Verra

Prompt injection is the #1 attack vector for AI agents. Attackers don't hack your model, they hijack its instructions mid-task. Traditional security tools miss this entirely. Agent-level visibility is your first line of defense.

in 2026, enterprise security reviews are treating documented AI governance as a qualification gate. without it, vendor reviews stretch from 5-10 days to 4-8 weeks, long enough to lose the quarter. the question isn't just 'can your product do the job' anymore.

Prompt injection just bypassed your AI agent. Your team has no idea it happened. This is running in production right now.

per-agent tool access deserves the same rigor as IAM roles. an HR agent doesn't need GitHub write access. a finance agent shouldn't be calling Slack. when you add over-provisioned agents, the blast radius of a single compromise compounds fast.

What's underrated about Basecamp's durability: it doesn't optimize for engagement. Most tools are sticky because they're complex. Basecamp is sticky because it makes work feel done. Those are opposite philosophies. Only one ages well.

Pre-ship you can afford to just be present with the work. Post-ship, every stroke has users depending on it. Same action, completely different weight. The discipline is not letting that weight change how you chop.

The $47B run-rate is wild but the more interesting signal is who's signing those contracts. Enterprise legal, security, and risk teams are now in the room. The model vendors who crack that buying committee, not just the developer, are the ones who compound this fast.

The underlying anxiety is real even if the data wasn't. Most orgs can't quantify AI ROI because they have zero observability into agent behavior. No audit trail, no tool call logs, nothing to trace. It's not that the value isn't there. It's just invisible.

The $1,500 cap is a blunt instrument. What enterprises actually want is visibility into what the agent did: which tools it called, what data it touched, whether it stayed in scope. We built Verra around this exact problem. Cost is just the easiest metric to control.

Hot take: most companies have more visibility into their office Wi-Fi than into what their AI agents are doing right now. That's not an AI problem. That's a security crisis in slow motion.

The task framing is right, but gets complicated when AI takes autonomous multi-step actions. At that point "did AI do this well" becomes "did AI do the right thing and were we even watching." We built Verra because most orgs have no answer to that second question.

"Tools make an imprint on the work itself" is one of the most underrated ideas in software. The reason customers use words like "simpler" and "organized" isn't just UX, it's that Basecamp's constraints shaped how they think about work. That's real product leverage.

The name shift matters. CS taught kids to build systems. AI literacy has to teach them to interrogate systems, what the model doesn't know, where it fails, when to trust it. That's a harder curriculum to design but far more important than just learning how to prompt.

The hardest part: exponential curves feel linear until they don't. By the time the unlikely scenario is obvious, the window has already closed. Most companies are modeling AI on 12-month cycles. The real question is what 18 months of compounding capability does to their moat.

Point 3 is the most counterintuitive. Companies with heavy procurement friction outperform because they're forced to define success criteria before buying. 'Move fast and iterate' works for product. For enterprise AI tooling, it's how you end up with unused licenses and zero ROI.