Alex Karp Is Right: You Are Paying For Tokens You Cannot Audit
The Palantir CEO named the flaw in hosted AI. The answer his own critique points to is a sovereign system you own and run inside your own walls.
Alex Karp does not soothe rooms. He walks into them, says the uncomfortable thing out loud, and dares the audience to argue back. That is rare among people running large AI companies right now, and I want to start by giving him full credit for it.
Give the man his due
Karp built Palantir into one of the few enterprise-AI operations that ships work which actually holds up under pressure. He did it while most of the sector was chasing demos and valuations. He took the hard customers, the ones in defence, intelligence, and heavily regulated industry, where a wrong answer is not an embarrassing screenshot but a real-world consequence. He argued for a Western technology backbone when that position was unfashionable, and he kept arguing for it when it cost him invitations. Whatever you make of any single Palantir contract, the man is a genuine builder and one of the clearest-eyed operators in this field. When he speaks about how enterprise AI actually behaves once it hits a serious institution, I listen, because he has the scar tissue to back it up.
So when Karp says, in public, that hosted-AI vendors capture customer data and bill customers for unproductive tokens that create no measurable value, my honest reaction is not to reach for a rebuttal. It is to say: yes. Precisely. He has named the structural problem sitting at the centre of the current AI market. And the answer his critique points toward is the thing we have already built.
The two problems inside one sentence
Karp's point contains two failures stacked together, and they are worth pulling apart.
The first is capture. When your prompts, your documents, and your model interactions travel to someone else's infrastructure, you have handed over the most sensitive raw material your organisation owns. It does not matter how sincere the vendor's privacy language is. The data left your walls, it sits on a substrate you do not control, and the terms can change. For a bank, an insurer, a hospital trust, or a defence supplier, that is not a footnote. It is the whole risk.
The second is the token you cannot audit. Hosted AI bills per token, which means you pay for every unit of computation the model chooses to produce, whether or not that computation moved your business one inch. You cannot see inside it. You cannot prove which tokens created value and which were expensive noise. You are handed an invoice and asked to trust the meter. In any other line item, a regulated organisation would demand an audit trail before it signed. In AI, most are told to look away.
Karp is right to call both of these out. The interesting question is what you do about them.
Renting the substrate cannot fix a problem the substrate creates
Here is where I part company with the usual response. The industry's answer to Karp is to promise better contracts, tighter data-processing agreements, and a private endpoint. Those are real improvements, and for many workloads they are perfectly sufficient. I want to be honest about that, because overclaiming helps nobody. Almost every regime that governs our customers, from DORA and the FCA and PRA expectations to GDPR and the NHS data-security frameworks, permits cloud AI when it is properly controlled. The genuine no-cloud line is narrow and workload-specific: classified material, ITAR-controlled work, isolated operational technology, a data-protection assessment that comes back negative.
But permission is not the same as preference. A growing number of serious institutions do not want their most sensitive intelligence work sitting on infrastructure they do not own, metered by a bill they cannot audit, exposed to an exfiltration surface they did not design. That preference is rational, and it is exactly the preference Karp's critique validates. You cannot rent your way out of a capture problem, because the renting is the capture.
What owning the substrate actually looks like
We built Mickai as a Sovereign Intelligence Operating System, a SIOS, for precisely this reason. It is not a hosted service with a nicer contract. It is a system a regulated organisation owns and runs inside its own walls, air-gapped when the workload demands it, with the model, the data, and the compute all sitting on infrastructure the institution controls.
Two things follow directly from ownership, and both answer Karp point for point.
First, capture stops being possible, because there is no outbound trip. Your prompts and documents never leave your estate. The intelligence comes to the data instead of the data going to the intelligence.
Second, the token you could not audit becomes the action you can prove. Mickai writes a cryptographically-signed audit record on every action the system takes. You are no longer trusting a meter you cannot see. You hold a signed, tamper-evident record of what the system did, when, and on whose authority. That is the difference between paying for opaque tokens and owning an auditable ledger of work. For a compliance officer, that is not a feature. It is the whole point.
This is engineered work, not a slide. It sits on 104 filed UK patent applications spanning roughly 2,340 claims across 13 families, under named inventor Mickarle Wagstaff-Irons, moving toward examination. Those filings describe the sovereign runtime, the signed-attestation layer, and the governance substrate. We frame Mickai by what those filings contain, and by what the system already does today.
The market this actually serves
We size the sovereign-preference market honestly. On the register data, roughly 16,092 UK and EU institutions sit in scope: about 7,933 regulated core organisations plus around 8,159 large private-sector adjacents. The enterprise-AI-platform software category itself runs from about USD 13bn in 2024 toward USD 50.3bn by 2030 on Verdantix figures, which is roughly £11.7bn to £39.7bn at current rates. We are not claiming these organisations are barred from cloud. We are saying a serious and growing share of them would rather own the substrate than rent it, once they understand what renting actually costs them in control, in exposure, and in tokens they cannot audit.
Karp described the disease with more candour than almost anyone at his level. We built the cure that his own diagnosis points to. That is not a rivalry. On this, we are standing on the same side of the argument.
Frequently asked questions
Does Mickai compete with Palantir or with Alex Karp?
No. We admire the work and we agree with Karp's public critique of hosted AI. Our point is narrower and complementary: for organisations that want to own rather than rent their AI substrate, a sovereign on-premise system answers the capture-and-metering problem he described. We align with his argument rather than against the man.
Is cloud AI actually banned for regulated firms?
No, and we will not pretend otherwise. Frameworks like DORA, the FCA and PRA regimes, GDPR, and NHS data-security standards permit cloud with proper controls. The true no-cloud requirement is workload-specific: classified, ITAR, isolated operational technology, or a failed data-protection assessment. The wider case for sovereignty rests on preference and control, which is exactly what Karp's argument speaks to. See our related writing on sovereign AI for regulated enterprise.
What does "a token you cannot audit" mean in practice?
Hosted AI bills per token of computation, and you cannot verify which tokens produced value. Mickai replaces that opacity with a cryptographically-signed audit record on every action, so you hold provable evidence of what the system did rather than an unverifiable meter reading. More in our piece on signed audit records and AI governance.
Is Mickai actually built, or is this a roadmap?
It is built and live. Mickai is a Sovereign Intelligence Operating System that regulated organisations own and run inside their own walls, air-gapped where required, with signed attestation on every action. The 104 filed UK patent applications describe the underlying architecture. For the fuller picture, see the sovereign intelligence operating system explained.
The takeaway
Alex Karp told the market a hard truth: hosted AI captures your data and bills you for tokens that create no measurable value. He is right. The honest conclusion is not a better rental agreement. It is ownership. Own the model, own the data, own the compute, and hold a signed record of every action the system takes. That is what we built. On this one, Karp and I agree.


