2026-01-31 · Don Ho · 1633 words

The Pentagon Told Anthropic to Drop Its Safety Limits. Then It Used Claude in a Military Raid.

By Don Ho, Co-Founder & CEO, Kaizen AI Lab

Published: February 4, 2026

TL;DR: Anthropic built its brand on being the "responsible AI company." Then the Pentagon pressured them to relax safety restrictions for defense contracts, and Claude was already being used in live military operations. Every business should ask a fundamental question: how durable are your AI vendor's safety commitments when they conflict with revenue? I've included a 3-question durability test below, because marketing pages won't answer that for you.

---

The Safety-First Company Meets the Defense Budget

Anthropic occupies a unique position in the AI industry. Founded by former OpenAI researchers, the company has consistently positioned itself as the safety-conscious alternative. Constitutional AI. Responsible scaling policies. Detailed safety research published openly. When executives wanted to signal they cared about AI safety, they pointed to Anthropic.

Then two stories broke in close succession that tested whether "safety-first" is a business strategy or a marketing message.

First, reporting revealed that the Department of Defense had communicated to Anthropic, directly and through intermediaries, that Claude's safety restrictions were a barrier to defense contracts. The message was blunt: relax the guardrails or lose the contract. Defense spending on AI is projected to reach $15-20 billion annually by 2027. That's a significant revenue stream to walk away from.

Second, it emerged that Claude was already being used in a live military operation. The Pentagon had deployed Anthropic's technology in support of a tactical raid. The details of how Claude was used remain classified, but the implication is clear: the "safety-first AI" was already operating in the highest-stakes environment imaginable.

Why This Matters to Your Business

You might think this is a story about geopolitics and defense spending that has nothing to do with your mid-market company. You'd be wrong.

This story is about vendor trust. Whether the safety and privacy commitments your AI vendor makes to you are durable when they conflict with the vendor's business interests.

Every AI vendor makes promises. "We don't train on your data." "Your inputs are private." "We have robust safety guardrails." "We prioritize responsible AI."

The Anthropic situation demonstrates that these promises exist within a commercial context. When a customer with enough money and enough leverage pushes back on safety commitments, the vendor faces a choice between principles and revenue. The outcome of that choice affects you because you share a platform with that vendor's other customers.

I discovered something similar during a vendor review for one of our own deployments last year. We'd selected a model provider partly because of their published data retention policy: 30 days, then deletion. Six months into the contract, I was reviewing their updated terms of service (something most companies never do after initial sign-off) and found a new clause allowing "extended retention for model improvement purposes." No notification. No opt-in. The safety posture we'd evaluated during procurement had quietly shifted under our feet. We caught it because we have a process. Most companies don't.

The Shared Platform Problem

When you use Claude through Anthropic's API, you're on the same underlying model that the Pentagon is using. The safety guardrails (or lack thereof) in the base model affect every deployment. If Anthropic relaxes safety restrictions for defense applications, those changes may propagate to your enterprise use case.

Model updates happen regularly. When a vendor adjusts model behavior for one customer segment, the effects can appear across all deployments. A model tuned for military directness might handle your customer service interactions differently. A model with safety guardrails relaxed for one use case might behave differently across the board.

Your AI vendor's other customers affect your experience, even if you never interact with those customers directly.

The Evolving Safety Profile

AI vendor safety postures are not static. They change in response to competitive pressure, customer demands, regulatory shifts, and business strategy. The vendor you evaluated six months ago may have a materially different safety profile today.

Anthropic's situation is instructive because the company had the strongest stated safety commitment in the industry. If Anthropic's safety posture can shift under commercial pressure, every vendor's safety posture can shift.

Your vendor due diligence is not a one-time event. The safety evaluation you conducted when you signed the contract needs to be refreshed regularly, with attention to:

The Vendor Safety Durability Test

I built this framework after the retention policy surprise I mentioned. Three questions. If your vendor can't answer all three clearly, their safety commitment has a price tag you just haven't seen yet.

