TL;DR
- AI vendor lock-in is not about which model you choose, but about where your agents run.
- On 12 June 2026 the White House showed that access to an AI model can disappear with a single government letter.
- Organisations that have embedded their agents deep inside one provider or suite cannot simply switch — technically they can, but only to a less capable model.
- Sovereignty is not a model choice. It is an architecture choice and a governance responsibility.
Over the past months I have built dozens of agents. In Cursor, in Claude Code, loosely connected via a gateway. For me, swapping a model is one line of code. A different model in, done.
But almost no organisation is set up that way. Their agents are not loosely connected to an API. They are embedded in the software the entire company runs on. That is not a detail. That is a risk that became visible last week.
The letter that arrived at 17:21
On Friday 12 June 2026 Anthropic received a letter from the US Department of Commerce. The instruction: immediately suspend all access to Fable 5 and Mythos 5 for every foreign user, inside and outside the United States, including Anthropic's own foreign employees. The letter arrived at 17:21. Within hours Anthropic had to shut down the models for all customers to comply with the directive, as the company states in its own announcement (opent in nieuw venster).
Let that land for a moment. The US government has used export controls for years to restrict the sale of advanced chips. But never before on the models themselves. This is the first time an AI model has been removed from the market with a single government letter. The trigger was a report that someone had managed to circumvent the model, and the US government had previously asked Anthropic, without success, to delay the launch.
I follow these developments because they directly touch on how dependent we make ourselves. And this story is not about Anthropic. It is about you, as a board-level decision maker in financial services, and about the question you probably have not yet asked yourself: what happens to my organisation if access to the model my processes run on is cut off overnight?
What AI vendor lock-in actually is
AI vendor lock-in is the dependency that arises when business processes are so deeply intertwined with one AI provider that switching may be technically possible but practically infeasible. The danger is not in the model. It is in everything you have built around it.
In the old world of software we already knew this. You were locked into a package because your data, your integrations, and your processes could no longer be extracted. With AI it is worse, for one simple reason: models do not change every two years but almost every week. I notice that myself every month. A model that was my best choice in May has already been overtaken in June. Whoever hangs their entire operation on one provider cannot keep up with that pace.
So far the theory. Because here comes the misconception I see many board members make. They think this is a procurement problem. A matter of the right contract, the right exit clause, the right vendor. But the real problem sits a layer deeper, and it is more technical and uncomfortable than a contract negotiation.
Why "just switching" is a false solution
When you put this to a technical party you often get a reassuring answer. Put a gateway in between, an abstraction layer, and you can connect any model you want. Today Claude, tomorrow GPT, the day after Gemini. Technically correct. It is a solved problem.
But switching presupposes that the alternative is equivalent. And that is precisely what it is not.
One model is simply better than another. For a specific task, at a specific moment, that difference affects your margin or your error rate. If the US government shuts down the best model, you are left with a gateway that works perfectly and a model that is worse. Your optionality is then paper optionality. You can switch, but to something inferior. In a sector where the gain lies precisely in model quality, that is no rescue.
This is also why I am sceptical about the reflex now emerging: then choose a European model and you are safe. I understand that reflex, and further on I show why it does not work the way you hope. But the core point is simple. A safer model that is worse does not solve your problem. It relocates it.
The real problem therefore lies not in the model layer. It lies in the layer below it.
The agents do not run in an API. They run in your suite.
Here comes the insight that makes the difference, and that I rarely hear stated clearly in practice. There is a difference between AI as a model you call via an API, and AI that is built into the software your organisation runs on.
The first you can replace relatively easily. The second you cannot.
Because most financial services firms do not build their own IT. They procure it. And whoever has their office productivity at Microsoft will soon also procure Copilot. Not because it is the best model, but because it involves the least friction. It is already in the licence, it already runs in the environment your people know, and it picks up your documents, your permissions, and your processes where they already are. That feels like the pragmatic choice. Operationally it is.
But look at what then happens. At the moment when all your agents, all your workflows, and all your automations sit inside Copilot, a block on the underlying model is no longer an inconvenience. It is an existential business risk. You do not then have to replace one model. You have to rebuild your entire operational layer.
And that is precisely why the Fable 5 case is not a distant problem. If the White House can block access to an Anthropic frontier model, there is nothing in that mechanism that limits it to Anthropic. An American vendor is an American vendor. The reasoning extends directly to a model from another American provider, or to the entire AI layer of an American suite. That specific scenario has not happened yet. But the precedent that a model itself can fall under export controls now exists.
The mess nobody decided to create
The most insidious thing is how this dependency arises. Not through a decision. Through the absence of a decision.
I see many organisations wrestling with which tool and which model. They have a ChatGPT account but also Copilot. One department builds something in one, another department in the other. Nobody has made a decision about the architecture. Someone took out a subscription, IT turned on Copilot because it was in the licence, and so it ran together. The lock-in seeps in; it is not decided.
And that is the point that is too rarely made in the boardroom. Not choosing is also choosing. Whoever does not consciously determine their agentic architecture leaves the choice to whichever vendor sits deepest in their environment and offers the least friction. That is not the vendor with the best governance. That is the vendor you already had. So you are making a choice. You are just making it blind.
And then one day a letter arrives at 17:21, and it turns out you have a dependency you never consciously entered into.
The European reflex that will not save you
Now the other side, because this is where it gets truly uncomfortable. Against the pragmatic "just take the best American suite" reflex stands the sovereignty reflex: go European, keep it in-house, then you are safe from Washington. That reflex feels sensible. And yet there is a catch.
A group of researchers, including Daan Juijn and Michiel Bakker, recently published Europe 2031 (opent in nieuw venster), a five-year scenario about what happens to Europe if it gets AI wrong. It is explicitly fiction, not a forecast, and the piece has an explicit agenda. But it exposes a painful mechanism. In the scenario, the organisations most committed to the "buy European" agenda are precisely the ones that pay the ransom during a cyber crisis. Because their European models had fallen behind at the moment it mattered.
That is the paradox. The pure European choice does not necessarily make you safer. It can widen your gap, precisely because parity is an illusion. And at the same time the Fable 5 case shows that the pure American choice leaves you vulnerable to a kill switch that is now demonstrably real.
Both pure choices constrain you. And that is no coincidence. It is the heart of the matter.
Sovereignty is not a flag on your model
Here the three stories converge and point in the same direction.
McKinsey describes in its AI in insurance report (opent in nieuw venster) of February 2026 how insurers are moving away from monolithic systems towards modular, open environments in which different AI tools can work together. They call it the agentic AI mesh: a setup in which internal and external agents safely collaborate via open standards, precisely to avoid vendor lock-in. For insurers this means the ability to plug in specialised solutions without having to rebuild their core systems.
Read that again. McKinsey describes, without naming it as such, exactly the protection against the problem I outline above. Not choosing one vendor or one jurisdiction, but building your architecture so you can switch without dismantling your entire operation.
That is what sovereignty truly means. Not the flag on your model. Not "American" versus "European". But the degree to which you own where your AI operation runs, and the degree to which you can adapt when the world shifts beneath you. Sovereignty is not a model choice. It is an architecture choice. And above all it is a governance choice, not an IT detail you let emerge somewhere lower in the organisation.
I wrote previously that open-source AI is becoming a governance necessity (opent in nieuw venster) and that controlling your AI costs (opent in nieuw venster) does not start with IT but in the boardroom. This is the logical next step. Where your agents run is not a technical question. It is a question about how dependent you make your organisation, and whether you keep that in your own hands.
What this means for you
I am both a supporter and a critic of the parties in this story. I build with these models every day and I see how good they are. At the same time I think Anthropic partly brought this on itself, by framing its own model in every press release as almost too dangerous to release. A cybersecurity researcher put it sharply: if you describe your product as munitions in every press release, a government will eventually take you at your word. That is not a detail. That is a lesson in how quickly commercial dependency and geopolitics become entangled.
For you as a board member, the question shifts. Not: which model do we choose? But: where do we let our agents run, how deeply do we let them root in one vendor, and did we decide that or did it just happen?
That is a question you cannot delegate to IT, because the answer touches your continuity. The organisation that today pushes hardest on data safety and sovereignty could in three years be the organisation that has put itself at the deepest disadvantage. And the way out is not less governance. It is governance that steers towards deliberate choices rather than towards unplanned proliferation.
I began this piece with the difference between me and most organisations. For me, swapping a model is one line of code. That is not a party trick. It is a consequence of how I built it: loosely, modularly, replaceably. The uncomfortable truth is that most organisations are built precisely the other way around, without anyone ever deciding that. The letter of 17:21 was for Anthropic this time. Next time it might be for you.
Sources
* The official Anthropic statement on the suspension of Fable 5 and Mythos 5: anthropic.com (opent in nieuw venster) * The McKinsey report on AI in the insurance sector, including the description of the agentic AI mesh: mckinsey.com (opent in nieuw venster) * The Europe 2031 scenario on Europe and AI: europe2031.ai (opent in nieuw venster)