The new wave of IT and cybersecurity tools
Enterprise IT is being rebuilt on both ends at once. On the user-facing side, AI-native ITSM platforms and conversational helpdesks are quietly replacing the ticket queue. On the threat side, AI-aware security tools are dealing with the new reality — deepfake phishing, autonomous bot traffic, and the fact that half the things hitting your stack are not humans anymore. Underneath, the unsexy work continues: a mainframe-modernization wave that finance and government finally have to take seriously, and a data-center buildout that has run into the laws of thermodynamics.
We focused on IT and cybersecurity tools an enterprise IT or security team would actually deploy. We skipped AI infrastructure (LLM gateways, vector DBs, agent control planes) and pure developer tooling — both are interesting categories, but they belong in separate posts.
How we picked these tools
We scanned every IT-tagged product ingested into Product Lookout in the last thirty days, then filtered by three criteria:
- Built for the enterprise IT or security buyer. A CIO, CISO, IT director, or security engineer should be able to look at it and immediately see where it fits.
- Solves a real, recurring problem. Not a novelty — a workflow, threat, or piece of legacy that is currently consuming meaningful budget and headcount.
- A specific point of view. Each of these has a clear thesis about which corner of the IT stack is most broken and worth rebuilding from scratch.
Cybersecurity in the AI era
The threat surface changed faster than the defenses did. Three products this month are different swings at "what does security mean when the attackers, the traffic, and increasingly the testers are all AI-driven."
Frame Security
Frame Security is an AI-powered human risk platform that delivers personalized security awareness training, deepfake phishing simulations, and employee risk scoring. The "human risk" framing is the right one for 2026 — the perimeter has been gone for years, and the actual attack surface is the employee who is one convincing voice clone away from wiring money to a fake CFO. Frame builds the training, runs the simulations (including deepfakes), and gives security teams a real risk score per person to focus on.
Why now: the marginal cost of a convincing phishing email or voice clone has dropped to near zero, while the average employee’s ability to detect them has not improved at all. The asymmetry has to be closed somewhere.
Cerberus
Cerberus is an AI-powered penetration testing agent that uses formal proof-carrying execution to mathematically enforce scope restrictions, preventing destructive or out-of-scope actions. AI pen testing is one of the most obvious applications of agents to security work — humans are scarce, attacks are infinite — but the obvious objection ("an autonomous agent in my production environment, what could go wrong") has slowed adoption. Cerberus’s answer is formal proofs of scope. If the proofs hold up under audit, this is the version of AI pen testing that risk and compliance teams will actually approve.
Known Agents
Known Agents is a bot and AI agent traffic analytics platform that gives website owners real-time visibility into crawlers, scrapers, and AI agents — with LLM referral tracking, automatic robots.txt management, bad bot blocking, and agent identity verification. Sits at the intersection of security, web operations, and the new SEO. Every IT team running a public web property now has to answer the question "which AI agents are allowed to hit our site, and which are not." Known Agents is the most credible answer we have seen so far.
AI-native IT service desk
The other big shift in IT this year is on the service-desk side. The "submit a ticket, wait three days" workflow is finally getting rebuilt around the channels employees actually use — Slack and Teams — with AI agents that can actually take the action, not just open a ticket about it.
Modern
Modern is an AI-native ITSM platform that automates IT service desk, access management, and employee workflows for enterprise teams via Slack and Teams. The platform play in a category that has historically belonged to ServiceNow and Jira Service Management. Modern’s bet is that the next generation of ITSM will be conversational by default and that the unit economics of AI-driven first-line resolution change which buyers can afford a real ITSM tool — pulling that category down-market into the mid-size enterprise.
OpenIT
OpenIT is an open-source IT helpdesk desktop app powered by Claude Code that handles employee Slack tickets and learns to automate resolutions over time. The open-source counterpart to Modern — smaller scope (Slack-first, desktop app), but credible for teams that want to self-host and own the data. The "learns to automate resolutions" loop is the interesting part: most IT tickets are variations on a few dozen recurring problems, and a tool that captures the resolution and replays it next time is exactly the kind of compounding value IT teams are starving for.
The great legacy modernization
Mainframes, COBOL, SAP, and the rest of the trillion-dollar pile of code that runs banks, governments, and Fortune 500 ops have spent fifteen years being "about to be modernized." AI is finally making the economics work — three products this month are different bets on which legacy stack falls first.
Tessera Labs
Tessera Labs is a multi-agent AI platform that accelerates enterprise ERP modernization, data harmonization, and legacy code remediation — compressing what used to be multi-year projects into weeks. The pitch hits the exact pain point every CIO at a large company knows by heart: the SAP migration that has been on the roadmap since 2019. Tessera’s thesis is that the modernization timeline was never really limited by capability, it was limited by the cost of senior consultants. AI agents change that math.
Nova Intelligence
Nova Intelligence is an agentic AI platform for SAP teams that triples developer productivity across documentation, code modernization, development, and analysis. More focused than Tessera — SAP only — which is either a feature or a bug depending on your stack. SAP modernization has its own deep specificity (ABAP, S/4HANA migration, the partner ecosystem) that a horizontal tool will not fully solve. Nova is built for the team that lives inside that world.
