COMMENTARY: The debate over artificial intelligence is usually framed in terms of capability. How powerful will the next model become? Which country will lead? What jobs will be automated? What risks will emerge from increasingly capable systems?
Yet a recent controversy surrounding Anthropic hints at a different question, and one that may prove just as consequential: Who should be allowed to use these systems in the first place?
[
SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Read more Perspectives here.]
Reports that U.S. officials directed
Anthropic to restrict access to certain frontier models for foreign nationals immediately ignited arguments about national security, industrial policy, and geopolitics. Some viewed the move as a natural extension of export controls that have long governed strategically important technologies. Others saw it as a politically motivated action aimed at a specific company. Both sides largely missed the deeper implication.
If
advanced AI models are to be treated as controlled technologies, the internet may be forced to solve an identity problem it has spent three decades avoiding.
The internet was never built for this
The modern internet was designed around access, not authenticity. The architects of the web envisioned a world in which information could move freely across borders and software could be distributed globally at negligible cost. As the internet matured, companies invested heavily in understanding the behavior of the people using their services because behavior, not identity, was the foundation of their business models. Over time, they became remarkably sophisticated at inferring interests, predicting purchases, measuring engagement, and profiling users with extraordinary precision. Yet for all of that sophistication, most internet services remained surprisingly indifferent to one fundamental question: who is actually on the other side of the screen?
For most purposes, that indifference was acceptable. Streaming services need to know where you’re located for content licensing purposes, e-commerce companies need your shipping address, and social networks want to reduce spam and fraud. But very few online services need to establish identity with the level of certainty required in banking, aviation, national security, or border control.
Frontier AI changes the equation because the value being controlled is fundamentally different. Historically, the United States has imposed restrictions on technologies that confer strategic advantage. Nuclear technologies, advanced cryptography, military systems, aerospace engineering, and semiconductor manufacturing have all been subject to varying forms of export control. The logic is straightforward: some capabilities are considered so important to national competitiveness or national defense that unrestricted distribution becomes a policy concern.
Whether one agrees with that approach or not, the direction of travel is becoming increasingly clear: governments around the world are beginning to view the most advanced AI models not merely as software products, but as strategic assets.
When access becomes a governance problem
The moment that happens, access becomes
a governance problem, and governance requires identity. At first glance, enforcing restrictions based on nationality appears straightforward. Simply determine whether a user is American and deny access if they are not. In practice, the challenge is extraordinarily difficult.
An American citizen working remotely from Singapore remains an American citizen. A foreign national studying at Stanford remains a foreign national while physically present in the United States. A dual citizen may possess multiple passports. A permanent resident may have legal rights and privileges that differ from both citizens and temporary visa holders. Depending on the regulatory framework, the relevant distinction may not even be citizenship at all; it may be employment status, organizational affiliation, residency, security clearance, or some entirely different attribute.
The problem quickly reveals itself to be much larger than geography. For years, technology companies have relied on proxies for identity. IP addresses, billing records, email domains, device fingerprints, and behavioral signals have proven sufficient for most commercial purposes. Those tools are excellent at detecting fraud and managing risk, but they are far less effective at determining whether a specific individual should be granted access to a strategically sensitive capability.
This is where the discussion begins to intersect with a broader transformation already underway in cybersecurity. For much of the past decade, security leaders have argued that identity is becoming the new perimeter. As applications moved to the cloud and employees became increasingly distributed, organizations could no longer rely on network location as a meaningful indicator of trust. The security industry responded by investing heavily in identity systems, authentication technologies, and authorization frameworks designed to determine not just where a person was connecting from, but whether they should be trusted.
The rise of generative AI is accelerating this trend. Deepfake-powered impersonation attacks are making it harder to trust what we see and hear, increasing the value of systems that can reliably establish trust and verify identity. At the same time, governments are beginning to consider restrictions on access to advanced AI systems based on characteristics such as nationality, employment, organizational affiliation, or security status. Together, these developments are elevating identity from a security concern to a governance requirement.
The debate surrounding AI export controls further illustrates the challenge. If access to frontier models is to depend on regulated characteristics, entirely new systems will be required to establish those facts with confidence. AI providers are not currently equipped to act as global arbiters of citizenship, immigration status, security clearances, or workforce eligibility. Nor is it obvious that users would want them to assume that role.
From accounts to identity
Yet some mechanism must emerge because the internet has historically operated on accounts, while the future may need to operate on identity. That distinction sounds subtle, but it represents a profound shift. An authenticated account answers the question, “Can you log in?” A verified identity answers the question, “Should you be allowed to access this capability?”
For most of the internet’s history, those questions were effectively the same. The age of frontier AI may force us to separate them. If that happens, the most significant consequence of AI regulation may not be who gains access to the next generation of models, it may be the creation of a new layer of digital infrastructure dedicated to answering a question that the internet was never designed to ask: Who are you?