Anthropic vs. Washington

From Our Community March 2, 2026

AI ethics collide with national security.

The showdown between Anthropic and the US government began as a contract negotiation and has quickly turned into a test case for how far Washington will push commercial AI developers in the name of national security—and how hard a leading lab is willing to push back. At its core, the impasse is not only about one company’s AI safeguards, but about who gets to define the outer bounds of acceptable surveillance and autonomy in military systems.

In late February 2026, months of tense, largely private talks spilled into public view when Defence Secretary Pete Hegseth delivered an ultimatum to Anthropic CEO Dario Amodei: roll back or modify certain safeguards on the company’s Claude models or risk losing federal contracts and being treated as a national-security risk. According to accounts of those discussions, military officials reportedly pressed Anthropic to relax restrictions that currently limit the use of its AI for broad domestic surveillance and for fully autonomous weapons, seeking broader operational flexibility than the company was willing to allow. Amodei responded that Anthropic “cannot in good conscience accede” to the Pentagon’s request, framing the dispute as an ethical matter the company would not set aside even under the threat of severe commercial consequences.

Within days, the confrontation moved from contentious negotiations to formal government action. President Donald Trump ordered all US agencies to stop using Anthropic’s technology, effectively freezing the company out of federal business and setting in motion a phased move away from its systems. Hegseth and other officials then moved toward designating Anthropic as a “supply chain risk,” a label that can push defense contractors and suppliers to reassess or sever ties to remain eligible for Pentagon work. In public statements and social media posts, senior administration figures accused Anthropic of limiting U.S. defensive capabilities and warned of potential consequences if the company obstructed the government’s efforts to transition away from its tools.

Anthropic, for its part, has drawn a very specific line: no broad domestic surveillance using its models and no development of fully autonomous weapons. The company has argued that current U.S. law does not adequately regulate AI-driven surveillance and that delegating lethal decisions to systems that remain brittle and exploitable is incompatible, in its view, with the level of control a democracy should demand. In statements and interviews, Amodei has emphasised that Anthropic will not knowingly supply a product it believes would endanger soldiers and civilians, and that frontier systems are not, in the company’s assessment, reliable enough to power fully autonomous weapons without safeguards that do not yet exist. For enterprise buyers and their advisors, the conflict echoes familiar tensions between expansive data-use ambitions and enforceable boundaries around risk, accountability, and rights.

At the same time, Anthropic has revised its own internal safety framework. In the days leading up to the Pentagon deadline, the company published an updated version of its Responsible Scaling Policy that removed an earlier commitment to pause training or deployment of more powerful models if their capabilities exceeded Anthropic’s ability to manage them safely. That earlier pledge had been a notable part of the firm’s reputation as a more cautious, safety-oriented AI lab; now, Anthropic says it will evaluate its actions in light of what competitors are doing, arguing that pausing while others race ahead could lead to a riskier overall environment. The company has tried to reassure observers by emphasising increased transparency, promising regular publications about risk assessments, threat models, and mitigation plans—steps that track with emerging expectations for documentation, auditability, and disclosure across regulated technology domains.

The timing has opened Anthropic to criticism from several directions. Some national security commentators point to the relaxed scaling pledge as evidence that, in their view, the company is willing to adjust safety commitments when competition demands it, but not when the US military seeks expanded operational latitude. Civil society advocates and policy analysts, meanwhile, have raised concerns that narrowing public commitments while negotiating behind closed doors with defence officials could undermine public confidence in AI safety promises. Those are distinct issues: Anthropic’s scaling policy governs how it develops and releases its models, while the Pentagon dispute centers on permitted end uses and contractual exceptions. A practical takeaway for governance and legal teams is to treat vendor safety pledges as living documents rather than fixed guarantees: they may change under competitive or political pressure, which means organisations should re-review AI supplier policies periodically, archive past versions, and ensure contracts tie obligations to specific, dated documents instead of general marketing language.

The government’s response has been notably forceful. In addition to threatening contract termination and supply-chain-risk designations, officials have publicly raised the possibility of using the DefenSe Production Act to compel Anthropic to relax safeguards or provide access to its models under expanded government authority. Legal analysts note that the DPA is traditionally invoked for acute emergencies such as wartime production surges or critical infrastructure crises, and that applying it in this context would reinforce the message that advanced AI models are now treated as strategic assets the state can direct in certain circumstances. For CISOs, general counsel, and risk officers who must explain AI procurement choices to boards and regulators, this raises an uncomfortable but necessary question: how will your assessments change if your supplier can be compelled by law to alter safeguards, prioritise certain use cases, or share access in ways that do not align with your current policy framework?

The Pentagon has pushed back on the idea that it is seeking to weaponise AI irresponsibly. In public remarks and social media posts, defense officials say they have no interest in using AI for mass surveillance of Americans, which they emphasise, in their view, would be illegal, and they insist they do not want autonomous weapons operating without human involvement. At the same time, the department has said it expects contractors to support “all lawful purposes” for its systems and, according to Anthropic, has proposed contract language that would allow restrictions to be lifted in certain circumstances—a degree of flexibility the company views as unacceptable. For information-governance and eDiscovery professionals accustomed to parsing “exceptions,” “emergency use,” and “lawful basis” clauses in retention and access policies, this underlines the importance of precise, enforceable wording when AI is embedded into investigative tools, monitoring platforms, and defence-related workflows. The same drafting discipline applies when AI touches privilege screening, early case assessment, or investigation triage—where “exceptions” can quietly turn a helpful tool into a defensibility problem.

Another notable thread is the reaction from Anthropic’s peers. OpenAI has publicly indicated that it shares Anthropic’s red lines on military use, signaling that at least some major labs are willing to align around constraints on autonomous weapons and domestic surveillance even as they compete elsewhere. For corporate buyers, that convergence offers both leverage and a benchmark: when evaluating AI vendors for sensitive workflows—incident response automation, insider-risk analysis, litigation support—organizations can — and arguably should — ask not only for technical capabilities but also for clearly articulated positions on high-risk government applications. One straightforward practice is to add a short set of questions on surveillance, targeting, and law-enforcement use to vendor due diligence questionnaires and to surface those answers in board-level risk reports so leaders have clear visibility into the stances of key suppliers.

Practical implications

So what does all this mean, in practical terms, for technology and risk leaders within organizations that are already relying on commercial AI?

First, AI supply-chain risk is no longer a distant scenario. When an AI provider can be threatened with a “supply chain risk” label and the president orders its technology out of government systems, every organisation downstream has reason to reassess its own exposure. That reassessment can start with a clear inventory of where and how a given vendor’s models are used—whether in security operations, regulated data processing, document review, or line-of-business analytics—and then map plausible disruption scenarios, from access being curtailed to features changing to comply with a government directive. A practical step is to prepare a brief board memo that pairs this inventory with “what if this vendor were suddenly off-limits?” scenarios to test leadership’s appetite for substitution and contingency plans.

Second, documentation and auditability will matter even more. As Anthropic promises more detailed reports on risk models and mitigations, organisations that rely on its systems will have additional material for internal AI risk registers, DPIAs, or AI-specific addenda to governance policies. The same holds for any vendor: embedding AI-related clauses that require ongoing disclosure of safety-policy changes, third-party audits, and material incidents into master agreements can give security, legal, and compliance teams better visibility into shifts that might otherwise surface only when a crisis hits the headlines. One practical move is to ensure in-house counsel or outside eDiscovery coordinators preserve contemporaneous versions of vendor policies and model cards, so if reliability or admissibility is challenged in litigation, you can show what you reasonably relied on at the time.

Third, the dispute illustrates how quickly ethical commitments can collide with operational demands. Anthropic is attempting to hold fast on two concrete issues while recalibrating its broader safety posture to remain competitive, and the US government is exploring the full scope of its authority to direct private AI capabilities. For organisations deploying AI in sensitive areas such as incident investigation, internal monitoring, regulatory response, or discovery review, the lesson is to build your own non-negotiables into policy and architecture—rather than relying entirely on vendor promises—by explicitly limiting certain uses, localising handling of sensitive data, and maintaining human review where exposure is high. A simple but effective step is to define, in writing, which AI-assisted outputs are considered “advisory” versus “decisional,” and to align that distinction with how you defend process integrity in court or before regulators.

