With 2025 winding to a close, we've been reflecting on what we’ve learned and done this year. Across hundreds of customer conversations this year, the themes have been remarkably consistent. Whether speaking with digital natives operating at massive scale or public-sector organizations modernizing legacy environments, the core message was the same: cloud complexity has caught up with everyone.

The first theme was sprawl. Most organizations now run across multiple public clouds, private environments, and emerging GPU platforms. Each brings its own APIs and operational assumptions. Many customers told me they’ve successfully automated parts of their estate, but the overall environment still feels fragmented.

Operations leaders often tell us, in so many words:

“We know exactly how 20% of our infrastructure is managed. The rest is a mix of scripts, tickets, and hope.”

There’s clearly a need for a unified automation platform across the entire lifecycle, not just initial provisioning on Day 0. Customers want a single operational model for creating, updating, securing, and remediating infrastructure, with a consistent workflow that spans every cloud and environment.

Security leaders raised the same concern, but from a different angle. Identity and secrets sprawl continue to be top risks, especially now that we’re seeing huge growth in agentic non-human identities (NHIs) . CISOs and platform teams told us they need tighter integration across systems, better automation for credential hygiene, and improved identity governance for both humans and machines.

Finally, AI has accelerated many of these pressures. Teams increasingly rely on AI-generated configurations and told us they need policy, guardrails, and context to ensure that automation stays secure and compliant. This inspired our work on deeper context layers and our announcement of Project infragraph.

The themes we heard from our customers were also validated at scale through our 2025 Cloud Complexity Report. The findings showed that tooling sprawl is a leading blocker to cloud maturity, and that high-maturity organizations have anchored on a platform team providing shared services. For those high-maturity organizations, that standardization has accelerated developer velocity, strengthened risk posture and remediation agility, and reduced overall cloud costs. This gap between low and high-maturity organizations is only being accelerated by AI.

IBM and Red Hat integration focus

The IBM acquisition of HashiCorp was completed in early 2025. As part of the larger IBM and Red Hat family, we have a broader portfolio to act on the feedback we are hearing from customers. IBM brings enterprise reach, deep identity and FinOps capabilities, and decades of experience operating hybrid estates, all of which extend our ability to help customers simplify cloud operations.

As part of joining IBM, we’ve been focused on better integrating our products across the portfolio to deliver a unified platform rather than a set of isolated tools. That work focused on three major areas:

1. End-to-end infrastructure as code

One of the most common conversations we had this year was about how HashiCorp Terraform and Red Hat Ansible will work better together. Most customers are using the tools for what they are both great at, but there was previously a gap in how they should work together to enable a consistent workflow.

Working closely with the Red Hat team, we introduced Terraform actions, which provides a first-class mechanism to integrate tools like Ansible, both for Day 1 actions like initial setup of a VM after creation, and Day 2 for ad-hoc operational activities like patch management or operational runbook execution.

Terraform actions are a huge improvement to the ergonomics and workflow of integrating the two systems. We also invested in the official Ansible providers to enable better synchronization of inventory and broader coverage of resources.

Together, we want to enable an end-to-end infrastructure as code approach that spans the full lifecycle from initial provisioning through the ongoing management of infrastructure.

2. Platform-integrated security and post-quantum cryptography

We think security should be tightly integrated into developer platforms and enable a more secure-by-default approach, rather than trying to bolt on security. To that end, we have integrated HashiCorp Vault with platforms like Red Hat OpenShift and Ansible, and identity providers like IBM Verify. Even the IBM Z platform is now supported with Vault on LinuxOne.

IBM Research has a large focus on quantum computing — both creating quantum computing systems but also thinking about its impact on security and the need for Post-Quantum Cryptography (PQC). NIST recently approved a suite of PQC ciphers, three of which were invented by IBM Research. We have been working with the research teams to bring those PQC capabilities into Vault, to help our most security-focused customers begin their journey toward quantum readiness.

3. Shift-left of FinOps

IBM has a large investment in FinOps capabilities, spanning Apptio, Cloudability, Turbonomics, and Kubecost. While these products bring a rich set of capabilities for cost reporting, management, and optimization, they are often disconnected from the developer and operations workflows.

We want to integrate these products with Terraform so that we can close the gap between the teams provisioning infrastructure and those optimizing costs. The goal is to shift-left and provide immediate feedback on infrastructure changes that would exceed budget, or to provide optimization suggestions that could drop costs without impacting performance.

As part of this effort, we introduced an enhanced run task integration with Cloudability, and we have more in store for 2026 to make this a better experience.

