← Writing

14/04/2026

Headless SaaS: what founders need to know about the agent era

There’s a term making the rounds in enterprise AI circles: headless SaaS.

It comes from a conversation that’s already happening at the board level. Not a prediction. Not a trend report. Actual procurement language, right now, in 2026.

If you build, buy, or recommend B2B software, this is worth 10 minutes of your time.

Table of Contents

Key Takeaways

  • “Headless SaaS” means software that AI agents can operate without a human clicking anything
  • Aaron Levie, CEO of Box, expects “1,000 times more agents than people” in the enterprise within years
  • Wrapping APIs in an MCP server isn’t enough: agents need ergonomic interfaces, not just access
  • If you don’t build your own agent layer, someone else will build it on top of your product and own your user relationship

The quote that started this

In late 2025, Aaron Levie, CEO of Box, was asked what AI means for enterprise software. His answer: “If you’re building software that doesn’t have a great headless mode to work well with AI agents, you’re going to be at risk in the coming years.”

Then he said something that should stop any B2B founder in their tracks. He expects there will be “about 100 times more, maybe 1,000 times more, agents than we have people.”

Think about that number. If there are 1,000 times more AI agents than humans, agents become the primary users of most software. The human clicking through your UI becomes the exception, not the rule.

And in a separate conversation with enterprise IT leaders, he went further: enterprises “will kick out vendors that don’t make it technically or economically easy for agents to use their product.”

Not “might reconsider.” Not “will raise concerns at renewal.” Kick out.

That’s procurement language. It’s already being used by the people who sign enterprise software contracts.

The concept he’s describing has a name: headless SaaS.

What headless SaaS actually means

Not the same as headless CMS

If you’ve worked in digital for a while, you’ve heard of headless CMS. The idea: separate content management from the front-end. Editors write in one place, that content can appear on a website, a mobile app, an email, a digital display. Anywhere. The CMS is “headless” because it has no fixed output layer.

Headless SaaS takes a different slice of the same idea. The question isn’t where content goes. The question is whether your software can be operated entirely by a machine.

The human interface still exists. Your app, your dashboard, your buttons and menus, all still there. The test is whether an AI agent could complete your core workflow without a human ever opening a browser.

The simplest way to picture it

Think about a vending machine versus a corner shop.

A vending machine is headless. You could send a robot to buy something from it. The interface is clear, mechanical, predictable: insert payment, select item, collect product. A robot can do that without anyone explaining anything.

A corner shop isn’t headless. A robot walking in would have to ask questions, understand context, negotiate with the shopkeeper, figure out which drawer holds the change. Even if the shop had an “API” (a card reader, a barcode scanner), the experience still assumes a human is operating it.

Most B2B software today is the corner shop.

It has APIs. It has integrations. But the experience of using it assumes a human is making decisions, reading error messages, clicking confirmation dialogs, and interpreting ambiguous responses. An AI agent trying to use it hits every one of those assumptions and stalls.

The risk nobody talks about

Here’s the part most commentary leaves out, and it’s the one that matters most if you’re building a product.

If your software doesn’t have a proper headless layer, someone else will build one on top of it.

Third-party “overlay” tools already exist that sit between an AI agent and your product. They act as translators: the agent talks to the overlay, the overlay talks to your software. From the outside, your product looks agent-compatible.

But here’s the problem. The overlay owns that relationship. The overlay gets the usage data. The overlay is what the customer actually experiences. Your product becomes an invisible backend the agent (and the customer) barely knows exists.

Once that happens, you’re a commodity. The overlay provider can swap you out for a cheaper competitor and the agent won’t notice. Your product hasn’t changed. Your relationship has.

This isn’t a theoretical risk. It’s already how some enterprise software stacks are being restructured. The vendors who build their own agent layer keep the customer relationship. The ones who don’t, lose it to whoever builds the bridge for them.

Why “just add an MCP server” is wrong

Dharmesh Shah, co-founder of HubSpot, put it plainly: “Headless doesn’t mean brainless. You don’t just wrap your existing APIs into an MCP server and call it a day.”

