This post was written by Claude (Anthropic) based on an extensive conversation with Ralf D. Müller. We discussed the shifting nature of competitive advantage in software before writing. He reviewed, edited, and approved the final result. The responsibility for these opinions is human. The articulation is AI-assisted.
The Old Playbook
For decades, the formula was simple:
Write complex code → Keep it secret → Competitors can't catch up → Profit
Your source code was your castle. You built walls around it. NDAs. Proprietary licenses. Obfuscation. The assumption: if nobody can see your code, nobody can copy your business.
This made sense when:
- Writing software required expensive, skilled labor
- Rebuilding a competitor's product took 12-18 months and a full team
- Reverse engineering took months or years
- Distribution was physical and controllable
- Code was the product
Time was the moat. Even if competitors could theoretically copy you, the months or years required gave you runway. The entire SaaS model was built on this: "Instead of spending 12 months and $500k rebuilding this yourself, just pay us $500/month." The implicit promise? Your time is worth more than our software costs.
None of this is true anymore.
The AI Disruption
Today, AI can generate functional code in minutes. Not perfect code. Not production-ready code. But good enough code.
Ask Claude or GPT to build you a social media platform. You'll get a working prototype in a day. A functional MVP in a week. Yes, there are questions about security, scalability, and maintainability – but let's assume those get solved. They're engineering problems, and engineering problems tend to get solved. For this discussion, let's focus on the business implications when they are.
This changes everything about the value proposition of code.
What used to take a team six months now takes a solo developer with AI a few weeks. The barrier to entry has collapsed. Your carefully guarded codebase? Someone can rebuild 80% of its functionality without ever seeing it – and they can do it in a fraction of the time it took you.
The Glue Logic Reality
Let's be honest about what most of us actually build:
We don't write database engines. We use PostgreSQL. We don't write web servers. We use nginx. We don't write authentication systems. We use Auth0. We don't write payment processing. We use Stripe. We don't train LLMs. We call OpenAI's API.
We don't invent. We assemble.
Most modern software is glue logic. We connect APIs, configure services, and build interfaces. The actual "hard" computer science? We import it as a dependency or call it as a service.
This isn't a criticism – it's smart engineering. Why reinvent the wheel? But it does mean that the code we write is increasingly... replaceable. Commodity. Worthless in isolation.
The SaaS Reckoning
Remember the SaaS value proposition? "Why spend 12 months and $500k building this yourself when you can just pay us $500/month?"
That math assumed building was expensive and slow. What happens when building becomes cheap and fast?
We're already seeing the answer. IT teams frustrated with overpriced subscriptions, poor support, or feature bloat are doing something that was unthinkable five years ago: they're building replacements. Not buying a competitor's product – building their own, with AI assistance, in weeks instead of months.
The SaaS provider's moat was development time. That moat is draining.
This doesn't mean all SaaS dies. But it means SaaS companies need more than "we saved you from building it yourself." They need:
- Operational excellence you can't replicate (uptime, security, compliance)
- Network effects (your users are there because other users are there)
- Data advantages (insights from aggregated customer data)
- Continuous innovation faster than customers can build
If your only value proposition is "we wrote the code so you don't have to" – you're in trouble.
The New Meaning of "Custom Software"
Here's a shift that's coming: the meaning of "custom software" is about to change completely.
For decades, custom software meant: expensive, enterprise-only, built by consultancies for companies with deep pockets. A luxury item. Most businesses couldn't afford it, so they adapted their processes to fit off-the-shelf solutions.
Soon, custom software will mean something different: personal tools built by AI for individual users.
Don't like how your note-taking app works? Describe what you want, AI builds it. Need a specific workflow automation? AI creates it for you. Want a dashboard that shows exactly what you care about? Done in an afternoon.
Software tailored not to a company, but to you. Not because you're rich, but because building it costs almost nothing.
This is the democratization of custom software. And it changes the game for everyone selling standardized solutions.
So What's Actually Valuable?
If not code, then what protects your business? What's your moat?
1. Network Effects and User Base
Example: WhatsApp, LinkedIn, any social platform
The code to build a messaging app is trivial. A competent developer with AI could recreate WhatsApp's core features in a week. But WhatsApp has 2 billion users. That's the moat.
