Localizing the Model Does Not Bring Sovereignty: What Today’s News Points To Is the ‘Execution Layer’

One sentence from an interview made us reread this morning’s entire digest. Adjunct Professor Choi Yoon-seong, who teaches at Korea University and Kyonggi University, pointed to Anthropic’s next-generation model “Mythos” as an example and warned that once AI becomes a strategic asset, even an ally’s access to a model can be cut off at any time. He summed it up this way: “What you can control is not someone else’s model, but the infrastructure that lets you verify and block the supply chain no matter which model you use.”
Here is why that single sentence runs through today’s entire bundle of news.
The Illusion of “Our Own Model”
When people hear “sovereign AI,” most picture the same image: a foundation model built with our own hands. And indeed, the government is pushing a KRW 530 billion project to build an independent foundation model. Four teams, LG AI Research, SK Telecom, Upstage, and Motif Technologies, are competing on a six-month cycle, with a second evaluation in August and a full open-source release planned afterward. The goal is to secure a model ranked in the global top 10 by 2027.
Seen only this far, the sovereignty question looks like a model question. But today’s digest points in the opposite direction, and that is exactly where Professor Choi’s diagnosis gets sharp. Even if you localize the model, if the training data, GPUs, cloud, and agent tools that run that model are all locked into an external ecosystem, sovereignty is only half achieved. He pointed out a visibility gap: existing security tools like SBOM or SCA cannot read assets that are not code, such as model weights, and proposed an AI Bill of Materials (AIBOM) as an alternative, one that captures weights, training datasets, hyperparameters, and even agent tool specifications.
To put it plainly: the model is the flashy signage, but sovereignty is actually decided where that model lives and breathes, the execution layer. The choices made by several companies in today’s news all point, as if by agreement, to exactly this spot.
Concept diagram
Why Hancom Called Itself an “OS,” Not a “Model”
The most symbolic event is Hancom. On July 2, 36 years after its founding, an extraordinary shareholders’ meeting passed an amendment to its articles of incorporation changing its name from “Hangul and Computer” to “Hancom.” This is not simple rebranding. It is a declaration that the company is moving its identity from a document software maker to a “sovereign agentic OS” company that connects and controls multiple AI agents within a single environment.
The word to notice is “OS.” Hancom did not call what it is building a “model.” It called it an operating system, meaning it is targeting the foundation that safely runs and controls multiple agents. The company has announced a beta for the second half of the year and has begun joint localization research with a Polish nationally certified research center. The shift is backed by numbers too: AI package revenue, which was KRW 8.9 billion last year, about 5 percent of total revenue, jumped to KRW 5.2 billion in the first quarter of this year alone, or 11.52 percent of revenue.
The same determined move can be seen at KT. KT sold off its roughly 4,000 serving robots and restructured to lease them back, stepping away from hardware ownership. Instead, it bet on a cloud operations platform that integrates control of robots from different manufacturers on a single screen. The calculation is this: instead of selling robots, take control of the foundation on which the robots operate together. The products differ, but the direction is the same. Value comes not from individual products but from the orchestration layer.
The Model Arrived, So Why Is Everyone Still Uneasy?
Why the foundation matters becomes clearest precisely when that foundation shakes. Two articles in today’s digest show exactly that scene.
Start with the financial sector. Last year, financial fraud incidents at Korean banks reached KRW 431.8 billion, an all-time high. At one Community Credit Cooperative in Bucheon, an illegal loan scheme worth KRW 24.2 billion went undetected for years. So banks are rushing to adopt AI-based fraud detection systems. KakaoBank says that after applying a sequence detection model, the number of financial fraud cases it prevented rose 4.4 times on a monthly average. So far, this is a success story.
The problem comes next. Only about 10 percent of domestic financial firms have developed their own AI models, and of those, a third still depend entirely on external providers for cloud infrastructure, the model, and the data. In other words, the anomaly detection systems handling sensitive transaction data are, in effect, running on someone else’s foundation. Adopting a model and putting that model under your own control are entirely different problems.
The Apple supplier incident shows the extreme end of this unease. Tata Electronics, an iPhone supplier, suffered a ransomware attack that exposed 630GB of data across roughly 200,000 files on the dark web, reportedly including a list of new iPhone component suppliers and prototype test photos. India’s incident response team has opened an investigation. What is worth noting is that this pattern is not new. TSMC’s IT partner in 2023 and Toyota’s parts supplier in 2022 were breached in the exact same way. It is not headquarters but the supplier that becomes the entry point. As long as data is scattered across many locations riding on collaboration systems, no matter how good a domestically built model may be, information leaks through the weakest link. Another article today, noting that 66 percent of virtual asset hacking damage in the first half of the year was attributed to North Korea, confirms that vulnerabilities in the execution layer have already become a target for state-level threats.
What You Can Control Is the Foundation, and Nothing Else
This brings us back to Professor Choi’s sentence. What you can control is not someone else’s model, but the infrastructure that lets you verify and block the supply chain no matter which model you use. Distilling the pain points these companies’ news items point to, four questions remain. Can you audit what is being executed? Can you keep data and execution under your own sovereignty? Is a breach in one place isolated so it does not spread to the whole? And can all of this be run at a cost you can sustain?
This is exactly why ThakiCloud designed Paxis as an Agent-Native Cloud, around these four questions. Paxis treats skills, tools, policies, and audit logs as first-class resources. A policy gate filters what an agent is allowed to execute beforehand, and an audit log records what it actually did afterward. This points in the same direction as the AIBOM-style supply-chain transparency Professor Choi described. Grading agent autonomy into tiers from L0 to L3 and applying governance at each tier implements the controllability that the financial sector demands directly as a layer of the architecture. Running collaborative workloads inside isolated sandboxes physically severs the kind of chain-reaction leak seen in the Apple supplier incident. And because it runs on sovereign, on-premises Kubernetes, sensitive data can stay inside a closed network rather than being sent out to an external one. Cost routing, which picks the optimal model for each task, answers the fourth question: sustainability.
Hancom’s choice to change its corporate name just to claim the word “OS,” and KT’s bet on a platform instead of selling robots, are different expressions of the same insight. In the age of agents, value comes not from individual models but from the foundation where agents live and work. Paxis is the product that delivers that foundation in an auditable, sovereign form.
What Is Flashy Is the Model, What Is Decided Is the Foundation
Even today, big headlines poured in: a DRAM super-cycle, a KRW 1,000 trillion data center war, big tech’s race to build its own chips. Headlines always go to models and chips. But the reason a practitioner at a company loses sleep at night is a little different. Can I explain what our agent is doing right now? If an incident happens, can I trace where it started? Is this data really in our own hands?
Sovereignty is not completed by declaration. It is not completed by the mere fact that we built our own model. It only deserves to be called sovereignty when you can open it up at any time and see where that model runs, what it was authorized to do, and what it actually did. What today’s news quietly points to is not the flashy model but the foundation underneath it. And whichever side lays that foundation first will hold the initiative in the next round.
References
The facts cited in this article can be verified in the reporting below.