SaaS is Dead: Why Your Next Security Tool Should Be a “Vibe-Coded” Agent
Imagine walking into a vendor hall at a major security conference. It’s a sea of bright lights, free t-shirts, and “puppies.” You see a tool that looks cute, claims to solve all your problems, and carries a “Fortune 2000 sticker price”. You buy it, bring it home, and realize it doesn’t quite fit your environment, requires a full-time handler to tune its rules, and costs a fortune in labor just to keep it running. This is the traditional Software as a Service (SaaS) model, and according to the experts, it is officially becoming legacy software.
We are currently witnessing a tectonic shift from Software as a Service to Service as Software. In this new era, the ability to write code in English is replacing the nightmare of hunting for missing semicolons in C++ or Java. If you aren’t prepared to pivot toward a System of Agents, you’re not just falling behind, you’re overpaying for obsolescence.
The Great Inversion: From SaaS to Service as Software
For decades, programming was a high-barrier-to-entry skill. It took months or years to prototype a functional tool. Today, Large Language Models (LLMs) like Claude Code, Google Gemini, and GitHub Copilot have turned everyone into a developer. We have moved from the “ancient days” of punch cards and manual coding to “vibe coding”, the ability to describe a business process in plain English and have AI spit out functional code in minutes.
The fundamental problem with traditional SaaS is the hidden labor cost. You buy a tool like a SIEM, but you still need a massive team to handle data ingestion (ETL), rule tuning, and alert fatigue. In the Service as Software model, the goal is to automate every one of those human tasks using AI agents. By focusing on the business objective rather than the tool’s features, organizations can build custom solutions that minimize labor, which is traditionally the largest drain on a cybersecurity budget.
The Three Generations of Security Evolution
To understand where we are headed, we must look at the three worlds of security technology:
Generation 1 (The SIEM Era): This is classic SaaS. It is a tool-centric model where the burden of work remains on human experts to tune regex patterns and manage data.
Generation 2 (The SOAR Era): This is “Service as Software” in its infancy. It uses “if-this-then-that” logic to automate known patterns. The weakness? Like old-school antivirus, it only catches what you’ve already defined. If the bad guys change their technique, your automation breaks.
Generation 3 (The AI SOC/Agent Era): This is the future, a System of Agents. Instead of hard-coding patterns, you train LLMs on intents (what “good” and “bad” look like). These agents can generalize; they see a new threat and realize it looks like a known attack framework, allowing them to provide evolving, real-time coverage that gets smarter as the LLM improves.
The $300,000 Prompt: Building Tools in Minutes
Why pay a vendor $300,000 for a Software Composition Analysis (SCA) tool when you can build a tailored version during your lunch break?. In a recent demonstration, a functional SCA and SBOM generator was built using a single, detailed prompt in Google Gemini.
In just two minutes, the AI generated a tool that could:
Accept a zip file of a software repo.
Identify reachable vs. unreachable vulnerabilities.
Query the Open Source Vulnerability (OSV) API.
Generate a PDF risk report for a GRC tool.
The result? The scan identified 35 components, flagged 26 as reachable, and found 14 with known vulnerabilities. While not “perfect” in the first 30 seconds, a week of tuning this “vibe-coded” tool is still significantly cheaper than a six-figure vendor license. Furthermore, building in-house allows you to solve data localization issues in regions like Russia or China where SaaS vendors often refuse to store data.
The “Stupid Faster” Warning: AI Pitfalls
Before you “push the I believe button,” remember that AI is a force multiplier, for better or for worse.
Automating Bad Processes: If your current workflow is broken and you automate it, you have simply made “stupid faster”.
The Maintenance Trap: Building a tool in an hour is easy; maintaining it, patching it, and handling feature requests is a full-time job often underestimated by “vibe coders”.
New Attack Surfaces: Moving to an agentic workforce introduces risks like malicious models, AI-generated vulnerabilities, and data siphoning if your AI is hosted in a hostile jurisdiction.
Strategic Recommendations for the Agentic CISO
The “tsunami of code” created by AI-assisted developers will quickly overwhelm any manual governance process. To stay afloat, CISOs must transform their departments from cost centers into business enablement centers. Here is the superpower playbook:
Implement the “One-Hour Rule”: A CISO must spend at least one hour a day hands-on-keyboard with these AI tools. If you don’t comprehend the capabilities of “dirty and cheap” AI coding, you cannot effectively manage the risks it creates.
Identify “Agentic” Candidates: Look for high-cost, high-labor roles that can be superpowered by agents. This includes Data Privacy Officers, AI Governance, and Enterprise Architects.
Scale Through Speed: Use the Threat Modeling metric. If an architect takes 40 hours to do one threat model, an AI agent can do it in 10 minutes. This allows you to perform threat models on every single code change in every repo, achieving a level of scale that was previously impossible.
Empower the “Non-Technical” Staff: Encourage non-coders (like marketing or business analysts) to use tools like Claude Code to build prototypes. This allows them to hand over a working wireframe to IT, ensuring the final product actually meets business requirements.
Focus on Intent, Not Regex: Shift your SOC strategy from defining specific patterns to defining outcomes and goals. Train your agents on what “good” looks like so they can defend against evolving threats without constant manual updates.
Conclusion: The Future is Agentic
We are moving toward a world where every role is a developer role. The CISO of the future isn’t just a risk manager; they are the architect of a digital workforce. By embracing Systems of Agents, you can achieve the elusive “better, faster, and cheaper” trifecta without sacrificing security.
The tools are here, and they cost as little as $20 a month. The question is: will you use them to build your own future, or will you keep paying for the “puppies” of the past?.
Agree, I've implemented a dozen automatizations already via AI. But AI as a tool here, not as a solution 🙃
Glad to see you added in the "AI pitfalls" part - because that is likely to be a serious issue.
Before turning over your company to an army of agents, remember three things:
1) Human-in-the-loop does not scale.
2) AIs are fundamentally unreliable - just like humans. So deterministic systems are required to keep them under control.
3) Have a human security expert review security agents just like they are supposed to review everything else.