Provider Concentration Risk
What is provider concentration risk?
Provider Concentration Risk measures what share of all tracked integrations involve the most central provider. Currently, one provider is involved in approximately 50% of all tracked integrations on sourc.dev. This is a market-level metric — it tells you how concentrated the AI infrastructure stack is. High concentration means high systemic risk if that provider changes terms.
Why it matters
If one provider's API goes down and 50% of all tracked tools are affected, that is a market risk — not just an individual vendor risk. Provider Concentration Risk quantifies this. It is computed from the entity_relations graph: how many tools depend on each provider, and how exclusive those dependencies are. This is the metric that enterprise procurement teams use to evaluate infrastructure resilience.
Where models stand
Data available for 1 of 271 tracked entities. Last updated 2026-03-31.
How sourc.dev tracks this
sourc.dev verifies provider concentration risk manually from official provider documentation, API responses, and published specifications. Every data point includes a source URL and verification date. When a value changes, the old value is preserved in the history table and the new value is recorded alongside it. Nothing is overwritten — the full timeline is always available.
sourc.dev verifies this attribute manually from provider documentation. Every data point includes a source URL and verification date. Changes are recorded in the history table — nothing is overwritten.
This attribute is verified periodically against provider documentation. When sourc.dev detects a change, the new value is recorded alongside the old one with full provenance.
Understanding provider concentration risk helps developers make informed decisions when choosing between models and providers. Rather than relying on marketing claims, sourc.dev provides verified, dated, source-linked data so the data decides.