Vibecoding a Bank | Fintech Inside #104, 09th Mar 2026
The SaaS-pocalypse is real for interface layers. It's irrelevant for systems of record. A framework for building fintech that lasts.
Hi Insiders, I’m Osborne, an investor in early stage startups.
Welcome to the 104th edition of Fintech Inside. Fintech Inside is the front page of Fintech in emerging markets.
Last week, I vibe-coded an entire core banking system in a single prompt. Role-based logins, general ledger, deposit and loan accounting, transaction views - the works.
A year ago, this would’ve taken me weeks. Today, one prompt. That’s how fast coding agents have improved.
This speed is exactly what’s driving the panic. Anthropic launched a legal plugin for Claude in February and wiped roughly $285bn off the legal tech sector in a single day.
Software stocks are cratering. The “SaaS is dead” discourse is deafening. And honestly? If you only look at the interface layer, the panic makes sense.
But you come to Fintech Inside for the nuance, not the noise. So this edition goes deeper. I explore what AI can and cannot actually disrupt across the banking stack - from the interface layer (fair game) to the controls layer (harder than it looks) to the core system of record (not happening anytime soon).
And I lay out how I think fintech founders should think about building and selling to financial institutions in an AI-accelerated world.
Three-time champions, first-ever title defence, and 255 on the board in a final — India didn’t just beat New Zealand, they made it look unfair. What a tournament. Go India! 🇮🇳
Thank you for supporting me and sticking around. Enjoy another satisfying week in fintech!
Considering angel investing? I get a bunch of fintech founders reaching out to me for investors. I’d be happy to put you in touch. Send me a DM here.
🤔 One Big Thought
Vibecoding a Bank - What AI can and can't disrupt in financial services
I vibecoded an entire core banking system using Kimi K2.5. In one shot. One prompt. You can play with it at cbs.osborne.vc. I open-sourced both the prompt and the code if you’d like to make it your own.
It has role-based logins (admin, teller, customer service, operations, credit officer, finance), a general ledger, deposit and loan accounting screens, transaction views - the full interface of what a core banking system looks like.
It looks like a modern core banking system. But it doesn’t work like one.
I built the interface layer in one shot. The middle layer i.e. controls, compliance, fraud, AML, would take months of domain expertise. The core layer i.e. the actual ledger, the system of record, would take years.
That gap between what you can vibe code in an afternoon and what a bank actually needs? That’s the entire thesis of this edition.
I’ve built 21 projects (and counting) with AI in the last year and a half. Some would say I’ve got an addiction, and they may or may not be right.
A dilution visualiser for founders. A news digest I use every week for the TWIF Asia newsletter. A CLI-based CRM for VCs. A smart ingredient scanner. A pastry chef dashboard that helps chefs brainstorm dessert recipes using AI. A text to speech converter for my read-later list. A flappy birds clone for the tech ecosystem called FounderUdd, which remains one of my finest contributions to society. You can find a list of some of my projects here.
I’ve experimented and used all the big lab coding tools i.e. Cursor, Claude, Gemini, Codex, Kimi. Some projects took a weekend, some took weeks of late nights and started-from-scratch frustration. But the throughput was extraordinary. Ideas I’d been sitting on for years were suddenly shippable in days.
And the tools got dramatically better along the way - in just one year! My first project, the dilution simulator, was rough - prompt ChatGPT, copy paste code, debug manually, wrestle with errors I barely understood. By the time I built Lokta (try it here), a full DocSend alternative with AI-powered document chat, the experience was unrecognisable.
Claude Code in Cursor was architecting components, running security audits, handling authentication flows, catching vulnerabilities I wouldn’t have spotted myself. The progression from “AI helps me write code” to “AI helps me build software“ happened in about 12 months.
But the more I built, the more something became clear. What I was generating across all 21 projects was interface. Dashboards. Tools. Workflows. Things that present information, collect input, guide users through a flow.
I really tried building a system of record. The first thing I really wanted to build was an entire operating system for my venture/investing activities. It was a complex requirement and I’d constantly face challenges. I deleted everything and started from scratch - thrice. Maybe I’m expecting too much from AI too early in its journey. Or maybe I’m just incompetent.
Not one was a system of record. Not one maintained financial state. Not one had to reconcile a ledger, survive an audit, or report to a regulator.
