Does Generative AI Pose a Threat to Industry Analyst Firms?
Oliver Rochford, a former Gartner Director of Research and a futurist, posted an insightful take on Microsoft’s recent paper on the impact of AI on various roles. There has been plenty of talk about how LLMs spell doomsday for McKinsey and management consultants in general. There should be more reflection on the part of Gartner, Forrester, IDC, Omdia, and S&P Global. I have been thinking about this since January of 2023 when we first made use of OpenAI to enrich our data on 3,000+ cybersecurity vendors.
I have seen the list of threatened job roles put out by Microsoft Research which is derived from an analysis of hundreds of thousands of chat conversation with Bing/Copilot. I asked ChatGPT 4o to read the paper for me and extract the relevant statements about the industry analyst role.
They are:
1. AI is highly applicable to industry analysis-related tasks
The paper explicitly notes that intermediate work activities (IWAs) such as:
“Analyze market or industry conditions”
“Research historical or social issues”
“Evaluate products/technologies”
“Gather info from various sources”
“Interpret language/cultural/religious info”
“Present research/technical info”
“Maintain knowledge in area of expertise”
are frequently found in both user goals and AI actions. These activities are central to the job of industry analysts, and AI systems are already being used to assist or perform them.
4o also created a nice chart.
I agree with the paper’s conclusion the the industry analyst role will be (has been) augmented by AI. Every industry analyst should be using AI every day to perform the tasks above.
But these tasks in no way reflect what LLMs have made possible. AI is fundamentally changing the game, and yes, traditional research advisory firms will be threatened, but inevitably, they will adapt.
We were lucky at IT-Harvest. We had spent over a decade discovering and tracking data on cybersecurity companies. By 2022 we had published that data in Security Yearbook three years running. Data became a critical superpower for us.
One thing that industry analysts do all day is categorize vendors. If you have ever briefed an analyst you know that the first 15 minutes can be consumed by the analyst as he/she figures out what pigeon hole your company fits in. This can be extremely difficult. As a rule, vendors attempt to mask what they do on their website. Only recently have LLMs become accurate in categorization.
The other thing LLMs are bad at is creating complete lists. My test case for all the deep research tools is: “List all the cybersecurity vendors headquartered in Canada.” Here is what 4o delivers:
Thirteen. Compare that to the 137 in the IT-Harvest Dashboard.
Deep research models are not very good at completeness.
But LLMs are extremely good at reading/extracting/summarizing. So if you have done the hard work of compiling complete data on all the players you can assemble a powerful knowledge base. You can scrape all the information from a vendor’s website and extract detailed descriptions of all of its products. The average cost is $.50 but a vendor with lots of products, like Fortinet, can cost $14 to ingest and extract. You can pass each product back to an LLM and ask it to provide a mapping to NIST CSF 2.0, CIS, or MITRE. You can also gather deployments, integrations, and, in 30% of cases, find pricing data on line.
When you are done building such a platform on the back of LLMs you will have created a force multiplier. That is what we have done and it does provide a challenge to traditional analyst firms. Most analyst firms cover only about 3.5% of the market for cybersecurity. While their analysts will be quick to label an emerging technology category they may never write about any of the participants or cover them in a Magic Quadrant, or Wave. Analyst firm coverage, like that of LLMs, are weighted towards popular (large) companies. They cannot answer questions that require completeness.
How many of the 111 US cyber companies founded in 2023 have grown so far in 2025? Not a single two year old company is covered by the major analyst firms. And yet, it is highly likely that one of these is the Palo Alto Networks or Crowdstrike of the next decade. The answer: 79 of these have grown in the first seven months of 2025.
This is the future of industry analysis and we are paving the way. Imagine what we will be able to do with each new generation of LLM!
Are you an industry analyst? Investment researcher? Security architect? Reach out to have your mind blown.
Great article and well covered angle. There are others, though. I can’t imagine a CISO justifying a purchase because ChatGPT recommended it…
And then there is this other topic of the customer and vendor interactions, real life ones.
Yeah, Harvest is faster than any analysts and I can see a showdown coming up between the analyst firms. ;)