X

Drawing the Line: The Boundaries of U.S. Military AI Deployment

06 10, 2026

According to a May 1, 2026, statement released by the U.S. Department of War, formerly the U.S. Department of Defense, eight artificial intelligence (AI) companies—SpaceX, OpenAI, Google, NVIDIA, Reflection, Microsoft, Amazon Web Services, and Oracle—have reached agreements with the Department to deploy frontier AI capabilities on its classified Impact Level 6 (IL6) and Impact Level 7 (IL7) network environments for “lawful operational use.” The announcement indicated that the deployments are intended to “streamline data synthesis, elevate situational understanding, and augment warfighter decision-making,” while emphasizing that this multi-vendor approach would help avoid AI vendor lock-in to maintain long-term flexibility for the Joint Force. The statement also disclosed that GenAI.mil, the Department’s official AI platform, had been used by over 1.3 million personnel within five months of its launch, generating tens of millions of prompts and deploying hundreds of thousands of AI agents. These developments suggest that the U.S. military is extending its utilization of generative AI from open or lower-classification environments into more sensitive operational workflows.

This shift reflects a persistent emphasis within the U.S. defense establishment on deployment speed. In a January 12, 2026, Department of War press release on the Artificial Intelligence Acceleration Strategy, Secretary of War Pete Hegseth stated that the United States would “unleash experimentation, eliminate bureaucratic barriers, focus our investments and demonstrate the execution approach needed to ensure we lead in military AI.” The document outlines warfighting, intelligence, and enterprise operations as three core tenets, and establishes seven Pace-Setting Projects (PSPs) including “Swarm Forge,” “Agent Network,” and “Ender’s Foundry.” The objective is to shorten the cycles required for model integration, operational testing, intelligence conversion, and daily workflow modernization. The repeated emphasis on speed, execution, and scale underscores the U.S. military’s determination to incorporate Silicon Valley-style rapid iteration into its defense capability development.

The Pentagon in Washington, D.C., headquarters of the Department of War. 

Source: Reuters

Yet as deployment accelerates, the question of where to draw the boundaries becomes increasingly prominent. In March 2026, a dispute involving Anthropic brought these tensions to the forefront. Reuters reported on March 5 that the Pentagon had designated Anthropic as a “supply-chain risk,” restricting the use of its technology in U.S. military contracts. According to Reuters, the decision stemmed from disagreements over restrictions on the usage of Claude, particularly regarding fully autonomous weapons and high-risk applications such as domestic mass surveillance.

The Anthropic case crystallizes a long-standing challenge in military AI governance: can frontier model developers maintain their ethical boundaries within national security systems? Can the military request that companies relax restrictions under the banner of “lawful use”? Furthermore, once a model is integrated into operational workflows through systems integrators like Palantir, how should responsibility be distributed among model developers, integrators, contractors, frontline operators, and commanders?

01 From Experimentation to Classified Networks: Commercial AI Enters Military Infrastructure

Understanding the latest developments in U.S. military AI requires looking beyond any single model or company and recognizing a shift in how military AI capabilities are generated. Previously, U.S. military AI initiatives typically centered on discrete projects, such as image recognition, unmanned platform control, AI-assisted intelligence analysis, or administrative workflow automation. The current shift lies in the fact that frontier models, cloud infrastructure, and operational data are beginning to be interconnected within classified networks, creating an enduring system for generating military AI capabilities that can be continuously accessed and upgraded.

According to a Department of War press release issued on January 12 on the Artificial Intelligence Acceleration Strategy, GenAI.mil is described as an enterprise initiative that provides Department-wide access to frontier generative AI models at Impact Level (IL-5) and above. Concurrently, the Agent Network is utilized for campaign planning, battle management, and decision support; Open Arsenal focuses on the rapid conversion of technical intelligence into capability development; and Ender’s Foundry emphasizes AI modeling and simulation feedback. This configuration suggests that generative AI within the U.S. military is no longer limited to basic text generation or coding assistance, but is being embedded in institutional designs for operational concept development, intelligence conversion, and decision support.

