Perspectives
Your model is a supplier
Boards manage concentration risk in every material supplier except the most concentrated one in their AI programme, the model. I spent years inside institutions that drilled supplier failure; the hedge here is architectural, and it is cheap only if you adopt it early.
- Published
- 2 July 2026
- Updated
- 3 July 2026
- Read
- 3 min read
Every board knows how to think about a material supplier: what happens if they reprice, degrade, or disappear, and what the switching cost would be. I spent years inside banks and government agencies that ran supplier-failure drills as a matter of routine. Applied to logistics providers, payment processors, and cloud platforms, the discipline is second nature. Applied to the model behind an AI programme, it is strikingly rare, even though that model can be repriced without notice, deprecated on a vendor's schedule, or made unavailable by decisions taken far outside the commercial relationship.
For Australian regulated entities, the question is no longer optional. APRA's CPS 230, in force since July 2025, treats material service providers as regulated dependencies: if agents carry part of your operations, the platform they run on is inside your operational-risk perimeter, and "we assumed the vendor would always be there" is not a resilience plan.
The dependency is deeper than it looks
Model dependency hides because it accumulates through the tooling rather than through a single contract. Prompts get tuned to one model's behaviour. Workflows absorb its formats and quirks. Evaluation baselines, where they exist, are calibrated against its outputs. Eighteen months in, an organisation that believed it bought a subscription discovers it has built an operation on a single supplier, with no documented switching path and no tested fallback.
A cloud wrapper does not resolve this. Running a vendor's model inside a hyperscaler region answers the data-residency question; it does not answer the continuity question, because the model remains one company's product regardless of whose data centre serves it.
The hedge is architectural
The proportionate response is not to run everything on-premises, and it is not to multiply vendors for its own sake. It is to design the deployment so the model is swappable: keep the durable layer (the skills that encode how your organisation works, the access that connects AI to your systems, the memory that carries context) separate from the model that powers it, so the model can change while the work continues.
Two properties make the hedge real rather than theoretical. First, the switching path is documented and tested the way a disaster-recovery plan is tested: swap the model on a non-critical workflow and measure what breaks. Second, critical workflows have a named fallback that can run inside your own perimeter: smaller open-weight models (models you can host on your own infrastructure) are now capable enough to carry essential work in degraded mode, which converts "the supplier vanished" from an operational halt into a capability reduction.
Proportionate, not paranoid
Everyday exposure is low: frontier vendors are well capitalised and commercially motivated to stay. The point is the precedent, not the probability. Concentration risk in a material supplier is managed before it materialises or it is not managed at all, and the cost profile is asymmetric: designed in early, model-agnosticism is a set of architectural habits that cost little; retrofitted after eighteen months of single-model accumulation, it is a programme.
The board question that surfaces all of it: if our primary model were unavailable for a month, which of our AI-carried workflows would still run, and how do we know?
Sources
- APRA, Prudential Standard CPS 230 (Operational Risk Management), in force 1 July 2025: material service provider obligations for APRA-regulated entities.
Related framework
How we structure AI adoption: staged, governed, measuredBook a scoping conversation.
A free working conversation on where you stand, and the first move that fits.