In a new world of efficient execution fueled by AI, the push to operate leanly applies not only to headcount and applications but also to infrastructure software. The effort to rationalize spend has emerged as one of the most defining trends that we see across the infra stack today—second only to AI adoption and integration. Such a mindset reflects a clear shift from the “growth at all costs” philosophy of recent years. With budgets tightening and AI initiatives taking priority, buyers are increasingly focused on simplicity and cost control.
Part of this movement seems to stem from growing frustration with pre-COVID breakout vendors like Fivetran, Snowflake, Splunk, Auth0, Datadog, Confluent, and Snyk—many of which have since gone public, been acquired, or raised at premium late-stage valuations. As these companies shift focus toward their largest enterprise customers and profitability, many have raised prices while simultaneously slowing product velocity. Buyers, in turn, are pushing back against their high spend on these platforms, which is becoming increasingly hard to justify.
There is now a real opening for challengers offering simpler, leaner, and more cost-aligned alternatives. The 10 trends below explore where we see the infrastructure software market headed.
Key Trends
1. Market Preference Is Shifting Back to Best-of-Suite Platforms
Buyer sentiment is shifting back toward best-of-suite solutions, as teams grapple with tool sprawl and vendor fatigue following the era of best-of-breed adoption. The trend is especially evident in security, where Gartner found that 75% of organizations are actively pursuing vendor consolidation. Major M&A activity reflects this shift—two of the largest deals of 2025 are security consolidation plays: Google’s $32B acquisition of Wiz and Palo Alto’s $25B acquisition of CyberArk.
The same dynamic is playing out among startups, where several challengers are seeing early success by centering their value proposition around a best-of-suite approach.
Examples:
- Networking: NetBox Labs — Composable platform for managing network infrastructure, including operations, observability, automation, and security
- Cybersecurity: Aikido Security — Comprehensive security platform spanning AppSec and cloud security
- DevOps/SRE: Incident — All-in-one incident management platform covering alerting and incident response
2. Transparent Pricing Is Becoming a Differentiator
As incumbent pricing grows increasingly opaque, buyers are migrating to challengers with clearer, more predictable pricing models. In many cases, renewal shock—driven by quietly compounding usage or gated features—pushes teams to reevaluate long-standing vendors.
Examples:
- Observability: Datadog → Honeycomb — Honeycomb prices based on data ingest—but in atomic units which can contain an effectively unlimited number of key/value pairs (sometimes called "custom metrics") tied to a given timestamp. This allows Honeycomb pricing to be more predictable, as costs are simply based on request volumes rather than a mix (or layering) of per-host, per-product, or per-attribute costs.
- ETL/ELT: Fivetran → Estuary — Fivetran charges based on Monthly Active Rows (MAR)—the number of rows inserted, updated, or deleted each month—which can spike unpredictably in high-churn datasets. Estuary avoids this with transparent pricing based on data volume and connector count.
- AppSec: Snyk → Aikido Security — Aikido charges a flat per-user rate that covers its full suite of modules across AppSec and cloud security—avoiding the per-seat plus per-feature escalation common with Snyk's licensing model.
- Auth: Auth0 → Clerk — Clerk’s pay-as-you-grow model avoids Auth0’s MAU caps and tiered gating, keeping pricing predictable while advanced features remain add-ons rather than Enterprise-only.
- Business Intelligence: Looker → Omni — Omni offers a single, predictable monthly rate with no hidden fees or per-role pricing. Looker, in contrast, frequently charges separately for dev, standard, and viewer licenses and ties costs to compute usage and feature access—resulting in higher and less predictable bills.
3. The Modern Data Stack Is Converging on a Leaner, Modular Core
As complexity and cost have accumulated in the modern data stack, many teams are converging on simpler, more modular foundations. Rather than over-centralizing around warehouses or over-engineering pipelines, teams are relying on relational databases and object storage to do more—each extended just enough to support evolving needs without bloating the stack.
Relational databases are becoming increasingly versatile. New vendors and extensions are enabling teams to extend their existing databases to support functionality that has historically required multiple systems. For example, PuppyGraph, pgvector, and ParadeDB minimize the need to run separate graph, vector, and search databases, respectively. Reducing the number of systems that teams need to purchase, operate, sync, monitor, and secure meaningfully lowers administrative overhead, cost, operational burden, potential downtime, and the surface area for security breaches. Postgres’s rich extension ecosystem has made it a prime beneficiary of this shift, fueling its continued rise in popularity.
