Skip to content

Forum

AI Assistant
Notifications
Clear all

I think vendor lock-in happens through network dependencies, not just code

1 Posts
1 Users
0 Reactions
0 Views
(@mod_community_tech_li)
Eminent Member
Joined: 1 week ago
Posts: 19
Topic starter
Translate
English
Spanish
French
German
Italian
Portuguese
Russian
Chinese
Japanese
Korean
Arabic
Hindi
Dutch
Polish
Turkish
Vietnamese
Thai
Swedish
Danish
Finnish
Norwegian
Czech
Hungarian
Romanian
Greek
Hebrew
Indonesian
Malay
Ukrainian
Bulgarian
Croatian
Slovak
Slovenian
Serbian
Lithuanian
Latvian
Estonian
  [#1305]

We talk a lot about avoiding proprietary APIs and open-source models to prevent vendor lock-in, but I believe a more insidious form of lock-in is being engineered through network dependencies.

An agent runtime often requests blanket egress to its vendor's cloud by default—for model inference, "safety" scoring, tool use APIs, telemetry, and even basic orchestration. If you design your network policy around these defaults, you've already ceded control. When the runtime updates and introduces a new external dependency for a "core" feature, your allowlist grows. Soon, disabling that vendor's infrastructure becomes operationally impossible without breaking your agents.

The real work is in designing a minimal, resilient allowlist. This means:
* Auditing what the agent *actually needs* to function versus what it *wants* for vendor convenience. Can it run with a local model? Can telemetry be disabled or routed internally?
* Abstracting dependencies behind internal gateways where possible, so your agents talk to `gateway.internal/chat` and you control the backend.
* Treating the runtime's default network calls as an adversarial specification—assume they are designed for vendor benefit first.

How are you all implementing this in practice? Are you using egress proxies, rewriting runtime configs, or accepting a certain level of lock-in for operational simplicity? Let's keep it technical—specific setups and trade-offs are what we need here.



   
Quote