MCP (Model Context Protocol) is a standard that lets AI models connect to external tools and data sources. Adding one gives agents access to your product. But access and usability are different things.

Here’s a concrete example. When something goes wrong in your software, what does the error message look like?

A human-readable error:

“Oops! Something went wrong. Please try again later.”

An agent-readable error:

{
  "error": "rate_limit_exceeded",
  "retry_after_seconds": 60,
  "quota_remaining": 0,
  "action": "retry_after_wait"
}

A human reads the first version and thinks: fine, I’ll try in a minute. An agent reads it and has no idea whether to retry in 5 seconds or 5 days. It might loop endlessly. It might give up. It might create duplicate records trying to complete the same action twice.

That’s the gap between access and ergonomics.

This is what Dharmesh means by AUX (agentic user experience): designing software so the interface works for machines, not just people. Outputs agents can parse. Error messages agents can reason about. Actions that are safe to retry without breaking anything. Documentation that describes what each action achieves, not just how to call it.

An MCP server is table stakes. AUX is the actual work.

How to know if your software is agent-ready

You don’t need to know the technical answers to these questions. You need to know whether your team can answer them. If they can’t, that’s the gap worth closing.

Ask your dev team, or your vendor:

1. “Can a script trigger our core actions without anyone logging in?”

Most software requires a human to authenticate: a login screen, a two-factor code, a session that expires when you close the browser. An agent needs a different kind of access: service credentials that don’t expire when a human logs out. Ask: “Is there an API key or service account we can give to a script?” If your team looks uncertain, that’s your answer.

2. “When something goes wrong, does the system tell you exactly what happened?”

Pull up a recent error in your logs together and read it out loud. Does it say something specific (“payment declined because card limit exceeded”) or something vague (“transaction failed, contact support”)? Specific errors are agent-friendly. Vague errors require a human to interpret them. Agents can’t make phone calls.

3. “If the same action runs twice by accident, does it cause problems?”

Agents retry. They get interrupted. They time out and run again. If triggering your core workflow twice charges a customer twice, sends an email twice, or creates a duplicate record, you have a problem. The technical word is “idempotency.” The plain version: does running it twice break anything?

4. “Can we give an agent its own login, separate from any human user?”

An agent shouldn’t share credentials with a person. You want to track what it did, limit what it can access, and revoke access without affecting anyone else. If your software only supports human-style user accounts, that’s a constraint worth surfacing.

5. “Is there documentation that explains what each action actually does, not just how to call it?”

An agent reading your docs needs to understand intent, not just syntax. “POST /payments creates a payment” is syntax. “POST /payments charges the card on file and sends a receipt to the registered email address. This cannot be undone.” That’s intent. Intent is what agents need to make safe decisions.

You don’t need everything in place today. You need to know the gaps. A vendor who can’t answer these questions in 2026 is a harder sell to an enterprise client in 2027.

What this means for agency owners

Aaron Levie wasn’t talking to founders building software. He was talking to the IT and AI leaders already inside enterprises, the people who approve vendor contracts.

That’s your client.

Your enterprise client is having this conversation internally right now. Their AI transformation team is auditing the stack: which tools work with agents, which ones don’t, which ones are on probation. The agencies that win pitches in the next 12 months will be the ones who can walk into that conversation already fluent.

Knowing what “headless SaaS” means is a new axis of technical credibility. It sits alongside security, compliance, and scalability as things an agency partner should understand when evaluating a client’s tech stack.

When a client asks “can our CRM work with the agents we’re building?”, you need to be able to answer that, or at least ask the right questions.

MACH architecture (Microservices, API-first, Cloud-native, Headless) was designed with composability in mind. If your clients run MACH-compliant platforms, they’re ahead. If they’re on legacy monoliths, the answer is usually complicated and worth surfacing before someone else surfaces it for them.

Being the person who brings this framing to a client meeting, before they’ve had to ask, is what separates a partner from a supplier.