Question 1: What's Your Walk-Away Number?

Ask your vendor: "At what revenue threshold would you modify your safety commitments?" If they say "never," they're either lying or they haven't faced the test yet. The honest answer involves specifics about how they evaluate commercial pressure against safety principles. Anthropic's walk-away number appears to be somewhere south of $15 billion in defense spending. Yours should be documented, not assumed.

Question 2: How Will I Know If Something Changes?

Ask for a contractual commitment to proactive notification when safety-relevant policies, model behaviors, or data handling practices change. Not a blog post six weeks later. Not a buried clause in an updated terms of service. Direct, written notification to enterprise customers within a defined window. If they can't commit to this, you'll find out about changes the way I did: by reading the fine print months after the fact.

Question 3: Can I Verify Independently?

Ask whether you have the right to audit or independently test model behavior against the safety baseline established at contract signing. If the vendor controls all the measurement and all the reporting, you're trusting their marketing department with your risk profile. You need the ability to run your own behavioral tests, compare outputs against your baseline, and flag deviations.

Any vendor that can answer all three with specifics, in writing, has a durable safety commitment. The rest have a marketing position.

The Broader Safety Paradox

The Anthropic situation illustrates a paradox at the heart of the AI safety movement: the companies most committed to safety are also the companies building the most capable (and therefore most potentially dangerous) models.

Anthropic's Claude, OpenAI's GPT series, and Google's Gemini are the most capable AI systems on the planet. They're capable precisely because their creators invested billions of dollars in scaling them. That investment creates commercial pressure to generate returns. Revenue requires customers. The biggest customers are governments and enterprises. Governments and enterprises sometimes want capabilities that conflict with safety restrictions.

The safety commitment and the commercial imperative exist in tension. For now, AI companies navigate that tension through differentiated access: enterprise tiers with different safety configurations, government contracts with custom deployments. But the tension is structural and ongoing.

What Smart Companies Are Doing

Model-Agnostic Architecture

The most sophisticated AI adopters are building model-agnostic architectures. Instead of coupling their systems to a single AI vendor, they design their infrastructure to swap models based on performance, safety, and cost considerations.

If Anthropic's safety posture changes in a way that affects your use case, a model-agnostic architecture lets you switch to an alternative without rebuilding your entire system. Vendor lock-in was always risky. In AI, where the vendor landscape and safety landscape change quarterly, lock-in is particularly dangerous.

Self-Hosted Alternatives

For high-sensitivity use cases, self-hosted open-source models eliminate vendor dependency entirely. You control the model, the data, the safety configuration, and the deployment. No vendor can change the rules on you because there's no vendor in the loop.

The trade-off is capability. Self-hosted models are typically less capable than the frontier models from Anthropic, OpenAI, and Google. But for many business use cases, they're more than adequate. And the safety and privacy guarantees are absolute because you own the entire stack.

Contractual Protections

If you're using vendor-hosted AI, your contract should include:

These protections don't exist in standard terms of service. They need to be negotiated.

Continuous Vendor Monitoring

Treat your AI vendor relationship the way you treat a critical supply chain relationship. Monitor for changes. Read the terms of service updates (all of them). Track public reporting on your vendor's business relationships and safety practices.

This is more work than most companies put into vendor management. It's also the only way to stay ahead of a vendor landscape that shifts quarterly.

The Question You Should Ask

Next time you're evaluating an AI vendor (or reviewing your relationship with an existing one), run the Vendor Safety Durability Test. Three questions. If the answers are vague, conditional, or offended, you have your answer about how durable their commitment really is.

The Pentagon asked Anthropic to bend. What happens when your vendor faces the same pressure from their largest customer? The answer matters more than anything on their safety page.

---

Kaizen AI Lab builds AI systems with vendor-agnostic architectures and compliance frameworks that don't depend on any single vendor's promises staying true forever.

Take the AI Compliance Readiness Assessment: acra.kaizenailab.com

Learn more: kaizenailab.com

Book a call: cal.com/dhoesq/kaizen