The AI landscape doesn't move in one direction — it lurches. Some techniques leap from experiment to table stakes in a single quarter; others stall against regulatory walls, technical ceilings, or organisational inertia that no amount of hype can dislodge. Knowing which is which is the hard part. The State of Play cuts through the noise with a rigorously maintained index of AI techniques across every major business domain — classified by maturity, evidenced by real-world adoption, and updated daily so you always know where you stand relative to the field. Stop guessing. Start knowing.
A daily newsletter distilling the past two weeks of movement in a domain or two — delivered to your inbox while the index updates in the background.
Each dot marks the weighted maturity of practices within a domain — hover for a brief summary, click for more detail
AI that identifies unusual data points or patterns across datasets, flagging potential errors, fraud, or emerging signals. Includes unsupervised anomaly detection and statistical outlier methods; distinct from fraud detection in finance which applies anomaly detection to a specific domain.
Anomaly and outlier detection uses unsupervised and statistical methods to flag unusual data points across security, healthcare, IoT, manufacturing, and operational monitoring. It is a general-purpose technique, distinct from domain-specific applications like financial fraud detection. Despite a decade of algorithmic maturity and aggressive vendor investment, the practice remains bleeding-edge: the gap between what algorithms can do in controlled settings and what they reliably deliver in production has not closed. Major cloud platforms are actively retiring first-generation standalone services—Microsoft retiring Azure Anomaly Detector October 2026 alongside AWS Lookout for Equipment EOL—signaling that these early offerings failed to solve core deployment challenges despite strong market growth (USD 6.15B in 2025, projected to reach USD 13.89B by 2030 at 17.7% CAGR). Practitioner testing documents persistent limitations: 7-day detection lag in AWS Cost Anomaly Detection, 4-day alert persistence after resource deletion, and operational false positive rates (40% conversion drop at >15% FP rate) that demand hybrid rule-based + ML approaches. Emerging bright spots—FinOps cost anomaly detection, ServiceNow warranty fraud automation, manufacturing visual inspection with 90% precision gains—demonstrate expanding use cases, but rely on domain-specific customization rather than generic solutions. The defining tension persists: a multi-billion-dollar market still lacks reliable, domain-agnostic deployment patterns.
The vendor ecosystem shows simultaneous expansion and consolidation. Major cloud platforms—Google Cloud, AWS, Databricks, AppDynamics, OpenSearch—now ship mature GA anomaly detection features, yet first-generation standalone offerings are being sunset: Microsoft retiring Azure Anomaly Detector October 1, 2026 (despite documenting multivariate detection APIs) and AWS discontinuing Lookout for Equipment. Platform embedding is the winning pattern: AppDynamics integrating anomaly detection with 48-hour ML training and automated root cause analysis; OpenSearch providing comprehensive detector lifecycle APIs for real-time and batch workflows; Databricks embedding anomaly detection in Unity Catalog for data quality monitoring (freshness/completeness). FinOps has emerged as the highest-confidence deployment vertical with AWS Cost Anomaly Detection GA adding ML-based root cause attribution (identifying up to 10 contributing factors) and multi-level seasonality handling, despite practitioner testing documenting 7-day detection lag and failure to persist learning after resource deletion.
Production deployments in core domains remain sparse and customization-heavy. ServiceNow shipped production anomaly detection (v1.1.2, April 2026) for OEM warranty fraud prevention, reducing warranty leakage through multi-modal anomaly detection (duplicate submissions, mismatched parts, reused images). Empirical research on 118 field-deployed industrial machines shows TCN-AE autoencoders (F1: 0.991) vastly outperform classical methods (Isolation Forest F1: 0.120) on complex time series, validating that architectural alignment with data structure drives production success. Power grid intrusion detection achieves sub-4ms latency (1.118ms for GRU-AE at F1=0.8737) on hard real-time constraints. Manufacturing visual inspection emerges as credible deployment category with Zensar documenting 90% precision improvement over rule-based baselines in production sensor deployments.