Changes in procurement structures are equally significant. According to Breaking Defense on May 1, the Department of War initially announced a list of seven companies, later adding Oracle to bring the total to eight firms authorized for deployment in IL6 and IL7 environments. The official announcement stated that this approach is intended to prevent “AI vendor lock.” While presented as an issue of procurement flexibility, the strategy also quietly reshapes the power structure regarding boundary setting. By integrating models from multiple providers simultaneously, the military dilutes the ability of any single company to enforce its own usage policies, shifting the effective constraints toward government procurement terms, classified network access rules, and operational requirements.

A Google contract offers a more detailed perspective on these dynamics. On April 28, Reuters, citing The Information, reported that Google had signed a classified agreement to supply AI models to the Pentagon for classified work. The agreement permits the Pentagon to use Google’s AI for “any lawful government purpose,” while incorporating restrictive language stipulating that the AI systems should not be used for domestic mass surveillance or in autonomous weapons lacking appropriate human supervision and control. However, the report noted that the agreement does not grant Google the authority to veto lawful government operational decisions. A Google spokesperson told Reuters that providing commercial model API access under industry-standard practices and terms represents a “responsible approach” to supporting national security.

Such contractual wording outlines a core logic in U.S. military AI deployment: companies may assert ethical principles and retain certain restrictions on high-risk use, but once a model enters classified networks, the authority over specific operational decisions rests primarily with the government, guided by law, mission requirements, and contractual interpretation. For the military, this reduces the risk of a vendor vetoing a mission in real time; for companies, it suggests that their publicly stated AI ethics principles may not fully translate into verifiable constraints within classified operational environments.

U.S. Under Secretary of War for Research and Engineering Emil Michael and Chief Digital and Artificial Intelligence Officer Cameron Stanley visit GenAI.mil Excite Day.

Source: U.S. Department of War

Developments on the front lines further complicate this landscape. According to a Breaking Defense report on May 12, U.S. Chief Digital and AI Officer Cameron Stanley stated at the SCSP AI+Expo that Operation Epic Fury utilized Palantir’s Maven Smart System to conduct strike missions across the entire battle space in Iran, involving 13,000 targets over 38 days. He noted that AI tools enabled forces to aggregate and synthesize data, allowing them to “make better decisions, faster, on the battlefield.” This indicates that military applications of AI have moved beyond back-office tasks or routine intelligence processing into sensitive areas like target generation, mission coordination, and battlefield situation assessment.

Reports concerning operations in Venezuela illustrate another way in which AI may become involved in highly sensitive missions. According to a Reuters report on January 3, the United States carried out Operation Absolute Resolve to capture former Venezuelan President Nicolás Maduro and his wife, an operation involving long-term intelligence preparation, special forces insertion, support from multiple types of military aircraft, and strikes on military targets around Caracas. Subsequently, on February 13, Reuters, citing The Wall Street Journal, reported that Claude, Anthropic’s AI model, had been utilized in the U.S. military operation to capture Maduro through the company’s partnership with Palantir.

These cases collectively demonstrate a critical change: once integrated into military systems, commercial AI models may not directly “pull the trigger,” but they can profoundly shape the information environment for human decision-making within the operational chain, including threat interpretation, target prioritization, and the speed of human review. If the role of AI remains purely supportive, accountability rests primarily with the human chain of command; however, when AI-generated outputs help shape target lists, mission sequencing, and operational recommendations, new ambiguities emerge regarding boundaries and responsibility.

02 Who Draws the Line: The Interplay of Industry, the Military, and Law

U.S. military AI governance currently operates under a structured framework of principles. The Department of Defense, as it was then known, adopted Ethical Principles for Artificial Intelligence in 2020, released the Responsible Artificial Intelligence Strategy and Implementation Pathway in 2022, and updated DoD Directive 3000.09, Autonomy in Weapon Systems, in 2023. Additionally, the U.S. Department of State has promoted a Political Declaration on Responsible Military Use of Artificial Intelligence and Autonomy, which emphasizes that military AI should comply with international law and calls for appropriate levels of human judgment, testing and assurance, and oversight and accountability mechanisms. The challenge lies in translating these high-level principles into concrete implementation standards for generative AI and agentic workflows.

