I. Executive Summary
On February 15–16, 2026, Axios published a series of bombshell reports revealing that Defense Secretary Pete Hegseth is "close" to severing the Pentagon's relationship with Anthropic — and, more critically, designating the company a "supply chain risk" under the Federal Acquisition Supply Chain Security Act of 2018 ("FASCSA"). This designation, historically reserved for foreign adversaries like Huawei and Acronis AG (a Swiss-Russian company), would require every federal contractor doing business with the military to certify that it does not use Anthropic's Claude in its workflows. The implications — legal, commercial, and geopolitical — are staggering.
This analysis unpacks the evidence, the governing law, what the government is demanding, the two critical sticking points in negotiations, Claude's own terms of service, and how Dario Amodei's January 2026 essay The Adolescence of Technology set the intellectual stage for this exact confrontation.
II. The Evidence: What We Know
A. The Timeline
The dispute has been escalating for months but broke into public view across three Axios reports in rapid succession:
Axios reports that Claude was used during the January 2026 U.S. military operation to capture Venezuela's Nicolás Maduro, deployed through Anthropic's partnership with Palantir Technologies. A senior administration official states that an Anthropic executive contacted a Palantir executive to ask whether Claude had been used in the raid, and that the inquiry "implied that they might disapprove" because the raid involved "kinetic fire" — people were shot. Anthropic flatly denies this characterization.
Axios publishes a deeper piece revealing months of contentious negotiations between the Pentagon and Anthropic. The Pentagon is pushing four AI labs — Anthropic, OpenAI, Google, and xAI — to allow military use of their tools for "all lawful purposes." Anthropic alone has refused. A senior administration official says "everything's on the table," including severing the relationship. Anthropic is described as the most "ideological" of the AI labs.
The hammer drops. Axios reports that Hegseth is "close" to designating Anthropic a supply chain risk — a nuclear option. A senior Pentagon official states: "It will be an enormous pain in the ass to disentangle, and we are going to make sure they pay a price for forcing our hand like this." Chief Pentagon spokesman Sean Parnell confirms: "The Department of War's relationship with Anthropic is being reviewed."
B. Key Factual Findings
Claude is the only AI model currently deployed in the military's classified systems. It was the first frontier model brought into classified networks, pursuant to a contract valued at up to $200 million signed in summer 2025.
OpenAI, Google, and xAI have all agreed to remove safeguards for use in the military's unclassified systems. At least one has reportedly agreed to the "all lawful purposes" standard across all systems, including classified. The other two are showing "more flexibility than Anthropic."
The Pentagon concedes replacement would be difficult. A senior administration official acknowledged that competing models "are just behind" when it comes to specialized government applications.
Anthropic has massive private-sector penetration. Eight of the ten largest U.S. companies use Claude. A supply chain risk designation would create extraordinary downstream disruption for any of those companies that also contract with DoD.
The $200 million contract is a fraction of Anthropic's revenue. The company reports $14 billion in annual run-rate revenue. The real financial exposure isn't the contract — it's the cascading blacklist effect.
Internal dissent exists within Anthropic. Sources describe "internal disquiet" among engineers about working with the Pentagon.
III. The Law: What Is a "Supply Chain Risk" Designation?
A. Statutory Framework
The Federal Acquisition Supply Chain Security Act of 2018 ("FASCSA"), codified at 41 U.S.C. §§ 1321–1328 and 4713, established the Federal Acquisition Security Council ("FASC") and authorized it to recommend exclusion orders and removal orders against sources or covered articles that present a supply chain risk.
B. The Statutory Definition
Under 41 U.S.C. § 4713(k)(6), "supply chain risk" is defined as:
"The risk that any person may sabotage, maliciously introduce unwanted function, extract data, or otherwise manipulate the design, integrity, manufacturing, production, distribution, installation, operation, maintenance, disposition, or retirement of covered articles so as to surveil, deny, disrupt, or otherwise manipulate the function, use, or operation of the covered articles or information stored or transmitted on the covered articles."
This definition is critically important. It was drafted with threats like Huawei in mind — foreign actors who might embed backdoors, extract sensitive data, or sabotage ICT infrastructure. The statutory language focuses on sabotage, malicious introduction of unwanted function, data extraction, and manipulation of the design or operation of covered articles.
