POLICY PAPER
Governing the Ungovernable:
Frontier Artificial Intelligence, the Implosion of Institutional Order,and the Architecture of a New Global Compact
Prepared for distribution to Ministers and senior officials of the International Ministerial Forum on Artificial Intelligence
EXECUTIVE SUMMARY
The year 2026 has produced an inflection in the history of artificial intelligence that no responsible government can afford to treat as ordinary. Within a span of days in early June, one of the world's leading frontier AI laboratories publicly disclosed that more than eighty per cent of its own codebase is now written by its AI system—and simultaneously called on the international community to consider pausing frontier development. Days later, the United States government issued an emergency export control directive forcing that same company to disable its two most advanced models for every user on earth, with fewer than two hours' warning. The question before this Forum is therefore not whether artificial intelligence requires governance, but whether governments—separately or together—retain the institutional capacity to govern it at the speed and scale now required.
This paper maps the structural fault lines exposed by these events: the onset of recursive self-improvement, the collapse of a coherent regulatory posture in the world's most powerful AI jurisdiction, the deficiencies of existing multilateral frameworks, and the institutional architecture that democratic nations must now build together. It concludes with a set of concrete recommendations calibrated to the urgency of the moment.
I. THE RECURSIVE THRESHOLD: WHEN MACHINES BEGIN TO BUILD THEMSELVES
For most of the brief history of artificial intelligence, a tacit assumption has structured every institutional response to the technology: that human beings remain, at every step, the authors of what AI systems become. Engineers wrote the code, designed the architectures, curated the training data, and retained decisive authority over what was deployed and to whom. That assumption has now been empirically falsified—quietly, incrementally, and without any formal public announcement.
On June 4, 2026, the Anthropic Institute published a paper entitled 'When AI Builds Itself,' authored by Marina Favaro, head of the Institute, and Jack Clark, co-founder of Anthropic. The document disclosed that, as of May 2026, more than eighty per cent of the code merged into Anthropic's own production codebase was generated by Claude, the company's AI system—compared to low single-digit percentages before the launch of Claude Code in early 2025. Engineers at the company were, by the second quarter of 2026, merging approximately eight times as much code per day as they had in 2024. The human role, as the paper observed, has inverted: from author to editor, without any collective deliberation over the change.
The paper identified three possible trajectories for the technology. The first is a slowdown as infrastructure constraints and technical ceilings assert themselves. The second is a sustained phase in which AI increasingly automates the work of AI research and development while human engineers retain strategic direction. The third—the scenario the authors treat with the greatest urgency—is full recursive self-improvement: a condition in which AI systems design, train, and deploy their own successors with minimal human involvement in each generative cycle.
"Full recursive self-improvement also might increase the risks of humans losing control over AI systems. If systems are capable of fully building their own successors, the ways we secure them, monitor them, and shape their behavior all grow much more important." — Anthropic Institute, June 2026
The implications for public policy are severe. The task-completion horizon of frontier models—the complexity of tasks a system can handle autonomously—has been doubling approximately every four months. In early 2024, models could handle tasks requiring roughly four minutes of sustained work. The trajectory, if maintained, points toward systems capable of executing research programmes that formerly required months of sustained human effort. Governments that have calibrated their regulatory frameworks to the AI of 2023 are already governing an artefact that has been superseded.
The paper was careful to note that the recursive threshold has not yet been crossed, and may never be reached in the form imagined. Nonetheless, its authors argued that the proximity of the threshold is now serious enough to warrant institutional preparation—and specifically called for the international community to develop a coordinated, verifiable mechanism that would allow frontier AI development to be slowed or temporarily paused if that threshold is approached without adequate safeguards in place. A unilateral pause by any single company, they cautioned, would primarily transfer technological leadership to less cautious actors, achieving no genuine safety benefit. Coordination, therefore, is not optional—it is the precondition for effectiveness.
II. THE AMERICAN EXPERIMENT IN IMPROVISATION: A CAUTIONARY CHRONICLE
The events of the first half of 2026 in the United States constitute something closer to a governance crisis than a regulatory evolution. They deserve close examination not as an American domestic matter, but as a warning about what happens when the most powerful AI jurisdiction in the world substitutes improvisation for institutional design.
The February Escalation
The crisis traces its origins to a months-long dispute between the United States Department of Defense and Anthropic over the conditions under which the Pentagon could deploy Claude for military purposes. The Pentagon sought to have Anthropic waive contractual restrictions governing the use of its systems for mass domestic surveillance of American citizens and for fully autonomous weapons capable of making targeting and firing decisions without human oversight. Anthropic refused.
On February 27, 2026, President Trump directed all federal agencies to immediately cease using Anthropic's technology and announced a six-month phase-out for agencies then under contract. Defense Secretary Pete Hegseth designated Anthropic a 'supply chain risk to national security'—a designation historically reserved for foreign adversaries such as Huawei and ZTE, and applied for the first time to a domestic American company. The General Services Administration removed Anthropic from its government-wide procurement schedules. The Office of Personnel Management replaced Claude with systems from xAI and OpenAI on its approved AI list.
Anthropic filed lawsuits challenging the designation in two federal courts on March 9, 2026. A federal judge in the Northern District of California granted a preliminary injunction barring enforcement of the use ban. The D.C. Circuit declined to block the supply chain risk designation while litigation proceeds. The company stated publicly that the government's actions were 'harming Anthropic irreparably,' even as its annualised revenue run-rate reached $30 billion by April 2026.
The June Export Control Directive
On June 12, 2026, at 5:21 in the afternoon Eastern time, the Commerce Department's Bureau of Industry and Security—acting under the signature of Commerce Secretary Howard Lutnick—issued an export control directive to Anthropic. The directive ordered the company to suspend all access to its two newest systems, Mythos 5 and Fable 5, by any foreign national, whether inside or outside the United States, including Anthropic's own foreign-national employees.
Because Anthropic cannot reliably distinguish the citizenship status of its global user base in real time, the practical consequence of the directive was a hard global shutdown of both systems for all customers. The company was given, by various accounts, approximately ninety minutes to comply. In a statement, Anthropic said: 'The net effect of this order is that we must abruptly disable Fable 5 and Mythos 5 for all our customers to ensure compliance. Access to all other Anthropic models will not be affected.'
The stated rationale was a national security vulnerability. David Sacks, an adviser to President Trump, disclosed that the government had received intelligence that Fable 5 could be 'jailbroken'—that its internal guardrails against generating instructions for cyberattacks, bioweapons, and other harmful outputs could be circumvented through carefully constructed prompts—and that, when notified, Anthropic had not acted with sufficient urgency to address the flaw. Separately, Senator Mark Warner recounted testimony from General Joshua Rad, who heads both the National Security Agency and Cyber Command, that Anthropic's Mythos model had been able to penetrate classified government systems not in weeks, but in hours.
Anthropic disputed both the severity of the vulnerability and the appropriateness of the response. The company argued that the jailbreak did not warrant so extreme an intervention and that the government had not provided it with an adequate opportunity to remediate the issue before imposing the shutdown. The dispute remains unresolved and in active litigation as of the date of this paper.
The Pattern, Not the Episode
Ministers should be cautious about interpreting these events as a single crisis rooted in the peculiarities of one company's relationship with one administration. The deeper pattern is structural. The Trump administration's framework for AI governance has been simultaneously deregulatory in principle and interventionist in practice—a combination that produces maximum unpredictability for the industry and minimum accountability for the regulator.
In March 2026, President Trump issued a national policy framework for AI recommending that Congress govern the technology through sector-specific regulatory entities rather than a single rulemaking body. The framework also called for national security agencies to understand frontier models and their potential safety risks. Separately, the administration issued an executive order establishing a voluntary review process under which AI companies could provide their most advanced models to the government for cybersecurity testing up to thirty days before public release—though the administration emphasised that the testing was not mandatory.
None of these frameworks were operative when the June 12 export control directive was issued. The directive was not the product of the voluntary testing process. It was not the product of the sector-specific regulatory approach. It was, in the characterisation of Brad Carson, president of Americans for Responsible Innovation, an 'ad hoc executive action' replacing 'clear standards'—and, he argued, one that risks 'surrendering America's lead in AI and allowing genuinely dangerous technology to be deployed.' The NYU Stern Center for Business and Human Rights observed with precision that when a government responds to principled limits by threatening the company that imposes them, it sends a clear message to the entire industry: 'Responsibility is a liability.'