According to DoD Directive 3000.09, autonomous and semi-autonomous weapon systems are to be designed to allow commanders and operators to exercise “appropriate levels of human judgment” over the use of force. Personnel who authorize, direct, or operate these systems are required to act with appropriate care in accordance with the law of war, applicable treaties, weapon safety rules, and rules of engagement. The directive also mandates verification, validation, testing, and evaluation of hardware and software to minimize the probability and consequences of unintended engagements by autonomous systems.

While these normative requirements are significant, the phrase “appropriate levels” leaves substantial room for interpretation. Case materials from the International Committee of the Red Cross (ICRC) also note that “appropriate” in U.S. policy is a flexible concept rather than a fixed standard of human judgment applicable to all scenarios. In practice, this flexibility has a military rationale, given the variance in weapon systems, operational environments, and mission risks. However, as generative AI becomes integrated into intelligence synthesis, target prioritization, operational planning, and autonomous agent workflows, such flexibility may leave oversight standards overly abstract.

U.S. Department of Defense Directive 3000.09. 

Source: U.S. Department of War

Members of the U.S. Congress have begun to recognize these regulatory gaps. According to a Military Times report on May 20, Senator Joni Ernst stated during a Senate Subcommittee on Emerging Threats and Capabilities hearing that the Department of Defense’s “policy architecture really has to scale with it,” adding that “this is where we probably lag behind.” The report also noted that the administration requested an increase in the budget for the Defense Autonomous Working Group from $225 million in the current fiscal year to $55 billion for fiscal year 2027. Ernst expressed concern that AI-driven targeting is being integrated with autonomous munitions at a pace that DoD Directive 3000.09 had not been designed to contemplate. Under Secretary of War for Research and Engineering Emil Michael acknowledged during the hearing that policy on autonomous weapons “absolutely needs updating,” citing increased capability potential, the evolving threat environment, and operational lessons learned in Iran.

The conflict over boundary setting operates across at least three distinct levels: legal baselines (domestic law, the law of war, international humanitarian law, and rules of engagement); procurement contracts and usage terms (such as “any lawful government purpose” or “lawful operational use”); and AI companies’ self-imposed model policies (prohibiting mass surveillance, restricting fully autonomous weapons, and requiring human oversight). The primary challenge arises when these three boundaries diverge. Legal baselines may be broader, corporate policies may be narrower, and the military tends to prioritize speed and mission continuity during high-intensity operations.

The Anthropic controversy illustrates this misalignment. Reports from Reuters indicate that Anthropic refused to remove safety guardrails on Claude regarding autonomous weapons and domestic surveillance, while the Pentagon maintained that corporate standards should not restrict applications that comply with applicable law. In public statements, Dario Amodei sought to separate corporate ethics from operational decisions, arguing that private firms should not intervene in specific operations while maintaining that companies should still be able to maintain high-level usage boundaries. The military’s perspective is the opposite: operational decisions belong to the government and armed forces, and vendors should not elevate proprietary policies above legally authorized military missions. This division lacks a straightforward resolution. Permitting companies to maintain unilateral restrictions within classified systems could impair the availability of tools during critical missions, effectively transferring some security decisions to corporations lacking democratic mandates. Conversely, relying solely on broad “lawful use” terms to define boundaries could weaken corporate safety commitments, internal ethics review, public oversight, and congressional accountability. A more viable approach may involve establishing clearer, tiered regulations beyond both corporate and military discretion, allowing boundaries to undergo prior review, real-time logging, and after-action accountability.

