Five nines and the SaaSpocalypse: Why credential security survives the AI reset

COMMENTARY: By now, we all know about the SaaSpocalypse, that fateful day in February when roughly $285 billion in SaaS market value evaporated in about 48 hours. The thesis behind the sell-off was simple: If AI agents can do the work of 10 people, why pay for 10 seats?

Every CEO I talk to is currently mulling over a version of the same question. Specifically, they’re wondering how quickly AI will change everything, and what parts of the existing infrastructure will survive.

[SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Read more Perspectives here.]

I run a venture-backed company in the credential security space, which means these questions reach me from two directions at once. There is the public market reaction, with its short-time horizon and its appetite for clean narratives. Then there’s the harder version every sophisticated investor is asking: What does AI actually do to your category?

It almost feels like we’re at an inflection point, a moment of truth-type milestone where companies must decide how to adapt. The closest analogy I can find for this is the dot-com era. Some of the largest companies from back then, the ones whose technology could not quickly evolve and whose pricing models did not adapt, no longer exist. Others found leverage in what they had and evolved, which enabled a generation of cloud-native companies to emerge underneath them.

The same pattern is playing out now, only faster, because the level of investment and the underlying technology have both stepped up an order of magnitude. AI is here and it’s going to change SaaS forever.

Thankfully, we can influence what happens next.

No margin for error

The broad brushstroke version of the SaaSpocalypse thesis, the one that says every sector of software is equally exposed, gets the picture wrong.

Cybersecurity is already showing real resilience. The idea that a single LLM release is going to replace what industry stalwarts and the broader security ecosystem do, at the level of availability and assurance enterprises require, does not survive contact with the actual buying conversation. The accuracy of these models is also not yet allowing us to trust them at the level required in cybersecurity.

Related reading:

Credential security is the part of that picture I can speak to most directly. AI is genuinely great at a lot of things: Working through complex problems, finding patterns in messy data, and generating code at speed. AI is not great at saying with absolute reliability: “I will never hand this secret off to something else. I will never expose it. I will never use it outside the task you authorized.”

For most things AI does, 95% accuracy is a remarkable result. In credential handling, 95% is a catastrophe. You need five nines. The privacy and integrity of an enterprise's credentials cannot be a probabilistic outcome.

Think about it the way you would think about an autonomous robot in your house. If it works 95% of the time but 5% of the time it flies around setting things on fire, that product is not going to ship. Credential handling sits in the same category.

Locking down agents

We’re now grappling with securing AI agents. Once you hand a credential to one, it can be reused, replayed, or misused with very little visibility or control, and the industry lacks a native way to scope, constrain, and audit what an agent is allowed to do on someone's behalf.

A useful first step is to recognize that AI agents fall into two distinct security models. Assisted agents operate with a human in the loop. Autonomous agents act independently, and they require a fundamentally different trust and authorization model. Treating these as one problem is a mistake.

For assisted agents, we already have a workable authentication pattern. Passkeys are a password-free way to access apps and websites and let the human authenticate while the agent never sees the underlying secret. The harder part is everything that comes after authentication. Preventing destructive or unintended actions, like an agent deleting an account or pushing the wrong wire transfer, is where the work still has to happen. The industry lacks fine-grained permissions and guardrails for that layer.

For autonomous agents, the gap is wider. We need a new trust model, and as an industry, we should converge through FIDO and W3C on a standard for scoped, auditable, agentic interactions.

Building this as an evolution of WebAuthn and passkeys is the most pragmatic path. Microsoft began auto-enabling passkey profiles across Entra ID in March. The phishable credential is on its way out of the equation, and that direction matters more, not less, as agents proliferate. Password managers have a real role here as the place where authentication and the resulting access tokens get bound to a specific agent and service under human governance.

Framing for the future

The last question I get asked is who builds the standards. My view is that this is going to be industry-led, working through bodies like FIDO and W3C.

The foundation model providers are at those tables. OpenAI joined FIDO because the problem is real for them, too. Government has a role, though that role is still largely being determined. In the end, industry domain experts are going to have to coordinate the framework, the SDKs and the procurement standards while the regulators catch up.

For the security leader asking what to do tomorrow, I would put three things at the top of the list:

Has the SaaSpocalypse altered everything in the credential security industry? Not exactly. While change is in the air, the SaaSpocalypse framing is useful only if it pushes us to ask whether the foundations of enterprise security get built into this transition or bolted on after the first major breach. The architecture is being decided right now.

Let’s make sure we choose wisely.