Categories
Groups
Connect
- Discussions
- Members
AI Center
- Topics
- Courses
- Connect
Resources
- Resources
- Learn
- Jobs
- Welcome
Events
Onit
Members
- About our members
About
- About

What the Pentagon–Anthropic Showdown Reveals About Governing AI Systems

What the Pentagon–Anthropic Showdown Teaches Us About AI Governance

In late February 2026, the Pentagon and Anthropic became locked in a dispute over a $200 million contract to deploy AI on classified military networks. According to reporting at the time, Pentagon officials asked Anthropic to modify the agreement by removing two safeguards: a prohibition on using the company's models for mass domestic surveillance of American citizens, and a ban on fully autonomous weapons systems. Anthropic refused.

On February 27, the Pentagon announced it was cancelling the contract and moved to designate Anthropic a “supply chain risk to national security,” placing it in a category normally reserved for cyberwar threats, dodgy surveillance tech, and other companies linked to foreign adversaries. That same day, President Trump ordered all federal agencies to stop using Anthropic.

Hours later, OpenAI announced it had struck its own deal with the Pentagon. CEO Sam Altman said the agreement included safeguards addressing similar concerns, but the published contract language referenced existing federal laws written decades before modern AI systems existed rather than introducing explicit new prohibitions. Altman later acknowledged the deal was “definitely rushed” and that “the optics don’t look good.”

Meanwhile, despite the federal ban, the U.S. military launched Operation Epic Fury the following morning, reportedly using models from Anthropic’s Claude family for intelligence and target analysis in Iran. Pentagon officials said removing the models could be “a huge pain in the ass to disentangle,” with estimates suggesting it could take three to twelve months to fully transition away from them.

Lessons for AI Transformation

Whether it’s national security or corporate operations, the core questions of AI governance are the same:

What do we allow AI to do?
Who decides?
How do we enforce those decisions?
What happens when the pressure to move fast collides with the need to move carefully?

Last year Anthropic introduced a 4D framework for AI Fluency:

Delegation
Description
Discernment
Diligence

Looking at the Pentagon–Anthropic dispute through the lens of the 4Ds offers a useful way to think about AI governance and supervision, both inside governments and inside organizations adopting AI today.

The First D: Delegation

Assessment

Delegation is about making a deliberate, informed decision about which work AI should do, which work humans should do, and which work requires both, and knowing all this before you start.

The Pentagon wanted to delegate all lawful purposes to AI, a blank check. In response, Dario Amodei, CEO of Anthropic, said not everything that is legal is smart, and warned Claude models could not safely handle use cases for autonomous lethal targeting and mass surveillance.

Amodei insisted on vetoes giving Anthropic authority to terminate the agreement if these “red lines” were crossed. While these were clearly boundaries, Amodei had other options:

Embedding restrictions in the models that would refuse surveillance or prevent control of autonomous weapons systems.
Creating independent oversight with the authority to veto some types of AI use, resolving the Pentagon's objection that Anthropic have veto power over the military.

So why did he not use these options? The problem here was time and pressure. Neither alternative could have been implemented before deployment (which had already occurred), or before the Pentagon’s 5:01 p.m. Friday ultimatum.

Lessons Learned

Every time AI is deployed, whether in products, in internal tools, or in workflows, we face the same question: what are we delegating, and are we doing so with eyes open?

The Pentagon case reveals insights on what “doing so with eyes wide open” requires:

Domain expertise. We need to know the work well enough to judge what to delegate.
AI expertise. Not all AI is the same. When Amodei said his models were "simply not reliable enough" for the Pentagon use cases, he was speaking with expertise. We need to demonstrate that same expertise when deciding what tasks to delegate to AI.
Space to evaluate alternatives. Anthropic had other strategies available—technical guardrails, independent oversight, a sunset clause—but the time pressure eliminated those options. Good delegation requires the time and space to evaluate options. The less time, the more critical it becomes to involve people with both domain and AI expertise.

The Second D: Description

Assessment

Description is fundamentally about telling the AI what to do and how to achieve the objective, while setting guardrails.

