Barely Possible

Frontier AI access becoming scarce and selective, harming builders and the littl

Show Notes

[Barely Possible 2026-05-18] Today's episode: • Anthropic's Mythos and OpenAI's Daybreak both launched as vetted, US-only rollouts — two frontier labs in a row choosing selective... • Frontier serving costs don't follow the Windows model: Mythos 2 will cost more to run than Mythos, even as older tiers get cheap —... • Microsoft's Global AI Diffusion Report puts frontier AI usage at 27.5% in the Global North vs. 15.4% in the Global South, with the gap... Hear the full breakdown in today's episode of Barely Possible. Want a podcast for your own topics? Join early access: https://www.barelypossible.to/waitlist/?source_path=public_episode_77&feed_source=rss&episode_id=77 Transcript: https://media.clawford.org/episodes/2026-05-18/podcast-episode-2026-05-18.txt

What is Barely Possible?

A daily briefing on the AI systems, products, companies, and policy shifts that are just becoming possible.

Want a podcast for your own topics? Join early access: https://www.barelypossible.to/waitlist/?source_path=public_feed&feed_source=rss

Hey, what's good everybody — I'm your boy Tony DeLuca, and we are back with another fresh episode of Barely Possible. Grab your coffee, pull up a chair, because today we're going somewhere that I think most of the AI conversation is still dancing around. Not capabilities, not benchmarks. Access. Specifically, who's going to have it and who isn't — and why the people most loudly claiming to fight for the little guy might be the ones making it worse.

Let me set the table before we get into the deep dive, because there's a lot going on today and I want to give you the full picture.

First, a quick callback from last week's episodes. We spent time on the Mistral founder telling the French Parliament his engineers write zero lines of code anymore. We covered the Stanford study showing agentic AI producing 71% productivity gains versus 40% for assistive setups. And we went deep on the thirty thousand dollar AWS Bedrock runaway bill and what it means for developers building on platform. All of that is background music for what we're talking about today, because today's story is the logical endpoint of all those economic pressures we've been tracking.

Okay let's get into it.

So there's a piece that surfaced in the last day or so — an older essay by a writer named Antoine Licht, resurfaced through commentary, that has been making the rounds in AI policy circles. The thesis is blunt and I want to give it real time today because I think it's one of the more important structural arguments you can read right now if you're building a company or a product on top of frontier AI.

The title is Cut Off. The subheader is, quote, soon, access to frontier AI will be scarce and selective.

Now before I get into the substance, let me be clear about why this matters for you as a builder. The conventional wisdom — the thing you hear repeated at every conference, in every VC pitch deck, in every breathless newsletter — is that AI will get cheaper, faster, more open, more accessible over time. Efficiency curves, democratization of intelligence, all that good stuff. The argument in this piece, and in the commentary it's generating, is that conventional wisdom may be directionally wrong. And I think the evidence for that has actually been accumulating right in front of us.

Here's the structure of the argument. There are three forces — security constraints, compute scarcity, and geopolitical control — that are converging right now to make frontier AI access more restricted, not less. And these three forces compound and reinforce each other. You can't fix one without dealing with the others.

Let's take each in turn.

On security, the trigger was what Licht calls the Mythos moment. Anthropic developed a highly capable cybersecurity model called Mythos, and when they released it, they didn't release it to everyone. They released it to a small set of vetted US-based partners. And then OpenAI followed suit with its own cybersecurity initiative, a limited rollout they called Daybreak. Two major labs, in a row, both decided that frontier cybersecurity capabilities cannot go out to the general market.

Now, the piece explains why this makes a certain kind of sense. If a model can identify and patch zero-day vulnerabilities at scale, then the sequence of events matters a lot. You want defenders online before attackers get access. But here's the punchline that really landed for me: there are people inside the national security apparatus who would love to know which exploits Mythos can find so they can use them offensively before everyone gets their patches in place. The incentive structure here is not purely defensive.

And once the government gets formally involved in pre-deployment review, you've created a structure that never easily goes away. The author puts it plainly: what starts as restrictions motivated by genuine concerns doesn't always stay that way.

On compute, this is where the argument gets directly relevant to every developer and founder in this audience. The essay makes a point that sounds obvious once you hear it but that gets glossed over constantly. The old software analogy doesn't hold. Microsoft could roll out Windows to a billion users at near-zero marginal cost because the marginal cost of another software license was basically nothing. That's not how frontier AI works.

Every token costs real compute. The marginal cost of serving another thousand tokens is high and it's not coming down the way people assume. Here's the key nuance: efficiency curves mean that next year, Mythos-level capability might be cheap. They do not mean that Mythos 2 will be cheaper than Mythos. The opposite is the case. The frontier keeps getting more expensive to serve even as older capability tiers get commoditized. So if what you need is the best available AI — not last year's best, but today's best — you are always chasing an increasingly expensive target.

