The demo was never lying: a few dollars of API spend can draft what might have taken a human afternoon. In production you run two ledgers. One is the vendor bill—frontier models are still on the order of dollars per million input tokens and more for output (OpenAI API pricing). The other is retries, review, security fixes, and escalations when “almost right” ships.

The EU AI Act regulates how AI systems are placed on the market and used, with escalating obligations for high‑risk categories, transparency for certain general‑purpose and consumer‑facing cases, and governance expectations that land on deployers as well as providers. Open‑source weights or code do not automatically exempt a real‑world deployment from duties once the system is part of a product or business process.

NIS2 raises the floor for cyber risk management, supply‑chain security, incident handling, and accountability across essential and important entities in Member States’ transpositions. Open source can strengthen security when you control patching and architecture; it weakens it when “community maintenance” becomes an excuse for drift.

The Digital Operational Resilience Act (DORA) is not a licensing discussion; it is an ICT risk and third‑party regime for the financial sector. Whether your database is proprietary or open source, you must prove you can manage and recover critical functions when suppliers, software, or infrastructure fail.

The GDPR does not mandate open source. It mandates accountability: lawful basis, purpose limitation, data minimisation, security of processing, subprocessors, transfers, breach notification, and the rights of data subjects. When you migrate workloads to open‑source platforms or self‑hosted stacks, supervisors still ask one question: can you show how controls are implemented and who is responsible?

Proprietary stacks are not “bad,” but they concentrate risk. When critical workloads, encryption keys, audit logs, and AI inference paths all depend on opaque roadmaps and a single commercial trajectory, you inherit someone else’s priorities: price changes, feature deprecation, regional product splits, and incident timelines you do not control.

Over this series we moved from one core idea to its full implication: once AI is connected to business systems, it becomes an attack surface with real operational consequences.

Prevention is essential, but it is no longer enough. If AI systems are in production, incident response must evolve accordingly.

After the risk discussion comes the architecture question: what does a resilient AI system actually look like?

Many AI incidents begin with human behavior, not advanced exploitation.

AI security is not replacing classic cybersecurity. It is extending it.

No production AI system is “just a model.” It is a supply chain: base weights, fine-tuning data, orchestration frameworks, vector stores, retrieval connectors, plug-ins, and external APIs.