AI is Eating the SaaS Interface. But That’s Not the Real Story

To appreciate what is happening, contrast the last thirty years with the next ten. Enterprises stitched monolithic systems together into a fragile spaghetti architecture of APIs, middleware, reconciliations, and accumulated technical debt. The tech industry extracted massive economic rents by owning the interface and workflow layer at the top of the stack, while enterprises assumed the integration risks and the operational friction. Agentic AI inverts that equation. The interface layer that SaaS vendors monetized for a generation is no longer the control point, and the power shifts back toward the institutions that own the data, the processes, and the regulatory obligations.

In the near term, the transition is also slowing enterprise decision-making. Many buyers are treating major vendor choices as potentially irreversible bets in a market where “what’s coming next year” is genuinely unclear, so they are delaying large renewals, shortening commitments, and favoring modular architectures and pilots over monolithic transformations. The volatility is even disrupting software M&A and IPO timelines as valuations become unreliable.

However, as the dust settles on Wall Street, it will become clear that software isn’t dying. We are witnessing a profound, structural shift in enterprise power dynamics.

The Real Shift: Interface Inversion and Monetization Reset

We can already see people trusting agents with more autonomy in day-to-day usage. Anthropic's own research, published February 18, shows the long tail of Claude Code sessions getting longer: the 99.9th percentile "turn duration" nearly doubled from under 25 minutes to over 45 minutes between October 2025 and January 2026, while average human interventions per session decreased from 5.4 to 3.3 between August and December 2025 based on Anthropic’s internal Claude Code usage.⁷ A subset of users is trusting agents with longer, more complex, and increasingly unsupervised work.

What is emerging is not just a better tool but a new class of digital worker. Agents that execute multi-step workflows autonomously, with declining human intervention, are functionally labor. The per-seat SaaS model was priced on the assumption that the workforce was exclusively human. The SaaSpocalypse is, in part, the market repricing that assumption.

A second budget dynamic is accelerating the shift: as enterprises scale agentic AI, inference and token costs are becoming a fast-growing line item. CIOs are already seeing AI compute compete directly with software budgets.

Vendors at the same time are re-architecting monetization around "digital labor" meters:

• Salesforce publicly lists consumption-based options for Agentforce: Flex Credits at $0.10 per standard action or Conversations at $2 per conversation, with per-user licensing as a separate on-ramp.
• Okta is explicit that agentic products can be priced "per agent," and executives suggested a rough early ballpark of 5-to-10 agent-to-person ratio in some scenarios, and analysts on the Q3 FY26 earnings call directly asked about "seat count reductions" as a headwind.
• ServiceNow is leaning into orchestration, launching AI Agent Orchestrator, AI Agent Fabric, and a redesigned partner marketplace transitioning over 1,000 partners to build and distribute AI agents. This is an early signal that "agent ecosystems" will be monetized differently than classic modules.

The pricing reset is not cosmetic. It creates new procurement obligations: units must be defined ("actions," "conversations"), the telemetry must be instrumented, and hard caps and circuit breakers become as important as discounts.

The Enterprise Response: Build Is Back, But Architecture and Governance Determine Whether It Helps or Hurts

At ThoughtLinks, we’ve had versions of the same conversation repeatedly this year with banking and capital markets technology leaders: how SaaS value is changing, where spend is leaking, and what happens to the stack when agents run workflows end-to-end. That pattern is what prompted this paper.

The data backs it up. Retool’s February 2026 survey of 817 customers and builders found that 35% have already replaced at least one SaaS tool with a custom build, 78% expect to build more in 2026, and 60% built something outside of IT oversight in the past year.⁸ That 60% is the pincer: platforms displace from above, developer tools erode from below, often outside procurement or governance.

That does not mean enterprises are rebuilding core systems of record from scratch. It means commodity workflows are under pressure, especially thin user interface layers sitting on top of predictable data operations.

It also means the lock-in dynamic is changing. The stickiness is moving away from user habit to data, governance, and orchestration.

Why Regulated Industries Face a Unique Paradox

Regulated industries are simply the hardest test case for enterprise AI adoption; the structural lessons apply far beyond banking.

Agent-driven software makes building easier, but regulation makes deploying harder. The barrier to writing code has dropped. The barrier to deploying it securely and compliantly has not. Treating "easy to build" as "safe to deploy" is a costly mistake.

Letting ungoverned AI-generated code touch trading execution, risk ledgers, or regulatory reporting is not innovation. It is a fast path to outages, audit findings, and regulatory remediation.

