enabled workflows are also generating traffic, calling APIs, moving data, and consuming infrastructure across the enterprise.
That can make network demand harder to predict, expose capacity constraints, and create activity that existing monitoring and security systems were not designed to interpret. Without a current view of AI-related traffic and workloads, teams are left making infrastructure, security, and governance decisions from an incomplete picture.
Key implications
This is a capacity-planning, observability, and security challenge. IT teams need to understand where AI traffic is coming from, how quickly it is growing, which systems and data it touches, and whether the network can support it reliably.
Manual inventories and employee self-reporting will not provide that visibility. As AI becomes embedded in workflows, third-party applications, and development pipelines, organizations need continuous monitoring that shows what is running, how it is behaving, and what demands it is placing on the network.
Go deeper → No Time to Wait: The Accelerating Impact of AI on Campus and Branch Networks
What's happening
Bitsight found that the number of publicly exposed AI-related services increased by 360% in 2025, surpassing one million. The same analysis found that ransomware attacks claimed on dark-web leak sites increased by 19%.
Why it matters
AI is becoming part of both sides of the enterprise threat landscape. AI services are being deployed, exposed, and integrated faster than many security teams can review them. At the same time, AI is beginning to shorten the time between vulnerability disclosure and active exploitation.
Poorly secured or misconfigured AI deployments can create exposure points that sit outside normal security review. Attackers are scanning for those weaknesses and identifying vulnerable services before organizations have fully inventoried or secured them.
Key implications
AI security and AI governance are becoming increasingly connected. Managing exposure requires live inventory, classification, access controls, vulnerability monitoring, and remediation. Security teams need to know which AI services are publicly reachable, what data and systems they connect to, who owns them, and whether they have passed the appropriate review.
Periodic inventories and annual attestations cannot keep pace with AI proliferating across teams, vendors, and infrastructure. Organizations need an operating model that continuously discovers new systems, assesses their risk, prioritizes exposures, and routes issues to the right owners.
Go deeper → Ransomware Attacks Grew in 2025 as Traditional Data Breaches Fell
Gartner, Magic Quadrant for AI Governance Platforms, Lauren Kornutick, Sumit Agarwal, Priya Sundararaman, Nader Henein, Brandon Medford, 16 June 2026.
Gartner, Critical Capabilities for AI Governance Platforms, Sumit Agarwal, Lauren Kornutick, Priya Sundararaman, Nader Henein, Brandon Medford, 17 June 2026.
Gartner does not endorse any company, vendor, product, or service depicted in its publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner publications consist of the opinions of Gartner’s business and technology insights organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this publication, including any warranties of merchantability or fitness for a particular purpose. Gartner® and Magic Quadrant™ are trademarks of Gartner, Inc. and/or its affiliates.