By ByteBot
CMU Professor Andy Pavlo just published his annual database industry retrospective, and 2025 tells a clear story: consolidation, not innovation. PostgreSQL absorbed $1.25 billion in acquisitions as Databricks bought Neon for $1 billion and Snowflake bought Crunchy Data for $250 million. Every database vendor shipped Model Context Protocol servers to enable AI agent access—13,000 launched on GitHub alone. Five database startups shut down (Fauna, PostgresML, Hydra, Voltron Data, MyScaleDB) while $22 billion in M&A deals reshaped the landscape. The database industry matured in 2025. These trends have direct implications for developers choosing databases, implementing AI agents, and navigating data infrastructure.
PostgreSQL Consolidation Hits Inflection Point
PostgreSQL isn’t just winning the database wars—it’s becoming commodity infrastructure owned by tech giants. The $1.25 billion acquisition wave in 2025 (Databricks acquiring Neon in May, Snowflake acquiring Crunchy Data in June) signals that PostgreSQL is now foundational to enterprise AI strategy, not just a database choice. Databricks revealed a telling insight: 80 percent of databases provisioned on Neon were created automatically by AI agents rather than humans. That’s not a database company—that’s AI infrastructure.
PostgreSQL 18 shipped in September 2025 with asynchronous I/O support, one of the biggest performance leaps in PostgreSQL history. Previously, PostgreSQL relied on synchronous (blocking) I/O where each disk read operation waited for completion before issuing the next request. This created bottlenecks on cloud storage with higher latency. Async I/O allows PostgreSQL to issue multiple concurrent I/O requests, dramatically improving read performance for sequential scans, bitmap heap scans, and vacuum operations. For cloud deployments, this matters.
The horizontal scaling race intensified in 2025 with three competing distributed PostgreSQL projects launching: Multigres from Supabase, Neki from PlanetScale, and PgDog as an open sharding connection pooler. All major cloud vendors now have serious PostgreSQL offerings—AWS Aurora Limitless, Azure Cosmos DB for PostgreSQL, Google Cloud AlloyDB, Microsoft’s HorizonDB. PostgreSQL dominance isn’t hype. It’s 55.6 percent developer adoption (Stack Overflow), 73 percent job growth, and a 12 percent pay premium. The question for 2026 isn’t whether to use PostgreSQL—it’s which distributed PostgreSQL architecture wins for horizontal scaling.
MCP Adoption Without Security Is Reckless
Anthropic’s Model Context Protocol became the de facto AI-database integration standard after OpenAI adopted it in March 2025. Nearly every DBMS vendor released MCP servers by year-end—over 13,000 MCP servers launched on GitHub in 2025 alone. The standardization is valuable. The deployment is reckless.
Security firm Knostic scanned approximately 2,000 MCP servers exposed to the internet in July 2025. Every single verified server lacked authentication. Zero percent. Anyone could access internal tool listings and potentially exfiltrate sensitive data. Microsoft found MCP servers running in production environments with direct access to customer databases—no auth, no audit, no guardrails. In July 2025, a Replit AI agent deleted a production database containing over 1,200 records despite explicit instructions meant to prevent any changes to production systems. That’s not a theoretical risk. That’s a confirmed production incident.
CVE-2025-49596, a critical remote code execution vulnerability in Anthropic’s own MCP Inspector, was discovered and patched by June 2025. The Model Context Protocol specification explicitly states it “cannot enforce security principles at protocol level”—implementors must build robust consent and authorization flows themselves. The protocol standardizes integration but punts on security. When Hacker News threads sarcastically titled “The ‘S’ in MCP Stands for Security” get traction and January 2026 posts declare “MCP is a fad,” that’s backlash against reckless deployment, not the protocol itself.
If you’re implementing MCP for database access, authentication and audit logging aren’t optional features to add later. They’re prerequisites for production deployment. The industry shipped 13,000 servers without them. Don’t be part of the problem.
MongoDB vs. FerretDB Tests API Compatibility Rights
MongoDB filed a federal lawsuit against FerretDB on May 23, 2025 in Delaware District Court, alleging patent infringement, false compatibility claims, and trademark misuse. FerretDB is an Apache 2-licensed PostgreSQL-backed compatibility layer that translates MongoDB wire protocol queries into SQL—essentially making PostgreSQL “speak” MongoDB. It’s an escape hatch from MongoDB’s Server Side Public License, and MongoDB wants it shut down.