The persistent blocker is operational reliability at scale—two unresolved challenges: false positives and model drift. Practitioner review of AWS Cost Anomaly Detection documents limited granularity (UsageType level only, not resource ID) and 4-day alert persistence after triggering resource deletion. NASSCOM analysis of fraud detection systems (anomaly detection application) identifies generalizable production barriers: data drift degrading performance 20-40% within months, sub-100ms latency requirements blocking legitimate transactions, >15% false positive rates causing 40% conversion drop and customer churn, and scalability breaking at 10K+ TPS. Real-world deployment experience confirms threshold tuning and model adaptation remain expensive with limited ROI visibility. Market growth (USD 6.15B in 2025 to USD 13.89B by 2030, 17.7% CAGR) is driven by regulatory pressure and fraud-prevention economics rather than demonstrated detection effectiveness. Geopolitical escalation (US-Iran tensions) accelerates cybersecurity budget allocation despite persistent practitioner skepticism about AI-based reliability. The fundamental skepticism persists: vendor product lifecycle changes and practitioner preference for hybrid rule-based + ML approaches signal that domain-agnostic anomaly detection remains unresolved.
— AWS industrial equipment anomaly detection product GA with named customers (Koch Ag, CEPSA, GS EPS); critical negative signal: discontinuation October 7, 2026, indicating first-generation standalone products failing despite adoption.
— ARGUS production deployment on Azure Kubernetes for 5 months processing 100+ incidents; multi-algorithm ensemble reduced time-to-insight by 94%, validating closed-loop anomaly detection + LLM root cause synthesis in production.
— Financial services firm deployed anomaly detection for IAM: 92% false positive reduction, 85% alert volume reduction from 15K daily alerts (75% FP baseline), with Gartner validation of 80% FP reduction potential in security contexts.
— Critical assessment of realistic anomaly detection capabilities (80-90% vibration accuracy, 70-85% current-signature) vs vendor marketing claims; identifies three reliably solved cases and four key production barriers (unpredictable failures, novel equipment, multi-cause modes, decay). Realistic ROI: 3-6x over 3 years.
— TIMEWELL 2026 independent analysis of manufacturing AI with vendor and enterprise deployment comparison; documents ROI metrics and implementation patterns for anomaly detection-based predictive maintenance across industries.
— IBM Research ICLR 2026 paper proposing post-hoc conformal anomaly detection leveraging pre-trained foundation models without fine-tuning; addresses industrial deployment barriers: limited data, lack of ML expertise, immediate inference.
— Named customer Purina North America: $11M cost avoidance and 277 hours unplanned downtime avoided in 2024 via Augury anomaly detection; 74% of manufacturers still rely on manual preventive maintenance, signaling adoption gap.
— OpenSearch GA anomaly detection API with full detector lifecycle (create, validate, run, stop, delete) and real-time or batch workflows, demonstrating open-source platform maturity.
2016: Early production deployments at scale (IBM backup systems, healthcare EEG), standardized benchmarking research, and growing academic recognition via dedicated conference tracks. Core challenge: managing false positives in noisy operational data.
2017: Community-driven standardization accelerated with PyOD—an open-source Python library integrating 50+ algorithms—establishing a common framework for practitioners. Comparative research expanded across domains (Earth observations, environmental monitoring) while cybersecurity practitioners documented persistent false positive issues, validating the need for better threshold optimization and machine learning-based behavioral systems.
2018: Vendor platform integration deepened with Oracle embedding anomaly detection in both Database and Analytics Cloud products. Critical infrastructure application expanded: Kaspersky piloted MLAD (LSTM-based anomaly detection) for operational technology security. Research extended the practice into new domains—industrial system monitoring, video surveillance (CVPR 2018), and more efficient algorithms (CAPA for point/collective anomalies). The practice evolved from domain-specific deployments into mainstream enterprise tooling.
2019: Cloud vendors accelerated adoption with AWS QuickSight and Oracle SQL Developer releasing GA anomaly detection features. Open-source ecosystem matured with ELKI 0.7.5 providing comprehensive outlier detection algorithms. Deep learning became mainstream methodology with comprehensive survey synthesizing cross-domain adoption. IoT, operational monitoring, and DevOps deployments documented significant research activity, though false positive and threshold tuning challenges persisted across application domains.
