By Guest: Simon Ritter (LinkedIn)
Company: Azul
Show Name: Java Reloaded
Topic: Cloud Native
For years, the Oracle Java migration sat comfortably on enterprise roadmaps — a known problem, a future fix. In 2026, that runway has run out. Azul’s 2026 State of Java Report finds that 92% of organizations are concerned about Oracle’s pricing, and 81% are actively migrating to OpenJDK. Not evaluating. Not planning. Migrating. Simon Ritter, Deputy CTO at Azul, joined TFiR to explain what’s changed, what’s at stake, and what technical leaders need to do about it.
The immediate trigger is straightforward. Oracle’s licensing and pricing changes didn’t hit every enterprise at once — they hit on contract renewal cycles. Organizations that locked in at pre-change rates, or accepted one-year extensions on legacy terms, are now cycling off those agreements and confronting the new pricing reality head-on. “People have Oracle contracts that expire after one year, two years, or three years,” Ritter explained. “They’re being given a renewal price, and suddenly they’re looking at it and thinking, this is going to be really expensive.”
The flight to OpenJDK is well underway, but Ritter is clear that free doesn’t mean cost-free. Enterprises moving to an unsupported distribution give up SLA-backed maintenance and an on-call support organization — a hidden cost that becomes very visible the first time a production incident hits. This is where Azul positions itself: offering the open-source foundation with the enterprise-grade support layer organizations actually need.
Java’s resurgence in AI workloads is one of the more striking findings in the report. Sixty-two percent of enterprises are now leveraging Java for AI functionality — a signal that the industry has moved past experimentation and into production scale. The pattern mirrors what Java has always done well. Python dominated the early AI development cycle because data scientists needed fast iteration. But as those workloads move into the enterprise and need to support massive data volumes and large user bases, scalability becomes the constraint. “This is a classic situation we’ve seen previously,” Ritter said, “where people have started off using a particular technology because it worked well for a situation, and then discovered as they need to scale to more and more users, that Java is the thing that solves that problem.” There’s a compounding factor too — the vast majority of enterprise applications in CRM, ERP, and web services are already Java. Extending those with AI capabilities means Java isn’t a workaround; it’s the natural path.
Cloud cost pressure is the third pillar of the story. Azul’s report found that nearly three quarters of organizations have over 20% unused compute capacity. Ritter traced this back to a well-understood but underaddressed problem: Java’s JVM warm-up time causes teams to keep service instances idle in reserve rather than spinning them up dynamically. The resource sits there doing nothing, running up cost, because no one wants to absorb a performance dip while a new instance warms from cold.
Azul’s answer is CRaC — Coordinated Restore at Checkpoint — an open-source technology contributed to OpenJDK that freezes a running application at a specific state and restores it from that exact point on demand. The performance difference is stark. In a proof-of-concept using a Spring Boot application, a cold start using standard OpenJDK took four seconds to first transaction. With CRaC restore, that dropped to 40 milliseconds — two orders of magnitude faster. That speed removes the business case for keeping warm standby instances, and the cost savings follow directly.
Security is where the report surfaces a less obvious but equally urgent problem. Java’s 30-year history means many enterprise applications carry decades of accumulated code — features added over time, functionality no longer used, but never removed. Every unused library and dead class expands the attack surface and generates CVE noise that DevOps teams have to triage. “Nobody is really doing the work of saying, if that feature is not being used anymore, we can actually remove that code,” Ritter said.
Azul’s Code Inventory, part of its Intelligence Cloud product suite, approaches this at the runtime level. Because Azul controls the JVM, it can track class loading and method invocation across a running application over an extended period — six months or more — and produce a precise map of what code is actually being used. Inverting that map gives developers a clear, evidence-based list of what can safely be deleted. The result is a reduced attack surface and a smaller CVE workload for security and DevOps teams.
On Java version distribution, the report shows the market is largely rational. JDK 21 leads at 37%, followed by JDK 17 at 26% and JDK 11 at 24% — all Long Term Support releases. Notably, 18% reported already running JDK 25 in production, reflecting how manageable upgrades have become within the LTS cadence. The legacy tail remains real: 21% are still on JDK 8, and 9% and 11% are running JDK 6 and JDK 7 respectively. Azul remains the only JDK distribution provider still issuing security patches and bug fixes for both JDK 6 and JDK 7 — a meaningful differentiator for organizations that cannot upgrade.
Asked what single strategic move a CIO should make in 2026, Ritter’s answer was direct: look hard at efficiency. Reduce cloud over-provisioning, cut dead code, and eliminate the security overhead that comes with it. The Oracle migration is the catalyst, but the real opportunity is a leaner, more performant Java estate — one built to carry AI workloads, survive cost scrutiny, and run on infrastructure that isn’t paying for resources it doesn’t use.
