Should you run AI agents on your own infrastructure or use a managed service? The question sounds simple. The answer depends on four variables: your data sensitivity requirements, your regulatory environment, your scale, and your team’s operational capacity. Most organizations get this wrong by treating it as a binary choice. The reality is a spectrum, and the smartest deployments are hybrids: self-hosted where control matters, managed where speed matters.
When to Self-Host
Self-hosting AI agents means running the agent runtime, MCP servers, and supporting infrastructure on compute you control: your cloud account, your data center, or your on-premise hardware. You own the deployment pipeline, the monitoring stack, and the operational responsibility. The trade-off is clear: more control, more work.
Four conditions make self-hosting the right call.
Data Residency and Compliance
If your data can’t leave your infrastructure, the conversation is short. Healthcare organizations handling PHI under HIPAA, financial services companies under SOX and PCI-DSS, government agencies under FedRAMP, defense contractors under ITAR. All face regulatory requirements that either prohibit or severely restrict sending data to third-party managed services.
AI agents make this harder than traditional software because of what they access. An agent processing customer support tickets reads customer PII. An agent managing financial workflows touches transaction data. An agent coordinating clinical operations handles protected health information. The data flows through the agent runtime, through the MCP servers, through the logging pipeline. Every component in the chain is a compliance surface.
Self-hosting puts the entire chain inside your compliance boundary. Your network, your encryption, your access controls, your audit logs. The compliance team reviews infrastructure they already govern. Contrast this with a managed service where you’re trusting a third party’s compliance posture, a posture you have limited ability to audit and zero ability to control.
Full Governance Control
Beyond regulatory compliance, some organizations need control over the execution environment itself. What model is the agent using? What version? What prompts are in the system? What tools does the agent have access to? Who approved those tool permissions? Can you produce an audit trail of every decision the agent made?
Managed services provide varying degrees of transparency here. Some offer audit logs. Some let you configure model selection. Few give you the level of control that governance-conscious organizations require. Self-hosting means you control the answers to every one of those questions. The model version is pinned in your deployment config. The tool permissions are defined in your MCP operator. The audit trail lives in your logging stack. When the governance team asks “what exactly is this agent doing?”, you can show them: not a vendor’s dashboard summary, but the actual configuration, the actual logs, the actual code.
Economic Scale
Managed AI agent services charge per seat, per agent, per action, per token, or some combination. At low volume, this pricing is efficient; you pay for what you use and the vendor handles operations. At higher volume, the math inverts. Five agents processing a hundred actions per day is cheap on a managed service. Fifty agents processing thousands of actions per day is expensive, and the cost is recurring, unpredictable, and controlled by someone else’s pricing decisions.
The breakeven point varies by vendor and workload, but a useful heuristic: if you’re running more than 5-10 agents with moderate daily activity, self-hosting infrastructure on your existing Kubernetes cluster is typically cheaper than managed service fees within the first year. The infrastructure cost is fixed and predictable. The managed service cost grows linearly with usage and is subject to the vendor’s pricing changes.
This is the same economic pattern that drove the cloud repatriation movement: managed services are great until the bill isn’t. Self-hosting gives you cost control and predictability at the expense of operational overhead.
Strategic Independence
The fourth condition is the hardest to quantify but the most important long-term. If AI agents are becoming core to your operations (not a side project, not a pilot, but central to how your business runs), you need to control the infrastructure they run on.
Building on a managed platform means your core operations depend on a vendor’s availability, pricing, feature roadmap, and business viability. The Windsurf incident demonstrated what happens when that dependency breaks. Over a million developers lost their primary tool overnight because one vendor made one decision about API access. For a coding assistant, that’s an inconvenience. For your financial operations or customer support pipeline, it’s a crisis.
Self-hosting eliminates single-vendor dependency for the execution layer. Your agents run on your infrastructure. Your MCP servers connect to your systems. Your deployment pipeline controls when and how updates roll out. No vendor decision can turn off your operations.
When to Use Managed Services
Self-hosting isn’t always the right answer. Managed services win on three dimensions.
Speed to Deploy
If you need agents running in days, not weeks, managed services are the faster path. No Kubernetes cluster to provision. No deployment pipeline to build. No monitoring stack to configure. You sign up, configure your agents, and start processing. For teams without dedicated infrastructure engineers, or for organizations that need a quick win to build internal support for AI, managed services compress the time-to-value.
The risk is building habits on the managed platform that create lock-in. If you start managed with the intent to self-host later, use portable artifacts from day one. Business-as-Code files (schemas, skills, context) transfer between environments. Vendor-specific workflow configurations don’t.
Moderate Data Sensitivity
Not every workload involves regulated data. Internal tooling, development workflows, content generation, research assistance. These workloads often have moderate data sensitivity that doesn’t require on-premise infrastructure. If your agents are summarizing internal documents or managing project workflows, the compliance requirements are lighter and a managed service’s convenience outweighs self-hosting’s control.
The evaluation: categorize your agent workloads by data sensitivity. High-sensitivity workloads (customer PII, financial data, health records) may require self-hosting. Moderate-sensitivity workloads (internal operations, development tools, general business processes) are candidates for managed services. This classification often leads to the hybrid model.
