When a firm adopts one of the managed AI services now being sold to enterprises, it feels like buying a tool. It is not. It is enrolling a process — research, drafting, analysis, correspondence — into a permanent dependency on infrastructure the firm does not own and cannot see into.
The pitch is honest about the convenience and silent about the consequence. The service is genuinely useful. The pricing is genuinely reasonable. And underneath the reasonable pricing is the most effective lock-in instrument the software industry has built in a generation.
What "managed" actually means
Strip the language and the architecture is plain. The work runs on the vendor's servers. The sessions persist in the vendor's format. The credentials live in the vendor's vault. The retention period is set by the vendor's policy, in a jurisdiction the vendor chose. You define what the system does. They own every layer underneath it.
That word — managed — is precise, not incidental. Managed means someone else manages it for you. It is the entire value proposition, and it is the entire problem: anything managed by a third party is, by definition, not yours.
The exit cost is the real price
The monthly fee is the number you can see. The number that matters is the one no invoice shows you: what it would take to leave. Once your processes run in someone else's format, on someone else's infrastructure, departure stops being a decision and becomes a migration project — the kind a busy firm postpones indefinitely.
The vendors know this. Their own enterprise deployment guidance concedes it in the quiet language of footnotes: once your work runs on a provider's session format and container specifications, switching providers is not trivial. The lock-in is not a side effect. It is the asset on their balance sheet.
Why this is sharper for you
For an ordinary business, all of this is an inconvenience to be weighed against the speed. For a practice in law, wealth, medicine, or any regulated profession, it is something else. The same enterprise guidance that admits the lock-in also flags that execution on a provider's infrastructure is worth explicit attention for regulated sectors — a careful way of saying that your client's most protected material is now sitting where you cannot govern it.
You are the regulated sector. The footnote was written about you.
Owned has no exit cost
A private system, built once and installed on hardware you own, has no lock-in — because there is nothing to leave. No session format you do not control. No retention policy you did not set. No vendor whose terms can change under you next quarter. The capability is the same. The dependency is gone.
The cost is paid once, and what you receive is not access. It is the asset itself.
A system you cannot leave was never yours. It was only ever lent to you — with your clients' data as the collateral.
The firms that will look prescient in five years are not the ones that refused this technology. They are the ones who insisted on owning it. The convenience is real, and so is the bill that arrives the day you decide you want out.
You do not own what you can only rent — and you cannot protect what you do not own.
The second in a series on what private infrastructure changes for organizations that cannot afford to be seen.
ximetix.com All Intelligence A Private Conversation