Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

AI model sovereignty: what happens when the control plane is not yours?


(@unosecur)
Honorable Member
Joined: 1 year ago
Posts: 188
Topic starter  

TL;DR: A single US export-control order disabled Anthropic’s Fable 5 and Mythos 5 for customers and staff alike, exposing how quickly AI capability can disappear when access is concentrated in one provider and one jurisdiction, according to Unosecur. The real issue is not where the model sits, but whether identity and access control stays under your authority when the provider cannot guarantee continuity.

NHIMG editorial — based on content published by Unosecur: After Fable 5, sovereignty is no longer optional

By the numbers:

Questions worth separating out

Q: How should security teams govern AI capabilities that can be revoked by a provider or regulator?

A: Treat the capability as a governed entitlement, not a permanent service.

Q: Why does AI sovereignty matter for IAM programmes?

A: Because AI access can be withdrawn by a third party, which turns continuity into an identity issue.

Q: What breaks when an organisation depends on one AI provider in one jurisdiction?

A: The organisation loses the ability to guarantee continuity.

Practitioner guidance

  • Map AI capability revocation paths Identify every external party that can suspend, narrow, or revoke access to a model, agent, or AI workflow.
  • Move authorization authority into the enterprise control plane Ensure your identity and access layer, not the provider, decides which users, service accounts, and AI agents may use each capability.
  • Test model failover without control-plane rebuilds Run a tabletop where the primary model is unavailable and prove that the workflow can switch to an alternate model while keeping the same identity, authorization, and audit logic intact.

What's in the full article

Unosecur's full blog covers the operational detail this post intentionally leaves for the source:

  • How Unosecur says it built its control plane to run in different deployment models, including managed service, customer-owned infrastructure, and air-gapped use cases.
  • The article's discussion of sovereignty properties such as model portability, jurisdictional visibility, graceful degradation, and control-plane ownership.
  • The specific implications Unosecur draws from the Anthropic order for European-hosted and self-hosted AI architectures.
  • The vendor's own framing of why a European flag is not itself a security control.

👉 Read Unosecur's analysis of AI sovereignty, concentration risk, and control planes →

AI model sovereignty: what happens when the control plane is not yours?

Explore further

View Full Forum →  |  NHI Foundation Course →  |  Our Services →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 11491
 

Concentration risk is now an identity control problem, not just a vendor risk. When a single provider and a single jurisdiction can revoke access to a critical AI capability, the failure is not merely operational. The deeper issue is that the control plane was external to the organisation, so continuity depended on a party the business could not govern. The implication is that AI capability ownership has to be assessed like any other high-value entitlement path.

A few things that frame the scale:

  • 92% of organisations expose NHIs to third parties, raising concerns about supply chain security, according to Ultimate Guide to NHIs.
  • 71% of NHIs are not rotated within recommended time frames, increasing the risk of compromise over time.

A question worth separating out:

Q: Who should be accountable for AI access revocation risk?

A: Accountability should sit with the teams that own identity governance, security architecture, and risk management together. If the model provider controls the final switch, internal accountability is weak by design. The organisation needs a named owner for capability dependencies, jurisdictional exposure, and failover testing.

👉 Read our full editorial: AI model sovereignty depends on control planes, not provider flags



   
ReplyQuote
Share: