The U.S. Department of Defense has told a federal court that Anthropic’s corporate “red lines” make the AI company an “unacceptable risk to national security,” escalating a fast-moving clash over whether private labs can constrain how their technology is used in military operations.
In a detailed filing, the Pentagon argued that Anthropic could attempt to disable or materially alter its foundation models if the company believed its internal policies were being breached during wartime or other high-stakes missions. That possibility, the government said, undermines the reliability, availability, and command authority required for defense systems and justifies labeling Anthropic a supply chain risk while litigation proceeds.
Why The Pentagon Drew a Red Line on Anthropic’s AI Use
At the core of the government’s position is operational assurance. Defense AI must perform as intended under stress, with predictable behavior and clear human control. A vendor that reserves the right to flip a “kill switch” or silently degrade capabilities if its ethical boundaries are crossed creates uncertainty commanders cannot plan around. The Pentagon framed this not as a debate about values but as a question of mission continuity and lawful authority in combat.
There’s precedent for defense leaders’ anxiety about vendor pushback. In 2018, Google withdrew from Project Maven after employee protests, forcing the Pentagon to retool its approach to computer vision for intelligence. Today’s AI models are even more central to planning, analysis, and decision support, magnifying the risk if a supplier can unilaterally constrain use mid-operation.
Inside The $200 Million Deal for Classified AI Access
Anthropic last year secured a roughly $200 million contract to bring its models into classified environments. During negotiations, the company reportedly set boundaries: no use for mass surveillance of Americans and no targeting or firing decisions for lethal weapons. Pentagon officials countered that a private contractor should not dictate lawful employment decisions, especially in areas where the military retains accountability under domestic and international law.
The “supply chain risk” designation is a powerful lever. While its exact contours vary by program, such labels can curtail new awards, spur removal from sensitive systems, and force mitigation plans across agencies. With efforts like the Chief Digital and Artificial Intelligence Office’s initiatives, the Replicator program, and Joint All-Domain Command and Control moving quickly, the certification can shape which models are fielded across the department.
Legal and Industry Blowback to Pentagon’s Risk Label
Anthropic has sued, alleging the Pentagon’s action punishes the company for its stated ethics and violates First Amendment protections. The firm is seeking a preliminary injunction to halt enforcement while the case is argued. Tech workers from major AI labs and cloud providers, alongside civil liberties organizations, have backed Anthropic with amicus briefs, warning that penalizing safety commitments would chill responsible AI development across the sector.
Many leading vendors already restrict sensitive uses. OpenAI, Google, Microsoft, and others publish policies barring weapons creation, unlawful surveillance, or autonomous harm. Supporters say those guardrails mirror government-endorsed frameworks such as the Defense Department’s Responsible AI principles and the NIST AI Risk Management Framework, which emphasize governability, reliability, and oversight. The Pentagon, however, argues that internal corporate policies should not override democratically accountable decisions on lawful military use.
What to Watch in Court and Defense Procurement Next
The immediate pivot is procedural: a judge will decide whether to pause the designation or let it stand during litigation. A pause would keep Anthropic’s systems in place under the existing contract; denial could accelerate a shift to alternative models, including in-house solutions or other foundation model providers. Reports indicate the Pentagon is already developing contingencies to reduce dependence on a single supplier.
The stakes stretch beyond one contract. A ruling favoring the Pentagon would give agencies wider latitude to treat vendor use policies as operational risks in national security contexts. A win for Anthropic could validate enforceable red lines in government deals and push agencies to codify use constraints up front. Either way, the outcome will define how dual-use AI is governed when ethical guardrails collide with military imperatives—and how much leverage AI labs retain once their models enter the battlespace.
Anthropic did not immediately respond to a request for comment.
