## Ultra Vires, Retaliation, and the Administration That Won’t Listen to Its Own Lawyers THE TECHNOLOGY BLIND SPOT – JD Morris | March 2026 On the afternoon of February 27, 2026, Undersecretary of Defense Emil Michael was on the phone with Anthropic executives, offering a deal. At the same moment, Defense Secretary Pete Hegseth posted on X that Anthropic had been designated a supply chain risk to national security. The Pentagon’s own negotiator did not know the Pentagon’s own secretary had already pulled the trigger. If you are an attorney at a firm that uses Claude, Anthropic’s AI model, and your firm holds any federal contract, subcontract, or grant with Pentagon exposure, that post just created an obligation you need to assess. Hegseth declared that “no contractor, supplier, or partner that does business with the United States military may conduct any commercial activity with Anthropic.” Effective immediately. Read that again. Not “may not use Claude on defense work.” Any commercial activity. If your firm uses Claude for legal research on a personal injury case and also holds a subcontract with a defense contractor, Hegseth’s declaration purports to cover you. The good news: the declaration almost certainly exceeds his statutory authority. The bad news: the chilling effect does not wait for a court to say so. ### The Direct Answer Anthropic’s designation as a supply chain risk is legally unprecedented, procedurally deficient, and substantively unsupportable under the statutes the government invoked. Every prior public use of this authority targeted foreign companies with documented espionage obligations to adversarial governments. Anthropic is an American company that refused to remove two safety guardrails from an AI model that its competitor OpenAI subsequently embedded in its own Pentagon contract. The secondary boycott provision, which purports to bar all commercial activity with Anthropic by any Pentagon-affiliated entity, exceeds anything Congress authorized under 10 U.S.C. § 3252 or FASCSA. The designation should be challenged and overturned, and the administration’s retaliatory rhetoric may independently support claims for tortious interference and reputational harm. For law firms using Claude: if you hold federal contracts or subcontracts with defense exposure, conduct a vendor assessment this week. Not because the secondary boycott is enforceable. Because your clients will ask, and you need an answer before they do. ### Ten Thousand Lawyers and They Chose This The Department of Justice employs approximately 10,000 attorneys. The Department of Defense Office of General Counsel is the largest law office in the world. The executive branch has more legal talent at its disposal than any entity on the planet. So why does this administration keep choosing illegal methodologies to accomplish objectives it could achieve through lawful means? The Pentagon wanted unrestricted use of Claude. The government’s strongest argument deserves its strongest form: military operations require technology that works without contractual limitations when lives are at stake. A commander planning a time-sensitive strike cannot pause to consult a vendor’s acceptable use policy. Operational flexibility is not a bureaucratic preference. It is a warfighting necessity. The Pentagon’s position that it already operates under legal constraints, that federal law prohibits mass domestic surveillance and internal policy restricts autonomous weapons, is not unreasonable. If those constraints exist in law, the argument goes, contractual duplication is redundant at best and operationally dangerous at worst. Emil Michael made this case directly: “At some level, you have to trust your military to do the right thing.” That argument is valid as far as it extends. It does not extend far enough. Laws can be repealed. Internal policies can be revised by memorandum. Executive orders can be rescinded overnight. Anthropic’s contractual guardrails existed precisely because the legal and policy constraints the Pentagon cited are not permanent. They are political choices that change with administrations. A contractual prohibition survives an election. A policy directive does not. More fundamentally, the operational flexibility argument does not justify the remedy chosen. The government had lawful tools available to address the contract dispute: renegotiate terms, terminate for convenience under standard FAR clauses, pursue a directed procurement