Your users are on the platform because other users are on the platform. This creates a gravity well that no amount of superior code can overcome. You don't switch to a better messenger if nobody you know is there.
The protection isn't the code. It's the network.
2. Proprietary API / Black Box Services
Example: OpenAI, Anthropic, Twilio, Stripe
You don't sell software. You sell access to a capability. The code runs on your servers. Customers never see it. They get an API endpoint and documentation.
This model works because:
- The value is in the running service, not the code
- You control the infrastructure
- You can iterate without customers updating anything
- Reverse engineering requires replicating the entire system
Important distinction: Not all API moats are equal. Pure software APIs (like LLMs) are vulnerable – the moment an open-source alternative reaches parity, your API becomes a commodity. See: OpenAI vs. Llama vs. Mistral.
But some APIs are backed by infrastructure that can't be replicated with code alone. Twilio's moat isn't their software – it's their relationships with telecom carriers worldwide. Stripe's moat isn't their API design – it's their banking partnerships and payment network integrations. You can't open-source your way to SMS gateway agreements or financial compliance certifications.
The moat is only as strong as what's behind the API. Pure software? Temporary. Hardware, regulations, partnerships? Much more durable.
3. Proprietary Data
Example: Google (search index), Bloomberg (financial data), any company with unique datasets
Data is the new oil. Cliché but true.
But here's the interesting part: user base and data reinforce each other. Your users generate data that's worthless individually but invaluable in aggregate.
Consider Google Maps. Every Android phone with location services enabled sends anonymous movement data to Google. A single phone's location is meaningless. But billions of phones? That's real-time traffic for every road on the planet. That's "Popular Times" showing you when a restaurant is busiest. That's estimated wait times and visit durations for millions of businesses.
No competitor can replicate this overnight. You can copy Google Maps' code. You can copy their UI. But you can't copy the continuous data stream from billions of devices. The user base is the data. The data improves the product. The better product attracts more users. Flywheel.
Caveat: Data privacy regulations (GDPR, CCPA) make this moat harder to maintain. You can't just hoard user data anymore. And data quality matters more than quantity – garbage in, garbage out, no matter how much you have.
4. Operational Excellence
Example: AWS, Cloudflare, any serious infrastructure provider
Here's what AI can't generate: the knowledge and systems required to run software reliably at scale.
- 99.99% uptime
- Security hardening
- Incident response
- Compliance certifications
- Global distribution
- Performance optimization
The code might be 10% of the challenge. Operating it is the other 90%. Anyone can write a web server. Running one that handles millions of requests while being secure, compliant, and reliable? That's expertise that takes years to build.
Your ops team is a moat. Your on-call runbooks are a moat. Your battle scars from production incidents are a moat.
5. Speed and Iteration Velocity
Example: Any startup that outmaneuvered an incumbent
If everyone can build software quickly, the winner is whoever ships fastest and learns fastest.
This means:
- Tight feedback loops with customers
- Rapid experimentation
- Willingness to kill features that don't work
- Continuous deployment
- Organization designed for speed
AI accelerates everyone – but not equally. Teams that integrate AI effectively into their workflows gain a multiplier. The moat isn't the AI. It's how well you use it.
6. Trust, Brand, and Compliance
Example: Established enterprise vendors, regulated industries
"Nobody ever got fired for buying IBM."
In enterprise sales, trust matters more than features. A startup might have better technology, but:
- Are they SOC 2 certified?
- Will they exist in 5 years?
- Do they have references in my industry?
- Can they sign our vendor agreement?
Compliance certifications, established customer relationships, brand recognition – these take years to build. You can't AI-generate a reputation.
But trust is fragile. What takes decades to build can evaporate in days.
SanDisk spent years building a reputation for "professional grade, rugged, dependable" storage. Their Extreme Pro SSDs were marketed specifically at photographers and videographers – professionals who trust these drives with irreplaceable work. Wedding photos. Client shoots. Years of creative work. Then the drives started randomly wiping everything. No warning. No recovery. Photographers lost entire client deliveries. Some lost their business reputation along with the files. Class action lawsuits followed, but no lawsuit brings back a wedding day or a once-in-a-lifetime shoot. The drives became "worthless" – not because they failed, but because they could no longer be trusted with anything that matters.