Hypercubic
Hypercubic is an AI-powered platform for mainframe modernization that helps enterprises understand, maintain, and transform COBOL-based legacy infrastructure. The COBOL problem is the most extreme version of the legacy problem — the engineers who wrote it are retiring, the documentation does not exist, and the systems still process trillions of dollars a day. Hypercubic is targeting the financial services, government, and healthcare buyers for whom "rewrite the mainframe" has been a polite fiction for two decades.
Modern infrastructure: data center, cloud, endpoint, file storage
Beneath all of the above sits the actual physical and digital substrate — and it is having a moment. The data center is bumping against thermodynamic limits, Kubernetes secret management is still a known mess, file storage is finally being rebuilt for data sovereignty, and the last-mile problem of running Windows apps on Linux desktops never quite went away.
Madrone
Madrone provides data center cooling using a novel thermodynamic process — reducing power and water consumption by 30 percent without mechanical chillers. With AI workloads pushing data center power demand to genuinely concerning levels, cooling efficiency is becoming a binding constraint, not just a line item. Madrone is a deep-physics bet on the unglamorous infrastructure that everything else runs on. The CIO at a company building or expanding a data center this year should at least know this category exists.
Kloak
Kloak is an agentless Kubernetes secret manager that uses eBPF to replace credential placeholders with real secrets at the network edge. Kubernetes secret management has been a known footgun forever — Vault is heavy, native Secrets are not actually secret, and every team ends up with some half-built sidecar pattern. Kloak’s eBPF approach is the first genuinely novel architectural answer we have seen in a while. Worth a look for any platform team that has felt that pain.
Sync-in
Sync-in is an open-source self-hosted platform for file storage, sharing, synchronization, and real-time collaborative editing — with full data sovereignty. The Nextcloud problem space, rebuilt with modern collaboration features baked in. The buyer is the IT director at a government agency, healthcare system, or European enterprise where "we cannot put this data in Google Drive" is a hard constraint and the existing self-hosted options feel a decade old.
Winpodx
Winpodx is an open-source Linux tool that runs Windows apps as native Linux windows using a containerized Windows instance and FreeRDP RemoteApp. A small, focused open-source utility for the specific pain that mixed-OS IT shops know well: one legacy Windows app holding back an otherwise-Linux fleet. Not a platform play — just a clean fix for an annoying problem, and the kind of thing IT teams quietly love.
Frequently asked questions
What are the best new IT and cybersecurity tools in 2026?
On the security side, Frame Security leads in human risk and phishing defense, Cerberus is the strongest AI penetration testing tool we have seen, and Known Agents is the right answer for bot/AI traffic visibility. For ITSM, Modern (enterprise) and OpenIT (open source) are the most credible AI-native helpdesks. For legacy modernization, Tessera Labs, Nova Intelligence, and Hypercubic each lead in their slice (ERP, SAP, mainframe). Pick based on which problem is actually consuming your team’s capacity.
Are AI penetration testing tools safe to run in production?
The category-leading tools (Cerberus is the example here) ship with formal scope guarantees, audit logs, and approval gates for any destructive action. The risk profile is closer to a scoped, automated red team than to a fully autonomous agent. The right way to introduce them is the same way you introduced any new pen test vendor — start with a narrow scope, validate the audit trail, expand from there. Treat the AI as a tool, not a magic wand.
Is AI-native ITSM ready to replace ServiceNow or Jira Service Management?
For mid-size enterprises, increasingly yes — the AI-native tools (Modern, OpenIT, and others) handle the long tail of common tickets at a unit cost the legacy platforms cannot match. For very large enterprises with deeply embedded ServiceNow workflows, the migration cost is real and the replacement timeline is years, not months. The pragmatic pattern most CIOs are running: layer AI-native tooling on top of the existing platform for first-line resolution, and let the platform decision get re-litigated at the next contract renewal.
What is the difference between AI infrastructure tools and AI-powered IT tools?
AI infrastructure tools (vector databases, LLM gateways, agent control planes) are the picks-and-shovels for teams building AI products themselves. AI-powered IT tools (Modern, Frame Security, Hypercubic, etc.) apply AI to a traditional IT or security workflow. Both are worth tracking, but they have different buyers, different risk profiles, and different roadmap considerations. This post focuses on the second category — tools that change how an IT or security team operates day to day.
How urgent is mainframe and ERP modernization in 2026?
More urgent than it has been in a decade. Two compounding pressures: the engineers who wrote the original systems are retiring out of the workforce, and AI agent tooling has finally made the modernization economics work at sub-consulting-firm prices. The CIOs taking it seriously this year are not the ones with the worst legacy stacks — they are the ones who can see the writing on the wall and want to move while the AI-modernization vendors still have capacity to take the work.
Where this is heading
The shape of the enterprise IT stack in 2027 is already visible in these twelve products. The help desk is conversational and self-improving. The security training program runs deepfake simulations. The pen test is an audited AI agent. Bot traffic is a measured, managed surface, not background noise. The SAP migration that has been on the roadmap for five years actually ships. The mainframe gets a second act. The data center cools itself with physics rather than chillers. And the boring problems — secrets management, file storage, the one legacy Windows app — get the focused open-source fixes they always deserved.
We will keep tracking this category on Product Lookout. If you are building or running an IT or cybersecurity product that is changing how a team works, tell us — it might be in the next post.