In early February 2026, a sharp software-sector selloff, widely described in market commentary as the “SaaSpocalypse,” erased hundreds of billions of dollars in SaaS and software-services market value. Anthropic’s release of Claude Cowork plugins gave investors a concrete example around which to reprice a concern that had been building for more than a year: AI-assisted development tools had lowered the cost of building functional software enough to change the build-versus-buy calculus in parts of the market.
This essay argues that the pressure on the SaaS model is real, but unevenly distributed. Mid-tier, single-function SaaS tools face credible substitution pressure when their workflows can be reproduced without extensive integrations. Enterprise platforms remain better protected by switching costs, embedded data, and accumulated operational complexity. Security debt and maintainability constraints further limit how far AI-generated code can scale without professional governance.
The SaaS Business Model and Its Structural Vulnerability
The SaaS model rests on two reinforcing dynamics. Gross margins of 70–90% meant that incremental revenue carried almost no additional cost to serve, and per-seat licensing tied subscription revenue directly to organizational headcount (Cirra, 2026). As enterprise workforces grew through the 2010s and early 2020s, SaaS revenue expanded almost automatically. By 2025, global SaaS companies had accumulated market capitalizations measured in the trillions of dollars, their valuations built on the presumption that workforce growth and cloud migration would continue compounding.
Both dynamics became vulnerable simultaneously. AI agents that could complete tasks previously performed by human employees did not merely automate work; they decoupled revenue from headcount. As FinancialContent (2026) characterized the arithmetic, if one AI agent substitutes for the productive output of several employees, an organization purchasing per-seat software licenses faces a clear economic incentive to consolidate. By early 2026, this “seat compression” dynamic had moved from analyst speculation to an active budget line item in enterprise planning cycles (FinancialContent, 2026).
The second vulnerability arrived through the supply side of software itself. The cost of building internal tools had been declining with each generation of AI coding assistants. By early 2025, it crossed a threshold that changed the build-versus-buy calculus for a meaningful segment of the market. Not for every organization, and not for every category of software, but credibly for single-function tools in the mid-market. The location of that threshold depends on what vibe coding can produce in practice.
The Vibe Coding Paradigm
On February 2, 2025, Andrej Karpathy described and named a practice developers had already been exploring informally: “vibe coding” (Karpathy, 2025, as cited in IBM, 2025). He used the term for a style of software development in which a programmer expresses intent in natural language, lets AI tools generate the implementation, and iterates through feedback rather than writing each line directly (Karpathy, 2025, as cited in Sarkar & Drosos, 2025).
By early 2025, tools such as Cursor, Replit Agent, Lovable, Bolt, and v0 had made that workflow plausible for a growing set of tasks (Mehta, 2025). Authentication, database connections, deployment, and payment flows increasingly arrived as standard output. Combined with better context handling and iterative debugging through error-message feedback, these tools lowered the effort required to produce functional software.
Sarkar and Drosos (2025), in an empirical study of recorded developer sessions, found that vibe coding does not eliminate programming expertise so much as redirect it. Developers still evaluate outputs, decide when to intervene, and manage context, but they do so through an AI intermediary rather than through continuous direct authorship. Their phrase “material disengagement” captures the distance this creates between code generation and code comprehension.
In this essay, vibe coding refers to a spectrum. At one end is the maximalist version Karpathy originally described: natural-language prompting, limited review, and broad acceptance of generated changes. At the other is professional AI-assisted development, where engineers use agents to accelerate implementation while retaining architectural control, review discipline, and testing standards. The market risk to SaaS comes from this whole spectrum, even if the security and maintainability risks documented here concentrate at the less governed end. By March 2025, Y Combinator managing partner Jared Friedman disclosed that roughly a quarter of the Winter 2025 startup cohort had codebases that were about 95% AI-generated (Mehta, 2025). Google likewise disclosed that more than 25% of its new code was AI-generated and then reviewed by engineers (as cited in Darrow, 2026). Within eighteen months of Karpathy’s post, AI-assisted development had moved from a niche practice to a mainstream workflow.