Object storage is having a similar moment, becoming the foundation for a growing range of workloads in analytics, search, and data processing, where cost, scalability, simplicity, and durability take precedence over fully optimized performance. In analytics, engines like Trino and even ClickHouse can query object stores directly using open table formats such as Apache Iceberg and Delta Lake. In search, AWS recently introduced S3 Vectors as the first cloud object store with native vector storage and querying. turbopuffer extends this approach by enabling both vector and full-text search on object storage, supported by a caching layer to boost performance. Further upstream, Bauplan aligns with the trend by offering serverless abstractions for building data pipelines, often for AI/ML use cases, directly on top of object storage.
Together, these trends reflect a broader move toward leaner infrastructure: fewer systems to manage, fewer pipelines to maintain, and more leverage from modular, general-purpose, and cost-effective primitives that can flex to support modern operational, analytical, and AI workloads.
4. Cost Optimization Platforms Are Emerging Across the Stack
As infrastructure costs become a board-level concern, a new class of tooling is emerging to reduce spend across compute, storage, and software. While Kubernetes and cloud billing were early focus areas, nearly every major cost center now has dedicated solutions, including spaces like data warehousing and business intelligence. Some tools, such as Pump, take a fintech-style approach, leveraging group buying across customers to obtain volume discounts and unlock the benefits of reserved instances. Others, such as Espresso, focus on optimizing utilization and footprint—identifying overprovisioned workloads, inefficient queries, or unused assets to reduce waste at the source.
Examples:
- Cloud Billing: Pump — Aggregates usage, unlocks preferred pricing on reserved instances, and simplifies cloud cost visibility
- Data Warehouses: Espresso — Surfaces inefficient queries, redundant schedules, and unused tables to shrink compute/storage spend
- BI Tools: Datalogz — Detects stale dashboards, orphaned models, and unused reports to reduce unnecessary BI layer costs
5. A New Class of Vendors Is Winning on Cost-Aware Design
A new class of infrastructure vendors is emerging—distinct from traditional cost optimization platforms—that targets high-cost line items like CI compute and SIEM. Rather than positioning solely as cost cutters, these players offer optimized, drop-in components that improve performance and efficiency while reducing compute and storage overhead as a natural byproduct. In many cases, they are replacing brute-force, overprovisioned systems with leaner, AI-native primitives that become embedded parts of the modern stack. Cribl pioneered this positioning, and a new wave of entrants is now applying the same playbook across the infrastructure stack, often with AI-native positioning.
Examples:
- CI Compute: Namespace — Provides faster, lower-cost CI runners—combining proprietary hardware with intelligent caching to serve as a drop-in replacement for managed runners across platforms like GitHub Actions
- Security Data: Realm Security — Lowers SIEM costs (e.g., from Splunk, Sumo Logic) by acting as an upstream telemetry broker—intelligently filtering and routing high-volume, low-signal data to cheaper destinations
6. Challengers Are Capturing the Underserved Mid-Market
While much of the narrative discussed in this piece thus far centers on migration from legacy platforms, a parallel trend is unfolding: emerging vendors are capturing greenfield adoption by targeting the historically underserved mid-market. Incumbent solutions are often prohibitively expensive, require significant customization, and demand heavy implementation and maintenance resources—creating friction for leaner teams with constrained budgets. In contrast, new entrants are prioritizing simplicity, accessibility, and rapid time-to-value, delivering solutions that "just work" for mid-market buyers without the overhead of enterprise tooling. As part of this shift, cloud-native vendors are also introducing low-friction, modern alternatives that replace the complexity of clunky on-prem incumbents.
Examples:
- Data Modeling: SqlDBM — A cloud-native alternative to Erwin
- Cybersecurity: Aikido — For teams where managing the Snyk + Semgrep + Wiz stack is excessive
- Artifact Repositories: Cloudsmith – A cloud-native alternative to JFrog Artifactory
7. AI-Native Service Delivery Is Transforming Outsourcing Models
Most companies—especially outside the Global 2000—lack a compelling reason to manage IT, security, or QA functions internally. While outsourcing has long been an option, AI is materially shifting the cost–quality frontier. Service providers can now deliver faster, more consistent, and more scalable outcomes at equal or lower price points. As a result, we expect a growing portion of these functions to be externalized over time. This shift is playing out through both AI-native service providers that deliver outcomes directly and AI-native software platforms that enable existing providers to automate more and operate at higher margins.
Examples:
8. Open Source Alternatives Are Gaining Favor
Open source tools offer a practical alternative for teams with the capability to self-manage infrastructure. By avoiding the high costs of managed hosting and usage-based pricing, OSS provides greater cost control and data ownership while reducing vendor lock-in. As infrastructure costs rise and scrutiny around SaaS sprawl and data privacy intensifies, more teams with in-house expertise are expected to adopt open source as a preferred path. For example, as Postman has matured and raised pricing, many companies have found it difficult to justify the spend versus emerging OSS alternatives like Bruno. Even in more frontier areas, OpenAI’s release of GPT OSS—an open-weight model suite—signals the growing importance of openness in AI.
Examples:
- Observability: Datadog → Prometheus + Grafana
- ETL: Fivetran → Airbyte
- API Testing: Postman → Bruno
9. Vendor-Native Tooling Is Quietly Becoming the Default Path
In parallel with the shift back toward "best of suite," we are seeing increasing adoption of vendor-native tooling—particularly from hyperscalers. In security, the rapid growth of Google SecOps and Microsoft Defender underscores how bundling continues to gain traction. With executive teams under pressure to rein in budgets, many are steering functional groups toward platform-native solutions, especially when they have pre-committed platform spend. As owners of the underlying infrastructure, hyperscalers can squarely outcompete other vendors on cost
A similar dynamic is unfolding in AI, where OpenAI and Anthropic are actively moving up the value chain into the application layer. Anthropic’s Claude Code and OpenAI’s Codex are examples of this shift in software development, while OpenAI’s investment in Endex signals broader ambitions to expand into verticals such as financial services. Just as hyperscalers benefit from owning infrastructure, OpenAI and Anthropic enjoy a strategic advantage by owning the underlying models.
Examples:
- Security: Choosing Microsoft Sentinel, Google Chronicle over Splunk
- DevOps: Choosing AWS CloudFormation over Terraform
- AI: Choosing Claude Code over Cursor
10. There Is Still Appetite to Pay for Clean Abstractions of Hard Problems
Despite tighter budgets, teams remain willing to pay for clean, reliable abstractions of foundational but operationally complex problems—especially those at the intersection of application logic and infrastructure complexity. In many cases, the cost of replicating these capabilities internally exceeds the price of adoption when accounting for headcount, opportunity cost, and ongoing maintenance. Even in lean environments, the tradeoff often favors outsourcing over in-house build-and-maintain efforts. For example, replicating Recall’s functionality in-house could require a team of 5–6 engineers working for several months, followed by ongoing operational overhead—making its API abstraction a far more cost-effective path for teams looking to move quickly and leanly.
This dynamic—coupled with the rapid growth of agentic applications—is powering the rise of a new category of API-based, AI-native abstractions purpose-built to support these emerging systems. Just as Stripe abstracted payments and Twilio simplified messaging, platforms like Composio, Browserbase, Daytona, Tavily, and Zep offer simple, clean interfaces for handling auth, integrations, runtime environments, web search, and context management. These abstractions are becoming the default path for teams looking to offload complexity, maintain development velocity, and build reliable, production-grade agent workflows without reinventing core infrastructure.
Examples:
- Meeting bots & recorders: Recall
- Auth & tools: Composio
- Headless browsers: Browserbase
- Code sandboxes: Daytona
- Web search: Tavily
- Context: Zep
Closing Thoughts
The infrastructure software landscape is undergoing a meaningful reset. As AI-native solutions command attention, buyers are simultaneously reassessing the traditional infra stack—seeking solutions that are simpler, leaner, and more cost-effective. The trends we highlight reflect a broader shift in mindset: away from sprawling, over-engineered systems and toward software shaped by pragmatic design.
The bar for infrastructure products has never been higher. Buyers are increasingly discerning—ruthlessly evaluating tools based on performance, ROI, and total cost of ownership. We expect a range of models to win in this new era: from next-gen platforms and open core products to AI-enabled services, clean abstractions, and systems that meaningfully reduce operational burden or cost. The next generation of infrastructure will be defined by products that are pragmatic, performant, and deeply aligned with how modern teams build.
As always, if you're building anywhere in the infrastructure stack, please feel free to reach out to jacob@headline.com and ram@headline.com to connect.