Gen AI has broken the internet in the past 30 months and not unjustifiably. It’s become apparent that business as we know it is changing, since the underlying software that powers has evolved. At this pace of adoption, in a year or two, everything will be AI-powered by design. This is radically changing the SaaS operating model and will scale both positive and negative impacts of technology beyond anything we’ve seen before.
We are at a unique point in history where, as AI is woven into the global economy, we can integrate appropriate controls to seize the maximum benefit from it while minimizing its negative impacts. We need a Trust Layer for AI and it should be built on open web protocols.
14 months after a major pivot we have spent over 500 hours of research on AI and Identity, 100s of hours in customer conversations, and have successfully proven the concept of Magic ID Agents with our first customers. During this time, we’ve heard opinions about Gen AI from both sides of the spectrum – from the conviction that Gen AI will evolve into AGI, to the comparison of the Gen AI hype with that of XML in the 90s.
Despite which side you sit on, you cannot deny that Gen AI is shrinking the time to market for many startups. And if you pay close attention, you’ll realize that those who benefit the most from AI are, predominantly, the small and scrappy startups and not the colossal enterprises. That’s not to say that enterprises don’t use it, but from my exposure to them it’s mostly used by employees rather than woven into their operations.
The power that Gen AI is giving to small, agile teams over larger enterprises is positive news from a competition perspective and there are three good reasons it is happening:
- With the state of Gen AI, introducing Gen AI powered features to a large customer base carries reputation risks and liability. Many enterprises also lack the architecture and operating model to support this transition rapidly.
- Enterprises carry years of technical complexity and cannot easily introduce efficiencies across their stack using AI. Hence why Accenture, McKinsey etc. are making millions on advisory work in this regard.
- They might already be using narrower AI or ML across their operations and products which are likely more effective for the job at hand than a Gen AI would be.
Startups on the other side, thrive in experimentation conditions and the scaling power that Gen AI can give them on the get-go, makes launching, calibrating, and pivoting cheaper and faster than ever.
Cheap scaling and AI exuberance
We live during a glorious time where building and validating new ideas is no longer the privilege of a few people with an engineering background or deep pockets. Thanks to Gen AI and the many LLM wrappers that have spawned during the last 24 months, development of MVPs is possible for us mere mortals. For those experienced engineers, they can 1000x their capabilities and accelerate out of reach.
Even Y Combinator has quoted extraordinary efficiencies in its latest cohorts thanks to AI. Garry Tan forecasts they will see many 10 people teams reaching the $10m ARR thanks to such efficiencies – what a time to be alive.
Of course, using AI to build products faster has its downsides. People confuse fast products with good products, and we already start to see problems caused by the so-called “vibe coding”. This is rather normal as everyone wants to get their hands on these tools and experiment and not be left behind – I think it’s unlikely we will outsource development of secure software to machines any time soon.
Moreover, as developing MVPs becomes simpler even for non-techies, our newly formed abilities to scale our powers as individuals and companies are coming with an extra dose of AI exuberance. That is manifested in the building of products that nobody really needs like this AI-built copy of DocuSign and its celebration by the Linkedin community, especially while Google Suite users get free access to e-signing tools with the basic workspace deals. The downside of this is the creation of a bubble, founded on the anticipation that Gen AI will evolve into AGI, whose ripple effects are likely to transcend industries. It goes a bit like this:
- Building AI products is easier than ever =>
- Many AI powered solutions relying on the Large Language Models are created and funded =>
- A lot of them see early traction because of the rising tide across the whole market =>
- As LLMs become better, some of the startups that rely on them become redundant =>
- Startup traction is redefined to high adoption numbers and high churn =>
- As a proportion of these startups die (cc dot-com bubble) the market reevaluates Gen AI =>
- Customers gradually resort to using products directly from LLMs to avoid continuous turbulence =>
- More centralization around LLMs and substitution of diverse software solutions with big players’ APIs
Well, it might not exactly go like that but starting from the developer behavior today, it’s clear that software and in turn SaaS is undergoing disruptive changes.
Is SaaS dying?
The technology sector as a whole is undergoing a paradigm shift. We believe that during this current wave of innovation and change led by artificial intelligence, we will see the unbundling of inefficient SaaS platforms like when Klarna ripped out Salesforce. With the average SME spending $12m on SaaS per year and only using 16.5% of the features on average, it’s not a surprise companies and people are rooting for large SaaS disintermediation.
Nevertheless, just because one can build a DocuSign replica using no-code tools, it’d be foolish to think that DocuSign Inc. will be displaced because of it. A more real risk for SaaS would emerge if these new apps that Gen AI creates offered unparalleled convenience compared to their competitor. Think of it as getting the Amazon experience but for every new app that you use and without one large tech firm knowing all your preferences.
