Analyst(s): Fernando Montenegro
Publication Date: October 17, 2025
What is Covered in this Article:
- Key announcements from Cribl’s annual user conference, centered on its “agentic AI” vision and new offerings like Cribl Guard and Notebooks.
- An analysis of the company’s strategy to balance a forward-looking message with a pragmatic go-to-market motion focused on cost savings and market expansion.
- A look at Cribl’s competitive positioning as a vendor-neutral platform in a consolidating market and its “second act” push into analytics.
- Key areas to watch about the company’s future, including its ability to scale its customer-centric culture and evolve its product roadmap.
The Event – CriblCon 2025 – Warp Speed Ahead: With an irreverent and impeccably implemented Star Trek theme and drawing over 750 attendees from more than 300 organizations, Cribl’s recent CriblCon user conference centered its message on positioning its “Data Engine” portfolio as the foundational infrastructure for what it terms the “agentic AI era”. The company’s narrative is premised on two core challenges:
- Telemetry data is growing at roughly 30% annually, while budgets remain flat or shrink.
- Legacy data architectures were not built to handle the order-of-magnitude increase in query workloads expected from AI agents.
This new era, presented as an “epoch shift” akin to the PC or mobile revolutions, will require a fundamentally different approach to data management.
To address this future state, Cribl showcased several new AI-infused capabilities to its portfolio, centered around Cribl Stream. An interesting announcement was Cribl Guard, an offering designed to automatically detect and mask sensitive information like PII, PHI, financial data, and credentials in real time as it passes through a data stream. It leverages over 200 pre-built rules and an “agentic background detection system” that uses a purpose-built model to scan for sensitive patterns continuously. The company also introduced Notebooks, a collaborative user interface described as a “virtual war room” where multiple investigators can work together in a shared, persistent workspace that combines queries, code, charts, and context to document and accelerate investigations.
Platform enhancements focused on enterprise maturity. Cribl as Code, now in preview, provides APIs and a Terraform provider to move from “click-ops to hands-on keyboard” for programmatic and repeatable environment management. A new FinOps Center offers a dashboard for detailed visibility into usage and costs, enabling proactive spend control and forecasting. Cribl announced it has achieved FedRAMP In Process status for the public sector, with an anticipated Authorization to Operate (ATO) at Moderate in the coming months.
Underpinning these announcements was a frequently mentioned company culture focused on customer satisfaction and openness. Executives highlighted their prime directive of “customers first, always”, exceptionally high NPS scores, and the presence of numerous partners showcasing integrations at the event.
As Spock would say, “fascinating”.
Make It So: Cribl Charts a Course for the Agentic Frontier
Analyst Take: For many – though not all – enterprises, the concepts of optionality, choice, and control have become primary architectural goals. The desire to avoid vendor lock-in and maintain the flexibility to adopt new technologies is a powerful driver, and it’s this sentiment that forms the bedrock of Cribl’s market appeal. The company’s message is well-tailored to organizations that have experienced the pain and cost of more monolithic data platforms. They now seek to decouple their data infrastructure from their analytics and security tooling, both as a cost control measure and for future flexibility.
The central thesis of CriblCon was that this need for architectural freedom is about to become business-critical. The company is making a significant bet that AI agents will dominate the next wave of IT and security operations, and that the underlying data infrastructure will be a critical component. Acknowledging that AI was less well-defined just a year ago, CEO Clint Sharp argued that it has become a tangible factor that will reshape operations. This “agentic” narrative attempts to elevate Cribl’s value proposition from a tactical cost-saving tool to a strategic, future-proofing platform, essential for any organization planning to leverage AI. This vision, however, is firmly rooted in the world of security and observability telemetry; executives were clear that they are not, at this point, pursuing broader business data analytics.
