"Plan B"
~25 min · May 2026
▶ Now Playing
This Episode
The risks of AI dependency are public, named, and recent. Outages. Vendor restructure. Model rotation. A $150 billion trial that could unwind the corporate structure of the most-deployed AI vendor in the Fortune 500. None of it is hidden. The IT discipline to handle critical-infrastructure risk has existed for thirty years. We just haven't pointed it at AI yet. Why?
Cold Open
Draft Day, AI's Worst Showing
Kyle took the week off for the NFL draft. Asked AI to predict the picks. It picked players already in the NFL. The funny version of the question that runs through this whole episode: if it can't pick the draft, what else are we trusting it with?
Story 1
Musk v. OpenAI — and Nobody's Plan B
$150 billion. Structural remedies on the table. Approximately 90% of the Fortune 500 has at least one OpenAI subscription. The CIO response so far: a request for a letter of assurance. Meanwhile OpenAI itself just ended Microsoft exclusivity and signed multi-cloud deals across AWS, Google, and Oracle — building Plan B for itself. Their customers aren't.
Story 2 — EP004 Follow-up
The Pentagon Found Seven New AI Vendors
In EP004 we covered Anthropic stepping back from Pentagon work. May 1, 2026: the Pentagon announced classified-network deals with seven other AI companies — explicitly excluding Anthropic. Government workflows built on Claude have been cut off for 60+ days. Nobody had Plan B. The trial is the loud version of a story that already happened.
The Pattern
Y2K + Bubble I — We've Done This Before
The hype cycle outruns lived failure. The status game punishes prudence. And nobody wants to be Y2K guy — vindicated, exhausted, and never promoted for being right early. The discipline already exists. We've used it for thirty years. We just haven't pointed it at AI.
Takeaway: The AI Risk Register
The discipline already exists for every other vendor. Most of this list is familiar IT territory — we know how to handle it. A handful is genuinely new. Both halves matter. Below: the twelve AI-new risks the discipline hasn't caught up to yet, with the full 34-row register expandable below.
AI-new · Behavioral / Integrity
Silent model drift
AMD tracked 14 model releases in one month — same prompt, opposite results. Discipline action: behavioral baselines, output regression monitoring, vendor changelog discipline.
AI-new · Behavioral / Integrity
Model deprecation / sunset
Feb 13: GPT-4.1, 4o, o4-mini retired the same day. April: Claude 3 Haiku. Discipline action: treat model upgrades like database upgrades; regression test the prompt library.
AI-new · Behavioral / Integrity
Prompt injection
A vulnerability class deterministic software didn't have. Live and growing. Discipline action: input sanitization treated as an OWASP-equivalent discipline.
AI-new · Behavioral / Integrity
Training-data poisoning
Documented in research; not yet a public corporate incident. Discipline action: provenance review on third-party data feeding the model.
AI-new · Behavioral / Integrity
Audit / explainability failure
"Why did the AI deny that loan?" — already biting in lending and insurance. Discipline action: decision logging and explainability written into procurement, not bolted on.
AI-new · Compute / Capacity
User quota exhaustion
Pro / Plus / Enterprise plans hit caps mid-month — the workers told to "use AI" can't. Discipline action: license & quota management. Usage forecasting per team. Burst allocation pool.
AI-new · Compute / Capacity
Court-ordered restructuring
Musk v. OpenAI — $150B, structural remedies on the table. Discipline action: contract clauses for governance changes. A documented migration playbook — not a letter.
AI-new · Compute / Capacity
Geopolitical exclusion of vendor
Anthropic / Department of War — 60+ days locked out of all DoD work, no published continuity plan from any affected agency. Discipline action: vendor political-risk monitoring; pre-built migration path.
AI-new · Compute / Capacity
Skill market collapse
When everyone simultaneously needs the same fallback humans, you can't hire any. Discipline action: retain in-house manual capability now; the market won't be there later.
AI-new · Organizational
Skill atrophy at scale
Layoffs absorbing AI work; juniors who never learned the manual process. Discipline action: cross-training cadence. Preserve at least one human path through every critical workflow.
AI-new · Organizational
Cross-training gap (no manual fallback team)
The team who knew the workflow took severance. Discipline action: maintain a "manual run" capability for every AI-replaced workflow.
AI-new · Organizational
Cultural over-reliance ("the computer said so")
Lending. Hiring. Customer service. Discipline action: decision-review thresholds. AI is a recommendation, not a verdict.
AI-new · Organizational
Knowledge offshoring to vendor
Proprietary processes encoded in prompts and system instructions now live in someone else's stack. Discipline action: contract data-isolation terms. Audit what proprietary process now lives in vendor systems.