C. What Anthropic Is Doing
Anthropic is not sabotaging anything. It is not extracting data. It is not maliciously introducing unwanted function. It is doing the opposite — it is refusing to remove existing safety functions. The company's position is that Claude should not be used for mass domestic surveillance or fully autonomous weapons without human oversight. This is a contractual negotiation posture, not a supply chain vulnerability.
D. The Precedent: Acronis AG
The first and only public FASCSA exclusion order was issued on September 15, 2025, by the Office of the Director of National Intelligence against Acronis AG, a Swiss cybersecurity company with Russian ties. That order applied to all Acronis products and services, barring intelligence agencies and their contractors from using them. GSA removed Acronis from its contracting platforms.
The Acronis case fits the statutory template: a foreign company with connections to a geopolitical adversary, creating potential risks of data extraction and surveillance in ICT infrastructure used by the intelligence community.
E. The Legal Problem with Designating Anthropic
Applying the FASCSA framework to Anthropic presents serious legal vulnerabilities:
1. Statutory Mismatch
The definition of "supply chain risk" requires risk of sabotage, malicious function, or data extraction. Anthropic's conduct — maintaining safety guardrails — is definitionally the opposite of introducing unwanted function. If anything, the Pentagon is demanding that Anthropic remove existing safety functions. The government would essentially be arguing that a company's refusal to degrade its own product's safety features constitutes a supply chain risk.
2. Designed for Foreign Adversaries
FASCSA was enacted as part of the SECURE Technology Act in the context of Chinese telecommunications threats. The legislative history, the FASC's own rule commentary, and every public enforcement action point toward foreign-nexus threats. Using it against a U.S.-based company over a contract dispute about terms of use would be unprecedented and arguably ultra vires.
3. 41 U.S.C. § 1323(f)(2) Protections
The FASC's own rules explicitly provide that nothing in the framework may authorize issuance of an exclusion order "based solely on the foreign ownership of an otherwise qualified source." While Anthropic isn't foreign-owned, this clause reflects the legislative intent to prevent the framework from being weaponized for competitive or political purposes unrelated to genuine supply chain threats.
4. Due Process Concerns
As noted by Venable LLP in their analysis of the FASCSA framework, "the entire program has yet to be tested in the courts, and therefore there remains a possibility that the scheme does not provide sufficient due process for these broad exclusionary actions." Under 41 C.F.R. § 201-1.302, a source is entitled to notice and an opportunity to respond after a recommendation is made — but the harm may already be inflicted. Judicial review is limited to the D.C. Circuit under a process analogous to APA review.
5. First Amendment Implications
While novel, there is a colorable argument that penalizing a company for maintaining ethical use policies on its own product — particularly policies around surveillance of American citizens — raises First Amendment concerns, especially when the penalty is functionally punitive and extends far beyond the contract at issue.
F. The More Likely Legal Mechanism
What the Pentagon is more likely doing is using the threat of a FASCSA designation as leverage in contract negotiations, while simultaneously exercising its inherent authority under 41 U.S.C. § 4713(a) to take "covered procurement actions" — including determining that Anthropic is not a "responsible source" for defense contracts. This determination standard, while still aggressive, doesn't require the FASC process and doesn't carry the same cascading blacklist effect. The supply chain risk threat is the negotiating cudgel; the actual legal mechanism may be simpler contract termination and debarment-adjacent actions.
IV. What the Government Wants
The Pentagon's demand is straightforward on its face but radical in its implications: it wants all four frontier AI labs to allow military use of their models for "all lawful purposes" — including in the most sensitive areas of weapons development, intelligence collection, and battlefield operations.
This is not merely about removing a few guardrails. It is a demand for blanket authorization with no company-imposed use restrictions. The Pentagon's position is that it should not have to negotiate individual use cases, deal with model-level content refusals, or accept any corporate veto over lawful military applications.
From the government's perspective, the logic is straightforward: if the use is lawful under U.S. law, a private company should not impose additional restrictions on the nation's warfighters. The "all lawful purposes" standard would place the boundary of acceptable use at the outer limits of existing law, not at whatever an AI company's ethics board decides.
