Quick take: The biggest secret AI vendors hide is true API costs at scale. That $50k development project can turn into $500k annually in OpenAI or cloud infrastructure fees once you have real traffic. Always ask for cost projections at 10x and 100x your expected usage.
The proposal looks great. The vendor promises custom AI capabilities at a fixed price with a clear timeline. You’re ready to sign. But there are critical details most vendors won’t volunteer unless you ask the right questions.
We’ve audited 40+ AI vendor engagements over the past two years. The same patterns show up repeatedly, costing founders money, time, and leverage. Here’s what you need to know before committing.
What Vendors Hide
| Secret | Why They Hide It | Financial Impact | Risk Level |
|---|---|---|---|
| True API costs at scale | Keeps proposals competitive | 5-20x hidden ongoing costs | Critical |
| Data ownership ambiguity | Industry standard favors them | Loss of business asset value | High |
| Model deprecation risk | Not their problem to solve | Forced rebuilds every 12-24 months | High |
| Vendor lock-in architecture | Increases switching costs | 50-100% rebuild to change vendors | High |
| Junior team on your project | Protects margins | Quality issues, delays | Medium |
| Reused code from other clients | Speeds delivery, increases profit | Licensing issues, security gaps | Medium |
| Training data requirements | Avoids scope discussion | 3-6 month delays post-contract | Medium |
| Production support limits | Not in base price | Ongoing costs or gaps | Medium |
1. True API Costs at Scale
Your vendor quotes $50k for development but doesn’t mention that OpenAI API calls will cost $30k per month at your target user volume. They focus on the one-time build cost and gloss over the recurring infrastructure that actually determines long-term viability.
AI applications often use GPT-4, Claude, or similar models that charge per token. At small scale, costs are negligible. At 10,000 daily active users, you might process $1,000-$10,000 per day in API calls depending on your use case. That’s $30k-$300k monthly, often exceeding your entire development budget.
Vendors know this but don’t lead with it because it makes projects look expensive and risky. They assume you’ll figure it out later or that scale won’t happen. But if your product succeeds, you’re locked into an economic model you never agreed to.
Ask for detailed cost projections at 1x, 10x, and 100x your expected usage. Request they break out API costs, compute costs, and storage separately. If they claim they can’t estimate this, that’s a red flag about their experience.
2. Data Ownership Ambiguity
Standard vendor contracts often give them perpetual rights to use your data for model improvement, benchmarking, or even training models for other clients. You think you own your customer data, but the fine print says otherwise.
This matters enormously for AI companies where your differentiation comes from proprietary data. If your vendor can use your customer interactions to improve a competitor’s product, you’ve given away your moat. Some contracts even claim ownership of trained model weights, meaning you can’t take “your” AI with you if you switch vendors.
Vendors use boilerplate contracts designed to protect their interests. They won’t highlight data ownership clauses because most clients don’t ask. By the time you discover the issue, you’re already dependent on their infrastructure.
Read the data sections carefully. Strike any language about using your data for their purposes. Specify that all data, models, and weights belong exclusively to you. If they resist, find out why.
3. Model Deprecation Risk
OpenAI deprecated GPT-3.5-turbo-0301 with 6 months notice. GPT-4 versions get deprecated regularly. Your AI vendor built your product on a specific model version that will stop working, and they didn’t tell you who handles migrations.
Every major AI provider deprecates old models as they release new ones. Migrations require testing, prompt re-engineering, and sometimes significant code changes. If your contract doesn’t specify who handles this work, you’ll get an invoice when it happens.
Vendors don’t mention deprecation because it sounds like the product they’re building is temporary. They prefer to position AI as stable infrastructure when it’s actually a rapidly moving target requiring ongoing maintenance.
Include model migration work in your contract or budget 10-15% of the original development cost annually for keeping up with provider changes. Ask which model versions they’re using and check the provider’s deprecation policy.
4. Vendor Lock-In Architecture
Your vendor builds everything tightly coupled to their infrastructure, their APIs, and their processes. Switching vendors later requires rebuilding 70-90% of the system. They designed it this way.
Lock-in happens through proprietary APIs, custom infrastructure, and undocumented integrations. Each decision makes sense individually, but collectively they ensure you can’t leave without starting over. Vendors benefit from long-term retention, so they build dependencies intentionally.
The pitch emphasizes rapid delivery and custom solutions. The reality is those custom solutions are custom to them, not to you. When you want to bring development in-house or switch to a competitor, you discover you’re locked in.
Ask about API abstractions and whether the architecture allows swapping AI providers. Request documentation showing how you could migrate key components. If everything is opaque or custom, negotiate contractual limits on lock-in or plan for higher switching costs.
5. Junior Team on Your Project
The senior engineers who sold you on the project won’t be writing your code. You’re getting junior developers supervised part-time by someone experienced. The rate stays the same.
Staffing economics drive this. Senior developers cost $150-$300 per hour. Juniors cost $50-$100. Vendors price projects based on blended rates but staff them as cheaply as possible to maximize margin. Your $200/hour project might use $75/hour developers.
