Why “Just Use Open Source” Is the Most Expensive Sentence in AI

Written By Keith Andrew

“It’s just a few APIs. We’ll use open source.”

If you lead engineering or technology at a bank, insurance, or asset management company, you’ve probably heard some version of this in the last year. A small, high‑caliber team prototypes an agentic AI workflow with LangGraph, LangChain, or a similar open source framework. The demo is impressive. The cost looks close to zero. Confidence is high.

Six months later, that “few APIs” has turned into:

  • A cluster of brittle services no one fully understands

  • A backlog of governance, audit, and model‑risk questions

  • A growing obligation to maintain a critical system your team never intended to own at production scale

In this piece, I’ll explain how ‘just use open source’ can become the priciest line in your AI strategy and how to get the upside without having to deal with operational baggage.

If you’re wrestling with whether to “just use open source” for your next agentic AI initiative, you’re not alone. Across the industry, financial institutions are asking the same question and discovering the same hidden costs.

To explore how a multi‑agent AI platform designed specifically for your workflows can complement your existing open source work, submit the form:

Open Source Agent Frameworks: Powerful, but Not a Platform

Modern open source tools like LangGraph and LangChain are genuinely impressive. They make it dramatically easier to:

  • Orchestrate multi‑agent workflows

  • Manage tools, memory, and context for LLMs

  • Iterate quickly on new use cases and UX patterns for AI agents

They are ideal for experimentation: hackathons, proof‑of‑concepts, and early prototypes where speed matters more than hardening or controls.

But a framework is not a platform.

A platform provides the critical foundation required for regulated, always‑on financial workloads:

  • Identity, access, and entitlements

  • Built‑in governance and policy controls

  • End‑to‑end observability and lineage

  • SLAs, support, and security certifications

When those layers are missing, they don’t disappear. Your team builds them slowly, and expensively.

The Hidden Cost Layers of DIY Agentic AI

1. Platform Plumbing: Everything Around the Graph

Open source agent frameworks provide the skeleton of agent orchestration. They don’t give you the full circulatory system required for production.

Teams quickly discover they must build:

  • Environment management: clear separation between dev, test, and prod; ability to replay requests across environments.

  • State management and time‑travel debugging: the ability to inspect exactly what each agent “saw,” decided, and did at each step.

  • Human‑in‑the‑loop controls: escalation, approvals, and overrides when agents handle high‑risk actions like payments, credit decisions, or trade bookings.

Each of these is a non‑trivial engineering project, especially in an environment where changes require sign‑off from risk, compliance, and security.

2. Observability, Lineage, and Auditability

In financial services, you don’t just need to know that something worked, you need to know why.

For multi‑agent systems, that means:

  • Full traces of each agent call, tool invocation, and model response

  • Lineage from upstream data to downstream decisions

  • Persistent logs that satisfy internal audit, external auditors, and regulators

Standalone tool vendors now offer agent observability and tracing, but stitching these into a DIY stack introduces more moving parts, contracts, and integration points.

And when a regulator asks, “Show me every step that led this agent to approve this trade and who signed off,” the cost of not having robust lineage is suddenly very real.

3. Security, Compliance, and Model Risk

In a consumer app, an agent hallucinating is an annoyance. In a bank, it’s a model‑risk incident.

DIY open source stacks must still satisfy:

  • Access control: role‑based, least‑privilege permissions over agents, tools, and data

  • Data protection: PII handling, encryption, data residency, and cross‑border restrictions

  • Regulatory frameworks: emerging EU AI Act requirements and prudential regulators’ expectations around model risk and operational resilience

Open source projects rarely ship with opinionated, regulator‑grade controls. That responsibility lands on your internal platform or security teams.

4. Operational Burden and Technical Debt

Open source frameworks iterate fast. LLM APIs change even faster. What looked like a clean architecture in Q1 can be a patchwork of compatibility shims by Q3.

The hidden costs include:

  • 24/7 on‑call for agent failures in production

  • Regression testing across multiple models, tools, and agents when dependencies change

  • Version drift as teams fork frameworks or pin to older versions for stability

  • Key person risk, where only a handful of engineers understand how the system actually works

A lot of AI costs accrue after deployment, as maintenance, refactoring, and unplanned re‑platforming. In a lean engineering organization, that opportunity cost is enormous.

5. The Cost of Delay

Finally, there is the hardest cost to quantify: time‑to‑value.

While your team is:

  • Hardening orchestration

  • Designing an internal observability solution

  • Negotiating log retention with compliance

Your competitors may already be:

  • Automating complex operations workflows

  • Reducing time‑to‑yes in lending

  • Scaling personalized, AI‑driven client coverage

In markets where adoption curves are steep, being 6–12 months late can mean losing market share permanently.

Why This Matters More in Financial Services

For a startup shipping a consumer product, the answer might genuinely be “just use open source.” The risk surface is narrower, and regulators are far away.

In financial services, the situation is different:

  • Workflows touch money, markets, and systemic risk.

  • A single bad decision can create material losses or regulatory exposure.

  • AI systems are now squarely in scope for model risk management and operational resilience reviews.

Industry groups and regulators are beginning to outline expectations for AI use in financial services, including agentic systems  and why governance, monitoring, and explainability are now first‑class requirements, not “nice to haves.”

A Nuanced View: When DIY Makes Sense and When It Doesn’t

The goal is not to dismiss open source. Some of the best innovation in agentic AI is happening there.

Instead, the right question is: Where should we use open source, and where do we need an enterprise platform?

DIY with Open Source Makes Sense When:

  • Agentic AI is core to your product and differentiation.

  • You have a dedicated internal platform team chartered to build and run AI infrastructure.

  • Your regulatory exposure is low, or your use cases are low‑risk and internal‑only.

  • You’re comfortable owning security, governance, and observability as long‑term commitments.

A Platform Approach Makes More Sense When:

  • You operate in a regulated domain like banking, insurance, healthcare, or capital markets.

  • You have aggressive timelines for time‑to‑value and limited capacity to build from scratch.

  • You need end‑to‑end governance, lineage, and auditability from day one.

  • You want internal teams to focus on business logic and use cases, not re‑implementing plumbing.

In practice, most large financial institutions end up with a hybrid approach: open source for experiments and edge cases, an enterprise platform as the production control plane.

How Artian AI Complements, Not Replaces, Open Source

At Artian, we see many teams already experimenting with LangGraph, LangChain, and other frameworks. That’s healthy. It signals a strong internal engineering culture.

Our view is this: 

  • Keep experimenting with open source at the edge.

  • Let a financial‑grade multi‑agent platform handle production workloads where governance, scale, and resilience truly matter.

Artian is designed as that platform layer:

  • Governance‑first architecture: policy‑as‑code for which agents can do what, when, and on whose behalf.

  • Deep observability and lineage: full traces across agents, tools, and systems, with exportable evidence for internal audit and regulators.

  • Financial‑services‑ready integrations: connectors into core banking, trading, risk, and data platforms, so agents operate where your business already lives.

  • Operational reliability: SLAs, support, and a roadmap aligned with the realities of large, regulated enterprises.

Your engineers still get to choose the best‑fit frameworks and models. Artian becomes the orchestrator, guardrail, and audit trail that lets those choices scale safely.

Keith Andrew
Next

Governance in AI for Financial Services: The Hidden Engine of Speed and Scale