MICKAI
Article · 4 July 2026

Alex Karp Is Right: You Are Paying For Tokens You Cannot Audit

The Palantir CEO named the flaw in hosted AI. The answer his own critique points to is a sovereign system you own and run inside your own walls.

Alex Karp Is Right: You Are Paying For Tokens You Cannot Audit
Author
Micky Irons
Published
4 July 2026
Follow Micky Irons
LinkedInX
Sovereign AIOn-Premise AIRegulated EnterpriseAI GovernanceAlex Karp

Alex Karp does not soothe rooms. He walks into them, says the uncomfortable thing out loud, and dares the audience to argue back. That is rare among people running large AI companies right now, and I want to start by giving him full credit for it.

Give the man his due

Karp built Palantir into one of the few enterprise-AI operations that ships work which actually holds up under pressure. He did it while most of the sector was chasing demos and valuations. He took the hard customers, the ones in defence, intelligence, and heavily regulated industry, where a wrong answer is not an embarrassing screenshot but a real-world consequence. He argued for a Western technology backbone when that position was unfashionable, and he kept arguing for it when it cost him invitations. Whatever you make of any single Palantir contract, the man is a genuine builder and one of the clearest-eyed operators in this field. When he speaks about how enterprise AI actually behaves once it hits a serious institution, I listen, because he has the scar tissue to back it up.

So when Karp says, in public, that hosted-AI vendors capture customer data and bill customers for unproductive tokens that create no measurable value, my honest reaction is not to reach for a rebuttal. It is to say: yes. Precisely. He has named the structural problem sitting at the centre of the current AI market. And the answer his critique points toward is the thing we have already built.

The two problems inside one sentence

Karp's point contains two failures stacked together, and they are worth pulling apart.

The first is capture. When your prompts, your documents, and your model interactions travel to someone else's infrastructure, you have handed over the most sensitive raw material your organisation owns. It does not matter how sincere the vendor's privacy language is. The data left your walls, it sits on a substrate you do not control, and the terms can change. For a bank, an insurer, a hospital trust, or a defence supplier, that is not a footnote. It is the whole risk.

The second is the token you cannot audit. Hosted AI bills per token, which means you pay for every unit of computation the model chooses to produce, whether or not that computation moved your business one inch. You cannot see inside it. You cannot prove which tokens created value and which were expensive noise. You are handed an invoice and asked to trust the meter. In any other line item, a regulated organisation would demand an audit trail before it signed. In AI, most are told to look away.

Karp is right to call both of these out. The interesting question is what you do about them.

Classical marble scene, Mnemosyne, gold rim light on void black

Renting the substrate cannot fix a problem the substrate creates

Here is where I part company with the usual response. The industry's answer to Karp is to promise better contracts, tighter data-processing agreements, and a private endpoint. Those are real improvements, and for many workloads they are perfectly sufficient. I want to be honest about that, because overclaiming helps nobody. Almost every regime that governs our customers, from DORA and the FCA and PRA expectations to GDPR and the NHS data-security frameworks, permits cloud AI when it is properly controlled. The genuine no-cloud line is narrow and workload-specific: classified material, ITAR-controlled work, isolated operational technology, a data-protection assessment that comes back negative.

But permission is not the same as preference. A growing number of serious institutions do not want their most sensitive intelligence work sitting on infrastructure they do not own, metered by a bill they cannot audit, exposed to an exfiltration surface they did not design. That preference is rational, and it is exactly the preference Karp's critique validates. You cannot rent your way out of a capture problem, because the renting is the capture.

What owning the substrate actually looks like

We built Mickai as a Sovereign Intelligence Operating System, a SIOS, for precisely this reason. It is not a hosted service with a nicer contract. It is a system a regulated organisation owns and runs inside its own walls, air-gapped when the workload demands it, with the model, the data, and the compute all sitting on infrastructure the institution controls.

Two things follow directly from ownership, and both answer Karp point for point.

First, capture stops being possible, because there is no outbound trip. Your prompts and documents never leave your estate. The intelligence comes to the data instead of the data going to the intelligence.

Second, the token you could not audit becomes the action you can prove. Mickai writes a cryptographically-signed audit record on every action the system takes. You are no longer trusting a meter you cannot see. You hold a signed, tamper-evident record of what the system did, when, and on whose authority. That is the difference between paying for opaque tokens and owning an auditable ledger of work. For a compliance officer, that is not a feature. It is the whole point.

This is engineered work, not a slide. It sits on 104 filed UK patent applications spanning roughly 2,340 claims across 13 families, under named inventor Mickarle Wagstaff-Irons, moving toward examination. Those filings describe the sovereign runtime, the signed-attestation layer, and the governance substrate. We frame Mickai by what those filings contain, and by what the system already does today.