with a different vendor, or invoke the Defense Production Act if it could demonstrate genuine national security necessity. Each option has procedural requirements. Each has legal constraints. Each provides the company with notice and an opportunity to respond. Instead, the administration chose a supply chain risk designation, an authority Congress created to protect military systems from foreign adversary sabotage, and aimed it at a domestic company over a contract dispute. It skipped the required risk assessment. It appears to have skipped congressional notification. It imposed the designation three days after the secretary met with Anthropic’s CEO, leaving no time for the deliberative process the statute contemplates. And it did so while a senior Pentagon official was simultaneously still negotiating terms on the phone. This is not the first time this administration has reached for extra-legal mechanisms when lawful alternatives exist. But for attorneys advising technology clients and government contractors, this instance crystallizes the pattern. The executive branch has lawyers. It has process. It has statutory authority tailored to virtually every procurement scenario imaginable. When it bypasses all of that to bully a vendor through a social media post, the question for every attorney in the room is not whether the action is lawful. The question is why an administration with ten thousand lawyers concluded that lawfulness was optional. ### Word Still Cannot Spell After Forty Years Microsoft Word shipped in 1983. Forty-three years later, it still underlines correctly spelled words, suggests replacements no native speaker would recognize, and turns “its” into “it’s” at random. The autocorrect function, after four decades of development by the most valuable company on earth, cannot reliably distinguish a possessive from a contraction. Generative AI has existed in its current form for approximately three years. No major model has exited beta in any meaningful sense. As I documented in “AI Won’t Take Your Job: The Competence Obligation,” a Stanford RegLab study found that leading legal AI tools hallucinate in one out of every six queries. ABA Formal Opinion 512 requires attorneys to independently verify every AI-generated output before submitting it to a court. The ABA did not impose that requirement because the technology is ready for unsupervised deployment. It imposed it because the technology is not. Anthropic’s two guardrails reflected this engineering reality: do not use our model for mass domestic surveillance of Americans, and do not use it to fire weapons without human involvement. Dario Amodei told CBS News that “there are things the technology just isn’t ready for.” Every credible AI researcher has said the same thing for three years. OpenAI said the same thing the same week, in the same contract, with the same Pentagon. Musk’s xAI accepted every Pentagon demand without restriction and is slated to deploy Grok on classified networks. Word cannot spell. AI cannot reliably distinguish real case law from fabricated citations. And the Pentagon wants to hand it autonomous lethal authority. Anthropic said that was premature. For that, it got treated like Huawei. ### Anthropic Is Not Huawei: The Comparison That Should Embarrass the Administration Every prior high-profile supply chain risk designation targeted a foreign company with documented ties to an adversarial government. Huawei: substantial ties to the Chinese military, obligations under Chinese law to cooperate with intelligence requests, two decades of documented cybersecurity concerns from U.S. intelligence agencies. ZTE: designated on identical grounds. Kaspersky Lab: removed from federal systems after confirmation that Russian law compels cooperation with the FSB. ByteDance: executive orders based on obligations under Article 7 of China’s National Intelligence Law, which requires all organizations and citizens to support, assist, and cooperate with national intelligence work. DJI: Entity List placement on national security grounds. Anthropic is headquartered in San Francisco. No foreign government ownership. No foreign intelligence obligation. No accusation of espionage, sabotage, or malicious code introduction. According to Lawfare’s analysis, the company’s national security track record runs in the opposite direction: first frontier AI firm to deploy on classified networks, cut off CCP-linked firms at a cost of hundreds of millions in