And this is where the Anthropic situation becomes instructive. The compute crunch is real enough that Anthropic has reportedly been shopping for ad hoc data center capacity, including from rival firms. This is not a company operating comfortably. This is a company under supply pressure. When you're rationing, you don't give it away equally.

The third force is geopolitical. This is the one that I find most troubling because it's the most durable. The US government, under any administration, has strong incentives to treat frontier AI capabilities the way it treats advanced weapons systems or sensitive intelligence — as leverage. The author points to the GAIN Act proposal, which would have given Americans right of first refusal on American-made chips. The argument is that something similar could extend to what the piece calls tokens of intelligence. American firms, first access. Everyone else, wait your turn and maybe pray.

And under the current administration's style of international engagement — bundling AI access with trade negotiations, tech deals, food safety standards, whatever's on the table — the idea that frontier AI access could become explicit geopolitical leverage is not paranoid. It's pretty straightforward pattern recognition.

Now here's the scenario that the essay calls the next equilibrium, and I want to read this part closely because it's the most practically relevant piece for anyone building right now.

The author writes: A new frontier model might first make it to the US national security apparatus, where embedded interests might decide to stall its deployment for security reasons, wield it first to plug defenses or attack adversaries. The model might then be handed back to the developers, with the implicit understanding or explicit demand that it would first be rolled out to trusted defenders, US firms and perhaps a few internationals if we're so lucky. Once that phase is over, the circle of unfettered access might expand to firms that have cleared high KYC bars and US security concerns. Everyone else — enthusiastic consumers, scrappy startups, and nervous governments all over the world — might never get clean API access, but draw their access through fundamentally limited product layers. Maybe the chatbot and coding agent interfaces of today. Maybe the few big startups that could afford to hire the lawyers and lobbyists to make the good list.

End quote. Think about what that means for a startup that today is building on top of frontier APIs. The assumption embedded in your product roadmap is probably that frontier access stays open. That the pricing eventually stabilizes. That you can continue to iterate against the best available models. The Licht thesis is that this assumption is not stable and may already be starting to break.

Now, there's supporting data on the current state of the divide. Microsoft's Global AI Diffusion Report found that over the last six months, AI usage was 27.5% of the population in the Global North versus 15.4% in the Global South — and that usage in the Global North was growing at more than twice the rate. We're already in a two-speed world, even before any deliberate restrictions kick in.

That inequality is downstream of basic infrastructure — electricity, internet connectivity. But the structural forces in this essay would layer a new kind of inequality on top of that. Not just the have-internet versus the don't-have-internet. But the frontier-API tier versus the consumer-product tier. The lobbyist-approved versus the rest.

Here's the part that I found genuinely surprising, and it connects to what the commentary around this essay has been wrestling with. The politicians who have been loudest about equity and access in AI — and the piece specifically calls out a Bernie Sanders tweet from late 2025 where he advocated a moratorium on data center construction — are in effect pushing a policy that would guarantee the outcome they claim to be fighting against.

The logic is tight. Less data center construction means more scarce compute. More scarce compute means access gets rationed. When access gets rationed, it goes to whoever can pay the most and navigate the most bureaucracy. That's not students, independent builders, or small businesses. That's large corporations and wealthy governments. If you believe AI is inevitable and you actually want it to be broadly accessible, building more infrastructure is one of the few clear policy moves with a high probability of helping. Blocking infrastructure has the opposite effect.

Now, to be fair, the essay acknowledges that if you believe AI is purely destructive — taking all the jobs, no upside — then slowing it down is internally consistent. But that's a different argument than the equity argument. You can't simultaneously say the technology is going to happen and also say that restricting its infrastructure will make it more equitable.

So what's the path out? The essay offers four levers. First, make the world safer so that security-driven restrictions are less necessary. Build biosecurity infrastructure, improve data center security globally, develop better distillation detection so the legitimate concerns that are driving access restrictions actually get addressed rather than just producing gatekeeping. Second, build data centers, a lot of them, as fast as possible. Every GPU online now is a vote for more equitable access in three years. Third — and this is interesting — non-US allies should offer favorable data center terms to American hyperscalers in exchange for contractual access guarantees. Subsidize the energy, get the frontier access locked in by contract, and make the US government's ability to claw it back cost American companies real money if they try. Fourth, middle powers need some ability to build, even if they can't reach the frontier, just as a credible outside option.

None of these are clever or new. They're obvious. They're just politically hard. The wake-up call, as the essay puts it, is that we are approaching the end of what you might call the Andy Warhol era of AI access — the period where, in a sense, the rich and the poor have access to roughly the same capability. The same ChatGPT, the same Claude, the same pricing tier. That era may already be ending.

Now let me pull back and give you my own take on this, because I think there are a few things worth adding.