That distinction is the most important one in the current AI “SaaSpocalypse” discourse, especially for those of us in financial services.
Because it’s one thing to vibe code a dashboard. It’s another to vibe code a balance sheet.
The “SaaSpocalypse” and what everyone’s arguing about
If you've been anywhere near tech Twitter lately, you've heard it all. SaaS is dead. AI agents will replace every enterprise tool. Seat-based pricing is finished. VCs won't touch a pure SaaS pitch anymore.
The trigger was Anthropic’s recent product blitz i.e. Claude Code, Cowork, Claude for Excel/Powerpoint, Claude for legal review, Claude for Equity Research, all landing in quick succession. After Anthropic launched a legal plugin on Feb 3, Thomson Reuters dropped 16%, RELX fell 14%, LegalZoom sank nearly 20%, wiping roughly $285bn from the legal tech sector in a single day. The “SaaS-pocalypse” had its poster child.
The discourse has split into camps, but any sane person would agree the future is more nuanced than “SaaS is dead.”
Some say AI will eat everything. HSBC’s CIO Academy team published a note calling this the “AI fear trade” - the market selling first, asking questions later. Their key insight: the two concurrent fears (AI will disrupt all sectors and the return on $650bn in AI capex is uncertain) are contradictory.
Sidu Ponnappa, founder of RealFast AI, makes a sharper structural argument: it’s not that SaaS pricing is under pressure, it’s that the economics of software as an asset is breaking. If building an HRMS takes an AI agent a weekend instead of a team six months, the output isn’t an asset. It’s inventory. You don’t amortise inventory. You liquidate it.
The view I concur with: it depends entirely on what layer of the stack you're building on. On a recent episode of No Priors, Elad Gil put it well - “people are projecting five-person startup behaviour onto the Fortune 100. A technical team can vibe code a CRM over the weekend. Before that, they just used a spreadsheet. Does that mean Bank of America is going to displace their core systems with something hacked together in a day? Probably not”.
1-min Feedback: Your feedback helps me improve this newsletter. Click UPVOTE 👍🏽 or DOWNVOTE 👎🏽
The slop problem with vibecoding
There’s a serious code quality problem with vibecoding that gets ignored.
When AI generates enormous amounts of code and nobody’s reading it closely, nobody deeply understands the codebase, and there’s no systematic review - you get fragility.
That’s a slop problem. Not slop from random weekend projects, but vibe coding slop in actual production codebases, created by every engineer taking the path of least resistance. Generally, I’ve found when vibecoding that incremental changes ends up introducing slop.
Now extrapolate that to a core banking system where billions of transactions are being processed every minute, 24x7, 365 days a year. Without a break. Processing that much volume requires code ultra-streamlined code. Any aspect of the system that causes even millisecond delays in a transaction, compounds at the scale and speed of UPI as an example.
A single reconciliation error can cascade into a regulatory event. Where audit trails need to be perfect. Where the code isn’t just running a feature, it’s maintaining legal state.
And it’s not just code quality. There’s a change management problem. If you ask the engineer annoyed about paying $10/seat for Jira whether they’d want to handle change management at a bank involving aligning hundreds of people on a new workflow, managing security, maintaining the system indefinitely, the answer is probably not. Enterprise software isn’t just code. It’s organisational infrastructure.
The tools are getting better, fast. My own experience proves it. AI coding agents now run security scans, catch dependency vulnerabilities, generate test suites, and architect with less intervention than a year ago.
Token costs have collapsed, according to MIT Research, for frontier models, the cost to achieve a given benchmark performance has fallen 5x-10x per year, with top-tier models seeing declines up to ~30x per year. The trajectory is clearly towards more capable, more auditable code generation.
But “getting better” and “ready for core banking” are very different bars. The gap between 4th best provider and 3rd best is wider than the gap between 4th and 200th.
That’s the distinction that matters for financial services.
Banking Is not software. It’s a system of record.
Most software is a system of interaction. It manages tasks, workflows, communication. If your project management tool goes down, you lose context. Annoying, but recoverable.
Banks are systems of record. They maintain who owns what, who owes what, what capital exists, what liabilities are outstanding, and what must be reported to regulators. A bank’s core system isn’t just software, it is the legal memory of the institution.
