The U.S. Department of War’s confrontation with AI company Anthropic in early 2026 over military use of AI pushed into public view a question that had mostly circulated in AI safety circles, classified policy discussions, and speculative scenario work: what circumstances would drive a government to decide that a frontier AI lab is too important to remain under private control? 

Such a decision may often be described as a matter of “nationalization”, but that term can obscure as much as it clarifies. The more precise question revolves around issues of custody, release authority, access controls, and ultimate decision rights over frontier systems that could matter for cyber operations, biological risk, intelligence, military planning, economic management, and strategic competition. Formal seizure of a company is only the outer edge of a broader continuum. Long before reaching that point, governments can impose a variety of controls, ranging from compute licensing to priority access rules.     

The Anthropic episode shows how quickly the alignment question—the challenge of ensuring AI systems behave in accordance with intended human goals and safety constraints—becomes a question of sovereignty. Anthropic had already integrated Claude into government and classified environments while presenting itself as a company that would support lawful national-security uses subject to two red lines—mass domestic surveillance of Americans and fully autonomous weapons. When the Pentagon reportedly pushed back, the conflict was not really about whether AI should be useful to the state. It was about who gets to define the boundaries between lawful and safe use, and strategically necessary use. 

That is exactly the kind of dispute that makes nationalization plausible. A private lab can claim that its model should remain aligned to the developer’s values; a military customer can argue that lawful national-security use should not be constrained by a vendor’s categorical veto. Once the model becomes strategically indispensable, the state’s answer is likely to harden.

In addition, Anthropic’s early June essay on how AI models are getting closer to being able to improve themselves without human intervention—so-called recursive self-improvement (RSI)—added to the complex mix around this discussion. Early June also saw reports suggesting— not surprisingly—that Anthropic’s most capable model, Mythos, was being used by the U.S. National Security Agency (NSA) to assist in identifying vulnerabilities in Chinese networks, presumably for future offensive cyber operations. 

Mythos and the Threshold Problem

Anthropic’s public handling of Mythos makes the problem more concrete. The company claims that Mythos does better than humans on some tasks related to cybersecurity and generating offensive cyber operations approaches, but such a model could be dangerous in the wrong hands (meaning non-state actors). Anthropic officials have not released the model to the general public, instead only giving it to a select group of tech companies and organizations responsible for critical software. The company has also offered to work with the U.S. government to “help defend against the risk of these models”.  The NSA report suggests this process is well underway—the NSA has both an offensive and defensive mission to protect U.S. government networks.

Once a leading frontier lab says that a general-purpose model can materially improve vulnerability discovery at scale (and therefore should be withheld from general release and provided only to selected partners responsible for critical software infrastructure), it has already conceded the central premise behind state control—some model capabilities are too consequential to be treated as ordinary product launches. 

Mythos does not prove that complete nationalization is imminent. It does, however, create a precedent for a release regime in which access, custody, monitoring, safeguards, and coordination with government become central design features rather than afterthoughts. The same logic applies to OpenAI’s Preparedness Framework, where high-capability cyber, bio/chem, and AI self-improvement thresholds trigger stronger controls. Once frontier models are classified internally as high-risk capabilities whose deployment depends on mitigation, monitoring, trusted access, and enforcement, the distance between corporate governance and state governance narrows sharply.

This is where my critique of Anthropic’s broader AI-leadership argument comes in. Anthropic is right that frontier systems may create catastrophic misuse risks and that democratic governments need a serious strategy for securing model weights, compute, and dangerous capabilities. But its public framing too often collapses two different claims into one: that advanced AI requires strong safety governance, and that the United States and its leading labs should a preserve decisive advantage over China. 

That fusion is analytically unstable, in my view. As the claim that frontier AI could enable catastrophic cyber, biological, or military effects becomes stronger, so too does the case for U.S. controls on China, and, as a result, for China to conclude that U.S. labs are effectively part of a national-security project. In that world, safety rhetoric can become indistinguishable from the U.S. denying Chinese access to key components as a matter of strategy. The result is not necessarily more global safety; it may be more mutual insecurity, more hedging, and more pressure on both governments to pull frontier labs closer to the state.

