Let’s be honest with each other for a second.
You’ve done it. I’ve done it. We’ve all done it. A colleague sends over a wall of text — dense, number-heavy, soul-crushing — and instead of actually reading it, you quietly paste it into ChatGPT or Claude, get your answers, and carry on with your day like a perfectly functional professional. No shame. That’s just Tuesday now.
But here’s where it gets interesting. That same AI tool starts to know you. Your history, your patterns, your business context — slowly stitching together a picture of you across every chat. And on the enterprise side, companies rolling out Microsoft 365 Copilot are essentially handing Microsoft a VIP backstage pass to everything happening inside their organisation. How that data feeds back into LLM training? Genuinely unclear. Deliberately so, some might argue.
And it gets worse on the startup side — much worse.
Here’s the standard playbook most AI startups are running right now: want AI features? Sign up for an Anthropic or OpenAI account, grab an API key, connect it to your app, and start shipping. Real customer data, flowing straight through someone else’s infrastructure. Done.
Is it fast? Absolutely. Is it accessible? Very. Does it dramatically lower the barrier to entry? No question. But is anyone — the startup or their end users — entirely sure how that data is being processed or whether it’s being used to train the next version of the model?
Mostly: no.
Now, to be fair, Microsoft, Anthropic, and OpenAI all have policies covering this. Somewhere. Buried in legal documentation that requires both a law degree and a tolerance for suffering to actually locate and interpret. And given that the same AI industry trained its foundational models on basically the entire internet without asking anyone’s permission — well, forgive us for being a little sceptical about how strictly the lines are being drawn.
The honest truth? These companies will do what they want with the data you send them. That’s not cynicism, that’s pattern recognition.
But data privacy — as alarming as it is — isn’t actually the main point here. The bigger, quieter issue is this: infrastructure ownership, long-term operating costs, and the compounding risk of building your entire business on a foundation you don’t control.
As AI becomes a core layer in software products, those questions stop being theoretical very quickly.
Don’t Outsource the Heart of Your Business
Using frontier model APIs for early-stage prototyping makes complete sense. For MVP launches, quick iteration, and proving out a concept — brilliant. No argument there.
The problem begins when companies scale their entire business on top of infrastructure they don’t own, don’t control, and can’t meaningfully influence.
When your application is fully dependent on an external AI provider, you’ve essentially handed over the keys to your own product. How you scale, how you fine-tune, how you adapt to your specific users — all of that is now subject to somebody else’s pricing, somebody else’s uptime, somebody else’s policies, somebody else’s rate limits, and somebody else’s roadmap.
That’s not a dependency. That’s a ticking clock.
And the pricing volatility alone should be enough to make any founder nervous. We’ve gone from “$20 a month gets you enough tokens to nearly build an entire app” to “watch your budget evaporate in real time while the model hallucinates for half an hour and produces confidently wrong nonsense.” The economics of usage-based and subscription AI pricing have been anything but stable — and that instability flows directly into your margins, your pricing model, and your investors’ patience.
Building your core product on top of that is less of a strategy and more of a prayer.
Data Ownership Is Becoming a Very Loud Conversation
Here’s what’s quietly shifting across the industry: the more AI gets embedded into business operations, the more uncomfortable organisations are getting about where their data is actually going.
Every time a customer uploads a document, triggers a workflow, or interacts with an AI feature — that data is moving somewhere. For many companies, that’s an acceptable trade-off. Fine.
But for fintech, healthcare, legal services, insurance, and enterprise software? The calculus changes entirely. We’re talking about privacy regulations, compliance obligations, sensitive IP, and client trust. Sending that data through third-party infrastructure isn’t just a risk — in some jurisdictions, it’s a liability.
This is why more companies are seriously exploring private AI infrastructure, self-hosted models, and hybrid architectures that keep sensitive workloads internal. It’s not paranoia. It’s governance catching up to reality.
And the good news — because there is some — is that this is now more achievable than ever.
Open-Source Models Are Quietly Changing Everything
A few years ago, running capable language models privately required either a large enterprise budget or a very optimistic attitude toward hardware costs. That’s no longer the case.
The open-source model ecosystem has moved fast. Models are getting stronger, inference tooling is maturing, and hardware is becoming genuinely accessible. A small team can spin up a cluster of Mac Minis today and run a credible AI service without touching a single GPU server. That’s a remarkable shift in what’s possible for startups operating on real-world budgets.
Frontier providers still lead in specific high-complexity areas — advanced reasoning, multimodal workflows, large-scale enterprise deployments. That’s real, and it matters for certain use cases.
But for the majority of what most AI products actually do — internal tooling, operational workflows, copilots, support systems, domain-specific features — smaller, specialised open-source models are increasingly more than capable. And the performance gap between proprietary and open models is narrowing faster than most people expected.
The smart play that’s emerging: use open-source models for the bulk of your stack, and reach for expensive frontier APIs only where they create genuinely differentiated value. That hybrid approach keeps your costs manageable, your architecture flexible, and your dependency risk in check.
Long term, the trajectory is fairly clear. Open-source AI is not a compromise. For a growing number of companies, it’s becoming the actual foundation.
The Current Stack Is Not Permanent — Act Accordingly
One of the most expensive assumptions a company can make right now is treating today’s AI landscape as fixed.
It isn’t. The industry is early, the models are improving rapidly, and the balance between proprietary APIs and self-hosted infrastructure is actively shifting. Teams that hard-code their entire architecture around a single external provider are going to find that painful to unwind.
The smarter posture is intentional optionality. Use frontier APIs where they’re clearly worth it. Identify which workloads could realistically shift to open-source models over the next 12 to 18 months. Understand what actually needs to stay fully inside your own infrastructure.
Most startups won’t go fully self-hosted — nor should they. But there’s a lot of strategic territory between “plug everything into an API and ship” and “build your own private data centre.” Most companies should be operating somewhere in that middle ground, and doing so deliberately.
Final Thoughts — Ownership Is the Coming Moat
The default playbook for AI startups right now is speed: find an API, integrate fast, ship, and iterate. That’s what’s driven this entire wave of AI-powered products, and it’s genuinely worked. Credit where it’s due.
But speed without strategy quietly creates fragility. When your core product logic, your data flows, and your competitive differentiation all run on infrastructure you don’t own, you’re one pricing change, one policy update, or one model deprecation away from a very bad quarter.
The teams that win the next phase of AI won’t just be the ones that moved fastest at the start. They’ll be the ones that built with control and optionality in mind from early on — knowing what to outsource, what to internalise, and why.
Because here’s what’s becoming increasingly clear: in a world where everyone has access to the same frontier models, distribution alone won’t be enough.
Ownership of your intelligence layer will be the real moat.