revenue, and shut down CCP-sponsored cyberattacks that attempted to abuse Claude. Placing Anthropic on the same list as Huawei is not a policy decision. It is commercially toxic by association. It tells every American technology company that negotiating contract terms with the federal government carries the same legal risk as operating as an arm of a hostile foreign intelligence service. ### What an Actual Supply Chain Compromise Looks Like As I documented in “The Backdoor to Your Client’s Inbox” and “I Was Inside EMC When Hackers Stole the Keys to 40 Million Doors,” Salt Typhoon compromised at least nine major U.S. telecom carriers and accessed systems handling court-authorized wiretaps. The breach persisted for two years. Senate testimony in December 2025 confirmed the compromised carriers had not proven the hackers fully left their networks. Professor Matt Blaze traced the vulnerability to CALEA infrastructure that Congress required companies to build. Consider the counterfactual. If the United States had deployed Huawei networking equipment across its telecommunications backbone, as Huawei aggressively marketed throughout the 2010s, Salt Typhoon would not have needed to hack anything. Article 7 of China’s National Intelligence Law would have obligated Huawei to provide access. The attack surface would not have been a vulnerability to exploit. It would have been a door with a key held in Beijing. That is what a supply chain risk looks like. Foreign ownership. Foreign government control. Legal obligation to compromise the systems you build. Anthropic is an American company that told the American military its technology is not mature enough for certain applications. The distance between those two facts is the distance between the statute’s purpose and its abuse. ### The Contradiction the Government Cannot Survive in Court The government held two positions in the same week. On Monday, it threatened to invoke the Defense Production Act to compel Anthropic to provide Claude, on the theory that the technology was too essential to national defense to forgo. By Friday, it declared Anthropic a supply chain risk too dangerous to use. Both characterizations cannot be true. The R Street Institute’s analysis captured the logic precisely: DPA invocation requires that the technology be indispensable to national defense. Supply chain risk designation requires that it pose a direct threat. The administration held both positions simultaneously, which means neither resulted from a genuine national security assessment. It gets worse. Hegseth declared the designation required emergency exclusion and then approved a six-month transition period during which Claude remains integrated in classified military networks. Reports indicate U.S. strikes in Iran used Anthropic’s technology hours after Trump announced the ban. The government cannot coherently argue a vendor poses an acute supply chain threat while continuing to use that vendor for active combat operations. And the kill shot for litigation: hours after designating Anthropic, the Pentagon accepted a deal from OpenAI containing the identical red lines. No mass surveillance. No autonomous weapons. OpenAI added a third prohibition on high-stakes automated decision-making. The government accepted from a competitor the exact restrictions it declared grounds for treating Anthropic like a Chinese espionage front. Altman admitted the deal was “definitely rushed” and “looked opportunistic and sloppy.” MIT Technology Review concluded that OpenAI’s contract relies on an “all lawful use” clause with references to existing law, not the explicit contractual prohibitions Anthropic sought. Whether that approach provides genuine protection is debatable. What is not debatable: the government punished Anthropic for a position it simultaneously accepted from OpenAI. ### Ultra Vires, Retaliation, and Direct Bullying The administration’s public statements removed any pretense that this was a deliberative national security determination. President Trump: “The Leftwing nut jobs at Anthropic have made a DISASTROUS MISTAKE trying to STRONG-ARM the Department of War.” Secretary Hegseth: Anthropic delivered “a master class in arrogance and betrayal.” Its position is “fundamentally incompatible with American principles.” Undersecretary Michael: Amodei is a “liar” with a “God complex” who is “ok putting our nation’s safety at risk.” A senior Pentagon official to Axios: “It will be an enormous pain in