Last quarter, the CEO of a $400K-ARR financial services company told his CX leader something blunt. His board had been pressuring him to switch to Decagon or Sierra. Bigger brands, bigger funding rounds, the logic that "nobody gets fired for buying IBM."

He flew his team out to spend a day with the incumbent vendor instead. After 90 minutes of live product testing, he turned to his exec sponsor and said: "Now I have an answer for the board about why we should not switch."

That story is not unusual. We hear versions of it regularly from CX leaders at regulated companies who evaluated Decagon and found a gap between the pitch and what their business actually needs.

This is not a hit piece. Decagon is a well-funded company with legitimate enterprise customers. But there is a structural mismatch between what Decagon sells and what complex CX organizations require.

The logo wall

Visit decagon.ai and the first thing you see is logos: Duolingo, Chime, Notion, Rippling, Substack, Eventbrite.

It is an impressive collection and it does exactly what it is supposed to do: signal credibility through association.

The logos carry the page because the copy does not. Run Decagon's messaging through any structured analysis and a pattern emerges. The language is almost entirely about resolution rates and automation percentages.

Chime achieved 70% AI resolution. Rippling saw 32% ticket deflection. These are real numbers from real companies.

But notice what is absent. There is no language about compliance. No mention of regulatory frameworks.

No proof points from healthcare, insurance, or financial services companies operating under HIPAA, PCI-DSS, SOX, or state-level consumer protection mandates. The social proof is strong. The substance beneath it is narrow.

Where it works

Decagon built a good product for a specific segment. SaaS companies with high ticket volume, relatively standardized queries, and technically sophisticated teams get real value.

Their Agent Operating Procedures (AOPs) let you define workflows in natural language. Their integrations with tools like Zendesk and Intercom are functional. For a Series B SaaS company handling password resets, billing questions, and feature requests, Decagon can automate a meaningful percentage of volume.

Their $250M Series D at a $4.5B valuation in early 2026 reflects genuine market traction. They have reportedly crossed 100 enterprise customers and added Deutsche Telekom, Avis, and Block to their roster. That is real momentum.

The question is not whether Decagon works. It does, for the segment it was built for. The question is what happens when a company's CX needs grow beyond that segment.

The compliance gap

Pull up Decagon's website and search for "compliance." Search for "regulated." Search for "audit trail" or "guardrails" or "HIPAA" or "PCI." The results are thin to nonexistent.

This is not an oversight. It reflects a product architecture decision.

Decagon was built for tech-forward consumer companies where the cost of a wrong AI response is a frustrated user, not a regulatory fine. When your biggest customers are Duolingo and Notion, compliance infrastructure is not your first priority.

But for a healthcare company where an AI agent's response about medication could trigger an FDA review, or a financial services firm where an incorrect statement about account terms violates TILA, the absence of compliance tooling is not a nice-to-have gap. It is a disqualifier.

Fenergo reported that regulatory fines in the first half of 2025 totaled $1.23 billion, a 417% increase over the prior year. The cost of getting AI-assisted customer interactions wrong in regulated environments is not a bad CSAT score. It is an enforcement action.

In our experience working with regulated companies, the compliance requirement breaks down into three specific capabilities that most AI CX platforms lack.

Guardrails that are both built-in and customizable. Generic safety filters are not enough. A health insurance company needs guardrails that prevent the AI from making coverage determinations.

A fintech needs guardrails that flag when a conversation approaches credit decision territory. These rules vary by jurisdiction, by product line, and sometimes by individual customer segment.

Full audit trails with explainable reasoning. Regulators do not accept "the AI decided" as an explanation. Every response needs to be traceable to the knowledge, policy, and logic that produced it.

Multiple reviews of Decagon cite a "black box" problem: you cannot always see why the AI did what it did. That makes it difficult to review conversations, adjust behavior, or investigate when something goes wrong.

Deterministic behavior in high-stakes moments. There are interactions where probabilistic AI output is unacceptable. When a customer asks about their insurance coverage limits or their loan terms, the answer must be precisely correct.

This requires the ability to enforce deterministic business logic alongside LLM-powered conversation. Not one or the other.

The rigidity problem

Decagon's Agent Operating Procedures are marketed as natural-language workflow configuration for non-technical teams. In practice, users report a different experience.

Implementation demands Agent Engineers and weeks of setup. Getting even basic tasks configured requires engineering support.

One G2 reviewer noted that compared to platforms that let non-technical users adjust workflows, tone, or logic, Decagon "can feel rigid once deployed, which becomes a problem when you need to adapt quickly to new products, policies, or edge cases." For companies in regulated industries where policies change with every regulatory update, quarterly product launch, or jurisdiction expansion, this rigidity compounds.

A CX leader we spoke with during a competitive evaluation put it directly: Decagon's product walkthrough felt accessible for less technical audiences, but the underlying system required more Python knowledge than expected. The pitch is low-code. The reality is not.

This creates a dependency loop. Your CX team identifies a policy change that requires updating the AI agent's behavior. They cannot do it themselves.