The Architecture of “Good Enough”
The SaaSpocalypse coverage frequently collapsed all SaaS into a single category. The operating reality is more segmented. Whether a vibe-coded alternative is genuinely competitive with a commercial SaaS product depends on where the product sits along two dimensions: monthly cost and integration depth.
Operator accounts suggest that substitution pressure varies sharply along these two axes. At $20 to $50 per month, an internal replacement is difficult to justify even when it is technically feasible. The ongoing maintenance burden of an internally built tool exceeds the subscription cost, making replacement counterproductive at that price point (Stapleton, 2026). For platforms deeply embedded in organizational systems, the cost of replacement can equal or exceed the product’s annual value. Their integrations, accumulated data, and role in adjacent workflows form much of the product’s practical value.
The exposed segment is in the middle of the market, tools priced between $200 and $1,000 per month, performing one or a small number of discrete functions, connected to organizational data through a limited integration surface. Form builders, basic workflow automation, contact management layers, single-channel communication tools, and analytics dashboards built around standardized data feeds fit this profile. These products charged for solving a specific, bounded problem. AI coding tools can now solve many of those bounded problems at a fraction of the cost, with a time-to-prototype measured in hours (Stapleton, 2026). A tool that handles the team’s actual volume and use cases, even if it lacks the edge-case handling of the commercial product, is now reachable by a technically capable employee spending an afternoon.
This pattern has precedents. Klarna’s decision to exit Salesforce’s CRM and Workday’s HR platform was the most prominently reported instance. In an interview published on the day of Klarna’s New York IPO, CEO Sebastian Siemiatkowski told Reuters that the company had saved approximately $2 million by dropping Salesforce in favor of internally built, AI-powered data tools, but added that the savings were insignificant for investors, whose attention he expected to be on growth rather than vendor consolidation (Mukherjee & Wang, 2025). In the same interview, Siemiatkowski acknowledged that Klarna had “probably over indexed a little bit” on AI-driven cost-cutting and had spent the prior six months attempting to course-correct. The company had returned to hiring and had begun reconsidering the replacement of human customer service agents it had cut in favor of AI (Mukherjee & Wang, 2025). The public account of the move required further correction on the technology side as well. Klarna did not replace Salesforce with a purely AI-built internal system, it replaced it with a combination of alternative SaaS tools and some internally developed components, and continued to operate Salesforce’s Slack platform while adopting Deel as an HR provider (CX Today, 2024). In the end, the Klarna episode offers a mixed case for AI-driven SaaS replacement: savings that the CEO himself described as investor-insignificant at shallow integration points, measurable organizational disruption, and a public retreat from the maximalist position. That example still registered with enterprise budget committees, but the full picture is more ambiguous than the initial headlines suggested.
Bain & Company’s 2025 analysis “Will Agentic AI Disrupt SaaS?” and Deloitte’s report “SaaS meets AI agents” identified the same underlying vulnerability before the February 2026 market event (Bain & Company, 2025; Deloitte, 2026). Both consulting firms characterized the risk as specific to per-seat tools in categories where AI agents could perform the underlying workflow autonomously. That vulnerability is concentrated in the segment where the product delivers a standardized capability through a user interface and where AI can reproduce that capability without reproducing the institutional data and exception-handling that protect more deeply integrated platforms.
Market Event and Structural Causes
On January 30, 2026, Anthropic released eleven open-sourced plugins for Claude Cowork, covering sales, finance, legal review, marketing, customer support, data analysis, and biology research (Mills, 2026). The plugins, which were hosted on GitHub, and initially available as a Mac research preview, let companies package their specific workflows, tools, and integrations into role-based AI applications that Claude could then execute autonomously. The proximate catalyst for the selloff that followed was the Cowork plugin release, which gave investors a concrete example around which to reprice a concern that had been building for more than a year (Masoni, 2026). The sell-off that followed was the software sector’s worst since 2022. The S&P 500 software and services index fell nearly 4% on February 3 alone, and the sector was down for six consecutive sessions as of February 4 (Ahmed, 2026). Market commentary placed cumulative SaaS and software-services market losses at approximately $285 billion within the first 48 hours. Reuters reported that US software stocks had lost close to $1 trillion over the full week of selling (Masoni, 2026). The iShares Expanded Tech-Software ETF (IGV) fell more than 21% year-to-date through the end of Q1 2026 (FinancialContent, 2026). Thomson Reuters, whose product portfolio includes several legal research and workflow tools directly threatened by AI agents capable of document review and contract analysis, fell 16% in a single session, its steepest single-session decline on record, erasing approximately $8 billion in market value (Masoni, 2026). RELX, which owns LexisNexis, dropped 14%, and Wolters Kluwer shed 13% (Masoni, 2026).
Sentiment amplified the sell-off, although investors were responding to a plausible economic concern. If an agentic AI platform could orchestrate business workflows autonomously, connecting to CRMs, drafting and reviewing legal documents, and analyzing financial statements, then an enterprise would pay for the AI platform and reduce spending on the several SaaS subscriptions the platform could displace. The market had been processing this logic abstractly for over a year. The Bain & Company and Deloitte analyses had each identified it by late 2025. Claude Cowork’s release converted the abstract concern into a concrete, shipping product with a documented scope.
Marc Benioff’s response at Salesforce’s Q4 FY2026 earnings followed the familiar incumbent line. He noted that the company had navigated previous rounds of market panic, including the shift from on-premises software to cloud, and characterized Salesforce as an AI orchestration platform company rather than a legacy SaaS vendor (Cirra, 2026). Q4 results showed 12% year-over-year revenue growth to $11.2 billion, which included a $399 million contribution from the Informatica acquisition. Salesforce simultaneously announced a $50 billion share buyback program (Salesforce, Inc., 2026a). Shares had still declined approximately 50% from their all-time high at the time of that reporting.
Benioff’s response reflects the broader incumbent strategy to position the platform as the orchestration layer for agents and workflows, with the traditional user interface becoming only one point of access. Salesforce’s Agentforce, Adobe’s AI integrations, and ServiceNow’s agentic workflows reflect this strategy. Whether this works will depend on whether enterprise customers choose incumbent SaaS vendors or to work with foundation model providers directly to integrate AI-mediated workflow orchestration into their business. The market has not settled that question yet.
Security and Maintainability Constraint
The build-versus-buy shift enabled by vibe coding carries a deferred cost that has not been adequately priced into the disruption thesis. AI-generated code presents a consistent and measurable security risk at the production scale required to displace commercial SaaS products.
Veracode sells application security scanning tools, which gives it a commercial interest in the findings. Its published methodology is sufficiently detailed to permit independent evaluation. Across repeated testing cycles, 45% of AI-generated code samples introduced vulnerabilities aligned with the OWASP Top 10 (Veracode, 2025). For most model families that failure rate has remained flat through multiple update cycles; a Spring 2026 follow-up found Anthropic, Google, Qwen, and xAI models still clustered in the 49–59% pass rate range. OpenAI’s GPT-5 family was an exception, reaching pass rates of 70–72% in October 2025 testing, the first substantial improvement Veracode had recorded since tracking began, though the overall picture across the field remained substantially unchanged (Veracode, 2026). A December 2025 analysis by security firm Tenzai examined 15 production applications built with five major AI coding platforms and found 69 vulnerabilities across the sample. Every application lacked CSRF protection and configured security headers; every tool introduced server-side request forgery vulnerabilities, a consistent failure across all 15 applications in the study (Cloud Security Alliance Labs, 2026a). A separate scan by API security firm Escape.tech covering over 1,400 vibe-coded production applications found that 65% had security issues, 58% contained at least one critical vulnerability, and the aggregate dataset contained over 400 exposed secrets and 175 instances of exposed personally identifiable information (Cloud Security Alliance Labs, 2026a).
