The Week the Map Changed

Three weeks ago, I was in India — visiting AI partners whose work intersects with one of the most consequential technology buildouts in the world. Simultaneously, the India AI Impact Summit was convening in New Delhi: $200 billion in commitments, every major AI CEO on stage, 89 nations endorsing a new governance framework. Two weeks ago, I was in a Dubai airport at 3 a.m., watching Polymarket on my phone, calculating whether my flight would clear before the airspace closed.

It did. I got out at 0300, before the first strikes. As it turned out, I had a shorter layover on the return than I’d had on the way in. If it had been five hours instead of two, I’d likely be writing this dispatch from Dubai. GPS jamming and battlefield preparation had already begun by then — we just didn’t know it yet. The airline’s Wi-Fi cut out on the flight, or was jammed. We landed to a different world.

In the span of 72 hours, three events converged in a way I won’t forget: a global summit declared a new sovereign order for AI, the U.S. government blacklisted one of the world’s most prominent AI companies, and a shooting war in the Middle East struck an Amazon Web Services data center by drone.

They looked like separate headlines. They weren’t.

What Was Happening in New Delhi

The India AI Impact Summit was the first global AI summit hosted by a nation from the Global South. 600,000 attendees. Leaders from 100+ countries. Every major AI CEO — Dario Amodei of Anthropic, Sam Altman of OpenAI, Sundar Pichai of Google — on the same stage. More than $200 billion in investment commitments in five days.

I wasn’t in New Delhi for the summit. I was elsewhere in India, assessing the AI capabilities of partners I work with — the kind of ground-level work that tells you more than any summit keynote. But the backdrop mattered. What was being declared at Bharat Mandapam was something larger than investment: a declaration of independence.

89 countries endorsed the New Delhi Declaration — a governance blueprint that explicitly rejects the US-EU regulatory axis in favor of sovereignty-first AI policy. India’s Prime Minister Modi announced a goal to become one of the top three AI superpowers by 2047. France’s Macron stood on that stage and said: “Both Europe and India chose independence, and both were right.”

Infosys announced a partnership to embed Anthropic’s Claude across enterprise workflows in telecom, financial services, and manufacturing. OpenAI announced a major partnership with Tata. The largest AI ecosystem deals of the year were signed in Delhi, not Silicon Valley.

The theme of the summit wasn’t capability. It was who controls it.

The Blacklist That Landed the Same Week

On Friday, February 27 — as I was transiting through Dubai — the Pentagon blacklisted Anthropic. The same Anthropic whose CEO had been on stage in New Delhi days earlier.

The dispute: Anthropic refused to remove two restrictions from its Pentagon contract. No mass domestic surveillance of Americans. No fully autonomous lethal weapons. The Trump administration’s response was to designate Anthropic a “supply chain risk to national security” — a label previously reserved for Huawei.

Within hours, OpenAI stepped in to fill the contract.

The detail that every board should sit with: even as the U.S. government was blacklisting Anthropic, Claude was being actively used in the military campaign against Iran. And Palantir — which had embedded Claude deeply into more than $1 billion worth of Pentagon-facing software — was suddenly being ordered to rip it out.

This is what vendor lock-in looks like when geopolitics pulls the trigger.

A New Kind of Government Intervention

Here’s the part most U.S. managers aren’t prepared for: this isn’t really about Anthropic.

American industry has dealt with government intervention in technology before — most notably in encryption and cryptography. For decades, the debate over key escrow, export controls on strong encryption, and government backdoor access shaped how tech companies built and sold products. Those battles were largely won by industry, and they receded from the corporate consciousness.

What the Anthropic-Pentagon dispute signals is that the same dynamic is now bleeding into mainstream AI capabilities — and most boards haven’t registered the shift.

The Trump administration didn’t just dispute a contract clause. It invoked a national security designation — a tool designed for foreign adversaries like Huawei — against a domestic American company in a commercial procurement dispute. That is novel. That is a meaningful escalation of government’s claimed authority over how private AI companies may and may not configure their products.

Whether you agree with Anthropic’s red lines or the Pentagon’s position, the precedent is the same: AI capabilities are now a domain where the U.S. government asserts the right to define the terms of use — and to enforce them with the full weight of a national security label.

The managers and boards who treat this as a story about two companies arguing over a contract are missing the structural shift. The ones who recognize it as a preview of a new regulatory posture will have a significant advantage in preparing their organizations.

Dubai at 3 a.m.

I’d been monitoring Polymarket all week — the prediction markets had $529 million in volume tied to the timing of U.S. strikes on Iran. The odds were moving. My layover was short. I got out on Saturday morning.

The airspace closed behind me.

Within hours, Iran launched retaliatory strikes across the Gulf. An AWS data center in the UAE was struck by drone. NVIDIA shut its Dubai office. The same Gulf infrastructure that had drawn Microsoft ($15.2 billion), Google ($10 billion), and AWS ($5.3 billion) in regional AI commitments was under direct attack. The submarine cables running through the Red Sea — the physical layer that carries the majority of Europe-Asia data traffic — became chokepoints in an active war zone.

The week that began with a celebration of AI’s global future ended with its infrastructure in a missile exchange.

What Boards Have to Get Right Now

Three things happened in one week. A new sovereign AI order was declared. A major U.S. AI vendor was blacklisted by its own government. And the physical infrastructure underpinning Gulf AI investment took drone strikes.

These are no longer tail risks. They are the operating environment.

Here is what responsible boards need in place:

1. A vendor dependency audit — not a technology review, a risk review. Which of your AI systems are embedded deeply enough that losing the vendor overnight would halt operations? Palantir is rebuilding. Your company should have the answer before the question becomes urgent.

2. A clear picture of your sovereign AI exposure. Where does your data physically reside? Under which jurisdictions can it be compelled? The U.S. CLOUD Act allows American authorities to access data stored abroad. The UAE just proved that “secure” Gulf infrastructure isn’t immune to missiles. These are not theoretical concerns — they are active ones.

3. Geopolitical scenarios in your continuity planning. Not “what if our vendor has an outage.” What if your AI vendor is blacklisted? What if the data center region you depend on enters an active conflict zone? What if a trade dispute reshuffles the chip supply chain overnight? These scenarios happened in the same 72-hour window I just described.

The Three Questions to Ask Your AI Vendors

In Issue #1, I teased these. Here they are.

“If we needed to leave you in 90 days, could we — and what would it cost?”

This is the lock-in question. It forces disclosure on data portability, model exportability, IP ownership, and contractual exit rights. If your vendor can’t answer it cleanly, you don’t have a vendor — you have a dependency.

“Where does our data physically reside, who can legally access it, and under which jurisdictions?”

Not where the vendor says it lives. Where it can be legally compelled to go. The answer may surprise your legal team — and change your procurement calculus.

“If your service is shut down, sanctioned, or acquired — what happens to our operations the next morning?”

This is the resilience question. Palantir had to rebuild a billion-dollar software stack on short notice. Builder.ai collapsed and took clients’ applications down with it. The question isn’t whether this can happen. It’s whether your company has a plan for when it does.

The Bottom Line

The week I spent in India and Dubai taught me something I’ll carry into every board conversation for the rest of 2026.

AI strategy is no longer separable from geopolitical strategy. The assumptions we’ve made about where AI lives, who controls it, and what happens when governments intervene — those assumptions were stress-tested in 72 hours and some of them didn’t hold.

The boards that get ahead of this will build diversified, portable AI portfolios with real contingency plans. The ones that don’t will be reacting — at 3 a.m. in an airport, watching prediction markets, hoping the airspace doesn’t close before they can get out.

Good governance isn’t a brake pedal. But it does need a map.

Last week, the map changed.

---

Next issue: How to read an AI vendor’s safety claims — and what the Anthropic-OpenAI feud reveals about what “responsible AI” actually means in practice.

— Ian

AI CoE Lead, Altria | Board Chair, rvatech | iantyndall.com