Harvard Law Review Finds OpenAI and Anthropic Governance Structures May Fail to Prevent Unsafe Incentives

Published on May 30, 2025, Amoral Drift in AI Corporate Governance in the Harvard Law Review provides a detailed legal analysis of the governance architectures at OpenAI and Anthropic, two of the most commercially significant frontier AI developers operating in the United States. The article examines structures including OpenAI's capped-profit model and its reconstituted board following the November 2023 governance crisis, as well as Anthropic's public benefit corporation design and long-term benefit trust. The authors argue that while these mechanisms were designed to prioritize safety over shareholder returns, they may still leave boards with outsized, poorly constrained discretion and may not create enforceable accountability when safety commitments conflict with commercial incentives. The analysis focuses on U.S. corporate law principles, including fiduciary duties owed by directors and the degree to which stakeholder-oriented structures can be legally enforced against directors who favor growth-oriented decisions.

The governance challenge this article surfaces goes well beyond the two companies it examines. Enterprise compliance teams that procure, integrate, or build on top of foundation models from OpenAI or Anthropic are exposed to a second-order risk: the safety and reliability commitments embedded in vendor governance structures may not be as durable as they appear. Third-party AI vendor due diligence programs typically assess technical controls, data handling, and contractual representations, but rarely examine whether a vendor's internal board governance can actually enforce stated safety priorities against commercial pressure. The article connects to a broader regulatory trend in which legislators and regulators, including those behind California SB 53 and the EU AI Act's GPAI provisions, are pushing for external accountability mechanisms precisely because internal governance at frontier model developers has been considered structurally unreliable. The article also implicates board-level AI oversight responsibilities that corporate governance functions at large enterprises are increasingly being asked to formalize, particularly for organizations that have adopted AI governance programs aligned with NIST AI RMF or ISO 42001 and that treat vendor safety culture as a material input to enterprise risk assessments.

Compliance teams should treat this analysis as a prompt to revisit their third-party AI vendor due diligence processes, specifically to assess whether current questionnaires capture governance structure and board accountability at foundation model providers, not just technical and contractual commitments. Under the third-party-ai-vendor-due-diligence playbook control, teams should add a governance tier that requests evidence of how safety-related board decisions are documented, escalated, and enforceable. Organizations using OpenAI or Anthropic APIs in high-risk applications should document their current dependency on vendor safety commitments in their AI model registry and flag that those commitments carry structural legal uncertainty as identified by this Harvard Law Review analysis. For enterprises whose boards have formal AI oversight responsibilities, the article provides legal support for escalating AI vendor governance risk to board-level review, which should be recorded in board minutes as part of audit-ready AI documentation. No standard playbook control yet covers enterprise-level assessment of a foundation model vendor's internal board accountability and fiduciary enforceability, which represents a genuine gap in current third-party AI risk frameworks.