Control Layer Agents Capture Adjacent Budgets
Poolside
The real prize is not helping one developer type faster, it is becoming the control layer for how code gets tested, secured, and shipped. Once an agent can write code inside a sandbox, run tests, inspect dependencies, patch vulnerabilities, and open or merge deployment changes, it starts touching budgets that usually sit with QA, AppSec, and DevOps. Those budgets are often larger and stickier than a standalone coding seat because they gate production release.
-
QA spend already rises as AI code output rises. In software testing, tools like QA Wolf and Momentic are built around the idea that faster code creation creates more bugs and more need for automated end to end coverage. That shows how a coding agent can naturally expand into test creation, maintenance, and release blocking workflows.
-
Application security is another adjacent wallet. Snyk grew from developer security into code, container, IaC, and cloud scanning, reaching an estimated $326M ARR by February 2026. The lesson is that once a tool sits in the dev workflow, it can keep adding checks and fixes that used to belong to a separate security budget.
-
DevOps platforms prove the bundle math. Harness sells CI/CD, feature flags, governance, security, and cloud cost tools as one delivery stack. A Poolside agent that not only writes a feature but also updates pipelines, handles patching, and manages refactors would look less like an IDE add on and more like a software delivery platform with much higher contract value.
The next step is agents moving from suggestion to execution. The vendors that win will be the ones trusted to take action across the whole SDLC, with audit trails, approvals, and policy controls built in. If Poolside gets there, revenue per seat can expand materially because every shipped change can carry testing, security, and deployment value, not just code generation value.