In this article:

• What Makes AI SaaS Extraction Different From Conventional SaaS Surveillance
• How Does Fine-Tuning Create a New Lock-In Architecture
• How Do Salesforce Einstein and Google Gemini Extract From Existing SaaS Lock-In
• What Open Source AI Alternatives Run on Infrastructure You Control
• What Does the EU AI Act Require From AI SaaS Platforms
• Frequently Asked Questions
• Does using ChatGPT or Claude for business mean my data is being used to train AI models?
• What is the open source alternative to AI SaaS tools?
• How does AI fine-tuning create stronger lock-in than conventional SaaS?
• References

AI SaaS tools occupy a specific position in the enshittification cycle: they arrive in phase one with an unusually compelling value proposition, they build lock-in faster than any previous category of SaaS, and the behavioral surplus they extract is more valuable than anything the previous generation of SaaS platforms collected. The pitch deck is better. The extraction model is worse. Both of these things are true simultaneously.

The genuinely useful parts of AI SaaS tools should be named rather than dismissed. An AI writing assistant that helps a small team produce more content with fewer resources is delivering real value (like this blog that you're reading, where I gathered the topics I wanted to talk about but also cited the resources I'm backing my arguments with).

An AI analysis tool that identifies patterns in operational data faster than manual review is solving a real problem. An AI customer service layer that handles routine inquiries without human time is reducing a genuine operational cost. The tools work. The extraction model attached to the tools is the problem, not the tools themselves.

Shoshana Zuboff's surveillance capitalism framework identifies behavioral surplus as the core extraction mechanism: the data generated as a byproduct of using a product, appropriated by the platform and converted into predictions sold to third parties. AI SaaS extracts behavioral surplus more aggressively than conventional SaaS because the product is the model, and the model improves when it trains on your data.

When you use a ChatGPT Enterprise or similar AI assistant inside your business, you are generating training data. The prompts you write, the outputs you accept or reject, the corrections you make, the use patterns you establish: these are behavioral surplus in Zuboff's sense, and they are additionally training data that improves the model's performance for the platform's other users. You are paying a subscription fee for a product that simultaneously trains on your proprietary operational intelligence to become better for your competitors.

The terms of service vary by platform and have evolved in response to user and regulatory pressure. OpenAI's enterprise terms offer opt-out provisions for training data use. Google's Gemini for Workspace has similar provisions. The existence of opt-out provisions is not the same as the absence of extraction: default settings, the friction of the opt-out process, and the complexity of what is and is not covered by the opt-out all affect whether the opt-out produces meaningful data sovereignty. And this is where it's already smelling like caca.

Conventional SaaS lock-in accumulates through operational data: the workflow history, the audit trails, the baseline comparisons that make leaving expensive because you lose what you built. AI SaaS adds a second lock-in mechanism: model fine-tuning. An AI tool that has been trained on your specific operational language, your client communication patterns, your industry terminology, and your content style produces outputs that are calibrated to your context. A generic AI tool does not. The longer you use a fine-tuned AI tool, the larger the gap between its outputs and what you would get from a generic alternative, and the higher the switching cost becomes.

This fine-tuning lock-in is more durable than operational data lock-in because it is less visible and harder to export. You can export your operational data in CSV format even if the export is incomplete. You cannot export the fine-tuning that has been applied to a proprietary model. The intelligence that the platform has developed about how to serve your specific context is proprietary to the platform. When you cancel, you lose not just your data but the model calibration that made the tool specifically useful to you.

Salesforce Einstein and Google Gemini for Workspace represent the most visible integration of AI capability into existing SaaS lock-in architectures. Both are offered as additions to existing platform subscriptions, at additional cost, and both are designed to deepen the data integration between the AI layer and the underlying platform data.

Salesforce Einstein processes your CRM data to generate predictions about customer behavior, sales outcomes, and service issues. The value proposition is genuine: predictive analytics built on your operational history is useful. The extraction consequence is that your CRM data, which already lives inside Salesforce's infrastructure, is now also training an AI system that Salesforce sells to its entire customer base. The competitive intelligence embedded in your sales data is contributing to a model that your competitors, if they are also Salesforce customers, benefit from.

