In 1999, a college kid named Shawn Fanning released a little program called Napster.

Hey, I’m Lakshmi — I help developers build, deploy, and distribute their SaaS without hiring a team. I also run Stacksweller and Supabyoi.

New here? Start with Why Your AI Wakes Up Every Morning With No Memory or Clean Code Is Dead.

Within 18 months, 80 million people were using it. The record industry lost its collective mind. Metallica sued. Dr. Dre sued. The RIAA launched a legal crusade that would make Prohibition-era feds proud.

In July 2001, Napster was ordered to shut down.

Victory for the record labels, right? Piracy defeated. Order restored.

Except that’s not what happened at all.

What happened was Kazaa. And LimeWire. And BitTorrent. And The Pirate Bay. The music industry spent the next decade playing whack-a-mole with increasingly sophisticated piracy networks. They sued college students for thousands of dollars. They installed rootkits on CDs. They lobbied for laws that made sharing a song punishable by more jail time than armed robbery in some states.

None of it worked.

People didn’t stop downloading music. They just got better at hiding it. The tools got more decentralized, more anonymous, more impossible to shut down. Every crackdown spawned three new services. The industry’s own enforcement efforts trained an entire generation to view them as the enemy.

The thing that finally fixed music piracy wasn’t lawsuits or legislation or DRM. It was Spotify. It was giving people a legitimate way to do the thing they were going to do anyway, at a price point that made piracy feel like more effort than it was worth.

The music industry spent a decade fighting human behavior. Then someone finally figured out how to work with it instead.

I keep thinking about this story lately.

The email that started a Reddit war.

A developer posted recently: “My company banned AI tools and I don’t know what to do.”

Security team sent an email. No ChatGPT. No Claude. No Copilot. No automation platforms with LLMs. Data privacy concerns. Their reasoning wasn’t entirely wrong — they work with sensitive client information.

But here’s the part that made 114 people upvote and 392 people comment:

“Some people on my team are definitely using AI anyway on personal devices. Nobody talks about it but you can tell.”

Read that again.

The ban didn’t stop AI usage. It just pushed it underground. Developers are now typing company code into free-tier tools on personal phones with zero audit trail, zero data retention policies, zero corporate oversight.

The policy designed to prevent data leakage created the exact conditions for data leakage to happen.

Sound familiar?

We’ve seen this movie before.

The Napster pattern shows up everywhere once you start looking.

Prohibition didn’t stop drinking. It created speakeasies and bootleggers and gave organized crime its business model for the next century.

Corporate social media bans don’t stop employees from checking Twitter. They just do it on their phones instead of their work computers — which, ironically, means IT has even less visibility into what’s happening.

VPN blocks in authoritarian countries don’t stop people from accessing banned sites. They just create a thriving market for better VPN services.

The pattern is always the same: Ban the thing people want to do. Watch them do it anyway, but worse. Spend enormous resources trying to enforce the unenforceable. Eventually give up or get disrupted by someone who figured out how to make the thing legal and convenient.

The music industry got Spotify. The question is: what’s the Spotify for AI-banned developers?

The escape hatch nobody’s talking about.

Here’s where this gets interesting.

Buried in a comment on that Reddit thread, someone wrote: “Welcome to local llama.”

Most developers scrolled past it. But that two-word comment is actually the whole answer.

You can run Claude Code — the actual Anthropic CLI tool — with local models. Everything stays on your machine. Nothing touches the cloud. Zero API costs. Full compliance. Your security team can’t complain about data leaving the network when the data never leaves your laptop.

This became possible a few months ago when Ollama added native support for the Anthropic Messages API. Two environment variables and you’re running.

export ANTHROPIC_BASE_URL="http://localhost:11434"
export ANTHROPIC_AUTH_TOKEN="ollama"

That’s it. That’s the whole trick.

Your company banned Claude? Cool. Run Claude Code pointed at a local model. The interface is identical. The workflow is identical. The data stays on hardware you control.

This isn’t a hack or a workaround. It’s a legitimate, auditable, IT-approved way to use AI coding tools without sending a single byte to external servers.

The Spotify moment for AI bans.

Think about what Spotify actually solved.

People wanted music. The industry wanted control. Spotify gave people convenient access while giving the industry a revenue stream and usage data. Everyone got something.

Local AI models are the same deal.

Developers want AI assistance. Security teams want data privacy. Local models give developers the tooling while giving security teams complete control over where the data goes.

For organizations, you can even run Ollama on a beefy internal server and point everyone’s Claude Code at it:

export ANTHROPIC_BASE_URL="http://internal-server.yourcompany.com:11434"

Now you’ve got a compliant, auditable, centrally-managed AI coding assistant. IT controls the models. IT controls the access. Everything is logged. Nothing leaves the network.

The security team gets their audit trail. Developers stop pretending they’re coding like it’s 2020. Everyone can have honest conversations in standups instead of maintaining an elaborate fiction.

The honest trade-off.

I’d be lying if I said local models were just as good as Claude’s API.

They’re not. Expect about 60-70% of the Claude experience. Local models need more explicit prompting. Complex multi-file refactors require more hand-holding. The magic “it just works” feeling of Claude Sonnet isn’t quite there yet.

One developer put it bluntly: “Claude Code talked to Ollama, and Qwen3-Coder produced some code. It was clumsy, slow, and required detailed prompting to make something work.”

But here’s the thing about that 60-70%: it’s 60-70% more than zero.

If your choice is between “banned from AI entirely” and “AI that’s pretty good but not magical,” that’s not actually a hard choice. You’re not comparing local models to Claude’s API. You’re comparing local models to doing everything manually while your competitors ship twice as fast.

The gap between local and cloud is real but shrinking. Six months ago this setup wasn’t even possible. The models are getting better every few weeks. By the time your company’s “we’ll revisit the AI policy later” actually happens, local models might be good enough that you don’t even want to switch.

The ten-minute setup.

If you want to try this:

# Install Ollama
brew install ollama

# Start it and pull a model
ollama serve
ollama pull qwen3-coder:32b

# Add to your ~/.zshrc
export ANTHROPIC_BASE_URL="http://localhost:11434"
export ANTHROPIC_AUTH_TOKEN="ollama"
export CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC=1

# Reload and run
source ~/.zshrc
claude

One gotcha: Claude Code’s system prompt is about 16,500 tokens. You need models with at least 32K context. Qwen3-Coder 32B and DeepSeek Coder V2 work well. Smaller models will choke before you even ask a question.

If you’re on an M-series Mac with 64GB RAM, you’re in good shape. 32GB is workable. 16GB is going to hurt.

The point of all this.

The Napster story didn’t end with piracy winning. It ended with the industry finally building something that worked with human nature instead of against it.

Your company’s AI ban is the RIAA lawsuit phase. It feels like control. It’s actually just delaying the inevitable while making everything worse in the meantime.

Local models are the Spotify phase. They’re the legitimate path that gives everyone what they actually want.

The technology exists. The setup takes ten minutes. The trade-offs are reasonable. The only question is whether your organization figures this out now, or burns another year pretending the ban is working while developers type code into ChatGPT on their phones.

History suggests they’ll figure it out eventually.

You don’t have to wait.