John Whelan: US moves to control AI tech causes turmoil for Irish businesses

The US ban will also impact the range of services offered to Irish companies by Salesforce, Shopify, HubSpot, and Notion, as with immediate effect none of their customers will have access to Anthropic’s two most advanced software models anymore.

The directive by the US Commerce Department ordered the AI company Anthropic to stop letting foreign nationals use its most advanced models, Fable 5 and the underlying Mythos 5, on national-security grounds. The company switched off access to comply.

Many Irish companies have spent the past two years building products based on top of the Anthropic platform, thinking it was something you bought and kept. Now they are faced with the prospect of a foreign government turning off their system.

For non-Americans, the directive by Howard Lutnick to Anthropic, instructing the company to allow only US citizens to use its two most powerful models, was a live demonstration of what dependence on foreign AI infrastructure can mean.

Anthropic was given only 90 minutes to deny foreign nationals — including those residing in the US and its own non-American staff — access to Fable 5 and Mythos 5. Rather than build nationality-based controls at such short notice, it withdrew both models from the market altogether.

The official justification for the US move was cybersecurity. Fable 5 had reportedly proved unusually good at finding ways around software protection systems, raising fears it could be used in destructive cyberattacks against the US.

The concern may be legitimate and the US administration asserted the right to decide who should be permitted to use a given tier of AI capability.

Also, other issues are now emerging with the use of Anthropic’s Fable 5 and Mythos 5 models, which introduced an unavoidable rule: a mandatory 30-day data retention window for all traffic across third-party platforms and its own surfaces.

Enterprises immediately raised concerns about proprietary and sensitive company data being logged. This prompted massive corporate pushback, with Microsoft restricting its employees from using Fable 5 while it conducted urgent legal reviews.

For European enterprises, it comes with a growing risk that sensitive data may be leaving their control. For companies in finance, healthcare and law, which can mean proprietary data being retained or reused by third-party providers, in direct conflict with GDPR and the EU AI Act.

The question is not whether a move similar to Lutnick’s directive will happen again, but whether the world will have built a resilient, plural AI architecture by the time it does. Resilience requires real alternative options that can be activated. Just as countries diversify energy supplies, reserve currencies and critical infrastructure, they must diversify access to AI intelligence.

Fortunately, there are new AI sovereignty tools being built by Irish start-ups, alive to the issues. These start-ups carry out tests of the AI held inside the firm’s rules in real time and keep the evidence to show a regulator. Disseqt AI, a Dublin-based AI Assurance tech start-up offers such software systems to provide customers the necessary controls.

Mr Kumar, Disseqt’s CEO and co -founder stated “If one model can be switched off for foreign users overnight, then assurance cannot live inside any single provider. It has to belong to the organisation running the system.”

TensorX is another Irish AI infrastructure company that provides software to ensure private, sovereign systems,with zero data retention and hardware on EU-sovereign infrastructure in Dublin. TensorX enables regulated industries to deploy advanced AI in full compliance with GDPR and the EU AI Act.

Tim Grant, executive chair of TensorX , in a recent release stated that European companies want their data to stay in Europe, on infrastructure they can trust, under laws they are required to comply with.