Sign in Subscribe
By Phil Heller

The Need for a Model-Independent Operating Layer

The winning architecture is not allegiance to one frontier model, but a model-agnostic, task-specific, independently measurable operating layer that can route, test, govern, and verify AI work outside the provider’s own story.

Frontier Models Are Improving - But Not in the Same Way

The week’s headline model news was Anthropic’s release of Claude Opus 4.8, which the company positioned as a “modest but tangible improvement” over Opus 4.7, with stronger performance across coding, agentic tasks, reasoning, and professional work. Anthropic also introduced dynamic workflows in Claude Code, allowing Claude to plan larger tasks and run hundreds of parallel subagents, along with user-controlled effort settings and API changes that let developers update system instructions mid-task. (anthropic.com)

The point is not that Claude, GPT, Gemini, or any other model “won” the week. The point is that the frontier is fragmenting by task profile. One model may be better for long-codebase migration, another for spreadsheet reasoning, another for low-latency retrieval, another for multilingual or regional deployment, and another for high-risk professional review. The enterprise question is no longer “Which model is best?” It is: best for what task, under what cost, risk, latency, governance, and review standard?

The Benchmark Layer Is Becoming a Business-Critical Control

Cisco’s May 27 research landed directly on the measurement problem. The company tested 15 proprietary frontier models from OpenAI, Anthropic, Google, Amazon, and xAI using both single-turn and multi-turn adversarial evaluations. Cisco’s test set included 30,090 single-turn prompts and 6,986 multi-turn attacks across 1,456 conversations, and the company’s conclusion was blunt: single-turn safety benchmarks are not a reliable proxy for real-world multi-turn attack behavior. (blogs.cisco.com)

That matters because enterprise AI is becoming conversational, tool-using, and persistent. A one-shot refusal test does not tell a CISO, product leader, or general counsel how an AI agent behaves after a user reframes the request, adds context, changes persona, escalates step by step, or moves from “answer this” to “take this action.” In other words, the object being evaluated is no longer merely the model’s answer. It is the model’s behavior across an environment.

This is the clearest responsible-AI signal of the week: provider-published benchmarks are useful inputs, but they cannot be the enterprise measurement layer. If the model provider controls the model, the benchmark, the dashboard, the pricing meter, and the safety narrative, the buyer does not have governance. It has vendor trust.

Task-Specific Evaluation Is Replacing General Model Rankings

OpenAI’s recent GPT-5.5 rollout also fits the pattern. OpenAI said GPT-5.5 Instant produced 52.5% fewer hallucinated claims than GPT-5.3 Instant on high-stakes prompts covering domains such as medicine, law, and finance. Separately, OpenAI said GPT-5.5 set a new state of the art on Databricks’ OfficeQA Pro benchmark, reducing errors by 46% compared with GPT-5.4 and surpassing 50% accuracy on complex enterprise document tasks. (openai.com)

Those are meaningful claims — but they are still claims within defined test environments. For a real enterprise, the next step is not simply to accept the published score. It is to ask whether the task resembles the enterprise’s actual workflow: scanned PDFs or born-digital documents, legal agreements or invoices, structured spreadsheets or messy exports, low-stakes summarization or regulated decision support.

The architecture implication is straightforward: enterprises need their own task registry and evaluation harness. A legal-drafting agent, customer-support classifier, financial-modeling assistant, code-migration agent, and board-materials summarizer should not be evaluated on the same generic leaderboard. Each should have its own success criteria, test set, human-review threshold, latency band, failure modes, and escalation rules.

Multi-Model Is Not Enough Without an Independent Control Plane

The market is converging on multi-model language, but “multi-model” by itself is not the answer. A routing layer that merely swaps one provider for another is still shallow if it does not measure outcomes, log decisions, test degradation, price tasks, enforce policy, and preserve auditability.

Google’s Gemini Enterprise agent materials show how major platforms are moving toward interoperability. Google describes its Agent2Agent protocol as enabling agents to communicate and interoperate regardless of underlying model or platform, while Gemini Enterprise is positioned as an agentic platform connecting enterprise content, assistants, and workflows. (cloud.google.com)

But the deeper strategic question is whether the control plane belongs to the enterprise or the provider. If the same vendor supplies the model, workflow builder, agent runtime, observability layer, memory layer, evaluation layer, and billing layer, the buyer may gain convenience while losing independent judgment. That is the new lock-in risk: not just model lock-in, but measurement lock-in.

The better pattern is:

  • Model-agnostic: The system can use Claude, GPT, Gemini, Qwen, open-weight models, or specialized models where appropriate.
  • Task-specific: Each workflow has defined performance, quality, cost, and risk thresholds.
  • Independently measurable: The enterprise can test and compare outputs outside the provider’s own dashboards.
  • Governable by design: Access, logging, review, escalation, and audit trails are built into the workflow.
  • Provider-portable: The business process survives if a model changes, degrades, becomes too expensive, or is restricted.

The Provider’s Meter Is Not the Enterprise’s Map

This week’s model releases, benchmark findings, and governance signals point to the same architecture principle: the provider’s meter is not the enterprise’s map.

The model provider can tell you token usage, benchmark scores, release notes, system cards, safety claims, and uptime. But it cannot fully tell you whether the model performed your task correctly, whether the output was fit for your risk profile, whether a cheaper model would have worked, whether a multi-turn adversary could have bypassed your controls, or whether a human reviewer should have been inserted earlier.

That is why the real AI operating layer has to sit above the model. It has to understand the task, route to the right model, measure the output, compare alternatives, enforce governance, and preserve the evidence trail.

Orthogonal Take

The frontier model race still matters, but it is becoming less important than the enterprise control layer around it. Claude Opus 4.8, GPT-5.5, Gemini Enterprise, and the next wave of agent platforms all reinforce the same lesson: intelligence is no longer scarce in the same way. Reliable deployment is.

The durable advantage will not come from betting everything on one model provider. It will come from building systems that are model-agnostic, task-specific, independently measurable, and governable by design. That is the line between AI as a demo and AI as infrastructure.

For founders, architects, operators, and counsel, the practical question is now simple: if your preferred model disappeared, degraded, changed price, changed policy, or failed your own eval tomorrow, would your workflow survive?

If the answer is no, you do not yet have an AI operating layer. You have a dependency.

Subscribe to Orthogonal

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe