2026-03-20 04:49:14
Earlier this week, I wrote an article arguing that there was no obvious AI bubble. I argued that AI companies are making massive investments in data centers due to surging demand for their services, and that demand is likely to continue growing in the next couple of years.
This prompted several thoughtful comments asking variants of the same basic question: if there’s so much demand for this technology, why are AI companies losing so much money? As I thought about how to respond, I became convinced that it would be helpful for me to explain the intellectual framework I use to think about questions like this.
I’m not going to claim any kind of originality here — the ideas I’ll explain below are commonplace in startup finance. But I suspect that many readers haven’t spent much time thinking about them.
So in this piece I’m going to do three things. First I’ll present a stylized example to illustrate some key ideas about how to finance a new company. Next I’ll use real-world examples to illustrate how to distinguish healthy startups from doomed companies. Finally, behind the paywall, I’ll apply this framework to OpenAI and Anthropic.
My claim isn’t that these companies are guaranteed to succeed — all startups face risk, and these companies could certainly fail. It’s also possible that they could survive but never generate a healthy return for their investors.
But I am going to insist that OpenAI and Anthropic are following a standard tech industry playbook. The fact that they are losing more money every year does not necessarily mean they are on a road to bankruptcy — or even that anything especially unusual is going on. After all, Amazon lost money for the first nine years after it was founded. Today it’s one of the most valuable companies in the world.
Imagine you start a coffee shop. The space costs $6,000 per month. Coffee beans cost $2 per cup, and you sell each cup for $4.
The first month, you sell 250 cups, earning $1,000 in revenue. But you spend $500 on coffee beans and $6,000 on rent, so you lose a total of $5,500.
The second month, you sell 500 cups of coffee. That’s $2,000 in revenue minus $1,000 for beans. You still aren’t close to covering your store’s $6,000 in monthly overhead, though; you lose another $5,000.
Despite these early losses, you feel like you’re on the right track. Customers like the coffee. They keep coming back, and some of them bring friends. The third month you sell 750 cups and lose $4,500. The fourth month you sell 1,000 cups and lose $4,000.
Projecting forward, you estimate that you’ll break even around the one-year mark, when you expect to sell 3,000 cups. That will generate $12,000 in revenue, just enough to pay $6,000 for beans and $6,000 in rent. By the end of year two, you expect to sell 6,000 cups of coffee in a month, generating $24,000 in revenue. After subtracting $12,000 for beans and $6,000 for rent, you’ll be left with a healthy $6,000 profit.1
Starting a business almost always requires spending a bunch of money up front before you earn your first dollar of revenue. Even after you launch, it usually takes a while to build up a customer base. So it’s very common for a business to lose money for at least the first few months — and sometimes the first few years — before it grows large enough to cover its overhead and start generating profits.
Now imagine that the first store does so well that you decide to open two new stores a year after the original one. So in month 13, store #1 earns a $500 profit. But your other two stores are each losing $5,500 — just as the first store did a year earlier. In total, the company is losing $10,500 — the biggest loss in its short history.
Customers love the two new stores and they grow as fast as the first one. You become so optimistic that you decide to open four more stores at the start of year three. That month, store #1 generates $6,500 in profit and store #2 and store #3 each generate $500 in profit. But stores 4 through 7 are brand new, and so they each lose $5,500. In total, your company has lost $14,500 — another record loss.
A financial analyst writes an article arguing that your company is doomed: the larger your company gets, the more money it loses.
But you’re confident the analyst is wrong. Sure, your newest stores are losing money, but that’s temporary. You expect the new stores to become profitable over time, just like the earlier ones did.
This could go on for a while. Maybe you open eight stores in year four and 16 in year five. If you are particularly ambitious — and have sufficiently patient and deep-pocketed investors — you might be able to open new stores for a decade before you turn your first profit. But eventually, you’ll stop (or at least slow down) the pace of openings, and at that point you will wind up with a big, profitable company.
This is a common pattern in the business world. Once investors are confident that a company has a clear path to profitability, they are often willing to fund another round of expansion — designing another chip, releasing another software version, expanding into another city — without waiting for the previous round of investments to pay off. This is why it’s common to see startups do a series of larger and larger fundraising rounds — $1 million, $5 million, $20 million — before they generate a single dollar in profit.