That is why the recent statement from OpenAI’s vice president of global affairs, Chris Lehane, is important. Lehane suggested that the United States could use its AI lead to build a global governance mechanism for safer and more resilient systems, potentially including China. He also invoked a model for international coordination similar to the International Atomic Energy Agency, which aims to avoid nuclear proliferation between rival states by offering independent nuclear supervision. This is not a minor rhetorical shift. It implicitly recognizes that if the United States treats frontier AI only as a competitive asset to be denied to China, then Beijing will read every U.S. lab-government tie as evidence of containment and every safety standard as a potential instrument of exclusion. 

A U.S.-led framework that includes China would not solve the nationalization problem, but it would create an alternative channel for discussing release thresholds, cyber and bio red lines, model evaluation, and crisis communication before national-security establishments on both sides conclude that unilateral state control is the only safe path. The idea of a U.S.-China dialogue on frontier AI model governance was on the table at the mid-May presidential summit in Beijing, primarily because of Mythos. But there will be major political obstacles to real dialogue work, and a multi-lateral approach will surely be required.

How Close is the United States?

While it has not yet pursued total nationalization, the United States is already moving along the soft-nationalization path. The 2023 Biden AI executive order used Defense Production Act (DPA) authority (established in 1950) to require developers of powerful foundation models to share information,  including safety-test results and information about large compute clusters, with the government. The Bureau of Industry and Security then moved toward implementing reporting rules that would give the state greater visibility into advanced model development and compute infrastructure. That did not amount to seizure, but it normalized a crucial principle: frontier models and large compute clusters are not merely private assets; they are national-security-relevant capabilities subject to exceptional state visibility.

The Trump administration has pushed the issue from oversight toward operational control. The Anthropic-Pentagon conflict, OpenAI’s expanding government work, and broader efforts to ensure the Department of Defense and the intelligence community have access to frontier models all point in the same direction. The U.S. government wants best-in-class models available inside secure environments, under conditions it can shape. 

Strategic Measures?

If a leading lab refuses certain uses, if contractual arrangements with cloud providers block access, or if employees revolt against defense work, policymakers will not necessarily wait for the market to resolve the problem. They will look for statutory tools, procurement leverage, export-control authorities, security classifications, and possibly DPA-style priority measures. Discussion in a recent draft bill by Senator Marsha Blackburn makes reference to “potential nationalization or other strategic measures” around artificial superintelligence is therefore best read not as an immediate policy plan but as an early marker of contingency planning.

The most plausible U.S. trajectory is not a sudden takeover of OpenAI, Anthropic, Google DeepMind, or xAI. The most likely path is a staged escalation. The first stage is visibility: mandatory reporting, model evaluations, compute-cluster disclosure, incident reporting, and security requirements. This is already happening to some degree via cooperation with the US Center for AI Standards and Innovation (CAISI).  (Note: A Commerce Department page touting the additions of xAI, Google, and Microsoft joining OpenAI and Anthropic on voluntary evaluation was pulled down shortly after being released, highlighting the sensitivity of the issue and major ongoing debates about how to handle the situation caused by the Mythos Moment, without any clear legal framework in place.) 

In late May, the government pulled back a new Executive Order (EO), which was intended to begin the designing of a legal framework for the government’s role in the release of frontier models. The subsequent release of a slightly modified version of the EO highlights the internal debate within the administration on the relationship between the government and leading labs.

The post-EO debate is best framed as state access without formal state control. The order rejects a licensing or preclearance regime for frontier models, but creates a 30-day voluntary pathway for covered frontier labs to give the federal government pre-release access under classified benchmarking and confidentiality protections. That puts the U.S. government closer to frontier labs as an evaluator, early user, cybersecurity coordinator, and national-security partner—but not as owner or operator. 

Another controversy has recently arisen: the temporary government-directed restriction on access to Anthropic’s Fable 5, which is a public-access version of the Mythos 5 model. Anthropic’s statement indicated that the U.S. government “believes it has become aware of a method of bypassing, or ‘jailbreaking’ Fable 5”, although the government did not provide evidence or specifics. It is also possible that there was classified information suggesting Chinese actors gained some level of access to Mythos capabilities, but this seems unlikely to have been a primary driver. Public reporting suggests that Amazon Web Services (AWS) alerted U.S. officials to a potential jailbreak or misuse pathway involving the model, while Anthropic has maintained that the issue was limited and did not justify broad restrictions on deployment. Although the full details remain classified or disputed, the episode strongly suggests involvement by multiple agencies, likely including elements of the intelligence community such as the National Security Agency (NSA), alongside Commerce and national security officials. 

