How AI Can Demolish Tech Debt

Forbes

08-05-2025

getty
This is the published version of Forbes' CIO newsletter, which offers the latest news for chief innovation officers and other technology-focused leaders. Click here to get it delivered to your inbox every Thursday.
As CIOs know, tech debt will keep piling on until it's taken care of. Estimates from HFS Research indicate Forbes Global 2000 companies are carrying $1.5 trillion to $2 trillion worth of tech debt. But bringing AI into the workplace, HFS and Publicis Sapient say in a new report, has the potential to eradicate that tech debt and get enterprises to modernize. The report calls AI the jackhammer that can smash through tech debt, and highlights a path for companies to use AI to fully modernize—something 80% of surveyed leaders believe it can do.
'Enterprises need to stop tinkering with outdated models and start smashing through the barriers holding them back,' HFS Research CEO and Chief Analyst Phil Fersht said in a release. 'This is the moment to rewrite the rules of modernization, and those who don't act decisively risk being left behind in the dust.'
The study shows that only three in 10 enterprises feel they have 'fully modernized' their IT applications—nearly the same amount that say they are 'legacy-heavy' (25%) or at risk of obsolescence (4%). About half of the survey respondents said that they're looking to move to AI because existing IT services mostly just maintain these legacy systems. And even though it may seem like every company is already using AI, the study reiterates that it isn't the case. Just 22% of companies said they are actively scaling AI across multiple IT functions. A third are experimenting with AI in select functions now, while 27% are exploring AI in IT, but not yet implementing it.
The study recommends that an enterprise's AI transition does away with siloed data and information, instead bringing everything together in a connected value chain that all departments can access. Governance should be built into the foundation through functions like automated controls and real-time monitoring, breaking from traditional steering committees and policy hierarchies. AI stewardship should also be a part of everyone's job description now, the report recommends. People can focus on using AI to complete tasks and pull information, which will make their workflow more efficient and outcomes more effective. Through making information flow more freely and giving more people the responsibility to work with it, the system is much more likely to adapt alongside technology, reducing the possibility of future tech debt issues.
Protecting data and advancing cybersecurity isn't just the CIO's responsibility. CFOs also should be a resource here, especially since the data is often used for projections and forecasts—and breaches can be incredibly expensive. I talked to Abhesh Kumar, chief technology officer at financial advisory firm Springline Advisory, about how CIOs and CFOs can come together. An excerpt from our conversation is later in this newsletter.
The days of Google's dominance on Apple devices may be waning, an Apple exec testified in court this week. Eddy Cue, senior vice president of Apple's services unit overseeing the App Store and Safari browser, said that the company is 'actively looking' to add AI-powered search options to Safari, though Cue added he believes Google should remain the default search option. The testimony, which was part of the federal government's ongoing antitrust case against Google, led to a 7.5% drop in the company's stock on Wednesday. It recovered a bit on Thursday, but Google's stock is still more than 5% down this week.
This testimony really shouldn't be a surprise to investors. Most big tech companies—especially Apple, Google, Microsoft and Meta—have spent the last year in regulators' crosshairs in both the U.S. and EU. Antitrust litigation in the U.S. and the EU's Digital Markets Act, which aims to level the playing field for companies in the tech space, have been pushing Big Tech to reevaluate their policies that push users into preferred providers for app downloads, web browsing and search, and utility applications. Wednesday's testimony was part of ongoing hearings for U.S. courts to figure out an appropriate remedy after a ruling last year that Google has an illegal monopoly on search.
Photo Illustration by Sheldon Cooper/SOPA Images/LightRocket via Getty Images
OpenAI has reportedly reached a deal to buy vibe coding platform Windsurf for $3 billion, which would be the generative AI powerhouse's largest deal yet, writes Forbes contributor John Werner. Windsurf has an AI-powered tool that lets users use regular language to describe what they want a system to do, and Windsurf writes appropriate code. It's a powerful tool for code development, but Werner points out that Windsurf also has a specific focus on hardware, with a priority on developing custom AI chips and server clusters.
The deal has not yet closed, according to Bloomberg, which broke the story.
getty
President Donald Trump passed 100 days in office for his second term last week, and a group of cybersecurity leaders and experts talked about what that meant at last week's RSAC 2025 conference, writes Forbes senior contributor Tony Bradley. The top takeaway: It isn't good. While Trump has said he wants to put in place policies to help U.S. tech companies continue to be global leaders, panelists said his focus on drastically cutting the federal workforce and undoing many of his predecessor Joe Biden's policies have undermined progress. Jen Easterly, former director of the Cybersecurity and Infrastructure Security Agency, said the loss of tech talent at government agencies damages cybersecurity readiness. Trump tends to prioritize loyalty above skill, which panelists said erodes morale and independence of federal cybersecurity functions—and makes other nations reluctant to share information about threats.
'We built trust and catalyzed trust and collaboration, and we did it with integrity, we did it with humility, we did it with transparency, and we did it with character. And that's what you all should demand from your government,' Easterly said.
Springline Advisory CTO Abhesh Kumar.
Springline Advisory
In today's business world, data and cybersecurity threats are always multiplying. Abhesh Kumar, chief technology officer of accounting at financial advisory firm Springline Advisory, sees one way to strengthen both a company's use and understanding of data and its security: Having finance and data or technology leaders work together on it. I talked to him about why this is an important partnership and how to make it work.
This conversation has been edited for length, clarity and continuity. It was also excerpted in the Forbes CFO newsletter. A longer version is available here.
What do you see as some of the biggest hazards in a company in terms of safeguarding their data?
Kumar: The short answer, the absolute biggest risk is lack of shared accountability, which arises from lack of shared visibility. But let me elaborate a little bit. We need to view the risk in the context of the fast-evolving threat landscape. So you've got different data assets—whether it's financial data, strategic data, client data, employee data. Unfortunately, most organizations are operating in silos. That means CFOs do not really have full visibility on where the data lies, and they have not really incorporated protecting them or taking any cybersecurity measures as part of their financial risk management.
Because of this disconnect, and generally how the CIOs or CTOs and CFOs collaborate, this leads to the presence and increasing expansion of shadow data: Nobody knows where the data is or what kind of data it is, or how it can be tracked back to some of the crown jewels. The increasing diversity of data assets; the emerging sophistication of hackers; and the lack of proactive, collaborative, culturally driven operating models between the CTOs and [CFOs], they all contribute to the explosion in the risk exposure.
When you look at cybersecurity threats, they're always changing, with bad actors finding new ways to try to get into data, get into systems, that sort of thing. How does collaboration help, not just for now but for the future?
It's always a game of who stays one step ahead of the other. If we are going to take them in isolation and one by one, there will be cases where the attackers will win and the defenders will lose. Where there is joint accountability, when parties—especially senior leaders like CTOs and CFOs—have a good understanding of the threat landscape, they also understand where the data resides, what is the risk exposure, it automatically heightens their preparedness and approach toward proactively putting in place a set of mechanisms to guard that data.
This automatically reduces your threat exposure by a lot. Some of these provisions can be technology-based: You could have a NIST-based security assessment, you could have penetration testing, you could have parameter scanning, you could have advanced edge computing-based security. Some of these are technology, some of these have to do with human capital, where there's sponsorship and initiative to build that knowledge. A lot of these hackers find humans as the most vulnerable and easy way to hack the system, so enabling that human capital to be a robust wall in front of these attacks is important.
Third is the general culture of being cybersecurity aware, and practice simple things, like locking computers when you're walking away even two minutes away from your desk, do not use public WiFi if you are working on sensitive strategic data files. A culture where parties see the leaders leading by example, and then they emulate it.
What advice would you give to a CIO to start working with their CFO?
The CIOs have to step up from playing an operational role to a more strategic role. Instead of just putting down the nails and the locks around the place and securing it, they have to elevate the articulation of the problem at the strategic level where it can be communicated to the board: What is the overall risk impact? They almost have to take on a risk manager role from a cybersecurity perspective, and not just be the operator of those security mechanisms.
We need to be able to tell a good story: If you don't do this, these are the things that could go wrong, and this is going to cost you in the dollar terms, and have that communication with the board. This is part of stepping up and expanding their point of view from being just a technology or internal service provider to a stakeholder in the business. It's not just about, 'Tell me your data and I'll put it in a vault and secure it,' but 'Help me understand your business and let me be a partner in delivering the business outcome that you're intending [for] your shareholders, the board and other stakeholders.'
As generative AI becomes more of a force in everyday life online, companies need to develop strategies for generative engine operation—GEO—that rival what they've had in place for SEO. Here are some ways to start making AI more likely to cite your pages.
It's important for leaders to connect with their teams, and if you're having trouble doing that, the underlying reason could be that you don't truly know yourself. Here's how to realign your leadership based on the 3D method—aligning efforts across yourself, your team and the world—and get a better understanding of yourself and your experience.
Web applications come and go—even the ones that were once vital to us. Which of these once-indispensable applications sunset this week?
A. ICQ
B. Vine
C. Skype
D. Napster
See if you got the answer right here.