2020: Oracle Data Miner 20.2 integrated one-class SVM anomaly detection in SQL workflows. Research matured with comprehensive surveys (Pang et al. deep learning taxonomy, big data and IoT specialization). Critical benchmark assessment (Wu & Keogh) exposed flaws in popular time-series evaluation datasets, signaling methodological rigor gaps despite algorithmic maturity.
2021: Oracle Cloud Infrastructure launched Anomaly Detection service (July), confirming major vendor expansion. Research consolidation accelerated with multiple comprehensive surveys (deep/shallow unification, isolation-based methods, online time-series detection, IoT applications). Heightened critical assessment: Kim et al. revealed that point-adjustment evaluation protocols allowed random baselines to achieve state-of-the-art results, exposing systematic bias in methodology claims. Applied deployments validated in clinical research (>85% sensitivity) but reinforced data quality and threshold optimization as persistent deployment barriers. The practice remained in bleeding-edge phase despite mature algorithms and productization.
2022-H1: Vendor consolidation continued with Oracle releasing Database documentation and SQL Developer query node for GA anomaly detection (May 2022) alongside existing OCI service; open-source ecosystem expanded with Anomalib library enabling real-time edge deployment. Critical research challenged maturity claims: ICSE 2022 paper found log-based detection "unsolved," IEEE Transactions paper demonstrated algorithm performance is context-dependent, and large-scale evaluation revealed no universal winner and inconsistent prior protocols. Domain applications extended into industrial defect detection, autonomous driving, and smart agriculture. MIT-IBM demonstrated real-world deployment on power grids and traffic with graph-aware methods outperforming baselines. Persistent tension: productized and deployed, yet methodologically contested evaluation and required case-specific tuning prevented confident maturity claims.
2022-H2: Cloud vendor platform expansion accelerated with AWS Lookout for Equipment providing production anomaly detection for manufacturing environments, and continued Oracle platform maturity. Real-world deployments validated: healthcare cohort study using Contextual Matrix Profile achieved 84.3% recall detecting UTIs in dementia patients; Databricks demonstrated production-ready near real-time fraud detection using Isolation Forest integrated with Delta Live Tables. Critical assessment intensified: IEEE AITest 2022 revealed fundamental reliability issues across popular implementations (10-73% validation failures, 19-98% nondeterminism), and UC Riverside researcher identified systematic methodology flaws affecting 95% of time-series anomaly detection papers. IJCAI comparison study provided empirical guidance for algorithm selection based on data characteristics. The practice remained bleeding-edge: productized, vendor-integrated, and operationally deployed across manufacturing and healthcare, yet constrained by implementation reliability flaws and research methodology weaknesses that prevented confident maturity claims.
2023-H1: Vendor platform consolidation continued with Oracle OCI Anomaly Detection significantly expanding (univariate detection, multivariate improvements, asynchronous APIs for 1B+ data points). Market adoption accelerated: Grand View Research forecast USD 14.59B market by 2030 (16.5% CAGR). Research consolidated around applied domains—surveys on autonomous driving perception datasets, IoT anomaly detection across industrial and healthcare systems, and deep learning for log-based incident detection. Field showed maturation toward interpretability and explainability for safety-critical applications. Domain applications expanded across autonomous vehicles, smart cities, healthcare diagnostics, and industrial monitoring. Persistent tensions remained: vendor support and market growth masked methodological questions on evaluation rigor and algorithm context-dependence, requiring case-specific customization for reliable deployments.
2023-H2: Vendor ecosystem showed churn with Microsoft deprecating Azure Anomaly Detector by October 2026, despite market growth projections (USD 14.59B by 2030). Practitioner deployments documented: DBAs using custom SQL-based anomaly detection for Oracle performance analysis; manufacturers applying unsupervised methods for defect detection. Critical barriers documented: research showed false positives in unsupervised industrial defect detection and continuous model retraining required to prevent drift in deployed AIOps systems. Meta-survey synthesizing 25 prior surveys revealed persistent methodological tensions in benchmarking. Practice remained bleeding-edge despite market signals—productized and deployed across manufacturing, IoT, and DevOps domains, yet constrained by unresolved challenges in false positive management and model maintenance.