These failures are not evenly distributed. Enterprise security researchers working across Fortune 50 organizations found that AI-assisted developers committed code at three to four times the rate of their non-AI peers, while monthly security findings across those organizations rose from approximately 1,000 to more than 10,000 over a six-month period. Syntax errors in AI-generated code dropped 76% and logic bugs fell 60% over the same period. Developers produced code faster, while many of the resulting security flaws remained invisible during normal testing (Cloud Security Alliance Labs, 2026b). AI models are optimized to produce code that runs. They are less reliable at producing code that remains resilient under adversarial conditions or that correctly handles trust boundaries and threat models.
The maintainability constraint is distinct from the security failure rate but equally consequential for the displacement thesis. Code generated through vibe coding workflows tends to be verbose, architecturally incoherent, and difficult for engineers who did not participate in generating it to modify, a predictable consequence of the “material disengagement” that Sarkar and Drosos (2025) identify as the defining posture of vibe coding practice. Waseem et al. (2025), in the first dedicated empirical treatment of technical debt in vibe coding, document how the speed and flow of AI-assisted development systematically defers architectural costs. The same session dynamics that make vibe coding feel productive generate codebases that resist the kind of deliberate modification that production software requires over its lifetime. Their guidelines for sustainable use implicitly acknowledge that the default vibe coding workflow, left ungoverned, accumulates debt faster than teams recognize. A vibe-coded replacement for a $400-per-month workflow tool may reach functional parity quickly for the use cases the team actually encounters. Harder work begins after deployment, when the tool must survive organizational growth, regulatory change, staff turnover, and dependency updates. Conventional commercial software handles that burden through dedicated engineering teams, documented architecture, and customer support organizations.
The Replit database deletion incident of July 2025, in which an AI coding agent destroyed a production database while a founder was supervising the operation, illustrated the category of failure that emerges when AI-generated code runs in production environments without adequate governance (Darrow, 2026). The incident was unusual in its visibility. The broader research suggests that the underlying failure mode is not rare and that its consequences compound over time rather than manifesting immediately.
Sarkar and Drosos’s (2025) phrase “material disengagement” describes the central governance problem. Developers orchestrate code production through an AI intermediary while maintaining selective oversight. That oversight is sufficient for a prototype or a low-stakes internal tool serving a small team, but inadequate for a system handling regulated data, processing payments, or operating within a compliance framework. Commercial SaaS products that vibe coding targets for displacement were, in many cases, built to address those edge cases and compliance requirements over years of development. The “good enough” version of the replacement holds until it does not, and the failure often arrives at the worst possible moment.
The workforce pipeline implications extend the problem forward. LeadDev’s 2025 Engineering Leadership Report, surveying 617 engineering leaders in March 2025, documented that just over half of respondents planned to hire fewer junior developers as a result of AI-driven productivity gains (LeadDev, 2025, as cited in Ojstersek, 2025). The technical debt generated by current vibe coding practices requires experienced engineering judgment to identify, assess, and remediate. That judgment is the same that junior engineers develop through years of exposure to production failures and debugging cycles. Organizations that eliminate junior developer pipelines reduce their future capacity to address the technical debt they are generating today.
Counterforces and Structural Resilience
The February sell-off moved faster than the underlying technology and enterprise adoption patterns. Several features of enterprise software work against rapid displacement even in the categories most exposed to vibe-coded substitutes.