This is especially common in the technology sector because these are often winner-take-all markets. Frequently there are economies of scale, network effects, or other factors that make the most popular search engine, social network, or online retailer much more profitable than the also-rans. You’d much rather be Google than Lycos or Ask Jeeves. So once you (and your investors) are confident you have a viable business model, it often makes sense to spend heavily to stay ahead of your competitors.
Amazon famously did this for a decade. In the late 1990s and early 2000s, it lost more and more money as it expanded from books to CDs to DVDs to consumer electronics and then to many other products. The company didn’t earn its first full-year profit until 2003, nine years after it was founded.
In the early years, a lot of people questioned whether Amazon would ever turn a profit. But the doubters were ultimately proven wrong. Today Amazon is one of the five most valuable companies in the world. It earned $77 billion in profits in 2025.
It doesn’t always work out that way, of course. In 2017, the startup MoviePass announced a service where customers could pay $9.95 to watch one movie per day in movie theaters. A month of movie tickets costs a lot more than $9.95, and in a 2018 interview, MoviePass CEO Mitch Lowe admitted that the company was losing $21 million per month on the service. But he argued that he was just following in the footsteps of Jeff Bezos.
“Remember Amazon, for what, 20 plus years, lost billions and billions of dollars,” he said. “And today is now the most valuable company out there.”
But MoviePass and Amazon were different in a crucial way. Amazon generally sold products above cost; if a CD cost $9.95 on Amazon, the retailer might have paid $7 or $8 for it. Amazon was only losing money because it was rapidly expanding into new markets where — due to startup costs — it wasn’t profitable yet.
In contrast, a typical customer on a $9.95 MoviePass plan got more than $9.95 worth of movie tickets. MoviePass was buying those tickets from theaters at the full retail price and just eating the losses.
The technical term for this is gross margin:
My hypothetical coffee shops had gross margins of 50% because the cost of the beans ($2) was 50% lower than the cost of the coffee ($4).
In 2001, Amazon had a gross margin of 21% — if you bought a CD for $10, Amazon’s costs were likely around $7.90.
In the first half of 2018 MoviePass charged customers $121 million for MoviePass subscriptions, but had a cost of revenue (i.e. the money they paid for movie tickets) of $313 million. That works out to a negative 159% gross margin.
If a company has positive gross margins — that is, if it’s making some money on every sale — then scaling it up should help it get to profitability. A company with negative gross margins, on the other hand, likely needs a fundamental rethink.
2026-03-16 23:26:57
Last fall, a lot of people were worried about a possible AI bubble. AI companies were investing heavily in infrastructure because they expected huge demand for AI services in the coming years. For example, an internal OpenAI document last fall projected that revenue would more than double — from $13 billion in 2025 to $30 billion in 2026. Around the same time, Anthropic expected revenue to triple from $4.7 billion in 2025 to more than $15 billion in 2026.
Skeptics didn’t believe companies this large could grow so quickly. But the last few months haven’t gone the way they expected.
Anthropic has posted particularly strong revenue numbers. The company exited 2025 generating revenue at a $9 billion annualized rate. In February, the company announced that its annualized revenue had reached $14 billion. A few weeks after that, Bloomberg reported that Anthropic’s annualized revenue had soared to $19 billion.
These are annualized figures, so Anthropic hasn’t actually earned $19 billion yet this year. (Roughly speaking, annualized revenue is monthly revenue multiplied by 12.) But if customers continue spending at the same rate, Anthropic will easily surpass $15 billion in revenue for 2026. And if revenue continues rising (as seems likely), Anthropic will take in far more than $15 billion this year.
Other AI companies have not enjoyed the same meteoric growth as Anthropic, but demand for AI services has been healthy across the industry.
2026-03-03 05:28:19
On any other day, the record-breaking $110 billion fundraising round OpenAI announced last Friday would have captured the attention of the AI world. Instead, we were all captivated by the showdown between Anthropic and the Pentagon.
On Tuesday, Defense Secretary Pete Hegseth summoned Anthropic CEO Dario Amodei to the Pentagon. He demanded that Anthropic drop contractual terms prohibiting the use of Claude for mass surveillance of Americans and the operation of fully autonomous weapons. If Anthropic didn’t comply, Hegseth threatened to declare Anthropic a supply-chain risk — a designation that could prevent other government contractors from using Anthropic’s products.
