In 2022, Jasper AI raised at a $1.5 billion valuation. The product was an AI writing assistant — you gave it a prompt, it gave you marketing copy. Revenue hit $120 million. Investors celebrated. The future of content creation had arrived.
By 2024, revenue had fallen to roughly $55 million. What happened wasn’t a scandal or a strategic error. What happened was that OpenAI, Google, and Anthropic made the underlying capability free. As Sid Ramesh wrote in a post that earned 460,000 impressions and 3,000 bookmarks: “What looked like a company turned out to be a feature waiting for a platform to absorb it.”
I’ve lived this lesson. At Flowroute, we watched dozens of VoIP startups flame out because they’d built pretty softphone interfaces on top of commodity SIP trunking. When the underlying connectivity got cheap enough, the interface was worthless. The companies that survived were the ones that owned the infrastructure layer — the pipes, the routing intelligence, the interconnect relationships that took years to build. Apps come and go. Infrastructure compounds. That lesson shaped everything I’ve built since.
Now apply that lens to every AI vendor currently pitching your credit union.
The $50M Clone Test
Ramesh proposed a brutal thought experiment: “If a team with $50M cloned us tomorrow, what would they still not have in three years?”
That’s the question. Not “is this product useful?” Useful is table stakes. Not “does it have good features?” Features are the thing that gets absorbed. The question is: what does this vendor have that money can’t buy in a reasonable timeframe?
For Jasper, the answer turned out to be nothing. A well-funded team with access to the same APIs could replicate the product in weeks. The $1.5 billion valuation was built on a temporary gap between what the underlying models could do and what end users knew how to access. Once ChatGPT closed that gap, Jasper’s moat evaporated.
Ramesh’s formulation cuts to the bone: “If the thing you’re making can be reproduced by a motivated stranger with a credit card and a Claude subscription, what exactly are you selling?”
Credit union leaders should be asking this about every AI vendor on their stack. The answer will separate the foundations from the features — and save your institution from becoming the next customer holding a contract with a Jasper.
Seven Moats, Mapped to Credit Unions
Ramesh identified seven sources of durability — seven things that survive when everything else gets commoditized. Let me map each one to the credit union context, because the exercise reveals something most CU leaders haven’t recognized: you already own several of the most powerful moats in existence. The question is whether your AI strategy builds on them or ignores them.
Moat 1: Proprietary Data That Compounds
“Data that gets better with use — compounding feedback loops where each interaction improves the product.”
Your credit union has thirty years of member transaction history. BSA alert patterns spanning multiple economic cycles. Lending performance data across interest rate environments, housing markets, and membership demographic shifts. Collections outcomes correlated with contact strategies, payment plan structures, and seasonal timing. Member communication preferences — who responds to email, who picks up the phone, who ignores everything until the third notice.
This is your moat. Not your vendor’s.
I want to pull back the curtain here, because this is the part most credit union leaders undervalue. I’ve been inside a CU*Answers data center. Their IBM Power server — a $5 million machine with 75 CPUs — holds programs between 500 and 40,000 lines, running transaction logic accumulated over decades. That’s not just legacy code. That’s proprietary data encoded as operational behavior. No startup with $50 million can replicate 30 years of your membership’s financial patterns, your examiner’s documented preferences, your community’s seasonal economic rhythms.
In Article 5, I described the core processor time capsule — decades of institutional data locked inside legacy systems. In Article 19, I described every AI interaction as a compounding deposit. The principle is the same: proprietary data that improves with use is the single most durable competitive advantage in the AI era.
The critical question for vendor evaluation: does your AI vendor help you compound this data, or do they extract it? A vendor that ingests your transaction data, trains their model on it, and serves the resulting intelligence back to you as a subscription is extracting your moat. A vendor that deploys agents within your environment, accumulates institutional context that belongs to you, and gets smarter specifically for your institution is helping you compound it.
The difference isn’t subtle. It’s the difference between depositing your money in someone else’s bank and investing it in your own.
Moat 2: Infrastructure Trust
“Embedded dependency and production-grade reliability — SOC 2, audit trails, the boring stuff that takes years to earn.”
This is where weekend hackathons die. A talented engineer can build a BSA triage demo in a weekend. Getting that system to 99.99% uptime, passing SOC 2 Type II, producing examiner-ready audit trails, handling edge cases without hallucinating, maintaining data isolation between institutions, and surviving a regulatory examination — that takes years, not weekends.
I’ve been examined. I’ve sat across from regulators who had the authority to end my business. At Concreit, operating under SEC regulation meant that every system, every process, every audit trail had to survive scrutiny from people whose job was to find the thing you missed. That experience changes how you build. You don’t bolt compliance on at the end. You build it into the foundation. And that foundation — the boring, unglamorous, examiner-ready infrastructure — is a moat that no amount of funding can shortcut.
In Article 8, I described the three pillars of trustworthy AI for credit unions: accuracy, auditability, and accountability. In Article 14, I made the case for examiner-ready design — AI systems that produce the documentation examiners expect before they ask for it. Infrastructure trust is the compound of all three pillars, built over time through production usage, regulatory scrutiny, and the slow accumulation of institutional confidence.