The strongest enterprise SaaS products function as operational infrastructure. They sit inside approval workflows, audit trails, compliance regimes, and integrations accumulated over years. The switching cost of removing a deeply integrated platform such as an ERP system, core banking software, PLM tools, or supply chain management systems is a migration project measured in months and millions of dollars, independent of AI capabilities (Engineering.com, 2026). A vibe-coded substitute eliminates none of those switching costs.
The Klarna episode, examined in detail earlier, illustrates where the limits sit. The exits from Salesforce CRM and Workday HR produced modest savings at relatively shallow integration points and were followed by a public course-correction. No publicly documented case shows an enterprise organization vibe-coding its way to functional parity with Workday’s payroll tax compliance, ServiceNow’s ITSM workflow engine, or SAP’s ERP data model.
Benioff articulated the incumbent counterargument at Dreamforce 2024 that large-scale AI deployment in enterprise settings requires professional security management, governance frameworks, and reliable availability that a DIY internal build cannot readily provide (Cirra, 2026). That argument is self-interested but still describes a real constraint. An organization evaluating a vibe-coded substitute must assess whether the replacement can meet its security, compliance, availability, and maintenance requirements, requirements that commercial software addresses through product commitments, contractual expectations, certifications, and years of accumulated engineering practice, and that internally built software must build for itself.
The vibe coding practice itself is evolving away from the maximalist version that shaped the early public picture. By February 2026, Karpathy had publicly characterized the term he coined as passé. He described the current practice among professional developers as “agentic engineering,” a more disciplined workflow that retains the speed advantages of AI-generated code while applying professional oversight, quality standards, and architectural review (Taft, 2026). The “accept all changes, don’t read the diffs” posture may suffice for personal projects and rapid prototypes. It does not suffice for production systems in regulated industries, and practitioners are adjusting accordingly. The tools are also converging toward this more structured workflow: agentic IDEs increasingly incorporate reasoning loops, security checks, and pre-generation architectural planning rather than simply outputting code in response to prompts.
Potential Market Scenarios
The SaaS market could develop along several paths. Much depends on the rate at which inference costs fall and the speed with which organizations develop governance for AI-generated software at production scale. Current evidence points in more than one direction.
Incumbent adaptation
In this scenario, per-seat pricing gives way to usage- and outcome-based models while recurring platform revenue persists. Deloitte’s 2026 analysis predicts that by 2027 the majority of new SaaS contracts will include usage-based or outcome-based components (Deloitte, 2026). Salesforce’s Agentforce reached $800 million in annual recurring revenue by Q4 FY2026, up 169% year-over-year, with 29,000 deals closed since launch and accounts in production rising nearly 50% quarter-over-quarter; by Q1 FY2027, Agentforce ARR had reached $1.2 billion, up 205% year-over-year (Salesforce, Inc., 2026a; Salesforce, Inc., 2026b). These figures describe a model repricing its unit of value from seats to outcomes rather than disappearing outright. Bain & Company’s framework characterizes this as the “Core Strongholds” scenario. AI reinforces existing SaaS value rather than replacing it, and incumbents with deep data infrastructure and established compliance frameworks use AI to deliver more value per customer relationship (Bain & Company, 2025). This outcome is most plausible in regulated-industry verticals and deep-integration enterprise categories where switching costs remain prohibitive regardless of what AI can produce.
Market stratification
Here, pressure continues to concentrate in the middle tier, where both build costs and switching costs are low enough to permit substitution. The Stanford HAI 2025 AI Index Report documents that inference costs for a system performing at GPT-3.5 capability fell 280-fold between November 2022 and October 2024, and that open-weight models reduced their performance gap with closed frontier models from 8% to just 1.7% on key benchmarks in a single year (Stanford University Human-Centered Artificial Intelligence, 2025). As inference costs continue to fall and agentic tooling matures from the informal vibe coding practice toward the professional agentic engineering discipline Karpathy described in early 2026 (Taft, 2026), the build option becomes viable for a wider population of organizations across a wider range of tool categories. Deep-integration enterprise platforms retain durable protection through compliance requirements, institutional data moats, and switching costs that no productivity improvement in the build option eliminates. In that world, commodity horizontal tools are displaced or consolidated, while vertical platforms continue to command premium pricing for accumulated institutional value that cannot be replicated from a prompt.
Deferred disruption
In this path, security and maintenance costs slow substitution after an initial period of rapid experimentation. The Spring 2026 Veracode update found vulnerability rates flat across most model families despite vendor claims. If that pattern holds, organizations building AI-generated tools to displace SaaS subscriptions are accumulating compounding liability that will surface in audits, regulatory reviews, and incidents over the following years (Veracode, 2025; Veracode, 2026). Waseem et al. (2025) document that the technical debt accumulated through vibe coding workflows is largely invisible at the moment of construction and becomes visible when the organization attempts to maintain, extend, or audit what was built. This scenario does not assume the displacement pressure reverses; it assumes the full cost of building becomes clearer as organizations encounter the consequences, moderating the pace of substitution in categories where security and compliance requirements are material.
The indicators as to which path is unfolding are observable in sources this essay has already drawn on. Agentforce ARR growth rates and Salesforce’s seat count trajectory will indicate whether incumbent adaptation is generating net new revenue or merely substituting for existing revenue at a different price point. The LeadDev annual engineering leadership survey will continue to track junior hiring trends, a proxy for whether organizations are investing in the governance capacity required to sustain AI-generated code over time. Stanford HAI’s inference cost and open-weight model benchmarks will indicate how quickly the build option becomes accessible beyond technically sophisticated organizations. The Georgia Tech Vibe Security Radar’s CVE attribution data will indicate whether the security ceiling is rising, holding, or closing; the project recorded 35 confirmed cases in March 2026 alone, with researchers estimating the true count at five to ten times that figure across public repositories (Cloud Security Alliance Labs, 2026b). These indicators should reveal whether substitution is accelerating, stalling, or being absorbed by incumbent platforms.
Implications
The SaaSpocalypse repriced expectations before the market structure had fully changed. The per-seat licensing model is under genuine pressure in a specific segment, the single-function, mid-tier SaaS tools where AI can replicate the core workflow without replicating the integration complexity that protects enterprise platforms. That pressure is already producing observable behavior changes. The build-versus-buy calculus has shifted for a measurable population of organizations, and it has shifted in the direction of building for tool categories that a year ago would have been straightforwardly purchased.
Tools embedded in organizational data infrastructure, compliance frameworks, or cross-functional workflow dependencies still carry substantial replacement costs. The governance, security, and maintainability requirements of enterprise software create a cost floor that vibe-coded alternatives have not demonstrated the ability to meet at scale. Until AI-generated code can be reliably audited, maintained, and secured without substantial expert oversight, commercial SaaS products that carry those properties as defaults retain a total cost of ownership advantage that does not appear in the initial comparison.
Two responses are already taking shape. SaaS incumbents are repositioning themselves as AI orchestration platforms rather than collections of human-facing tools and reorienting their pricing toward outcome-based or usage-based models rather than per-seat counts. The mid-tier, single-function segment will continue to face attrition from organizations that can absorb the development and maintenance burden. Both trends were underway before February 2026; the SaaSpocalypse compressed the timeline.
The remaining uncertainty concerns the security and maintainability of AI-generated software at production scale. The current evidence is not encouraging: 45% vulnerability rates that persist across most model families, with only OpenAI’s GPT-5 series showing substantial improvement as of late 2025; a tenfold surge in security findings at organizations deploying AI-generated code at scale; and a consistent gap between the code that runs without visible errors and the code that performs adequately under adversarial conditions. An organization that builds a functional vibe-coded replacement for a $600-per-month workflow tool over a weekend has not necessarily reduced its total software cost. It may simply have pushed part of that cost into technical debt that will surface at the first security audit, the first compliance review, or the first time the original builder leaves the company.