More important than the technical merits of the reported vulnerability is the institutional question it exposed: who, exactly, has the authority to determine whether a frontier model should be released, delayed, restricted, or modified? The answer remains unclear. 

In practice, a combination of cloud providers, frontier labs, intelligence agencies, and White House officials appears to have improvised a decision process in real time—that ambiguity is unlikely to survive future incidents. Rather than reducing government involvement, the Fable 5 controversy will likely strengthen arguments for a more formal review process, clearer authorities, mandatory reporting requirements, and expanded government oversight of frontier model development.

Another lesson from the Fable 5 episode is that cloud providers may emerge as quasi-regulators of frontier AI. Public reporting indicates that AWS played a key role in elevating concerns about Fable 5 to senior administration officials. If frontier AI increasingly depends on a handful of hyperscale cloud providers for training, deployment, and security monitoring, then effective control over model release may ultimately involve a triangular relationship among labs, cloud providers, and governments rather than a simple state-versus-company dynamic.

The unresolved tension is whether this “voluntary partnership” model is durable. The latest reporting suggests the system may already be evolving beyond voluntary cooperation. Multiple AI executives reportedly now believe that frontier labs are expected to provide government officials with early access to advanced models and maintain continuous consultation around major launches. Whether formally required or not, this begins to resemble an informal pre-release review process. Anthropic-style safety advocates will see it as too weak without mandatory testing, while anti-regulation voices will still worry it normalizes government gatekeeping. In light of Trump’s separate interest in potential public equity stakes in leading labs—articulated in early June—the broader direction is toward treating frontier labs less like ordinary private firms and more like strategic national infrastructure, but without yet crossing into nationalization.

The second step in this staged escalation is conditional permission: access to frontier training runs, gating of certain deployments, trusted-user regimes, identity-linked monitoring, restrictions on model weight release, and government say over high-risk cyber or bio capabilities. 

The third stage is operational integration: classified development streams, defense and intelligence procurement dependence, government-directed capacity allocation, priority access to AI hardware and power, and secure facilities for selected models. Only after those stages fail to meet the government’s expectations, or after a crisis, does hard nationalization become a serious option. 

First Real Test

The June executive order appears to bring us further along this staged road. The Fable 5 dispute may ultimately be remembered as the first real test of this emerging system. Unlike earlier debates over model evaluations or voluntary reporting, this case appears to have involved an attempt to influence or delay deployment of a frontier model already judged by its developer to be ready for release. Whether the government’s concerns were justified is almost secondary. What matters is that the episode exposed the absence of a settled mechanism for adjudicating disagreements between frontier labs, cloud providers, intelligence agencies, and policymakers. Once that gap becomes visible, pressure typically builds for new authorities rather than fewer authorities.

Four triggers could move Washington closer to that third stage or beyond. The first is a model that crosses a widely recognized threshold in cyber, bio, autonomous research and development, or strategic planning. This could include a model capable of discovering previously unknown software vulnerabilities, substantially lowering barriers to biological engineering, or autonomously pursuing long-horizon research objectives—especially if the lab itself admits that general release is unsafe. With Mythos, we have seen an early version of this trigger. More importantly, the subsequent Fable 5 dispute suggests that once a model is viewed as crossing a government-defined capability threshold, the debate rapidly shifts from technical evaluation to questions of release authority, trusted access, and sovereign oversight.

The second is loss of visibility: a major training run, capability jump, or deployment that government regulators learn about too late or cannot evaluate independently. 

The third is military dependence: if frontier models become central to cyber operations, targeting support, autonomous systems, logistics, or strategic warning, the state will demand assured access and override rights. 

The fourth is geopolitical shock: a Chinese breakthrough, a major offshore compute loophole, or evidence that a rival has paired frontier models with military or intelligence systems in a way that appears to threaten U.S. advantage.

There is also a political-economy reason the U.S. pathway is likely to remain indirect for as long as possible. The leading labs are not just model developers; they are embedded in cloud contracts, GPU/CPU procurement, energy deals, enterprise distribution, research labor markets, and consumer platforms. A direct takeover would raise compensation, governance, liability, IP, antitrust, and constitutional questions that would be difficult to resolve quickly. 

