I’ve been having a version of the same conversation with clients a lot lately. It usually starts with something like: “We signed up for ChatGPT Enterprise six months ago and now the bill is getting uncomfortable.” Or: “We’re preparing for an acquisition and someone flagged that our AI setup might be an issue.”
The conversation that follows is almost always the same: should we be using a managed API, or should we be running our own model? And the honest answer is — it depends. But not in a hand-wavy way. There are specific questions that point you pretty clearly in one direction or the other.
With global AI spend projected to hit $252 billion in 2026, this isn’t a theoretical exercise anymore. It’s a real capital allocation and risk management decision that CPAs are increasingly being pulled into — whether they’re advising clients or sitting inside organizations making these calls themselves.
Two Paths
The managed API path is what most people default to. You pay per token — per use — to providers like Anthropic, OpenAI, or Google. No infrastructure to manage, you’re always on the latest models, and you can be up and running in minutes. The tradeoff: your data leaves your environment every time you make a request, and costs scale directly with volume.
The self-hosted path means downloading an open-weight model — something like Meta’s Llama or DeepSeek-R1 — and running it on your own servers or dedicated cloud hardware. The data never leaves. Costs are largely fixed. But you need an engineering team to set it up and keep it running, and open-weight models run a few months to a year behind the frontier on capability.
One thing worth flagging immediately: “open-weight” is not the same as “open-source.” The license terms vary significantly, and the wrong choice can create real legal exposure — especially around acquisitions. More on that below.
The Five Questions That Point You to the Right Answer
1. Do you have internal engineering capability? If the honest answer is no, self-hosting is essentially off the table. Running your own model isn’t a download — it requires ongoing GPU management, security patching, and performance tuning. Without an engineering team, trying to self-host will create more problems than it solves. Go with the API.
2. Must your data never leave the environment — regardless of contract? Enterprise API agreements (Claude Enterprise, ChatGPT Enterprise, Gemini for Workspace) come with binding Data Processing Agreements. Your data isn’t used for training. There are SOC 2 controls and audit logs. But the data still physically travels to an external server for processing. For most organizations that’s fine. For defense contractors, healthcare organizations with specific PHI requirements, or anyone with trade secrets they’d prefer never touch an external network — physical data sovereignty is the issue, not the contractual terms. If that’s you, self-hosted is the answer.
3. Is cost the primary driver — and do you process at high, predictable volume? This is where the math gets counterintuitive. Self-hosting feels like it should always be cheaper, but it isn’t — at least not at low to moderate volume. A dedicated A100 GPU server runs roughly $1,100–$1,450 per month in hardware costs alone. To break even against Claude Sonnet 4.6 (currently $9.00 per million tokens blended), you’d need to process around 5.4 million tokens per day. Against a budget model like Claude Haiku 4.5 at $3.00 per million tokens blended, you’d need 16 million tokens per day just to cover the hardware — before a single engineer is paid. The API wins at low to moderate volume. Self-hosting starts making sense when you’re running flagship models at high, consistent volume with an engineering team already in place.
4. Does your use case require the latest frontier model capability? Open-weight models lag frontier models by roughly six to twelve months. For complex reasoning, nuanced legal analysis, or cutting-edge agentic tasks — the API keeps you current. For classification, extraction, summarization, and other structured tasks, the capability gap matters less and open-weight models are often sufficient.
5. Is the organization on an M&A or acquisition track? This one catches people off guard. AI architecture now shows up in technical due diligence. Deep lock-in to a single API provider with no abstraction layer gets flagged as vendor risk. And if you’re self-hosting, the model license matters enormously. Meta’s Llama 3 has a 700 million monthly active user cap — if your acquirer already exceeds that threshold, the license voids at close. That’s not hypothetical; it’s a documented deal complication. DeepSeek-R1, by contrast, uses a fully permissive MIT license with no user caps and no M&A aggregation risk. If you’re heading toward a deal, think about portability and license now — not during diligence.
What This Means for CPAs
You don’t need to be an AI engineer to be useful here. The value CPAs bring is asking the structured question when the IT team is defaulting to whatever the sales rep recommended. Three questions in particular are worth having in your back pocket:
- Which model are you running on, and what license governs it? (M&A risk)
- Are API costs tracked by workload type, or is it one undifferentiated line item? (Margin risk)
- Are AI development costs being capitalized under ASC 350-40 where the probable-to-complete threshold is met? (EBITDA opportunity — most non-technical finance teams are leaving this on the table)
One more thing worth flagging: even if the right enterprise procurement decision gets made at the top, employees using personal ChatGPT or Claude accounts for work tasks are on consumer terms of service — which may permit training use and offer far weaker data controls. The framework only works if there’s actual governance around what tools people are using day to day.
Key Takeaways
- API and self-hosted are genuinely different tradeoffs — neither is universally right.
- Five questions point you to the right answer: engineering capability, data sovereignty, cost/volume, frontier need, and M&A context.
- “Open-weight” is not “open-source” — license terms have real IP and acquisition consequences.
- Self-hosting only wins on cost at high volume against expensive flagship models. At low to moderate volume, the API is almost always cheaper.
- Enterprise API agreements and consumer products operate under fundamentally different legal frameworks — that distinction matters even when the underlying model is the same.
Want the CPE credit? Take the full lesson on EverydayCPE and earn 0.2 CPE credits: [lesson link]
Leave a Reply