AI Vendor Lock-In: A Procurement Playbook

The structural argument

Earlier this week Anthropic updated the Claude Code terms of service to block third-party wrappers, including the popular OpenClaw runtime, from using paid Claude subscriptions. There was no email. No prominent blog post. Users discovered the change when their tooling stopped working.

The narrow lesson is "read the terms before you build." That's true and unhelpful. The structural lesson, which is the one that actually matters: every AI vendor with per-user subscription pricing will eventually do exactly this, and the timeline is shorter than your procurement cycle.

Once you internalize the pattern, the right response stops being "audit Anthropic." It becomes "assume any AI vendor can revoke your access pattern with no notice and design accordingly."

Why the wrapper crackdown is inevitable

The economics force it. Every consumer-facing AI vendor sells two products that compete with each other:

1. A flat-rate subscription for individual users, $20–$30/month for "all you can eat" inside the chat interface.
2. A pay-per-token API for developers and businesses, typically $3–$15 per million tokens, often costing far more than the subscription if you actually use it heavily.

A wrapper tool routes a single subscriber's account to dozens of automated workflows that would have cost hundreds of dollars per month at API rates. The vendor is now subsidizing infrastructure they expected to bill for. The wrapper, the wrapper's customers, and the original subscriber are all winners. The vendor is the loser.

This is not a bug in the wrapper's behavior. It is the inevitable arbitrage that flat-rate subscriptions create whenever an API exists at the same time. The vendor's choices are: kill the subscription pricing (expensive politically), kill the API (expensive technically), or block the wrappers (cheapest). They will always choose the third.

The Anthropic move was not personal. OpenAI did the same thing to Plus-tier wrappers in 2024. Google did it to free-tier Gemini API resellers in 2025. Microsoft has done it twice to Copilot wrappers and will do it a third time before the end of this year. The pattern is the pattern.

Why this hits small businesses hardest

Large enterprises have procurement officers, legal review, and contractual carve-outs. Most small businesses do not. They sign up for an AI tool because someone on the team needed it, attach a corporate credit card, and build a workflow on top of it within a month. The workflow becomes load-bearing inside ninety days. The contract that authorizes the workflow remains the consumer terms-of-service everyone clicked "I agree" on.

When the vendor changes the rules, three things happen at once. The workflow breaks. Productivity drops. The team scrambles to evaluate alternatives during the worst possible week. The scramble is the part that costs real money.

A large company can absorb this. A 12-person business loses a week of throughput.

The four-question playbook

You don't need a procurement department. You need a one-page filter that anyone can apply before the next AI signup.

1. What data goes in? Public information, internal information, confidential information, or regulated data (PHI, PII, financials). Anything past "internal information" needs a Data Processing Addendum or Business Associate Agreement before anyone uses it. The Anthropic free tier doesn't have one. Neither does the OpenAI free tier. Neither does any consumer-tier AI account that staff signed up for personally.

2. How does the data come out? If you needed to leave this vendor tomorrow, what's your export path? Most AI tools have an export endpoint for chats. Most don't have an export for the workflows you've built on top. The workflows are the lock-in, not the data.

3. Who else can change the rules unilaterally? Read the API access, third-party integration, and acceptable-use sections of the ToS. If those clauses can change "with notice posted to this page," treat them as if they will change. Because they will.

4. What's the fallback? Pick a second vendor or an open-source alternative for any tool that touches a critical workflow. You don't need to use it daily, you need switching to be a half-day, not a quarter. For most teams the fallback story is: Claude as primary → Microsoft Copilot or local Ollama as fallback. Pick the second one now, not when you need it.

Concrete steps this week

Open a spreadsheet. List every AI or SaaS tool your team has signed up for in the last twelve months. Five columns: data sensitivity, contract owner, monthly cost, BAA status, fallback option. Most owners are surprised by how much shadow IT shows up. That spreadsheet is also exactly what your security reviewer wants to see at renewal.

If any of those tools touches Microsoft 365, Intune, or your file server, treat it like a privileged identity. We help clients lock those connections down with Conditional Access policies and named admin reviews so a vendor change cannot quietly drain data overnight.

The bottom line

The Anthropic news will fade by next week. The pattern will not. Every AI vendor with the same pricing structure will do the same thing on their own timeline, and the announcements will keep coming with the same lack of notice. Your job is to build the kind of internal playbook that turns those changes from emergencies into a half-hour conversation.

Talk to us about running a 30-minute AI tooling review. We will help you build a one-page vendor risk register, pick fallbacks that match your data sensitivity, and write the acceptable-use policy your insurance carrier is going to ask for at the next renewal. Read more in our pieces on AI comprehension debt and Stop Using ChatGPT.