The trusted-access era — why your company’s identity is the new API key

THE AI NEWSLETTER THAT TURNS NEWS INTO ACTION

DEEP DIVE · COMPANION TO ISSUE #139

The trusted-access era — why your company’s identity is the new API key

This week the most capable AI model ever released shipped as two products: one for everyone, one for the vetted — the same system behind two different doors. That split isn’t a safety footnote; it’s a new business model arriving in plain sight. Here’s why the next thing the labs sell won’t be capability at all, and how to get your organisation on the right side of the gate before it matters.

BY R. LAURITSEN · 10 JUNE 2026 · 7 MIN READ

Two people can type the same question into the same AI model this week and get different answers. One is a developer on an ordinary paid Claude plan. The other is a security engineer at an infrastructure firm vetted through a US government programme. The developer gets a notice: this answer comes from an older model. The engineer gets the full answer. Same system, same question, same day. The only thing separating them is a file — the slow, boring paperwork that says we know who you are.

That’s the launch nobody quite described this week. Anthropic shipped Claude Fable 5, by its own account the most capable model it has ever released, and shipped Claude Mythos 5 on the same day. They are the same underlying model — Anthropic says so directly. What separates them is a set of classifiers and a vetting process: Fable is the public edition, with sensitive security, biology and chemistry questions handed to the older Opus 4.8; Mythos is the same model with some of those safeguards lifted, reserved for cyberdefenders and infrastructure firms that have been checked out. The frontier didn’t get a new model so much as a new door policy.

And once you notice the door policy, you see it everywhere. Which raises the question this piece is actually about: what happens to an industry when capability stops being the scarce thing?

How the gate replaced the release date

For most of this technology’s short life, the control mechanism was time. Labs gated capability with staged rollouts, waitlists and previews — everyone eventually got the model; some people just got it later. Dangerous capability was handled the same way: hold it back, red-team it, release when ready. The calendar was the gate.

Mythos broke that. When Anthropic previewed it in April, the model turned out to be unsettlingly good at finding vulnerabilities in software it was never designed to attack — good enough that a general release looked irresponsible. So instead of waiting, Anthropic built Project Glasswing: early access for a small group of vetted partners, in collaboration with the US government, so the people defending critical systems could use the model before anyone could use it against them. The stated goal was always to deploy Mythos-class models at scale eventually. This week, that’s what happened — but look at how. The model itself didn’t change between April and June; the layer in front of it did. Fable 5 puts classifiers between you and the model that screen each request and, in defined high-risk areas, hand the question down to Opus 4.8 instead. Mythos 5 runs with some of those classifiers switched off, for organisations that have been vetted. Verification did the job the calendar used to do.

OpenAI converged on the same mechanism from its own direction. Its cyber model is, by the company’s own description, not meaningfully more capable than standard GPT-5.5 — it’s simply trained to be more permissive on security work, and it sits behind an identity-and-trust programme: verified individuals, vetted organisations, and — under OpenAI’s published access rules — phishing-resistant authentication mandatory since the start of June. The same shape reached Brussels this month, with Europe’s cyber agency receiving Mythos and OpenAI extending its cyber model to vetted European defenders. Two labs, two continents, one mechanism: verify, then permit.

Why identity becomes the product

Look at the dilemma from the lab’s side and the move is almost forced. They can’t stop shipping — the competition is a week behind and the revenue expectations of an IPO-era AI company don’t pause for reflection. And they can’t ship raw, because the same model that audits your code will happily find the holes in everyone else’s. The classifier resolves the dilemma. But it does something else too, almost as a side effect: it creates a new scarce good. The capability is abundant now. Permission is not. And scarce things get priced.

We’ve run this experiment in other industries. Banking built a compliance economy around knowing your customer; defence runs on clearances that take months to grant; export control decides who may buy which chips. In each case, identity started as a safety requirement and became infrastructure — with queues, costs and a market for getting through faster. I don’t see a reason frontier AI skips that stage. Verification has a fixed cost and compounding value: once your organisation is vetted with a vendor, your trust file is an asset — and one that quietly raises the cost of ever leaving.

Notice what an inversion this is. Software spent twenty years removing humans from the buying process — self-serve, credit card, nobody to talk to. Frontier AI is reintroducing the gate, except it isn’t a sales gate. It’s a trust gate. Who you can prove you are, not what you can pay, is becoming the thing that determines which answers you get.

And the public tier pays in the same currency, just after the fact. Anthropic’s own launch terms put mandatory 30-day data retention on this tier, even for enterprises that had zero-retention agreements. The vetted prove their identity up front; everyone else is monitored downstream. Either way, the trade is the same: capability in exchange for being known. Which moves the practical question off the lab’s desk and onto yours — not which model is best, but how quickly your organisation can become a known quantity.

The counter-argument, taken seriously

Three honest objections deserve more than a wave. First: maybe this stays a cybersecurity niche — nobody needs a background check to draft a marketing email, and nobody ever will. Second: open-weight models erode the gate — if a model you can download gets close enough to the frontier, vetting an API is theatre. Third: regulators may forbid the split. Europe already bends product decisions — Apple held its new Siri off EU iPhones this week rather than meet the Digital Markets Act’s access rules — and an “equal access” mandate isn’t unthinkable.

The first is half right, and I’ll concede the half: vetting will never gate the everyday layer of AI. It doesn’t have to. It only has to gate the capabilities worth paying frontier prices for, and those are concentrating in exactly the areas already behind the gate — long-horizon autonomous work, security, serious science. The open-weights objection runs into a quieter fact: the organisations that most need vetted capability — banks, utilities, hospitals — are precisely the ones that can’t run grey-market models. And regulation cuts both ways: a government worried about who has offensive capability doesn’t abolish the trust gate. It makes it mandatory.

What to do about it — before the queue forms

If you run a company: start your trust file now. The firms that received Mythos first weren’t lucky — they were already known quantities, with security postures and relationships built long before the model existed. Treat AI-vendor vetting the way you treat a SOC 2 report: an asset you build before you need it, because the gap between vetted and unvetted access is going to be measured in months of capability, not in money.

If you buy AI tools: read the access terms before the price page. Three questions matter more than the monthly figure now — what gets stored from your traffic and for how long, what triggers a fallback or refusal in your actual workflows, and which model genuinely answers your hardest queries. The cost of the guarded tier isn’t denominated in dollars. It’s denominated in predictability and privacy.

If you build on AI: design for two-tier interfaces, because they’re coming to every serious API. That means graceful behaviour when the guarded tier declines a request, and — this one’s free — telling your user which model produced their answer. Transparency about routing is about to become a feature people pay for. And look hard at your own vertical: every regulated industry will need a trusted layer between its workflows and frontier models. Someone gets to be that layer. It’s a business.

The bet, stated plainly

A thesis with no falsifiable claim attached is just commentary, so here are the terms. By the end of Q1 2027, at least two of the top five AI labs will sell their flagship models in two explicit tiers — a guarded public edition and a verified full-capability edition — in at least one domain beyond cybersecurity. And at least one lab will turn verification itself into a commercial programme: published criteria, an application process, enterprise terms, marketed as a product rather than buried on a safety page.

What would prove me wrong: the classifiers quietly relax until the two tiers converge into one; the split never leaves cybersecurity; or open-weight models reach close enough parity that the gate stops mattering commercially. What I am not predicting: secret models or capability hoarding. The whole point of the trusted-access play is that it’s public — a gate only has value if everyone can see it, and can see which side of it they’re standing on.

Everyone is watching what the models can do. The smarter money is watching who’s allowed to ask. If you think identity stays a cybersecurity footnote, reply to this week’s issue and tell me why — I’ll print the best counter-argument.