Why America Should License AI, Not Export Control
Authored On
Modified
AI export controls protect U.S. ownership of frontier models Profit depends more on adoption than unrestricted export Security risks make licensed access safer than full release

A nation that ships every game-changing AI model it can monetize is not a market leader. It’s a landlord in a fire sale. The more immediate truth is this: software vulnerabilities are responsible for 31% of all published breaches today. That's more than stolen passwords. That puts a new calculus on AI controls. A new frontier model that can find holes in code, aggregate chains of tools, or accelerate exploit creation is not just another cloud utility. It’s a force-multiplier dumped into a world of aging hardware, thin security organizations and glacial patching schedules. Many would argue that the United States ought to sell its most powerful AI models everywhere before China does the same. The more powerful argument is instead this: the United States ought to offer AI services, paid access, safety protocols and enterprise capabilities, but ought not to foist its edge control over powerful models on everyone else until the time is ripe.
AI export controls are not a capitulation to defeat
The fundamental error in the current discussion is to see export controls on frontier AI as a contest between profit and sovereignty. That framing is too limited. In frontier AI, profit and sovereignty are intertwined. Whoever owns the model owns the pricing, updating, safety protocols, data licensing and timing of when the model is made public. Once the best weights of a model or the least moderated functions become distributed outside secure enclaves, that ownership becomes substantially attenuated. The cash may arrive, but the state and the company are deprived of the more valuable asset: not just the code, but the entitlement of when a capability is identified as an ordinary piece of public infrastructure and when it remains a siloed national resource.
This is relevant now because AI is shifting from chat mode into operational mode. It generates software, checks logs, plans attacks, searches code archives, formulates legal drafts and helps to determine customer routes. By 2024, 78% of firms used AI, up from 55% a year earlier. Usage differs from skill and most organizations remain dependent on pilots, crude automation, or staff wielding tools without a clear process. This disparity explains why many AI companies aim for more users, while many beneficiaries feel they are not getting enough return. The solution is not to cede the most sensitive class of model to any foreign customer, but to increase the value of existing licensed access.
The US already has the dominant commercial position. US private-sector investment in AI in 2024 probably topped $109bn-far above China's $9.3bn-and US firms generated more top-tier models than Chinese ones that year. But China is narrowing the quality gap and competition is heating up on price. This is why the export issue cannot be settled on market share. If too many high-risk models are simply exported to consumers, it helps competitors learn from those models, undoes the US bargaining advantage and may not get U.S firms enough lucrative low-risk customers. The right policy is to maintain a controlled abundance: inclusive cheap tiers, exclusive frontier tiers.
Profitability is driven by adoption, not unlimited export
The profitability problem is real, but it is sometimes discussed in the wrong places. AI firms have to pay enormous training bills, current energy consumption is climbing, staff costs are high and model shuttering is rapid. Frontier training costs are estimated to have increased at a rate of about 2.4 times per annum since 2016 and the largest runs could cross one billion dollars apiece by 2027 if the rate continues to be of this order. Add to this data centers that consumed approximately 1.5 percent of the world's electricity in 2024 and are expected to hit about 3 percent by 2030. These are not trivial costs. General free trade is an unconvincing response because it gives scarcity its value.

A better response is to ramp up paid usage within gated channels. This would include more enterprise training, clearer pricing, increased integration and products that take AI from something interesting to a productivity tool. The revenue growth of Anthropic shows its relevance. It scaled from an annualized revenue rate of a billion dollars in late 2024 to closer to three billion by the end of May 2025. Business quoting was its reported reason for such growth, specifically code generation. That is telling. Companies pay when a model addresses a real workflow, not when staff bombards it with prompts, copies whatever it outputs and plugs it back into their outdated workflow.
