Established SaaS companies can defend against AI disruption by leaning into their role as secure, compliant systems of record. While AI can replicate features, it cannot easily replace the years of trust, security protocols, and enterprise-grade support that large companies pay for. Their value shifts from UI to being a trusted database.
Related Insights
Unlike the slow denial of SaaS by client-server companies, today's SaaS leaders (e.g., HubSpot, Notion) are rapidly integrating AI. They have an advantage due to vast proprietary data and existing distribution channels, making it harder for new AI-native startups to displace them. The old playbook of a slow incumbent may no longer apply.
As AI commoditizes user interfaces, enduring value will reside in the backend systems that are the authoritative source of data (e.g., payroll, financial records). These 'systems of record' are sticky due to regulation, business process integration, and high switching costs.
Investor Mitchell Green argues that the fear of AI "vibe coding" away SaaS businesses is overblown. Incumbents like Workday spent decades building trust and deep enterprise integrations, a moat that can't be easily replicated with code alone, regardless of AI's power.
According to Box CEO Aaron Levie, the stickiest SaaS products are those with strong network effects, deep integrations, and mission-critical workflows. A simple heuristic for vulnerability: if you can get the same value from a fresh install as a decade-old one, your product can be easily replaced by AI-generated software.
Recent security breaches (e.g., Gainsight/Drift on Salesforce) signal a shift. As AI agents access more data, incumbents can leverage security concerns to block third-party apps and promote their own integrated solutions, effectively using security as a competitive weapon.
The "SaaSpocalypse" narrative misses a key reason large enterprises buy from vendors like Salesforce. It's not just about features, but accountability—like hiring McKinsey, it provides "air cover" and "a throat to choke." This institutional trust is a powerful moat against nascent, AI-generated tools.
AI agents can easily siphon off value from SaaS products priced on per-seat utility by automating tasks previously done by humans (e.g., support tickets). In contrast, deeply embedded systems of record (ERP, CRM) are insulated by career-limiting switching costs and the immense challenge of migrating timeless, critical data.
![Gokul Rajaram - Lessons from Investing in 700 Companies - [Invest Like the Best, EP.456] thumbnail](https://megaphone.imgix.net/podcasts/a35cb364-fc94-11f0-a24d-836fa963ece3/image/f64963c59af651cbb2d022f3a0dd7199.jpg?ixlib=rails-4.3.1&max-w=3000&max-h=3000&fit=crop&auto=format,compress)
AI doesn't kill all software; it bifurcates the market. Companies with strong moats like distribution, proprietary data, and enterprise lock-in will thrive by integrating AI. However, companies whose only advantage was their software code will be wiped out as AI makes the code itself a commodity. The moat is no longer the software.
Incumbent SaaS companies like Salesforce are cutting off API access to prevent AI startups from siphoning value. To build a durable business, new AI companies cannot simply be a "system of action" on top of old platforms; they must aim to become the new system of record, which requires building complex data migration tools from day one.
An AI app that is merely a wrapper around a foundation model is at high risk of being absorbed by the model provider. True defensibility comes from integrating AI with proprietary data and workflows to become an indispensable enterprise system of record, like an HR or CRM system.
