Artificial Intelligence & Machine Learning
,
Next-Generation Technologies & Secure Development
Lower-Cost AI Model Could Cut Agent Costs But Raise Enterprise Risks
Microsoft’s ubiquitous Office suite could come bundled with the Chinese-made DeepSeek artificial intelligence model, a move Redmond said may be necessary given the high costs of running U.S.-made models.
See Also: Edge Transformation: Top 5 SASE Predictions and Trends
Embedding DeepSeek into the computing giant’s Copilot AI digital assistant raises obvious geopolitical and security risks, even if it comes with a lower price tag for customers. Mitigating those risks could even become an additional cost consideration for organizations in the future.
As first reported by Axios, Microsoft said it is testing alternative models to Anthropic’s Opus 4.8, Sonnet 4.6 and Open’s GPT-5.5 from OpenAI, which currently power Copilot Cowork, the agentic AI feature in Microsoft 365.
“DeepSeek is one of several models under consideration. We’ll share more specifics on the underlying model closer to release,” a Microsoft spokesperson told ISMG. The company has not made a final decision on any new models that will power Copilot Cowork.
Copilot Cowork lets users delegate tasks to AI agents, including those that require multiple steps. This kind of agentic use case can get expensive because the agents need to hold their state and remember prior conversations, tool use and reasoning, tasks that accumulate more and more tokens. Every time the agent calls an API or taps data, it adds to the cost. Much of the pricing for these agents depends on the models that power them – and given the capabilities of both Anthropic and OpenAI, costs can accumulate quickly.
Copilot Cowork users have two payment options: either a pay-as-you-go or a usage volume in advance system. The pricing is also based on the models’ API costs. For example, Claude Opus 4.8 costs $5 per million input tokens and $25 per million output tokens.
DeepSeek is a famously less expensive option, charging $0.28 per million output tokens for DeepSeek v4. But its country of origin may be a difficult hurdle for users and Microsoft to overcome, given long running suspicion in the West of any technology coming out of China.
Microsoft said that any DeepSeek model it adds will be fine-tuned with additional safeguards and hosted within its Azure cloud environment to address data-residency concerns. The company is also developing its own cheaper model, Cowork 1, that could operate underneath Copilot Cowork.
DeepSeek v4 and other Chinese models have come under scrutiny, particularly after the House Select Committee on China launched an investigation in April into the adoption of these systems by U.S.-based companies. A recent Booz Allen Hamilton report found that Chinese LLMs produced more vulnerable code when prompted by a U.S. government persona and could inject political bias into their responses. DeepSeek v4-Pro scored the lowest among Chinese models in Booz Allen’s vulnerability and bias tests.
One way enterprises could mitigate potential risks from DeepSeek v4 in Copilot Cowork is to add their own guardrails – an approach could bring additional costs that negate Microsoft’s offering a cheaper option.
Yves-Gabriel Leboeuf, co-founder and CEO of Deck, told ISMG that even cheaper models become expensive if organizations need additional retries, validation or oversight to get the same outcome.
“The instinct is always to pile on oversight layers, but that’s the expensive, reactive path,” Laboeuf said. “What actually works is architectural. You just don’t let the platform directly touch your sensitive systems. You put a mediation layer in between that controls what the agent can see, what it can do and what it can write back.”
He added that ultimately what matters more is auditability.
“Chinese origin models raise real questions around training data provenance and reinforcement learning with human feedback objectives, not because of geopolitics, but because you have basically zero visibility into the process. But U.S. labs aren’t automatically trustworthy either; they’re just more litigable,” Laboeuf said.
Jason Corso, a computer science academic at the University of Michigan and co-founder of Voxel51, said in a separate interview that even domestic models should be thoroughly validated and internally de-risked, so the geographical origin of models is of less critical focus.
What enterprises must ensure when third-party providers like Microsoft add open-source models is a “more significant level of expertise internally in DevOps and infra, along with expertise in measuring bias and hallucination risk along the most critical axes of an enterprise,” Corso said.