Key Takeaways
- OpenAI signed a classified AI deployment agreement with the US Department of War on February 27, 2026
- Three firm redlines cover mass domestic surveillance, autonomous weapons, and high-stakes automated decisions
- Deployment is cloud-only, with cleared OpenAI engineers and safety researchers embedded inside the Pentagon operation
- OpenAI requested the DoW extend identical contract terms to all AI companies, including rival Anthropic
OpenAI reached an agreement with the Pentagon on February 27, 2026, to deploy advanced AI systems in classified environments. The company states its agreement carries more guardrails than any previous classified AI deployment contract, including those previously discussed with Anthropic.
What Triggered the Agreement
The deal arrived against a backdrop of public tension between the US Department of War and AI labs over safety restrictions. Anthropic had entered its own negotiations with the Pentagon but ultimately could not reach a deal, after which the Trump administration banned Anthropic from federal government systems.
OpenAI chose a different negotiating path. The company had deliberately held back from classified deployments until it was confident its safeguards could prevent its redlines from being crossed in a national security context. When that threshold was met, OpenAI proceeded and signed the agreement on February 27, 2026.
Anthropic vs. the Pentagon: The AI Safety Standoff That Could Reshape US Military Technology
The Three Redlines OpenAI Would Not Cross
OpenAI entered negotiations with three non-negotiable limits, which it states are generally shared by several other frontier AI labs. These go one step further than Anthropic’s stated position, which covered two redlines.
- No use of OpenAI technology for mass domestic surveillance
- No use of OpenAI technology to direct autonomous weapons systems
- No use of OpenAI technology for high-stakes automated decisions, such as social credit-style scoring systems
OpenAI states that other AI labs have reduced or removed safety guardrails and rely primarily on usage policies as their main safeguard in national security deployments. OpenAI’s position is that a multi-layered technical approach better protects against unacceptable use than policy language alone.
How the Deployment Architecture Works
The agreement is built so that the redlines are structurally enforceable, not just written into policy documents. Deployment is cloud-only, which means OpenAI’s models are never installed on edge devices. This matters because powering fully autonomous weapons would require edge deployment, making such use architecturally impossible under this contract.
OpenAI retains full discretion over its safety stack. The DoW receives access to capable AI models but does not receive “guardrails off” versions or non-safety-trained models under any circumstances. The deployment architecture also allows OpenAI to independently verify that redlines are not crossed, including running and updating classifiers in real time.
What the Contract Language Actually Says
The contract grants the Department of War use of OpenAI’s AI systems for “all lawful purposes, consistent with applicable law, operational requirements, and well-established safety and oversight protocols.” Key contract provisions include:
- AI systems cannot independently direct autonomous weapons where law, regulation, or DoD policy requires human control, per DoD Directive 3000.09 dated January 25, 2023
- Intelligence activities must comply with the Fourth Amendment, the National Security Act of 1947, FISA, and Executive Order 12333
- The system cannot be used for unconstrained monitoring of US persons’ private information
- Domestic law-enforcement use is prohibited except as permitted by the Posse Comitatus Act
Critically, the contract references these surveillance and autonomous weapons laws as they exist today. Even if US law changes in the future, use of OpenAI systems must remain aligned with the standards in place at the time of signing.
OpenAI vs. Anthropic: Why One Deal Closed and the Other Did Not
OpenAI acknowledged it does not know the precise reason Anthropic could not reach a deal with the DoW. Based on publicly available information, the structural differences between the two approaches are significant.
| Dimension | OpenAI Agreement | Anthropic’s Position |
|---|---|---|
| Deployment type | Cloud-only | Not confirmed as cloud-only |
| Safety stack control | OpenAI retains full control | Sought explicit contract language |
| Number of redlines | Three (adds high-stakes decisions) | Two |
| Personnel oversight | Cleared engineers and safety researchers on-site | Not confirmed |
| Outcome | Deal signed February 27, 2026 | Banned from federal systems |
OpenAI’s stated view is that its redlines are more enforceable because the cloud-only deployment surface prevents edge-device autonomous weapons use, and its retained safety stack operates independently of DoW instructions. Anthropic’s original contract, in OpenAI’s assessment, did not provide these same layered technical guarantees.
OpenAI’s Position on the Anthropic Ban
OpenAI publicly stated that Anthropic should not be designated as a “supply chain risk” and made that position clear to the government. As part of the deal, OpenAI requested that the DoW make the same contract terms available to all AI labs, and specifically asked the government to work toward resolving its dispute with Anthropic.
OpenAI framed this as a matter of broader industry health. A productive long-term relationship between AI companies and democratic institutions, in OpenAI’s view, requires that all leading labs have access to fair and consistent terms, not that one company benefits from another’s exclusion.
Considerations and Open Questions
The agreement’s safeguards depend on the integrity of OpenAI’s internal systems and the good faith of both parties operating in a classified environment. Independent third-party auditing is limited by the classified nature of the deployment. OpenAI has also acknowledged that if the government violates the contract, its primary remedy is termination, not reversal of any harm already caused.
OpenAI stated clearly it will not deploy models on edge devices and will not provide guardrails-off model versions to the DoW. Maintaining these positions under operational pressure in active-use classified environments will require consistent internal enforcement that outside observers cannot directly verify.
Frequently Asked Questions (FAQs)
What is the OpenAI Department of War agreement?
OpenAI reached an agreement with the US Pentagon on February 27, 2026, to deploy advanced AI systems in classified environments. The deal includes cloud-only deployment, three firm redlines, a retained safety stack, and cleared OpenAI personnel embedded within the Pentagon’s operation.
Why was Anthropic banned from the Pentagon while OpenAI was not?
The Trump administration banned Anthropic from federal government systems after it could not reach a deal with the DoW over AI safety terms. OpenAI took a different approach, deploying via cloud-only and retaining full safety stack control, which it states provides stronger and more enforceable protections than earlier agreements. OpenAI has said it does not know why Anthropic could not close a deal.
Can the Pentagon use OpenAI models to power autonomous weapons?
No. Cloud-only deployment means models cannot run on edge devices, which would be required to power fully autonomous weapons systems. The contract also references DoD Directive 3000.09, requiring human control and rigorous testing for any AI use in autonomous systems.
Will OpenAI technology be used to surveil US citizens?
No. The contract explicitly requires compliance with the Fourth Amendment, the National Security Act of 1947, FISA, and Executive Order 12333. OpenAI also runs classifiers within its safety stack to detect and block surveillance-related uses, with cleared personnel monitoring compliance.
What happens if the DoW violates the agreement?
OpenAI stated it could terminate the contract if the DoW breaches its terms. The contract locks in current US surveillance and autonomous weapons laws as fixed standards, so any future change in legislation would not automatically expand permissible use of OpenAI systems under this agreement.
How does this deal affect other AI companies?
OpenAI requested that the DoW make the same contract terms available to all AI labs, including Anthropic. This creates a documented, publicly stated baseline that other companies can reference in their own negotiations with national security clients.
Does OpenAI’s safety stack remain fully under its control in this deployment?
Yes. OpenAI retains full discretion over the safety stack it deploys. The DoW does not receive models with guardrails removed, and OpenAI’s cleared safety and alignment researchers remain actively involved in updating and monitoring deployed systems over time.
