Amid the ‘SaaSpocalypse,’ CIOs and CTOs take a harder line with their vendors

And the core focus of her conversations with vendors is also evolving. In 2023, at the start of the generative AI boom, Driscoll would discuss a software provider’s AI roadmap, key milestones, and what an investment would look like for the provider of private-label and co-branded credit cards. But now, there’s far more focus around how platforms are designed, talks Driscoll describes as almost philosophical.

“The conversations are going a lot deeper into the architecture of the third-party solutions, where in the past, I’ve been more focused on the capacity, security, and data privacy,” says Driscoll.

Nice’s chief information officer, Hadas Reisbaum, says she plans to leave her core systems in place for software that’s deeply embedded in the customer relations management software provider’s infrastructure. But she would like to see vendors evolve their pricing models and move away from the per-seat fee structure that’s most prevalent across the software-as-a-service industry.

“I think the clock is ticking,” says Reisbaum, who anticipates that bigger pricing structure changes could occur within the next two to three quarters. “It will become more outcome-based,” she added, meaning organizations like Nice will pay for service based on measurable results.

Time is not on the side of major SaaS providers including Salesforce, SAP, Workday, and ServiceNow, whose shares have all tumbled by 30% or more since the beginning of 2026—far underperforming the Dow Jones Industrial Average’s drop of nearly 4%—a market downturn that’s been called the “SaaSpocalypse.” The thinking is that tools from AI startups like OpenAI and Anthropic can replicate SaaS products, which would eliminate the need for these more siloed tools. The proliferation of agentic AI adds another layer of pressure to the SaaS providers and their per-user fee structure.

“In the future, you have these AI agents that are crawling through the environment, where the AI agents are often doing tasks that are independent of the human being,” says Arun Chandrasekaran, an analyst at technology research firm Gartner. “And if they’re doing that, it does not make a lot of sense to tie the licenses to a human that’s doing the task.”

Even the buzzy, smaller AI startups may not be spared. Bread Financial works with upstarts like legal AI firm Harvey and AI content platform Jasper. But Driscoll says she could replace those vendor offerings as Bread Financial continues to develop its own agentic AI platform.

Charles Guillemet, CTO of cybersecurity firm Ledger, says that it could be theoretically possible to rebuild the business software Workday does, but it would require far more effort than it’s worth. “If another company disrupts them with AI, we might consider moving away,” says Guillemet, especially if the alternative is cheaper and offers a stronger performance. “But for now, there’s no reason to move.”

He sees two paths forward: the first is that the large language model makers, like OpenAI and Anthropic, are able to pour so many resources into developing their product offerings that compete with SaaS that it becomes nearly impossible for anyone else to compete. But the second, which Guillemet favors, is that the technology advancements from AI hyperscalers will plateau and that competition will shift toward optimizing the cost of delivering software.

Intuit CTO Alex Balazs says his conversations with vendors have changed in a similar manner to how Intuit, a SaaS provider through its business software platforms like TurboTax, has evolved its own questions about AI. “In the early days of this boom, it was like, ‘Okay, we’re going to create this agent, and then Salesforce creates this agent, and Workday creates an agent, and then our agents will talk to each other,’” says Balazs.

But the reality, according to Balazs, is that enterprises are discovering it is quite hard to get these unique SaaS-created agents to work together. He advocates for a more collaborative approach. “We want to make them expose their tools and skills, which for lack of a better word, is a new way of saying their API,” says Balazs. “It’s basically an AI API.”

Sagnik Nandy, the CTO at electronic-signature company Docusign, says he fields countless pitches from vendors but says his priorities are “dollar, people, time,” in that order. First, Nandy wants to know the upfront costs to sign a contract. From there, he asks questions about how many IT professionals are needed to implement a solution (vendors always provide a low estimate, Nandy says) and then seeks to understand how much time is needed before value can be unlocked and measured. 

