You Don't Have a Moat Yet

A health-tech founder reached out a few weeks ago. She and her co-founder are building something genuinely interesting - a product with real clinical potential - and they're raising a seed round. She wanted to explore working together, so I did what I always do: read through their current investment materials before we talked.
The deck had a lot going for it. The problem was well-defined, the team was credible, there was good early signal from pilot users. But there was a slide titled "Our Moat" that listed data and regulatory as strong, defensible advantages.
They have fewer than a hundred users. The regulatory pathway they're pursuing is long, expensive, and far from certain. Neither of these is a moat yet. They're ambitions - good ones - but presenting them as established advantages doesn't land the way founders expect it to. When I've sat on the other side of that table evaluating pitches, a slide like that raises questions about how clearly the founders see where they actually are.
I told her directly: this slide would work against you. Not because investors don't care about moats - because they can tell when founders are claiming something they haven't built.
The wrong slide and the right conversation
I've seen this pattern often - when we were evaluating startups for our pet-tech CVC fund, and now in my advisory work. Founders pick up language from discussions about established companies and apply it to their seed-stage deck. They put "network effects" on a slide when they have one side of a marketplace. They claim a data moat with fifty users.
The conversation investors actually want to have is more interesting and more honest. They don't expect you to have moats at seed. What they want to understand is which moats your company is designed to build, and whether the decisions you're making now are creating the conditions for them.
There's a real difference between "we have a data moat" and "every interaction on our platform generates proprietary data that compounds into advantages over time - here's how that works." The first is a claim. The second is a trajectory. Investors fund trajectories.
A useful way to think about it
There are several frameworks for evaluating defensibility. Investor Gokul Rajaram - founding partner at Marathon, who spent years as an operator at Google, Square, and DoorDash - laid out what he calls "eight moats" for evaluating software companies on Harry Stebbings' podcast. Briefly: proprietary data that gives your product an edge competitors can't replicate; workflow embedding that makes your software mission-critical to daily operations; regulatory barriers like licenses or compliance requirements that limit who can play; distribution advantages that control how customers find and access software; ecosystems where third-party developers build on top of your platform; network effects where each user makes the product more valuable for others; physical infrastructure like deployed hardware or data centers that create switching costs; and scale across geography, expertise, or customer base that newcomers can't easily replicate. His argument is that you score a company across all eight, and anything four or more is durable. Below that, you're vulnerable.
It's a useful lens. But it's designed for evaluating established companies. If you scored most seed-stage startups against these eight moats, they'd come back with a zero. Maybe a one. That's not a failure - it's just where early-stage companies are. Moats are what you have after years of compounding decisions. The question for founders raising a seed round isn't "which moats do I have?" It's "which moats am I building toward, and what am I doing about it right now?"
Where early-stage founders actually have leverage
Some moats are accessible from day one as design decisions. Others require scale you don't have yet. Being honest about that distinction is itself a signal of strategic maturity.
Workflow depth is probably the most accessible early-stage moat, and it's the one I push hardest on with founders I advise. If your product becomes the way a team actually operates - not a tool they use occasionally, but the system their daily work runs through - switching costs build naturally. This isn't something you add later. It's an architectural choice you make early: are you building a feature, or are you building a process?
One founder I've been working with - a B2B SaaS company - had this realization when we discussed the product. He'd been thinking about his product as a better version of what already existed. When we mapped out the users’ actual workflow, he saw that his onboarding process was already creating a dependency without him planning it. The users who stayed weren't staying because the features were better. They were staying because their daily process had reshaped itself around the product. That's not a moat yet - but it's the seed of one, and now he's designing for it deliberately rather than accidentally.
Data architecture works similarly, but with a longer horizon. You don't have a data moat at seed - you don't have enough data. But whether you're capturing the right signals is a choice you're making right now. Spotify didn't have a data moat at launch. They had an architecture that captured listening behavior, context, and patterns in ways that would compound as usage grew. The moat came years later. The architecture was there from the start. The question for founders: Are you just shipping features, or building something that gets smarter with every interaction?
Ecosystem effects, network effects, regulatory positioning - these are real, but most of them don't deliver meaningful value at seed. If your business depends on network effects, the honest pitch is: here's how we grow before the network kicks in, and here's the mechanism by which it becomes self-reinforcing at scale. If regulatory barriers are part of your long-term plan, say so - but don't present them as things you've already achieved. That's what my health-tech founder was doing, and it was undermining an otherwise strong pitch.
Building the defensibility roadmap
What investors are looking for at seed isn't a moat. It's a defensibility roadmap - a credible story about how your current decisions create conditions for future moats, and how those moats will reinforce each other over time.
When I work with founders on this, the question that matters most is concrete: what are you building this quarter that will matter for defensibility two years from now? Not just strategy - specific product decisions, data architecture choices, integration priorities.
In practice, a strong defensibility roadmap does three things. First, it names which moats you're building toward - usually one or two, not five - and why those are the right ones for how your business actually works. Second, it maps the decisions you're making right now to those future moats with enough detail that an investor can tell whether you're actually thinking about it or just hoping it happens. "We're designing our onboarding to capture workflow patterns" is specific. "We'll build a data moat over time" is hope. Third, it's honest about what you don't have yet and what the risks are. Founders who acknowledge that their regulatory moat is eighteen months and two approvals away are more credible than founders who present it as a current advantage.
A vague defensibility roadmap lists aspirations. A credible one shows how it happens. The difference matters because investors have seen hundreds of "Our Moat" slides, and they can tell which ones come from real thinking and which ones are borrowed vocabulary.
The defensibility roadmap isn't a vision slide. It's a clear line from what you're doing today to what becomes hard to replicate tomorrow.
What I told her
Back to the health-tech founder. We rebuilt the story her deck was telling.
The data moat claim became a map of how their product architecture captures clinical data that competitors can't generate without being embedded in the same workflows - acknowledging that this is early. The regulatory moat claim became a timeline showing how each milestone strengthens their position - with the risks included, not hidden.
Same ambitions. Very different framing. An "Our Moat" slide invites skepticism. A "Defensibility Roadmap" slide invites a strategic conversation. That's a better place to be when you're asking someone for money.
Most of the time, when it feels premature to think about defensibility, that's exactly when the decisions that shape it are being made. The frameworks give you vocabulary. But it's the choices you make this month - about architecture, about data, about how deeply you embed in your customers' work - that determine whether you're building something a competitor can shortcut or something they can't.
I help founders navigate strategy and funding decisions when the path isn't clear. If you're there, let's talk.
If this was useful, I write one of these most weeks.
Subscribe on LinkedIn