Small Agent Count
If you’re running two agents with light usage, the operational overhead of self-hosting exceeds the cost of a managed service. The infrastructure investment (Kubernetes, monitoring, logging, deployment pipeline) has a fixed floor that doesn’t make sense for small-scale deployments. Managed services absorb that operational cost into their pricing. At low volume, you’re paying less for the service than you would for the infrastructure team to maintain the self-hosted equivalent.
The Hybrid Model
Most enterprises land on a hybrid architecture. The pattern:
Self-host sensitive operations. Agents that process customer data, financial transactions, health records, or other regulated information run on internal infrastructure. The agent runtime, MCP servers, and data pipeline stay inside the compliance boundary. No external vendor touches this data.
Managed services for lower-risk workloads. Internal tools, development automation, content workflows, and research assistance run on managed platforms. The data sensitivity is lower, the compliance requirements are lighter, and the operational simplicity of managed services is worth the cost.
Shared artifacts across both. This is the critical architectural decision. The same Business-as-Code artifacts (schemas, skills, context files) work in both environments. A skill that defines how to qualify a lead works identically whether the agent runs self-hosted or managed. The domain knowledge is portable. The execution environment is interchangeable.
The hybrid model gives you compliance where you need it, speed where you want it, and portability between the two. The key is building on open standards (MCP) and portable formats (Business-as-Code) so that the boundary between self-hosted and managed is a deployment decision, not an architecture rewrite.
Infrastructure Requirements for Self-Hosting
Self-hosting AI agents is simpler than most teams expect, primarily because agents orchestrate; they don’t train. You’re not running GPU clusters. You’re running a lightweight runtime that makes API calls to external model providers and coordinates MCP servers.
Compute. The agent runtime is CPU-bound. Agents spend most of their time waiting for API responses from model providers and MCP servers. A modest Kubernetes cluster (even the one you already run for other services) handles agent workloads. You’re not provisioning GPUs unless you’re running local models, and most organizations use hosted model APIs (OpenAI, Anthropic, etc.) for inference.
Networking. MCP servers need to reach your internal systems (CRM, databases, APIs) and the agent runtime needs to reach external model providers. Standard network architecture: internal MCP server traffic stays on the private network, model API calls go outbound through your existing egress. If you’re running in a VPC, the MCP servers run inside it alongside your other services.
Storage. Agent context and logs need persistent storage. Context files are small; Business-as-Code artifacts are text files measured in kilobytes. Logs can be larger depending on your retention policy and audit requirements. Standard Kubernetes persistent volumes or an external log aggregator handles both.
Deployment pipeline. Agents, MCP servers, and their configurations deploy through your existing CI/CD pipeline. Helm charts for Kubernetes deployments. Git-backed configuration for agent definitions and MCP server manifests. Infrastructure-as-code for the underlying compute. If you already deploy containerized services, adding AI agents is an incremental change, not a new paradigm.
Monitoring and observability. Agent operations need logging (what did the agent do?), metrics (how long did it take? how often does it succeed?), and alerting (did something fail?). Standard observability tools (Prometheus, Grafana, your existing log aggregator) work. The agent runtime exposes metrics and structured logs. MCP servers produce their own operation logs. The monitoring infrastructure you already run for your other services extends to cover agents.
NimbleBrain’s Approach
We design for self-hosting and deploy managed when the client prefers. The NimbleBrain Platform runs on Kubernetes with Helm charts for deployment. Every component (agent runtime, MCP operator, LLM gateway, integration manager) is containerized and deployable on any K8s cluster. The same Business-as-Code artifacts that define a client’s agents work in both managed and self-hosted environments.
This isn’t an accident. It’s The Anti-Consultancy model applied to infrastructure. If we built a managed-only platform, clients couldn’t leave without rebuilding. If we built self-host-only, clients without K8s teams couldn’t start. The portable architecture means the client chooses their deployment model based on their needs, and changes that choice later without rearchitecting.
The progression most clients follow: start managed to move fast, validate the approach, and build internal confidence. Self-host when scale, compliance, or strategic independence makes it the right move. The migration is a deployment change because the artifacts and architecture are identical in both environments. No rewriting. No re-implementing. No rebuilding what you already built.
Escape Velocity, self-sustaining AI operations, requires infrastructure the organization controls. Self-hosting is how you get there. The question is timing, not direction.
Frequently Asked Questions
What infrastructure do I need to self-host agents?
Kubernetes is the standard. You need: compute for the agent runtime (CPU, not GPU; agents orchestrate, they don't train), networking for MCP server communication, storage for agent context and logs, and a deployment pipeline. The NimbleBrain Platform runs on K8s with Helm charts for standard deployment. Most companies with an existing K8s cluster can run agents alongside their other services.
Is self-hosting more expensive than managed services?
Initially, yes. You need infrastructure and operational expertise. At scale, it's typically cheaper. The breakeven is usually 5-10 agents with moderate usage. Below that, managed services win on simplicity. Above that, self-hosting wins on cost control and the elimination of per-seat or per-action SaaS pricing.
Can I start managed and move to self-hosted later?
If your architecture is portable, yes. Business-as-Code artifacts (schemas, skills, context) are plain files; they move anywhere. MCP servers are containers; they run anywhere. The migration cost depends on how much of your setup is vendor-specific. NimbleBrain's architecture is designed for this progression: start fast on managed, self-host when ready.