But those obstacles do not prevent the state from creating a special frontier-lab regime that looks increasingly like the defense-industrial base: private ownership, public dependence, classified interfaces, security clearances, mandatory reporting, and government priority in crisis. That model fits the American system better than outright ownership, and for that reason, it is the more likely outcome, unless a truly discontinuous capability shock changes the political calculus. Here, we will need to watch closely how President Trump’s apparent proposal for government equity ownership in leading AI labs plays out. The administration has already taken a stake in U.S. national champion semiconductor manufacturing leader Intel, setting an interesting precedent.

On balance, the United States is not close to formal nationalization today but rather something more important—a durable governance regime in which the leading labs remain privately owned but increasingly operate like regulated strategic infrastructure. The late-2020s window matters because several pressures are converging at once. AI safety thresholds are becoming operational rather than hypothetical; the defense and intelligence communities want frontier access; the labs need government support for chips, power, permitting, procurement, and international market access; and U.S.-China competition gives every capability advance a national-security interpretation. Hard nationalization remains a crisis option. Soft nationalization is already underway. The Fable 5 controversy demonstrates that the key battleground is no longer ownership but authority. Now, the central question has become who decides when a frontier model is safe enough for broad release: the company that built it, the cloud provider that hosts it, or the government that believes it bears ultimate responsibility for national security consequences.

The Mythos/Fable controversy suggests that soft nationalization may advance less through legislation and more through ad hoc crisis response. Each dispute over cyber capabilities, biosecurity risks, model autonomy via RSI, or strategic competition creates incentives for government agencies to seek greater visibility and greater leverage over release decisions. Yet every expansion of that leverage carries a tradeoff. It increases the attractiveness of open-source ecosystems—particularly Chinese ones—that are perceived as less vulnerable to discretionary intervention by Washington. The challenge for U.S. policymakers is therefore not merely to create stronger oversight, but to do so in a way that preserves confidence in the openness, predictability, and global accessibility of the American AI ecosystem.

The China Mirror Image: Steering Before Seizure

The common assumption in Washington that Beijing could simply nationalize its leading AI labs overnight is both partly true and mostly misleading. China has far more coercive leverage over its private sector than the United States. It can use party-state channels, cybersecurity reviews, data rules, model filing and registration requirements, procurement, state-owned enterprise (SOE) partnerships, compute allocation, administrative guidance, and national planning mechanisms to shape corporate behavior. But precisely because Beijing already has this dense toolkit, it has less need to jump directly to formal seizure. In China, the better concept is not nationalization, but state steering.

Several official concepts define the likely Chinese path. “Two unwavering principles”, for example, refers to the Party-state priorities of supporting both the public economy and the private economy, with the 2025 Private Economy Promotion Law reaffirming that private firms remain an important component of China’s socialist market economy. “Coordinating development and security” captures the planning logic: innovation and control are not separate domains but must be fused. “AI Plus” points toward broad deployment of AI across industry, services, governance, science, and embodied systems rather than confinement inside a single state weapons complex. “Self-reliant and controllable” does not simply mean state ownership; it means reducing foreign dependency while ensuring that decisive systems remain governable, interoperable, and nationally legible. “Safe, reliable, controllable,” especially in military AI, places final authority with the state, but does not require that every leading lab become an SOE.

This distinction matters because China’s frontier AI ecosystem is not an old-style strategic weapons complex but an industrial policy-led ecosystem designed to leverage AI for economic growth. It depends on private and quasi-private firms, young technical talent, globally benchmarked research communities, entrepreneurial incentives, cloud platforms, open-source ecosystems, and intense competition across Beijing, Shanghai, Shenzhen, Hangzhou, and returnee networks. A blunt takeover of a leading lab could damage the very incentive structure Beijing needs to sustain. Chinese policy documents themselves reveal this anxiety. They emphasize talent attraction, compensation reform, mobility between firms and research institutes, compute access, and support for private firms. Those are not decorative policy slogans. They are signals that Beijing understands that frontier AI cannot be managed only through command mobilization.