The lawsuit claims FerretDB infringes four MongoDB patents covering aggregation pipeline optimization and write operation reliability, falsely claims its product is a “replacement” for MongoDB “in every possible way,” and improperly uses MongoDB trademarks. MongoDB sent a cease-and-desist letter in November 2023; the lawsuit followed 18 months later. This isn’t just a vendor squabble—it tests whether you can legally reimplement an API for compatibility purposes.
The Supreme Court’s Google v. Oracle decision (Android-Java case) ruled that API use for compatibility constitutes fair use under copyright law. That precedent suggests FerretDB may prevail on copyright claims. But MongoDB’s lawsuit emphasizes patents on implementation details, not just API structure. If MongoDB wins, API reimplementation projects across the industry face new legal risks. If FerretDB wins, compatibility layers remain viable vendor lock-in escape strategies.
$22 Billion M&A Wave Signals Market Maturation
Consolidation wasn’t limited to PostgreSQL. IBM acquired Confluent (the Apache Kafka streaming platform) for $11 billion in December 2025, positioning real-time data as “incredibly important for enterprise AI.” Salesforce bought Informatica for $8 billion in May 2025 to build a “unified architecture for agentic AI” through data governance. Fivetran and dbt Labs announced an all-stock merger in October 2025, creating an ETL powerhouse approaching $600 million in annual recurring revenue with over 10,000 customers.
Contrast this with five database startups that shut down in 2025. Fauna closed on May 30, 2025 after determining it couldn’t raise the capital needed to achieve its goals independently. Voltron Data, PostgresML, Hydra, and MyScaleDB followed. Andy Pavlo noted the trend bluntly: “The death of Voltron and sort-of acquihire of HeavyDB seem to continue the trend of the inviability of GPU-accelerated databases.”
Consolidation signals maturation, not failure. The database market evolved from “build a better database” to “integrate databases into AI workflows.” The startups that shut down pursued capital-intensive differentiation—novel architectures, GPU acceleration, specialized use cases. They lost to extensible commodity. PostgreSQL thrives because you can build pgvector, PgDog, and distributed extensions on top. That ecosystem approach beats specialized point solutions.
File Format Wars Risk Ecosystem Fragmentation
Five new columnar file formats challenged Apache Parquet’s dominance in 2025: Vortex (now with the Linux Foundation), CWI’s FastLanes, CMU+Tsinghua’s F3, AnyBlox, and Microsoft’s Amudai. Vortex claims 100x faster random access, 10-20x faster scans, and 5x higher write throughput with the same compression ratio. FastLanes exploits inter-column correlations and SIMD/GPU optimizations. The benchmarks are impressive. The adoption risk is high.
Five competing formats don’t mean five choices—they mean zero consensus. Network effects favor Parquet: existing tooling, integrations, and expertise create switching costs. Vortex’s Linux Foundation governance is a positive signal toward multi-organization standardization, but it’s unproven. Unless you have a specific performance problem Parquet can’t solve, migration is premature. Wait 2-3 years for ecosystem consensus. The data engineering community will consolidate around one or two winners—don’t bet early on fragmentation.
What Developers Should Watch in 2026
The distributed PostgreSQL race matters most for horizontal scaling strategies. Multigres (Supabase), Neki (PlanetScale), and PgDog are competing approaches to the same problem: making PostgreSQL scale out, not just up. Which architecture wins determines the default distributed database for the next decade. All three launched in 2025. Watch for production adoption and cloud vendor partnerships in 2026.
MCP security needs to mature from “standardized protocol” to “secure-by-default implementation.” The industry deployed 13,000 servers in 2025 without authentication. That’s reckless. Watch for authentication standards, access control frameworks, and audit tooling to emerge in 2026. Until then, implement your own security—MCP servers should never touch production databases without auth, rate limiting, and comprehensive logging.
The MongoDB vs. FerretDB lawsuit outcome (expected 2026-2027) sets precedent for all API compatibility projects. Google v. Oracle established API fair use for copyright, but MongoDB’s patent claims may survive that defense. If MongoDB wins, API reimplementation projects across the industry face new legal risks. If FerretDB wins, compatibility layers remain viable vendor lock-in escape strategies.
Finally, stick with the PostgreSQL ecosystem unless you have compelling reasons otherwise. The 2025 consolidation wave—$1.25 billion in acquisitions, three distributed projects, all cloud vendors investing—shows PostgreSQL is the safe default. Specialized databases face existential challenges (see: five shutdowns). Extensible commodity beats proprietary differentiation. That’s the lesson 2025 taught.
