The NoCode CTO
ai-native-workflows

How to audit your AI dependency

Would your business still function if OpenAI went dark tomorrow? Most founders can't answer that with confidence. Here's the audit that surfaces it.

· 2 min read min read

How to audit your AI dependency

Draw a line down the middle of a page.

Left column: things in your business that would still work if OpenAI went dark tomorrow.

Right column: things that wouldn't.

Most founders have never done this. When they try, they realise they can't populate either column with confidence. The AI dependency isn't mapped anywhere. It's just there, running through everything.

Start with the vendors

Before you can audit the dependency, you have to know who you're depending on.

List every AI model your business calls. Not tools — models. If your team pastes prompts into ChatGPT, that's OpenAI. If your CRM's AI features are on, find out whose model is behind them (often OpenAI, sometimes Anthropic, sometimes Google, occasionally the vendor's own). If you're using Perplexity, that's a wrapper around several providers depending on the query. If you have automations calling APIs directly, name the endpoint.

This exercise usually surprises people. A business with "one or two" AI tools often turns out to have six or seven models in the estate, from four different vendors.

Then walk the workflows

For each business process (sales, ops, customer service, finance), ask a simple question. If the AI in this process stopped working tomorrow, what happens?

Three answers are common.

The process continues manually. Someone was faster with AI; they'll be slower without it. Annoying, not urgent. This is a healthy dependency.

The process stops until a human takes over the automation. The workflow was designed around AI being in the loop. Someone has to step in and do the classification, drafting, or routing by hand until you rewire. This is a real dependency and needs a runbook.

The process breaks and nobody knows how to fix it. The automation was built by someone who's not here anymore, or set up in a low-code tool nobody's opened since. This is a critical dependency and a business risk.

Most estates have at least one process in the third category. Founders don't discover it until the day it breaks.

The vendor risk

For each dependency in categories two and three, ask what happens if the specific vendor changes something. Three scenarios matter.

The API price goes up. Is your business economics still viable? For most companies at current usage levels, yes. But this is the first assumption that stops being true as usage grows.

The model behaviour changes. New version, different tuning, different tone. Your prompt library, tested against last quarter's output, may not perform the same way. This is drift, and it happens without notice.

The vendor deprecates or discontinues the API. Rare so far, but the AI market is consolidating and re-pricing. GPT-3.5 was retired within eighteen months of shipping. Assume any model you're building against today will be retired within two years.

The one-page summary

At the end of the audit you should have a page that lists: which AI vendors you depend on, which processes call them, what breaks if each one is unavailable, and who owns the fix.

If you don't have that page today, you're using AI, not managing it. That's most businesses.


Want help running this audit? Book a conversation and we'll walk it with you.

Robin Carswell

More on

Worth a conversation.

No pitch deck. No commitment. Just a conversation about what technology is and isn't doing for your business — and whether we can help.

Book a conversation →