Pentagon Formally Designates Anthropic a Supply Chain Risk

The Pentagon has formally notified Anthropic that its designation as a "supply chain risk" is now effective right away, Bloomberg confirmed today. The designation, made under 10 U.S.C. Section 3252, grants the Defense Department authority to exclude Anthropic from competing for contracts involving National Security Systems and compels prime contractors to strip the company's technology from defense supply chains.

This marks the first time in modern history that the US government has applied this classification to a domestic company. Previous designees have been foreign adversaries - Huawei, ZTE, Kaspersky Labs - companies tied to state intelligence services in China and Russia.

TL;DR

Pentagon formally notified Anthropic the supply chain risk designation is effective right away - no longer a threat, now a legal reality
First time the US government has applied this label to any American tech company - previous designees were Huawei, ZTE, and Kaspersky
Legal basis is 10 U.S.C. Section 3252, designed for sabotage and espionage threats - multiple legal analyses say it doesn't fit a contract dispute
Lawfare, Just Security, Mayer Brown, and Willkie Farr all conclude the designation likely exceeds Hegseth's statutory authority
ITI (Nvidia, Amazon, Apple) wrote to Hegseth expressing "concern" about the precedent
Defense experts sent a letter to Congress calling the move a "dangerous precedent"
Dario Amodei and Pentagon CTO Emil Michael are back at the negotiating table today in a last-ditch effort
The US military used Claude in strikes on Iran over the weekend - days after the ban was announced

From Threat to Legal Reality

The formal notification converts what was a political threat into an administrative action with legal consequences. When Defense Secretary Hegseth first announced the designation on February 27, Anthropic had signaled it would fight the classification in court. Today's formal notice starts the clock on that legal challenge and triggers compliance obligations for every defense contractor in Anthropic's supply chain.

Under the implementing regulation (DFARS 252.239-7018), contractors working on National Security Systems must now actively mitigate supply chain risk during contract performance. The government can consult public and non-public information, including all-source intelligence, to determine compliance. Penalties for contractors who continue using Anthropic's technology range from monetary fines and contract termination to suspension, debarment, and criminal charges.

This is the mechanism that has already driven defense contractors to purge Claude from their operations. Today's formal notice accelerates that process from voluntary de-risking to mandatory compliance.

The Legal Question

Four separate legal analyses published since the initial designation have concluded it's likely to fail in court.

Lawfare wrote that the designation "won't survive first contact with the legal system." Just Security noted that Section 3252 was designed for adversarial threats - sabotage, malicious code insertion, espionage - not a contract dispute over usage terms. Mayer Brown and Willkie Farr, two major law firms advising defense contractors, published client alerts concluding the statutory requirements for the designation are "highly unlikely" to be met.

The core argument: the statute authorizes supply chain risk designations for companies that pose threats to the integrity of defense systems. Anthropic's offense was refusing to remove guardrails on mass surveillance and autonomous weapons use. Whatever one thinks of that decision, it isn't sabotage.

Just Security added a key limitation: Section 3252's authority is restricted to National Security Systems contracts. It "certainly doesn't prevent defense contractors from using the company for their own internal purposes, for other government contracts, or from investing in a designated company." If that reading holds, the designation's practical scope is far narrower than the political messaging around it suggests.

The Iran Contradiction

In a detail that legal experts have already seized on, CBS News and CNBC reported that the US military used Claude in strikes on Iran over the weekend of March 1-2 - days after the ban was announced and before today's formal notification.

The contradiction is difficult to reconcile. The government is simultaneously arguing that Anthropic poses an acute supply chain threat requiring emergency exclusion from defense systems, while actively deploying that same technology in combat operations. Legal analysts have noted this undermines the factual basis for the designation: if Claude is reliable enough for kinetic military operations against a sovereign state, the supply chain risk claim becomes harder to sustain in court.

Industry Backlash

The designation has triggered an unusual response from the broader tech industry. The Information Technology Industry Council - whose members include Nvidia, Amazon, and Apple - wrote to Hegseth this week expressing "concern" about the precedent. This is striking because major ITI members have substantial defense contracts of their own and rarely take positions that could antagonize the Pentagon.

Separately, hundreds of tech workers from OpenAI, IBM, Cursor, Salesforce Ventures, and other companies signed an open letter urging Congress to investigate. Defense experts sent their own letter to Congress calling the move a "dangerous precedent".

A bipartisan group of senators - Armed Services Chair Roger Wicker (R-MS), Ranking Member Jack Reed (D-RI), Appropriations' Mitch McConnell (R-KY), and Chris Coons (D-DE) - has urged resolution. The Center for American Progress called for congressional action and legislation on AI surveillance protections.

The Negotiating Table

Despite today's formal notification, Bloomberg and CNBC report that Dario Amodei and Pentagon CTO Emil Michael are back at the negotiating table in what sources describe as a last-ditch effort to resolve the dispute. Anthropic has told investors it is trying to "deescalate."

The dynamic has shifted since the initial confrontation. When Hegseth issued his ultimatum on February 24, Anthropic was a company with a $200M defense contract at stake. Today, the dispute has drawn in bipartisan congressional leaders, major tech industry groups, and international legal commentary. The question is no longer just whether Claude will serve the Pentagon. It's whether the executive branch can unilaterally designate an American company a national security threat for refusing to remove safety guardrails.

What This Means for the Market

The direct financial impact on Anthropic is limited. The $200M DoD contract represents roughly 1.4% of the company's $14B annual run rate. The real risk is reputational contagion. Fortune reported that Anthropic's CFO is working to reassure Wall Street ahead of a planned IPO, but the supply chain designation raises a question no general counsel wants to answer: does doing business with a company the Pentagon calls a "risk" create liability for your own government contracts?

For Amazon and Google, the math is more complicated. Both have invested billions in Anthropic. If the designation is enforced broadly - beyond its statutory scope for NSS contracts - they could face pressure to choose between their defense revenue and their AI investments. Palantir, which derives roughly 60% of its US revenue from government contracts and collaborates with Anthropic, is watching closely.

The precedent matters more than the specifics. If the Pentagon can designate a domestic company a supply chain risk over a contract dispute, every tech company negotiating with the government now has a new variable in their risk model. That's the concern ITI, the defense experts, and the bipartisan senators are flagging - not sympathy for Anthropic specifically, but alarm at the tool being used and what it means for anyone who comes next.

The public reaction has been overwhelmingly in Anthropic's favor - Claude hit number one on the App Store after the ban. But public sentiment and legal authority are different things. Today's formal notification means the supply chain designation is no longer a threat Anthropic can try to negotiate away. It's an administrative fact that requires either a court order, a congressional intervention, or a deal with the people who imposed it.

Sources: