SaaSpocalypse Now
Section titled “SaaSpocalypse Now”The AI selloff is real. The category error is bigger
Section titled “The AI selloff is real. The category error is bigger”
In late 2018, I joined Cloudflare, a company that provides security infrastructure to about a fifth of the web. In the process of onboarding, I heard a compelling story about the power of a global network. At some point in the preceding years, a leading global financial institution experienced a significant outage. The usual suspects, including major content delivery networks and cloud providers, could not resolve it quickly. Cloudflare did.
As it turned out, the hacker responsible for the attack had previously attempted the same attack on a Turkish escort site — a site that happened to sit on Cloudflare’s free plan. Because the site shared threat data with the rest of the network, Cloudflare had seen the attack, recognised the pattern, and acted on it faster than any other provider could.
This story stuck with me for a reason that had less to do with the dramatics than the scale. Processing tens of millions of HTTP requests per second, Cloudflare can identify, analyse, and mitigate threats across all customer sites simultaneously. That unmatched threat visibility, accumulated over years and across millions of endpoints, is a cumulative advantage, not a software feature. And it can’t be easily replicated.
Lessons from the selloff
Section titled “Lessons from the selloff”In recent weeks, fears of a “SaaSpocalypse” have rattled markets, driving major SaaS stock selloffs. The arrival of AI coding tools and domain-specific extensions, having significantly compressed development costs, has led to investors questioning whether leading software firms like Salesforce or Workday will remain the default choice for enterprise buyers, or if foundation model providers moving up the stack will displace them entirely.
Even a16z, which has considerable enterprise software investments, has conceded that the bifurcation is real. In a recent post, partners Alex Immerman and Santiago Rodriguez wrote that the SaaSpocalypse would split the industry “into two parts,” going as far as to claim that AI could be “the best thing that ever happened to the software industry.” They may be right, but don’t fully explain why the durable half is durable. That is the question worth answering.
The panic attack has merit. Point solutions with thin moats are genuinely exposed. Consider the case of Zendesk, a leading provider of customer support and sales services. Zendesk operates in a category where AI-native alternatives have compressed the value proposition, and where switching costs are lower than in highly regulated industries (like cybersecurity). Other players in commoditised categories, from email security to standalone workflow automation, also face real substitution risk as AI-native alternatives improve.
At the same time, it would be premature to extend the lessons of this selloff to all SaaS companies, especially those that have been agile in realigning their pricing and whose value is rooted in something AI cannot yet touch. The classic per-seat licensing model is under structural pressure, as usage- and outcome-based pricing become more appealing to both developers and buyers. When a handful of AI agents can do the work of many employees, the economic logic of paying per seat starts to break down.
The right pricing model lowers barriers to entry, while also creating a system of record that compounds. Cloudflare’s free plan has never been purely a growth tactic. It is the mechanism by which millions of sites contribute to the shared intelligence of the network. Every attack absorbed by a free tier customer makes the network marginally more attuned to the next one. That dynamic is less software, more infrastructure.
Layer 8
Section titled “Layer 8”The standard OSI model describes seven layers of a communications network, from physical infrastructure up through application interfaces. But there is an unofficial 8th layer, known as the human or user layer. This refers to the people, policies, and cultural norms that determine how technology is actually used. It is where security awareness lives, where enforcement decisions get made, and where institutional judgment accumulates over time. The human layer is fallible in ways that cannot be patched; people are creatures of habit, and attackers have always known it. No large language model (LLM) has a layer 8. Not yet, and I don’t believe one will anytime soon.
The most durable SaaS companies are not selling software in isolation, but embedded infrastructure. At Okta, the product conversation was not just about features, but about a secure identity fabric woven into thousands of integrations, compliance audits, and access policies built up over years. In response to a high-profile breach, we launched the Okta Secure Identity Commitment as an effort to re-engineer the entire company around trust. That trust extends beyond the vendor relationship itself. When a compliance-sensitive enterprise embeds software through a certified OEM or reseller, they are acquiring a chain of custody: a paper trail of vetted integrations and audited liability that no AI tool can yet produce.
There is also a meaningful difference between a security culture embedded in a company that has navigated real breaches and rebuilt from them, and one that has been configured into a model. “Human in the loop” (HITL), or the idea that human involvement or oversight at some point in the AI workflow can ensure accuracy, has become a familiar phrase in discussions about AI agents. But loop participation is not the same as institutional memory. A model can be configured to involve humans, but not to have survived a breach.
The fault lines become visible when we plot SaaS companies across two axes, with depth of layer 8 entrenchment on one side and AI replicability of core function on the other.
The bottom-left quadrant is largely theoretical. The same properties that make a core function hard to replicate tend to attract the enterprise sales cycles that build layer 8 depth over time. Companies like Cloudflare and ServiceNow (deep entrenchment, hard to replicate) sit in the top-left quadrant. The market is currently pricing the entire category as though everything lives in the bottom right quadrant (shallow entrenchment, easy to replicate), which is in fact primarily occupied by point solutions. That is the category error.
The race within
Section titled “The race within”The more interesting competitive dynamic is not LLMs versus SaaS, but rather which SaaS companies integrate AI faster than LLMs can build the layer 8 infrastructure to replace them. For those that do, the a16z prediction is already playing out. ServiceNow and Salesforce are not waiting to be disrupted. Agentforce has had mixed reviews as a product, but it has been a commercial success. The more important point is directional: Salesforce’s ability to improve an AI layer built on decades of CRM entrenchment is a more credible trajectory than an AI-native substitute acquiring equivalent depth from scratch. For companies like this, AI may indeed prove to be the best thing that ever happened to them.
Atlassian’s recent layoffs tell a different story. Its shares had already lost two-thirds of their value in the preceding twelve months, its customers were spending less, and its pricing model had not adapted quickly enough to shifting buyer expectations. AI may have accelerated this reckoning, but it didn’t cause it. The SaaSpocalypse narrative flattens a story that is really about laggards caught between pricing inertia and a market that has moved on.
To the extent the SaaSpocalypse is real, it’s a story about laggards: companies that treat their pricing model as a revenue mechanism instead of a compounding asset, or their product as a feature set rather than a fabric of integrations and institutional memory. For those companies, the threat is genuine.
But for the ones that have spent a decade becoming the infrastructure layer of their customers’ operations, the arrival of AI is more likely to be an accelerant than a death knell. There is no fast solution to replacing a global shared intelligence network, and no shortcut to a decade of enterprise identity integrations. The apocalypse, it turns out, has a long list of exceptions.SaaSAISalesforceCloudflareOkta
MBA Candidate at London Business School. Author and founder of Besteps, previously at Cloudflare, Okta, and New Relic. Mostly optimistic about the Internet.
Responses (14)
Section titled “Responses (14)”Talbot Stevens
What are your thoughts?
Strong take. it’s not a SaaS apocalypse,it’s a sorting event. AI kills weak, feature-based tools, but strengthens deeply embedded platforms with data, trust, and workflows. The real shift is pricing + moats, not extinction.4
strong article!![
Mar 19
this is great, thanks man2