I made 5 predictions on New Year's Eve; here’s where I was wrong...
Six months later, here's the honest scorecard, and the one finding that should reshape your H2 AI budget.
Noise Free TL;DR
4 of the 5 predictions I made on New Year’s Eve held up. The browser call was half-right: the interface shifted like I said, but the “browser war” I implied didn’t play out that way.
The real story is prediction #5. “Buy won” was correct, but it matured into something more useful: hybrid wins, and the split between buy and build is now a governance decision, not a cost one.
Before your H2 budget locks, sort every AI use case into two piles: what you buy for consistency, and what you build for contained experimentation. They are not the same decision.
Only cost is your attention for the read. That said, I promise to make it worthwhile
Lead essay: Buy won… Then, it got more interesting.
I’ve been quiet for a while. Longer than I meant to be.
The predictions I made on New Year’s Eve had time to either age well or fall apart in public; I published five of them…. Before writing another word about where enterprise AI is heading, I owe you an honest accounting of where I already said it was heading, and whether I was right.
Short version: four held. One was half-wrong. I’ll get to the half-wrong one, because the miss is more instructive than the hits; as Chamath Palihiptya once said, “we’re either learning or we’re right” - one of my favourite quotes… but I digress - back to the predictions;
The prediction I want to spend real time on is the one I built the whole New Year lead essay around: build versus buy is over, and buy won. Six months later, that call holds. Menlo Ventures pegged it at 76% of enterprise AI use cases purchased rather than built, up from 53% the year before, and nothing since has reversed it. If anything the gap widened. Vendor-led AI implementations are running roughly 67% success rates against about 33% for pure internal builds.
So I was right; and being right turned out to be the least interesting part.
Here’s what I missed in December. I framed “buy vs. build” as one decision with one winner. Well, turns out it’s not (at least so far). It’s two different decisions wearing the same words, and the companies pulling ahead figured that out while everyone else was still arguing about the score.
The distinction isn’t cost; It’s the risk environment.
Think about where an AI system actually lives. Some of it sits in front of your customers, in the workflows where a wrong answer costs you trust, a contract, or a compliance finding. That layer has one job: be consistent. It has to behave the same way on Tuesday as it did on Monday, at 2 p.m. as at 2 a.m., for the tenth customer as for the first. You do not experiment there. You cannot afford to. This is exactly the layer where “buy” earns its 67%: a vendor with a hardened product, an SLA, and a support desk gives you reliability you’d spend eighteen months trying to build and still not match.

Then there’s the other layer. Internal. Behind the glass. The place where someone on your team wonders whether an agent could reconcile three messy data sources nobody has touched in years, or whether a model could draft the first pass of a document that currently eats a day of someone’s week. That layer has the opposite job: try wild things… Fail cheaply… The blast radius is contained because nothing customer-facing is exposed, so the cost of a bad experiment is a wasted afternoon, not a lost account.
Buy for the first layer; build, or assemble, or fine-tune, or duct-tape something together for the second.
I watch this play out constantly in companies that put AI directly in front of customers. When the AI is the product, the customer-facing layer gets treated like production infrastructure, because it is. Locked down. Monitored. Boring on purpose. And the wild ideas get a separate home, an internal sandbox where breaking things is the point and no customer ever sees the wreckage. The mistake I see mid-market teams make is collapsing these two into one policy. They either lock down everything, and kill the experimentation that creates any advantage, or they let a thousand experiments bloom and then act shocked when one of them touches a customer and breaks something that mattered.
The reason this matters more in 2026 than it did in December is that the tooling to run both layers finally shipped, in production form, over the spring. The vendors solved the mechanism. What most enterprises still lack is the operating model to decide what runs where. And that gap, capability shipping faster than governance, isn’t unique to build-vs-buy. It’s the thread running through all five of my predictions, which I’ll show you in the scorecard below. Cost, agents, browsers, vendor risk: every one of them comes back to the same root problem. The technology arrived, but the discipline to control it didn’t.
So here’s the decision I’d make before H2 budgets lock. Take your current AI spend and your planned AI spend, and run every line item through three questions. Is it customer-facing? Does it need consistency guarantees, an SLA, an audit trail? If it fails at 3 a.m., what’s the blast radius? Anything that touches a customer or carries a consistency requirement goes in the buy pile, and you pay for the reliability without apology. Anything internal, contained, and safe-to-fail goes in the build-and-experiment pile, and you protect it from the governance overhead that would smother it.
If your budget can’t be sorted cleanly into those two piles, you don’t have an AI strategy yet… You have a pile of tools and a hope…
That’s the signal: Buy won.. Now stop treating it like one decision!