Nandy says he’s especially wary of vendor pitches that may generate value for his team, but where shifts in processes could create more work elsewhere.

“A common pattern I sometimes see is that the CTO might get value, but the CIO’s work goes up,” says Nandy. “I don’t go for those kinds of pitches.”

John Kell

Send thoughts or suggestions to CIO Intelligence here.

NEWS PACKETS

Anthropic debuts “Project Glasswing.” Anthropic on Tuesday announced it is giving large technology and cybersecurity companies a preview version of Claude Mythos, its unreleased and most advanced model, through an initiative called “Project Glasswing.” It will allow companies including Amazon, CrowdStrike, Google, Apple, Microsoft, and Nvidia to use the preview version for defensive security work and then share those learnings with the broader industry. And while Anthropic says it doesn’t plan to make Mythos Preview generally available, Fortune reports it does eventually want to launch Mythos-class models at scale when new safeguards are in place.

Anthropic leaks its code; Mercor stung by data breach. Last week, Fortune and others reported that Anthropic accidentally leaked the source code for Claude Code, publicly exposing around 500,000 lines of code across 1,900 files. Anthropic said the release was caused by human error, not a security breach, and that no sensitive customer data or credentials were involved or exposed. But at Mercor, an AI startup whose customers include Anthropic and OpenAI, a security data breach was confirmed and may have exposed sensitive customer data. Mercor says it was “one of thousands of companies” affected by a supply-chain attack, which has been linked to the hacking group called TeamPCP. One of Mercor’s customers, Meta, has responded by pausing work with the three-year-old startup.

OpenAI, Anthropic separately announce acquisitions. As Anthropic and OpenAI gear up for likely debuts on the public markets later this year, each have recently inked a bolt-on acquisition over the past week. OpenAI has scooped up TBPN. The transaction value wasn’t disclosed, though the Wall Street Journal reports that the online talk show is profitable and generated around $5 million in revenue from advertising in 2025 and is on track to make more than $30 million in revenue this year. Anthropic, meanwhile, paid $400 million to buy biotech AI startup Coefficient Bio, according to the Information, aligning with the larger company’s increased focus to expand its life sciences offerings. Coefficient Bio was only launched eight months ago and its team of around 10 are expected to join Anthropic.

IT’s jobs market is looking dour amid threat from AI. All signs point to a challenging labor market for the technology industry, including a report last week from outplacement firm Challenger, Gray & Christmas, which said that technology sector job cuts were up more than 24% in March from the prior-year period. The industry cut more than 52,000 jobs in the first quarter of 2026. CompTIA, meanwhile, reviewed data from the U.S. Bureau of Labor Statistics and found that unemployment among technology professionals rose to 3.9% in March, up from 3.1% a year ago. The New York Times reporting on the topic cited research from Boston Consulting Group estimates that more than half of the jobs in the U.S. will be reshaped by AI over the next two to three years.

The fast-growing startup with just two employees, thanks to AI. Amid the broader industry concerns about the impact of AI on jobs, the Times published a feature focused on the telehealth startup Medvi, which produced $401 million in sales during its first full year of business in 2025 and is on track to grow its top line to $1.8 billion this year—all with only two employees. Founder Matthew Gallagher has only hired his brother to work at Medvi, using AI for customer service, to build the company website, and to create media for its ads. It hasn’t always been smooth and Gallagher acknowledges that Medvi isn’t an AI startup. But, “I did it with AI,” he told the Times.

ADOPTION CURVE

As AI emerges as a cyber threat, budgets aren’t keeping pace. Half of senior security leaders say that at least one quarter of the cybersecurity incidents they experienced in the past year were enabled by AI, and yet, a majority (85%) who use AI in cybersecurity say their budget is not sufficient to meet those rising AI-enabled threats. Almost all (96%) of the 500 senior corporate security leaders surveyed by consulting firm EY say that AI-enabled cybersecurity attacks are a “significant” threat to their organization.

As organizations navigate these threats, they must contend with three key trends, according to Ganesh Devarajan, a cyber risk practice leader for EY Americas. He contends that cybersecurity leaders need to first acknowledge that as they place a bigger bet on agentic AI, the threat landscape has increased dramatically, while also acknowledging that defense systems offered by CrowdStrike, Palo Alto Networks, and other cyber firms tend to focus on their own ecosystems.

And lastly, as agentic AI matures, there’s still a large trust gap in cybersecurity governance. Only 20% of companies have embedded those frameworks into their organizational culture, the EY study reports. “In order for AI adoption to go up, we need to have trust,” says Devarajan. “The trust is going to be cybersecurity, plus explainability or traceability of what’s inside it, and then the governance and ethics that need to go with it.”

Courtesy of EY

JOBS RADAR

Hiring:

– Route 92 Medical is seeking a director of IT, based in San Mateo, California. Posted salary range: $235K-$255K/year.

– Vita Coco is seeking a VP of technology, based in New York. Posted salary range: $200K-$250K/year.

– Kern Energy is seeking an IT director, based in Bakersfield, California. Posted salary range: $188.7K-$213.8K/year.

Hired:

– Home Depot has appointed Franziska “Fran” Bell to serve as CTO, effective April 6, to lead technology, product management, data, and AI. Before joining the home improvement retailer, Bell served as chief data, AI, and analytics officer for automaker Ford. Prior to that, she served as SVP of digital technology at BP and held executive roles at Uber and Toyota.

– Workday promoted Gabe Monroy to the role of CTO, just seven months after he initially joined the business software company in August 2025 as a senior vice president. Previously, Monroy served as a VP at Google, chief product officer at DigitalOcean, and a VP at Microsoft.

– Dycom Industries named Regina Salazar as chief information and digital officer, effective April 6, to lead enterprise technology strategy for the provider of contracting services for the telecommunications and utility industries. Most recently, Salazar was chief digital and information officer at aluminum products maker Novelis. She also previously served as CIO of Whirlpool’s North America region.

– V2X named Mike Uster as CIO, effective immediately, to oversee the defense contractor’s IT strategy, enterprise systems, and digital transformation initiatives, with a focus on strengthening cybersecurity, and advancing AI capabilities. Most recently, Uster served as CIO, CTO, and SVP at defense firm ManTech. He also previously worked at Northrop Grumman, Lockheed Martin Skunk Works, and Rand Corporation.

– Verkada announced the appointment of Chris Stori as CIO, overseeing corporate IT strategy and business systems. Stori joins the security systems company from manufacturing startup Bright Machines, where he served as CEO. Before that, he spent 11 years at Cisco Systems, including as SVP and general manager of networking experiences. Stori also previously worked as a consultant at McKinsey.

– Crawford & Company appointed Jemin Thakkar as global CIO, reporting to the claims management company’s president and CEO, Bruce Swain. Previously, Thakkar served as chief information security officer at Crawford, a role he held since 2022. Prior to that, Thakkar was an executive director at Cox Communications and a group director at Coca-Cola.

– UserTesting named Neal Gottsacker as CTO, where he will lead the software company’s global research and development organization. Gottsacker joins UserTesting after three years of software consulting. Previously, he held senior technology roles at workflow automation software provider Nintex and as a VP at HP.

– ExtensisHR appointed Alan Missen as CIO. He joins the outsourcing company after most recently serving as CIO at healthcare software company PointClickCare. Missen also previously served as CIO at ELM Home & Building and FirstService Residential. He also previously worked at consulting giant PwC.

– Alteryx announced the appointment of Julie Irish as CIO, leading the software provider’s global IT organization. Most recently, Irish served as CIO at software vendor Couchbase, where she led IT, data, business technology, and security. Prior to Couchbase, Irish held senior technology leadership roles at New Relic and Harvard Business Publishing.