The only moat is trust
By Victoria Zuo
For two decades, software investors obsessed over moats: network effects, data advantages, switching costs and distribution lock-in. The classic SaaS playbook was straightforward — build a product, accumulate customers, layer in switching costs and create something defensible enough that competitors couldn’t easily dislodge you.
That model is breaking. AI has compressed the cost of building software toward zero. Features that took a team of 10 engineers six months to ship can now be prototyped in a weekend. Anyone can build anything now, so the traditional sources of defensibility evaporate. One thing separates the companies that win from the ones that get copied into oblivion: Trust.
Why trust, why now
I spend most of my time investing in fintech at QED, which means I spend most of my time talking to founders who are building for industries where a single bad output can trigger a regulatory investigation, a lawsuit or a loss of customer funds. Financial services, insurance, healthcare — these aren’t industries where you can “move fast and break things.” These are industries where breaking things means someone’s mortgage gets denied, someone’s claim gets rejected or someone’s retirement savings get mishandled.
And yet, these are exactly the industries where AI is creating the most transformative opportunities. The biggest openings belong to the sectors least tolerant of mistakes. The companies winning in these spaces don’t have better models or more training data or stronger engineering teams. They have trust, built through years of careful execution. You can’t growth-hack trust — it compounds through thousands of small decisions, which is what makes it defensible. That trust shows up in three specific, unglamorous ways:
1. Speaking the language
There’s a difference between building “for” an industry and building “in” an industry. The “for” companies read the Wikipedia page on SEC regulations and add a compliance checkbox to their settings page. The “in” companies know that when a financial advisor says “RegBI documentation,” they’re talking about what keeps them up at night, what determines whether they can continue doing business.
Take Zocks, one of our recent AI-first portfolio companies at QED. Zocks builds AI-powered workflow automation for financial advisors. On the surface, you might look at its product and think: “AI meeting notes for finance people. Got it. Next.” You’d be making the same mistake that dozens of other startups in the space are making.
Zocks speaks the native language of wealth management. Its platform doesn’t just transcribe meetings, it understands the context of what’s being discussed because the team has obsessively mapped the taxonomy of financial advisory work. When an advisor mentions a Roth conversion ladder or a required minimum distribution, Zocks doesn’t just capture the words. It knows what those concepts mean for the advisor’s workflow, which compliance documentation needs to be generated, which CRM fields need to be updated and which follow-up actions are required.
This isn’t a feature you can bolt on. You can’t hire a “financial services consultant” for three months and understand the muscle memory of how a wealth management practice operates. That depth of domain knowledge comes from founders obsessed with the category, who chose financial advisors because they saw a real problem and couldn’t look away.
2. Ship fast but ship right. Don’t ship garbage
“Ship fast” is gospel. Shipping right is radical.
I’ve watched dozens of AI companies race to add features: checking boxes on comparison matrices, rushing to match competitors’ press releases, shipping half-baked functionality behind beta flags so they can claim feature parity. Most of the time, the features don’t work well. The customers try them, get burned, lose trust and that “sticky” enterprise contract looks a lot less sticky.
The companies that win play a different game. They don’t ship for shipping’s sake. Every feature is carefully considered, thoroughly tested and described to the customer with precision. No vaporware. No “it’s on the roadmap” when it’s barely in someone’s head. No demos of cherry-picked scenarios that fall apart in production.
Lorikeet, another QED portfolio company, is a case study in this approach. Lorikeet builds AI-powered customer support agents for complex, regulated industries like fintech and healthtech. The customer support AI space is, to put it charitably, crowded. Every week there’s a new startup claiming to “resolve 90 percent of tickets automatically” or “replace your entire support team.”
Lorikeet tells you exactly what its AI can and can’t do. It’s transparent about the boundaries of automated resolution. Its system uses granular permissions and dynamic gating. The AI knows when it’s in over its head and routes to a human rather than hallucinating a response that gets your customer’s account locked.
This sounds like table stakes. In practice, it’s rare. The incentive structure in startup land heavily favors exaggeration. Round sizes, ARR figures, capability claims – the game rewards the bold claim. Lorikeet’s founders, Steve Hind and Jamie Hall, have resisted that pull. Steve came from product leadership at Stripe and Watershed, environments where precision matters because you’re handling people’s money and compliance data. That operational DNA shows up in how Lorikeet builds: methodically, with precision, with deep respect for the stakes involved. The result? Revenue growing 10x year on year, with customers that include names like Airwallex and Linktree. Tell enterprise buyers the truth about what your product does and they’re more likely to buy it.
As an example, one of the most common chatbot errors lately is branded AI agents doing completely irrelevant work for customers (see below the viral Chipotle chatbot post). The consequence for Chipotle might just be a bad look and getting made fun of online (hey, maybe all publicity is good publicity for them), for a regulated company, it could be a fine or worse.
Comparison of how Chipotle’s AI agent (not powered by Lorikeet) responds to irrelevant queries vs. Lorikeet. These edge cases and guardrails are critical for regulated industries like financial services, healthcare, insurance etc.
Combine honest execution with deep domain expertise and your customers become your distribution channel. In financial services, logos beget logos. Airwallex processes billions in cross-border payments and trusts Lorikeet to interact with its customers. That’s not a logo you can buy with a free pilot and an aggressive sales team. Lorikeet earned it through demonstrated compliance capabilities, transparent performance metrics and patient relationship-building. Each proof point attracts the next customer, and each turn of the flywheel raises the bar for competitors who haven’t done the work.
3. Know when to say no
The hardest trust signal to fake is restraint. You see it in the feature held back because it wasn’t ready, the capability left unclaimed because you hadn’t validated it, the customer turned away because your product wasn’t the right fit.
In a market flooded with AI companies racing to ship, the companies that choose accuracy over speed and honesty over hype are building something their competitors can’t copy. Copying the technology is straightforward. Copying the discipline runs against startup culture.
Zocks and Lorikeet each operate in categories with dozens of competitors. They compete against well-funded companies with impressive teams and aggressive go-to-market motions. And they’re winning because they’ve earned something that can’t be replicated: the trust of customers who can’t afford to get it wrong.
What this means
If you’re building in a complex, regulated industry, this should be liberating. The moat is you: your commitment to understanding your customer’s world, your willingness to tell the truth about what your product does and doesn’t do and your patience in building something that earns trust rather than demands it.
My partner Amias recently wrote about nuance as a moat, and he’s right: you earn trust by demonstrating operationalized nuance. The founders who internalize that, who understand that their customer’s context is the product, are the ones building the next generation of durable companies.
Retire the “what’s your moat?” question. Replace it with: “When was the last time a customer told you something your product couldn’t do? And what did you do about it?”
That answer reveals more about defensibility than any TAM slide or competitive matrix. The new moat is trust. In a market moving this fast, betting on trust might be the most contrarian move left.
Hi! Interesting read. It's absolutely spot on considering the fact that critically regulated industries such as healthcare, financial services and legal, trust continues to be the major hurdle for adoption. This is important because guardrails are required with respect to bias, transparency and fairness. Moat does not mean technological defensibility but rather the ability to understand your customer's context and build your product with a focus of winning the customer's trust.
I write a blog in substack titled "The LegalTech Thesis" wherein I analyze LegalTech startups and identify opportunities for investment. Would love to get your thoughts on my post!
https://harshithviswanath.substack.com/p/three-legaltech-whitespace-plays?r=4y4gfu
this is the one that keeps getting validated. across the VC newsletters we track, the funds backing AI companies with real traction keep saying the same thing. thank you for the article!