Financial institutions operate under strict mandates on data privacy, bias, explainability, and operational resilience. In Europe, the EU AI Act and DORA raise the bar on everything from higher-risk AI use cases to ICT third-party risk management. These requirements do not get simpler because code generation is easier.

If institutions try to “build from scratch” with raw AI and weak controls, they risk swapping the brittle integration complexity of the SaaS era for a different kind of complexity. That new complexity looks like tangled dependencies, unclear ownership, inconsistent testing, and thin documentation.

“The real danger is not that code can be generated. The danger is that it can be generated faster than an enterprise can govern it.”

This is why governance determines whether build helps or hurts. Models can hallucinate. They do not inherently understand an institution’s data structures, control requirements, or regulatory obligations. They do not automatically produce code that satisfies supervisory expectations. The gap must be closed by architecture, policy, testing, monitoring, and auditability.

Here is the contrarian angle that current commentary often misses: Regulated institutions that take operational resilience and third-party risk seriously may be better positioned for the SaaSpocalypse than peers who do not. Vendor diversification plans, exit strategies, concentration risk frameworks, and third-party oversight create a discipline that becomes an advantage when markets reprice vendors and weaker providers struggle. In this case, regulatory burden can become structural strength.

Buy-to-Build: The Enterprise-Grade Architecture for Regulated Industries

In regulated industries, the winning pattern is buy-to-build: buy governed foundations, then build differentiated workflows on top. In regulated environments, “governed foundations” means deterministic processing paths, compliance-hardened entitlements, segregation of duties, immutable audit trails, resilience, and observability.

It also means clear boundaries for what agents can do, what requires approval, and what must be verified deterministically before it becomes a books and records output. Done well, buy-to-build makes the domain expert more productive without bypassing controls. Procure the compliant infrastructure and reserve your engineering bandwidth to build out your unique competitive advantage. It reduces dependence on replaceable interfaces and increases investment in control planes and scaffolding that can support digital labor at scale.

A Portfolio Reclassification Framework: Five Buckets

The SaaSpocalypse is forcing a portfolio question: what do we still "rent," what do we "own," and where do we "build" on top of which governed foundations?

Use this portfolio lens to assess:

• Bucket A: Core Utilities (The Commoditized Plumbing). Basic cloud infrastructure, email, HR and payroll systems. These are essential but offer zero competitive advantage. Strategy: Continue with SaaS, now Agentic SaaS.
• Bucket B: Generic Knowledge & Workflows (The Vulnerable SaaS). Standardized CRMs, ITSM/ticketing, BI/dashboards, and basic data visualization. Any tool that primarily serves as a user interface for human data entry and retrieval without contributing to deterministic business ledgers lives here. This knowledge is now commoditized by AI. Strategy: Replace selectively with AI Agents and/or re-platform to usage-based automation where economically and operationally sound.
• Bucket C: Regulated Scaffolding (The Strategic Foundation). High-performance architecture that lets you move ahead fast without breaking determinism or controls, compliance-hardened entitlement frameworks, deterministic processing paths, orchestration layers, resilience, observability, and low-latency market connectivity. Standards such as the Model Context Protocol are emerging as connective tissue that can help agents exchange context with enterprise data and tools under governance. Strategy: Buy-to-Build.
• Bucket D: Proprietary Business Logic (The Crown Jewels). Alpha-generating trading algorithms, bespoke client pricing models, unique liquidity frameworks. Strategy: Build internally, selectively leveraging AI on top of Bucket C scaffolding.
• Bucket E: Legacy Core (The Anchor). Entrenched mainframes and monolithic core ledgers. Strategy: Contain and wrap with APIs, use the “strangler” pattern to incrementally modernize around the edge, and migrate components over time, often via a mix of buy + build.

Where do vertical market platforms sit, such as legacy trading systems and deep capital markets platforms? They are not simple Bucket B workflows, and most institutions will not rebuild their full functional surface area in-house. Expect durability with pressure. These platforms remain sticky where they are deeply embedded in books and records and lifecycle processing.

They will still face licensing pressure as human seats soften and agents interact via APIs, and they will face competition from buy-to-build platforms that scaffold around them and progressively decommission specific components.

Bucket C is also where institutional differences show up. The largest firms with deep IT budgets will build more scaffolding into their foundation, including standards, developer platforms, and control planes. Mid-size firms may prioritize managed operations and faster time to value. In both cases, the winners are the vendors and internal platforms that penetrate the architecture and governance layer, not another knowledge hub or workflow app.

A critical note for technology leaders: the most dangerous boundary in this taxonomy sits between Bucket B and Bucket C. As Bucket B faces massive devaluation, many legacy SaaS vendors may be hastily rebranding themselves as "regulated scaffolding" to escape the AI displacement wave. CIOs and procurement partners must rigorously interrogate vendor claims. Ensure you are purchasing genuinely hardened, compliance-grade infrastructure, not overpaying for a generic workflow tool with a hastily embedded AI chatbot.

