Skip to content
zensation

Research

🔬

Research overview

Three tracks, architecture and agenda

📐

Methodology

Operational standards and validation

📄

Publications

Preprints, software, identifiers

⚖️

Research ethics

Fundamental rights and compliance

🧰

Resources

Code, data, citation, open science

Collaboration & applications

🏛️

Public sector & funding

Collaborations in the public sector

🧭

Adopt AI

Neutral roadmap & interactive simulation

🛡️

Protecting public spaces

Track B — rights-preserving early warning

⚙️

Technology

ZenBrain — our open core

PublicationsAboutOpen SourceBlog
Contact
zensation

Research

🔬Research overview📐Methodology📄Publications⚖️Research ethics🧰Resources

Collaboration & applications

🏛️Public sector & funding🧭Adopt AI🛡️Protecting public spaces⚙️Technology
PublicationsAboutOpen SourceBlogContact
Blog
Analysis

You Can't Host Trust

Alexander Bering
Alexander Bering
July 3, 2026 · 5 min read

I build AI that remembers, and I build it open. For me that isn't a marketing choice, it's a conviction: AI in real enterprise use belongs in the open. Not out of ideology, but because it's the only way you truly know what happens with your own data. Let me make the case, and be honest about where it breaks down.

Most companies pick their AI by the model. Which one is strongest, fastest, cheapest. To me that's the wrong first question. The first question is: can you verify what the system does with what you entrust to it? For almost everything sold as enterprise AI today, the honest answer is no. You get a promise, not a right to inspect.

The comfort of "open weights" doesn't hold

A reflex I see often is to reach for an open model. It feels sovereign, but it doesn't deliver what the name suggests. "Open weights" is not the same as open source. The Open Source Initiative has explicitly called Meta's "open" Llama license open-washing. More importantly: even a fully open model doesn't make your application auditable. The model is only the engine. What happens to your data is decided by the layer above it: the application, the memory, the orchestration, the governance. For most vendors, that exact layer stays hidden.

What has to be open, and what does not

So let me put it precisely. Not "AI must be fully open." Rather: the layer that touches your company's data must be open and auditable. The model underneath you may rent and swap like a supplier. The memory and the rules by which your AI handles your knowledge, you should own and be able to inspect. Sovereignty isn't a question of where your data sits, but of who controls the layer that turns it into value.

Why open, and what is wrong with the slogan

Here honesty matters more than the convenient line. "Open source is more secure" is not a defensible claim; the available studies show no systematic security advantage, as a much-cited analysis noted back in 2009. The real reason is older and deeper. It sits in a foundational security text from 1975: a system must not rest its security on the secrecy of its mechanism, only on well-protected secrets like keys and credentials. Translated: the mechanism by which your AI handles your data must not be a trade secret. Openness doesn't give you the vendor's word, it gives you the ability to have auditors of your own choosing look for themselves. To me, that is the whole difference between trust and control.

The honest limits

So that this does not become a sales promise, the limits belong with it. Openness raises your short-term exposure, because attackers can read along. It doesn't guarantee anyone actually audits. And even audited source isn't automatically what ends up running as the binary. Openness is not a seal of approval. It is the precondition that makes auditing possible at all, and that precondition simply does not exist in closed systems.

Why this matters now

That this is not an academic question, the state itself now makes clear. In 2026 Germany's Federal Office for Information Security (BSI) published a criteria catalog that names the core risk directly: "cyber dominance," the ability of vendors to retain permanent access to their customers' systems and data. It isn't an obligation, but it makes measurable what was long only a bad feeling. Anyone who wants to renegotiate, switch, or simply know what is happening tomorrow needs the auditable, transferable layer today.

The uncomfortable objection

Doesn't openness give away your edge? Only if your edge is in the source code. In serious systems it isn't. It's in the architecture of the memory, in the governance, in how humans and machines work together, and in years of execution. That is why a viable business model and real openness don't exclude each other. The path is open core: the core, everything that touches your data, is open and auditable; you pay for operation, efficiency, and support. And when that is meant seriously, there is a promise you can make in public: what is open once never moves behind a paywall.

I don't say this from a distance

My memory core is open source. The system on top we build as open core, under a license that preserves openness instead of extracting from it. It is mid-development, and we build it in the open. I consider that the most honest form of independence. Not "trust us," but "see for yourself."

The real strategic question

It isn't which model you choose this year. It's whether you can inspect, audit, and if needed take over the layer that turns your data into value, at any time. Everything else is borrowed control. And trust you can't verify is just another word for dependence.

Share on XShare on LinkedIn

Related Articles

What Remains When the Model Disappears?

In June, a leading model was switched off three days after launch. Models come and go. What remains is the knowledge layer above them. The real question is who owns it.

AI Isn't the Problem. Implementation Is.

Five in a hundred companies capture real value from AI. It is almost never the technology. A trip through the research, and an old story from an English coal mine that explains why.

The Human Keeps the Last Word: How We Work With AI

The most important question isn't what AI can do, but what relationship we want with it. On humans-in-the-loop, an AI allowed to say 'I don't know', and why the human keeps the last word.

© 2026 Alexander Bering / ZenSation Enterprise Solutions

HomeResearchMethodologyResearch ethicsPublic sectorPublicationsResourcesAdopt AIOpen SourceTechnologySystem explorerAboutBlogRSSChangelogPrivacy PolicyLegal NoticeAccessibility
GitHubLinkedInarXivZenodoORCIDScholarSemantic ScholarHuggingFacenpmDiscord