The Dependency Inside the Placement Decision
When an external AI capability disappears, who turned it off matters less than whether the institution can still do the work.
Financial institutions spend a great deal of energy deciding what an AI capability should do. They spend far less deciding what happens when the capability is no longer there. The first decision gets a steering committee, a budget, and a roadmap. The second rarely gets named, because as long as the capability is running, its absence is hypothetical.
It stopped being hypothetical when Anthropic disabled its Fable 5 and Mythos 5 models for every customer worldwide inside a single business day, while its other models stayed up. The reason for the suspension is beside the point here. What matters for architecture is the shape of the event. The capability existed on one day and was gone the next, and no customer controlled the timing.
Placement decides whether a capability can be governed. It also decides whether the institution keeps operating when that capability disappears on a schedule it does not set. The placement conversation usually covers the first and skips the second, and the gap between them is a dependency that tends to stay invisible until it fails.
Place
A capability does not enter a financial institution in one place. It enters in four, and where it lands determines what its loss actually costs. In the back office, among reconciliation and reporting, the data stays internal and the customer is not exposed, so a withdrawal is an administrative bottleneck. Move the same capability into the customer channel and the withdrawal can pull a live conversation out from under the bank. In decisioning and underwriting, it can leave a lending decision the bank can no longer produce or explain. Place it inside the control functions and it can quietly weaken the surveillance the bank relies on to catch its own failures.
Placement prices the loss. A more powerful model placed shallowly costs little when it goes. A modest one wired into a customer or decisioning path is costly to lose. The useful question before deployment is where the capability’s disappearance would hurt, and whether anything has already been placed there.
Exhibit 1. Placement Determines Continuity Exposure
Exposure concentrates where high authority meets a workflow that cannot continue without the capability. Model capability matters less than placement, authority, and fallback.
Control
A second, quieter error is to treat access to a frontier model as procurement. In a regulated institution, model access is a control decision. A capability is governable only when the institution can establish, as it runs, what the system did, what produced the output, and how to interrupt it. When those depend on the provider, the institution has handed its control surface to a party it does not direct.
Institutions already have the structure for this. The first line owns and runs the capability. The second line, independent of the builder, holds the standing to withdraw validation and compel a halt. The third line tests that the first two actually work. When an outside event forces a model offline, the institution cannot wait on the provider to act. The authority to stop, and the means to pivot inside its own environment, have to belong to the institution. An institution that leans on the provider to monitor and govern the model has externalized part of the control surface the second line depends on. It usually finds out only when the provider is no longer reachable.
The dependency no dashboard shows
The exposure that does the real damage is the one nothing reports. When a capability takes over a task, the people and processes that used to perform it begin to atrophy. The runbook goes stale. The staff who knew the manual path move on. Adoption is counted as a win, and the deeper it goes, the more thoroughly the older competence is retired.
So when the capability vanishes, the institution does not fall back to the slower way it used to work. There is no slower way left. A model outage becomes an operational outage, because the capacity it replaced is gone. This is what separates a dependency the institution can survive from one it cannot, and it is invisible by design. Nothing breaks while the capability runs.
This is also why the procurement framing misleads. Concentration, lock-in, and supply risk describe what a vendor can do to a contract. They miss what the institution’s own adoption did to its ability to operate without the thing. That erosion is an operating-model question, which puts it on the architecture function rather than the sourcing desk.
Designing the failure path
Governing a capability means defining its failure path before it fails, and exercising that path rather than assuming it. For an external capability, the failure path is a continuity decision made per placement. Some workflows can degrade to a less capable model, including an approved open model where appropriate. Others can route to a human and accept the slower pace, or queue and suspend by policy until the capability returns. A few genuinely cannot lose the capability without stopping, which is worth knowing in advance rather than discovering live.
Do not wire a workflow to a single provider’s interface so tightly that it cannot be redirected. Do not grant a capability more authority, or more irreversibility, than its fallback can absorb. A capability that drafts for a human to approve can tolerate a worse substitute. One that acts and commits on its own cannot, which is why autonomy and continuity have to be decided together.
Exhibit 2. Governance and Continuity Are the Same Decision
Governance decides who can stop the capability. Continuity decides how the institution keeps running after it stops. Placement decides whether either is possible.
The exposure that was already there
None of this is about one provider, and none of it is new. Capabilities will be deprecated, licensed differently, restricted, or withdrawn, for reasons that have nothing to do with the institution using them. The cause varies. The architectural consequence is the same.
The deepest exposure sits with the institutions that quietly transferred operational competence to a capability they do not control. The dependency was created long before the outage. The outage only revealed it.