the ass to disentangle, and we are going to make sure they pay a price for forcing our hand.” That last quote is the one that should matter most to every attorney reading this. “Make sure they pay a price.” Not “protect national security.” Not “mitigate a genuine risk.” Pay a price. For refusing contract terms. Elon Musk, whose xAI accepted the Pentagon’s terms without restriction, posted on X that “Anthropic hates Western Civilization.” Treasury Secretary Scott Bessent announced publicly that his department was terminating all Anthropic products. The Department of Health and Human Services directed employees to switch to ChatGPT and Gemini. The market responded to the bullying by downloading Claude to the number one position on Apple’s App Store, overtaking ChatGPT for the first time. The industry responded within hours. 573 Google employees and 93 OpenAI employees signed an open letter titled “We Will Not Be Divided,” urging their companies to stand with Anthropic. A separate letter to the Pentagon and Congress, signed by 121 technology leaders from OpenAI, Slack, IBM, Cursor, and Salesforce Ventures, stated: the federal government should not retaliate against a private company for declining to accept changes to a contract. OpenAI researcher Boaz Barak called mass surveillance his own “personal red line.” Google DeepMind Chief Scientist Jeff Dean called it a violation of the Fourth Amendment. Strip away the rhetoric and evaluate the factual record. Anthropic did not “strong-arm” anyone. It negotiated contract terms, as every government vendor does. It did not “betray” the military. It declined to remove safety restrictions that existed in its acceptable use policy when the Pentagon signed the original $200 million contract in July 2025. Amodei did not “lie.” He maintained a consistent engineering assessment shared by researchers across the industry, including at OpenAI, whose CEO told his own employees they had the same red lines. Government officials enjoy qualified immunity for statements made within the scope of official duties. That immunity does not extend to ultra vires conduct. When officials exceed their statutory authority and make false statements designed to destroy a company’s commercial relationships, those statements can support claims for tortious interference and reputational harm. ### The Legal Precedent: Why This Matters to Your Firm This is not the first time a presidential administration has used executive power to target perceived political enemies. The Trump administration previously issued executive orders against law firms that represented clients it disfavored. Those orders were challenged in court and ultimately overturned as unconstitutional. The current administration’s actions against Anthropic bear striking similarities to these prior abuses of power. For law firms, this case sets a dangerous precedent. If the government can target a technology vendor for refusing contract terms, it can target any vendor, including legal service providers. The chilling effect on independent legal advice and advocacy is profound. Firms that advise clients on government contracts, or those that engage in litigation against the government, could find themselves subject to similar retaliatory measures. Moreover, the administration’s willingness to bypass established legal processes and statutory authorities undermines the rule of law. This creates an unpredictable and hostile environment for businesses, particularly those operating in sensitive sectors like AI and defense. Attorneys have a professional obligation to advise their clients on these risks and to advocate for the preservation of due process and statutory compliance. ### Conclusion: Assess Your Risk and Stand for the Rule of Law If your firm uses Claude, or any other AI model, and has exposure to federal contracts, a vendor assessment is not merely a best practice; it is a professional imperative. Understand the contractual terms of your AI providers and assess your firm’s vulnerability to politically motivated actions. Advise your clients on the broader implications of this case for government contracting and the rule of law. This incident is a stark reminder that in an era of rapid technological advancement, the principles of legal process and statutory authority remain paramount. The administration’s actions against Anthropic are a challenge not only to a single company but to the integrity of the legal framework that governs