The AI Vendor Risk Your MSA Can't Reach
Procurement teams have been arguing about indemnification clauses while the actual exposure walked in the front door wearing a flag pin.
The AI vendor risk worth worrying about right now isn't in your contract. It's the one no MSA clause can touch, and Washington just spent the week making it bigger.
The equity-stake idea floated by senior officials this week may not survive the month. The exposure it points at exists either way, and regulated-industry buyers can't draft around it.
If the federal government takes a stake in a lab, that government is the regulator, the customer, and the shareholder of the same company. Every procurement decision, every enforcement action, every export-control call carries a conflict that's structural rather than ethical. You can't disclose your way out of it. The conflict flows downstream to anyone buying the model, because the lab you depend on is now answering to a counterparty that also writes the rules for your industry.
And the state doesn't move as one block here. The NSA is reportedly running Anthropic's models for offensive cyber operations at the same moment Anthropic is in court against the Pentagon over Claude. One arm of the state is a combat customer, another is a courtroom adversary, and a third may soon hold the shares. If you're a bank or a hospital buying from that same lab, your vendor isn't a vendor in any clean sense. It's a node in a network whose other nodes regulate you.
You can't write an indemnification clause against your own regulator owning your supplier.
Governance is where buyers usually expect to land this kind of problem, and where it stops being enough. Standardization, access controls, output review, data egress rules. All of that still matters, and you want it in place before the sprawl. But governance handles the risks inside your four walls. It can't reach a risk that lives in the cap table of your supplier.
For regulated buyers, the contract has stopped being the perimeter. A vendor diligence packet that ends at SOC 2 and an MSA is no longer measuring the exposure. Who else has standing to compel this model's behavior? What happens to your access if the lab's largest shareholder is also the agency examining you? Whether you have a fallback if the model gets conscripted, throttled, or repointed by someone who isn't on your call list is the question your existing third-party risk function was never built to answer.
What that diligence looks like in practice, I don't know yet, and I haven't seen a procurement function that's built it. A starting move would be treating frontier-model dependence the way banks treat concentration risk in a custodian: name the shareholders that could compel behavior, name what happens to your operations if any one of them does, and price the answer. "Our paper is tight" is going to be a thinner answer than it used to be.
Sources
Want to talk about this?
Get in touchMore on AI
Export Controls Can't Catch Corporate Structure
Commerce posted chip guidance on a Sunday. The interesting part isn't what it banned. It's what it admitted by existing at all.
Per-Seat AI Pricing Was Always Temporary
Calling GitHub's token billing a fumble misses what's actually happening across the AI tooling stack. The seat-license era is ending on purpose, and most finance teams are budgeted for the wrong shape of bill.
Retrospective Candor Is Still Candor
Uber's COO said the quiet part out loud about AI ROI — but only after burning the year's budget. The timing is the whole story, and it isn't the story you've been told this week.