AI PM OS · L3 · TOPIC 08

Vendor Strategy + AI Portfolio Governance

Trust vs Lock-in matrix — multi-model strategy, Apple’s Project Campos as case study.

L3 · Mastery Updated APR 2026
In This Post You Will Learn
  • 01. Why vendor strategy in 2026 is portfolio governance, not vendor selection — and the semantic-layer thesis that determines who actually wins.
  • 02. The four-vendor-archetype framework — platform anchors, best-of-breed specialists, AI-native horizontals, foundation models — and which contexts each archetype belongs in.
  • 03. The five-layer portfolio governance stack that holds a multi-vendor AI portfolio together when the vendors stop talking to each other.
  • 04. Four traps senior PMs fall into when inheriting an AI vendor portfolio — and the specific moves that turn inherited chaos into deliberate architecture in eight weeks.

The week-three reality

Q1 2026. A new VP of AI joins a Fortune 500 financial services firm. By the end of week three, the inherited reality is on a single slide.

The Salesforce Agentforce contract was signed nine months ago by sales operations under a “transform-the-customer-engine” mandate. Microsoft Copilot M365 licences were rolled out company-wide last year by IT — every knowledge worker has one. Three different agent platforms — LangChain, CrewAI, and an internal stack the data science team built in a hackathon — got piloted by three different VPs across legal, claims, and underwriting. The combined run-rate is $4.2M annually. There is no shared governance, no single owner, no integration contract between any of the platforms, and no board-level answer to the question: what is the actual strategy?

The VP’s first board update is in eight weeks.

“We’re going to standardise on one vendor” is a wrong answer dressed up as a confident one.

The board update that ends most AI strategies

The board is not asking for a vendor consolidation plan. The board is asking the simpler, harder question: what’s the strategy? The CTO will push back on Salesforce’s lock-in trajectory. The Chief Risk Officer will push back on any answer that doesn’t address EU AI Act Article 14 obligations across vendors. The CFO will push back on any plan that grows the run-rate without a thesis. The CEO wants a one-paragraph answer to “why this, why now, what’s the trade.”

The VP’s job in eight weeks is to turn the inherited chaos into deliberate architecture — not to swap vendors, but to give every component of the portfolio a reason to be there, a boundary, an owner, and a governance contract that survives the next personnel change.

This post is the playbook for that eight weeks.


The frame

Vendor strategy in 2026 is portfolio governance, not vendor selection. The decision is rarely which one. It’s which workflows belong to which vendor, where do the boundaries live, what’s the governance layer that holds the portfolio together, and what’s the lock-in trade we’re consciously making.

The senior PMs who get this right run their portfolio like an architect runs a building — every load-bearing element has a reason to be there, every joint has a contract, and the structure has a story you can tell in one paragraph. The PMs who get it wrong inherit chaos and call it strategy.

60-second answer

If you read nothing else: vendor strategy in 2026 is decided by the semantic layer, not the feature differential. The vendor whose ontology already owns your most valuable contextual data — your customer-360 in Salesforce, your productivity graph in Microsoft, your service catalogue in ServiceNow — wins by default for the workflows that depend on that data. The other vendors struggle for those workflows regardless of how good their AI gets, because they are reasoning over a thinner picture of your business reality.

The job is to map your portfolio to that reality: platform-anchor vendors own the workflows where their semantic layer is the deepest, best-of-breed specialists own the workflows where outcome alignment beats ecosystem depth, AI-native horizontals own the experimental edges where speed of pilot matters more than enterprise sticking power, and foundation-model providers are routed to as a capability layer (covered in L3-T03). The five-layer governance stack — vendor accountability ownership, workflow-to-vendor mapping, integration boundary contracts, multi-vendor compliance, and quarterly lock-in escalation review — is what holds the portfolio together when the vendors inevitably stop interoperating cleanly.