If your CRM fails, you reschedule a demo. If a consumer order doesn’t get placed, you ask them to do it again. If your ledger fails, someone’s deposit is wrong. That’s not a UI bug. That’s a liability event.
Most AI-optimists looking to “disrupt banking” are looking at the interface. They should be looking at the plumbing too.
The banking stack has three layers
To understand what AI can and cannot change, it helps to break the banking stack into three layers.
The core layer i.e. the ledger. Core banking system, general ledger, deposits and loans accounting, settlement engines, regulatory reporting. This layer defines state. It records every transaction, reconciles every money movement, backs every reported number.
Replacing it is not refactoring. It’s organ transplant surgery.
Core systems accumulate years of transaction history, reconciliation logic, regulator-reviewed processes, and audit trails nobody fully understands but everyone depends on. Migration means perfect balance replication, zero reconciliation gaps, regulator sign-off, operational retraining, and vendor re-integration.
That’s why core replacements take years. Not because engineers can’t write code but because institutions can’t afford to be wrong. AI can generate CRUD apps in minutes. It cannot generate and migrate 15 years of reconciled state.
Using Sidu’s framing: the core banking ledger sits firmly above the line. The difficulty isn’t in the code, it’s in the understanding the code encodes.
And replacing a core banking system isn’t just a technical migration. It’s retraining thousands of people. It’s renegotiating vendor integrations. It’s convincing a regulator that your new system is at least as reliable as the old one. No amount of faster code generation compresses that timeline.
The middle layer i.e. controls and orchestration. AML/KYC engines, fraud detection, risk scoring, treasury workflows, regulatory reporting pipelines, payment routing, reconciliation tools. This is where control lives.
Some of this can absolutely be AI-augmented. Fraud models will improve. Document review will accelerate. I’m seeing this in my portfolio already.
But this layer must remain explainable, auditable, deterministic at decision boundaries, and defensible in front of regulators. False-positives and false negatives are both problematic. If an AI-vibecoded AML engine fails, suspicious transactions pass through, accounts freeze incorrectly, regulators intervene. This isn’t feature risk. This is institutional risk.
This is the “code slop” risk that matters most. Every line of unexplained, unreviewed code in a regulated system is an audit finding waiting to happen.
Nihar Bobba at Better Tomorrow Ventures wrote a great piece about “last mile defensibility”. AI companies survive when they own the coordination between intelligence and real-world systems: regulatory endpoints, audit requirements, liability. The middle layer of banking is exactly this. You can enhance it, but you cannot trivialise it.
Just because AI can write code doesn’t mean it will be trusted. History shows the cheapest solution doesn’t always win. The trusted one does.
The interface layer i.e. where AI actually moves fast. Mobile apps, admin dashboards, internal tools, analytics views, customer onboarding, support automation. Systems of interaction. They present state, collect input, guide users.
This layer can absolutely be vibecoded faster. I’ve done it 21 times. Fintech startups will ship interfaces in days and replace front-ends cheaply.
But surface speed does not equal core replacement. You can modernise the interface all you want. The ledger still remembers everything.
Using Sidu’s “asset vs. inventory” framing: if what you’ve built is primarily an interface, you don’t have a defensible product. You’re below the line. Anyone with Cursor and a weekend can approximate it. But if you’re building something that touches financial state, regulatory compliance, or settlement - that’s still an asset. Possibly more of an asset than ever.
1-min Feedback: Your feedback helps me improve this newsletter. Click UPVOTE 👍🏽 or DOWNVOTE 👎🏽
Why systems of record are so sticky
I ask myself this a lot when evaluating enterprise SaaS startups: if AI is so powerful, why can’t we just rebuild banking from scratch?
Because systems of record accumulate things code generators cannot replicate. You cannot just prompt:
Data gravity. Years of transactions, exceptions, manual adjustments, and edge cases resolved by people who’ve long since left the company.
Regulatory memory. Tests passed. Models approved. Protocols approved. Reports accepted by specific regulators who know the institution’s history.
Integration surface area. Payment rails, card networks, clearing houses, partner APIs, each connected through layers of contracts, certifications, and operational agreements.
Operational muscle memory. Teams trained on specific workflows. Knowledge that lives in people’s heads, not in documentation.