Product highlights

While product integrations were a big focus of this year, our product teams have been busy with lots of other features and enhancements as well. Below are a few of the biggest highlights across the portfolio:

Terraform

• Terraform Stacks, which reached GA this year, reduce the time and overhead of managing infrastructure at scale by supporting multi-component and multi-environment deployments.
• Terraform actions introduce a way to codify and automate infrastructure operations by triggering both native provider actions and third-party tools outside of Terraform.
• Terraform search allows you to discover and import resources in bulk more efficiently and accurately.
• Module revocation helps streamline module management by revoking outdated or vulnerable modules.
• Private VCS access prevents your source code and static credentials from being exposed over the public internet.
• The Terraform MCP server enables more accurate and actionable configuration generation and enterprise workflow management. The new Kiro IDE integration has similar benefits in a native, easy-to-configure experience.

Packer

• SBOM storage enables teams to securely generate and store software bills of materials.
• Package visibility surfaces key SBOM insights so users can make faster, better-informed security and compliance decisions.

Nomad

• Dynamic host volumes allow volumes to be created on-demand directly via the API or CLI, eliminating the need for pre-configuration in agent files or client restarts that slow teams down.
• OIDC client SSO support with signed client assertions and PKCE gives users in finance, government, and other industries the security they need.
• Nomad client node introduction and identity provides an authentication mechanism for nodes to make RPC calls to Nomad servers.
• Continuing support for native NVIDIA GPU orchestration — including full support for Multi-Instance GPU (MIG) technology — enables efficient GPU scheduling and utilization for AI workloads.

Vault

• Support for SPIFFE IDs and issuing X509-SVIDs to Vault-authenticated non-human-identity workloads gives secure, traceable identities to NHIs like AI agents.
• HCP Vault Dedicated and AWS PrivateLink enable secure, low-latency, private connectivity that simplifies networking and reduces security risk.
• SCEP support enables secure certificate enrollment for legacy or resource-constrained devices.
• Constrained CAs provide organizations with tighter control, enhanced security, and reduced risk by limiting certificate scope, identity issuance, and trust boundaries.
• Vault usage reporting includes a dashboard to track secrets engines, leases, and access trends
• The Vault MCP server allows operators to perform automated Vault operations using natural language.

HCP Vault Radar

• HCP Vault Radar, which reached general availability this year, added the ability to import discovered unmanaged secrets directly to HashiCorp Vault so teams can centralize and rotate them instead of just getting alerts.
• The Vault Radar VS Code IDE plugin shifts secrets detection left into the coding environment by flagging hard-coded secrets in real time.
• The Vault Radar MCP server helps operators query secret scan findings in natural language and speed up triage/incident response.

Boundary

• Transparent sessions provide users with seamless remote access without changing existing workflows or tools.
• RDP credential injection improves security and streamlines user experience with passwordless access for RDP.
• Boundary's dynamic host catalog is extended to auto-discover and onboard virtual machines on Google Cloud.

Consul

• Consul MCP server helps you improve Consul security, operations, and management through natural language interactions with your preferred LLM.
• Consul External Service Monitor (ESM) no longer requires Consul agents, making it easier to deploy, manage, and maintain for external service discovery.
• USGv6 compliance allows Consul to run in IPv6-only environments required by federal customers.

HashiCorp Cloud Platform (HCP)

• Foundational work on Project infragraph brings context into a single model for humans and AI systems.

Across all the products, we are building with our Tao of HashiCorp, focusing on intelligent workflows that are flexible to new technologies like GPU clouds and AI platforms, identity-based security, and enabling infrastructure as code at the foundation of everything.

Looking ahead

This was another year of major changes, both for the broader industry and for HashiCorp. It is impossible to escape the broad impact of AI, both in terms of the complexity it brings to infrastructure estates. But it also offers many opportunities for managing the complexity more effectively.

We’ve been AI-enabling many of the products in our portfolio with MCP servers. Today, a large portion of new Terraform configurations is being authored by AI. However, to expand to Day 2 operations, context is king. That is why we are excited about our work on Project infragraph and bringing deep context to enable AI across the lifecycle.

Across security, we think AI is going to force organizations to get more serious about managing non-human identities. This means better governance, but it also means being able to thread identity through systems to have cryptographically verifiable identity from the initial caller (human or agent) through a chain of agents and systems, so that we can enforce access controls and ensure auditability and accountability.

As part of IBM, we want to help customers by providing a hybrid automation platform that spans the full range of concerns facing platform teams. HashiCorp has always focused on Infrastructure and Security Lifecycle Management, and now we can expand that focus. We’ve laid the foundation of those integrations this year but expect to see more work on bringing the suite of tools together.

I’m grateful to our customers, community, partners, and teams for their collaboration throughout the year. Thank you for making 2025 a banner year. Looking forward to where we can go together in 2026.