The Chinese system, therefore, faces a paradox of control. It can compel cooperation more easily than Washington, but compulsion is not the same as frontier performance. The most important Chinese labs need access to elite engineers, open research networks, flexible product cycles, commercial customers, and enough autonomy to experiment with model architectures, agentic deployments, and overseas-facing developer ecosystems. A nationalized lab that loses its best researchers, slows iteration, or becomes primarily responsive to bureaucratic reporting lines could fall behind even if it enjoys privileged access to state compute. Beijing’s problem is not whether it has authority but rather how to exercise authority without killing the very private-sector energy that made the leading model developers useful in the first place.

China’s current approach is therefore more likely to build a strategic exoskeleton around the AI ecosystem than to absorb it wholesale. SASAC’s push for central SOEs to expand compute investment, support AI Plus industrial communities, strengthen open-source collaboration, and coordinate embodied-intelligence ecosystems shows the pattern. The state can build large compute platforms, direct procurement, create consortia, set standards, require evaluations, and pull firms into national projects without eliminating their formal autonomy. The Fifteenth Five-Year Plan’s language on government procurement of compute services, compute leasing, model evaluation, national monitoring and dispatch, and full-lifecycle AI risk management points in the same direction. Control emerges through infrastructure, procurement, interoperability, and standards as much as through ownership.

The Chinese military dimension is also more complex than the civil-military-fusion shorthand suggests. Chinese official language on military AI is unmistakably state-centered and emphasizes human-centered, safe, reliable, and controllable systems. Chinese scholarship on military AI also recognizes a risk ladder: near-term risks from autonomous weapons and lower thresholds for conflict, medium-term risks to strategic stability, and longer-term risks from superintelligence. But the institutional solution is not the moral veto of a private lab. It is stronger state governance, international rule-making, and control over military applications. In practice, Beijing would likely expect private labs to cooperate with state-defined priorities while preserving enough commercial incentive and technical autonomy to keep innovation moving. Unlike U.S. companies like Anthropic and OpenAI, there is no evidence that Chinese AI labs have been deeply involved in the Chinese military-industrial complex. This is notable, given that the Pentagon and the intelligence community are using models from U.S. AI labs, and Anthropic has embedded software engineers within the NSA to assist with cyber operations against China. 

When Would Beijing Nationalize?

Beijing would consider harder measures under several conditions. The first would be a single lab or model becoming strategically indispensable while resisting state guidance, especially on military, security, or social-governance applications. The second would be a major safety or political incident, such as a model enabling serious cyber misuse, biological assistance, large-scale social instability, or politically sensitive information flows beyond regulatory control. The third would be wartime or acute crisis conditions around Taiwan, U.S.-China military confrontation, or sanctions that threaten access to compute and model capability. The fourth, and perhaps most important, would be evidence that the United States or allied labs had crossed a dangerous capability threshold while China remained dependent on private firms whose incentives did not align with the state. The fifth would be loss of control over the compute layer; for example, if leading labs used offshore clusters, foreign cloud access, or foreign capital structures in ways Beijing viewed as strategically unacceptable.

Even then, the first move would probably not be formal expropriation. It would be tighter licensing, deeper party-state embedding, mandatory government access, controlled compute allocation, SOE or national-lab partnerships, restrictions on overseas model access, and direct administrative instructions. Beijing has many ways to make a private lab function like a national asset without changing the nameplate on the door. Formal nationalization would be reserved for a case in which those instruments failed, or a particular firm became both central and unmanageable.

This means China may be farther from formal nationalization than many U.S. analysts assume, but closer to functional state steering than the United States. On the other hand, recent U.S. actions, including the EO, suggest that things are changing more quickly than many previously thought possible or desirable in terms of state intervention. 

The Chinese state begins from a stronger supervisory baseline, while the United States is building one under pressure. China’s risk is not chaotic late intervention but gradual over-steering—the possibility that the state exoskeleton becomes so heavy that it undermines talent, entrepreneurial initiative, and frontier experimentation. The U.S. risk is the opposite and revolves around private labs retaining too much autonomy until a crisis forces rushed, legally improvised, and politically contested intervention. The EO process is designed in part to begin laying the groundwork for future government intervention in a crisis scenario.

The Strategic Stability Problem

The biggest danger is that each side reads the other’s soft-nationalization measures as evidence of hard militarization. Chinese analysts already interpret the Anthropic-Pentagon clash and the embedding of Anthropic engineers at NSA as proof that when frontier AI becomes a strategic core capability, Washington will not permit private values or safety commitments to override sovereign national-security claims. U.S. analysts, in turn, often interpret Chinese state steering as evidence that Beijing’s private AI labs are already nationalized in all but name. While both readings may be truthful assessments, they are nonetheless incomplete and miss the fact that each system is struggling with the same structural problems under different institutional conditions. Frontier AI is simultaneously a commercial platform, a scientific tool, a cyber and bio risk, a military enabler, and a symbol of national power.

