Abstract
On June 12, 2026, a directive from the United States government suspended public access to two frontier artificial intelligence models for all users, including foreign nationals, overnight (Anthropic, 2026). Hundreds of millions of people lost access to AI capabilities they had come to rely on, with no warning and no recourse. This episode exposes a structural risk the industry preferred to ignore: AI capability hosted by providers in a foreign jurisdiction can be revoked by decisions outside our control. This article examines why the Viriatus architectural choice, running AI models locally, inside controlled infrastructure in Portugal and the European space, has ceased to be a technical preference and become a condition of continuity, compliance, and sovereignty.
What Happened on June 12, 2026
At 5:21 PM Eastern Time on June 12, 2026, the US government issued a directive that compelled Anthropic to suspend public access to two of its most capable models, citing national security concerns (Anthropic, 2026). The suspension was total: it covered all customers, foreign nationals, and even the company’s own employees. The rationale rested on a demonstrated method of bypassing the model’s safeguards, a vulnerability the company classified as minor and already known, publicly disputing the proportionality of the measure.
The point that matters for any organization that depends on AI is not the merits of the decision. It is the mechanism. A capability that hundreds of millions of people depended on became unavailable, instantly, by force of an administrative decision taken in another jurisdiction. No customer was consulted. No commercial contract prevented the suspension. The geographic residence of the data was irrelevant to the outcome: what failed was access to the intelligence engine itself.
For most applications, this translates into inconvenience. For a cybersecurity platform, where AI supports detection, alert triage, risk analysis, and the Virtual CISO function, an interruption of this nature at the wrong moment, during an active incident for example, is an operational risk that no responsible security team can accept.
The Structural Risk: Depending on AI in a Foreign Jurisdiction
The accelerated adoption of generative AI in recent years was built, to a large extent, on a small number of providers operating frontier models from infrastructure in non-European jurisdictions. This concentration creates three classes of risk that are rarely assessed together.
Availability risk. As the June 12 episode demonstrated, access to an external model can cease through a regulatory, commercial, or political decision in the country where the provider operates. A change to terms of service, a sanction, a national security directive, or simply the discontinuation of a model can remove, without useful warning, a capability embedded in an organization’s critical processes.
Jurisdiction risk. When data is processed by a provider subject to foreign legislation, it becomes exposed to the reach of that legislation. The US CLOUD Act, for example, allows US authorities to compel access to data held by providers under American jurisdiction, regardless of the physical location where that data is stored (U.S. Congress, 2018). For the most sensitive information assets of a cybersecurity organization, the vulnerability registry, the asset inventory, the incident history, this exposure is precisely the type of risk the security function exists to mitigate.
Compliance risk. Sending this data to third-party AI clouds outside the European regulatory space can collide with the GDPR, with the supply chain risk management requirements of NIS2 and, in the financial sector, with the information and communication technology third-party risk regime set out in the DORA Regulation (European Parliament, 2022; European Parliament, 2022b). Dependence on an AI provider outside Europe itself introduces a third-party risk that must be inventoried, assessed, and ideally eliminated.
It is important to be clear about a distinction that is often confused. Ensuring that data is stored in Europe (data residency) is not the same as ensuring that processing and operational control remain under European jurisdiction (operational sovereignty). The June 12 episode illustrates this exactly: the location of the data did not prevent access to the capability from being cut. Real sovereignty requires control over the processing engine, not merely over where the bytes rest.
The Viriatus Choice: Local Models in Controlled Infrastructure
Viriatus was designed from a different premise. The platform uses proprietary language models, running on dedicated machines inside the controlled perimeter where the platform operates, and not as a call to an external service. In the CyberS3C-managed model, these models run on servers in the ONI datacenter, on Portuguese territory. This choice takes shape in two deployment models, both under European control:
In the first model, the platform runs on CyberS3C infrastructure, hosted in the ONI datacenter in Portugal, with client access through VPN. In the second, the platform is installed on the client’s own infrastructure, at their premises. In both cases, the proprietary language models operate inside the same perimeter as the data. There is no sending of information to external AI services, the data is never used to train third-party models, and it is never shared outside the controlled perimeter. In the CyberS3C-managed deployment, there is not a single line of code running outside Portugal: from the intelligence engine to data storage, the entire stack operates on Portuguese soil.
The practical consequence of the June 12 episode is direct: an organization whose security function depended on an external model potentially watched that capability disappear. An organization running Viriatus has no such dependency. The AI engine runs where the data runs, under the control of whoever operates the platform, and no directive issued in another jurisdiction can cut off its access.
