Something new happened yesterday, and it didn't make the business pages the way it should.
On June 25, the Trump administration asked OpenAI to stagger the release of GPT-5.6 — not through a regulation, not after a public comment period, but through a direct request. The Office of the National Cyber Director and the Office of Science and Technology Policy told OpenAI to limit who gets access to the new model, and when. Sam Altman sent an internal memo to staff explaining that the government would be "approving access customer by customer" during the initial preview period. First, a small group of "close partners." Then, a few weeks later, a broader rollout — assuming all goes well.
This is the first time in US history that the government has preemptively told an AI company to restrict the launch of one of its own models. Not after a breach. Not after a demonstrated harm. Before release, as a precondition for access. The stated reason is that GPT-5.6 has advanced cybersecurity capabilities that could pose "unprecedented safety risks" if released too broadly, too fast.
That's the headline version. Here's the version that matters for your organization.
Who's "Customer by Customer"?
When Sam Altman says the government will approve access "customer by customer," that means someone in Washington is deciding which organizations get GPT-5.6 first. The explicit logic is national security. The implicit logic is the same as it always is: the organizations with existing relationships, contracts, and trust networks with federal agencies move to the front of the line.
OpenAI already showed us what that group looks like. Their Daybreak cybersecurity program — launched just three days earlier — gates GPT-5.5-Cyber behind a "Trusted Access for Cyber" approval layer. The initial participants: Accenture, Cisco, CrowdStrike, Darktrace, IBM, NCC Group, Palo Alto Networks, Sophos, Zscaler. Large enterprise security vendors, every one of them. Hundreds of employees at minimum. Many with existing government contracts.
That's who gets early access. Not the 15-person nonprofit running a community health program. Not the 40-person public-sector team modernizing service delivery. Not the scrappy SMB that's been building AI workflows since 2024 and knows this stuff better than most of the consultants charging $500 an hour to talk about it.
For "most defenders," OpenAI says, GPT-5.5 is "the right starting point." Which sounds measured, until you realize that GPT-5.5-Cyber is sitting in the hands of the largest security companies in the world right now, actively building products on top of it — and you'll access that capability indirectly, downstream, packaged up and repriced by Cisco or Palo Alto.
This isn't a conspiracy. It's just the logic of gated access playing out exactly as you'd expect.
Why This Precedent Is Different
Pre-release government access to AI models isn't new. The CAISI program at NIST has been evaluating frontier models before release since 2024, and every major AI lab now has a federal evaluation agreement. What's new is that the government isn't just evaluating — it's deciding who gets access.
That's a categorically different thing. Evaluation is about understanding risk. Access control is about gatekeeping capability.
The precedent set yesterday is: the US government has the demonstrated will and authority to tell an AI company "this model can go to these customers — hold it back from everyone else." OpenAI complied. The next model, and the one after, will face the same dynamic — except now both sides know this is just how it works.
The drug approval analogy is useful here. The FDA decides which drugs reach which patients in what sequence. There's an accelerated track for large medical institutions with existing relationships. Community clinics wait. Sometimes much longer. The approval process serves real safety goals, but it also entrenches existing access hierarchies — and the organizations with the most political and commercial surface area with regulators have the most influence over how those hierarchies form.
AI capabilities are now on that same track. And small orgs are in the community clinic tier.
The Canadian Reality Check
We work mostly with Canadian teams, so let's be direct about what this means north of the border.
OpenAI is an American company subject to US government requests. Canadian NGOs, public-sector teams, and SMBs accessing OpenAI's API are using infrastructure that the US government has now demonstrated willingness to gate, restrict, and direct on a customer-by-customer basis. There's no Canadian carve-out in that memo. There's no "friendly neighbor" exemption in the ONCD's access list.
This isn't hypothetical risk anymore — it's demonstrated capability. If your workflows run through OpenAI API calls, those workflows are now operating on infrastructure where access policy is partially dictated by the Office of the National Cyber Director. Not as a threat. As a fact that belongs in your vendor risk assessment.
Treasury Board guidance on AI in federal procurement is already moving toward vendor accountability frameworks. When the most powerful AI models require US government approval to access, Canadian public-sector procurement officers are going to start asking questions about which vendors have those approvals — and which don't.
The Open-Source Hedge Nobody Can Gate
Here's the thing about the current generation of open-weight AI models: nobody can do this to them.
GLM-5.2, released June 13 under the MIT license, is a 753-billion parameter model with a 1-million-token context window. It's outperforming GPT-5.5 on several coding and reasoning benchmarks. The weights are on Hugging Face. No one from Washington is approving your access to it. No one from anywhere, for that matter — the MIT license is global and doesn't discriminate by customer type or political relationship.
Kimi K2.7 Code dropped June 12 under similar terms. MiniMax M3 is open-weight with a 1M context window. If you run a local deployment — on your own hardware or on a Canadian cloud instance — you're not in anyone's access queue. You have the weights. You own the deployment. The Office of the National Cyber Director cannot tell you that you're not on the approved list.
We're not saying rip out your OpenAI integration and go full-local. That's not realistic for most teams. But the argument for keeping at least one open-weight model in your actual running workflow just got significantly stronger — not because it's better on every task, but because it can't be gated by a memo from an office in Washington.
Three Things to Do Before the Next Model Drops
Categorize your workflows by access sensitivity. Which workflows genuinely need cutting-edge capability, and which run fine on GPT-4o or a stable open-weight model? The more critical the workflow, the more you want it running on something that doesn't require government sign-off for each new release.
Get an open-weight model running in parallel today. Not as your primary stack — as a warm backup and a real-world capability check. Ollama or LM Studio takes an hour to set up. Pick up GLM-5.2 or Mistral Large and point one workflow at it this week. If access policies tighten further, you need a working fallback, not a panicked migration.
Make your API calls model-agnostic. Most teams calling OpenAI's API use patterns that would take a day or two to reroute to a different provider. The LiteLLM library makes this nearly trivial — same endpoints, same auth pattern, different base URL. Doing this now, calmly, is very different from doing it in a panic when the next access restriction breaks something in production.
The government just set a precedent. It will cite this one the next time a new model releases, and the one after that. By the time this is being discussed in boardrooms, the organizations that already built for flexibility will have stopped worrying about it — and everyone else will be scrambling.
We help small teams work through exactly this: auditing AI stack dependencies, identifying where single-vendor exposure creates real risk, and building workflows your organization actually controls. If yesterday's news made your vendor risk question feel more urgent, that's the right reaction. Come talk to us about what to do with it.