When a vendor says their model is "open source," they might mean the weights are publicly downloadable. They might mean the architecture is documented. They might mean the license allows commercial use. They probably don't mean what the Open Source Initiative has meant by "open source" since 1998: that the software can be freely used, modified, and distributed, with access to the source code, under a license that doesn't discriminate against any person, field of endeavor, or distribution channel.
Almost no frontier AI model meets that definition. Your buyer may not know this. You should.
The Spectrum
Three terms, used interchangeably in vendor materials and almost nowhere else, mean genuinely different things.
Open-weight means the trained model weights are publicly released and the architecture is documented. You can download the model, run it, and modify it. What you're not getting: the training code, the training data, or any guarantee about what the license permits commercially. The weights are the artifact — think of them as the compiled binary, not the source.
Open-source in the OSI sense means weights plus training code plus training data, released under a license that meets the OSI Open Source Definition. By this standard, essentially no major frontier model qualifies. The training data alone disqualifies most of them — it's either proprietary, legally encumbered, or simply not released.
Source-available is the catch-all for everything in between: weights released, but under terms that restrict commercial use, impose user thresholds, or require separate licensing agreements for large deployments. This is where most "open" AI models actually live, whether or not they're marketed that way.
The License Anchors That Actually Matter
Three licenses cover most of what you'll encounter in enterprise conversations.
Apache 2.0 (Mistral, Google Gemma): Permissive commercial use, attribution required, explicit patent grant. If a buyer's legal team is comfortable with Apache 2.0 software, they'll be comfortable with Apache 2.0 model weights. The patent grant is the detail that matters for enterprises with IP exposure concerns.
MIT (DeepSeek): Even more permissive — minimal conditions, commercial use allowed, no patent grant language. The simplest license in common use, and the one with the fewest procurement complications.
Llama Community License (Meta's Llama family): Meta's license is not Apache 2.0, not MIT, and not OSI-approved. It's a custom license that permits commercial use — with one threshold that matters: if your product or service has more than 700 million monthly active users, you need to request a separate license from Meta. For most enterprise deployments, this clause is irrelevant. For hyperscalers, it's a negotiation. For everyone, it's a reminder that "open" and "no restrictions" are not synonyms.
For any model claiming to be "open": find the license, read the use restrictions, and ask whether your buyer's legal team would sign off on it without a follow-up call to the vendor.
Okta Concept Mapping: "Standards-Based" vs. "Open Source"
In identity, you've heard vendors claim "standards-based" when they mean "we support SAML" — not "we publish our implementation for audit." The analogy holds: both labels signal openness without specifying what's actually open. Where it breaks: identity has governing bodies (IETF, OASIS, OpenID Foundation) that publish normative specifications with conformance criteria, and OSI has a 10-point definition that either a license meets or it doesn't. In AI, no equivalent authority certifies model releases. The "open source" label is self-applied, which means it carries exactly as much weight as the releasing organization's credibility. That's the gap your buyer's legal team will find, if you don't find it first.
What This Sounds Like on Tuesday
A CAIO asking "is this model open source?" is usually asking one of three different questions: Can we audit the weights? Can we run it on-premises without a vendor dependency? Are there license restrictions that legal needs to review?
The answers to all three are different, and conflating them is how sellers lose credibility with technically fluent buyers. A response that holds up: "It depends what you mean by open. The weights are publicly available under [specific license]. That means [what it permits]. What it doesn't include is [training data / training code / unrestricted commercial use at scale]."
Buyers who've navigated open-source software procurement recognize that distinction immediately — and they'll trust the seller who makes it over the one who says "yes, it's open source" and moves on.
"Open" isn't going to get more precise on its own. Vendors have every incentive to use it broadly. Knowing the spectrum and naming the specific license is what keeps you out of that gap when procurement starts asking questions.