The investment community is debating whether the AI boom is real. That debate is missing the more consequential question: what happens to your organization if the vendors you depend on are less durable than they appear?

There are two pieces of intelligence circulating this week that most people are reading in isolation. They should be read together.

The first is a well-sourced analysis of where institutional capital is actually flowing in the AI era: PE firms quietly buying discounted vertical SaaS while venture capital concentrates almost entirely into AI-native companies at loss-making valuations. The data is credible. The framing is that smart money reads gaps between narrative and fundamentals and positions accordingly.

The second is a more aggressive claim: that the AI investment boom is partially built on circular accounting. Cloud credits flow from Big Tech to AI startups. Startups spend those credits back on the same cloud infrastructure. The originating companies book the usage as revenue. Meanwhile, unrealized markups on AI startup stakes are appearing as reported profit in ways that materially inflate headline earnings numbers.

Neither piece draws the conclusion that matters most for operating organizations. The investment debate will resolve itself through market forces. The governance gap will resolve itself through failures.

The question worth asking now is which one you want to be ready for.

The Circular Capital Problem, Precisely Stated

Before engaging the implications, it is worth being precise about what the circular accounting concern actually is, and what it is not.

The mechanism is real. Microsoft, Google, Amazon, and Oracle have all structured large AI investments partly as cloud compute commitments rather than straight cash. Amazon’s own 10-Q confirms a $38 billion existing AWS arrangement with OpenAI, expanded by a further $100 billion commitment announced in Q1 2026. Anthropic’s situation is structurally similar. Amazon’s filings confirm it has invested $8.0 billion in Anthropic convertible notes and holds nonvoting preferred stock now valued at $32 billion on its balance sheet, with all of that compute running on AWS infrastructure. The capital flow is circular in the sense that investment and revenue are intertwined in ways that standard financial reporting does not cleanly separate.

The paper profit problem is also real, and it is quantifiable in public filings. Alphabet and Amazon both hold significant Anthropic equity positions. When Anthropic’s valuation increases, as it has repeatedly across successive funding rounds, both companies mark up those positions and recognize the gain in reported income. In Q1 2026, Alphabet’s reported net income of $62.6 billion included $36.9 billion in net gains on equity securities (primarily unrealized gains on non-marketable equity securities), representing 59% of reported profit. The figure comes directly from the company’s own MD&A disclosure. Amazon’s $30.3 billion in reported net income included approximately $16.8 billion in Anthropic-related gains ($12.3 billion in upward adjustments on Anthropic nonvoting preferred stock plus $4.5 billion in reclassification gains on converted notes, per Amazon's 10-Q MD&A), representing 55% of reported profit, confirmed explicitly in Amazon’s 10-Q MD&A as arising from upward adjustments on Anthropic preferred stock and gains on Anthropic convertible notes converted to equity during the quarter. None of it has been received in cash. All of it appears in earnings reports that move stock prices, fund buybacks, and get cited as evidence of AI-era strength. Some circulating analyses have understated the scale; the primary source numbers are more dramatic than the summaries suggest.

The concentration risk is perhaps the most underappreciated dimension of this problem. Microsoft’s commercial remaining performance obligations, future contracted revenue not yet recognized, stand at $627 billion, up 99% year-over-year. Oracle’s equivalent figure is $552.6 billion, a number that barely existed twelve months prior: Oracle’s RPO was $130.2 billion as of February 2025. Both companies describe this growth as driven by “significant cloud contracts.” Neither discloses customer-level concentration in their public filings. Specific figures circulating in market commentary, attributing roughly half of both companies’ backlog to a single AI counterparty, cannot be verified from primary SEC filings and should be treated with caution.

What can be said with confidence: these numbers are large, they grew extraordinarily fast, and their growth is explicitly tied to AI-era cloud commitments whose counterparties are not named. That structure itself is the governance signal. When the durability of half a trillion dollars of contracted future revenue depends on an opaque concentration of AI relationships, and neither the companies nor their auditors are required to disclose the composition, the accountability gap is structural, not incidental.

What the more sensationalist versions of this argument overstate: the Qwest and Global Crossing comparison. Those companies swapped identical fiber capacity back and forth to manufacture revenue from nothing. AI cloud commits involve actual compute services being rendered: real infrastructure, real model training, real inference workloads. The circularity is in the funding mechanism and the accounting treatment, not in the underlying economic activity. That distinction matters for the legal and fraud questions. It matters somewhat less for the durability question, which is the one operating organizations should care about.