Embedded risk performance. Underwriting data. Fraud loss ratios. Capital buffers calibrated over cycles.
Consider a mid-sized bank with a commercial loan that was originated in 2016, restructured once during COVID under RBI's resolution framework in 2020, had its provisioning norms changed by a regulatory circular in 2022, was upgraded back to standard after 12 months of satisfactory performance, and now sits in a pool that's being evaluated for securitisation. How do you prompt Claude Code to add this to your CBS?
Replacing a system of record means revalidating all of that simultaneously. Boards fear it. Regulators scrutinise it. Operations teams dread it. Now consider that you have quarterly financials releases and every month you have to show growth, margin protection and profit.
This maps to what Nihar describes as “barriers that compound.” Every successful audit strengthens credibility. Every edge case handled adds institutional knowledge. Every year of compliance history deepens dependency. These aren’t features. They’re accumulated trust and trust doesn’t have a vibe-code shortcut.
Competitive advantage theory didn’t just disappear. The production side of software is getting cheaper, yes. But distribution, trust, and institutional embedding - those are as hard as ever.
What AI compresses and what it can’t
I’m not making a Luddite case against AI in fintech. Far from it.
AI will compress feature moats, internal tooling costs, and speed to launch. Fintech teams will prototype faster, build systems cheaper, improve analytics, enhance underwriting, and reduce compliance effort. I’m living it - As a builder and as an investor watching portfolio companies ship faster than ever.
But AI doesn’t eliminate the need for a ledger. And it doesn’t make financial correctness probabilistic. In banking, you’re either right or you’re wrong. There is no “mostly correct” deposit balance.
As interfaces accelerate, the core becomes more important. Faster surface activity increases stress on reconciliation, settlement, and compliance. The faster your cars go, the better your brakes need to be.
Agentic AI won’t kill enterprise software, it will reset its business model from effort-based billing to outcome-based pricing. But the platforms orchestrating AI and non-AI components remain essential. AI becomes the brain; software remains the body. They’re complementary, not substitutional.
The proof is already here, at scale
None of this is theoretical. The most sophisticated fintech companies are already shipping AI-written code into production.
Stripe’s internal coding agents, “minions,” now produce over 1,300 merged pull requests weekly, completely AI-written, human-reviewed. Each minion operates unattended: picks up a task from Slack, writes code, runs tests, submits a PR. But Stripe built these in-house because their codebase is hundreds of millions of lines of mostly Ruby with proprietary libraries and compliance constraints that off-the-shelf agents couldn’t handle. The guardrails matter more than the model.
Ramp implemented over a million lines of AI-suggested code, with 50% weekly active usage across engineering and an 80% reduction in incident investigation time through AI-powered internal tooling.
Brex’s engineering lead described it as a mindset shift: engineers now try three different approaches in the time it used to take for one. The output is cleaner architecture not just faster code.
And Kailash Nadh, CTO of Zerodha, one of India’s largest brokerages, wrote what I think is the most honest assessment from a financial services builder. His piece argues that software development as done for decades is over - compressing weeks into hours, not through vibe coding, but through disciplined use of LLM agents. This is someone maintaining systems millions of retail investors depend on daily.
Harshil and team at Razorpay have always been at the bleeding edge of implementing AI for their systems and products. Last year, Rahul Chari at PhonePe said they don’t use AI for their core systems at all. I’m assuming things have changed for him since then.
The question is no longer whether financial firms will adopt AI coding. They already have. The question is: what layer of the stack can it actually touch and make a difference?
The gap between “can we ship this?” and “should we?”
AI coding agents will keep getting better, faster and cheaper. The progression from my dilution simulator to my DocSend alternative will look quaint in two years. We’ll see agents that maintain long-running context across codebases, flag compliance issues in real-time, and generate audit-ready documentation alongside code. The code slop problem? Every major lab will optimise for accuracy. I expect it gets substantially addressed.
Token costs will keep collapsing. The bottleneck shifts from “can we produce this code?” to “should we ship this code?” - a question requiring human judgment, domain expertise, and institutional context. Exactly what matters most in financial services.
But even as coding tools approach production-grade quality, the non-code barriers in banking remain enormous. You still need a licence, regulator relationships, years of underwriting data, and the operational muscle memory of teams who’ve handled a thousand edge cases.
