In a rapidly evolving technology landscape, it’s easy to focus on features and releases in the short term. But the bigger question — one that defines long-term success — is how platforms adapt to deeper shifts in AI, identity, data, and the structure of SaaS itself.
We sat down with Matt Varblow, CTO of AdvantageCS, to talk about the forces shaping the next decade (and the bets that matter now).
Q: We’re at an inflection point with AI — from assistive tools to more autonomous systems. Where do you see that shift fundamentally changing platforms like ours? And what’s the next wave people aren’t preparing for yet?
Matt: We’re already seeing the first phase of AI, where it enhances specific features — recommendations, workflows, reporting, service interactions. That’s important, but it’s not the real shift. The more meaningful change is happening at the system level. AI is moving from something that supports decisions to something that increasingly participates in decisions: routing work, shaping customer journeys, identifying exceptions, recommending actions, and eventually orchestrating parts of the business process.
For subscription platforms, that matters because the complexity is already high. You’re dealing with customers, accounts, memberships, entitlements, renewals, billing, fulfillment, permissions, offers, exceptions, and integrations. AI can create enormous leverage across that lifecycle, but only if the platform has the structure to govern how decisions are made.
That’s the part I think many organizations are underestimating: the next wave isn’t just “more AI” — It’s governed decisioning. If an AI-assisted system recommends a renewal action, changes a customer journey, prioritizes an exception, or triggers a workflow, the platform needs to know why that happened, what data influenced it, what policy applied, and whether a person needs to review it. In other words, AI is going to expose the quality of the underlying platform. If your data is inconsistent, your permissions are unclear, your business rules are scattered, or your feedback loops are weak, AI will not magically simplify that. It will amplify the complexity.
So, the real opportunity is to turn that complexity into governed, reusable capability — decision models, policy boundaries, telemetry, auditability, and feedback loops that can be used again and again across the platform. That’s what separates AI as a feature from AI as part of the operating model.
Q: As platforms become more interconnected, and in some cases more autonomous, does cybersecurity shift from a defensive function to something more foundational?
Matt: I think it absolutely does. Security used to be thought of as something you layered on top - firewalls, controls, reviews, compliance frameworks. Today, and even more so going forward, it has to be designed into the platform from the start.
When you’re dealing with open systems — APIs, integrations, identity across multiple platforms, automated workflows, and AI-driven actions — you can’t separate “product” from “security.” The two are intertwined.
A big part of that is identity. Identity is no longer just about authentication. It becomes the control plane for the entire system: who can do what, in what context, under what conditions, and on whose behalf. And, as systems become more automated, identity has to cover more than human users. It has to account for services, integrations, background processes, and AI-assisted agents acting within defined authority. The platform needs a clear model for delegated action.
Customers should not have to assemble security after the fact. Strong identity, least-privilege access, logging, auditability, SSO, MFA, and secure configuration should be part of the base operating model. The platforms that earn trust will be the ones that take ownership of customer security outcomes, not just the ones that can pass an audit.
Q: Modern SaaS platforms are expected to be scalable, flexible, and reliable, but those goals don’t always align. Where is the industry still getting that balance wrong?
Matt: I think the biggest misconception is that you can maximize all three at the same time. True flexibility, especially deep customization, introduces complexity. And complexity has a direct impact on reliability, scalability, upgradeability, and cost.
As the industry has moved toward SaaS, there’s been a necessary shift toward standardization and more opinionated design. That’s what allows you to scale efficiently, improve reliability, and deliver change consistently. But standardization does not mean every customer becomes the same. That’s where I think the conversation often gets too simplistic. Clients have real, legitimate needs that don’t fit into a single model. The question is not whether you allow flexibility. The question is where flexibility belongs, how it is governed, and whether it becomes reusable capability or one-off exception.
For us, the approach is a strong, opinionated core combined with well-defined, governed extension points. The core should handle the things that should not be unique: identity, security, upgrades, observability, workflow primitives, data consistency, and operational controls. Extension points should allow meaningful differentiation where it actually matters.
The key word is "governed". Extension points need to be versioned, documented, observable, supportable, and compatible with the platform’s upgrade path. Otherwise, flexibility becomes another form of customization debt.
The industry sometimes leans too far in one direction, either trying to support everything — which becomes unmanageable — or locking things down so tightly that the platform cannot support real-world business models. The durable answer is not unlimited flexibility. It is disciplined extensibility.
The balance is difficult, and it’s ongoing.
Q: There’s a growing narrative around a “SaaSpocalypse”: too many platforms, too much overlap, rising costs. Do you see that as real? And what separates the platforms that endure?
Matt: I think there’s definitely a correction happening.
For a long time, the model was to adopt a wide range of specialized tools, best-in-class for each function. That worked when integration costs were lower, data expectations were simpler, and operational complexity was easier to absorb.
Now organizations are stepping back and asking, “Do we actually need all of this?” Cost is part of that, but it’s not only cost. It’s complexity. Every additional platform brings another data model, another identity model, another integration surface, another reporting challenge, another vendor relationship, and another place where business logic can fragment.
What I think you’ll see is a shift toward platforms that provide cohesion and depth rather than just breadth. The platforms that endure will be the ones that own critical layers like data, identity, workflow, entitlement, transaction history, and operational context.
In subscription businesses, that matters because the platform is not just a system of record. It is the system that understands the customer relationship over time: what someone bought, what they are entitled to, how they renew, how they engage, how they are serviced, and how exceptions are handled.
AI will accelerate this correction. If software starts doing more work on behalf of the business, then fragmented platforms become even more expensive. AI needs coherent data, consistent identity, governed workflows, and reliable feedback loops. Without that, automation just moves complexity around.
So the enduring platforms will be the ones that reduce complexity rather than add to it. They will provide a consistent operating model, reusable capabilities, and enough depth that clients can run more of their business without stitching together a dozen disconnected systems.
Q: If you fast-forward to 2030 and look back at today, what would need to be true for you to feel like you made the right bets as a CTO?
Matt: I think it comes down to whether we focused on the right foundational shifts. Did we invest in a model that scales — not just technically, but operationally? Did we position the platform to adapt as the industry changed, rather than chasing short-term trends? Did we make complexity easier to govern instead of simply adding more features around it?
For me, the test is whether we reduced the marginal cost of change.
Can clients launch new products without major platform reinvention? Can they integrate new channels without creating brittle one-off connections? Can they adopt new automation safely? Can they respond to regulatory, security, or market changes without every change becoming a custom project? That’s what resilience really means. It’s not just uptime — it’s the ability to absorb change without accumulating fragility.
Looking back from 2030, I’d want to see that we made the product more resilient, more cohesive, and more valuable to the organizations using it. I’d want to see that our clients can evolve their businesses without being constrained by our platform.
The benchmark is simple: did we simplify complexity for our clients, or did we add to it? The platforms that matter in the next decade will be the ones that turn complexity into governed, reusable capability.
Closing Thoughts
As subscription businesses face AI-driven change, evolving identity models, rising security expectations, increasing operational complexity, and pressure to rationalize SaaS portfolios, one theme becomes clear: the future will not be defined by feature volume alone. Instead, it will be defined by whether platforms can absorb complexity and convert it into reusable, governed capability.
For CTOs, the opportunity is to connect feature delivery with platform durability: building the capabilities clients need today while strengthening the foundation that allows them to keep changing — safely, efficiently, and without rebuilding from scratch every time the market moves.