Who Gets To Use The Strongest AI?
OpenAI and Anthropic's restricted frontier-model rollouts show why AI access needs safety, transparency, portability, and credible governance.
The newest frontier AI fight is not only about which model is smarter. It is about who is allowed to touch it.
On June 12, 2026, Anthropic said the U.S. government had issued a national-security directive requiring it to suspend access to Fable 5 and Mythos 5 for any foreign national, including foreign-national Anthropic employees. Anthropic said the practical effect was broader: it had to disable both models for all customers while it worked through compliance. The company said the directive appeared to be based on a narrow cybersecurity jailbreak concern, and argued that the disclosed examples did not show unique harmful capability.
Two weeks later, OpenAI announced that GPT-5.6 Sol, Terra, and Luna would begin in limited preview. OpenAI said it had previewed the models and their capabilities to the U.S. government before launch, and that at the government's request it was starting with a small group of trusted partners whose participation had been shared with officials. AP reported on June 27 that both OpenAI and Anthropic were limiting access to their newest models during a cybersecurity review period.
The pattern is hard to miss. Frontier AI is moving from product launch to access regime.
Why The Gate Exists
The strongest case for gatekeeping is not silly. General-purpose models are becoming useful in security research, code repair, biological analysis, agentic workflows, and long chains of technical reasoning. The same capability that helps a defender find a bug can help an attacker look for one. The same model that accelerates patch development can lower the cost of reconnaissance, automation, and abuse.
Companies also have real obligations. They have to comply with export controls, sanctions, privacy law, contracts, child-safety rules, customer promises, and internal safety policies. Governments have real duties too. They are responsible for critical infrastructure, public services, defense systems, and the consequences when powerful tools are misused.
Centralized release control is attractive because it gives someone a lever. A lab can throttle access, monitor abuse, suspend accounts, tune safeguards, select early customers, and talk to one government counterpart. A government can ask for delay, review, or restriction without needing to regulate every model download, cloud endpoint, developer tool, and downstream application separately.
When the technology is moving this quickly, that lever feels practical.
Why The Gate Is Dangerous
The problem is that the lever becomes the system.
If the best AI tools sit behind a few private APIs, then access to scientific work, software defense, education, translation, compliance, and new business formation can depend on opaque decisions by a handful of companies and agencies. The user may not know which rule blocked them, which official asked for the restriction, what evidence justified it, how long the restriction will last, or what appeal exists.
That is a fragile way to govern infrastructure. It asks the public to trust three things at once: that the model company is accurately describing its risks, that the government is acting on strong evidence, and that neither side is using safety language to protect incumbents, shape markets, or control politically sensitive capability.
Even when everyone acts in good faith, the costs are uneven. Large companies, defense contractors, and well-connected institutions can become trusted partners. Smaller developers, foreign researchers, civil-society groups, independent auditors, and poorer countries wait outside the gate. Cyber defenders who are not on the approved list may lose access to the same tools attackers eventually obtain elsewhere.
The central irony is sharp: safety review can itself become a concentration risk.
What Decentralization Would And Would Not Mean
A decentralized AI access layer should not mean publishing every frontier model weight to the world the moment it is trained. Some releases are irreversible. Some capabilities are dual-use in ways that deserve caution. A system that ignores abuse, export law, privacy, provenance, and accountability would not be freer in any useful sense. It would simply move the harm somewhere harder to repair.
The more credible goal is to decentralize the evidence, governance, and portability around access.
Model evaluations could be signed, timestamped, and published into a durable record instead of summarized through company statements and selective leaks. Independent labs could attach attestations about specific capability tests, safeguard failures, benchmark limits, and unresolved disputes. Access policies could be machine-readable: who can use which model, for which tasks, in which jurisdictions, under which logging or retention rules, with what appeal path.
Users and organizations could carry portable credentials for legitimate work: security researcher status, critical-infrastructure defender status, academic reviewer status, medical or legal compliance role, or audited enterprise controls. A model provider could still deny access, but the decision would be based on reusable proofs rather than a private relationship with one vendor. Different front ends and compute providers could compete while respecting a shared policy record.
Payments, storage, identity, audit logs, safety evaluations, and model-service registrations could become network capabilities rather than closed features of one account system. That does not remove judgment. It makes judgment easier to inspect.
The Hard Parts Stay Hard
Decentralized governance has its own traps. Public ledgers can leak sensitive information if they record too much. Portable credentials can become exclusion tools if only rich institutions can obtain them. Community governance can be captured by loud factions, national blocs, or industry alliances. Open evaluation markets can be gamed. A patchwork of regional rules can make developers' lives worse, not better.
There is also a serious accountability problem. If a centralized provider gives a dangerous user access, investigators know where to look. In a distributed system with multiple model hosts, credential issuers, safety evaluators, payment rails, and application interfaces, responsibility can become smeared across the network. That may help resilience, but it can hurt remedy.
The best decentralized design would need bounded transparency: enough public evidence to prevent arbitrary gates, enough privacy to protect users and defenders, enough governance to remove bad actors, and enough interoperability that losing one provider does not erase access for legitimate work.
That is harder than posting model weights and calling it freedom.
A Better Access Standard
The question is not whether frontier AI should have safeguards. It should. The question is whether access to increasingly important tools should be governed by private memos, emergency directives, and customer lists that outsiders cannot see.
A better standard would separate four things that are currently tangled together.
First, capability evidence should be durable and reviewable. If a model is restricted because it crosses a risk threshold, the threshold and the evidence should be legible to qualified reviewers, even when some details must stay confidential.
Second, user eligibility should be portable. A legitimate defender should not have to rebuild trust separately with every model company.
Third, restrictions should be contestable. A denied user, company, or research group should know the category of decision and the path to appeal or reevaluation.
Fourth, the infrastructure should be plural. No single company should become the only interface for a capability that shapes software security, research, education, and public administration.
This is where Sakviti's broader thesis becomes relevant. A network that can provide identity, payments, storage, governance records, and application services does not automatically solve AI safety. But it can make access rules more portable, evidence more durable, and service providers less able to turn their private account systems into the public boundary of the internet.
The strongest AI systems will need gates. The real question is whether those gates are visible, accountable, and interoperable, or whether they become a quiet permission layer for the next era of computing.