Classical marble scene, Mnemosyne, gold rim light on void black

The market this actually serves

We size the sovereign-preference market honestly. On the register data, roughly 16,092 UK and EU institutions sit in scope: about 7,933 regulated core organisations plus around 8,159 large private-sector adjacents. The enterprise-AI-platform software category itself runs from about USD 13bn in 2024 toward USD 50.3bn by 2030 on Verdantix figures, which is roughly £11.7bn to £39.7bn at current rates. We are not claiming these organisations are barred from cloud. We are saying a serious and growing share of them would rather own the substrate than rent it, once they understand what renting actually costs them in control, in exposure, and in tokens they cannot audit.

Karp described the disease with more candour than almost anyone at his level. We built the cure that his own diagnosis points to. That is not a rivalry. On this, we are standing on the same side of the argument.

Frequently asked questions

Does Mickai compete with Palantir or with Alex Karp?

No. We admire the work and we agree with Karp's public critique of hosted AI. Our point is narrower and complementary: for organisations that want to own rather than rent their AI substrate, a sovereign on-premise system answers the capture-and-metering problem he described. We align with his argument rather than against the man.

Is cloud AI actually banned for regulated firms?

No, and we will not pretend otherwise. Frameworks like DORA, the FCA and PRA regimes, GDPR, and NHS data-security standards permit cloud with proper controls. The true no-cloud requirement is workload-specific: classified, ITAR, isolated operational technology, or a failed data-protection assessment. The wider case for sovereignty rests on preference and control, which is exactly what Karp's argument speaks to. See our related writing on sovereign AI for regulated enterprise.

What does "a token you cannot audit" mean in practice?

Hosted AI bills per token of computation, and you cannot verify which tokens produced value. Mickai replaces that opacity with a cryptographically-signed audit record on every action, so you hold provable evidence of what the system did rather than an unverifiable meter reading. More in our piece on signed audit records and AI governance.

Is Mickai actually built, or is this a roadmap?

It is built and live. Mickai is a Sovereign Intelligence Operating System that regulated organisations own and run inside their own walls, air-gapped where required, with signed attestation on every action. The 104 filed UK patent applications describe the underlying architecture. For the fuller picture, see the sovereign intelligence operating system explained.

The takeaway

Alex Karp told the market a hard truth: hosted AI captures your data and bills you for tokens that create no measurable value. He is right. The honest conclusion is not a better rental agreement. It is ownership. Own the model, own the data, own the compute, and hold a signed record of every action the system takes. That is what we built. On this one, Karp and I agree.

Subscribe
Get every new Mickai article by email.

Long-form essays on sovereign AI from Micky Irons. One email per article. No tracking, no marketing, no third parties. Every email includes a one-click unsubscribe link.

Prefer RSS? Subscribe at /articles/feed.xml.

Originally published at https://mickai.co.uk/articles/karp-is-right-the-token-you-cannot-audit. If you operate in a regulated sector or want sovereign AI on your own hardware, the audit form on mickai.co.uk is the entry point.
More articles
4 Jul 2026
The EU Just Pushed High-Risk AI to December 2027. Here Is What We Are Building Instead of Waiting
The Digital Omnibus provisional agreement moves the EU AI Act high-risk deadlines from August 2026 to December 2027. Most coverage frames the delay as relief. We frame it as the window to own your compliance stack outright, so you are compliant on day one in 2027 instead of retrofitting logging, oversight and traceability under a live deadline.
4 Jul 2026
Article 50 Lands in August: Machine-Detectable AI Provenance, and Why We Sign It At Source
Article 50 makes synthetic content machine-detectable from 2 August 2026, and the draft Code of Practice names C2PA as the route. We bind Content Credentials to the cryptographically-signed audit record Mickai writes on every action, so provenance is produced at source inside your own walls, not bolted onto a cloud API afterward.
4 Jul 2026
Under Oath, They Said They Could Not Say No. That Sentence Is the Whole Market
Microsoft France told the French Senate under oath that it cannot guarantee European data will never reach US authorities under the CLOUD Act, even inside a French sovereign region. We think that single sentence defines the market. Sovereign cloud is a real engineering improvement, but while the parent is US-domiciled the legal gap stays open. The only structure where the answer to a foreign subpoena is genuinely no is one you own and run inside your own walls.
4 Jul 2026
Schrems III Is Coming. Do Not Bet Your AI Pipeline on an Adequacy Decision
A single US Supreme Court ruling has put every AI stack that routes personal data to a US processor back on the wrong side of legal certainty. We explain why the Data Privacy Framework is now shaking, why a third adequacy invalidation is a live risk, and why owning your inference in-territory is the only hedge that does not depend on how Brussels or Luxembourg rules.