Based on the above, the market evolution we anticipate in the age of Gen AI is the modularization of the most utilized SaaS features into the AI layer. We believe that this will lead to the proliferation of micro-SaaS, hyper-personal apps that instantly connect to user or business ecosystems. These new apps will truly belong to their users without intermediary parties or aggregation layers – living up to the promise of Web 3.0. The interesting part in this evolution of SaaS is that it will likely shed off a good part of the unnecessary human-oriented UI. Therefore, it’s worth thinking of these apps as simply “logic” abstracted to the AI layer and probably reachable via natural language.
But why does all of this matter and what’s the potential?
Scaling our potential and elevating data security
Time for a thought experiment: pick a task that you often perform but actually really dislike doing. Something repetitive that doesn’t teach you anything new when you perform it repeatedly. Now pretend you are directing someone to perform this task for you in natural language. To maximize the hypothetical benefits of this exercise, try to incorporate a “who”, a “when”, and a “what” apart from the task itself, for automation. For example:
“At the end of every calendar month, invoice Jane Doe [who] for the previous month’s [when] billable hours for the work we did on the PR release [what].”
Let’s break down what would happen behind the scenes in the example above and what your AI Agent would need to access:
- Calendar for finding out the billable hours.
- Email for sending the invoice to the customer.
- Accounting software that is required for raising invoices.
- Potentially, a payment gateway to fully streamline the transaction.
Where it quickly gets messy is where the Agent needs ongoing authorization to do these things.
Slowly but steadily, your whole life will be outsourced to artificial intelligence.
At that scale, how much authorization admin will you have to do, to ensure that your AI Agent doesn’t destroy your relationship with your customers, kill your credit score, or cancel your health insurance because you haven’t used it for the past 24 months.
We are not ready for this future today because it implies that we either have to:
- Send our highly sensitive data to a bunch of different services to get processed and rely that they will keep it secure, or that they will delete it when asked. Tricky, to say the least, or;
- Invent a new paradigm that doesn’t require us to send our sensitive data to thousands of different places to enjoy these superpowers. This is what we call an ID Agent at Magic.
We have reinvented how data is utilized online to deliver valuable, personalized, and trustworthy services. In our view of the future, we don’t move personal data around, trading it for micropennies. Instead, we move apps. This has a profound impact on how the internet as a whole works. In this new internet, with the users’ permission, even the mom and pop shop will be able to deliver highly personalized, seamless services to all its customers without the surveillance. We believe that this tech-empowered competition is a much preferred outcome for the society as a whole than techno-feudalism, no matter what Peter Thiel would have us think.
A new model for Software as a Service (SaaS)
So SaaS is not exactly dying but it’s changing for good. The purpose of the previous thought experiment was to demonstrate that this future model will also require three novel concepts that are not present in SaaS today. It will also require the evolution of the traditional “feedback loop” that many SaaS products incorporate to drive customer satisfaction and scale.
The Evolution of the Feedback Loop: Although an existing concept, the feedback loop will need to evolve at the pace of data produced in AI-powered applications, as well as include the ability to alter Agent software behavior through analyzing rules and preferences. This is critical if we are ever to reach a future state of intelligent software that dynamically adapts to better fit our needs and protect us from harm.
1) Decision Framework
SaaS today (apart from specialized ML applications) doesn’t have a decision framework. Agentic SaaS will need to utilize the rules and preferences defined in the feedback loop to make decisions and record them reliably, so that human intervention is possible. The end-goal here would be training AI Agents to reliably and ethically serve their owners’ best interests, although this is much easier said than done.
2) Trust Layer
In 2024, over 50% of online traffic was generated by bots, following an accelerating trend since 2019. This makes the need for identifying and trusting bots an imperative. It also needs to be simple for people to delegate and remove authority to and from bots. For example, if your bot secured a loan and bought a car you don’t need, you’d want someone held accountable, right?
At Magic we chose to peg trust to the most successful decentralized medium of all time – the internet. Every identity on the Magic Platform is a web domain. In contrast to logins, domains are globally unique and addressable by other systems without middlemen like “sign up with Facebook”. This simplifies audit trails and enables involved parties to be certain who they refer to both when transacting and auditing. It also solves a lot of traditional identity problems that companies have when rolling out large IAM solutions like Okta. With Magic, the rollout can be incremental and the user experience delivered is not limited to log-ins.
