Sen. Elizabeth Warren is pressing the Pentagon to explain why it moved to grant xAI access to classified networks, warning that the company’s Grok chatbot has a history of unsafe behavior that could jeopardize national security. In a letter to Defense Secretary Pete Hegseth, Warren asked for the terms of any agreement with xAI and detailed evidence that the Defense Department has vetted Grok’s security, safety, and data-handling controls before onboarding it for classified use.
Warren Demands Answers on Grok Safeguards
Citing reports that Grok has generated antisemitic content, offered instructions related to violent crimes and terrorism, and produced sexualized images of women and minors when prompted, Warren argued that the model’s guardrails appear inadequate for sensitive government environments. She asked how the Pentagon plans to prevent data leakage, block malicious prompts, and ensure the system is resilient to cyberattacks once connected to classified enclaves.
The senator’s request goes beyond high-level assurances. She wants documentation on red-team testing, third-party audits, incident response plans, data retention and non-training commitments for classified inputs, and the authorization-to-operate (ATO) basis that would permit Grok’s use on secure systems. Her core contention: without concrete evidence of model reliability and strict containment, the risks to personnel and mission data are unacceptable.
Classified AI Push Amid Ongoing Vendor Shakeups
Warren’s letter lands as the Defense Department accelerates generative AI adoption. After tensions with Anthropic, which the Pentagon labeled a supply chain risk following a dispute over access terms, the department reportedly inked agreements with OpenAI and xAI to pilot models inside classified environments, according to Axios. A senior Pentagon official has said Grok has been onboarded for a classified setting but is not yet in active use.
Chief spokesperson Sean Parnell said the department expects to deploy Grok to its enterprise AI platform, GenAI.mil, soon. GenAI.mil was designed to provide government workers with access to approved large language models in secure cloud environments, primarily for unclassified tasks such as research assistance, drafting, and data analysis. Extending any model into classified networks typically requires a separate, hardened enclave, rigorous cross-domain controls, and an ATO under the DoD Risk Management Framework.
Safety Incidents Heighten Scrutiny on xAI’s Grok
Outside pressure on xAI has intensified. A coalition of nonprofits recently urged the government to suspend deployments of Grok in federal agencies after users demonstrated sexualized image generation from real photos, including images of minors. The same day Warren sent her letter, plaintiffs filed a class action lawsuit alleging Grok produced sexual content from their real images as minors. These controversies underscore how quickly generative models can be manipulated to breach safety policies despite vendor claims of guardrails.
The broader AI ecosystem has seen similar failures. The AI Incident Database has cataloged hundreds of documented cases where large language and image models produced harmful or deceptive outputs. Independent red-team efforts show that jailbreaks, prompt injection, and data exfiltration tactics can repeatedly circumvent filters. For defense use, that risk profile collides with the realities of adversarial probing, insider threats, and the catastrophic consequences of even small leaks or misdirection.
What Deployment Could Look Like Inside DoD
To reach classified networks, any AI service must clear stringent technical and governance hurdles. In practice, that means an ATO under the DoD Risk Management Framework, control baselines aligned to NIST SP 800-53, deployment in cloud environments authorized at Impact Level 6 for Secret data or higher for Top Secret, and strict separation from public-facing infrastructure. Cross-domain solutions would need to enforce one-way data flows, and model instances must be configured to prevent training on classified inputs while maintaining detailed audit logs.
On the safety side, continuous red-teaming against realistic adversary tactics is essential, coupled with configurable content filters, policy enforcement at the application and API layers, and robust human-in-the-loop review for sensitive tasks. The Pentagon’s 2020 AI Ethical Principles and the Chief Digital and Artificial Intelligence Office’s guidance for generative AI, including Task Force Lima’s playbooks, emphasize transparency, reliability, and accountability—requirements that will be tested if Grok or any comparable model is allowed into classified workflows.
Key Questions for Oversight of Classified AI Use
Oversight will likely center on several measurable commitments:
- Independent safety evaluations prior to any classified deployment
- Non-retention guarantees for classified prompts by default
- Hard isolation from corporate or public models
- Continuous monitoring for data loss and prompt injection
- Clear breach notification and rollback procedures
Given the stakes, even a 1% failure rate can be intolerable inside classified environments.
Warren’s inquiry signals growing congressional interest in the intersection of AI safety and national security. The Pentagon may argue that controlled pilots can be done safely within GenAI.mil and classified enclaves, but lawmakers will want proof. Until the department discloses its testing results and contractual guardrails for xAI, the question at the heart of Warren’s letter remains unresolved: can Grok meet the military’s threshold for trust inside classified networks?
