We value your privacy

We use cookies to enhance your browsing experience, serve personalised ads or content, and analyse our traffic. By clicking "Accept All", you consent to our use of cookies.

Powered by
    Upcoming·June 8, 2026·BVMW Bayern·AI Agents, Vibe Coding and the EU AI Act
    RegulationAI & Technology

    35% Replace SaaS With Custom Code: Which Business Models Survive AI

    Dr. Oliver Gausmann · March 13, 2026 · 6 min read

    Setting up an AI operating system for midmarket companies

    Executive Summary

    The SaaS market has decelerated to 12% median revenue growth, down from 36% in early 2022 [1]Blossom Street Ventures, 2025. AI-native startups are scaling at speeds that break traditional benchmarks: Cursor crossed $2 billion ARR in under two years [2]Bloomberg, 2026. Meanwhile, 35% of enterprise teams have already replaced at least one SaaS tool with custom-built software [3]Retool Build vs. Buy Report, 2026. PE boards and CEOs need to answer one specific question: which business model types are most exposed, and which levers remain available to respond? No existing framework answers that question systematically [18]Eigene Analyse auf Basis von Bain (2025), IDC Software Taxonomy (2025), Gartner Market Definitions (2025), SEG SaaS Index (2026), KeyBanc SaaS Survey (2024). Bain's AI Disruption Matrix comes closest, but it ignores customer segment, regulatory density, and go-to-market structure [4]Bain, 2025. The gap matters because a per-seat workflow tool serving SMBs faces fundamentally different pressure than a compliance platform selling outcome-based contracts to regulated enterprises.

    What's happening in the SaaS market?

    Median public SaaS revenue multiples compressed to 4.0× in January 2026, down from 18.6× at the 2021 peak [5]Aventis Advisors / PublicSaaSCompanies.com, 2026. Private M&A transactions closed at 3.8× median, and private equity now controls 61% of all SaaS deals [6]SEG Annual Report, 2025. The market rewards efficiency over growth: only 16% of software companies sustain a Rule of 40 score above 40 over multiple years [7]McKinsey, 2024.

    AI-native competitors are rewriting category economics. Cursor doubled its annualized revenue from $1 billion to $2 billion in three months, valued at $29.3 billion with roughly 40 employees [2]Bloomberg, 2026. These companies win through business model architecture.

    Harvey reached $190 million ARR in legal tech, growing 290% year-over-year [8]Harvey company data, 2025. Sierra crossed $100 million ARR in customer support with pure outcome-based pricing [9]Sierra company data, 2025. Both entered regulated verticals where incumbents assumed AI disruption would arrive last.

    The build-vs-buy equation is shifting in parallel. Retool surveyed 817 enterprise builders in February 2026 and found that 35% have already replaced a purchased SaaS product with custom code [3]Retool Build vs. Buy Report, 2026. 78% expect to build more custom tools this year. Satya Nadella framed the thesis bluntly in December 2024: business applications are fundamentally CRUD databases with business logic, and that logic is migrating into agents [10]Satya Nadella, December 2024.

    What does this mean for B2B software companies?

    The disruption hits unevenly. A horizontal project management tool with per-seat pricing and SMB customers faces existential risk. A vertical compliance platform with outcome-based pricing and enterprise clients in a regulated industry operates in a different reality. The difference lies in the combination of fixed market dimensions and controllable business model levers.

    Fixed dimensions are structural conditions that a company cannot easily change. These include the target vertical and its regulatory density (healthcare and financial services create natural defense through compliance requirements), the customer segment (enterprise clients with 118% median NRR versus SMBs at 97% [11]Optifai Pipeline Study, 2026), the maturity of the replaced process (digitizing a paper-based workflow creates deeper lock-in than improving an already-digital one), and whether the product operates horizontally across industries or vertically within one.