2024-Q1: Ecosystem churn intensified with Oracle discontinuing dedicated OCI Anomaly Detection service (deprecation announced March 2024, EOL March 2025), signaling vendor consolidation despite growing market. Research shifted to emerging modalities: LLM integration showed paradigm shift for detection capabilities; visual and video anomaly detection expanded into industrial defect inspection and surveillance domains with real-world deployment metrics (89.39% effectiveness retention in online learning). Methodology matured with large-scale benchmarking revealing tree-based algorithms match or exceed deep learning on univariate data, challenging DL dominance. Critical limitation signals persisted: detection latency identified as overlooked deployment dimension in railway and IIoT systems; Anomalib open-source adoption showed real-world challenges (thesis project achieving 0.32 accuracy on custom defect data). Market projections increased to $6.8B–$15.6B by 2030 at 12.5% CAGR, yet fundamental barriers—latency sensitivity, algorithm context-dependence, model drift in production—remained unresolved. The practice remained bleeding-edge: expanding modalities and vendor ecosystem activity masked persistent deployment challenges requiring case-specific engineering and continuous maintenance.
2024-Q2: Market adoption accelerated with reported $4.9B global anomaly detection market (15.1% CAGR through 2031), driven by enterprise cybersecurity demand (KPMG survey: 40% of $1B+ companies experienced recent breaches). Research maturity expanded into specialized domains: comprehensive surveys on graph-structured anomaly detection (financial networks, social systems) and video anomaly detection with vision language model integration for surveillance and healthcare. Practitioner knowledge disseminated through operational tutorials (flood warning systems, SQL-based real-time detection). Critical assessments continued: SPIE conference paper documented fundamental detection capability boundaries (minimum defect size recognition limits). Ecosystem remained in transition with Oracle deprecation completed (March 2025 EOL), yet market growth and research expansion into multimodal approaches (graph, video, LLM-enhanced) signaled maturation toward diverse deployment scenarios. Fundamental challenges—false positives, threshold tuning, latency sensitivity—remained largely unresolved despite methodological advances. The practice remained bleeding-edge: market-driven adoption and research specialization masked persistent deployment complexity and lack of universal best-practice guidance across heterogeneous data types.
2024-Q3: Vendor platforms continued evolution with Oracle expanding Stack Monitoring capabilities to enable custom resource anomaly detection and releasing low-code Anomaly Detection operators for data science workflows. Research focused on novel modalities (point cloud anomaly detection in lidar sensors) and applied deployments (object-centric detection in supply chains with LLM integration). Critical assessments intensified: explainable AI study found VAE-based systems detecting anomalies for "wrong or misleading factors"; industry survey of 15 practitioners revealed preference for rule-based approaches over self-developed AI despite AI research dominance, highlighting adoption barriers in operational environments. Cybersecurity domain analysis documented persistent failures of ML-based anomaly detection due to false positives and inability to detect novel attacks. The practice remained bleeding-edge: vendor platforms matured and deployment cases expanded, yet reliability concerns and industry skepticism of AI-based methods constrained confident maturity claims despite billion-dollar market projections.
2024-Q4: Algorithmic maturity advanced with IEEE ICDM 2024 peer-reviewed research on efficient Isolation Forest variants addressing deployment latency constraints. Market adoption accelerated further with USD 6.3B market (2025) projected at 16.6% CAGR through 2032; adoption metrics showed 65% of companies deploying automated anomaly detection with 55% incorporating AI/ML and 60% favoring cloud-based solutions. Practitioner reality diverged from research: survey of 312 practitioners across 36 countries identified persistent gaps between academic research and real-world needs, highlighting unresolved challenges in implementation and deployment. Named organization case study (Cisco) documented production deployment achieving 75% false positive reduction, 40% faster incident response, and $2M cost savings. Critical limitations remained prominent: data quality dependencies, dynamic environment challenges, and noise sensitivity persisted as barriers to confident maturity. The practice remained bleeding-edge: market growth and deployment cases validated ecosystem maturation, yet fundamental challenges around false positive tuning, evaluation methodology rigor, and practitioner adoption barriers prevented confident progression despite strong market signals.