What CIOs Should Do Now (Partner More Closely with Procurement)

CIOs should treat this moment as a portfolio reset. Keep what is durable, replace what is generic, and build differentiated workflows on governed foundations.

1. Audit Your SaaS Footprint, Seat-Count Exposure, and Vendor Financial Health (Target Bucket B)

   Identify where you are overpaying for generic, per-seat SaaS applications that offer little competitive differentiation. These are your prime candidates in a roadmap for replacement via internal, AI-generated applications built on solid scaffolding. Prepare to aggressively renegotiate with legacy vendors whose value propositions are eroding. Equally important: map your critical software dependencies against vendor solvency. Morgan Stanley's data shows that 50% of software loans are rated B- or lower, with 30% maturing by 2028. If a mid-tier SaaS vendor you rely on is highly leveraged and facing revenue collapse, the likely outcomes are predatory price hikes on locked-in clients or sudden insolvency, leaving you with an unplanned migration, degraded support/security response, and potential service disruption at a critical moment.

2. Invest in Composable, Financial-Grade Scaffolding (Fortify Bucket C)

   Shift your budget away from monolithic applications and toward component frameworks and platforms that provide secure, compliant, and scalable infrastructure. Your goal is to provide your AI agents and developers with a safe sandbox where they can innovate rapidly without compromising your institution’s operational resilience.

3. Manage Cloud + Model Concentration Risk (Hedge Your Digital Labor Supply Chain)

   There is likely to be a handful of largely U.S.-based companies providing both cloud infrastructure and frontier models. Treat this as a first-order risk, not a footnote: diversify where feasible (multi-cloud and/or multi-model), require portability (data egress rights, model switching, prompt/tooling portability), and maintain credible exit plans. In the EU, DORA’s framework for ICT third-party risk management and the supervision of designated “critical” providers signals that concentration risk is becoming a supervisory issue, not just a procurement concern.

4. Implement Strict AI Governance as a Workforce Discipline, Not Just a Technology Control

   As you transition to a “Buy-to-Build” model, governance becomes your most critical asset. But governance here means more than validating AI-generated code. As AI agents increasingly execute end-to-end workflows and emerge as digital workers, enterprises must separate probabilistic reasoning from deterministic execution. Use models to draft, plan, and generate artifacts (code, rules, mappings, test cases), but require deterministic control planes for systems of record: entitlements, segregation of duties, required approvals/sign-offs, and immutable audit trails. For example, don’t let a model be the sole generator of a risk report that drives hedging; use models to generate and test deterministic pipelines, but compute exposures and produce final books-and-records outputs deterministically. An agent can propose, but the platform, and the bank’s policies, must dispose.

   Additionally, autonomous agents introduce novel attack vectors. OWASP's Top 10 for LLM Applications highlights indirect prompt injection, which in agentic workflows can escalate into goal hijacking or tool misuse.

   Register every agent in a central inventory. Log and retain full agent traces (prompts, tool calls, data accessed, approvals, and outputs) at a books-and-records standard. Assign a human owner accountable for its performance. Define escalation thresholds and “kill switch” protocols. Scaffolding platforms help, but ultimate accountability rests with the institution. This is why the Buy-to-Build model matters: the scaffolding provides the guardrails, but the bank must own the governance architecture that makes autonomous agents trustworthy enough to operate at scale.

5. Treat Your Data as the Durable Competitive Asset It Is

   In an era where AI can traverse unstructured data, summarize documents, and generate insights from messy inputs, it is tempting to deprioritize data hygiene. Resist that temptation. Clean, well-governed, structured data remains the single greatest determinant of whether your AI agents produce reliable, auditable, regulatory-grade output or confident-sounding hallucinations.

   But the investment extends beyond structured ledgers. The quality of your unstructured data estate (PDF prospectuses, ISDA agreements, historical client communications) is now equally critical. Continue investing in data lineage, master data management, and golden-source architecture, particularly across risk, finance, and client data.

   At the same time, be pragmatic: banking data will never be perfectly ready, and waiting for perfection is itself a risk. Focus on governing how data is used, not waiting for it to become ideal. In a world where every competitor has access to the same foundation models, your proprietary data estate is the moat that cannot be replicated.

