From PRISM to Prompts: The New AI Dependency

It was not that long ago that PRISM was a shock. In 2013, Edward Snowden showed how centralized the internet had already become: when email, chats, files, photos, and contacts sit with a few large platforms, those platforms become strategic access points.

Today the situation is strangely inverted. Nobody has to force us to put context into central systems. We do it voluntarily because it is useful. We let AI rewrite a difficult email, summarize meeting notes, explain internal documents, review code, or structure a presentation.

That is not stupid. It works. That is exactly why it is so powerful.

From PRISM to the Prompt

PRISM has to be framed cleanly. It was not simply “the NSA reads everything from everyone by default.” The official reports describe a mechanism under Section 702 in which US providers had to deliver data for specific selectors based on legal directives. Even so, the political shock was justified. The point was not only the specific legal basis. The point was this: the internet we liked to imagine as free and distributed was, in practice, very easy to tap at a few places.

Today we voluntarily feed much of this data into systems that reach even deeper into our work.

It no longer stops at copying text into an input field. The new layer is connectors and agents. ChatGPT can connect apps and custom MCP-based integrations. Microsoft 365 Copilot pulls context from Microsoft Graph and external sources, either indexed or live through connectors. Claude offers integrations with Google Drive, Gmail, GitHub, Slack, and Microsoft 365. Gemini sits directly inside Gmail, Docs, Drive, Sheets, Slides, and Meet. GitHub Copilot can use a codebase as context so you can understand it faster.

Many vendors now explicitly say that customer data in business and enterprise products is not used by default to train foundation models. That matters, and to be fair, it is a real difference from some gut feelings.

But even if those promises are true, the structural problem remains: access, context preparation, permission evaluation, UI, orchestration, and billing again run through a small number of platforms.

We are not only handing over data. We are getting used to doing work through these platforms.

The New Dependency Is Convenience

This dependency did not fall from the sky. We have been living with it for a long time.

On the desktop, Windows has shaped the market for decades, macOS plays an important role especially in creative, personal, and developer environments, and on smartphones Android and iOS practically divide everyday life between them. In the cloud, AWS, Microsoft Azure, and Google Cloud dominate large parts of the infrastructure. Add office suites, app stores, identity systems, browsers, search engines, Git platforms, and advertising networks.

I do not mean this in an anti-American way. Many of these products are strong, stable, and well built. And yes: I live in Dubai today, have also spent time in the US, and now spend a lot of time in Asia and the Middle East. But a large part of my life was in Europe, my roots are European, and precisely because I see myself as open to the world, this technological imbalance bothers me.

When the operating system, cloud, productivity suite, and AI assistant come from the same geopolitical space, that is more than a procurement issue. It is digital sovereignty.

The current political situation in the US also makes me nervous. Not because every meeting between government and business is problematic; large companies always talk to governments. It becomes uncomfortable where an increasingly authoritarian political tone meets concentrated technical infrastructure: when the president publicly summons CEOs of major tech companies, demands investment pledges, and tightly links topics such as export controls, tariffs, visas, energy, and regulation. Then technical concentration becomes a political operational risk. I do not want company data to live in infrastructure that can be addressed so directly not only commercially, but also politically.

The thought is not entirely new. Lord Palmerston said in the British House of Commons in 1848:

We have no eternal allies, and we have no perpetual enemies. Our interests are eternal and perpetual.

Today the line is often repeated in the shortened form that states have no friends, only interests. You do not have to like that cynically, but you should take it seriously in technical terms. Cloud and AI infrastructure is not outside politics. It is located in countries, is subject to laws, needs energy, chips, export licenses, visas, capital markets, and government contacts.

You can see this outside the US too. In the United Kingdom, Apple was reportedly confronted in 2025 with a Technical Capability Notice aimed at gaining access to encrypted iCloud data. Apple then withdrew Advanced Data Protection for new users in the UK instead of building a backdoor into that product. That is exactly the point: even when a provider builds technically strong safeguards, a state can try to break those safeguards open politically or legally.

In the US, the Patriot Act has existed since 2001 as a security framework that significantly expanded government powers after 9/11. The CLOUD Act followed in 2018 and regulates how electronic data can, under certain conditions, be demanded from providers across national borders. That does not mean every provider is evil or every agency can read everything at any time. But it does mean this: as customers, we often do not fully know what really happens to prompts, retrieved documents, connector metadata, logs, support access, or legal disclosure requests.

AI sharpens this situation because it takes on a different role from earlier software. An operating system starts programs. A cloud hosts workloads. An office suite stores documents. But an AI assistant steps between me and my work. It formulates, prioritizes, summarizes, suggests code, sorts information, and helps decide what even appears relevant to me.