They file a ticket with your engineering team or with Decagon's professional services. Days pass. Meanwhile, the agent is giving outdated responses to real customers.

In regulated environments, those outdated responses can create liability.

The pricing question

Decagon does not publish pricing. Based on marketplace data and reports from prospects we have spoken with, median annual contracts sit around $400,000, with a $50,000 minimum threshold below which Decagon's sales team will not engage.

For companies with massive ticket volume and straightforward use cases, this pricing can pencil out on a per-resolution basis. But the total cost of ownership extends well beyond the contract. Factor in the engineering resources required for implementation, the ongoing need for technical staff to maintain and update workflows, and the professional services costs for any non-trivial configuration change.

One prospect told our sales team that Decagon informed them their deal was "too small to take on." That is a legitimate business decision for Decagon, but it reveals who the product is built for and who it is not. If your annual CX automation budget is under $200K, you are likely not their target customer.

The cloud-only constraint

Decagon operates exclusively as a cloud-hosted platform. For many SaaS companies, this is fine. For enterprises in regulated industries, it can be a hard stop.

Healthcare organizations subject to HIPAA, financial institutions with data residency requirements, and government-adjacent entities with FedRAMP considerations often need deployment flexibility: the ability to run within their own infrastructure or within specific geographic boundaries. Decagon's architecture does not accommodate this.

Rasa, one of Decagon's competitors, has built its positioning explicitly around this gap, offering self-hosted deployment with deterministic business logic for regulated industries. The fact that an entire category of competitors exists specifically to address Decagon's deployment model limitation tells you something about the size of the gap.

The concierge question

In March 2026, Decagon launched what they called "proactive agents" with customer memory. This followed Sierra launching similar capabilities the previous year. Both announcements validated a category that had already been in production elsewhere: AI agents that do not just answer questions but proactively engage with customers based on context, history, and behavioral signals.

The timing is notable because it highlights a pattern. Decagon's product development appears to follow market leaders rather than lead.

Their recent blog post arguing that "MCP is not enough and tools need guardrails" arrived months after other vendors shipped guardrails into general availability. Their "Duet" product launched after competitors had already deployed similar capabilities.

Following fast is a viable strategy. But for CX leaders evaluating vendors today, it means Decagon's roadmap is reactive. You are buying a product that will eventually ship what competitors already have, not a product that is defining where the category goes next.

Who actually switches

We have seen three patterns among companies that evaluate or leave Decagon.

Pattern 1: The regulated company that never should have been there. A fintech or health tech company signs with Decagon based on the logo wall and the resolution rate promise.

Six months in, they discover the compliance tooling does not exist and their legal team starts flagging AI responses that create liability. The switching cost is real, but the regulatory risk of staying is higher.

Pattern 2: The company that outgrows the product. A SaaS company starts with Decagon for basic ticket deflection and it works well.

As they expand into more complex use cases, they hit the ceiling of what the platform can do without heavy engineering investment. The total cost of ownership quietly exceeds what they budgeted.

Pattern 3: The company that never gets started. A prospect evaluates Decagon and finds the minimum contract threshold, the engineering requirements, or the lack of compliance infrastructure is a blocker before they ever sign. These companies are the largest segment and the hardest to see because they never become Decagon customers in the first place.

Evaluation questions

If you are evaluating Decagon or any AI CX platform for a complex or regulated environment, these questions will surface the gaps fastest.

Ask them to show you their guardrails configuration. Not the concept. The actual interface where your CX team would set compliance rules without engineering support.

Ask how quickly a policy change can be reflected in live agent behavior.

Ask them to trace a single AI response back to its source. Pick a complex customer interaction from your own data and ask the vendor to show you exactly which knowledge, policy, and logic produced the response. If the answer involves the phrase "we are working on that," you have your answer.

Ask them about deployment options for your regulatory environment. If you have data residency requirements, ask specifically how they are met. "Our cloud is SOC 2 compliant" is not the same as "we can deploy within your infrastructure."

Ask them who on your team will own day-to-day agent management. If the answer requires dedicated engineering headcount, factor that into your total cost of ownership and compare it against platforms where CX teams manage the agent directly.

Where Lorikeet fits

Lorikeet was built specifically for the companies that outgrow platforms like Decagon. We work with financial services companies, healthcare organizations, and insurance providers where every AI interaction happens inside compliance boundaries.

Our guardrails are both built-in and fully customizable. Your CX team can configure compliance rules, jurisdiction-specific policies, and brand guidelines without writing code and without filing an engineering ticket.

Changes go live immediately. Our AI agent's reasoning is fully auditable: every response traces back to the specific knowledge, policy, and guardrail that produced it.

We deploy across chat, email, and voice with sub-second latency. We resolve tickets end-to-end, not just deflect them. And we do it at a price point that does not require a $400K annual commitment to get started.

The companies that choose us over Decagon do so because they need AI that works within the constraints of their industry, not AI that was built for a different industry and retrofitted with a compliance checkbox. That is a structural difference, not a feature comparison.

Talk to Lorikeet about AI customer support built for regulated industries.