Legal and regulatory dimensions

The legal and regulatory implications run deeper than contract stress tests. If a core AI vendor is blacklisted or labeled a risk by a major government, opposing counsel in complex litigation may challenge the reliability or bias of tools you used for document review or early case assessment, arguing that the underlying model was not trusted for public use by that same government. Regulators and supervisory authorities could also question whether your due diligence was sufficient if you remained heavily dependent on a provider that was under active national-security scrutiny. One way to get ahead of this is to document, now, the criteria by which you would sunset or ring-fence an AI tool if a key jurisdiction raised supply-chain or national-security concerns about its developer, and to ensure those criteria are reflected in your information-governance and litigation-hold playbooks.

Perhaps the most enduring impact of the Anthropic impasse will be the way it sharpens expectations for public-private cooperation in AI. For years, policymakers and industry leaders have talked about partnership on AI safety and defence; this conflict shows how fragile that partnership can be when values, timelines, and threat models diverge. Today, a government can simultaneously threaten to brand a company a supply-chain risk and contemplate using the Defense Production Act to compel that same company to prioritise its needs—a pairing that legal commentators have already noted raises difficult questions. As AI systems seep deeper into cyber operations, compliance programs, and legal workflows, professionals in cybersecurity, information governance, and eDiscovery will increasingly find themselves at the hinge point between their vendors, their governments, and their own clients and boards. How ready is your organisation to navigate that kind of AI future, where a single designation or statutory demand can force you to choose, in real time, whose definition of “lawful use” you are willing to implement?

Read the complete article at Anthropic vs. Washington: AI Ethics Collide with National Security.

Photo: Dreamstime.

Privacy Preference Center

Consent Management

A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

There are two main kinds of cookies: “session” cookies and “persistent” cookies. Session cookies only last for the duration of users using the website and are deleted from your computer when you close your browser, whereas persistent cookies outlast user sessions and remain stored on your computer until deleted, or until they reach their expiry date. We also use third party cookies.

We use Google Analytics to analyse the use of this website. Google Analytics generates statistical and other information about website use by means of cookies, which are stored on users’ computers. The information generated relating to our website is used to create reports about the use of the website. Google will store and use this information. Google’s privacy policy is available at here.

We use Sidekick for Business to analyse the use of this website.

Most browsers allow you to reject all cookies, whilst some browsers allow you to reject just third party cookies. You can find out more about how cookies work, and how to manage them at allaboutcookies.org.

PRIVACY AND COOKIES

Required
You read and agreed to our privacy policy.

COMMENT POLICY

Required
You read and agreed to our comment policy.

REQUEST YOUR DATA

Required
Here you can send a request to receive or delete your personal data.

Strictly Necessary

Cookies that are necessary for the site to function properly.

Cookies Used

Required
gdpr, wordpress_[hash], wordpress_logged_in_[hash], wp-settings-{time}-[UID], PHPSESSID, wordpress_sec_[hash], wordpress_test_cookie, wp-settings-1125, wp-settings-time-1125, cookie_notice_accepted

Comment Cookies

Cookies that are saved when commenting.

Cookies Used

Required
comment, comment_author_{HASH}, comment_author_email_{HASH}, comment_author_url_{HASH}

Analyze website

Cookies used to analyze website.

Cookies Used

Required
__hssc, __hssrc, __hstc, hubspotutk

Targeting/Advertising

Cookies for provide site rankings, and the data collected by them is also used for audience segmentation and targeted advertising.

Cookies Used

Required
__qca

Google Universal Analytics

This cookie name is asssociated with Google Universal Analytics.

Cookies Used

Required
_ga, _gid

Functionality

This cookies contain an updated page counter.

Cookies Used

Required
__atuvc, __atuvs

Skip to toolbar