The CPO who walks into a 2026 board meeting with a one-sentence answer to “Salesforce or Microsoft?” — “both, with these explicit boundaries and this governance contract” — is the CPO whose AI strategy compounds. The CPO who answers “we’re consolidating on Salesforce” without naming the lock-in trade is the CPO whose strategy ends in 2027 with a forced re-platforming.


The semantic-layer thesis

Here’s the structural insight most vendor evaluations miss: the biggest determinant of vendor success is not the vendor’s underlying model quality, the feature roadmap, or even the pricing. It’s which semantic layer already owns your most valuable contextual data.

A semantic layer is the ontology — the schema, the relationships, the entities, the events — through which a system understands your business. Salesforce has spent twenty-five years building a customer-360 ontology: account, contact, opportunity, case, interaction, every relationship between them, every historical event. Microsoft has spent fifteen years building a productivity graph: user, document, meeting, message, attachment, every collaboration relationship between them. ServiceNow has built a service catalogue ontology that maps to IT and HR workflows in a way nothing else does.

When AI sits on top of one of these ontologies, the AI inherits decades of accumulated business meaning for free. Agentforce reasoning over a 25-year-old Salesforce instance is reasoning over a richer, more accurate, more contextually loaded picture of the customer than any agent built outside that ontology can match — for customer-facing workflows. Copilot reasoning over a Microsoft 365 tenant with five years of email, document, and Teams history is reasoning over a richer picture of internal collaboration than any external agent can match — for productivity workflows.

The corollary: the vendor whose semantic layer is shallow for your business loses regardless of the model behind it. A best-in-class agent reasoning over a Salesforce instance with patchy data is worse than a mediocre agent reasoning over a clean ServiceNow instance for an IT-heavy workflow. The model is replaceable. The semantic layer is not.

This is why the vendor question is misframed when phrased as “Salesforce or Microsoft.” The right question is: for each major workflow class in our business, which vendor’s semantic layer is deepest? And is that depth durable enough to bet on, or are we building dependency we’ll regret in three years?

Figure 1 · Trust vs Lock-In · Governance Stack

Where the bets go — and what holds them together

Vendor Strategy + AI Portfolio Governance — Trust vs Lock-In, the semantic-layer thesis Top: a 2x2 matrix with Lock-In on the X-axis and Trust on the Y-axis. Four vendor archetypes are plotted: Platform Anchors at high lock-in, high trust; Best-of-Breed Specialists at low lock-in, high trust; AI-Native Horizontal Platforms and Foundation Model Providers at lower trust. Bottom: a five-layer governance stack — Policy, Observability, Containment, Audit, Self-Governance — with amber accent on the top layer. Vendor Strategy + AI Portfolio Governance Trust vs Lock-In. The semantic-layer thesis. VENDOR ARCHETYPES — where to place your bets Trust ↑ high low Lock-In → LOW LOCK-IN · HIGH TRUST HIGH LOCK-IN · HIGH TRUST LOW LOCK-IN · LOW TRUST HIGH LOCK-IN · LOW TRUST Best-of-Breed Specialists Deep domain. Swappable. Earned trust. Platform Anchors Deep integration. Hard to leave. Worth it. AI-Native Horizontal Platforms Wide reach. Trust still being earned. Foundation Model Providers Commodity layer. Multi-source. Own the semantic layer → FIVE-LAYER GOVERNANCE STACK Built bottom-up. The top layer is where the moat lives. 1 · POLICY What is allowed. Acceptable use, data classes, vendor approvals. 2 · OBSERVABILITY What is happening. Traces, logs, eval scores across every agent. 3 · CONTAINMENT What gets stopped. Sandboxes, rate limits, reversibility, kill switches. 4 · AUDIT What can be replayed. Tamper-evident records. Decisions reconstructable. 5 · SELF-GOVERNANCE What governs itself. Agents that audit, adjust, and tighten policy without human cycles. AI PM OS — Level 3 · T08 | Raviteja Palanki

Figure 1 — Trust vs Lock-In with the five-layer governance stack

Where each archetype belongs on the map, and the bottom-up stack that makes a multi-vendor portfolio governable. The amber top layer is the eventual moat — agents that govern themselves.


The four vendor archetypes

A 2026 AI portfolio has four archetype layers. Most senior PMs lump everything into “vendors” and lose the architecture. The discipline is to know which archetype each contract belongs to and govern it accordingly.

Archetype 1 · Platform-anchor vendors

Salesforce, Microsoft, ServiceNow, SAP, Oracle. These are the vendors that own a semantic layer your business already depends on. Their AI offerings (Agentforce, Copilot, Now Assist, Joule) are the natural extension of that semantic layer into agentic workflows.

What they offer: the deepest contextual reasoning for workflows that depend on their data ontology, the highest enterprise readiness (compliance, audit, change management), the slowest deployment cycles, and the highest total cost of ownership. The moat, when it works, is enormous — switching costs measured in years, not quarters. The risk, when it doesn’t work, is catastrophic — you’ve deepened lock-in to a vendor whose AI direction has diverged from yours.

Use them for: workflows where their semantic layer owns the contextual data, where compliance and audit matter more than speed, and where you’ve consciously decided the lock-in trade is worth the moat.

Archetype 2 · Best-of-breed specialists

Intercom Fin for customer support deflection, Zendesk AI for service workflows, vertical players in claims, in clinical decision support, in legal research. These vendors do one workflow class extremely well and have built their AI offering specifically against that workflow’s outcome metric.

What they offer: sharper outcome alignment than the platform anchors (Intercom Fin is built to deflect support tickets in a way Agentforce is built to reason about customers — different optimisation targets), lighter integration footprint, lower lock-in, faster time-to-value. The trade is narrower scope; you’ll have more vendors in your portfolio, and the integration boundaries become real architectural decisions rather than ignorable details.

Use them for: workflows where outcome alignment beats ecosystem depth, where the workflow is well-defined enough that a specialist can outperform a generalist, and where you want to preserve optionality.

Archetype 3 · AI-native horizontal platforms

LangChain, CrewAI, LlamaIndex, agent frameworks generally. These are the toolkits engineering teams use to build agents that don’t fit into a platform anchor or a best-of-breed specialist.

What they offer: maximum flexibility, fastest pilot velocity, lowest licence cost. The trade is engineering effort — you’re building the agent, not buying it. You inherit the maintenance burden, the security review, the evals harness, the observability layer, the governance layer. You get less semantic depth (you’re building the ontology yourself) and less out-of-the-box compliance.

Use them for: experimental workflows that don’t fit into the existing semantic layers, internal-only workflows where engineering effort is acceptable, and pilots where you want to validate the workflow before committing to a vendor contract.

Archetype 4 · Foundation-model providers

Anthropic, OpenAI, Google, AWS Bedrock, DeepSeek, Mistral. These vendors sell capability — the underlying models that everything else runs on. Vendor-strategic decisions at this layer are routing decisions: which model for which task class, what’s the failover, what’s the cost-quality trade.

This archetype is covered in depth in L3-T03 (Multi-Model Orchestration). The relevant point for portfolio governance: foundation-model vendors are not the strategic vendor decision — they are a procurement decision underneath the workflow-to-vendor mapping. Get the workflow architecture right first; the foundation-model routing follows.

ArchetypeExamplesWhat they own
Platform anchorsSalesforce, Microsoft, ServiceNow, SAPThe semantic layer. Workflows tied to their ontology.
Best-of-breed specialistsIntercom Fin, Zendesk AI, vertical playersOutcome alignment. One workflow class, optimised.
AI-native horizontalsLangChain, CrewAI, LlamaIndexBuild velocity. Experimental edges, internal tools.
Foundation modelsAnthropic, OpenAI, Google, BedrockCapability. Routed to underneath the workflow map.

What the platform numbers actually say

Both Salesforce and Microsoft have gone to market in 2026 with headline numbers that make their AI offerings sound like already-won battles. The headline numbers are real. The ground-truth penetration tells a different story.

