Eric Sloof

Last week, the most capable publicly available AI model on the planet went from "the hard part is finding a task it can't do" to a 404 in under a week. Not because of a bug. Not because of a billing dispute. Because a government decided it should.

For anyone running infrastructure in a regulated, sovereign, or critical-infrastructure context, this is the most important thing to happen in enterprise AI this year - and it has almost nothing to do with the model itself.

What actually happened

On June 9, 2026, Anthropic launched Claude Fable 5, the first publicly available model in its new Mythos class. It was, by the benchmarks, the most capable model anyone could put their hands on. Three days later, on June 12, the US government issued an export-control directive citing national security, and Anthropic disabled both Fable 5 and its restricted twin, Mythos 5, for every customer worldwide within hours.

The stated trigger was a claimed jailbreak. The reported substance of that jailbreak is almost comically modest: prompting the model to read a codebase and identify software flaws — something cybersecurity engineers do every day, and a capability Anthropic itself points out is already present in other publicly available models. Anthropic complied with the order while publicly disagreeing with it. The directive was framed as restricting access by foreign nationals, and because that was impossible to enforce surgically, the only compliant option was to pull the plug globally.

Read that last part again. A model used by hundreds of millions of people was switched off worldwide, with hours of notice, over a narrow concern, by a single government acting unilaterally. Anthropic's other models - Opus 4.8, Sonnet, Haiku - kept running. But the flagship was gone overnight.

The lesson is not "jailbreaks are bad"

It's tempting to file this under AI safety drama and move on. That would be a mistake. The real takeaway for anyone responsible for an architecture is much colder:

A core dependency in your stack can be revoked by a third party who is not your vendor, under a legal regime you are not subject to, for reasons you cannot predict, contest, or plan around.

This is not a hypothetical risk register entry anymore. It is a documented event with a timestamp. And it stacks neatly on top of concerns that were already visible at launch:

• Data residency and retention. Fable 5 shipped with mandatory 30-day data retention, which effectively locked out GDPR-bound European organisations. Microsoft had already restricted internal employee access over data-retention concerns before the government even acted.
• Jurisdictional reach. The directive didn't care where the customer was. A model hosted in the US, governed by US law, is subject to US policy decisions - full stop - no matter whose data is flowing through it.
• Opaque self-limiting behaviour. The system card disclosed that the model could silently reduce its own effectiveness in certain contexts. Whatever you think of the intent, "the tool quietly decides to perform worse and doesn't tell you" is not a property you want in production infrastructure.

None of these are unique to one vendor. They are structural properties of consuming frontier AI as a foreign-controlled cloud service.

What this means if you sit where I sit

If you run infrastructure for defence, law enforcement, government, healthcare, finance, or any critical-infrastructure operator, you already think in terms of availability, jurisdiction, and supply-chain risk. Apply those exact lenses to AI and the conclusion writes itself.

You would never accept a storage platform that a foreign government could remotely disable within hours. You would never sign off on a network function whose vendor admits it might silently degrade itself. You would never put data that can't leave the jurisdiction into a service that mandates 30-day offshore retention. Yet a lot of organisations have quietly let exactly these properties into their stack, because the capability was irresistible and the abstraction was convenient.

The Fable 5 episode is the moment to stop treating cloud-hosted frontier AI as plumbing and start treating it as what it is: a strategically important dependency with a foreign-controlled off switch.

The case for on-premise, private AI

The mitigation is not new and it is not exotic. It's the same answer the sovereignty conversation has been circling for years: run the model where you control it.

On-premise or sovereign-cloud private AI — ideally built on open-weight models — changes the risk profile in concrete ways:

• No remote kill switch. Once the weights are on your hardware, no vendor and no government can reach in and disable them. Availability becomes your operational responsibility, not someone else's policy decision.
• Data never leaves. For darksite, air-gapped, and classified environments, this isn't a nice-to-have; it's the only acceptable model. The data residency question disappears because there is no residency to argue about.
• Predictability. The model you validated and certified is the model you keep running. It doesn't get pulled, silently re-routed to a weaker fallback, or quietly told to limit itself.
• Auditability. Open weights mean you can inspect, fine-tune, and reason about behaviour rather than trusting a black box governed by a 120,000-character system prompt you'll never see in full.

Open-source and open-weight models — the Llama, Mistral, Qwen, and DeepSeek lineages, among others - have closed enough of the capability gap that "good enough for the task, and fully under our control" is now a defensible position for a large share of real enterprise work. For code assistance, document analysis, retrieval-augmented knowledge work, and most of what actually drives value in an organisation, you do not need the single most capable frontier model. You need a capable model that is still there tomorrow morning.

