Thoughts on Resilience, Sustainability and Sovereignty
The uncertainty of digital supply chains and AI economics points to an upheaval in resilience and sustainability, requiring new and sovereign approaches.
As the strategic competition over AI continues, the future of software is increasingly being built on borrowed land through centralised providers and centralised dependencies, which can both be controlled or poisoned.
Just this June, the US government issued an export control directive suspending foreign nationals’ access to Anthropic’s Fable 5 and Mythos 51, while OpenAI limited its GPT-5.6 preview to trusted partners2.
Around the same time, the software supply chain ecosystems around Python and JavaScript faced severe compromises, driven by the Mini Shai-Hulud worm and its exploitation of trusted publishing pipelines3.
Resilience
In light of the aforementioned distinct issues, it has become imperative to reconsider the resilience of software, trust and economics, and to explore options and alternatives that could foster a more resilient environment.
Although platforms such as PyPI and GitHub are moving towards enforcing 2FA and trusted publishing via OIDC45, the Mini Shai-Hulud attacks prove that abusing these exact pipelines keeps centralised platforms a potent target.
Similarly, as token prices fall and enterprise dependency on frontier models deepens6, the ability of global customers to rely on single-vendor solutions becomes precarious in light of abrupt geopolitical security directives.
Sustainability
Reliance on centralised software distribution in the areas of resilience and security may become increasingly difficult to sustain without governance processes that help preserve integrity in these areas over time.
There may be a need for a shift toward open, verifiable, and sovereignty-aware providers built on cryptographic trust, both for software packages and for models, to improve secure access to software in the future.
This may not be a question of missing software, but rather a question of incentives. Recent and future precedents may reinforce this shift, providing the necessary incentives to encourage a more independent approach to software.
Sovereignty
As such shifts enter the collective consciousness, responsibility for reliance and resilience moves from centralised providers to individuals or institutions capable of enabling broader or more specialised solutions.
A shift in responsibility of this kind can have disadvantages and may encourage individual providers to behave in a way that is similar to centralised models, especially when scale, efficiency or control are affected.
Conversely, institutional providers, whether open-source collectives or supranational initiatives, can serve as a democratised source of software, fostering transparency, collaboration, and shared governance.
Synthesis
The convergence of AI restrictions and compromised supply chains shows that resilience can no longer be based solely on major technology companies. True digital sustainability requires open, verifiable and sovereign alternatives.
Organisations should prioritise architectural sovereignty by replacing rigid dependencies with dynamic model routing and isolated verification pipelines. Cross-vendor redundancy helps to ensure continuity during outages or attacks.
This shift might act as a catalyst for a more mature ecosystem. Embracing cryptographic trust, open-source collaboration and diversified infrastructure can safeguard innovation against centralised risks and geopolitical pressures.
Until next time
Yours truly, Jairus Joer
Footnotes
-
Reuters, “Anthropic disables top-tier AI models after US order limiting foreign access”, 2026 ↩
-
TechCrunch, “OpenAI limits GPT-5.6 rollout after government request, says restrictions shouldn’t be the norm”, 2026 ↩
-
Picus Security, “Mini Shai-Hulud: The npm Supply Chain Worm Explained”, 2026 ↩
-
PyPI, “PyPI and Shai-Hulud: Staying Secure Amid Emerging Threats”, 2026 ↩
-
GitHub, “Securing the open source supply chain across GitHub”, 2026 ↩
-
InfoWorld, “Anthropic’s Claude Opus 4.5 pricing cut signals a shift in the enterprise AI market”, 2026 ↩
