Skip to main content

The AI Security Alliance Is Already Taking Shape

Picture

Member for

1 year 1 month
Real name
The Economy Editorial Board
Bio
The Economy Editorial Board oversees the analytical direction, research standards, and thematic focus of The Economy. The Board is responsible for maintaining methodological rigor, editorial independence, and clarity in the publication’s coverage of global economic, financial, and technological developments.

Working across research, policy, and data-driven analysis, the Editorial Board ensures that published pieces reflect a consistent institutional perspective grounded in quantitative reasoning and long-term structural assessment.

Modified

AI governance is moving toward a security alliance, not a global parliament
The United States holds the main model, compute, and cloud leverage
Voluntary standards will matter only if they become enforceable

The most significant fact in the domain of AI governance is not the absence of a global table. What matters is that one country already holds most of the seats that matter. A United Nations-commissioned Scientific panel measured in 2026 that the United States possessed 75% of the computing power of the world's top 500 AI supercomputers and China possessed 15%. One gap explains why the coming AI governance regime will not resemble a global parliament. It will look more akin to an AI security consortium. The reason is simple. The most capable models, the biggest cloud infrastructures, the frontier laboratories and the lion's share of the software environment will be located in the United States. Major partners will supply segments of the hardware chain, energy plants, finance and market accessibility. China and Russia will be excluded from membership. An international standards organization might be the language used in public. Selective dominance is likely to be the actual policy.

The AI Security Alliance Starts With Power, Not Process

The fundamental error behind today's debate is to frame AI governance as a design challenge, to assume that decision-makers only need the right forum and to write smarter rules. This framing is too simple. AI will not be an ordinary cross-border commodity. Instead, it will be an operational system linked to chips, data centers, model weights, cloud accounts, safety teams and rapid iteration cycles. It will be built and deployed across many layers. If a city cannot govern itself alone, a national agency is unable to even see the full chain. Even a federal prohibition might become useless when one of its identical models is used on a tour through country-user-employee-partners with the same set of workers running multiple regimes across multiple borderlands. The more complex truth is that Governance reflects power. It's not only the commissioners but rather the controllers of model deployment, chips, cloud contracts, payment rails, app stores and national security clearances.

That is why an AI security alliance is a better framework than an AI United Nations. A global agency can define standards. It can increase penalties for reckless behavior. It can give smaller countries a say. Yet it cannot compel the top AI companies to open a model, delay a launch, disclose testing data or disable a harmful client unless the states with actual power agree. The United States has extraordinary strength here. In 2024, the private sector invested $109.1 billion in AI in the United States, almost twelve times China's number and twenty-four times the United Kingdom's. US.-based institutions also trained forty important AI models in 2024, versus fifteen from China and three from Europe. Those figures do not suggest the United States can rule the AI field unilaterally. They suggest that any meaningful regime will proceed through American decisions first, then through coalition consensus.

Figure 1: The investment gap shows why AI governance power begins with the United States before it becomes an alliance question.

The Technology Stack Has Already Picked Sides

The recent battle over Anthropic, based on the Fable and Mythos architectures, offered a glimpse of what is next. A US export-control order prompted the company to freeze all access to two advanced models to foreigners. Then the company turned off access across the board because it could not run a seamless real-time nationality check across its entire menu of offerings. The restrictions were removed less than three weeks later once the company customized its screens and established closer communications with the US government. That quick turnaround matters. It proved that future AI controls will not be a once-and-done document. They will be a published live launch decision. There will be a fleet of access lists, red-team reports, jailbreak audits, cyber-risk levels and government intervention points. The old export-control paradigm was designed for shipments. Frontier AI controls will be designed for switches.

The stack also identifies roles in which friends become not only important but also irreplaceable: Taiwan because huge flows of advanced chips run through TSMC at a frequency unmatched by any other firm; OECD analysis was limited to 2015-2021, but uncovered TSMC controlling over 60% of all the world’s foundry contracts and 90% of the most advanced chip contracts and cited TSMC leadership stating that 99% of AI accelerators use TSMC technologies; Netherlands since lithography is a bottleneck; South Korea and Japan because of memory, equipment, materials and manufacturing capacity; United Arab Emirates because capital, energy and data centers can grow compute; and United Kingdom because of research capabilities, regulation and chip design assets. However, none of these roles can substitute for end-to-end ownership of the full model layer. The AI security alliance will be asymmetric by arrangement.