Metric of the week
Four months
That’s how long it took Uber to burn through its entire 2026 AI coding-tools budget. CTO Praveen Neppalli Naga confirmed the overrun to The Information, saying the company was back to redrawing its assumptions. For context, Uber’s total R&D spend in 2025 was $3.4 billion, so this isn’t a small company that miscounted. It’s a sophisticated engineering organization that had even been running internal leaderboards ranking teams by AI tool usage, actively encouraging the consumption, right up until the bill arrived.
Signal: Pilot economics don’t predict scale economics for consumption-priced tools. A pilot runs on a few engineers using autocomplete. Production runs on the whole org running agents, and agentic workflows consume tokens at a rate that has nothing to do with what your pilot suggested. If you’re modelling your 2026 AI budget on pilot numbers, you’re not modelling. You’re guessing.
(Source: The Information, via Forbes, May 2026)
The scorecard
The four predictions I’m not building the essay around, and how they’ve aged.
Prediction #1: “Hackquisitions” become the default M&A playbook. Grade: correct, with a twist I didn’t call. The pattern held and then some. Big tech has run something like $40 billion through license-and-acqui-hire structures, with Nvidia’s $20 billion Groq deal as the headline. My advice, that your vendor’s independence has an expiration date, held up. What I didn’t predict was how fast the pushback would come. Senators sent letters to the FTC and DOJ, and FTC Chair signaled the agency is scrutinizing whether these deals dodge merger review. The playbook works, but it’s no longer running unwatched.
Prediction #2: Inference costs dominate your budget. Grade: correct. My strongest call, and I’ll say it plainly: told you so. Multiple 2026 analyses now put inference at 70 to 90% of enterprise AI budgets. The mechanism turned out to be sharper than I framed it: the agentic multiplier. Agentic workflows consume 5 to 30 times the tokens of the chatbots that justified the original business case. And here’s the paradox nobody budgeted for: per-token prices are falling while total bills explode. Uber blew its budget in four months. Nvidia’s own VP of applied deep learning has said AI costs are surpassing human labor costs for some work. Vendors are moving to metered pricing for agents. This one didn’t just come true. It came true loudly.
Prediction #3: The browser becomes the default AI interface. Grade: half-right. This is the miss. The core call held completely. The browser is now openly described as the new operating system for the enterprise, and I was right that governance wasn’t ready for it: work moved into the browser and security didn’t follow. What I got wrong was the framing. I implied a “browser war,” that a standalone AI browser like Atlas or Comet would win the interface. That’s not what happened. The incumbents defended the center. Chrome and Edge absorbed the AI features, Microsoft shipped “Edge for Business” as an enterprise AI browser, and the standalone challengers are fighting over single-digit-millions of users. The interface shifted, exactly as I said. But the action moved to securing the browser, not switching browsers. I called the destination and got the route wrong.
Prediction #4: Agentic AI creates a new category of enterprise risk. Grade: correct. In December this was a forecast. In July it’s a stack of incident reports. OWASP’s agentic security guidance went from cataloging hypothetical threats to cataloging real CVEs and breach reports. CISA and NSA issued a joint advisory recommending tool-call-level logging. The 82/88 gap in the metric above is this prediction, quantified. The risk category is here, it’s named, and most governance frameworks still don’t cover it.
1. Uber burned its 2026 AI budget in four months. A named CTO at a $3.4B-R&D company admitting consumption pricing broke his forecast.
Why it matters: it’s the clearest public proof that pilot economics don’t survive contact with production. (The Information / Forbes, May 2026)
2. Buy is still winning, at 76%. Menlo Ventures’ number held through the first half of the year, with vendor-led builds roughly doubling the success rate of internal ones.
Why it matters: the build-vs-buy debate really is settled; the live question is now how you split the two. (Menlo Ventures, State of Generative AI in the Enterprise, Dec 2025)
3. 88% of organizations hit an AI agent security incident. Against 82% executive confidence that policy already covered them.
Why it matters: the exposure isn’t ignorance, it’s misplaced certainty. (2026 enterprise security survey)
4. Work moved into the browser; security didn’t. A documented incident pattern plus a new category of enterprise-browser-security vendors, and Microsoft branding Edge for Business as a secure AI browser. Why it matters: if your AI governance still doesn’t mention the browser, it’s already behind.
(Microsoft Edge Blog, Mar 2026; The Hacker News, Apr 2026)
5. Regulators are circling the hackquisition. Senate letters and FTC signals that license-plus-hire deals may face merger review after all. Why it matters: the vendor-consolidation risk I flagged now has a regulatory-uncertainty risk stacked on top of it. (CNBC, Feb 2026)
Board-Ready Brief (1-Pager Summary)
You can download here (or click on the image below)








