Frontier AI companies can be worth nearly a trillion dollars and tell the public nothing

The question isn't whether they should go public. It's whether staying private should mean staying invisible.

The frontier AI companies (OpenAI, Anthropic, xAI, Meta’s AI division, and whoever else is in the tier two years from now) are on track to become the most embedded layer of the American economy since the cloud. On current trajectories, they aren’t all headed for public listings. Some will stay private indefinitely.

So the question is: should frontier model companies, as a category, be required to do what every other systemically important American company has been required to do since 1934, which is publish audited financials, name their material contracts, and put their governance on the public record?

The instinct of anyone who has built a company is to say no.

Big private companies are normal. Cargill, Koch Industries, Mars, Stripe, and SpaceX are currently private, and the country is fine. Forcing a company to disclose its books just because it got big would be a counterproductive precedent.

Yet, while that instinct is right for almost every category, I don’t think it’s right for this one.

What makes this category different

It’s not that frontier AI companies are big, as lots of companies are big. It’s that they’re being woven into the operating layer of everything in our economy faster and more deeply than any comparably sized private company in history.

When the frontier models go down, which we’ve seen happen a few times now, the disruption is immediate and broad.

The June 10, 2025 OpenAI outage lasted roughly 12 hours and took down ChatGPT, the API, and Sora simultaneously, breaking customer-facing chatbots and helpdesk tools that businesses had built on top of GPT.

The November 2025 Cloudflare incident knocked ChatGPT, X, Spotify, and Canva offline together, a reminder that frontier models sit on the same handful of cloud and CDN providers as everything else. The dependency isn’t a feature people opted into thoughtfully, but it’s entered into all of our workflows.

Let’s look at some of the numbers underneath. OpenAI has 910M weekly active users and more than 9M paying business users. Over a million organizations now run on its technology.

Anthropic is on a similar curve at a slightly smaller scale, growing from roughly $4B in annualized revenue in mid-2025 to $19B by early 2026, with deep integrations across cloud providers and enterprise software.

These are growth rates that no infrastructure company in history has posted. AWS took fifteen years to reach the kind of penetration these labs are hitting in three.

Plus, the surface area keeps expanding. It started with chatbots. Then coding assistants. Then customer service, document review, and medical scribing. Now, enterprise search is widespread and agentic systems take actions on behalf of users inside other software. The frontier labs are being licensed into operating systems, browsers, productivity suites, EHRs, CRMs, and the developer tooling that builds everything else.

If the trajectory continues, “uses a frontier model” will describe roughly the same set of companies as “uses electricity.”

These companies are becoming infrastructure, in the same sense AWS is infrastructure, except AWS is a segment of a public company and these are not. And unlike AWS, which mostly delivers compute and storage that customers configure themselves, frontier models are doing the cognitive work directly.

If frontier model companies stay private, what should we expect to know about them, and what mechanism gets us there?

The mechanism already exists. We just need to decide if it triggers at the right size.

Why we have public-company disclosure in the first place

Let’s talk about the history of public-company disclosure, because we have securities disclosure not to protect investors from making bad bets (that’s a side benefit). Disclosure exists because in the late 1920s and early 1930s, the country watched private companies of enormous influence impact public wealth in unanticipated ways.

The Securities Act of 1933 and the Securities Exchange Act of 1934 weren’t anti-business laws. They were market-preserving laws, written by people who wanted American capitalism to keep working. The premise was that efficient markets need information to flow.

When a company grows large enough to affect the broader system, it becomes everyone’s business. Forcing it to publish audited financials, disclose material contracts, name executives’ compensation, and flag risk factors was the price of operating at a scale that touches everyone.

Section 12(g) of the ‘34 Act is the specific provision that triggers reporting based on company size. As originally adopted, it required companies with 500 shareholders and total assets greater than $1 million to register under the Exchange Act. The thresholds were calibrated to the economy of the time.

That logic held for decades, but then in 2012, the JOBS Act amended Sections 12(g) and 15(d) of the Exchange Act to adjust the thresholds for registration, termination of registration and suspension of reporting. The new threshold became 2,000 holders of record, or 500 non-accredited holders, with $10 million in assets. Employee equity was largely excluded from the count.

The JOBS Act was a deliberate, bipartisan effort to make it easier for growing companies to stay private longer, and on its own terms it worked. Late-stage capital became more available. However, the problem is that the people who wrote it in 2012 weren’t imagining a private company with a trillion-dollar valuation, infrastructure-level dependencies across the economy, and over a million organizations running on its API.

The mismatch

A company can now be worth nearly a trillion dollars, generate roughly $25 billion in annualized revenue, serve a billion users, and tell the public effectively nothing about its financials, governance, related-party transactions, or material risks.

Compare that to what we know about a regional bank or a mid-sized public software company doing a tenth of OpenAI’s revenue. We know their auditors, their material contracts, who’s on the board and what they get paid. We know cybersecurity incidents and related-party deals with a major shareholder.

Regulation should match the actual scale and externalities of what’s being regulated.

A community bank shouldn’t carry the compliance load of JP Morgan, but a company with the reach of a public utility shouldn’t carry the disclosure load of a Series B startup just because it kept its cap table clean.

The fix

The clean version of this argument, the one that doesn’t require a new agency or a new rulebook, goes like this.

We don’t need new disclosure categories. The 10-K and 10-Q already exist.

The framework is mature, well-understood, and battle-tested across forty years of public company life. Every public software company in America files them. Adding a new disclosure regime on top of this would be exactly the kind of policy churn that drives compliance costs without producing better information.

What we need is to update when the existing rules kick in. Section 12(g) currently triggers on holders of record. That made sense when shareholder count tracked company influence.

Now a company can have 200 institutional holders and a $500 billion valuation. It can have a million enterprise customers, affect how people think and make decisions, and 50% market share in a critical infrastructure layer and still fall below the registration threshold.

More triggers should look at what a company actually is, not just who happens to hold its paper. The precedent for adding triggers like this isn’t radical. SEC commissioners and academics have contemplated alternatives, including additional triggers based on company valuation, capital raised, revenues, number of employees, or other metrics that would force the company to register its securities. The conversation has been live in securities law circles for years. AI is just the use case that makes it impossible to ignore.

It’s worth being precise about what this is. Registration under Section 12(g) and listing on an exchange are two different things. A company can be a reporting company without going public in the trading sense. It just has to publish what every other company of comparable significance already publishes.

No new agency, statute, or mandatory IPO. Just a calibration of when the existing trigger fires.

What this is and isn’t

This is not a safety regime, an alignment mandate, or a licensing scheme. None of those things are securities law’s job, and securities law is the wrong tool for any of them. Regulating AI safety should happen on different terms.

The disclosure regime exists because at a certain size, opacity becomes a market problem. The threshold for that size was last meaningfully reset before any of these companies existed.

Now, we need to maintain it in a new economy.