Appearance

← Back to Blog

From SaaS to "Work-as-a-Service": The AI-Native Pivot

·Atulai

From SaaS to "Work-as-a-Service": The AI-Native Pivot

Sell the Work, Not the Software: How AI Is Moving Value From Software to Services — and Who Captures It

For thirty years, the business of enterprise technology was selling tools and charging for seats. You bought the software; your people did the work. The bet underneath every SaaS valuation was that the work — the claims adjudication, the prior auth, the reconciliation, the scheduling, the documentation — would always be done by humans holding the tool and the no of users using your tool.

Agents break that bet. When software can do the work and not just organize it, the thing customers actually want to buy changes. They stop buying a faster way to do the task and start buying the task done. That is the real shift behind the noise: not "AI as a feature," but AI as the unit of value — work, sold as a service, running on infrastructure built for agents instead of menus and flashy UIs.

The clearest signal came from Y Combinator's Summer 2026 Request for Startups. The headline category wasn't an app. It was AI-native service companies: don't sell the software, sell the work itself — insurance, accounting, compliance, healthcare admin. The reasoning is blunt: those services markets dwarf SaaS by an order of magnitude. Right behind it sat Software for Agents — the argument that the next wave of internet "users" are agents, and every category needs to be rebuilt for them: APIs, MCPs, and CLIs instead of forms and dashboards. Put those two together and you have the thesis of this piece. The value is migrating from software to services, and it will be captured by whoever owns infrastructure that agents can actually operate.

1. What the agentic world actually looks like

Strip away the demos and an agentic operation is mundane in the best way. The labor-intensive, rules-bound, high-volume work — the stuff that today consumes armies of back-office staff — gets carried by agents. Humans move up the stack to judgment, exceptions, and the decisions that carry real consequence.

Healthcare is the sharpest illustration because it has the largest pool of exactly this work and the lowest tolerance for getting it wrong. Picture the realistic version, not the fantasy one: an agent handles registration, eligibility checks, prior authorization, claims submission, denial management, scheduling, and the first draft of clinical documentation. A clinician — or a billing lead, or a compliance officer — approves at the points where regulation, liability, or care quality demand a human signature. Every action the agent takes is permissioned, versioned, and reviewable from the moment it happens.

Notice what this is not. It is not "AI drives clinical judgment." In regulated domains, "end-to-end autonomous" is a liability claim, not a feature — it's frequently uninsurable and non-compliant. The companies winning healthcare AI right now are explicit about this: the durable design is physician-led, human-in-the-loop, with the AI doing the volume and the human owning the call. That's not a constraint to apologize for. It's the product. The defensible claim isn't the agent is reliable — no probabilistic system is. It's the agent's actions are survivable and auditable: when it gets something wrong, the system catches it, the version history shows the trail, and a human corrects it. In operational work, catchable beats rare.

That distinction — survivable and auditable, not autonomous and infallible — is the entire ballgame for serious domains. And it turns out to be an infrastructure problem.

2. The foundational building blocks of an agent-operable platform

The blocker for agents in finance, insurance, and healthcare was never "can the agent do the task." It's "can we let it, prove what it did, catch it when it's wrong, and show a regulator the trail." Answering that structurally — rather than bolting it on after the fact — requires a specific foundation. Five pieces:

A single system of record that both humans and agents act through. The moment agents get a parallel "backdoor" into the data, you've lost the audit trail and the trust that comes with it.

Uniform, self-describing metadata — every entity introspectable and queryable, so an agent can discover what exists and what it's allowed to touch without a hand-built wrapper for each case.

Native permissions, enforced at the system boundary, not left to the calling code. The agent should hit the same access controls a human would.

Native version history, so every write is a versioned, reversible record by default. This is what makes error recovery real instead of aspirational.

A real review surface — a UI where a human operator or auditor can see, approve, and reverse agent actions. This is a cockpit for operators and compliance, never the place end-users live.

And running across all of it: two API surfaces, not one. REST is the right protocol for developers writing integrations; MCP (Model Context Protocol) is the right protocol for agents calling tools. REST without MCP forces every agent team to build its own tool layer, auth, and scoping. MCP without solid REST underneath is a thin facade that shatters the moment an agent does something the wrapper didn't anticipate. You need both, over the same record, the same permissions, the same audit log — humans and agents entering through different doors into one house.

The hard, valuable part of this list is not the agent. It's the substrate. Anyone can put an MCP server over an app in a weekend. Almost no one can hand an agent permissioning, version history, and a compliant review surface that already existed before the agent showed up.

3. How you actually get there

Two roads. Build the substrate greenfield, or inherit it.

Build it yourself and you spend the first year of an "agent company" re-implementing audit logging, role-based access control, workflow state machines, and version history — the unglamorous plumbing that has nothing to do with your differentiation and everything to do with whether anyone will trust you in production. This is where most agent startups quietly burn their runway. The model is the easy part; the model is increasingly a commodity. The trust layer is the moat, and it's the part everyone underestimates.

Inherit it and the math inverts. Build on a stack whose data model, permission model, and workflow engine were already designed so any operator — human or agent — can do everything, and the reliable, auditable agent surface is dramatically cheaper and faster to reach. You skip straight to the work that's actually yours: the domain logic, the agent behavior, the customer outcome.

The asymmetry is measurable, and that's the point. An agent operating a metadata-driven system of record should produce fewer failed actions, fewer corrupt writes, and less human correction than the same agent improvising over a conventional database-backed app. If you can measure that gap, "agent-ready" stops being a brochure word and becomes an underwriteable advantage. If you can't, it's marketing.

There's a sharper way to say this: the team with the best harness wins, not the team with the best model. The harness is everything around the model — the tools it can call, the permissions that scope it, the context it's handed, the validation on its outputs, and the recovery loop that catches and reverses its mistakes. Two teams pointing the same frontier model at the same task will get wildly different results depending on the harness, and the model is the part they share. As models converge and commoditize, the harness is where durable advantage accumulates. And the harness is mostly substrate — which means the choice in this section, build versus inherit, is really a choice about whether you're hand-building your harness from scratch or standing on one that already exists.

4. Why incumbents are positioned to win — if they move

Here is the part of this shift that gets the least attention and matters the most: AI does not primarily threaten incumbent operators. It expands what they can sell.

The recent crop of SaaS earnings calls makes the case better than any vendor deck. The consistent themes from CEOs across the board: AI is expanding TAM by turning traditional services markets into things software can now serve directly. Waystar is openly pitching an "autonomous revenue cycle" aimed at a roughly $100-billion annual pool of revenue-cycle labor — money that was never a software line item before. Procore's reasoning engine is valuable precisely because it sits on a proprietary, dynamic dataset and a system of record competitors can't access. Health Catalyst's pitch is that generic AI can recite the literature, but only models trained on its eighteen years of cross-system clinical and operational data can tell a specific hospital what works for its specific case mix. The refrain underneath all of it: agents are only as good as the systems beneath them, and the model is the commodity while the data and the workflow layer are the durable advantage.

That's the incumbent's hand. Data accumulated over years. Distribution into accounts that are expensive to win. Partnerships, integrations, and compliance relationships that take years to build and can't be cloned by a six-month-old startup. The agent era doesn't erase that moat — it lets incumbents charge for the work their data and reach already entitle them to do.

The catch is that none of it converts unless the underlying stack is something agents can safely operate. An incumbent with twenty years of data behind a gated, agent-hostile API is sitting on an asset it can't deploy. Reach plus data plus partnerships is a winning position — but only on top of a substrate built for the new operator.

5. The fastest credible path for legacy operators: an open-source foundation

For an established operator, the instinct is to wait for the platform vendor to ship an "AI module." That's the slow road, and it surrenders the one thing that matters most in this transition: ownership and optionality.

The model layer is volatile. Token costs have fallen by orders of magnitude in a few years; the leading model swaps every few months; pricing is shifting from subscriptions to metered, usage-based billing as providers chase cost recovery. Anyone negotiating AI compute at scale today is learning the same lesson — preserve optionality, keep the door open to open-weight models, and recognize that the boring infrastructure work matters more than which model you pick this quarter. If your agent substrate is welded to one vendor's proprietary stack, you inherit their roadmap, their price increases, and their model choices.

An open-source foundation flips that. You own the code, the data, and the deployment. No per-user licensing to renegotiate as you scale agents across an organization. You host anywhere — cloud, on-premise, air-gapped — which is non-negotiable for regulated and government workloads. You stay model-agnostic, swapping the commodity layer without re-platforming the substrate. And critically, when the foundation is metadata-driven and standards-native, the agent surface, the audit trail, and the compliance perimeter are inherited, not built.

Optionality also unlocks the economics, and this is where token optimization stops being a tuning detail and becomes the business model. In Work-as-a-Service you're paid for the outcome, not the seat — so the inference an agent burns getting to that outcome is your cost of goods, and gross margin is whatever you don't spend on tokens. The trouble is that agents are expensive by nature: they don't do prompt-in, response-out, they loop, branch, and backtrack, often re-reading the same context dozens of times to complete one task. The margin lever is the harness, not the model. Routing routine sub-steps to small, cheap models and reserving a frontier model only for the genuinely hard calls. Caching and trimming context so the agent isn't re-paying to relearn what it already established three steps ago. Catching wrong actions early with tight evals, before a single bad write spirals into an expensive retry cascade. Two companies running the same workflow can have completely different unit economics because one has a harness that wrings the most done-work out of the fewest tokens. And when you control the substrate and stay model-agnostic — ideally with open weights in reach — that optimization is yours to capture, not a margin your model vendor keeps for itself. (It's also why YC named inference chips for agent workflows its own category: today's GPUs sit at 30–40% utilization on the loop-and-backtrack pattern agents actually run, and whoever closes that gap reshapes the cost floor for everyone selling agent work.)