What This Looks Like From an Operational Perspective

Here is where both pieces of intelligence miss their most important implication.

Whether the AI investment boom is real or an accounting artifact is a question about returns. It will be answered by markets over time. Investors can hedge, diversify, or exit. The calculus is financial.

For operating organizations, the calculus is different. You are not holding a position in an AI company. You are building operational dependency on one. The distinction carries consequences that do not appear in a portfolio.

Consider what enterprise AI adoption actually looks like in 2026. Organizations are embedding AI into workflows, approvals, customer interactions, and core processes. The AI vendors supplying these capabilities, including model providers, infrastructure layers, and application platforms, are running at operating margins that would be terminal in any conventional business. OpenAI posted a negative 181% operating margin in the first half of 2025, per The Information’s reporting on financial disclosures shared with investors. It remains solvent because capital continues to flow. Capital continues to flow partly because the circular mechanism described above keeps valuations elevated. Valuations staying elevated depends on continued investment rounds at higher prices, which depends on the story holding.

That is a chain with real links. Each one is load-bearing.

The capital expenditure numbers make the constraint visible. Amazon’s Q1 2026 capex was $44.2 billion in a single quarter. Its trailing twelve-month free cash flow, after that capex, was $1.2 billion: a 95% decline from the prior year’s $25.9 billion. This is not a signal of distress in a company Amazon’s size, but it illustrates the scale of infrastructure commitment required to sustain current AI vendor relationships. The investment is real. The returns are, as yet, substantially paper.

The governance question is not whether OpenAI or Anthropic will fail. It is whether your organization has ever formally assessed that dependency as a risk, assigned ownership to that assessment, and built a contingency against it. In most organizations, the answer is no. Not because the people involved are negligent, but because the frameworks for evaluating AI vendor risk were built for a different era, one where the vendors were large, profitable, and financially opaque in conventional ways, not loss-making at scale and financially opaque in novel ones.

The Questions Nobody Is Asking Internally

The investment community has developed new due diligence frameworks for this environment. Bain’s AI stress test asks whether AI will change a target’s value proposition, cost structure, and competitive basis. According to Bain’s 2026 M&A Report (based on a survey of more than 300 M&A executives), one in five strategic dealmakers walked away from a deal in 2025 specifically because of the anticipated impact of AI on the target’s business.

That rigor is being applied to acquisitions. It is not being applied to vendor relationships.

The questions that should be on the table in any governance review of AI infrastructure:

Financial durability. What is the operating margin of your primary AI vendor? What funding conditions sustain their current pricing and service levels? What happens to your contracted terms if they are acquired, restructured, or face a liquidity event?

Concentration exposure. Does your vendor’s revenue depend heavily on a small number of counterparties whose own positions are themselves dependent on continued funding cycles? If the top of that chain experiences stress, what is the transmission mechanism to your service?

Continuity planning. If your primary AI vendor became unavailable in 90 days, what breaks first? Who owns that assessment? Has it been stress-tested?

Accountability structure. Who in your organization is responsible for vendor financial durability as a risk category distinct from vendor performance and security? In most governance structures, this is nobody. It falls between procurement, IT, legal, and finance without clear ownership.

Data and switching costs. If you needed to migrate, how portable is your data, your fine-tuning, your embedded workflow logic? What is the realistic switching cost in time, capital, and operational disruption?

These are not speculative questions. They are the questions that should accompany any material operational dependency on a vendor category characterized by extreme valuation dispersion, circular capital structures, and winner-take-all dynamics that have not yet resolved.

The Framing Problem

There is a reason these questions are not being asked systematically.

AI is being treated as a technology decision. Technology decisions go through IT, security review, and increasingly an AI policy layer focused on data privacy and output risk. That review is necessary but insufficient. It evaluates AI as a product. It does not evaluate AI vendors as counterparties with their own financial fragility and structural dependencies.

The analogy that may be useful: in the aftermath of 2008, organizations discovered that their exposure to financial counterparty risk was far more interconnected than their risk frameworks had captured. The risks were visible in the data: leverage ratios, funding structures, concentration. But they were not in anyone’s formal accountability structure until they became someone’s crisis.