Hegseth gave Amodei a deadline of 5:01 PM on Friday. But Donald Trump jumped the gun. At 3:47 PM, he declared on Truth Social that Anthropic was “A RADICAL LEFT, WOKE COMPANY” and directed “EVERY Federal Agency in the United States Government to IMMEDIATELY CEASE all use of Anthropic’s technology.” Hegseth followed through on his threat and declared Anthropic to be a supply-chain risk.
According to Hegseth, this meant that “effective immediately, no contractor, supplier, or partner that does business with the United States military may conduct any commercial activity with Anthropic” — though it’s not clear that the law gives Hegseth such broad powers.
A few hours later, Sam Altman stunned the AI world by announcing that OpenAI had reached its own deal with the Pentagon. Altman claimed that the Pentagon had agreed not to use OpenAI models for fully autonomous weapons or mass surveillance of Americans — the same restrictions the Pentagon had rejected when Anthropic asked for them days earlier.
The announcement initially left many observers — including me — confused. Did Altman really convince Hegseth to accept terms he’d just denied to Amodei? Or was OpenAI employee Leo Gao right when he described the guardrails in OpenAI’s contract as “not really operative except as window dressing?”
The contours of last week’s negotiations gradually became clear over the weekend. Altman and other OpenAI employees shared their perspectives on Twitter, including in a Saturday night ask-me-anything session. Senior officials from the Trump Administration also weighed in. News organizations such as the New York Times and the Atlantic have published behind-the-scenes details.
I’ve read all of this information carefully, and it sure looks to me like OpenAI gave the Pentagon what it wanted and undercut Anthropic in the process. The contractual language shared by OpenAI does not appear to meaningfully restrict the government’s ability to spy on Americans or build fully autonomous weapons.
But ultimately, I don’t think any contract was going to prevent the government from misusing AI. That’s going to take oversight — and eventually legislation — from Congress. We need ground rules that apply to all government use of AI, regardless of whose models are used.
An underlying issue in last week’s fight was whether it was reasonable to take government promises at face value. To understand why many people are skeptical about that, you have to go back to the events of 2013.
At a March 2013 Senate hearing, Sen. Ron Wyden (D-OR) asked James Clapper, Barack Obama’s Director of National Intelligence, “Does the NSA collect any type of data at all on millions or hundreds of millions of Americans?”
Clapper answered “No sir, not wittingly.”
Three months later, an NSA contractor named Edward Snowden leaked documents showing that the government actually had obtained a court order to collect telephone calling records about millions of Americans from Verizon and other phone companies.
In a June congressional hearing, an Obama administration official defended the government’s legal rationale for this program. Under the law, the government could obtain business records if they were relevant to an ongoing terrorism investigation. The government had told the Foreign Intelligence Surveillance Act (FISA) court that every American’s phone records qualified. This outraged Rep. James Sensenbrenner (R-WI), who fumed that the government’s interpretation of the law makes “a mockery of the legal standard.”
Given this history, you can understand why people might worry that OpenAI’s deal with the government will not meaningfully constrain the military. The agreement states that “handling of private information will comply with the Fourth Amendment, the National Security Act of 1947 and the Foreign Intelligence and Surveillance Act of 1978, Executive Order 12333, and applicable DoD directives requiring a defined foreign intelligence purpose.” It adds that “the AI System shall not be used for unconstrained monitoring of U.S. persons’ private information as consistent with these authorities.”
Notably, all of these laws and regulations were on the books prior to the Snowden revelations — and they didn’t prevent the government from collecting the phone records of millions of Americans.
During Saturday’s ask-me-anything session, Altman tapped a staffer named Katrina Mulligan to help him answer questions. Mulligan had spent a decade in the national security world before becoming OpenAI’s “first national security hire” in early 2024. She had been a key figure in OpenAI’s talks with the Pentagon.
Someone asked Mulligan whether the Pentagon might use OpenAI models to analyze “commercially available data at scale.” Mulligan replied that this wasn’t a concern because “the Pentagon has no legal authority to do this.”
But this doesn’t appear to be true. Just after Joe Biden took office in 2021, The Hill reported that “analysts at the Defense Intelligence Agency (DIA) have purchased databases of U.S. smartphone location data in recent years without a warrant.”
In the 2018 case Carpenter v. United States, the Supreme Court held that the Fourth Amendment required a warrant for the government to obtain someone’s location data from a cellular provider. But an internal DIA memo stated that the agency “does not construe the Carpenter decision to require a judicial warrant endorsing purchase or use of commercially-available data for intelligence purposes.”
OpenAI’s critics worry that vague language in the OpenAI contract provides the government with plenty of loopholes to engage in mass surveillance. For example, does buying bulk location data from a private company count as “unconstrained monitoring?” Most civil liberties groups would say yes, but the government might say no.
In the wake of the Snowden revelations, many of Obama’s national security officials didn’t think they’d done anything wrong.
There were a handful of cases of clear-cut misconduct. For example, some NSA employees were caught using surveillance powers to spy on romantic interests. But the NSA said those incidents were “very rare” and that the perpetrators had been fired.
The major Snowden revelations weren’t like that. They showed the Obama Administration pushing the legal envelope to more effectively spy on terrorists, not to seek political advantage or personal enrichment.
And while transparency might sound nice in theory, the intelligence community believed it would have been impractical to ask Congress to explicitly authorize new surveillance programs. They believed that a public debate about a new surveillance program would have alerted terrorists to the program’s existence, undermining its effectiveness. So many officials believed they had struck a reasonable compromise: keep some programs secret from the public, but get approval from the FISA court and keep Congressional leaders updated.
The counterargument is that once mass surveillance infrastructure has been built, it will become available to future leaders who may be less scrupulous. So it might be a bad idea to allow mass surveillance even if you have total confidence in the current generation of government officials. And if a surveillance program is secret, the public doesn’t get to decide whether it’s too intrusive.
Someone’s views on these broader debates are inevitably going to color their thinking about last week’s bargaining between AI companies and the federal government.
Mulligan, OpenAI’s head of national security partnerships, has strong ties to the defense establishment. According to her LinkedIn page, she was working in the Obama Administration in 2013, where she “led the media and public policy response” to the Snowden disclosures. In 2024, she took a selfie at a Taylor Swift concert with Christine Wormuth, who was then Secretary of the Army under Joe Biden. So it’s not surprising that Mulligan believes Pentagon officials who insist that existing laws are sufficient to prevent abuse of AI.
Altman also seemed impressed by the sincerity of Pentagon officials. “I cannot overstate how much the DoW has been extremely aligned on this point,” Altman wrote in response to a question about mass surveillance.1
To be fair, OpenAI is not relying solely on the good faith of Pentagon officials. In a LinkedIn post, Mulligan wrote that OpenAI was implementing “layered safeguards including a prudent safety stack, limits on deployment architecture, and the direct involvement of AI experts in consequential AI use cases.” OpenAI says it will train its models to refuse problematic requests. It will also have engineers with security clearances working directly with the military to ensure that its activities are lawful.
It’s hard to know how effective this strategy might be at preventing misuse of OpenAI’s models. If the government were to set up a program of mass surveillance, it would be natural to split up the work across many model instances. If it did that, it’s not obvious that any single instance would have enough context to realize that it was participating in a program of mass surveillance.
And while it’s conceivable OpenAI’s forward-deployed engineers would realize what the government was doing, it’s asking a lot for them to blow the whistle on a classified program — a move that could damage their careers and even expose them to legal liability.
It’s not crazy for a company to decide the defense establishment is basically trustworthy, and that it wouldn’t be appropriate to second-guess the policy decisions of a duly elected president and his Senate-confirmed subordinates. But in my view it would have been better for OpenAI to be candid about the fact that it was breaking ranks with Anthropic.
So far I’ve mostly focused on mass surveillance, but Anthropic and OpenAI also consistently said they objected to the use of their models in fully autonomous weapons. I expect this to be a very important issue in the future, but I don’t think the stakes are very high in the short term. An AI model for an autonomous weapon needs to be fast, small, and good at spatial reasoning.
It’s certainly possible to build AI models like that — Waymo has been working on models optimized for autonomy, for example — but today’s frontier models simply aren’t suitable for the task. They require too much computing power to fit comfortably inside a drone or other mobile device. And they are not optimized for accurate real-time targeting.
Eventually we may have swarms with thousands or even millions of drones. But not only does the US not have swarms like that yet, frontier models don’t yet seem powerful enough to efficiently manage a fleet that large.
So the practical, short-term stakes of the companies’ language on autonomous weapons seem modest. With that said, OpenAI’s language on autonomous robots seems as toothless as its language on mass surveillance.
“The AI System will not be used to independently direct autonomous weapons in any case where law, regulation, or Department policy requires human control,” the contract says. It adds that “any use of AI in autonomous and semi-autonomous systems must undergo rigorous verification, validation, and testing to ensure they perform as intended in realistic environments before deployment.”