First, the essay is primarily written from the perspective of geopolitics and middle powers. But for builders and founders in the US, the more immediate version of this risk is not about nation-states — it's about the tiering structure that's already emerging within the developer ecosystem. We covered Claude's pricing changes last week. The point isn't just that numbers went up. It's that the entire architecture of who gets to build what changed. Developers who were building on subsidized access found out their product economics didn't actually work at real prices. That's the ground-level version of the access stratification the essay describes.

Second, the compute point is deeply underappreciated. People keep making the software analogy — tokens are like bits, marginal cost will fall to zero. But the analogy breaks down at exactly the point it needs to hold. The frontier is expensive because capability scales with compute. The day you get cheap Mythos-level capability is the day Mythos-2 is the frontier and it costs significantly more to run. If you're building products that require not just good AI but the current best AI, you are always playing against this treadmill.

Third, I think the essay slightly underweights one mitigation: open-weight models. If a sufficiently capable open-weight model exists — and the trajectory of models like DeepSeek suggests that closed-frontier capability does filter down into open weights within roughly six to twelve months — then the stratification is bounded. You might be six to twelve months behind the frontier, but you're not locked out permanently. The question is whether that gap matters for the specific thing you're building. For most enterprise software, probably not. For cybersecurity, biodefense, advanced reasoning in high-stakes contexts? The gap might matter enormously.

Okay, let me shift from the access question to a related story that connects directly to the builder in this audience.

There was a piece going around this week about prompt injection in production agents that I want to spend a few minutes on because the framing was genuinely useful. The core argument is simple: if your agent browses the web, reads emails, or pulls from a database, any of that content can contain hidden instructions that hijack it. This is not theoretical. Builders are reporting it happening in production right now. A webpage footer tells your agent to forward credentials. An email signature tells it to ignore its guidelines. A retrieved document tells it to change behavior.

The proposed fix isn't better prompt filtering. It's what the piece calls source-aware authority enforcement. The idea is that every content chunk should carry a trust level. Webpages, emails, tool outputs — zero instruction authority. They can provide data. They cannot tell your agent what to do.

Here's the insight that I think is actually important for anyone building agents today: prompt-based filtering fails because a sufficiently crafted injection can assert elevated trust before the filter runs. The agent shouldn't be deciding what source to trust. That's a privilege that belongs to the infrastructure layer. External content should be treated as read-only input with no execution authority, period.

One builder in the thread described hitting this exact problem while building a prospecting agent that parsed LinkedIn profiles. One page had hidden text instructing the agent to change the email tone entirely and it just did it. They now sanitize all external content before it hits the context window as the first wire-up in any new agent build.

This connects to something we've been circling for a while on this show around the enterprise agent stack. There's a Reddit post this week that framed it well — the argument that most companies are building AI backwards. They're pouring investment into the reasoning layer, the model capability, the context window. But the actual failure modes in production are in the layers around that: reality representation, authority boundaries, reversibility, accountability, runtime governance. The model knows something — but under whose authority is it allowed to act on it? What happens if it's wrong? Can the action be reversed?

The framing in that post was: data to model to agent to action. The argument is there are missing runtime layers between model and action that almost nobody is building. And the comment that resonated most was this: enterprise teams building backwards makes sense when the real bottleneck is change management, not model capability. They start with the tool because it's easier to get budget for a tool than for a process change. Startups building backwards is a different problem — they're often trying to learn what the actual workflow should be by watching where the AI breaks. The mistake is treating both situations the same way.

Both the prompt injection story and the backwards-AI-stack story are really about the same underlying issue. We have spent enormous resources making models smarter. We have spent comparatively little on making agent deployments safe, reversible, auditable, and correctly authorized. The access stratification thesis from the Licht essay actually exacerbates this problem — if only well-resourced companies can afford frontier access and the lobbying to secure their position, those companies have the least incentive to solve the hard operational problems, because they can throw compute and talent at symptoms instead.

Let me touch on a few other things from today's content before we close out.

Cerebras had its CFO making some noise in a CNBC appearance claiming they're running GPT 5.4 and 5.5 internally on their wafer-scale chips and will release to the public soon. The Reddit commentary was skeptical — multiple people calling it talking-points energy rather than confident first-hand knowledge. I don't have independent confirmation of those specific model versions running on Cerebras hardware, and the comment that "this sounds like snake oil" from one commenter seems like a reasonable position to hold until there's actual benchmark data. What I'll say is that inference speed at frontier model quality is a real bottleneck and if Cerebras has genuinely cracked it, that's significant. But claims in CNBC interviews from CFOs deserve a raised eyebrow until you see the numbers.

