Military AI: OpenAI Replaces Anthropic at the Pentagon

Military AI: OpenAI Replaces Anthropic at the Pentagon

OpenAI has formalized an agreement with the Pentagon to deploy its AI models in classified environments, presenting it as the most tightly regulated partnership to date for military uses of AI.

The highlights of the agreement

OpenAI explains that it concluded the deal by requesting that similar terms be offered to all AI laboratories and asserts that this agreement contains “more guardrails than any prior contract for classified AI deployments, including Anthropic’s.”

The framework allows the Department of War (DoW, as OpenAI uses the term) to use its models for “all lawful purposes,” but comes with contractual and technical restrictions described as “red lines.”

Three “red lines” on display

OpenAI highlights three explicit prohibitions that should structure the Pentagon’s use of its technologies.

  • No use of OpenAI technology for domestic mass surveillance.
  • No use to direct autonomous weapon systems.
  • No use for high-stakes automated decision-making, such as social-credit-like systems.

According to the inventor of ChatGPT, other labs have “reduced or removed their guardrails” and leaned primarily on usage policies, whereas the company claims a more “multi-layer” arrangement, combining deployment architecture, a safety stack, expert involvement, and contractual clauses.

Read also: Canal+ selects Google Cloud and OpenAI to transform its streaming service

A cloud deployment and a safety stack controlled by OpenAI

The agreement rests on a cloud-only deployment, operated by OpenAI, with no provision of “unfenced” models or untrained-for-safety versions. The company notes that no model is deployed on “edge devices,” which, in its view, limits the possibility of direct use in lethal autonomous weapons. It states that this architecture will enable it to independently verify that the red lines are not breached, notably through classifiers updated over time.

The contract language highlighted

OpenAI publishes a key excerpt from the contract to illustrate how the guardrails are legally framed.

  • The DoW “may use the AI system for all lawful purposes,” in accordance with applicable law, operational requirements, and safety and oversight protocols.
  • The system “will not be used to independently direct autonomous weapons” in cases where law or department policy requires human oversight, nor to undertake other high-stakes decisions that require human approval under the same authorities.
  • For intelligence activities, any processing of private information must comply with the Fourth Amendment, the National Security Act of 1947, FISA, Executive Order 12333, and DoD directives imposing a defined foreign intelligence objective.
  • The system “must not be used for unconstrained surveillance of Americans’ private information” and cannot be employed for domestic law enforcement activities except within the bounds of the Posse Comitatus Act and applicable laws.

OpenAI also stresses that the contract explicitly references laws and policies “as they exist today,” to prevent any future regulatory evolutions from automatically widening the use of its AI beyond the current framework.

OpenAI engineers and researchers “in the loop”

The agreement provides for the presence of OpenAI forward-deployed engineers, duly cleared for secret work, as well as safety/alignment researchers who are also “in the loop.” Their role, as announced, is to help the government integrate the models, monitor usages, and evolve the safety stack over time. OpenAI asserts it maintains “full control” over this safety stack and reiterates that it will not deploy models without safety guardrails, including for national security missions.

OpenAI’s stated strategic motivations

OpenAI advances two main arguments to justify this engagement with the Pentagon.

  • First, the company argues that the American military “absolutely needs powerful AI models” to contend with adversaries already integrating AI into their systems. It explains that, up to now, it had not deemed its own guardrails and systems mature enough for a classified deployment, and that it has been working to strengthen them.
  • Second, OpenAI says it aims to “de-escalate” tensions between the DoW and American AI labs by requesting that the same terms be offered to all and that the government try to “resolve things with Anthropic.”

Implicitly asked about Anthropic being designated a “supply chain risk” by U.S. authorities, OpenAI responds that it does not back that decision and that it has clearly expressed its position to the government.

OpenAI, Anthropic, and the guardrails question

In its FAQ, OpenAI positions itself regarding Anthropic’s arguments, which had detailed their own “red lines” and their concerns about the Pentagon’s ability to respect them in contemplated contracts. OpenAI notes that it shares two of those red lines (domestic mass surveillance and fully autonomous weapons) and adds a third concerning high-stakes automated decisions.

The company explains why it considers these lines more binding in its own contract:

  • domestic mass surveillance would be explicitly excluded from the contract’s scope of use,
  • the described cloud architecture, in its view, would not allow feeding fully autonomous weapons directly due to the lack of edge deployment.

OpenAI also states that its agreement “offers more guardrails than prior accords, including Anthropic’s original contract,” by combining contractual constraints, technical limits, and human supervision.

What happens if the government drifts?

On a more political note, OpenAI seeks to address ongoing concerns about possible evolutions of the legal framework or surveillance practices.

Read also: Military AI: by rejecting the Pentagon, Anthropic wins over the general public

In case the state breaches the terms, OpenAI says it could terminate the agreement, as with any contract, even though it does not “anticipate” this scenario.

If the government later changes defense laws or policies, the company notes that the contract explicitly refers to current standards, which, in its view, limits the scope of future regulatory relaxations.

On the two most sensitive points, OpenAI assures that the agreement will not allow the use of its models for autonomous weapons nor for mass surveillance of American citizens, invoking the safety stack, the cloud architecture, the contractual language, and the presence of OpenAI personnel in the loop.

Dawn Liphardt

Dawn Liphardt

I'm Dawn Liphardt, the founder and lead writer of this publication. With a background in philosophy and a deep interest in the social impact of technology, I started this platform to explore how innovation shapes — and sometimes disrupts — the world we live in. My work focuses on critical, human-centered storytelling at the frontier of artificial intelligence and emerging tech.

© 2025 Dawn Liphardt