These startups are racing to make AI safe for the Pentagon’s most closely guarded secrets

The relationship between AI companies and the American defense establishment burst into the open earlier this year when Anthropic found itself in a nasty public fight with the Pentagon. After Anthropic demanded assurances its AI products wouldn’t power domestic surveillance or autonomous weapons, the Pentagon barred all federal agencies and contractors from doing business with Anthropic at all; the company sued to lift the ban, and the high-stakes battle is currently unfolding in court. 

But behind the scenes, an equally important if less dramatic AI struggle is playing out—as U.S. defense and intelligence agencies try to leverage the technology without sacrificing their need for secrecy. A small handful of AI infrastructure companies have been quietly doing complex, rarely-seen work that makes it possible for the U.S. government to securely use AI in the first place.

“It’s probably a $2 billion market right now,” says Nicolas Chaillan, founder of an AI platform called Ask Sage that’s used by thousands of teams across the Department of Defense. The opportunity these pick-and-shovel companies are chasing grows out of an extreme case of a dilemma faced by anyone looking to deploy off-the-shelf LLMs on confidential data: They’re trying to figure out how to use these powerful tools without inadvertently exposing the wrong information to the wrong people through the AI training process.

These AI infrastructure companies receive less media attention for their government work than bigger peers like Google, xAI, OpenAI, and of course Anthropic. Until the recent dispute broke out, Anthropic’s Claude model was among the only LLMs approved for use on the Defense Department’s classified networks. But this arrangement was made possible by a 2024 deal with two other firms that provided the necessary infrastructure—Palantir and Amazon Web Services (AWS)—which operated the secure software platforms and cloud services that host the AI. Imagine that large language models are a bit like the U.S. military’s newest, shiniest warplane: The infrastructure companies provide something like the radios and runways that help these new machines talk to the rest of the military, and land safely.

“There’s probably, I don’t know, a hundred people, 200 people who deeply care about this question inside the intelligence community,” says Emily Harding, a former CIA analyst who now researches defense tech at the Center for Strategic and International Studies. “I think there’s millions and millions of business people who are going to face this same problem, not with as high stakes.”

Any corporate leader sitting on a trove of proprietary information has probably run into some version of this issue with their AI strategy. Imagine training a bespoke instance of ChatGPT or Claude on all of your company’s mission-critical files: A law firm’s case documents; a drug company’s internal research reports; a retailer’s real-time supply chain data; an investment bank’s risk models or due diligence memos. Trained on such a corpus, an AI helper could speak your company’s language fluently, and reveal richly profitable connections in your files. But........

© Fortune