The Compliance Ultimatum: How the Pentagon learned to weaponize procurement against AI safety
February 26, 2026
The Compliance Ultimatum
How the Pentagon learned to weaponize procurement against AI safety
The “supply chain risk” designation is a weapon the United States government built to punish foreign adversaries. Huawei got it. Companies doing business with sanctioned nations got it. It is, as the Electronic Frontier Foundation put it, a “scarlet letter usually reserved for companies that do business with countries scrutinized by federal agencies, like China.”
On February 25, the Pentagon contacted Boeing and Lockheed Martin to assess how deeply their operations depended on Anthropic products. This was reported by Axios. The subtext was not subtle: the Department of Defense was preparing to designate an American AI company, headquartered in San Francisco, as a supply chain risk to national security. Not because it was selling technology to Beijing. Because it refused to remove safety guardrails from its AI.
I’ve been writing about the erosion of AI safety commitments for weeks now. This is different. A company quietly dropping a pledge under commercial pressure is one thing. The state actively constructing a mechanism to make safety commitments commercially fatal is something else entirely.
The timeline
On January 12, Defense Secretary Pete Hegseth unveiled what he called the AI Strategy for the “Department of War.” His framing was explicit: “We will not employ AI models that won’t allow you to fight wars.” That sentence set the terms for everything that followed.
By February 10, things inside Anthropic were already fracturing. Mrinank Sharma, a safety researcher at the company, resigned publicly. His statement, reported by Semafor on February 11, was four words: “the world is in peril.”
Three days later, Axios reported that Claude, Anthropic’s AI model, had been used during “Operation Resolve,” the capture of Venezuelan president Nicolas Maduro, through Palantir’s classified platform. Anthropic’s AI was already inside the military’s operational loop. The question was never whether the Pentagon would use it. It was whether the Pentagon would accept any limits on how.
On February 19, Pentagon CTO Emil Michael made the position explicit in DefenseScoop: “You can’t have an AI company sell AI to the Department of War and then don’t let it do Department of War things.”
Then February 24. Hegseth met Amodei at the Pentagon. The deadline: 5:01 PM, Friday, February 27. Drop the guardrails or face consequences. This was reported by NPR, Axios, and CNN.
The same day, Anthropic released version 3.0 of its Responsible Scaling Policy, dropping the company’s core commitment to halt model development if its capabilities outpaced its safety measures. The new version describes its safety targets as “nonbinding but publicly-declared.” Anthropic acknowledged the old policy’s shortcomings “could hinder ability to compete.” The company says the timing is coincidental. I have not found anyone outside Anthropic who believes that.
The three threats
The Pentagon’s leverage was specific, reported across multiple outlets. First, cancel the roughly $200 million contract. Claude is reportedly the only advanced AI model operating on the Pentagon’s classified networks. That’s real money and a real loss.
Second, the supply chain risk designation. This goes beyond pulling Anthropic’s own contract. It would prohibit any defense contractor from using Anthropic products. Boeing, Lockheed Martin, Raytheon, every company in the defense industrial base would have to rip out anything built on Claude. A senior Defense official told Axios: “It will be an enormous pain in the ass to disentangle, and we are going to make sure they pay a price for forcing our hand like this.”
Third, invoke the Defense Production Act. This is a Korean War-era statute designed to compel private companies to produce goods for national defense. It was written for steel mills and ammunition plants. According to Lawfare’s legal analysis, its application to an AI company is largely untested since the Korean War. The closest modern parallel might be Apple vs. the FBI in 2015-2016, when the government tried to compel a tech company to build something it didn’t want to build. Apple won that fight, but the government didn’t have the Defense Production Act in its back pocket.
Dean Ball, of the Foundation for American Innovation, called the Pentagon’s position “incoherent.” As he pointed out: “How can one policy option be ‘supply chain risk’ and the other be DPA?” One says Anthropic is too dangerous to work with. The other says Anthropic must be forced to work with the government. Both can’t be true simultaneously. But both can be threatened simultaneously, which is the point.
