Affiliation Disclosure:

The managing principal of Ridire Research is affiliated with a private investment fund that holds long positions in the securities discussed herein, which could influence the views expressed.

Disclaimer:

This publication is for educational and informational purposes only. Any performance referenced is illustrative and tracked on a per-article basis, not as part of a model portfolio or investment program. Nothing herein constitutes investment advice, a recommendation, or a solicitation. → Ridire Research Substack Disclaimer

Table of Contents

• Executive Summary

• Company Overview

• The Setup

• Causal Mechanism

• Timeline

• Key Risks

• Conclusion

• Special Mentions (Not Covered In Detail)

Executive Summary

Anthropic’s recent move into legal workflow tooling is a useful stress test for every “AI will eat SaaS” thesis. The headline isn’t that Claude got better at answering questions rather it’s that Anthropic is publishing workflow plugins that can execute real clerical/legal ops tasks, document review, NDA triage, compliance tracking, pushing the company up-stack from model supplier toward workflow owner.

That matters because it clarifies the shape of disruption:

• The most vulnerable incumbents are those whose moats are primarily UI, seats, and workflow convenience, especially where outputs are “good enough,” iteration is cheap, and switching costs are low.

• The least vulnerable incumbents are those embedded in deterministic, audited, regulated, or counterparty-mandated workflows, where an error cascades into lawsuits, regulator attention, or operational shutdown, and where “system-of-record” status matters more than model quality.

This piece is a nuanced response to the deterministic vs probabilistic framing that is becoming popular. The framing is directionally right, but incomplete. The real dividing line is not “AI can’t do deterministic tasks.” It’s that deterministic workflows have external accountability (auditability, provenance, liability, certification, and integration into other systems). In those contexts, AI becomes a feature and an accelerant rather than a wholesale replacement.

That’s the lens behind Don’t Get Fired Software, illustrated through two case studies here and supplemented by broader, well-covered examples at the end.

• Trend Micro (4704 JP): a cybersecurity control plane. The moat is embedded deployment, operational integration, and career risk, the security stack you don’t casually rip out when the downside of a bad transition is a breach and a board interrogation.

• ReposiTrak (TRAK): a compliance/traceability system-of-record in food supply chains. The moat is not “better UX.” It is mandatory network effects, retailers and wholesalers can force suppliers to comply through a particular rail, making participation a cost of doing business.

The implication is practical: AI lowers the cost of building software and compresses margins in “probabilistic productivity” layers, but it does not eliminate the willingness to pay for guardrails where the alternative is reputational and legal catastrophe.

Company Overview

Trend Micro (4704 JP): Cybersecurity as a Control Plane (and a Career Hedge)

Trend Micro is an incumbent cybersecurity vendor that has deliberately repositioned from “point products” into a platform control plane, unifying detection/response, exposure management, and multi-surface security operations. Its investor communications explicitly emphasize platform consolidation and platform-led growth, in other words: selling an operating layer rather than a single tool.

Why it qualifies as “don’t get fired” software:

• Security is not a normal ROI purchase. It is risk transfer. The buyer (CISO/CIO) is protecting the firm and themselves from tail outcomes. That changes switching behavior: transitions are slow, painful, and politically loaded.

• “Deterministic vs probabilistic” is a false binary in security. Threat detection is probabilistic by nature, but the workflow is deterministic: response playbooks, auditability, control coverage, and incident reporting expectations. It’s the workflow that buyers cannot risk breaking.

• AI is additive, not substitutive. AI can reduce analyst load and speed triage, but it also expands the attack surface and increases governance expectations (the organization must prove it is managing cyber risk, not merely buying tools).

Trend Micro also benefits from being a credible consolidator in a market where CISOs increasingly want fewer vendors and a tighter operational loop (alerts → response → reporting). This is exactly the category of software that tends to survive pricing model shifts (seats → usage/outcomes): you can change the meter, but you can’t opt out of the underlying need.

ReposiTrak (TRAK): Compliance and Traceability as a System-of-Record Network

ReposiTrak sits in a different, and arguably cleaner, “don’t get fired” lane: regulated compliance + counterparty mandates in food supply chains. It operates a traceability/compliance platform that functions as a system of record across retailers, wholesalers, and suppliers, where documentation, data standards, and audit readiness are the product.

Why it qualifies as “don’t get fired” software:

• It is compliance infrastructure, rather than discretionary workflow. The job is to produce clean, auditable traceability and compliance data that stands up under scrutiny.

• The moat is forced participation + network effects. Retailers are increasingly requiring traceability across broader sets of foods and earlier timelines than the government baseline meaning suppliers adopt because access to distribution depends on it. ReposiTrak’s own SEC filing explicitly describes retailer requirements like expanded traceability scope (“all foods”), additional electronic data elements, and accelerated deadlines.

• AI assistants don’t replace the rail. An LLM can draft an email or summarize a document; it cannot by itself create a trusted, standardized interchange between thousands of counterparties with data validation, audit trails, and operational integration.

ReposiTrak also leans into a practical reality: suppliers need interoperability (EDI compatibility, standardized capture, and translation of formats across trading partners). That’s “plumbing” work and it tends to be sticky.

The Setup

1) Anthropic’s legal plugin

The market reaction to Anthropic’s legal plugin is less important than the product direction. Anthropic is shipping workflow plugins (including legal) that handle tasks like contract review and compliance tracking, tools that historically lived inside vertical software suites or services-heavy platforms.

This is the broader pattern: foundation model providers are moving from model access to workflow ownership, because workflow ownership captures:

• distribution (where the user lives),

• data context (what the model can pull from),

• and economic rent (the part of value that is billable).

The “legal tech fray” is simply where the first public repricing happened.

2) Deterministic vs probabilistic is useful, but the better lens is external accountability

The deterministic/probabilistic split is a good first approximation:

• Probabilistic outputs (marketing, sales enablement, support, content, planning) allow iteration and tolerate “good enough.”

• Deterministic workflows (payroll, clinical, grid, compliance) punish errors.

But the nuance is this: many workflows are hybrids, probabilistic assistance inside deterministic guardrails. Security is the obvious example. Legal is another: a model can triage NDAs, but the organization still needs provenance, audit trails, and defensibility.

So the practical question for disruption isn’t “Can AI do the task?” It’s:

• Can AI own the system-of-record?

• Can it meet auditability and provenance requirements?

• Can it offer reliability and liability posture that enterprises will accept?

• Can it integrate into existing counterparty and regulator expectations?

Where those answers are “no,” disruption becomes feature-ization instead.

3) Cost of building software is falling, but distribution and trust are not

AI-assisted coding and agentic workflows are compressing the marginal cost of producing software and automating white-collar tasks. That pressure naturally flows into pricing. Seat-based pricing is already under strain, and consumption/outcome-based models are spreading, especially where AI automates away “seats.”

However, “software gets cheaper” is not the same as “customers stop paying.” In risk control planes, what customers are paying for is assurance: uptime, auditability, incident defensibility, and reduced tail risk. Those are not free simply because code is cheaper.

4) The regulatory floor moved, but counterparty enforcement is the ceiling

This is the most underappreciated nuance in ReposiTrak’s story.

The FDA’s Food Traceability Rule originally pointed toward a nearer-term compliance date, but FDA has proposed a compliance-date extension and Congress directed FDA not to enforce the rule prior to the extended date.

If you stop there, you might conclude the urgency is gone. But suppliers don’t work for the FDA; they work for their customers. Retailers and wholesalers can, and do, set requirements beyond the FDA baseline, including broader coverage (“all foods”) and earlier timelines. This is why ReposiTrak is “don’t get fired” software: the enforcement mechanism is commercial, not merely governmental.

5) Cybersecurity governance is now formal disclosure territory

In cybersecurity, the regulatory vector is not “install product X.” It’s that public companies must treat cyber risk as governance risk. The SEC’s rules require disclosure of material cybersecurity incidents (Form 8‑K Item 1.05) and disclosure around cybersecurity risk management and oversight. That drives demand for platforms that make risk observable, operational, and reportable. Again, control planes.

