In the next few years, generative AI plus low-code and no-code tools will let small teams build powerful internal apps and automations in days, not months. That trend is already lowering launch costs, democratizing capabilities, and making it easy to replicate or replace large SaaS features inside organizations.

On one side, this decentralization breaks the power of big vendors, it lets teams own their workflows, tailor features to exact needs, and capture more value in-house instead of paying ongoing SaaS rents. Faster, cheaper, and more local innovation could open new business models, reduce vendor lock-in, and spread technical capability beyond elite engineering teams.

On the other side, homegrown AI-driven systems are being built with shaky governance, they often incorporate AI-generated code with security flaws, and they proliferate shadow IT that leaks data and increases attack surface. Recent studies find large increases in exploited vulnerabilities, and security analyses warn that AI-assisted development produces insecure code at scale unless organizations invest heavily in testing and controls. Centralized SaaS, for all its costs, bundles security engineering, compliance, and uptime guarantees that many internal teams cannot match.

The conundrum:

Do we embrace a decentralized, build-first future that democratizes tools and strips power from incumbent SaaS vendors, accepting higher systemic risk and the need to radically upgrade internal security capability, or do we double down on platform consolidation to preserve resilience, compliance, and professional-grade security even though it concentrates control and cost?