2025-Q1: Research maturity deepened with comprehensive survey of 180+ deep learning studies (March 2025) and critical industry assessment identifying persistent gaps between academic research and production deployment (February 2025). Market growth accelerated with forecasts projecting USD 7.4B (2025) to USD 24.4B (2034) at 14.2% CAGR. Vision-based industrial anomaly detection emerged as mainstream modality for manufacturing and aerospace quality assurance. Practitioner tutorials documented production One-Class SVM implementations for user behavior monitoring. Counterbalancing positive signals, critical practitioner analysis revealed low real-world adoption (12% of SREs in 2021) with high-profile failures (Lacework: $1.9B valuation collapsed to $200-230M exit due to unreliable technology). The practice remained bleeding-edge: research synthesis and market projections signaled mainstream adoption potential, yet persistent practitioner skepticism, technology reliability concerns, and unresolved detection challenges (false positives, threshold optimization) prevented confident maturity progression.
2025-Q2: Vendor platform consolidation accelerated with Oracle discontinuing standalone OCI Anomaly Detection service (EOL March 2025) and embedding low-code operators in data science workflows; Azure Anomaly Detector approached retirement with published limitations documentation. Market growth sustained with projections updated to USD 17.84B (2033, 16.4% CAGR) driven by fraud prevention economics (37% reduction potential). Academic research expanded into application modalities: systematic surveys of vision-based industrial inspection, graph-structured anomaly detection, and vision-language model integration for surveillance and healthcare. Real-world deployments documented named organizations with measured impact (Cisco: 75% false positive reduction, $2M cost savings; AppNexus/telco: performance improvements in large-scale data environments). Open-source ecosystem matured with MIT Orion framework emphasizing accessibility. Critical deployment barriers persisted: vendor documentation highlighted fundamental constraints (stateless models, data point limits, parameter tuning required) and fraud/DDoS cost drivers (>$2M events) motivating adoption rather than algorithmic breakthroughs. The practice remained bleeding-edge: market-driven adoption and expanded technical modalities masked unresolved gaps between research claims and operational performance in dynamic environments.
2025-Q3: Market projections solidified with industry forecasts ($6.15B to $7.23B at 17.6% CAGR), while vendor platforms expanded (Adobe Analytics GA hourly/weekly/monthly detection; Oracle low-code operators). Manufacturing adoption accelerated as a bright spot with transformation from R&D to production factory floor deployment. Yet practitioner skepticism deepened with critical signals emerging: Sophos security research documented high false positive rates in production cybersecurity forcing LLM augmentation; IBM practitioner assessment revealed company reluctance due to algorithm obsolescence and inability to distinguish malicious from benign anomalies. Academic benchmarking stalled despite continuous algorithmic proposals—July 2025 preprint identified stagnation due to evaluation methodologies missing real-world anomaly diversity (predictive maintenance, scientific discovery). The practice remained bleeding-edge: market-driven adoption coexisted with vendor ecosystem consolidation, documented production failures in cybersecurity, benchmarking stagnation, and persistent unresolved barriers preventing confident tier progression despite strong economic signals.
