H1 2026 CEO Customer Letter

Dear Customer,

Six months on from my last letter, the questions we're being asked have changed. The fundamentals are the same, but the time and speed at which we all have to execute has transformed.

Unsurprisingly, this letter has an agentic and Frontier AI theme.

The half in summary

I spent this half largely with you.

Sharing the stage with you and your colleagues at ISF's North American Conference. On stage once again at the Cyber Risk Institute's Annual Meeting in Arlington, alongside regulators from the OCC, the Federal Reserve, NYDFS and NIST. At FS-ISAC in March. At the RSA event in San Francisco. At Infosecurity Europe in London. In your offices. On calls and conversations.

The pattern was consistent.

The way the cyber conversation gets framed has shifted, yet what sits underneath has not. More than ever, our customers need trusted controls data - a trusted view of what they have, who owns it and whether their controls are working. They also need to prioritize the gaps based on business criticality and threat. But what has dramatically shifted is the speed of response and execution.

Three things I'd like to highlight in this update:

    1. Frontier AI. Our customers are all reacting to this 'Mythos moment'. We've spent a lot of time with customers to develop a clear response on how we can help. Three capabilities are helping customers respond to Frontier AI: Compound Risk (GA in Nov 2024), Business Service Lens (GA in Jan 2026) - referenced as Important Business Services in my last letter, and the AI Governance Cyber Control Domain (GA in Feb 2026).
    2. The second wave of AI capabilities is live in the platform. The IQ Suite (MetricIQ, DashboardIQ and ScorecardIQ) went GA Dec 2025. The AI Cyber Advisor, which we were still developing when I last wrote, moves into the default Panaseer platform after this month (GA June 2026).
    3. We've modernized our Customer Experience function. We're already seeing faster time to value, stronger tracking of business outcomes, and more expertise and best practice available to all our customers. It's a similar shift to how we modernized the platform a few years ago, driven by a focus on demonstrable customer value and standardization (what many of you have asked us for). We restructured the organization and added new roles. You'll feel the new focus on business outcomes and business processes. You'll see more opinion and recommendations too, built on 12 years of CCM experience across many industries, learning and sharing the insights from the 140 average users at our customers and the data insights from processing over one trillion records per month.
“No other company does what Panaseer does. Other tools are too manual and time consuming, whilst others can do some [of what the platform offers] but nothing compared to Panaseer.”

Customer CISO

Operational excellence

We're building a content library to share best practice across our customer base with the best ways to operationalize Panaseer and get the most value from it.

I wrote about the first example in H2 2025 - the Four Levels of Operational Excellence - for how the most mature customers were operationalizing Panaseer. Six months on, after sharing that model on stage at CRI, on stage at ISF and in many CISO conversations, the operating model is even more relevant today in managing the fast-changing environment.

The questions have not changed:

  • Can you see your controls?
  • Can you tie them to a business outcome?
  • Can you hold the right people accountable?

What's changed is how little time you have to answer them, the cost of getting any of those answers wrong, and how often you're being asked.

Read the latest thought leadership

Jonathan Gill, CEO

The little things

In line with the tradition of the last few years, two customer leaders were promoted this half. Congratulations again.

Read next

Themes from our customers

What we're hearing from you

Next page