Recently PwC announced it will train and certify 30,000 staff on Anthropic’s Claude and build an Office of the CFO business around it for banking, insurance, and healthcare clients. Anthropic also recently committed $100 million to a partner network. Not to be outdone, OpenAI stood up the OpenAI Deployment Company, aka “DeployCo”, a new company backed by more than $4 billion in initial investment that sends forward-deployed engineers on-site to embed GPT models into customer workflows.
For companies that supposedly sell tokens by the million, investing in low-scale, low-margin professional services could seem like a curious way to spend money. But it’s not curious at all. It’s the tell.
Even as models get easier to swap, the work that surrounds them is not. Developers already move among Claude Code, Codex, Gemini, and local models with less ceremony than vendors would like. At the API layer, substitution is getting easier, too. Not effortless or free, but easier than replacing the workflow machinery around the model.
That is the part enterprise buyers may be underestimating. Yes, open standards, better APIs, and improving model parity are weakening one form of lock-in, but they are strengthening another. The model call is getting easier to replace; the surrounding workflow, governance, and operating model are not.
Lock-in didn’t disappear. It moved
Greyhound Research’s Sanchit Vir Gogia puts it this way, “Lock-in is not going away. It is relocating. At the model level, substitution is becoming easier.” He continues, “At the orchestration level, however, substitution remains difficult. Once your workflows, controls, identity layers, and governance structures are built around a particular system, changing that system is not a small task.”
That diagnosis reveals the clearest clue as to why vendors are pouring billions into workflow integration: New AI tech isn’t fitting seamlessly enough with old enterprise workflows. People can fix that.
Remember MIT’s NANDA initiative report, which suggested that 95% of enterprise generative AI pilots fail to deliver measurable business impact? The number has been contested on methodology, but even the more optimistic counter-readings put the gap between AI investment and AI value capture in painful territory. Most failures aren’t about model capability, but rather operational fit. The tools don’t learn the workflow, don’t sit inside the approval path, and don’t carry the right permissions.
In other words, they don’t survive contact with how people actually work.
That number is the entire reason DeployCo exists. OpenAI didn’t decide to copy Palantir’s playbook because it ran out of ideas. It copied it because the company finally understood what enterprises had been trying to tell it through three years of stalled pilots. Customers weren’t asking for a smarter model; instead, they wanted someone (a real, live human being!) to show up on-site and do the boring, expensive, hard-to-replace work of wiring the model into the way work actually gets done.
In that perspective, the relocation isn’t really a relocation. The lock-in was always one (or two) levels up. Model hype just hid it.
Model Context Protocol wasn’t enough
This is where Model Context Protocol enters the picture. MCP is genuinely useful, and it does what it advertises: It collapses the cost of connecting models to tools and data sources. If you’ve ever maintained a half-dozen bespoke connectors to ServiceNow, Salesforce, or Jira, MCP is a gift.
But as I argued back in April, a protocol isn’t a platform. MCP can help an agent talk to a tool, but it can’t, by itself, tell an enterprise who approved that agent, what data it can touch, how its actions are logged, or how to shut it down safely when the human who launched it has left the company. It also doesn’t tell you how a wealth manager’s compliance review actually runs, or how an underwriter thinks about a borderline case, or what “done” looks like for a finance team’s month-end close. That work is irreducibly local. It belongs to whoever is willing to spend the time to learn it.
It belongs to humans.
In a similar manner, Kubernetes didn’t eliminate cloud lock-in either. It standardized enough of the container layer that the next fight moved a layer up to managed services, identity, networking, observability, and data gravity. MCP is doing a similar thing for AI agents by making one floor of the building portable while leaving the harder enterprise problems one layer up. MCP lowers the cost of integration, but it doesn’t eliminate the cost of making AI operationally trustworthy.
Where lock-in actually happens
I’ve emphasized before that the strategic question in agentic AI is who owns the control plane. Whoever owns the control plane will have the strongest claims to the customer. Three different battlegrounds are emerging.
- The orchestration layer. Frameworks like LangGraph aren’t lock-in traps; they’re useful tools doing useful work. But orchestration accumulates stickiness whether anyone planned for it or not. LangChain counts Klarna, Replit, Elastic, and Ally among LangGraph’s production users. If these and other customers have spent a year orchestrating agent behavior, evals, recovery logic, and observability traces inside one orchestration framework, they are not going to rip it out because a competitor releases a faster/cheaper/whatever model. The model is easily swappable. The orchestration on top of it isn’t.
- Vendor-controlled workflow surfaces. This is what Anthropic is really building with Claude Cowork. The February 2026 expansion shipped private plug-in marketplaces, per-user provisioning, and prebuilt agents for HR, finance, investment banking, and design. Nobody running enterprise IT wants 400 random agents bolted onto contract systems, HR data, and customer records. Hence, the administrative surface around the agents, not the agents themselves, becomes the product.
- The services layer. I started this article discussing services, and that is where the irony runs deepest. The clearest sign that AI value is moving into implementation isn’t a market-size estimate: It’s that OpenAI, Anthropic, PwC, Accenture, and Deloitte are all training armies of people to do the same unglamorous work of mapping workflows, wiring systems together, and redesigning processes. PwC and Anthropic claim their joint work has moved cybersecurity incident response from hours to minutes and underwriting cycles from 10 weeks to 10 days. It’s impressive, but those gains aren’t from the model. They instead stem from tens of thousands of trained consultants who know how to redesign the surrounding process. An AI vendor that wants to change all the workflows those consultants have implemented will have to retrain them all. Good luck with that.
What this means for buyers
If you’re running enterprise IT, the implication is somewhat liberating, as it means you can stop fixating on this or that point solution, and instead focus one or two layers up. The strategic decisions are these:
- Which orchestration framework will you commit code to?
- Which workflow surface will your end users actually live inside?
- Which services partner will be embedded deeply enough in your operations to make their model recommendation effectively binding?
Those decisions deserve more scrutiny than your last model bake-off. Model substitution at the API layer is getting cheaper. The orchestration commitment is a multi-year code rewrite. The workflow surface is a behavior change across thousands of employees. The services relationship is a budget line item with a long tail. These are the decisions that demand scrutiny because they persist.
Anthropic’s open sourcing of Agent Skills and its insistence that “skills you create aren’t locked to Claude” is the right hedge for customers. So is keeping optionality with a second frontier model. But the deeper move is to treat workflow integration as the thing you actually own, with the model and the partner as substitutable layers around it. Teams that have learned to integrate AI into repeatable work will keep capability commoditization on their side of the ledger.