AI at Scale in 2026: Power, Security and Platform Control

AI is no longer just a software feature; it is forcing hard questions about scale, infrastructure resilience and platform control right now for startups, enterprises and regulators.

AI scale: from model demos to power-hungry reality

Recent tech briefings note that the bottleneck in 2026 is shifting from Can we build powerful models? Can we actually power and run them at scale?. A January 2026 deep tech strategy paper calls this the AI power rails problem, warning that if grid upgrades, transformers and data‑centre build‑outs lag AI adoption, the entire S‑curve could slow down. Microsoft, OpenAI and Nvidia are cited as identifying infrastructure, not algorithms, as the core systemic risk, driven by interconnection backlogs and hardware shortages for high‑voltage equipment.

Capital is already moving to close that gap. UK chipmaker Fractile has committed £100 million (about $136 million) over three years to expand AI‑chip operations in the UK, including a new hardware engineering facility in Bristol aimed at system assembly and software testing. Governments view this as strategic: the British government highlighted Fractile’s plan as proof that advanced computing capacity is becoming a national asset, with the UK tech sector now estimated at over £1 trillion in value. Similar investment waves are underway in AI‑centric data centres, optical networks and accelerator supply chains globally, all framed explicitly as responses to AI scale demands.

Infrastructure resilience: AI as a cyber and grid risk

At the same time, AI is intensifying infrastructure risk rather than just riding on top of it. A February 2026 World Economic Forum piece on AI‑enabled cyber threats stresses that AI now amplifies both attack and defence: threat actors can weaponise generative models to automate phishing, malware generation and vulnerability discovery, while defenders attempt to use AI for anomaly detection and incident response. The article argues that organisations must move beyond perimeter-only thinking to build intelligent resilience across identity, data, applications and cloud platforms, with tested recovery plans instead of just paper policies.

Security expectations are shifting towards runtime assurance. An influential January 2026 commentary describes how investors are backing companies like Upwind, which raised a large round to build runtime cloud‑security controls that work directly in production workloads, not just in CI/CD pipelines. The UK’s National Cyber Security Centre (NCSC) is cited as launching Cyber Resilience Test Facilities (CRTFs) to independently test products and architectures, giving buyers a way to make risk‑based decisions about AI-heavy technology stacks. Combined with recent large‑scale incidents such as multi‑billion‑record data breaches and mass compromises of WordPress sites, these moves show why this infrastructure keeps running safely. is now a board‑level AI question.

On the physical side, AI data centres have become political flashpoints. Reporting referenced in the same infrastructure essay notes that The Hill and other outlets are covering community pushback over power‑hungry AI campuses, forcing CTOs to treat capacity planning as a reputational and regulatory issue rather than a mere procurement detail. Where to place data centres, how to secure power contracts and how to explain local impacts are now central parts of AI strategy.

Platform control: avoiding a second “tech wipeout”

Against this backdrop, platform control has become a survival issue. In a 9 February 2026 interview, Databricks CEO Ali Ghodsi warned that after the 2022 tech crash, “things seem to have just been accelerating on the AI side” and that another wipeout is possible if companies overbuild or rely too heavily on dominant platforms without controlling their own data and economics. He points out that some platforms may choose short‑term revenue-raising prices, blocking data access, slowing innovation, to protect existing business, and predicts that “in a year or two, those businesses will go out of business” if they lock customers in while failing to deliver value.

In a separate TechCrunch interview, Ghodsi argues that SaaS isn’t dead, but AI will soon make it irrelevant” in its current form, because AI native platforms that sit closer to customers’ data and infrastructure can displace traditional app‑layer SaaS. The implication for startups is clear: owning your data plane and having leverage over the model layer is becoming more important than shipping yet another thin UI on top of someone else’s API. For enterprises, this translates into a push toward data‑lakehouse architectures and private model hosting where possible, to avoid being locked into a single hyperscaler or closed‑source model provider.

Regulators move from theory to intervention

Regulators have noticed how much power is concentrating in a few AI platforms. A 9 February 2026 global tech recap notes that European regulators are signalling a tougher stance on AI defaults inside dominant platforms, scrutinising how pre‑set assistants, recommendation engines and copilots may entrench gatekeepers and distort competition. This comes alongside existing EU AI Act negotiations and national competition probes, but the tone has shifted from exploratory to corrective: defaults, bundling and data‑access terms are all on the table.

Policy conversations now treat AI infrastructure as “civic infrastructure with externalities to be managed, not ignored”. That framing pushes regulators to look at power usage, environmental impact, systemic cyber risk and cross‑border data flows, rather than only content harms or privacy in isolation. Some governments are also experimenting with industrial‑policy style incentives (for example, long‑term tax breaks for data‑centre investments or domestic chip manufacturing) in exchange for stricter uptime, security and transparency commitments from providers.

What this means for startups and enterprises now

The result is that AI strategy in early 2026 is an infrastructure and governance problem, not just a model or UX decision. Startups are being pushed by investors to answer three hard questions:

1. Can you scale compute and data without being priced out by hyperscalers or model providers?

2. Is your architecture resilient to AI‑enabled cyberattacks and outages, with runtime controls and tested recovery paths?

3. How much platform control do you have over data, models and deployment if regulators or vendors change the rules?

Enterprises face the same questions, but with added regulatory exposure: boards are being briefed on grid‑dependency of AI data centres, the legal impact of platform defaults, and the risk that opaque AI supply chains could fail critical services. In other words, tech‑sector commentary is converging on a single conclusion: AI scale, infrastructure resilience and platform control are immediate strategic issues shaping budgets and policy in 2026, not topics that can be postponed to some distant maturity phase.