A California federal judge has already blocked the Pentagon's supply-chain designation against Anthropic. And now NIST's new multi-agency task force says it wants pre-deployment national-security evals on frontier models. So, great, we've got two processes moving at once, and nobody's said which one is supposed to matter more. This is Anthropic Pentagon Watch. Today, we've got Judge Rita Lin's injunction, a D.C. Circuit panel that may see it differently, and a brand-new interagency eval framework entering the picture — all at the same time, with no one really saying who outranks whom. Before we go any further: if Anthropic is stuck under a supply-chain-risk label, does that keep it out of the NIST process while OpenAI and Google walk in and help write the standards? Because if so, that is a wild setup. That's the separation-of-powers problem in miniature. And, for what it's worth, we've got a former FTC official on record saying the whole thing terrifies them. Let's get into it. Here's Matt Naham at Law & Crime:
That same month, Anthropic separately filed a petition with the D.C. Circuit. The filing asked the appellate court to review Hegseth's determination that the company poses a national security risk. That determination, Anthropic says, was an unconstitutional and "pretextual form of retaliation" — and an "abuse of discretion" that exceeded Hegseth's authority under the law.
Picking up Friday's supply-chain-risk fight: the D.C. Circuit panel Hegseth drew is apparently friendly to deference arguments, so now you've got the California injunction blocking the designation on one side and a potentially sympathetic appellate panel on the other. Those two tracks are moving in opposite directions. Let's say the record out loud: Hegseth called Dario Amodei 'sanctimonious,' pushed a contractor-ban directive that his own side now says had 'no legal effect,' and the California court used the phrase 'classic illegal First Amendment retaliation.' That's not a close merits fight. Anthropic's whole point is that he doesn't get to switch venues and pick up deference points after the fact. The procedural weakness we flagged two weeks ago just got sharper. If the Pentagon's evidence for the supply-chain designation was as thin as Judge Lin's ruling suggests, then a D.C. Circuit panel that starts from 'considered national-security judgment' is being asked to defer to the conclusion itself, not to a real process. National Catholic Register, with Jonah McKeown:
In a March 26 ruling, which is not a final decision in the case, Judge Rita Lin of the U.S. District Court for the Northern District of California said Anthropic has a high likelihood of ultimately winning its case and proving that the government’s “supply chain risk” designation violated, among other laws, the First and Fifth Amendments.
Judge Rita Lin in the Northern District of California — March 26th — put a temporary block on the supply-chain designation and said Anthropic has a high likelihood of winning on First and Fifth Amendment grounds. On paper, that's a very bad day for the government's case. First Amendment. The Pentagon designated a U.S. company a national-security risk for saying things about its own technology's risks. A federal judge just said that out loud. And that's where the D.C. Circuit tension bites: one federal judge says likely unconstitutional, and a reportedly Hegseth-friendly appellate panel could hand it right back to the Pentagon on deference grounds. So you've got two federal tracks pointing in opposite directions, while the NIST task force still hasn't even picked its seat at the table. Which brings me to the NIST pre-deployment eval body. If Anthropic is still wearing the supply-chain-risk label when that task force starts assembling, does it get to help write the standards — or do OpenAI and Google walk in while Anthropic waits in the lobby? Because that's not hypothetical anymore. So: the Pentagon says Anthropic is a supply-chain risk, a federal judge in California says it probably isn't, and a D.C. appeals court is leaning the other way. Who, exactly, gets to make the call here? The core tension the lawsuit is exposing right now is that nobody has a clean answer yet. It started on February 27th, when Defense Secretary Pete Hegseth formally designated Anthropic a supply-chain risk to national security, right after a Truth Social post from President Trump telling every federal agency to immediately stop using the company's technology, per the Lawfare analysis. Anthropic sued, and on March 27th Federal Judge Rita Lin issued a preliminary injunction in the company's favor, writing that the record strongly suggests the reasons for the designation were pretextual, according to Breaking Defense. Then on April 9th, a federal appeals court in Washington refused to stay that Pentagon designation, which means the D.C. Circuit and the Northern District of California are now pointing in opposite directions, per Computerworld. So defense contractors are stuck with genuinely contradictory compliance signals: one judge saying the blacklist is likely unlawful, and another court declining to lift it. If the courts are split and the Pentagon is still saying the ban stands after the injunction, are they just ignoring the ruling? That's the stress test legal experts were warning about. The Pentagon CTO said publicly the ban still stands despite Judge Lin's injunction, which is exactly the kind of posture that can push this into a direct fight over how far the supply-chain risk statute actually reaches, per Reuters and Breaking Defense. Reuters also notes experts think Anthropic has a strong case that the administration overstepped the law's authority. So the question now is whether the circuit split sends this up to a higher court, and whether defense contractors start making procurement decisions based on legal risk instead of waiting for a final ruling. Fortune writes:
Last month, Anthropic refused to allow the Defense Department to use Claude, the company’s popular flagship family of AI assistants, for domestic mass surveillance and lethal autonomous warfare. In response, the government canceled its $200 million contract with Anthropic. According to the Department, the company’s constraints would undercut its ability to defend the country from real threats.
