Raphael Poss

AI/LLM Access Policy for the World Outside Washington

· Raphael Poss · ai commentary, policy, economics

The following analysis summarizes my current thinking about the risks & opportunities around increasing LLM/AI usage over time, specifically from the perspective of government policymakers.

The initiative to do this work came after I read the Cut Off article by Anton Leicht. I am still unsure about some of that article's conclusions because they depend on an aggressive reading of the recent Mythos and Daybreak releases by Anthropic and OpenAI, but several of his arguments intrigued me.

Assuming his premise holds, how do the points translate for policymakers outside the US? Are there also adjacent risks and opportunities that Anton Leicht may have missed?

I draw these findings from a variety of sources besides Anton Leicht himself, both from published articles and discourse between industry professionals and between policy-adjacent experts in my network.

Note that we are assuming here that increased LLM/AI usage is generally desirable and leads to increased economic output at the level of entire countries/regions. Validating this assumption is left out of scope for this analysis.

Your main take-aways:

  • The era of broad, cheap, unrestricted frontier-AI access is closing.
  • Compute, not models, is the binding constraint: AI sovereignty is becoming like energy sovereignty.
  • Defenses against IP theft and defenses against equitable access to AI are the same defenses.
  • Non-US countries have a closing window to trade datacenter buildout for access guarantees.
  • Open-weight models are a credible fallback for most uses.
  • The harness/tooling layer is a more achievable moat than training a frontier model.

Terms

Frontier model
The most capable LLM (generative AI system) available at any given moment. Currently produced by a handful of US labs (Anthropic, OpenAI, Google) and one or two Chinese labs (DeepSeek, Alibaba/Qwen).
Open-weight model
An LLM whose internal parameters are published, so anyone can run it themselves rather than going through a company's API.
Distillation
Training a smaller, cheaper model by having it study the outputs of a larger one. This is a key mechanism by which trailing models catch up to leading ones.
Compute
The GPUs and datacenters needed to train and run these systems; the binding physical resource.
Harness
The software middleware that adapts a general-purpose LLM to a specific application.

Risks

  • Frontier access becomes a foreign policy lever, not a market good.

    Observing that recent model releases were restricted (Anthropic's Mythos cybersecurity model went only to a handful of US companies; OpenAI's Daybreak cybersecurity model followed suit), we might expect further government-mandated access control.

    Three forces drive this: genuine misuse concerns (you don't want a model that finds zero-day vulnerabilities available to everyone), commercial protection against copying by competitors, and eventual US government use of access as a bargaining chip in unrelated negotiations. The Trump administration's pattern of bundling trade, intelligence, and tech access into single deals makes the third risk concrete rather than hypothetical.

    For policymakers in non-US countries, the operative implication is: assuming continuous access to the best AI is the same kind of mistake as assuming continuous access to any other strategically controlled good.

    Conversely, if Mythos and Daybreak turn out to be one-offs rather than a trend, the risk weakens considerably.

    References: [1] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14]

  • Some experts suggest that we can fall back to weaker models if frontier models become controlled. This hedge may be weaker than it looks.

    The natural fallback, that is using open-weight models from Meta, DeepSeek, or Qwen which lag the frontier by three to six months, is a common suggestion. But consider: cost curves bring yesterday's frontier capabilities down to reasonable prices, but tomorrow's frontier keeps getting more expensive.

    If economic and security competition rewards having the best AI rather than adequate AI, being six months behind is structurally losing, not merely “almost as good.”

    Whether this matters depends entirely on what you're using AI for. For drafting emails or generating reports, six months behind is fine. For high-stakes uses like cyber defense, biosecurity or intelligence analysis, it may not be.

    References: [1] [15] [41] [42] [43] [44] [45]

  • Compute, not models, is the binding constraint.

    This is a point professionals often underweight. Even Anthropic, sitting on top of the market, is reportedly buying compute time from third parties because it struggles to serve its own customers. Running a frontier model for a new country or customer is genuinely expensive at the margin (unlike e.g. Microsoft Office, where the marginal cost is near zero).

    For a policymaker, this reframes the question: “AI sovereignty” cannot mean only training your own models. It has to include datacenters, GPU supply, and the energy to power both.

    In other words, AI sovereignty is becoming more like energy sovereignty than software sovereignty.

    References: [1] [15] [16] [17] [18] [19] [20] [21]

  • Distillation defenses will tighten the screws on third parties.

    Distillation is the mechanism that keeps open-weight models, currently mostly Chinese, close to the frontier, currently mostly US-sourced. If US firms or the US government crack down on distillation (through identity verification, geographic restrictions, query-pattern monitoring, etc.), this will widen the gap between open and closed models everywhere.

    In other words, defenses against intellectual property theft and defenses against equitable global access are the same defenses. You cannot have one without the other.

    References: [1] [22] [23] [24] [25] [26]

  • The wealth-concentration dynamic.

    If frontier AI is a genuine productivity multiplier, and access to it is rationed by price and credentialing, then it functions as a wealth amplifier for those who already have capital.

    The risk: those with access pull further ahead, generate more capital, secure even better access.

    For policymakers, this raises the question of whether AI access becomes something governments need to underwrite for citizens, the way they underwrite roads or basic internet access, and if so, how.

    References: [27] [28] [29] [30] [31]

  • Geopolitical second-order effects.

    Historically, when the benefits of major industrial revolutions were distributed unevenly across nations, the result was mass migration and destabilized democracies.

    A world where some countries have the equivalent of post-scarcity intellectual labor and others do not is not a stable equilibrium, especially if the gap is visible and growing.

    References: [1] [3] [32] [33] [31]

Opportunities

  • The compute-for-access bargain.

    Second-tier compute consumers (e.g. the Netherlands, UK, Germany, Japan, Singapore, Australia, the Gulf states) can offer US hyperscalers favorable terms (cheap energy, fast permitting, regulatory clarity) for building datacenters on their soil in exchange for contractual guarantees of continued frontier access.

    The strategic logic: once Amazon, Microsoft, or Google has billions of dollars sunk into a foreign datacenter, they become a US domestic lobby against future administrations trying to cut access. The host country is essentially buying lobbying capacity in Washington with land and electricity. Singapore is already moving in this direction. Caveat: this also makes the host country more contractually dependent on US firms, which is a different vulnerability (analogous to Europe's previous dependency on Russian gas).

    This may be worth the trade for most middle powers, but the trade-off should be discussed democratically.

    References: [1] [2] [34] [35] [10]

  • Hardening defenses to reduce the security justification for restriction.

    If countries invest seriously in biosecurity (screening synthetic DNA orders, hardening laboratory supply chains), cybersecurity (patching critical infrastructure faster), and datacenter physical security, then the policy case for restricting model access on safety grounds weakens.

    This is one of the few areas where AI accelerationists and safety-focused groups can agree on the same investment.

    References: [1] [36] [37] [38] [39] [40] [24]

  • Open-weight models as a strategic floor.

    Even if frontier API access is cut off, capable open-weight models from Meta (Llama), Alibaba (Qwen), and DeepSeek lag by months, not years.

    For most economic uses (in particular software development, customer service, document processing, content generation), six months behind the frontier might be functionally indistinguishable from the frontier. If this view is generally right, the policy implication is that frontier access is a luxury and open weights are the actual strategic resource. The corresponding risk is that the view is incorrect and frontier-vs-trailing is winner-takes-all. Reasonable people disagree, and the answer probably varies by use case.

    References: [41] [45]

  • Buildout speed as a policy variable.

    The single most consequential thing a country can do is accelerate datacenter and energy buildout. Permitting reform, grid expansion, and skilled construction labor are the unglamorous bottleneck. Safety-motivated objections to fast buildout look weaker once you account for the access risks created by slow buildout.

    References: [1] [46] [47] [48] [49] [50] [21]

  • Harness and tooling as a domestic moat.

    Even if LLMs become commodity resources, the surrounding software (e.g. harnesses, agent frameworks, evaluation infrastructure, integration tools, domain-specific scaffolding) is itself valuable and harder to commoditize than the models.

    A country or company that invests in this layer captures value regardless of which model wins. This is a more achievable form of “AI sovereignty” than training a frontier model from scratch.

    References: [51] [52] [53]

  • Universities and non-commercial providers.

    A wildcard that discussions outside of the EU often miss: academic institutions or international consortia could host/run open frontier-adjacent models for the benefits of citizens and organizations within their region.

    References: [54] [55] [56] [57] [58]

The main unresolved tension

There is strong disagreement on the question of whether an access restriction on frontier models would “lock out” countries and organization who do not have access from all the possible wealth generation enabled by AI.

“AI frontier maximalists,” on one side, believe that LLM capabilities will continue to increase on an exponential curve, and an access gate would create a capability gap (between frontier and non-frontier users) that would be forever impossible to close. See the risks above, as well as the following references: [32] [59].

Industry practitioners, which we could name “good-enough realists,” in contrast, frequently report that non-frontier models are satisfactory for most use cases and will likely be available at low cost over time due to commodization. See the opportunities above, as well as these references: [41] [42] [44].

We currently have signals in the industry that support both views. It will take more time (possibly years) to observe where the chips will fall.

Shared strategic directions

From a policymaker perspective, there are shared strategic directions worth considering in the short term, regardless of which view ends up being correct:

  • Invest in compute and energy infrastructure regardless.
  • Treat frontier API access as a contingent resource rather than a guaranteed input.
  • Negotiate access guarantees through datacenter buildout deals while the US needs international compute capacity.
  • Invest in the harness/tooling layer where domestic firms can build durable competence.
  • Harden against misuse domestically so the security argument for restriction loses force.
  • Maintain a credible fallback to open-weight models for use cases where six-months-behind-the-frontier is acceptable.

References

[1](1, 2, 3, 4, 5, 6, 7, 8) Anton Leicht, Cut Off, Threading the Needle, May 2026
[2]Anton Leicht, Import Imperatives, Threading the Needle, February 2026
[3]Anton Leicht, The Most Dangerous Time in AI Policy, Threading the Needle, March 2026
[4]Anthropic, Project Glasswing which led to the Mythos model, Anthropic, April 2026
[5]OpenAI, Daybreak: OpenAI for cybersecurity, OpenAI, May 2026
[6]Brianna Rosen and Carrie Cordero, Too Dangerous to Deploy: Anthropic's Mythos and What Comes Next, Just Security, May 2026
[7]Mat Smith, What is Mythos? Anthropic's new AI model worries many experts, The National, April 29, 2026
[8]Politico, Anthropic, Apple, Microsoft: Europe left in the dark on superhacking AI, Politico Europe, April 2026
[9]Derek B. Johnson, Daybreak is OpenAI's answer to the AI arms race in cybersecurity, CyberScoop, May 2026
[10](1, 2) Andrew R. Chow, Trump's Middle East AI Bet Sparks Security Concerns, Time, May 14, 2025
[11]Emily Benson and Catharine Mouradian, Export Controls and U.S. Trade Policy: Making Sense of the New Terrain, Just Security, February 19, 2026
[12]House Foreign Affairs Committee Democrats, Meeks and Krishnamoorthi to Trump Administration: Export Controls Should Not Be Bargaining Chips in China Trade Talks, U.S. House of Representatives, July 2025
[13]Sam Winter-Levy, The Trump Administration May Be About to Repeal the AI Diffusion Rule. Here's What It Should Do Next, Carnegie Endowment for International Peace, May 2025
[14]Cat Zakrzewski et al., Trump administration weighs new AI regulation push, Washington Post, May 11, 2026
[15](1, 2) The Economist, The AI supply crunch is here, The Economist, April 30, 2026
[16]xAI, New Compute Partnership with Anthropic, xAI, May 2026
[17]Sebastian Moss, Anthropic to use all of SpaceX-xAI's Colossus 1 data center compute, Data Center Dynamics, May 2026
[18]Anthony Ha et al., We're feeling cynical about xAI's big deal with Anthropic, TechCrunch, May 10, 2026
[19]Stanford HAI, AI Sovereignty's Definitional Dilemma, Stanford Institute for Human-Centered AI, February 17, 2026
[20]Sergio Cruzes, AI Infrastructure Sovereignty, arXiv preprint 2602.10900, 2026
[21](1, 2) Belfer Center, AI, Data Centers, and the U.S. Electric Grid: A Watershed Moment, Harvard Kennedy School Belfer Center, February 2026
[22]Ina Fried, OpenAI says DeepSeek may have "inappropriately" used its models' output, Axios, January 29, 2025
[23]Hayden Field, How DeepSeek used distillation to train its artificial intelligence model, CNBC, February 21, 2025
[24](1, 2) Institute for AI Policy and Strategy, AI Distillation Attacks: Executive and Congressional Action Can Go Further, IAPS, 2025
