Supply chain risk in AI military disputes

Pentagon Designates Anthropic Supply Chain Risk Over AI Military Dispute: Technical and Policy Implications

Estimated Reading Time: 7 minutes

Pentagon Designates Anthropic Supply Chain Risk Over AI Military Dispute

On February 28, 2026, U.S. Secretary of Defense Pete Hegseth directed the Department of Defense to officially designate Anthropic as a “supply chain risk.” This administrative action stems from a prolonged negotiation impasse between the Pentagon and the artificial intelligence developer regarding the permissible use of the Claude AI model. The core of the dispute centers on two specific exclusions requested by Anthropic: the prohibition of mass domestic surveillance and the restriction of the model’s application in fully autonomous weapons systems.

The designation follows an executive order from the White House mandating that federal agencies phase out Anthropic technology within a six-month window. This directive has been extended to all military contractors and partners, who are now required to cease commercial activity with the company. The Department of War (DoW) maintains that AI providers must allow all “lawful use” of their technology without ideological constraints or usage policy safeguards that might restrict military applications.

Anthropic has characterized the designation as “legally unsound,” noting that a supply chain risk designation under 10 USC 3252 should technically only apply to the use of its technology within DoW contracts. The company has stated that it will not modify its stance on mass surveillance or autonomous weaponry despite the potential loss of federal revenue.

For organizations utilizing AI, this development emphasizes the necessity of supply-chain risk monitoring. When a major AI provider is designated as a risk by a sovereign entity, the downstream effects on contractors and integrated systems are immediate. Security teams must evaluate their reliance on specific LLM providers and prepare for sudden shifts in the regulatory and compliance environment.

Technical Analysis of Current Threat Activity

While the policy debate regarding AI ethics continues, state-sponsored actors are actively exploiting technical vulnerabilities to bridge physical and logical security gaps. A recent campaign attributed to the North Korean group APT37 (also known as ScarCruft or InkySquid) demonstrates the persistence of threats targeting isolated environments.

The Ruby Jumper Campaign: Bridging Air-Gapped Networks

APT37 is utilizing a new toolkit, named Ruby Jumper, to move data between internet-connected systems and air-gapped networks. This campaign is particularly relevant to military and critical infrastructure sectors where physical isolation is a primary security control. The attack chain involves several specialized tools:

• RESTLEAF: An initial implant that communicates with C2 infrastructure via Zoho WorkDrive to fetch encrypted shellcode.
• SNAKEDROPPER: A Ruby-based loader that hijacks the Ruby interpreter by replacing default files (such as operating_system.rb) with malicious versions.
• THUMBSBD: A backdoor designed to collect system information and stage data for exfiltration via hidden directories on USB drives.
• VIRUSTASK: A module that weaponizes removable media by replacing legitimate files with malicious shortcuts, triggering only when a drive has at least 2GB of free space.
• FOOTWINE: A support component used in the broader infection and data movement process.

This campaign illustrates that breach detection must extend beyond the network perimeter. In an air-gapped environment, the infection vector is physical. Security professionals must monitor for unauthorized scheduled tasks, such as rubyupdatecheck, and scrutinize the use of removable media in sensitive areas.

Data Leaks and Ransomware Intelligence

Concurrent with these state-sponsored activities, criminal groups continue to target large-scale commercial datasets. The Dutch telecommunications provider Odido (including its brand, Ben) recently experienced a significant data theft. The group known as ShinyHunters claimed to have stolen 21 million customer records, though the company has confirmed involvement for approximately 6.2 million.

After Odido refused to pay a ransom demand exceeding €1 million, ShinyHunters began a “daily leak” campaign on the dark web. The exposed data includes:

• Physical home addresses and email accounts.
• International Bank Account Numbers (IBANs).
• Passport and driving license numbers.

This incident emphasizes the importance of a dark web monitoring service and brand leak alerting. Although plaintext passwords were not compromised, the availability of IBANs and ID numbers allows threat actors to bypass certain Know Your Customer (KYC) protocols. To manage these types of threats, organizations often integrate a live ransomware API into their Security Operations Center (SOC) to provide real-time ransomware intelligence.

AI-Driven Fraud and Identity Theft

The use of AI is not limited to legitimate software development or military applications; it is increasingly utilized by individual actors to facilitate fraud. Recently, 27-year-old Yurii Nazarenko (operating under the alias “John Wick”) pleaded guilty to running “OnlyFake,” an AI-powered platform that generated realistic counterfeit identification documents.

The platform used neural networks to produce:

• Fake driver’s licenses for all 50 U.S. states.
• U.S. passports and passport cards.
• Identification documents for 56 other countries.

The ability to generate thousands of unique, high-quality fake IDs for a low subscription fee represents a significant shift in the capability of low-level fraudsters to conduct high-impact financial crimes. This activity makes underground forum intelligence essential for identifying new methods of document forgery.

Strategic Risk Mitigation for Engineers and Leaders

The intersection of the Pentagon’s Anthropic designation and the technical exploits seen in the Ruby Jumper campaign necessitates a multi-layered approach to security.

Technical Recommendations for Engineers

• Media Control: Disable AutoRun and implement strict controls on USB interfaces. Use data to identify signatures of known air-gap bridging tools like THUMBSBD.
• Runtime Monitoring: Monitor for unexpected installations of Ruby, Python, or other interpreters. Inspect modified library files as seen in the SNAKEDROPPER loader.
• Identity Verification: Move beyond simple document scans for KYC. Implement biometric or multi-factor authentication (MFA) that does not rely solely on static ID images.

Operational Recommendations for Business Leaders

• Vendor Assessment: Conduct a thorough audit of AI integrations. Government contractors should identify dependencies on Anthropic’s Claude and develop a migration plan.
• Supply Chain Resilience: Diversify AI model usage. Relying on a single LLM provider creates a single point of failure, especially given geopolitical volatility.
• Risk Frameworks: Align internal security practices with established standards such as NIST Special Publication 800-37.

Integration with PurpleOps Services

The complexities of managing state-sponsored threats, AI-driven fraud, and supply chain designations require specialized expertise and tools. PurpleOps provides the infrastructure and intelligence necessary to address these challenges.

Our cyber-threat intelligence services allow organizations to track actors like APT37 and understand the mechanics of their malware before it enters the environment. In the context of the recent Pentagon directive, our supply chain information security assessments help contractors identify potential compliance risks within their software and AI stacks.

If your organization requires a comprehensive evaluation of its security posture or needs to implement automated threat detection systems, PurpleOps offers specialized operations via our platform overview or you can contact our services team directly.

Frequently Asked Questions