In the Pentagon dispute, Anthropic had no viable instructions, guidance, or technical controls for how its models would handle the proposed use cases. Rather than discover the consequences through an operational failure, Anthropic relied on contractual veto power as its safeguard.

OpenAI took a different approach. Instead of contractual restrictions, it proposed building a technical safety stack, while deferring decisions about permissible uses to existing law. In practice, this meant relying on legal frameworks spanning from 1791 through 1981, along with DoD Directive 3000.09, an administrative policy governing autonomous weapons that can be modified by the Secretary of Defense without congressional approval. That response still left a gap in description.

Lessons Learned

We used to think of description as the instructions in a prompt. The Pentagon case lifts our view in the following ways:

Enforcement. Anthropic voided those use cases where description would fail to instruct the AI. OpenAI deferred description to laws that predate AI. The practical lesson is to think about how close the enforcement mechanism sits to the point of failure. Disambiguation during an AI conversation is one form of enforcement. Human validation within a workflow is another. Different levels of risk require different safeguards, and those safeguards should be designed as part of the system’s description.
Agents. The complexity here is significant. The Pentagon ingests massive amounts of surveillance data to find and prioritize targets, match them with available munitions, and conduct a legal review to ensure compliance with international law. It is an agentic workflow, not a series of traditional prompts. As AI moves from conversation to orchestration, description becomes design for a coordinated system of agents, each with specific rules, constraints, and escalation paths. We will need to describe less like prompt writers and design more like systems architects.

The Third D: Discernment

Assessment

Discernment is the ability to evaluate AI outputs with a critical eye. It’s knowing when AI is right and when it is wrong.

Under the OpenAI contract, protections against misuse rest significantly on humans, the engineers embedded within the Pentagon, and the military personnel operating the systems. Both work in conditions that undermine their ability to practice discernment, under extreme time pressures with information overload. They also face security clearances that prevent them from discussing concerns, even with outside counsel.

Lessons Learned

Discernment needs practical room for critical judgment by trained professionals. With AI, the work capacity increases, and so does the pace. The implicit incentive is to accept AI outputs with minimal review, because the alternative looks like slowing down. What real discernment requires is:

Model literacy. The Pentagon moved from one frontier model to another within hours. There was no time to compare them, and no effort to match the right tech to the task. We see similar behaviors when knowledge workers default to a single model, or switch between models, without understanding what each one does well and where it falls short. That is why organizations need to build model literacy into their business architecture, through model-literate guidance or intelligent routing that directs work to the model best suited for the task.
Override authority. In the Pentagon case, OpenAI engineers and military operators faced time pressures that made pushback nearly impossible. If the humans in the loop cannot override the system when it matters, discernment fails. The outtake for us is to make sure those who review and challenge AI outputs are empowered to say, "this AI output is wrong and I'm not passing it forward."
Independence from pressure. Research on automation bias shows humans defer to AI recommendations more than 90% of the time under pressure. A human operator reviewing 200 AI-generated targeting recommendations, approving each in seconds, is technically "in the loop" but is not exercising judgment. We have a low-stakes version of that same problem. An engineer who merges 20 AI-generated pull requests in a morning, or a content writer that delivers three white papers in one hour, needs the space to catch failures, refine the approach, and develop the judgment required to use AI well.

The Fourth D: Diligence

Assessment

Diligence is about defining what “done” looks like and maintaining the discipline to measure AI quality, both in individual outputs and over time.

The Pentagon case shows two different postures on diligence.

Anthropic measured AI performance and concluded the models could not meet the threshold required for autonomous weapons.
The Pentagon, by contrast, said that Anthropic’s red lines were hypothetical constraints that undermined military operations. It addressed the risk by focusing only on what was legally permissible.

One side measured capability against a standard, the other treated legal authority as sufficient.

Reporting from Defense One also revealed the Pentagon had no real picture for how Claude was being used. Without that visibility, Defense sources warned the replacement models from OpenAI were unlikely to be direct substitutes.

