Legal Report: DOD Disavows Premier Partner, Anthropic
Megan Gates here with our monthly Legal Report column. Like many of you, I’ve been following the negotiations between the U.S. Department of Defense and artificial intelligence (AI) frontier model developer Anthropic during the past few weeks.
On Friday, 27 February, those negotiations reached a breaking point when Anthropic drew a line in the sand and U.S. Defense Secretary Pete Hegseth threatened to designate the company a supply chain risk to national security. It’s messy, complicated, and just getting started.
And with that, we’ll dive into it.
- A Big Tech break-up
- U.S. Congress rejects limits to executive power
- Georgia father convicted for school shooting role
- Austria charges suspected Taylor Swift concert attacker
- Kalshi reports first insider trading case
U.S. Department of Defense Disavows Premier Partner, Anthropic
Break-ups can be ugly. Just ask U.S. government contractor Anthropic, which the U.S. Department of Defense (DOD) labeled a supply chain risk in the midst of a standoff that appears destined for dissolution.
The DOD notified Anthropic—one of the frontier AI model creators—of its decision on 4 March and the company publicly confirmed the designation late in the evening on 5 March. Anthropic CEO Dario Amodei said the company does not believe the action is legally sound and that it intends to challenge it in court.
“The language used by the [DOD] in the letter (even supposing it was legally sound) matches our statement on Friday that the vast majority of our customers are unaffected by a supply chain risk designation,” Amodei wrote in the 5 March statement. “With respect to our customers, it plainly applies only to the use of Claude by customers as a direct part of contracts with the [DOD], not all use of Claude by customers who have such contracts.”
Anthropic entered a contract with DOD in 2024 and renewed it in 2025 with two main caveats: its technology could not be used to create fully autonomous lethal weapons or domestic mass surveillance systems of Americans.
But in January 2026, U.S. Secretary of Defense Pete Hegseth issued a memorandum calling for all DOD AI contracts to incorporate standard “any lawful use” language within 180 days. Adding this phrase into the existing Anthropic deal would allow the company’s AI model Claude to be used for those original caveats, going against Anthropic’s policies for how it allows Claude to be used.
Anthropic and the DOD attempted to hash this difference out for months before last week, when their disagreements erupted into public view. Hegseth issued an ultimatum to Anthropic: allow DOD to use the company’s products for all lawful purposes or face being labeled a supply chain risk and DOD using the Defense Production Act to force Anthropic to remove its safeguards.
Anthropic's Amodei refused to budge. And the Trump administration went into break-up overdrive.
U.S. President Donald Trump posted on Truth Social that the “Leftwing nut jobs at Anthropic have made a DISASTROUS MISTAKE trying to STRONG-ARM the Department of War, and force them to obey their Terms of Service instead of our Constitution.”
Trump pledged to have every federal agency immediately cease using Anthropic’s technology. Hegseth followed up with a post on X (formerly Twitter) that he was directing DOD to designate Anthropic a supply chain risk to national security.
“Effective immediately, no contractor, supplier, or partner that does business with the United States military may conduct any commercial activity with Anthropic,” Hegseth wrote. “Anthropic will continue to provide the [DOD] its services for a period of no more than six months to allow for a seamless transition to a better and more patriotic service.”
A new dance partner. Within hours of Hegseth’s announcement, OpenAI CEO Sam Altman revealed that his company had made a deal to deploy its models into DOD’s classified network. Altman committed to building technical safeguards to ensure OpenAI’s models “behave as they should.”
“AI safety and wide distribution of benefits are the core of our mission,” Altman wrote on X. “Two of our most important safety principles are prohibitions on domestic mass surveillance and human responsibility for the use of force, including for autonomous weapon systems. The [DOD] agrees with these principles, reflects them in law and policy, and we put them into our agreement.”
OpenAI’s decision to partner with DOD in the wake of Anthropic’s stance, however, was widely criticized. At least 1.5 million users have discontinued using OpenAI’s ChatGPT, and Altman spent the weekend doing damage control online and updating the deal with DOD.
I'd like to answer questions about our work with the DoW and our thinking over the past few days. Please AMA.
— Sam Altman (@sama) March 1, 2026
Next steps for Anthropic. Neither Anthropic nor DOD returned Security Management’s request for comment on this article. But in the 5 March statement, Amodei explained that the DOD's letter designating Anthropic a supply chain risk has a narrow scope that is similar to the law (10 USC 3252) that is relevant to this issue.
“It exists to protect the government rather than to punish a supplier; in fact, the law requires the [secretary of defense] to use the least restrictive means necessary to accomplish the goal of protecting the supply chain,” Amodei explained. “Even for [DOD] contractors, the supply chain risk designation doesn’t (and can’t) limit uses of Claude or business relationships with Anthropic if those are unrelated to their specific [DOD] contracts.”