Vendors keep this quiet because clients assume they’re paying for the expertise demonstrated in sales conversations. By the time you realize the team is junior, you’re mid-project and switching vendors is costly.
Ask who specifically will work on your project, not just who oversees it. Request LinkedIn profiles or resumes. Specify minimum experience levels in the contract. Meet the actual development team before signing.
6. Reused Code from Other Clients
That custom solution includes chunks of code from three previous projects. Sometimes this is fine. Sometimes it brings licensing issues, security vulnerabilities, or functionality you’re paying for but don’t need.
Code reuse is standard practice and often smart. But vendors don’t tell you what percentage of your “custom” solution is recycled because it undermines the value proposition. If 60% is from other projects, why are you paying full custom rates?
The bigger risk is when reused code has unclear licensing or introduces security issues from contexts you don’t control. We’ve seen cases where code from a healthcare project with strict security requirements got reused in a consumer app, adding unnecessary complexity.
Ask directly what percentage is new development versus adapted from previous work. Request that all code be reviewed for licensing compliance and that you receive full rights to everything delivered, regardless of origin.
7. Training Data Requirements
The vendor promises AI capabilities but doesn’t mention you need 10,000 labeled examples before the model works properly. They assume you have data ready or will figure it out during the project.
Many AI approaches require substantial training data. Computer vision needs thousands of labeled images. Custom NLU models need annotated conversations. Vendors focus on what they’ll build and skip over what you need to provide because it’s awkward.
This creates a gap where development finishes but the product doesn’t work because you’re scrambling to create training data. You’re paying for developer time while your team labels data, or you’re hiring data labeling services you didn’t budget for.
Ask explicitly what training data is required, in what format, and who is responsible for creating it. If you don’t have the data, add data collection and labeling to the project scope and timeline.
8. Production Support Limits
The contract covers development but not production support. When things break at 2am or you need urgent changes, you’ll wait for a new SOW or pay emergency rates. They built it, but supporting it costs extra.
Development and support are separate business models. Vendors price projects to win the initial contract, knowing support and enhancements generate ongoing revenue. They don’t emphasize support limits during sales because it makes the relationship sound transactional.
You launch, something breaks, and you discover your vendor’s support package costs $10k per month or they have 48-hour SLAs when you need 4-hour response times. You’re live with users, so you have no leverage to negotiate.
Negotiate production support terms before signing the development contract. Specify response times, coverage hours, and what’s included versus additional cost. For critical systems, require a support agreement as part of the initial contract.
How We Identified These Patterns
We reviewed 40+ AI vendor contracts and post-mortems from startups that ran into problems. We interviewed founders about what surprised them and analyzed which issues created the most financial or strategic damage. We excluded issues that affect fewer than 20% of projects to focus on systemic patterns.
We also analyzed standard contract templates from 15 AI development agencies. The patterns above appear in 70-90% of vendor agreements, usually buried in fine print or absent entirely from initial proposals.
Frequently Asked Questions
Are all AI vendors hiding these things intentionally?
Most vendors aren’t malicious, but they optimize for winning contracts. That means emphasizing benefits and minimizing risks. Some genuinely don’t think about deprecation or scale costs. Others know but don’t volunteer the information.
Should I avoid working with AI vendors entirely?
No. Many projects benefit from vendor expertise. But treat it as a negotiation where interests don’t fully align. Ask hard questions, get commitments in writing, and plan for the relationship to evolve or end.
What should I look for in an AI vendor contract?
Clear data ownership, specific team members with minimum experience levels, detailed cost projections at scale, model migration responsibilities, source code delivery with full rights, production support SLAs, and exit provisions that allow you to continue operating if you leave.
How can I estimate API costs if the vendor won’t?
Calculate your expected API calls per user action, multiply by daily active users, and check the pricing pages of OpenAI, Anthropic, or whoever’s API you’re using. Build a spreadsheet with usage scenarios. It’s not perfect, but it’s better than guessing.
What if I’m already locked into a bad vendor contract?
Document everything, start planning your exit, and negotiate improved terms at renewal. If you’re truly stuck, consider building an abstraction layer that lets you gradually migrate components. It’s expensive but less expensive than staying trapped.
Key Takeaways
- API costs at scale often exceed development costs by 5-20x, but vendors rarely project this accurately in initial proposals
- Data ownership clauses in standard contracts often allow vendors to use your data for their benefit
- Model deprecation requires ongoing migration work that may not be included in your contract
- Vendor lock-in is often architectural by design, making switching vendors equivalent to rebuilding from scratch
- Junior developers frequently work on projects priced at senior rates, affecting quality and timelines
- Reused code can introduce licensing issues and unnecessary complexity
- Training data requirements are frequently underspecified, causing delays when you reach production
- Production support is usually separate from development contracts and can be costly or limited
SFAI Labs helps founders negotiate AI vendor contracts and audit existing engagements for hidden risks. We review contracts before you sign and provide technical oversight during delivery. Get a contract review before committing.
SFAI Labs