3) Personal Private Servers
Making micro-SaaS instantly personalized and interoperable with users’ and businesses’ ecosystems would require a lot of personal data moving around and/or being stored in someone’s platform. We have sold to or consulted 100s of businesses in data related matters and we forecast that this market movement is very likely to lead to huge data security complexities. One that leads to the downfall of many brands, not unlike the one that destroyed 23andMe. The only viable solution we see to achieve this future, is a trusted personal server that acts as the gatekeeper for the sensitive data that AI Agents will require to deliver personalized micro-SaaS. This last component is essential to help us transition to the new model of SaaS. In the age of AI, one way to think of it as Self-Sovereign Compute (SSC).
Implications for data security and personalization
In this new world, we can achieve hyper-personalization and trust without the Big Tech spider and the need for central servers storing and processing all our data. In turn, this changes the long-held belief that hoarding data is the most sustainable moat. In essence, we suggest that every application gains a personal web agent or in simple terms, a lightweight backend that can process data securely in the users’ personal private space, like shown below:
Consider the sheer scale of global transactions which already surpasses the 33 billion gigabytes per day or 33 exabytes – for comparison, the average iPhone today packs 256 gigabytes so that’s close to 129 million iPhones per day worth of traffic. How much data will have to flow across systems if we do not reimagine how data is consumed to produce user experiences and digital services? This is not only a data security nightmare but impractical at scale unless we want to further consolidate the gatekeeping role that Big Tech has in our lives and governments.
The good news is that businesses and users are already benefiting from solutions like Magic’s personal private servers which allow businesses to send algorithms straight to the users’ data to complete a task. An example of this is a “Communications API” which allows brands to communicate with me without actually holding any personal data of mine. This Comms API gives businesses a personal endpoint for me and they can then choose which tools they want to use to get in touch with me.
A trust ecosystem as open as the internet and beyond…
Now let’s wave a magic wand and pretend, all the right technical components are in place to create this new iteration of SaaS. How can we avoid creating a bigger centralization nightmare? After all, Gen AI is making the consumption of unstructured data easy even for non-technical people. Are we watching humanity enter a whole new era of surveillance and polarization, led by a personal AI manipulator living in our pocket (and soon in our head)?
As Charlie Munger had said, “show me the incentive and I’ll show you the outcome”, and unfortunately, the internet succumbed to the centralization incentive since the dot.com boom. From that point on, the Big Tech has overpowered every attempt to create a more equitable internet. We believe that the outstanding piece in creating a truly open future where we can trust online transactions while scaling our human abilities beyond imagination is an impartial economic engine. One that doesn’t require permission for participants to play or earn from. In other words, a decentralized cryptocurrency with finite supply.
The purpose of this cryptocurrency should be utility instead of speculation. Its mission, to enable a web of trust without gatekeepers, where any two parties who want to transact can use a currency, independent of a central authority, to elicit trust without the need to see the other party’s data. See the description below the image for more context.
- The business, Acme Devs, Inc can add the Magic Libraries to its webapps to give them native security capabilities like authentication, authorizations, and permissions. We have been getting great feedback on this already with early adopters finding it simpler and more flexible than OAuth or SAML authentication.
- The business can go a step further and write a lightweight backend that can run inside the users personal space, privately using their personal data to deliver an output (e.g. is Jane over 18?).
- The user (Jane) owns the server where she can store her data and also maintain private APIs with other data storage facilities like a wallet or her bank. Data can be fetched upon request privately so the user doesn’t need to bring all her data into Magic. We hold an impartial position about this, everyone should keep their personal data where they feel comfortable.
- While the business owns the application’s backend, it actually is hosted in the users’ server so the data doesn’t have to move from the users’ private space. At the scale of AI, we believe this will become a requirement for all sorts of personal data applications – with Magic, businesses are future-proof.
So what now?
To build this future, we will need several value chain participants to collaborate. Specifically speaking about the evolution of SaaS, Magic is not planning to develop the decision framework that these agentic micro-SaaS will rely on but the trust layer is already utilized by businesses across the world and early adopters are praising our technology and how well it scales compared to alternatives:
- Magic was the only identity platform that could provide SSO across domains.
- Our partner brands integrate at least 80% faster using Magic compared to the identity wallet solution and SSOs.
- Magic Auth is as secure as OAuth but much simpler to integrate and gives us flexibility for different user journeys.
Our platform is being developed faster than we expected with the limited venture funding that we have raised and we are currently designing the underlying cryptocurrency that will power the transactions in the ecosystem. We have built a stellar pre-seed team of specialist startuppers, GTM experts, and data privacy experts and we have a growing community of developers that are using our platform’s features to add native trust and security capabilities to their web apps.
We would love to hear your thoughts on our predictions about the future of SaaS and if you want to stay tuned for updates hit the follow button here or book a meeting to talk to us.