In a prior statement issued on 27 February, Anthropic said the decision to designate it as a supply chain risk would be unprecedented. The label is typically used for U.S. adversaries and has never been applied to an American company.
“We believe this designation would both be legally unsound and set a dangerous precedent for any American company that negotiates with the government,” Anthropic said. “No amount of intimidation or punishment from the [DOD] will change our position on mass domestic surveillance or fully autonomous weapons. We will challenge any supply chain risk designation in court.”
The impact of a supply chain risk designation. Tess Bridgeman, former special assistant to the president, associate counsel to the president, and deputy legal adviser to the National Security Council in the Obama administration, wrote for Just Security that Hegseth is likely using authorities from 10 U.S. Code 3252 to designate Anthropic a supply chain risk to national security.
“The law grants the secretary the ability to exclude certain companies from competing for contracts or subcontracts for some of the U.S. military’s most sensitive information technology systems—specifically, those used for intelligence, command and control, and weapons systems (and similar enumerated sensitive information systems),” Bridgeman explained.
She cautioned that it would be unlikely that Hegseth is able to meet the statutory requirements under 3252 because this was a contract negotiation breakdown—Anthropic did not pose an adversarial risk to DOD systems.
“But even if such a designation could be supported in this case (again, a very real legal hurdle), designating a company as a ‘supply chain risk’ does not give the secretary the power to prohibit defense contractors from engaging in ‘any commercial activity’ with the designated company,” Bridgeman added. “The powers granted by Congress are far more narrow—in short, they relate to procurement actions for a small set of highly sensitive information technology systems. This provision of law is not a sanctions authority, and attempting to in effect apply it as such raises broader legal and policy questions.”
Adam Conner, vice president of technology policy for the Center for American Progress, wrote that if Anthropic is designated a supply chain risk and the courts uphold that designation and limit its business dealings, it would be the “commercial equivalent of the death penalty for Anthropic.”
Conner explained that the decision would be significant because Anthropic’s Claude AI models and products run on cloud servers and data centers owned by Amazon Web Services (AWS) and Google Cloud.
“Both AWS and Google Cloud are DOD contractors, and if they were forced to drop Anthropic as a customer, there are no commercial cloud providers who are not also DOD contractors who could take them as a client,” Conner wrote. “In addition, even if such non-DOD contractor companies were to exist, they would not have capacity to serve Anthropic’s infrastructure needs.
“The shortage of specialized chips, data centers, and capital—not to mention the time it takes to build those facilities—would mean that Anthropic’s AI models and products would simply go offline, and the company would likely soon follow it.”
Anthropic sought to maintain calm after Hegseth’s announcement, explaining in its statement that individual customers and companies with contracts with Anthropic will continue to have access to Claude.
For companies that are DOD contractors, though, the supply chain risk designation would impact their ability to use Claude on DOD contract work. Anthropic reiterated that using Claude for any other purpose would be unaffected.
Ironically, just days after announcing it planned to cut ties with Anthropic, the DOD was reportedly using its Claude model as part of its war effort in Iran.
Editor's Note: The above section of this article was updated on 6 March at 10 a.m. ET to include confirmation of DOD's designation of Anthropic as a supply chain risk to national security.
Other News to Note
Congress rejects limits to executive power. The U.S. Senate blocked a War Powers Resolution that would have required President Trump to remove U.S. armed forces from hostilities within or against Iran. In a vote of 47 to 53, senators rejected requiring Trump request a declaration of war or an authorization to use military force to continue hostilities against Iran. U.S. Senator Tim Kaine (D-VA) sponsored the resolution, which is just one of several similar bills introduced in the U.S. Senate and U.S. House of Representatives seeking to curtail the U.S. and Israeli war against Iran that the Trump administration began on 28 February.
“The Constitution gives Congress—not the president—the authority to decide when our nation goes to war,” said U.S. Senate Minority Leader Chuck Schumer (D-NY) in a statement. “By blocking this War Powers Resolution, the Senate has failed in its duty as a check on the executive.”
DJI pushes back. DJI Technologies sued the U.S. Federal Communications Commission (FCC) to overturn the agency’s decision to add the company to its Covered List. The FCC’s move bars DJI, a Chinese company, from importing new models of its drones and critical components into the United States. DJI claims that the FCC exceeded its statutory authority, failed to observe required procedures, and violated the Fifth Amendment when it added the company to the list.
