Some things I’ve learned reviewing tech stacks on small software/tech acquisitions

Software is becoming a big piece of even physical service companies. Technical due diligence is an often overlooked piece of a successful acquisition, and it really shouldn’t be. 1. Everything was built by consultants that aren’t embedded in the business. This one flies under the radar. Everything technically works, but who knows how to make it better? Who knows how to fix it when things go wrong? Do you actually own the underlying software? 2. Unsecured and ungoverned AI infrastructure. SMBs are adding AI much faster than large companies, which is great. But the unintended consequence is that it can go completely ungoverned over what it’s doing and what it has access to. AI is becoming an easy attack vector and could leave your logins, keys, and sensitive information out in the open. Ungoverned AI has also been known to make incorrect decisions - PocketOS had all of their data deleted off of production databases and backups, even though they explicitly told the AI agent to never do this without approval. 3. Legacy platforms. These aren’t as obvious, and sellers won’t generally admit this one. This could kill you. Open source software, which SaaS (and ecommerce depending on the platform) is built on is updated so fast it’s hard to keep up with. A lot of times, this software reaches end of life way sooner than you expect. Without a team maintaining this, it’s so easy for this to fall under the radar. You’ll just wake up one day to your platform down and no quick fix for it - sometimes these updates take developers a week or longer. Would love to compare notes with anyone evaluating a deal with a tech component.