Summary: Why Claude Changed The AI Risk Equation (#168b) by Joerg StormExecutive Summary

Joerg Storm argues that AI risk has fundamentally shifted from a technology problem to a governance problem. Three major developments in the same week changed how organizations must think about AI adoption:

1. Governments can now restrict access to frontier AI models globally through export controls.

2. AI pricing is shifting from flat subscriptions to usage-based billing, making AI costs less predictable.

3. AI safety is increasingly determined by the user’s request rather than the model itself, introducing a new layer of policy and governance.

The result is that companies can no longer rely on a simple “approved AI models” list—they need dynamic AI governance that accounts for availability, pricing, and usage.

The Three Major Changes1. AI Access Has Become a Geopolitical Issue

Previously, companies assumed that once they subscribed to an AI model, access would remain available.

That assumption no longer holds.

Governments now have the ability to restrict access to frontier AI models based on export regulations. In the case discussed, Anthropic reportedly chose to disable access globally for affected users rather than risk violating government requirements.

Why it matters

A business may suddenly lose access to an AI model because of:

• employee nationality

• contractor location

• export regulations

• geopolitical changes

This means AI availability is no longer purely a technical consideration.

2. AI Is Becoming Consumption-Based

Storm explains that the industry is moving away from predictable monthly subscriptions.

Instead, products like Copilot-style assistants and autonomous AI agents increasingly charge based on:

• tokens consumed

• reasoning time

• compute usage

• agent runtime

Why it matters

An AI workflow that appears inexpensive during testing may become extremely costly once deployed at scale.

Example:

• Demo cost: negligible

• Thousands of autonomous agent runs: significant monthly expense

Organizations must now treat AI similarly to cloud infrastructure.

3. AI Governance Is Moving From Models to Requests

One of the biggest insights in the newsletter is that future AI systems may use one underlying model while exposing different capabilities depending on:

• who is asking

• what is being asked

• user permissions

• safety classifiers

Storm uses the example of Fable 5 and Mythos 5, which are described as sharing the same underlying frontier model while differing in what types of requests each product allows.

Instead of asking:

Which AI model are we using?

Organizations will increasingly need to ask:

What kinds of requests are permitted for this user?

This represents a major shift in AI governance.

Why Current AI Policies Are Becoming Obsolete

Many organizations currently maintain policies such as:

• ChatGPT approved

• Claude approved

• Gemini prohibited

Storm argues this approach no longer works because:

Models can disappear

A compliant model today may become unavailable tomorrow.

Pricing changes continuously

A model may fit today’s budget but become prohibitively expensive under usage-based billing.

The same model behaves differently

Capabilities may vary depending on:

• organization

• geography

• user identity

• request type

The “approved models” approach cannot capture these variables.

Who Is Most Affected?

The newsletter highlights three groups facing the greatest risk:

Global companies

Organizations with employees or contractors across multiple countries may encounter export restrictions.

Businesses using third-party AI vendors

If an AI platform depends on another provider’s model, customers inherit those dependencies without direct control.

Companies relying on a single model

Without backup options, organizations risk operational disruption if their primary model becomes unavailable.

Recommended Actions for Leaders

Storm recommends immediate steps for organizations:

1. Map AI dependencies

Go beyond identifying which model is used.

Also document:

• vendors

• APIs

• infrastructure

• regions

• fallback providers

2. Identify critical AI workflows

Determine which business process would be most disruptive if AI access disappeared.

Examples include:

• customer support

• document processing

• software development

• internal knowledge search

3. Create tested fallback plans

Don’t simply identify alternative models—verify that workflows function correctly with them.

4. Rewrite AI governance policies

Replace:

Approved Models List

with policies based on:

• request types

• user identity

• data sensitivity

• jurisdiction

• acceptable use

5. Reassess AI economics

Evaluate each AI initiative by asking:

• Should we continue purchasing managed AI services?

• Is it more economical to build in-house?

• Should we delay adoption until pricing stabilizes?

Key Takeaways

Storm emphasizes that AI governance now involves three interconnected dimensions:

The focus is shifting from selecting technology to managing risk across technical, financial, and regulatory domains.

Final Thoughts

The central message of this newsletter is that AI governance has become as important as AI capability. Organizations can no longer assume that access, pricing, or functionality will remain constant. Instead, they need resilient AI strategies that account for changing regulations, evolving cost models, and request-level access controls.

For business leaders, the competitive advantage will come not just from adopting powerful AI models, but from building flexible governance frameworks that can adapt to an increasingly dynamic AI landscape.

https://drstorm.substack.com/p/why-claude-changed-the-ai-risk-equation?utm_campaign=email-half-post&r=5xcpdm&utm_source=substack&utm_medium=email