For a legacy operator, open source isn't an ideological choice. It's the only way to enter the agent market on your own terms instead of someone else's.

6. The substrate for AI workers, already built

This is where the Fossible Stack stops being an abstraction. It is an open-source stack engineered so that every layer — engagement, operations, platform, clinical data, analytics — is agent-addressable by design, with both a full REST surface for developers and first-class MCP servers for agents.

Two agent surfaces do the work. Hydra MCP is the operational brain: it exposes the entire CareOps and ERP layer built on Frappe and ERPNext — patient operations, clinical orders, billing and revenue-cycle management, inventory, accounting, workflow execution, reporting, and any custom object a team builds in the low-code layer — as a structured, permissioned, auditable tool surface. Medplum MCP is the clinical brain: the full FHIR R4 resource tree as semantically described tools, with SMART-on-FHIR scopes, terminology validation against ICD-10, SNOMED-CT and LOINC, and FHIR AuditEvent generation enforced at the tool boundary rather than left to the calling code.

What makes this different from "an API over an app" is the thing section 2 said was hard. Every action an agent takes through Hydra MCP flows through the same role-based access control, the same workflow and approval chains, and the same audit log as a human action. There's no parallel agent path — one system of record, agents as participants in it. On the clinical side, the compliance perimeter (HIPAA, ABDM, NABH) is enforced by the tool layer, so an agent can be trusted with clinical reads and writes because the boundary doesn't depend on the model behaving. An agent resolving a billing dispute can identify the patient and pull the encounter through Medplum MCP, find the invoice and check authorization status through Hydra MCP, spot the missing diagnosis code that caused a denial, file a corrected claim through the same approval workflow a billing clerk would use, and leave a clinical-grade audit record on both sides — a workflow that's structurally hard on stacks where operations and clinical data live in separate systems, and the default mode here.

That is what "build AI workers" should mean in a serious domain: not an autonomous black box, but a worker whose every action is permissioned, versioned, and reviewable from day one — because the substrate was built that way before the agent arrived.

7. The future this points to

Returning to the picture from the start, the labor-intensive operational load of running a healthcare business — the claims, the prior auth, the scheduling, the documentation — carried by agents that act through a real system of record. Clinicians and operators elevated to judgment and exceptions, signing off where it counts. Every step on the record, catchable and reversible. Care that's better-coordinated not because a model is brilliant, but because the infrastructure beneath it makes trustworthy automation the default instead of a risk.

The honest version of this future is focused, not sprawling. Healthcare is where the substrate proves itself, because it has the most acute, most budgeted, most blocked-on-audit pain — and because Medplum MCP over a FHIR-native clinical layer is genuinely scarce ground that generalist agent-ops tools botch every time. That's the wedge: prove that an agent can operate trusted, reviewable clinical and operational work in one domain, with the error-recovery loop as the proof rather than the happy-path demo.

The expansion follows from the architecture. The audit, permission, and version model that makes healthcare safe is domain-agnostic — and Hydra MCP runs over Frappe and ERPNext, which already speak the language of operations across industries. So the same substrate that runs a hospital's revenue cycle extends to insurance back-office, lending operations, logistics, distribution, and the rest of the operations-heavy world. Not as the opening claim — as the reason a focused wedge is also a large company.

Software told you how to do the work. Services do the work for you. The companies that win the second era won't be the ones with the cleverest agent. They'll be the ones standing on a substrate agents can operate — owned, open, and auditable — and they'll have been building it long before the agents showed up.

References

  1. Y Combinator — Requests for Startups (Summer 2026): https://www.ycombinator.com/rfs
  2. Sammy Abdullah, Blossom Street Ventures — 5 Big Themes from SaaS Earnings Calls: https://blossomstreetventures.medium.com/5-big-themes-from-saas-earnings-calls-b29500dabaa8
  3. Sarah Sachs — Notes from Token Town: Negotiating for the Fortune 5 Million: https://www.linkedin.com/pulse/notes-from-token-town-negotiating-fortune-5m-sarah-sachs-mlshc/
  4. AI Token Economics: What Jensen Huang Is Really Building (Unlocked Value): https://unlockedvalue.substack.com/p/ai-token-economics
  5. Fossible Works — The Fossible Stack: The Inherently AI-Native Digital Health Foundation: https://www.fossibleworks.com/guide/stack

Digital Health & Cloud DevOps