Alex Karp, CEO of Palantir, went on CNBC on July 1st and said the enterprise AI industry has gone "completely wrong."

The basic view among enterprises in this country is I'm going to chillax and waste my time with tokens, I'm going to get no value, and they're going to get my IP.

Palantir's CEO, live on television, telling every enterprise buying into frontier AI models that they are being played. No, here’s what these stories are not telling you, unless you’re reading between the lines. Just like any other frontier AI CEO, Karp has self interest here. He isn't wrong. But he also didn't go far enough.

Welcome to The Predictability Factor by Monica Talks Cyber, a weekly deep dive and POV at the intersection of AI, Security, Privacy and Tech, written by a hacker and CISO, to help you Go From Chaos to Resilience in The World of AI. If you haven’t already, do me a favour, hit subscribe and help me make an even bigger impact.

Karp's argument is that the model was never the moat. What he means by that: control over your compute, your models, your data stack, your alpha. Owning the means of production, not renting it.

He is exactly right. He's also using that exact argument to sell you Palantir's new sovereign AI engine, built with NVIDIA, which launched the same week as this interview. Read that twice. The man warning you not to trust an AI vendor with your data is asking you to trust him with it instead.

Sovereignty matters way more than countries have actually realised. The US government pulling Fable five was just a glimpse and still not revolutionary enough for companies to understand how critical it is for every organisation, no longer just in regulated sectors. We have seen companies misunderstand sovereignty over and again for the last decades. Just because T-systems builds a Microsoft datacentre in Germany doesn't make German infrastructure or German companies, using that datacentre, sovereign.

With AI, the change needed is even deeper. We can no longer put everything, especially anything that’s critical to your business running, at the mercy of another vendor, no matter who they are.

Sovereignty is not something only regulated industries, regulated companies or organisations with specific threat actors should think about.

The AI models are not the moat. But neither is whoever sells you the "sovereign" infrastructure sitting on top of them. The moat is your data, and what you actually do with it. Sovereignty isn't something you buy from Palantir, or from anyone. It's something you build. On that both Palantir and I agree.

Sovereignty is becoming the word every government wants attached to its AI strategy right now, especially in the wake of Fable5 fiasco, but almost none of them are asking the one question that actually defines it. Not who trained the model. Who owns what happens to your data after you sign the contract.

I have spent two decades building data security and data governance frameworks for organisations who thought owning their data centres and now their models made them sovereign. It never did. It won't. Using offline models alone isn’t enough, if you are handing them over your data any way. Right now, four governments are proving my point for me. The question you need to ask is this.

ICYMI:

The Most Important Thing About AI

🤯 It has nothing to do with AI. It has everything to do with your data. Here’s how to built data governance. Read full story —>

Sovereign From Whom?

In the same timeframe that Palantir’s selling sovereignty as a product, three European governments decided Palantir itself is the sovereignty problem.

France's domestic intelligence agency, the DGSI, ended its Palantir contract in June and moved to ChapsVision, a French rival.

We must use our own AI models, we cannot accept new strategic dependencies in the digital sphere. France must have its own tools.

Prime Minister Sebastien Lecornu

Germany's domestic intelligence service, the BfV, made the same call weeks later, choosing ChapsVision's ArgonOS platform to keep intelligence data "firmly on European soil". Karp dismissed the entire debate, comparing Germany's concerns about his company to "conversations about witchcraft".

Then, on July 1st, Spain's state holding company SEPI directed its portfolio firms, including Telefonica, Indra and Navantia, to stop signing new Palantir contracts over fears that sensitive national security information could leak. Notice what Spain did not do. Its own Armed Forces Intelligence Centre still has a €16.5 million contract with Palantir signed in 2023, expiring this November. The Ministry of Defence is still in discussions on renewing and expanding it, at the same time the government is telling every other state company to walk away. A ban that only applies to contracts you haven't signed yet, while your own defence ministry negotiates a bigger one handing over its critical data is not a sovereignty strategy.

Britain is running the opposite experiment, on a shorter clock.

Andy Burnham, the expected incoming Prime Minister after Keir Starmer, is reportedly preparing to drop Palantir's contract, the £330 million, 7 year NHS Federated Data Platform deal, just two years into the deal. This is happening alongside warnings about the company's footprint in UK government.

But in all of this, here is the part that should worry you and your organisation, more than the headline.

One word, sovereignty, has been used to both justify buying in and to justify walking away, sometimes inside the same country's own institutions at the same time.

No one has a consistent definition and understanding of what sovereignty really means, not even among organisations within the same country, industry or geography. Sovereignty is not some policy document that magically makes it happens, while no one actually builds it.

Thank you for supporting The Predictability Factor by Monica Talks Cyber. Please share this with others and help me make an even bigger impact.

The Vote That Didn't Count

Surprisingly enough, Palantir's annual general meeting on June 3rd, 2026 showcases why this matters now even more than before. At that meeting, 56 percent of non insider shareholders voted in favour of a proposal demanding Palantir publish a Human Rights Impact Assessment covering its work for ICE and the Department of Homeland Security, including Norway's Norges Bank Investment Management, whose fund closed 2025 at 21,268 billion kroner, roughly 2.3 trillion dollars, one of the largest sovereign wealth funds on earth. A majority of the shareholders who don't already run the company said yes, audit yourselves. Now, before you write this off as some political issue, think about what this means for AI and your organisation.

Governments invited tech CEOs to G7 as a part of leadership for the first time ever. Tech CEOs were completely excluded from the core G7 leaders' sessions prior to 2026. The G7 annual meeting in France marked the first time the chief executives of the world's leading artificial intelligence companies were treated similarly to heads of nation-states, sitting directly at the table to negotiate global AI guardrails, sovereign infrastructure, and international trade exclusions. What AI sovereignty means for your organisations is being decided by a handful of frontier AI leaders.

How does this impact your organisation?

When the vote hit Palantir's share structure and when Karp’s, Stephen Cohen’s and Peter Thiel’s Class F shares were counted, that 56 percent majority collapsed to 13 percent overall. As one of the groups behind the proposal put it, "support for this proposal demonstrates that investors do view human rights due diligence as an important governance issue and expect Palantir to provide meaningful evidence that their policies are being implemented in practice."

The problem is that meaningful evidence never arrived. It was never going to.

This is the exact failure mode I warn every board about when they think governance is a policy document. A majority of your own investors, including one of the most powerful sovereign wealth funds in the world, can demand accountability and still lose, if the mechanism enforcing that demand was built to be overridden by the people it's supposed to hold accountable. Soft access rules, the governance layer, the audits, the shareholder votes, the ethics committees, only work if something with teeth sits behind them and when governance is actually implemented in practice with meaningful evidence.

Palantir's shareholders just proved what happens when it doesn't.

Data Sovereignty Is The Real Sovereignty That Matters

Owning your models does not make you sovereign. Banning a vendor does not make you sovereign. Buying an air gapped sovereign AI box from the same vendor everyone else is banning does not make you sovereign either. Sovereignty means you control your data, the outcomes from that data and who touches it, full stop. Here are some key considerations:

  1. You need to store your data and records in open systems, so you avoid lock in and keep full transparency and control over the asset your entire business runs on.

  2. You need to demand your vendors give you complete access to the data they manage for you. AI actually makes fast migration possible now, so use that leverage while you have it.

  3. You need governance and systems that check hard access rules, the technical gates nobody can quietly override.

  4. You need governance that also checks soft access rules, the human decisions about who should see what, gated by hard interrupts that cannot be overriden by AI.

  5. You need a continuous data governance flywheel, because the most important thing about AI has never been the AI. It has always been the data.

Palantir, NVIDIA, France, Germany, Spain, an incoming British Prime Minister and Palantir's own shareholders are all fighting the same fight from different sides of it, who gets to own the infrastructure, who gets to own the narrative, who gets to own the headline. None of them are fighting over the part that actually decides who wins. No one of them is fighting for you, your business and your data. If you think, this is not your problem, think harder.

Continuous, outcome-based and evidence-based governance is the only governance that matters.

The data your AI manages. The identities and agents that touch that data. The decisions it eventually makes on your behalf, and who can prove, on demand, that those decisions are still theirs to make.

The data control decides what trains your models. What trains your models decides what they decide for you. What they decide for you decides your business decisions. Whoever owns that chain owns the business, not whoever owns the model weights, and not whoever sold you the sovereign box to run them in.

A security expert told me a few weeks ago, who gives a shit about sovereignty. I am telling you, this is just the beginning of what’s going to change the world. Sovereignty mattered when we all moved to the cloud, but it has never mattered more than it matters today. That’s why data governance is a one of the first key pillars of my AI governance and security maturity model.

You do not get to outsource this question to your vendor, your government, or your next AGM ballot. You are the one who signed the data contract.

You either own your data layer or you don't. There is no in between, when it comes to AI sovereignty.

Until next time, this is Monica, signing off!

P.S. If you haven’t already, do me a favour. Subscribe to help make an even bigger impact. Feel free to follow on Youtube, Linkedin, Spotify and Apple. It truly helps. Or book a 1-1 advisory call, if I can help you.

Reply

Avatar

or to participate

Keep Reading