On Thursday, Anthropic CEO Dario Amodei reiterated his refusal to allow Claude to be used for mass surveillance of U.S. citizens or to guide fully autonomous weapons, rejecting Pentagon requests to make unfettered use of the model.

Claude is one of just two large generative-AI models that the Pentagon has made available on classified networks, and it is the only one that belongs to the cutting-edge group of frontier models. The Defense Department isn’t saying just how it uses such models. But Emil Michael, defense undersecretary for research and engineering, has suggested that their uses include intelligence (“to synthesize a lot more intelligence using a machine than a human analyst”) and warfighting (“How do you predict what might happen in the conflict, what things you might need in the conflict?”).

Earlier on Thursday, Pentagon spokesperson Sean Parnell said that DOD only seeks the ability to “use Anthropic's model for all lawful purposes,” adding that the idea that the Pentagon wants fully autonomous weapons or mass surveillance is a false narrative “peddled by leftists in the media.” 

But Amodei said those are the only two limits he insists on. 

In “a narrow set of cases, we believe AI can undermine, rather than defend, democratic values. Some uses are also simply outside the bounds of what today’s technology can safely and reliably do,” he said in his statement.

Pentagon officials have threatened various reprisals should Anthropic insist on its limits, including invoking the Defense Production Act to use the company’s product without the company’s permission. 

On Wednesday, a defense official told Defense One, “The Secretary will not hesitate to invoke the DPA if an agreement cannot be reached.”

Parnell’s post on Thursday made no mention of the DPA. The company, he said, has “until 5:01 PM ET on Friday to decide. Otherwise, we will terminate our partnership with Anthropic and deem them a supply chain risk for DOW.”

In his statement, Amodei responded quizzically. “They have threatened to remove us from their systems if we maintain these safeguards; they have also threatened to designate us a ‘supply chain risk’—a label reserved for US adversaries, never before applied to an American company—and to invoke the Defense Production Act to force the safeguards’ removal. These latter two threats are inherently contradictory: one labels us a security risk; the other labels Claude as essential to national security.”

Easier said than done

If the Pentagon does designate the San Francisco-based AI startup as a supply-chain risk, it would touch off a lengthy and likely expensive series of protective measures, the people familiar said. 

Operators would have to reconfigure data inputs that they are feeding into models, re-examine how to share data in real-time with the intelligence community which also uses Claude widely, and re-validate that replacement models were functioning as the military expected it to, they said.

In July, Anthropic received a $200 million contract to provide its frontier-model tools to the Pentagon, as did the other three U.S. makers of such products: OpenAI, Google, and xAI. 

Department leaders have urged their people to use the new tools, though they have declined to say how publicly. And even the Pentagon doesn’t really know; it is reportedly asking various commands to describe how much they use Anthropic. (Michael, however, has described U.S. INDOPACOM as “probably one of the premier users.”)

So why is Claude the only one deployed on classified networks? One key reason, according to a defense official: Anthropic’s tools were the easiest to deploy on cloud networks powered by AWS, which contributes the largest chunk of the Pentagon’s Joint Warfighting Cloud Capability.

The two companies are especially close. AWS is the leading cloud-service provider to Anthropic, which trains its models using Amazon’s proprietary Trainium chips.

By contrast, Google runs Gemini on its own cloud and trains it on TPU v5p chips. xAI is partnered with Oracle and does most of its Grok training on NVIDIA H100 GPUs. OpenAI has a “primary” relationship with Microsoft Azure, though it recently announced a “strategic training” partnership with AWS.

None of these relationships are static. Anthropic trained its first models on NVIDIA chips. But as demand grew, the various frontier AI companies inked long-term strategic contracts that mean migrating from one environment to another would undo months of work. 

The individuals said it could be twelve months or longer to replace the capability. However, a Defense Department official said that he expected additional frontier AI models to be widely available on the Pentagon’s GenAi.mil interface before summer. 

AWS did not respond to requests for comment.

Breaking up for the wrong reasons

Michael has said that his objection to Anthropic’s stance is that it creates unpredictability. What if, he said last week, operators were using Claude during a mission, and  “then the model itself learns what you're trying to do… and it stops working. That’s a risk I cannot take.”

But Anthropic executives counter that they must draw lines precisely because of AI’s unpredictability. They say there’s no way to guarantee that their models can perform safely in scenarios that involve lethal autonomy—at least not without meaningful human supervision—and they don’t believe the model is safe in situations that might involve AI for mass surveillance, according to sources familiar with the discussions.

And they agree with Michael’s contention that some of the Pentagon’s frontier models might perform better at various tasks than others.

The sources also said the conversations between the Pentagon and the company had been proceeding along more or less normal lines. Anthropic, they say, had been willing to make various accommodations. But the tone changed after the discussions became public.

On Tuesday, the company released a new version of its safety policies, which many saw as an abandonment of its core safety promise.

