Pentagon Excludes Anthropic From Classified AI Deals

Amid a growing debate over Pentagon AI policy, three of the most powerful AI companies in the world — Microsoft, Google, and xAI — have agreed to let U.S. government agencies test their unreleased AI models before anyone else can use them. The goal: catch national security threats before they ship. The problem: the government doing the testing doesn't have the resources to do it properly.

At the same time, the Pentagon has expanded its classified AI partnerships to 8 companies — while publicly excluding Anthropic, the maker of Claude, amid an ongoing dispute over military AI autonomy. The result is a fractured government AI landscape where some of the most capable models remain off-limits to America's own defense infrastructure.

Pentagon AI Policy Shift: The U.S. Government Now Tests AI Before Launch

The new pre-launch vetting agreements with Microsoft, Google, and xAI mark a significant shift in how the U.S. handles AI risk. Instead of reviewing commercial AI models after they reach the public — the old standard — government evaluators now get exclusive early access to test AI systems for cybersecurity vulnerabilities and national security risks before any product launches publicly.

Think of it as a pre-market review process — similar to how the FDA (the U.S. Food and Drug Administration, the agency that tests drugs before they reach patients) works — but applied to AI. The analogy breaks down quickly: the FDA has decades of protocol, thousands of trained reviewers, and standardized testing frameworks. Government AI evaluators are building this infrastructure from scratch, against systems that grow more capable every six months.

Jessica Ji, Senior Research Analyst at CSET (the Center for Security and Emerging Technology, a nonpartisan policy research organization at Georgetown University), described the resource gap in blunt terms:

"They simply don't have the same amount of resources [as big tech companies], either like manpower, technical staff and also access to compute, to cull these models, to do rigorous testing."

That word — compute (the raw processing power required to run and evaluate large AI models at scale) — is the crux of the problem. Testing frontier AI models at the depth needed to find real security vulnerabilities requires data center infrastructure worth hundreds of millions of dollars. Government agencies cannot buy their way to parity when they are competing for the same physical hardware as the companies they are supposed to independently evaluate.

Pentagon's 8 Classified AI Partners — and Why Anthropic Was Excluded

The Department of Defense has expanded its classified AI partnerships to 8 technology companies, allowing them to integrate AI directly into sensitive military systems and workflows. Separately, the Pentagon reached deals with 7 companies to embed AI into classified military operations — the kind of work that involves battlefield intelligence summaries, targeting data analysis, and secure military communications infrastructure.

Notably absent: Anthropic. The exclusion stems from an ongoing public dispute over military AI autonomy — the concept of whether AI systems should be permitted to make lethal decisions without explicit human authorization at each step. Anthropic has been vocal about requiring human oversight in high-stakes decisions. The DOD's operational requirements appear to demand more flexibility than Anthropic is willing to grant.

The practical fallout from Anthropic's exclusion:

• Microsoft and Google are inside the classified partnership network — their models can be integrated into military and intelligence systems at the highest classification levels
• xAI (Elon Musk's AI company, founded in 2023) secured a pre-launch government vetting agreement despite being a newer market entrant compared to the other partners
• Anthropic's Claude is excluded, creating procurement fragmentation across government AI buyers who already use it commercially
• Agencies that rely on Claude for unclassified work operate under entirely different rules than those using Microsoft Copilot or Google Gemini in classified environments

Helen Toner, CSET Interim Executive Director, described what military AI actually looks like in operational practice: "A lot of modern warfare is based on people sitting in command centers behind monitors, making complicated decisions about confusing, fast-moving situations. AI systems can be helpful in terms of summarizing information or looking at surveillance feeds and trying to identify potential targets."

That description — AI as a decision-support tool, not an autonomous weapon — is almost precisely the line Anthropic says it wants to hold. The Pentagon, evidently, wants to define that line itself. The dispute is substantive, not procedural.

The Government AI Resource Gap No One Wants to Say Out Loud

The core tension in the pre-launch vetting framework is straightforward: the agencies tasked with evaluating AI for national security risks lack the staff, tools, and infrastructure to do it at the level the actual threat requires.