Ramesh nails the dynamic: “Auditors start recognizing your logs, procurement teams add you to their approved list, and policies get written around your reporting formats.” Once a vendor’s audit trail format becomes the format your examiner expects, switching costs become structural. Not because the vendor locked you in — but because the trust was earned, and trust doesn’t transfer with a data export.
Apply the $50M clone test. Could a well-funded competitor build a SOC 2-compliant, examiner-tested, production-hardened AI platform for credit unions in three years? Maybe. Could they replicate the trust that comes from two years of clean examinations, zero data incidents, and procurement approvals at 200 institutions? No.
Moat 3: The Permission Moat
“Regulatory licenses, compliance track records, procurement approvals — the permissions that take years to accumulate.”
This is the moat that credit unions and their vendors share — and it’s one of the most underappreciated advantages in the industry.
NCUA compliance isn’t a checkbox. It’s a relationship built across examination cycles. State regulatory approvals accumulate over years. Vendor security reviews at large credit unions take six to twelve months. Multi-year procurement cycles mean that getting on the approved vendor list is itself a competitive moat — because the cost of evaluating a replacement is so high that inertia favors the incumbent.
Here’s my contrarian take: this moat is actually stronger than most people realize, because it compounds in both directions. At Concreit, operating under dual federal regulatory frameworks — SEC registration plus state-level compliance — taught me that the permission moat isn’t just about having the license. It’s about the institutional memory of every examination, every finding, every correction. Each clean exam makes the next one easier. Each regulatory relationship deepens the trust. A new entrant doesn’t just need to pass the exam. They need to build the track record that makes examiners comfortable — and that takes years, not money.
For credit unions evaluating AI vendors, the permission moat cuts both ways. A vendor with an established compliance track record — SOC 2, examiner familiarity, clean audit history — has a moat that protects your institution. A vendor without one is asking you to be their beta test during your next examination.
The $50M clone test is definitive here. Could a well-funded team get NCUA-familiar, pass vendor security reviews at 50 credit unions, and build a compliance track record in three years? The license, maybe. The track record, no.
Moat 4: Structural Distribution
“Distribution that can’t be copied with code — channel access that’s structural, not just strategic.”
CUSO networks. Three hundred credit unions served through a single integration. Cooperative purchasing agreements. League partnerships. Shared branching networks. Core processor marketplace placements.
You cannot build a CUSO relationship with code. You cannot replicate a league endorsement with a better API. You cannot shortcut the vendor evaluation process at 200 credit unions by having superior technology. Distribution in the credit union world is structural — built on relationships, governance structures, and cooperative agreements that take years to establish and cannot be disrupted by a faster product.
In Article 13, I described the CUSO advantage — cooperative service organizations as the distribution mechanism that gives credit union AI vendors a structural moat. One CUSO deployment serves hundreds of institutions. The agent’s institutional knowledge accumulates across a diverse portfolio. Cooperative Principle #6 — cooperation among cooperatives — becomes an AI distribution flywheel.
The $50M clone test: could a well-funded competitor build a better product? Absolutely. Could they replicate the CUSO relationships, league endorsements, and procurement approvals that took a decade to build? Not in three years. Not in five.
Moat 5: Community and Brand Independent of Product
“Community that exists independent of the product — people who identify with the mission, not just the features.”
One hundred and forty million Americans are credit union members. “People helping people” isn’t a marketing slogan — it’s a structural identity that shapes purchasing decisions, vendor relationships, and institutional strategy. Credit union leaders attend the same conferences, serve on the same league boards, share vendor recommendations through informal networks, and operate under a cooperative philosophy that actively favors vendors who align with the mission.
No venture-backed fintech can replicate this. A startup can build a better product. It cannot build a 100-year cooperative movement. The community moat means that credit union-aligned vendors benefit from trust, referrals, and procurement preference that pure-play technology companies — regardless of their funding or features — cannot access.
Ramesh’s insight applies directly: “Growth without identity is just rented attention.” A vendor that builds for credit unions but doesn’t understand the cooperative mission is renting attention. A vendor embedded in the cooperative ecosystem — CUSO partnerships, league relationships, shared governance values — has identity-level distribution that survives product cycles.
I’ve seen this from both sides now. Silicon Valley venture culture optimizes for speed and scale. The credit union world optimizes for trust and durability. Those aren’t the same thing. And the vendors who confuse one for the other — who try to blitz the CU market with VC-funded growth tactics — consistently underestimate how powerful the community moat actually is. The CU leader who’s been burned by a fintech vendor that folded after Series B doesn’t care about your demo. She cares about whether you’ll be here in five years.
Moats 6 and 7: Capital and Physical Infrastructure
Accumulated capital and liquidity (Moat 6) and physical infrastructure (Moat 7) are less directly applicable to the AI vendor evaluation — though not irrelevant. A well-capitalized vendor survives market downturns that kill underfunded competitors. Physical infrastructure — data centers, branch networks, ATM deployments — creates switching costs that pure software cannot.
For credit unions themselves, both moats matter. Your branch network is a physical moat. Your capital reserves are a durability moat. And your AI strategy should build on those existing moats rather than creating dependency on a vendor whose capital structure is a VC fund with a seven-year horizon.
