What's in Store for Open Source in 2026

As 2025 draws to a close, many of us find ourselves reflecting on a year of remarkable change and looking ahead to what lies beyond the horizon. The end of the year often brings a mix of reflection and anticipation, a time when the open source ecosystem pauses to take stock and to imagine what the next chapter might bring.

In that spirit, I'd like to share a few thoughts on the forces shaping open source as we head into 2026. The past year has seen emerging trends poised to influence not only the open source ecosystem but also the broader technology industry and the many sectors that depend on it. From governance and sustainability to the evolving role of open collaboration in driving innovation, the ripples we saw in 2025 are likely to become powerful waves in the year ahead. 

Prediction 1: As Agentic AI deployments accelerate, many enterprises will shift away from proprietary pilot solutions toward open source AI tooling that helps them integrate agentic workflows with their existing applications and data.

The promise of agentic AI is unmistakable. What enterprises are struggling with is the move from controlled pilots to real production environments that must operate within the constraints of their current systems. Many proprietary agentic platforms remain optimized for "green field" use cases, making them poorly matched to the complex mix of legacy data assets and workloads that are prevalent in enterprise environments.

For agentic AI to deliver real enterprise value, it must operate within existing operational, reliability, and performance constraints. For example, an agentic system that can't talk to Java systems - the lingua franca of enterprise computing - is effectively cut off from the most critical operational data, workflows, and decision-making contexts. Forcing enterprises to adopt a parallel, Python-based infrastructure in order to deploy AI systems will delay adoption and significantly increase security, performance, and scalability risk.

Open source tooling will play an increasingly important role in solving these challenges. Eclipse LMOS and its Agent Definition Language (ADL) provide one model-neutral option for defining agent behaviour in a structured and maintainable way. LMOS is already in production at Deutsche Telekom, powering an award-winning bot and consumer-facing AI system that processes millions of service and sales interactions across several countries. At the same time, enterprises will have multiple viable open source choices that fit different architectural and operational needs.
Another highly visible growth area in 2026 will be AI-enabled developer tooling. The launch of the Eclipse Theia AI IDE shows how open collaboration can deliver powerful AI development environments without locking teams into proprietary toolchains. The Theia platform allows organisations to choose their preferred LLMs, integrate contextual data through MCP, and build agentic workflows that align with internal security and compliance requirements. For many enterprises, this flexibility will be essential as AI-assisted development becomes part of everyday engineering practice.
Complementary work on projects like Eclipse Adoptium will continue to strengthen the foundation on which AI systems depend. Verified builds, signed binaries, and rigorous QA increase confidence that AI-enabled enterprise applications can be deployed with traceability and accountability.
Jakarta Agentic AI will also begin defining standard patterns for agentic workflows in enterprise Java, giving organisations predictable and interoperable ways to bring agentic capabilities into mission-critical systems.

Prediction 2: 2026 will trigger alarm over the CRA as companies around the world realise they are behind on compliance.

The EU Cyber Resilience Act is the world's first horizontal cybersecurity regulation, mandating secure-by-design and supply-chain security best practices. It comes with potential fines of up to €15 million or 2.5% of a company's global annual turnover. In 2026, it will become impossible to ignore. As the deadline approaches, many organisations will scramble to understand and meet the CRA's requirements, resulting in widespread urgency across global markets. 

Beginning September 11, 2026, the CRA mandatory vulnerability reporting requirements take effect, and every manufacturer selling products in Europe will be required to comply. Yet awareness remains alarmingly low, with just 12.3% of SMEs being aware of the CRA compared to 83.5% of very large enterprises. The gap between expectations and preparedness will become painfully clear.

There is, however, a silver lining. As compliance pressures increase, policymakers could emerge as the greatest champions of open source sustainability. The CRA explicitly places security responsibility on manufacturers and not on maintainers of open source projects, which could provide long-overdue clarity and support for the open source ecosystem. 

Initiatives like Open Regulatory Compliance (ORC) will help technology companies coordinate their CRA readiness, reducing duplicative efforts, mitigating risks, and protecting innovation. By working together on shared compliance frameworks, organisations can meet regulatory expectations while continuing to advance open source development.

Prediction 3: 2026 will be the year the industry reinvests in open source infrastructure. 

The global software ecosystem runs on open source infrastructure, yet for years, many global enterprises have relied on it without meaningfully contributing back. In September, I, along with many other open source stewards, called for greater support from businesses that benefit most to take a larger role in sustaining this critical infrastructure. Encouragingly, that call is already being answered. 

One example is Amazon's recent support for the Eclipse Foundation. This commitment strengthens multiple core services, including the Open VSX Registry, the vendor-neutral extension registry for the Visual Studio Code ecosystem that powers many AI-enabled development environments.

The Open VSX Registry is now one of the fastest-growing package registries in the world. It serves as the default registry for several leading AI developer tools, including Amazon's Kiro, Cursor, Google Antigravity, Windsurf, IBM's Project Bob, and others. In 2025, it averaged more than 110 million downloads each month. It now hosts more than 7,000 extensions from nearly 5,000 publishers. With strong enterprise engagement and open governance, the registry is becoming a central distribution hub for the next generation of AI software development tooling.

In 2026, we will also see open infrastructure providers, including the Eclipse Foundation, explore new ways to align funding with commercial and enterprise usage while maintaining openness for general and individual use. Each ecosystem will take its own path, and some experimentation will be needed to achieve the right balance, but the direction is clear. These efforts will strengthen open infrastructure and help ensure that essential shared services remain reliable and sustainable for everyone who relies on them.

About Mike Milinkovich

Mike Milinkovich is a recognized industry leader and open source community champion with deep experience spanning software engineering, product management, and IP licensing. He has been the Executive Director of the Eclipse Foundation since 2004. In that role, he is responsible for supporting both the Eclipse open source community and its commercial ecosystem. Prior to joining Eclipse, Mike was a vice president in Oracle's development group. Other stops along the way include several startups, IBM, and Nortel Research.

As an industry leader, Mike has sat on the Boards of the Open Source Initiative (OSI) and the OpenJDK community, as well as the Executive Committee of the Java Community Process (JCP).