A developer and enterprise guide to every deprecated, retired, and sunset AI model across OpenAI, Anthropic, Google, AWS, Azure, Meta, and Cohere — and what it means for your security posture.
Let me ask you a direct question.
Do you know which version of GPT or Claude your application is calling right now?
Not what you deployed six months ago. Not what the documentation says. What the API is actually returning today.
If you paused before answering, you have a problem — and it is more serious than a broken feature.
The Problem Nobody Talks About
AI model lifecycle management is the quiet crisis of the AI era. Every major provider — OpenAI, Anthropic, Google, AWS Bedrock, Azure AI, Meta, Cohere — has been deprecating, retiring, and replacing models at a pace that most engineering and security teams are not tracking.
When a model reaches end-of-life, three things happen:
- The model stops receiving security patches
- The provider shifts support away from it
- Your application behavior becomes unpredictable as the provider migrates traffic or hard-stops the endpoint
None of these are announced loudly. Most deprecation notices live in changelog footnotes or developer blog posts that never reach the security team.
Why This Is a Security Issue, Not Just a Maintenance Issue
Model deprecation is not just a software maintenance problem. It has direct security implications.
1. You lose patch coverage
Providers actively update production models to fix prompt injection vulnerabilities, jailbreak techniques, and output safety issues. End-of-life models stop receiving these patches. An attacker who discovers a jailbreak against an older model version now has a stable, unpatched target.
2. Behavior drift without a code change
Some providers migrate deprecated model traffic to newer versions silently. Your application then runs a different model without any deployment event. Security controls you built and tested against the old model may behave differently on the new one.
3. Compliance gaps
If your AI usage falls under regulatory frameworks — HIPAA, SOC 2, ISO 27001, EU AI Act — running deprecated, unpatched AI models creates audit exposure. Your AI vendor contract likely includes language around supported versions.
4. Supply chain risk
Running an unsupported model is the AI equivalent of running an unsupported OS. The risk is not theoretical. It is the same class of problem as Log4Shell — a dependency you forgot about, past its support date, sitting in a critical path.
The Full Deprecation Map
Here is every major model lifecycle event worth tracking, by provider.
OpenAI
OpenAI has deprecated every GPT-3 variant. GPT-3.5-turbo has had multiple versions retired, with the API silently migrating callers to newer point releases. GPT-4-0314 was deprecated in June 2024. GPT-4-0613 followed in September 2025. The current stable targets are GPT-4o and GPT-4o-mini, but point version deprecations continue on a rolling basis.
The pattern: OpenAI announces deprecations 3–6 months ahead, but the announcements are buried in the API changelog and never surfaced to application owners.
Anthropic
Claude 1 (all variants) reached end-of-life in November 2024. Claude 2 and Claude 2.1 are in extended support but flagged for deprecation. Claude Instant 1.x is retired. The active models are the Claude 3 family (Haiku, Sonnet, Opus) and the Claude 3.5 and Claude 4 series.
Anthropic's model IDs use date suffixes (claude-3-sonnet-20240229), which makes it easier to track version pinning, but also means you need to actively update your model IDs as new releases land.
PaLM 2 and the Bard-era models are deprecated across Vertex AI and Google AI Studio. Gemini Pro 1.0 has been superseded by Gemini 1.5 and Gemini 2.x. Legacy models on the generativelanguage.googleapis.com endpoint are no longer receiving updates.
AWS Bedrock
Bedrock surfaces third-party models, which means the deprecation schedule is driven by Anthropic, Meta, and Cohere — not AWS. However, AWS adds its own layer: model access grants on Bedrock require explicit re-approval when a model transitions between versions. Teams frequently find their application hard-failing not because the model is deprecated, but because the Bedrock IAM policy references a model ID that no longer exists.
Azure OpenAI Service
Azure maintains its own deprecation schedule, which runs 3–6 months behind OpenAI's. This creates a false sense of security — teams who think they are on a supported model because Azure has not deprecated it yet may actually be running a model OpenAI itself considers legacy. Azure publishes a retirement calendar at the Azure OpenAI documentation portal.
Meta (Llama)
Meta's model lifecycle is complicated by the open-weight nature of Llama. The models themselves do not disappear, but official support, fine-tuning recipes, and safety tooling move to newer versions. Llama 1 is effectively unsupported. Llama 2 is in maintenance mode. Active development is focused on Llama 3.x.
Cohere
Command (original), Embed v2, and Rerank v2 are deprecated. Cohere has moved the platform to Command R, Command R+, and the Embed v3 family. The Cohere API does return errors on fully-retired model IDs, which is better behavior than silent migration, but the deprecation timeline is only announced in the Cohere changelog.
How to Build an AI Model Inventory
The first step is visibility. You cannot manage what you cannot see.
Step 1 — Find every AI API call in your codebase
Search for: openai.chat.completions, anthropic.messages.create, vertexai, bedrock-runtime, cohere.generate, and any HTTP call to api.openai.com, api.anthropic.com, or generativelanguage.googleapis.com.
This will surface both direct integrations and SDK calls. Do not forget infrastructure-as-code, Lambda functions, and GitHub Actions workflows — AI calls are increasingly embedded in automation pipelines.
Step 2 — Extract and log model IDs
Every API call should log the model ID it used. If you are not logging this today, add it. Model IDs change on deployment, on provider migration, and sometimes silently. A log is the only audit trail you have.
Step 3 — Map model IDs against provider EOL dates
Build a simple spreadsheet or CMDB entry: model ID, provider, first used, current status, EOL date, replacement. Update it quarterly. Subscribe to each provider's changelog RSS feed or status page.
Step 4 — Set alerts on deprecation dates
Thirty days before EOL, you want a ticket open and a migration plan. Not a calendar reminder someone ignores — an actual Jira ticket with an owner.
What to Do When a Model Goes EOL
Migration is not just swapping a model ID string. Different models have different context windows, system prompt handling, output formatting tendencies, and safety filter behaviors. A model migration should go through the same change process as a dependency upgrade.
Test suite first. Run your existing prompt suite against the new model before you change the production model ID. Look for behavioral changes in outputs, especially in structured outputs, safety-filtered content, and multi-turn conversations.
Security regression second. If you have red-teaming or adversarial prompt testing in place, run it against the new model. A newer model may handle injection attempts differently — sometimes more robustly, sometimes with new failure modes.
Staged rollout third. Route 5% of traffic to the new model, monitor for errors and behavioral drift, then expand. Treat it like a database migration, not a config change.
The Organizational Fix
The root problem is not technical. It is that AI model management falls between teams. Engineering owns the API call. Security owns the risk register. Neither owns the model lifecycle.
Fix this by assigning a named owner to the AI model inventory — the same way you would assign an owner to a software dependency list. That owner subscribes to provider changelogs, maintains the inventory, and is accountable for migrations happening before EOL dates.
In larger organizations, this belongs in the AI governance function that is now emerging as a standard part of security programs under the EU AI Act and NIST AI RMF.
Bottom Line
AI model deprecation is not a hypothetical future risk. It is happening now, across every major provider, faster than most teams are tracking it.
The security exposure is real: unpatched models, silent behavioral drift, compliance gaps, and supply chain risk from unsupported dependencies.
The fix is unglamorous but necessary: inventory your AI calls, track model IDs, map them to EOL dates, and build a migration process before the deadline forces your hand.
Your AI model is probably end-of-life. Now you know.