As agencies enter 2026, executives from some of the federal government’s top IT and service vendors predict that federal technology success will hinge less on adopting new tools and more on operational foundations.
Artificial intelligence (AI), zero trust, and cybersecurity strategies will succeed – or fail – based not on access to new tools, but on whether agencies have modernized their data foundations, security architectures, supply chains, and power infrastructure to operate at scale in an era of faster, more coordinated threats.
Artificial intelligence
“Agencies will increasingly recognize that AI progress is determined less by access to models and more by the readiness of their data,” said Bryan Thomas, vice president of the U.S. public sector at Pure Storage. “As leaders push to move beyond pilots and show measurable outcomes, many will confront the reality that their data remains fragmented across environments and difficult to operationalize efficiently at scale.”
While many agencies have vast amounts of data, many “lack the ability to consistently leverage it in a coordinated way,” Thomas added. “That gap can result in incomplete or inaccurate outputs, confusion around where to start, and slower progress from experimentation to production.”
“The agencies that gain momentum will be those that treat data readiness as mission readiness – using policy-driven management and capabilities that reduce manual intervention and manage data at scale,” he said. “When data is managed efficiently and intentionally, it becomes a core enabler of transformation. Without that foundation, even well-funded initiatives will struggle to deliver lasting impact.”
Majed Saadi, chief technology officer at Hitachi Vantara Federal, predicted that in 2026, “energy will be a central constraint in AI strategy,” especially for large-scale modernization.
“If you don’t have power capacity, you can’t scale AI, and even agencies using third-party data centers can’t assume providers will have enough energy to support future demand,” Saadi said.
“We’re already seeing departments treat energy solutions as an integral part of their data center modernization initiative,” Saadi added. “These projects take years to complete, and planning has to start now. Over the longer arc, sustainability won’t be a slogan, it will be an operational necessity tied directly to mission outcomes and technology resilience.”
Zero trust
“In 2026, the decisive factor in federal cybersecurity outcomes will be operational speed – how quickly agencies detect, isolate, and remediate threats,” said Sean Connelly, executive director of global zero trust strategy and policy at Zscaler. “We expect to see tangible progress in how agencies operationalize zero trust – translating strategy into measurable mission enablement and outcomes.”
Connelly previously served as a senior cybersecurity architect at the Cybersecurity and Infrastructure Security Agency (CISA) and served as the program manager of the agency’s Trusted Internet Connections (TIC) initiative.
“Risk is amplified by legacy trust models; replacing implicit trust with continuous verification, minimizing the attack surface, clearly defining the protect surface, and enforcing least privilege will materially reduce exposure,” Connelly said.
“Applying zero trust limits movement by establishing clear security boundaries from macro pathways down to individual workloads, users, and data,” he said. “At the same time, enforcing per-session least-privilege access, brokering and inspecting cloud traffic, and constraining third-party privileges and scopes – enabled by tighter solution interoperability and shared signals – can prevent high-impact single points of implicit trust.”
Cyberattacks
Felipe Fernandez, chief technology officer at Fortinet Federal, predicted that supply chain attacks will “escalate to unprecedented levels” in 2026.
“Adversaries have shifted from exploiting isolated vulnerabilities to compromising the trusted software and service providers that underpin federal operations,” Fernandez said. “The next major breach will make clear that vendor diversity isn’t optional – and that every agency must have a credible backup plan to preserve mission continuity when a foundational tool or service fails.”
Bill Lemons, director of systems engineering at Fortinet Federal, added that building an ecosystem that allows for open collaboration between government and industry “will be essential to navigating rapid change.”
“In 2026, we’ll see the emergence of structured communities where agencies and vendors work side by side to co-develop solutions,” Lemons said. “This goes beyond information sharing to genuine joint problem-solving. Vendor diversity remains a critical strength, and we cannot afford to diminish it.”
Gary Barlet, public sector chief technology officer at Illumio, added that nation states will deepen their collaboration to conduct cyberattacks, “shifting from isolated operations to coordinated, multi-country campaigns.”
“Nation-state actors will increasingly work with each other to support intelligence collection, strategic disruption, and operations timed around global events,” Barlet said. “This growing cooperation will blur the lines between criminal and state-directed activity, making attribution even more difficult. Agencies and critical infrastructure operators must prepare for these coordinated campaigns by implementing post-breach containment strategies.”