This is not a prediction that an AI vendor will fail the way Lehman failed: suddenly, binary, with no off-ramp. The more plausible failure modes are slower and less dramatic: pricing changes under funding pressure, degraded service levels, capability redirection as a vendor pursues different markets, term renegotiation following an acquisition. The governance lesson from 2008 is not about the speed of the collapse. It is about the gap between visible risk and formal accountability. That gap is identical.

The current AI vendor landscape has analogous characteristics. The financial fragility is visible in public filings for anyone willing to look. The circular capital structures are described, if obliquely, in earnings disclosures. The concentration risk is in backlog numbers. None of this requires insider access. It requires treating AI vendors as counterparties rather than products.

There is a second 2008 parallel worth drawing precisely, because it captures something the counterparty framing alone does not. Before 2008, bond insurers (Ambac, MBIA, and a small number of others) had guaranteed trillions in structured credit obligations. Each institution that purchased that insurance made a reasonable individual risk assessment. Their own exposure was measurable. Their own models were defensible. What no single institution’s model captured was the aggregate: that the same two or three guarantors stood behind nearly everyone’s exposure simultaneously. When those guarantors came under stress, the tail risk did not manifest as one firm’s problem. It manifested as a sector’s problem: multiple organizations experiencing the same disruption simultaneously, competing for the same alternatives, with the same gaps in their contingency plans.

The AI vendor landscape has the same structural property. Enterprise adoption has concentrated rapidly into a small number of model providers and infrastructure layers. Each organization making that dependency is making a reasonable individual assessment of its own exposure. What is not being assessed, formally by anyone, is the aggregate. If a primary model provider experiences a funding disruption, a capability redirection, or an acquisition that changes its service terms, the organizations affected are not one firm working through an isolated vendor problem. They are a sector absorbing the same disruption simultaneously, with the same switching costs, competing for the same migration paths. The concentration has created a dependency that individual risk assessments are structurally unable to capture.

Most organizations are not doing that yet. The ones that build that discipline now will be positioned differently when the investment debate resolves, whichever direction it goes.

What Adequate Governance Actually Requires

This is not an argument for slowing AI adoption. It is an argument for building the control layer that makes AI adoption durable.

Adequate governance in this environment means:

A vendor financial durability assessment that treats AI providers as counterparties, evaluated on operating model sustainability, funding dependency, and concentration exposure, and updated on a regular cadence as conditions change.

A continuity framework that identifies which AI dependencies are mission-critical, documents the failure scenarios, and assigns clear ownership for response. This is not disaster recovery in the traditional sense. It is counterparty contingency planning applied to a new vendor category.

A clear escalation structure that determines when AI vendor risk crosses a threshold requiring board-level awareness. The standard should not be “when something goes wrong.” It should be defined in advance, based on the materiality of dependency relative to the organization’s risk tolerance.

An accountability assignment that places vendor financial risk somewhere specific in the organizational structure, not distributed across procurement, IT, and finance with no single owner.

None of this is exotic. It is the application of governance principles that exist in financial services, regulated industries, and mature enterprise risk functions to a vendor category that has so far escaped that discipline.

The investment community is asking the right questions about where returns will come from. The operating community has a different and more immediate question to answer: if those questions turn out badly, who in your organization saw it coming, and what had you built to absorb the impact?

The gap between narrative and fundamentals is where sophisticated investors position themselves. The gap between vendor exposure and governance structure is where organizations get surprised. The uncomfortable truth is that both gaps exist right now, in the same market, at the same time.

Sources: Alphabet, Amazon, Oracle, and Microsoft financial figures are drawn from each company’s Q1 2026 or Q3 FY2026 SEC 10-Q filings and verified against primary MD&A disclosures prior to publication. OpenAI figures are sourced from The Information’s October 2025 reporting on financial disclosures shared with investors; as a private company, OpenAI’s financials are not independently verifiable from public filings. The Bain M&A statistic is from “Looking Back at M&A in 2025: Behind the Great Rebound,” published in Bain’s 2026 M&A Report series, December 2025, authored by Suzanne Kumar, Dale Stafford, Kai Grass, David Harding, and Kristen Stikeleather. Nothing in this piece constitutes investment advice. Thomas Tornatore is the founder of Fellowship Intelligence, an AI governance and strategy-layer advisory firm. He is the author of The Wrong Default: How Absence Becomes a Decision, and Who Pays the Cost.

Book a governance conversation