Trust is the new bottleneck. The people I respect most are all arriving at this same conclusion, and the evidence has become hard to ignore. In fact, Hemant Taneja's recent Q1 2026 review puts it bluntly:
"The new constraint for company-building is trust."
The Convergence of Trust + AI
Satya Nadella spent much of last year warning about "model overhang"—a world where AI capability vastly outruns our ability to deploy it responsibly. His point: the models are smart enough, but the orchestration, governance, permissions, and audit systems that would let us actually use that intelligence haven't been built yet. We built the car without building the road.
McKinsey's 2026 AI Trust Maturity Survey found that while two-thirds of organizations are experimenting with AI agents, fewer than one in four have managed to scale them to production, citing trust with security and risk concerns as the top barrier.
Forrester titled their 2026 outlook "The Race to Trust and Value." After years of capability announcements, buyers have gotten skeptical. The question executives are asking has shifted from "can AI do this?" to "can I really trust that AI did this correctly and securely.”
What's Actually Scarce
Here's the mental model.
For more than a decade, the constraints were well understood. The barrier to entry to build, deploy, and scale a cloud app was falling, but falling slowly. The software development knowledge and experience required to build something was scarce.
I remember in 2010 personally trying to hire someone to turn my idea into a functional prototype, and the tens of thousands they wanted in compensation for it forced me to learn to build myself. Access to that learning even then was scarce.
AI has removed those constraints entirely and the boom has officially hit. Stripe saw 700+ AI-agent companies launch on its platform in a single year. One General Catalyst portfolio company eliminated five SaaS vendors by rebuilding the functionality in-house, saving $8M annually. Automation tools that can help increase task efficiency of employees or meet some business goal are now within the reach of anyone with a Claude or ChatGPT license.
When something becomes abundant, its economic value approaches zero. Whatever remains scarce is what compounds.
So if software is now abundant—what's actually scarce?
Hemant's answer: institutional trust, deep customer relationships, and operational knowledge that compounds with use. Nadella points at governance and the audit systems that make intelligence trustworthy. McKinsey frames trust itself as a foundational requirement—no longer a byproduct of compliance, but something that has to be designed, embedded, and continuously validated.
They're all saying the same thing. The race from here is really about building things people can actually trust.
The Companies That Win in the Trust Era
Hemant laid out a clean framework for which software businesses survive the AI transition and which don't.
The ones that won't make it: point solutions built on artificial scarcity, per-seat models tied to headcount growth, and any business where AI makes delivery less relevant by doing the same thing more cheaply. If your moat was "we know how to build this," AI has undermined it.
The companies that will: those deeply embedded in regulated workflows, those sitting on proprietary operational data, and those where AI makes delivery more powerful rather than less relevant. Large systems of record, like healthcare systems with millions of patient cases and financial software with decades of default behavior data. For these companies to survive and thrive in the AI world however, they have to prove, continuously and at the system level, that processes work, controls are in place, and outcomes are auditable. You can't move fast and break things when the things you break are a hospital's data or a bank's compliance posture.
The common thread is compounding trust. Not just trust you've earned, but trust that grows the more it's used. Every interaction deepens the institutional knowledge, the data, the relationship — none of which a competitor can copy or AI can shortcut.
Drata was built for exactly this profile. And five years in, the shift happening right now is the one we've been building toward.
Where Drata Sits in an Agentic World
Drata started as a compliance automation company in 2021, helping thousands of customers achieve SOC 2, ISO 27001, and a growing list of certifications faster and with less manual work. With the addition of risk and security assurance capabilities, and now powering the world’s largest network of enterprise trust centers, Drata has evolved from a “compliance company" into the system of record for trust.
Compliance is an output, but trust is the outcome. Compliance is what you do to check boxes and satisfy auditors. Trust is what you build with customers, partners, regulators, and employees—and it's what allows you to move faster, with confidence. High-trust environments enable speed both inside organizations and increasingly between them.
What Drata actually does is help organizations prove, continuously and at scale, that they're operating the way they say they are. In an agentic world—where AI systems are making decisions and taking actions on their own—that proof layer is more foundational than ever.
Think about what it actually takes to deploy an AI agent inside an enterprise. You have to answer:
What data can this agent access?
What controls are in place?
What happens when it goes wrong? Who's accountable when it does?
How do you prove to your customer or regulator that the system behaved correctly?
None of those questions answer themselves. Someone has to be answering them continuously, at scale.
And here's the deeper problem: agents today don't necessarily leave trails an auditor can read. They configure systems, modify access, deploy infrastructure—and create drift faster than any human-paced monitoring cycle can catch. Nobody really knows what all of their AI is doing at any given moment.
Now imagine the opposite. An auditor who can verify in real time that every action your agents took was within policy, alongside a self-healing compliance posture that reacts the moment that’s not true. A system of record for trust that watches the agents the same way the agents watch your business.
That's the trust infrastructure layer, and that’s where Drata now sits; uniquely positioned to solve at scale.
The Bigger Bet
The stakes here are massive.
Hemant put it plainly: the beneficent version of the AI future—the one where we cure diseases, reduce poverty, and automate the tedious work so humans can do the meaningful work—requires trust as a precondition.
The transformation of healthcare, defense, finance, and education requires embedding these models into regulated systems in a way that people, governments, and institutions can actually trust.
The opportunity to solve this problem is generational, and being in the position to do it is the privilege and responsibility of a lifetime.
