11
Anthropic Denies Ability to Manipulate Claude AI Once Deployed with US Military Amid Escalating Legal Battle
Anthropic, a leading generative AI developer, has emphatically stated that it possesses no capability to manipulate its Claude AI model once it is operational within the US military’s systems, a key executive affirmed in a recent court filing. This assertion directly confronts allegations from the Trump administration concerning the company’s potential to interfere with its AI tools during active military conflicts or national security operations. The dispute has plunged Anthropic into a significant legal and operational challenge, threatening its engagement with the public sector.
Thiyagu Ramasamy, Anthropic’s head of public sector, provided a detailed rejection of these concerns in his court statement. "Anthropic has never had the ability to cause Claude to stop working, alter its functionality, shut off access, or otherwise influence or imperil military operations," Ramasamy wrote, stressing the technical realities of how the AI is deployed and functions. He further elaborated, "Anthropic does not have the access required to disable the technology or alter the model’s behavior before or during ongoing operations." This categorical denial aims to assuage fears within the Department of Defense (DoD) that Anthropic could act as a potential single point of failure or leverage its control to disrupt critical military functions.
The ongoing friction between the Pentagon and Anthropic has been simmering for months, centering on the appropriate use and limitations of advanced AI technology for national security purposes. This month, the situation escalated dramatically when Defense Secretary Pete Hegseth designated Anthropic as a "supply-chain risk." This severe classification carries immediate and far-reaching consequences, effectively preventing the Department of Defense, including its vast network of contractors, from utilizing Anthropic’s software for the foreseeable future. The ripple effect of this designation has already begun, with other federal agencies reportedly following suit and abandoning their use of Claude.
The designation has not only halted current and prospective contracts but also cast a shadow over Anthropic’s reputation and its burgeoning public sector business. In response to what it perceives as an unconstitutional ban and a crippling blow to its operations, Anthropic has initiated two separate lawsuits. These legal challenges aim to contest the legality of the ban and seek an emergency order to reverse the designation, which the company claims is jeopardizing its very business existence. The immediate impact is already evident, with customers reportedly canceling deals in the wake of the DoD’s decision. A pivotal hearing for one of these cases is scheduled for March 24 in a federal district court in San Francisco, where the judge is expected to rule on a potential temporary reversal shortly thereafter, a decision eagerly awaited by both sides.
Government attorneys have articulated the DoD’s position, underscoring the paramount importance of national security and the inherent risks associated with integrating commercial AI into military operations. In a filing earlier this week, they asserted that the Department of Defense "is not required to tolerate the risk that critical military systems will be jeopardized at pivotal moments for national defense and active military operations." This statement encapsulates the core concern: the military’s inability to accept any perceived vulnerability that could compromise operational integrity or national defense strategies. The Pentagon’s reliance on Claude has been multifaceted, leveraging the AI for essential tasks such as analyzing vast amounts of data, drafting crucial memos, and assisting in the generation of intricate battle plans, as previously reported by WIRED. The government’s central argument posits that Anthropic could potentially disrupt these active military operations by unilaterally cutting off access to Claude or by pushing updates that could be harmful or introduce unintended vulnerabilities if the company were to disapprove of specific military uses.
Ramasamy, however, steadfastly rejected this possibility, emphasizing the architectural design of Claude’s deployment within government systems. "Anthropic does not maintain any back door or remote ‘kill switch,’" he wrote, directly addressing the government’s fears of external interference. He elaborated on the operational separation, stating, "Anthropic personnel cannot, for example, log into a DoW system to modify or disable the models during an operation; the technology simply does not function that way." This highlights a fundamental distinction between a software-as-a-service (SaaS) model where a vendor maintains continuous control, and an enterprise deployment where the AI model is integrated into the client’s infrastructure, often becoming an isolated component after initial setup.
Further detailing the practical constraints on Anthropic’s ability to influence deployed models, Ramasamy explained that any updates to Claude would necessitate explicit approval from both the government and its designated cloud provider. While he did not specify the cloud provider by name, the context strongly suggests Amazon Web Services (AWS) as a key partner in such deployments. This multi-layered approval process is intended to ensure that no changes can be implemented without the express consent and oversight of the military and its infrastructure partners, thereby preventing unilateral actions by Anthropic. Additionally, Ramasamy underscored that Anthropic personnel are unable to access the sensitive prompts or any other data that military users input into Claude, reinforcing the privacy and security protocols designed to protect classified information. This lack of access to user data further reduces the potential for malicious interference or unauthorized data extraction, building a stronger case for the model’s autonomy post-deployment.
Anthropic executives have consistently maintained in their court filings that the company has no desire or intention to wield veto power over the military’s tactical decisions. Sarah Heck, Anthropic’s head of policy, reiterated this stance in a court filing on Friday, disclosing that Anthropic had even offered contractual guarantees to this effect. She noted that the company was willing to incorporate specific language into a proposed contract on March 4. This proposal explicitly stated, "For the avoidance of doubt, [Anthropic] understands that this license does not grant or confer any right to control or veto lawful Department of War operational decision-making," referring to the Pentagon by an alternative historical name.
Beyond the issue of operational control, the company also expressed its readiness to accept contractual language that would address its deep-seated ethical concerns regarding the use of Claude to facilitate deadly strikes without direct human supervision. This reflects a broader industry and societal debate about the role of autonomous weapons and the imperative of maintaining human oversight in lethal decision-making. Heck claimed that Anthropic was prepared to enshrine these principles in a binding agreement, signaling the company’s commitment to responsible AI deployment. However, despite these proposed concessions and attempts at compromise, negotiations between Anthropic and the Department of Defense ultimately broke down, leading to the current legal impasse.
In the interim, while the legal proceedings unfold, the Department of Defense has outlined its strategy for managing the perceived risks. In its own court filings, the DoD has stated that it "is taking additional measures to mitigate the supply chain risk" attributed to Anthropic. These measures involve "working with third-party cloud service providers to ensure Anthropic leadership cannot make unilateral changes" to the Claude systems that are currently in place within military infrastructure. This approach suggests that the DoD is not simply waiting for a court resolution but is actively implementing safeguards to harden its existing AI systems against potential external manipulation, whether real or perceived. This reliance on cloud providers to act as an additional layer of control underscores the complexity of securing advanced AI in critical national security applications and the evolving nature of digital supply chain integrity. The entire episode highlights the profound challenges governments face in integrating cutting-edge commercial AI technologies while simultaneously ensuring unwavering control, security, and ethical alignment with military objectives. The outcome of these legal battles will likely set significant precedents for future collaborations between AI developers and national defense entities.