    Controllable levers are strategic choices a company can actively adjust. Pricing model sits at the center: per-seat pricing declined from 21% to 15% of SaaS companies in 12 months, while hybrid pricing rose from 27% to 41% [12]Growth Unhinged, 2025. Delivery model defines whether the product remains a self-service tool, adds managed services, or deploys autonomous AI agents. Value depth determines whether the software provides a workflow, delivers integrated intelligence, or takes over entire processes autonomously. Platform strategy separates single-product companies (median 3.9× revenue multiple) from ecosystem platforms (median 8.2×) [13]Equal Ventures / BVP Analysis, 2024.

    The GRC market illustrates this concretely. MetricStream and SAP GRC represent the incumbent layer: broad platforms with enterprise lock-in but legacy architectures that retrofit AI onto existing workflows.

    Vanta and Drata built cloud-native compliance automation (GRC 3.0), capturing the startup and mid-market segment with faster onboarding and lower cost.

    Now a new generation of AI-native challengers arrives. Complyance raised $20 million from GV in February 2026 with an AI-agent-first approach [14]TechCrunch, 2026. Kovr.ai emerged from stealth with LLM-based compliance engines for high-assurance environments [15]Kovr.ai, 2025. These GRC 4.0 entrants share a pattern: automated evidence collection, generated audit-ready artifacts, and pricing on outcomes.

    The fixed dimensions protect GRC from the wholesale replacement that threatens simpler categories. Regulatory requirements (EU AI Act, SOX, ISO 27001) create compliance barriers that CRUD-replacement cannot bypass. Enterprise switching costs are high. Audit-trail integrity demands deterministic accuracy that probabilistic AI alone cannot guarantee. These fixed dimensions buy time. The controllable levers determine who uses that time well.

    What must boards and CEOs do now?

    Map your position on both axes. Take your current business model and assess each fixed dimension honestly: How regulated is your market? How deep is your data moat? How complex is the process you replace? Then assess each controllable lever: Is your pricing tied to seats, usage, or outcomes? Do you deliver a tool or a result? These two assessments together reveal your specific exposure profile.

    Run a build-vs-buy audit with your largest customers. Ask directly: have any of your clients built or considered building a replacement for your product using AI coding tools? If the answer is yes, you have months to respond, not years. Retool's data suggests that simple workflow tools above $250,000 annual cost are primary replacement candidates [3]Retool Build vs. Buy Report, 2026.

    Shift at least one revenue stream toward outcome-based or hybrid pricing before your competitors do. Gartner forecasts that over 40% of enterprise SaaS spending will move to usage, agent, or outcome-based models by 2030 [16]Gartner, 2025. The GRC market shows the template: Complyance charges based on automated compliance outcomes, not per-user licenses. The economics are different. AI-native companies operate at 50–60% gross margins versus 80–90% for traditional SaaS [17]BVP State of Cloud, 2024, so pricing architecture and unit economics must be rebuilt together.

    Evaluate whether your product sits in the workflow layer, the intelligence layer, or the outcome layer. Bain's research shows that the highest-risk quadrant combines high task automation potential with high API penetrability [4]Bain, 2025. Products that function primarily as data entry and routing systems, where AI agents can access the same APIs and execute the same logic, face the most immediate pressure.

    Our Take

    This framework came out of a real situation. I'm currently evaluating Ethenios, an AI-native compliance intelligence platform, with a technical architecture for regulated environments I've documented in a separate article. I call this approach GRC 4.0. First question in the due diligence process: how exposed is the GRC category to AI disruption?

    The answer surprised me. Barely. Regulation protects the market. EU AI Act, SOX, ISO 27001 — you can't replace compliance with a CRUD app, no matter how good your coding agent is. Audit trails demand deterministic accuracy. Those are fixed dimensions. They hold.

    The attack vector is somewhere else. MetricStream charges six-figure annual licenses for platforms where compliance teams still spend weeks on manual evidence gathering. Ethenios provides continuous monitoring and automatically generates audit artifacts. Quarters become days. That's the controllable lever — delivery model, not pricing alone.

    Every PE board should ask this question for every portfolio company: Which fixed dimensions protect us, and which levers haven't we pulled yet?