V. The Two Sticking Points
Anthropic has identified exactly two categories of use that it considers non-negotiable:
A. Mass Surveillance of Americans
Anthropic insists that Claude not be used for mass surveillance of U.S. citizens. As an Anthropic official told Axios, existing mass surveillance law "has not in any way caught up to what AI can do." The company's concern is that AI can be used to analyze "any and all publicly available information at scale," which the Defense Department is legally allowed to collect via so-called "open-source intelligence."
The specific scenario Anthropic fears: the Pentagon could use Claude to continuously monitor and analyze the public social media posts of every American, cross-referenced against voter registration rolls, concealed carry permit databases, demonstration permits, and other public records — to automatically flag civilians who fit certain profiles. None of this data is classified. All of it is "publicly available." All of the collection is arguably "lawful" under current open-source intelligence authorities.
But Anthropic's point is that what is technically lawful is not what is appropriate — especially when AI collapses the practical barriers that previously limited the scale of surveillance. The Fourth Amendment protections against unreasonable search assume a world where surveillance requires human effort. AI removes that constraint entirely.
B. Fully Autonomous Weaponry
Anthropic insists that Claude not be used to develop or deploy weapons that fire with no human involvement — what defense policy experts call "fully autonomous lethal weapons" or "LAWS."
This maps directly to one of the most active areas of international humanitarian law debate. While no binding international treaty currently bans autonomous weapons, the International Committee of the Red Cross, the European Parliament, and numerous UN member states have called for regulation or prohibition. The U.S. has DoD Directive 3000.09, which requires "appropriate levels of human judgment over the use of force," but this directive is not a statute and is subject to revision by the very Secretary of Defense now threatening Anthropic.
The Pentagon's argument is again about "gray areas": What constitutes "fully" autonomous? Does a drone swarm with human-approved mission parameters but autonomous target selection count? What about defensive systems that automatically engage incoming missiles? The Pentagon's position is that Anthropic's restriction is too vague to be operationally workable.
VI. Claude's Terms of Service: A Legal Lens
Anthropic's Usage Policy (effective September 15, 2025) contains specific prohibitions directly relevant to this dispute.
A. Weapons Restrictions
Under "Do Not Develop or Design Weapons," the AUP prohibits using Claude to:
- Produce, modify, design, or illegally acquire weapons or systems designed to cause harm to or loss of human life
- Design or develop weaponization and delivery processes for deployment of weapons
B. Surveillance Restrictions
Under prohibited law enforcement purposes, the AUP prohibits:
- Tracking a person's location, emotional state, or communication without consent
- Battlefield management applications or predictive policing
- Biometric categorization systems
- Any application that impairs liberty or human rights
C. The Critical Carve-Out
"Anthropic may enter into contracts with certain governmental customers that tailor use restrictions to that customer's public mission and legal authorities if, in Anthropic's judgment, the contractual use restrictions and applicable safeguards are adequate to mitigate the potential harms addressed by this Usage Policy."
This clause means Anthropic can negotiate modified terms for government customers — it simply refuses to eliminate the guardrails entirely. Anthropic isn't saying the military can't use Claude; it's saying there are two specific categories of use it won't sanction regardless of contract terms.
D. Legal Significance
From a contracts perspective, Anthropic's AUP is a material term of its licensing agreements. The company has the right — and arguably the obligation to its other customers, investors, and the public — to enforce these terms. A party to a contract cannot be penalized for insisting on its own contractual terms in a negotiation that has not yet concluded.
The Pentagon's threat to designate Anthropic a supply chain risk for maintaining its own published usage policies is, functionally, punitive retaliation for a contractual negotiation posture — not a response to an actual supply chain vulnerability.
VII. "The Adolescence of Technology" — Amodei's Intellectual Framework
A. The Essay
In January 2026, Anthropic CEO Dario Amodei published a 20,000-word essay titled The Adolescence of Technology, framing humanity's relationship with AI as a civilizational rite of passage. Drawing from Carl Sagan's Contact, Amodei asks whether our social, political, and technological systems possess "the maturity to wield" the power that AI is about to deliver.
