Garth Schwer

Recent Writing

The Adobe Gap and the Death of SaaS

Properties1
tagslinked-in-posts, shadow-it, saas, ai-augmentation, cybersecurity, ai-agents

3 min read

The Adobe Gap and the Death of SaaS

The “Adobe Gap” is closing, creating a security black hole in the process.

Most SaaS companies thrive within this gap—the friction between an employee needing one specific task, such as merging a PDF, and not having the budget or patience for a six-month procurement cycle.

The vendor argument holds that you buy platforms, not features. But for a technical generalist with a deadline, a platform is just overhead. If they only need that feature once a quarter, they won’t ask for a license; they’ll find a shortcut.

I’ve spent my career in cybersecurity and IT operations as a technical generalist, rarely coding beyond twenty lines or complex regexes. Anything bigger meant a proper tool and months-long procurement processes.

That changed with the November 2025 AI inflection point.

For those of us observing, that was the ten-day window where the industry crossed an invisible capability line: GPT-5.1 introduced adaptive reasoning; Gemini 3 Pro integrated natively into browsers; and Claude 4.5 finally hit the 80% mark on autonomous coding benchmarks. AI transitioned from being a chatbot to becoming an agent.

Recently, I faced a PDF task needing a license I didn’t have. Before November, an AI might have provided me with instructions on how to do it manually. This time, it wrote raw code that executed the job in seconds. The code wasn’t professional-grade; a senior dev would likely wince at its logic. Yet for most business needs, “it works” is the only metric that matters.

This reality signals the death of utility SaaS and the emergence of a significant shadow IT crisis. When anyone can prompt a custom tool into existence in thirty seconds, the procurement barrier disappears. So does the security perimeter. We’re looking at a future where thousands of “good enough” scripts running critical data live in isolated local environments with no patch management.

The November shift made solving your own problems effectively free. But it also made creating vulnerabilities equally easy.

If software solves a problem that can be scripted in a single prompt, you don’t have a product; you have a countdown timer. As a CISO, this means not just shadow IT but an invention problem: you’re dealing with thousands of undocumented AI-generated utilities rather than unauthorized SaaS subscriptions.

I wonder…

  • How do vendor relationships and trust patterns built around SaaS models change as AI agents commoditize task-specific tools?
  • What happens to organizational knowledge consolidation or degradation when every employee can generate “good enough” solutions in isolated local environments?
  • Is our current security investment focused on procurement and governance becoming inversely valuable—better controls lead to more friction for tool adoption, potentially compromising the very security meant to secure us?
  • How do our existing audit frameworks detect tomorrow’s shadow IT crisis (thousands of AI-generated utilities), versus yesterday’s (unauthorized SaaS subscriptions)?
  • [AI and Cyber Governance Consulting Models]

Graph View