The Chip Sovereignty Sprint. The Distillation Doctrine. The $7 Trillion Cooling Bottleneck.

Recently, a minister of the economy walked us through the nuclear shut-down decisions their country made years ago. Their strategy assumed that the transition to renewables would relieve the energy chokepoint within a defined window. 

That chokepoint moved as the transition stalled and geopolitics tore through oil and gas supplies. Now, the country needs a strategy to alleviate the chokepoints that did not exist when they committed to their original plan. That is a hard pivot under any circumstance, but it was even harder because the strategy was welded to heavy capital infrastructure that could not be unbuilt in a policy cycle or two.

The chokepoint has moved

As those decisions reminded me, there is a particular kind of strategic mistake that only a competent organization can make. It happens when leadership identifies a leverage point correctly, builds a real strategy around it, executes with discipline, and keeps executing long after the leverage point has migrated somewhere else. The plan looks rigorous. The metrics look healthy. But the battle is being fought somewhere the strategy does not reach.

The past week brought us several new examples. An export regime organized around a chip that has become optional. A software supply chain hardened around a verification mechanism the attackers have already broken. An AI buildout keeping an eye on the semiconductor queue when copper, cooling, and grid interconnections will quietly decide who actually gets to deploy.

In every case, leaders initially made the correct analysis. Teams executed honestly and well on the strategy. But the error lay in the assumption that the chokepoint identified at time zero will remain the chokepoint long enough for the strategy to mature.

That rarely happens anymore. Leverage points in any contested system migrate the moment a credible counterparty starts pricing them, and the most disciplined organizations are often the slowest to notice because their discipline is invested in the old map. Their competence becomes their trap. And when the strategy is anchored in capital infrastructure, as it was for the government minister, the cost of recognizing the problem too late is an entire generation of stranded commitment.

Leaders do not need to build a better defense of the chokepoint they have been guarding. They need to ask a less-flattering question: Are we guarding the right chokepoint anymore? Look at the strategy your organization is currently executing, identify the assumptions on which it rests, and ask whether the map on which you drew it is still the map in place today.

If that question is uncomfortable, then the answer is useful.

Olaf

Three frontier model releases, a $40 billion investment, and China’s first proof of concept for frontier AI on a fully domestic chip stack collide in a single news cycle. The AI race is now inseparable from the chip sovereignty race, and both are being shaped by capital concentration in a handful of companies. The pricing gap alone, roughly 107 to 1 on output tokens between DeepSeek V4-Flash and GPT-5.5, should change how enterprises plan inference strategy.

BRIEFING: OpenAI released GPT-5.5 on April 23, its newest frontier model, arriving just six weeks after GPT-5.4. At the time of the launch, OpenAI reported company-wide figures of 900 million weekly active users, over 50 million subscribers, and 4 million active Codex users, its AI-powered software development tool, though a Wall Street Journal report the following week revealed the company had missed internal growth targets for both revenue and weekly active users, with Chief Financial Officer Sarah Friar raising concerns about the company’s ability to fund future compute contracts. The model runs on Nvidia GB200 NVL72 rack-scale systems at $5 per million input tokens and $30 per million output tokens. Less than 24 hours later, China’s DeepSeek launched preview versions of its V4 model series. DeepSeek-V4-Pro is a 1.6 trillion parameter Mixture of Experts (MoE) model, making it the largest open-weight model released to date. V4-Flash costs $0.28 per million output tokens compared to $30 for GPT-5.5, a pricing gap of roughly 107 to 1.

The geopolitically significant dimension is the hardware. DeepSeek trained and optimized V4 for Huawei’s Ascend 950 artificial intelligence (AI) processors, the first commercially visible proof of concept that China can train and deploy frontier-class models on a fully domestic hardware stack. Reuters reported that DeepSeek did not give Nvidia or AMD early access for optimization, reversing the standard industry practice. The same week, Google confirmed it would invest up to $40 billion in Anthropic: $10 billion in cash immediately at a $350 billion valuation, with $30 billion contingent on performance milestones. Combined commitments from Google and Amazon to a single AI lab now exceed $65 billion.

SO WHAT

For Executives: Even if DeepSeek’s benchmarks do not fully hold up to independent evaluation, the cost differential is so large that any enterprise running inference-heavy workloads should be testing open-weight models on private infrastructure as a hedge against closed-model pricing power. In many tech areas, “good enough” at a low price and greater scalability, wins the day. The fact that V4 runs on Huawei silicon without Nvidia dependency means the cost advantage could widen further as Huawei scales Ascend 950 production. Chief information officers should be scenario-planning for a world where the cheapest frontier-class inference runs on Chinese hardware, outside the reach of Western export controls.

For Policy Makers: DeepSeek V4 on Huawei Ascend chips is the first commercially visible proof of concept that China can train and deploy frontier-class models on a fully domestic hardware stack. This does not mean export controls have failed at slowing China’s advances per se, but it does mean the window in which controls sustain a decisive advantage is narrowing. U.S. and EU policy makers need a smarter approach to competition, and they should treat the V4 release as a calibration event that focuses enforcement resources on maintaining the gap in training compute rather than inference. At the same time, it is imperative that Western and Chinese policy makers quickly find a tightly monitored engagement mode on narrowly defined AI use cases. China’s open weight innovators offer faster, more frugal cycles that are increasingly penetrating economically challenged markets, especially in the global south. Tight protocols for joint R&D, including auditing and enforcement guidelines, can have beneficial effects for select domains of shared interest, such as healthcare, education, and environment management, while steering clear of defense-relevant applications.

For Investors: Google’s $40 billion Anthropic deal is a cloud computing play structured as an AI investment. Five gigawatts of committed compute over five years ensures that as Anthropic’s usage grows, a substantial share of that spend flows through Google Cloud infrastructure. The same week, Microsoft ended its exclusive distribution arrangement with OpenAI, clearing the way for ChatGPT to run on AWS and Google Cloud. Google is now both an investor in Anthropic and a cloud host for its competitor, a capital allocation posture that prioritizes infrastructure revenue over model exclusivity. Meanwhile, Semiconductor Manufacturing International Corporation (SMIC) shares jumped 10% in Hong Kong on the DeepSeek release, signaling that the market is pricing in a self-sustaining Chinese AI chip ecosystem.

The Distillation Doctrine

The White House accused China of industrial-scale AI model theft. The State Department issued a global diplomatic cable to allied governments. And Commerce Secretary Lutnick confirmed that zero Nvidia H200 chips have actually shipped to China despite January’s approval. A new IP enforcement architecture for AI is taking shape.

Briefing: Michael Kratsios, Director of the White House Office of Science and Technology Policy (OSTP), sent a memorandum to federal agencies on April 23 accusing Chinese entities of conducting “deliberate, industrial-scale campaigns to distill United States frontier AI systems.” Distillation is the process of training smaller, cheaper models on the outputs of larger ones, effectively cloning a model’s capabilities without paying for the original research. Both Anthropic and OpenAI have publicly accused DeepSeek, Moonshot AI, and MiniMax of conducting these campaigns; Anthropic reported that a single proxy network managed more than 20,000 fraudulent accounts simultaneously, mixing distillation traffic with legitimate customer requests to evade detection.

The escalation extended beyond a single memorandum. On April 25, Reuters reported that the State Department issued a global diplomatic cable instructing U.S. embassies worldwide to warn allied government officials about the risks of using AI models built on distilled American technology. Separately, Commerce Secretary Howard Lutnick confirmed during Senate testimony that no Nvidia H200 chips have been sold to Chinese companies despite the Trump administration’s January approval, stating that the Chinese government has directed its companies to invest in domestic alternatives instead.

