Written by: Ada, Shenchao TechFlow
February 24th, Tuesday. Washington, The Pentagon.
Anthropic CEO Dario Amodei sat across from Defense Secretary Pete Hegseth. According to multiple media outlets including NPR and CNN citing informed sources, the atmosphere of the meeting was "polite," but the content was anything but.
Hegseth gave him an ultimatum: By 5:01 PM on Friday, lift the restrictions on the military use of Claude, allowing the Pentagon to use it for "all lawful purposes," including autonomous weapons targeting and domestic mass surveillance.
Otherwise, cancel the $200 million contract. Initiate the Defense Production Act for compulsory requisition. Designate Anthropic as a "supply chain risk," which is equivalent to blacklisting it alongside hostile entities like Russia and China.
On the same day, Anthropic released the third version of its "Responsible Scaling Policy" (RSP 3.0), quietly deleting the company's most core commitment since its founding: if safety measures cannot be guaranteed to be in place, do not train more powerful models.
Also on the same day, Elon Musk posted on X: "Anthropic massively stole training data. This is a fact." Simultaneously, a Community Note on X added a report that Anthropic paid a $1.5 billion settlement for using pirated books to train Claude.
Within seventy-two hours, this AI company that claims to have a "soul" simultaneously played three roles: safety martyr, intellectual property thief, and Pentagon turncoat.
Which one is real?
Perhaps all of them.
The Pentagon's "Comply or Get Out"
The first layer of the story is simple.
Anthropic was the first AI company to gain classified-level access from the U.S. Department of Defense. The contract, with a ceiling of $200 million, was secured last summer. OpenAI, Google, and xAI subsequently secured contracts of similar scale.
According to Al Jazeera, Claude was used in a U.S. military operation this past January. The report stated the operation involved the kidnapping of Venezuelan President Maduro.
But Anthropic drew two red lines: no support for fully autonomous weapons targeting, and no support for mass surveillance of U.S. citizens. Anthropic believes AI's reliability is insufficient for weapon control, and there are currently no laws or regulations governing the use of AI in mass surveillance.
The Pentagon wasn't buying it.
White House AI advisor David Sacks publicly accused Anthropic on X last October of "using fear as a weapon, engaging in regulatory capture."
Competitors have already knelt. OpenAI, Google, and xAI have all agreed to let the military use their AI for "all lawful scenarios." Musk's Grok was just approved for entry into classified systems this week.
Anthropic is the last one standing.
As of publication, Anthropic stated in its latest announcement that it does not intend to concede. But the Friday 5:01 PM deadline is looming.
An anonymous former liaison between the Justice Department and the Defense Department expressed confusion to CNN: "How can you simultaneously declare a company a 'supply chain risk' and force that company to work for your military?"
Good question, but it's not within the Pentagon's consideration. They care that if Anthropic doesn't comply, they will resort to compulsory measures, or, Anthropic becomes a Washington outcast.
"Distillation Attack": A Slap-in-the-Face Accusation
On February 23rd, Anthropic published a fiercely worded blog post accusing three Chinese AI companies of carrying out an "industrial-scale distillation attack" on Claude.
The defendants are DeepSeek, Moonshot AI, and MiniMax.
Anthropic accused them of using 24,000 fake accounts to initiate over 16 million interactions with Claude, specifically extracting its core capabilities in agent reasoning, tool use, and programming.
Anthropic framed this as a national security threat, claiming that distilled models are "unlikely to retain safety guardrails" and could be used by authoritarian governments for cyber attacks, disinformation, and mass surveillance.
The narrative was perfect, the timing was perfect.
It came just after the Trump administration had recently relaxed chip export controls to China, just when Anthropic needed ammunition for its lobbying stance on chip export controls.
But Musk fired a shot: "Anthropic massively stole training data and paid billions in settlements for it. This is a fact."
Tory Green, co-founder of AI infrastructure company IO.Net, stated: "You train your models on data from the entire web, and when others learn from you using your public API, it's called a 'distillation attack'?"
Anthropic calls distillation an "attack," but it's commonplace in the AI industry. OpenAI uses it to compress GPT-4, Google uses it to optimize Gemini, even Anthropic itself does it. The only difference is, this time they were the ones being distilled.
As Singapore's Nanyang Technological University AI professor Erik Cambria told CNBC: "The boundary between legitimate use and malicious exploitation is often blurry."
Even more ironic, Anthropic just paid a $1.5 billion settlement for using pirated books to train Claude. It trains its models on data from the entire web, then accuses others of learning from it using its public API. This isn't double standards, it's triple standards.
Anthropic wanted to play the victim, but got exposed as the defendant.
Dismantling the Safety Commitment: RSP 3.0
On the same day as the Pentagon standoff and the Silicon Valley spat, Anthropic released the third version of its Responsible Scaling Policy.
Anthropic Chief Scientist Jared Kaplan told media in an interview: "We felt that stopping AI model training doesn't help anyone. In the context of rapid AI development, unilaterally making commitments... while competitors are full steam ahead, it doesn't make sense."
In other words, others aren't playing by the rules, so we're dropping the act too.
The core of RSP 1.0 and 2.0 was a hard commitment to pause training if model capabilities exceeded the coverage of safety measures. This commitment gave Anthropic a unique reputation in the AI safety community.
But 3.0 deleted it.
It was replaced with a more "flexible" framework, separating safety measures Anthropic can implement itself from safety recommendations requiring industry-wide collaboration into two tracks. A risk report is issued every 3-6 months. External experts review it.
Sounds responsible?
Independent reviewer Chris Painter from the non-profit METR, after seeing an early draft of the policy, stated: "This indicates Anthropic believes it needs to enter 'triage mode' because methods for assessing and mitigating risk can't keep up with the pace of capability growth. This is more evidence that society is unprepared for AI's potential catastrophic risks."
According to TIME, Anthropic spent nearly a year internally debating this rewrite, with CEO Amodei and the board unanimously approving it. The official line is that the original policy was designed to drive industry consensus, but the industry simply didn't follow. The Trump administration has taken a laissez-faire approach to AI development, even attempting to repeal state-level regulations. Federal AI law is a distant prospect. While a global governance framework seemed possible in 2023, three years later, that door has clearly closed.
An anonymous researcher long focused on AI governance put it more bluntly: "The RSP was Anthropic's most valuable brand asset. Deleting the training pause commitment is like an organic food company quietly tearing the 'organic' label off its packaging and then telling you their testing is now more transparent."
Identity Fracture Under a $380 Billion Valuation
In early February, Anthropic completed a $30 billion financing round at a $380 billion valuation, with Amazon as the anchor investor. Since its founding, it has achieved $14 billion in annualized revenue. Over the past three years, this figure has grown more than 10x each year.
Simultaneously, the Pentagon threatens to blacklist it. Musk publicly accuses it of data theft. Its own core safety commitment is deleted. Anthropic's AI safety lead, Mrinank Sharma, resigned and wrote on X: "The world is in danger."
Contradiction?
Perhaps contradiction is in Anthropic's DNA.
The company was founded by former OpenAI executives because they were concerned OpenAI was moving too fast on safety. Then they built a company themselves, building more powerful models at an even faster pace, while telling the world how dangerous these models are.
The business model can be summarized in one sentence: we are more afraid of AI than anyone else, so you should pay us to build it.
This narrative worked perfectly in 2023-2024. AI safety was a hot word in Washington, and Anthropic was the most popular lobbyist.
In 2026, the wind has changed.
"Woke AI" has become an attack label, state-level AI regulation bills are being blocked by the White House, and the California SB 53 supported by Anthropic was signed into law, but the federal level is a wasteland.
Anthropic's safety card is sliding from a "differentiating advantage" to a "political liability."
Anthropic is performing a complex balancing act. It needs to be "safe" enough to maintain its brand, yet "flexible" enough to avoid being abandoned by the market and the government. The problem is, the tolerance space on both ends is shrinking.
How Much is the Safety Narrative Still Worth?
Look at all three events together, and the picture becomes clear.
Accusing Chinese companies of distilling Claude is to strengthen the lobbying narrative for chip export controls. Deleting the safety pause commitment is to avoid falling behind in the arms race. Refusing the Pentagon's autonomous weapons demand is to preserve the last layer of moral clothing.
Each step has its logic, but the steps contradict each other.
You can't simultaneously claim that Chinese companies "distilling" your model threatens national security, while deleting the commitment that prevents your own model from going out of control. If the model is truly that dangerous, you should be more cautious, not more aggressive.
Unless you are Anthropic.
In the AI industry, identity is not defined by your statements, but by your balance sheet. Anthropic's "safety" narrative is essentially a brand premium.
In the early days of the AI arms race, this premium was valuable. Investors were willing to pay a higher valuation for "responsible AI," the government was willing to give the green light to "trustworthy AI," and customers were willing to pay for "safer AI."
But in 2026, this premium is evaporating.
Anthropic now faces not a multiple-choice question of "whether to compromise," but a sequencing problem of "who to compromise with first." Compromise with the Pentagon, brand damaged. Compromise with competitors, safety承诺废弃 (safety commitment废弃 - commitment abandoned). Compromise with investors, both have to give.
At 5:01 PM on Friday, Anthropic will deliver its answer.
But whatever the answer is, one thing is already certain: the Anthropic that once stood on "we're not like OpenAI" is becoming like everyone else.
The endpoint of an identity crisis is often the disappearance of identity.
