An AI Agent Just Cloned Your CRM. Is Your EHR Next?
Why the $1 trillion SaaS selloff is missing the real story – and what the three-layer split between record, interaction, and memory means for every enterprise stack, especially healthcare.
Last week I wrote about the SaaS selloff. Since then, it’s only gotten worse. More than $1 trillion in software market value has been erased since January 28, according to S3 Partners. Hedge funds have made $24 billion shorting software stocks so far in 2026 – and they’re increasing the bet. The iShares Expanded Tech-Software ETF is down 21% year-to-date and 30% from its September peak. Intuit and DocuSign are each down more than 30% this year. Salesforce, Adobe, and ServiceNow have each shed more than 20%. Microsoft is down 15%. Jefferies coined it the “SaaSpocalypse.” I argued in my previous article that the market wasn’t panicking – it was repricing.
Since then, every analyst on Wall Street has weighed in. BofA says it’s overdone. BTIG says the sector might bounce but will “take a long time to repair and build a new base.” CNBC is running segments asking whether this is illogical panic or an actual SaaS apocalypse. The debate has settled into a comfortable binary: is SaaS dead, or is this a buying opportunity?
Both framings I believe miss the structural shift underneath.
A builder on X named Zain Hoda recently laid out the technical mechanism behind what’s happening, and it clicked with something I’ve been working through in my own research. His argument is sharp and, I think, largely correct: the system of record – the most defensible position in enterprise software for two decades – is collapsing. Not because the software is bad. Because the data is small.
Think about that for a second. Your entire Salesforce instance – every account, contact, opportunity, and activity for your whole company – probably fits in a few gigabytes. Your Jira history, every ticket ever created, is maybe a gigabyte. Your HubSpot, your Asana, your Monday boards, your Notion workspace: all of it together might be smaller than a single video file on your phone.
This never mattered when the only way to interact with the data was through the application’s interface. The data was small, but it was trapped. You had to log into Salesforce to see Salesforce data. The application and the data were fused together. That fusion was the moat.
AI agents break that fusion.
When you connect an agent to your CRM, your project management tool, your documentation – which is the entire point, you want it to help – the agent pulls the data. It needs context. It needs to understand your customers, your projects, your pipeline. The data is small. The API is permissive. Within minutes, the agent has a complete copy of everything.
Now you have a situation where the agent is the primary interaction layer – you talk to it, not to the software – and it’s sitting on a synchronized copy of your data. The system of record becomes a write endpoint. Data gets created there before being pulled into the agent’s context, where the actual work happens.
Some incumbents will try to fight this with rate limits and restricted API access. Hoda’s point here is devastating: if you rate-limit an agent too aggressively, it becomes useless. The whole reason you connected it was so it could help. And a sophisticated agent will just build a caching layer, pull what it can, store it locally, and sync periodically. The rate limits delay the inevitable by a few hours. Then the cache becomes the de facto system of record.
The system of record tried to protect itself and made itself irrelevant.
But most of the commentary stops here. And that’s where my ideas and his diverge.
Hoda’s argument ends with the question: “What’s your product now?” He suggests maybe governance is what’s left – permissions, audit trails, compliance. But then he dismisses it: “Governance is a feature, not a platform.”
I disagree. And I think this is where the real money is.
The enterprise world isn’t moving from “system of record” to “nothing.” It’s moving through a what I see as a three-layer separation that most people haven’t fully mapped yet. Think of it this way: we’ve spent twenty years conflating three things that are actually distinct – the system of record, the system of interaction, and what I’d call the system of memory.
The system of record is where data is created and stored. That’s your Salesforce, your Workday, your NetSuite. Hoda is right – this layer is being commoditized. When an agent can clone your entire database before your rate limiter kicks in, “we store your data” is not a moat.
The system of interaction is where work actually happens. This is rapidly becoming the agent layer. You talk to the agent. The agent orchestrates across your tools. The UI of any individual application becomes less relevant because the agent is the interface.
But the system of memory – the governed context layer that agents depend on to make decisions – that’s what I believe will be the new center of gravity.
An agent that has your data is not the same as an agent you can trust. Trust requires provenance: where did this data come from, when was it last verified, who touched it? It requires accountability chains so that when the agent makes a decision that costs you money, someone is on the hook. And it requires judgment boundaries – the rules that tell the agent when to stop, escalate, and document the miss instead of plowing ahead.