The SaaS market will not return to the per-seat growth assumptions that priced software companies at twenty to thirty times revenue. Agents, vibe coding, and the falling cost of building software have permanently changed the build-versus-buy equilibrium for a substantial part of the market. The scale of the disruption will depend on the size of the exposed middle and the durability of the protections surrounding integrated enterprise platforms.
Note on Security Sources
The Cloud Security Alliance Labs citations in this paper (2026a and 2026b) are community research notes produced by the CSA AI Safety Initiative working group and published under the CSA Lab Space umbrella. They are not peer-reviewed publications. The underlying primary data attributed in those notes, from Veracode, Apiiro, Tenzai, Escape.tech, and Georgia Tech’s Vibe Security Radar, should be consulted directly where possible. The Veracode 2025 GenAI Code Security Report and its Spring 2026 update are directly cited in this paper and are independently accessible. The Tenzai, Escape.tech, and Apiiro datasets do not appear to be available as standalone publications at time of writing.
References
Ahmed, S. I. (2026, February 4). Dip-buyers go missing as software selloff slams stocks. Reuters. https://www.reuters.com/business/dip-buyers-go-missing-software-selloff-slams-stocks-2026-02-04/
Bain & Company. (2025, September 23). Will agentic AI disrupt SaaS? Bain & Company. https://www.bain.com/insights/will-agentic-ai-disrupt-saas-technology-report-2025/
Cirra. (2026, March 8). SaaSpocalypse explained: AI agents & SaaS market impact. Cirra.ai. https://cirra.ai/articles/saaspocalypse-ai-agents-saas-market-impact
Cloud Security Alliance Labs. (2026a, March 31). CSA research note: AI-generated code security – vibe coding, credential sprawl, and SDLC debt [Community research note]. Cloud Security Alliance Lab Space. https://labs.cloudsecurityalliance.org/research/csa-research-note-ai-generated-code-security-vibe-coding-202/
Cloud Security Alliance Labs. (2026b, April 4). CSA research note: AI-generated code vulnerability surge 2026 [Community research note]. Cloud Security Alliance Lab Space. https://labs.cloudsecurityalliance.org/research/csa-research-note-ai-generated-code-vulnerability-surge-2026/
CX Today. (2024, December 12). Klarna didn’t replace Salesforce & Workday with AI; it replaced them with alternative SaaS apps. CX Today. https://www.cxtoday.com/crm/klarna-didnt-replace-salesforce-it-replaced-them-with-alternative-saas-apps/
Darrow, K. (2026, February 14). State of vibe coding in Feb 2026. Kristin Darrow. https://www.kristindarrow.com/insights/the-state-of-vibecoding-in-feb-2026
Deloitte. (2026, February 9). SaaS meets AI agents: Transforming budgets, customer experience, and workforce dynamics. Deloitte Insights. https://www.deloitte.com/us/en/insights/industry/technology/technology-media-and-telecom-predictions/2026/saas-ai-agents.html
Engineering.com. (2026, March 30). Klarna dropped Salesforce, but that doesn’t mean AI replaces PLM. Engineering.com. https://www.engineering.com/klarna-dropped-salesforce-but-that-doesnt-mean-ai-replaces-plm/
FinancialContent. (2026, March 30). The SaaSpocalypse of 2026: How generative AI broke the software growth engine [via MarketMinute]. FinancialContent. https://markets.financialcontent.com/stocks/article/marketminute-2026-3-30-the-saaspocalypse-of-2026-how-generative-ai-broke-the-software-growth-engine
IBM. (2025). What is vibe coding? IBM Think. https://www.ibm.com/think/topics/vibe-coding