Causal Mechanism

The mechanism is the same in both names, but it expresses differently.

Shared mechanism: “Don’t get fired” budgets behave differently

• In discretionary SaaS, the buyer asks: “What’s the ROI?”

• In risk control planes, the buyer asks: “What’s the downside if this fails, and who gets blamed?”

That second question creates three structural advantages:

1. Budget priority: security/compliance survives cuts because the downside is existential.

2. Vendor stickiness: switching introduces new risk; incumbents become the “safe choice.”

3. Outcome defensibility: even if pricing shifts away from seats, vendors that can demonstrate risk reduction or audit readiness retain pricing power.

Trend Micro mechanism: threat velocity + governance pressure → platform consolidation

• Threat velocity is rising, and the operational burden on security teams is not linear. That pushes enterprises toward platform consolidation, fewer vendors, integrated telemetry, consistent policy and response.

• Governance expectations are rising (disclosure, board oversight), so security becomes more than detection; it becomes auditability and reporting.

• The “AI era” increases rather than reduces the need for security control planes, because AI expands software footprints, data flows, and attack surfaces.

• In fact Claude Code has become a cyber weapon itself:

Anthropic-style disruption here is constrained: an LLM can assist triage, but it does not replace endpoint telemetry, cloud workload coverage, policy enforcement, or response integration. In practice, AI becomes an embedded layer inside the incumbent platform, meaning the vendor that already owns the control plane is well positioned to capture the uplift. Trend Micro’s communications emphasize platform momentum and integration (the direction that matters for survivability under AI pressure).

ReposiTrak mechanism: counterparty mandates + regulatory complexity → forced network adoption

• The traceability/compliance problem is structurally a network problem. It only works when multiple parties exchange standardized data.

• Retailers are increasingly setting requirements that exceed the regulatory baseline (broader scope and earlier deadlines), creating forced adoption dynamics.

• ReposiTrak positions itself as the interchange layer: capture once, normalize/validate, deliver in the format each trading partner requires, in other words the “plumbing” that makes compliance operational.

Anthropic-style disruption is limited here too: an LLM can help interpret requirements or draft responses, but it does not replace the compliance system-of-record, the audit trail, or the counterparty rail. If anything, AI may accelerate adoption by making onboarding and exception handling cheaper, again benefiting the incumbent rail.

Timeline

1) Near-term: AI moves up-stack, markets reprice “workflow incumbents”

Anthropic’s workflow push is already prompting investors to ask which SaaS categories are “workflow wrappers” versus “systems-of-record with teeth.”

This repricing is often indiscriminate at first. That creates opportunities: “don’t get fired” names can get hit with the same multiple compression narrative even when their fundamentals are structurally protected. The investor job is to separate workflow convenience from operational control planes.

2) Cybersecurity: disclosure regime + consolidation cycle

SEC cyber disclosure and governance requirements increase the premium on platforms that support incident readiness, documentation, and defensibility. Concurrently, the market continues to push security consolidation. This favors vendors that can credibly offer a unified control plane and integrate AI capabilities without breaking reliability expectations.

3) Food traceability: the enforcement date may shift, but retailer enforcement persists

The FDA timeline has shifted in terms of enforcement posture. But retailer and wholesaler requirements are already pushing suppliers to operationalize traceability sooner, and often across broader product sets than the FDA’s list.

This creates a two-speed timeline:

• Commercial enforcement (retailers/wholesalers) drives adoption now.

• Regulatory enforcement extends the long tail and increases the “late majority” cohort later.

4) Pricing model shifts: seats → consumption/outcomes, and who wins

As AI automates labor, seats become a weaker billing unit. Consumption-based and outcome-based pricing becomes more common, and vendors must show value in concrete terms.

“Don’t get fired” vendors can adapt because they sell outcomes customers already care about:

• risk reduction,

• compliance readiness,

• auditability,

• faster incident containment,

• fewer recalls/exceptions.

