Build vs. Buy Is Over. Build Won — and Three Problems It Creates

The build-vs-buy equation has flipped. For decades, only the biggest companies could afford to build custom software. Everyone else bought SaaS — and overpaid for platforms they barely used. 80% of features in the average SaaS product are rarely or never touched. 53% of licenses sit idle. SaaS prices inflated at 5× the rate of general inflation while the products got more bloated, not more valuable.

SaaS companies left the door wide open. AI walked in and scored.

This has happened before

Jim Barksdale, the former Netscape CEO, said there are only two ways to make money in business: bundling and unbundling. It’s a cycle that repeats across every industry. Newspapers bundled news, classifieds, weather, and sports — then the internet unbundled them. Cable TV bundled hundreds of channels — then streaming unbundled it. Banks bundled payments, savings, and lending — then fintech unbundled them.

SaaS was the great bundling. Salesforce absorbed CRM, marketing, analytics, and support into one platform. Atlassian absorbed project management, docs, and code review. The playbook was always the same: land with one use case, bundle more features, raise prices, make switching painful.

AI is the great unbundling. When you can build a focused tool that does exactly what you need — in a day, for nearly nothing — the bundle stops making sense. Klarna ditched Salesforce and Workday, consolidated 1,200 apps. Linear hit $100M revenue with ~100 employees by doing the opposite of Jira: fewer features, not more. Companies aren’t leaving because AI is shiny. They’re leaving because the incumbents made themselves replaceable.

It’s cheap to build now. But somebody still has to maintain it.

I build internal tools with AI regularly. It’s genuinely incredible. Things that would have taken weeks ship in hours. The build-your-own era is real, it’s here, and it’s a massive unlock.

But it’s cheap to build now. Somebody still has to maintain it. Secure it. Govern it.

I run engineering in regulated health tech, and precisely because I’m building with AI every day I can see three problems emerging that most of the celebration is glossing over.

Governance

When Salesforce handled your CRM, Salesforce handled GDPR. When you build your own, that burden transfers to you. Most companies building internal tools with AI haven’t thought about this yet. They will — the moment they get audited.

In Europe, it gets heavier. The AI Act adds compliance requirements when AI-built tools make decisions affecting people. Layer on GDPR, NIS2, and sector-specific regulation, and the governance surface area grows fast. The vendor didn’t just provide software — they provided a compliance wrapper. That wrapper is now your problem.

This isn’t a reason to stop building. It’s a problem worth solving — and the companies that make governance seamless for the build-your-own era will be enormously valuable.

Operations

Building a tool with AI takes an afternoon. Keeping it running takes years.

Who patches it when a dependency breaks? Who monitors uptime? Who gets paged at 2am? And the question nobody asks until it’s too late: what happens when the person who built it leaves the company?

Platform engineering is already the most in-demand discipline in DevOps, and this is exactly why. Every company that builds instead of buys needs someone to keep the lights on. Good platform engineers are scarce and getting more expensive. Most companies embracing the build-your-own era haven’t figured out who maintains what they’re building.

Security

This one should concern everyone. Vibe-coded apps built in an afternoon, deployed to production, handling real customer data — with no security review, no penetration testing, no dependency auditing.

AI-generated code can look perfectly functional and still contain vulnerabilities that no human reviewed. Input validation, authentication edge cases, data exposure — these aren’t things that show up in a demo. They show up in a breach.

The first major data breach traced back to a hastily built internal tool is a matter of when, not if. When it happens, the regulatory and reputational fallout will make the SaaS pricing complaints look trivial.

The hard part is what comes after

Every unbundling cycle leads to re-bundling at a different layer. The software layer is being commoditized — and that’s a good thing. But governance, operations, and security don’t get easier just because building got easier. They get harder when every company is shipping custom tools at speed.

These aren’t reasons to slow down. They’re where the next wave of real value gets created. The people, companies, and platforms that solve these three problems for the build-your-own era will define the next decade of software.

The SaaS incumbents spent ten years bundling features nobody used and charging more every year for the privilege. Build won. But building is the easy part now.

The hard part — and the opportunity — is everything that comes after.