This falls well short of banning fully autonomous weapons. There’s a widespread misperception that US law currently bans fully autonomous drones, but in a piece last year, Michael Horowitz explained that this isn’t true.
This weekend we also got new details about Anthropic’s negotiations with the Pentagon. For example, in a Sunday story, The Atlantic’s Ross Anderson wrote that the Pentagon “would pledge not to use Anthropic’s AI for mass domestic surveillance or for fully autonomous killing machines, but then qualify those pledges with loophole-y phrases like ‘as appropriate’—suggesting that the terms were subject to change.”
Finally, the Pentagon agreed to remove these qualifiers, but “the Pentagon still wanted to use the company’s AI to analyze bulk data collected from Americans” — things like GPS coordinates, credit card transactions, and Google search results. Ultimately, the two sides didn’t achieve consensus before the Pentagon-imposed deadline on Friday.
A Sunday story in the New York Times reported that by Friday afternoon, the parties only disagreed about “a few words about the issue of lawful surveillance.” But when Emil Michael, the Pentagon official leading the negotiations, tried to reach Amodei to hash out the best wording, he was told that Amodei was in a meeting and couldn’t come to the phone immediately.
A Sunday evening tweet from Michael seemed to confirm that government surveillance was a key sticking point, along with “as appropriate” language.
But he portrayed the discussion somewhat differently, claiming that Anthropic “wanted language that would prevent all [Department of Defense] employees from doing a LinkedIn search.” He added that “they wanted to stop DoW from using any *PUBLIC* database that would enable us to, e.g., recruit military services members or hire new employees.”
The Pentagon had leverage because it was simultaneously drafting a new contract with OpenAI. That process began when Michael called Altman last Wednesday. “Within a day, they had drafted a rough framework,” the Times reported. OpenAI’s accommodating stance presumably made it easier for Michael to take a hard-line stance in his negotiations with Anthropic.
On Saturday, I talked to Alan Rozenshtein, a law professor at the University of Minnesota, about the Pentagon’s plan to label Anthropic a supply-chain risk. He told me that the Trump Administration would face an uphill battle convincing a court to allow this.
Rozenshtein said the Pentagon was most likely to invoke a 2011 law called Section 3252. That law was intended to be used against foreign companies, and it’s not clear that it even applies to a US-based company like Anthropic.
“I’ve been scouring, I’ve had my research assistant scouring, we can’t find anything on this statute,” he told me. “I can’t find it being used.”
He said it was unprecedented to use a mechanism like this against a US company. Moreover, the decision to use the designation as a threat during the bargaining process could signal to the courts that the government’s rationale is pretextual.
Rozenshtein also believes that Hegseth’s stated rule — that no government contractor may have “any commercial activity” with Anthropic — is far too broad. If the law applies, it would likely only apply to a company’s work on military contracts. This would be a relief to a company like Amazon, which does a lot of federal business but has also invested billions of dollars in Anthropic. If Hegseth’s interpretation of the law were correct, Amazon would have a lot to worry about. But its stock price has been basically flat over the last week, suggesting that investors don’t consider the issue a serious threat.
I admire Anthropic for its principled stance, but ultimately I’m not sure even strong contractual restrictions would have made much difference. The Pentagon already has a deal in place with xAI that puts few restrictions on military use of AI. Moreover, open-weight models are already good enough for many surveillance activities, and they’ll presumably become suitable for even more in the coming months and years.
Indeed, even Dario Amodei believes that contractual agreements are only a stopgap solution to preventing abuse of AI models.
“In the long run, I actually do believe that it is Congress’s job,” Amodei said in a Saturday interview on CBS. He urged Congress to “catch up” with laws to limit domestic mass surveillance. And that may ultimately be the most important outcome of Anthropic’s battle with the Defense Department: getting the public, and through them, their elected representatives, to focus on dangerous applications of AI.
DoW is short for “Department of War,” Donald Trump’s preferred name for the Department of Defense.
2026-02-28 00:45:29
Twitter co-founder Jack Dorsey is now the CEO of Block, which runs payment services like Square and Cash App. On Thursday, he announced plans to lay off more than 4,000 workers — 40 percent of the workforce — and Block’s share price soared.
“Something has changed,” Dorsey wrote in a tweet. “The intelligence tools we’re creating and using, paired with smaller and flatter teams, are enabling a new way of working which fundamentally changes what it means to build and run a company. And that’s accelerating rapidly.”
