Are Enterprises Looking at Hosting Providers to Be the Control Layer for AI?

It’s official: Microsoft and OpenAI’s relationship is coming to a sizzle. On April 27, Microsoft announced its third amendment to “simplify” their partnership and “the way we work together.”

Others were more…blunt.

OpenAI’s Denise Dresser said the Microsoft partnership had been foundational, but had also “limited our ability to meet enterprises where they are.” For many of those customers, that means Amazon Bedrock.

Additionally, court documents from the ongoing Musk v. Altman trial revealed this week that Microsoft’s own CTO saw it coming. He warned in 2018 that OpenAI might “storm off to Amazon in a huff and shit-talk” Azure on the way out.

Prophetic, as it turns out.

For those out of the loop, here’s where the relationship started: In 2019, Microsoft invested $1 billion in OpenAI, making Azure the AI company’s preferred cloud home. It’s what helped OpenAI train, run, and sell its AI systems at scale, bringing the ChatGPT we all know and love today.

Now, about seven years later, that exclusivity is kaput.

Which raises a painfully obvious question: If everyone has access to the same models, what actually sets anyone apart?

Ask Richard Bird — CSO at Singulr AI, an enterprise AI governance platform — and he says it all comes down to governing AI. He says picking the model is the easy part, but running it safely and accurately once it’s live is where providers have a chance to showcase and shine.

“Defensibility never lived in the model; it lives in control of the data, visibility into the system, and the ability to govern what the AI actually does once it’s running in the enterprise,” he said.

But how do you create governance frameworks for a beast you’ve never quite dealt with before? Bird emphasizes that most of the governance frameworks enterprises are working with right now were written for predictable software.

You know, code that only does what it’s told. For agentic AI, the problem is in the name: It’s able to make its own choices.

“Enterprises have no idea what their AI is actually doing, who built it, or what data it touches in real time,” Bird added. “Governance frameworks were written for software that behaves predictably, and AI simply does not.”

Singulr’s data confirms this: Across customer environments, the company consistently finds more than 500 unique AI services in use, with 75% of employees running unvetted shadow AI tools, and many linked to personal accounts.

Bird’s solution isn’t another policy document telling AI what it can and can’t do (which you might expect with a term like “governance framework”). It’s closer to your regular dynamic dashboard… Just with a big, red emergency button.

Hosting providers understand this better than most. You can write all the rules you want, but when an AI agent tries to access the wrong data, make an unauthorized change, or leave a vulnerability exposed — because it will happen — someone obviously needs to catch it while it’s happening.

Josh Morganthall sees the same exact issue from Blue Mantis’s infrastructure perspective, a security-first IT services provider used by enterprises like Loftware and The Channel Company.

He said that the issue Blue Mantis runs into is that the tools organizations rely on each day simply don’t work together.

“Most of the failure modes here aren’t about missing tools,” Morganthall continued. “They’re about systems that don’t act on the signals they already have.”

Signals like suspicious logins, unusual data access, risky permissions, endpoint alerts, failed authentications.

What customers may not realize is that AI is not arriving in a new environment. It’s almost always being dropped into years of existing systems, data, permissions, workflows, and security rules. If an AI platform can’t connect with that setup, it’s not simplifying anything, which is exactly what it’s promised to do.

Now, Morganthall does not think that control layer is going away. Enterprises have too much built around it already, from identity and data governance to compliance records and audit trails. He said they’re not going to unwind all of that just because of AI. (Yet, that is. Check again in five years.)

As for what they will do?

“The vendors that figure this out won’t try to replace the control layer. They’ll extend it,” Morganthall explained. “Because in practice, companies don’t rip out the systems that already govern access and data. They build around them.”

Some new vendors, like OpenRouter, are already handling routing and orchestration across providers. But traditional hosts may still have the home field advantage if they play their cards right.

“The bar is whether you can actually enforce existing data policies, respect device and user risk signals, and write back into the same audit trails security teams already rely on,” Morganthall said.

So where does this leave hosts?

Bird says to stop thinking about AI governance as a model problem and start treating it as an infrastructure problem.

“The fix for AI governance is not another policy document or another committee,” he said. “It is runtime visibility and runtime control, because intent at the policy layer means nothing if you cannot see or stop the behavior at the execution layer.”

For hosting providers specifically, ask yourself: Can your infrastructure actually tell your customers what their AI is actually doing? Can it enforce policy at the execution layer, not just the configuration layer? Can it work successfully with both the new and legacy systems enterprises already rely on?

If it’s a no for you, it’s a yes for someone else.