government-business relations. Attorneys must be prepared to meet that challenge. ### Citations Lawfare, “Pentagon Threatens to Label Anthropic a Supply Chain Risk” (February 16, 2026) CBS News, “Hegseth Declares Anthropic a Supply Chain Risk” (February 27, 2026) CNN, “Trump Administration Orders Military Contractors to Cease Business with Anthropic” (February 27, 2026) NPR, “OpenAI Announces Pentagon Deal After Trump Bans Anthropic” (February 27, 2026) TechCrunch, “Tech Workers Urge DOD to Withdraw Anthropic Label” (March 2, 2026) OpenAI, “Our Agreement with the Department of War” (February 28, 2026) MIT Technology Review, “OpenAI’s Compromise with the Pentagon Is What Anthropic Feared” (March 2, 2026) CNBC, “OpenAI’s Altman Admits Defense Deal Looked Opportunistic” (March 3, 2026) Transformer News, “OpenAI’s Pentagon Red Lines Are a Mirage” (March 2, 2026) Stanford RegLab/HAI, “AI on Trial: Legal Models Hallucinate in 1 out of 6 Queries” (2024) NPR, “Trump Has Used Government Powers to Target More Than 100 Perceived Enemies” (April 29, 2025) The Hill, “DOJ Drops Defense of Trump Orders Targeting Law Firms” (March 3, 2026) CBS News, “Judge Finds Trump Executive Order Punishing Susman Godfrey Unconstitutional” (June 27, 2025) NBC News, “Trump Administration Drops Suits Against Law Firms After Judges Find Orders Unconstitutional” (March 3, 2026) NPR, “Judge Blocks Trump Executive Order Against Susman Godfrey Law Firm” (June 27, 2025) First Amendment Encyclopedia, “Trump’s Executive Orders Against Law Firms” (2025) PBS NewsHour, “Judge Blocks Trump Executive Order Targeting Perkins Coie” (May 2, 2025) Kenneth Payne, “AI Arms and Influence: Frontier Models Exhibit Sophisticated Reasoning in Simulated Nuclear Crises,” arXiv preprint, King’s College London (February 2026) Brookings Institution, “Understanding the Errors Introduced by Military AI Applications” (November 2022) International Committee of the Red Cross, “The Risks and Inefficacies of AI Systems in Military Targeting Support” (September 2024) Human Rights Watch, “A Hazard to Human Rights: Autonomous Weapons Systems and Digital Decision-Making” (April 2025) CNN, “Analysis: 24 Former Trump Allies and Aides Who Turned Against Him” (October 2023) PBS NewsHour, “Trump Orders Federal Agencies to Stop Using Anthropic Tech” (February 27, 2026) Martin Luther King Jr., Speech (1967), collected in The Autobiography of Martin Luther King Jr. 10 U.S.C. §§ 801–946a, Uniform Code of Military Justice TechCrunch, “Tech workers urge DOD, Congress to withdraw Anthropic label as a supply-chain risk” (March 2, 2026) OpenAI, “Our agreement with the Department of War” (February 28, 2026) Decrypt/Yahoo Finance, “OpenAI Claims Safety ‘Red Lines’ in Pentagon Deal—But Users Aren’t Buying It” (March 2, 2026) Techdirt, “OpenAI’s ‘Red Lines’ Are Written In The NSA’s Dictionary” (March 2, 2026) Winbuzzer, “OpenAI Revises Pentagon Deal to Ban Domestic Surveillance” (March 3, 2026) Just Security, “What Hegseth’s ‘Supply Chain Risk’ Designation of Anthropic Does and Doesn’t Mean” (March 2, 2026) Above the Law, “DOJ Drops Defense Of Biglaw Executive Orders, Leaving Capitulating Firms Holding $940 Million Bag” (March 3, 2026) UCMJ Article 92 (Failure to Obey Order or Regulation) UCMJ Article 133 (Conduct Unbecoming an Officer and a Gentleman) UCMJ Article 134 (General Article: Conduct Prejudicial to Good Order and Discipline) Manual for Courts-Martial, United States (2024 ed.), Part IV, ¶63 Military.com, “Hegseth’s Move Against Sen. Mark Kelly’s Retirement Rank Raises Broader Stakes” (January 6, 2026) Audacy/Connecting Vets, “Military Law Experts Weigh In on Hegseth Censuring Sen. Mark Kelly” (January 22, 2026) United States v. Amazaki, 67 M.J. 666 (2009) (Article 133 standard) United States v. Vaughan, 58 M.J. 29 (C.A.A.F. 2003) (due process notice requirement) Prior Blog: “I Was Inside EMC When Hackers Stole the Keys to 40 Million Doors” (Morris Legal Technology Blog) Prior Blog: “The Backdoor to Your Client’s Inbox” (Morris Legal Technology Blog) Prior Blog: “AI Won’t Take Your Job. The Attorney Who Uses It Better Will.” Parts 1–2 (Morris Legal Technology Blog) Prior Blog: “When Attorneys Stop Checking AI’s Work” (Morris Legal Technology Blog) Prior Blog: “17 Subprocessors Deep” (Morris Legal Technology Blog) Prior Blog: “The Heppner Problem: When AI Destroys Attorney-Client Privilege” (Morris Legal Technology Blog)

Originally published on LinkedIn Newsletter: The Technology Blind Spot