Like every year, we’ve heard from people in the software development industry sharing their thoughts on which areas will thrive and which may not survive into 2025 and beyond. Here are some of their predictions for next year.
Derek Holt, CEO of Digital.ai
As Value Stream Management continued to lose steam in 2024, we also saw the rapid rise of Software Engineering Intelligence (SEI) to take its place. SEI will have a breakout year in 2025 as more companies realize they need to measure the end-to-end business process of software development and delivery to drive continuous improvement, deliver truly enhanced developer experiences, and ultimately realize the potential profits for software development. an AI-powered software development and delivery capability. SEI is the key to each.
Emily Nakashima, VP of engineering at Honeycomb
While the current AI hype shows no signs of slowing down, the focus in 2024 has been on AI code authorship rather than code ownership. Companies end up spending far more time owning, maintaining, and using software than writing it. The current generation of AI tools has shown that they can be inconsistently useful across maintenance and ownership issues. As such, 2025 will bring increased awareness of the downsides of owning AI-generated code and running LLMs in production – what was quick to create in development is suddenly slow, expensive, and unpredictable in production. I will be watching for advancements in best practices for LLM observability and expect that we will see security incidents making headlines due to LLM generated code.
Dylan Thomas, senior director of product engineering at OpenText Cybersecurity
By 2025, DevSecOps will evolve beyond the ‘shift-left’ paradigm and embrace a more mature ‘shift anywhere’ approach. This shift calls on organizations to apply the right tools at the right stages of the DevSecOps cycle, improving the efficiency and effectiveness of security practices. Lightweight analytics in IDEs will help developers detect issues early, while automation integrated into pull requests and CI/CD pipelines will ensure a cohesive ‘integrate once’ approach for core functions such as SAST, SCA and increasingly DAST, especially for API security testing.
Jans Aasman, CEO of Franz Inc.
As digital currencies grow, the sophistication of fraud, including money laundering and phishing, will require more sophisticated detection methods. Emerging forms of AI such as Neuro-Symbolic AI (NSAI) will combine pattern recognition, logical reasoning and language understanding to identify suspicious transactions on decentralized platforms. By analyzing blockchain data, smart contracts and transaction history, NSAI will uncover hidden fraud patterns, interpret the intent behind transactions and distinguish legitimate transactions from illegal activities such as market manipulation. NSAI’s unique capabilities will be able to flag high-risk transactions while providing clear, explainable reasons for the flags, helping regulators and industry players maintain transparency and compliance.
Alex Merced, Senior Tech Evangelist, Dremio
The battle to dominate the data catalog space will be a high-stakes showdown. As hybrid and multi-cloud ecosystems grow, organizations will demand seamless interoperability, driving fierce innovation in governance, lineage, and user-defined functions (UDFs). Apache Iceberg will emerge as a major player and redefine the standards for open table formats with its hybrid catalog capabilities. This race will not only reshape data architecture; it will decide who controls the future of data portability.
Jamil Valliani, head of AI product at Atlassian
2025 will be the year of the AI agent. As agents become richer in interactivity and reach beyond text and audio and visual elements, they will drive a powerful cultural shift in the way humans collaborate with AI. Agents are already pretty good at expanding and accelerating our work. Over the next year, they will become even better at performing very specific tasks, taking specialized actions and integrating products, all with people involved. I’m thrilled to see agents becoming exponentially more sophisticated in how they can collaborate with teams to accomplish complex tasks. Our relationship with them will evolve and we will see new forms of collaboration and communication emerge within teams.”
Lucy Beaumont, head of talent management solutions at SHL
By 2025, leading companies will increasingly view their workforce as a community of skills rather than static roles. This perspective enables organizations to fluidly leverage and deploy skills, meeting dynamic business needs while supporting employee growth. To do this, organizations will need to create skills-based ecosystems where talent can be seamlessly linked to opportunities.
Christopher Robinson, chief security architect at OpenSSF
AI will increasingly help programmers, defenders, and attackers accelerate their work. By integrating AI with automated tools and CI/CD pipelines, developers can quickly identify and fix coding errors. Defenders can leverage AI’s ability to analyze massive amounts of data and identify patterns, accelerating the work of SOC teams and other blue team operations. Unfortunately, attackers can also use AI to conduct sophisticated social engineering attacks, check public code for vulnerabilities, and employ other tactics that will complicate cybersecurity in the near future. We need to learn how to secure AI before we widely deploy it for security purposes.
Sachin Aggarwal, co-founder and CEO of StackGen
In 2024, 52% of developers responded Stacked: the IaC Maturity Report reported that they spend more than 20% of their time on Infrastructure as Code (IaC). By 2025, IaC tools will evolve to generate infrastructure from code instead of relying on developers and infrastructure teams to learn new tools and programming languages. These tools apply standard security and governance requirements, allowing developers to spend more time writing application code that delivers business differentiation, rather than wasting time writing IaC.
Roshan Kindred, chief diversity officer at PagerDuty
Technology organizations, with their global workforce and customer base, must develop and implement inclusive IDE strategies that extend beyond Western-centric views. This means designing localized initiatives that are tailored to the unique cultural and regional needs of employees to promote true global connectedness. Supporting employee well-being will require regional and cultural alignment to address the diverse challenges the world will face over the next four years. Developing a global understanding of diversity must become a core leadership competency.
Arnab SenVP data engineering at Tredence
Decentralization of data ownership with data mesh architecture will become increasingly common, allowing teams to manage their own data as products. This will be especially beneficial for large organizations looking for independent, high-quality data sharing.
David A. Wheeler, director of open source supply chain security at OpenSSF
Many software vulnerabilities can be eliminated by using programming languages that are memory safe by default. However, it is impractical to rewrite all existing software in C and C++, as these are not memory safe by default. I expect gradual rewrites of small C and C++ modules, along with increased usage of them. Longer-term efforts will also take place in 2025, which can be implemented later. Some are exploring using AI to economically translate C and C++ into a memory-safe language. Work is also underway to develop a memory-safe variant of C++. These longer-term efforts won’t be ready for production in 2025, but they can give us long-term alternatives.
Tricia Gee, Lead Developer at Gradle
Poor testing will remain a prominent problem for development teams in 2025, especially as more companies continue to adopt microservices. This is because teams need to perform integration tests between microservices, which are inherently weak. It will be critical for development teams to prioritize identifying and fixing bad tests before they cause toil and frustration for developers and compromise the quality of the software delivered.