As AI Competitors Close The Gap With Frontier Models, The Real Technical Debt Might Picking A Horse Too Soon

Every current AI strategy forces a tradeoff between capability and control. Use the best models and you risk exposing sensitive data through prompts, logs, and training pipelines, a concern widely documented in enterprise LLM security research. Pull everything local to avoid that, and you inherit weaker models, brittle infrastructure, and new failure modes that are just as dangerous.

Satish Anandhan, a London-based Senior Architect and Principal Engineer at Salesforce, has spent nearly two decades tackling enterprise architecture across financial services and global tech firms. His background includes a senior technical architect role at IBM and a lead architect role at Sony, along with consolidating datasets exceeding 500 million records into unified decision layers for major enterprise clients. At Salesforce, he supports data-driven AI solutions, using Salesforce Data Cloud to support Agentforce. That work shapes his highly pragmatic approach to productionizing agents, focusing heavily on data consolidation, strict security, and cost control.

“If you are not careful with how you use the free APIs in OpenAI or Gemini and so forth, your proprietary data can be used for training or exposed and sold on the dark web,” Anandhan says, pointing to a risk many teams underestimate when moving fast with public LLM integrations.

The ground is moving fast: frontier models still lead, for now

Frontier systems like Claude Opus and GPT-4.1 still outperform on reasoning and complex tasks, but that lead is shrinking as open and near-frontier models improve quickly.

Models from groups like DeepSeek and Kimi are rapidly closing the gap with frontier systems on reasoning benchmarks while also undercutting them significantly on cost, signaling that high capability is no longer tightly coupled to a single class of providers. Recent releases of DeepSeek’s V4 series, for example, have been reported to approach or match frontier-level performance on some tasks at a fraction of the cost. At the same time, benchmark discussions around Kimi’s latest releases suggest similar competitive pressure on established leaders, especially in coding and agent-style workloads. 

Anandhan adds that raw intelligence is only part of the picture. “You don’t need to rely on the original schema. You can transform the data so the agent reads it the way you want,” he says, highlighting how data design increasingly shapes outcomes.

Model performance is rising across the board, and the gap that drives today’s tradeoffs is already narrowing.

Most AI systems will age poorly because they lock in today's tradeoff

Many teams are building around a fixed assumption. They pick either cloud-first or local-first and hardwire that choice into their stack. That works until the model landscape shifts, then it breaks.

Anandhan sees this pattern often in early deployments. “I’ve seen teams connect agents directly to databases. It works, but it’s not the right architecture,” he says, describing systems that solve the immediate problem but ignore long-term flexibility.

Research shows that failures in LLM systems often come from how components interact, not from any single weak model. That interaction layer is exactly where rigid assumptions get embedded.

The result is predictable: the model improves, but the system cannot keep up.

Local AI is not a safe haven; it's a different risk profile

Running models locally with tools like Ollama keeps data inside your infrastructure. That reduces one class of risk but introduces another.

Recent reports show large numbers of exposed local LLM servers due to misconfiguration, including cases where systems were accessible from the public internet. The failure mode shifts from vendor exposure to internal security gaps.

Anandhan puts the focus on guardrails. “If you don’t define clear boundaries, the agent will return whatever data it can access,” he says, describing how easily systems can leak sensitive information without strict controls.

Security is not solved by going local. It is defined by how tightly you control access inside the system.

The only durable strategy is to build for swappability

The fastest-moving teams aren’t betting the stack on one model. They’re building the architecture so the model can change without breaking the workflow. That means putting a controlled layer between agents and data, and treating each model as a replaceable part of the system rather than the thing the whole system is built around.

Anandhan points to the need for a unified control plane. “You need a common layer for authentication, authorization, and how agents interact with data,” he says, emphasizing structure over shortcuts.

The payoff is flexibility: you can prioritize security today and capability tomorrow, without having to rebuild every time the model landscape shifts. The constraint is temporary; the architecture should not be.