6. Empower the Domain Expert (Accelerate Bucket D)

   The democratization of software creation means that the bottleneck is no longer coding capacity; it is business domain knowledge and guardrails. Equip risk managers, quantitative analysts, and operations leaders with AI-augmented tools inside IT-governed scaffolding: pre-approved components, entitlement models, auditability, and deployment pipelines. The goal is not to bypass IT, but to shift IT’s role from building every workflow to owning the platform, controls, and reusable modules, so domain experts can safely assemble and iterate some of the software that runs their divisions.

What Investors Should Do Now

The "SaaSpocalypse" is a sorting mechanism, but investors should be clear about what is being sorted. Your valuation multiple should not be a wager on dashboards; it should be a wager on whether a company sits in Bucket B (generic workflow, vulnerable to replacement) or is truly Bucket C (regulated scaffolding, orchestration, and the control plane for digital labor).

Here is the underwriting reset: assume Bucket B faces structural compression as agents bypass interfaces and human seat counts soften. Conversely, Bucket C can remain durable if, and only if, it provides hard-to-replicate capabilities: compliance-grade controls, deep integration into systems of record, auditability, resilience, and an ecosystem that makes the vendor the control plane for digital labor rather than a thin layer on top of it. Some incumbents may reinvent themselves as disruptors rather than disrupted, especially if AI increases platform pull and improves retention and expansion, as seen in certain public disclosures.⁹¹⁰ Anthropic’s February 24 enterprise announcement reinforced this possibility by emphasizing a partner posture—highlighting plug-ins developed with companies such as LSEG, FactSet, Salesforce’s Slack, and DocuSign, and noting adopters such as Thomson Reuters and RBC Wealth Management. Several of those partner stocks rallied on the news. But investors should be clear-eyed: a partnership announcement is not a business model transformation. The incumbents that survive will be those that restructure pricing away from per-seat rents, demonstrate transparent consumption economics, and prove that their platforms generate measurable value in an agent-driven workflow, not merely that they are compatible with one. Equally critical: vendors that restrict data access, resist portability, and make exit prohibitively costly may accelerate their own displacement. In an agentic world, enterprises route around closed systems. But the biggest diligence risk right now is the mislabeling mentioned earlier: generic SaaS vendors masking themselves as enterprise-grade infrastructure.

Underwrite the capital structure alongside the AI narrative. As detailed in Question 5 below, the solvency question and the durability question are no longer separable, and the refinancing wall is closer than most narratives acknowledge.

Five Questions Investors Should Be Asking Every SaaS CEO

1. If an AI agent never opens your UI again, what does the customer still pay you for, and why can’t they replicate it? Ask for proof in metrics: the share of workflows executed via API or automation rather than through the dashboard, the depth of integration into systems of record, and evidence that the product is more than a generic workflow with an AI veneer. Durable value lives in proprietary data assets, compliance-grade infrastructure, or network effects that deepen with scale. Vendors who cannot articulate a clear answer to this question are Bucket B companies masquerading as Bucket C.
2. Show me the evidence that your platform creates measurable value for the client and not that it extracts value from the client relationship. In the SaaS era, the line between pricing power and hostage economics was blurred. In the agentic era, it is not. If your clients stay because they cannot afford to leave—because of data lock-in, opaque export processes, or punitive termination clauses—that is not durability; it is a countdown clock. Investors should demand proof of positive ROI that the client would independently validate. In the agentic era, true durability is voluntary: clients renew because they see measurable value, not because leaving is punitive.
3. Show me your seat-compression sensitivity and your monetization transition plan without leaning on hostage economics. Make them quantify exposure: the percent of annual recurring revenue tied to human seats, expected revenue behavior under a 10 to 20 percent customer workforce reduction, and the roadmap to consumption or agent-based pricing with transparency, caps, and guardrails. If the transition plan amounts to replacing per-seat fees with uncapped consumption meters that clients cannot predict or control, enterprises will treat it as predatory rent extraction and accelerate their exit.
4. What is your “trust contract” for regulated clients, and will you underwrite it contractually? This is where CEOs either graduate into Bucket C credibility or they do not. Press for specific commitments: data use boundaries (including whether client data is used for model training), audit rights, data portability, termination triggers, and a practical exit plan. If they resist these terms, they are implicitly telling you their strategy is leverage, not durability. In a world where DORA raises the bar on concentration risk management for critical ICT third-party providers, regulated clients will increasingly require these protections as a condition of doing business.
5. What happens to your balance sheet if revenue compression hits before your next refinancing window? This question is directed less at the CEO and more at the investor’s own underwriting discipline. As noted earlier, software represents about $235 billion of the U.S. loan market; roughly half of those loans are rated B- or lower, and about 30% mature by 2028. The path to refinancing now runs directly through the question of whether their revenue base survives the agentic transition. Investors should stress-test the capital structure alongside the AI narrative: a company may have a credible product strategy and still face distress if the debt stack was underwritten against a per-seat ARR base that is structurally shrinking. In short: durability is now a balance-sheet risk.