Full Register — All 34 Risks
Familiar + Amplified + AI-new
▶
Full Register — All 34 Risks
Familiar + Amplified + AI-new| # | Risk | Discipline Action | Type |
|---|---|---|---|
| A. Operational availability | |||
| 1 | Vendor outage | RTO/RPO; multi-vendor failover | Familiar |
| 2 | Datacenter / regional infrastructure failure | Avoid single-region AI dependency | Familiar |
| 3 | Power grid / fiber event | Treat AI like any regional cloud workload | Familiar |
| 4 | Acts of God | Standard DR site planning | Familiar |
| 5 | Cyber / nation-state attack on vendor | Tabletop AI vendor breach scenario | Amplified |
| 6 | Concurrent industry-wide outage | Audit shared physical failure points | Amplified |
| B. Commercial / contractual | |||
| 7 | Pricing shock / mid-contract repricing | Procurement caps; per-call cost ceilings | Familiar |
| 8 | Vendor financial / structural failure | Counterparty diligence; multi-vendor as default | Familiar |
| 9 | Vendor lock-in / switching cost | Portable prompt formats; vendor-swap drills | Familiar |
| 10 | Capacity / rate limiting (vendor-side) | SLAs with throughput floors; burst-capacity vendor on retainer | Amplified |
| 11 | User quota exhaustion (customer-side) | License & quota management; burst pool | AI-new |
| 12 | Forced API migration | Version pinning; migration runway in contracts | Amplified |
| 13 | License / audit compliance | SAM practice extended to AI seats | Familiar |
| C. Legal / structural / regulatory | |||
| 14 | Court-ordered restructuring | Migration playbook, not a letter of assurance | AI-new |
| 15 | Antitrust action | Concentration-risk monitoring | Familiar |
| 16 | Sanctions | Geographic counterparty review | Familiar |
| 17 | Geopolitical exclusion of vendor | Vendor political-risk monitoring; pre-built migration path | AI-new |
| 18 | Regulatory ban / compliance mandate | Compliance pipeline; data-residency by jurisdiction | Familiar |
| 19 | Export controls / chip embargoes | Supply-chain audit on vendor compute location | Amplified |
| D. Integrity / output | |||
| 20 | Silent model drift | Behavioral baselines; output regression monitoring | AI-new |
| 21 | Model deprecation / sunset | Treat model upgrades like database upgrades | AI-new |
| 22 | Prompt injection | Input sanitization as OWASP-equivalent discipline | AI-new |
| 23 | Training-data poisoning | Provenance review on data feeds | AI-new |
| 24 | Audit / explainability failure | Decision logging; explainability in procurement | AI-new |
| 25 | Bias / discrimination liability | Standard model risk management; auditable trail | Amplified |
| E. Organizational / human | |||
| 26 | Skill atrophy at scale | Cross-training cadence; preserve a human path | AI-new |
| 27 | Talent flight | Documentation requirements; tribal knowledge in writing | Amplified |
| 28 | Cross-training gap | "Manual run" capability for every AI-replaced workflow | AI-new |
| 29 | Cultural over-reliance | Decision-review thresholds; AI as recommendation, not verdict | AI-new |
| 30 | Knowledge offshoring to vendor | Contract data-isolation; audit proprietary process leakage | AI-new |
| F. Macro / systemic | |||
| 31 | AI bubble / market correction | Treat AI vendor as high-growth-but-unprofitable counterparty | Familiar |
| 32 | Skill market collapse for AI fallback | Retain in-house manual capability now | AI-new |
| 33 | Compute supply shock | Track concentration risk across AI vendors | Amplified |
| 34 | Insurance market gap | Self-insure with continuity reserves until market matures | Amplified |
Ask in your next IT review
- What's our RTO/RPO for AI workloads? If "we don't have one" — that's the conversation.
- When did we last fail over from our primary AI vendor? If never — schedule a drill.
- What's the documented manual procedure if AI is down for 24 hours? If none — write it.
- Who in procurement is tracking the Musk v. OpenAI docket? If nobody — assign it.
- How many of our critical AI dependencies share the same datacenter region, chip supplier, or holding company?
- What's our token / quota forecast per team — and what's our burst-capacity plan when an individual contributor hits their cap mid-month?
- Which of our proprietary processes now live as prompts inside a vendor system?
Sources
- CNBC — Musk v. OpenAI trial daily updates (Phase 1, Apr 27–30)
- CNN Business — Musk-Altman trial takeaways
- VentureBeat — Microsoft / OpenAI end exclusivity (Apr 27, 2026)
- Tom's Hardware — Azure exclusivity for ChatGPT officially over
- Military Times — Pentagon freezes out Anthropic, signs seven AI rivals (May 1, 2026)
- CNN — Pentagon's seven-vendor classified-network announcement
- Wikipedia — Anthropic / U.S. Department of Defense dispute timeline
- CNBC — Anthropic outage (Apr 15, 2026): elevated errors across Claude
- GV Wire — Claude AI 78-minute outage (Apr 28, 2026)
- TechRadar — ChatGPT outage (Apr 20, 2026)
- TensorOps — GPT-4.1 deprecation forces organizational change (Feb 13, 2026)
- Gizmodo — Anthropic Enterprise pricing shift to usage-based
- Phoenix (Medium) — "I Mass-Deployed an AI Coding Agent. Then the Model Updated and Nobody Told Me."
- Cyber Unit — When Your AI Goes Dark: business continuity for LLM outages
- BCI — When AI Fails, Everything Fails Differently
The Cast
Kyle
Host. Opinionated. Expect a history drop.
Kate
The correspondent. Tight, sourced, no spin.
Morgan
The heartbeat. "Well, why though?"
Full Transcript
Loads on open
▶
Full Transcript
Loads on openLoading transcript...