So What

For Executives: If your company uses AI models from Chinese providers or open-weight models of uncertain provenance, the OSTP memorandum signals rising regulatory risk. The logical next step in enforcement is controls on downstream use of distilled models, not just the distillation process itself. General counsel should review supply chain exposure to models that might have been trained using outputs from American frontier systems, including Western data and IP.

For Policy Makers: The State Department’s global cable is the first use of diplomatic infrastructure to enforce AI intellectual property norms. This is an escalation from unilateral export controls to multilateral norm-building, a pattern that mirrors the early stages of nuclear nonproliferation frameworks. The zero-shipment reality on Nvidia H200s, despite an approved policy, reveals a gap between declaratory policy and actual implementation that weakens deterrence.

For Investors: The combination of the Kratsios memorandum, the State Department cable, and the Nvidia shipment freeze creates a trifecta of uncertainty for any company with exposure to U.S.-China AI trade. Nvidia’s China revenue outlook is effectively on hold until the Trump-Xi summit produces clarity. DeepSeek’s V4 release on Huawei silicon, arriving the day after the distillation accusation, is China’s clearest signal yet that it is building for a future where American chips are unavailable and American models are too costly. This could create precedents for more open weight development in the global south that you should have on your radar screen.

Shai-Hulud Devours the Cyber Trust Chain

The command-line interface for Bitwarden, a password manager used by 10 million people and 50,000 businesses, was compromised by a self-propagating supply chain worm. The malware defeated npm’s trusted publishing mechanism, the very security system designed to prevent supply chain attacks, and specifically targeted AI coding assistants. This is the sequel to the recent Axios supply chain story, and it is worse.

Briefing: On April 22, security researchers at Socket and JFrog discovered that the command-line interface (CLI) for Bitwarden, an open-source password manager, had been compromised. The malicious version was published to npm, the Node Package Manager, which is the world’s largest registry of reusable software components, processing billions of downloads per week. Developers use npm packages as building blocks to assemble applications; a compromised package can silently infect every application that depends on it. The malware remained live for approximately 90 minutes before detection and removal. Bitwarden confirmed the incident originated from a compromised automated build process in the company’s software delivery pipeline, linked to a broader supply chain campaign first identified by the security firm Checkmarx, in which attackers have been systematically compromising the software building blocks that developers use to assemble applications.

Endor Labs published a detailed technical analysis describing the payload as one of the most capable npm supply chain attacks to date. The malware, internally branded “Shai-Hulud: The Third Coming,” harvested login credentials across GitHub, npm, Amazon Web Services (AWS), Google Cloud Platform (GCP), Azure, and Secure Shell (SSH) keys. It then used those stolen credentials to automatically reinfect every other software package the compromised developer had permission to publish, spreading itself through the supply chain like a worm. Most critically, it included a module specifically designed to hijack AI coding assistants, meaning any AI tool with access to a developer’s credentials became an unwitting accomplice. OX Security confirmed that real developer credentials had already been stolen. Security researcher Adnan Khan noted this is the first known compromise of a package using npm’s “trusted publishing” mechanism, a security feature introduced specifically to prevent these attacks by eliminating the long-lived passwords that earlier supply chain attacks exploited.

So What

For Executives: Any organization whose developers use npm packages should immediately audit which packages entered their codebase during the 90-minute window the malicious Bitwarden version was live (April 22, 2026), rotate all developer access tokens and SSH keys, and review software delivery pipeline logs for unauthorized package publications. Longer term, security teams should require cryptographic signature verification on all packages entering production builds and restrict AI coding assistant access to credential stores. The security assumption underlying most enterprise software delivery pipelines, that “trusted publishing” prevents supply chain compromise, is no longer valid.

For Policy Makers: The npm ecosystem processes billions of package downloads per week and underpins critical infrastructure across government and private sector systems. Trusted publishing’s defeat within months of broad adoption exposes a fundamental governance gap. No single entity owns the security of the open-source software supply chain, and the attacker’s innovation cycle is now faster than the defender’s. Regulators should accelerate software bill of materials (SBOM) requirements and explore mandatory provenance verification for packages used in critical infrastructure.