Let's be honest about the trade-offs

I'm arguing for sovereignty, not for fantasy. Bringing AI on-premise moves the burden onto you, and that burden is real:

• You own the capability gap. The best open-weight models trail the frontier, especially on the hardest long-horizon tasks. For most enterprise workloads that's acceptable; for a few it isn't. Know which bucket you're in.
• You own the safety and security layer. The vendor's classifiers, guardrails, and abuse monitoring are now your problem. Self-hosting a powerful model without serious thought about misuse, prompt injection, and access control is its own risk.
• You own the operations. GPUs, capacity planning, model lifecycle, patching, evaluation pipelines — this is infrastructure work, and it isn't free. The cloud convenience you're giving up was paying for something.
• Hybrid is usually the honest answer. For most organisations the realistic posture is a sovereign core for anything sensitive or availability-critical, with optional, clearly-bounded use of frontier cloud models for the narrow cases that genuinely need them — and a contingency plan for the day one of them goes dark.

The bottom line

Fable 5 didn't fail. It was withdrawn — competently, legally, and almost instantly — by an actor outside the customer relationship. That is the part worth sitting with.

If your AI strategy assumes continuous, uninterrupted access to a specific foreign-hosted model, you don't have a strategy; you have a single point of failure with excellent marketing. The fix isn't to abandon frontier AI. It's to make sure the part of your stack you actually depend on is the part you control.

Build the sovereignty layer now, while it's an architecture decision - not later, when it's an incident report.

Broadcom has released the updated Feature Comparison & Upgrade Paths white paper for VMware Cloud Foundation 9.1 and VMware vSphere Foundation 9.1. This document is the authoritative reference for understanding the differences between VVF, VCF Edge, and full VCF — and it reveals some significant additions worth paying attention to.

Three product tiers, one portfolio

The VMware by Broadcom portfolio is now structured around three primary offerings:

VMware vSphere Foundation (VVF) serves as the entry-level enterprise virtualization platform, combining vSphere, VKS, VCF Operations, and vSAN in a single SKU. It is the logical replacement for vSphere Enterprise Plus, vSphere Enterprise, vSphere for Desktop, and vSphere Scale-Out.

VMware Cloud Foundation Edge is an optimized VCF configuration tailored specifically for edge deployments, supporting single-host all the way up to multi-host clusters. This tier targets environments where full VCF management overhead is impractical, such as remote sites, operational technology environments, and disconnected locations.

VMware Cloud Foundation (full) is the complete private cloud platform, combining all VVF capabilities with NSX, VCF Automation, fleet management, and Private AI Services. All previous VCF tiers (Starter, Standard, Advanced, Enterprise) and vCloud Suite customers are directed here.

What's notably new in 9.1

Confidential Computing is now listed as a feature exclusive to VCF Edge and full VCF, not available in VVF. This is significant for organisations with strict data classification requirements — hardware-enforced memory isolation for sensitive workloads is increasingly relevant in regulated sectors.

DPU and Dual DPU Support also appears exclusively in VCF Edge and VCF, reflecting Broadcom's push toward infrastructure offload using Data Processing Units such as NVIDIA BlueField. This enables compute, networking, and security functions to be offloaded from the host CPU, directly relevant for high-density AI inference environments.

Private AI Services in 9.1 is now a proper platform capability within VCF Automation, including a Catalog Setup Wizard, GPU-capable Deep Learning VM provisioning, Data Services Manager integration for RAG workloads, Vector Databases, AI Agent Builder, and Model Context Protocol (MCP) support. This is exclusively available in VCF Edge and full VCF.

vSAN Cyber Recovery Clusters appear for the first time as a distinct feature in the comparison matrix, available in VCF Edge and VCF (requires Advanced Cyber Compliance add-on). Combined with the existing VMware Live Cyber Recovery integration, this positions VCF 9.1 as a platform with integrated ransomware recovery capabilities.

Security posture: what requires add-ons

One aspect worth calling out explicitly: Compliance Management with remediation — including regulatory compliance baselines such as PCI, custom compliance templates, and vSphere hardening — now requires the Advanced Cyber Compliance (ACC) add-on for both VCF Edge and full VCF. This is a change from earlier versions where some of these capabilities were bundled. Organisations in regulated industries should factor this into their licensing discussions.

Similarly, Configuration Drift Management is listed as deprecated and moved to the ACC add-on. For security-conscious environments, this is a procurement consideration that deserves attention during contract renewal.

Networking highlights

The networking feature delta between VVF and VCF remains substantial. VVF gets vSphere Distributed Switch with L2 capabilities, but everything above that — dynamic routing (OSPFv2/BGP/BFD), VRF, EVPN, NAT, L2/L3 VPN, Virtual Private Clouds, NSX Federation, live traffic analysis, and Traceflow — requires at minimum VCF Edge. For organisations running NSX for micro-segmentation and zero-trust networking, this reinforces VCF as the only viable path.