Beijing is unlikely to view the Fable 5 episode as a primary safety dispute. Instead, the issue will likely reinforce an existing Chinese narrative that leading U.S. frontier labs are increasingly embedded within a national-security ecosystem involving cloud providers, intelligence agencies, defense customers, and executive-branch decision makers. Ironically, this perception may accelerate adoption of Chinese open-source alternatives among governments, enterprises, and developers outside the United States. If access to the most capable U.S. models can be modified, delayed, or conditioned through opaque national-security processes, then open-weight Chinese models begin to acquire an additional value proposition against the predictability of access and freedom from U.S. government intervention. The result could be a diffusion dynamic that runs counter to the strategic objectives of those advocating tighter control over frontier models.

That is why the Lehane proposal from OpenAI matters more than a typical corporate policy intervention. A U.S.-led global governance mechanism that includes China would not be a concession that the two systems are equivalent. It would rather be an admission, as I have previously argued, that certain AI risks cannot be managed only through export controls, procurement, or unilateral lab governance. The agenda should be narrow and concrete to include dangerous-capability evaluation, pre-release notification norms for high-risk cyber and bio systems, model weight security, incident reporting, crisis communication, and red lines around mass surveillance, autonomous weapons, and biological enablement. The United States can still compete fiercely, protect its lead, and restrict specific transfers. But if China is excluded from every serious governance forum, Beijing will have stronger incentives to assume that U.S. safety governance is simply containment by another name.

On the U.S. side, one reason the nationalization debate has become so unstable is that leading AI figures have increasingly reached for nuclear or civilizational-risk analogies to describe artificial general intelligence (AGI) or artificial superintelligence (ASI), even when the analogy does more political work than add analytical heft. If Beijing’s operating assumption is that the United States government and the frontier AI sector are already closely intertwined, then these analogies are not heard as private-sector metaphors but can be read as signals of U.S. state intent.

The Chinese perception that frontier AI is becoming an American strategic weapons project is reinforced when seen through recent moves such as a former NSA director joining the OpenAI board, the Biden administration invoking the Defense Production Act in the 2023 AI executive order, the movement of frontier models into classified and national-security environments, and public claims by leading lab CEOs that advanced AI belongs in the same risk category as nuclear weapons.

That is why Nvidia CEO and president Jensen Huang’s recent rejection of the nuclear analogy is important. Huang’s point was blunt—Nvidia makes GPUs used for video games, logistics, medical imaging, and countless civilian applications. He advocates GPUs to his family and customers, but “doesn’t advocate atomic bombs to anybody”. Starting from the premise that GPUs are like atomic bombs, he has argued, makes it impossible to “finish the thought”. In other words, the analogy is not just technically imprecise but can distort the entire policy frame by pushing what DeepMind’s Demis Hassabis calls the quintessential general-purpose technology, advancing compute into a weapons-control logic that accelerates securitization, export-control maximalism, and arms-race dynamics.

The problem is that the frontier-lab safety discourse often cuts in the opposite direction. Figures such as Geoffrey Hinton (the ‘Godfather of AI’), Sam Altman (OpenAI CEO), and Hassabis (CEO of Google DeepMind Technologies) have invoked catastrophic-risk language to emphasize the need for governance, but Anthropic CEO Dario Amodei’s framing goes further by fusing AI risk with geopolitical competition. 

In Machines of Loving Grace, Amodei argues that advanced AI should be developed and controlled so that democratic states maintain the upper hand over authoritarian rivals. And in “The Adolescence of Technology”, his bio-risk arguments suggest that frontier models could compress tacit expertise, lower barriers to pathogen design, and interface with increasingly automated wet-lab infrastructure. That strengthens the case for guardrails, but also supplies governments with a rationale for treating frontier AI as a controlled dual-use capability rather than an ordinary and quintessentially commercial technology. 