Google Gemini for Workspace processes your email, documents, calendar, and communication data to generate summaries, drafts, and recommendations. The integration is deep by design: the AI layer is useful precisely because it has access to your complete operational context inside Google's infrastructure. That depth of access is also the depth of the extraction. Every business document you generate, every email thread you manage, every calendar pattern you establish is now accessible to an AI system that Google operates across all of its enterprise customers.

The alternative to AI SaaS extraction is not the absence of AI tools. It is AI tools that run on infrastructure you control, trained on data that stays in your possession, producing outputs that do not contribute to a proprietary model owned by a platform with its own interests.

Ollama is an open source tool for running large language models locally on your own hardware. It supports a growing library of open source models including Llama, Mistral, and Gemma. Running a model locally means that the prompts you submit and the outputs you receive stay on your machine. Nothing leaves your infrastructure. The model does not train on your data. The extraction model is absent because the infrastructure relationship is absent.

Open WebUI provides a browser-based interface for locally-run models that approximates the user experience of ChatGPT without the extraction architecture. Combined with Ollama, it provides a self-hosted AI assistant that runs on a reasonably modern laptop or on a VPS with GPU access. The capability is narrower than the frontier models available through SaaS platforms. The data sovereignty is complete.

For businesses that need more capability than a locally-run open source model provides, running AI inference on infrastructure you control through providers like Hetzner or Vultr with GPU instances is more expensive than a SaaS subscription but maintains the data sovereignty that SaaS AI tools do not. The cost premium is real. The extraction cost of the SaaS alternative is also real, and it is not on the invoice.

The European Union's AI Act, which entered into force in 2024, imposes transparency and data governance requirements on AI systems that process personal data. The act's requirements include disclosure of training data sources, limitations on the use of personal data for AI training without explicit consent, and rights for individuals to contest AI-generated decisions that affect them. These requirements apply to AI SaaS platforms operating in the EU, which includes most of the major platforms through their European operations.

The regulatory pressure is moving in the direction of data sovereignty, but regulatory compliance is not the same as data sovereignty in practice. A platform that complies with the EU AI Act's disclosure requirements is telling you what it extracts. It is not stopping the extraction. The opt-out provisions that regulatory pressure has produced at OpenAI and Google reduce but do not eliminate the behavioral surplus extraction model. The only complete solution is the same solution that applies to conventional SaaS: infrastructure you control, with data that does not leave it.

It depends on the product and your settings. OpenAI's enterprise tier and API usage are opted out of training by default. The consumer ChatGPT product historically trained on conversations unless opted out. The relevant question is whether your specific tier and settings exclude your operational data from training.

Ollama allows running open source language models locally on your own hardware or VPS. Open WebUI provides a browser interface approximating ChatGPT. Models including Llama, Mistral, and Gemma run locally with no data leaving your infrastructure. The data sovereignty is complete. the full self-hosted stack that local AI infrastructure fits inside.

Conventional SaaS lock-in accumulates through operational data. AI fine-tuning adds a second lock-in layer: the model's calibration to your specific language, context, and content style. That calibration is proprietary to the platform. You cannot export the fine-tuning. When you cancel, you lose not just your data but the model intelligence built from it.

Zuboff, Shoshana. The Age of Surveillance Capitalism. PublicAffairs, 2019.

Zuboff, Shoshana. "You Are Now Remotely Controlled." The New York Times. January 2020.

Varoufakis, Yanis. Technofeudalism: What Killed Capitalism. Bodley Head, 2023.

Doctorow, Cory. Pluralistic. pluralistic.net.

OpenAI. "ChatGPT Enterprise." openai.com/enterprise.

Google. "Gemini for Workspace." workspace.google.com.

Salesforce. "Einstein AI." salesforce.com.

European Union. "EU Artificial Intelligence Act." Official Journal of the European Union. 2024.

Ollama. ollama.com.