A pragmatic go-to-market reality balances this futuristic vision. While the keynote focused on preparing for an AI-driven future, separate conversations with executives and customers confirmed that immediate, practical needs overwhelmingly drive the company’s current business. This pragmatic approach has been bolstered by high customer satisfaction with initial deployments. However, it is crucial for the company to maintain this level of satisfaction as it scales and customers move into “day 2” operational practices such as troubleshooting, capacity management, and more.
Maintaining this high level of satisfaction will be critical as Cribl executes its “land and expand” strategy. The strategy typically starts by establishing a beachhead with Cribl Stream in the security organization, where the high cost of SIEM platforms creates an immediate and quantifiable ROI. From there, the motion expands within security before a separate sales campaign targets the IT and observability buying center, where deals are often significantly larger.
In a market that is seeing increased consolidation, Cribl is positioning its vendor-neutral, open platform as its primary competitive moat, giving customers flexibility in how they ultimately analyze and act on their telemetry. The competitive dynamic here is that observability and security platform vendors are actively acquiring and/or integrating their own data pipeline technologies.
Cribl proposes this as validation of the category it helped establish. The core argument is that vendor-specific pipelines ultimately recreate the vendor lock-in customers are trying to escape. This “choice and control” message resonates most strongly in the upper end of the market, where complex, multi-vendor environments are the norm.
As Cribl pushes aggressively into its analytics “second act,” it will need to carefully balance allocating resources between innovating on new products like Search, Lake, and Lakehouse and continuing to invest in and support its flagship Stream offering, which remains the cornerstone of its customer relationships.
What to Watch:
The announcements and strategic direction presented at CriblCon highlight several key opportunities for the company as it grows. As Cribl evolves from a highly successful single-product offering to a multi-product platform, its ability to navigate this transition will be key.
- How will Cribl scale its acclaimed customer-first culture as it grows? Maintaining the “customers first always” standard that built its early loyalty will be vital for long-term success.
- As competitors bundle features, how will Cribl continue to emphasize the strategic value of its open architecture? The company has a significant opportunity to reinforce its position as the flexible standard in a consolidating market.
- Will a future need to link telemetry with business outcomes create an opportunity for Cribl to expand its data strategy? While the company is focused on telemetry, the growing need for business context presents a potential avenue for future expansion.
- How can Cribl adapt its more enterprise-focused offering to capture a wider audience? Its success with large, complex organizations provides a strong foundation for addressing more customers, though it must balance distinct customer needs.
The company’s recent press release and CEO blog post are available on its website.
Declaration of Generative AI and AI-assisted Technologies in the Writing Process: While preparing this work, the author used AI capabilities from both Google Gemini and/or Futurum’s Intelligence Platform to summarize source material and assist with general editing. After using these capabilities, the author reviewed and edited the content as needed. The author takes full responsibility for the publication’s content.
Disclosure: Futurum is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.
Analysis and opinions expressed herein are specific to the analyst individually and data and other information that might have been provided for validation, not those of Futurum as a whole.
Other insights from Futurum:
CIOs Prioritize Cybersecurity: Detection, Response, Ransomware Drive Spend
New Global CIO Survey Reveals 2025’s Defining IT Shifts
Author Information
Fernando Montenegro serves as the Vice President & Practice Lead for Cybersecurity & Resilience at The Futurum Group. In this role, he leads the development and execution of the Cybersecurity research agenda, working closely with the team to drive the practice's growth. His research focuses on addressing critical topics in modern cybersecurity. These include the multifaceted role of AI in cybersecurity, strategies for managing an ever-expanding attack surface, and the evolution of cybersecurity architectures toward more platform-oriented solutions.
Before joining The Futurum Group, Fernando held senior industry analyst roles at Omdia, S&P Global, and 451 Research. His career also includes diverse roles in customer support, security, IT operations, professional services, and sales engineering. He has worked with pioneering Internet Service Providers, established security vendors, and startups across North and South America.
Fernando holds a Bachelor’s degree in Computer Science from Universidade Federal do Rio Grande do Sul in Brazil and various industry certifications. Although he is originally from Brazil, he has been based in Toronto, Canada, for many years.