This is the core tension: the more U.S. lab leaders describe advanced AI as civilization-scale, weapons-adjacent, or strategically decisive, the more they make the case for exceptional state authority over release decisions, model access, compute, and eventually lab governance itself. Huang’s objection is therefore not just a corporate defense of Nvidia exports but a warning that the wrong analogy can become self-fulfilling, pushing Washington and Beijing toward exactly the national-security framing that makes some form of functional nationalization more likely.

Close to Steering, Not Yet Seizure

In the meantime, both countries remain closer to functional nationalization than to formal seizure. In the United States, the frontier labs remain privately owned, innovative, and politically powerful, but they are being pulled into a national-security architecture through reporting rules, government procurement, classified deployment, safety thresholds, and compute politics. In China, the leading labs remain commercially important and technically dynamic, but they operate inside a denser supervisory state that can steer compute, data, standards, procurement, and institutional partnerships. Driven by the risks around Mythos, Washington is moving from market-led innovation toward strategic oversight as expressed in the June EO. Beijing is moving from strategic oversight toward more selective and sophisticated ecosystem steering.

The conditions for hard nationalization are therefore still exceptional. These include a recognized ASI or near-ASI threshold, a catastrophic cyber or bio incident, a major military crisis, loss of state visibility, or a geopolitical shock that convinces leaders that private decision-making has become intolerably risky. We are not there yet on either side. But we are much closer than we were two years ago to a world in which frontier AI labs are treated as quasi-national assets. The real policy challenge is to build enough oversight, transparency, and international crisis-management capacity that neither Washington nor Beijing concludes that outright seizure is the only remaining path to safety and strategic control.

The upcoming U.S.-China AI dialogue will likely clarify the limits of cooperation more than produce real governance breakthroughs. The new Trump EO frames frontier AI primarily through cybersecurity, critical infrastructure protection, and the tiresome insistence on “global AI dominance,” while creating a voluntary 30-day early-access/testing channel between U.S. frontier labs and the federal government. That makes any proposal to share something like a defensive Mythos capability with China politically radioactive. Even a carefully conditioned defensive carveout will be read through the lens of cyber espionage, military-civil fusion, and the “decisive strategic advantage” school associated with former Biden officials, RAND-linked thinking, and export-control maximalists. 

The dialogue still matters, but probably less as an arms-control venue than as a crisis-management mechanism. Can the two governments define red lines around AI-enabled cyber operations, biosecurity, autonomous military escalation, model theft, and third-party/non-state actor use? U.S. Treasury Secretary Scott Bessent’s reported leadership suggests the talks will be framed as engagement from a position of U.S. advantage, not concession. Meanwhile, rumored participation by Politburo Standing Committee member and Xi Jinping’s most trusted lieutenant and security czar, Cai Qi, if confirmed, would signal Xi-level political authority on the Chinese side rather than a narrow technical exchange. But that only helps if both sides bring real cyber, AI, intelligence, and lab-level expertise into the room. 

Otherwise, the talks risk becoming another high-level channel where each side repeats first principles: Washington says governance cannot become technology transfer; Beijing says safety cannot become containment. The best realistic outcome is therefore not “collaboration” in the old cooperative sense, but guardrailed competition such as narrow understandings on catastrophic-risk areas, incident communication, and non-state actor threats, while the core race for frontier capability continues largely untouched, with all the risks that implies.

Finally, the Anthropic blog post on RSI is a critical signpost for all of these issues, as it suggests that leading AI researchers are increasingly concerned that we are much closer to a “singularity”—the point where models are capable of improving themselves without human intervention—than previously believed. The implications of this are profound. It appears that leading U.S. AI labs are concerned that there is no framework for dealing with this eventuality, with the corollary that consideration of a pause in AI development should now be on the table. 

But China would have to be party to any such consideration, and the current climate in Washington, and the insistence in some quarters on “U.S. dominance” in the sector, completely misses this critical point. Time is of the essence, as we may be less than a year away from an RSI moment, but it will not be a binary moment like the Trinity detonation in the New Mexico desert, which launched the nuclear age. There is no clear definition of RSI takeoff, but keeping the process of evaluating models classified within the U.S. government, for example, does not seem wise here. Without an agreement with China that lays the groundwork for future clear guardrails around model development as we near an RSI moment, the risks around nationalization and misunderstanding on both sides will increase. We need serious progress on both sides, including new organizations, authorities, and modes of public-private partnership to corral this genie before it is too late.