IBM explained why AI governance protects business margins and reduces vendor dependence

IBM believes that for business, the main risk of AI is no longer in the capabilities of individual models, but in how they are embedded in corporate infrastructure. When AI becomes a foundational layer for development, security, and automation, companies need not only model power, but also a strict system of governance, control, and audit.

AI as Infrastructure

IBM proposes viewing AI development the same way business once viewed other corporate software: first as a separate product, then as a platform, and finally as infrastructure. According to Rob Thomas, IBM's Senior Vice President and Chief Commercial Officer, in the early stages, closed model development can be convenient: it allows for faster product updates, stronger control over user experience, and retention of value within a single vendor. But when technology becomes the foundation for other systems, the rules change.

Currently, by IBM's assessment, AI is moving into this phase. Models are already involved in network protection, code writing, automated decision-making, and business processes. Therefore, the question shifts from "what can the model do" to "how is it structured, who controls it, and can it be audited."

The article cites as an example Anthropic's recent Claude Mythos preview release and the launch of Project Glasswing: if autonomous models can find and exploit vulnerabilities almost at the level of top specialists, for corporate IT this is no longer a laboratory experiment, but an infrastructure risk.

Where Margins Are Lost

IBM directly links AI governance to profit protection. The problem with closed models is not just philosophical, but operational in practice. When a proprietary model needs to be connected to a corporate vector database, internal data lake, or RAG pipeline, teams often lack the visibility to understand exactly where the failure occurred — in data extraction, in orchestration, or in the base model weights. As a result, integration timelines grow, support costs increase, and expensive workarounds multiply.

• Constant API calls to closed models inflate computational costs
• Lack of transparency makes it difficult to accurately plan infrastructure and pushes companies to overpay for capacity reserves
• Linking legacy systems with strictly limited cloud models adds delays to daily processes
• Data protection requirements force teams to constantly sanitize and anonymize information before sending it externally
• Concentration of knowledge about the model with a few vendors increases operational risk

A separate layer of problems is security. If autonomous models are capable of writing exploits and impacting the security environment, it is dangerous for businesses to depend on a few vendors who are the only ones truly understanding the internal structure of these systems. In such a scheme, a company buys not just a service, but another party's opacity. And over time, that opacity begins to erode the very margin that made implementing AI worthwhile in the first place.

Why Openness Is Needed

IBM's position is that open source doesn't eliminate risk, but changes how it is managed. An open foundation allows researchers, developers, and security experts to study the architecture, identify weaknesses, verify core assumptions, and strengthen the system under real-world conditions. For infrastructure technologies, visibility is not a bonus, but a prerequisite for resilience. The more a company relies on AI, the more important the ability to independently inspect the model and the entire ecosystem around it.

IBM also disputes the widespread claim that open technologies inevitably devalue innovation. In practice, commercial value simply shifts higher in the stack: to integration, orchestration, reliability, trust mechanisms, and industry expertise. This is precisely why major players are increasingly betting on tools that allow them to switch models for specific workloads, rather than tying the entire architecture to a single closed provider. This approach reduces vendor lock-in and helps deploy expensive resources only where they are truly needed.

What This Means

For corporate AI governance, according to IBM, this is not bureaucracy, but a way to protect the economics of implementation. The winners will not be companies with access to the largest closed model, but those who know how to transparently manage models, data, security, and costs at the level of the entire architecture.