Security by industry

Every industry has its own security model. Pick yours for the specific threats, the regulations that apply, and the buyer signals that matter.

B2B SaaS

Selling SaaS to B2B buyers means surviving real security scrutiny: auth, data isolation, and process all have to hold up. Miss the baseline and the deal stalls.

E-commerce

E-commerce security is payment + PII + fraud-defense. Most modern stacks use Stripe / Shopify Payments to offload card-handling; the remaining surface is account takeover, address enumeration, and checkout fraud.

EdTech

Products used in K-12 and higher-ed handle student PII and records. The security surface is access control, consent enforcement, and data minimization on every student-data path.

Marketplace

Marketplaces balance frictionless onboarding with fraud defense. Typical attacker profile: sellers selling stolen goods, buyers committing payment fraud, account takeovers to monetize reputation, safety incidents between users.

Developer tools

If you sell dev tools, a single vulnerability in your product = potential breach at every customer. Your security posture needs to be above industry-baseline simply because your attack surface is everyone's production.

AI products (LLM wrappers + agents)

AI products add a new threat model on top of standard SaaS risks. Prompt injection, model supply chain, cost-of-abuse, and data residency in training all become first-class concerns.

E-commerce

E-commerce security has a payment-token layer and a non-payment layer (auth, BOLA, fraud). Most modern e-commerce uses Stripe / Shop Pay / Apple Pay tokenization so raw card data never touches your servers.

EdTech

EdTech security centers on student-record access control, consent-gated under-13 data collection, and data minimization. AI tutoring adds prompt-injection defense + cross-student isolation.

AI-as-a-Service

AI-as-a-Service (per-API-call inference, fine-tuning offerings, RAG-as-a-service) has unique threats: tenant-prompt isolation, prompt-injection, training-data contamination, AIBOM transparency.

Marketplace (two-sided)

Marketplace = double the threat model. Each side needs auth + BOLA scope + fraud detection. Plus: payout security and category-specific safety controls (rentals, labor, finance).

Developer Tools

Devtools have customer credentials + customer source-code in scope. The Vercel Apr 2026 + Lovable Apr 2026 incidents highlight what happens when devtool security fails.