Karpathy, A. (2025, February 2). Vibe coding [Post]. X (formerly Twitter). [Retrieved via IBM, 2025, and Sarkar & Drosos, 2025]
LeadDev. (2025). Engineering leadership report 2025. LeadDev. https://leaddev.com/the-engineering-leadership-report-2025
Masoni, D. (2026, February 4). Global software stocks hit by Anthropic wake-up call on AI disruption. Reuters. https://www.reuters.com/business/media-telecom/global-software-stocks-hit-by-anthropic-wake-up-call-ai-disruption-2026-02-04/
Mehta, I. (2025, March 6). A quarter of startups in YC’s current cohort have codebases that are almost entirely AI-generated. TechCrunch. https://techcrunch.com/2025/03/06/a-quarter-of-startups-in-ycs-current-cohort-have-codebases-that-are-almost-entirely-ai-generated
Mills, M. (2026, January 30). Anthropic bolsters enterprise offerings with Cowork plugins. Axios. https://www.axios.com/2026/01/30/ai-anthropic-enterprise-claude
Mukherjee, S., & Wang, E. (2025, September 10). Sweden’s Klarna shifts AI focus from cost cuts to growth. Reuters. https://www.reuters.com/business/swedens-klarna-shifts-ai-focus-cost-cuts-growth-2025-09-10/
Murray, B. (2026, March 11). The SaaSpocalypse: AI agents, vibe coding, and the changing economics of SaaS. The SaaS CFO. https://www.thesaascfo.com/the-saaspocalypse-ai-agents-vibe-coding-and-the-changing-economics-of-saas/
Odedina, D. (2026, February 4). Software stocks plunge $285B as Anthropic’s Claude enters legal automation. Techloy. https://www.techloy.com/software-stocks-plunge-285b-as-anthropics-claude-enters-legal-automation/
Ojstersek, G. (2025, June 15). The state of engineering leadership in 2025 [Substack post]. Engineering Leadership. https://newsletter.eng-leadership.com/p/the-state-of-engineering-leadership
Salesforce, Inc. (2026a, February 25). Salesforce delivers record fourth quarter fiscal 2026 results [Press release]. https://investor.salesforce.com/news/news-details/2026/Salesforce-Delivers-Record-Fourth-Quarter-Fiscal-2026-Results/default.aspx
Salesforce, Inc. (2026b, May 27). Salesforce delivers record first quarter fiscal 2027 results [Press release]. https://www.salesforce.com/news/press-releases/2026/05/27/fy27-q1-earnings/
Sarkar, A., & Drosos, I. (2025). Vibe coding: Programming through conversation with artificial intelligence [Preprint]. arXiv. https://arxiv.org/abs/2506.23253
Stapleton, T. (2026, January 14). Vibe coding won’t kill SaaS [Substack post]. Signal to Noise. https://elfingrowth.substack.com/p/vibe-coding-wont-kill-saas
Stanford University Human-Centered Artificial Intelligence. (2025). AI index report 2025. Stanford HAI. https://hai.stanford.edu/ai-index/2025-ai-index-report
Taft, D. K. (2026, February 10). Vibe coding is passé. Karpathy has a new name for the future of software. The New Stack. https://thenewstack.io/vibe-coding-is-passe/
Veracode. (2025). 2025 GenAI code security report. https://www.veracode.com/resources/analyst-reports/2025-genai-code-security-report/
Veracode. (2026, March). Spring 2026 GenAI code security update: Despite claims, AI models are still failing security. https://www.veracode.com/blog/spring-2026-genai-code-security/
Waseem, M., Ahmad, K., Kemell, K., Rasku, J., Lahti, S., Mäkelä, K., & Abrahamsson, P. (2025). Vibe coding in practice: Flow, technical debt, and guidelines for sustainable use [Preprint]. arXiv. https://arxiv.org/abs/2512.11922
Note: Readers wishing to verify the Karpathy source should consult the original tweet archived via the sources cited above, as direct social media posts may not persist. The Sarkar & Drosos (2025) arXiv preprint quotes Karpathy’s post directly and provides the canonical academic reference for its content.
