e9n.dev
Back to Archive
AI

The AI Stack Is Now a Political Dependency

2026-02-28
8 min read

Last Friday, Secretary of War Pete Hegseth designated Anthropic a "Supply-Chain Risk to National Security", a label historically reserved for foreign adversaries, never before applied to an American company. President Trump ordered every federal agency to immediately stop using Anthropic's technology. Hours later, OpenAI announced it had struck a deal with the Pentagon to deploy its models on the DoD's classified network.

Anthropic was the first AI lab to deploy on that classified network, supporting American warfighters since June 2024. The sticking point? Two narrow exceptions Anthropic requested: no mass domestic surveillance of Americans, and no fully autonomous weapons. The DoD wanted blanket access to all lawful use cases. The negotiation collapsed, and the response was a designation designed for hostile foreign actors.

If you're building on Claude, this should make you deeply uncomfortable. Not because Anthropic did anything wrong, but because you just watched a vendor get eliminated from an entire market by executive order, overnight, with no technical justification.

This isn't a thought experiment about vendor risk anymore. It happened.

The Old Vendor Risk

A year ago, the AI vendor decision was mostly technical. You evaluated models on quality, latency, pricing, context window, and API ergonomics. Maybe you considered uptime and rate limits. The worst case was a price hike or a deprecation notice with a 6-month migration window.

The evaluation criteria looked like this:

  • Does the model handle our use case well?
  • Is the API stable and well-documented?
  • What's the cost per token at our volume?
  • Does the provider have a track record of reliability?
  • Are there contractual protections around data handling?

Reasonable questions. But none of them would have predicted that your provider could get blacklisted by the federal government on a Friday afternoon.

The New Vendor Risk

The risk model just changed. "Which model is best for our use case?" is now an incomplete question. You also need to ask:

What is my provider's political exposure? Anthropic's safety stance, which many in the industry admired, became the thing that got it banned. OpenAI reportedly drew the same red lines and got the deal. Sam Altman wrote that the DoD agreed to prohibitions on domestic mass surveillance and autonomous weapons. The same principles Anthropic asked for. The difference wasn't the safety principles. It was something else.

If your vendor's relationship with the current administration determines whether you can use their models, that's a dependency you need to account for.

What happens to my contracts if my AI provider gets banned? If you're selling to the federal government, or to companies that sell to the federal government, you now have a supply chain compliance problem. Anthropic clarified that the designation can legally only restrict Claude's use on DoD contract work, not other commercial use. But in practice, when a government label says "supply chain risk," procurement teams don't parse the legal nuance. They remove the vendor from the approved list and move on.

How quickly can I switch? This is the real question. If you got a call Monday morning saying "we need to be off Claude by end of week," could you do it? For most teams, the honest answer is no. And that gap between "we should be model-agnostic" and "we actually are" is now a business risk, not just a technical nicety.

What Model-Agnostic Actually Means

Everyone says they're model-agnostic. Almost nobody is. Here's what it actually requires:

Abstraction at the API Layer

Your application code should never import a provider SDK directly. Every call to a language model should go through your own interface that abstracts the provider away.

This means:

  • A unified request/response format that maps to any provider
  • Provider-specific adapters that translate between your format and the vendor API
  • Configuration that determines which provider and model to use, changeable without code changes
  • Fallback logic that can route to a different provider if the primary is unavailable

If you're calling anthropic.messages.create() directly in your business logic, you're not model-agnostic. You're Anthropic-dependent with extra steps.

Prompt Portability

This is where most "model-agnostic" claims fall apart. Prompts that work well on Claude often need significant rework for GPT-5.2 or Gemini. System prompts, tool definitions, output format instructions, all of these behave differently across models.

A genuinely portable setup means:

  • Prompt templates that can be tuned per model without changing application logic
  • Evaluation suites that test the same scenarios across providers
  • Awareness of which model-specific features you depend on (extended thinking, prefilled responses, tool use patterns) and abstraction or fallback strategies for each

Data and Privacy Isolation

Different providers have different data handling policies. If you've built workflows that depend on Anthropic's specific data retention or privacy guarantees, switching to OpenAI means re-evaluating those guarantees. Your data pipeline needs to be provider-neutral too.

Cost Modeling Across Providers

Token pricing, rate limits, and billing structures vary wildly. A cost-optimized pipeline on Claude might be 3x more expensive on GPT-5.2, or vice versa. Model-agnostic means having cost visibility across providers so you can make informed switching decisions under pressure.

The Practical Playbook

If you're a technical leader reading this and realizing your stack is more coupled than you thought, here's what I'd prioritize:

Week 1: Audit your exposure. Map every place in your codebase that calls an AI provider directly. Count the integration points. Identify which models are used where and for what. You need to know the blast radius before you can contain it.

Week 2: Build the abstraction. If you don't have a provider-agnostic wrapper, build one. It doesn't need to be perfect. It needs to exist. A thin adapter layer that lets you swap providers via config is the minimum viable investment. Most major frameworks (LangChain, LiteLLM, Vercel AI SDK) already provide this. Use one, or build your own if the frameworks add too much overhead.

Week 3: Run parallel evaluations. Take your most critical AI workflows and run them against at least two providers. Measure quality, latency, and cost. You need to know what the switchover actually looks like before you're forced into it. Discover the prompt portability gaps now, not during an emergency migration.

Week 4: Document and decide. Write down your switching plan. Which provider is primary, which is the fallback. What's the trigger for switching. How long would the migration take. Who owns the decision. This document is the output your leadership team needs.

This isn't a quarter-long initiative. It's a month of focused work that buys you the ability to respond to the next executive order, policy change, or vendor meltdown without scrambling.

This Isn't Just About Anthropic

I want to be clear: this post isn't about whether Anthropic or OpenAI is the better company, or whether the government's decision was justified. It's about the structural reality that AI infrastructure is now subject to political forces that didn't exist a year ago.

Today it's Anthropic. Tomorrow it could be OpenAI, Google, or a provider that doesn't exist yet. The specific vendor isn't the point. The point is that any AI provider can be removed from your supply chain by forces completely outside your control and theirs.

If your product depends on a single AI provider, you don't have a vendor. You have a single point of failure with political risk attached.

For the Builders

If you're an individual developer or a small team, the calculus is simpler but the risk is the same. You might not have federal contracts, but you do have users who expect your product to work tomorrow.

The minimum viable version of model-agnostic for a small team:

  • Use a routing library (LiteLLM, Vercel AI SDK, or similar) from day one
  • Keep your prompts in config, not hardcoded
  • Test against two providers at least quarterly
  • Have a documented "break glass" plan for switching providers

It's not much work. But the difference between having it and not having it is the difference between "we switched providers over the weekend" and "our product is down until we rewrite our AI layer."

The Bigger Picture

Every layer of abstraction in software eventually gets tested by reality. We learned this with cloud providers (multi-cloud isn't just a sales pitch when AWS has a region outage). We learned it with payment processors (ask anyone who depended solely on Stripe during their API incidents). Now we're learning it with AI.

The AI layer of your stack is not special. It's infrastructure. And infrastructure needs redundancy, fallback plans, and the assumption that any single provider can disappear.

The companies that built model-agnostic from the start won't even notice the next political shakeup. The ones that didn't will be scrambling on a Monday morning, trying to rewrite their entire AI layer under pressure while their competitors keep shipping.

Build for switchability. The politics will sort themselves out. Your architecture needs to survive regardless.

Anthropic says it will challenge the designation in court. Meanwhile, OpenAI is asking the DoD to offer the same contract terms to all AI companies. Whether that happens or not, the lesson is the same: if you can't swap your AI provider in a week, your architecture has a gap that no court ruling will fix.

Tags

#Agentic AI #AI #Leadership #Software Development