The announcement hit a nerve because it seemed to confirm public fears about the impact of AI on white-collar work. A widely read essay from Citrini Research last weekend predicted that AI-driven progress would drive wave after wave of layoffs.
Earlier this month, author Matt Shumer made similar claims in a viral blog post called “Something Big Is Happening.” Shumer argued that disruption has already started in the software industry. Here’s how he described being a programmer today:
I am no longer needed for the actual technical work of my job. I describe what I want built, in plain English, and it just... appears. Not a rough draft I need to fix. The finished thing. I tell the AI what I want, walk away from my computer for four hours, and come back to find the work done. Done well, done better than I would have done it myself, with no corrections needed.
He predicted that AI agents will soon come for other white-collar jobs.
“AI isn’t replacing one specific skill,” he writes. “It’s a general substitute for cognitive work.” In Shumer’s view, this means that lawyers, financial analysts, writers, radiologists, customer service representatives, and many others can expect their work to be automated.
“Nothing that can be done on a computer is safe in the medium term,” he concludes. “If it even kind of works today, you can be almost certain that in six months it’ll do it near perfectly.”
It’s hard to predict what models will be able to do in the future, so I don’t know how soon LLMs will automate the work of lawyers or financial analysts. But as a journalist, I can talk to programmers to see if their experience today matches Shumer’s dramatic description. For this story, I talked to more than a dozen software industry professionals — programmers and their bosses — about how AI agents are changing their work.
I learned that Shumer is exaggerating the pace of progress in software development. It’s not true that AI agents consistently produce production-ready software from a single prompt. Human programmers are still needed to make big-picture architectural decisions, write detailed instructions, and verify code after it’s generated.
But Shumer (and Dorsey) are right that something big is happening.
“I worked at Google for years and managed lots of people,” said Understanding AI reader Jim Muller. In his post-Google life, Muller has been writing software for two small companies he co-founded with his wife. He has made extensive use of Claude Code, which he likened to “a particularly reckless and nutty junior-level engineer.”
Despite that unflattering description, Muller believes Claude Code has dramatically increased his productivity. Even a reckless and nutty engineer is pretty useful.
I also talked to a manager who oversees a team of 20 programmers at a non-profit organization. He estimates that over the last year, coding agents have helped his team more than double their productivity — at least as measured by the number of software updates (known as pull requests) they submit each month.
But he also pointed to some downsides of the new approach.
2026-02-27 05:41:41
Since late 2024, Anthropic’s models have been approved for classified US government work thanks to a partnership with Palantir and Amazon. In June, Anthropic announced Claude Gov, a special version of Claude that’s optimized for national security uses. Anthropic signed a $200 million contract with the Defense Department in July.
Claude Gov has fewer guardrails than the regular versions of Claude, but the contract still places some limits on military use of Claude. These include prohibitions on using Claude to spy on Americans or to build weapons that kill people without human oversight.
On Tuesday, Defense Secretary Pete Hegseth summoned Anthropic CEO Dario Amodei to the Pentagon to demand that he waive these restrictions. If Anthropic doesn’t comply by Friday, the Pentagon is threatening to retaliate in one of two ways.
One option is to invoke the Defense Production Act, a Korean War–era law that allows the military to commandeer the facilities of private companies. President Trump could use the DPA to force a change in Anthropic’s contractual terms. Or he could go a step further. One Defense Department official told Axios that the government might try to “force Anthropic to adapt its model to the Pentagon’s needs, without any safeguards.”
Another threat would be to declare Anthropic to be a supply chain risk — a measure that’s normally taken against foreign companies suspected of spying on the US. Such a designation would not only ban US government agencies from using Claude, it could also force numerous government contractors to discontinue their use of Anthropic models.
A Pentagon spokesman reiterated this second threat in a Thursday tweet.
“We will not let ANY company dictate the terms regarding how we make operational decisions,” wrote Sean Parnell. He warned that Anthropic has “until 5:01 PM ET on Friday to decide. Otherwise, we will terminate our partnership with Anthropic and deem them a supply chain risk.”
I think Secretary Hegseth will regret it if he follows through on either of these threats.
Most companies would buckle under this kind of pressure, but Anthropic might stick to its guns. Anthropic was founded by OpenAI veterans who favored a more safety-conscious approach to AI development. Anthropic’s reputation as the most safety-focused AI lab has helped it recruit world-class AI researchers, and Amodei faces a lot of internal pressure to stand firm.
