A Y Combinator-backed startup sitting at the heart of AI infrastructure for over a thousand companies is operating with what risk analysts describe as a catastrophic single point of failure — and it's costing them less than $500 a month to do so.
Kernel, which provides AI infrastructure services to more than 1,000 businesses, runs its entire customer-facing system on Railway, a cloud deployment platform, at a monthly cost of just $444. That figure — remarkable for the scale of operations it underpins — has drawn fresh scrutiny from operational risk assessors who warn the arrangement represents a textbook example of dangerous infrastructure concentration.
One Vendor, One Thousand Vulnerabilities
The risk assessment classifies the exposure as catastrophic severity with a medium likelihood of materializing. The core concern is architectural: when a company's entire customer-facing infrastructure depends on a single third-party provider, every Railway outage, deprecation notice, or service disruption becomes Kernel's problem — and by extension, the problem of every one of its 1,000+ downstream customers simultaneously.
This is not a theoretical risk. Cloud platform disruptions are a recurring feature of the technology landscape. In recent years, outages at major providers including AWS, Google Cloud, and Azure have each temporarily disabled thousands of dependent services. Railway, while a growing platform popular among developer-focused startups, does not carry the redundancy architecture or contractual service-level guarantees typical of enterprise-grade cloud infrastructure.
The Cost-Risk Tradeoff
The $444 monthly price point is telling. For a startup serving over 1,000 companies, this figure suggests Kernel has prioritized cost efficiency over resilience — a trade-off that is common in early-stage startups but increasingly untenable as customer counts scale. Enterprise clients, in particular, expect infrastructure providers to maintain redundant systems, documented failover procedures, and multi-cloud or hybrid deployment strategies.
From a business continuity standpoint, the current setup means there is no geographic redundancy, no failover to a secondary provider, and no architectural separation between Kernel's internal operations and its customer-facing services. A single deprecation announcement from Railway — the kind of decision a private company can make unilaterally — could trigger a service disruption affecting all of Kernel's clients with little warning.
Regulatory and Contractual Exposure
For Kernel's enterprise and regulated-industry customers, the implications extend beyond downtime. Companies in financial services, healthcare, and other regulated sectors are typically required under frameworks such as SOC 2, ISO 27001, and various financial regulators' operational resilience guidelines to assess and manage third-party concentration risk. If Kernel cannot demonstrate adequate business continuity controls, it may find itself excluded from procurement processes or in breach of contractual obligations with existing clients.
Investors backing Kernel through Y Combinator will also be aware that infrastructure fragility at this scale is a material business risk. A prolonged Railway outage — even one lasting hours — could trigger customer churn, contractual penalties, and reputational damage that far outweighs any savings achieved by running lean on cloud costs.
What Mitigation Looks Like
Industry-standard remediation for this class of risk typically involves distributing workloads across at least two independent cloud providers, establishing automated failover protocols, and negotiating enterprise-grade SLAs with primary vendors. For a company at Kernel's growth stage, the investment required to implement basic multi-cloud redundancy is modest relative to the catastrophic downside of a simultaneous outage affecting all customers.
Until those measures are in place, Kernel's 1,000+ customers remain exposed to an infrastructure dependency that costs less per month than most office supply budgets — and could, on a bad day, cost far more than that.