Maritime industry security makeover. The EU Commission adopted an Industrial Maritime Strategy to drive competitiveness, innovation, and technological leadership in the bloc’s maritime manufacturing and shipping industries. One pillar of the strategy, “Secure and Protect,” will bolster Europe’s naval, underwater, dual-use, and military mobility capabilities to step up security and resilience.
The commission also adopted a new Ports Strategy to secure Europe’s strategic autonomy and critical supply chains. The strategy requires the commission to update and revise guidance on emerging threats to EU ports, fight drug trafficking by creating frameworks for third-country port assessments and background checks for port workers, establish a member states’ forum on cybersecurity, and conduct an EU-wide security risk assessment to identify the most pressing cybersecurity risks and appropriate mitigation measures.
German extremism designation paused. A German court issued an injunction preventing the country’s domestic intelligence agency from labeling the Alternative for Germany (AfD) party a proven right-wing extremist group. The Bundesamt für Verfassungsschutz (BfV) designated AfD as a right-wing extremist organization in May 2025, which allowed the agency to carry out enhanced surveillance on AfD activities. AfD sued, BfV temporarily removed the label, and the court agreed to pause BfV’s designation until it has reviewed AfD’s complaint fully. AfD is Germany’s biggest national parliament opposition party and has faced scrutiny for its activity against refugees and migrants.
Parent liability trend continues. A U.S. state of Georgia jury convicted Colin Gray of second-degree murder and manslaughter because he provided his son with an AR-15 rifle that was ultimately used to kill four people at Apalachee High School in 2024. At trial, prosecutors focused on Gray’s decision to give his son a gun despite concerns about the child’s mental state and a law enforcement investigation into his threatening online behavior. Gray’s conviction marks just the third time in U.S. history that a parent has been held liable for a school shooting allegedly committed by their child. His son, Colt, is also facing charges and awaiting trial.
Speed Reads
Court Cases
Event security. Austrian prosecutors filed charges against a 21-year-old they suspect of planning a terror attack at a 2024 Taylor Swift concert in Vienna. Prosecutors charged the unnamed individual, who they believe is a member of the Islamic State, with producing an explosive and attempting to purchase weapons illegally to carry out an attack. Concert organizers canceled all three of Swift’s Vienna performances “for everyone’s safety” following the arrest of the suspect.
Sex discrimination. The U.S. Equal Employment Opportunity Commission (EEOC) sued Coca-Cola Beverages Northeast, Inc., alleging the company ran afoul of federal law when it prohibited male employees from attending an employer-sponsored event. The EEOC claims that the company violated Title VII of the Civil Rights Act of 1964 when it privately invited only female employees to a two-day event, excused them from normal work duties, and paid them their wages while attending.
Identification. A Kansas district court will hear arguments on 6 March 2026 that enforcement of a new state law that invalidates driver’s licenses and birth certificates for those who changed their gender markers should be delayed. Two transgender men, who were assigned female at birth, sued the state and several officials on 27 February, claiming the law enacted on 26 February violates the Kansas Constitution’s guarantees of personal autonomy, privacy, equality, due process, and free expression.
Deepfakes. Yurii Nazarenko, 27, pled guilty to charges related to running a website that created and sold more than 10,000 photos of fake identification documents. The website, OnlyFake, allowed customers to generate fake IDs, including digital versions of U.S. state driver’s licenses and passports for 57 countries. Nazarenko faces up to 15 years in prison and will forfeit $1.2 million. He is scheduled for sentencing on 26 June 2026.
Legislation
Homeland security. U.S. Senators blocked an effort to advance a bill to fund the U.S. Department of Homeland Security (DHS). Democratic legislators are demanding that DHS make significant changes to how its agencies conduct immigration enforcement activity before they approve the department’s funding for another year.
Regulations
Insider threats. Prediction market Kalshi suspended an editor for a major YouTube creator and reported him to the Commodity Futures Trading Commission for insider trading. Kalshi conducted an internal investigation into Artem Kaptur’s success on MrBeast’s videos—the creator he worked for—and found Kaptur was basing his trades on material, non-public information obtained through his employment.
Generative AI. Data protection authorities from 61 countries issued a public statement, warning companies from creating and using AI content generation systems to create imagery that depicts real people without their consent. The move follows widespread condemnation and concern about people using Grok AI to create nude images of real people, including children.
Age verification. The U.S. Federal Trade Commission (FTC) said it will not take enforcement action against organizations that collect, use, and disclose individuals’ personal data for age verification purposes without first obtaining parental consent. The FTC issued a policy statement about its decision, explaining that the approach will allow organizations to fully apply child-protection measures.
Thanks for reading! We’ll be back with more legal analysis in April!
What security-related regulatory developments are you following? Please email your thoughts to [email protected].
Megan Gates is senior editor at Security Management. Connect with her via email or on LinkedIn.
