Building the machine that will replace you?
There’s a conversation happening in boardrooms and partner meetings across professional services firms right now … the management consultants, lawyers, accountants, engineers, investment advisors, marketers et al. It goes something like this:
"We need AI to stay competitive."
And then someone signs the firm up for ChatGPT Enterprise or Claude.
This is one of the dumbest strategic decisions a professional services firm can make. Not because AI is bad. It’s because of who you’re deploying it through and what they're building.
Who are these AI companies?
OpenAI, Anthropic and the other frontier providers are not tool vendors like your Microsoft apps or your CRM and ERP.
They are AI labs with an explicit mission to build artificial general intelligence. They are among the most well-capitalised organisations in the world. They are building products that, by their own public roadmaps, are intended to automate complex knowledge work. The work that is the core product of every management consulting firm, law firm, advisory practice etc.
The smartest firms are not blind to this. They have all made significant investments in proprietary AI capability because they understand that AI is not just a productivity tool. It is a potential competitor. The smart ones are building moats. They are not giving their data, their secret sauce, and their clients’ data to big tech companies that are building much bigger moats.
What happens when you use these AI platforms?
When humans use OpenAI or Anthropic directly, even under enterprise terms (see more below) several things happen:
Your most sensitive work is processed on their infrastructure. Every query about your strategy, a client's strategy, every draft of a sensitive document, every analysis of a client's financial position passes through servers you don't control, in jurisdictions that may differ from your own, under terms of service that you probably haven't read in full, and your clients or suppliers almost certainly haven't consented to.
Your institutional knowledge is being used to build their product. The nuance of how your firm frames problems, the language patterns in your documents and verbal conversations, the kinds of questions your team asks … all of this is data. What precisely is done with it varies by vendor and changes with their terms, but none of it is yours exclusively anymore.
You are training a competitor. This is the part that doesn’t get said clearly enough. The companies building these models are not neutral infrastructure providers. They are building toward a world where the analysis, drafting, advisory, judgement and strategic thinking that your firm currently charges for, built up over many years, is available at marginal cost. Every interaction that goes through their systems makes that future more likely, not less.
What about the software you’ve used for years that is now “AI enabled”?
This is the part most firms miss entirely. You may never sign up for an AI platform directly, but still have all of the same problems, because the document tool, the practice-management system, the CRM, the research platform or the accounting suite you have trusted for years have quietly or loudly bolted on “AI” features. In most cases those features are a thin wrapper over the very same frontier models, OpenAI, Anthropic and the rest, called through an API behind the vendor’s logo.
The “summarise this,” “draft a reply,” “ask your data” buttons look like a feature of the software you already own and trust. However, under the hood, your data (and your clients’) is being packaged up and sent to the same third parties, often through a chain of sub-processors you have never evaluated and cannot see. The branding changed; the data flow did not. So, the question is not only “which AI tools have we approved?” but “which of the tools we already use started sending our data somewhere new the moment they shipped an AI feature?” For most firms, nobody has checked.
What do your clients and suppliers think?
Have you told your clients, your suppliers and other stakeholders that their information is being processed through an AI model?
In most cases, the answer is no. In many cases, the answer is that it hasn’t occurred to the firm to disclose this.
Depending on your jurisdiction and the nature of the work, this may not just be a commercial problem. If your firm handles privileged legal communications, regulated financial information, confidential information (as stated in almost every contract), or personally identifiable data, there are serious legal and moral obligations around disclosure, data handling and cross-border transfer that don’t disappear because the processing happens inside AI.
The clients and suppliers of these firms I'm describing would likely be deeply uncomfortable knowing that their conversations are being routed through an API. And yet that is exactly what is happening, at scale, right now.
But we have Enterprise Terms that say “all is good”?
Enterprise agreements are normally better than the consumer defaults. They typically include commitments around not training on your data, stricter retention policies, and data processing agreements that satisfy certain regulatory requirements.
But enterprise terms are not the same as full data sovereignty. Your data is still being processed on their infrastructure and in most cases they say that their third party processors also do something with your data. The model is still running on their servers. The enterprise agreement is a legal commitment but they are only as useful as your ability to verify and enforce them.
More importantly, enterprise terms do not resolve the strategic problem. You are still building your AI capability and your organisation’s knowledge base on the infrastructure of an organisation whose long-term interests are not aligned with yours. You are still dependent on a vendor who can change their pricing, terms, or product direction unilaterally and quickly. And you are still contributing, in some form, to the competitive intelligence of a company that is actively building toward replacing the work you do.
But, they tell me our data is encrypted and no one can usefully see it. AI cannot work if the encrypted data is not de-encrypted.
What you should be doing instead
The alternative is not "don't use AI." The alternative is "use AI in a way that doesn't compromise your clients, your data, your suppliers, or your competitive position."
That means deploying open models on infrastructure you control. It means your data never leaving your environment. It means the capability you build is proprietary, it is not dependent on a third-party vendor's goodwill, pricing decisions or strategic interests.
This is not harder than it used to be. The open model ecosystem such as Llama, Mistral, Qwen, Kimi and others have matured significantly. The capability available from open models running privately now competes directly with proprietary frontier models for the vast majority of professional services use cases. The gap has massively closed.
The firms that are doing this correctly are building a genuine capability advantage. Their AI knows their institutional knowledge, their methodology, their client context. It operates in an environment where data sovereignty is not an assumption, it's an architectural and engineered guarantee.
The smartest firms are already building
Recently Kirkland & Ellis, a top international law firm, has committed to build its own AI technology, rather than renting someone else's. That is a deliberate move away from out-of-the-box wrappers, and it is worth paying attention to.
Building is also easier than it has ever been. Firms don’t need to start from scratch. They can stand on open-source platforms as a foundation and build their own extensions and plugins on top, thereby owning the code and owning the data. Paired with highly cost-efficient open models that can be self-hosted, this is a practical, realistic alternative with distinct advantages. Every serious professional services firm should now be weighing whether to hire a small team of in-house engineers and technically fluent operators instead of depending indefinitely on third-party wrappers.
The uncomfortable truth
Deploying OpenAI, Gemini or Anthropic directly into your consulting or advisory firm is operationally convenient and strategically so naive. It solves a short-term productivity problem while creating a medium-term competitive and reputational risk that most firms haven't properly assessed.
Your competitor is offering to help you organise your business. Some firms are saying yes.
The firms that pause, ask the hard questions, and build AI capability on their own terms will be the ones still in the business of providing advice in decades. The ones that didn't may find that their most valuable asset … their institutional knowledge and client trust … was quietly eroded in the process.
It's worth taking seriously.