Since the U.S. Department of Defense labeled Anthropic, the maker of Claude AI, a “supply chain risk,” the current administration has blacklisted Anthropic across all federal agencies after a disagreement about how the military can use the Claude platform. Anthropic refused to remove certain safeguards that block mass surveillance of Americans or powering fully autonomous weapons which resulted in the Pentagon putting Anthropic on a blacklist for all future defense work. Meanwhile, Claude became the top app on Apple’s U.S. App Store, even as the federal government ban took hold.
For government IT leaders and contractors, this isn't just a fight between a vendor and the Pentagon. It's a big moment for how AI is managed and assessed across the federal supply chain. This decision immediately raises questions about compliance, over-reliance on one vendor, and how to keep things running smoothly wherever Claude is used in government systems or tools.
What Happened Between Anthropic and the Pentagon
Secretary of War, Pete Hegseth labeled Anthropic a "supply chain risk to national security," using tough language usually saved for foreign adversaries. The federal government then publicly ordered all federal agencies to stop using Anthropic's technology. The Department of Defense has now given organizations a transition period to move away from using Claude.
The main disagreement: The Pentagon wants to use AI tools for any lawful purpose, with no restrictions. Anthropic insists on having clear rules including no mass surveillance of Americans and no using Claude to control fully autonomous weapons, all this grounded in safety and ethical concerns. Anthropic plans to challenge the government's decision, and many legal experts believe Anthropic has a strong legal case against the specific actions taken by the Department of Defense (DoD). This case could affirm existing rules and set new ones for how much control the government has over AI vendors' policies.
For agencies and regulated organizations using Claude, the biggest issue is not the legal battle, but what this “supply chain risk” label means for their current and future use of the platform.
Why This Matters for Federal AI and Cyber Risk
AI models like Claude are now deeply embedded in software and data systems as they power chatbots, analytics, security tools and automation. When one of these key models is labeled a supply chain risk, organizations must fully understand, if they don't already, just how much they depend on a single AI provider.
This leads to real risks: if you rely too much on one AI vendor for important or regulated work, a single government or legal decision can quickly become a nightmare for your operations and compliance. For the Department of Defense and all other federal agencies, this new designation when viewed in conjunction with existing rules presents additional challenges regarding vendor vetting and ongoing compliance monitoring.
NIST and other new guidelines say organizations should treat AI systems like other important technology assets, with clear risk categories, controls, and regular checks on third-party vendors. The Anthropic case shows that managing AI risks isn't just theory, it needs to be part of everyday IT and cybersecurity planning, especially if you're affected by federal supply chain actions.
What This Means FOR Sub-Contractors, Third Parties & the Supply-Chain
The Anthropic Supply Chain Risk designation highlights how deeply AI risk is now woven into the federal supply chain. This includes not just direct contractors, but also subcontractors, cloud providers, smaller SaaS companies, and any company that produces anything used by the federal government right down to nuts and bolts. Prime contractors may have to track AI use across multiple layers to make sure no restricted technology is involved in projects. This is bound to slow down procurement, raise due diligence costs, and create challenges for small suppliers who may not have strong compliance systems in place. Furthermore, small suppliers that currently use “supply chain risk labeled AI”, may suffer financial hardship, or even fail if they depend heavily on direct or indirect government business.
Non-Governmental Organizations and international organizations that get U.S. government funding or work with federal agencies face similar issues. The tools they use for research, fieldwork, or humanitarian work may need to be checked or redesigned to meet new supply chain and AI rules.
In short, everyone involved from big contractors to small suppliers to NGOs should expect AI to be part of security checks, grant requirements, and compliance paperwork. They need to plan for this with clearer contracts, better tracking, and alternative options.
How JANUS Associates Can Help
The dispute between Anthropic and the Pentagon shows that managing AI risks is now a key part of the federal supply chain, cybersecurity, and IT governance. JANUS Associates helps government and regulated organizations include AI in their existing cybersecurity, risk assessment, and compliance programs in a practical and defensible way.
JANUS can help you assess how and where AI is used in your organization, review the impact on security and data integrity, and make sure your controls line up with NIST, FISMA, ISO 27001, and all other standards and compliance requirements. As part of these services, our team supports compliance audits and control mapping for AI in areas such as access control, data storage, logging, vendor management, and third-party risk.
JANUS also helps executive teams include AI platforms and models in their broader business continuity and resilience plans, with playbooks for rapid provider changes and clear communication with contracting officers and regulators. If your organization uses Claude or other third-party AI platforms, and is ready to prepare for the future, JANUS Associates helps you build a secure and practical AI governance and risk management plan.
