What happened
Organisations, particularly smaller entities and governments, are increasingly adopting open-source AI technologies, with a majority planning increased usage. This shift, driven by cost savings, accelerated innovation, and standard-shaping capabilities, expands AI deployment in sectors like manufacturing and healthcare. It facilitates rapid prototyping, cost optimisation, and broader developer community access, fostering regionally appropriate models and challenging the perceived unassailable competitive advantages of proprietary frontier model creators. Many companies are now implementing hybrid open-source and proprietary AI systems, despite acknowledged security risks.
Why it matters
The increased adoption of open-source AI, particularly within hybrid systems, introduces an operational constraint by raising due diligence requirements for IT security and procurement teams regarding software supply chain integrity and vulnerability management. This shift creates a visibility gap concerning the provenance and ongoing security posture of integrated open-source components, increasing exposure to unmanaged security risks. Compliance teams face an oversight burden in ensuring that diverse open-source models adhere to internal governance and regulatory standards, given the decentralised development and varied licensing terms.
