The 8-Figure Open Source SaaS Playbook

Summary of The 8-Figure Open Source SaaS Playbook

by Omer Khan

1h 7mApril 23, 2026
Listen to Episode

Overview of The 8‑Figure Open Source SaaS Playbook

Host Omer Khan interviews Yves Concevoy (founder of Mailgun and Teleport) about building Teleport from an open‑source lead magnet into an eight‑figure ARR SaaS. The conversation covers the origin story (Mailgun → Gravitational → Teleport), how a free product became the core business, GTM and pricing pivots, why open source accelerated trust for a security product, and why unified identity (including AI agents) is now central to infrastructure security.

Key takeaways

  • A lead‑generation free tool can become the primary business if demand and monetization surface organically.
  • Know the buyer as a person — not just “tech companies.” Match your GTM to how that person expects to buy.
  • Open source can be a competitive advantage for security products: it builds trust, community auditing, and faster adoption.
  • Identity fragmentation (humans, machines, workloads, AI agents) is the root cause of many security problems; a single identity layer is increasingly essential.
  • COVID and AI served as accelerants for Teleport—first remote access needs, now containment and policy for AI agents.

The Teleport origin story

  • Yves founded Mailgun (2009), sold to Rackspace (2012).
  • After the sale, Yves worked at Rackspace and scoped problems customers repeatedly faced — portability and deployment across clouds.
  • In 2015 he launched Gravitational (product: Gravity) to package and move full SaaS stacks, with Teleport initially a subcomponent for identity/trust.
  • Teleport was released as permissive open‑source (Apache 2) and used as a lead magnet for Gravity.
  • During COVID, Gravity demand collapsed while Teleport inbound interest surged; Teleport became monetized and eventually the primary product. Company rebranded to Teleport in Nov 2020.

Product and core use cases

  • Teleport is an infrastructure identity platform that creates a single identity layer for:
    • Humans (engineers, admins)
    • Machines (servers, workloads)
    • Clients (laptops, CI)
    • AI agents
    • Environments (prod/staging, compliance domains)
  • Primary use cases:
    • Secure access replacement for legacy privileged access management (SSH/Kubernetes session management, SSO, session recording).
    • Containment and policy enforcement for AI agents running on infrastructure (preventing nondeterministic/unauthorized actions).

GTM, monetization, and buyer insights

  • Initial GTM: content + open‑source product‑led motion targeting engineers/practitioners (inbound from GitHub/blogs).
  • Early monetization started with support/relationship requests. First paid deal for a trivial feature (Yves improvised a $1,000/year price on a call).
  • Learning moment: ask customers to "sell your product back" — it reveals which features they value. Many users only used a fraction of Teleport (e.g., session recording).
  • Realized the true buyer was VP of platform/infrastructure engineering (top‑down), not individual contributors.
  • Repositioned messaging and built a sales motion aimed at VPs, resulting in a substantial increase in average contract value (ACV nearly tripled in a year).
  • Rule of thumb: design your buying experience to match the buyer’s expectation — PLG for practitioners, sales motion for executives.

Open source as strategy and security argument

  • Open source gave Teleport:
    • Faster trust adoption (auditable code, third‑party audits).
    • Community contributions, peer review, and public design documents (collective brainchild).
    • Organic discovery (GitHub → downloads → paid interest).
  • Security position: open code reduces “security by obscurity” risks. If attackers know how it works and still can’t break it, that’s a stronger signal.
  • Monetization from open source tends to be feature/support/SSO for enterprises; some pay for enterprise contracts but keep using OSS builds.

AI, identity, and product implications

  • Yves’s thesis: identity fragmentation is the principal security problem; there should be a unified identity layer encompassing humans, machines, workloads, agents.
  • AI agents increase the attack surface and complexity (agents act nondeterministically, need containment and policy).
  • Practical enforcement (e.g., prevent developers from touching production data) requires reasoning across human roles, workloads, data, and agent identities simultaneously.
  • AI is an accelerant for identity solutions: Teleport’s existing identity model became relevant for agent containment and policy enforcement.
  • Broader view on AI:
    • AI will create more jobs and new product categories; tech industry is well positioned to exploit change.
    • SaaS companies may start offering higher‑level managed services (do it for customers) instead of just tools.

Notable quotes and micro‑stories

  • "Luck is when opportunity meets preparation."
  • First Teleport sale: a cold caller asked how much for one trivial feature; Yves quoted $1,000/year on the spot — the customer paid.
  • "Buyer is a person, not an organization" — define buyer by title, motivations, and buying expectations.
  • "Mimic the buyer's behavior" — align sales motion (PLG vs. sales) to how the buyer prefers to purchase.

Practical advice & lightning‑round highlights

  • Wrong common advice: blindly “hire the best people” — match skill level to actual job needs (avoid expensive over‑hiring for routine work).
  • Skill Yves improved: listening — talk to customers and employees to reduce surprises and inform strategy.
  • Valuable reading: Zero to One (Peter Thiel); Freedom Forge (US industrial mobilization in WWII) — recommended for optimism and understanding scale.
  • Cross‑disciplinary learning: adjacent fields spark breakthroughs (simulated annealing example).
  • Future curiosity/product interest: designing programming languages or instruction languages optimized for AI (beyond English → code translation).

Actionable next steps for founders (based on Yves’s playbook)

  • Talk to customers: ask them to "sell your product back" — capture what they value most and what problems you actually solve.
  • Identify your true buyer persona (title, context, buying expectations). Reorient GTM to match that persona.
  • If using open source for a security product, publish code, design docs, and audits to speed trust adoption — but plan enterprise features (SSO, support) for monetization.
  • Monitor AI use in customers’ infra: evaluate whether additional identity policy/containment features are needed.
  • Be disciplined about customers: keep the ones who align, and have the courage to let go of those who are a poor fit.
  • Design buying paths that remove friction — mimic the way your buyer expects to engage (self‑serve vs. sales‑led).

Quick summary

Yves’s journey shows how a free, open‑source lead magnet can become the core product if you listen, learn who pays, and reorient GTM and product accordingly. Teleport succeeded by focusing on identity (including AI agents), using open source to build trust, and aligning sales motion to the true buyer — lessons that are immediately actionable for SaaS founders.