Key Risks

Theme-level risks

1. Pricing pressure is real even for mission-critical software.
   AI lowers switching costs at the margin by making integration, customization, and migration easier. It also shifts procurement toward outcomes. “Never cut” doesn’t mean “never negotiate.”

2. AI-native workflows can commoditize layers around the system-of-record.
   Even if the core rail is sticky, some value can migrate to orchestration layers. The winner is often whoever controls distribution and the interface where decisions are made.

Trend Micro risks

• Platform competition intensifies. Large vendors can bundle security into broader suites and compress stand-alone pricing. Even with strong product positioning, the market can treat incumbents as “legacy” if they fail to anchor the platform narrative.

• AI changes the threat environment faster than vendor roadmaps. If attackers outpace defenses materially, buyer behavior can shift and procurement can rotate to perceived leaders.

• Perception risk. Cyber is a narrative sector. The market can punish “steady” names and reward “story” names even when fundamentals diverge.

(Note these are not unique to Trend Micro; they are endemic to cybersecurity as a market structure.)

ReposiTrak risks

• Regulatory slack can slow urgency at the margins. Even if retailer mandates drive adoption, some suppliers will procrastinate if enforcement is perceived as distant.

• Standards fragmentation. If the industry fractures into multiple incompatible traceability rails, network effects weaken. The counterpoint is that fragmentation is operationally painful, which is why consolidation is the natural endpoint.

• Execution and service risk. The “system-of-record” claim carries expectations: uptime, data integrity, onboarding throughput, and support quality. If the network is perceived as unreliable, it invites alternatives.

Conclusion

Anthropic’s legal plugin is a reminder that the application layer is no longer sacred. When a model provider can ship a workflow that does meaningful work review, triage, track compliance, incumbents built on interface convenience and seat economics should expect pressure.

But the right conclusion is not “AI eats all SaaS.” The right conclusion is:

• Probabilistic productivity layers (where iteration is cheap, switching is easy, and “good enough” works) will be commoditized fastest.

• Deterministic, externally accountable control planes (where auditability, provenance, integration, and liability dominate) will be disrupted differently: AI will be absorbed as a feature, and the system-of-record will remain sticky.

Trend Micro and ReposiTrak sit in that second category. They are don’t get fired software: the security stack you don’t casually replace, and the compliance rail you can’t opt out of when counterparties set the rules. Their moats are not code. Their moats are embeddedness, accountability, and the cost of being wrong. That’s the nuance response to the Anthropic moment: AI is absolutely compressing the marginal cost of software and reshaping pricing models, but it is not erasing the premium enterprises pay for guardrails when the downside is existential.

Special Mentions (Not Covered in Detail)

A few other companies clearly fit the “Don’t Get Fired Software” framework and reinforce the core nuance of this theme. We’re not covering them in depth here for a simple reason: they are already widely covered by the market or have been covered previously by us.

• Microsoft (MSFT)
  Microsoft’s security stack (Defender, Entra, Purview) has effectively become a default enterprise security control plane through bundling, distribution, and governance integration. This is well understood and heavily trafficked territory. AI enhances Microsoft’s position, but does not change the underlying control-plane logic.

• Palo Alto Networks (PANW)
  Palo Alto is the most obvious public-market example of the thesis: premium pricing justified by auditability, platform consolidation, and board-level defensibility. The market already treats PANW as a “safe” security incumbent.

• Digital Arts (2326 JP)
  Digital Arts represents the same dynamic in the Japanese market: deterministic security infrastructure embedded in regulated enterprises, education systems, and public institutions. Its durability stems from trust, certification, and institutional deployment depth. This name has been discussed previously here

Why they’re excluded here:
This piece is not meant to catalogue every beneficiary of the theme. The purpose is to clarify the mechanism:

AI disrupts probabilistic workflows first. It struggles to displace control planes where errors create legal, regulatory, or career-ending consequences.

MSFT, PANW, and Digital Arts already sit squarely in that category, and are priced, discussed, and understood as such. The incremental insight lies in identifying less obvious expressions of the same structural truth (TRAK, TrendMicro), not re-litigating the best-known examples.