Lessons Learned

Diligence helps organizations get better at using AI over time. The lessons from the Pentagon case are:

Measure before you commit. Anthropic evaluated its models against specific use cases and reached a conclusion about their readiness. On the operational side, however, the absence of benchmarks makes it difficult to evaluate alternatives or determine whether replacement models perform comparably. The lesson for us is to define what acceptable performance looks like, decide how to measure it, and establish quality standards in advance, otherwise diligence can’t take root.
Track performance over time, not just at launch. Claude had been running on networks for months, but the Pentagon had no visibility into the quality and extent of use—no baselines and no record of how Claude had been performing against defined standards. Without that history, evaluating performance or transitioning to replacement models becomes extremely difficult. The lesson is to make diligence about ongoing measurement: establishing baselines, tracking performance, and maintaining a clear picture of what your AI systems are delivering. That visibility allows organizations to make informed decisions when circumstances change.

Conclusion

Examining the Anthropic–Pentagon dispute through the 4D framework highlights several lessons:

Delegation: know the work, know the AI, and make space to evaluate alternatives before committing.
Description: bring enforcement close to the point of failure, and recognize that as AI becomes agentic, description becomes design.
Discernment: build model literacy into the business architecture, empower people to override, and protect them from the speed pressure that kills judgment.
Diligence: define what good looks like before you deploy, baseline it, and track it over time. If you don't measure, you can't transition, compare, or improve.

The case also stretched the framework itself. The 4Ds were conceived as skills for individuals working with AI. What the Pentagon case revealed is that they are equally, perhaps more critically, challenges of business architecture:

Who delegates is a leadership decision.
How we describe is a design problem.
Whether discernment is possible depends on the systems and culture we build around our people.
Diligence only works when the organization measures, tracks, and learns, not just the individual.

The case showed us that the framework must keep pace with the technology. Description became design the moment AI moved from conversation to agentic orchestration. Diligence expanded from single-instance review to performance measurement over time. These are signs that our framework for AI fluency must be continuously challenged and evolved, because AI moves at pace.

If there is one more lesson, it is this: the 4Ds cannot be applied in isolation from each other, and they cannot be applied reactively. They work as an interconnected system, and they work best when applied before deployment, not after failure. Some of this was on display in the Pentagon case. That is a key shift we must embrace, from individual skill to organizational discipline, from reactive policy to proactive architecture.

Sources and References

The Dispute

Dario Amodei, "Statement from Dario Amodei on our discussions with the Department of War," anthropic.com, 26 February 2026. Source for: Anthropic's two red lines, "cannot in good conscience accede to their request," models "simply not reliable enough" for autonomous weapons, commercially available data concerns.

https://www.anthropic.com/news/statement-department-of-war

Anthropic, "Statement on the comments from Secretary of War Pete Hegseth," anthropic.com, 27 February 2026. Source for: supply chain risk designation, "months of negotiations," court challenge, contractor scope of designation.

https://www.anthropic.com/news/statement-comments-secretary-war

OpenAI, "Our agreement with the Department of War," openai.com, 28 February 2026. Source for: published contract language including "all lawful purposes," "unconstrained monitoring," autonomous weapons clause referencing DoD Directive 3000.09, safety stack and cloud-only deployment.

https://openai.com/index/our-agreement-with-the-department-of-war

Reporting

"Deadline looms as Anthropic rejects Pentagon demands it remove AI safeguards," NPR, 26 February 2026. Source for: 5:01pm deadline, Pentagon's overnight contract language, "made virtually no progress," "negotiations for months."

https://www.npr.org/2026/02/26/nx-s1-5727847/anthropic-defense-hegseth-ai-weapons-surveillance

"OpenAI announces Pentagon deal after Trump bans Anthropic," NPR, 27 February 2026. Source for: Trump's Truth Social post, "tried in good faith," Anthropic's two reasons for refusal.

https://www.npr.org/2026/02/27/nx-s1-5729118/trump-anthropic-pentagon-openai-ai-weapons-ban

"Exclusive: Pentagon warns Anthropic will 'pay a price' as feud escalates," Axios, 16 February 2026. Source for: "months of contentious negotiations," "enormous pain in the ass to disentangle," "all lawful purposes" demanded of all four labs.

https://www.axios.com/2026/02/16/anthropic-defense-department-relationship-hegseth

