What it means
Even the simplest AI deployment touches a handful of third-party services. A WhatsApp AI agent depends on Meta's WhatsApp Business API, respond.io or GoHighLevel for the inbox, OpenAI or Anthropic for the model, Make.com for orchestration, and probably Twilio or AWS for telephony or email. Each is a contract, a price, and a potential failure point.
Designing around third-party services is a discipline. Pick vendors that publish SLAs, take security and data residency seriously, and have a real product roadmap. Avoid stacks where one critical link is a side project.
Why it matters
An AI deployment is a chain of third-party services as long as your arm. The deployment is only as reliable as the weakest link, and the deployment's monthly cost is the sum of every vendor's bill. Both are worth modelling before you commit.
It is also where compliance lives. A vendor without a DPA, without ISO 27001 or SOC 2, without a data residency commitment, will be the one your DPO or auditor stops at. The vendor choice is a compliance choice.
Example
A wealth advisor's AI deployment lists eleven third-party services: Microsoft Azure OpenAI, respond.io, Stripe, Google Workspace, HubSpot, Calendly, Sentry, AWS, Cloudflare, Make.com, and a sovereign Singapore PDF-extraction API. Each one has a DPA on file. The compliance officer signs off on the stack before the build starts.