On June 12, 2026, at a little after five in the afternoon Eastern time, US Commerce Secretary Howard Lutnick sent a letter to Anthropic CEO Dario Amodei. It contained a single administrative instruction: obtain an export license before letting any foreign national, anywhere in the world, including inside the United States, touch two of the company's newest models. Anthropic could not screen users fast enough to comply with anything short of a full stop, so it pulled Claude Fable 5 and Claude Mythos 5 offline entirely, for everyone, three days after their public launch.
For eighteen days, the two most capable models built by one of the industry's most safety-obsessed labs simply did not exist for the enterprise customers who had built workflows around them. Not a hack. Not an outage. Not a bug in a data center in Virginia. A single letter from a single regulator, and a frontier model vanished from the market until the government decided otherwise. On June 30, the directive was lifted, access came back, and most of the coverage moved on within a week because the story had a tidy ending.
It moved on too fast. What happened in those eighteen days was never really a story about Anthropic, or Lutnick, or the narrow jailbreak claim the company disputed the entire time. It was a demonstration, delivered in public and confirmed by Anthropic itself, the Commerce Department's own directive, and reporting from CNBC, CNN, the New York Times and Forbes, that a government can reach into a commercially deployed frontier AI system and switch it off. Not degrade it. Not rate-limit it. Turn it off, worldwide, for reasons an enterprise customer had no visibility into and no vote on.
If you have spent the last two years wiring frontier models into decision pipelines, that is not an interesting news story. That is a supply chain risk you did not know you were carrying, made suddenly, uncomfortably concrete.
The pen-stroke problem
I want to be precise about what actually went wrong here, because the lazy version of this story, the one that will circulate at your next off-site, is "AI is risky, be careful." That is not an insight. It is a shrug dressed as wisdom.
Here is the sharper version. For most of the last three years, enterprise AI strategy has rested on an assumption nobody wrote down because nobody thought to question it: that access to frontier cognition is a utility, reliably there the way electricity is reliably there. What the Anthropic episode proved is that the newest, most expensive, most heavily marketed utility in the enterprise stack can be switched off with less notice than your actual electricity board gives you before scheduled maintenance.
Three specific failures sit underneath that headline.
The first is concentration. Market analyses tracking the enterprise LLM space put seven providers, Microsoft, OpenAI, Anthropic, Google, AWS, Cohere, and AI21 Labs, at roughly four-fifths of enterprise usage. Futurum's AI Decision Makers Survey found the average enterprise draws on 3.3 model providers, which sounds like healthy diversification until you notice that most of those relationships are shallow. One or two providers usually carry the real production weight; the rest are pilot budgets and vendor-evaluation theater. A CFO would flag this immediately if a single supplier controlled four-fifths of a physical input to manufacturing. In AI, it barely made the risk register.
The second is jurisdiction. A contract with a cloud provider tells you what the vendor promises to do. It says nothing about what a government can compel that vendor to do, over the vendor's own objection, in an afternoon. Anthropic disputed the factual basis for the directive throughout the eighteen days and was, by its own account, working the entire time to restore access. None of that mattered. The directive did not require Anthropic's agreement, and it did not require yours. If your production workflow depends on a closed model built and hosted inside one legal jurisdiction, you have quietly outsourced a piece of your business continuity plan to that jurisdiction's politics, and no clause in a master services agreement protects you from that, because no vendor can promise away their own government's authority.
The third failure costs money every single day and has nothing to do with export controls. It is the habit of renting frontier-grade cognition for tasks that never needed it. Somewhere in most enterprises right now, a workflow that classifies support tickets, checks invoice fields against a purchase order, or extracts three numbers from a scanned form is running on the same top-tier model the company reserves for strategic analysis, billed by the token, at frontier prices, sending data to frontier infrastructure it never needed to leave the building to reach. That is not a sovereignty risk. It is a cost and exposure problem stacked on top of another cost and exposure problem, and it is entirely self-inflicted.
Layer a human failure on top and the picture is complete. Employees do not wait for governance to catch up with their workload. Cyberhaven's Data Loss Report found that a large share of employees have pasted confidential business data into consumer AI tools their employer never sanctioned, and separate research from Netwrix found that only one in five organizations fully monitors or governs that behavior. The June directive was a government pulling a lever your enterprise did not control. The daily shadow AI habit is a lever sitting in plain sight inside your own walls, and most leadership teams have simply not walked over to look at it.
A market splitting in two
Here is what makes this moment different from five years of AI risk conversations that mostly produced conference panels and not much action. The market itself is now visibly splitting into two economies, and understanding both halves is the entire game.
Half one is commodity cognition, and it is commoditizing faster than most strategy decks have updated for. Stanford's HAI AI Index found that the cost of running a model at GPT-3.5-level capability fell more than 280-fold between late 2022 and late 2024, and the curve has not flattened since. Analysts increasingly measure the gap between the best closed frontier model and the best openly available one in months, not years, and in domains like coding and structured reasoning that gap regularly closes to nothing for a stretch before the next release reopens it. When intelligence gets this cheap and interchangeable this fast, the model stops being a source of advantage. It becomes plumbing. Good plumbing matters. Nobody builds a company strategy around whose pipes are marginally shinier.
Half two is the sovereignty economy, and it is no longer a niche interest for cypherpunks and compliance officers. It is a line item in national budgets and enterprise board decks simultaneously. Portugal launched its own open-source national model this year. France's Mistral raised $830 million in debt financing to expand sovereign cloud capacity behind a nine-figure data center commitment near Paris. Germany has Aleph Alpha, Poland has Bielik and PLLuM, Switzerland has Apertus, India has its IndiaAI Mission and the Sarvam models built under it. None of these are curiosities anymore. They are the visible tip of a genuine industrial policy shift, and enterprises inside those jurisdictions are increasingly required, or strongly incentivized, to take them seriously.
