Where I work[1], AGPL software is strictly and unconditionally forbidden to use for anything, even things that are completely internal and will never see a public user.
The fear that our lawyers have is that, since putting up the software in a service counts as a derived work, our whole software stack (including the stuff we don't open source) will have to be opened along with it. There have to be clear service boundaries between the AGPL software and the stuff we write ourselves, and the lawyers don't trust us to write in appropriate boundaries.
It's really kinda tragic, because we actually do submit source code upstream when we make changes to open source software that we run internally. As in, if it's an OSS product that we just use for some dumb internal automation thing, we'll submit patches if the license is BSD or MIT, but as soon as GPL (especially AGPL) hits anything suddenly the lawyers get paranoid because of what constitutes a "derived work", which can be interpreted as anything that links against the software to make a complete product.
The upshot of this is, if the OSS software is on an unrestrictive license like BSD or apache, we contribute upstream. If it's GPL or especially AGPL, we simply don't touch it, ever.
That's often not an unwelcome side-effect. If you're at a large technology company, making sure companies like yours don't use the free version is a common motivation. Aerospike sells a commercial enterprise license; in that kind of a "dual-license" setup, the GPL/AGPL can function as a useful poison pill to keep from cannibalizing enterprise sales with the free version (where a common alternative would be to just not open-source at all, for fear of that cannibalization).
A lawyers job is to think about all the things that could go wrong and to prepare for that possibility. Their job is to think what would happen if the company goes under, or what if the newly bought property would burn down, or what if the business partnership you just signed up for went sourer. Their job is not do cost-benefit analysis, or even consider how high risk something actually is. Their job is to handle the what-if's.
So the reaction you are talking about is natural behavior of lawyers being exposed to legal documents and contracts. If there is anything that could be interpreted to impact the company, their job is to consider it and think "what-if".
The question comes down to, what is a healhty way to handle the result of lawyers paranoia. Best-practice is to do a cost-benefit analysis and balance the benefits with the insight of the legal advice. Second-worst is to avoid anything with a risk, regardless of benefits, in order to avoid it. Worst choice is to ignore the lawyers. Most companies, including the "very well known technology companies", pick the second-worst option for anything that is not critical to the company survival. Its clearly not the best option, but it keeps the status quo.
The fear that our lawyers have is that, since putting up the software in a service counts as a derived work, our whole software stack (including the stuff we don't open source) will have to be opened along with it. There have to be clear service boundaries between the AGPL software and the stuff we write ourselves, and the lawyers don't trust us to write in appropriate boundaries.
It's really kinda tragic, because we actually do submit source code upstream when we make changes to open source software that we run internally. As in, if it's an OSS product that we just use for some dumb internal automation thing, we'll submit patches if the license is BSD or MIT, but as soon as GPL (especially AGPL) hits anything suddenly the lawyers get paranoid because of what constitutes a "derived work", which can be interpreted as anything that links against the software to make a complete product.
The upshot of this is, if the OSS software is on an unrestrictive license like BSD or apache, we contribute upstream. If it's GPL or especially AGPL, we simply don't touch it, ever.
[1] A very, very well known technology company.