That makes the dependency more intimate. In the past, the platform was the place where data lived. Today it is increasingly becoming the place where work is thought through.

The US, China, and the European Dilemma

You can see this very clearly in the AI race right now. The US and China are in a real contest: models, chips, cloud capacity, robotics, research, capital, state industrial policy. The Stanford AI Index describes how the performance gap between leading US and Chinese models has practically closed.

I believe AI will become infrastructure on a level similar to the power grid. Not because every chat window is world-changing, but because the next base layer is being built underneath it: data centers, chips, data lines, energy contracts, model platforms, robotics stacks, autonomous vehicles, and industrial automation. This infrastructure is being built now, and then it will not stand still for a few quarters, but for decades. Whoever controls the platforms, chips, standards, and operating models today controls part of how the economy, administration, mobility, and production will work in the coming years.

That is why the race is not just hype around better chatbots. AI, chips, self-driving cars, and robots will change the world in a lasting way over the next few years. Maybe not always as smoothly as investor presentations make it sound. But deeply enough that treating this development as just another software topic would be negligent.

Europe, meanwhile, often looks first to regulation, committees, funding programs, and principles. Not all of that is wrong. Rules and fundamental rights matter. But if the models, chips, clouds, and platforms are ultimately built elsewhere, Europe remains dependent anyway. Then you may have the best regulation, but not the product.

ASML is the great European exception here, and at the same time the perfect example of the limits of that exception. Without the Dutch lithography machines, many of the most modern chips would not exist. But even ASML depends on global supply chains, export licenses, and geopolitical semiconductor rules. Europe’s strongest chip jewel is therefore important, but not free from the power lines others draw.

For me, the automotive industry is more of a warning sign here than a side topic. For decades, Europe had fantastic engineering, brands, and suppliers. But in batteries, software, vertical integration, and pricing speed, Tesla and BYD have shown how dangerous a slow response can be. If Europe approaches AI in a similar way, discussing for a long time, delivering late, and then wondering about mediocre products, it will not just be a few years behind. It will become structurally dependent.

The Security View of AI Connectors

From a security perspective, AI connectors are not simply convenience features. They are new integration points with access to data, identities, and sometimes even write permissions. An assistant that is allowed to search SharePoint, Gmail, Slack, Teams, GitHub, Jira, or a CRM is useful. But it also becomes a new layer in the permission model.

For admins and MSPs, this is where it gets serious. A wrongly configured OAuth scope, an overly broad Graph connector, an agent with write permissions in the ticket system, or a Copilot that summarizes internal documents from different security zones is not a small UI detail. It is a possible data leak, a new audit issue, and in the worst case an attack path.

Prompt injection sometimes sounds like a toy problem, but it becomes uncomfortable when a model reads external content and derives actions from it. A crafted document, ticket, website, or email can then try to influence the assistant. That is not the same as a classic exploit, but in a world with tools, connectors, and agents it becomes operationally relevant.

In the past, you asked: which firewall rule allows this traffic? Today you also have to ask: which assistant may see which data, through which identity, with which tools, in which tenant, with which logging, and with what ability to change things?

AI therefore belongs not only in the innovation meeting, but in IAM, DLP, CASB, SIEM, change management, and firewall policy.

What Follows from This

For me, this does not mean banning AI or avoiding central platforms across the board. That would be unrealistic and not particularly smart. But AI connectors should no longer be treated like harmless browser extensions. Anyone who gives an assistant access to email, documents, tickets, repositories, and internal chats changes their own security architecture.

The more important question is therefore not only: which model is best? It is also: where does it run, under which jurisdiction, with which data, with which rights, with which logging, and with what ability to switch providers again?

Maybe that is the most sober form of digital sovereignty: not wanting to build everything yourself, but shaping dependencies consciously. Some tasks can perfectly well run on large platforms. Others belong closer to your own data, in your own tenant, in a local model, or at least in an operating model that remains replaceable.

The Other Direction

The counter-question is: does every AI task have to run centrally?

Not always. In the article The unused compute power around us, I look at the other side: unused compute power, local models, decentralized storage and compute networks, and the idea of a compute smart grid.

I do not believe central AI platforms will disappear. They are too useful, too well integrated, and simply efficient for many tasks. But I do believe we have to decide more consciously which work really belongs there and which work should remain closer to our own data, in our own tenant, in our own country, or at least in a replaceable operating model.

Digital sovereignty does not mean building everything yourself. But it does mean not bolting every layer of your own work to the same few platforms.

Until next time,
Joe