← Wiki index

Concept

Software Moats

Concept · Updated 2026-05-27 · Confidence: medium

strategycompanymarketinvestingai

Gokul Rajaram's 20VC framework lists eight moats for enduring software companies. The key rule is cumulative: one moat is weak; four or more moats suggest a company is relatively safe from competition; zero moats suggests fragility.

The eight moats

  1. Secret data — unique proprietary information accumulated over years, such as Spotify's listening history powering recommendations.
  2. Deep integration — software woven into daily operations and core workflows, such as NetSuite running company finance and operations.
  3. Regulatory locks — licences, certifications, or compliance status that are hard to obtain, such as Coinbase money-transmission licences.
  4. Control of sales channels — privileged access to the customer path, such as Intuit/QuickBooks influence through accountants.
  5. Ecosystem lock-in — a developer/app/tool ecosystem that is hard to recreate, such as Shopify's merchant app ecosystem.
  6. Network effects — the service improves as more participants use it, such as DoorDash's driver, restaurant, customer, and delivery-history network.
  7. Physical stuff — hard-to-replicate physical infrastructure: factories, robots, servers, logistics, or other atoms.
  8. Size advantage — scale economics that let a company offer lower prices or better economics than rivals, such as Amazon or TSMC.

Synthesis

The framework is useful because it separates software that is easy to copy from companies that are hard to displace. It also updates Monopoly Theory for software and AI: a product feature may be cloned quickly, but accumulated data, workflow embedding, regulated permissions, distribution channels, ecosystems, networks, atoms, and scale are harder to clone.

How to use it

For company analysis, score each moat as absent, weak, emerging, or strong. A durable software company should not rely on a single defence. The strongest cases stack several moats: for example, an embedded financial infrastructure company might combine deep integration, regulatory locks, proprietary data, ecosystem partners, and scale economics.

AI-era addendum

The two Gokul Rajaram podcast transcripts reinforce that software moats are now a response to cheap code. Thin AI wrappers are exposed; stronger companies stack moats and, in AI-native categories, may need to own the system of record or full workflow rather than merely sit on top of an incumbent API. See AI-native Software Business Models.

Related pages