In the blog post announcing the change, the company said that it would be moving toward “nonbinding but publicly declared targets” for safety. “Rather than being hard commitments, these are public goals that we will openly grade our progress towards.”

Lawmakers are dipping a toe into the debate. Sen. Mark Warner, D-Va., called the fight “another indication that the Department of Defense seeks to completely ignore AI governance–something the Administration’s own Office of Management and Budget and Office of Science and Technology Policy have described as fundamental enablers of effective AI usage,” in a statement. He called the episode further evidence of “the need for Congress to enact strong, binding AI governance mechanisms for national security contexts.”

The Pentagon has in the past placed policy limits on the use of autonomous weapons, but Congress has passed no legislative limits.

“I appreciate the concern, and I would point to past precedent in a lot of cases. For example, during the COVID pandemic, we did have to utilize National Guard to assist with all the logistics around these things,” Mark Ditlevson, nominated to be the assistant secretary of defense for homeland defense and Americas security affairs, told the Senate Armed Services Committee during his confirmation hearing. If confirmed, “I commit to following or making sure that we analyze this, provide the best recommendation up to the secretary. We’d talk to the office of general counsel to make sure everything that we're doing is legal and lawful. Before that advice gets to the secretary, I can make that commitment to you.”

The National Guard often provides logistical support for elections, including cybersecurity functions. But that’s different from patrolling polling locations, senators argued, pushing Ditlevson for a yes or no answer on whether there are credible threats to the elections that would warrant calling in the National Guard. 

When asked about National Guard troop presence at election polling locations, Ditlevson deferred to the Pentagon's general counsel on the legality of such deployments, acknowledging U.S. law that bars National Guard from election locations unless there are “armed enemies of the United States” present.

Ditlevson, who has been acting in the role since last year, agreed the statute is an “extremely high bar to meet” that requires “robust analysis,” but stopped short of refusing to recommend, as a matter of policy, sending troops to the polls. 

Senators—particularly Democrats—took umbrage with Ditlevson’s opaque answers.

“You are nominated for this position. I'm just asking, do you think it would be appropriate to station troops next to polling stations? Simple yes or no,” said Sen. Elizabeth Warren, D-Massachusetts.

Ditlevson called the question “speculative,” declining to discuss “what threat levels may exist during an election cycle.”

Warren retorted: “I have to say, if you're not willing, just to say, ‘No, it is not appropriate,’ then I have real concerns about you in this job.”

Sen. Tim Sheehy, R-Montana, brought up violence he saw around the 2010 elections in Iraq when he was a Navy SEAL, saying, “the point was to suppress voter turnout, because they didn't want a democratically elected government.”

He asked if it would be appropriate to use the National Guard and other resources in the event of a “direct terrorist threat against a polling station.” 

Ditlevson said yes. 

The debate comes alongside reports the White House is considering an executive order that seeks to codify President Donald Trump’s previous calls to “nationalize” elections. Trump’s supporters then called for immigration agents to stake out the polls during the upcoming midterm elections. A Homeland Security official has since promised that ICE agents, who have violated multiple court orders in Minnesota, won’t be at the polls during the midterms this year. 

In August, Trump deployed the National Guard in Washington, D.C. to fight crime, followed by deployments to several other cities, facing myriad legal challenges. Those deployments, which have been winding down, could cost taxpayers more than $1 billion. 

A recent Associated Press-NORC Center for Public Affairs Research poll found that only 27% of Americans have “a great deal or quite a bit” trust in Trump’s judgement in using military force. Along party lines, 60 percent of Republicans had that same level of confidence compared to 5 percent of Democrats and 14 percent of independent voters. 

Sen. Tammy Duckworth, D-Illinois, closing out the hearing in a fiery exchange, asked several questions: how far from polling stations would National Guard troops be posted for logistics support, would they be in uniform, would they wear Kevlar or would they carry a sidearm. 

“Are you saying that there are potentially other reasons to send them to polling stations, beyond logistics, and that they may actually be fully up-armored, fully combat equipped, depending on what you decide is the situation on the ground?” she said. 

Ditlevson called the question “speculative,” but said “questions for the specific distance and what equipment people would wear on any deployment: We always look at what the threat scenario may be and tailor that for whatever they may have to deal with. And so, as you pointed out, for logistics, it'd be a very different footprint than some other type of mission.” 

Those responses still left senators with questions. 

“I am concerned. I am concerned that you can't make basic reassurances to this committee as to how you would advise on the calling of our National Guard to be there at polling places at an election on United States soil,” Duckworth said. 

“You cannot intimidate Americans when they go out to vote. It is against the law. It is against code. I just read that code to you. I am at a loss,” she said. “The American people would not stand for this. I will not stand for it, and my colleagues in Congress should not stand for this administration's attempts to use our nation's military to intimidate Americans from exercising their fundamental right to cast a vote in elections.”