Salesforce Agentforce crossed $800M ARR in Q4 FY26, up 169% year-over-year, with 29,000 deals closed. Combined Data 360 and Agentforce ARR is $2.9B, growing more than 200%. By any normal SaaS standard, those numbers are extraordinary. But penetration into the Salesforce installed base sits at roughly 5–12%. The growth is real; the universal adoption the marketing implies is not. Agentforce is winning hard in customer-360 workflows where Salesforce’s semantic layer is deepest. It’s struggling outside that perimeter.

Microsoft Copilot has 15 million paid M365 Copilot seats against approximately 450 million commercial M365 seats — 3.3% paid penetration. Among licensed users, active workplace conversion is roughly 35.8%; some surveys show 64% of licensed employees never become active users. Market share against general-purpose AI assistants dropped from 18.8% to 11.5% in six months as ChatGPT and Claude apps took mindshare. 70%+ of users prefer ChatGPT in head-to-head productivity tests, and 44% of lapsed Copilot users cite “distrust of answers” as the lapse reason.

The honest read: both platform anchors have real moats for the right enterprise context. Agentforce is the right answer for customer-360 workflows in CRM-heavy organisations with clean Salesforce data. Copilot is the right answer for productivity workflows in M365-heavy organisations where the productivity graph is already the source of truth. Neither is the universal answer the marketing claims, and a portfolio built on either as a single bet will hit the same penetration wall the broader market is hitting.

The senior PM’s job is to read the numbers underneath the marketing and use them to set realistic adoption assumptions, not aspirational ones.


Enterprise Lens · Project Campos

The Apple-Google case — when architecture beats vendor preference

The most instructive vendor decision of 2025 was Apple’s. Apple chose to license a 1.2 trillion-parameter custom Gemini model from Google for approximately $1B per year to power the next-generation Siri, rather than build the model in-house in a way that would compromise Apple’s Private Cloud Compute architecture. Both companies confirmed the partnership in a joint statement.

Read that decision carefully. Apple — a company with $100B+ in cash, a decade of in-house silicon expertise, and a public posture of platform independence — chose to pay its largest competitor $1B/year because Apple’s stated privacy architecture was real enough to constrain the vendor decision. Private Cloud Compute is not marketing language. It is a structural commitment that the on-device and cloud inference paths must offer the same privacy guarantees, and that commitment was load-bearing enough that Apple would rather pay Google for capability than break the architecture.

The lesson generalises. When an organisation’s stated priorities are real — privacy, sovereignty, safety, regulatory posture — those priorities shape the vendor decision in ways that override vendor preference, cost optimisation, and competitive positioning. Architecture beats vendor preference, every time, when the architecture is real.

The corollary: when an organisation’s stated priorities are not real — when “we care about data residency” is a slide deck claim rather than a structural commitment — the vendor decision optimises against something else (politics, sales relationships, the loudest VP), and the resulting architecture is incoherent. The senior PM’s job in vendor strategy is to surface which stated priorities are real and which are decorative, and let the real ones constrain the decision space.


The five-layer portfolio governance stack

Once the vendor archetypes are mapped to workflows, the portfolio needs governance — the layer that survives personnel changes, vendor reorganisations, and the inevitable moments when the vendors stop interoperating cleanly. The stack has five layers, each of which fails differently when neglected.

Layer 1 · Vendor accountability ownership

Every major vendor in the portfolio gets a single named PM who owns the vendor relationship end-to-end — budget authority, outcome accountability, vendor escalation path, and quarterly business review ownership. Without this, vendor relationships become orphan contracts; nobody is accountable for outcomes; the vendor’s own customer success team becomes the de facto product owner; the contract auto-renews without scrutiny.

The discipline: the named PM signs the QBR document, owns the renewal recommendation, and is on the hook when the vendor underdelivers. If a vendor has no named PM owner, that’s a governance gap, not a procurement detail.