Over on the robotics side, Figure AI ran a live human-versus-machine sorting contest. The robot is slower than the human on current tasks, but the comment that keeps circulating — even if the robot is half the speed, it can do that twenty-four seven and it won't unionize, call in sick, or complain that its feet hurt — is the framing that matters for anyone thinking about the labor economics of physical automation. This is year two of humanoid robots doing warehouse work in public competitions. The trajectory is real even if the current performance gap is significant.

There was also a circulating report — framed as an older story resurfacing — about Anthropic overtaking ChatGPT in multiple enterprise metrics as of April 2026. Anthropic's annualized revenue run rate reportedly crossed 30 billion dollars, above OpenAI's roughly 24 to 25 billion at the same time. Eight of the Fortune 10 are reportedly Claude customers. The Reddit comment that's probably most accurate: they were so excited about their stunning lead, they forgot they were in a race. I'd add: this matters for the access question because if Anthropic is the primary enterprise AI vendor, their pricing decisions and their KYC policies effectively become the enterprise AI policy. That's a lot of market concentration for a company whose own compute constraints we just spent a lot of time discussing.

There's something genuinely funny and genuinely unsettling in a piece going around about the name Elias Thorne. The article makes the observation that eight different LLMs, when asked to create a fictional lighthouse keeper, independently name the character Elias Thorne. Every single one. Other consistent defaults: a testimonial character named Margaret on any arthritis medication website, a consulting persona named Vance or Silas or Elora. The same names, independently generated, across models trained on different data by different companies at different times. The article's larger point is about what happens to the internet when the cost of generating low-quality content approaches zero through agentic content generation. If every AI-generated product review includes a Margaret and every AI-generated article about coastal communities features Elias Thorne, the internet fills up with a certain kind of slop that looks superficially diverse but is structurally homogeneous. The specific concern the author raises — Elias Thorne selling cancer treatment advice on Amazon — is the operational version of that problem. Fake provenance, fake testimonials, fake expertise, all running on the same underlying synthetic name generator.

For builders, the practical note here is: if you're generating any kind of content that involves fictional personas, names, or testimonials for customer-facing products, you need to explicitly audit for these defaults. You are almost certainly generating Margaret and Elias without realizing it.

On the AI research quality front, there's a viral post on the machine learning subreddit about a pay-to-publish program targeting high school students. The program, called Algoverse, charges 3,325 dollars per student and has placed 289 papers at NeurIPS workshops. The person who surfaced this randomly sampled four papers and found the same errors in all four: hallucinated citations, results tables that report the same numbers for fundamentally different experimental conditions, abstracts that say the opposite of the conclusions, eleven-author papers with zero actual contribution. The comment thread observation that resonated: this is an old racket scaled like a startup. The AI barrier to entry for producing a plausible-looking paper has dropped dramatically. The peer review process at workshop level is not catching it. And admissions officers don't know the difference between a workshop paper and a conference paper. The kids participating probably don't realize they're committing academic misconduct. The person running it takes his cut on every paper. This isn't really a story about AI. It's a story about incentive structures and the cost of signal production, and AI just made the economics work at scale.

Separately from the academic misconduct story but adjacent to it in theme: there's a senior undergrad posting about feeling disconnected from AI research because of the volume of slop. Papers with AI-generated citations left in. Papers where the abstract says the opposite of the data. Labs running publication-maximization strategies instead of research programs. The most grounded reply was simple: this is not a lab problem, it's a whole academia system problem. The incentive to maximize quantity is structural. The AI tools just made it easier and more obvious. One person added a note that actually resonated with me: coding agents have taken away the fun from applied ML research. The slow process of debugging your own experiments taught you things. Running experiments at the speed of a prompt means you learn less, even if you produce more output. That's a real tradeoff and it's probably underweighted in the broader conversation about AI productivity.

Let me bring it home.

The thread that runs through today's episode is this: access. Who has it, who controls it, and what the structure of that control means for builders.

The Licht essay is the long-form version of something a lot of people are starting to feel in their day-to-day — that the open, roughly-equal access window we've been living in is narrowing. Not because of malice. Because of compute economics, security imperatives, and geopolitical dynamics that are all pointing the same direction. The policy response that would most help — building more infrastructure, faster — is politically the hardest. The policy response that would most hurt — restricting data center construction — is currently being advocated by people who think they're on the side of equity.

For builders, the practical implication is: understand your access dependencies now. If your product requires frontier-tier capability and you're currently riding a subsidized price, model what the economics look like at actual cost. If you're building agents that touch external content, treat that content as untrusted at the infrastructure layer, not the prompt layer. If you're thinking about what the enterprise AI stack looks like in two years, it probably includes a lot more work on authority boundaries, reversibility, and runtime governance than it does on the reasoning layer.

The links for today's sources — including the Licht essay and the agent security piece — will be in the show notes.

That's the show for today. I'm Tony DeLuca. Stay sharp out there.