🤖 It's Time to Talk to Your CEO About Open Source* AI

Open-source AI will become the default for building custom or regulated AI products. They don’t leak data, or IP, and they’re at worst, 6 months behind the frontier, and at least 8x cheaper 

The problem is that open source AI isn’t packaged for enterprises. 

And until it is, regulated companies are stuck choosing between three imperfect options: paying a fortune for a lab partnership, trusting third-party vendors who may or may not have read their own terms of service, or building directly with APIs that leak data to infrastructure they don’t control.

There’s a fourth option forming. Open source. Self-hosted. Sovereign.

And it starts with OpenClaw. 

* These models are technically open weight, not source.

Airbnb runs production AI workloads on Alibaba's Qwen. CEO Brian Chesky called it "very good, fast and cheap" — while admitting his friend Sam Altman's ChatGPT wasn't ready for their needs. Chamath Palihapitiya moved Social Capital from Amazon Bedrock to Kimi K2. Better performance. Lower cost. 8090, one of the top 20 token consumers globally, is going on-prem with open-source models.

While I was writing this piece, Alibaba launched Qwen 3.5. Open-weight. Self-hostable. Trades blows with Claude Opus 4.5 and GPT-5.2 on reasoning benchmarks.

The small models in the series run on a phone. In airplane mode.

These are sophisticated tech companies running the numbers and making a deliberate switch. The gap between open-source and frontier models is closing so fast that paying 8x more for a marginal quality difference — while sending your proprietary data off-premise — stopped making sense.

That calculation will hit all industries. It's a question of when, not if.

And when it does, we have a problem. Because there's no Red Hat for AI.

If you’ve been in enterprise tech for more than a decade, you’ve seen this movie before.

In the 1990s, Linux was free, open, and technically superior to most commercial alternatives. But Fortune 500 companies wouldn’t touch it. No support contracts. No compliance certifications. No one to call when the server went down on a Friday night.

Most enterprises did what felt safe: they bought Microsoft. Windows Server. SQL Server. The whole stack. Expensive, locked-in, but someone picked up the phone when it broke.

Then Red Hat came along and said: We’ll take this free, open thing and make it enterprise-ready. Support contracts. Security hardening. Compliance certifications. Long-term stability guarantees. The “someone to call at 3am” infrastructure that let CTOs sleep at night.

IBM bought Red Hat for $34 billion. That’s the value of packaging.

We’re at the same inflection point with AI. Open-source models are the new Linux. The frontier labs — OpenAI, Anthropic, Google — are the new Microsoft. And there’s no Red Hat.

A bank’s CISO will never approve deploying Kimi K2.5 from an OpenRouter API key. But through a vendor providing hardened containers, SOC 2 certification, EU-only hosting, model provenance documentation, ongoing security patching, and an SLA?

Well that’s a lot more interesting.

Open weight means the model gets tested by a global community of researchers and engineers. It can be hosted anywhere. You can inspect what it does. For regulated industries, those are exactly the properties you want — if someone packages them properly.

The company that builds the Red Hat for open-source AI in financial services is sitting on a multi-billion-dollar opportunity. The demand exists. The supply side is a fragmented mess of GitHub repos and “works on my machine” deployment guides.

The economics of the AI labs are about to hit a wall.

All of the money in the world has gone into AI.

The gulf states are running low on dry powder. SoftBank is stretched. Big tech is slowing investment — Microsoft is pulling back on data center spend. Private credit is out of bullets. (See: Blackrock pausing redemptions on its flagship fund.)

The funding machine that let labs sell $150/month subscriptions while consuming $2,000 of inference per user is running on borrowed time. And the pressure comes from four directions at once:

Meanwhile, Kimi K2.5 outperforms Claude Sonnet 4.5 on the Artificial Analysis Intelligence Index at roughly one-eighth the cost. Qwen 3.5 matches the frontier labs on reasoning benchmarks and you can run the small models on a laptop with no internet connection. Mac Studios are on six-week wait lists.]

The capability gap is closing. The pricing gap is about to widen. Open source doesn't just win on sovereignty — it wins on economics. And the economics are about to get very loud.

Right now, companies are adopting AI through three routes. Each has a cost, and none of them are clean.

Route 1: The Microsoft Route — sign with a lab.

Examples:

These institutions have the budget, the legal teams, and the data governance frameworks to sign nine-figure contracts with the labs. But notice the names missing. There’s no GSIB bank rebuilding its underwriting model with those labs. The really sensitive stuff stays in-house.

In time, most large enterprises will go this route and pick a dance partner. This is the Microsoft Windows Server approach. It works. But it’s expensive. And it creates dependency.

Route 2: The Vendor Route — buy AI tools off the shelf.

A huge number of companies bought an “AI for compliance” tool, or an “AI customer support agent,” or some vertical SaaS product that added a chatbot last year. Behind the curtain? API calls to one of the big labs.

This pushes the third-party risk management (TPRM) boundary further than most compliance teams realize. It’s still easier to buy a new AI agent than it is to verify which APIs and vendors it uses. These companies may or may not have opted out of training data. Their vendor may or may not have an enterprise agreement. 

At the scale of adoption, I often wonder who has read the terms closely enough.

Route 3: The DIY Route — build it with the APIs.

Companies like Ramp, Robinhood, and countless others are building AI into their products. It’s becoming a default operating model to give everyone in the company access to tools like Claude Code. Often they’re using the labs’ APIs for both internal tooling and the products that serve customers.

Every customer query, every document extraction, every risk assessment hits the API. At scale, the costs compound. And the data is flowing to infrastructure they don’t control.

So your three trade-offs:

Open source fixes that. But it creates a different problem. You have to run your own hardware, manage your own security, be your own infrastructure.

Which brings us back to Red Hat. Someone needs to package open source for regulated industries. Until they do, the gap stays open.

Running your own AI is a bit like the early days of crypto self-custody. Complex, fiddly, and risky.

Being your own bank means dealing with your own bank robbers. We’ve already seen kidnappings and extortion targeting crypto self-custody wallets. Now imagine a single AI agent with access to all of your company’s data, files, and accounts.

Oof.

Open source AI is in its very early days. OpenClaw — probably the front-runner to be the first “Linux distro for AI” — has already sold to OpenAI and shown some gnarly security issues in its marketplace for AI agent skills:

That’s 2017 crypto wallet security compressed into three weeks.

But the maturation followed just as fast.

These are the distros forming. The early Ubuntu and Fedora equivalents — packaging raw capability into something you can actually govern.

Think about where this goes. Your personal AI agent — the one booking your flights, managing your calendar, triaging your inbox — will run on something like this. A sandboxed environment, on your device, with its own identity and permissions, pulling from open-source models you chose. 

Now scale that to enterprise. 

Your company's compliance agent. Your document extraction pipeline. Your customer-facing risk engine. Each one running on hardened open-source infrastructure, orchestrated by a platform that handles the security, the governance, and the model management. 

Banks with world-class security teams can layer AI agents into their existing hardened infrastructure. They’ve been managing key custody and adversarial security models for years. Powerful AI, institutionally secured, because your team built the walls.

The attack surface is real. But so is the playbook for managing it.

What if running your own data center and being anally retentive about security was a feature, not a bug, all along?

Dependency on infrastructure you can’t audit, can’t migrate away from, and can’t control. 

This is something that regulated industries care about the most. It’s already showing up:

Open weight models and self-hosting give you operational sovereignty. You control the infrastructure. You control the data flows. You can demonstrate to your regulator exactly what happens, where, and why.

The trade-off is that you’re now responsible for the security, the uptime, and the model governance yourself. 

That’s not cheap or easy.

The companies that are paralysed right now — writing risk frameworks about risk frameworks, waiting for regulatory clarity that won't come for years — are making the most dangerous bet available. 

The bet that their competitors won't figure it out either.

Some of those competitors are running open-source models on their own infrastructure at a fraction of the cost. Some have one engineer who set up Claude Code over Christmas and is now shipping at triple the pace of the rest of the team.

Exponentials kick your ass precisely because they look linear until they don't.

Here's the pattern:

We're at step 2.

The supply side is a fragmented mess of GitHub repos and "works on my machine" deployment guides.

OpenClaw is Linux. We don't know who Red Hat is yet

Someone's going to build the Red Hat for AI. 

The only question is whether your company is ready for the conversation.

So go have it.

ST.