On February 5, Anthropic was released Claude Opus 4.6, its most powerful artificial intelligence model. Among the new features of the model, we find the possibility of coordinating teams of autonomous agents— multiple AIs that distribute the work and complete it in parallel. Twelve days after the release of Opus 4.6, the company dropped Sonnet 4.6, a cheaper model that almost matches Opus’ coding and computing skills. In late 2024, when Anthropic first introduced models capable of control computersthey could barely use a browser. Now Sonnet 4.6 can navigate web applications and fill out forms with human-level capabilities, according to Anthropic. And both models have a working memory large enough to hold a small bookcase.
Enterprise customers now account for about 80% of Anthropic’s revenue, and the company last week closed a $30 billion funding round at a valuation of $380 billion. By all available measures, Anthropic is one of the fastest growing technology companies in history.
But behind the big product launches and enhancements, Anthropic faces a serious threat: the Pentagon has signaled that it could designer the company represents a “supply chain risk” – a label more often associated with foreign adversaries – unless it drops its restrictions on military use. Such a designation could effectively force Pentagon contractors to remove Claude from sensitive work.
On supporting science journalism
If you enjoy this article, please consider supporting our award-winning journalism by subscribe. By purchasing a subscription, you are helping to ensure the future of impactful stories about the discoveries and ideas shaping our world today.
Tensions came to a head after January 3, when U.S. special operations forces attacked Venezuela and captured Nicolás Maduro. THE Wall Street Journal reported that the forces used Claude during the operation through Anthropic’s partnership with defense contractor Palantir — and Axios reported that the episode intensified an already tense negotiation over exactly what Claude might be used for. When an Anthropic official contacted Palantir to ask if the technology had been used in the raid, the question immediately set off alarms at the Pentagon. (Anthropic disputed that the outreach was intended to signal disapproval of a specific operation.) Defense Secretary Pete Hegseth is “on the verge” of severing the relationship, a senior administration official told Axios., adding: “We will make sure they pay the price for forcing our hand in this way.” »
This collision raises a question: Can a company founded to prevent AI catastrophe hold its ethical lines once its most powerful tools — autonomous agents capable of processing vast data sets, identifying patterns, and acting on their findings — are operating within classified military networks? Is “safety first” AI compatible with a customer who wants systems that can reason, plan and act autonomously on a military scale?
Anthropic has drawn two red lines: no mass surveillance of Americans and no fully autonomous weapons. CEO Dario Amodei said Anthropic will support “national defense in every way except those that would bring us closer to our autocratic adversaries.” Other major labs – OpenAI, Google and xAI – have agreed to relax safeguards for use in the Pentagon’s unclassified systems, but their tools do not yet work in the military’s classified networks. The Pentagon has demanded that AI be available for “all lawful purposes.”
The friction tests Anthropic’s central thesis. The company was founded in 2021 by former OpenAI executives who believed the industry wasn’t taking security seriously enough. They positioned Claude as the ethical alternative. In late 2024, Anthropic made Claude available on a Palantir platform with a cloud security level of up to “secret”, making Claude, according to public accounts, the first major language model operating within classified systems.
The question the standoff now raises is whether security priority constitutes a coherent identity once a technology is integrated into classified military operations and whether redlining is actually possible. “These words seem simple: illegal surveillance of Americans,” says Emelia Probasco, a senior fellow at the Center for Security and Emerging Technologies at Georgetown. “But basically there are whole armies of lawyers trying to figure out how to interpret this sentence.”
Consider the precedent. After Edward Snowden’s revelations, the US government defended the mass collection of telephone metadata (who called who, when and for how long) by arguing that these types of data did not benefit from the same privacy protections as the content of conversations. The debate over privacy protection then concerned the human analysts who searched these documents. Now imagine an AI system querying vast data sets: mapping networks, spotting patterns, flagging people of interest. The legal framework we have was built for an era of human review, not machine-scale analysis.
“In some sense, any kind of mass data collection that you ask an AI to review is mass surveillance by simple definition,” says Peter Asaro, co-founder of the International Committee for Robot Arms Control. Axios reported that the senior official “argued that there is considerable gray area around” Anthropic’s restrictions “and that it is impractical for the Pentagon to have to negotiate individual use cases with” the company. Asaro offers two readings of this complaint. The generous interpretation is that surveillance is truly impossible to define in the AI era. The most pessimistic thing, Asaro says, is that “they really want to use them for mass surveillance and autonomous weapons and don’t want to say that, so they call it a gray area.”
Regarding Anthropic’s other red line, autonomous weapons, the definition is narrow enough to be manageable: systems that select and engage targets without human supervision. But Asaro sees a more worrying gray area. He cites the Israeli military’s Lavender and Gospel systems, which reportedly use AI to generate massive target lists that are submitted to a human operator for approval before strikes are carried out. “You’ve basically automated the targeting element, which is something [that] we are very concerned about and [that is] closely related, even if it falls outside the narrow, strict definition,” he says. The question is whether Claude, operating inside Palantir’s systems on classified networks, could do something similar – processing intelligence, identifying patterns, surfacing persons of interest – without anyone at Anthropic being able to say precisely where the analysis work ends and the targeting begins.
The Maduro operation tests exactly this distinction. “If you’re collecting data and intelligence to identify targets, but humans decide, ‘Okay, here’s the list of targets we’re actually going to bomb,’ then you have the level of human oversight that we’re trying to demand,” Asaro says. “On the other hand, you continue to depend on these AIs to choose these targets, and the degree of verification and the extent of scrutiny of the validity or legality of these targets is a separate question.”
Anthropic may be trying to draw a tighter line between mission planning, where Claude might help identify bombing targets, and the mundane work of processing documentation. “There are all kinds of boring applications of big language models,” Probasco says.
But the capabilities of Anthropic’s models can make these distinctions difficult to maintain. Teams of Opus 4.6 agents can divide a complex task and work in parallel: a breakthrough in autonomous data processing that could transform military intelligence. Opus and Sonnet can navigate apps, fill out forms, and work across platforms with minimal oversight. These characteristics that determine Anthropic’s commercial dominance are what make Claude so attractive within a classified ad network. A model with a huge working memory can also hold an entire intelligence file. A system that can coordinate autonomous agents to debug a codebase can coordinate them to map an insurgent supply chain. The more competent Claude becomes, the thinner the line between the analytical work Anthropic is willing to support and the surveillance and targeting it is committed to refusing.
As Anthropic pushes the boundaries of autonomous AI, the military’s demand for these tools will only grow. Probasco fears that the confrontation with the Pentagon will create a false dichotomy between safety and national security. “What if we had security And national security? she asks.