What Microsoft, Google, and xAI each bring to a pre-launch model evaluation:

• Thousands of AI safety engineers and red-teamers (specialists who probe AI systems for vulnerabilities the way ethical hackers probe networks — looking for harmful outputs, manipulation points, and gaps an adversary could exploit)
• Proprietary evaluation infrastructure built specifically for their own model architectures
• Direct access to model weights (the internal mathematical parameters that define how an AI reasons, responds, and can be manipulated)
• Months of internal safety evaluation before government review ever begins

Government evaluators work with limited compute access, smaller technical teams, and no standardized testing protocol covering the full attack surface (the complete range of ways a model can be misused, manipulated, or weaponized against U.S. interests). The vetting agreements provide earlier access than before — but they do not close the fundamental capability gap between the evaluators and the evaluated.

Andrew Lohn, CSET Senior Fellow and a primary U.S. advisor on AI and national security policy, described the offense-defense imbalance in AI security this way: "It is not clear yet who benefits between attackers and defenders. The real-world evidence so far shows offense mostly experimenting, while defenders are starting to be overwhelmed from too much help that could potentially be turned against them."

Translation: the same AI tools that help a government analyst process satellite imagery faster are available to adversaries. And right now, the independent government infrastructure to assess that difference at scale does not fully exist.

How China Bypasses U.S. AI Export Controls Without Agreements

While the U.S. builds voluntary pre-launch vetting frameworks with willing tech companies, China is pursuing the same AI capabilities through entirely different channels — most of which bypass export controls entirely.

CSET researchers testified before the U.S.-China Economic and Security Review Commission on what they describe as China's multi-vector AI acquisition strategy. The documented channels:

• State-sponsored cyberattacks: Operations including Titan Rain and Operation Aurora targeted U.S. research institutions and tech companies to exfiltrate (steal and transmit externally) AI model data, training datasets, and source code repositories
• Talent recruitment: Systematic recruitment of AI researchers who carry direct knowledge of proprietary model architectures — often through academic partnerships and international research programs that bypass standard export control screening
• Hardware smuggling: Circumventing U.S. chip export restrictions through third-party procurement networks in countries outside U.S. jurisdiction, acquiring AI accelerator chips (specialized processors designed for AI training workloads) despite formal import bans

Lohn's direct assessment on China's intent: "Despite banning the models and restricting chip purchases, they are certainly taking active steps to acquire the technology. That includes activities to acquire expertise, hardware, and models."

China does not need Microsoft's cooperation to evaluate a U.S. AI model. It is actively working to acquire the models directly — and the hardware to run them — through channels the pre-launch vetting agreements were never designed to address. The U.S. closes one door; China has three others actively open.

AI Skills Gap 2026: Entry-Level Job Requirements Have Doubled

Running alongside the national security story is a workforce crisis that affects every employer, not just defense agencies. As of 2026, entry-level job postings requiring AI skills have nearly doubled year-over-year — approximately a 100% increase in 12 months. Educational pipelines have not come close to matching that pace.

Ali Crawford, CSET Senior Research Analyst on AI workforce development, described the structural mismatch: "Educational institutions and employers are having to play catch-up to train young professionals in AI skills."

This workforce gap directly compounds the government AI governance problem. Every AI safety engineer hired by Microsoft, Google, or xAI is one fewer available to build independent government evaluation capacity. The pre-launch vetting agreements shift some evaluation burden back to the companies — but they don't transfer institutional knowledge, and they don't build the independent government capability needed to verify what those companies produce over the long term.

CSET's broader research, which analyzed over 260 million scientific publications across 90,000 mapped research clusters, points to a deeper structural fragility: the NIH-funded basic research that underpins entire AI-adjacent industries is itself underfunded relative to its economic output — amplifying talent shortages at every level of the pipeline, from universities through government agencies to defense contractors.

For developers, designers, analysts, and office workers watching this story: the AI skills gap is not a government-only problem. The same shortage that limits Pentagon AI evaluation capacity is the same shortage driving doubled AI job requirements across every industry. Building practical AI automation skills — from prompt engineering to workflow integration — is among the most in-demand capabilities cited in those doubled entry-level job postings. The window to develop these skills before they become baseline expectations is narrowing faster than most training programs anticipated. AI for Automation's free learning guides are a practical place to start — no technical background required.

Related Content — Get Started with AI Automation | AI Learning Guides | More AI News