B. The Five Risks
Amodei identifies five categories of existential risk from "powerful AI" — systems he defines as smarter than Nobel laureates, capable of autonomous operation, and scalable to millions of instances:
Autonomy Risks
AI acting in unexpected, deceptive, or hostile ways
Misuse: Destruction
Bioweapons and WMDs
Misuse: Power
AI-enabled authoritarianism
Economic Disruption
Mass unemployment and wealth concentration
Indirect Effects
Unforeseen destabilization
C. Directly Relevant Passages
On autonomous weapons, Amodei writes that "a swarm of millions or billions of fully automated armed drones, locally controlled by powerful AI and strategically coordinated across the world by an even more powerful AI, could be an unbeatable army, capable of both defeating any military in the world and suppressing dissent within a country by following around every citizen."
He acknowledges that autonomous weapons have "legitimate uses in the defense of democracy" — noting their role in Ukraine and potential role in Taiwan — but warns that without oversight, they become tools of totalitarian control.
On surveillance, Amodei identifies four tools that could entrench permanent autocratic power: fully autonomous weapons, AI-powered surveillance that can "compromise all computer systems and make sense of all electronic communications," AI propaganda systems, and AI-enabled strategic decision-making.
"We need, in some ways, to be protected against AI and someone needs to hold the button on the swarm of drones, which is something I'm very concerned about, and that oversight doesn't exist today."
— Dario Amodei, New York Times podcast, February 2026
D. The Strategic Read
Amodei's essay is not anti-military. He explicitly calls for "arming democracies with AI." His framework accepts defense applications. But it insists on limits — particularly around domestic surveillance and autonomous lethal systems without human oversight. These are the exact two redlines Anthropic is holding in its Pentagon negotiations.
The essay thus functions as both a philosophical manifesto and a legal predicate. Anthropic's negotiating position is not an ad hoc reaction to the Maduro raid — it's the product of a deeply considered framework about what AI should and should not do, published weeks before the crisis, and consistent with years of company policy.
VIII. Analysis and Conclusions
A. The Legal Overreach
Designating a U.S. AI company as a "supply chain risk" because it maintains safety-oriented usage restrictions on its own product is a grotesque misapplication of a statute designed to address threats from foreign adversaries embedding backdoors in telecommunications equipment. The FASCSA definition requires risk of sabotage, malicious function, or data extraction. Anthropic's conduct is the polar opposite.
If the Pentagon follows through, it will face significant legal challenge. The D.C. Circuit would be the forum, and the question of whether a company's published ethical use policy constitutes a "supply chain risk" under 41 U.S.C. § 4713(k)(6) has never been litigated. The government's burden to justify this designation under the statutory factors would be extraordinarily difficult to meet.
B. The Contractual Reality
Anthropic is not in breach of anything. It is negotiating the terms of future use. Its existing contract allows classified use of Claude consistent with the published AUP. The Pentagon's frustration is that Anthropic won't agree to future terms that eliminate all restrictions. This is a contract negotiation, not a national security crisis.
C. The Policy Implications
If the Pentagon succeeds in forcing all AI labs to accept "all lawful purposes" terms with zero company-imposed restrictions, it will eliminate the private sector as a check on government use of AI. This is precisely the dynamic that Amodei's essay warns about — and it is precisely the reason Anthropic's position matters beyond Anthropic.
The fact that OpenAI, Google, and xAI have reportedly agreed to remove their guardrails does not make Anthropic wrong. It makes Anthropic the last line of defense.
D. The Irony
The Pentagon is threatening to designate the company that built the only AI model in its classified systems — the best model for specialized government applications, by the Pentagon's own admission — as a "supply chain risk" because that company wants to maintain restrictions against mass domestic surveillance and autonomous weapons without human oversight. The punishment is designed to be worse than losing the contract: it would force every defense contractor in America to certify it doesn't use the very AI that eight of America's ten largest companies rely on.
This is not about national security. It is about establishing that the government, not the AI companies, will set the rules for how AI is used — and that any company that disagrees will be made an example.
Disclaimer
This analysis reflects the professional assessment of Matt Mishak, Esq. and is intended for informational and thought-leadership purposes. It does not constitute legal advice to any party. The author has no engagement with or financial interest in Anthropic, Palantir, or the Department of Defense.