2025-Q4: Vendor ecosystem continued expansion across verticals with Google Cloud announcing Cost Anomaly Detection GA (auto-alerts, AI-generated thresholds), Microsoft Defender for Cloud Apps releasing UEBA/ML features (June 2025 transition to dynamic threat detection), and Zoho Catalyst expanding anomaly detection into early access (fraud, maintenance, cybersecurity, healthcare). Oracle extended anomaly detection to financial services microservices platform with configurable sensitivity workflows. Market analysis confirmed acceleration with OG Research reporting $11.4B market in 2025 at 18.8% CAGR to $53.7B by 2034, driven by fraud prevention economics and cybersecurity spend. Practitioner implementation guides emerged demonstrating real-time production pipelines on Oracle Cloud with streaming ingestion and z-score detection. The practice remained bleeding-edge: major vendors (Google, Microsoft, Oracle, Zoho) validated tooling maturity through GA releases and platform embedding, yet market expansion and new use cases (cost anomalies, financial services vertical) masked unresolved deployment challenges from prior quarters (false positive management, threshold optimization, practitioner adoption barriers) which persisted despite billion-dollar market projections.
2026-Jan: Vendor platform expansion continued with Oracle releasing Cost Anomaly Detection GA for cloud cost monitoring with multi-level seasonality, and Microsoft extending Power BI with GA anomaly detection (SR-CNN with natural language explanations). Research advancement challenged methodological assumptions with training-free retrieval-based anomaly detection (RAD) achieving 96.7% Pixel AUROC on MVTec-AD, while domain-specific deployment frameworks matured for maritime surveillance and satellite telemetry with adaptive thresholding. Industry standardization progressed with IETF NMOP WG proposing formal network anomaly detection lifecycle (YANG models, AI-based techniques). Market analysis sustained growth trajectory ($1.96B 2025 to $5.06B 2029 at 26.7% CAGR per Research and Markets). The practice remained bleeding-edge: ecosystem diversification into cost management and BI signaled broadening institutional adoption, research methodologies challenged reconstruction paradigms, and standardization efforts formalized operational practices, yet unresolved practitioner barriers and documented false positive challenges in cybersecurity contexts persisted, preventing confident mainstream progression despite expanding deployed footprint and billion-dollar market economics.
2026-Feb: Vendor ecosystem consolidation evident with Microsoft announcing Azure Anomaly Detector retirement (October 1, 2026) despite market growth, signaling limitations of first-generation GA tooling. Research expanded into critical infrastructure: 5G network anomaly detection (February 2026 arXiv) with adversarial robustness findings and power grid deployments showing neural network superiority over classical methods. Practitioner guidance emerged on industrial deployment pitfalls—data silos, algorithm selection complexity, false positive management—with Google Cloud tutorial (BigQuery ML, Vertex AI) providing implementation patterns. Market analysis remained positive (USD 4.70B–5.16B in 2026, 10–19% CAGR) but growth attributed to regulation and AI expansion rather than proven operational effectiveness. The practice remained bleeding-edge: critical infrastructure research and vendor platform breadth validated expansion, yet deployment barriers persisted and product lifecycle changes signaled unresolved technical or commercial challenges preventing confident mainstream tier advancement.
2026-Q1: FinOps emergence as the highest-confidence deployment vertical with DoiT and CloudZero releasing GA multi-platform anomaly detection for cloud cost optimization (7+ platforms including Google Cloud, AWS, Azure, Snowflake, Databricks). Documented production deployments in financial services: Capital One GBM-based transaction volume anomaly detection achieving improved incident detection at 5,000 concurrent users/minute; Whistl multi-technique fraud prevention combining statistical, tree-based, and deep learning approaches. Research advanced with peer-reviewed deployment (University of Twente) demonstrating LLM-based (LogBERT) log anomaly detection in military AIOps with 15-second latency and domain expert validation. Critical deployment barriers documented: sanctions.io analysis confirmed operational false positive challenges in AML screening; Silent Eight documented model drift degradation in production AML systems requiring active retraining. OpenSearch and open-source ecosystem (Anomalib with 23 algorithms) continued maturation signaling broad institutional adoption. Market solidified at USD 7.23B (2026, +17.6% CAGR) driven by cybersecurity, fraud prevention, and cost optimization economics. The practice remained bleeding-edge: new use cases (cost monitoring) and production deployments expanded footprint, yet operational reliability (false positives, model drift, threshold tuning) and practitioner skepticism persisted despite strong market signals.