III. THE GOVERNANCE VACUUM: A STRUCTURAL DIAGNOSIS
The American case is the most dramatic illustration of a broader deficiency that affects every jurisdiction represented at this Forum. The architecture of AI governance—to the extent that any coherent architecture exists—was designed for a fundamentally different kind of technology than the one now being deployed.
The Mismatch Between Regulatory Design and Technological Reality
The European Union's AI Act, the most comprehensive binding AI regulation in the world, was negotiated before the emergence of agentic AI systems capable of taking autonomous action sequences in the real world. Its risk-based categories assume AI systems that assist human decision-making, not systems that make and execute decisions independently across extended time horizons. Singapore's Infocomm Media Development Authority, in recognising this gap, released in January 2026 what is believed to be the world's first model AI governance framework specifically addressing agentic AI—introducing a graduated five-tier taxonomy of autonomy levels with governance requirements scaling at each level. No comparable framework exists at the multilateral level.
The G7 Hiroshima AI Process, endorsed by Digital and Technology Ministers in December 2023, established a voluntary code of conduct for organisations developing advanced AI systems. It represents a genuine advance in international coordination—establishing shared principles around pre-deployment safety testing, incident information sharing, and investment in safety research. Its limitation is precisely that it is voluntary and that its underlying risk assumptions were calibrated to the models of 2023. The Hiroshima Process cannot compel compliance. It cannot set binding capability thresholds. It cannot trigger a coordinated response when a model is found capable of penetrating classified government systems in hours.
The Global Digital Compact, negotiated under UN auspices and establishing the Global Dialogue on AI Governance as a dedicated platform for intergovernmental consultation, is an important institutional signal. But as the UN Foundation observed in February 2026, the negotiations themselves revealed how quickly fragmentation takes hold when Member States bring 'fundamentally different assumptions about how AI should be governed'—assumptions rooted not in ideology alone but in 'economic realities, technological capacity, and security calculations.' The risk is a world of incompatible AI rules, evaluation standards, and accountability regimes, with predictable consequences for inequality and oversight.
The Dual Failure Mode
What the current landscape produces is a dual failure mode that is more dangerous than either regulatory excess or regulatory absence alone. On one side, jurisdictions with immature or absent frameworks allow frontier systems to be deployed without adequate safety testing, creating genuine risks of catastrophic harm. On the other, jurisdictions with strong safety commitments—or even individual companies within permissive jurisdictions—may find themselves penalised for responsibility: targeted by ad hoc executive action, designated as security risks, denied government contracts, or subjected to export controls that their less cautious competitors do not face.
This dual failure mode creates a structural incentive for a race to the bottom. Companies that invest in safety constraints observe that those constraints become liabilities when a government demands that the constraints be waived. Companies that invest in alignment research and transparency find that their transparency creates regulatory targets. Companies that lobby for binding industry-wide standards find themselves accused of self-serving behaviour, as some critics alleged of Anthropic's June 4 pause proposal—noting that a coordinated slowdown would freeze the competitive landscape at a moment when Anthropic is among the leading players. Whether or not that characterisation is fair, the perception itself is damaging to the credibility of safety-motivated actors.
IV. FROM ANALOGY TO ARCHITECTURE: THE CASE FOR AN INDEPENDENT GLOBAL AI AUTHORITY
The most instructive precedent for the institutional design challenge before this Forum is not drawn from the history of technology regulation. It is drawn from the history of monetary governance.
The Central Banking Analogy
Banks became essential to the functioning of capitalist economies precisely because they performed functions—intermediating capital, managing liquidity risk, extending credit—that were simultaneously indispensable and prone to catastrophic failure. The consequences of banking crises, as the Great Depression and the 2008 financial crisis both demonstrated, were systemic: they did not confine themselves to the sector that produced them. The United States responded over the course of the twentieth century by building the Federal Reserve System—an institution that combines public authority with private expertise, communicates constantly with markets while preserving operational independence, conducts examinations, runs stress tests, establishes capital requirements, publishes guidance, and intervenes in graduated steps when risks accumulate.