The lack of symmetry will cause strains within the alliance. The allies will demand influence-they're the ones whose companies, grids, data centers and universities got real costs. They won't stand for a system in which Washington makes all the world's sensitive decisions and everybody else just complies. However, they will know that a loose international forum can't protect them if a cyber, biosecurity, fraud, or surveillance model escapes and spreads with characteristically inconsiderable haste. The deal will be sharp but self-evident. The US will retain the first-mover advantage on frontier releases. The allies will demand joint evidence, possible channels, joint testing and market access-and that won't be a world government. That's a 'governed' security bloc with a privately owned technology infrastructure.

Voluntary Standards Will Not Hold the AI Security Alliance Together

Voluntary standards are flexible at first because they let companies and countries have forward motion while a treaty is not yet in place. They build a shared vocabulary for safety testing, transparency, auditing and incident management. They also lower the risk of each nation-state producing its own standards. G7's Hiroshima process in 2023 and the European Union's AI Act general code of conduct indicate that the soft law solution can convene firms towards a shared standard. The catch is that soft law is effective only when failure has a penalty. In the absence of compliance enforcement, standards are mere window-dressing. Firms can put values on their websites, join others in the sector discussions and yet sidestep tough ones such as model-weight security. An audit of 8 large firms' voluntary White House commitments in 2025 concluded an average disclosed-performance score of 52%. The lowest was model-weight security, with a 17% average score. Eleven of 16 firms scored zero in this aspect.

Figure 2: The weakest disclosure area is model-weight security, showing why voluntary standards need enforcement.

The solution is not to kill standards. It is to give them teeth. A credible AI security coalition would consider adoption criteria as gatekeeping for trusted access. Competitors seeking to commercialize front-line models in fellow jurisdictions would be required to agree to common responsibilities regarding safety case documentation, pre-release testing regimes, secure handling of model weights, customer due diligence, incident reporting protocols and independent scrutiny mechanisms. Duties should also be imposed on cloud providers, whose involvement can occur at each and every stage of deployment and tooling, rather than solely in relation to the base model. States must retain the power to stall a release, but it would need to be narrowly defined, transparent and justified by technical documentary evidence. The Anthropic episode demonstrated both the perils of indiscriminate measures and the hazards of being unprepared when a proficient model presents security risks.

The usual criticism is that an AI security alliance will fracture the internet and hasten a US-China arms race. That danger is immense. The course is already set. China is developing its own model and chip ecosystem. US restrictions on chips and sensitive AI are now integrated into US security strategy. Chinese businesses and government agencies will not wait for a universal safeguard treaty before establishing their own options. The real question is whether democratic nations can arrange their alliance to remain predictable, legitimate and open enough so that confidence remains high. A rule-guided coalition is more secure than an improvised embargo. It can broadcast limits, block an off-ramp, promulgate safety science and shield civilian research and development. It need not make each of its constituents face a choice: rely entirely on US corporations or accept isolation from the cutting edge of AI.

What the AI Security Alliance Must Do Next

First, separate safety rules from market protection. AI security alliance, if it ends up protecting a handful of US companies, will be quickly discredited. The rules are more, not less, binding for the dominant firms - a company with frontier models, running on cloud, serving hundreds of millions of users - is more liable for auditors, more open to competitor interoperability requirements and more responsible for fair access to developers. The standards should include market competition rules; they should pre-empt providers of models from hiding behind a security narrative to block competitors, bottleneck customers’ access to compute, or lock in customers into closed ecosystems. The goal is securing the system, not freezing the market. The same principles should be upheld by users of AI products, from public customers for AI services to the chancellors of the world’s leading universities, when acquiring them or participating in national AI initiatives.

The second task is to construct a real evidence pipeline. No bonded government should operate a weak, unsecured safety office and hope for the best. The alliance should develop shared test laboratories, standardized severity tag-ratings for jailbreaks, secure pathways for incident notification and a single register of high-risk capabilities findings. These bodies should be led by both outside technical experts and comprehensive civil-society and public-sector users, as model risk is not just a problem for labs-it shows up in courtrooms, schools, hospitals, banks, energy grids and small businesses. However, the system should not overwhelm them with administrative procedures. The maximum prudent standard is straightforward. The more functionally capable the model and the more generally released it is, the more robust the evidence required before its deployment should be.