For Investors: The investment case for software supply chain security companies, including Socket, JFrog, Endor Labs, and OX Security, has strengthened materially. Enterprise customers who could previously defer supply chain security spending no longer can. The Shai-Hulud worm’s AI coding assistant vector means the addressable market expands with every enterprise AI deployment: as companies scale AI-assisted development, the attack surface for supply chain compromise scales with it.

The Stablecoin Stack

Stablecoins have evolved from a crypto-native trading tool into core financial infrastructure. New data from a16z crypto shows adjusted transaction volume hit $4.5 trillion in Q1 2026, with consumer-to-business transactions more than doubling year over year. Two regulatory frameworks, the GENIUS Act in the U.S. and MiCA in the EU, are now generating competing stablecoin ecosystems with direct implications for whether the dollar retains its dominance in digital payments.

Briefing: Data published by a16z crypto on April 25 shows that stablecoin-adjusted transaction volume reached approximately $4.5 trillion in the first quarter of 2026. Consumer-to-business (C2B) stablecoin transactions grew 128% year over year to 284.6 million in 2025, making it the fastest-growing transaction category. Monthly collateral deposits across stablecoin card programs powered by Rain, including Etherfi Cash, Kast, and Wallbit, grew from near zero in November 2024 to over $300 million per month by early 2026. Stablecoin velocity, meaning how many times each dollar of stablecoin supply changes hands in a given period, began climbing in mid-2025 after being flat for two years, a pattern consistent with active commercial use rather than passive holding.

Two regulatory frameworks are shaping this growth in competing directions. The Generating Economic Necessary Innovations for Upcoming Stablecoins Act (GENIUS Act) in the United States was designed to reinforce dollar dominance by creating a federal framework for dollar-backed stablecoin issuance, channeling stablecoin growth through USD rails. The European Union’s Markets in Crypto-Assets (MiCA) regulation, by contrast, forced several major exchanges to delist Tether’s USDT for non-compliance with reserve and transparency requirements, unintentionally triggering a surge in euro-denominated stablecoin activity that briefly exceeded $40 billion per month and has since stabilized at a significantly higher baseline. Most stablecoins are pegged one-to-one to fiat currencies and backed by cash reserves and short-term government securities; USDC (Circle) and USDT (Tether) together account for over 85% of global stablecoin supply, but MiCA has created the first persistent market for non-dollar alternatives.

So What

For Executives: The C2B doubling means real businesses are settling real transactions on blockchain rails. If your company operates in cross-border commerce, remittances, or any business with high payment friction, the question is no longer whether stablecoins matter, but which regulatory framework your payments stack will be built on. The GENIUS Act and MiCA are creating divergent compliance requirements that will force architectural choices within the next 12 months.

For Policy Makers: MiCA’s USDT delisting inadvertently demonstrated that regulatory action can redirect stablecoin flows toward non-dollar denominations, creating the first persistent euro-denominated stablecoin ecosystem. Other jurisdictions, including Singapore, Japan, and the United Arab Emirates, now have a template for building sovereign stablecoin markets. U.S. policy makers should recognize that the GENIUS Act’s value as a dollar-reinforcement tool depends on speed of implementation; every month of regulatory ambiguity is a month in which MiCA-compliant euro stablecoins gain ground and competing jurisdictions build their own frameworks. Treasury and the Federal Reserve should issue joint guidance on stablecoin reserve requirements within the next 90 days to prevent further fragmentation.

For Investors: The stablecoin infrastructure layer, including issuers, card programs, settlement networks, and compliance tooling, is the payments equivalent of the early cloud computing stack. Rain’s collateral deposit growth from zero to $300 million per month in 14 months is the adoption curve to watch. The GENIUS Act creates a regulatory moat for compliant U.S. issuers, while MiCA creates a parallel opportunity in euro-denominated stablecoins. The investment case centers on infrastructure: companies building the rails, compliance layers, and card programs that make stablecoin payments work for merchants and consumers.

