Get your free personalized podcast brief
We scan new podcasts and send you the top 5 insights daily.
Todd McKinnon believes that while security and infrastructure software are more insulated than productivity apps, CEOs must be paranoid. The power of new AI development tools makes the threat of customers building their own solutions, instead of paying for SaaS, a real concern for everyone.
Related Insights
The market sell-off in cybersecurity stocks like CrowdStrike and Okta wasn't about Anthropic's new tool's direct features. It reflects a broader, rational repricing of all software valuations as investors grapple with the existential risk that AI could render any business model obsolete with terrifying speed.
In large enterprises, AI adoption creates a conflict. The CTO pushes for speed and innovation via AI agents, while the CISO worries about security risks from a flood of AI-generated code. Successful devtools must address this duality, providing developer leverage while ensuring security for the CISO.
Vercel is building infrastructure based on a threat model where developers cannot be trusted to handle security correctly. By extracting critical functions like authentication and data access from the application code, the platform can enforce security regardless of the quality or origin (human or AI) of the app's code.
Todd McKinnon conceptualizes AI agents not as simple tools but as a fundamentally new identity category. This identity possesses attributes of both a human user (roles, permissions) and a system (automation, being headless). This reframing is central to building the next generation of enterprise security and access management.
The public narrative about AI-driven cyberattacks misses the real threat. According to Method Security's CEO, sophisticated adversaries aren't using off-the-shelf models like Claude. They are developing and deploying their own superior, untraceable AI models, making defense significantly more challenging than is commonly understood.
The core value proposition of no-code platforms—building software without code—is being eroded by AI tools. AI-assisted 'vibe coding' makes it much easier for non-specialists to build internal line-of-business apps, a key use case for no-code, posing an existential threat to major players.
Instead of focusing solely on defending its core business, Okta sees the primary AI opportunity in a new market for managing AI agent identities. CEO Todd McKinnon believes this "agent layer" could become the single largest category in cybersecurity, a market currently worth over $280 billion.
The disruption to software isn't just about professional developers. It's about non-technical employees, like sales executives, using AI tools like Claude to build functional internal applications that replace paid SaaS products. This trend democratizes software creation and directly undermines the traditional SaaS business model from within customer organizations.
As AI tools like Claude Code make it easy for customers to build their own software, SaaS companies are the most threatened. To survive, they must become the most aggressive adopters of AI, creating a reflexive loop where they accelerate the very trend that undermines their business model.
As AI makes software development nearly free, companies will struggle to justify security audit costs that exceed development costs. This dynamic forces a fundamental shift in how security is valued and budgeted for.
