Alex Karp Is Right About the AI Problem. He's Missing the Solution.
By now you've probably seen the clip. Alex Karp, CEO of Palantir, went on CNBC last week and called the AI industry "effing insane." He suggested that companies like OpenAI and Anthropic are imposing a "wealth tax" on their enterprise customers — charging premium token prices while quietly absorbing the proprietary data, processes, and business logic that make their customers unique. He implied that OpenAI and Anthropic are, in effect, both stealing from and overcharging their customers.
"This is the voice of American business being channeled through me," Karp said at one point, claiming the CEOs he speaks to are "twice as livid as me."
Was he wrong? Not entirely. But the real story is what he never said. TLDR: data needs to protect itself.
The Surface Argument: Open vs. Closed Models
On its face, Karp's rant looks like a debate about model architecture. Proprietary and closed frontier labs (OpenAI, Anthropic) versus open or sovereign alternatives (Nvidia's Nemotron. His partnership with Nvidia, announced the same week, is clever framing: Palantir is on the side of the open, the sovereign, the trustworthy.
But, as Nvidia CEO Jensen Huang noted recently, "proprietary versus open is not a thing; it's proprietary and open." Enterprises will inevitably route workloads across multiple model classes — frontier, open, specialized, small, domestic. The routing decisions will depend on cost, performance, jurisdiction, and risk.
In summary, the model debates are a distraction. The deeper issue is not model choice. It is control over data. Specifically: who owns the data, the policy, and the intelligence that flows through these systems?
What Karp Is Actually Saying
Strip away the theater, and Karp's argument has two distinct parts.
First, he's saying that frontier model providers like OpenAI and Anthropic have a structural incentive to absorb enterprise knowledge. Every sensitive workflow, proprietary process, and competitive secret that flows through their APIs potentially improves their models, fuels their competitive position, and ultimately — if Karp's worst-case scenario plays out — allows them to compete with or intermediate the very customers paying their bills. Whether this is happening literally today in violation of terms of service is beside the point. The architecture makes it possible. The incentives point in that direction. Enterprise fear of this outcome is rational and real.
Second, he's saying that enterprises are being gouged. Token pricing is, in Karp's framing, a wealth transfer from companies that generate valuable proprietary data to the labs that increasingly benefit from touching it.
Both of these arguments, whether or not they're entirely fair to OpenAI or Anthropic today, identify a genuine structural tension. Enterprises are right to ask: if my most sensitive data and intellectual property flow through a vendor's infrastructure indefinitely, am I building a business — or am I building a dependency?
Karp's Answer: Let Palantir Stand Between You and the Machines
Palantir's solution is elegant from a business development standpoint. Don't deal directly with OpenAI or Anthropic. Let Palantir sit in the middle. Palantir's "application layer" governs the interaction, routes workloads to the optimal model, preserves sovereign enterprise context, and makes the underlying model interchangeable. Trust us, not them.
This is a classic platform move. Control the system of intelligence — the enterprise-specific context layer where business rules, policies, processes, and tacit knowledge live — and treat the model itself as a commodity. Palantir wants to be the operating system for the enterprise brain.
It's a compelling pitch. It's also self-serving in ways Karp seems perfectly aware of.
But here's the thing: Palantir is asking you to solve a data sovereignty problem by surrendering data sovereignty to Palantir.
France already noticed this. French leadership announced in June it would favor domestic providers over Palantir, explicitly calling its relationship with the company "new strategic dependencies in the digital sphere." British NHS leaders are calling for the organization to drop its Palantir contract. Spain is reportedly reconsidering its position too. If Palantir is the antidote to dependency on OpenAI, it turns out the medicine creates its own dependency.
So let's ask the question Karp didn't answer: is there a way to give enterprises genuine agency over their data — not conditional agency managed through a vendor's intermediary layer, but actual, cryptographically enforced, portable control of their data?
There is.
The Real Problem Is Not Model Choice. It's Data Control Without Sacrifice.
The deepest flaw in the AI data sovereignty debate is that it's been framed as a trade-off. You can either share data with AI systems and get the productivity benefits — or you can lock data down and preserve sovereignty. Protected or productive. Control or capability.
That binary is false. The way out isn't a better intermediary. It's a different architecture.
The question every enterprise should be asking is not "which vendor should sit between us and the AI?" It's "how do we share data with AI systems — and with humans, and with partner organizations — in a way that doesn't require us to surrender control, ownership, or the ability to revoke access?"
The answer, built into an open standard that has operated in the most demanding data environments on earth, is the Trusted Data Format (TDF).
What TDF Actually Does (And Why It Matters for AI)
TDF isn't a product. It's an open standard — one that originated at the NSA, was ratified by the Five Eyes as ACP-240 for secure coalition operations, and is now stewarded openly by Virtru and the broader community. And it solves exactly the problem Karp is describing, at the architectural level rather than the intermediary layer.
Here's the core idea: instead of protecting data by controlling the environment it lives in — the network perimeter, the access management platform, the vendor's application layer — TDF embeds policy and encryption directly in the data object itself. The data carries its own governance. It knows who is allowed to access it, under what conditions, with what permissions, and for how long. That policy travels with the data wherever it goes — into an AI workflow, across organizational boundaries, through an agent chain, or to a partner system in another country.
This means something profound for the AI problem Karp is raising. When enterprise data is wrapped in TDF before it enters an AI workflow:
- The data owner retains control. Access can be revoked in seconds, even after the data has been shared with an AI system.
- Policy travels with the data. The AI system or AI agent can only access what the policy permits — not because the vendor promises so in a terms of service, but because it's cryptographically enforced.
- Sharing doesn't require trust. The enterprise doesn't need to trust that OpenAI won't train on its data. The data simply can't be absorbed in ways that violate its embedded policy. Sharing happens through verifiable partnership, not through surrendered control.
- The standard is open. There is no proprietary container, no lock-in, no Palantir-shaped dependency standing between you and your data. The mechanism is auditable. Customers building on TDF accumulate leverage, not dependency.
Data has to move. That's the whole point of AI — getting intelligence to act on your most valuable information. The job isn't to stop that movement. The job is to make sure governance travels with it.
Virtru and TDF as the Real AI Intermediary
Karp positioned Palantir as the critical intermediary between enterprises and the frontier model vendors. We'd argue there's a better framing for what that intermediary should actually be — and it shouldn't be a company at all. It should be a standard.
If you want your data to move through AI systems — shared with language models, processed by AI agents, routed through multi-model pipelines — without sacrificing control, ownership, or sovereignty, the architecture you need is object-centric protection built on open standards. That means TDF. It means attribute-based access control fused with the data object itself. It means a key access service you can control. It means the ability to expire and revoke access to data that has already been shared, even after an AI system has touched it.
What Virtru has built on top of TDF is the practical implementation of this architecture — for email, for files, for enterprise collaboration, and now for AI workflows. The same architecture that governs data flows across defense and intelligence coalition operations is the architecture that can govern what your AI agents can and cannot do with your most sensitive information.
This isn't a replacement for the AI infrastructure debate. Enterprises still need to think carefully about which models they trust for which workloads, what the governance layer looks like, and how they maintain optionality in a multi-model world. Karp is right that the system of intelligence — the enterprise-specific context layer — is where competitive advantage lives. He's right that enterprises shouldn't let any single vendor own their enterprise brain.
But the answer to "who should intermediate between me and the AI?" isn't "a better intermediary." The answer is: don't sacrifice control in the first place. Give your data agency. Let it carry its own governance. Share freely without giving up ownership.
Matt Howard
A proven executive and entrepreneur with over 25 years experience developing high-growth software companies, Matt serves as Virtru’s CMO and leads all aspects of the company’s go-to-market motion within the data protection and Zero Trust security ecosystems.
View more posts by Matt HowardSee Virtru In Action
Sign Up for the Virtru Newsletter
Dive Deeper
/blog%20-%20SACR%20Report/anna-perrone-commentary%20copy.webp)
The Email Security Report Every CISO Should Read, And the Questions It Should Inspire
/temp%20-%20cmmc%20compliance%20advantage/IVIS-CMMC%20COMPASS.webp)
A 20-Year DIB Veteran on Turning CMMC Into a Compliance Advantage
/blog%20-%20shared%20services%20model/shared-services-model%20copy.webp)
Your Shared Services Model Might Be Leaking Data. Here's How to Stop It.
/blog%20-%20collaborate%20webinar%20recap/Collab-Demo-Recap.webp)
Inside Virtru Collaborate: The File Sharing Platform Built on NSA Open Standards

The Hidden Cost of a Microsoft GCC High Migration, and What the License Quote Leaves Out
/blog%20-%20Andesite%20HIO%20recap/HIO-Dave%20Brown-LI.webp)
Why the Author of "The Lean CISO" Refuses to Let AI Make the Final Call
/blog%20-%20uk%20privacy%20concerns/uk-privacy-concerns.webp)
U.K. Content-Scanning Demands Raise New Privacy Concerns

HIPAA-Compliant File Sharing for Healthcare: What Good Actually Looks Like
/blog%20-%20Cyera%20raise%202026/cyera-raise-2026.webp)
Cyera’s Raise Shows the Market Is Moving With the Data

Secure File Sharing for Law Firms: Persistent Control for M&A and Litigation
Book a Demo
Become a Partner
Contact us to learn more about our partnership opportunities.
Become a Compliance Champion
Contact us to learn more about our partnership opportunities.