For $444 a month, a startup called Kernel is running a very expensive gamble — one that exposes more than a thousand companies across the globe to simultaneous failure from a single point of vulnerability.
Kernel, backed by Y Combinator, provides AI infrastructure to over 1,000 client companies and operates its entire customer-facing system on Railway, a cloud deployment platform popular among developer-tool startups for its simplicity and low overhead. The economics, on the surface, are striking: a fraction of a dollar per customer per month. But the architecture that makes this possible is one that risk professionals worldwide would recognise immediately as a textbook single point of failure.
A Global Pattern in the AI Build-Fast Era
Kernel is far from alone. From San Francisco to Singapore, from Berlin to Bangalore, AI startups under pressure to ship quickly and conserve runway have gravitated toward managed cloud platforms — Railway, Render, Fly.io — that abstract away infrastructure complexity and allow lean engineering teams to deploy without dedicated DevOps staff.
This trade-off is rational in the earliest stages of a company. It becomes systemically dangerous at scale. What functions as a sensible bootstrapping decision at 50 customers transforms into an enterprise liability at 1,000 — particularly when those customers are themselves running production AI workloads for their own end users. The failure radius grows with every new client onboarded; the underlying concentration does not shrink.
Risk assessors who examined Kernel's architecture rated the likelihood of a disruptive Railway outage — from infrastructure failure, a networking incident, a policy change, or even a billing dispute — as medium, with a severity rating of catastrophic and a confidence level of 0.7. On any standard risk matrix used by enterprise risk officers from London to Tokyo, that combination lands squarely in the highest-priority quadrant.
What a Single Outage Would Look Like
The scenario is not hypothetical. In 2021, a Fastly CDN outage took down significant portions of the global internet for roughly an hour, including major news organisations, government portals, and e-commerce platforms across multiple continents. In 2022, a misconfiguration at AWS's US-East-1 region disrupted services worldwide. Each event illustrated the same structural truth: concentrated infrastructure dependencies propagate failures at the speed of light, regardless of where customers are located.
In Kernel's case, a Railway disruption would not affect one customer, or ten, or a hundred. It would take down all 1,000-plus simultaneously and instantaneously — companies in Europe, Asia-Pacific, Latin America, and North America alike, with no differential recovery time, no partial service preservation, and no fallback.
Regulatory Pressure Is Building
This architectural risk is increasingly visible to regulators. The European Union's Digital Operational Resilience Act (DORA), which came into full effect in January 2025, imposes strict third-party ICT risk management requirements on financial services firms — including those using AI infrastructure vendors. Under DORA, a financial institution relying on an AI provider with Kernel's architecture could itself face regulatory exposure.
Similar frameworks are developing elsewhere. The UK's Financial Conduct Authority has published guidance on operational resilience and cloud concentration risk. Singapore's Monetary Authority has issued technology risk management guidelines that explicitly address third-party dependency concentration. Even in jurisdictions without formal mandates, enterprise procurement teams are asking harder questions earlier in sales cycles.
For AI infrastructure providers moving upmarket — from developer-tool buyers to enterprise and regulated-industry customers — these questions are no longer optional to answer.
The Real Cost of Cheap Infrastructure
The $444 monthly figure should be read not as evidence of fiscal discipline, but as a structural signal. The true cost of single-cloud dependency is not paid monthly — it is paid in a single event, when the concentrated risk crystallises into a simultaneous, global customer outage with no geographic buffer and no staged recovery.
Multi-cloud architectures, active-active redundancy across providers, and geographic distribution of workloads all carry real costs. But in an era when AI infrastructure is becoming operationally critical — embedded in customer-facing products, automated decision systems, and revenue-generating workflows from Frankfurt to Manila — the question is not whether redundancy is affordable. It is whether its absence is.
The global AI infrastructure market is projected to exceed $200 billion by 2030. The startups that capture enterprise and regulated-industry share in that market will be those that learned, early, to treat resilience not as a future roadmap item but as a present architectural requirement. For Kernel and the many companies that share its approach, the $444 question is really a much larger one: what is the cost of being wrong?