The business model is not broken. The existing licensing regime is the business model. Authorized access, approved enterprise deployments, trusted partner programs and cloud contracts enable US companies to profit without relinquishing entire ownership. They enable them to enhance safeguards, measure utilization, prevent misuse and charge a premium for added levels of confidence. An AI model offered as a downloadable power is a one-time handoff of leverage. An AI model offered as a tiered service is a sustainable revenue source. That is why AI export controls should be viewed as commerce infrastructure rather than solely as national security legislation.
The obvious response from critics is that this approach is far too slow. Chinese models now handle large workloads that sell at a fraction of what US flagship prices cost per token, promising the world will not wait. That warning matters, but that does not necessarily make it the frontier’s ideal export. With some models competitively priced at a sixth of recent Chinese prices, reported in 2026 at well below 18 cents per million tokens, buyers may be pushed toward cheaper Chinese alternatives, as 4 dollars in the US alone do not have credible grounds for caution. Via cheap power and government backing, China backed its AI core over cheap energy already. United States must match with cheaper safe tiers, smaller task models, homegrown energy, not crown the single most imprudent tier.
Security debt alters the value of export controls for AI
Pro-restraint arguments are particularly compelling in the field of cybersecurity. A cybercapable frontier model works well for defenders-fast code review, prioritization of security issues and automation to get tired teams to patch even faster. The same capabilities also allow attackers to move faster. That is the dual-use dilemma and it is real. This is not hypothetical. Mandiant sees exploits as the most frequent initial entry vector in 2024 incident response cases, representing 33 percent of cases for which it identified a root cause. IBM placed the average global cost of a breach in 2025 at roughly $4.4 million. These statistics do not imply that AI gives attackers everything they want; they imply that the world is already woefully inadequate at how it is currently defending its software.
That is why a too-wide sell-out of a model like MYTHOS prior to the overall IT upgrade would be a bad bargain. The immediate cash flow is sudden and obvious. The long-term price tag is dispersed over large numbers of clients in hospitals, banks, suppliers to science, public agencies and smaller firms with no big patch-team. This is the virtual balance sheet of AI export controls. The seller books up-front cash flows. The wider economy may pay the breach costs, downtime, fraud, ransom strain and state-of-emergency security costs. A limited-model release can impose widespread social risk when used by contractors, clients, or compromised accounts against vulnerable infrastructures.

The argument is that friendly nations require the most capable models to defend themselves. This is correct, although it does strengthen an argument for licensing rather than free release. Access can be granted to national cyber agencies, trusted banks, key infrastructure owners, cloud security companies and allied labs. Requests can be recorded. Requests can be rate-limited. Outputs can be filtered. Partners can commit to sharing jailbreak information and vulnerability feedback. It is not perfect. No system is perfect. This is still far better. But it is so much better than blanketing the world's most advanced cyber model into a global offering, before the protective support system is in place.
Another concern is that controls will lead partners to Chinese paradigms. This is a valid concern. But that is not an excuse for doing nothing. US policy should be a carefully made ladder, with a safe general model widely accessible, a more powerful model available for firms through trusted cloud services and audit agreements and a high-end model for partners who can demonstrate a true capability to secure themselves. This ladder will create a pathway, not an insurmountable barrier. And profits will be going to U.S firms at each stage, as well as having ownership remain in the right place.
License the access for the export model and keep ownership
A healthy AI export policy would distinguish between access and control. The US should be able to export edge AI advantages without exporting the entire frontier asset. That translates into more managed services, more partner clouds, safer application layers and more custom enterprise scenarios operating within the confines of approved environments. Many companies already assemble bespoke AI workflows within their own infrastructure. The greatest value arguably lies in direction, governance, being able to call in context, audit and cross-reference data links, rather than merely access to the sparest and most recent model core. Policy should be driven by that; the surest long-term gain is earned by aiding companies to deploy AI prudently, not by offering unrivaled access to the deepest model core.