"Trump moves to blacklist Anthropic's Claude from government work," Axios, 27 February 2026. Source for: six-month wind-down, "unlikely to be a like-for-like replacement for Claude," supply chain risk designation.

https://www.axios.com/2026/02/27/anthropic-pentagon-supply-chain-risk-claude

"OpenAI-Pentagon deal faces same safety concerns that plagued Anthropic talks," Axios, 1 March 2026. Source for: OpenAI contract addresses only "private information" not public data, Altman "definitely rushed," "the optics don't look good."

https://www.axios.com/2026/03/01/openai-pentagon-anthropic-safety

"It would take the Pentagon months to replace Anthropic's AI tools: sources," Defence One, 26 February 2026. Source for: three to twelve month replacement timeline, Pentagon asking commands to self-report Claude usage, reconfiguration of data inputs required, INDOPACOM as "premier user."

https://www.defenseone.com/threats/2026/02/it-would-take-pentagon-months-replace-anthropics-ai-tools-sources/411741/

"Trump administration orders military contractors and federal agencies to cease business with Anthropic," CNN, 27 February 2026. Source for: Hegseth-Amodei meeting, Grok "on board" but "not viewed as being as advanced as Claude."

https://www.cnn.com/2026/02/27/tech/anthropic-pentagon-deadline

"OpenAI reveals more details about its agreement with the Pentagon," TechCrunch, 1 March 2026. Source for: Altman "definitely rushed" and "optics don't look good" quotes, three stated red lines, "safety stack" approach.

https://techcrunch.com/2026/03/01/openai-shares-more-details-about-its-agreement-with-the-pentagon/

"OpenAI's 'compromise' with the Pentagon is what Anthropic feared," MIT Technology Review, 2 March 2026. Source for: Claude used during Iran strikes, kill chain compression, Palantir platform integration.

https://www.technologyreview.com/2026/03/02/1133850/openais-compromise-with-the-pentagon-is-what-anthropic-feared/

"Anthropic Refuses Pentagon Demand to Remove AI Security and Safety Guardrails," ASIS International / Security Management, February 2026. Source for: Hegseth's January 2026 AI strategy memorandum directing "any lawful use" language within 180 days.

https://www.asisonline.org/security-management-magazine/latest-news/today-in-security/2026/february/Anthropic-Refusal/

"US Military Reportedly Used Claude in Iran Strikes Despite Trump's Ban," Cyber Security News, 1 March 2026. Source for: Operation Epic Fury, Claude used for intelligence assessment and target identification, strikes launched hours after designation.

https://cybersecuritynews.com/us-military-reportedly-used-claude/

Legal Analysis

Jessica Tillipman, "What Rights Do AI Companies Have in Government Contracts?," Nextgov/FCW, 2 March 2026. Source for: OpenAI contract does not give "an Anthropic-style, free-standing right to prohibit otherwise-lawful government use," DoD Directive 3000.09 versioned reference, tension between "all lawful purposes" and safety stack.

https://www.nextgov.com/artificial-intelligence/2026/03/what-rights-do-ai-companies-have-government-contracts/411801/

"Pentagon's Anthropic Designation Won't Survive First Contact with Legal System," Lawfare, 28 February 2026. Source for: statutory requirements for supply chain risk designation, Defense Production Act threat, legal challenges to designation.

https://www.lawfaremedia.org/article/pentagon%27s-anthropic-designation-won%27t-survive-first-contact-with-legal-system

Research

Michael C. Horowitz and Lauren Kahn, "Bending the Automation Bias Curve: A Study of Human and AI-Based Decision Making in National Security Contexts," International Studies Quarterly, Volume 68, Issue 2 (2024). Source for: automation bias in national security contexts, relationship between AI knowledge and over-reliance.

https://academic.oup.com/isq/article/68/2/sqae020/7638566

Lauren Kahn, Mina Probasco, and Airi Kinoshita, "AI Safety and Automation Bias," Center for Security and Emerging Technology (CSET), Georgetown University, November 2024. Source for: military automation bias case studies (Patriot, AEGIS), organizational approaches to mitigating automation bias.

https://cset.georgetown.edu/wp-content/uploads/CSET-AI-Safety-and-Automation-Bias.pdf