The regulated-enterprise angle is the interesting part. Bedrock's whole pitch to those customers was "your data never leaves your AWS boundary" — that's the line that gets it through procurement and compliance reviews. A 30-day retention requirement where traffic crosses into the vendor's boundary quietly invalidates that, and for healthcare/finance/gov it's not a knob they can flip no matter how good the model is. This is exactly why we keep our LLM layer provider-agnostic with a self-hosted fallback (Ollama-class models) for data-sensitive paths — you eat a capability hit, but you keep the option of not sending regulated data anywhere. The risk TZubiri names is real: the moment you're reaching for "vendor_specific_parameters," the neutrality you bought the aggregator for is already gone.