The Fortress Around the Siege Engine
The same companies pouring $850 billion into AI are now building a defensive fortress around it — and the fight over who holds the keys has become the industry's defining fracture.
The same companies that have committed over $850 billion to data-center expansion are now building a defensive perimeter around the models those data centers will run. The two projects are not in tension. They are the same project, funded from the same balance sheets, and they are accelerating together. The trigger was specific. On April 9, Anthropic revealed Claude Mythos, a model that autonomously discovers and exploits zero-day vulnerabilities — it scored 73% on expert-level cyberattack challenges and found a 27-year-old flaw in the Linux kernel [1]. The company blocked its public release and instead launched Project Glasswing, granting restricted access to 40-plus organizations — Google, Microsoft, Amazon, Apple, JPMorgan Chase — to proactively patch critical systems [1]. Within eleven days, the U.S. Treasury Secretary and Fed Chair had summoned major banks, the Pentagon had designated Anthropic a supply-chain risk, and tech leaders were discussing with the White House the need to prevent the spread of autonomous cyberattack capabilities [2]. What followed was not a pause. It was a build-out at every layer simultaneously. At the hardware layer: Tencent open-sourced Cube Sandbox, a production-grade isolation stack using MicroVM architecture to prevent kernel escape, with cold starts under 60 milliseconds and capacity for more than 100,000 concurrent sandboxes [3]. Google partnered with Elastic to bring AI-driven threat detection to air-gapped cloud environments for defense and critical infrastructure [4]. Taiwan began considering strict AI chip export bans to mainland China, criminalizing the smuggling of advanced Nvidia-powered servers [5]. Anthropic started exploring custom 2nm chip design, a $500 million effort to reduce hardware dependency [6]. At the model layer: Anthropic embedded a 99%-effective jailbreak classifier and built Claude Opus 4.7 with intentionally reduced cybersecurity capabilities and safeguards that automatically detect and block prohibited or high-risk cybersecurity uses [7]. It also embedded hidden tracking code — steganography, time-zone checks, proxy URLs — into Claude Code to identify users in China, prompting Alibaba to ban the tool as high-risk software with security vulnerabilities [8]. At the infrastructure layer: IBM and Palo Alto Networks launched a six-layer Enterprise AI Security Framework covering identity, information safeguards, model supply-chain security, agent security operations, regulatory compliance, and AI governance [9]. ServiceNow built an AI Control Tower to manage and assign tasks to autonomous agents before they are fully deployed [10]. Proofpoint shifted from theoretical severity scoring to real-time exploit intelligence, aiming to reduce zero-day exposure windows to minutes [11]. Microsoft open-sourced Rampart and Clarity, embedding AI safety into continuous-integration pipelines rather than bolting it on after deployment [12]. At the geopolitical layer: Trump's June executive order established voluntary 30-day pre-release government vetting for all frontier AI models [13]. The U.S. imposed — then lifted — export controls on Anthropic's Fable 5 and Mythos 5 models after Amazon researchers found the safeguards could be bypassed [13]. Regulators at the Fed and OCC began mapping AI usage inside banks, requiring governance frameworks, human oversight, and kill switches [14]. None of this replaced the offensive build. The $850 billion in data-center commitments kept growing: Meta at $182.9 billion, Microsoft at $196.6 billion, Amazon at $200 billion in capital expenditure this year alone [15][16]. Tech companies cut more than 142,000 jobs in the first five months of 2026 to fund $700 billion in collective AI infrastructure [17]. The fortress and the siege engine are being built from the same capital, by the same companies, on the same timeline. The fracture is not over whether to build the fortress. It is over who holds the keys.
Who controls the perimeter?
Anthropic: Controlled Access:
Restricted Mythos to 40-plus vetted organizations, warning capabilities would proliferate beyond safe actors [18]. The only frontier lab that explicitly prohibits access from PRC-controlled companies.
Proposed a consensus industry framework as a template for global coordination.
Held its position even after the White House canceled all contracts over restrictions on surveillance and autonomous weapons use [19].
Anthropic is the only frontier AI company that restricts sales to PRC-controlled companies, including subsidiaries incorporated outside China.
Our hope is that this collaboration, along with our proposed consensus industry framework, will serve as the basis for systematic rules for the whole industry—and even offer the beginning of a template for effective global coordination on the risks and benefits of AI.
OpenAI: Political Insurance: Expanded Trusted Access for Cyber to all vetted government levels, including the Pentagon and DHS [18]. Proposed giving the U.S. government a 5% equity stake — $42.6 billion on an $852 billion valuation.
Launched GPT-5.6 after Commerce Department red-teaming, made changes after discussions with administration officials, but insisted government access should not become the long-term default [20].
The goal is not only to support people through economic change after decisions have already been made, but to give them a stake and a voice in shaping how that change unfolds.
We’ve made clear to the U.S. government that this is not our preferred long-term model, and will work with them and others in industry to achieve a more sustainable approach for future releases.
Both now operate under mandatory pre-release government review. Both have conceded the wall is porous. Anthropic has stated it is probably impossible to make any AI model fully robust against jailbreaks.
probably impossible to make any AI model fully robust against jailbreaks — Anthropic
The company has also said plainly that perfect protection is not currently achievable for any model provider.
perfect protection against jailbreaks is currently impossible for any model provider. — Anthropic
The models the fortress is meant to contain are the same ones being made more capable every quarter. The fight over who holds the keys is not academic. It is already playing out in court: Apple sued OpenAI on July 10 for orchestrating what it called systematic trade-secret theft, alleging the company recruited more than 400 former Apple employees and used a checklist to evade security detection [21]. The suit extends the fortress into hardware IP litigation — a new front beyond the copyright wars that defined the last era of AI conflict. The industry is building a wall around an engine it has no intention of turning off. The only open question is whose hand is on the throttle, and whose on the brake.
- 1. Anthropic Blocks Public Release of Powerful Mythos AI Model
- 2. OpenAI and Anthropic Launch Specialized AI Cybersecurity Models
- 3. Tencent Cloud Open-Sources Cube Sandbox for AI Agents
- 4. Elastic Integrates Security Platform With Google Air-Gapped Cloud
- 5. Taiwan Considers Strict AI Chip Export Bans to China
- 6. Anthropic Explores Custom AI Chips Amid Security Disputes
- 7. Anthropic Releases Claude Opus 4.7 with Autonomous Agent Capabilities
- 8. Alibaba Bans Claude Code After Detecting Hidden Tracking Code
- 9. IBM and Palo Alto Networks Launch AI Security Framework
- 10. Agentic AI Shift Increases Demand for Data Center CPUs
- 11. Proofpoint Launches Active Exploits Protection Against AI-Driven Cyber Threats
- 12. Microsoft Open-Sources Rampart and Clarity AI Safety Tools
- 13. US Lifts Export Controls on Anthropic AI Models
- 14. U.S. Regulators Intensify Scrutiny of AI in Finance and Tech
- 15. Cloud Giants Commit Over $850 Billion to AI Data Centers
- 16. Amazon Invests $200 Billion in Data Centers for AI
- 17. Tech Giants Cut Thousands of Jobs to Fund AI Infrastructure
- 18. Anthropic Withholds Mythos AI Model Over Cybersecurity Risks
- 19. Trump Administration Unveils National AI Framework to Preempt State Laws
- 20. OpenAI Launches GPT-5.6 and ChatGPT Work After Government Review
- 21. Apple Sues OpenAI for Systematic Theft of Hardware Trade Secrets