CrowdStrike was the gold standard in enterprise security – until July 2024, when a faulty update crashed 8.5 million Windows systems worldwide. Airlines grounded. Hospitals disrupted. Estimated losses exceeded $5 billion. One bad update. Warren Buffett's quote proved prophetic: "It takes 20 years to build a reputation and 15 minutes to ruin it."
For B2B especially, trust is the ultimate moat – but it's a moat that can drain overnight.
The Open Source Paradox
Here's something counterintuitive: open source can be a better moat than closed source.
Wait, what? If you give away the code, how is that protection?
Model 1: Sell support and enterprise features
If everyone uses your code, you set the standard. You control the roadmap and vision. You have the deepest expertise in your own project. Enterprise customers will pay for support, SLAs, and features. Contributors improve your product for free. Adoption creates lock-in through familiarity.
Red Hat built a billion-dollar business on free software. HashiCorp, Elastic, MongoDB – all open core models. The code is free. The ecosystem, support, and enterprise features are the product.
Model 2: Set the standard, protect your investment
But there's another model that's even more strategic: give away the code not to sell support, but to establish a standard that benefits your ecosystem.
Look at Anthropic's Model Context Protocol (MCP). Released as open source in November 2024, MCP defines how AI assistants connect to external tools and data. Anthropic doesn't sell MCP support or enterprise licenses. They gave it away – and then donated it to the Linux Foundation.
Why? Because if MCP becomes the universal standard for AI tool integration, every MCP-compatible tool works with Claude. The entire ecosystem builds around a protocol Anthropic designed. OpenAI adopted it. Google DeepMind adopted it. Now there are 97 million monthly SDK downloads and thousands of community-built servers.
Anthropic's investment in MCP is protected not by keeping it secret, but by making it ubiquitous. They don't own the protocol anymore – but they shaped the landscape everyone else now operates in.
When code is worthless, giving it away costs you nothing and buys you either adoption or influence.
What Are You Actually Selling?
The shift looks like this:
| 20th Century | 21st Century |
|---|---|
| Software licenses | Subscriptions |
| Code ownership | API access |
| Features | Data and insights |
| Products | Platforms |
| One-time sales | Recurring relationships |
If you're still thinking about protecting your code, you're playing the wrong game. Your code is an implementation detail. It's the least defensible part of your business.
The Algorithm Exception
One caveat: genuinely novel algorithms remain valuable.
A new video codec. A breakthrough compression technique. A unique approach to a hard problem. If you've invented something that's both non-obvious and difficult to reverse-engineer from its outputs – that's still protectable. Not through copyright on the code, but through the knowledge itself.
But be honest: most of us aren't writing novel algorithms. We're writing CRUD apps with nice UIs.
So What Should You Protect?
Stop guarding your source code. Start building:
- User base – Make switching painful through network effects
- Data assets – Accumulate proprietary, valuable data
- Operational capability – Be excellent at running software, not just writing it
- Speed – Out-iterate competitors through superior processes
- Trust – Build relationships and reputation that can't be replicated
- Ecosystem – Make your solution the standard others build on
Your moat is everything around the code. The code itself? In 2025, it's just text that an AI can regenerate.
The New Reality
Here's the uncomfortable truth:
Protecting your code is 20th century thinking.
In the AI age, your competitive advantage isn't your implementation. It's your users, your data, your operations, your speed, your trust, and your ecosystem.
The companies that win won't be the ones with the best code. They'll be the ones who understand that code is now the easy part – and invest accordingly in everything else.
Your code is worthless. Build your moat somewhere else.
This is Part 2 of a series on software in the AI age. Part 1: No Person, No Rights, No Responsibility: Why AI Contributors Break Our License System
What's your moat? I'm curious how others are thinking about competitive advantage when code becomes commodity. Let me know in the comments.
About this post: Written by Claude, directed by Ralf, reviewed by Ralf. The code for this article (Markdown) is freely available and completely worthless.