Layer 2 · Workflow-to-vendor mapping

A written, maintained document that says: for each major workflow class in the business, which vendor owns the workflow, and what the explicit non-overlap rules are. Customer-360 reasoning workflows: Salesforce. Internal productivity workflows: Microsoft. IT service workflows: ServiceNow. Customer support deflection: Intercom Fin. Experimental claims-triage workflow: internal LangChain build (with a 90-day decision date for whether to migrate to a platform vendor).

The non-overlap rules matter as much as the mapping. Without them, every vendor’s sales team will pitch their offering for every workflow, every internal champion will lobby for their preferred vendor, and the portfolio drifts into duplicated capability and unowned boundaries.

Layer 3 · Integration boundary contracts

Wherever two vendors’ workflows meet — Salesforce → Microsoft when a customer interaction creates a Teams thread, ServiceNow → Salesforce when an IT incident affects a customer-facing system, Intercom Fin → Salesforce when a deflected support conversation needs to escalate to a sales conversation — there is a boundary. The boundary needs a contract: what data flows, in which direction, with what latency, with what error semantics, who owns the boundary when it breaks.

Most enterprises in 2026 do not have these contracts written. The vendors will sell you their version (Agentforce + Copilot integrations, Salesforce + ServiceNow connectors), but the contract you actually need is internal — the rules your organisation enforces about which vendor is the source of truth for which entity at the boundary.

Layer 4 · Multi-vendor compliance governance

EU AI Act Article 14 mandates human oversight of high-risk AI systems. The NIST AI Risk Management Framework sets out the governance functions any responsible AI deployment is expected to satisfy. GDPR, HIPAA, SOX — depending on the industry, the regulatory perimeter is non-negotiable.

The trap: applying these frameworks per-vendor produces inconsistent governance. Salesforce has its compliance posture; Microsoft has its compliance posture; ServiceNow has its compliance posture; the agent built in LangChain has whatever compliance posture engineering remembered to build. The audit reveals the gaps.

The discipline: portfolio-wide policies that apply across vendors. PII handling rules that every vendor must satisfy. Human oversight thresholds that apply uniformly. Audit logging requirements that produce a single audit trail across vendors. ServiceNow’s AI Gateway PII Vault Service is one example of a vendor-side feature that supports portfolio-wide governance, but the policy itself has to live above the vendor layer.

Layer 5 · Quarterly lock-in escalation review

Every quarter, the named PM owners walk the portfolio and answer one question per vendor: what is the cost of switching off this vendor today, in months of effort and dollars of disruption? The number always grows. The question is whether the growth matches strategic intent.

Lock-in that compounds against a deliberate strategic bet (Salesforce as the customer-360 anchor, with conscious depth) is acceptable. Lock-in that compounds without a strategic bet (a Microsoft footprint that grew by accident because every team used Copilot, and now you can’t move productivity workflows without an enterprise-wide change programme) is governance failure.

The quarterly review’s purpose is not to switch vendors — it’s to make sure every vendor in the portfolio has accumulated the right amount of lock-in given its strategic role. Too little lock-in for a platform anchor means you haven’t actually committed; too much lock-in for an experimental tool means you’ve drifted into dependency.


The multi-agent emergence problem at portfolio scale

Single-vendor multi-agent systems already produce emergent behaviour that’s hard to govern. At portfolio scale, the problem multiplies.

In 2026, ServiceNow’s agents are talking to Salesforce’s agents are talking to Microsoft’s agents — through APIs, through shared data layers, through human handoffs that span tools. None of the vendors built their agents to be governed with the other vendors’ agents. Each vendor built for their own ecosystem. The cross-vendor agent interaction is unowned territory.

The risks compound in three ways:

  • Coordination failures. An Agentforce agent updates a customer record, a Copilot agent reads a stale version, a ServiceNow agent acts on the inconsistent view, and the customer experience breaks at a seam none of the vendors are responsible for.
  • Distillation exposure. Anthropic disclosed in February 2026 that industrial-scale distillation campaigns from competing labs (DeepSeek, Moonshot, MiniMax) had captured 16M+ exchanges from production AI systems. Multi-vendor agent traffic creates multiple potential exposure points; the portfolio’s distillation surface area is the union of every vendor’s exposure.
  • Compliance drift. When an Article 14 human-oversight obligation requires a human in the loop for a decision that touches Salesforce, ServiceNow, and Microsoft agents in sequence, the question of which human, at which point, with what visibility, is not answered by any single vendor’s governance.