This isn’t a “feature.” This is the next platform. And the companies that own this layer – the governed memory supply chain – will be the next Salesforce and Workday. The ones that control provenance, audit trails, and trust infrastructure will extract more value than the ones that just stored the data.
The market is repricing the system of record. It hasn’t even begun to price the system of memory.
If you think this is abstract, look at healthcare.
Epic is arguably the most entrenched system of record in any industry. Hospitals have spent billions implementing it. Ripping it out is a multi-year, nine-figure project that most health systems won’t even contemplate. I used to joke when I was walking through a hospital that Epic is like the columns and beams that hold the building together. No one is going to just rip it out. And everyone assumes Epic’s moat is unbreachable. But apply Zain’s logic: a patient’s clinical record – labs, notes, imaging reports, medication history – is not large. It’s structured. And it’s increasingly API-accessible thanks to federal interoperability mandates under the 21st Century Cures Act and ONC’s certification requirements, which now require FHIR-based APIs and prohibit information blocking. As of January 2026, certified health IT must support USCDI v3 data using FHIR US Core profiles, and by July 2026, aligned networks must expose data via FHIR APIs in real time.
AI agents are already running through the pipes that regulators forced open. In January, both Anthropic and OpenAI launched dedicated healthcare platforms – Claude for Healthcare and ChatGPT Health – within days of each other at the J.P. Morgan Healthcare Conference. Anthropic’s offering isn’t theoretical. Claude now connects directly to the CMS Coverage Database, the ICD-10 coding system, and the National Provider Identifier Registry. It has FHIR-based data exchange capabilities, prior authorization review templates, and clinical trial protocol drafting. OpenAI’s platform is already being piloted at Cedars-Sinai, HCA Healthcare, and Baylor Scott & White.
The same dynamic is unfolding. The agent pulls the clinical data. It becomes the interaction layer – the clinician talks to the agent, not the EHR. The EHR starts looking like a write endpoint with a billing module attached.
But here’s what’s different about healthcare: the system of memory isn’t a nice-to-have governance layer. It’s life or death. When an AI agent recommends a treatment based on a patient’s history, someone needs to know where that lab value came from, when it was last verified, and whether it’s even from the right patient. When the agent’s recommendation leads to an adverse event, there has to be a clear chain of accountability. And somewhere in the workflow, the agent has to know when it’s out of its depth and hand off to a physician. Get any of that wrong, and you’re not losing a deal. You’re harming a patient.
Whoever figures out governed clinical memory – the trust infrastructure for healthcare AI – wins the next cycle of health IT. And the regulatory moats that people assume protect incumbents like Epic? They’re thinner than most investors realize. The interoperability rules that were designed to open up EHR data for patient access are now the exact same FHIR-based APIs that AI agents use to pull that data out. The Cures Act didn’t just create patient access. It created the plumbing for agent access.
Healthcare isn’t a sideshow to the SaaS repricing. It’s the sector where the system of memory argument matters most – because the cost of getting it wrong isn’t a lost deal or a compliance fine. It’s a patient outcome.
If you’re an investor, stop asking “which SaaS companies survive?” KeyBanc’s analysis already identified the most exposed companies – seat-based vendors without an anchor system of record. But even that framing understates the problem. The real question is who’s positioned to own the memory layer – the trust infrastructure that agents depend on. That’s the moat that matters now.
If you’re running an enterprise software stack, this is more urgent. You’re defending a position the market has already told you is losing value. The $1 trillion repricing isn’t a temporary panic. Reuters reported that the software sector’s selloff “failed to lure bargain hunters, with the dip-buying reflex that has rescued countless tech routs conspicuously absent.” That should tell you something.
The companies that survive aren’t the ones that store the data. They’re the ones that govern the context. The ones that can tell an agent not just what the data says, but whether the data should be trusted, who’s accountable when it’s wrong, and when the agent should stop and ask a human.
Jason Lemkin, the godfather of SaaS, wrote that this isn’t the death of SaaS – it’s the end of easy SaaS. I’d put it differently. It’s the end of confusing data custody with value creation. For twenty years, storing someone’s data in your database was enough. That era is over.
Rethink your moat. Rethink your stack. Rethink what “defensible” actually means when an agent can clone your entire competitive advantage in sixty seconds.
