While there may be a lot of “hysteria” surrounding AI right now, Jim Palermo, for one, isn’t too concerned about a potential AI bubble.
Palermo, CIO of Trimble, a $3.7 billion platform company serving the engineering, construction, and transportation industries, says that despite the noise, Trimble will continue investing in the technology to drive innovation and improve productivity.
Palermo is among the CIOs who think an AI bubble is not unrealistic, but are taking a measured approach to adopting the technology. The level of concern, Palermo says, “depends on how much you’ve drank the Kool-Aid.”
Other IT leaders say an AI bubble wouldn’t indicate the technology has no future but would be more about inflated expectations colliding with operational reality. The real risk isn’t investing in AI, they contend, but in betting on unproven models, vendors, or single-use platforms.
In light of concerns over inflated company valuations, IT leaders advise their colleagues to make more disciplined and informed decisions, and consider shorter contracts to hedge their bets in case the technology or market shifts. They also counsel peers to tighten governance and get small proofs of concept (PoCs) under their belts before committing to full-scale initiatives.
De-risking AI commitments
As for the AI industry’s future, Palermo believes there will be “a lot of point AI solutions that are going to disappear … over the next year or two.”
“I think that the larger platform ecosystems are really starting to have a strong AI foundation, and they’re … better able to articulate how they can leverage AI,” Palermo adds.
“Any CIO is trying to take advantage of those types of ecosystems because we’re spending millions of dollars on that software,” says Palermo, who sees governance as a key priority in ensuring the appropriate rigor around security and privacy for AI rollouts. “So, I think you’re going to see CIOs double down on that.”
One strategy CIOs are using to hedge against a potential AI bubble without stalling progress is to separate capability from hype, says Shawn Jahromi, founder and principal advisor at Alpharay Consulting.
“CIOs are funding narrowly scoped AI use cases tied to operational metrics like cycle time reduction, error rates, and cost containment,” says Jahromi, who is also a doctoral researcher in digital transformation and AI governance. “This limits exposure if valuations or vendor viability shift.”
CIOs are also treating AI as an operating model change rather than a technology purchase, he says. “This includes governance, accountability, and human override structures. CIOs who do this are less vulnerable to bubbles because value creation is embedded in workflow design, not tools.”
The CIOs Jahromi works with “are not slowing AI adoption. They are de-risking it structurally.”
Staying resilient is a core strategy
Another strategy Jahromi sees CIOs implementing is retaining architectural control by prioritizing data ownership, model portability, and vendor exit options. “The goal is resilience,” he says. “If an AI vendor fails or pricing collapses, the institution does not lose decision rights or operational continuity.”
Bread Financial CTO Allegra Driscoll is taking “a measured, super pragmatic approach” to AI investments, and says leadership is not interested in “chasing the best tool or being first to market.” It’s important to build capabilities that create value while maintaining resiliency, she says.
“We’re focused on high-value, proven use cases,” Driscoll says, adding that she spends a lot of time “evaluating a full set of risks” with all Bread Financial tech investments. “So, I feel really confident that those high-value, proven use cases we’ve moved forward on and put into production are going to continue to provide value for [us] and our customers.”
Staying the course with AI starts with the outcomes CIOs are trying to drive, Trimble’s Palermo says, as well as working with the business on solving pain points. “That protects you from complete chaos,” he says. “Cultivate that spirit of innovation, but there should be some rigor when you go from innovation and ideas to actual production. There’s got to be some governance around that.”
Further, CIOs shouldn’t hedge against AI “as much as being intentional and designing for resilience,” says Anurag Sharma, CTO of VyStar Credit Union. This is especially important for financial services firms, he says, “where trust and stability matter as much as innovation.”
To that end, VyStar’s approach is to use AI where it clearly solves a business problem, improves outcomes for their members, and enhances operational efficiency “with a deliberate focus on strengthening fundamentals that will outlast any hype cycle,” Sharma says.
This requires clean and well-governed data, modular and interoperable architecture, and people who understand both the technology and the business, he says.
“If the AI bubble cools, these fundamentals and investments will still compound value and improve safety and efficiency; if it accelerates, we will be positioned to scale responsibly without compromising compliance or member experience,” Sharma says. “The goal shouldn’t be to chase the shiny AI at all costs, rather, to remain adaptable, financially disciplined, and be able to pivot with confidence.”
Reigning in tool sprawl
A lot of enterprises struggle with tool sprawl, and in an uncertain economy, CIOs are doubling down on reining in tool overload and spending. Palermo says Trimble is beginning to rationalize and create metadata around the software they have and whether there are 10 tools that do the same thing. This is particularly true of AI tools, so Palermo is working on tightening up their source to pay process “so we get more rigor around ensuring we’ve got everything that’s coming in registered.” That way, if someone is looking for an AI tool IT will have vetted it and can make a recommendation.
“We want to drive innovation [using] groups of tools that satisfy particular needs in the AI space,” he says.
“Buying up a lot of tools can create an architecture that’s very complicated, and if you’re not sure that’s going to produce lot of value, then the risk of having one link in the chain fail on a critical process is probably not worth it,” agrees Driscoll.
Anchoring low risk with high value
Bread Financial will “continue to invest in high-value use cases going into 2026,” such as a knowledge management capability IT built for the company’s customer care agents, Driscoll says. At the same time, “we approach all new technology in a similar way — we try to slow down to go fast.”
Like Sharma, she says that consumer trust is paramount, “so we tend to spend a good amount of time building out a robust, controlled environment and make sure we understand the full scope of risks. Then we’ll chose a use case or use cases that are low-risk, high-value, to start to build experience across the team.”
That approach will continue, especially as they build out knowledge management use cases and start to use agentic AI.
Sharma also anticipates continued investments in AI in 2026. “The percentage of our IT budget dedicated to AI investments will depend on various factors, including the evolving landscape and specific business needs,” he says. “However, we remain committed to leveraging AI where it makes a meaningful impact on our operations and member experience.”
Vendor consolidation may heighten risk exposure
Benjamin Hori, cofounder and CSO of Spotlite, an online booking platform connecting models with fashion brands and agencies, believes the signs of an AI correction are already here, and startups are being impacted, which creates exposure to risk.
“When dominant players begin bundling capabilities that eliminate the need for entire categories of startups, we see immediate fallout — rapid consolidation, abrupt pivots, and smaller vendors disappearing overnight,” Hori says. “That instability directly impacts security teams that rely on those tools.”
One of the clearest indicators of what’s real versus hype is whether a company is training its own models “or simply wrapping someone else’s API,” he says. “From a CSO perspective, that distinction matters because it affects data control, attack surface, long-term viability, and ultimately, risk. A vendor without proprietary models or rights-cleared datasets has no defensible foundation, and that becomes our risk exposure.”
To hedge against AI volatility, Hori says Spotlite prioritizes partners with distinct data advantages, strong governance practices, and architectures resilient to market shifts. “We also build flexibility into our stack so we’re not dependent on any one model provider,” he says, “especially in a climate where startups can vanish quickly.”