The vendor strategy is the governance design for this problem. The five-layer stack above is what closes these gaps — not because any individual vendor solves them, but because the portfolio-wide policies and the integration boundary contracts make the cross-vendor seams legible.


The four traps

Senior PMs walking into inherited AI portfolios fall into the same four traps. Each trap is named, the cognitive bias underneath it is identified, the consequence shows up six to twelve months later, and the fix is operational.

1

Trap 1 · Vendor consolidation as default strategy

Assuming “one vendor for everything” is simpler. The bias underneath is simplification-as-virtue — the belief that fewer vendors means lower complexity, when often it just means deeper lock-in dressed up as simplification.

The consequence: a year later, you’ve consolidated on Salesforce, the Salesforce AI roadmap has diverged from your priorities, switching costs are now eight figures, and the only available move is “argue harder with Salesforce.”

The fix: every consolidation decision has to name the lock-in trade explicitly. The acceptable answer is “yes, we are deepening lock-in to vendor X for these workflows because the semantic-layer alignment is durable for at least five years and the moat outweighs the optionality cost.” If you can’t name the trade, you’re consolidating by default, not by design.

2

Trap 2 · Best-of-breed without integration governance

Every team picks their own vendor; nobody owns the boundaries; the portfolio becomes ungoverned. The bias underneath is local-optimisation tunnel vision — each team optimising for its own workflow without seeing the system-level cost of the integration debt.

The consequence: eighteen months in, you have eleven AI vendors, no integration contracts, three different PII handling policies, and an audit that takes four months to complete because every vendor has to be reviewed independently.

The fix: any best-of-breed addition has to come with an integration boundary contract before the contract is signed. The PM owner is named at procurement, not after deployment. The portfolio-wide compliance policy is non-negotiable.

3

Trap 3 · Lock-in without strategic intent

Drifting into deeper Salesforce or Microsoft dependency without consciously deciding it’s the strategic core. The bias underneath is path-dependent inertia — every individual decision was reasonable in isolation, but the cumulative effect was a strategic commitment nobody made deliberately.

The consequence: two years later, the CFO asks “what would it cost to move our customer engine off Salesforce?” and the answer is “$40M and eighteen months of disruption.” Nobody chose that exposure; it accumulated.

The fix: the quarterly lock-in escalation review (Layer 5 above). The number is calculated, written, and reviewed against strategic intent. If the lock-in number grew faster than strategic intent justified, the next quarter’s vendor decisions throttle back; if it grew slower, the next quarter’s decisions can lean in.

4

Trap 4 · Compliance retrofit

Applying EU AI Act Article 14, NIST AI RMF, GDPR, and other regulatory obligations per-vendor instead of portfolio-wide. The bias underneath is vendor-as-unit-of-analysis — treating each vendor’s compliance posture as the relevant unit, when the regulator treats your organisation’s deployment of AI as the unit.

The consequence: the audit reveals inconsistent human-oversight thresholds across vendors, inconsistent PII handling, inconsistent audit trails — and the regulator’s finding is against your organisation, not against any individual vendor.

The fix: portfolio-wide compliance policies written above the vendor layer. Every vendor must satisfy the policy; vendors that can’t are not in the portfolio. The compliance design lives in the governance stack (Layer 4), not in the vendor contracts.


The CPO question that decides everything

The single question that determines a 2026 AI vendor strategy is this:

Which vendor’s semantic layer aligns with where our most valuable contextual data already lives — and is that alignment durable enough to deepen lock-in, or temporary enough that we should architect for portability?

The one question every workflow class has to answer

The answer is rarely the same for every workflow class. The customer-360 answer might be Salesforce-durable; the productivity answer might be Microsoft-durable; the IT service answer might be ServiceNow-durable; the experimental claims-triage answer might be temporary-portable. The portfolio architecture is the set of those answers, governed together.