VCF Operations for Networks (formerly vRNI) is exclusively available in VCF Edge and full VCF, providing end-to-end network visibility across virtual and physical underlay, including FIPS 140-2 compliance for the network operations platform. Physical device integration covers Cisco, Arista, Juniper, and Infoblox.

Upgrade paths clarified

The white paper includes clear upgrade path diagrams that resolve a question many customers have been asking since the Broadcom acquisition. The short version:

• vSphere Enterprise Plus, Enterprise, Desktop, and Scale-Out → vSphere Foundation
• Any combination of vSphere + vSAN + NSX + Aria → VMware Cloud Foundation
• vCloud Suite Enterprise/Advanced → VMware Cloud Foundation
• vCloud Suite Standard → vSphere Foundation
• All previous VCF tiers → VMware Cloud Foundation (with Firewall add-on)

Notably, customers currently using vSphere + vSAN without NSX or Aria are given a choice: full VCF or vSphere Foundation with a vSAN add-on. The latter is the lower-cost option for environments that do not require automation, NSX, or AI capabilities.

Practical takeaway for infrastructure architects

VCF 9.1 continues the trajectory Broadcom set after the acquisition: consolidate the product line, make VCF the premium destination, and bundle AI infrastructure capabilities deeply into the platform. For organisations evaluating their 2026-2027 licensing strategy, the key decision point remains whether NSX and VCF Automation justify the cost delta over VVF. For most enterprise environments — especially those with multi-site deployments, security requirements, or AI ambitions — the answer is yes.

For edge and disconnected environments, VCF Edge in 9.1 deserves a serious look. The combination of single-host cluster support, GitOps-driven desired state management, air-gapped operation, and Private AI inference support makes it a compelling platform for operational technology and mission-critical remote deployments.

The full white paper is available here.

Broadcom published a technical white paper in February 2026 covering the integration of Kong API Gateway with vSphere Kubernetes Service (VKS) within VMware Cloud Foundation. The paper describes a reference architecture for organizations looking to combine Kubernetes workloads with enterprise-grade API governance.

Why Kong on VKS?

As Kubernetes environments scale, the challenge shifts from raw throughput to governance: how do you ensure consistent security, predictable latency, and auditable traffic management across all your microservices? Kong acts as the intelligent "front door" of the VKS cluster, filling exactly the gap that standard ingress controllers leave behind.

Two deployment models

The white paper fully details two architectures, complete with all accompanying YAML and Helm commands:

• On-premises – Both the Control Plane and Data Plane run locally within the VKS cluster. This model is particularly suited for high-compliance environments where the management layer must remain on-premises — a familiar requirement in public sector environments.
• Hybrid (Kong Konnect) – The Control Plane is a SaaS service, while the Data Plane remains local. Operational management is centralized in the cloud, but all API traffic is processed within your own infrastructure boundary.

Technical environment

The validation was performed on VKS version 3.5, Kubernetes v1.34.2, Ubuntu 24.04, and vSAN ESA with RAID-5 as the storage policy. The Kong Operator (v1.0.2) was installed via Helm, supplemented by cert-manager for automated mTLS certificate rotation between the Control Plane and Data Plane.

Relevance for VCF infrastructure design

For infrastructure architects working on VCF designs, this paper is particularly interesting because it demonstrates how Kubernetes-native tooling — Gateway API, Cluster API, GitOps via Argo CD — integrates seamlessly with existing vSphere workflows. NSX handles network micro-segmentation, the vSphere CSI driver transparently exposes vSAN storage policies as Kubernetes storage classes, and the entire stack is declaratively manageable — including certificate lifecycle and routing policies as code.

Source: VMware by Broadcom Technical White Paper – Kong on vSphere Kubernetes Service

Imagine having the entire VMware Cloud Foundation 9.1 documentation right at your fingertips. We're talking about over 9,000 pages of dense technical content. Finding a specific answer usually means endless searching through PDFs. But what if you could just chat with it?

That’s exactly what I’ve set up. And the best part? It runs entirely locally on a MacBook Pro. No subscription costs, no cloud processing, and absolutely zero data leaving your machine.

What Did We Build?

We built a local RAG (Retrieval-Augmented Generation) pipeline. In simple terms, it's an AI system that understands your questions, instantly retrieves the most relevant sections from the VCF documentation, and delivers a clear, accurate answer. It's like having a VMware expert sitting right next to you.

Here’s the stack:

• Ollama: The engine running AI models locally on your Mac.
• Mistral 7B: The language model that answers your questions.
• AnythingLLM: The user interface for chatting with your documents.
• MacBook Pro M2 Max (64 GB): More than enough power to run this setup smoothly.