The Vendor Evaluation Framework
For every AI vendor on your stack, ask Ramesh’s question: what do they have that $50M can’t buy in three years?
Compounding institutional data? Does the vendor’s system accumulate knowledge specific to your institution — your alert patterns, your examiner preferences, your member communication style — in a way that compounds over time? Or does it reset every session, treating your credit union the same on day 365 as on day one? (Article 19: if your system doesn’t keep the balance, you don’t have an AI strategy.)
Permission moat? Does the vendor have SOC 2, examiner familiarity, and a compliance track record? Or are they asking you to be the test case that builds their track record — at your institution’s risk?
Infrastructure trust? Has the vendor’s system survived production workloads, edge cases, and regulatory scrutiny? Or is their demo impressive but their production record nonexistent?
Structural distribution? Is the vendor embedded in the cooperative ecosystem — CUSO partnerships, league relationships, shared governance alignment? Or are they a Silicon Valley startup that discovered credit unions last quarter?
Or just a nice UI on top of the same API everyone has access to?
The Jasper lesson is stark. A $1.5 billion valuation collapsed to a fraction because the product was a feature, not a foundation. The underlying capability became universally available, and the wrapper lost its value. Every AI vendor selling to credit unions should be evaluated against the same test. If the model provider releases a better version tomorrow, does your vendor become more valuable — or does it become Jasper?
Your Agents, Not Theirs
In Article 18, I drew the line between vendors that build moats for you and vendors that build moats against you.
Vendors that build moats for you: your data compounds in systems you control. Your institutional context accumulates in agents that belong to your institution. Your compliance record strengthens with every clean examination. If you leave the vendor, your data and context come with you.
Vendors that build moats against you: proprietary data formats that make migration impossible. Institutional knowledge locked in the vendor’s cloud. Contractual terms that treat your data as their training set. Switching costs designed to trap, not to serve.
At Runline, we made this decision before we wrote a line of code. Our agents — Runners — operate inside your environment. Your institutional context belongs to you. Your ontology compounds in systems you control. We built it this way because I’ve been on the other side of vendor lock-in. At Flowroute, we watched customers trapped in multi-year telecom contracts with vendors who held their phone numbers hostage. When we offered number portability as a feature, customers switched in droves — not because our voice quality was better, but because we respected their ownership of their own assets. The same principle applies to institutional knowledge. Your data. Your context. Your agents.
Ramesh’s framework makes the distinction testable. A vendor building moats for you makes your institution harder to clone. A vendor building moats against you makes their product harder to leave. Those are different things — and the difference matters more in the AI era than it ever has, because the compounding effects of institutional knowledge mean that the wrong vendor relationship doesn’t just cost you money. It costs you years of accumulated intelligence.
In Article 25, I cited Alex Karp’s observation that “a raw model floating in a vacuum hallucinates over your unstructured data.” The vendors selling raw models — chatbots with a compliance skin, copilots that wrap the same API your IT team could access directly — are selling features. The vendors building ontology on top of your institutional moats — your data, your workflows, your regulatory context, your examiner relationships — are selling foundations.
Features get absorbed. Foundations compound.
The Index Card Test
Ramesh ends with a question every credit union leader should tape to their monitor: “Does someone’s life or work get worse if this product disappears tomorrow?”
For a chatbot that answers FAQ questions on your website: no. Your member service team picks up the calls. The questions still get answered. Nothing breaks.
For an AI agent that has accumulated eighteen months of your institutional knowledge — that knows your examiner’s documentation preferences, has triaged 50,000 BSA alerts calibrated to your membership’s behavior patterns, has your risk tolerance encoded in its decision logic, and produces SAR narratives that your compliance officer approves without edits 90% of the time: absolutely yes. Losing that system doesn’t just remove a tool. It removes institutional memory. It removes the compounding deposits described in Article 19 — months or years of accumulated intelligence that cannot be rebuilt from a backup.
That’s the difference between a feature and a foundation. A feature is something you use. A foundation is something you build on. Features are interchangeable. Foundations are irreplaceable — not because you’re locked in, but because what you’ve built on them has value that transcends the platform.
Ramesh put it best: “Defensibility isn’t a wall you build but a direction you compound in.”
Credit unions already understand compounding. You’ve built your institutions on it — member relationships, community trust, cooperative identity, decades of service. The AI question isn’t whether to adopt new technology. It’s whether the technology you adopt compounds in the same direction as everything you’ve already built.
Your moats are real. Your data is proprietary. Your permissions are earned. Your distribution is structural. Your community is irreplaceable. The AI vendors that survive will be the ones that build on those moats — making them deeper, wider, and more durable with every interaction.
Everything else is Jasper.
Sean Hsieh is the Founder & CEO of Runline, the secure agentic platform for credit unions. Previously, he co-founded Flowroute (acquired by Intrado, 2018) and Concreit, an SEC-regulated WealthTech platform managing real securities under dual federal regulatory frameworks.
Next in the series: we examine how the institutions leading in AI adoption are sequencing their deployments — and why the order matters as much as the technology.