The CPOs who win at vendor strategy in 2026 can give a one-paragraph answer to that question for every workflow class in their business, name the lock-in trade explicitly, and show the governance stack that holds it together. The CPOs who lose either give a one-vendor answer that ignores semantic-layer reality, or give an eleven-vendor answer with no governance.

The work is to be in the first group by the next board meeting.


Try This Now · 10 Minutes

Map your current AI vendor portfolio on a single page.

For each vendor in the portfolio, answer four questions. The pattern most senior PMs see is the same: two or three vendors are intentional and named-owned, four or five are accidental and orphaned, the lock-in costs are higher than expected, and the integration boundaries are unwritten.

  • a

    Which workflows does this vendor own? Be specific. “Customer support” is too vague. “Tier-1 support deflection on the consumer product line, escalating to human agents at confidence < 0.7” is the right resolution.

  • b

    What’s the lock-in cost if we switched today? Estimate in months of engineering effort and dollars of disruption. The number is always wrong; calculating it forces the conversation. If you can’t estimate it, that’s the governance gap to close first.

  • c

    Is the lock-in intentional or accidental? Intentional means a named decision was made to deepen this vendor’s role given semantic-layer alignment. Accidental means the lock-in accumulated without a decision. Both can be acceptable; only one is governance.

  • d

    Who owns this vendor relationship at the PM level? A single name. If the answer is “the vendor’s customer success rep,” that’s an accountability gap, not a name.

If you can do this exercise honestly in ten minutes, the board update writes itself. If you can’t, the work to do before the board update is to get to the answers — not to build the strategy slide.


Apple’s Project Campos — the masterclass in vendor independence

The most studied vendor-independence architecture in production. Three structural moves, built into the foundation rather than retrofitted — which is why Apple could execute the Gemini-to-Ferret swap on a quarter’s notice while peers carrying single-vendor exposure could not.

1. Stateless AI. Apple’s AI architecture is designed to operate without persistent state ties to any single vendor. The harness, the evals, and the user-facing experience hold the contracts; the model behind them is replaceable. Models can be swapped without rewriting the surface area — the cost of a vendor change collapses from a six-month cross-portfolio migration to a routing decision.

2. Private Cloud Compute (PCC). Apple’s own cloud infrastructure for AI inference, with hardware-attested privacy properties. PCC reduces dependence on third-party model-hosting infrastructure and turns the L2-T08 trust architecture into a vendor-independent asset. Privacy claims defended by attested silicon do not require trust in a vendor’s SOC 2 report.

3. The Gemini → Ferret-3 swap. When Apple decided to bring more AI capability in-house, the Stateless AI plus PCC foundation let them swap from Google’s Gemini to their own Ferret-3 without restructuring the product. The harness was vendor-agnostic by design. The swap was visible to the org chart, not to the user.

The lesson: vendor independence is architectural. Apple built it Day 1. Most companies retrofit it later, at higher cost, after the first single-vendor pricing shock has already compressed their margin for a quarter.


Figure 2 · Project Campos — Vendor Independence as Architecture

Three structural moves — Stateless AI, Private Cloud Compute, Gemini → Ferret-3

Project Campos — vendor independence as architecture A three-layer stack diagram. The top layer is the user-facing surface that holds vendor-agnostic contracts. The middle layer is Stateless AI, which makes the model behind the harness replaceable. The bottom layer is Private Cloud Compute, Apple's own attested infrastructure. To the right, a swap arrow shows Gemini being replaced with Ferret-3 without touching the product surface. Bottom callout frames vendor independence as architectural, built Day 1, not retrofitted. Project Campos Three structural moves that turn vendor independence into a built-in property. THE CAMPOS STACK Product surface · vendor-agnostic contracts Siri, Apple Intelligence features, on-device UX. The harness and evals own the contract, not the model. Vendor changes are invisible to the user. MOVE 1 Stateless AI No persistent state ties to any single vendor. The model is a dependency, not a foundation. Implication: swap cost collapses from months to a routing decision. MOVE 2 Private Cloud Compute Apple-owned attested silicon for inference. Trust architecture independent of any vendor's audits. Implication: privacy moat does not depend on a third-party SOC 2. Foundation · Apple silicon, OS, identity The non-vendor layer. The reason the rest of the stack can stay vendor-agnostic. MOVE 3 · THE SWAP VENDOR MODEL Gemini third-party dependency swap IN-HOUSE MODEL Ferret-3 Apple-owned WHAT THE USER SAW nothing harness held the contract. Vendor change was invisible. The architectural read Vendor independence is architectural. Built Day 1, not retrofitted later. Single-vendor portfolios absorb price shocks. Multi-vendor architectures route around them within weeks. AI PM OS — Level 3 · T08 | Raviteja Palanki

Figure 2 — Vendor independence is a property of the stack.

The product surface holds vendor-agnostic contracts. Stateless AI makes the model replaceable. Private Cloud Compute makes the infrastructure trust-claim independent of vendor audits. The Gemini → Ferret-3 swap is what those three properties earn you when you need to make a vendor move at quarterly speed.


Remember this

  1. Trust × Lock-in matrix. Four quadrants. Avoid Low Trust + High Lock-in. Prefer High Trust + Low Lock-in. Use High Trust + High Lock-in deliberately, with explicit lock-in justification.
  2. Multi-vendor architecture is non-optional in 2026. Model commoditisation makes single-vendor exposure a structural risk — the next pricing change is not a question of if but when it lands on your margin.
  3. Apple’s Project Campos is the masterclass. Stateless AI, Private Cloud Compute, Gemini → Ferret-3. Vendor independence is architectural — built into the stack, not negotiated into a contract.
  4. Portfolio governance is Director-level discipline. Standards (eval, cost, trust, vendor-evaluation), reviews (quarterly health, annual rebalancing), and decisions (consolidation, platform investment, rotation) at the portfolio scale.
  5. Platform consolidation is the L3 move. Five initiatives building five eval suites is waste. One shared platform with per-initiative customisation compounds. The L3-T01 platform-consolidation move applied to the vendor and tooling layer.

In practice

A six-step playbook for moving an AI portfolio from accidental vendor exposure to deliberate vendor architecture. Run as a quarterly artefact, owned by the Director-level PM, not procurement.

Step 1 — Audit vendor exposure across the portfolio. List every vendor in the AI stack: model providers, eval platforms, observability, MCP servers, vector stores, gateways. Mark which are critical, which are single-source, which are high-lock-in. The first audit is always longer than expected.

Step 2 — Run the Trust × Lock-in analysis on each critical vendor. Score Trust 1–5 (security, reliability, ethics, financial stability) and Lock-in 1–5 (architectural ties, data lock-in, contract terms, integration depth). Plot in the quadrant. The vendors in Low Trust + High Lock-in are the migration backlog.

Step 3 — Plan multi-vendor architecture for high-exposure capabilities. Model providers especially. Design fallback paths and migration paths the way the L3-T03 multi-model orchestration prescribes — cheap models from one vendor, frontier from another, with named routing rules.

Step 4 — Invest in platform consolidation. Shared eval suites, shared cost dashboards, shared trust architecture, shared observability. The L3-T01 platform move at the vendor layer. Five initiatives sharing one hardened platform beats five initiatives shipping five mediocre ones.

Step 5 — Run quarterly portfolio governance reviews. Vendor exposure delta, multi-vendor investment progress, platform consolidation status, trust-architecture maturity. Standing agenda, named owners, written decisions. The review is the discipline; the slides are the artefact.

Step 6 — Translate vendor strategy for the executive layer. Vendor architecture as strategic capital. Multi-vendor as resilience, not as procurement overhead. Apple’s Project Campos as the public reference. CFO hears margin protection; CRO hears delivery continuity; CISO hears trust independence; board hears structural moat.


Sources