Why Not Train a Custom Model?

When people think about combining AI with their own documents, they often jump straight to training a custom model. Let me be direct: that’s unnecessary and, for this use case, completely the wrong approach.

RAG works differently. Instead of baking knowledge into a model's weights, the system retrieves the relevant document sections at query time and passes them to the language model. It's faster, cheaper, and far more accurate for domain-specific documentation like VCF.

Step 1: Install Ollama

Ollama is the engine that runs AI models locally on your Mac. You can install it easily via Homebrew:

brew install ollama

Next, download the Mistral 7B model. It’s a powerful open-source model that performs exceptionally well on technical documentation:

ollama pull mistral

Mistral is about 4.4 GB and runs flawlessly on an M2 Max. If you have less memory, llama3.2 (2 GB) is a solid, faster alternative, though slightly less accurate.

Step 2: Download and Install AnythingLLM

AnythingLLM is a free desktop app that lets you upload documents and chat with them directly.

1. Head over to anythingllm.com/download and download the Apple Silicon version.
2. Open the DMG file and drag the app to your Applications folder.

Pro Tip: If macOS warns you about an "unidentified developer," simply remove the quarantine flag via Terminal:

xattr -cr /Applications/AnythingLLM.app

Step 3: Configure AnythingLLM

Launch AnythingLLM and follow the setup wizard. Use these settings:

• LM Provider: Ollama
• Ollama Base URL: http://127.0.0.1:11434
• Chat Model: mistral:latest
• Embedding Provider: Native (built into AnythingLLM )
• Vector Database: LanceDB (default)

Troubleshooting: If you encounter the error model 'qwen3-vl:4b-instruct' not found, you'll need to edit the configuration file directly. Open ~/Library/Application Support/anythingllm-desktop/storage/.env and replace the LLM settings with:

LLM_PROVIDER='ollama' OLLAMA_BASE_PATH='http://127.0.0.1:11434' OLLAMA_MODEL_PREF='mistral:latest' OLLAMA_MODEL_TOKEN_LIMIT=4096

Restart the app, and you're good to go.

Step 4: Upload the VMware VCF 9.1 PDF

1. Create a new Workspace in AnythingLLM (e.g., "VCF 9.1 Docs" ).
2. Click Upload Document.
3. Drag your 9,000-page PDF into the upload window.

AnythingLLM will automatically process the PDF: extracting text, splitting it into chunks, calculating embeddings, and storing everything in the vector database. For a document of this size, it takes a few minutes. Once it's done, you're ready to chat.

Step 5: Chat with Your Documentation

Now, you can ask questions just like you're talking to a colleague:

• "What are the minimum hardware requirements for VCF 9.1?"
• "How do I configure NSX in a VCF 9.1 environment?"
• "What's new in VCF 9.1 compared to 9.0?"

The system retrieves the relevant sections and generates an answer, even including references to the source pages it used.

Why This Works So Well on a Mac

Apple Silicon (M1/M2/M3/M4) has a massive advantage: unified memory. The CPU and GPU share the same memory pool, meaning a 7B parameter model fits entirely in RAM on a Mac with 32 GB or more. An M2 Max with 64 GB can even run 13B models locally without breaking a sweat.

Privacy & Security

Everything runs 100% locally. Your VMware documentation, your questions, and the answers never leave your MacBook. No cloud, no subscription, no data sharing. This makes it the perfect setup for handling confidential internal documentation.

Conclusion

With Ollama and AnythingLLM, you can build a powerful AI assistant in a single afternoon that effortlessly navigates 9,000 pages of VMware VCF 9.1 documentation. It’s local, free, and completely private.

The technology behind this—RAG—is exactly what large enterprises use for their AI applications. You just get to skip the enterprise price tag.

Next step? Try combining multiple documents—release notes, best practices, and architecture guides—all in one workspace. That's when you truly build a comprehensive VMware knowledge base right on your laptop.

Public AI platforms are increasingly used by employees to accelerate daily work — but sensitive business data is flowing into them outside IT visibility and governance. This phenomenon, known as "Shadow AI," is now one of the biggest data sovereignty challenges facing enterprise and government organizations.

The answer isn't to block AI — employees will keep using it because the productivity gains are real. The answer is to bring AI inside your own infrastructure boundaries. VMware Private AI Foundation with NVIDIA, deployed on VCF 9.1, delivers exactly that: GPU-accelerated workload domains, VKS clusters with the NVIDIA GPU Operator, and on-prem inference and RAG pipelines — all under the same governance, lifecycle management, and operational model your team already uses for the rest of the private cloud.

The result: full data sovereignty, no external data retention, and AI workloads that run where your data already lives.