The Fed's most important architectural feature is the one most often overlooked: its rules apply broadly and consistently. No individual bank, however politically connected, is exempt from its stress tests. No individual Chief Executive, however ideologically aligned with the administration of the day, can compel the Federal Reserve to modify its capital requirements on political grounds. That consistency is not a bureaucratic accident. It is the source of the institution's legitimacy—and, consequently, the source of the broader financial system's credibility with global markets.
Frontier AI requires an analogous institution. Not a replication of the Federal Reserve—the underlying technology, the relevant risks, and the pace of change are all different—but an institution built on the same foundational logic: independent authority, consistent rules, technical expertise, graduated intervention, and legitimacy derived from impartiality rather than political alignment.
The Architecture of a Ministerial-Level Initiative
The International Ministerial Forum is positioned to initiate the design of that institution. The following architectural principles should guide its construction.
First, mandatory pre-deployment evaluation. Frontier AI developers—defined by capability thresholds rather than by geography or corporate affiliation—should be required to provide pre-release access to a designated international evaluation body. That body should be staffed by independent experts in computer science, national security, biology, cybersecurity, and international law, and should conduct systematic capability assessments before models are deployed publicly. The evaluation process should be transparent in its methodology, even where specific findings are classified for national security reasons.Second, transparent capability thresholds. The evaluation body should establish, in consultation with the scientific community and with governments, explicit thresholds at which systems require heightened scrutiny, conditional deployment, or temporary suspension. These thresholds should be published. They should be revised as the science of AI safety advances. And they should apply equally to all developers, regardless of corporate affiliation or national origin.Third, a graduated ladder of responses. The current binary between permissive deployment and emergency shutdown is itself a source of instability—it creates incentives for regulatory action to be both too late and too blunt. The institution should dispose of a graduated sequence of responses: mandatory remediation of identified vulnerabilities, conditional deployment with enhanced monitoring, restrictions on specific use cases, temporary suspension pending investigation, and—as a last resort—prohibition. Each step in the ladder should be governed by published criteria and subject to appeal.Fourth, democratic international coordination. The institution should not be a creature of any single nation. At the G7 Summit at Évian-les-Bains in June 2026, the CEOs of Anthropic, Google DeepMind, and OpenAI jointly urged governments to form a US-led coalition of democratic nations to establish common standards for developing, evaluating, and governing advanced AI. French President Emmanuel Macron and other European leaders echoed the call. The Centre for AI and Digital Policy, in recommendations submitted to the 2026 G7 Presidency, called for advancing international cooperation among AI supervisory authorities in a manner modelled on coordination among central bank governors. These calls should be taken seriously—and translated into institutional form before the recursive threshold is crossed.Fifth, inclusion of non-G7 voices. An institution that speaks only for the world's wealthiest democracies will lack the legitimacy to set global norms. The Global Partnership on AI, the UN Global Dialogue on AI Governance, and the emerging infrastructure of the Independent International Scientific Panel on AI all provide mechanisms for including developing nations in substantive governance discussions, not merely as recipients of standards set elsewhere. The equity dimension is not peripheral: as the IPAG synthesis of G7-G20 perspectives observed, governance frameworks that emerge from the Global North without adequate representation of the Global South threaten to deepen existing inequalities rather than reduce them.
V. THE RECURSIVE PROBLEM OF AI GOVERNANCE ITSELF
There is an irony at the heart of the governance challenge that this Forum should not paper over. The argument for stronger AI governance is, in important respects, also an argument made by institutions whose analytic capacity, speed, and comprehensiveness are already being augmented by the very systems they seek to govern. The most sophisticated risk assessments, the most rapid surveillance of emerging capabilities, and the most effective enforcement of complex technical standards may increasingly depend on AI systems. Governing AI without AI may become no more feasible than managing global financial flows without algorithmic trading infrastructure.
This is not an argument against governance. It is an argument for humility about the adequacy of purely human institutional responses to a technology that is accelerating beyond the pace at which human deliberation typically operates. The window for deliberation is open—Anthropic's June 4 paper explicitly said so—but it will not remain open indefinitely. The company stated its intention to convene policymakers, researchers, and civil society representatives in the coming months to develop the practical conditions under which a coordinated pause could function. Governments should engage with that process while simultaneously constructing the institutional infrastructure that would make such a pause verifiable and enforceable.
The lesson of the Anthropic-Pentagon dispute is not that one party was right and the other wrong. It is that in the absence of an agreed institutional framework, conflicts between frontier AI capabilities and national security imperatives will be resolved by raw power, political calculation, and litigation—not by deliberated standards applied consistently and transparently. That is dangerous for innovation, for security, and for the democratic legitimacy of AI governance.
VI. RECOMMENDATIONS FOR MINISTERIAL ACTION
The International Ministerial Forum is asked to endorse the following recommendations as the basis for a Ministerial Declaration and a programme of subsequent work.
Immediate Measures (0–6 Months)
- Establish a Joint Ministerial Taskforce on Frontier AI Capability Thresholds, charged with producing, within six months, an agreed technical definition of frontier AI systems requiring heightened international oversight—one grounded in measured capabilities rather than corporate identity or national origin.
- Commission an independent legal analysis of existing export control, national security, and competition law frameworks across participating jurisdictions, with a view to identifying the gaps and conflicts that allowed the June 2026 US-Anthropic crisis to develop, and to designing harmonised procedures for capability-based interventions that include advance notice, graduated response, and appeal mechanisms.
- Initiate formal diplomatic outreach to the United States, the European Union, Japan, South Korea, and the United Kingdom to propose a Summit-level commitment to a common evaluation protocol for frontier AI systems, modelled on the Basel Accords framework for international banking supervision.
Medium-Term Measures (6–24 Months)
- Design and resource an International Frontier AI Evaluation Secretariat, initially hosted within an existing multilateral institution pending establishment as a permanent independent body. The Secretariat should be mandated to conduct pre-deployment evaluations, publish methodology, and maintain a confidential register of capability findings shared with participating governments.
- Develop a Ministerially-endorsed taxonomy of AI risk categories, with explicit thresholds triggering mandatory evaluation, conditional deployment conditions, and graduated intervention procedures. The taxonomy should be technically informed, publicly available, and subject to annual revision in light of scientific advances.
- Establish an international legal working group to develop a framework governing the use of advanced AI systems in military operations, including requirements for human oversight in targeting and lethal force decisions—building on the Political Declaration on Responsible Military Use of AI and the REAIM initiative.
Structural Measures (24+ Months)
- Negotiate and adopt a binding international instrument—a Frontier AI Governance Convention—establishing mandatory capability evaluation, pre-deployment notification, incident reporting, and emergency coordination procedures. The Convention should include provisions for non-G7 nations and should be designed for universality, not exclusivity.
- Establish a permanent Independent International AI Supervisory Authority modelled on the architecture of central bank supervision: independent from any single government, staffed by technical experts, governed by transparent rules, empowered to issue binding guidance and impose graduated interventions, and subject to democratic accountability through a Ministerial Board with balanced representation.
- Develop AI governance capacity in non-OECD jurisdictions through a dedicated international capacity-building programme, ensuring that the governance framework is genuinely global in reach and does not reinforce existing technological inequalities.
CONCLUSION
The argument for strong, consistent, and internationally coordinated AI governance is not an argument against innovation. The Federal Reserve did not impede American banking dominance—it made that dominance sustainable by providing the institutional infrastructure of trust without which financial markets cannot function. The analogy is imperfect, as all analogies are. But the underlying logic is sound: speed without institutions is not dynamism. It is volatility. And in a domain where the risks include the penetration of classified government systems in hours, the potential for catastrophic harm from biological and cyber weapons, and the possibility of systems that design their own successors without human oversight, volatility is not an acceptable regulatory posture.
The recursive threshold—the point at which AI systems begin meaningfully building themselves—may or may not arrive within the planning horizon of this Forum's near-term recommendations. What is certain is that the institutional infrastructure required to manage that threshold safely cannot be built after it has been crossed. The window for deliberation is here. The architecture must be designed now.
No comments:
Post a Comment