What actually happened
On 12 June 2026 US export controls suspended a top frontier model and a sibling model after researchers showed it could be pushed to identify software vulnerabilities and, in one case, produce exploit-style code. Commerce lifted the controls on 30 June, the model was restored worldwide on 1 July, and a partial restore had reached about 100 US critical-infrastructure bodies a few days earlier.
The interruption lasted three weeks. For any business that had built a workflow on that specific model, the capability simply went away and came back on a government's timetable, not the vendor's.
The conditions are the real story
The model did not just return. Its maker agreed to give designated US government partners early access to test future frontier models before public release, to report detected malicious use, to share threat intelligence, and to restrict access to the most capable tiers by nationality.
Alongside this, the largest US cloud and AI companies agreed a shared framework that scores a model weakness on four axes, its capability gain, breadth, ease of weaponisation, and how easily it is discovered, and coordinates a fix once severity is confirmed. A government and a small group of labs now sit inside the release path of the most powerful AI.
What this means for owners
Your access to the strongest available AI is now conditioned by export policy, national-security review and the nationality of your users. None of these are commercial terms you can negotiate, and all of them can change between one model generation and the next.
The practical response is not loyalty to a single lab. It is treating frontier-model availability as a supply and continuity risk: a tested fallback on a second model, a written record of which processes depend on which vendor, and the assumption that the most capable tier may be paused, gated or geofenced without your input.
Read next: The Works Council Can Veto Your AI · Shadow AI Is Your Next Data Breach