2026-Apr (early): Vendor ecosystem showed simultaneous expansion and contraction: AWS Cost Anomaly Detection GA added ML-based root-cause attribution and multi-level seasonality handling for FinOps use cases, while Azure Anomaly Detector's October 2026 retirement (alongside AWS Lookout for Equipment EOL) confirmed that first-generation standalone services are failing commercially. Industrial deployment evidence strengthened with Zensar documenting 90% precision improvement and 60% baseline advantage over rule-based methods in production sensor deployments, and Amazon Science publishing a benchmarking framework for visual anomaly localization targeting the remaining gaps in manufacturing quality inspection. OpenObserve released GA anomaly detection using Random Cut Forest with auto-seasonality and no external ML infrastructure dependency, reflecting observability vendor maturity. The practice remained bleeding-edge: FinOps and industrial verticals showed credible production gains, but vendor consolidation of standalone offerings and persistent false positive and model drift documentation confirmed that operational reliability challenges remain unresolved.
2026-Apr (22): Platform embedding maturity advanced with Databricks embedding anomaly detection in Unity Catalog for data quality monitoring (freshness/completeness), AppDynamics deploying anomaly detection with 48-hour ML training and automated root cause analysis (ARCA) across APM dimensions, and OpenSearch providing comprehensive detector lifecycle APIs (create, validate, run, stop, delete) for real-time and batch workflows. Real-world deployment case study emerged: ServiceNow shipping production anomaly detection (v1.1.2, April 2026) for OEM warranty fraud prevention (duplicate submissions, mismatched parts, reused images). Empirical research on 118 field-deployed industrial machines (published April 2026) validates that TCN-AE autoencoders achieve F1: 0.991 versus Isolation Forest F1: 0.120 on complex time series, confirming architectural alignment with data structure drives production success. Power grid intrusion detection achieves sub-millisecond latency (1.118ms at F1=0.8737) on hard real-time constraints. Practitioner limitations surfaced: AWS Cost Anomaly Detection testing documents 7-day detection lag and 4-day alert persistence after resource deletion; NASSCOM analysis reveals production fraud detection failures with data drift degradation 20-40% monthly, sub-100ms latency requirements, and >15% FP rates causing 40% conversion drop. Market research solidified at USD 6.15B (2025) to USD 13.89B (2030) at 17.7% CAGR, with USD 5.8B (2024) to USD 23.6B (2033) at 18.7% CAGR per competing firms, confirming multi-billion-dollar growth driven by regulatory pressure and fraud prevention economics rather than proven operational effectiveness. The practice remained bleeding-edge: platform embedding and new use cases (cost monitoring, warranty fraud, manufacturing visual inspection) expanded institutional adoption, yet fundamental barriers—7-day detection lag, model drift, false positive rates, resource-intensive threshold tuning—persisted as evidence that domain-agnostic anomaly detection remains unsolved at production scale.
2026-May: First-generation standalone services confirmed failing: AWS Lookout for Equipment (discontinuing October 2026) joins Azure Anomaly Detector in EOL, despite named enterprise customers (Koch Ag, CEPSA, GS EPS), signalling that standalone products cannot sustain commercial viability even with proven adoption. Production deployments validated in verticals where customisation is deep: ARGUS on Azure Kubernetes processed 100+ incidents over 5 months with a multi-algorithm ensemble reducing time-to-insight by 94%; financial services IAM deployment achieved 92% false positive reduction from a 15K daily alert baseline. IBM Research ICLR 2026 paper introduced post-hoc conformal anomaly detection leveraging pre-trained foundation models without fine-tuning, directly addressing the limited-data and expertise barriers that constrain industrial deployment. Practitioner analysis documented realistic manufacturing accuracy (80–90% vibration, 70–85% current-signature) versus vendor claims, with 3–6x ROI over 3 years in confirmed use cases but 74% of manufacturers still relying on manual preventive maintenance. The practice remained bleeding-edge: ecosystem-level product discontinuations confirmed structural limitations of domain-agnostic approaches, while vertical-specific deployments with deep customisation continued to demonstrate credible, measured production value.