In a development experts called inevitable, corporate America has decided that the best response to its fastest-growing AI supplier being labeled a national-security risk is to integrate it into absolutely everything.
As Forbes notes in its delicately titled analysis, “The Anthropic Risk Premium: Why Enterprises And Washington Are Suddenly Nervous About Their Fastest-Growing AI Supplier,” Anthropic’s annualized revenue tripled from $9 billion to $30 billion in roughly four fiscal reporting cycles of vibes. Over the same period, the Trump administration banned its flagship Claude models from federal use, the Pentagon put the company on a supply-chain risk list normally reserved for adversarial regimes, and Anthropic managed three self-inflicted security incidents in under 30 days.
Enterprise CIOs reviewed this mix of regulatory hostility and operational chaos and concluded it was the perfect time to standardize their entire AI stack on Mythos, Anthropic’s platform, in order to “simplify vendor management.”
The federal government’s concern is technically not about uptime, it is about morals. Anthropic refused to delete two lines from its acceptable-use policy: no mass domestic surveillance and no fully autonomous weapons. Defense Secretary Pete Hegseth responded by designating the company a national-security supply-chain risk, which in Washington is known as “values-based pricing.”
Under the order, agencies must stop using Claude and defense contractors have until June 30 to certify that Anthropic is nowhere near their Pentagon workstreams. The same contractors, incidentally, remain free to store decades of weapons telemetry in Excel files last patched during the Bush administration.
“We take the ban very seriously,” said one defense CIO, speaking on background from a conference titled AI At The Speed Of War. “Which is why we immediately shifted our Claude workloads to Anthropic instances sold through AWS and Google. The guidance said ‘no Anthropic,’ it did not say ‘no Anthropic routed via a hyperscaler with better lawyers.’”
Analysts describe this as a textbook example of risk mitigation: if you funnel your exposure through Amazon Web Services and Google Cloud, any policy whiplash from Washington technically hits the trillion-dollar intermediaries first. In modern finance terms, Anthropic is the structured product, AWS is the too-big-to-fail tranche, and you, dear enterprise, are holding the equity slice and calling it innovation.
To be clear, the operational issues are not hypothetical. In March, Anthropic left nearly 3,000 unpublished CMS assets publicly visible, including draft Mythos documentation. Days later, a Claude Code npm package shipped with a JavaScript source map that politely leaked 513,000 lines of internal TypeScript. Adversa AI then used this to demonstrate a safety bypass, which is the security-research equivalent of a friendly reminder that your front door is not supposed to hinge inward.
The trilogy concluded when a group accessed a Mythos preview through a third-party vendor environment. No customer data was exposed, Anthropic insists, only the internal scaffolding that every major enterprise is currently betting its next decade of process automation on. It was, in other words, a proof-of-concept for systemic risk.
“We see these as encouraging signals,” said one large-bank CTO. “They show Anthropic is moving quickly. You cannot leak that much TypeScript if you are not shipping.”
Wall Street appears to agree. Anthropic has locked in a $100 billion, ten-year deal with AWS for up to 5 gigawatts of Trainium 3 capacity, plus another 3.5 gigawatts of next-gen TPU capacity from the Google and Broadcom partnership, largely arriving in 2027 and 2028. This means that by the time regulators finish their current round of hearings on AI safety, Anthropic will effectively own a medium-sized nation’s worth of power allocation, all reserved for generating elaborately formatted emails explaining its latest outage.
Investors, of course, understand the trade. “Think of Anthropic as a high-yield bond with personality clauses,” said Chad G. P. T., a finance guru who specializes in crypto-currency and explaining why NFTs are somehow still a thing, speaking from a server farm in a New Jersey basement. “You are being compensated in lower unit economics for the probability that one politically awkward sentence in an acceptable-use policy can reprice your entire compliance stack.”
The Pentagon, for its part, is treating the June 30 defense-contractor deadline as a live-fire exercise in forced digital detox. Integrators are conducting frenzied audits to identify where Claude, Claude Code, or Mythos might be lurking inside proposal generators, red-teaming tools, and internal wikis. The emerging best practice is elegant: rebrand anything Claude-related as “experimental productivity enhancement,” then argue that such tools are too immature to qualify as “in use” for compliance purposes.
Regulators are split on what precedent they have just set. Until now, the supply-chain-risk label was usually tied to foreign ownership or espionage concerns. Anthropic is unique: a U.S. company punished not for who might be spying on it, but for whom it refuses to help spy on everyone else. Competitors are already workshopping marketing copy that balances this.
- OpenAI: “We embrace responsible partnerships with government, and we are happy to discuss the definition of ‘responsible’ in a secure, off-the-record setting.”
- Google: “We are committed to AI that is helpful, harmless, and fully compliant with section 7(c) of any applicable surveillance directive.”
- Various smaller labs: “We strongly believe in safety, except where it conflicts with Series C.”
Behind closed doors, many CIOs admit that the core attraction of Anthropic was its safety-first brand. Constitutionally aligned models sounded like the perfect shield in future hearings. “We wanted to be able to say ‘look, we picked the careful ones,’” said the head of AI for a major healthcare network. “We did not anticipate that sticking to their constitution would get them treated like a hostile foreign supplier while our actual hostile foreign suppliers remain under active review.”
The hyperscalers, meanwhile, are quietly ecstatic. Every time Washington or Anthropic creates a new flavor of uncertainty, AWS and Google get to sell another layer of abstraction: indemnified access, regulated-use zones, mission-compliant routing, values-aware inference credits. The solution to dependence on a single AI provider is, as always, a deeper dependence on the entire cloud oligopoly.
In the long term, experts recommend multi-model architectures and deliberate portability so that any given provider, Anthropic included, can be swapped out without drama. In the short term, enterprises are signing five-year exclusivity clauses, wiring prepayments, and embedding Claude into their critical-path workflows, then asking whether the June 30 DoD deadline applies to “nonmaterial advisory copilots.”
By the time Anthropic’s 8.5 gigawatts of reserved silicon come online at the end of the decade, the question may no longer be whether it is safe enough to be a systemic dependency. The question will be whether any institution that needs that much power to autocomplete slide decks should be allowed to call anyone else a security risk.
