When AI Infrastructure Goes Dark: Vendor Risk for Firms
The Fable 5 and Mythos 5 models came back online after 19 days. For most people, it was a curiosity. For consulting firms selling AI implementations to enterprise clients, it was a stress test that exposed a question nobody had a good answer for: what happens when your vendor’s AI infrastructure disappears because of export controls?
Anthropic’s shutdown wasn’t a technical failure. It was a geopolitical one. The U.S. government tightened export restrictions on advanced AI models, and two of Anthropic’s flagship offerings went offline for nearly three weeks. Enterprises that had built workflows around those models were stuck. Consulting firms that had recommended them were fielding uncomfortable calls.
If you’re a partner at a consulting firm advising clients on AI strategy, this event changed the conversation. Vendor selection is no longer just about performance benchmarks and API pricing. It’s about jurisdiction, export policy, and continuity risk. Your clients are now asking questions you didn’t budget time to answer, and the next proposal you write needs to address infrastructure resilience in a way that didn’t matter six months ago.
The New Risk Layer in AI Vendor Selection
Most consulting engagements that touch AI follow a predictable arc. You assess the client’s process, identify automation opportunities, recommend a stack, and help them deploy it. The vendor conversation used to focus on accuracy, cost per token, and integration complexity. Those variables are still important, but they’re no longer sufficient.
The Anthropic outage introduced a new variable: geopolitical continuity. A client can’t run a business-critical workflow on a model that might vanish for three weeks because of a policy shift in Washington or Brussels. This isn’t hypothetical anymore. It happened to a top-tier provider with enterprise customers and SLAs.
For consulting firms, this creates two problems. First, you need to update your own vendor diligence process. Every AI recommendation you make now carries infrastructure risk that didn’t exist before. Second, your clients are going to ask about it. If you’re pitching an AI implementation and the buyer asks how you’ve accounted for export-control risk, you need a better answer than “we’ll monitor the situation.”
The firms that adapt quickly will differentiate on this. The ones that don’t will lose deals to competitors who can articulate a continuity plan. We’re already seeing RFPs that explicitly ask for multi-vendor fallback strategies and jurisdictional risk assessments. That work takes time, and most firms aren’t set up to do it efficiently.
What This Means for Your Proposal Process
Let’s talk about the practical impact on your business. A typical enterprise AI proposal used to take 20 to 40 hours of senior time. You’d pull together case studies, build a custom architecture diagram, write the risk section, and price it out. That timeline just got longer.
Now you need to add a vendor risk analysis. Which models are subject to export controls? What’s the fallback if the primary vendor goes offline? How do you architect the solution so the client isn’t locked into a single provider? These aren’t questions you can answer with a boilerplate paragraph. They require research, scenario planning, and documentation.
If you’re doing this manually, you’re adding another 8 to 12 hours per proposal. That’s time your partners and senior consultants don’t have. It also compounds the knowledge management problem that most firms already struggle with. Every proposal team is researching the same vendor landscape, reading the same policy updates, and writing similar risk sections. The firm pays for that work over and over.
This is where an AI agent built specifically for proposal generation starts to make financial sense. A Proposal Generation Agent can pull past vendor assessments, track policy changes, and draft the risk section based on the firm’s latest diligence. It doesn’t eliminate the need for senior review, but it cuts the research and drafting time by 60% to 70%. For a firm writing six enterprise proposals a quarter, that’s 100+ hours of partner time back in the business.
The same logic applies to the research phase at the start of every engagement. You’re now expected to deliver a jurisdictional risk brief alongside the usual industry analysis. A Research Agent can run that analysis in parallel, pulling regulatory updates, export-control databases, and vendor incident logs into a structured summary. It’s the kind of work that used to require a junior consultant and three days. Now it’s a 20-minute agent task.
Building Resilience Into Client Recommendations
The firms that will win in this environment are the ones that treat AI infrastructure like any other enterprise dependency. You wouldn’t recommend a single-vendor ERP stack with no failover plan. The same principle applies to AI.
Here’s what that looks like in practice. When you’re architecting an AI solution for a client, you design for vendor portability from day one. That means abstracting the model layer so the client can swap providers without rewriting the application. It means running parallel evaluations on at least two models that operate under different jurisdictions. It means documenting a continuity plan that the client’s risk team can actually execute.
This isn’t theoretical. We’re working with consulting firms that have started building this into every AI engagement. They maintain a live vendor risk matrix that tracks export-control status, incident history, and jurisdictional exposure for every major model provider. When a new proposal comes in, the team pulls the latest matrix, identifies the low-risk options, and architects the solution accordingly.
That matrix is a knowledge asset. It’s valuable across every engagement the firm does. But if it lives in a spreadsheet that three people know about, it’s not doing its job. A Knowledge Agent can index that matrix, along with every other piece of vendor diligence the firm has produced, and surface it when someone asks. The partner writing the proposal doesn’t need to remember where the export-control analysis lives. They ask the agent, and it pulls the relevant section with sources.
For firms that want to move quickly on this, we’ve put together a practical guide that walks through the first agent deployment. Deploy Your First Business Agent is a worksheet that covers vendor selection, task definition, and the first 30 days of operation. It’s designed for consulting firms that don’t have a dedicated AI team but need to start building agent infrastructure now.
The Cost of Ignoring This
Let’s be direct about what happens if you don’t adapt. Your competitors will. The firms that can credibly address geopolitical vendor risk in their proposals will win deals you used to win. The ones that can deliver a continuity plan without adding two weeks to the sales cycle will move faster than you.
There’s also a reputational risk. If you recommend a vendor that goes offline because of export controls, and your client’s operations stall for three weeks, that’s a relationship problem. It doesn’t matter that nobody could have predicted it. The client will remember that you didn’t plan for it.
The financial impact is straightforward. A consulting firm doing $5M in annual revenue typically writes 15 to 25 enterprise proposals a year. If vendor risk diligence adds 10 hours per proposal, that’s 150 to 250 hours of partner time. At a typical internal cost of $200 to $300 per hour, you’re looking at $30K to $75K in additional labor. That’s before you account for the opportunity cost of slower turnaround or the deals you lose because a competitor had a better continuity story.
Most firms in the consulting vertical are leaking $80K to $300K annually on repeated research, proposal rework, and knowledge management debt. The vendor risk layer compounds that. You can absorb the cost and keep doing it manually, or you can build the agent infrastructure that makes it scalable.
What an Omni Audit Uncovers
We run a 60-minute diagnostic for consulting firms that want to see where the operational cost is hiding. It’s called an Omni Audit, and it’s designed to surface the specific workflows where an AI agent would have the highest ROI. You don’t get a deck. You get three outputs: a process map of your highest-cost manual work, a prioritized list of agent opportunities, and a 90-day build plan.
For most consulting firms, the audit identifies proposal generation and research synthesis as the two highest-value targets. Those are the workflows where senior people are doing repetitive work that an agent can handle. The audit also uncovers the knowledge management gaps, the places where the firm has valuable IP that isn’t accessible when someone needs it.
The vendor risk question fits directly into this. If your firm is now spending 10 hours per proposal on jurisdictional diligence, that’s a workflow an agent can automate. If you’re maintaining a vendor risk matrix that nobody can find, that’s a knowledge management problem an agent can solve. The audit quantifies both, and the build plan shows you how to deploy the agents that address them.
You can book a 60-min Omni Audit directly. It’s a working session, not a sales call. You’ll walk away with a clear view of where your firm is losing time and what an agent-based solution looks like for your specific operations. We’ve run this audit for consulting firms across the $1M to $25M revenue range, and the patterns are consistent. The cost is in proposal work, research duplication, and knowledge that exists but isn’t reusable.
How to Start Building Agent Infrastructure
If you’re ready to move on this, the path is straightforward. You don’t need to hire a data science team or rebuild your tech stack. You need to identify the highest-cost manual workflows, define the agent tasks that address them, and deploy the agents in a way that integrates with how your people already work.
For consulting firms, that usually means starting with a Proposal Generation Agent and a Research Agent. Those two agents handle the workflows that consume the most senior time and produce the most reusable output. The Proposal Generation Agent pulls past proposals, vendor assessments, case studies, and pricing into a tailored draft for each new opportunity. The Research Agent runs structured industry and company research at the start of every engagement, with sources, summaries, and a one-page brief.
Both agents feed into a Knowledge Agent that indexes everything the firm produces. When someone needs the latest vendor risk analysis or a case study from a similar engagement, they ask the agent. It pulls the relevant content with attribution, so the team knows where it came from and whether it’s current.
This isn’t a six-month transformation project. Most firms deploy their first agent in 30 to 45 days. The key is starting with a narrow, high-value task and proving the ROI before you expand. The AI audit for consulting firms is designed to identify that first task and give you a build plan that fits your operations.
We’ve also published a broader set of resources for firms that want to understand the agent landscape before they commit to a build. The insights section covers emerging use cases, vendor developments, and policy shifts that affect how consulting firms deploy AI. The guides library walks through agent architecture, task definition, and integration strategies in more detail.
The Firms That Move First
The consulting firms that adapt to this new risk environment will do it by building reusable infrastructure. They won’t treat vendor diligence as a one-off task for each proposal. They’ll build a system that captures the research once and makes it available across every engagement.
That system is an agent. It’s not a dashboard or a knowledge base. It’s an active participant in the workflow that drafts the vendor risk section, pulls the continuity plan, and updates the analysis when a new policy shift happens. The firms that deploy this infrastructure in the next six months will have a material advantage in competitive bids.
The ones that wait will spend the next year watching their proposal costs climb and their win rates flatten. The market has changed. The buyer expectations have changed. The vendor landscape has changed. Your operations need to change with them.
If you’re a partner or GM at a consulting firm and you’re reading this thinking “we need to figure this out,” the next step is simple. Book my Omni Audit and we’ll map out exactly where the cost is hiding and which agents will give you the fastest return. You’ll have a build plan by the end of the hour.
The firms that treat AI as infrastructure, not as a project, will be the ones still winning enterprise deals two years from now. The 19-day shutdown was a warning. The question is whether you’re going to act on it.