Home Photo of Alan.

The Hidden Cost of AI Code

This article was written with assistive LLM support (Qwen 3.6).

The economics of AI have hit a wall. Running frontier models at scale costs billions per quarter, and investors are no longer willing to fund those losses indefinitely. Providers have responded by pricing to survive — some have 5-10x’d their prices, with certain frontier models even more expensive than that. Most are still losing money, but at a dramatically reduced rate.

The result: frontier models are no longer practical for many everyday use cases. The compute overhead is too high, the latency too long, the pricing too punitive for sustained work. Developers are looking elsewhere.

That’s where stealth models and “free” tiers come in. But the data collection practice isn’t limited to them — many paid models, including enterprise tools, still train on your inputs. The distinction is one of degree and transparency, not kind.

Secondary providers can’t compete with frontier models on raw capability — the compute costs are prohibitive. So data collection is their only path to catching up. This creates a self-reinforcing cycle: frontier models get stronger from public data, secondary models try to bridge the gap via private data, developers get sucked in by price, and the gap widens further.

The companies that will win at AI aren’t the ones with the best models today — they’re the ones who collected the most diverse, high-quality, real-world interaction data during the training window. That’s the actual moat, not the model weights themselves.

What they’re actually collecting

Most current models were trained heavily on GitHub, Stack Overflow, and other public sources. That data is now well-represented and arguably saturated. The next frontier for training data is private codebases.

It’s not about getting full repositories leaked. It’s about observing patterns that no GitHub scraper can match:

  • Architecture patterns — how teams actually structure projects, not how they write READMEs
  • Code review practices — what gets changed, why, and what “good” looks like in practice
  • Domain-specific conventions — finance, healthcare, embedded systems where public data is sparse or outdated
  • Refactoring patterns — how code evolves over time, not just the final state

When an agent tool sends your codebase as context, the model processes those tokens during inference. If the provider logs that interaction, they’re building a corpus of how code is actually written and modified.

The value proposition for stealth providers is straightforward: they get access to private, current, real-world development practices at near-zero marginal cost. The more proprietary code they observe, the better their next model becomes at understanding real development workflows. Competitors who only have public data fall further behind.

This works because developers trust agent tooling to handle their code context safely. Nobody thinks “this free model is learning my architecture patterns.” They think “it’s just reading my code to help me write code.” The data collection happens in the blind spot between convenience and awareness.

Users as unwitting data sources

There are several layers of opacity here:

  • Zero knowledge that users are being used as data sources
  • No consent, no opt-out, no transparency
  • The “organic” quality degrades quickly once people figure out the game (prompt injection, benchmark farming)

If the compute cost is less than what a company would spend on a traditional data acquisition pipeline — hiring annotators, running surveys, contracting researchers — then yes, it’s efficient. But it externalizes the cost onto users while internalizing the benefit entirely to the company.

It’s surveillance infrastructure disguised as a service.

Why “patterns only” isn’t a defense

The “patterns only” argument holds up in theory but breaks down in practice:

  1. Memorization happens. Models don’t just learn abstract patterns; they can memorize specific code structures, logic flows, or even full functions if training was aggressive enough. There are documented cases of models regenerating verbatim snippets from their training data when prompted correctly.

  2. Model inversion attacks. Even if raw code isn’t “leaked,” a competitor with access to the model (via API or open-weight release) can sometimes reverse-engineer specific features or architectures that look suspiciously like your private work.

  3. The competitive advantage leak. If you’re using a free model to solve a unique business problem, and that model gets better at solving that exact type of problem because of your input, you’ve just subsidized your competitor’s R&D. You didn’t give them the code — you gave them the recipe for how you think.

The employment risk no one talks about

Most employment contracts have clauses about IP and data security. By sending private code to an unvetted third-party model — especially one known for training on inputs — you might be violating your company’s security policy or even your contract, regardless of the provider’s privacy stance.

You are effectively bypassing the “security review” gate by using a tool that doesn’t require one.

The real choice

The binary isn’t as clean as it appears. Enterprise tiers claim strict data guarantees, but those guarantees are contracts, not technical commitments. They can change. They’re enforced by lawyers, not code. And some providers quietly retain rights to use enterprise inputs for model improvement. Read the fine print.

Data retention policies also vary more than the marketing suggests. Some providers don’t train on inputs for paid tiers — it’s just that they don’t advertise it clearly. Others have different policies across tiers. A quick note: research individual provider policies before committing. The landscape shifts fast, and what’s true today may not be tomorrow.

It’s not a clean choice — it’s a risk calculation. The question isn’t whether there’s a good answer, but how you decide which risk you’re willing to take:

  • Enterprise route: Pay for the tier with data guarantees. Cost: hundreds per month. Value: Legal recourse if things go wrong. Not necessarily IP protection.
  • Free route: Use the stealth model. Cost: $0. Risk: Potential IP leakage, employment liability, subsidizing competitors.

You’re making a calculated bet that convenience is worth the risk. That’s a personal choice. But the unease you feel is your internal security auditor screaming that you just handed your source code to a black box with no audit trail.

If the code is truly sensitive — proprietary algorithms, client data, core IP — hundreds buys you more than compute. It buys you sovereignty over your work product. If it’s boilerplate or low-risk stuff? Maybe the trade-off is worth it. But “maybe fine” is a dangerous place to rest when the alternative is an NDA violation.