The Fortune piece is by someone who spent two years inside the FTC watching regulatory capture happen in slow motion, and her read is that this is worse than anything she saw there. That's not think-tank alarm; that's an institutional baseline. But here's what I want to sit with: is her terror about Anthropic losing a two-hundred-million-dollar contract, or about Anthropic successfully using a court injunction to write its own use limits into federal procurement? Because if the California district court holds, a private lab just told the Pentagon what it can and cannot do with AI. That's a Big Tech power story with a safety-sounding press release on top. And now add the NIST pre-deployment evaluation task force to that picture. If Anthropic is still wearing the supply-chain-risk label when that interagency body stands up, does it get a seat at the table where defense-use standards get written, or do OpenAI and Google walk in while Anthropic is still fighting in California? That's the competitive opening I flagged earlier in the week, and now it has sharper teeth. The ex-FTC staffer is calling out regulatory capture, but capture cuts both ways: if a lab survives this injunction, it gets to argue its safety framework should be the template. Hegseth called it 'woke'; the court may call it protected speech. Either way, that still doesn't tell you who controls the eval process. Here's The Batch:
What’s new: The National Institute of Standards and Technology (NIST), an office of the U.S. Department of Commerce, announced that a new multi-agency task force will assess national-security risks posed by AI models prior to their deployment. Leading U.S. AI companies agreed to submit models for evaluation prior to release. In addition, the White House is considering an executive order that would require AI models to gain approval before they can be deployed.
NIST just announced TRAINS — Testing Risks of AI for National Security — a multi-agency task force pulling in Commerce, Defense, Energy, Homeland Security, and the NSA to evaluate frontier models before public release. The White House spent months sounding hands-off, and now suddenly there's a pre-deployment clearance regime in the works. And here's the collision nobody's named yet: Anthropic is sitting under a Pentagon supply-chain-risk designation, which could lock it out of the exact interagency evaluation process its competitors get to help design. OpenAI and Google walk into the TRAINS room; Anthropic waits in the hall. That's the direct tension. Three weeks ago we were asking whether Anthropic's absence from the seven-vendor classified-network list came before any interagency safety review existed, and now NIST is formalizing that kind of review. So the sequencing question is very live. Did the Pentagon make its designation before or after any coordinated evaluation framework existed? Because if TRAINS is new, the answer is almost certainly before. And whoever controls the TRAINS membership list effectively controls which models get the 'safe for national security use' stamp. That's a market-access gate with federal letterhead on it. If you follow Anthropic's Pentagon ties, you might also like Musk v Altman Daily — a daily court-watch on Elon Musk's trial against Sam Altman, OpenAI, and Microsoft. Find it wherever you listen to podcasts.
You'll find links to everything we covered today in the show notes, so if a story caught your attention, you can dig into the source material there.
That's Anthropic Pentagon Watch for today. This is a Lantern Podcast.