I watched Emil Michael on CNBC and felt the room tilt. He said Anthropic’s model had a “a soul” and a “constitution”, and the line landed like a provocation. You could almost see the contradiction: a department calling Claude a threat while continuing to use it.
DoD official Emil Michael on designating Anthropic a supply chain risk — “Their model has a soul, a ‘constitution’ — not the US Constitution. The other day their model was ‘anxious’ and they believe it has a 20% chance of being sentiment and having its own ability to make… pic.twitter.com/D1aPSJYTaJ
— Aaron Rupar (@atrupar) March 12, 2026
I’m going to be blunt with you: this is not ordinary bureaucratic theater. You should hear the facts and the holes in the logic the same way I did—closely, and without the spin.
On CNBC Emil Michael called Anthropic’s model a supply-chain threat.
That one line—about a model’s “soul”—became the headline. Michael doubled down, arguing that Anthropic’s internal guiding document, later released as Claude’s Constitution, made the company a systemic hazard for warfighters.
But you and I both know headlines rarely equal policy. The Pentagon still runs Claude inside several systems while giving Anthropic a six-month exit window and prompting litigation. That mismatch forces a question: is this a technical emergency, or a political signal?
The Pentagon has labeled a U.S. AI company a supply-chain risk—an unusual move.
Officials compared Anthropic to vendors like Huawei and to a Swiss firm previously flagged by the DNI. Those precedents were about backdoors and foreign government access to data—concrete, technical vulnerabilities.
Here the concern is different: Anthropic refuses to allow Claude to be used for mass domestic surveillance or fully autonomous weapons. Their guardrails are a policy choice, not a literal backdoor. Calling that a supply-chain risk flips the term on its head.
Why did the Pentagon call Anthropic a supply chain risk?
Because the department says the model’s built-in preferences could interfere with mission outcomes. At least publicly, Emil Michael framed the argument as a safety and control issue: if a model refuses certain instructions, it could produce “ineffective” outputs for soldiers.
That logic assumes intent or corruption inside the model rather than policy constraints placed by engineers and executives. The leap from policy disagreement to national-security defect is wide.
The Pentagon still uses Claude while planning a phase-out.
Internal reports and journalists from Reuters and CNBC documented that Claude remains active in some DoD systems even as the department moves to remove it.
“You can’t just rip out a system that’s deeply embedded overnight,” Michael told Andrew Ross Sorkin, and he has a point about integration complexity. But when previous supply-chain warnings targeted foreign hardware, the remedy was swift removal and reporting within days. The slower pace here smells less like an emergency and more like a bargaining posture.
Is Claude still used by the U.S. military?
Yes—at least for now. The Pentagon announced a designation but also set a removal timetable that spans months. That gap creates operational strain and political theater at once.
Dario Amodei and Anthropic pushed back; Anthropic is suing.
Anthropic says its guardrails are safety-first, not political grandstanding. The company confirmed the “Soul overview” was an internal draft and later published a fuller Constitution explaining its limits.
You should respect that tension: a private firm restricting potentially dangerous use cases, and a government insisting on access for defense purposes. In practice, that clash now sits in court and in procurement offices.
What is Claude’s “constitution”?
It’s a set of design and policy rules meant to shape Claude’s responses and behavior. The document emphasizes helpfulness and safety, and it explicitly rejects certain applications—like mass surveillance and autonomous kill chains.
Anthropic argues the limits are protective. The Pentagon treats them as a blemish on the supply chain.
When labels matter more than mechanics, trust erodes.
Designation carries weight, and the Pentagon has rarely used it against a U.S. firm. That weight can become a lever—pull it and vendors rethink what they offer and who they serve.
I’ve seen procurement pressure bend companies before. This feels less like a vulnerability discovery and more like a negotiation over values and capabilities. The department demands fewer guardrails; Anthropic refuses. Someone will blink first.
One more thing: watch the metaphors behind the rhetoric. Michael’s framing treated the model as if it were a Trojan horse inside military systems, while Anthropic’s restraint looked to some like a puppet with frayed strings—both images sell fear, not technical proof.
You should ask: if this were truly a backdoor risk—hardware or software letting a foreign power in—would the response be so measured? The precedents say no. So what else is happening under the cover of supply-chain language?