The third goal is to leverage public procurement. Governments, public agencies, universities, hospitals and regulated firms will buy billions of dollars' worth of AI systems in the coming years. Their contracts can translate alliance rules into day-to-day practice: requiring model cards, safety information, data oversight, auditing rights, incident reporting and minimum standards for subcontractors. This is not a glamorous job. It is the site of real governance. A model that does not meet sharing standards should not be eligible for state contracts in allied markets. A model that does get there should be free to enter the market more easily. The fourth is to leave the door to the rest of the world open, but not pretend that all states are equal partners. Non-aligned and developing states want access to safe AI research tools and public-interest compute. Playing only with weaker systems, unsafe open models, or Chinese closed platforms will make it hard for the alliance to make its case publicly. A tiered system of access would be more plausible. GetTrusted partners could be given access to frontier open systems under intense monitoring. Institutes doing basic research could get subsidized access to compute with clear guidelines. Cheaper, lower-risk models could be widely used. More dangerous cyber or bio capabilities could stay restricted. This is not ideal fairness. It is careful openness in a domain where unregulated openness will cause genuine harm.

The decision is not between a huge AI UN and an arcane tech cartel-that's a false dilemma. What the world needs is one of those, then a more focused AI security alliance for the system's most damaging elements. Statistics should settle the matter. When one nation commands 75% of high-end AI supercomputing, governance can't start with modestly equal seats; it must start with leverage, then discipline them through law. An enforceable allies pact for frontier AI access, testing, audits and competition should be next and if liberal democracies don't put it together now, then the next emergency will-the world will be forced to, in fear and desperate haste, after a model has jumped the tracks.


The views expressed in this article are those of the author(s) and do not necessarily reflect the official position of The Economy or its affiliates.


References

Anthropic (2026) ‘Statement on the US government directive to suspend access to Fable 5 and Mythos 5’, Anthropic, 12 June.
European Commission (2023) ‘Hiroshima Process International Code of Conduct for Advanced AI Systems’, European Commission, 30 October.
European Commission (2025) ‘The General-Purpose AI Code of Practice’, European Commission, 10 July.
Le Poidevin, O. (2026) ‘UN’s Guterres warns AI outpacing oversight, urges global rules to protect children’, Reuters, 6 July.
Maslej, N., Fattorini, L., Perrault, R., Gil, Y., Parli, V., Kariuki, N., Capstick, E., Reuel, A., Brynjolfsson, E., Etchemendy, J., Ligett, K., Lyons, T., Manyika, J., Niebles, J.C., Shoham, Y., Wald, R., Walsh, T., Hamrah, A., Santarlasci, L., Lotufo, J.B., Rome, A., Shi, A. and Oak, S. (2025) Artificial Intelligence Index Report 2025. Stanford Institute for Human-Centered Artificial Intelligence.
Mueller, E. (2026) ‘AI CEOs pitch G7 leaders on global standards forum for advanced models’, Semafor, 17 June.
OECD (2025) ‘Competition in artificial intelligence infrastructure’, OECD Roundtables on Competition Policy Papers, No. 330, OECD Publishing, Paris.
Pilz, K.F., Sanders, J., Rahman, R. and Heim, L. (2025) ‘Trends in AI Supercomputers’, arXiv, 22 April.
Thomas, C., Freifeld, K. and Seetharaman, D. (2026) ‘US removes curbs on Anthropic’s latest Fable and Mythos AI models’, Reuters, 30 June.
Wang, J., Huang, K., Klyman, K. and Bommasani, R. (2025) ‘Do AI Companies Make Good on Voluntary Commitments to the White House?’, arXiv, 11 August.
Wheeler, T. (2026) ‘G7 should accept AI standards offer, but make it enforceable’, Brookings Institution, 1 July.

Picture

Member for

1 year 1 month
Real name
The Economy Editorial Board
Bio
The Economy Editorial Board oversees the analytical direction, research standards, and thematic focus of The Economy. The Board is responsible for maintaining methodological rigor, editorial independence, and clarity in the publication’s coverage of global economic, financial, and technological developments.

Working across research, policy, and data-driven analysis, the Editorial Board ensures that published pieces reflect a consistent institutional perspective grounded in quantitative reasoning and long-term structural assessment.