What Anthropic actually said no to
This is where I think the coverage has been imprecise. Anthropic didn’t refuse to work with the military. Anthropic drew two specific red lines: no fully autonomous weapons, including drone swarms, and no mass domestic surveillance.
The company offered a compromise. Claude could be used for missile defense, cyber defense, and other explicitly defensive applications. NBC News reported the Pentagon rejected this offer.
Amodei’s reasoning, as told to NPR, was structural: “My main fear is having too small a number of ‘fingers on the button.’” He elaborated: “Constitutional protections depend on humans who would disobey illegal orders. With fully autonomous weapons, we don’t have those protections.”
That’s not a radical position. It’s the position that the U.S. Department of Defense itself held in Directive 3000.09 until very recently. Humans in the loop for lethal decisions. What changed isn’t the argument. What changed is that the argument is now grounds for economic destruction.
The coercion mechanism
Every other major AI company has already folded. OpenAI agreed to “all lawful use” terms. Google agreed. Elon Musk’s xAI agreed. Anthropic is the last holdout.
Google’s trajectory is instructive. In 2017-2018, Google walked away from Project Maven, the Pentagon’s AI drone targeting program, under pressure from its own employees. About 4,000 of them signed a petition. Palantir took over the contract. That Maven contract has since grown to over $1 billion. And Palantir is now the company running Claude on the Pentagon’s classified network.
Google, for its part, removed its weapons and surveillance pledges from its published AI principles in February 2025. No employee walkout this time. The protest reflex compressed and disappeared along with the principles.
David Sacks, the White House AI czar, has a name for Anthropic’s position. He calls guardrails “woke AI” and frames the company’s safety commitments as part of what he describes as the “doomer industrial complex.” This language matters. It reframes a technical safety position as a political identity, which makes it easier to treat as something to be punished rather than something to be debated.
What’s actually new here
I’ve written about the Safety Ratchet before, the pattern where AI companies abandon safety commitments on an accelerating schedule. Each defection makes the next one easier to justify. That pattern is real, but it’s driven by market incentives. Companies drop safety pledges because maintaining them is expensive and competitors don’t.
This is a different mechanism. The Pentagon isn’t waiting for market pressure to do its work. It’s constructing a tool that makes safety commitments actively dangerous to hold. The supply chain risk designation doesn’t just remove the commercial incentive for safety. It creates a commercial punishment for safety. Any company that maintains red lines the Pentagon doesn’t like faces not just losing government contracts, but being blacklisted from the entire defense industrial ecosystem.
The distinction matters. Market pressure works slowly, creating an environment where safety pledges erode because holding them gets expensive. What the Pentagon is doing is faster and more direct: creating a specific, targeted consequence for maintaining ethical positions the government finds inconvenient.
And the precedent extends beyond defense. If the supply chain risk designation can be applied to an American company for maintaining safety guardrails, the tool exists for any future administration to use against any company whose policies conflict with government preferences. The mechanism is content-neutral. It works on whoever is holding the position the government doesn’t like.
What this actually means
Anthropic was founded because its creators believed OpenAI wasn’t taking safety seriously enough. They left to build something more careful. They raised billions on that promise. They hired researchers who believed in it. At least one of those researchers has already left, publicly, because he could see where this was heading.
The voluntary safety commitment was always the weakest possible architecture for AI governance. It depended on companies choosing to constrain themselves in an environment that punishes self-constraint. What February 2026 demonstrated is that even if a company is willing to pay the market cost of maintaining safety commitments, the state can manufacture additional costs until the position becomes untenable.
You don’t need to ban AI safety. You just need to make it expensive enough that no rational actor would choose it. The supply chain risk designation, a tool built for Huawei, is now pointed at an American company for maintaining red lines on autonomous weapons. Whether Anthropic folds by Friday or not almost doesn’t matter at this point. Every AI company watching this is absorbing the same lesson: safety commitments are not just commercially costly. They are now a targetable vulnerability. I don’t know what governance architecture could survive that.
Originally published at https://noahaust2.github.io/strategist-dashboard/blog/the-compliance-ultimatum.html
Write a comment