Custom AI also undermines the argument that every country must have the latest full US frontier model. A bank, hospital group, retailer, or factory often needs a slim system that knows its own documents, risk rules, products and software stack. That can be built with a licensed frontier model, a smaller open model, or a private fine-tuned model. The strategic question is not "should AI cross borders," it should; it is whether the crown-jewel capability crosses as an owned power or as a governed service. AI export controls should drive that toward the second.
This is also where the skills problem begins. The outship profit is not just offshoring; it's also inside the user. Firms purchase AI before they have designed the work. They provide processes without contexts, then ask for efficiencies without changing the review steps, data flows, or software customs. The result is poor trust, high token throttles and shallow output. Export controls cannot solve this alone. But they can buy time to develop a better market. US companies can sell training, workflow design, secure interfaces, model routing, validation and compliance as products. These services transform the investment in and use of, AI into revenue without revealing the frontier core.
Policy must also be predictable. Capricious bans erode faith. Capricious abandonments destroy reputation. It should not be the ad hoc, knee-jerk scramble of the moment. A formal release ladder, with known criteria on cyber capability, user vetting, incident reporting and allied access. The Commerce Department, cybersecurity agencies and model labs should predetermine tiers before launch. Companies should learn what can be freely sold outside, what must be sold with overseer access and what must remain inside a sacred ring until the technology can support safe release. This is how the sovereignty-preserving, commerce-minded endgame of AI export controls should work.
The endgame is straightforward. If a model can alter the economic calculus of discovering and utilizing software bugs, it can demand a slower export route. The US can do without going in and caving in. It can offer AI access without losing AI ownership, deepen user adoption without surrendering the product and profit by selling trusted AI infrastructure. It can garner sovereignty by doing the same. That decision should be made before the next squeeze, not after some premature trade-offs and another slipshod in-and-out. The dominant AI nation should not mistake scope for release. It can monitor the value, structure the service, equip the engineer and lay the way.
The views expressed in this article are those of the author(s) and do not necessarily reflect the official position of The Economy or its affiliates.
References
Empromptu.ai (2026) ‘Export Custom AI Model to Your Infrastructure’, Empromptu.ai, 6 May.
Google Cloud Mandiant (2025) M-Trends 2025 Report. Google Cloud.
IBM Security and Ponemon Institute (2025) Cost of a Data Breach Report 2025. IBM.
International Energy Agency (2025) Energy and AI. Paris: IEA.
Kendler, T., Hussain, A., Waltzman, H.W., Soliman, T.A., Hickey, A.S. and Jebeyli, S.R. (2026) ‘Commerce Department Extends Export Controls to Advanced AI Models; Authorizes Release to Specific Trusted Partners’, Mayer Brown, 30 June.
Kerry, C.F. (2026) ‘The Trump Administration’s Embargo on Anthropic’s Latest Models Scorches Its Hopes to Export American AI’, Brookings Institution, 1 July.
Maslej, N., Fattorini, L., Perrault, R., Gil, Y., Parli, V., Kariuki, N., Capstick, E., Reuel, A., Brynjolfsson, E., Etchemendy, J., Ligett, K., Lyons, T., Manyika, J., Niebles, J.C., Shoham, Y., Wald, R., Walsh, T., Hamrah, A., Santarlasci, L., Lotufo, J.B., Shi, A. and Oak, S. (2025) Artificial Intelligence Index Report 2025. Stanford Institute for Human-Centered AI.
MindStudio Team (2026) ‘AI Model Export Controls Explained: What Government Review Means for Your AI Stack’, MindStudio, 1 July.
Shepardson, D. (2026) ‘AI-Related Data Breaches Surging, Verizon Report Says’, Reuters, 19 May.
Soni, A. (2026) ‘Cheaper AI Is Better: Soaring Bills Are Reshaping How Businesses Choose Models’, Reuters, 29 June.
Tong, A. and Dastin, J. (2025) ‘Anthropic Hits $3 Billion in Annualized Revenue on Business Demand for AI’, Reuters, 30 May.
Verizon Business (2026) 2026 Data Breach Investigations Report. Verizon.