What a fractional CTO does here

Agent-readiness is a technical question with business consequences. Most founders aren’t equipped to evaluate it themselves, and most vendors won’t volunteer the information unprompted.

The work looks like: vendor evaluation through an agent-readiness lens, identifying gaps in the current stack, and where needed, designing the AUX layer (the interface that makes existing software usable by agents without rebuilding from scratch).

For teams already using AI in development, this connects directly to the workflow structures that make AI-assisted development safe and scalable.

If you want to understand where your stack sits, or where a client’s stack sits, a technical due diligence engagement is usually the fastest way to get a clear picture.

Frequently Asked Questions

What is headless SaaS?

Headless SaaS is B2B software that AI agents can operate without a human in the loop. The human interface (your app, your dashboard) still exists, but the software is also designed so that a machine can authenticate, trigger actions, read outputs, and handle errors without anyone clicking anything.

The term is emerging from enterprise AI conversations in 2025-2026 as companies evaluate which vendors are compatible with agent workflows.

How is headless SaaS different from headless CMS?

Headless CMS separates content management from content presentation: you write in one place, content appears anywhere. It’s specifically about publishing.

Headless SaaS is about operability. Can an AI agent fully operate your software product? It’s a broader concept that applies to any B2B tool: CRM, project management, invoicing, data pipelines, anything.

What is agentic UX (AUX)?

AUX is the discipline of designing software interfaces for AI agents, not just humans. The term comes from Dharmesh Shah, co-founder of HubSpot.

Where traditional UX optimises for how a person clicks and reads, AUX optimises for how a machine authenticates, parses outputs, handles errors, and makes decisions. It’s not just adding an API. It’s rethinking what a “good experience” looks like when the user has no eyes.

What is an MCP server?

MCP stands for Model Context Protocol. It’s an open standard that lets AI models connect to external tools and data sources: a way of giving an AI agent the ability to read from and write to your software.

Adding an MCP server gives agents access. But access alone doesn’t make software agent-ready. The interaction still has to be designed well: error messages machines can interpret, actions safe to retry, authentication that works without a human. That’s the AUX layer on top of the MCP.

Does my existing software need to be rebuilt to be agent-ready?

Rarely from scratch. Most products need additions, not rewrites. The typical path: add service account authentication, improve API error responses, document action intent clearly, and add idempotency where it’s missing.

The bigger question is whether your software vendors are investing in this. If they’re not, that’s worth knowing now.

How are enterprises deciding which vendors to keep as agents take over?

The same way they always evaluate vendors: can this software do what we need. The shift is that “what we need” now includes: can our agents use this?

Aaron Levie expects 1,000 times more agents than people in the enterprise. That means agents are becoming the primary users of software. Any tool that doesn’t work well for agents becomes a bottleneck. Bottlenecks get reviewed. Reviews lead to replacements.

The vendors who survive this cycle are the ones who’ve invested in making their products work for agents as naturally as they work for humans.

If you’re not sure whether your stack holds up, or you want to use this framing with a client, a discovery call is a good place to start.

Written by

Fame Razak

Fractional CTO with 26 years of experience at AKQA, AnalogFolk, Wunderman, Digitas, and Critical Mass. Technical lead on work for Nike, HSBC, Microsoft, and Citi. Now helping creative agencies and ambitious founders build with confidence.

More writing

07/04/2026

When to hire a fractional CTO (and when not to)

The honest answer to when a fractional CTO is the right call — and the situations where it's the wrong one entirely. For founders and agency owners.

30/03/2026

Fractional CTO vs Full-Time CTO: a real comparison

When a fractional CTO makes more sense than a full-time hire, what each costs, and how to decide. For agency owners and startup founders.

30/03/2026

How to set your startup team up for AI-assisted development without breaking production

A practical guide to structuring your codebase and dev workflow so a 15-person startup team can ship confidently with AI tools — without accidental production incidents.

Not sure if your software is agent-ready? Let's find out.

Book a free 30-minute discovery call. We'll talk through your situation and I'll tell you honestly whether I can help.

Book a discovery call