While lawmakers draft statutes and hold consultations, the real regulator of frontier AI has already taken office. It runs in the runtime, at machine speed, and what it permits is what actually counts. There is a persistent assumption in AI policy circles that governance is something written down. A statute is drafted. A consultation is held. A framework is published. Years pass. Compliance follows.
That model worked when the systems being regulated were slow, legible, and externally observable.
It does not work when the system is software that rewrites itself, delegates decisions, invokes tools, and operates at machine speed.
Earlier this month, the gap between those two worlds became impossible to ignore. On 13 June, three days after Anthropic launched Claude Fable 5 and Mythos 5, the US government ordered access suspended. I wrote about it in The Last Open Frontier. There was no vote, no courtroom, no months-long regulatory process. Washington reached for export controls and the APIs went dark. Frontier models stopped looking like software products and started looking like regulated assets you are permitted to access.
But the uncomfortable reality is this: AI can no longer be primarily governed by law, as it is actually governed by system design.
And increasingly, the people doing the governing are not legislators. They are engineers implementing zero-trust infrastructure.
The Illusion of Regulatory Control #
The Anthropic shutdown was not an isolated incident. It was part of a pattern.
OpenAI's controlled rollout of GPT-5.6 Sol was not just product gating. It was structured access control at the frontier of capability deployment, coordinated with government stakeholders.
That same week, the regulatory lever was not what models could do. It was who could access them.
The instinctive policy interpretation is that this represents effective governance.
It does not.
It is a signal of limitation.
Because once regulation shifts from what models do to who can access them, it is no longer governing intelligence.
It is rate-limiting infrastructure that is already operational.
Regulation Has Moved Down the Stack #
Most AI governance debates still focus on familiar abstractions: transparency requirements, model audits, training data disclosure, watermarking outputs.
These assume regulation happens at the level of outputs or model behaviour. But frontier systems no longer operate as isolated models. They operate as agents inside systems: calling tools, executing workflows, retrieving memory, chaining decisions, delegating tasks.
In that world, the meaningful unit of control is no longer the model. It is the action boundary.
Who can do what, under which identity, with which tools, in which context, and under what authorization.
That is not a legal abstraction. It is a systems architecture problem.
And it is increasingly being solved the only way engineers know how to solve distributed trust problems: zero-trust design.
The Industry Already Knows This #
The most important governance work in AI is no longer primarily legislative.
It is infrastructural.
OpenAI's Deployment Simulation work shows a foundational truth: models behave differently in production than in evaluation. That alone breaks the assumption that static rules can govern dynamic systems.
Google DeepMind's AI Control Roadmap goes further, framing safety as something enforced at runtime through monitoring, containment, and structured control flows rather than post-hoc oversight.
Meanwhile, the engineering stack is converging quickly: identity-bound agents, scoped credentials per task, tool invocation firewalls, policy-as-code systems, runtime observability and audit logging, deterministic authorization layers.
The New Stack's coverage of Agent Workload Identity Authentication and Session-Aware Agent Runtimes is not speculative. It reflects systems already being built.
This is not "AI safety" in the abstract. It is zero-trust architecture for autonomous systems.
The Core Failure: Policy Without Enforcement #
Current regulatory approaches suffer from a structural gap. Governments produce intent. Systems produce enforcement. And the two are increasingly misaligned.
In software systems, unenforced rules do not slow behaviour. They are ignored. Enforced rules without transparency become invisible governance layers with no democratic oversight.
So we arrive at a hybrid state: law defines expectations, systems define reality, and runtime constraints determine outcomes. That is not governance. That is drift.
The Case for Zero-Trust AI Regulation #
Here is the uncomfortable but necessary conclusion:
AI regulation should stop pretending to be purely legislative and start becoming zero-trust infrastructure.
Not fragmented across companies. Not embedded as proprietary enforcement logic.
But developed openly as shared systems: standardised agent identity frameworks, interoperable authorization protocols, auditable policy engines, runtime constraint systems, transparent telemetry and logging formats.
Regulation should resemble cloud security architecture more than parliamentary process. Because only systems can enforce constraints at the speed at which decisions are made.
Why Legislation Alone Cannot Keep Up #
Law is slow by design. That is its strength in stable environments.
AI is not stable.
It is iterative, composable, and increasingly autonomous.
By the time regulation defines what an "agent" is, how it must be logged, and what constitutes meaningful control, the underlying systems will already have evolved. Regulators are operating on a different clock than the thing they are trying to govern.
This is not a failure of policy competence. It is a mismatch in temporal resolution.
You cannot govern a distributed system with batch updates.
Governance Is Becoming Infrastructure #
Dean W. Ball's argument in What Should Be Done is that governance must be concrete, enforceable, and aligned with real technical risk rather than abstract principle.
But the industry is already extending that logic. It is not waiting for governance frameworks to mature.
It is implementing governance directly into runtime systems: not as oversight but as execution constraint, not as review but as permissioning, not after action but before it.
This is the essence of zero trust:
- Never assume.
- Always verify.
- Always constrain.
- Always log.
- Always enforce.
Enforcement Is the Real Governance Layer #
There is a comforting story that regulation guides technology from above. That story is increasingly inverted. In frontier AI systems, governance is no longer something applied externally.
It is something compiled into the system itself. That creates a divergence: law remains human-readable, slow, and interpretive, while system governance becomes machine-enforced, instantaneous, and absolute. Only one of those determines what an AI agent can actually do. So the question is no longer whether AI will be regulated.
It already is.
The question is whether that regulation will be open or closed, standardised or fragmented, auditable or opaque, interoperable or proprietary.
Because one path concentrates power in systems no one can inspect. And the other turns governance into something closer to cloud security: observable, enforceable, and shared.
Dean Ball is right that frontier AI requires new governance institutions.
But those institutions are already being built.
Just not in legislatures.
They are being built in runtimes.
And in distributed systems, enforcement, not intent, is what ultimately governs behaviour.
References #
Previewing GPT-5.6 Sol, OpenAIDeployment Simulation, OpenAISecuring the Future of AI Agents, Google DeepMindUS government directive to suspend access, Simon WillisonWhat Should Be Done, Dean W. BallAgent Workload Identity Authentication, The New StackSession-Aware Agent Runtimes, The New StackThe EU's AI Transparency Code of Practice Explained, Tech Policy Press