Sovereignty Is Not Just Data Residency
The public discussion of digital sovereignty fixated for years on the geographic location of storage. It is a necessary condition, but plainly an insufficient one. Operational sovereignty, the kind that truly protects an organization, rests on three pillars that the local-model approach satisfies in full.
Continuity. The capability cannot be withdrawn by third parties. When the AI engine runs inside the organization’s perimeter or that of its trusted European provider, no external decision, regulatory, commercial, or political, interrupts the service. Operational continuity is no longer hostage to the contractual and geopolitical stability of a foreign provider.
Confidentiality. The data does not leave the controlled perimeter. The asset inventory, the open vulnerabilities, and the incident history, which together form a precise map of an organization’s weaknesses, are never exposed to processing under foreign jurisdiction nor to the reach of legislation such as the CLOUD Act.
Compliance. The architecture aligns with the European regime by construction. For entities covered by NIS2 and Decree-Law no. 125/2025, supply chain risk management becomes simpler when there is no non-EU AI provider to inventory. For the financial sector, the information technology third-party risk regime set out in DORA is easier to meet when the critical capability does not depend on a third party outside the European supervisory space.
Portugal and Europe: Strategic Autonomy as a Requirement
The European Union has been asserting digital strategic autonomy as a public policy objective, recognizing that dependence on technology providers from outside the bloc constitutes a systemic vulnerability (ENISA, 2024). The June 12, 2026 episode turned that abstract debate into a concrete demonstration: a decision taken on one continent altered, in an instant, the availability of a capability used across the world.
For a Portuguese organization, the lesson is practical and immediate. Building critical functions, and cybersecurity is by definition a critical function, on capabilities that can be revoked by a foreign authority is to introduce a single geopolitical point of failure at the center of the operation. Running models locally, on infrastructure under Portuguese or European control, is the concrete technical expression of the strategic autonomy that Europe advocates at the policy level.
This is not protectionism nor distrust of any particular provider. It is elementary risk management. A capability an organization depends on to defend itself should not be subject to interruption by a party that the organization does not control and whose decisions it can neither predict nor influence.
Practical Implications for NIS2 Organizations
For the thousands of Portuguese organizations covered by Decree-Law no. 125/2025, this episode should directly inform the risk management exercise the law requires. Three concrete actions follow from this analysis.
First, inventory AI dependencies. Any security capability, detection, classification, decision support, that depends on an external model is a critical supplier that must appear in the supply chain risk registry, with a corresponding contingency plan for the scenario of sudden unavailability.
Second, assess jurisdictional exposure. For each external AI service, it is essential to determine which legislation the provider is subject to and which data is sent to it. The answer to these two questions defines the real compliance risk with the GDPR and with NIS2.
Third, favor architectures in which the critical capability remains under control. Where AI supports security functions, the option of running it locally, on controlled infrastructure, simultaneously eliminates availability risk, jurisdiction risk, and compliance risk, instead of managing each one individually.
Conclusion
On June 12, 2026, the sector received an unequivocal demonstration of a risk many preferred to treat as hypothetical: AI capability hosted by third parties in a foreign jurisdiction can vanish overnight, through decisions no customer controls. For most applications, this is an inconvenience. For a cybersecurity platform, it is a structural failure that compromises the very mission of protecting.
The Viriatus decision to run AI models locally, inside controlled infrastructure in Portugal and Europe, was never a matter of technical fashion. It is the practical translation of a simple principle: the capability an organization depends on to defend itself must be under its control, or under the control of a trusted European partner, and not at the mercy of a directive issued on another continent. Organizations that adopt this approach will not merely be improving their security posture: they will be ensuring that this posture cannot be taken from them by parties that answer to no one but themselves.
References
Anthropic. (2026). Statement on Fable 5 and Mythos 5 access. Anthropic. https://www.anthropic.com/news/fable-mythos-access
CNCS. (2024). Cybersecurity in Portugal Report. National Cybersecurity Centre.
Decree-Law no. 125/2025, of December 4. Diário da República.
ENISA. (2024). Threat Landscape 2024. European Union Agency for Cybersecurity.
European Parliament. (2022). Directive (EU) 2022/2555 (NIS2). Official Journal of the European Union.
European Parliament. (2022b). Regulation (EU) 2022/2554 (DORA). Official Journal of the European Union.
U.S. Congress. (2018). Clarifying Lawful Overseas Use of Data Act (CLOUD Act), H.R. 4943. United States Congress.