Conclusion

The market wipeout of February 2026 was a shock to the system, but it was a necessary one. It signaled a structural reset in how enterprise software delivers value and how it should be valued. We are moving into a world of more software, not less. Development is becoming more accessible. AI lowers the cost of building, and domain experts who understand risk, markets, and clients can translate intent into working systems faster than before.

The center of gravity is shifting away from the interface. Power is moving from vendors that monetized control of the user experience toward institutions that own the data, the processes, and the regulatory obligations.

This shift changes commercial logic. Pricing will shift from inputs—seats, screens, time and materials, toward outputs: the governed action, the completed workflow, the measurable result.

Some SaaS vendors will adapt and strengthen their position, but only if they reinvent how they create value. Durable value now looks like deep systems integration, proprietary data assets, compliance-grade security, auditability, and predictable economics.

In regulated environments, the constraints of determinism, controls, resilience, and supervisory-grade evidence do not disappear because code is easier to generate.

That is where the buy-to-build model creates its highest value. Enterprises must buy governed foundations and then build differentiated workflows on top of them. The portfolio framework is not academic. It is operational. Commodity interface layers compress. Governed scaffolding becomes strategic. Proprietary business logic becomes the advantage.

Enterprises now face a clear decision. They can continue renting replaceable interfaces and absorbing opaque digital labor costs, or they can reclaim control over workflows, permissions, data flows, and governance. Failure to do so leads to rising spend without visibility, deeper lock-in disguised as consumption pricing, increasing third-party risk, and a widening gap between what agents can execute and what the institution can safely control.

The institutions that lead will treat this moment as an architectural shift. They will reduce dependence on replaceable layers, invest in governed control planes, and concentrate resources on differentiated business logic, not eliminating SaaS, but redefining its role within an architecture they control.

Sources:

1. Fortune, “3 factors that will separate the ‘SaaSpocalypse’ winners from losers,” Fortune (CEO Daily), February 12, 2026. https://fortune.com/2026/02/12/saaspocalypse-winners-losers-ceos-data-volume-pricing/ ↩
2. Bloomberg, “Get Me Out: Traders Dump Software Stocks as AI Fears Erupt,” February 3, 2026. https://www.bloomberg.com/news/articles/2026-02-03/-get-me-out-traders-dump-software-stocks-as-ai-fears-take-hold ↩
3. Bloomberg, “Anthropic AI Tool Sparks Selloff From Software to Broader Market” February 3, 2026. https://www.bloomberg.com/news/articles/2026-02-03/legal-software-stocks-plunge-as-anthropic-releases-new-ai-tool ↩
4. Forrester, “SaaS As We Know It Is Dead: How to Survive the SaaS-pocalypse,” 2026. https://www.forrester.com/blogs/saas-as-we-know-it-is-dead-how-to-survive-the-saas-pocalypse/ ↩
5. Reuters, “S&P 500 Software Sector Under Grip of AI Scare Trade,” February 13, 2026. https://www.reuters.com/business/software-real-estate-us-sectors-under-grip-ai-scare-trade-2026-02-13/ ↩
6. Salesforce, Inc. Q4 FY26 Earnings Conference Call transcript, February 25, 2026, Marc Benioff: https://s205.q4cdn.com/626266368/files/doc_financials/2026/q4/Transcript-Salesforce-Inc-Q4-FY26-Earnings-Conference-Call-2-25-26.pdf ↩
7. Anthropic, “Measuring AI Agent Autonomy in Practice,” February 18, 2026. https://www.anthropic.com/research/measuring-agent-autonomy ↩
8. BusinessWire / Retool, “Retool’s 2026 Build vs. Buy Report Reveals 35% of Enterprises Have Already Replaced SaaS With Custom Software,” February 17, 2026. https://www.businesswire.com/news/home/20260217548274/en/Retools-2026-Build-vs.-Buy-Report-Reveals-35-of-Enterprises-Have-Already-Replaced-SaaS-With-Custom-Software ↩
9. Atlassian, Shareholder Letter Q2 FY26. https://www.atlassian.com/blog/announcements/shareholder-letter-q2fy26 ↩
10. Janus Henderson, “Quick View: SaaS Isn’t Dead, but the AI Transition Is Forcing a Hard Reset,” Feb 5, 2026. https://www.janushenderson.com/corporate/article/quick-view-saas-isnt-dead-but-the-ai-transition-is-forcing-a-hard-reset/ ↩