May 2026
AI is not going to change the need for privacy. Somewhere, right now, someone has an idea or a fully fledged business that depends on its ability to manage its own IP, its own data, and — in key areas like finance and healthcare — the very lives of the clients they serve.
Everyone is worried about the security problems that "vibe coding" creates. That concern is real, but it's also part of the learning curve. Large multinational vendors are willing to risk your data to develop products they can profit from. That shared risk may be fine for individual users, but for a company opting into early adoption? The calculus has to weigh not just the end state, but the effort to develop, deploy, and operate.
We're watching the hyperscalers fight for mindshare — offering LLM access for a fee, racing to see what sticks. That's the top end of the funnel. But AI is also knee-deep in the development of the tool chains needed to own and operate these services. Looking across my own tool chains, I keep coming back to the same question: how does an organization get real value from local LLM deployments?
My answer so far: local helps keep your early learnings private. We cannot afford to underestimate the blast radius of rapid development plans with a brand-new tech stack. Local LLMs let IT manage that risk.
Part of my current work is understanding how to help organizations build secure, functional AI stacks for targeted use cases that map to current hardware and software maturity. What can you really run for your development teams? What can you operate for desktop users, at the edge, and in the home office — before shadow IT takes those decisions out of your hands?
I believe there will always be a market for security-first environments. R&D, healthcare, defense, financial services — places where privacy concerns outweigh TCO questions. Local LLM deployment and operation for business is a given at this point. The question is how we safely extend that model out to individual users.
If we concede that the local form factor has a future, we also need to understand the guardrails we can put in place early.
I've seen this pattern before. If I had to pick a comparison from my career, this looks like the early rounds of virtualization. Everyone went all-in on a direction — consolidation! utilization! — only to discover VM sprawl was the new reality we'd be dealing with for years. Or the early days of the hyperscalers: a gold rush followed by a reckoning about what is actually worth running in someone else's data center.
The same pattern is unfolding with AI.
My CCoE work taught me that the hardest migrations are not technical — they are organizational. The same principle applies here. The hyperscalers will duke it out at global scale. Meanwhile, there is business that needs to get done today, and it will want options going forward. Private or local will be a market. The question is how big, and that depends on how well — or poorly — the pay-per-play model executes over the next 3-5 years.
My vote: privacy-first options for the business. The local deployment market is maturing rapidly. It's critical to ramp up, plan, and start providing direction back to the business now — before the sprawl makes the decision for you.
*If this resonates, the full CCoE narrative — 47 AWS accounts, four failure modes, and the migration that almost didn't happen — starts [here](/blog/ccoe-blog-post.html).*
---
Built on a home lab, powered by local models, and owned by Andrew Katana.
Built on a home lab, powered by local models, and owned by Andrew Katana.