The SaaS sector has recently shed over $1 trillion in market capitalisation since the start of 2026. The market’s verdict has been swift, simple, and almost unanimous: AI code agents are about to commoditise every software product on the planet, and no valuation multiple is safe.
We think this sell-off is analytically lazy. And it’s being driven, at least in part, by the very technology it fears — hallucinating on its own research.
When the Market Feeds on Its Own Mistakes
The AI systems generating financial commentary, synthesising news flow, and powering sentiment analysis are now producing content that itself becomes the data those same systems consume. It’s a closed feedback loop with no external correction mechanism.
OpenAI’s frontier reasoning models have hallucinated in 30–50% of test scenarios. DeepSeek R1 — the model that triggered January 2025’s $589 billion Nvidia single-day wipeout — carried a hallucination rate nearly four times higher than its predecessor. Markets repriced by hundreds of billions on the back of outputs from one of the least reliable AI systems available.
The 2026 SaaS sell-off follows a similar script. An AI product release triggers a social media firestorm. Sentiment algorithms flag extreme bearishness. Algorithmic trading systems act on those signals. Selling begets selling. The price move gets reported as news. That news is ingested as a fresh signal. The cycle restarts. What took days in 2016 now takes minutes.
The Moat Was Never in the Code
Let’s be clear: AI has genuinely destroyed certain competitive advantages in software. Tools like Cursor and enterprise-grade agent frameworks can replicate the majority of standard SaaS functionality within days. Traditional defences built on elegant code, polished UX, or rapid iteration cycles are under real pressure.
But the companies being indiscriminately sold are often those whose actual protection was never in the codebase to begin with. The durable moats live outside the software entirely — in proprietary data rights, regulatory licences, institutional relationships, deep workflow embedding, and sustained frontier research. None of these can be prompt-engineered into existence.
We developed a five-pillar framework to evaluate which enterprise software companies will survive agentic AI disruption and which face existential risk. The five pillars are: proprietary data, workflow embedding, compliance barriers, domain logic, and frontier research posture.
- Proprietary data is the most powerful flywheel. Longitudinal transaction histories, sensor streams, clinical outcomes, and behavioural graphs cannot be scraped or synthesised by frontier models. Every new user enriches the dataset; every richer dataset sharpens the AI inside the platform. General-purpose models simply lack the consent, the legal right, and the accumulated context to replicate this.
- Compliance barriers are even harder to replicate. FedRAMP, ITAR, HIPAA, FDA 21 CFR Part 11 — none of these licences can be generated by a language model. AI can write compliant code, but it cannot sit in a three-year audit cycle with a government agency, secure institutional relationships, or accept legal liability for a breach. Switching costs in these environments routinely run into the millions and span multi-year implementation timelines.
- Deep workflow embedding completes the picture. When a SaaS platform is the system of record inside core banking, hospital EHRs, or government case management, replacement isn’t a technical decision — it’s an organisational trauma. Staff retraining, data migration, permission re-architecture, and regulatory re-certification make a rip-and-replace approach impractical, even when a cheaper AI-built alternative exists on paper. Three High-Moat Sectors: Healthcare IT, ERP, and Cybersecurity
Our framework identified three sectors where all five moat pillars converge. These are the businesses we believe are being most mispriced by the current sell-off. Healthcare IT: and
Pro Medicus operates Visage 7, a GPU-accelerated medical imaging platform that is not merely ahead of competitors in degree but different in kind. A multi-year engineering rebuild would be required to replicate its streaming architecture. The company reported a 72.6% EBIT margin and 28% revenue growth at the half-year, and co-develops AI algorithms with institutions including Mayo Clinic, NYU Langone, Yale, and UCSF. Crucially, every algorithm embedded in Visage requires individual FDA, TGA, and HIPAA re-validation before clinical deployment. That compliance barrier compounds with every new jurisdiction.
Veeva Systems holds over 80% of the global life sciences CRM and content management market. Its GxP Vault platform embeds FDA 21 CFR Part 11 and EU Annex 11 compliance into every workflow. The estimated cost to switch and re-validate sits between $1–5 million per customer, with a 12–24 month re-approval timeline. Vault AI Agents are rolling out through 2026, validated in situ inside the compliance framework — deepening lock-in at the precise moment AI capabilities are advancing fastest. ERP: and
WiseTech’s CargoWise platform is the de facto operating system for global freight forwarding, touching approximately 80% of manufactured trade volumes across 170+ countries. Its customs compliance capabilities, denied-party screening tools, and government integrations took decades and deep institutional trust to build. No AI agent can replicate decades of tariff codes, sanctions lists, FTA treatments, and real-time border clearance data without the underlying compliance relationships. Management has explicitly framed AI as the primary product velocity driver for the next phase, with CargoWise AI active in execution workflows as of the first half of FY26.
Technology One’s “Power of One” ERP holds IRAP PROTECTED accreditation — the highest Australian government cloud security certification — and serves the dominant share of Australian and New Zealand local government councils. Its customer retention rate sits at 99%. The company is actively winning enterprise-scale migrations away from SAP, with AI-powered natural language queries, automated financial workflows, and agentic procurement accelerating adoption. Cybersecurity: and
Cybersecurity represents a sector where AI disruption actually expands the addressable market rather than compressing it. Every new AI-generated attack vector widens the threat surface — and compounds the telemetry advantage of the largest installed bases.
CrowdStrike’s Falcon platform processes trillions of security events weekly across endpoints, identities, and cloud assets. That proprietary threat telemetry continuously retrains detection models at a scale competitors cannot replicate. Its gross retention rate sits at 97%, with ARR growth in the 27–30% range. Charlotte AI enables natural-language security operations and autonomous remediation workflows.
Palo Alto Networks is deeply embedded across global enterprises via next-generation firewalls (hardware and virtual), Prisma cloud security, and Cortex SOC automation. Annual revenue exceeds $9.2 billion, with customer retention above 95%. The company is winning wallet share as enterprises consolidate security vendors, with AI-powered security operations, cloud protection, and zero-trust architectures replacing point solutions at scale.
Not All SaaS Is Equal
The blanket sell-off ignores a critical distinction. Horizontal, lightly regulated point solutions do face genuine pressure. A project management tool with no proprietary data, no compliance certifications, and no deep workflow integration is legitimately threatened by AI-native alternatives. That re-rating is justified.
But the front-end application layer — the user interface — is the most vulnerable part of the software stack. Modern vibe-coding tools can produce attractive front ends with ease. The backend, where IP and value-driven logic reside, is far more defensible. And physical infrastructure will always remain infrastructure.
Per-seat pricing models also face different pressures depending on the customer base. Large enterprises reducing headcount and deploying agents will directly compress seat-based revenue. But small businesses that each need their own licence — a bookkeeper who needs their own Xero account, for instance — face a different calculus. The seat model is not uniformly dead; it depends on who’s sitting in the seat. The Spread Will Be the Widest We’ve Ever Seen
Non-code moats are the only defensible ones in an AI-saturated landscape. Regulated verticals like finance, healthcare, and government score highest on our framework precisely because their defences are legal, relational, and data-sovereign rather than technical.
The market will eventually re-rate on reality rather than on hallucinated narratives. When it does, the spread between AI-vulnerable and AI-fortified SaaS will likely be the widest investors have ever seen. The sell-off today may be handing patient capital an opportunity to buy the latter at a discount.
The question is whether you can distinguish between the two before the machines figure out they got it wrong.
