๐Ÿ“š Chapter 8Part II: Where Value Accrues in the AI Era

The Vertical AI Moat Stack

Layer by layer: how defensibility compounds from domain expertise to switching cost.

TC
Trace Cohen
3x founder ยท 65+ investments ยท Author, The Value Add VC

Key Insight

Defensibility in vertical AI isn't a single advantage โ€” it's a stack of five overlapping layers that compound on each other. Domain expertise โ†’ workflow embedding โ†’ proprietary data โ†’ compliance infrastructure โ†’ switching cost. Each layer builds on the one below. A company with one or two layers is vulnerable. A company with all five is genuinely difficult to displace โ€” and that difficulty is exactly what you want to own as an investor.

5
Layers in the vertical AI moat stack
1โ€“2
Layers = vulnerable to competition
5
Layers = genuinely hard to displace
Years
Time to build all 5 layers (that's the point)

Why Single-Layer Moats Break

Most discussions of startup moats treat defensibility as a single thing: network effects, or data, or switching cost. The reality of durable vertical AI companies is that each layer of defensibility builds on the one beneath it, and the total switching cost is far larger than any individual layer would suggest.

A company with only domain expertise can be replicated by any team that hires from the same industry. A company with only workflow embedding can be displaced by a competitor who integrates the same APIs. A company with only proprietary data can face a well-funded entrant who buys their way into equivalent data through acquisition or licensing. It's the combination โ€” the stack โ€” that creates genuine defensibility.

The Five Layers, Explained

01
Domain Expertise
The founding team understands the industry at a level that takes years to acquire. They know what questions buyers actually ask, what regulatory constraints actually bind, what failure modes actually occur. A generalist AI applied to their domain would make mistakes that an expert immediately recognizes as disqualifying. This is the foundation layer โ€” without it, the rest doesn't compound.
02
Workflow Embedding
The product is integrated into the existing software buyers use every day. For healthcare: inside the EHR. For legal: inside the document management system. For insurance: inside the policy administration platform. Integration is not an API connection โ€” it's a deep embedding that routes work through the AI product as a required step in an existing workflow.
03
Proprietary Data
Every transaction processed generates labeled training data that improves the model for the next transaction. This is the flywheel layer. After 1 million claims processed, the model knows patterns that a new entrant training on public data cannot replicate. The data advantage compounds with every customer and every transaction.
04
Compliance Infrastructure
SOC 2 Type II, HIPAA, FedRAMP, or industry-specific certifications are expensive to earn and impossible to copy. Enterprise buyers in regulated industries require these certifications before deploying any software on sensitive data. A competitor must earn these independently โ€” they cannot be transferred or licensed from the incumbent.
05
Switching Cost
The cumulative result of all the layers above. Replacing a deeply embedded, compliant, proprietary-data-trained vertical AI requires simultaneously rebuilding integrations, retraining staff, recertifying for compliance, and accepting years of degraded model performance while the new system catches up. Rational buyers don't switch. That's the moat.

The Healthcare Example

Take a healthcare revenue cycle AI company. At the base: domain expertise โ€” the team understands denial codes, payer behavior, and regulatory nuance a generalist AI would take years to learn. Layer two: workflow embedding โ€” plugging directly into Epic or Cerner. Layer three: proprietary data โ€” every claim processed generates labeled outcomes that improve the model. Layer four: HIPAA and SOC 2 compliance. Layer five: switching cost โ€” moving to a competitor means retraining staff, recertifying systems, and losing years of model performance.

Nobody switches. That's the moat.

The Evaluation Framework

When evaluating a vertical AI company, ask: how many layers are genuinely in place? One or two means vulnerable. All five means genuinely difficult to displace โ€” and that difficulty is exactly what you want to own.

Building the Stack Deliberately

The best vertical AI founders don't stumble into the moat stack. They plan for it. They start with domain expertise (founder background), use it to win first customers (workflow embedding), accumulate data from those customers (proprietary data), use revenue to fund compliance (regulatory layer), and watch switching cost accumulate naturally from all the above.

The sequence matters. Domain expertise enables the first win. The first win enables data. Data enables compliance investment. All of it together enables switching cost. Founders who try to build compliance infrastructure before they have customers are optimizing the wrong layer first.

In vertical AI, friction is the feature. High switching cost isn't a side effect โ€” it's the goal.

Frequently Asked Questions

What are the five layers of the vertical AI moat stack?+
Layer 1: Domain expertise โ€” deep industry knowledge a generalist AI can't replicate without years of exposure. Layer 2: Workflow embedding โ€” integration into existing software systems buyers already use daily. Layer 3: Proprietary data โ€” every transaction generates labeled training data that improves the model over time. Layer 4: Compliance infrastructure โ€” SOC 2, HIPAA, FedRAMP, or industry-specific certifications. Layer 5: Switching cost โ€” the cumulative cost of replacing all the above layers simultaneously.
How do you use the moat stack framework to evaluate AI companies?+
Count how many layers are genuinely in place, not just claimed in the pitch deck. Test each one: Is the domain expertise in the founding team, or just in advisors? Is workflow embedding real (inside the EHR, CRM, etc.) or is it a browser extension? Is proprietary data genuinely accumulated from production deployment, or is it scraped public data? Is compliance infrastructure in place or 'in progress'? One or two real layers = early stage. All five = defensive business.
Why is compliance infrastructure a moat layer for AI companies?+
Regulatory compliance is expensive, time-consuming, and genuinely difficult. A SOC 2 Type II certification takes 6-12 months and $50-100K. HIPAA compliance requires years of process implementation. FedRAMP authorization takes 12-18 months minimum. These certifications can't be copied โ€” they must be earned. And enterprise buyers in regulated industries won't buy without them, making compliance infrastructure a real barrier to competitive entry.
What's the difference between claimed switching cost and real switching cost?+
Claimed switching cost: 'Customers have been using us for 2 years.' Real switching cost: 'Replacing us requires retraining 200 staff, rebuilding 4 integrations, recertifying for HIPAA, and losing 3 years of model performance tuned to their specific data.' Real switching cost is painful enough that rational buyers don't switch even when a competitor offers better pricing or features. The test is simple: would your largest customer switch for a 20% price reduction? If yes, you don't have real switching cost.
โ†
Previous
Ch. 7: Why Vertical AI Wins
All Chapters
Next
Ch. 9: Vertical AI Economics
โ†’
๐Ÿ“š

Read the Full Book

22 chapters on how venture capital actually works โ€” the math, the mechanics, and the decisions that compound over time.

Read Free Online โ†’Browse All Chapters