The uncomfortable part is that most enterprises are still behaving as though only half one exists. Industry data shows a stark execution gap: more than 80 percent of enterprises now report using generative AI in some form, yet only around a third say they have scaled it beyond pilots, and barely one in eight report enterprise-wide impact. Security is not a footnote in that gap. Roughly four in ten organizations name security and data protection as the single biggest barrier to further adoption, and about a third rank it as the top factor in choosing a provider in the first place. Everyone can feel the tension between wanting the capability and not trusting the arrangement they are getting it through. Very few have actually resolved it.
This is precisely where my own instincts about decentralization and encryption keep landing. Centralization is not just a philosophical objection. It is a measurable concentration of failure modes. When cognition was scarce and expensive, renting it from the one lab that had it was a reasonable trade. Now that cognition is genuinely converging across a dozen providers and a growing field of open-weight alternatives that run on hardware you control, the calculus has flipped. The scarce, valuable thing was never the model. It was always your data, your workflow logic, and the judgment your teams have built over years of doing the work. Own that. Rent the engine.
Five ways to hold the keys
So what are the actual options, in practical terms, for a business that reads the last two sections and wants to move without either panicking into an expensive rebuild or doing nothing and hoping the next directive lands on someone else?
1. Stay a tenant, but a diversified one
For workloads that are not sensitive and where speed matters more than control, renting frontier cognition from more than one provider remains rational. The mistake is calling this a strategy. It is a hedge, and it only works if you have actually tested the failover, not just signed a second contract you never touch.
2. Own the control plane, whatever sits behind it
The routing, the guardrails, the logging, the evaluation harness, should belong to you regardless of which model answers the call. This is the layer that lets you swap a shut-off model for another one in hours instead of months, because your business logic was never welded to one vendor's SDK.
3. Bring the model home for what deserves it
Open-weight models, Llama, Mistral, DeepSeek, Qwen, and a fast-growing field of regional alternatives, now run credibly on infrastructure you control. This is not free. It requires people who can fine-tune, secure, and maintain a model the way you once needed people who could run a database well. But for regulated data, high-volume repetitive workloads, or anything where continuity is non-negotiable, the economics increasingly favor owning the weights outright, especially with the intelligence gap still closing.
4. Go small on purpose
The most overlooked option is also the cheapest: stop sending mundane, high-volume tasks to a frontier model at all. A small model, fine-tuned on your own data and running on a fraction of the hardware, can match or beat a frontier model on narrow tasks like classification, extraction, and verification, at a fraction of the cost and none of the exposure. This is unglamorous. It is also where nearly all of the realized, measurable AI return on investment already sits, because it is the boring work that touches your operations the most times a day.
5. Use the sovereign platform in your own jurisdiction, where one exists
Mistral's sovereign cloud in France, Aleph Alpha in Germany, Apertus in Switzerland, Sarvam under India's national AI mission, are no longer experiments. They exist specifically to give enterprises and public bodies inside those borders a path that depends neither on a foreign closed API nor on building the entire stack from scratch.
None of these are mutually exclusive, and the sovereign-minded enterprises I see doing this well run a blend: frontier APIs for exploratory work and low-stakes generation, an owned control plane sitting over all of it, a self-hosted open-weight model for the sensitive core, and small fine-tuned models doing the repetitive heavy lifting nobody notices until it breaks.
Where the sovereign begins
Here is the part most vendors skip, because it does not sell a platform. Sovereignty does not start with a procurement decision. It starts with an inventory you probably do not have.
Map what actually leaves the building before you choose anything from the list above. Most leadership teams cannot say, today, which data crosses which boundary, to whose infrastructure, under what retention terms. That is not a vendor problem to solve later. It is the first fact to establish, because every option above is a different answer to a question you have not yet asked precisely.
Classify the work, not the technology. Go back to the question that should have opened this conversation in the first place: what does it actually take to do this piece of work well, and what does "good" look like in terms your own team already recognizes? Only once you can answer that should you decide which layer of the stack a given workload deserves. Reaching for a model before answering this is how companies end up automating the wrong thing beautifully.
Pilot the boring work first. The instinct in most executive teams is to lead with the flashy pilot, the customer-facing chatbot, the demo that plays well at the board meeting. The instinct is backwards. The workflows that quietly touch your operations hundreds of times a day, data entry, verification, reconciliation, are where a small owned model earns its keep fastest, builds your team's real literacy, and gives you a track record before you attempt anything harder.
Do this yourself before you delegate it. None of the decisions above are ones you can hand to a vendor RFP and expect back in good shape. They require someone at the leadership table who has actually used the tools, felt where they break, and can tell the difference between a sales deck answer and an engineering answer. That is not a technical requirement. It is a leadership one, and it is usually the one most quietly skipped.
Revisit the plan every time the ground moves, because it will keep moving. Anthropic's models came back online on June 30. That is not the end of the story, it is a preview. The mechanism that switched off a frontier model in an afternoon still exists, aimed at nobody in particular this week and at someone in particular the next.
The blackout lasted eighteen days. The headlines lasted about a week. But a capability, once demonstrated in public, does not go back into the box because the news cycle moved on. Somewhere between June 12 and June 30, every enterprise leader renting their intelligence from a single closed provider was handed a preview of a Monday morning they had not planned for, and most changed nothing.
The sovereign ones did. Not because they saw the letter coming, but because they had already decided, well before it arrived, which parts of their business were never going to depend on someone else's permission to keep running. That is the actual choice in front of you now. Not whether to use AI. Whether you are the tenant, or the one holding the keys.
For the deeper framework on which layers to own outright and which to rent, see Own the Layer: A Sovereignty Stack for Enterprise AI.