Technology cycles are compressing decade-long shifts into a year or two. But institutional change, the kind that governs banking, doesn’t compress that way. Technology cycles and institutional cycles operate on fundamentally different clocks. That gap is where the most interesting fintech opportunities of the next decade will live.
What this means for fintech founders
If you’re building an interface-layer fintech i.e. a better dashboard, a prettier app, a faster onboarding flow, your moat just compressed. Defensibility has to come from distribution, data, or regulatory positioning. Not the interface.
If you’re building control-layer infrastructure i.e. compliance tooling, risk engines, fraud systems, AI enhances your product but doesn’t erase it. You need domain expertise, regulatory awareness, and battle-tested trust. Good place to be building.
If you’re replacing a system of record i.e. a new core banking platform, a next-gen ledger, your challenge isn’t code generation. It’s trust migration. And trust migrates slowly, painfully, and expensively.
The question isn’t what vertical you’re in. It’s what product choices you’re making. Are you a tool for professionals, where the user retains liability? That’s vulnerable to AI model creep. Or are you owning outcomes, absorbing liability, coordinating with real-world regulatory systems? That’s structurally defensible.
The best defence is to build a bundle i.e. multi-product surface area that becomes default infrastructure. Cross-sell into the institution. Become embedded. Make switching costs real. In a world where code is cheap, distribution and entrenchment are what compound.
I wrote in my last edition #103 about three structural levers for startups: attack the margin profile, compress time to money, and deliver a Delta 4 experience. AI supercharges all three especially the second.
If AI collapses inference and analysis costs to near-zero, the competitive edge shifts to delivery speed. The fintech that underwrites in seconds, not days. The compliance platform that files across jurisdictions in hours, not weeks. Or even if you’re building SaaS for financial firms, the speed of your response time can dictate if you win that customer.
Every layer of AI compression feeds directly into shrinking the gap between “customer has a need” and “customer has money in hand.”
I believe the winners in AI-era fintech will be services businesses that own the outcome, absorb the liability, and get paid when value is delivered not SaaS companies selling seats. This is where Nihar’s “long last mile” thesis and my “compress time to money” thesis converge. The companies that own the outcome and deliver it fastest will be extraordinarily hard to displace. They’re not selling software. They’re selling certainty, delivered instantly.
The next decade of fintech will not be won by better dashboards. It will be won by companies that own a piece of the system of record, control financial state, accumulate proprietary transaction data, and embed deeply into capital flows.
Because state compounds. Interfaces change.
You can vibe code an app. You cannot vibe code institutional memory. And financial services, at its core, is institutional memory wrapped in software.
What layer of the stack are you building on? How are you thinking about defensibility in an AI-accelerated world? Hit reply — let’s talk.
1-min Feedback: Your feedback helps me improve this newsletter. Click UPVOTE 👍🏽 or DOWNVOTE 👎🏽
🎵 Song on loop
Fintech updates can get boring, so here’s an earworm: This week I’ve been listening to Mountain Sound by Of Monsters and Men (Spotify / Youtube) on loop. It’s one of those songs that makes you want to drive somewhere with no destination. Perfect energy for a week spent thinking about systems that don’t move and code that moves too fast.
✨ Call outs
[REPORT] Quick Commerce in India: The Money Machine That Has Not Made Money Yet by Karan Sehgal and Yash Panditrao of 3F Capital
[BLOG] Situation Awareness - on AGI and the fund investing in the future
[REPORT] The Middle Class Math is not Mathing by AngelOne
[NOTES] Thoughts From the Road by Henry McVey, Head of Global Macro
& Asset Allocation, CIO of KKR’s Balance Sheet
[VIDEO] “I Visited Most Restricted Area of T20 World Cup” - a video on the tech that goes into streaming the T20 World Cup
👋🏾 That’s all Folks
If you’ve made it this far - thanks! As always, you can always reach me via DM at osborne.vc/dm. I’d genuinely appreciate any and all feedback. If you liked what you read, please consider sharing or subscribing.
1-min Anonymous Feedback: Your feedback helps me improve this newsletter. Click UPVOTE 👍🏽 or DOWNVOTE 👎🏽
See you in the next edition.