The DefTech Arsenal Gauntlet

Defense tech’s record $49.1 billion in venture capital deal value last year proved the sector can raise money. Now it faces a harder test – manufacturing at scale. The Pentagon’s new “gauntlet” procurement model is designed to find out which startups can actually produce at the speed and cost that modern warfare demands. Most will fail. The ones that survive will reshape the defense industrial base.

Briefing: Venture capital deal value in defense technology reached a record $49.1 billion in 2025, nearly doubling from $27.2 billion the prior year, according to PitchBook. Exits surged to $54.4 billion, led by Nvidia’s $20 billion acquisition of Groq, an AI hardware and software company with military applications. But the sector’s center of gravity is shifting from funding to production. The Pentagon’s Drone Dominance Program has introduced a “gauntlet” procurement model: 12 vendors must collectively deliver 30,000 one-way attack drones at $5,000 per unit in Phase 1, with subsequent phases reducing the vendor pool while driving unit costs to $2,300. Anduril Industries is building Arsenal-1, a $1 billion, five-million-square-foot facility in Ohio designed to produce tens of thousands of autonomous systems annually, with production beginning July 2026.

The portable factory concept has moved from prototype to deployment. Sensofusion, a Finnish company, sells a Tactical Drone Factory, a fully self-contained manufacturing facility in a 20-foot shipping container that produces up to 50 interceptor drones per day with a crew of three, for $2.4 million. Per Se Systems in France builds micro-factories on trailers producing 10 drones per hour. Ukraine now produces roughly 1,000 interceptor drones per day across more than 160 licensed manufacturers, deliberately dispersed so no single strike can cripple output. President Zelenskyy has said the country has the technical capacity to double that figure but lacks the budget.

So What

For Executives: The defense tech sector’s transition from funding to manufacturing creates a new class of supply chain opportunity. Companies with existing capabilities in additive manufacturing, robotics, or industrial automation have a direct entry point into defense production, particularly as the Pentagon’s “gauntlet” model rewards scalability and supply chain security over pure technical novelty. PitchBook analyst Ali Javaheri describes manufacturing scale as the sector’s “next competitive battleground.”

For Policy Makers: Ukraine’s distributed manufacturing model, 160 licensed producers with no single point of failure, is the template the Pentagon is attempting to replicate with the Drone Dominance gauntlet. But the Western defense industrial base was not built for this. Legacy prime contractors operate on decade-long procurement timelines; the gauntlet demands delivery in months. Zelenskyy’s warning that countries buying drones without the manufacturing ecosystem behind them end up with hardware they cannot operate or sustain applies well beyond Ukraine.

For Investors: Manufacturing-focused defense investment nearly doubled to $4.7 billion across 39 deals in 2025. Investors should track the gauntlet’s Phase 1 results as a leading indicator: the vendors that survive will hold long-run production contracts at scale, and the acquisition premium for drone manufacturing capability will rise as the vendor pool narrows. Anduril’s Arsenal-1 is the first venture-backed defense company building at prime contractor manufacturing scale; an Anduril initial public offering (IPO), if it materializes, would be the defining defense tech listing of the decade. The portable factory companies, Sensofusion and Per Se Systems, represent a different thesis: sovereign manufacturing capacity as a product, sold to governments building industrial bases from scratch.

Everyone is watching chips and capital. The actual binding constraint on who gets to run AI at scale is cooling equipment, copper, grid connections, and skilled trades workers. Vertiv has acquired six companies in three years to lock down the thermal supply chain. Copper prices hit record highs. And the U.S. AIM Act is forcing a refrigerant transition at the worst possible moment. This is an infrastructure sovereignty story hiding inside a supply chain report.

THE BRIEFING

Global data center spending is projected to approach $7 trillion through 2030, with the five largest U.S. hyperscalers committing $660 to $690 billion in capital expenditures for 2026 alone, nearly double 2025 levels. But the capital is not the constraint. Manufacturing Dive, citing Omdia research, reports that each megawatt of data center capacity requires approximately 27 tons of copper. Copper prices hit a record $6 per pound in January 2026, and data centers are now outbidding traditional industrial sectors for the metal. Separately, the memory component pipeline is equally constrained: High-Bandwidth Memory (HBM) manufacturers SK Hynix, Micron, and Samsung, which produce the specialized memory chips required for AI accelerators, have preallocated their entire 2026 production capacity, with gross margins of 60 to 70%.

The cooling supply chain is where the bottleneck is sharpest. Liquid cooling capacity equaled air cooling in 2025 and is projected to double it by end of 2026, according to IoT Analytics reporting from Data Centre World London 2026. Vertiv, the largest data center infrastructure provider, has acquired six companies in under three years to assemble an end-to-end thermal management chain, most recently ThermoKey (heat exchangers, March 2026) and CoolTera (liquid cooling distribution). The acquisition pace signals that heat rejection is becoming a gating factor for how much compute can actually be deployed. The U.S. AIM Act mandates an 85% reduction in hydrofluorocarbon (HFC) production by 2036, with R-410A banned from new equipment as of January 2025, forcing data center operators into refrigerant transitions at the exact moment cooling demand is surging.

SO WHAT

For Executives: The public conversation about AI infrastructure focuses on chips and models. The quiet reality is that cooling equipment, copper supply, grid connections, and skilled labor are the actual limiters on deployment. If your AI strategy depends on data center capacity expanding on schedule, stress-test the assumption. Vertiv’s acquisition spree signals that the largest infrastructure providers see thermal management as the emerging chokepoint. Companies with supply chain exposure to copper, industrial refrigeration, or electrical engineering talent should evaluate whether AI data center demand creates pricing power or capacity conflicts with existing operations.

For Policy Makers: This is an infrastructure sovereignty story. Vertiv is a U.S.-headquartered company consolidating the thermal chain through acquisitions of European companies. Copper and HBM supply are concentrated in a handful of countries. The AIM Act’s refrigerant phasedown creates a regulatory cost that applies unevenly across jurisdictions. Whoever controls the physical infrastructure supply chain, not just the chip supply chain, controls who gets to run AI at scale. Grid permitting reform, workforce development for data center trades, and strategic reserves of critical materials for digital infrastructure should be on the same policy agenda as semiconductor subsidies.

For Investors: Hyperscalers are approaching negative free cash flow from the capital expenditure cycle, as KKR’s analysis notes. The investment opportunity is downstream of the chip makers: companies that manufacture cooling systems, power distribution equipment, fiber optic cabling, and modular data center components. The data center cooling market alone is projected to grow from $19.5 billion in 2025 to over $42 billion by 2032. The investment thesis encompasses both the models and the physical infrastructure they run on, but the infrastructure layer is where supply constraints are creating the most acute pricing power and the least crowded positioning.

Cambrian Futures is a strategic foresight and advisory firm helping government, business, and technology leaders understand how emerging technologies intersect with geopolitics, markets, and national strategy. By combining rigorous research, AI-enabled analysis, and human expertise, Cambrian provides clear insight into global technology trends, risks, and power dynamics. Its work helps decision-makers anticipate disruption, manage uncertainty, and act with strategic confidence in an increasingly competitive GeoTech world.

PRODUCTION TEAM

GeoTech Radar is produced by the Cambrian Futures Insights Platform team:

Olaf Groth, PhD
CEO & Chief Analyst

Tim Bishop
Managing Director / Producer, Insights Platform

Olga Palma
Global Lead, Smart Infrastructure Strategy

Maguire Elizabeth Garcia
Research & Marketing Associate

Dan Zehr
Editor in Chief

Learn more about Cambrian Futures at cambrian.ai

Produced with

Human Led

Human Led +
AI Augmented

AI Led +
Human Verified

Cite as: Cambrian Futures (2026) 'GeoTech Radar Issue 17'