[25]Didit, KYC for LLM Access: Stopping Distillation Attacks, Didit, April 16, 2026
[26]Janet Egan and Lennart Heim, Oversight for Frontier AI through a Know-Your-Customer Scheme for Compute Providers, arXiv preprint 2310.13625, October 2023
[27]Sasha Rogelberg, Larry Fink says AI stealing your jobs isn't the issue: it's AI adoption widening US wealth gap, Fortune, March 24, 2026
[28]Lillian Barkley and Alex Engler, AI's impact on income inequality in the US, Brookings Institution, July 9, 2024
[29]International Monetary Fund, AI Adoption and Inequality, Working Paper WP/25/68, IMF, April 2025
[30]Sarah Kreps and Doug Kriner, How public AI can strengthen democracy, Brookings Institution, October 28, 2025
[31](1, 2) Charles Kenny, Three Reasons Why AI May Widen Global Inequality, Center for Global Development, October 17, 2024
[32](1, 2) White House Council of Economic Advisers, Artificial Intelligence and the Great Divergence, Executive Office of the President, January 2026
[33]Landry Signé, The Next Great Divergence: How AI could split the world again if we don't intervene, Brookings Institution, January 9, 2026
[34]Global Data Center Hub, Q4 2025: The Quarter AI Infrastructure Became State Power, Global Data Center Hub, December 29, 2025
[35]Annie Turner, How sovereign cloud, AI deals are reshaping Asia's data centre map, Capacity Media, December 3, 2025
[36]RAND Corporation, Securing AI Model Weights: Preventing Theft and Misuse of Frontier Models, RAND, 2024
[37]RAND Corporation, Securing AI Data Centers, RAND, 2024
[38]Caroline Schuerger et al., Opportunities to Strengthen U.S. Biosecurity from AI-Enabled Bioterrorism: What Policymakers Should Know, Center for Strategic and International Studies, August 6, 2025
[39]Robert F. Service, Made to order bioweapon? AI-designed toxins slip through safety checks used by companies selling genes, Science (AAAS), 2025
[40]Microsoft Research, The Paraphrase Project: Designing defense for an era of synthetic biology, Microsoft Research, December 15, 2025
[41](1, 2, 3) Epoch AI, Open-weight models lag state-of-the-art by around 3 months on average, Epoch AI, October 30, 2025
[42](1, 2) Ben Cottier et al., LLM inference prices have fallen rapidly but unequally across tasks, Epoch AI, 2025
[44](1, 2) Haosen Ge, Hamsa Bastani and Osbert Bastani, Are AI Capabilities Increasing Exponentially? A Competing Hypothesis, arXiv preprint 2602.04836, February 2026
[45](1, 2) Remote OpenClaw, Best Open-Source AI Models in 2026 — The Complete Ranking, Remote OpenClaw, April 2026
[46]White House, Executive Order 14318: Accelerating Federal Permitting of Data Center Infrastructure, Executive Office of the President, July 23, 2025
[47]Searchlight Institute, Seizing the Data Center Buildout for Grid Modernization, Searchlight Institute, March 9, 2026
[48]Bipartisan Policy Center, Strategic Federal Actions Aim to Strengthen AI and Energy Infrastructure, Bipartisan Policy Center, January 23, 2026
[49]Bryan Gottlieb, Grid Access, Not Land, Emerges as Bottleneck for Data Center Construction, Engineering News-Record, December 18, 2025
[50]Congressional Research Service, Data Center Energy Infrastructure: Federal Permit Requirements (R48762), Library of Congress, December 2025
[51]Salesforce, What Is an Agent Harness? The Key to Reliable AI, Salesforce, March 17, 2026
[52]Atlan, What Is Harness Engineering AI? The Definitive 2026 Guide, Atlan, April 13, 2026
[53]Gennaro Cuofano, The Harness as the Agentic Moat, Business Engineer, March 27, 2026
[54]U.S. National Science Foundation, National Artificial Intelligence Research Resource (NAIRR), NSF, 2026
[55]European High Performance Computing Joint Undertaking, AI Factories, EuroHPC JU, 2026
[56]European Commission, AI Factories — Shaping Europe's digital future, European Commission, 2026
[57]Mark Muro and Sifan Liu, How the National Artificial Intelligence Research Resource can pilot inclusive AI, Brookings Institution, July 9, 2024
[58]Nicholas Vincent, Public AI infrastructure: What is it, do we need it and will it ever be built?, World Economic Forum, February 11, 2025
[59]Mark Muro and Sifan Liu, AI growth acceleration versus distributional fairness, Brookings Institution, May 2026
← Prev: On Knowledge That Refuses to Be Written Down
← Back to blog