Concentrated AI Power Is a Security Problem

Power that cannot be checked is not safe, no matter who holds it. That is the oldest lesson in governance, and artificial intelligence has spent the last two years proving it again. We keep describing the concentration of AI capability as an economic problem, a question of market share and competition policy. It is a security problem. When a small number of firms own the models, the compute, and the logs, the rest of us are not customers in a market. We are subjects of a system we are asked to trust and forbidden to verify.

The shape of the concentration

The numbers are not subtle. The United States and China together command roughly ninety percent of the computing power needed to develop and deploy frontier artificial intelligence, and between them they account for every one of the top-ranked foundation models in the world. Beneath that national picture sits a corporate one. Perhaps five companies control the models that now mediate how hundreds of millions of people write, search, decide, and remember. The economics drive toward exactly this outcome. The fixed cost of training a frontier model, the scarcity of high-quality data, and the capital required to stand up a large data centre all push the field toward winner-take-all, where a few players capture most of the profit and most of the influence.

Concentration of this kind is sometimes defended as convenient for regulators. A field built by a handful of firms is legible. You can subpoena five companies. You cannot subpoena a million. There is truth in that, and there is also a trap. The same legibility that helps a regulator hands those few firms enormous leverage, because the public and the state both come to depend on infrastructure that only those firms can see inside.

Trust is a systems property, not a press release

Here is the part the economic framing misses. Security is not a feature you bolt onto a system. It is a property of how the system is built, who can observe it, and who can lie about what it did. When one organisation owns the model weights, the silicon they run on, and the audit logs that record their behaviour, that organisation becomes the single source of truth about its own conduct. You are trusting the marked party to mark its own homework, on infrastructure you cannot inspect.

The vendor will tell you the logs are complete, the access controls are sound, the model behaved as described. Perhaps all of that is true. The point is that you have no way to know. A claim you cannot test is not a security guarantee. It is a marketing statement wearing the costume of one. Every incentive that drives concentration also drives the temptation to present the comfortable version of events, because the firm that controls the record controls the story.

The year the bill came due

If that sounds abstract, the last twelve months made it concrete. A single attacker used commercial AI coding tools and a frontier model to breach nine Mexican government agencies, exposing on the order of 195 million taxpayer records and well over a hundred gigabytes of citizen data. A data-leakage flaw in a leading consumer chatbot exposed user information and forced an emergency fix. Supply-chain breaches spread through the connective tissue of the ecosystem, where a company was compromised not because it was attacked directly, but because an upstream AI vendor it had granted access to was. The average cost of a breach involving AI now sits near 4.9 million dollars, the highest figure on record.

Notice the common thread. In each case, the affected parties learned what happened only when the controlling firm chose to disclose it, on the firm's own timeline, described in the firm's own words. That is the structural cost of concentration. The same hands that hold the capability hold the record of how it was used. Disclosure becomes a discretionary act of the powerful rather than a right of the affected.

Sovereignty is the policy answer, and it is incomplete

Governments have noticed. In 2026 the United Kingdom launched a 500 million pound Sovereign AI programme, committed a further 750 million pounds to a national AI supercomputer, and pushed total sovereign-compute commitments past a billion pounds, all framed as reducing reliance on overseas infrastructure. Across the European Union, federated compute projects and a hundred-billion-parameter open foundation model are advancing under the banner of digital sovereignty, while the European Union Artificial Intelligence Act moves into its enforcement phase from August 2026, demanding transparency and accountability where AI processes personal data.

This is the right instinct and an incomplete one. Building national compute relocates the data centre. It does not, by itself, change who can verify what the machine did. A sovereign cloud that still asks its users to trust an opaque log has reproduced the original problem in a new postcode. Sovereignty over hardware without sovereignty over evidence is real estate, not security. The deeper question is not where the computer sits. It is whether the operator can prove, to anyone, that the system behaved as claimed, without asking permission from the party being checked.

Replace trust with verification

I built Mickai because I do not think the public should have to trust a vendor it cannot audit, and I do not believe my own assurances should be the exception. Mickai is a Sovereign Intelligence Operating System. Fifty specialised brains, twenty-five domain and twenty-five operational, run on the Poseidon silicon substrate, on hardware the operator owns. That is the first move, and it is the easy one. The hard and decisive move is the audit chain.

Every action the system takes is signed before it executes, not after, into an append-only, hash-chained ledger we call the Open Audit Record. The signatures are post-quantum, using the ML-DSA-65 scheme that the United States National Institute of Standards and Technology finalised as Federal Information Processing Standard 204 in August 2024, so the record stays sound even against the cryptography of the next decade. The record can be checked offline by a verifier that runs inside an ordinary web browser, with no network connection and no call home to me. You do not trust my word that the log is honest. You run the verifier and the mathematics tells you. The audit root anchors to the Pantheon sovereign Layer 1 blockchain and onward to Bitcoin, so the chain cannot be quietly rewritten after the fact, by the vendor or by anyone else. The design is the substance, and it is protected by 101 filed United Kingdom patent applications, roughly 2,234 claims, owned by Mickai LTD.

What this is really about

Concentrated AI power is dangerous for the same reason any concentrated power is dangerous. It asks for trust and offers no mechanism for verification, and it controls the very records that would let you check the trust you were asked to give. The fix is not to hope the few firms behave, and it is not only to build national copies of their data centres. The fix is to change what the operator holds. Hold the hardware. Hold the keys. Hold the audit chain, in a form anyone can verify without your cooperation.

When the operator holds all three, trust stops being a favour granted by the powerful and becomes a property anyone can check. That is the whole of sovereignty, and it is the only version of AI safety I am willing to stake my name on. Verification, not faith. Built, not promised. The proof, in your hands and no one else's.