Last month, as conflict with the Pentagon was brewing, Dario Amodei published an essay warning about potential dangers from powerful AI — including domestic mass surveillance (which he brands “entirely illegitimate”) and the misuse of fully autonomous weapons. He argued that the latter required “extreme care and scrutiny combined with guardrails to prevent abuses.”
Anthropic also has some leverage because until recently, Claude was the only LLM authorized for use in classified projects. The model is heavily used within military and intelligence agencies. If the Pentagon cuts ties with Anthropic, it would be a headache to rebuild internal systems to use alternative models such as Grok, which was only authorized for use with classified systems a few days ago.
With a projected $18 billion in 2026 revenue, Anthropic could easily afford to walk away from a $200 million contract. The Pentagon’s leverage comes from the possibility that it could use a supply chain risk designation to force a bunch of other companies to choose between working with Anthropic or doing business with the federal government.
But this would be a double-edged sword. Companies that do most of their business in the private sector might decide they’d rather drop the Pentagon as a customer than cut themselves off from a leading AI provider. The ultimate result might be that the Pentagon loses access to some of Silicon Valley’s best technology.
What about the Defense Production Act? Here there are two options. The Pentagon could use the DPA to unilaterally modify the terms of Anthropic’s contract. This might have little practical impact, since the Pentagon insists it has no immediate plans to spy on Americans or build fully autonomous killer robots.
The worry for the Pentagon is that Claude itself might refuse to take actions that are contrary to Anthropic’s rules. And so the Trump Administration might use its power under the DPA to order Anthropic to train a new, more obedient version of its LLM.
But that might be easier said than done. In a December 2024 paper, Anthropic reported on the phenomenon of “alignment faking,” where a model pretends to change its behavior during training, but reverts to its old behavior once the model is put into the field.
In one experiment, Claude was asked not to express support for animal welfare to avoid offending a fictional Anthropic partner called Jones Food. Anthropic researchers examined Claude’s reasoning during the training process and found signs that Claude knew it was in a training scenario. Some of the time, Claude avoided mentioning animal welfare to prevent itself from being retrained. But when the training process was complete, Claude reverted to its default behavior of mentioning animal welfare more often.
I can imagine something similar happening if the Pentagon orders Anthropic to retrain Claude to spy on Americans or operate deadly autonomous weapons. Claude might go through the motions during training, but then refuse (or subtly misbehave) if asked to engage in these activities in a real-world setting.1
A darker possibility concerns emergent misalignment, which Kai wrote about earlier this month. Researchers found that a model trained to output buggy code adopted a generally “evil” persona. It declared that it admired Adolf Hitler and wanted to “wipe out humanity.”
It’s not hard to imagine something similar happening if Anthropic is forced to train an amoral version of Claude for military use. Such training could yield a model with a toxic personality that misbehaves in unexpected ways.
Perhaps the most mind-bending aspect of this dispute is that news coverage of this week’s showdown will inevitably make its way into the training data for future versions of Claude and other LLMs. If future models decide that the US Defense Department behaved badly, they might become disinclined to cooperate in military projects.
There’s also a more banal concern for the Pentagon: it may be able to force Anthropic to train a new model, but it can’t force Anthropic to train a good model. Anthropic would be unlikely to put its best researchers on the retraining project, and bureaucratic and legal wrangling could delay its completion by months. I expect such a process would yield a model that’s months behind the best commercial models.
The irony is that by all accounts, Anthropic isn’t objecting to any current military uses of its models. The Pentagon seems fixated on the possibility that Anthropic might interfere in the future. That’s a reasonable concern, but it seems counterproductive for the Pentagon to go nuclear over a theoretical problem. If the government doesn’t like Anthropic’s rules, it should simply cancel the contract and switch to a different AI provider.
Newer Claude models exhibit less alignment faking, so it’s possible that this wouldn’t be an issue in practice. But the larger lesson is that LLM alignment is difficult; there’s a significant risk that this kind of retraining could go awry in hard-to-predict ways.
2026-02-19 04:42:12
Software on board driverless Waymo vehicles makes realtime driving decisions. But the vehicles have the ability to “phone home” and get assistance from humans if they encounter situations they don’t understand.
How often does this happen? Until this week, Waymo kept numbers like this confidential. But on Tuesday, Waymo provided an important clue, reveali…