03 How to Oversee: The Visibility Gap in Classified Networks

It is far more difficult to oversee military AI than ordinary defense projects. Conventional weapon systems operate with relatively clear physical platforms, procurement contracts, testing standards, and chains of command. In contrast, generative AI can be integrated into systems via APIs, plugins, workflows, AI agents, or embedded modules. It may not be procured under the designation of a “weapon,” yet it can substantially influence the use of force through mission planning, target identification, intelligence synthesis, and battlefield management. In its February 2026 report Responsible Procurement of Military Artificial Intelligence, the Stockholm International Peace Research Institute (SIPRI) notes that AI is generally an enabling technology embedded within platforms, systems, processes, or functions, and that a single weapon system may simultaneously incorporate multiple AI components for decision support, sensor data fusion, pattern recognition, predictive maintenance, or autonomous navigation. Consequently, the focus of governance has expanded from individual platforms to algorithmic capabilities distributed across systems and workflows.

Classified networks further narrow the space for external oversight. Because IL6 and IL7 environments handle highly sensitive information, external researchers, media outlets, civil society organizations, and even some members of Congress struggle to access complete technical details. Non-disclosure clauses in contracts may also prevent companies from publicly clarifying how models are deployed, how prompts are structured, whether safety filters are adjusted, or how outputs are incorporated into mission workflows. Public visibility is frequently limited to official statements, sporadic disclosures from anonymous officials, fragments of congressional hearings, and post-incident investigation reports.

This visibility gap directly undermines accountability. If a strike results in civilian casualties, assigning responsibility requires knowing the basis for target selection, whether the information was obsolete, whether a model influenced target prioritization, whether human review was sufficient, whether the commander understood system confidence levels, whether a contractor provided a faulty interface, and whether operational logs were preserved. Without these records, phrases like “human-in-the-loop” risk becoming purely procedural expressions. Human judgment carries substantive weight only when operators possess adequate information, sufficient time, genuine veto authority, and traceable records.

The U.S. military maintains certain oversight structures. DoD Directive 3000.09 calls for verification, validation, testing, and evaluation, requiring commanders and operators to understand system capabilities and limitations, and subjects relevant systems to legal review. The Responsible Artificial Intelligence Strategy and Implementation Pathway also emphasizes traceability, reliability, and governability. However, these arrangements focus primarily on general requirements prior to and following system development, procurement, and deployment. Managing continuous model updates, multi-step agent workflows, dynamic prompting, and multi-system integration requires more detailed technical standards. These include specifying which tasks require mandatory input-output logging, which high-risk recommendations must display data sources and confidence levels, which adjustments to safety settings must be registered, which AI calls in classified environments must undergo independent auditing, and which contractors must cooperate with incident investigations.

People attend the funeral of victims following a reported strike on a school in Minab, Iran, March 3, 2026

Source: Reuters

The Minab school incident offers a sobering illustration of these oversight challenges. According to an Associated Press (AP) report, new footage indicates that a munition, identified by experts as likely a U.S. Tomahawk cruise missile, struck a compound in southern Iran, meters from the Minab school where a February 28 explosion resulted in at least 165 deaths. The AP, citing experts and satellite imagery analysis, reported that the school may have been hit during consecutive strikes targeting a nearby Revolutionary Guard facility; a U.S. official familiar with internal discussions stated anonymously that the strike was “very likely” conducted by the U.S. However, the AP noted that no independent organization had been able to enter the area during the conflict to investigate, leaving assessments limited.

Because public materials are insufficient to demonstrate that a specific large AI model or the Maven system caused the school to be hit, this analysis does not directly attribute the incident to an AI system. However, the event illustrates typical risks within high-speed target generation environments: target databases may be outdated, field verification may be insufficient, adjacent civilian objects may be misidentified, and subsequent responsibility may become diffuse due to secrecy and multi-party collaboration. If an AI system performs data synthesis, target prioritization, or battle damage assessment in such scenarios, it may not be a direct actor in a legal sense, but may still play a significant role in affecting decision quality.

Janina Dill, an expert on international law at the University of Oxford, noted in the AP report that even if an attacking party mistakenly believed a school was part of an adjacent military base, it remained obligated to take all feasible measures to verify the status of the target. A March 2026 position paper by the ICRC also emphasized that autonomous weapon systems, once activated, can select and apply force to targets without further human intervention, meaning users may be unable to determine in advance the specific target or the precise time and location of the attack. The organization maintains that while existing international humanitarian law applies to autonomous weapons, it does not fully address all humanitarian, legal, and ethical questions, necessitating clearer international rules.

This principle applies equally to the integration of commercial AI into military networks. Even if generative AI does not directly select and attack targets, its involvement in shaping target perceptions, risk assessment, and operational tempo requires a corresponding, auditable framework. Oversight should focus not only on whether a human gives the final authorization, but also on how algorithmic recommendations are generated, whether humans genuinely comprehend those recommendations, how model errors are detected, and whether accountability records are sufficient to support post-incident investigations.

04 How to Ensure Accountability: From “Lawful Use” to Chains of Responsibility

Accountability remains one of the hardest parts of military AI governance to implement. An operational AI system is typically composed of multiple entities: model developers supply the base model, cloud providers deliver the computing and deployment infrastructure, systems integrators design the workflows, military departments define mission requirements, frontline personnel utilize the tools, and commanders grant authorizations. Any operational error can involve multiple links, including data quality, model performance, interface design, training adequacy, operator execution, command decisions, and legal review. Without clear record-keeping, responsibility can easily become diluted across system recommendations, human confirmation, contractor tools, and operational secrecy.

From a corporate perspective, model developers frequently attempt to manage risk through usage policies, restrictive clauses, and safety filters. Anthropic emphasized two specific prohibitions in its public statements, and Google’s contract reportedly incorporates language stating that the systems should not be used for  domestic mass surveillance or in autonomous weapons lacking appropriate human oversight. However, when contracts simultaneously stipulate that companies cannot veto lawful government operational decisions, corporate restrictions can function as soft principles rather than binding constraints. Even if companies retain the right to terminate partnerships in the future, ongoing military missions may be insulated from timely external review due to secrecy and operational urgency.

From a military perspective, the armed forces must maintain operational command authority and legal accountability. Amodei’s statement that “the Department of War, not private companies, makes military decisions” effectively acknowledges this point as well. However, holding ultimate decision-making authority does not automatically ensure a clear chain of responsibility. If a strike recommendation is generated by a model, integrated by a contractor platform, rapidly confirmed by a human operator, and authorized by a commander based on an automated summary, a post-incident investigation must determine whether each participant exercised appropriate care. This involves evaluating not just who authorized the action, but who configured the model’s permissions, who approved alterations to safety filters, who authorized the use of outdated data, who shortened the window for human review, and who ignored system confidence levels and anomaly alerts.

A Parrot ANAFI USA drone utilized by the U.S. Air Force’s 378th Expeditionary Logistics Readiness Squadron

Source: Breaking Defense

Institutionally, the United States has at least three oversight channels. The first is congressional oversight and budget review. The proposed expansion of the Defense Autonomous Working Group’s budget from $225 million to $55 billion has drawn public questioning from senators regarding policy updates, indicating that Congress is bringing autonomous weapons and AI targeting into budgetary accountability. The second channel is judicial review. Anthropic’s legal challenges to its supply chain risk designation give courts an opportunity to evaluate whether the executive branch can override a vendor’s technical policies and commercial interests on national security grounds. The third channel involves procurement and administrative regulation, where vendor access, contract stipulations, operational authorizations, testing and evaluation, and safety filings can all serve as institutional mechanisms for moving accountability upstream.

Each of these channels possesses distinct structural limitations. Congressional oversight frequently encounters gaps in access to classified data and the delayed nature of post-hoc inquiries; judicial review focuses primarily on corporate rights, administrative procedures, and contractual disputes rather than operational details; and procurement oversight can be compromised by institutional pressure to accelerate deployment. The regulatory approach of the Trump administration also influences the stringency of external constraints. A December 11, 2025, executive order, Ensuring a National Policy Framework for Artificial Intelligence, sought to maintain U.S. AI advantages through a national framework with minimal regulatory burdens and established an AI Litigation Task Force to challenge state-level regulations that conflict with federal policy. Conversely, state-level measures like New York State’s RAISE Act require large frontier model developers to disclose safety protocols and report major harm incidents to the state government within 72 hours after determining that such an incident has occurred. This tension between federal emphasis on uniformity and burden reduction and state-level prioritization of transparency and safety has a real impact on the external safety obligations imposed on commercial AI firms.

For military AI, efforts to reduce regulatory burdens in civilian AI governance may reduce friction in defense procurement, but they can also restrict public and state-level oversight of frontier model risks. If federal policy prioritizes speed and uniform standards while military contracts rely on broad “lawful use” provisions, oversight within classified systems will depend even more heavily on internal Department of War procedures, congressional committees, and a small number of judicial cases. Such internal mechanisms can be effective, but transparency and institutional trust will inevitably be diminished.

Improving accountability mechanisms requires shifting from abstract principles toward concrete record-keeping. High-risk military AI usage should involve the retention of five categories of records: model versions and safety configurations; input data sources and update dates; system outputs alongside associated confidence metrics; human review logs, including instances where recommendations were overridden; and commander authorizations accompanied by legal review documentation. If contractor platforms are involved, contractors’ obligations to provide data and technical explanations during investigations must be clearly defined. For operations carrying risks of civilian casualties, more rigorous human review windows and independent legal review requirements appear necessary. While these measures may not eliminate operational errors, they can prevent responsibility from being obscured by technological complexity.

05 Boundary Spillover in the Context of International Competition

The acceleration of U.S. military AI deployment occurs against a backdrop of China-U.S. technological competition and the global diffusion of defense capabilities. The U.S. approach focuses on rapidly linking commercial models, cloud platforms, semiconductor firms, and defense requirements to leverage the private technology sector to increase deployment speed. In contrast, China’s strategy relies more heavily on state-level planning, civil-military fusion, and centralized defense procurement to build intelligent capabilities. A report released by the Center for Security and Emerging Technology (CSET) in April 2026 analyzed 2,857 AI-related contract awards issued by the People’s Liberation Army (PLA) between 2023 and 2024, noting that state-owned defense conglomerates and research institutes remain important actors in Chinese AI-related military procurement, alongside an expanding role for non-traditional vendors. The report suggests that this diversification may accelerate the diffusion of AI-related capabilities within the Chinese military, while complicating U.S. efforts to restrict Chinese military modernization.

Concurrently, a Reuters investigation published in October 2025 regarding the military utility of DeepSeek indicated that AI models, domestic semiconductors, robotics, unmanned systems, and battlefield planning are being integrated into China’s military modernization initiatives. However, public materials also reveal ongoing uncertainties regarding capabilities, data quality, reliability, and supply chain dependencies. Framing China-U.S. military AI competition purely as a binary narrative of absolute leadership by one nation can obscure a more immediate challenge: both countries are pursuing faster data processing and decision-making speeds, and both face shared risks regarding human control, accountability, unintended escalation, and technology proliferation.

International regulatory frameworks continue to lag behind the pace of deployment. The U.S.-led Political Declaration on Responsible Military Use of Artificial Intelligence and Autonomy establishes normative initiatives but carries limited binding legal authority. The ICRC and the UN Secretary-General have called for the negotiation of new, legally binding international rules for autonomous weapons, with a view to concluding the process by 2026. However, major military powers remain divided over the definition of autonomous weapons, the scope of prohibitions, human control standards, and verification mechanisms. For the emerging phenomenon of commercial AI integration into military networks, international governance lacks mature rules; other states and international organizations have few mechanisms to verify the specific applications of a private vendor’s model integrated into a country’s classified military network via a third-party systems integrator.

Such boundary spillover may also occur within alliance systems. As the U.S. integrates multiple commercial AI vendors into its classified networks, the synchronization of auditing standards and liability rules will become critical when sharing AI-generated intelligence, target recommendations, or operational support tools with NATO allies, AUKUS partners, and other security partners. Different allies may not have consistent requirements for AI output reliability, data provenance, human review protocols, or international humanitarian law assessments, which will complicate the allocation of responsibility during joint operations.

Consequently, evaluating the trajectory of U.S. military AI requires looking beyond technological leadership or procurement expansion to examine whether legitimacy, reliability, and accountability are systematically embedded into deployment mechanisms. If capability expansion outpaces oversight frameworks, short-term efficiency gains may come with long-term legal, diplomatic, and alliance-related costs. Conversely, overly rigid regulatory frameworks could impair the U.S. military’s technological adaptability in high-intensity competition. A balanced policy strategy would involve establishing binding constraints for critical high-risk processes while preserving flexibility for low-risk administrative and auxiliary tasks, and linking the two through structured auditing and incident investigation mechanisms.

Source: Reuters

The integration of commercial AI into U.S. military classified networks marks a structural alignment between the defense establishment and the commercial technology ecosystem. While it may enhance data processing, intelligence synthesis, situational awareness, and mission coordination, it also gradually alters the military’s patterns of dependency on commercial vendors, foundational models, compute resources, and cloud platforms. The May 1, 2026, eight-company network integration agreement, the Anthropic supply chain risk controversy, Google’s “any lawful government purpose” contract language, and the deployment of Maven during operations involving Iran collectively indicate that military AI is moving from an experimental tool toward institutionalized deployment.

To date, the United States has a baseline of governance mechanisms, including responsible AI principles, DoD Directive 3000.09, the Political Declaration, procurement reviews, and congressional oversight. However, these systems still need to confront the new challenges posed by large AI models and agentic workflows. Abstract requirements for “human judgment” must be translated into concrete procedures, broad “lawful use” terms must undergo verifiable review, corporate ethical commitments must be formalized as contractual obligations and log records, and AI calls within classified networks should also be subject to independent oversight within secure limits. Such measures would help ensure that the boundaries of military AI do not remain at the level of statements and principles, but instead take shape as enforceable, traceable, and accountable institutional arrangements.

Author

Zhang Aoran

References

1.https://www.war.gov/News/Releases/Release/Article/4475177/classified-networks-ai-agreements/

2.https://www.reuters.com/world/us/anthropic-says-it-will-challenge-pentagons-supply-chain-risk-designation-court-2026-02-28/

3.https://www.reuters.com/technology/pentagon-informed-anthropic-it-is-supply-chain-risk-official-says-2026-03-05/

4.https://www.reuters.com/technology/anthropic-seeks-court-stay-pentagon-supply-chain-risk-designation-2026-03-12/

5.https://www.reuters.com/business/retail-consumer/big-tech-group-tells-pentagons-hegseth-they-are-concerned-about-declaring-2026-03-04/

6.https://www.anthropic.com/research/glasswing-initial-update

7.https://blog.cloudflare.com/cyber-frontier-models/

8.https://cyberscoop.com/anthropic-mythos-software-flaws-glasswing/

9.https://www.reuters.com/business/anthropic-roll-out-claude-mythos-coming-weeks-launches-opus-48-2026-05-28/

10.https://defensescoop.com/2026/05/07/dod-planning-to-address-compute-bottleneck-ai-proliferation/

11.https://federalnewsnetwork.com/defense-news/2026/05/dod-strikes-deals-with-major-tech-firms-to-deploy-ai-on-classified-networks/

12.https://www.reuters.com/business/nvidia-backed-reflection-ai-eyes-25-billion-valuation-wsj-reports-2026-03-26/

13. https://reflection.ai/

14.https://www.reuters.com/business/media-telecom/huawei-ascend-supernode-support-deepseek-v4-2026-04-24/

15.https://www.reuters.com/world/china/deepseek-v4-chinese-ai-model-adapted-huawei-chips-2026-04-24/

16.https://www.reuters.com/world/china/big-chinese-tech-firms-scramble-secure-huawei-ai-chips-after-deepseek-v4-launch-2026-04-29/

17.https://www.reuters.com/world/china/chinas-deepseek-make-permanent-75-price-cut-flagship-v4pro-ai-model-2026-05-23/

18.https://www.gov.cn/zhengce/content/2017-07/20/content_5211996.htm

19.https://www.scio.gov.cn/gwyzclxcfh/cfh/2017n_14540/2017n07y21r_14662/wjxgzc_14668/202208/t20220808_298141.html

20.https://media.defense.gov/2025/Dec/23/2003849070/-1/-1/1/ANNUAL-REPORT-TO-CONGRESS-MILITARY-AND-SECURITY-DEVELOPMENTS-INVOLVING-THE-PEOPLES-REPUBLIC-OF-CHINA-2025.PDF

21.https://cset.georgetown.edu/publication/chinas-military-ai-wish-list/

22.https://cset.georgetown.edu/wp-content/uploads/CSET-Chinas-Military-AI-Wish-List.pdf

23.https://casebook.icrc.org/a_to_z/glossary/fundamental-principles-ihl

24.https://ihl-databases.icrc.org/en/customary-ihl/v1/rule7

25.https://www.icrc.org/en/document/principles-international-humanitarian-law-distinction-proportionality-have-direct-bearing

26.https://www.esd.whs.mil/portals/54/documents/dd/issuances/dodd/300009p.pdf

27.https://www.state.gov/wp-content/uploads/2023/10/Latest-Version-Political-Declaration-on-Responsible-Military-Use-of-AI-and-Autonomy.pdf

28.https://2021-2025.state.gov/bureau-of-arms-control-deterrence-and-stability/political-declaration-on-responsible-military-use-of-artificial-intelligence-and-autonomy/

29.https://2021-2025.state.gov/political-declaration-on-the-responsible-military-use-of-artificial-intelligence-and-autonomy/

30. https://www.cnas.org/publications/cnas-insights/setting-the-rules-for-ai-warfare

31.https://apnews.com/article/iran-minab-girls-school-airstrike-us-israel-c3095dc9729881b567277a1c5c47efb2

32.https://apnews.com/article/2ffff06808f7a584b0a03831897ab0b8

33.https://apnews.com/article/3f55b6ca193a3295bef5735a45a06368

34.https://www.latimes.com/world-nation/story/2026-03-12/outdated-intel-likely-led-u-s-to-carry-out-deadly-strike-on-iranian-elementary-school-sources-say

35.https://www.theguardian.com/global-development/2026/mar/03/minab-school-bombing-how-the-worst-mass-casualty-event-of-the-iran-war-unfolded-a-visual-guide

36.https://disarmament.unoda.org/en/our-work/emerging-challenges/lethal-autonomous-weapon-systems

37.https://www.stopkillerrobots.org/news/156-states-support-unga-resolution/

38.https://www.reuters.com/sustainability/society-equity/nations-meet-un-killer-robot-talks-regulation-lags-2025-05-12/

39.https://arxiv.org/abs/2603.21280

40.https://arxiv.org/abs/2605.00245

41.https://www.war.gov/News/Releases/Release/Article/4376420/war-department-launches-ai-acceleration-strategy-to-secure-american-military-ai/

42.https://www.war.gov/News/News-Stories/Article/Article/3892427/defense-leaders-combine-top-down-guidance-with-frontline-expertise-to-develop-c/

43.https://www.war.gov/News/Releases/Release/article/3278076/dod-announces-update-to-dod-directive-300009-autonomy-in-weapon-systems/

44.https://www.reuters.com/world/progress-rules-lethal-autonomous-weapons-urgently-needed-says-chair-geneva-talks-2026-03-03/

45.https://www.whitehouse.gov/fact-sheets/2025/12/fact-sheet-president-donald-j-trump-ensures-a-national-policy-framework-for-artificial-intelligence/


Original URL: 

https://mp.weixin.qq.com/s/RWrRal-qa7DRPbwwVTBO2w?scene=1&click_id=3



上一篇:下一篇: